Commit Graph

499 Commits

Author SHA1 Message Date
audrasjb d9d303f812 Media: Prevent CSRF setting attachment thumbnails.
Props martinkrcho, paulkevan, peterwilsoncc, xknown, peterwilsoncc.


Built from https://develop.svn.wordpress.org/trunk@55764


git-svn-id: http://core.svn.wordpress.org/trunk@55276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-16 14:27:21 +00:00
Sergey Biryukov 2ec23a82ed Code Modernization: Replace usage of `strpos()` with `str_starts_with()`.
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).

WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.

While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.

Follow-up to [52039], [52040], [52326].

Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes #58012.
Built from https://develop.svn.wordpress.org/trunk@55703


git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-02 15:45:22 +00:00
Sergey Biryukov 0008d8df06 Coding Standards: Replace `include_once` with `require_once` for required files.
Per [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#writing-include-require-statements WordPress PHP coding standards], it is ''strongly recommended'' to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found.

Follow-up to [1674], [1812], [1964], [6779], [8540], [10521], [11005], [11911], [16065], [16149], [25421], [25466], [25823], [37714], [42981], [45448], [47198], [54276], [55633].

Props kausaralm, SergeyBiryukov.
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55641


git-svn-id: http://core.svn.wordpress.org/trunk@55153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-04-09 11:57:22 +00:00
audrasjb c41d5e69d3 Media: Revert `wp_ajax_save_attachment_updated` hook.
This changeset removes the `wp_ajax_save_attachment_updated` hook by reverting [55106], [55111], and [55450], to give it more time for further discussions as there are still concerns about whether this hook is necessary.

Follow-up to [55106], [55111], [55450].

Props costdev, SergeyBiryukov, peterwilsoncc, azaozz.
See #23148.

Built from https://develop.svn.wordpress.org/trunk@55474


git-svn-id: http://core.svn.wordpress.org/trunk@55007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-07 13:13:22 +00:00
audrasjb 3fdc61552e Media: Rename the `wp_ajax_save_attachment` action hook to `wp_ajax_save_attachment_updated`.
This changeset renames the `wp_ajax_save_attachment` action to `wp_ajax_save_attachment_updated` to avoid confusion with the similarly named `wp_ajax_save-attachment` action. This also add a dockblock note to indicate that when checking if an action is being done, `doing_action( 'wp_ajax_save-attachment' )` may be used if that is more convenient.

Follow-up to [55106].

Props azaozz, sc0ttkclark, costdev.
Fixes #23148

Built from https://develop.svn.wordpress.org/trunk@55450


git-svn-id: http://core.svn.wordpress.org/trunk@54983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-01 16:32:20 +00:00
Sergey Biryukov 1553e3fa00 Coding Standards: Rename `$post_ID` variable to `$post_id` in various files.
The `$post_ID` variable is [546f59c678/WordPress/Sniffs/NamingConventions/ValidVariableNameSniff.php (L54) technically allowed in WPCS], as there is a global of the same name that needs to remain for backward compatibility. However, this name is mostly a remnant of legacy code, and switching to `$post_id` where appropriate brings more consistency with the rest of core.

Additionally, this commit resolves a few WPCS warnings in core:
{{{
Variable "$post_IDs" is not in valid snake_case format
}}}

