Commit Graph

726 Commits

Author SHA1 Message Date
desrosj
4b60af1a6a General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121


git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00
Sergey Biryukov
b16368c268 Docs: Remove @staticvar tags from core.
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.

Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.

Props alishanvr, jrf.
Fixes #50426.
Built from https://develop.svn.wordpress.org/trunk@48109


git-svn-id: http://core.svn.wordpress.org/trunk@47878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-20 12:40:12 +00:00
John Blackbourn
1a77bb81d8 Docs: Remove unnecessary variables names from @return tags.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48100


git-svn-id: http://core.svn.wordpress.org/trunk@47869 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-19 22:55:12 +00:00
John Blackbourn
37234874a5 Docs: Misc improvements to inline docs.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48099


git-svn-id: http://core.svn.wordpress.org/trunk@47868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-19 22:28:13 +00:00
Sergey Biryukov
99d49a0cc3 Build/Test Tools: Replace the banner text from wp-emoji-loader.min.js in formatting.php during build process.
This ensures that `/*! This file is auto-generated */` comment is not included on front end as part of the inline Emoji detection script.

Follow-up to [41271], [46589].

Props superpoincare, SergeyBiryukov.
Fixes #49861.
Built from https://develop.svn.wordpress.org/trunk@48096


git-svn-id: http://core.svn.wordpress.org/trunk@47865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-19 22:08:08 +00:00
Pascal Birchler
609dd1d14f Sitemaps: Add XML sitemaps functionality to WordPress.
While web crawlers are able to discover pages from links within the site and from other sites, XML sitemaps supplement this approach by allowing crawlers to quickly and comprehensively identify all URLs included in the sitemap and learn other signals about those URLs using the associated metadata.

See https://make.wordpress.org/core/2020/06/10/merge-announcement-extensible-core-sitemaps/ for more details.

This feature exposes the sitemap index via `/wp-sitemap.xml` and exposes a variety of new filters and hooks for developers to modify the behavior. Users can disable sitemaps completely by turning off search engine visibility in WordPress admin.

This change also introduces a new `esc_xml()` function to escape strings for output in XML, as well as XML support to `wp_kses_normalize_entities()`.

Props Adrian McShane, afragen, adamsilverstein, casiepa, flixos90, garrett-eclipse, joemcgill, kburgoine, kraftbj, milana_cap, pacifika, pbiron, pfefferle, Ruxandra Gradina, swissspidy, szepeviktor, tangrufus, tweetythierry.
Fixes #50117.
See #3670. See #19998.

Built from https://develop.svn.wordpress.org/trunk@48072


git-svn-id: http://core.svn.wordpress.org/trunk@47839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-17 15:24:07 +00:00
desrosj
4cdd79af25 Emoji: Upgrade Twemoji to version 13.0.0.
🥸

Props kraftbj, desrosj, otto42.
Fixes #50148.
Built from https://develop.svn.wordpress.org/trunk@48048


git-svn-id: http://core.svn.wordpress.org/trunk@47815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-15 18:04:26 +00:00
Sergey Biryukov
b9751d4efe Coding Standards: Use strict comparison for count() calls.
See #49542.
Built from https://develop.svn.wordpress.org/trunk@47848


git-svn-id: http://core.svn.wordpress.org/trunk@47624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-23 11:38:08 +00:00
Sergey Biryukov
7932193708 Coding Standards: Use strict comparison where static strings are involved.
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47808


git-svn-id: http://core.svn.wordpress.org/trunk@47584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-16 18:42:12 +00:00
Sergey Biryukov
2517abb4bd Docs: Add a note that the $protocols parameter of esc_url_raw() defaults to return value of wp_allowed_protocols().
This complements already existing note in `esc_url()`.

Props audrasjb.
Fixes #50147.
Built from https://develop.svn.wordpress.org/trunk@47783


git-svn-id: http://core.svn.wordpress.org/trunk@47559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-11 20:34:13 +00:00
whyisjake
fd21a9346c Formatting: Expand sanitize_file_name to have better support for utf8 characters.
Props: xknown, peterwilsoncc.

Built from https://develop.svn.wordpress.org/trunk@47638


git-svn-id: http://core.svn.wordpress.org/trunk@47413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 15:40:07 +00:00
Sergey Biryukov
38676936ba Coding Standards: Use strict type check for in_array() and array_search() where strings are involved.
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47550


git-svn-id: http://core.svn.wordpress.org/trunk@47325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-05 03:02:11 +00:00
John Blackbourn
7004afe4f4 Docs: Various docblock corrections and improvements.
See #49572
Built from https://develop.svn.wordpress.org/trunk@47461


git-svn-id: http://core.svn.wordpress.org/trunk@47248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-03-16 18:40:07 +00:00
Sergey Biryukov
f82fd2c436 Docs: Use more specific type in parameter description for wp_unslash().
Props marekdedic.
See #48303.
Built from https://develop.svn.wordpress.org/trunk@47400


git-svn-id: http://core.svn.wordpress.org/trunk@47187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-03-01 16:26:05 +00:00
Sergey Biryukov
641c632b0c Coding Standards: Use Yoda conditions where appropriate.
See #49222.
Built from https://develop.svn.wordpress.org/trunk@47219


git-svn-id: http://core.svn.wordpress.org/trunk@47019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-09 16:55:09 +00:00
Sergey Biryukov
001ffe81fb Docs: Improve inline comments per the documentation standards.
Includes minor code layout fixes for better readability.

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47122


git-svn-id: http://core.svn.wordpress.org/trunk@46922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 00:45:18 +00:00
Sergey Biryukov
2900bb8ea7 Docs: Update links to https://secure.php.net/, they now redirect to https://www.php.net/.
See #48303.
Built from https://develop.svn.wordpress.org/trunk@47088


git-svn-id: http://core.svn.wordpress.org/trunk@46888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-20 03:14:06 +00:00
Sergey Biryukov
8260786e64 Docs: Clarify descriptions for get_gmt_from_date() and get_date_from_gmt().
Props johnbillion, Rarst.
Fixes #48650.
Built from https://develop.svn.wordpress.org/trunk@46958


git-svn-id: http://core.svn.wordpress.org/trunk@46757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-13 21:45:02 +00:00
whyisjake
317465e2fe Prevent stored XSS in the block editor.
Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.

Props: aduth, epiqueras, 

Built from https://develop.svn.wordpress.org/trunk@46896


git-svn-id: http://core.svn.wordpress.org/trunk@46696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:02:03 +00:00
whyisjake
80eab318eb Prevent stored XSS through wp_targeted_link_rel().
Props: vortfu, whyisjake, peterwilsoncc, xknown,  SergeyBiryukov, flaviozavan.


Built from https://develop.svn.wordpress.org/trunk@46894


git-svn-id: http://core.svn.wordpress.org/trunk@46694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 17:54:02 +00:00
John Blackbourn
f545bb3f63 Docs: Improve documentation of known return types, plus other docs fixes.
See #48303

Built from https://develop.svn.wordpress.org/trunk@46660


git-svn-id: http://core.svn.wordpress.org/trunk@46460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-11-05 21:23:02 +00:00
John Blackbourn
c8f91f77ac Docs: Correct invalid hook docblocks.
See #48303

Built from https://develop.svn.wordpress.org/trunk@46603


git-svn-id: http://core.svn.wordpress.org/trunk@46400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-27 19:11:02 +00:00
John Blackbourn
3caaa40fc6 Docs: Switch more docs over to typed array notation, plus some fixes.
See #48303, #41756

Built from https://develop.svn.wordpress.org/trunk@46596


git-svn-id: http://core.svn.wordpress.org/trunk@46393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-26 21:09:04 +00:00
Sergey Biryukov
ac3ff7eb1a Docs: Improve documentation for wptexturize().
Props atachibana.
Fixes #48397.
Built from https://develop.svn.wordpress.org/trunk@46592


git-svn-id: http://core.svn.wordpress.org/trunk@46389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-26 00:58:04 +00:00
Sergey Biryukov
49007e52bc Build/Test Tools: Add banner to RTL CSS and minified JS files.
Patches occasionally come in on generated files. We should be kind to new contributors and give them a hint that these files are auto-generated.

This is a follow-up to [41271], which added the banner to minified CSS files.

Fixes #48424. See #30666.
Built from https://develop.svn.wordpress.org/trunk@46589


git-svn-id: http://core.svn.wordpress.org/trunk@46386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-26 00:17:07 +00:00
Sergey Biryukov
654c413990 Comments: Add rel="nofollow ugc" attribute when converting plain URLs to <a> tags in comments via make_clickable().
Introduce `make_clickable_rel` filter for the `rel` value that is added to URL matches converted to links.

This is a follow-up to [46349], which added the `rel="nofollow ugc"` attribute to existing `<a>` tags in comments via `wp_rel_ugc()`.

UGC stands for User Generated Content, and the `ugc` attribute value is recommended for links within user generated content, such as comments and forum posts.

See https://webmasters.googleblog.com/2019/09/evolving-nofollow-new-ways-to-identify.html.

Props blogginglife, SergeyBiryukov.
Reviewed by desrosj, audrasjb.
Fixes #48022.
Built from https://develop.svn.wordpress.org/trunk@46564


git-svn-id: http://core.svn.wordpress.org/trunk@46361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-21 20:41:04 +00:00
Peter Wilson
5d6cd13597 Docs: Correct documentation typo in print_emoji_detection_script().
Props itowhid06.
Fixes #48298. See #47110.

Built from https://develop.svn.wordpress.org/trunk@46470


git-svn-id: http://core.svn.wordpress.org/trunk@46268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-13 02:48:01 +00:00
K. Adam White
55560a708f REST API: Do not addslash when receiving meta arrays of non-string values.
Slashing non-string data caused PUT requests containing unmodified meta arrays of integers to fail the check against the existing stored meta value, causing a 500 when posting an unmodified response body back to the server.

Props TimothyBlynJacobs, augustuswm.
Fixes #48264.

Built from https://develop.svn.wordpress.org/trunk@46454


git-svn-id: http://core.svn.wordpress.org/trunk@46252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-09 17:36:01 +00:00
Sergey Biryukov
8d1e51e9c7 Docs: Add a @since note about new parameters with the spread operator added to function signatures.
Props jrf.
See #47678.
Built from https://develop.svn.wordpress.org/trunk@46451


git-svn-id: http://core.svn.wordpress.org/trunk@46249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-09 04:28:02 +00:00
Aaron Jorbin
0e21d32900 Build/Test: Bump devDependencies for WordPress 5.3
This upgrades a number of devDependencies.  Some of these include changes to how the tasks are configured.

Uglify: There are deprecated options from 2.x to 4.x, see: https://github.com/gruntjs/grunt-contrib-uglify#options

Autoprefixer: Browserslist now warns when passing in the browser list, so that is put into package.json

As with most changes to uglify, this changes every minified JS file.

Fixes #48203.



Built from https://develop.svn.wordpress.org/trunk@46408


git-svn-id: http://core.svn.wordpress.org/trunk@46206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-05 19:49:10 +00:00
Sergey Biryukov
f1e54593f0 Comments: Remove a one-time variable in wp_rel_nofollow() and wp_rel_ugc().
See #48022.
Built from https://develop.svn.wordpress.org/trunk@46396


git-svn-id: http://core.svn.wordpress.org/trunk@46195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-05 00:56:57 +00:00
Sergey Biryukov
2afdc64723 Comments: Add rel="nofollow ugc" attribute to links in comments.
UGC stands for User Generated Content, and the `ugc` attribute value is recommended for links within user generated content, such as comments and forum posts.

See https://webmasters.googleblog.com/2019/09/evolving-nofollow-new-ways-to-identify.html.

Props audrasjb, joostdevalk, dkarfa, SergeyBiryukov.
Fixes #48022.
Built from https://develop.svn.wordpress.org/trunk@46349


git-svn-id: http://core.svn.wordpress.org/trunk@46148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-30 01:30:58 +00:00
John Blackbourn
e36d1bcbd8 Docs: Docblock corrections and improvements, mostly related to various pre_* filters.
See #47110

Built from https://develop.svn.wordpress.org/trunk@46232


git-svn-id: http://core.svn.wordpress.org/trunk@46044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-21 17:41:57 +00:00
Sergey Biryukov
eb3f420848 Code Modernization: Remove all code using a version_compare() with a PHP version older than PHP 5.6.
Props jrf.
Fixes #48074.
Built from https://develop.svn.wordpress.org/trunk@46214


git-svn-id: http://core.svn.wordpress.org/trunk@46026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-20 22:02:57 +00:00
Sergey Biryukov
252628652e Script Loader: Introduce HTML5 support for scripts and styles.
When a theme declares HTML5 support for script and styles via `add_theme_support( 'html5', array( 'script', 'style' ) )`, the `type="text/javascript"` and `type="text/css"` attributes are omitted.

These attributes are unnecessary in HTML5 and cause warnings in the W3C Markup Validation Service.

Props sasiddiqui, swissspidy, knutsp, SergeyBiryukov.
See #42804.
Built from https://develop.svn.wordpress.org/trunk@46164


git-svn-id: http://core.svn.wordpress.org/trunk@45976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-18 14:50:56 +00:00
Sergey Biryukov
6a039a5731 Code Modernisation: Introduce the spread operator in wp-includes/formatting.php.
Rather than relying `func_get_args()` to retrieve arbitrary function arguments, we can now use the spread operator to assign them directly to a variable.

Props jrf.
See #47678.
Built from https://develop.svn.wordpress.org/trunk@46128


git-svn-id: http://core.svn.wordpress.org/trunk@45940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-15 11:06:55 +00:00
Aaron Jorbin
dd3ad3ac51 GENERAL: Remove magic quote functions
The path to magic quote sanity took a fun and exciting turn: PHP core removed it and WordPress updated the minimum version.

For the formally external pclzip, the code is commented out to make investigating easier and in case we ever need to merge upstream (if that still exists) changes.

Props ayeshrajans, jrf, jorbin.
See #47783.
Fixes #18322.

