Commit Graph

44531 Commits

Author SHA1 Message Date
TimothyBlynJacobs c0995319f4 REST API: Support custom namespaces for taxonomies.
While a taxonomy can define a custom route by using the rest_base argument, a namespace of wp/v2 was assumed. This commit introduces support for a rest_namespace argument.

A new rest_get_route_for_taxonomy_items function has been introduced and the rest_get_route_for_term function updated to facilitate getting the correct route for taxonomies.

For maximum compatibility sticking with the default wp/v2 namespace is recommended until the API functions see wider use.

Props spacedmonkey.
Fixes #54267.
See [51962].

Built from https://develop.svn.wordpress.org/trunk@51964


git-svn-id: http://core.svn.wordpress.org/trunk@51553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-01 03:27:55 +00:00
Gary Pendergast 2c3205bb84 KSES: Add options for restricting tags based upon their attributes.
This change adds two now attribute-related config options to KSES:
- An array of allowed values can be defined for attributes. If the attribute value doesn't fall into the list, the attribute will be removed from the tag.
- Attributes can be marked as required. If a required attribute is not present, KSES will remove all attributes from the tag. As KSES doesn't match opening and closing tags, it's not possible to safely remove the tag itself, the safest fallback is to strip all attributes from the tag, instead.

Included with this change is an implementation of these options, allowing the `<object>` tag to be stored in posts, but only when it has a `type` attribute set to `application/pdf`.

Props pento, swissspidy, peterwilsoncc, dd32, jorbin.
Fixes #54261.


Built from https://develop.svn.wordpress.org/trunk@51963


git-svn-id: http://core.svn.wordpress.org/trunk@51552 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-01 02:13:56 +00:00
TimothyBlynJacobs bac6e41c85 REST API: Support custom namespaces for custom post types.
While a custom post type can define a custom route by using the `rest_base` argument, a namespace of `wp/v2` was assumed. This commit introduces support for a `rest_namespace` argument. 

A new `rest_get_route_for_post_type_items` function has been introduced and the `rest_get_route_for_post` function updated to facilitate getting the correct route for custom post types.

While the WordPress Core Block Editor bootstrap code has been updated to use these API functions, for maximum compatibility sticking with the default `wp/v2` namespace is recommended until the API functions see wider use.

Props spacedmonkey, swissspidy.
Fixes #53656.

Built from https://develop.svn.wordpress.org/trunk@51962


git-svn-id: http://core.svn.wordpress.org/trunk@51551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-31 23:16:58 +00:00
Sergey Biryukov c60a9d92e2 Docs: Add a `@since` note to `WP_REST_Post_Types_Controller::get_item_schema()` for the `supports` and `visibility` properties.
The `taxonomies` and `rest_base` properties were also added after the method was initially introduced, but that happened during the same release cycle, so they don't need a separate `@since` note.

Follow-up to [38832], [39097], [39191], [39647], [51959].

See #53399.
Built from https://develop.svn.wordpress.org/trunk@51961


git-svn-id: http://core.svn.wordpress.org/trunk@51550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-31 20:28:01 +00:00
TimothyBlynJacobs af212ad9b3 REST API: Send a 500 status code when JSON encoding fails.
Previously, a 200 status code would be sent despite the 500 status code present in the response body.

Props hermpheus, lalitjalandhar.
Fixes #53056.

Built from https://develop.svn.wordpress.org/trunk@51960


git-svn-id: http://core.svn.wordpress.org/trunk@51549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-31 06:07:56 +00:00
TimothyBlynJacobs f76071026b REST API: Add visibility information to the Post Types controller.
Props spacedmonkey, peterwilsoncc.
Fixes #54055.

Built from https://develop.svn.wordpress.org/trunk@51959


git-svn-id: http://core.svn.wordpress.org/trunk@51548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-31 05:19:01 +00:00
John Blackbourn 3d86f8af55 Application Passwords: Various docblock improvements.
See #53399, #42790

Built from https://develop.svn.wordpress.org/trunk@51958


git-svn-id: http://core.svn.wordpress.org/trunk@51547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-30 20:26:59 +00:00
John Blackbourn c274d3c520 Docs: Miscellaneous docblock improvements.
See #53399

Built from https://develop.svn.wordpress.org/trunk@51957


git-svn-id: http://core.svn.wordpress.org/trunk@51546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-30 20:17:01 +00:00
Sergey Biryukov 4459eaf392 Docs: Further update the `debug_information` filter description per the documentation standards.
Specifically, this ensures that the DocBlock follows the line wrapping recommendations.