This affects:
* Function parameters in:
 * `add_meta()`
 * `post_preview()`
 * `WP_Embed::delete_oembed_caches()`
 * `WP_Embed::cache_oembed()`
 * `wp_get_post_cats()`
 * `wp_set_post_cats()`
 * `wp_unique_post_slug()`
 * `wp_set_post_categories()`
 * `wp_check_post_hierarchy_for_loops()`
 * `wp_add_trashed_suffix_to_post_name_for_trashed_posts()`
 * `wp_filter_wp_template_unique_post_slug()`
 * `wp_xmlrpc_server::add_enclosure_if_new()`
 * `wp_xmlrpc_server::attach_uploads()`
 * `wp_xmlrpc_server::mt_getTrackbackPings()`
* Internal variables in:
 * `wp_ajax_inline_save()`
 * `wp_ajax_set_post_thumbnail()`
 * `wp_ajax_get_post_thumbnail_html()`
 * `edit_post()`
 * `bulk_edit_posts()`
 * `wp_write_post()`
 * `WP_Embed::shortcode()`
 * `wp_insert_post()`
 * `wp_xmlrpc_server::_insert_post()`
 * `wp_xmlrpc_server::blogger_getPost()`
 * `wp_xmlrpc_server::blogger_newPost()`
 * `wp_xmlrpc_server::blogger_editPost()`
 * `wp_xmlrpc_server::blogger_deletePost()`
 * `wp_xmlrpc_server::mw_getPost()`
 * `wp_xmlrpc_server::mw_newPost()`
 * `wp_xmlrpc_server::mw_editPost()`
 * `wp_xmlrpc_server::mt_getPostCategories()`
 * `wp_xmlrpc_server::mt_setPostCategories()`
 * `wp_xmlrpc_server::mt_publishPost()`
 * `wp_xmlrpc_server::pingback_ping()`
* Hook parameters in:
 * `oembed_ttl`
 * `embed_oembed_html`
 * `wp_insert_post_parent`
 * `add_trashed_suffix_to_trashed_posts`
 * `pre_post_update`
 * `edit_attachment`
 * `attachment_updated`
 * `add_attachment`
 * `edit_post_{$post->post_type}`
 * `edit_post`
 * `post_updated`
 * `save_post_{$post->post_type}`
 * `save_post`
 * `wp_insert_post`
 * `pre_wp_unique_post_slug`
 * `wp_unique_post_slug`
 * `xmlrpc_call_success_blogger_newPost`
 * `xmlrpc_call_success_blogger_editPost`
 * `xmlrpc_call_success_blogger_deletePost`
 * `xmlrpc_call_success_mw_newPost`
 * `xmlrpc_call_success_mw_editPost`

Note: The name change only affects variable names and DocBlocks.

The change does not affect the `$post_ID` global still used in a few places.

Follow-up to [51399], [52958], [53723], [53729], [55190], [55308], [55334].

Props mahekkalola, tanjimtc71, SergeyBiryukov.
Fixes #57692.
Built from https://develop.svn.wordpress.org/trunk@55365


git-svn-id: http://core.svn.wordpress.org/trunk@54898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-19 15:05:22 +00:00
Sergey Biryukov b29536b060 General: Check that `set_time_limit()` function is available before using it in core.
This avoids a fatal error if the function is disabled on certain environments.

Props theode, jokerrs, johnbillion, hellofromTonya, costdev, jrf, azaozz, SergeyBiryukov.
Fixes #55711.
Built from https://develop.svn.wordpress.org/trunk@55258


git-svn-id: http://core.svn.wordpress.org/trunk@54791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 13:28:18 +00:00
audrasjb 28358ab213 HTTP API: Fix request header inconsistencies.
This changeset improves the consistency in capitalization of fetching and outputting of request headers. It also updates occurrences found in some docblocks.

Props johnjamesjacoby, costdev, audrasjb, petitphp, mhkuu, SergeyBiryukov.
Fixes #54225.

Built from https://develop.svn.wordpress.org/trunk@55210


git-svn-id: http://core.svn.wordpress.org/trunk@54743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-03 13:35:20 +00:00
Sergey Biryukov 4568b1fb32 Docs: Further clarify the `wp_ajax_save_attachment` filter parameters description.
Follow-up to [55106].

See #23148.
Built from https://develop.svn.wordpress.org/trunk@55111


git-svn-id: http://core.svn.wordpress.org/trunk@54644 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-21 15:58:10 +00:00
audrasjb fe3e932421 Media: Add an action hook on `wp_ajax_save_attachment()`.
This changeset introduces the `wp_ajax_save_attachment` action hook, triggered after an attachment has been updated and before the JSON response is sent. For example, it allows developers to update any additional attachment fields that have been rendered by extending the `media.view.Attachment.Details` subview.

Props griffinjt, bradyvercher, pputzer, antpb, sc0ttkclark, audrasjb, costdev, hellofromTonya.
Fixes #23148.

Built from https://develop.svn.wordpress.org/trunk@55106


git-svn-id: http://core.svn.wordpress.org/trunk@54639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-20 14:17:16 +00:00
Sergey Biryukov 3ba44120d0 Coding Standards: Always use parentheses when instantiating an object.
Note: This will be enforced by WPCS 3.0.0.

