Commit Graph

646 Commits

Author SHA1 Message Date
dmsnell
8269c3fcd6 Users: Avoid ambiguous password reset URLs for usernames ending in a period.
When WordPress sends out a password-reset or new-user email, it generates
a link for someone to follow in order to take them to the reset page. If
the user login name ends in a period, however, that generated URL will
end in a period and many email clients will confuse it with a
sentence-ending period instead of being part of the query arguments.

In this patch, the generated URL's query argument are rearranged so that
the link will never end in a period. Alternative ideas were explored to
create a new function to escape URL-ending periods, but this patch resolves
the reported problem without raising any further architectural questions.

Developed in https://github.com/WordPress/wordpress-develop/pull/6834
Discussed in https://core.trac.wordpress.org/ticket/42957

Props audrasjb, costdev, daveagp, dmsnell, hellofromTonya, markparnell, mukesh27, nhrrob, obrienlabs, paulcline.
Fixes #42957.

Built from https://develop.svn.wordpress.org/trunk@58674


git-svn-id: http://core.svn.wordpress.org/trunk@58076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-07-04 22:01:22 +00:00
Sergey Biryukov
ed0762ad01 Users: Pass the previous state of the user as context to the wp_set_password hook.
Follow-up to [55056], [55250].

Props dd32.
Fixes #61541.
Built from https://develop.svn.wordpress.org/trunk@58653


git-svn-id: http://core.svn.wordpress.org/trunk@58068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-07-03 16:10:16 +00:00
Sergey Biryukov
7bb686d18b Users: Account for returning false from the authenticate filter.
While technically only `null`, `WP_User`, or `WP_Error` should be returned from the `authenticate` filter, a plugin might return boolean `false` instead, which would trigger the `authentication_failed` error prior to [57882].

This commit aims to preserve that behavior in case `false` is returned.

Follow-up to [57882].

Props johnbillion.
See #60700.
Built from https://develop.svn.wordpress.org/trunk@57990


git-svn-id: http://core.svn.wordpress.org/trunk@57476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-04-13 16:33:13 +00:00
Sergey Biryukov
95f1ba70eb Coding Standards: Use strict comparison in wp-includes/pluggable.php.
Follow-up to [3566], [6387], [10437], [11057], [11387], [16208], [16304], [18195], [20410], [26367], [34947].

Props aristath, poena, afercia, SergeyBiryukov.
See #60700.
Built from https://develop.svn.wordpress.org/trunk@57882


git-svn-id: http://core.svn.wordpress.org/trunk@57383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-03-26 21:41:11 +00:00
Pascal Birchler
292af16439 Docs: Improve docblock for $x_redirect_by param in wp_redirect().
The `$x_redirect_by` parameter is supported by `wp_redirect()` and `wp_safe_redirect()` to set the `X-Redirect-By` header.
It can be modified via the `x_redirect_by` filter.

This updates the docblock to clarify that `false` can be passed to disable sending the header, which was previously undocumented behavior.

Props kkmuffme, swissspidy.
Fixes #60209.
Built from https://develop.svn.wordpress.org/trunk@57693


git-svn-id: http://core.svn.wordpress.org/trunk@57194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-22 10:58:12 +00:00
Sergey Biryukov
356dd51612 Docs: Document the $wp_hasher global in wp_generate_user_request_key().
Includes adding a description for the global in a few other functions.

Follow-up to [42791], [42964], [43008].

Props viralsampat.
See #60021.
Built from https://develop.svn.wordpress.org/trunk@57226


git-svn-id: http://core.svn.wordpress.org/trunk@56732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-12-24 13:05:21 +00:00
Sergey Biryukov
f2a85f2b2c Docs: Improve documentation for get_avatar() and related functions.
Includes:
* Expanding and synchronizing documentation for the `default` and `rating` arguments.
* Adding `@since` entries for the `loading`, `fetchpriority`, and `decoding` arguments.
* Wrapping long lines as per the documentation standards.
* Fixing a typo in the `identicon` value.
* Minor formatting edits for consistency.

Follow-up to [31107], [45632], [47554], [53480], [56037].

