The way `wp_reset_vars()` sets global variables based on `$_POST` and `$_GET` values makes code hard to understand and maintain. It also makes it easy to forget to sanitize input.
This change removes the few places where `wp_reset_vars()` is used in the admin to explicitly use `$_REQUEST` and sanitize any input.
Props swissspidy, audrasjb, davideferre, killua99, weijland, voldemortensen.
Fixes#38073.
Built from https://develop.svn.wordpress.org/trunk@58069
git-svn-id: http://core.svn.wordpress.org/trunk@57534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the notice for listing dependencies in a plugin card was styled with the CSS `order` properties. This created a mismatch between the visual order and DOM order of elements in the plugin card.
For accessibility, visual order and DOM order must always match when they affect meaning and functionality.
This removes the CSS `order` properties and outputs the dependencies notice later, making the visual and DOM order match. Some unused/empty CSS is also removed.
Follow-up to [57545].
Props afercia, afragen, bosskhj, huzaifaalmesbah, mukesh27, costdev.
Fixes#60488.
Built from https://develop.svn.wordpress.org/trunk@57679
git-svn-id: http://core.svn.wordpress.org/trunk@57180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a new "Requires Plugins" plugin header so that plugin developers can list the slugs of the plugins theirs depends on.
This will inform users of the requirements, and provide links to the WordPress.org Plugins Repository that they can click to install and activate the dependencies first.
Plugins whose requirements are not met cannot be installed or activated, and they will be deactivated automatically if their requirements become unmet.
Plugins that others rely on cannot be deactivated or deleted until their dependent plugins are deactivated or deleted.
In memory of Alex Mills and Alex King.
WordPress Remembers.
Props ahoereth, afragen, alanfuller, alexkingorg, amykamala, anonymized_10690803, apeatling, ashfame, atimmer, audrasjb, aristath, azaozz, batmoo, beaulebens, blobaugh, bobbingwide, boonebgorges, brianhenryie, chanthaboune, chrisdavidmiles, coolmann, costdev, courane01, danielbachhuber, davidperez, dd32, Denis-de-Bernardy, dingo_d, DJPaul, dougal, DrewAPicture, ethitter, filosofo, georgestephanis, giuseppemazzapica-1, goldenapples, griffinjt, hellofromTonya, husobj, ideag, jarednova, jbobich, jbrinley, jltallon, joedolson, johnciacia, johnjamesjacoby, joppuyo, jsmoriss, karmatosed, kebbet, knutsp, kraftbj, kraftner, kurtpayne, lkraav, logikal16, luisherranz, man4toman, markjaquith, matt, mbijon, megphillips91, mikeschinkel, mordauk, morehawes, mrwweb, mte90, mukesh27, mzaweb, nacin, norcross, nvwd, nwjames, obliviousharmony, ocean90, oglekler, paaljoachim, pauldewouters, pbaylies, pbiron, peterwilsoncc, Philipp15b, poena, pogidude, retlehs, rmccue, ryan, sabreuse, sc0ttkclark, scribu, sereedmedia, SergeyBiryukov, ShaneF, shidouhikari, soean, spacedmonkey, stephenh1988, swissspidy, taylorde, tazotodua, threadi, TimothyBlynJacobs, TJNowell, tollmanz, toscho, tropicalista, Viper007Bond, westi, whiteshadow, williamsba1, wpsmith, ZaneMatthew.
Fixes#22316.
Built from https://develop.svn.wordpress.org/trunk@57545
git-svn-id: http://core.svn.wordpress.org/trunk@57046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds further usages of `wp_admin_notice()` in `/wp-admin/includes/` on `.notice-error`, `.notice-warning`, `.error`, and `.updated`.
Ongoing task to implement new function across core.
Follow-up to [56408], [56409], [56410], [56518], [56570], [56571], [56572], [56573], [56576], [56589], [56590], [56597].