Follow-up to [44986], [45156], [45259], [51949].

See #53399.
Built from https://develop.svn.wordpress.org/trunk@51956


git-svn-id: http://core.svn.wordpress.org/trunk@51545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-30 13:41:02 +00:00
John Blackbourn 6babc3833b Docs: Miscellaneous docblock improvements.
See #53399

Built from https://develop.svn.wordpress.org/trunk@51955


git-svn-id: http://core.svn.wordpress.org/trunk@51544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 23:13:05 +00:00
desrosj 4a0480a67d Build/Test Tools: Use correct URL for a GitHub Action workflow run.
Follow up to [51921], [51937], [51953].
Unprops desrosj.
See #53363.
Built from https://develop.svn.wordpress.org/trunk@51954


git-svn-id: http://core.svn.wordpress.org/trunk@51543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 20:34:58 +00:00
desrosj ab1786d059 Build/Test Tools: Adjust Slack notifications for `scheduled` and `workflow_dispatch` events.
This makes the needed adjustments to fix Slack notifications for `scheduled` and `workflow_dispatch` events. The data needed to send notifications for these events are stored in different locations, or need to be accessed through API requests.

Follow up to [51921], [51937].
See #53363.
Built from https://develop.svn.wordpress.org/trunk@51953


git-svn-id: http://core.svn.wordpress.org/trunk@51542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 20:00:58 +00:00
desrosj deb3eca81a Build/Test Tools: Escape `$` within commit messages for `$variables.
This ensures the variables are preserved in the Slack message.

Props ocean90, desrosj.
See #53363.
Built from https://develop.svn.wordpress.org/trunk@51952


git-svn-id: http://core.svn.wordpress.org/trunk@51541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 19:41:56 +00:00
Sergey Biryukov 0e2f9ad5b6 Coding Standards: Correct alignment in `WP_Site_Health::get_test_update_temp_backup_writable()`.
This fixes an `Equals sign not aligned with surrounding assignments; expected 1 space but found 6 spaces` WPCS warning.

Follow-up to [51815].

See #51857, #53359.
Built from https://develop.svn.wordpress.org/trunk@51951


git-svn-id: http://core.svn.wordpress.org/trunk@51540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 16:52:57 +00:00
John Blackbourn 0775153e27 Date/Time: Improve the docblocks for various date and time related functions.
See #53399, #28992, #40653

Built from https://develop.svn.wordpress.org/trunk@51950


git-svn-id: http://core.svn.wordpress.org/trunk@51539 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 16:51:56 +00:00
John Blackbourn a0d8a60547 Site Health: Correct and improve the documentation for the `debug_information` hook.
This corrects the structure of the documentation so it accurately reflects the array elements contained within.

See #53399.

Built from https://develop.svn.wordpress.org/trunk@51949


git-svn-id: http://core.svn.wordpress.org/trunk@51538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 15:35:00 +00:00
joedolson 2f3b779563 Media: Remove deprecated click function in media uploader.
Replace the call to jQuery's deprecated click handler.

Props kapilpaul.
Fixes #53261.
Built from https://develop.svn.wordpress.org/trunk@51947


git-svn-id: http://core.svn.wordpress.org/trunk@51536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-28 17:50:58 +00:00
joedolson d71ae9a7e3 Administration: Hide mobile menu on focusout.
Closes the admin menu on mobile devices when keyboard focus moves outside of the menu or menu toggle elements. Improves the usability of the menu on mobile by allowing closure anywhere outside the menu rather than only on the toggle. 

Props kaneva, costdev, sabernhardt
Fixes #53587.
Built from https://develop.svn.wordpress.org/trunk@51946


git-svn-id: http://core.svn.wordpress.org/trunk@51535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-28 17:28:56 +00:00
joedolson acabcf82ff Media: Close attachment details modal with esc key.
The event that fired closing the attachment details modal also removed the keydown event listener, so subsequent modals could not be closed with the escape key.

