This changeset introduces the `wp_set_password` action hook, triggered after a password is set for a given user. As several plugins are calling `wp_set_password()` directly, adding an action to the end of the function will help plugin authors to catch all instances of password setting.
Props tanner-m, audrasjb.
Fixes#57436.
Built from https://develop.svn.wordpress.org/trunk@55056
git-svn-id: http://core.svn.wordpress.org/trunk@54589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previous to this change, attachment filenames in outgoing emails could only ever be derived from their paths (passed in as a numerically indexed array of `$attachments`).
This changeset adds support for passing an associative `$attachments` array, where the key strings will be used as filenames instead.
Includes 2 new unit tests to ensure both array formats continue to work as intended.
Props johnjamesjacoby, ritteshpatel, swissspidy, syntaxart.
Fixes#28407.
Built from https://develop.svn.wordpress.org/trunk@55030
git-svn-id: http://core.svn.wordpress.org/trunk@54563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes the currently flagged `WordPress.PHP.StrictInArray.MissingTrueStrict` issues:
* `Not using strict comparison for in_array; supply true for third argument.`
These all do comparisons with strings, so all the more reason why it is imperative that a strict comparison is used.
Follow-up to [47550], [47557], [54155], [53480].
Props jrf.
See #56791.
Built from https://develop.svn.wordpress.org/trunk@54895
git-svn-id: http://core.svn.wordpress.org/trunk@54447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `wp_salt()` WordPress pre-populates the check for duplicate salt values with the default put your unique phrase here. As the `wp-config.php file` for non-en_US can be translated in downloaded packages, a translated version of this phrase ought to be in the pre-populated duplicate values array too.
Props peterwilsoncc, SergeyBiryukov, whaze, costdev, audrasjb.
Fixes#55937.
Built from https://develop.svn.wordpress.org/trunk@54249
git-svn-id: http://core.svn.wordpress.org/trunk@53808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset contextualizes the usage of `nonce_life` filter by passing the `$action` parameter. It allows to alterate the default lifespan of nonces on a case by case basis.
Props giuseppemazzapica, dwainm, DrewAPicture, jorbin, audrasjb, SergeyBiryukov, costdev, antonvlasenko.
Fixes#35188.
Built from https://develop.svn.wordpress.org/trunk@54218
git-svn-id: http://core.svn.wordpress.org/trunk@53777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When extracting the email and name from a “From” header, the last character of the name is incorrectly trimmed when a space is not included between the name and the opening `<`.
Though the space is required for the header to be compliant with RFC5322 (see https://www.rfc-editor.org/rfc/rfc5322#section-3.4), the absence of a space can be ignored here. PHPMailer accepts the name and email as separate parameters and constructs the header correctly later on.
Props hakanca, mikehansenme, SergeyBiryukov, kovshenin, mattyrob, drewapicture, desrosj.
Fixes#19847.
Built from https://develop.svn.wordpress.org/trunk@53900
git-svn-id: http://core.svn.wordpress.org/trunk@53459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Make the descriptions for `update_post_author_caches()` and `update_post_caches()` more specific.
* Move the unit test into its own file, for consistency with `update_post_cache()` tests. This also allows for using shared fixtures in case more tests are added in the future.
Follow-up to [53482].
See #55716.
Built from https://develop.svn.wordpress.org/trunk@53483
git-svn-id: http://core.svn.wordpress.org/trunk@53072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For a call to `WP_Query` or a post REST API request that contains posts from multiple authors, call the `cache_users` function, to ensure that all user data for post authors is primed in
a single database query. This results in far fewer database queries on multiple author sites.
Props spacedmonkey, timothyblynjacobs, peterwilsoncc.
Fixes#55716.
Built from https://develop.svn.wordpress.org/trunk@53482
git-svn-id: http://core.svn.wordpress.org/trunk@53071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Dynamically add `decoding="async"` to image tags on the front end of a site to instruct browsers to download them in parallel.
Modifies `wp_get_attachment_image()`, `get_avatar()` to include the attribute by default. Modifies `wp_filter_content_tags()` to add the attribute during the front-end render of the site.
Introduces `wp_img_tag_add_decoding_attr()` to take an image tag and modify it to include the attribute. Introduces the filter `wp_img_tag_add_decoding_attr` used to define the default value for the attribute.
Props adamsilverstein, ayeshrajans, costdev, flixos90, hellofromtonya, isaumya, michaelbourne, mihai2u, mitogh, sergiomdgomes, spacedmonkey, westonruter, peterwilsoncc.
Fixes#53232.
Built from https://develop.svn.wordpress.org/trunk@53480
git-svn-id: http://core.svn.wordpress.org/trunk@53069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As per the PHP manual:
> If the `component` parameter is omitted, an associative array is returned.
> If the `component` parameter is specified, `parse_url()` returns a string (or an int, in the case of `PHP_URL_PORT`) instead of an array. If the requested component doesn't exist within the given URL, `null` will be returned.
Reference: [https://www.php.net/manual/en/function.parse-url.php#refsect1-function.parse-url-returnvalues PHP Manual: parse_url(): Return Values]
In PHP 8.1, if the home URL does not have a "host" component, it would lead to a `substr(): Passing null to parameter #1 ($string) of type string is deprecated` notice.
Changing the logic around and adding validation for the return type value of `wp_parse_url()` prevents that.
