This aims to make the update process more reliable and ensures that if a plugin or theme update fails, the previous version can be safely restored.
* When updating a plugin or theme, the old version is moved to a temporary backup directory:
* `wp-content/upgrade-temp-backup/plugins/[plugin-slug]` for plugins
* `wp-content/upgrade-temp-backup/themes/[theme-slug]` for themes.
* If the update fails, then the backup kept in the temporary backup directory is restored to its original location.
* If the update succeeds, the temporary backup is deleted.
To further help troubleshoot plugin and theme updates, two new checks were added to the Site Health screen:
* A check to make sure that the `upgrade-temp-backup` directory is writable.
* A check that there is enough disk space available to safely perform updates.
To avoid confusion: The temporary backup directory will NOT be used to “roll back” a plugin to a previous version after a completed update. This directory will simply contain a transient backup of the previous version of a plugin or theme being updated, and as soon as the update process finishes, the directory will be empty.
Follow-up to [55204], [55220].
Props afragen, costdev, pbiron, azaozz, hellofromTonya, aristath, peterwilsoncc, TJNowell, bronsonquick, Clorith, dd32, poena, TimothyBlynJacobs, audrasjb, mikeschroder, a2hosting, KZeni, galbaras, richards1052, Boniu91, mai21, francina, TobiasBg, desrosj, noisysocks, johnbillion, dlh, chaion07, davidbaumwald, jrf, thisisyeasin, ignatggeorgiev, SergeyBiryukov.
Fixes#51857.
Built from https://develop.svn.wordpress.org/trunk@55720
git-svn-id: http://core.svn.wordpress.org/trunk@55232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
Built from https://develop.svn.wordpress.org/trunk@55703
git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use `continue` to help separate each case for better readability, instead of having a wall of `if`/`elseif`.
Includes simplifying a similar fragment in `make_site_theme_from_default()`.
Follow-up to [1575], [2037], [2040], [2044], [2346], [7999], [14080], [14485].
Props costdev, krunal265, hellofromTonya, brookedot, SergeyBiryukov.
Fixes#56982.
Built from https://develop.svn.wordpress.org/trunk@55688
git-svn-id: http://core.svn.wordpress.org/trunk@55200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds support for the new selectors property for block types. It adds it to the allowed metadata when registering a block type, makes the WP_Block_Type class aware of it, exposes it through the block types REST API, and the get_block_editor_server_block_settings function.
Corresponding work in the Gutenberg plugin: https://github.com/WordPress/gutenberg/pull/46496.
Fixes#57585.
Props aaronrobertshaw, hellofromTonya.
Built from https://develop.svn.wordpress.org/trunk@55673
git-svn-id: http://core.svn.wordpress.org/trunk@55185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This replaces a site ID comparison when displaying action links in `WP_MS_Sites_List_Table::handle_row_actions()` with a dedicated function call, `is_main_site()`, for clarity.
Follow-up to [13918], [25125], [26120], [32644], [38814].
Props ecorica, spacedmonkey, SergeyBiryukov.
Fixes#58150.
Built from https://develop.svn.wordpress.org/trunk@55666
git-svn-id: http://core.svn.wordpress.org/trunk@55178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#writing-include-require-statements WordPress PHP coding standards], it is ''strongly recommended'' to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found.
Follow-up to [1674], [1812], [1964], [6779], [8540], [10521], [11005], [11911], [16065], [16149], [25421], [25466], [25823], [37714], [42981], [45448], [47198], [54276], [55633].
Props kausaralm, SergeyBiryukov.
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55641
git-svn-id: http://core.svn.wordpress.org/trunk@55153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It is best to always escape the complete value of an attribute, not a partial value, as otherwise the escaping could be (partially) undone when the values are joined together.
While the hardcoded prefix/suffix values in this case don't necessarily create that risk, those may change to values which could be problematic, so making it a habit to escape the value in one go is best practice.
Includes:
* Moving a few `esc_url()` calls closer to the actual output and escaping the hash parts too.
* Wrapping a few long lines for better readability.
Follow-up to [14248], [23707], [42217], [55615].
Props jrf, SergeyBiryukov.
Fixes#57110.