Props vondelphia, sourovroy, sabernhardt
Fixes #53924.
Built from https://develop.svn.wordpress.org/trunk@51945


git-svn-id: http://core.svn.wordpress.org/trunk@51534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-28 16:07:59 +00:00
Sergey Biryukov a5926f8ece Coding Standards: Correct alignment in `wp_enqueue_global_styles()`.
This fixes an `Equals sign not aligned with surrounding assignments; expected 5 spaces but found 1 space` WPCS warning.

Follow-up to [50973], [51819].

See #53359.
Built from https://develop.svn.wordpress.org/trunk@51944


git-svn-id: http://core.svn.wordpress.org/trunk@51533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-28 14:10:59 +00:00
Pascal Birchler a225165010 Role/Capability: Add support for capability queries in `WP_User_Query`.
Similar to the existing `role`/`role__in`/`role__not_in` query arguments, this adds support for three new query arguments in `WP_User_Query`:

* `capability` 
* `capability__in`
* `capability__not_in`

These can be used to fetch users with (or without) a specific set of capabilities, for example to get all users
with the capability to edit a certain post type.

Under the hood, this will check all existing roles on the site and perform a `LIKE` query against the `capabilities` user meta field to find:

* all users with a role that has this capability
* all users with the capability being assigned directly

Note: In WordPress, not all capabilities are stored in the database. Capabilities can also be modified using filters like `map_meta_cap`. These new query arguments do NOT work for such capabilities.

The prime use case for capability queries is to get all "authors", i.e. users with the capability to edit a certain post type.

Until now, `'who' => 'authors'` was used for this, which relies on user levels. However, user levels were deprecated a long time ago and thus never added to custom roles. This led to constant frustration due to users with custom roles missing from places like author dropdowns.

This updates any usage of `'who' => 'authors'` in core to use capability queries instead.

Subsequently, `'who' => 'authors'` queries are being **deprecated** in favor of these new query arguments.

Also adds a new `capabilities` parameter (mapping to `capability__in` in `WP_User_Query`) to the REST API users controller.

Also updates `twentyfourteen_list_authors()` in Twenty Fourteen to make use of this new functionality, adding a new `twentyfourteen_list_authors_query_args` filter to make it easier to override this behavior.

Props scribu, lgladdly, boonebgorges, spacedmonkey, peterwilsoncc, SergeyBiryukov, swissspidy.
Fixes #16841.

Built from https://develop.svn.wordpress.org/trunk@51943


git-svn-id: http://core.svn.wordpress.org/trunk@51532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-27 18:43:57 +00:00
Sergey Biryukov 311cf99866 Docs: Document the usage of some globals in `wp-includes/script-loader.php`.
Follow-up to [44114], [44262], [49080], [50761], [51471].

See #53399.
Built from https://develop.svn.wordpress.org/trunk@51942


git-svn-id: http://core.svn.wordpress.org/trunk@51531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-27 18:21:58 +00:00
Sergey Biryukov 6a5a0062ff Script Loader: Correct the number of arguments passed to the closure in `enqueue_block_styles_assets()`.
This avoids an `Uncaught ArgumentCountError: Too few arguments to function {closure}(), 1 passed` PHP fatal error when registering a block style with the `should_load_separate_core_block_assets` filter enabled.

Follow-up to [51471].

Props aristath, shimon246, jrf, gziolo.
Fixes #54323.
Built from https://develop.svn.wordpress.org/trunk@51941


git-svn-id: http://core.svn.wordpress.org/trunk@51530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-27 17:10:01 +00:00
Sergey Biryukov 156a453ed9 Coding Standards: Rename the `$process` variable to `$processed_response` for clarity in `WP_Http_Streams::request()`.
Includes minor code layout fixes for better readability.

Follow-up to [8516], [51826], [51929], [51931].