Props joedolson, mukesh27, costdev.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56599
git-svn-id: http://core.svn.wordpress.org/trunk@56111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
Built from https://develop.svn.wordpress.org/trunk@55988
git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#writing-include-require-statements WordPress PHP coding standards], it is ''strongly recommended'' to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found.
Follow-up to [1674], [1812], [1964], [6779], [8540], [10521], [11005], [11911], [16065], [16149], [25421], [25466], [25823], [37714], [42981], [45448], [47198], [54276], [55633].
Props kausaralm, SergeyBiryukov.
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55641
git-svn-id: http://core.svn.wordpress.org/trunk@55153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the private delegation from the following classes and function:
* `WP_List_Table`
* `WP_Application_Passwords_List_Table`
* `WP_Comments_List_Table`
* `WP_Links_List_Table`
* `WP_Media_List_Table`
* `WP_MS_Sites_List_Table`
* `WP_MS_Themes_List_Table`
* `WP_MS_Users_List_Table`
* `WP_Plugin_Install_List_Table`
* `WP_Plugins_List_Table`
* `WP_Post_Comments_List_Table`
* `WP_Posts_List_Table`
* `WP_Terms_List_Table`
* `WP_Theme_Install_List_Table`
* `WP_Themes_List_Table`
* `WP_Users_List_Table`
* `_get_list_table()`
This change is to reflect the reality that list tables are very, very, very widely used by extenders and backward compatibility therefore needs to be maintained.
Introduces the filter `wp_list_table_class_name` within `_get_list_table()` to allow extenders to modify the list table returned for custom screens.
Props audrasjb, birgire, costdev, desrosj, faison, johnbillion, jrbeilke, kurtpayne, milana_cap, miqrogroove, nacin, peterwilsoncc, scribu, sergeybiryukov, sirzooro, westonruter, wonderboymusic.
Fixes#18449.
Built from https://develop.svn.wordpress.org/trunk@54378
git-svn-id: http://core.svn.wordpress.org/trunk@53937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Many `WP_List_Table` child classes in core use mostly the same code to create their "view" links markup. To DRY-up the code, a new `WP_List_Table->get_view_links` method is being introduced to consolidate the HTML link generation when provided an array of links.
This change also implements this new method in the relevant `WP_List_Table_xxx` child classes `get_views` methods. Finally, unit tests are being added to validate view links markup and test for some "unhappy paths".
Props afercia, costdev, garrett-eclipse, Dharm1025, juhise, peterwilsoncc.
Fixes#42066.
Built from https://develop.svn.wordpress.org/trunk@54215
git-svn-id: http://core.svn.wordpress.org/trunk@53774 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.
Props Presskopp, socalchristina, aandrewdixon, francina, SergeyBiryukov, JeffPaul, audrasjb, hellofromTonya.
Fixes#38913.
See #39176.
Built from https://develop.svn.wordpress.org/trunk@52978
git-svn-id: http://core.svn.wordpress.org/trunk@52567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Installation and activation of incompatible plugins was previously disallowed in [43436] and [44978], but if such a plugin was installed manually, there was nothing on the Plugins screen that would show its compatibility status.
Showing an appropriate notice with a documentation link makes the UI more consistent and improves user experience.
Follow-up to [43436], [44937], [44939], [44978], [45043], [45165], [45546], [47573], [47816], [47819], [48172], [48636], [48637], [48638], [48640], [48652], [48653], [48654], [48660].
Props TacoVerdo, SergeyBiryukov.
Fixes#53990.
Built from https://develop.svn.wordpress.org/trunk@51678
git-svn-id: http://core.svn.wordpress.org/trunk@51284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows third-party plugins to avoid accidentally being overwritten with an update of a plugin of a similar name from the WordPress.org Plugin Directory.
Additionally, introduce the `update_plugins_{$hostname}` filter, which third-party plugins can use to offer updates for a given hostname.
If set, the `Update URI` header field should be a URI and have a unique hostname.
Some examples include:
* `https://wordpress.org/plugins/example-plugin/`
* `https://example.com/my-plugin/`
* `my-custom-plugin-name`
`Update URI: false` also works, and unless there is code handling the `false` hostname, the plugin will never get an update notification.
