Commit Graph

809 Commits

Author SHA1 Message Date
Sergey Biryukov
8743a96dfe Formatting: Restore consistent quotes in _make_web_ftp_clickable_cb().
After the introduction of `_make_clickable_rel_attr()` in an earlier commit, the function ended up returning link markup with a mix of single and double quotes.

This commit ensures that `_make_web_ftp_clickable_cb()` always returns double quotes, restoring consistency with other similar callback functions used by `make_clickable()`:
* `_make_url_clickable_cb()`
* `_make_email_clickable_cb()`

Follow-up to [55289].

See #53290, #56444.
Built from https://develop.svn.wordpress.org/trunk@55495


git-svn-id: http://core.svn.wordpress.org/trunk@55028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-09 00:20:18 +00:00
audrasjb
34229a4286 Help/About: Avoid extra redirections on HelpHub Links.
This changeset replaces various HelpHub links that have changed to avoid extra 301 redirections.

Props sabernhardt, audrasjb.
See #57726.

Built from https://develop.svn.wordpress.org/trunk@55414


git-svn-id: http://core.svn.wordpress.org/trunk@54947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-23 11:06:19 +00:00
audrasjb
418a21fdbc Help/About: Use the new /documentation/ URLs for HelpHub links in WordPress Admin.
As `https://wordpress.org/support/` was redirected to `https://wordpress.org/documentation/`, this changeset replaces various `/support/article/*` links with `/documentation/article/*` to avoid an extra redirect.

This also updates links to Support Forums by replacing `https://wordpress.org/support/` URLs with `https://wordpress.org/support/forums/`.

Props SergeyBiryukov, audrasjb, dhrupo, hasanmisbah, sakibmd, sabernhardt.
See #57726.

Built from https://develop.svn.wordpress.org/trunk@55412


git-svn-id: http://core.svn.wordpress.org/trunk@54945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-23 10:38:21 +00:00
Sergey Biryukov
b9a31d5343 Docs: Improve code comments in some sanitizing functions.
This aims to clarify a few inline comments related to removing percent-encoded characters and HTML entities.

Affected functions:
* `sanitize_user()`
* `sanitize_title_with_dashes()`
* `sanitize_html_class()`
* `_sanitize_text_fields()`
* `get_comments_number_text()`

Follow-up to [465], [3454], [11433], [12503], [37987].

Props ace100, tanjimtc71, codemonksuvro, SergeyBiryukov.
Fixes #57712.
Built from https://develop.svn.wordpress.org/trunk@55346


git-svn-id: http://core.svn.wordpress.org/trunk@54879 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-15 13:06:21 +00:00
Aaron Jorbin
6d179f0d90 Comments: Improve rel attribute usage in comments.
Internal links should be followed and it should be easier to modify other rel attributes on comments. This adds a helper function for determining if a URL is internal and also adds some new filters to make it easy to modify rel attributes in comments.

Props thomasplevy, desrosj, sabernhardt, benish74, samiamnot, galbaras, jorbin.

Fixes #53290, #56444.

Built from https://develop.svn.wordpress.org/trunk@55289


git-svn-id: http://core.svn.wordpress.org/trunk@54822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 18:54:19 +00:00
audrasjb
3223743a6a I18N: Introduce word_count_type property to WP_Locale.
This changesets adds a `word_count_type` property, so that it does not need to be translated separately across multiple projects.

List of changes:
- New property: `WP_Locale::word_count_type`.
- New method: `WP_Locale::get_word_count_type()`.
- New function: `wp_get_word_count_type()` as a wrapper for `WP_Locale::get_word_count_type()`.
- All `_x( 'words', 'Word count type. Do not translate!' )` strings have been replaced with a call to `wp_get_word_count_type()`.

Props pedromendonca, desrosj, costdev, mukesh27, johnbillion.
Fixes #56698.

Built from https://develop.svn.wordpress.org/trunk@55279


git-svn-id: http://core.svn.wordpress.org/trunk@54812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 17:28:18 +00:00
joedolson
b2fb194bc1 Formatting: Treat math elements as block-level elements.
The `math` element can be displayed either as a block or inline element. If `wpautop` only treats it as an inline element, it will break multiline elements by inserting `br` elements. Treating the element as a block element means that the editor won't break common normative usages of the `math` element. 