See #53359.
Built from https://develop.svn.wordpress.org/trunk@51940


git-svn-id: http://core.svn.wordpress.org/trunk@51529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-27 15:03:58 +00:00
johnjamesjacoby 7a0a07d691 Admin/HTTP API: add suggested filename support to `download_url()`.
This change allows for external clients to supply a suggested filename via a `Content-Disposition` response header. This filename is processed through `sanitize_file_name()` to ensure it is allowable (on the server, MIME's, etc...) and `validate_file()` to prevent directory traversal.

If the suggested filename fails the above processing/checks, that suggestion is discarded and the standard temporary filename (generated by WordPress) is used.

If no `Content-Disposition` header is found in the response headers, the standard temporary filename continues to be used as per normal.

Included in this change are 6 additional PHPUnit tests with 9 assertions. These tests confirm that valid filename values are correctly saved, and invalid filename values are correctly rejected.

Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.

Fixes #38231.
Built from https://develop.svn.wordpress.org/trunk@51939


git-svn-id: http://core.svn.wordpress.org/trunk@51528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-27 15:00:01 +00:00
Sergey Biryukov b8e6a3c334 Tests: Some test improvements for `clean_dirsize_cache()` tests:
* Move the directory being tested to the `data` directory, for consistency with other test data.
* Set the `svn:eol-style` property to `native`, for consistency with other files.
* Correct the test class name in `dummy.txt`.

Follow-up to [51246], [51910], [51911].

See #52241, #53363.
Built from https://develop.svn.wordpress.org/trunk@51938


git-svn-id: http://core.svn.wordpress.org/trunk@51527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-26 02:03:58 +00:00
desrosj 3867e66520 Build/Test Tools: Use the correct workflow name in notifications on `workflow_run`.
When a workflow is triggered through a `workflow_run` event, the context is not the original workflow. The details about the original workflow are passed through the `github.event` context.

This also moves the conditional check controlling whether the Slack workflow is run into the calling workflows to prevent them from running for pull requests.

Follow up to [51921-51922,51924-51925,51934].

See #53363.
Built from https://develop.svn.wordpress.org/trunk@51937


git-svn-id: http://core.svn.wordpress.org/trunk@51526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-25 20:27:56 +00:00
desrosj fc06dda73e Build/Test Tools: Restore Slack notifications for older branches.
In [51921], the GitHub Actions workflows were updated to utilize the Slack notifications workflow as a callable one instead of on the `workflow_run` event.

This eliminated the need for an additional “Slack Notifications” workflow run for every completed workflow, but only when other workflows are updated as well. This resulted in notifications from older branches breaking, as the changes in [51921] were not backported.

Instead of backporting the needed changes now (the Slack workflow is still being polished), this commit partially restores the `workflow_run` event for older branches so that notifications will resume.

See #53363.
Built from https://develop.svn.wordpress.org/trunk@51934


git-svn-id: http://core.svn.wordpress.org/trunk@51525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-25 19:30:00 +00:00
Sergey Biryukov d31f31c579 Coding Standards: Rename `$theHeaders` variable to `$processed_headers` in `WP_Http_Curl::request()`.
This fixes a `Variable "$theHeaders" is not in valid snake_case format` WPCS warning.

Follow-up to [8516], [8520], [51826], [51929].

See #53359.
Built from https://develop.svn.wordpress.org/trunk@51931


git-svn-id: http://core.svn.wordpress.org/trunk@51524 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-25 16:20:00 +00:00
Peter Wilson cdf1000cbb Docs: Use sign-up & signup consistently in `wp-signup.php`.
In the docblocks throughout `wp-signup.php` use sign up for verbs and sign-up for nouns.

Props audrasjb, jeffpaul.
Fixes #54041. See #53399.


Built from https://develop.svn.wordpress.org/trunk@51930


git-svn-id: http://core.svn.wordpress.org/trunk@51523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-25 00:23:57 +00:00
Sergey Biryukov f8f74e7aa5 Coding Standards: Rename the `$arrHeaders` variable to `$processed_headers` in `WP_Http_Streams::request()`.
This fixes a `Variable "$arrHeaders" is not in valid snake_case format` WPCS warning.

Follow-up to [8516], [51826].

See #53359.
Built from https://develop.svn.wordpress.org/trunk@51929


git-svn-id: http://core.svn.wordpress.org/trunk@51522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-24 19:23:00 +00:00
Sergey Biryukov 50aa2df391 Tests: Add `@ticket` references for `page_on_front` canonical tests.
Follow-up to [669/tests], [849/tests], [36238], [47760].

