Commit Graph

173 Commits

Author SHA1 Message Date
Sergey Biryukov
47c4ff7102 HTTP API: Revert changeset [52244].
Reverting Requests 2.0.0 changes and moving to WordPress 6.0 cycle. Why? The namespace and file case renaming revealed 2 issues in Core's upgrader process.

See https://core.trac.wordpress.org/ticket/54504#comment:22 for more information.

Follow-up to [52327].

See #54562, #54504.
Built from https://develop.svn.wordpress.org/trunk@52328


git-svn-id: http://core.svn.wordpress.org/trunk@51920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-12-06 21:30:03 +00:00
Sergey Biryukov
95f823d933 External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.

Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.

Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0

For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0

Follow-up to [50842], [51078].

Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244


git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-25 01:12:02 +00:00
hellofromTonya
9d4d3f8fba HTTP API: Ensure value returned from 'http_allowed_safe_ports' is an array to avoid PHP 8+ TypeError fatal error.
Adds an `is_array()` check before the `in_array()`. Why? `in_array()` requires a array for the haystack. Any other data type will cause a fatal error on PHP 8.0 or higher:

{{{
Fatal error: Uncaught TypeError: in_array(): Argument #2 ($haystack) must be of type array
}}}

As this is a new filter, this type check properly guards to avoid the fatal error.

Follow-up to [52084].

See #54331.
Built from https://develop.svn.wordpress.org/trunk@52085


git-svn-id: http://core.svn.wordpress.org/trunk@51677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-09 22:59:58 +00:00
hellofromTonya
2f84a45fdf HTTP API: Introduce 'http_allowed_safe_ports' filter in wp_http_validate_url().
Adds a new filter `'http_allowed_safe_ports'` to control which ports are allowed for remote requests. By default, ports 80, 443, and 8080 are allowed for safe remote requests.

Adds tests. 

Follow-up to [24480].

Props xknown, johnbillion, jorbin, costdev, dd32.
Fixes #54331.
Built from https://develop.svn.wordpress.org/trunk@52084


git-svn-id: http://core.svn.wordpress.org/trunk@51676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-09 22:39:00 +00:00
Sergey Biryukov
897f004a9c General: Replace older-style PHP type conversion functions with type casts.
This improves performance, readability, and consistency throughout core.

* `intval()` → `(int)`
* `strval()` → `(string)`
* `floatval()` → `(float)`

Props ayeshrajans.
Fixes #42918.
Built from https://develop.svn.wordpress.org/trunk@49108


git-svn-id: http://core.svn.wordpress.org/trunk@48870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 21:15:13 +00:00
desrosj
4b60af1a6a General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121


git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00
Sergey Biryukov
b16368c268 Docs: Remove @staticvar tags from core.
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.

Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.

Props alishanvr, jrf.
Fixes #50426.
Built from https://develop.svn.wordpress.org/trunk@48109


git-svn-id: http://core.svn.wordpress.org/trunk@47878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-20 12:40:12 +00:00
Sergey Biryukov
7932193708 Coding Standards: Use strict comparison where static strings are involved.
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47808


git-svn-id: http://core.svn.wordpress.org/trunk@47584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-16 18:42:12 +00:00
Sergey Biryukov
ced8fb20a1 Code Modernization: Remove error suppression from parse_url() calls.
Previously, the `@` operator was used to prevent possible warnings emitted by `parse_url()` in PHP < 5.3.3 when URL parsing failed.

Now that the minimum version of PHP required by WordPress is 5.6.20, this is no longer needed.

Props netpassprodsr, Howdy_McGee.
Fixes #49980. See #24780.
Built from https://develop.svn.wordpress.org/trunk@47617


git-svn-id: http://core.svn.wordpress.org/trunk@47392 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-24 07:28:10 +00:00
Sergey Biryukov
38676936ba Coding Standards: Use strict type check for in_array() and array_search() where strings are involved.
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47550


git-svn-id: http://core.svn.wordpress.org/trunk@47325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-05 03:02:11 +00:00
Sergey Biryukov
641c632b0c Coding Standards: Use Yoda conditions where appropriate.
See #49222.
Built from https://develop.svn.wordpress.org/trunk@47219


git-svn-id: http://core.svn.wordpress.org/trunk@47019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-09 16:55:09 +00:00
Sergey Biryukov
001ffe81fb Docs: Improve inline comments per the documentation standards.
Includes minor code layout fixes for better readability.