Follow-up to [48601], [51606], [51622], [51626], [51629], [51630].
Props dennisatyoast, jrf.
See #54730.
Built from https://develop.svn.wordpress.org/trunk@52799
git-svn-id: http://core.svn.wordpress.org/trunk@52388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a new `wp_mail_succeeded` action in `wp_mail` after the mail is sent. Also, adds a disclaimer to the hook's docblock, clarifying that the hook's firing doesn't necessarily mean the recipient received the mail, only that the mail was processed without any errors.
Props birgire, donmhico, johnbillion.
Fixes#53826.
Built from https://develop.svn.wordpress.org/trunk@52083
git-svn-id: http://core.svn.wordpress.org/trunk@51675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset implements the refined lazy-loading behavior outlined in https://make.wordpress.org/core/2021/07/15/refining-wordpress-cores-lazy-loading-implementation/ in order to improve the Largest Contentful Paint metric, which can see a regression from images or iframes above the fold being lazy-loaded. Adjusting this so far has been possible for developers via filters and still is, however this enhancement brings a more accurate behavior out of the box for the majority of themes.
Specifically, this changeset skips the very first "content image or iframe" on the page from being lazy-loaded. "Content image or iframe" denotes any image or iframe that is found within content of any post in the current main query loop as well as any featured image of such a post. This applies both to "singular" as well as "archive" content: On a "singular" page the first image/iframe of the post is not lazy-loaded, while on an "archive" page the first image/iframe of the _first_ post in the query is not lazy-loaded.
This approach refines the lazy-loading behavior correctly for the majority of themes, which use a single-column layout for post content. For themes with multi-column layouts, a new `wp_omit_loading_attr_threshold` filter can be used to change how many of the first images/iframes are being skipped from lazy-loaded (default is `1`). For example, a theme using a three-column grid of latest posts for archives could use the filter to override the threshold to `3` on archive pages, so that the first three content images/iframes would not be lazy-loaded.
Props adamsilverstein, azaozz, flixos90, hellofromtonya, jonoaldersonwp, mte90, rviscomi, tweetythierry, westonruter.
Fixes#53675. See #50425.
Built from https://develop.svn.wordpress.org/trunk@52065
git-svn-id: http://core.svn.wordpress.org/trunk@51657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Share the `WP_User` instance for the current user between the functions `get_userdata()` and `wp_get_current_user()`. Both functions return the `$current_user` global for the current user.
Force refresh the `$current_user` global within `clean_user_cache()` by immediately re-calling `wp_set_current_user()` with the current user's ID. This ensures any changes to the current user's permissions or other settings are reflected in the global. As a side-effect this immediately rewarms the current user's cache.
Props chaion07, chriscct7, donmhico, hellofromtonya, lukecarbis, peterwilsoncc, rmccue, TimothyBlynJacobs.
Fixes#28020.
Built from https://develop.svn.wordpress.org/trunk@50790
git-svn-id: http://core.svn.wordpress.org/trunk@50399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The function `wp_text_diff` generated an invalid table structure if the $args parameter contained any values. This patch corrects the structure generated by `wp_text_diff` and related usages so that the column count matches the data generated. Additionally, this patch passes arguments to the Revisions screen so that the screen has column headings that reflect the content in each column. Improves the accessibility and usability of the Revisions table.
Props joedolson, mehulkaklotar, afercia, adamsilverstein, zodiac1978, jeremyfelt
Fixes#25473
Built from https://develop.svn.wordpress.org/trunk@50034
git-svn-id: http://core.svn.wordpress.org/trunk@49735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.
This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast
In part, this is a follow-up to #47746.
Props jrf.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@49193
git-svn-id: http://core.svn.wordpress.org/trunk@48955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to the PHPMailer update in 5.5, old version of the PHPMailer was setting the validator to 'auto' resulting in a sophisticated logic for determining what email address validation should be used. But the new version defaults to 'php', possibly leading to rejection of email addresses which were fine prior to the upgrade. Let's use the WordPress core function `is_email()` so that it can be fully pluggable.
Fixes#50720.
Props david.binda, ayeshrajans, Synchro, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@48645
git-svn-id: http://core.svn.wordpress.org/trunk@48407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to the varying server setups, `$_SERVER['SERVER_NAME'];` can't reliably ensure that there will be a relevant host that could be used as the hostname in an email. Since the `network_home_url()` is set at this point, and is filterable, this should better enable emails to be sent from the server.
Fixes#25239.
Props layotte, SergeyBiryukov, nacin, sreedoap, szepe.viktor, jesin, kitchin, mensmaximus, mt8.biz, Grzegorz.Janoszka, cbutlerjr, dd32, BjornW, neodjandre, BjornW, Ipstenu, ocean90, danielbachhuber, desmith, joemcgill, jdgrimes, riasat, derekakelly, swissspidy, lilmike, tsimmons, robert.peake, DavidAnderson, cloudstek, pigdog234, BjornW, rawrly, pessoft, RedSand, seayou, dvershinin, bastho, chesio, Starbuck, afragen, ocean90, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@48601
git-svn-id: http://core.svn.wordpress.org/trunk@48363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes#50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48115
git-svn-id: http://core.svn.wordpress.org/trunk@47884 1a063a9b-81f0-0310-95a4-ce76da25c4cd