Built from https://develop.svn.wordpress.org/trunk@46105


git-svn-id: http://core.svn.wordpress.org/trunk@45917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-13 22:21:01 +00:00
Sergey Biryukov
62b22b86a7 Improve handling the existing rel attribute in wp_rel_nofollow_callback().
Props xknown, sstoqnov.
Built from https://develop.svn.wordpress.org/trunk@45990


git-svn-id: http://core.svn.wordpress.org/trunk@45801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 17:37:55 +00:00
Sergey Biryukov
e199663322 I18N: Capitalize translator comments consistently, add trailing punctuation.
Includes minor code layout fixes.

See #44360.
Built from https://develop.svn.wordpress.org/trunk@45932


git-svn-id: http://core.svn.wordpress.org/trunk@45743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-03 00:41:05 +00:00
Felix Arntz
4089fad5fb Formatting: Improve accuracy of force_balance_tags() and add support for custom element tags.
This changeset includes a major iteration on the regular expression used to balance tags, with comprehensive test coverage to ensure that all scenarios are supported or unsupported as expected.

Props dmsnell, westonruter, birgire.
Fixes #47014.

Built from https://develop.svn.wordpress.org/trunk@45929


git-svn-id: http://core.svn.wordpress.org/trunk@45740 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-02 10:25:56 +00:00
Sergey Biryukov
9672302e04 Date/Time: Rewrite and simplify get_gmt_from_date(), get_date_from_gmt(), and iso8601_to_datetime() using wp_timezone().
Improve unit test coverage.

Props Rarst, goodevilgenius.
Fixes #31809.
Built from https://develop.svn.wordpress.org/trunk@45887


git-svn-id: http://core.svn.wordpress.org/trunk@45698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-23 11:03:56 +00:00
Sergey Biryukov
c03a0bea8d Posts, Post Types: In wp_trim_words() make sure the $num_words parameter is always an integer, as documented, to avoid a PHP warning.
Props donmhico, pikamander2.
Fixes #47867.
Built from https://develop.svn.wordpress.org/trunk@45796


git-svn-id: http://core.svn.wordpress.org/trunk@45607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-14 17:18:55 +00:00
Gary Pendergast
638bae9392 Emoji: Upgrade Twemoji to 12.1.2.
This upgrade adds support for the transgender flag: 🏳️‍⚧️

There's some additional housekeeping in this commit:

- Twemoji recently rearranged their repository and package, so `Gruntfile.js` needed tweaking to allow for that.
- As only new files were added in this Twemoji release, the CDN version didn't need updating.

Fixes #47852.


Built from https://develop.svn.wordpress.org/trunk@45769


git-svn-id: http://core.svn.wordpress.org/trunk@45580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-08 04:05:55 +00:00
Sergey Biryukov
fec01b0685 Docs: Correct parameter type and description for is_email filter.
Props jenkoian.
Fixes #47793.
Built from https://develop.svn.wordpress.org/trunk@45703


git-svn-id: http://core.svn.wordpress.org/trunk@45514 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-31 01:26:54 +00:00
Sergey Biryukov
a186dbcb65 I18N: Update translator comments after [45674].
See #47771.
Built from https://develop.svn.wordpress.org/trunk@45676


git-svn-id: http://core.svn.wordpress.org/trunk@45487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-25 22:52:56 +00:00
Sergey Biryukov
8e85299a00 General: First pass at replacing Codex URLs with a corresponding HelpHub or DevHub article.
Props ianbelanger, tobifjellner, SergeyBiryukov.
See #47771.
Built from https://develop.svn.wordpress.org/trunk@45674


git-svn-id: http://core.svn.wordpress.org/trunk@45485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-25 22:45:57 +00:00
Gary Pendergast
abcbee954f Coding Standards: Fix instances of WordPress.PHP.NoSilencedErrors.Discouraged.
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.

See #46732.

Built from https://develop.svn.wordpress.org/trunk@45611


git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-09 05:45:58 +00:00
Gary Pendergast
87675d288b Coding Standards: Fix all WordPress.WhiteSpace.PrecisionAlignment issues.
See #47632.


Built from https://develop.svn.wordpress.org/trunk@45602


git-svn-id: http://core.svn.wordpress.org/trunk@45413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-05 05:21:56 +00:00
Gary Pendergast
4803fc405e Coding Standards: Fix the Squiz.PHP.DisallowMultipleAssignments violations in wp-includes.
See #47632.


Built from https://develop.svn.wordpress.org/trunk@45590


git-svn-id: http://core.svn.wordpress.org/trunk@45401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-02 23:42:58 +00:00
Gary Pendergast
55b2d94cca Formatting: Revert the changes to wpautop() in [45585,45587].
See #27350.

Built from https://develop.svn.wordpress.org/trunk@45589


git-svn-id: http://core.svn.wordpress.org/trunk@45400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-02 11:22:56 +00:00