Built from https://develop.svn.wordpress.org/trunk@55616
git-svn-id: http://core.svn.wordpress.org/trunk@55128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that post type or taxonomy name is consistently escaped in:
* `wp_nav_menu_item_post_type_meta_box()`
* `wp_nav_menu_item_taxonomy_meta_box()`
Follow-up to [14248], [23707].
Props zenaulislam, SergeyBiryukov.
Fixes#57110.
Built from https://develop.svn.wordpress.org/trunk@55615
git-svn-id: http://core.svn.wordpress.org/trunk@55127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the green background from the "dot" accent, to prevent low contrast for the dismiss button. Use menu colors for the background on alternate color schemes. Remove the "Edit styles" link as there is no longer a direct link to the global styles section of the site editor.
Follow-up to [55451].
Props sabernhardt, ryokuhi, laurlittle, richtabor.
Fixes#57759.
Built from https://develop.svn.wordpress.org/trunk@55574
git-svn-id: http://core.svn.wordpress.org/trunk@55086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `ftp_nlist()` receives an empty path, it checks the current working directory and may return `true`.
This affects:
* `WP_Filesystem_FTPext::exists()`
* `WP_Filesystem_ftpsockets::exists()`
As the purpose of the API is to provide a consistent interface for various filesystem implementations, this commit updates the affected methods to returns `false` when an empty path is provided, bringing consistency with the other filesystem abstraction classes, specifically `WP_Filesystem_Direct` and `WP_Filesystem_SSH2`.
Follow-up to [6779], [11821], [25274], [31815].
Props mkox, costdev, Zdrobau, dd32, pbiron, azaozz, mukesh27, SergeyBiryukov.
Fixes#33058.
Built from https://develop.svn.wordpress.org/trunk@55556
git-svn-id: http://core.svn.wordpress.org/trunk@55068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the `WP_Comments_List_Table` class, when the function `get_comments` is called, pass the parameter `update_comment_post_cache` set to true. This primes all the related posts for the displayed comments. This improves performance, as all posts are primed at once.
Props spacedmonkey, adarshposimyth.
Fixes#57802.
Built from https://develop.svn.wordpress.org/trunk@55513
git-svn-id: http://core.svn.wordpress.org/trunk@55045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes the `wp_ajax_save_attachment_updated` hook by reverting [55106], [55111], and [55450], to give it more time for further discussions as there are still concerns about whether this hook is necessary.
Follow-up to [55106], [55111], [55450].
Props costdev, SergeyBiryukov, peterwilsoncc, azaozz.
See #23148.
Built from https://develop.svn.wordpress.org/trunk@55474
git-svn-id: http://core.svn.wordpress.org/trunk@55007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset renames the `wp_ajax_save_attachment` action to `wp_ajax_save_attachment_updated` to avoid confusion with the similarly named `wp_ajax_save-attachment` action. This also add a dockblock note to indicate that when checking if an action is being done, `doing_action( 'wp_ajax_save-attachment' )` may be used if that is more convenient.
Follow-up to [55106].
Props azaozz, sc0ttkclark, costdev.
Fixes#23148
Built from https://develop.svn.wordpress.org/trunk@55450
git-svn-id: http://core.svn.wordpress.org/trunk@54983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As part of determining whether to perform automatic updates, WordPress checks if it is running within a version-controlled environment, recursively looking up the filesystem to the top of the drive, looking for a Subversion, Git, Mercurial, or Bazaar directory, erring on the side of detecting a VCS checkout somewhere.
This commit avoids a PHP warning if the `open_basedir` directive is in use and any of the directories checked in the process are not allowed:
{{{
is_dir(): open_basedir restriction in effect. File(/.git) is not within the allowed path(s)
}}}
Follow-up to [25421], [25700], [25764], [25835], [25859].
Props costdev, markjaquith, meyegui, dd32, arnolp, robin-labadie, hellofromTonya, afragen, pbiron, SergeyBiryukov.
Fixes#42619.
Built from https://develop.svn.wordpress.org/trunk@55425
git-svn-id: http://core.svn.wordpress.org/trunk@54958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset fixes encoding issues in background update emails by applying `html_entity_decode()` on Plugin/Theme names in `send_plugin_theme_email()`.
