Commit Graph

15 Commits

Author SHA1 Message Date
Peter Wilson 6309a41a68 Upload: Fallback to `PclZip` to validate ZIP file uploads.
`ZipArchive` can fail to validate ZIP files correctly and report valid files as invalid. This introduces a fallback to `PclZip` to check validity of files if `ZipArchive` fails them.

This introduces the new function `wp_zip_file_is_valid()` to validate archives.

Follow up to [57388].

Props audunmb, azaozz, britner, cdevroe, colorful-tones, costdev, courane01, endymion00, feastdesignco, halounsbury, jeffpaul, johnbillion, jorbin, jsandtro, karinclimber, kevincoleman, koesper, maartenbelmans, mathewemoore, melcarthus, mujuonly, nerdpressteam, olegfuture, otto42, peterwilsoncc, room34, sayful, schutzsmith, stephencronin, svitlana41319, swissspidy, tnolte, tobiasbg, vikram6, welaunchio.
Fixes #60398.

Built from https://develop.svn.wordpress.org/trunk@57537


git-svn-id: http://core.svn.wordpress.org/trunk@57038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-05 22:23:06 +00:00
Aaron Jorbin a9b81d3527 Uploads: Check for and verify ZIP archives.
Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin.

Built from https://develop.svn.wordpress.org/trunk@57388


git-svn-id: http://core.svn.wordpress.org/trunk@56894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-30 14:23:12 +00:00
audrasjb 5be9311067 Docs: Use third-person singular verbs in various function descriptions, as per docblocks standards.
Props costdev, audrasjb.
See #57840.



Built from https://develop.svn.wordpress.org/trunk@55911


git-svn-id: http://core.svn.wordpress.org/trunk@55423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-14 06:34:27 +00:00
Sergey Biryukov 2ec23a82ed Code Modernization: Replace usage of `strpos()` with `str_starts_with()`.
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).

WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.

While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.

Follow-up to [52039], [52040], [52326].

Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes #58012.
Built from https://develop.svn.wordpress.org/trunk@55703


git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-02 15:45:22 +00:00
Sergey Biryukov c03305852e Code Modernization: Add `AllowDynamicProperties` attribute to all (parent) classes.
Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0.

There are a number of ways to mitigate this:
* If it is an accidental typo for a declared property: fix the typo.
* For known properties: declare them on the class.
* For unknown properties: add the magic `__get()`, `__set()`, et al. methods to the class or let the class extend `stdClass` which has highly optimized versions of these magic methods built in.
* For unknown ''use'' of dynamic properties, the `#[AllowDynamicProperties]` attribute can be added to the class. The attribute will automatically be inherited by child classes.

Trac ticket #56034 is open to investigate and handle the third and fourth type of situations, however it has become clear this will need more time and will not be ready in time for WP 6.1.

To reduce “noise” in the meantime, both in the error logs of WP users moving onto PHP 8.2, in the test run logs of WP itself, in test runs of plugins and themes, as well as to prevent duplicate tickets from being opened for the same issue, this commit adds the `#[AllowDynamicProperties]` attribute to all “parent” classes in WP.

The logic used for this commit is as follows:
* If a class already has the attribute: no action needed.
* If a class does not `extend`: add the attribute.
* If a class does `extend`:
 - If it extends `stdClass`: no action needed (as `stdClass` supports dynamic properties).
 - If it extends a PHP native class: add the attribute.
 - If it extends a class from one of WP's external dependencies: add the attribute.
* In all other cases: no action — the attribute should not be needed as child classes inherit from the parent.

Whether or not a class contains magic methods has not been taken into account, as a review of the currently existing magic methods has shown that those are generally not sturdy enough and often even set dynamic properties (which they should not). See the [https://www.youtube.com/watch?v=vDZWepDQQVE live stream from August 16, 2022] for more details.

This commit only affects classes in the `src` directory of WordPress core.
* Tests should not get this attribute, but should be fixed to not use dynamic properties instead. Patches for this are already being committed under ticket #56033.
* While a number bundled themes (2014, 2019, 2020, 2021) contain classes, they are not a part of this commit and may be updated separately.

Reference: [https://wiki.php.net/rfc/deprecate_dynamic_properties PHP RFC: Deprecate dynamic properties].

Follow-up to [53922].

Props jrf, hellofromTonya, markjaquith, peterwilsoncc, costdev, knutsp, aristath.
See #56513, #56034.
Built from https://develop.svn.wordpress.org/trunk@54133


git-svn-id: http://core.svn.wordpress.org/trunk@53692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-12 15:47:14 +00:00
Sergey Biryukov 9a9617ea72 Coding Standards: Rename the `$object` variable to `$attachment` in several files.
This brings some consistency with a similar fragment in `Custom_Image_Heade::step_2_manage_upload()`, `WP_Site_Icon::insert_attachment()`, `media_handle_upload()`, and clarifies the type of the data.

Follow-up to [52946], [53137].

See #55327, #54728.
Built from https://develop.svn.wordpress.org/trunk@53183


git-svn-id: http://core.svn.wordpress.org/trunk@52772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-14 15:15:12 +00:00
Sergey Biryukov 001ffe81fb Docs: Improve inline comments per the documentation standards.
Includes minor code layout fixes for better readability.

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47122


git-svn-id: http://core.svn.wordpress.org/trunk@46922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 00:45:18 +00:00
Gary Pendergast cf3fa9f7c8 Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in `wp-admin`.
See #47632.


Built from https://develop.svn.wordpress.org/trunk@45583


git-svn-id: http://core.svn.wordpress.org/trunk@45394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-01 12:52:01 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
John Blackbourn 28eda6f4bc General: Improve terminology used when referring to installations of WordPress and its extensions.
"Install" is not a noun, and while it might be acceptable to use the verb as a noun, it is not correct. Using the correct
noun, "installation", increases clarity, especially for non-native English speakers.

This change fixes the usage in user-facing text and in developer documentation.

Fixes #41620

Built from https://develop.svn.wordpress.org/trunk@41289


git-svn-id: http://core.svn.wordpress.org/trunk@41129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-22 11:52:48 +00:00
Drew Jaynes 1a28ec87e1 Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes.
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.

See #41452.

Built from https://develop.svn.wordpress.org/trunk@41161


git-svn-id: http://core.svn.wordpress.org/trunk@41001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 00:40:43 +00:00
Pascal Birchler 54720a14d8 Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`.
Built from https://develop.svn.wordpress.org/trunk@38524


git-svn-id: http://core.svn.wordpress.org/trunk@38465 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-06 17:26:31 +00:00
Dominik Schilling f81b65688a Upgrader: Add changelog entries for when the classes were moved to its own file.
See #36618.
Built from https://develop.svn.wordpress.org/trunk@37432


git-svn-id: http://core.svn.wordpress.org/trunk@37398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 20:59:27 +00:00
Dominik Schilling 23e2a486ae Upgrader: Update file headers for new files added in [37409].
Part 5/8.
See #36618.
Built from https://develop.svn.wordpress.org/trunk@37410


git-svn-id: http://core.svn.wordpress.org/trunk@37376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-10 11:52:28 +00:00
Dominik Schilling 14e5d77132 Upgrader: Copy `WP_Upgrader` subclasses into one file per class.
Part 4/8.
See #36618.
Built from https://develop.svn.wordpress.org/trunk@37409


git-svn-id: http://core.svn.wordpress.org/trunk@37375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-10 11:45:42 +00:00