Props jrf.
See #56791.
Built from https://develop.svn.wordpress.org/trunk@54891


git-svn-id: http://core.svn.wordpress.org/trunk@54443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-29 15:51:14 +00:00
audrasjb b7f48d4cb4 Media: Refactor search by filename within the admin.
Props vortfu, xknown, peterwilsoncc, paulkevan.

Built from https://develop.svn.wordpress.org/trunk@54524


git-svn-id: http://core.svn.wordpress.org/trunk@54079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 11:19:11 +00:00
davidbaumwald b266a2d535 Shortcodes: Revert recent `apply_shortcodes` and `do_shortcode` changes.
[54248] reversed the wrapping of `do_shortcode` and `apply_shortcodes` and updated all direct internal calls of `do_shortcode` to `apply_shortcodes` after [47004].  After further consideration, the long history of `do_shortcodes` should be favored over any subjective semantic improvements.  This change reverts the remaining changes from #55883 not already reverted in [54278].

Follow-up to [47004], [54248], and [54278].

Props azaozz, jorbin.
See #55883.
Built from https://develop.svn.wordpress.org/trunk@54319


git-svn-id: http://core.svn.wordpress.org/trunk@53878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-26 22:43:10 +00:00
audrasjb 85cb9e4963 Shortcodes: Reverse wrapping of `apply_shortcodes()` and `do_shortcode()`.
This changeset reverses the wrapping of `apply_shortcodes()` and `do_shortcode()` such that `apply_shortcodes()` is now the recommended function. In addition:

- Calls to `do_shortcode()` have been changed to `apply_shortcodes()`.
- Some default filter callbacks have been changed from `'do_shortcode'` to `'apply_shortcodes'`.
- Applicable documentation has been updated to refer to `apply_shortcodes()` instead.

Follow-up to [47004].

Props SergeyBiryukov, rafiahmedd, namithjawahar, peterwilsoncc, costdev.
Fixes #55883.

Built from https://develop.svn.wordpress.org/trunk@54248


git-svn-id: http://core.svn.wordpress.org/trunk@53807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-20 10:31:14 +00:00
Peter Wilson 0161ef8f72 Media: Cache parent posts in query-attachments AJAX endpoint.
Prime the parent post objects `wp_ajax_query_attachments()` to reduce the number of database queries in the query-attachments admin-ajax endpoint.

Props albatross10.
Fixes #56037.


Built from https://develop.svn.wordpress.org/trunk@53885


git-svn-id: http://core.svn.wordpress.org/trunk@53444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-12 00:17:07 +00:00
Sergey Biryukov f53c815b6e Coding Standards: Use more meaningful variables names in some Ajax functions.
This renames `$tax` to `$taxonomy_object` and `$s` to `$search` for clarity. The latter is only renamed when used as an internal variable and not referring to the `$s` global.

The list of affected functions:
* `wp_ajax_ajax_tag_search()`
* `wp_ajax_add_link_category`
* `wp_ajax_add_tag()`
* `wp_ajax_get_tagcloud()`
* `wp_ajax_inline_save_tax()`
* `wp_ajax_find_posts()`

Follow-up to [6542], [8901], [10222], [12833], [16771], [16992], [22723], [38698].

Props azouamauriac.
Fixes #55098.
Built from https://develop.svn.wordpress.org/trunk@53801


git-svn-id: http://core.svn.wordpress.org/trunk@53360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-30 15:16:08 +00:00
audrasjb 49ace608dc Taxonomy: Allow filtering Ajax term search results in quick edit.
This changeset introduces the `ajax_term_search_results` hook which can be used to filter the term search results returned by the AJAX term query.

Props grandeljay, costdev, ironprogrammer, audrasjb, SergeyBiryukov.
Fixes #55606.

Built from https://develop.svn.wordpress.org/trunk@53781


git-svn-id: http://core.svn.wordpress.org/trunk@53340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-26 13:23:14 +00:00
Sergey Biryukov ee4f7d7415 Coding Standards: Adjust the logic slightly in `wp_ajax_replyto_comment()`.
This aims to bring more consistency to the function logic by separating the comment content and type checks from the user existence check.