Prevent `math` elements from having internal elements split up with `br` elements, disrupting formatting.

Props nicholaswilson, wojtek.szkutnik, hakre, conner_bw, ericlewis, hughie.molloy, SteelWagstaff, ryokuhi, joedolson, bgoewert, adamsilverstein, joedolson.
Fixes #13340.
Built from https://develop.svn.wordpress.org/trunk@55272


git-svn-id: http://core.svn.wordpress.org/trunk@54805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 16:18:22 +00:00
Peter Wilson
6b50b3e9fe Formatting: Guard wp_strip_all_tags() against fatal errors.
Check the input of `wp_strip_all_tags()` before passing it to `strip_tags()`. This protects against fatal errors introduced in PHP 8, retaining the `E_USER_WARNING` from PHP 7, and prevents a PHP 8.1 deprecation notice when passing null.

Props chocofc1, costdev, jrf, dd32, audrasjb, peterwilsoncc.
Fixes #56434.


Built from https://develop.svn.wordpress.org/trunk@55245


git-svn-id: http://core.svn.wordpress.org/trunk@54778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 03:34:15 +00:00
audrasjb
965fe8f209 Media: Replace consecutive periods in sanitize_file_name().
On some servers, consecutive periods in a filename can cause a 403 Forbidden response.
This changeset replaces consecutive periods with a single period, and adds related unit tests.

Props ArtZ91, costdev, SergeyBiryukov, arthurshlain, mukesh27.
Fixes #57242.

Built from https://develop.svn.wordpress.org/trunk@55209


git-svn-id: http://core.svn.wordpress.org/trunk@54742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-03 12:48:23 +00:00
Sergey Biryukov
ff399d17fe Code Modernization: Rename parameters that use reserved keywords in wp-includes/formatting.php.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit renames the `$class` parameter to `$classname` in `sanitize_html_class()`.

Follow-up to [54927].

See also: [search:?q=code+modernization+rename+parameters+that+use+reserved+keywords&changeset=on equivalent commits for other files].

Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@55162


git-svn-id: http://core.svn.wordpress.org/trunk@54695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-30 14:15:16 +00:00
audrasjb
6e88e39baa Docs: Align spelling with American English.
This changeset updates the use of "-ise" suffix to American English "-ize" in various files.

Follow-up to [54663], [54664], [55043], [55044].

Props kebbet, mukesh27.
See #56811, #56792.

Built from https://develop.svn.wordpress.org/trunk@55051


git-svn-id: http://core.svn.wordpress.org/trunk@54584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-11 13:59:13 +00:00
Sergey Biryukov
a460de4e58 Code Modernization: Rename parameters that use reserved keywords in wp-includes/functions.php.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit:
* Renames the `$echo` parameter to `$display` in:
 * `wp_nonce_field()`
 * `wp_referer_field()`
 * `wp_original_referer_field()`
* Renames the `$string` parameter to `$input_string` in
 * `_wp_json_convert_string()`
 * `_wp_to_kebab_case()`
* Renames the `$list` parameter to `$input_list` in:
 * `wp_parse_list()`
 * `wp_parse_id_list()`
 * `wp_parse_slug_list()`
 * `wp_filter_object_list()`
 * `wp_list_filter()`
 * `wp_list_pluck()`
 * `wp_list_sort()`
* Renames the `$array` parameter to `$input_array` in:
 * `add_magic_quotes()`
 * `wp_array_slice_assoc()`
 * `_wp_array_get()`
 * `_wp_array_set()`
* Renames the `$function` parameter to `$function_name` in:
 * `_deprecated_function()`
 * `_deprecated_argument()`
 * `_doing_it_wrong()`
* Renames the `$class` parameter to `$class_name` in `_deprecated_constructor()`.
* Renames the `$default` parameter to `$default_value` in `apache_mod_loaded()`.
* Renames the `$var` parameter to `$value` in `wp_validate_boolean()`.
* Amends the `$input` parameter in `wp_parse_str()` for consistency.

Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927].

Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54929


git-svn-id: http://core.svn.wordpress.org/trunk@54481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-03 15:07:14 +00:00
Sergey Biryukov
868f939367 Code Modernization: Rename parameters that use reserved keywords in wp-includes/formatting.php.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit:
* Renames the `$string` parameter to `$text` in:
 * `_wp_specialchars()`
 * `wp_specialchars_decode()`
 * `wp_check_invalid_utf8()`
 * `remove_accents()`
 * `_split_str_by_whitespace()`
 * `wp_strip_all_tags()`
* Renames the `$string` parameter to `$value` in:
 * `backslashit()`
 * `trailingslashit()`
 * `untrailingslashit()`
* Renames the `$string` parameter to `$subject` in `wp_iso_descrambler()`.
* Renames the `$match` parameter to `$matches` in `_wp_iso_convert()`.
* Renames the `$string` parameter to `$date_string` in:
 * `get_gmt_from_date()`
 * `get_date_from_gmt()`
* Renames the `$string` parameter to`$input` in `wp_parse_str()`.
* Renames the `$string` parameter to `$content` in `wp_pre_kses_block_attributes()`.
* Amends the `$text` parameter in `wp_pre_kses_less_than()` for consistency.

Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365].

Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54927


git-svn-id: http://core.svn.wordpress.org/trunk@54479 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-02 18:53:19 +00:00
Sergey Biryukov
43addd9e1e Formatting: Check that both normalizer_* functions exist in remove_accents().
This applies to:
* `normalizer_is_normalized()`
* `normalizer_normalize()`

Includes removing the `Normalizer::FORM_C` constant as a parameter, since it is the default value for both functions and does not need to be explicitly passed. This avoids a fatal error if a plugin includes polyfill for any of the functions but the `Normalizer` class has a different namespace, for example when using the Symfony polyfill.

Follow-up to [53754].

Props hellofromTonya, costdev, desrosj, mukesh27, zodiac1978, jchambo, gisgeo, SergeyBiryukov.
Fixes #56980.
Built from https://develop.svn.wordpress.org/trunk@54813


git-svn-id: http://core.svn.wordpress.org/trunk@54365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-11 15:28:12 +00:00
audrasjb
823517e1de Docs: Align spelling with American English.
This changeset replaces "behaviour" with "behavior" in various docblocks.

Props kebbet, jrf.
See #56811, #56792.

Built from https://develop.svn.wordpress.org/trunk@54663


git-svn-id: http://core.svn.wordpress.org/trunk@54215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-21 21:12:14 +00:00
audrasjb
ac36170175 Networks and Sites: Ensure fileupload_maxk is an int to avoid potential fatal errors.
This changeset fixes a potential fatal error, for example when "Max upload file size" setting is set to an empty value. It also adds unit tests for `upload_size_limit_filter`.

Props mjkhajeh, bhrugesh12, SergeyBiryukov, kebbet, audrasjb, felipeelia.
Fixes #55926.

Built from https://develop.svn.wordpress.org/trunk@54482


git-svn-id: http://core.svn.wordpress.org/trunk@54041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-11 15:07:10 +00:00
audrasjb
907986ff68 Formatting: Strip object replacement characters from slugs.
This changeset prevents object replacement characters – UTF-8 `%ef%bf%bc`, used as a placeholder in text for an otherwise unspecified object – from being added to slugs.

Props cantuaria, costdev, audrasjb, SergeyBiryukov, archon810, maciejmackowiak, BaneD, markparnell, ironprogrammer, dmsnell, nikkigagency, webprom.
Fixes #55117.

Built from https://develop.svn.wordpress.org/trunk@54474


git-svn-id: http://core.svn.wordpress.org/trunk@54033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-11 10:28:16 +00:00
Sergey Biryukov
c58963b07f Coding Standards: Rename WordPress Dependencies API class files.
The current coding standards note that the name of the class files should be based on the class name with `class-` prepended, and the underscores replaced by hyphens (see the [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#naming-conventions Naming Conventions] section in the handbook), except for the three legacy files: `class.wp-dependencies.php`, `class.wp-scripts.php`, `class.wp-styles.php`.

To bring more consistency to the codebase and make it easier to implement autoloading in the future, this commit renames those three legacy files to conform to the coding standards:

* `wp-includes/class.wp-dependencies.php` → `wp-includes/class-wp-dependencies.php`
* `wp-includes/class.wp-scripts.php` → `wp-includes/class-wp-scripts.php`
* `wp-includes/class.wp-styles.php` → `wp-includes/class-wp-styles.php`

Includes:
* Loading the new files from the old ones, for anyone that may have been including the files directly.
* Replacing references to the old filenames with the new filenames.

