After the introduction of `_make_clickable_rel_attr()` in an earlier commit, the function ended up returning link markup with a mix of single and double quotes.
This commit ensures that `_make_web_ftp_clickable_cb()` always returns double quotes, restoring consistency with other similar callback functions used by `make_clickable()`:
* `_make_url_clickable_cb()`
* `_make_email_clickable_cb()`
Follow-up to [55289].
See #53290, #56444.
Built from https://develop.svn.wordpress.org/trunk@55495
git-svn-id: http://core.svn.wordpress.org/trunk@55028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces client and server side validation to ensure the `replytocom` query string parameter can not be exploited to reply to an unapproved comment or display the name of an unapproved commenter.
This only affects commenting via the front end of the site. Comment replies via the dashboard continue their current behaviour of logging the reply and approving the parent comment.
Introduces the `$post` parameter, defaulting to the current global post, to `get_cancel_comment_reply_link()` and `comment_form_title()`.
Introduces `_get_comment_reply_id()` for determining the comment reply ID based on the `replytocom` query string parameter.
Renames the parameter `$post_id` to `$post` in `get_comment_id_fields()` and `comment_id_fields()` to accept either a post ID or `WP_Post` object.
Adds a new `WP_Error` return state to `wp_handle_comment_submission()` to prevent replies to unapproved comments. The error code is `comment_reply_to_unapproved_comment` with the message `Sorry, replies to unapproved comments are not allowed.`.
Props costdev, jrf, hellofromtonya, fasuto, boniu91, milana_cap.
Fixes#53962.
Built from https://develop.svn.wordpress.org/trunk@55369
git-svn-id: http://core.svn.wordpress.org/trunk@54902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to clarify a few inline comments related to removing percent-encoded characters and HTML entities.
Affected functions:
* `sanitize_user()`
* `sanitize_title_with_dashes()`
* `sanitize_html_class()`
* `_sanitize_text_fields()`
* `get_comments_number_text()`
Follow-up to [465], [3454], [11433], [12503], [37987].
Props ace100, tanjimtc71, codemonksuvro, SergeyBiryukov.
Fixes#57712.
Built from https://develop.svn.wordpress.org/trunk@55346
git-svn-id: http://core.svn.wordpress.org/trunk@54879 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves 80+ WPCS warnings in core:
{{{
Variable "$comment_ID" is not in valid snake_case format
}}}
While matching the database field of the same name, the `$comment_ID` variable did not follow the WordPress coding standards, and is now renamed to address that.
This affects:
* Function parameters in:
* `get_comment_author()`
* `comment_author()`
* `get_comment_author_email()`
* `comment_author_email()`
* `get_comment_author_link()`
* `comment_author_link()`
* `get_comment_author_IP()`
* `comment_author_IP()`
* `get_comment_author_rl()`
* `comment_author_url()`
* `get_comment_date()`
* `comment_date()`
* `get_comment_excerpt()`
* `comment_excerpt()`
* `get_comment_text()`
* `comment_text()`
* `get_comment_time()`
* `comment_time()`
* `get_comment_type()`
* `get_page_of_comment()`
* `wp_new_comment_notify_moderator()`
* `wp_new_comment_notify_postauthor()`
* `get_commentdata()`
* Internal variables in:
* `get_comment_ID()`
* `wp_new_comment()`
* `wp_xmlrpc_server::wp_deleteComment()`
* `wp_xmlrpc_server::wp_editComment()`
* `wp_xmlrpc_server::wp_newComment()`
* `wp_xmlrpc_server::pingback_ping()`
* Hook parameters in:
* `get_comment_author`
* `comment_author`
* `get_comment_author_email`
* `author_email`
* `get_comment_author_link`
* `get_comment_author_IP`
* `get_comment_author_url`
* `comment_url`
* `get_comment_excerpt`
* `comment_excerpt`
* `get_comment_ID`
* `get_comment_type`
* `get_page_of_comment`
* `comment_{$new_status}_{$comment->comment_type}`
* `comment_post`
* `notify_moderator`
* `notify_post_author`
* `commentrss2_item`
* `xmlrpc_call_success_wp_deleteComment`
* `xmlrpc_call_success_wp_editComment`
* `xmlrpc_call_success_wp_newComment`
* `pingback_post`
Note: The name change only affects variable names and DocBlocks.
