It is best to always escape the complete value of an attribute, not a partial value, as otherwise the escaping could be (partially) undone when the values are joined together.
While the hardcoded prefix/suffix values in this case don't necessarily create that risk, those may change to values which could be problematic, so making it a habit to escape the value in one go is best practice.
Includes:
* Moving a few `esc_url()` calls closer to the actual output and escaping the hash parts too.
* Wrapping a few long lines for better readability.
Follow-up to [14248], [23707], [42217], [55615].
Props jrf, SergeyBiryukov.
Fixes#57110.
Built from https://develop.svn.wordpress.org/trunk@55616
git-svn-id: http://core.svn.wordpress.org/trunk@55128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that post type or taxonomy name is consistently escaped in:
* `wp_nav_menu_item_post_type_meta_box()`
* `wp_nav_menu_item_taxonomy_meta_box()`
Follow-up to [14248], [23707].
Props zenaulislam, SergeyBiryukov.
Fixes#57110.
Built from https://develop.svn.wordpress.org/trunk@55615
git-svn-id: http://core.svn.wordpress.org/trunk@55127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Check to see if the theme.json file exists before processing the rest of the code in `_wp_theme_json_webfonts_handler`. This improves performance by not trying to parse the theme.json, early in the bootstrap process.
Props spacedmonkey, hellofromTonya, flixos90.
Fixes#57814.
Built from https://develop.svn.wordpress.org/trunk@55612
git-svn-id: http://core.svn.wordpress.org/trunk@55124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The existing lazy loading meta api, creates a queue of ids, to be primed, if the `get_comment_meta` or `get_term_meta` functions are called. However, it did not check to see if the requested id was in the queue, before prime all the ids in the queue. Now, it adds the id to the queue, is not already in the queue, saving a cache lookup / database query.
Props spacedmonkey, peterwilsoncc, mukesh27, flixos90.
Fixes#57901.
Built from https://develop.svn.wordpress.org/trunk@55608
git-svn-id: http://core.svn.wordpress.org/trunk@55120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the `fill_descendants` method in `WP_Comment_Query`, there is a loop the calls `wp_cache_get` to get `child comments. Instead of getting one key at a time, use `wp_cache_get_multiple` and get all keys at once.
Props spacedmonkey, tillkruess, mukesh27.
Fixes#57803.
Built from https://develop.svn.wordpress.org/trunk@55607
git-svn-id: http://core.svn.wordpress.org/trunk@55119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a few WPCS warnings along the lines of:
* Array double arrow not aligned correctly
* Equals sign not aligned with surrounding statements
* Usage of ELSE IF is discouraged; use ELSEIF instead
Follow-up to [55099], [55192], [55194], [55271].
Props davidbaumwald, jrf, SergeyBiryukov.
Fixes#57994.
Built from https://develop.svn.wordpress.org/trunk@55606
git-svn-id: http://core.svn.wordpress.org/trunk@55118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the About page, wraps the Field Guide's link in `__()` to provide a localized field guide, when available.
Follow-up to [55600].
Props davidbaumwald, sergeybiryukov, desrosj, javiercasares, oglekler, mukesh27, clorith, eboxnet, costdev, ocean90.
Fixes#57477.
Built from https://develop.svn.wordpress.org/trunk@55601
git-svn-id: http://core.svn.wordpress.org/trunk@55113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduced a regression for partial-hour timezones such as +05:30 UTC which is India and Sri Lanka. How? These timezones are in float. The change made in [55054] type casted them to integer which dropped the decimal for the partial-hour, making the time inaccurate. For example, +05:30 UTC (India and Sri Lanka)'s `'gmt_offset'` is `5.5`, but with the changeset, it was changed to `5`.
Reverting the changeset restores the original state of `current_time()` and thus resolves the regression.
Props reputeinfosystems, Rarst, hellofromTonya, desrosj, audrasjb, sergeybiryukov, costdev, priethor, francina, nekojonez, codingchicken, cbringmann.
See #57035.
Fixes#57998.