Props paulschreiber, audrasjb, benjgrolleau, sanketchodavadiya, robinwpdeveloper, paulamit.
Fixes#56964.
Built from https://develop.svn.wordpress.org/trunk@55411
git-svn-id: http://core.svn.wordpress.org/trunk@54944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to avoid timeout in Imagick operations.
Previously, Imagick operations could silently error by timeout and produce unexpected results. The new `::set_imagick_time_limit()` method, now used in `::resize()` and `::crop()`, will better handle garbage collection in these cases as well as better align Imagick's timeout with PHP timeout, assuming it is set.
Props drzraf, audrasjb, costdev, antpb, SergeyBiryukov.
Fixes#52569.
Built from https://develop.svn.wordpress.org/trunk@55404
git-svn-id: http://core.svn.wordpress.org/trunk@54937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `$post_ID` variable is [546f59c678/WordPress/Sniffs/NamingConventions/ValidVariableNameSniff.php (L54) technically allowed in WPCS], as there is a global of the same name that needs to remain for backward compatibility. However, this name is mostly a remnant of legacy code, and switching to `$post_id` where appropriate brings more consistency with the rest of core.
Additionally, this commit resolves a few WPCS warnings in core:
{{{
Variable "$post_IDs" is not in valid snake_case format
}}}
This affects:
* Function parameters in:
* `add_meta()`
* `post_preview()`
* `WP_Embed::delete_oembed_caches()`
* `WP_Embed::cache_oembed()`
* `wp_get_post_cats()`
* `wp_set_post_cats()`
* `wp_unique_post_slug()`
* `wp_set_post_categories()`
* `wp_check_post_hierarchy_for_loops()`
* `wp_add_trashed_suffix_to_post_name_for_trashed_posts()`
* `wp_filter_wp_template_unique_post_slug()`
* `wp_xmlrpc_server::add_enclosure_if_new()`
* `wp_xmlrpc_server::attach_uploads()`
* `wp_xmlrpc_server::mt_getTrackbackPings()`
* Internal variables in:
* `wp_ajax_inline_save()`
* `wp_ajax_set_post_thumbnail()`
* `wp_ajax_get_post_thumbnail_html()`
* `edit_post()`
* `bulk_edit_posts()`
* `wp_write_post()`
* `WP_Embed::shortcode()`
* `wp_insert_post()`
* `wp_xmlrpc_server::_insert_post()`
* `wp_xmlrpc_server::blogger_getPost()`
* `wp_xmlrpc_server::blogger_newPost()`
* `wp_xmlrpc_server::blogger_editPost()`
* `wp_xmlrpc_server::blogger_deletePost()`
* `wp_xmlrpc_server::mw_getPost()`
* `wp_xmlrpc_server::mw_newPost()`
* `wp_xmlrpc_server::mw_editPost()`
* `wp_xmlrpc_server::mt_getPostCategories()`
* `wp_xmlrpc_server::mt_setPostCategories()`
* `wp_xmlrpc_server::mt_publishPost()`
* `wp_xmlrpc_server::pingback_ping()`
* Hook parameters in:
* `oembed_ttl`
* `embed_oembed_html`
* `wp_insert_post_parent`
* `add_trashed_suffix_to_trashed_posts`
* `pre_post_update`
* `edit_attachment`
* `attachment_updated`
* `add_attachment`
* `edit_post_{$post->post_type}`
* `edit_post`
* `post_updated`
* `save_post_{$post->post_type}`
* `save_post`
* `wp_insert_post`
* `pre_wp_unique_post_slug`
* `wp_unique_post_slug`
* `xmlrpc_call_success_blogger_newPost`
* `xmlrpc_call_success_blogger_editPost`
* `xmlrpc_call_success_blogger_deletePost`
* `xmlrpc_call_success_mw_newPost`
* `xmlrpc_call_success_mw_editPost`
Note: The name change only affects variable names and DocBlocks.
The change does not affect the `$post_ID` global still used in a few places.
Follow-up to [51399], [52958], [53723], [53729], [55190], [55308], [55334].
Props mahekkalola, tanjimtc71, SergeyBiryukov.
Fixes#57692.
Built from https://develop.svn.wordpress.org/trunk@55365
git-svn-id: http://core.svn.wordpress.org/trunk@54898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