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47122


git-svn-id: http://core.svn.wordpress.org/trunk@46922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 00:45:18 +00:00
Sergey Biryukov
2900bb8ea7 Docs: Update links to https://secure.php.net/, they now redirect to https://www.php.net/.
See #48303.
Built from https://develop.svn.wordpress.org/trunk@47088


git-svn-id: http://core.svn.wordpress.org/trunk@46888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-20 03:14:06 +00:00
Sergey Biryukov
dd4d98a368 Docs: In various @return tags, list the expected type first, instead of false.
Follow-up to [46696].

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47060


git-svn-id: http://core.svn.wordpress.org/trunk@46860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-11 18:32:05 +00:00
Sergey Biryukov
3d623995a8 Docs: In various @return tags, list the expected type first, instead of WP_Error.
See #48303.
Built from https://develop.svn.wordpress.org/trunk@46696


git-svn-id: http://core.svn.wordpress.org/trunk@46496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-11-11 02:43:03 +00:00
whyisjake
608d39faed HTTP API: Protect against hex interpretation.
Return earlier from wp_http_validate_url().

Props: iandunn, xknown, voldemortensen, whyisjake.

Built from https://develop.svn.wordpress.org/trunk@46475


git-svn-id: http://core.svn.wordpress.org/trunk@46273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 15:27:04 +00:00
John Blackbourn
41d6b80d03 Docs: Fix and improve inline documentation for the HTTP API.
See #47110

Built from https://develop.svn.wordpress.org/trunk@46468


git-svn-id: http://core.svn.wordpress.org/trunk@46266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-12 18:05:04 +00:00
John Blackbourn
2f46afbc53 Docs: Miscellaneous inline docs corrections and improvements.
See #47110 

Built from https://develop.svn.wordpress.org/trunk@46424


git-svn-id: http://core.svn.wordpress.org/trunk@46222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-07 19:08:06 +00:00
Gary Pendergast
abcbee954f Coding Standards: Fix instances of WordPress.PHP.NoSilencedErrors.Discouraged.
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.

See #46732.

Built from https://develop.svn.wordpress.org/trunk@45611


git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-09 05:45:58 +00:00
Dominik Schilling
8043638596 HTTP: Don't treat localhost as same host by default.
Built from https://develop.svn.wordpress.org/trunk@42894


git-svn-id: http://core.svn.wordpress.org/trunk@42724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 15:00:31 +00:00
John Blackbourn
91464bce65 Docs: Add missing code formatting to various @since entries.
See #42505

Built from https://develop.svn.wordpress.org/trunk@42678


git-svn-id: http://core.svn.wordpress.org/trunk@42506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-09 16:55:31 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Sergey Biryukov
6fa2cea232 Docs: Add @access private entries for _get_component_from_parsed_url_array() and _wp_translate_php_url_constant_to_key().
Props ajayghaghretiya1.
Fixes #41282.
Built from https://develop.svn.wordpress.org/trunk@41573


git-svn-id: http://core.svn.wordpress.org/trunk@41406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-22 22:00:47 +00:00
Drew Jaynes
07f01a2e10 Docs: Replace a variety of http links referenced in inline docs with their https counterparts (where possible).
Props johnpgreen.
Fixes #40732.

Built from https://develop.svn.wordpress.org/trunk@40948


git-svn-id: http://core.svn.wordpress.org/trunk@40798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-25 22:06:41 +00:00
Sergey Biryukov
9f4bbcdb78 Docs: Fix typo in wp_parse_url() and _get_component_from_parsed_url_array() docblocks.
Props naomicbush.
Fixes #40190.
Built from https://develop.svn.wordpress.org/trunk@40299


git-svn-id: http://core.svn.wordpress.org/trunk@40206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-17 19:02:40 +00:00
Jeremy Felt
1560fbcbc5 Multisite: Use get_network() and get_current_network_id() for current network data.
`get_network()` falls back to the current network when called without any arguments. Between this and `get_current_network_id()`, we can replace almost all instances of the global `$current_site` and all instances of `get_current_site()`.