See #53363.
Built from https://develop.svn.wordpress.org/trunk@51928


git-svn-id: http://core.svn.wordpress.org/trunk@51521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-23 12:38:01 +00:00
Sergey Biryukov d468eb17c3 Coding Standards: Escape `id` attributes in `WP_Customize_Control::render_content()` and `::print_template()`.
Follow-up to [30014], [38906].

Props sabbirshouvo.
See #54295.
Built from https://develop.svn.wordpress.org/trunk@51927


git-svn-id: http://core.svn.wordpress.org/trunk@51520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-22 16:09:59 +00:00
Sergey Biryukov 4152fbfdb2 Coding Standards: Improve escaping in `wp_login_form()`.
* Split long concatenated lines using `sprintf()`. This aims to improve readability and avoid multiple `esc_attr()` calls for the same value.
* Escape the form `name` and `id` attributes.

Follow-up to [12696], [18444], [19033].

Props sabbirshouvo, mukesh27, audrasjb, henry.wright, SergeyBiryukov.
Fixes #54279.
Built from https://develop.svn.wordpress.org/trunk@51926


git-svn-id: http://core.svn.wordpress.org/trunk@51519 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-21 18:19:00 +00:00
desrosj e791d7f5db Build/Test Tools: Fix syntax for passing secrets to a called workflow.
Follow up to [51923].

See #53363.
Built from https://develop.svn.wordpress.org/trunk@51925


git-svn-id: http://core.svn.wordpress.org/trunk@51518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-20 19:51:58 +00:00
desrosj 1d76e9f33c Build/Test Tools: Pass required secrets to the Slack notifications workflow.
Secrets are not available within callable workflows by default. They must be defined within the callable workflow, and passed from the calling workflow.

Follow up to [51921-51922].

See #53363.
Built from https://develop.svn.wordpress.org/trunk@51924


git-svn-id: http://core.svn.wordpress.org/trunk@51517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-20 19:26:57 +00:00
Sergey Biryukov e6ede0c816 Coding Standards: Improve escaping in `wp-admin/theme-install.php`.
* Rename a duplicate `$feature_name` variable to `$feature_group` for clarity.
* Escape the remaining `$feature_name` variable.

Follow-up to [27636], [35273].

Props sabbirshouvo, sabernhardt, mukesh27, afragen.
Fixes #54277.
Built from https://develop.svn.wordpress.org/trunk@51923


git-svn-id: http://core.svn.wordpress.org/trunk@51516 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-20 19:18:01 +00:00
desrosj b54ec08215 Build/Test Tools: Adjustments as a follow up to [51921].
This adjusts the syntax for using the `github-scripts` action.

See #53363.
Built from https://develop.svn.wordpress.org/trunk@51922


git-svn-id: http://core.svn.wordpress.org/trunk@51515 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-20 15:36:58 +00:00
desrosj 0f8c4989b0 Build/Test Tools: Modify the Slack notifications workflow to be a reusable one.
The ability to reuse workflow files within GitHub Action workflows was recently added and allows for less code duplication.

In the context of WordPress Core, this also eliminates the need for an additional “Slack Notifications” workflow to run for every completed workflow.

See #53363.
Built from https://develop.svn.wordpress.org/trunk@51921


git-svn-id: http://core.svn.wordpress.org/trunk@51514 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-20 14:42:02 +00:00
Sergey Biryukov 2c84d63322 Help/About: Don't output empty `<span>` tags on Credits screen.
If the contributor does not have a title, the empty tags are not necessary.

Follow-up to [17877], [17909], [17942], [18162], [19143], [46709].

Props sayedulsayem, audrasjb, mukesh27.
Fixes #54275.
Built from https://develop.svn.wordpress.org/trunk@51920


git-svn-id: http://core.svn.wordpress.org/trunk@51513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-19 23:09:00 +00:00
hellofromTonya 234877c9c3 Coding Standards: Add `public` visibility to methods in `src` directory.
This commit adds the `public` visibility keyword to each method which did not have an explicit visibility keyword.