Built from https://develop.svn.wordpress.org/trunk@55598
git-svn-id: http://core.svn.wordpress.org/trunk@55110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to bring some consistency to the location of post template function tests, as well as to make the tests more discoverable and easier to expand.
Includes:
* Adding `@covers` tags.
* Renaming `get_post_parent()` and `has_post_parent()` tests to match the names of the functions.
Follow-up to [28398], [31522], [34654], [34950], [50127], [50396], [54717], [54726], [55590].
See #57841.
Built from https://develop.svn.wordpress.org/trunk@55591
git-svn-id: http://core.svn.wordpress.org/trunk@55103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to make the tests more discoverable and easier to expand.
Includes removing a basic test hidden among `get_pages()` tests, as there is already a more comprehensive set of tests available.
Follow-up to [1279/tests], [28399], [31338].
See #57841.
Built from https://develop.svn.wordpress.org/trunk@55590
git-svn-id: http://core.svn.wordpress.org/trunk@55102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Back when this test was introduced, `wp_list_pages()` did not have its own test class.
It does now, so the test can be moved there, instead of being hidden among `get_pages()` tests.
Includes:
* Updating the test name for clarity.
* Adding an unique message for each assertion.
Follow-up to [27755], [28400].
See #57841.
Built from https://develop.svn.wordpress.org/trunk@55588
git-svn-id: http://core.svn.wordpress.org/trunk@55100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This reverts the changes implemented in [55358] and [55360].
Changeset [55358] was committed to prevent login name collision when one user registers with the email address `user@example.com` and a second user tries to register with the username `user@example.com`. However, it also introduced a potential backward compatibility issues for plugins that use `wp_update_user()`. When updating an existing user, it throws an `existing_user_email_as_login` error if the email address is also used for the user login, due to the code introduced in [55358].
This changeset removes the new scenario added in [55358] and [55360], restoring the `wp_insert_user()` function back to its previous state.
Props polevaultweb, audrasjb, costdev, peterwilsoncc, hellofromTonya, SergeyBiryukov, azaozz.
See #57967, #57394.
Built from https://develop.svn.wordpress.org/trunk@55584
git-svn-id: http://core.svn.wordpress.org/trunk@55096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes:
* Renaming some tests for clarity.
* Moving some tests to a more appropriate place.
* Moving the `@covers` tag to the top of the class.
* Using consistent formatting for assertion messages.
Follow-up to [27767], [41849], [44587], [55569].
See #57841.
Built from https://develop.svn.wordpress.org/trunk@55583
git-svn-id: http://core.svn.wordpress.org/trunk@55095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In a previous commit, the `::sanitize_expiration()` call in the `::add()` method was moved closer to where the value is used.
This commit does the same for the other methods:
* `::cas()`
* `::replace()`
* `::set()`
* `::setMulti()`
Follow-up to [40561], [55577].
See #57841, #57963.
Built from https://develop.svn.wordpress.org/trunk@55581
git-svn-id: http://core.svn.wordpress.org/trunk@55093 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To fix the dynamic properties, the following changes are included:
* Removes `WP_Admin_Bar::__get()`.
* Declares `menu` as a property on the class, deprecates it, and initializes it to an empty array.
* Removes the unused 'proto' dynamic property.
Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0.
== Why remove the `WP_Admin_Bar::__get()` magic method?
tl;dr
The magic method is no longer needed.
The magic method only handled the `menu` and `proto` dynamic properties. Introducing a full set of magic methods is overkill for this class. Instead of having to maintain magic methods, this changeset instead directly addresses the 2 properties (see below).
== Why declare the `menu` property on the class?
tl;dr
To simplify the code while maintaining backwards compatibility for extenders who are using this deprecated property.
The `menu` property was introduced during the 3.1.0 ''development cycle'' as a declared property [15671]. Its purpose was to ''internally'' hold the menu structure.
During the WP 3.3.0 development cycle, it was replaced by a new `private` property called `nodes` (see [19120]).
But breakage reports from extenders caused it to be restored. [19501] added the `__get()` magic method, i.e. for handling it as a dynamic property, and deprecated it.
