In #50824 support was added for a package to include a disable_autoupdate flag to indicate that the plugin/theme should not be auto-updated even if a user had opted-in via the WP-Admin UI. However, the logic implementing the flag was inverted.
This commit repairs the logic. If a package has disable_autoupdate set, then it should not be auto-updated.
Props amisiewicz.
Fixes#52796.
Built from https://develop.svn.wordpress.org/trunk@58285
git-svn-id: http://core.svn.wordpress.org/trunk@57745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This builds on the temporary backup system introduced in 6.3 to allow automatic updates to benefit from fatal error protection. A loopback request is performed to the home page of the site and the plugin is rolled back to its backed up version if a fatal error is observed.
For debugging and observability during beta, this change includes several calls to `error_log()` during the upgrade and rollback stages. These calls can be removed or placed behind a flag once we're ready for RC1.
Props costdev, johnbillion, mukesh27, afragen, audrasjb, justlevine, kirasong, peterwilsoncc
Fixes#58281
Built from https://develop.svn.wordpress.org/trunk@58128
git-svn-id: http://core.svn.wordpress.org/trunk@57593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids an `Undefined variable $checkout` PHP warning if all of the directories checked for access are disallowed due to the PHP `open_basedir` restrictions.
Follow-up to [55425].
Props jqz, costdev, audrasjb.
Fixes#58563.
Built from https://develop.svn.wordpress.org/trunk@56124
git-svn-id: http://core.svn.wordpress.org/trunk@55636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
Built from https://develop.svn.wordpress.org/trunk@55988
git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As part of determining whether to perform automatic updates, WordPress checks if it is running within a version-controlled environment, recursively looking up the filesystem to the top of the drive, looking for a Subversion, Git, Mercurial, or Bazaar directory, erring on the side of detecting a VCS checkout somewhere.
This commit avoids a PHP warning if the `open_basedir` directive is in use and any of the directories checked in the process are not allowed:
{{{
is_dir(): open_basedir restriction in effect. File(/.git) is not within the allowed path(s)
}}}
Follow-up to [25421], [25700], [25764], [25835], [25859].
Props costdev, markjaquith, meyegui, dd32, arnolp, robin-labadie, hellofromTonya, afragen, pbiron, SergeyBiryukov.
Fixes#42619.
Built from https://develop.svn.wordpress.org/trunk@55425
git-svn-id: http://core.svn.wordpress.org/trunk@54958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset fixes encoding issues in background update emails by applying `html_entity_decode()` on Plugin/Theme names in `send_plugin_theme_email()`.
Props paulschreiber, audrasjb, benjgrolleau, sanketchodavadiya, robinwpdeveloper, paulamit.
Fixes#56964.
Built from https://develop.svn.wordpress.org/trunk@55411
git-svn-id: http://core.svn.wordpress.org/trunk@54944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For each automatic plugin update, both successful and failed, information about each plugin is included in the email upon completion of the process. This change adds the plugin URL, if known, to the information included for each plugin that was processed.
This change also adds unit tests to validate the email contents after various automatic plugin update scenarios.
Props JosVelasco, pbiron, oliverstapelfeldt, ChrisHardie, Ipstenu, dd32, peterwilsoncc, audrasjb, costdev.
Fixes#53049.
Built from https://develop.svn.wordpress.org/trunk@54212
git-svn-id: http://core.svn.wordpress.org/trunk@53771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes some admin-area, user-facing text, to better match the guidelines and recommendations set forth in the make/core handbook, specifically:
> the word “we” should be avoided (...) unless its made very clear which group is speaking
Follow-up to [51979], [53131], [53132], [53148], [53156].
Props kebbet, costdev, SergeyBiryukov.
Fixes#55758.
See #46057.
Built from https://develop.svn.wordpress.org/trunk@54200
git-svn-id: http://core.svn.wordpress.org/trunk@53759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0.
