Per [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#writing-include-require-statements WordPress PHP coding standards], it is ''strongly recommended'' to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found.
Follow-up to [1674], [1812], [1964], [6779], [8540], [10521], [11005], [11911], [16065], [16149], [25421], [25466], [25823], [37714], [42981], [45448], [47198], [54276], [55633].
Props kausaralm, SergeyBiryukov.
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55641
git-svn-id: http://core.svn.wordpress.org/trunk@55153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `ftp_nlist()` receives an empty path, it checks the current working directory and may return `true`.
This affects:
* `WP_Filesystem_FTPext::exists()`
* `WP_Filesystem_ftpsockets::exists()`
As the purpose of the API is to provide a consistent interface for various filesystem implementations, this commit updates the affected methods to returns `false` when an empty path is provided, bringing consistency with the other filesystem abstraction classes, specifically `WP_Filesystem_Direct` and `WP_Filesystem_SSH2`.
Follow-up to [6779], [11821], [25274], [31815].
Props mkox, costdev, Zdrobau, dd32, pbiron, azaozz, mukesh27, SergeyBiryukov.
Fixes#33058.
Built from https://develop.svn.wordpress.org/trunk@55556
git-svn-id: http://core.svn.wordpress.org/trunk@55068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This partially reverts [53860] and [53862], which refactored the `exists()` method to rely on `ftp_rawlist()` instead of `ftp_nlist()`.
[53860] makes a similar attempt to the ones made in [33648] and [34733] (which were also reverted in [35944]). Being compliant with the specifications while continuing to work without issue for all FTP servers continues seem impossible. These little ghosts are the ones we’re scared of the most.
Props jsh4, afragen, costdev, pkolenbr, SergeyBiryukov, dd32, peterwilsoncc, gamecreature, desrosj.
Fixes#56966.
See #51170, #28013.
Built from https://develop.svn.wordpress.org/trunk@54815
git-svn-id: http://core.svn.wordpress.org/trunk@54367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `WP_Filesystem_FTPext::exists()`
* `WP_Filesystem_FTPext::size()`
* `WP_Filesystem_ftpsockets::exists()`
The `::exists()` methods were previously using the FTP `NLST` command, which works for directories, but is not intended to be applied to a file. This only worked most of the time due to many FTP servers being permissive and allowing to execute `NLST` on files, which cannot be guaranteed and appears to not be the case in newer versions of Pure-FTPd (1.0.48 or later).
With a recent change in [53860], both methods were updated for compatibility with RFC 959:
* Both methods check if the path is a directory that can be changed into (and therefore exists).
* `WP_Filesystem_FTPext` uses `ftp_rawlist()` (FTP `LIST` command) to check for file existence.
* `WP_Filesystem_ftpsockets` uses file size to check for file existence.
Reference: [https://www.ietf.org/rfc/rfc959.txt RFC 959: File Transfer Protocol (FTP)]
Follow-up to [6779], [11821], [25274], [33648], [34733], [35944], [35946], [53860].
See #51170.
Built from https://develop.svn.wordpress.org/trunk@53862
git-svn-id: http://core.svn.wordpress.org/trunk@53421 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress FTP file checking was previously based upon `ftp_nlist()`. This function can be problematic at scale with a directory containing a large number of files. The same issue occurred using it with ftpsockets.
This changeset rewrites the FTP `exists()` functions to utilize a more efficient and stable check.
Props giox069, desrosj, mkox, afragen, costdev, pbiron, peterwilsoncc.
Fixes#51170.
See #53318, #39781.
Built from https://develop.svn.wordpress.org/trunk@53860
git-svn-id: http://core.svn.wordpress.org/trunk@53419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
Built from https://develop.svn.wordpress.org/trunk@47198
git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
Built from https://develop.svn.wordpress.org/trunk@45926
git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.
See #46732.
Built from https://develop.svn.wordpress.org/trunk@45611
git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.
See #41452.
Built from https://develop.svn.wordpress.org/trunk@41161
git-svn-id: http://core.svn.wordpress.org/trunk@41001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.
The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php
We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php
When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.
The future is now.
See #36335.
Built from https://develop.svn.wordpress.org/trunk@38399
git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`LIST` & `NLST` by default on some servers require the `-a` flag to view hidden files (ie. `.maintenance`)
Although we could simply pass the `-a` flag to `NLST`, opting to use `LIST` which we use elsewhere should mean less chance of server incompatibilities.
Props jcroucher.
Fixes#28013.
Built from https://develop.svn.wordpress.org/trunk@33648
git-svn-id: http://core.svn.wordpress.org/trunk@33615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Both methods are using *nlist() which returns a list of files in a given directory or the file itself for a given file. If the result was an empty list we assumed that the file doesn't exists. This includes also cases where $file is actually an empty directory. To prevent this we now check if $file is a directory before returning the result of an empty list.
Other filesystem methods are using `file_exists()` which already checks whether a file or directory exists.
fixes#30815.
Built from https://develop.svn.wordpress.org/trunk@31815
git-svn-id: http://core.svn.wordpress.org/trunk@31797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