>We're not going to maintain compat for $menu. Suggest we make it array() and plugins will have to deal. We can throw a _deprecated_argument() and push them to use the new methods.
~ Source: [https://core.trac.wordpress.org/ticket/19371#comment:17 see #19371 comment 17]
[https://wpdirectory.net/search/01GSTW1X69TBN8FH3SY7V8KPY5 A search of the wp.org plugins and themes repository] shows that a few plugins are still using this deprecated property. To maintain backwards compatibility, `menu` is moved back to the class as a declared property, set to an empty array (as it's been since 3.3.0), and deprecated in the property's description.
== Why remove the `proto` dynamic property?
tl;dr
* It was not intended to be released in 3.1.
* There are no usages of it in Core or in the WP.org's plugin or theme directories.
* It should be safe to remove.
This property was first introduced in the WP 3.1.0 ''development cycle'' to replace the `PROTO` constant (see [16038]) for protocol handling for the admin bar's hyperlinks. [16077] replaced the property's usages with URL functions such as `get_admin_url()` and `admin_url()`. But it missed removing the property, which was no longer needed or used.
It was relocated to the `__get()` magic method as a dynamic property when the `menu` property was restored (see [19501]).
A search of WP.org's plugins and themes repositories shows no usages of the property. Core hasn't used it since the removed in [16038] before 3.1 final release. It should be safe to remove it, but committing very early in the 6.3 alpha cycle to give time for reports of usages, if there are any.
References:
* A [https://www.youtube.com/watch?v=vDZWepDQQVE&t=9362s live open public working session] where these changes were discussed and agreed to.
* [https://wiki.php.net/rfc/deprecate_dynamic_properties PHP RFC: Deprecate dynamic properties].
Follow-up to [19501], [19120], [16308], [16038], [15671].
Props antonvlasenko, hellofromTonya, jrf, markjaquith, desrosj, ironprogrammer, peterwilsoncc, SergeyBiryukov.
See #56876, #56034.
Built from https://develop.svn.wordpress.org/trunk@55580
git-svn-id: http://core.svn.wordpress.org/trunk@55092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the object-cache.php file used for unit tests, the add method did not work as expected. Other object cache plugins and core, have a check to see if the key exists in memory before writing it. Without this check, it used to write unnecessarily to the cache.
Props spacedmonkey, SergeyBiryukov.
Fixes#57963.
Built from https://develop.svn.wordpress.org/trunk@55577
git-svn-id: http://core.svn.wordpress.org/trunk@55089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the green background from the "dot" accent, to prevent low contrast for the dismiss button. Use menu colors for the background on alternate color schemes. Remove the "Edit styles" link as there is no longer a direct link to the global styles section of the site editor.
Follow-up to [55451].
Props sabernhardt, ryokuhi, laurlittle, richtabor.
Fixes#57759.
Built from https://develop.svn.wordpress.org/trunk@55574
git-svn-id: http://core.svn.wordpress.org/trunk@55086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Changes include:
* Renames the test class to be compliant with test coding standards.
* Converts the test class to extend `WP_Theme_UnitTestCase` to reuse test fixtures.
* Implements data providers to encapsulate datasets and reduce code repetition.
* Adds a `@covers` annotation.
* Improves assertion messages to help with diagnosing failed tests.
Follow-up to [55567], [55148], [52682], [53916], [52675-52677].
Props costdev, hellofromTonya.
See #57841, #57958.
Built from https://develop.svn.wordpress.org/trunk@55572
git-svn-id: http://core.svn.wordpress.org/trunk@55084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Convert `get_pages` to use `WP_Query` internally. Using WP_Query means that a lot of code has been removed however existing parameters supported by get_pages are transformed in to query arguments. The custom caching solution found in the old version of this function is replaced with the caching found in WP_Query (added in [53941]). This change adds consistency to the codebase, as improvements and changes to `WP_Query` will filter down to the `get_pages` function.