Why `public`?

With no visibility previously declared, these methods are implicitly `public` and available for use. Changing them to anything else would be a backwards-compatibility break.

Props costdev, jrf.
See #54177.
Built from https://develop.svn.wordpress.org/trunk@51919


git-svn-id: http://core.svn.wordpress.org/trunk@51512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-18 17:52:58 +00:00
Sergey Biryukov a60032feec Coding Standards: Add a leading zero in the CSS declarations printed by the `print_emoji_styles()` function.
Follow-up to [31733], [31786].

Props audrasjb, sabernhardt.
Fixes #54284.
Built from https://develop.svn.wordpress.org/trunk@51918


git-svn-id: http://core.svn.wordpress.org/trunk@51511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-18 16:53:57 +00:00
hellofromTonya db3a05178b Cron: Remove errant `false` values in cron array when upgrading to 5.9+.
[51916] fixed a bug where `array( `false` )` was added to the cron array when `_get_cron_array()` returned `false`. 

This commit:
* Removes any `false` values from the cron array when upgrading to 5.9+.
* Bumps the database version.

Follow-up to [44917], [51916].

Props peterwilsoncc, jrf.
See #53950.
Built from https://develop.svn.wordpress.org/trunk@51917


git-svn-id: http://core.svn.wordpress.org/trunk@51510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-18 13:30:57 +00:00
hellofromTonya 248c36d748 Cron: Fix malformed cron array in `wp_schedule_single_event()` when `_get_cron_array()` returns `false`.
In `wp_schedule_single_event()`, the cron info array is retrieved via a call to `_get_cron_array()` and straight away cast to an array. But as the documentation for that function (correctly) states, the return type of that function is `array|false`, where `false` is returned for a site where no cron jobs have been scheduled (yet).

In the case that `_get_cron_array()` would return `false`, this would now unintentionally create an array with a single entry with key `0` and as the value `false`.

This is a bug. Fixed now by adding validation to the output of `_get_cron_array()` and initializing `$crons` to an empty array if `false` was returned.

Tests added first to prove the bug (a) was introduced in #44818 [44917] and (b) is now fixed.

Follow-up to [44917].

Props jrf, peterwilsoncc.
Fixes #53950.
Built from https://develop.svn.wordpress.org/trunk@51916


git-svn-id: http://core.svn.wordpress.org/trunk@51509 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-18 12:51:58 +00:00
John Blackbourn 00b914db08 REST API: Correct the order of the parameters documented for `WP_REST_Server::respond_to_request()`.
See #53399

Built from https://develop.svn.wordpress.org/trunk@51915


git-svn-id: http://core.svn.wordpress.org/trunk@51508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-18 11:14:57 +00:00
Sergey Biryukov cea5785cdb Coding Standards: Consistently escape form action URL in `wp-admin/update-core.php`.
Follow-up to [10166], [23739], [25806].

Props sabbirshouvo, mukesh27.
Fixes #54278.
Built from https://develop.svn.wordpress.org/trunk@51914


git-svn-id: http://core.svn.wordpress.org/trunk@51507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-17 20:31:02 +00:00
Sergey Biryukov 8447683474 Docs: Improve documentation for the `tax_input` parameter of `wp_insert_post()`.
Follow-up to [10222], [13217], [33922].

Props dingo_d.
Fixes #54264.
Built from https://develop.svn.wordpress.org/trunk@51913


git-svn-id: http://core.svn.wordpress.org/trunk@51506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-16 02:38:58 +00:00
hellofromTonya 4a1cc2c3e2 FileSystem API: Add safeguard for invalid return from `get_attached_file()` in `wp_delete_attachment()`.
The `get_attached_file()` function is supposed to return the path to the file, but could:
1. Return `false` if the file doesn't exist.
2. Return literally anything else, as a filter is being applied to the value on return.

As the `clean_dirsize_cache()` now has input validation, passing anything but a non-empty string to `clean_dirsize_cache()` will result in a PHP error notice.

This was exposed by the `Tests_Post_GetPostStatus::wpSetUpBeforeClass()` method which started generating unexpected output (the doing it wrong message) during the test run.