Follow-up to [8720], [9098], [29758].

See #55647.
Built from https://develop.svn.wordpress.org/trunk@53747


git-svn-id: http://core.svn.wordpress.org/trunk@53306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-21 10:59:10 +00:00
Sergey Biryukov e2a5b8684e Coding Standards: Standardize on `user_id` when passing data to comment functions.
The `wp_new_comment()`, `wp_update_comment()`, and `wp_filter_comment()` functions already normalize the `user_ID` parameter internally to `user_id`, which matches the database field name.

This commit aims to bring some consistency when passing the parameter in core.

The corresponding `$user_ID` variable is also renamed to `$user_id` to match the other variables when not referring to the `$user_ID` global, which has an exception in the WordPress coding standards.

Follow-up to [8543], [8720], [12267], [12300], [26491], [28915], [28922], [34799], [49303].

See #55647, #56244.
Built from https://develop.svn.wordpress.org/trunk@53729


git-svn-id: http://core.svn.wordpress.org/trunk@53288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-20 14:14:09 +00:00
Sergey Biryukov 69a8ecce33 Coding Standards: Rename `$comment_post_ID` and `$comment_author_IP` variables in various files.
This fixes two WPCS warnings:
* `Variable "$comment_post_ID" is not in valid snake_case format`
* `Variable "$comment_author_IP" is not in valid snake_case format`

While matching the database fields of the same name, these variables did not follow the WordPress coding standards, and are now renamed to address that.

Note: The name change only affects internal variables and parameters for a few actions receiving a comment post ID:

* `edit_comment`
* `comment_id_not_found`
* `comment_closed`
* `comment_on_trash`
* `comment_on_draft`
* `comment_on_password_protected`
* `pre_comment_on_post`

The change does not affect parameters for functions receiving an array of comment data:

* `wp_insert_comment()`
* `wp_new_comment()`
* `wp_update_comment()`
* `wp_handle_comment_submission()`

The associated array keys still match the database fields: `comment_post_ID` and `comment_author_IP`.

Follow-up to [1706], [2894], [8720], [28427], [28437], [28457], [34799], [53720],

See #55647, #56244.
Built from https://develop.svn.wordpress.org/trunk@53723


git-svn-id: http://core.svn.wordpress.org/trunk@53282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-19 16:19:11 +00:00
Sergey Biryukov 01d172b581 General: Replace all `esc_url_raw()` calls in core with `sanitize_url()`.
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.
Built from https://develop.svn.wordpress.org/trunk@53455


git-svn-id: http://core.svn.wordpress.org/trunk@53044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-01 18:14:10 +00:00
audrasjb 4de4330b17 General: Add missing `strong` tag to some error messages.
This changeset adds missing `strong` tag to some error messages and updates some AJAX messages, for better consistency.

Follow-up to [53118].

Props NekoJonez, audrasjb, ocean90.
Fixes #54437.

Built from https://develop.svn.wordpress.org/trunk@53337


git-svn-id: http://core.svn.wordpress.org/trunk@52926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-05-03 14:53:09 +00:00
Sergey Biryukov 9a9617ea72 Coding Standards: Rename the `$object` variable to `$attachment` in several files.
This brings some consistency with a similar fragment in `Custom_Image_Heade::step_2_manage_upload()`, `WP_Site_Icon::insert_attachment()`, `media_handle_upload()`, and clarifies the type of the data.

Follow-up to [52946], [53137].

See #55327, #54728.
Built from https://develop.svn.wordpress.org/trunk@53183


git-svn-id: http://core.svn.wordpress.org/trunk@52772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-14 15:15:12 +00:00
Peter Wilson ce1dd08c07 Administration: Remove term page check from `ajax-response.js`.
Replace hard coded check for the term creation page in `_enqueues/lib/ajax-response.js` with a check for a notification to display in the AJAX response data.

Follow up to  [52170], [52672].

Props SergeyBiryukov, ryokuhi, johnregan3, sabernhardt, joedolson.
Fixes #55078.
See #54955.

Built from https://develop.svn.wordpress.org/trunk@53123


git-svn-id: http://core.svn.wordpress.org/trunk@52712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-11 04:37:00 +00:00
Peter Wilson a334e05915 Editor: Limit display of tags on classic editor.
On the classic editor, limit the search of tags and non-hierarchical taxonomies to twenty results. This in turn prevents an unbounded database query via an AJAX request.

Props pikamander2, costdev, azouamauriac, audrasjb.
Fixes #55052.


Built from https://develop.svn.wordpress.org/trunk@53089


git-svn-id: http://core.svn.wordpress.org/trunk@52678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-07 04:06:05 +00:00
Peter Wilson 3d9bb812f1 Taxonomy: Show error message for terms without a name.
Display an error message to users if they attempt to create a term without a name via the admin-ajax `add-tag` action. This improves the accessibility of the screen by avoiding the use of color alone to indicate an error.

Props conner_bw, birgire, afercia.
Fixes #47018.


Built from https://develop.svn.wordpress.org/trunk@53088


git-svn-id: http://core.svn.wordpress.org/trunk@52677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-07 03:50:05 +00:00
joedolson 34e9346967 Media: Preserve attachment properties on cropping custom logo.
Migrate the alternative text, title, description, and caption of an image over to the cropped copy of the image after cropping. Ensure that characteristics added to an image prior to cropping are not lost.

Props flixos90, Clorith, afercia, antonvlasenko, ironprogrammer, hellofromTonya.
Fixes #37750.

Built from https://develop.svn.wordpress.org/trunk@53027


git-svn-id: http://core.svn.wordpress.org/trunk@52616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-29 21:48:14 +00:00
audrasjb 223cda987f Administration: Replace contracted verb forms for better consistency.
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.

Props Presskopp, socalchristina, aandrewdixon, francina, SergeyBiryukov, JeffPaul, audrasjb, hellofromTonya.
Fixes #38913.
See #39176.

Built from https://develop.svn.wordpress.org/trunk@52978


git-svn-id: http://core.svn.wordpress.org/trunk@52567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-22 16:25:03 +00:00
davidbaumwald 12134c3435 Coding Standards: Fix minor alignment issue in `wp_ajax_install_theme()`.
Follow-up to [52819].

See #54728.

Built from https://develop.svn.wordpress.org/trunk@52840


git-svn-id: http://core.svn.wordpress.org/trunk@52429 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-10 17:32:03 +00:00
Peter Wilson 8db01b9c6b Themes: Hide block themes' live preview link following installation.
Prevent the Customizer/Live Preview button from showing for installed block themes when on the theme installation page.

Props antonvlasenko, costdev, ironprogrammer.
Fixes #54878.


Built from https://develop.svn.wordpress.org/trunk@52819


git-svn-id: http://core.svn.wordpress.org/trunk@52408 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-04 02:39:03 +00:00
joedolson dbc8d76a9f Taxonomy: Display update notices when adding terms.
Display notice and announce to screen readers when a new term is added. 

Props manishamakhija, birgire, dilipbheda, afercia, hellofromTonya.
Fixes #42937.

Built from https://develop.svn.wordpress.org/trunk@52170


git-svn-id: http://core.svn.wordpress.org/trunk@51762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-15 22:24:01 +00:00
joedolson 06e7a012b1 Commit Standards: Revert [52168] to correct commit message.
Used incorrect commit message..

Follow up to [52168].

See #42937.
Built from https://develop.svn.wordpress.org/trunk@52169


git-svn-id: http://core.svn.wordpress.org/trunk@51761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-15 22:18:00 +00:00
joedolson b07f107447 Media: Featured image modal loads only selected image.
Fix bug introduced in [50829] that caused media modal to only load the selected image. Executes `.more()` when loading the modal to ensure that the media collection is available.

Props manishamakhija, birgire, dilipbheda, afercia, hellofromTonya.
Fixes #42937.
Built from https://develop.svn.wordpress.org/trunk@52168


git-svn-id: http://core.svn.wordpress.org/trunk@51760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-15 21:55:00 +00:00
Sergey Biryukov 3ab8d52d78 Media: Use `WP_Query::get()` method to retrieve the `posts_per_page` value in `wp_ajax_query_attachments()`.
This avoids a PHP notice and ensures that a default value is always provided if none is set by the user.

Follow-up to [51145], [51485].

Props davidwebca, mukesh27.
Fixes #54129.
Built from https://develop.svn.wordpress.org/trunk@51982


git-svn-id: http://core.svn.wordpress.org/trunk@51571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 18:30:02 +00:00
Sergey Biryukov b218b7504c Media: Check the `posts_per_page` value in `wp_ajax_query_attachments()` before using it as a divisor.
This avoids a "Division by zero" PHP warning if a plugin changes the `posts_per_page` value to zero.

Follow-up to [51145].

Props 2linctools, kapilpaul, audrasjb.
Fixes #53773.
Built from https://develop.svn.wordpress.org/trunk@51485


git-svn-id: http://core.svn.wordpress.org/trunk@51096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-07-25 09:56:57 +00:00
joedolson c17e2baa80 Media: Correct undefined variable in wp_ajax_query_attachments.
Fix a misnamed variable introduced in [51145]. Change `$query_args` to correctly defined variable `$query`.

Follow-up to [51145].

props desrosj, audrasjb.
Fixes #50105.
Built from https://develop.svn.wordpress.org/trunk@51224


git-svn-id: http://core.svn.wordpress.org/trunk@50833 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-23 22:47:59 +00:00
desrosj 5acf559613 Docs: Remove inaccurate `@since` tag.
Follow up to [50829,50831,51145,51147].

Props johnbillion.
Fixes #53461. See #50105.
Built from https://develop.svn.wordpress.org/trunk@51222


git-svn-id: http://core.svn.wordpress.org/trunk@50831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-23 19:09:56 +00:00
desrosj e0e19035dc Coding Standards: Apply some alignment fixes.
Follow up to [51145].
See #50105.
Built from https://develop.svn.wordpress.org/trunk@51147


git-svn-id: http://core.svn.wordpress.org/trunk@50756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-14 23:43:02 +00:00
joedolson fe1cb3ff0d Media: Restore AJAX response data shape in media library.
Restore the original shape of the AJAX response data in the media library after removing infinite scroll, and pass total number of attachments in the response headers `X-WP-Total` and `X-WP-TotalPages`. 

Improve backwards compatibility for plugins intercepting the ajax response. Headers match the structure and count calculation used in REST API responses.

Fix an issue with hiding the spinner after the load is completed and ensure that the load more view is created when changing tabs in the media library modal.

Follow up to [50829].

props adamsilverstein, spacedmonkey, joedolson.
Fixes #50105.
Built from https://develop.svn.wordpress.org/trunk@51145


git-svn-id: http://core.svn.wordpress.org/trunk@50754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-14 20:50:57 +00:00
desrosj 0d1e4e553c General: Avoid unnecessary calls to `update_user_option()`.
The `update_user_option()` function is a way to update a user meta value after adding a blog’s prefix to the beginning of the meta key. But when the fourth parameter is `true`, the behavior is exactly the same as calling `update_user_meta()` directly.

This replaces all instances of `update_user_option()` when the fourth parameter is `true` in Core with a direct call to `update_user_meta()` to prevent an unnecessary call to `update_user_option()`.

Props johnjamesjacoby, zkancs, obenland, desrosj.
Fixes #43339.
Built from https://develop.svn.wordpress.org/trunk@50981


git-svn-id: http://core.svn.wordpress.org/trunk@50590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-24 19:59:57 +00:00
Sergey Biryukov f30138fd8a Docs: Correct `@since` tags for new properties and functions related to infinite scrolling in Media Library.
Follow-up to [50829].

See #50105, #40330, #52628.
Built from https://develop.svn.wordpress.org/trunk@50831


git-svn-id: http://core.svn.wordpress.org/trunk@50440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-08 11:22:03 +00:00
joedolson 9b6710c43c Media: Remove infinite scroll from media library and modal.
Replace infinitely autoloading behavior on scroll with a user-controlled load more button. Fix a long standing accessibility issue in the media library. Infinite scroll poses a wide range of problems for accessibility, usability, and performance.

This change modifies the library to load 40 items in the initial view, with a load more button to load the next 40 items and a button to move focus from the load more region to the first of the most recently added items.

The text for communicating the jump target was broadly discussed, agreeing that the text incorporated here would most concisely and clearly convey the purpose of the button, and any further detail is learnable from use.
 