See #58833.
Built from https://develop.svn.wordpress.org/trunk@56767


git-svn-id: http://core.svn.wordpress.org/trunk@56279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-03 16:15:19 +00:00
Felix Arntz
dfe1f0d130 Media: Prevent PHP notice in get_avatar().
Follow up fix to [56690].

Props pereirinha, mukesh27, spacedmonkey.
Fixes #58892.

Built from https://develop.svn.wordpress.org/trunk@56756


git-svn-id: http://core.svn.wordpress.org/trunk@56268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-02 20:14:21 +00:00
Felix Arntz
8964275967 Media: Rely on wp_get_loading_optimization_attributes() to add decoding="async" to images.
The `wp_get_loading_optimization_attributes()` function was introduced in 6.3, as a single centralized place to control loading optimization attributes for various tags, most importantly images.

This changeset consolidates the `decoding="async"` optimization, which was added in 6.1, to occur solely as part of `wp_get_loading_optimization_attributes()`, removing duplicate code and allowing centralized filtering based on [56651].

As part of the change, the `wp_img_tag_add_decoding_attr()` function has been deprecated. The filter of the same name continues to be maintained for backward compatibility, as before covering only images that are part of a content blob such as post content (`the_content`).

Props pereirinha, mukesh27, joemcgill, flixos90.
Fixes #58892.
See #53232.

Built from https://develop.svn.wordpress.org/trunk@56690


git-svn-id: http://core.svn.wordpress.org/trunk@56202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 22:38:17 +00:00
Sergey Biryukov
59f1c9c205 Code Modernization: Use str_contains() in a few more places.
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).

WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [55988], [55990], [56014], [56021], [56031], [56032], [56065], [56241].

See #58206.
Built from https://develop.svn.wordpress.org/trunk@56245


git-svn-id: http://core.svn.wordpress.org/trunk@55757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-17 13:18:27 +00:00
audrasjb
6263f22b10 Docs: Replace multiple single line comments with multi-line comments.
This changeset updates various comments as per WordPress PHP Inline Documentation Standards.
See https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/#5-inline-comments.

Follow-up to [56174], [56175], [56176], [56177], [56178], [56179], [56180], [56191].

Props costdev, audrasjb.
See #58459.



Built from https://develop.svn.wordpress.org/trunk@56192


git-svn-id: http://core.svn.wordpress.org/trunk@55704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-10 22:48:22 +00:00
Felix Arntz
5ca27acd20 Media: Automatically add fetchpriority="high" to hero image to improve load time performance.
This changeset adds support for the `fetchpriority` attribute, which is typically added to a single image in each HTML response with a value of "high". This enhances load time performance (also Largest Contentful Paint, or LCP) by telling the browser to prioritize this image for downloading even before the layout of the page has been computed. In lab tests, this has shown to improve LCP performance by ~10% on average.

Specifically, `fetchpriority="high"` is added to the first image that satisfies all of the following conditions:
* The image is not lazy-loaded, i.e. does not have `loading="lazy"`.
* The image does not already have a (conflicting) `fetchpriority` attribute.
* The size of of the image (i.e. width * height) is greater than 50,000 squarepixels.

While these heuristics are based on several field analyses, there will always be room for optimization. Sites can customize the squarepixel threshold using a new filter `wp_min_priority_img_pixels` which should return an integer for the value.

Since the logic for adding `fetchpriority="high"` is heavily intertwined with the logic for adding `loading="lazy"`, yet the features should work decoupled from each other, the majority of code changes in this changeset is refactoring of the existing lazy-loading logic to be reusable. For this purpose, a new function `wp_get_loading_optimization_attributes()` has been introduced which returns an associative array of performance-relevant attributes for a given HTML element. This function replaces `wp_get_loading_attr_default()`, which has been deprecated. As another result of that change, a new function `wp_img_tag_add_loading_optimization_attrs()` replaces the more specific `wp_img_tag_add_loading_attr()`, which has been deprecated as well.

See https://make.wordpress.org/core/2023/05/02/proposal-for-enhancing-lcp-image-performance-with-fetchpriority/ for the original proposal and additional context.

