Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.
See #46732.
Built from https://develop.svn.wordpress.org/trunk@45611
git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For code-historic reasons, restoring widget assignments would not be attempted if there were no sidebars to map.
Restoring previous assignments is something unrelated to sidebar mappings however, so now it will be attempted on every theme switch.
See #42719.
Built from https://develop.svn.wordpress.org/trunk@42374
git-svn-id: http://core.svn.wordpress.org/trunk@42203 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It doesn't look like `wp_register_sidebar_widget()` ever used a global named `$wp_register_widget_defaults`. It does however make use of `$wp_registered_widget_controls` now.
See [8960], [30776].
Props upadalavipul.
Fixes#41592.
Built from https://develop.svn.wordpress.org/trunk@41798
git-svn-id: http://core.svn.wordpress.org/trunk@41632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Galleries are managed in the widget in the same way they are managed in the post editor, both using the media manager.
* Gallery widget is merged from the Core Media Widgets v0.2.0 feature plugin and it extends `WP_Widget_Media` in the same way as is done for image, audio, and video widgets.
* Model syncing logic is updated to support booleans and arrays (of integers).
* Placeholder areas in media widgets are now clickable shortcuts for selecting media.
* Image widget placeholder is updated to match gallery widget where clicking preview is shortcut for editing media.
Props westonruter, joemcgill, timmydcrawford, m1tk00, obenland, melchoyce.
See #32417.
Fixes#41914.
Built from https://develop.svn.wordpress.org/trunk@41590
git-svn-id: http://core.svn.wordpress.org/trunk@41423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Builds on efforts brought forward in #17979.
This will send sidebars through three levels of mapping:
1. If both themes have only one sidebar, that gets mapped.
2. If both themes have sidebars with the same slug, they get mapped.
3. Sidebars that (even partially) match slugs from a similar kind of sidebar will get mapped.
Finally, if the theme has previously been active and we have a record of its
sidebar configuration then, any unmapped sidebar will be restored to its
previous state.
Props westonruter, obenland, alexvorn2, timmydcrawford.
See #39693.
Built from https://develop.svn.wordpress.org/trunk@41555
git-svn-id: http://core.svn.wordpress.org/trunk@41388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The last time a new widget was introduced, Vuvuzelas were a thing, Angry Birds started taking over phones, and WordPress stopped shipping with Kubrick. Seven years and 17 releases without new widgets have been enough, time to spice up your sidebar!
Props westonruter, melchoyce, obenland, timmydcrawford, adamsilverstein, gonom9, wonderboymusic, Fab1en, DrewAPicture, sirbrillig, joen, matias, samikeijonen, afercia, celloexpressions, designsimply, michelleweber, ranh, kjellr, karmatosed.
Fixes#32417, #39993, #39994, #39995.
Built from https://develop.svn.wordpress.org/trunk@40640
git-svn-id: http://core.svn.wordpress.org/trunk@40501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.
Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.
See #32246.
Built from https://develop.svn.wordpress.org/trunk@37342
git-svn-id: http://core.svn.wordpress.org/trunk@37308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
PHP7 is deprecating PHP4 style constructors, so we need to modify our code to have _construct methods that fire before the named PHP4 style constructors. The PHP4 style constructors will call the PHP5 style constructor in case it is being called directly (usually via parent::METHOD).
This modifies external libraries to add PHP5 style constructors, but doesn't add a notice for when they are used. In WordPress core code, PHP4 style constructors are being given a call to _deprecated_constructor. To the PHP4 style constructor I say "I know that I can't take no more | It ain't no lie | I wanna see you out that door | Baby, bye, bye, bye..."
Upstream: https://wiki.php.net/rfc/remove_php4_constructors
Props jdgrimes, netweb, jorbin
See #31982
Built from https://develop.svn.wordpress.org/trunk@32990
git-svn-id: http://core.svn.wordpress.org/trunk@32961 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Plugins can use `pre_option_widget_{$id_base}` filters to return `ArrayIterator`/`ArrayObject` instances instead of primitive arrays. This makes possible for widget instance data to be drawn from somewhere else than `wp_options`, such as a custom post type.
Add unit tests for widgets.
Fixes#32474.
Built from https://develop.svn.wordpress.org/trunk@32602
git-svn-id: http://core.svn.wordpress.org/trunk@32572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* If we just tell them they they should set an `id` parameter, they might set an arbitrary one on an existing (i.e. not in-development) theme, causing widgets to be lost.
* This way, we tell them to set it to the auto-generated `id` that the sidebar already has.
* Widget content is not lost, and now their sidebar has a concrete handle.
fixes#31675
Built from https://develop.svn.wordpress.org/trunk@32110
git-svn-id: http://core.svn.wordpress.org/trunk@32089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Use a placeholder for the theme name to be able to reorder words.
* Uppercase D for "Theme Details" to match existing strings.
* Merge two revision date formats.
* Add translator comment to strings with placeholders.
props obenland.
see #31776.
Built from https://develop.svn.wordpress.org/trunk@31905
git-svn-id: http://core.svn.wordpress.org/trunk@31884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.
To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.
`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.
Props markoheijnen, wonderboymusic.
Fixes#25672.
Built from https://develop.svn.wordpress.org/trunk@31188
git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.
Fixes#30191.
Built from https://develop.svn.wordpress.org/trunk@30105
git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With the Widget Customizer it's possible that previewed widgets can leak data outside of Customizer, when the widget uses the cache API.
The Customizer calls the regular update callback which should already refresh the cache. Since cache additions aren't blocked yet the cache can be filled with preview data.
To prevent this issue `WP_Widget::is_preview()` will return true, when `$wp_customize->is_preview()` returns true. If `is_preview()` is true, cache additions are suspended via `wp_suspend_cache_addition()`. Make sure your object cache drop-in has implemented `wp_suspend_cache_addition()`.
`is_preview()` can/should also be used inside `WP_Widget::widget()`, see WP_Widget_Recent_Posts or WP_Widget_Recent_Comments for examples.
For more info see IRC logs: http://irclogs.wordpress.org/chanlog.php?channel=wordpress-dev&day=2014-04-02&sort=asc#m824279
props westonruter.
fixes#27538.
Built from https://develop.svn.wordpress.org/trunk@27966
git-svn-id: http://core.svn.wordpress.org/trunk@27796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Make required arguments optional in confirm_blog_signup().
Mark arguments as required in _future_post_hook(), the walker method display_element(), get_author_link() (deprecated), and the WP_Widget constructor.
props rlerdorf.
see #24210.
git-svn-id: http://core.svn.wordpress.org/trunk@24126 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd