When `noopener noreferrer` was originally added in #37941 and related tickets, the `noreferrer` bit was specifically included due to Firefox not supporting `noopener` at the time.
Since `noopener` has been supported by all major browsers for a while, it should now be safe to remove the `noreferrer` attribute from core.
Props Mista-Flo, audrasjb, joostdevalk, jonoaldersonwp, peterwilsoncc, elgameel.
Fixes#49558.
Built from https://develop.svn.wordpress.org/trunk@49215
git-svn-id: http://core.svn.wordpress.org/trunk@48977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `do_all_pingbacks()`
* `do_all_enclosures()`
* `do_all_trackbacks()`
This allows for the specific removal/replacement of one of more services.
Props dshanske, garrett-eclipse, Mista-Flo, azaozz, hellofromTonya.
Fixes#36576.
Built from https://develop.svn.wordpress.org/trunk@49211
git-svn-id: http://core.svn.wordpress.org/trunk@48973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.
This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast
In part, this is a follow-up to #47746.
Props jrf.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@49193
git-svn-id: http://core.svn.wordpress.org/trunk@48955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The action fires immediately after transitioning a comment's status from one to another in the database and removing the comment from the object cache, but prior to all status transition hooks.
Props davidbaumwald, henry.wright.
Fixes#51481.
Built from https://develop.svn.wordpress.org/trunk@49111
git-svn-id: http://core.svn.wordpress.org/trunk@48873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a PHP 8 "argument must be passed by reference, value given" error when using `array_map( 'get_comment', ... )`.
Object variables in PHP 5+ contain a reference to the object, and it's the reference that's passed around.
Note: This reverts [48838], which is now redundant.
Follow-up to a similar change for `get_post()` in [21572].
See #50913.
Built from https://develop.svn.wordpress.org/trunk@48961
git-svn-id: http://core.svn.wordpress.org/trunk@48723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that comment object cache is cleared after changing the comment type to `comment` instead of an empty string.
Add a unit test for `_wp_batch_update_comment_type()`.
Follow-up to [47597], [47626], [48225], [48227].
Props imath, westonruter.
Fixes#49236.
Built from https://develop.svn.wordpress.org/trunk@48748
git-svn-id: http://core.svn.wordpress.org/trunk@48510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are two pieces in here:
1) The update to change blacklist to blocklist is moved to disallowed_list. "Block" has a meaning in our code, and there could be ambiguity between this code and code related to blocks.
2) This improves backwards compatibility for code that was accessing the now deprecated code.
Previously: [48477], [48405], [48400], [48121], [48122], [48124], [48142], [48566]
Props: desrosj, SergeyBiryukov, johnjamesjacoby
Fixes: #50413
Built from https://develop.svn.wordpress.org/trunk@48575
git-svn-id: http://core.svn.wordpress.org/trunk@48337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This addresses an inconsistency where 0 could mean one of the three scenarios:
* Invalid comment ID.
* Invalid comment post ID.
* No DB rows updated. This is not an error and should not be treated as one.
With this change, `wp_update_comment()` always returns either `false` or a `WP_Error` object on failure, depending on the value of the `$wp_error` parameter.
Follow-up to [48154], [48215], [48216], [48218], [48230].
Props dd32, jnylen0, enrico.sorcinelli.
Fixes#39732. See #38700, #39735.
Built from https://develop.svn.wordpress.org/trunk@48235
git-svn-id: http://core.svn.wordpress.org/trunk@48004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the ability to short-circuit comment update by returning `false` from the filter for now.
This was inconsistent with the `pre_comment_approved` filter, and should not be necessary if a more descriptive reason can be given by always using `WP_Error`.
See #39732.
Built from https://develop.svn.wordpress.org/trunk@48230
git-svn-id: http://core.svn.wordpress.org/trunk@47999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Revert the logic of `$wp_error` checks to avoid negation.
* Clarify the return value, restore the edits from [47017].
* Update `wp_update_comment_data` filter check to allow `false` to prevent the update.
Follow-up to [48154].
See #39732.
Built from https://develop.svn.wordpress.org/trunk@48215
git-svn-id: http://core.svn.wordpress.org/trunk@47984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This makes the function signatures more consistent with `wp_update_comment()` and `wp_set_comment_status()`.
`wp_check_comment_flood()` is left as the only function with the `$avoid_die` parameter for now, as it does not return a `WP_Error` object.
Follow-up to [48154], [48207].
See #39732.
Built from https://develop.svn.wordpress.org/trunk@48208
git-svn-id: http://core.svn.wordpress.org/trunk@47977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filter is the callback function added with `add_filter()`, therefore the hook passes a value to the filter, and the filter returns a value to change its behaviour.
The documentation is referring to the latter.
Props johnbillion.
See #49572, #16557.
Built from https://develop.svn.wordpress.org/trunk@48185
git-svn-id: http://core.svn.wordpress.org/trunk@47954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `wp_update_comment_data` filter introduced in 4.7 allows comment data to be filtered before it is updated in the database.
The patch aims to handle `WP_Error` as the filter above return value in a similar manner as is done for `wp_new_comment()`.
Fixes#39732.
Props: enricosorcinelli, swissspidy, gkloveweb, jnylen0, jbpaul17, afercia, SergeyBiryukov, audrasjb, imath, davidbaumwald.
Built from https://develop.svn.wordpress.org/trunk@48154
git-svn-id: http://core.svn.wordpress.org/trunk@47923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes#50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48115
git-svn-id: http://core.svn.wordpress.org/trunk@47884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.
Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.
Props alishanvr, jrf.
Fixes#50426.
Built from https://develop.svn.wordpress.org/trunk@48109
git-svn-id: http://core.svn.wordpress.org/trunk@47878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For a number of years, most of the WordPress error messages have been prefixed with "Error:". However, these messages appear in a context where it's already clear an error occurred. Whether it's an error, a warning, or any other classification, that's not so relevant for users. The content of the message is the relevant part. The "Error:" prefix doesn't add great value while it does add unnecessary complexity for the message readability.
Also, revises some of these messages to improve clarity and removes HTML from translatable strings.
Props garrett-eclipse, ramiy, SergeyBiryukov, afercia, sabernhardt, quadthemes, audrasjb.
See #47003, #43037, #42945, #15887.
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48059
git-svn-id: http://core.svn.wordpress.org/trunk@47826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the `@` operator was used to prevent possible warnings emitted by `parse_url()` in PHP < 5.3.3 when URL parsing failed.
Now that the minimum version of PHP required by WordPress is 5.6.20, this is no longer needed.
Props netpassprodsr, Howdy_McGee.
Fixes#49980. See #24780.
Built from https://develop.svn.wordpress.org/trunk@47617
git-svn-id: http://core.svn.wordpress.org/trunk@47392 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the first step to bring support for custom comment types into WordPress.
Add a scheduled upgrade routine to update the type value for existing comments, in batches of 100 at a time.
Props imath, aaroncampbell, jeremyfelt, dshanske.
Fixes#49236.
Built from https://develop.svn.wordpress.org/trunk@47597
git-svn-id: http://core.svn.wordpress.org/trunk@47372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
Built from https://develop.svn.wordpress.org/trunk@47198
git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the direct SQL query used to identify trackbacks in
`do_all_pings()` performed poorly, due to an unindexed query against the
`to_ping` column. We improve performance in two ways. First, we switch
to using a postmeta flag for posts that require trackbacks to be sent;
queries joining against the postmeta table that check only the `meta_key`
are generally quite fast. Second, we switch to the use of `WP_Query`,
making the query cacheable and filterable using standard methods.
Props dshanske, spacedmonkey, janw.oostendorp, mrmadhat, birgire.
Fixes#36824.
Built from https://develop.svn.wordpress.org/trunk@46178
git-svn-id: http://core.svn.wordpress.org/trunk@45990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removing the direct SQL query in `do_all_pings()` improves filterability.
As part of this change, the signature of `do_enclose()` is changed so that
a null `$content` parameter can be passed, with the `$content` then inferred
from the `$post` passed in the second parameter. In addition, the second
parameter was modified so that a post ID or a `WP_Post` object can be
provided. These changes make it possible to trigger enclosure checks with
a post ID alone (as in `do_all_pings()`) and also brings the function
signature in line with `do_trackbacks()` and `pingback()`.
Props dshanske, spacedmonkey, janw.oostendorp, mrmadhat, birgire.
See #36824.
Built from https://develop.svn.wordpress.org/trunk@46175
git-svn-id: http://core.svn.wordpress.org/trunk@45987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.
See #46732.
Built from https://develop.svn.wordpress.org/trunk@45611
git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use of `date()` in core depends on PHP timezone set to UTC and not changed by third party code (which cannot be guaranteed).
`gmdate()` is functionally equivalent, but is not affected by PHP timezone setting: it's always UTC, which is the exact behavior the core needs.
Props nielsdeblaauw, Rarst.
Fixes#46438. See #44491.
Built from https://develop.svn.wordpress.org/trunk@45424
git-svn-id: http://core.svn.wordpress.org/trunk@45235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The "Your comment is awaiting moderation." message relied upon the comment author cookie being set. However, since it's now possible to opt-out of that cookie, submitting a comment won't show the comment preview when the comment is placed in moderation.
To avoid this issue, we now include a hash in the redirect URL, allowing the site to identify that a preview of the moderated comment should be displayed.
Props imath, tomdxw, birgire, lakenh, azaozz, pento.
Fixes#43857.
Built from https://develop.svn.wordpress.org/trunk@44659
git-svn-id: http://core.svn.wordpress.org/trunk@44490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Object type-specific actions that should happen before or after modification of metadata have so far been part of the respective wrapper functions. By using action and filter hooks, this changeset ensures they are always executed, even when calling the lower-level Meta API functions directly, which the REST API does as a prime example.
Merges [43729] to trunk.
Props flixos90, spacedmonkey.
Fixes#44467.
Built from https://develop.svn.wordpress.org/trunk@43982
git-svn-id: http://core.svn.wordpress.org/trunk@43814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.
Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.
Props desrosj, allendav, ocean90.
Fixes#43931.
Built from https://develop.svn.wordpress.org/trunk@43154
git-svn-id: http://core.svn.wordpress.org/trunk@42983 1a063a9b-81f0-0310-95a4-ce76da25c4cd