The change does not affect:
* `comment_ID` as the `$orderby` value in `WP_Comment_Query::__construct()`
* `comment_ID` as the `$orderby` value in `WP_Comment::get_children()`
* `comment_ID` as part of `$commentarr` parameter in `wp_update_comment()`
The associated array keys still match the database field.
Follow-up to [53723].
Props krunal265, costdev, SergeyBiryukov.
Fixes#57671. See #56791.
Built from https://develop.svn.wordpress.org/trunk@55308
git-svn-id: http://core.svn.wordpress.org/trunk@54841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Internal links should be followed and it should be easier to modify other rel attributes on comments. This adds a helper function for determining if a URL is internal and also adds some new filters to make it easy to modify rel attributes in comments.
Props thomasplevy, desrosj, sabernhardt, benish74, samiamnot, galbaras, jorbin.
Fixes#53290, #56444.
Built from https://develop.svn.wordpress.org/trunk@55289
git-svn-id: http://core.svn.wordpress.org/trunk@54822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings consistency with:
* `get_comment_time()`
* `get_comment_date()`
* `comment_date()`
Includes:
* Correcting the `@since` tag for `get_comment_time()`.
* Synchronizing parameter description between `get_comment_date()` and `get_comment_time()`.
Follow-up to [55284].
See #52322.
Built from https://develop.svn.wordpress.org/trunk@55287
git-svn-id: http://core.svn.wordpress.org/trunk@54820 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If an invalid post ID is passed to the function, `comments_open()` should return `false`, and no comment form be displayed. This commit restores the previous behavior that was unintentionally changed when standardizing on the `$post` parameter name.
Follow-up to [53715].
Props peterwilsoncc.
Fixes#56243.
Built from https://develop.svn.wordpress.org/trunk@54488
git-svn-id: http://core.svn.wordpress.org/trunk@54047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces new `wp_required_field_indicator()` and `wp_required_field_message()` helper functions to generate reusable and consistent required field indicator and message. It also implements these functions in various admin screens.
Props sabernhardt, ryokuhi, joedolson, audrasjb, SergeyBiryukov.
Fixes#54394.
Built from https://develop.svn.wordpress.org/trunk@53888
git-svn-id: http://core.svn.wordpress.org/trunk@53447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset ensures the "Logged in as" link conveys the information about its purpose ("Edit your profile") while the information "Logged in as Jane Doe" is only a simple text.
Props juliemoynat, SergeyBiryukov, joedolson, audrasjb, lopo.
Fixes#55718.
Built from https://develop.svn.wordpress.org/trunk@53796
git-svn-id: http://core.svn.wordpress.org/trunk@53355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes two WPCS warnings:
* `Variable "$comment_post_ID" is not in valid snake_case format`
* `Variable "$comment_author_IP" is not in valid snake_case format`
While matching the database fields of the same name, these variables did not follow the WordPress coding standards, and are now renamed to address that.
Note: The name change only affects internal variables and parameters for a few actions receiving a comment post ID:
* `edit_comment`
* `comment_id_not_found`
* `comment_closed`
* `comment_on_trash`
* `comment_on_draft`
* `comment_on_password_protected`
* `pre_comment_on_post`
The change does not affect parameters for functions receiving an array of comment data:
* `wp_insert_comment()`
* `wp_new_comment()`
* `wp_update_comment()`
* `wp_handle_comment_submission()`
The associated array keys still match the database fields: `comment_post_ID` and `comment_author_IP`.
Follow-up to [1706], [2894], [8720], [28427], [28437], [28457], [34799], [53720],
See #55647, #56244.
Built from https://develop.svn.wordpress.org/trunk@53723
git-svn-id: http://core.svn.wordpress.org/trunk@53282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a `Variable "$comment_post_ID" is not in valid snake_case format` WPCS warning.
`$comment_post_ID`, while matching the database field of the same name, does not follow the WordPress coding standards, so the variable is now renamed to `$comment_post_id`.
Additionally, these variables are renamed for clarity:
* `$tb_id` to `$post_id` (this was not the trackback ID)
* `$tb_url` to `$trackback_url`
Follow-up to [172], [637], [1616],
See #55647, #56244.
Built from https://develop.svn.wordpress.org/trunk@53719
git-svn-id: http://core.svn.wordpress.org/trunk@53278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For accessibility, input fields should identify their "purpose". The HTML5 attribute `autocomplete` allows for various user data to be quickly autofilled while adding context for some assistive technologies.