This effectively deprecates `get_current_site()`, something that we'll do in a future ticket.

Props flixos90.
Fixes #37414.

Built from https://develop.svn.wordpress.org/trunk@38814


git-svn-id: http://core.svn.wordpress.org/trunk@38757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-19 04:47:30 +00:00
Dion Hulse
93f7f904ec HTTP: Document that the return value of wp_remote_retrieve_headers() changed from a simple array to an object which implements ArrayAccess.
Props mrahmadawais, sudar, swissspidy.
Fixes #37722

Built from https://develop.svn.wordpress.org/trunk@38730


git-svn-id: http://core.svn.wordpress.org/trunk@38673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-05 03:51:28 +00:00
Peter Wilson
7a52a3aac7 HTTP API: Simplify wp_parse_url() to ensure consistent results.
[38694] revealed some URL formats were been parsed incorrectly, including those used by Google Fonts. This change simplifies the function to use placeholder values which cause PHP's parsing to behave consistently.

Props jrf, peterwilsoncc.
Fixes #36356.

Built from https://develop.svn.wordpress.org/trunk@38726


git-svn-id: http://core.svn.wordpress.org/trunk@38669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-04 20:33:29 +00:00
John Blackbourn
a51267269b HTTP API: Add a $component parameter to wp_parse_url() to give it parity with PHP's parse_url() function.
Fixes #36356
Props jrf

Built from https://develop.svn.wordpress.org/trunk@38694


git-svn-id: http://core.svn.wordpress.org/trunk@38637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-30 21:47:28 +00:00
John Blackbourn
049c36d11f HTTP API: Revert changes to wp_parse_url() while PHP 5.2 errors are investigated.
See #36356

Built from https://develop.svn.wordpress.org/trunk@38456


git-svn-id: http://core.svn.wordpress.org/trunk@38397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 00:24:31 +00:00
John Blackbourn
ebe159a4bc HTTP API: Prevent a fatal error on PHP < 5.4.7 due to changes introduced in [38449].
Fixes #36356

Built from https://develop.svn.wordpress.org/trunk@38450


git-svn-id: http://core.svn.wordpress.org/trunk@38391 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-30 17:16:30 +00:00
John Blackbourn
4fd9ad1ce2 HTTP API: Add a $component parameter to wp_parse_url() to give it parity with PHP's parse_url() function.
Fixes #36356
Props jrf

Built from https://develop.svn.wordpress.org/trunk@38449


git-svn-id: http://core.svn.wordpress.org/trunk@38390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-30 16:36:28 +00:00
Drew Jaynes
d28f1a08ef Docs: Apply inline @see tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37543


git-svn-id: http://core.svn.wordpress.org/trunk@37511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:01:27 +00:00
Ryan McCue
37f6e6813a HTTP API: Replace internals with Requests library.
Requests is a library very similar to WP_HTTP, with a high level of unit test coverage, and has a common lineage and development team. It also supports parallel requests.

See #33055.

Built from https://develop.svn.wordpress.org/trunk@37428


git-svn-id: http://core.svn.wordpress.org/trunk@37394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 04:42:28 +00:00
Dominik Schilling
af9f052087 HTTP: Improve detection of valid IP addresses.
Built from https://develop.svn.wordpress.org/trunk@37115


git-svn-id: http://core.svn.wordpress.org/trunk@37082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 15:38:26 +00:00
Pascal Birchler
c73a812109 HTTP: Avoid an undefined index notice in wp_http_validate_url().
Props perezlabs.
Fixes #34164.
Built from https://develop.svn.wordpress.org/trunk@36870


git-svn-id: http://core.svn.wordpress.org/trunk@36837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-06 15:55:26 +00:00
Dominik Schilling
f65de8ec9f HTTP: 0.1.2.3 is not a valid IP.
Built from https://develop.svn.wordpress.org/trunk@36435