Props thekt12, joemcgill, spacedmonkey, mukesh27, costdev, 10upsimon.
Fixes #58235.

Built from https://develop.svn.wordpress.org/trunk@56037


git-svn-id: http://core.svn.wordpress.org/trunk@55549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-26 16:17:23 +00:00
Sergey Biryukov
84e9601e5a Code Modernization: Replace usage of substr() with str_starts_with() and str_ends_with().
`str_starts_with()` and `str_ends_with()` were introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins or ends with the given substring (needle).

WordPress core includes a polyfill for these functions on PHP < 8.0 as of WordPress 5.9.

This commit uses `str_starts_with()` and `str_ends_with()` in core files where appropriate:
* `$needle === substr( $string, 0, $length )`, where `$length` is the length of `$needle`, is replaced with `str_starts_with( $haystack, $needle )`.
* `$needle === substr( $string, $offset )`, where `$offset` is negative and the absolute value of `$offset` is the length of `$needle`, is replaced with `str_ends_with( $haystack, $needle )`.

This aims to make the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [52039], [52040], [52326], [55703], [55710], [55987], [55988].

Props Soean, spacedmonkey, Clorith, ocean90, azaozz, sabernhardt, SergeyBiryukov.
Fixes #58220.
Built from https://develop.svn.wordpress.org/trunk@55990


git-svn-id: http://core.svn.wordpress.org/trunk@55502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-22 14:57:24 +00:00
Sergey Biryukov
1ce5dc7444 Code Modernization: Replace usage of strpos() with str_contains().
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).

WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].

Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes #58206.
Built from https://develop.svn.wordpress.org/trunk@55988


git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-22 14:36:26 +00:00
Sergey Biryukov
2ec23a82ed Code Modernization: Replace usage of strpos() with str_starts_with().
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).

WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.

While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.

Follow-up to [52039], [52040], [52326].

Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes #58012.
Built from https://develop.svn.wordpress.org/trunk@55703


git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-02 15:45:22 +00:00
Sergey Biryukov
b1474a8a20 General: Don't pass $action to wp_get_session_token() in wp_create_nonce().
The parameter appears to have been passed by accident, as the function does not accept any parameters.

Follow-up to [54218].

Props malavvasita, hztyfoon, dd32.
Fixes #58181.
Built from https://develop.svn.wordpress.org/trunk@55685


git-svn-id: http://core.svn.wordpress.org/trunk@55197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-04-25 14:57:23 +00:00
Sergey Biryukov
bdfe3d5a46 Coding Standards: Use strict comparison where count() is involved.
Follow-up to [1636], [6974], [8114], [10322], [13326], [14760], [18006], [18541], [19743], [23249], [24115], [33359].

Props aristath, poena, afercia, SergeyBiryukov.
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55642


git-svn-id: http://core.svn.wordpress.org/trunk@55154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-04-10 12:56:21 +00:00
Sergey Biryukov
06305406df Docs: Fix typo in wp_generate_password() description.
Follow-up to [42373].

Props pyrobd, pravinparmar2404, mukesh27.
Fixes #57847.
Built from https://develop.svn.wordpress.org/trunk@55455


git-svn-id: http://core.svn.wordpress.org/trunk@54988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-02 13:57:23 +00:00
Sergey Biryukov
0449c238bd Users: Adjust the initialization of the $duplicated_keys array in wp_salt().
This avoids an endless loop if `get_current_user_id()` is used in a callback attached to the `gettext` filter.

With the translated phrase moved into a separate assignment, the function succeeds in setting the static `$duplicated_keys` array once and no longer goes into this code section on subsequent calls.

Follow-up to [54249].

Props adityaarora010196, SergeyBiryukov.
Fixes #57121.
Built from https://develop.svn.wordpress.org/trunk@55433


git-svn-id: http://core.svn.wordpress.org/trunk@54966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-28 13:22:22 +00:00
Sergey Biryukov
bd92d87b74 Coding Standards: Rename $comment_ID variable to $comment_id in various files.
This resolves 80+ WPCS warnings in core:
{{{
Variable "$comment_ID" is not in valid snake_case format
}}}

While matching the database field of the same name, the `$comment_ID` variable did not follow the WordPress coding standards, and is now renamed to address that.

This affects:
* Function parameters in:
 * `get_comment_author()`
 * `comment_author()`
 * `get_comment_author_email()`
 * `comment_author_email()`
 * `get_comment_author_link()`
 * `comment_author_link()`
 * `get_comment_author_IP()`
 * `comment_author_IP()`
 * `get_comment_author_rl()`
 * `comment_author_url()`
 * `get_comment_date()`
 * `comment_date()`
 * `get_comment_excerpt()`
 * `comment_excerpt()`
 * `get_comment_text()`
 * `comment_text()`
 * `get_comment_time()`
 * `comment_time()`
 * `get_comment_type()`
 * `get_page_of_comment()`
 * `wp_new_comment_notify_moderator()`
 * `wp_new_comment_notify_postauthor()`
 * `get_commentdata()`

* Internal variables in:
 * `get_comment_ID()`
 * `wp_new_comment()`
 * `wp_xmlrpc_server::wp_deleteComment()`
 * `wp_xmlrpc_server::wp_editComment()`
 * `wp_xmlrpc_server::wp_newComment()`
 * `wp_xmlrpc_server::pingback_ping()`

* Hook parameters in:
 * `get_comment_author`
 * `comment_author`
 * `get_comment_author_email`
 * `author_email`
 * `get_comment_author_link`
 * `get_comment_author_IP`
 * `get_comment_author_url`
 * `comment_url`
 * `get_comment_excerpt`
 * `comment_excerpt`
 * `get_comment_ID`
 * `get_comment_type`
 * `get_page_of_comment`
 * `comment_{$new_status}_{$comment->comment_type}`
 * `comment_post`
 * `notify_moderator`
 * `notify_post_author`
 * `commentrss2_item`
 * `xmlrpc_call_success_wp_deleteComment`
 * `xmlrpc_call_success_wp_editComment`
 * `xmlrpc_call_success_wp_newComment`
 * `pingback_post`

Note: The name change only affects variable names and DocBlocks.

The change does not affect:

* `comment_ID` as the `$orderby` value in `WP_Comment_Query::__construct()`
* `comment_ID` as the `$orderby` value in `WP_Comment::get_children()`
* `comment_ID` as part of `$commentarr` parameter in `wp_update_comment()`

The associated array keys still match the database field.

Follow-up to [53723].

Props krunal265, costdev, SergeyBiryukov.
Fixes #57671. See #56791.
Built from https://develop.svn.wordpress.org/trunk@55308


git-svn-id: http://core.svn.wordpress.org/trunk@54841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-12 18:08:21 +00:00
Sergey Biryukov
11d374ff97 Users: Pass correct number of arguments to send_auth_cookies filter in wp_clear_auth_cookie().
Follow-up to [55164], [55253], [55259].

Props mukesh27.
See #56971.
Built from https://develop.svn.wordpress.org/trunk@55260


git-svn-id: http://core.svn.wordpress.org/trunk@54793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 13:53:18 +00:00
Sergey Biryukov
09ec812116 Users: Pass the authentication scheme to the send_auth_cookies filter.
This brings more consistency with the `set_auth_cookie` and `set_logged_in_cookie` hooks.

Follow-up to [55164], [55253].

See #56971.
Built from https://develop.svn.wordpress.org/trunk@55259


git-svn-id: http://core.svn.wordpress.org/trunk@54792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 13:46:17 +00:00
audrasjb
0c5812699c Users: Change parameters order in send_auth_cookies filter.
This changeset makes this filter more consistent with `set_auth_cookie` and `set_logged_in_cookie` hooks.

Follow-up to [55164].

Props SergeyBiryukov, audrasjb, mukesh27 , costdev.
Fixes #56971.

Built from https://develop.svn.wordpress.org/trunk@55253


git-svn-id: http://core.svn.wordpress.org/trunk@54786 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 12:30:17 +00:00
audrasjb
b27543461d Users: Update get_avatar_url() and get_avatar() to include RoboHash support.
Follow-up to [55238].