There are a number of ways to mitigate this:
* If it is an accidental typo for a declared property: fix the typo.
* For known properties: declare them on the class.
* For unknown properties: add the magic `__get()`, `__set()`, et al. methods to the class or let the class extend `stdClass` which has highly optimized versions of these magic methods built in.
* For unknown ''use'' of dynamic properties, the `#[AllowDynamicProperties]` attribute can be added to the class. The attribute will automatically be inherited by child classes.
Trac ticket #56034 is open to investigate and handle the third and fourth type of situations, however it has become clear this will need more time and will not be ready in time for WP 6.1.
To reduce “noise” in the meantime, both in the error logs of WP users moving onto PHP 8.2, in the test run logs of WP itself, in test runs of plugins and themes, as well as to prevent duplicate tickets from being opened for the same issue, this commit adds the `#[AllowDynamicProperties]` attribute to all “parent” classes in WP.
The logic used for this commit is as follows:
* If a class already has the attribute: no action needed.
* If a class does not `extend`: add the attribute.
* If a class does `extend`:
- If it extends `stdClass`: no action needed (as `stdClass` supports dynamic properties).
- If it extends a PHP native class: add the attribute.
- If it extends a class from one of WP's external dependencies: add the attribute.
* In all other cases: no action — the attribute should not be needed as child classes inherit from the parent.
Whether or not a class contains magic methods has not been taken into account, as a review of the currently existing magic methods has shown that those are generally not sturdy enough and often even set dynamic properties (which they should not). See the [https://www.youtube.com/watch?v=vDZWepDQQVE live stream from August 16, 2022] for more details.
This commit only affects classes in the `src` directory of WordPress core.
* Tests should not get this attribute, but should be fixed to not use dynamic properties instead. Patches for this are already being committed under ticket #56033.
* While a number bundled themes (2014, 2019, 2020, 2021) contain classes, they are not a part of this commit and may be updated separately.
Reference: [https://wiki.php.net/rfc/deprecate_dynamic_properties PHP RFC: Deprecate dynamic properties].
Follow-up to [53922].
Props jrf, hellofromTonya, markjaquith, peterwilsoncc, costdev, knutsp, aristath.
See #56513, #56034.
Built from https://develop.svn.wordpress.org/trunk@54133
git-svn-id: http://core.svn.wordpress.org/trunk@53692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`phpversion()` return value and `PHP_VERSION` constant value are identical, but the latter is several times faster because it is a direct constant value lookup compared to a function call.
Props ayeshrajans, jrf, mukesh27, costdev, hellofromTonya, SergeyBiryukov.
Fixes#55680.
Built from https://develop.svn.wordpress.org/trunk@53426
git-svn-id: http://core.svn.wordpress.org/trunk@53015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes updates many strings to remove self-references to an undefined "we" collective across the WordPress Administration.
The goal of this change is to better match the guidelines and recommendations set forth in the make/core handbook, specifically:
> the word "we" should be avoided (…) unless its made very clear which group is speaking.
Props johnbillion, shital-patel, audrasjb, marybaum, SergeyBiryukov, peterwilsoncc, johnjamesjacoby, kebbet, costdev, chaion07, davidbaumwald.
Fixes#46057.
Built from https://develop.svn.wordpress.org/trunk@53131
git-svn-id: http://core.svn.wordpress.org/trunk@52720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
During automatic core upgrades, if installation results in a `WP_Error`, the `error` method is called on the skin with the details. However, in this case, two parameters are passed to `$skin->error`, but only one is accepted. This change passes only the running `WP_Error` instance as the sole parameter to `$skin->error`.
Also, this change adds an additional error to `$upgrade_result` before finally being passed to `$skin->error`, indicating that the installation failed. This adds additional context to the failure.
Props desrosj, sainthkh, devutpol, SergeyBiryukov.
Fixes#53284.