Props mikeschinkel, spacedmonkey, nacin, scribu, filosofo, jane, garyc40, markoheijnen, grandslambert, kevinB, wlindley, dbernar1, atimmer, mdawaffe, helen, benjibee, johnbillion, peterwilsoncc, costdev, flixos90, joemcgill.
Fixes#12821.
Built from https://develop.svn.wordpress.org/trunk@55569
git-svn-id: http://core.svn.wordpress.org/trunk@55081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[54214] added the `wp_enqueue_stored_styles()` tests and `clean_up_global_scope()` reset global method to `Tests_Theme_wpGetGlobalStylesheet`.
This changeset relocates those tests a new test class specifically for `wp_enqueue_stored_styles()` and removes `Tests_Theme_wpGetGlobalStylesheet::clean_up_global_scope()` method.
Why not relocate the `clean_up_global_scope()` method to the new test class?
The test class extends from `WP_Theme_UnitTestCase` which includes this method.
Follow-up to [54214], [54703].
Props costdev.
See #57841.
Built from https://develop.svn.wordpress.org/trunk@55567
git-svn-id: http://core.svn.wordpress.org/trunk@55079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Changes:
* Adds a test class for `wp_script_is()`.
* Moves `WP_Dependencies_jQuery::test_wp_script_is_dep_enqueued()` into this test class and splits it into 2 separate tests, happy and unhappy paths.
* Adds `WP_Scripts::query` `@covers`, as `wp_script_is()` is helper function for it.
* Relocates the global resetting from the test method to the `clean_up_global_scope()` method.
Follow-up to [52010], [29252].
Props hellofromTonya, antonvlasenko.
See #57841, #57958.
Built from https://develop.svn.wordpress.org/trunk@55565
git-svn-id: http://core.svn.wordpress.org/trunk@55077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes documenting data provider values using hash notation in the tests for:
* `convert_smilies()`
* `get_url_in_content()`
* `links_add_target()`
* `normalize_whitespace()`
Follow-up to [26191], [26327], [26328], [26972], [55562].
See #57841.
Built from https://develop.svn.wordpress.org/trunk@55563
git-svn-id: http://core.svn.wordpress.org/trunk@55075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to bring more consistency to the test suite, as the vast majority of data providers already use that prefix.
Includes moving some data providers next to the tests they are used in.
Follow-up to [55464].
See #57841.
Built from https://develop.svn.wordpress.org/trunk@55562
git-svn-id: http://core.svn.wordpress.org/trunk@55074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the classic editor, fix the publish status change text shown when a future post's date is changed to a different future date. Show 'scheduled' statement instead of 'publish' statement.
Props tyxla, sdavis2702, joedolson.
Fixes#31040.
Built from https://develop.svn.wordpress.org/trunk@55561
git-svn-id: http://core.svn.wordpress.org/trunk@55073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `$unapproved_ids` and `$unapproved_emails` in `WP_Comment_Query::get_comment_ids()` were added in [29965] and appear to never have been used.
* `$wpdb` in `WP_Comment_Query::fill_descendants()` was replaced with `$this->db` in [38275], removed in [38446], and accidentally reinstated in [38768].
Follow-up to [29965], [34546], [37625], [38275], [38446], [38768], [44546].
Props upadalavipul, dingo_d, audrasjb, SergeyBiryukov.
Fixes#57482.
Built from https://develop.svn.wordpress.org/trunk@55559
git-svn-id: http://core.svn.wordpress.org/trunk@55071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove usage of `mysql2date` in `generate_postdata`. `mysql2date` has a performance overhead, as it creates a `DateTimeZone` object each time it is called. Use a simple
sub string function to generate the values needed for the `currentmonth` and `currentday` global variables.
Props spacedmonkey, Rarst, SergeyBiryukov, flixos90.
Fixes#57683.
Built from https://develop.svn.wordpress.org/trunk@55558
git-svn-id: http://core.svn.wordpress.org/trunk@55070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a maintenance release with a new feature: DSN URL parsing, which allows you to create a PHPMailer instance with most important settings by passing in a single URL, ideal for configuring PHPMailer from an environment variable.