This commit adds the appropriate autofill purposes for an author's name, email, and website URL in the comment form template.
Props juliemoynat, bhrugesh96, sabernhardt.
Fixes#55779.
Built from https://develop.svn.wordpress.org/trunk@53576
git-svn-id: http://core.svn.wordpress.org/trunk@53165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$class` parameter to `$css_class` in `comment_class()` and `get_comment_class()`.
* Renames the `$echo` parameter to `$display` in `comment_class()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #55327.
Built from https://develop.svn.wordpress.org/trunk@53285
git-svn-id: http://core.svn.wordpress.org/trunk@52874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In both `get_comment_author` and `get_comment_ID`, it's possible that these functions are called without a comment context. Specifically, `get_comment_author` can be called without passing the `$comment_ID` parameter, and `get_comment_ID` relies on the `comment` global if there's no `$comment` parameter supplied. This leads to a PHP notice of "Trying to get property of a non-object."
This change adds a check to both functions to ensure the `$comment->comment_ID` property is not empty before actually using its value.
Follow-up to [52223].
Props dd32.
Fixes#54379.
Built from https://develop.svn.wordpress.org/trunk@52818
git-svn-id: http://core.svn.wordpress.org/trunk@52407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The post for the comments or pings is retrieved by `get_post()`. If the post exists, `get_post()` returns an instance of `WP_Post`; else, it returns `null`.
In both `comments_open()` and `pings_open()`, the returned value from `get_post()` is used without checking if the object returned, if the post exists. When the post does not exist, the following notices occur:
{{{
PHP Notice: Trying to get property 'comment_status' of non-object in .../src/wp-includes/comment-template.php on line 1244
}}}
and
{{{
PHP Notice: Trying to get property 'pings_open' of non-object in ../src/wp-includes/comment-template.php on line 1274
}}}
This commit fixes these notices by checking if the post has a non-falsey value before using it as an object to set the `$open` state. As the return from `get_post()` will only be an object or `null`, the truthy check is appropriate and slightly more performant.
Tests added to validate the fix.
Follow-up to [1964], [40666].
Props dd32, audrasjb, costdev, hellofromTonya, sergeybiryukov.
Fixes#54159.
Built from https://develop.svn.wordpress.org/trunk@52223
git-svn-id: http://core.svn.wordpress.org/trunk@51815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Though hidden via `style="display:none;"`, if the comments aren't threaded, this commit doesn't output the cancel comment reply link (skips over that logic). Change in `comment_form()`.
Adds tests.
Follow-up to [12810], [38959].
Props henrywright, jigneshnakrani, rachelbaker, desrosj, audrasjb, hellofromTonya.
Fixes#37267.
Built from https://develop.svn.wordpress.org/trunk@52175
git-svn-id: http://core.svn.wordpress.org/trunk@51767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add required asterisk to the comment text field. Historically, the name and email fields are marked as required, but the comment text field is not, though it is actually a required field.
Props infected, solarissmoke, rianrietveld, afercia, sabernhardt, strider72, mai21, audrasjb.
Fixes#16206.
Built from https://develop.svn.wordpress.org/trunk@52029
git-svn-id: http://core.svn.wordpress.org/trunk@51621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fix the link returned by `get_comment_reply_link()` so the link points to the correct page of comments when links are paginated. While this link is normally overridden by the comment-reply script, if that script is disabled, the link would point to a location that did not exist when comments were paginated.
props MrPauloEn, paaggeli, alexstine, engahmeds3ed.
Fixes#51189.
Built from https://develop.svn.wordpress.org/trunk@51081
git-svn-id: http://core.svn.wordpress.org/trunk@50690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.
This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast
In part, this is a follow-up to #47746.
Props jrf.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@49193
git-svn-id: http://core.svn.wordpress.org/trunk@48955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Technically, the `$format` argument should always be a string, but passing `false` used to work before [47808], so this restores backward compatibility.
The list of affected functions:
* `get_the_date()`
* `get_the_time()`
* `get_comment_date()`
* `get_comment_time()`
Props wittich, Rarst, akabarikalpesh, SergeyBiryukov.
Fixes#51184.
Built from https://develop.svn.wordpress.org/trunk@48912
git-svn-id: http://core.svn.wordpress.org/trunk@48674 1a063a9b-81f0-0310-95a4-ce76da25c4cd