Built from https://develop.svn.wordpress.org/trunk@52539
git-svn-id: http://core.svn.wordpress.org/trunk@52129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the filter documentation for `auto_update_{$type}` to account for the changes to default auto-update behaviors made in WordPress 5.6.
Starting in WordPress 5.6, all new installs auto-update major versions by default.
Props felipeloureirosantos, audrasjb, marybaum, davidbaumwald.
Fixes#53330.
Built from https://develop.svn.wordpress.org/trunk@52214
git-svn-id: http://core.svn.wordpress.org/trunk@51806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds an additional parameter to the `auto_plugin_update_send_email` and `auto_theme_update_send_email` filters to provide the additional context of which updates were attempted and their outcome. This will help plugin and theme auto-update emails to be better tailored to a site owner’s liking.
Props audrasjb, Paddy Landau, desrosj.
Fixes#50988.
Built from https://develop.svn.wordpress.org/trunk@48888
git-svn-id: http://core.svn.wordpress.org/trunk@48650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As auto-updates are rolled out across WordPress.org, the API response can modulate the response, ensuring that a rolled out could be stalled or staggered if needed for security or performance reasons.
Fixes#50824.
Props dd32, whyisjake, SergeyBiryukov.
Built from https://develop.svn.wordpress.org/trunk@48701
git-svn-id: http://core.svn.wordpress.org/trunk@48463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change adds a throttle mechanism to plugin and theme auto-update failure emails using similar logic to the email sent for a Core auto-update.
The first time a plugin or theme auto-update fails, the package and `new_version` will be tracked in the `auto_plugin_theme_update_emails` option. An email for this specific update attempt will not be resent.
However, if this update fails again and non-repeat failures or successful updates are also present, then the failure information will be included in that email (an email needs to be sent for the new events regardless).
Props johnbillion, arpitgshah, desrosj, audrasjb, pbiron, earnjam.
Fixes#50448.
Built from https://develop.svn.wordpress.org/trunk@48397
git-svn-id: http://core.svn.wordpress.org/trunk@48166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This makes several improvements to the emails sent to site admins when plugin and theme auto-updates are attempted.
- Emails are now specifically tailored to the three results (success, failed, or mixed).
- Subject lines and body copy for mixed and failed results now correctly convey the importance of double checking the site in question.
- The site’s URL is now included in all emails.
- When failures occur, links to the Plugins and/or Themes pages in the admin are now included so that site owners can easily take action.
Props audrasjb, desrosj, azaozz, garrett-eclipse, paaljoachim, johnbillion, marybaum, pbiron.
Follow up to [47835].
See #50052.
Fixes#50268.
Built from https://develop.svn.wordpress.org/trunk@48123
git-svn-id: http://core.svn.wordpress.org/trunk@47892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* send_theme_auto_update_email 👉 auto_theme_update_send_email
* wp_plugins_auto_update_enabled 👉 plugins_auto_update_enabled
* wp_themes_auto_update_enabled 👉 themes_auto_update_enabled
Want to make sure that @ronalfy gets props for his work in #50052 too.
See #50052.
Props: ronalfy, pbiron, azaozz, audrasjb, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@47857
git-svn-id: http://core.svn.wordpress.org/trunk@47633 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Building on core update mechanisms, this adds the ability to enable automatic updates for themes and plugins to the WordPress admin.
Fixes: #50052.
Props: afercia, afragen, audrasjb, azaozz, bookdude13, davidperonne, desrosj, gmays, gmays, javiercasares, karmatosed, knutsp, mapk, mukesh27, netweb, nicolaskulka, nielsdeblaauw, paaljoachim, passoniate, pbiron, pedromendonca, whodunitagency, whyisjake, wpamitkumar, and xkon.
Built from https://develop.svn.wordpress.org/trunk@47835
git-svn-id: http://core.svn.wordpress.org/trunk@47611 1a063a9b-81f0-0310-95a4-ce76da25c4cd