Fixes #57493.

Built from https://develop.svn.wordpress.org/trunk@55239


git-svn-id: http://core.svn.wordpress.org/trunk@54772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-06 21:30:18 +00:00
audrasjb
28358ab213 HTTP API: Fix request header inconsistencies.
This changeset improves the consistency in capitalization of fetching and outputting of request headers. It also updates occurrences found in some docblocks.

Props johnjamesjacoby, costdev, audrasjb, petitphp, mhkuu, SergeyBiryukov.
Fixes #54225.

Built from https://develop.svn.wordpress.org/trunk@55210


git-svn-id: http://core.svn.wordpress.org/trunk@54743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-03 13:35:20 +00:00
Sergey Biryukov
3ec35fac02 Docs: Fix typo in the send_auth_cookies filter DocBlock.
Follow-up to [55164], [55165].

See #56971, #39367.
Built from https://develop.svn.wordpress.org/trunk@55166


git-svn-id: http://core.svn.wordpress.org/trunk@54699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-31 12:20:16 +00:00
Sergey Biryukov
a389692e5a Docs: Remove a duplicate line in the send_auth_cookies filter DocBlock.
Describe the default values for the `$send` and `$expire` parameters.

Follow-up to [55164].

See #56971, #39367.
Built from https://develop.svn.wordpress.org/trunk@55165


git-svn-id: http://core.svn.wordpress.org/trunk@54698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-31 12:18:22 +00:00
audrasjb
67abe8cfb3 Users: Add context to the send_auth_cookies filter.
This changeset adds `$user_id`, `$expire`, `$expiration` and `$token` parameters to provide context to `send_auth_cookies` hook, which allows the filter to skip sending auth cookies.

Props dd32, mukesh27, costdev, peterwilsoncc, audrasjb.
Fixes #56971.
See #39367.

Built from https://develop.svn.wordpress.org/trunk@55164


git-svn-id: http://core.svn.wordpress.org/trunk@54697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-31 08:46:13 +00:00
Pascal Birchler
5edb22187d I18N: Introduce switch_to_user_locale().
This new function makes it easier to switch to a specific user’s locale by reducing duplicate code and storing the user’s ID as additional context for plugins to consume. Existing usage of `switch_to_locale()` in core has been replaced with `switch_to_user_locale()` where appropriate.

Also, this change ensures `WP_Locale_Switcher` properly filters `determine_locale` so that anyyone using the `determine_locale()` function will get the correct locale information when switching is in effect.

Props costdev.
Fixes #57123.
See #26511.
Built from https://develop.svn.wordpress.org/trunk@55161


git-svn-id: http://core.svn.wordpress.org/trunk@54694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-30 10:27:16 +00:00
John Blackbourn
badc8943d1 HTTP API: Correct the name of a filter referenced in the docs for wp_redirect() and wp_safe_redirect().
Props pbiron, audrasjb, SergeyBiryukov 

Fixes #57464

Built from https://develop.svn.wordpress.org/trunk@55069


git-svn-id: http://core.svn.wordpress.org/trunk@54602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-15 01:01:15 +00:00
Sergey Biryukov
10ad5f0d4d Docs: Correct the type of the $user_id parameter in wp_set_password action.
Follow-up to [6600], [55056].

See #57436.
Built from https://develop.svn.wordpress.org/trunk@55057


git-svn-id: http://core.svn.wordpress.org/trunk@54590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-12 13:14:15 +00:00
audrasjb
00ed89ffb1 Users: Add an action hook on wp_set_password().
This changeset introduces the `wp_set_password` action hook, triggered after a password is set for a given user. As several plugins are calling `wp_set_password()` directly, adding an action to the end of the function will help plugin authors to catch all instances of password setting.

Props tanner-m, audrasjb.
Fixes #57436.

Built from https://develop.svn.wordpress.org/trunk@55056


git-svn-id: http://core.svn.wordpress.org/trunk@54589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-12 09:05:15 +00:00
audrasjb
b6760ea0ce Docs: Align spelling with American English.
This changeset updates the use of "-ise" suffix to American English "-ize" and replaces "behaviour" with "behavior" in various docblocks.