Note: This commit does not include new DSN class, as it is not particularly relevant for WordPress core at this time.
References:
* [https://github.com/PHPMailer/PHPMailer/releases/tag/v6.8.0 PHPMailer 6.8.0 release notes]
* [https://github.com/PHPMailer/PHPMailer/compare/v6.7...v6.8.0 Full list of changes in PHPMailer 6.8.0]
Follow-up to [50628], [50799], [51169], [51634], [51635], [52252], [52749], [52811], [53500], [53535], [53917], [54427], [54937].
Props ayeshrajans, jrf, Synchro.
Fixes#57873.
Built from https://develop.svn.wordpress.org/trunk@55557
git-svn-id: http://core.svn.wordpress.org/trunk@55069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `ftp_nlist()` receives an empty path, it checks the current working directory and may return `true`.
This affects:
* `WP_Filesystem_FTPext::exists()`
* `WP_Filesystem_ftpsockets::exists()`
As the purpose of the API is to provide a consistent interface for various filesystem implementations, this commit updates the affected methods to returns `false` when an empty path is provided, bringing consistency with the other filesystem abstraction classes, specifically `WP_Filesystem_Direct` and `WP_Filesystem_SSH2`.
Follow-up to [6779], [11821], [25274], [31815].
Props mkox, costdev, Zdrobau, dd32, pbiron, azaozz, mukesh27, SergeyBiryukov.
Fixes#33058.
Built from https://develop.svn.wordpress.org/trunk@55556
git-svn-id: http://core.svn.wordpress.org/trunk@55068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While `WP_HTML_Tag_Processor` currently only supports changing a given tag's attributes, the plan is to provide methods to make broader changes (possibly through a subclass of `WP_HTML_Tag_Processor`). The API will have the potential of replacing a tag that a bookmark points to. To prepare, this changeset makes sure that all bookmarks affected by a HTML replacement are invalidated (i.e. released).
Changes:
* Extends the existing loop in `WP_HTML_Tag_Processor::apply_attributes_updates()` that adjusts bookmarks' start and end positions upon HTML changes to check if the entire bookmark is within a portion of the HTML that has been replaced.
* Adds `WP_HTML_Tag_Processor::has_bookmark() to check whether the given bookmark name exists.
References:
* [https://github.com/WordPress/gutenberg/pull/47559 Gutenberg PR 47559]
* [https://github.com/WordPress/gutenberg/releases/tag/v15.3.0 Released in Gutenberg 15.3.0]
Follow-up to [55203].
Props bernhard-reiter, dmsnell, zieladam.
Fixes#57788.
Built from https://develop.svn.wordpress.org/trunk@55555
git-svn-id: http://core.svn.wordpress.org/trunk@55067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [41376] an inline script was added to push `idBases` for the custom html and text widgets. However, this script is not used unless the widget script is output in the widget screen / customizer. Deferring registering this script until it is needed, results in a faster server response times.
Props spacedmonkey, sakibmd, flixos90, westonruter.
Fixes#57864.
Built from https://develop.svn.wordpress.org/trunk@55553
git-svn-id: http://core.svn.wordpress.org/trunk@55065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings more consistency with other screens and avoids a PHP warning in `get_plugin_page_hookname()`:
{{{
preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
}}}
Follow-up to [13257], [13366], [55263].
Props nendeb55, costdev, SergeyBiryukov.
Fixes#57918.
Built from https://develop.svn.wordpress.org/trunk@55552
git-svn-id: http://core.svn.wordpress.org/trunk@55064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes:
* Capitalizing "ID" in a consistent way.
* Expanding the comment on not using `filter_var()`.
* Adding a `@covers` tag for the function in unit tests.
* Minor tweak to the `_doing_it_wrong()` message.
Follow-up to [53818], [55543].
See #57593.
Built from https://develop.svn.wordpress.org/trunk@55549
git-svn-id: http://core.svn.wordpress.org/trunk@55061 1a063a9b-81f0-0310-95a4-ce76da25c4cd