git-svn-id: http://core.svn.wordpress.org/trunk@36402 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 12:55:29 +00:00
Sergey Biryukov
f6cde8e3c5 Docs: Correct return value for is_allowed_http_origin().
Props kraftbj.
Fixes #35607.
Built from https://develop.svn.wordpress.org/trunk@36398


git-svn-id: http://core.svn.wordpress.org/trunk@36365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-26 00:39:26 +00:00
Sergey Biryukov
3f35196e48 Docs: Fix copy/paste error in wp_remote_retrieve_cookies() description.
Props mark8barnes.
Fixes #35157.
Built from https://develop.svn.wordpress.org/trunk@36002


git-svn-id: http://core.svn.wordpress.org/trunk@35967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-18 17:23:29 +00:00
Andrew Nacin
1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
Scott Taylor
dae5923c1d After [34953], unbreak WordPress.
See [34930], #33982.

Built from https://develop.svn.wordpress.org/trunk@34954


git-svn-id: http://core.svn.wordpress.org/trunk@34919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 19:29:25 +00:00
Drew Jaynes
e2038f9150 Docs: Add inline DocBlocks for the require_once() calls that now bring in top-level HTTP API functionality and HTTP API classes.
Classes brought in from separate files now include:
* `WP_Http`
* `WP_Http_Streams`
* `WP_Http_Curl`
* `WP_HTTP_Proxy`
* `WP_Http_Cookie`
* `WP_Http_Encoding`

See #33413. See #32246.

Built from https://develop.svn.wordpress.org/trunk@33882


git-svn-id: http://core.svn.wordpress.org/trunk@33851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 04:36:30 +00:00
Drew Jaynes
69375b243a Docs: Clarify the file header summary for wp-includes/http.php, the top-level file for the HTTP Request API.
See #33413. See #33701.

Built from https://develop.svn.wordpress.org/trunk@33881


git-svn-id: http://core.svn.wordpress.org/trunk@33850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 04:36:08 +00:00
Scott Taylor
7c8c216bec HTTP: move classes into their own files, http.php loads the new files, so this is 100% BC if someone is loading http.php directly. New files created using svn cp.
`class-http.php` requires functions from `http.php`, so loading it by itself wouldn't have worked.

Creates: 
`class-wp-http-cookie.php` 
`class-wp-http-curl.php` 
`class-wp-http-encoding.php` 
`class-wp-http-proxy.php` 
`class-wp-http-streams.php` 
`http-functions.php` 

`WP_Http` remains in `class-http.php`.

`http.php` contains only top-level code. Class files only contain classes. Functions file only contains functions.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@33748


git-svn-id: http://core.svn.wordpress.org/trunk@33716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 03:55:21 +00:00
Scott Taylor
19a3aacc94 Add @static* annotations where they are missing.
Initialize all static vars that are not, most to `null`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32650


git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 15:43:29 +00:00
Scott Taylor
053790537f Cleanup doc blocks in http.php.
In the few functions that used `$objFetchSite` instead of `$http`: use the `$http` naming, which is more civilized.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32599


git-svn-id: http://core.svn.wordpress.org/trunk@32569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-25 17:32:27 +00:00
Scott Taylor
a0df295f5c Improve various @param docs.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30674


git-svn-id: http://core.svn.wordpress.org/trunk@30664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 23:24:25 +00:00
Andrew Nacin
a6103b30f5 Better validation of the URL used in core HTTP requests.
Built from https://develop.svn.wordpress.org/trunk@30443


git-svn-id: http://core.svn.wordpress.org/trunk@30438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 14:01:23 +00:00
John Blackbourn
e2ff1da654 Update the docs for wp_remote_retrieve_response_code(). See #28887.
Built from https://develop.svn.wordpress.org/trunk@29985


git-svn-id: http://core.svn.wordpress.org/trunk@29727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-21 21:13:18 +00:00
Mark Jaquith
e1f2b3b9e2 Use HTTPS URLs for trac.wordpress.org (and use core.trac.wordpress.org)
see #27115
Built from https://develop.svn.wordpress.org/trunk@29789


git-svn-id: http://core.svn.wordpress.org/trunk@29561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-29 13:37:16 +00:00