Follow-up to [54663], [54664], [55043].

Props kebbet.
See #56811, #56792.

Built from https://develop.svn.wordpress.org/trunk@55044


git-svn-id: http://core.svn.wordpress.org/trunk@54577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-10 09:30:13 +00:00
johnjamesjacoby
0f0646eda0 Mail: allow custom attachment filenames in wp_mail().
Previous to this change, attachment filenames in outgoing emails could only ever be derived from their paths (passed in as a numerically indexed array of `$attachments`).

This changeset adds support for passing an associative `$attachments` array, where the key strings will be used as filenames instead.

Includes 2 new unit tests to ensure both array formats continue to work as intended.

Props johnjamesjacoby, ritteshpatel, swissspidy, syntaxart.
Fixes #28407.
Built from https://develop.svn.wordpress.org/trunk@55030


git-svn-id: http://core.svn.wordpress.org/trunk@54563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-05 10:49:16 +00:00
Sergey Biryukov
0d03ee0b7a Code Modernization: Rename parameters that use reserved keywords in wp-includes/pluggable.php.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.

Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].

Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952


git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 00:24:17 +00:00
Sergey Biryukov
5f30490527 Coding Standards: Remove a one-time $loading variable in get_avatar().
This aims to bring consistency between two similar code fragments.

Follow-up to [47554], [53480], [54895].

See #56791.
Built from https://develop.svn.wordpress.org/trunk@54920


git-svn-id: http://core.svn.wordpress.org/trunk@54472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-01 15:43:20 +00:00
Sergey Biryukov
1750d30863 Coding Standards: Always use strict type check for in_array().
This fixes the currently flagged `WordPress.PHP.StrictInArray.MissingTrueStrict` issues:
* `Not using strict comparison for in_array; supply true for third argument.`

These all do comparisons with strings, so all the more reason why it is imperative that a strict comparison is used.

Follow-up to [47550], [47557], [54155], [53480].

Props jrf.
See #56791.
Built from https://develop.svn.wordpress.org/trunk@54895


git-svn-id: http://core.svn.wordpress.org/trunk@54447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-29 21:00:14 +00:00
Sergey Biryukov
3ba44120d0 Coding Standards: Always use parentheses when instantiating an object.
Note: This will be enforced by WPCS 3.0.0.

Props jrf.
See #56791.
Built from https://develop.svn.wordpress.org/trunk@54891


git-svn-id: http://core.svn.wordpress.org/trunk@54443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-29 15:51:14 +00:00
audrasjb
65cdec186b Docs: Align spelling with American English.
This changeset replaces "cancelled" with "canceled" in various docblocks, per the [https://make.wordpress.org/core/handbook/best-practices/spelling/ Spelling Guidelines].

Props costdev.
See #56811, #56792.

Built from https://develop.svn.wordpress.org/trunk@54664


git-svn-id: http://core.svn.wordpress.org/trunk@54216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-21 21:51:14 +00:00
audrasjb
1b46797366 Mail: Reset PHPMailer properties between use.
Props xknown, martinkrcho, tykoted.

Built from https://develop.svn.wordpress.org/trunk@54529


git-svn-id: http://core.svn.wordpress.org/trunk@54084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 11:42:11 +00:00
Peter Wilson
b879d04354 Users: Revert use of shared objects for current user.
Reverts [50790].

Props oztaser, ravipatel, dd32, costdev, SergeyBiryukov, tykoted, cu121, xknown.
Fixes #54984.


Built from https://develop.svn.wordpress.org/trunk@54397


git-svn-id: http://core.svn.wordpress.org/trunk@53956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-06 04:38:14 +00:00
John Blackbourn
f7dc68f99a Docs: Updates and corrections to various inline docs added in 6.1.
See #55646

Built from https://develop.svn.wordpress.org/trunk@54284


git-svn-id: http://core.svn.wordpress.org/trunk@53843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-21 20:24:12 +00:00
audrasjb
06cb9d7691 Security: Salting functions: translate the phrase "put your unique phrase here".
In `wp_salt()` WordPress pre-populates the check for duplicate salt values with the default put your unique phrase here. As the `wp-config.php file` for non-en_US can be translated in downloaded packages, a translated version of this phrase ought to be in the pre-populated duplicate values array too.