Follow-up to [7970], [45654], [45662], [45663], [45678], [47197], [52026], [53749].

Props afragen, schlessera, swissspidy, dingo_d, hellofromTonya, SergeyBiryukov.
Fixes #37861. See #55647.
Built from https://develop.svn.wordpress.org/trunk@54254


git-svn-id: http://core.svn.wordpress.org/trunk@53813 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-20 14:17:12 +00:00
Sergey Biryukov
22e363e6c6 Date/Time: Correct sanitization of timezone_string in sanitize_option().
This fixes a bug where if the `timezone_string` is set to a timezone name which has since been deprecated, the option value would be “lost” when saving the value again, as the comparison being done to verify whether it is a valid timezone name would only take “current” timezone names into account and would invalidate deprecated timezone names.

By passing the `DateTimeZone::ALL_WITH_BC` constant as the `$timezoneGroup` parameter to the PHP native `timezone_identifiers_list()` function, a timezone name list is retrieved containing both current and deprecated timezone names, preventing the invalidation of the option value.

See the extensive write-up about this in ticket #56468.

Also see: [https://www.php.net/manual/en/datetimezone.listidentifiers.php PHP Manual: timezone_identifiers_list()].

Includes adding a dedicated test to the data provider used in the `Tests_Option_SanitizeOption` test class.

Note: The new data set is ''named'', even though the other data sets are unnamed, to make sure it is clear what this data set is testing. Adding test names for the original data sets in this data provider would be a great future improvement, but is outside of the scope of this commit.

Follow-up to [18323], [33119], [54207], [54217], [54227].

Props jrf, costdev.
See #56468.
Built from https://develop.svn.wordpress.org/trunk@54229


git-svn-id: http://core.svn.wordpress.org/trunk@53788 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-19 23:48:08 +00:00
audrasjb
b6fad3a241 Docs: Remove an obsolete function description in addslashes_gpc().
- Usage of `get_magic_quotes_gpc()` was removed from `addslashes_gpc()` in [46105] / #47783.
- A similar description fragment was removed from `wp_parse_str()` in that changeset, but this one was missed.
- The `get_magic_quotes_gpc()` function itself was deprecated in PHP 7.4 and removed in PHP 8.0.

Props mitweka, audrasjb, SergeyBiryukov.
Fixes #56233.
See #55646.

Built from https://develop.svn.wordpress.org/trunk@53776


git-svn-id: http://core.svn.wordpress.org/trunk@53335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-25 17:28:09 +00:00
audrasjb
83da7ca360 Docs: Refine @return docblock mentions for esc_sql(), wp_slash() and wp_unslash().
Props malthert, SergeyBiryukov, johnbillion, desrosj, byohann6.
Fixes #53946.
See #55646.

Built from https://develop.svn.wordpress.org/trunk@53775


git-svn-id: http://core.svn.wordpress.org/trunk@53334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-25 15:43:09 +00:00
audrasjb
f7921555ca Formatting: Normalize to Unicode NFC encoding before converting accent characters in remove_accents().
This changeset adds Unicode sequence normalization from NFD to NFC, via the `normalizer_normalize()` PHP function which is available with the recommended `intl` PHP extension.

This fixes an issue where NFD characters were not properly sanitized. It also provides a unit test for NFD sequences (alternate Unicode representations of the same characters).

Props NumidWasNotAvailable, targz, nacin, nunomorgadinho, p_enrique, gitlost, SergeyBiryukov, markoheijnen, mikeschroder, ocean90, pento, helen, rodrigosevero, zodiac1978, ironprogrammer, audrasjb, azaozz, laboiteare, nuryko, virgar, dxd5001, onnimonni, johnbillion.
Fixes #24661, #47763, #35951.
See #30130, #52654.

Built from https://develop.svn.wordpress.org/trunk@53754


git-svn-id: http://core.svn.wordpress.org/trunk@53313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-21 21:11:12 +00:00
Sergey Biryukov
01d172b581 General: Replace all esc_url_raw() calls in core with sanitize_url().
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.
Built from https://develop.svn.wordpress.org/trunk@53455


git-svn-id: http://core.svn.wordpress.org/trunk@53044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-01 18:14:10 +00:00
Sergey Biryukov
d0712f35d4 Formatting: Make sanitize_url() the recommended function for sanitizing a URL.
A general security rule is "Sanitize when you save, escape when you echo".