If the header is present, the WordPress.org API will currently only return updates for the plugin if it matches the following format:
* `https://wordpress.org/plugins/{$slug}/`
* `w.org/plugin/{$slug}`
If the header has any other value, the API will not return a result and will ignore the plugin for update purposes.
Props dd32, DavidAnderson, meloniq, markjaquith, DrewAPicture, mweichert, design_dolphin, filosofo, sean212, nhuja, JeroenReumkens, infolu, dingdang, joyously, earnjam, williampatton, grapplerulrich, markparnell, apedog, afragen, miqrogroove, rmccue, crazycoders, jdgrimes, damonganto, joostdevalk, jorbin, georgestephanis, khromov, GeekStreetWP, jb510, Rarst, juliobox, Ipstenu, mikejolley, Otto42, gMagicScott, TJNowell, GaryJ, knutsp, mordauk, nvartolomei, aspexi, chriscct7, benoitchantre, ryno267, lev0, gregorlove, dougwollison, SergeyBiryukov.
See #14179, #23318, #32101.
Built from https://develop.svn.wordpress.org/trunk@50921
git-svn-id: http://core.svn.wordpress.org/trunk@50530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
Built from https://develop.svn.wordpress.org/trunk@47198
git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
Built from https://develop.svn.wordpress.org/trunk@45926
git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset uses the API functions introduced in [44476] to link to the resource about updating PHP when highlighting a plugin's required PHP version is not met. It furthermore expands them, introducing a new `wp_update_php_annotation()` function that prints the markup to indicate that the default URL has been altered by the web host, allowing it to be reused universally.
Furthermore, this changeset adds missing `update_php` capability checks before displaying the information about updating PHP.
Props afragen.
Fixes#45986. See #43986, #45686.
Built from https://develop.svn.wordpress.org/trunk@44627
git-svn-id: http://core.svn.wordpress.org/trunk@44458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The About page describes all the great changes in WordPress 5.0.
Highlights:
- Warn users of Gutenberg plugin of its deactivation upon 5.0 upgrade.
- Added illustrations to the Four Freedoms page.
- Include a link to wporg user’s plugin favorites as a way to display only the classic plugin as a suggestion for install.
- Detail the Classic Editor plugin and the support timeline.
Props pixelverbieger, ocean90, karmatosed, pento, boemedia, lonelyvegan, sami.keijonen, TimothyBlynJacobs, xkon, afercia, laurelfulford, joostdevalk, ipstenu, matveb, joen, tinkerbelly, chanthaboune, kjellr, alexislloyd, melchoyce, mcsf, courtney0burton, Otto42, cathibosco, tobifjellner, helen, audrasjb, antpb, jjj, elrae, desrosj, azaozz, joemcgill, skithund, gziolo.
Merges [43913], [43921-43922], [43937-43938], [43946-43947], [43952-43953], [43967-43969] into trunk.
Fixes#45178.
Built from https://develop.svn.wordpress.org/trunk@44264
git-svn-id: http://core.svn.wordpress.org/trunk@44094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For screens wider than 2300px, show 4 colums of search results, as 3 columns looked quite stretched out.
This change also increases the default number of search results from 30 to 36, so that the columns have an even number of results, regardless of whether there are 2, 3, or 4 of them.
Props nielslange.
Fixes#43573.
Built from https://develop.svn.wordpress.org/trunk@43669
git-svn-id: http://core.svn.wordpress.org/trunk@43498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Display a notice with an explanation and the steps required to resolve the issue.
Props afragen, schlessera, flixos90, nerrad, melchoyce, boemedia, hedgefield, joyously, johnalarcon, lakenh, afercia, acirujano, ibantxillo, SergeyBiryukov.
Fixes#43986.
Built from https://develop.svn.wordpress.org/trunk@43436
git-svn-id: http://core.svn.wordpress.org/trunk@43263 1a063a9b-81f0-0310-95a4-ce76da25c4cd