While this indicates that there is a flaw in the mocking being done in the test suite, debugging that is outside of the scope of the current patch.

At the same time, as based on the above point, this ''could'' potentially happen in a real-world situation as well, adding additional conditions to the `if` in the `wp_delete_attachment()` function before calling the `clean_dirsize_cache()` function, is warranted.

As there are no tests for the `wp_delete_attachment()` function at all at this time, we're not adding a test specifically for this change for now. This should however be addressed in the future, when tests will be added to cover the `wp_delete_attachment()` function completely. 

Follow-up to [32619], [49212], [51910].

Props jrf, hellofromTonya.
See #52241.
Built from https://develop.svn.wordpress.org/trunk@51912


git-svn-id: http://core.svn.wordpress.org/trunk@51505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-15 22:58:56 +00:00
hellofromTonya 4471c3787c FileSystem API: Fix autovivification deprecation notice in `recurse_dirsize()`.
>PHP natively allows for autovivification (auto-creation of arrays from falsey values). This feature is very useful and used in a lot of PHP projects, especially if the variable is undefined. However, there is a little oddity that allows creating an array from a `false` and `null` value.

The above quote is from the PHP 8.1 RFC and the (accepted) RFC changes the behaviour described above to deprecated auto creation of arrays from `false`. As it is deprecated, it _will_ still work for the time being, but as of PHP 9.0, this will become a Fatal Error, so we may as well fix it now.

The `recurse_dirsize()` function retrieves a transient and places it in the `$directory_cache` variable, but the `get_transient()` function in WP returns `false` when the transient doesn't exist, which subsequently can lead to the above mentioned deprecation notice.

By verifying that the `$directory_cache` variable is an array before assigning to it and initializing it to an empty array, if it's not, we prevent the deprecation notice, as well as harden the function against potentially corrupted transients where this transient would not return the expected array format, but some other variable type.

Includes adding dedicated unit tests for both the PHP 8.1 issue, as well as the hardening against corrupted transients.

Includes some girl-scouting: touching up a parameter description and some code layout.

Refs:
* https://wiki.php.net/rfc/autovivification_false
* https://developer.wordpress.org/reference/functions/get_transient/

Follow-up to [49212], [49744].

Props jrf, hellofromTonya.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51911


git-svn-id: http://core.svn.wordpress.org/trunk@51504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-15 22:53:58 +00:00
hellofromTonya 82141be0d8 FileSystem API: Fix infinite loop on Windows for `clean_dirsize_cache()`.
When the PHP native `dirname()` function is used on a Windows disk name - i.e. `C:\`-, it will return the same, i.e, it will return `C:\` again.

The `clean_dirsize_cache()` function didn't have guard clause against this, which meant that on Windows based systems and IIS servers, this function would result in WordPress getting stuck into an infinite loop.

The adjustment to the `while` part of the function fix this by checking if the return value of the `dirname()` function call is the same as the original path passed to `dirname()`, which effectively fixes the infinite loop.

A number of other improvements made:

1. Add input validation for the `$path` parameter to guard against invalid variable types being passed into the function.

2. Guard against an empty `$path` parameter, which would result in an infinite loop on both Windows as well as *nix based systems.

In both these cases, a PHP notice will now be thrown.

3. When a non-empty string, which isn't a path would previously be passed, the `dirname()` function would transform that to a `.` and the `.` key in the transient cache would be cleared out.
This was a bug as there is no relation between a non-path string and the root directory of file system.

This bug has been fixed by checking that something could actually be a path and handling received non-empty, non-path input parameters in a special way, i.e only removing the cache key for the passed string and bowing out from further processing.

Unfortunately, no tests can be added to guard against the infinite loop.

For the other fixes, we have added appropriate unit tests. 

Follow-up up [49212], [49616], [49744].

Props jrf, hellofromTonya, raubvogel, sergeybiryukov, codezen8, sjlevy, drosmog, teachlynx, ekojr, bartoszgrzesik, joegasper, janthiel, josephdickson, ocean90, audrasjb.
Fixes #52241.
Built from https://develop.svn.wordpress.org/trunk@51910


git-svn-id: http://core.svn.wordpress.org/trunk@51503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-15 22:25:01 +00:00