Props peterwilsoncc, SergeyBiryukov, whaze, costdev, audrasjb.
Fixes #55937.

Built from https://develop.svn.wordpress.org/trunk@54249


git-svn-id: http://core.svn.wordpress.org/trunk@53808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-20 11:57:20 +00:00
audrasjb
4bb6301eb9 General: Pass $action to nonce_life filter.
This changeset contextualizes the usage of `nonce_life` filter by passing the `$action` parameter. It allows to alterate the default lifespan of nonces on a case by case basis.

Props giuseppemazzapica, dwainm, DrewAPicture, jorbin, audrasjb, SergeyBiryukov, costdev, antonvlasenko.
Fixes #35188.

Built from https://develop.svn.wordpress.org/trunk@54218


git-svn-id: http://core.svn.wordpress.org/trunk@53777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-19 21:36:10 +00:00
audrasjb
cad5069194 Docs: Update wp_rand docblock to clarify that it returns a non-negative number.
Props hakre, westi, jeremyfelt, neychok, sabernhardt, audrasjb.
Fixes #15089.

Built from https://develop.svn.wordpress.org/trunk@54190


git-svn-id: http://core.svn.wordpress.org/trunk@53749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-16 22:39:11 +00:00
desrosj
fa9c62915f Mail: Prevent the last character of names in “From” headers from being trimmed.
When extracting the email and name from a “From” header, the last character of the name is incorrectly trimmed when a space is not included between the name and the opening `<`.

Though the space is required for the header to be compliant with RFC5322 (see https://www.rfc-editor.org/rfc/rfc5322#section-3.4), the absence of a space can be ignored here. PHPMailer accepts the name and email as separate parameters and constructs the header correctly later on.

Props hakanca, mikehansenme, SergeyBiryukov, kovshenin, mattyrob, drewapicture, desrosj.
Fixes #19847.
Built from https://develop.svn.wordpress.org/trunk@53900


git-svn-id: http://core.svn.wordpress.org/trunk@53459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-16 18:18:14 +00:00
John Blackbourn
79db573265 Docs: Various corrections and improvements to inline documentation.
See #55646

Built from https://develop.svn.wordpress.org/trunk@53827


git-svn-id: http://core.svn.wordpress.org/trunk@53386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-04 14:52:11 +00:00
John Blackbourn
5dc1150ea2 Users: Allow conditional supression of the email notifications that are sent when a new user account is registered.
This introduces the following new filters:

* `wp_send_new_user_notification_to_admin`
* `wp_send_new_user_notification_to_user`

Props janthiel, costdev, audrasjb, peterwilsoncc

Fixes #54874

Built from https://develop.svn.wordpress.org/trunk@53698


git-svn-id: http://core.svn.wordpress.org/trunk@53257 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-12 21:05:16 +00:00
Sergey Biryukov
9e01bd8adc Query: Some documentation and test improvements for update_post_author_caches():
* Make the descriptions for `update_post_author_caches()` and `update_post_caches()` more specific.
* Move the unit test into its own file, for consistency with `update_post_cache()` tests. This also allows for using shared fixtures in case more tests are added in the future.

Follow-up to [53482].

See #55716.
Built from https://develop.svn.wordpress.org/trunk@53483


git-svn-id: http://core.svn.wordpress.org/trunk@53072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-10 15:17:10 +00:00
spacedmonkey
2237f67458 Prime users cache in WP_Query and post REST API controller.
For a call to `WP_Query` or a post REST API request that contains posts from multiple authors, call the `cache_users` function, to ensure that all user data for post authors is primed in 
a single database query. This results in far fewer database queries on multiple author sites. 

Props spacedmonkey, timothyblynjacobs, peterwilsoncc.
Fixes #55716.

Built from https://develop.svn.wordpress.org/trunk@53482


git-svn-id: http://core.svn.wordpress.org/trunk@53071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-10 13:39:11 +00:00