Props afercia, adamsilverstein, joedolson, audrasjb, francina 
Fixes #50105. See #40330. 
Built from https://develop.svn.wordpress.org/trunk@50829


git-svn-id: http://core.svn.wordpress.org/trunk@50438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-07 23:19:03 +00:00
Sergey Biryukov d3d78e755b Coding Standards: Add a space before `/` character in some self-closing HTML tags.
While this has no effect on the code, it fixes a minor inconsistency with the rest of core.

Props laxman-prajapati.
Fixes #52870.
Built from https://develop.svn.wordpress.org/trunk@50556


git-svn-id: http://core.svn.wordpress.org/trunk@50169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-03-20 18:30:08 +00:00
Sergey Biryukov 50f8dafe17 Users: Correctly display an error message after clicking the "Send Reset Link" button.
The `addInlineNotice()` function expects a single string as a success or error message, not an array of strings.

Follow-up to [50129].

Props audrasjb.
Fixes #52573.
Built from https://develop.svn.wordpress.org/trunk@50390


git-svn-id: http://core.svn.wordpress.org/trunk@50001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-19 17:24:05 +00:00
Sergey Biryukov b88325dbc6 I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
Adjust some newly introduced strings to remove unnecessary numbered placeholders for consistency.

Follow-up to [42827].

See #51800.
Built from https://develop.svn.wordpress.org/trunk@50234


git-svn-id: http://core.svn.wordpress.org/trunk@49895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-07 12:44:04 +00:00
Sergey Biryukov 87f1e31871 Login and Registration: Improve the UX of the Reset Password screen.
Previously, it was unclear that the displayed password is only being suggested and should be saved by clicking the Reset Password button.

This adds separate Generate Password and Save Password buttons, for clarity.

Props xkon, estelaris, jaymanpandya, hedgefield, audrasjb, erichmond, magicroundabout, lukecavanagh, knutsp, tinodidriksen, nico_martin, markhowellsmead, kara.mcnair, e_baker, pixelverbieger, souri_wpaustria, megabyterose, poena, whyisjake.
Fixes #39638.
Built from https://develop.svn.wordpress.org/trunk@50153


git-svn-id: http://core.svn.wordpress.org/trunk@49832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 18:13:04 +00:00
antpb f80e5d0919 Media: Avoid suppressing errors when using `getimagesize()`.
Previously, all logic utilizing `getimagesize()` was supressing errors making it difficult to debug usage of the function. 

A new `wp_getimagesize()` function has been added to allow the errors to no longer be suppressed when `WP_DEBUG` is enabled.

Props Howdy_McGee, SergeyBiryukov, mukesh27, davidbaumwald, noisysocks, hellofromTonya.
Fixes #49889.

Built from https://develop.svn.wordpress.org/trunk@50146


git-svn-id: http://core.svn.wordpress.org/trunk@49825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 16:53:04 +00:00
Adam Silverstein 315b1c185d Users: enable admins to send users a reset password link.
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.

The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.

Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes #34281.


Built from https://develop.svn.wordpress.org/trunk@50129


git-svn-id: http://core.svn.wordpress.org/trunk@49808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-01 22:13:03 +00:00
Sergey Biryukov 0e3147c40e Coding Standards: Replace alias PHP functions with the canonical names.
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.

This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast

In part, this is a follow-up to #47746.

Props jrf.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@49193


git-svn-id: http://core.svn.wordpress.org/trunk@48955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-18 17:27:06 +00:00
TimothyBlynJacobs 039ce3f16f Site Health, REST API: Move async tests to REST API endpoints.
This provides more flexibility when writing tests and benefits from running in a front-end context which is necessary for some tests like checking that updates are supported. Additionally, this provides a more robust interface for developers who want to integrate with Site Health tests.

Because the `wp/v2` endpoint is reserved for modeling core entities, site health is registered in its own `wp-site-health/v1` namespace.

The existing ajax actions have been maintained for backward compatibility.

Props Clorith, chrisvanpatten, afragen, pokhriyal, TimothyBlynJacobs.
Fixes #48105.

Built from https://develop.svn.wordpress.org/trunk@49154


git-svn-id: http://core.svn.wordpress.org/trunk@48916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-15 02:00:08 +00:00