In WordPress 5.9, `sanitize_url()` was un-deprecated in order to better align with the naming of other sanitizing functions, while still being an alias for `esc_url_raw()`.

This commit reverses the order and turns `esc_url_raw()` into a wrapper for `sanitize_url()`, making the latter the canonical function call and aiming to improve performance by reducing the number of function calls required when using the recommended technique.

Follow-up to [11383], [13096], [51597].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
See #55852.
Built from https://develop.svn.wordpress.org/trunk@53452


git-svn-id: http://core.svn.wordpress.org/trunk@53041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-05-31 15:17:14 +00:00
audrasjb
eca9278a10 Docs: Update a link to the Custom Elements spec in force_balance_tags() docblock.
This changeset replaces a link to the outdated W3C specs on Custom Elements with a link to the corresponding WhatWG specification.

See #54729.

Built from https://develop.svn.wordpress.org/trunk@53204


git-svn-id: http://core.svn.wordpress.org/trunk@52793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-18 14:35:07 +00:00
Peter Wilson
b53f7ce56f Emoji: Update the Twemoji to version 14.0.2.
This version introduces support for the latest Emoji added in Emoji 14. 

"Insert witty comment newly supported emoji."

Props kraftbj, desrosj, dd32, milana_cap.
Fixes #55395.



Built from https://develop.svn.wordpress.org/trunk@53150


git-svn-id: http://core.svn.wordpress.org/trunk@52739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-12 05:56:23 +00:00
audrasjb
70dea8e3c2 Formatting: Avoid escaping valid XML values in esc_xml().
This change improves the `esc_xml()` function by replacing two `empty()` checks with `isset()` to cover values that are not equal to `''` but still returning `true` when checked with `empty()`, like `'0'`, `0` or `false`. It also updates the related unit tests accordingly.

Props rumpel2116, pbiron.
Fixes #55399.

Built from https://develop.svn.wordpress.org/trunk@53144


git-svn-id: http://core.svn.wordpress.org/trunk@52733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-11 20:00:09 +00:00
Sergey Biryukov
521db02647 Docs: Further remove HTML markup from various function summaries.
Per the [https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/#summary-formerly-short-description WordPress PHP documentation standards], no HTML markup or Markdown of any kind should be used in the summary. This ensures that the summary is displayed correctly in the [https://developer.wordpress.org/reference/ WordPress Code Reference].

This commit also improves formatting of HTML special characters in descriptions in `wp-includes/formatting.php`.

Follow-up to [53048].

Props johnbillion, mukesh27.
Fixes #55506.
Built from https://develop.svn.wordpress.org/trunk@53053


git-svn-id: http://core.svn.wordpress.org/trunk@52642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-02 13:55:11 +00:00
Sergey Biryukov
c17ccc5490 Docs: Add inline comments for non-visible characters in sanitize_title_with_dashes().
This aims to clarify the list of characters that are stripped from URLs or converted to a hyphen.

Follow-up to [51984].

See #47912, #54729.
Built from https://develop.svn.wordpress.org/trunk@52821


git-svn-id: http://core.svn.wordpress.org/trunk@52410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-04 14:11:02 +00:00
Sergey Biryukov
e32e1750fd Docs: Use third-person singular verbs for function descriptions in wp-includes/formatting.php, per the documentation standards.
See #54729.
Built from https://develop.svn.wordpress.org/trunk@52810


git-svn-id: http://core.svn.wordpress.org/trunk@52399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-02-28 16:03:00 +00:00
Sergey Biryukov
d0fb86dafb I18N: Add a $locale parameter for remove_accents().
This highlights the fact that `remove_accents()` is locale-aware and makes it easier to utilize the function with different locales without having to use `switch_to_locale()` or the `locale` filter.

Additionally, this commit relaxes the check for character replacements in German locales to include formal and informal variants of any `de_*` locale, even if WordPress does not have a native translation for some of them yet.

Props malthert, johnbillion, knutsp, ocean90, SergeyBiryukov.
Fixes #54415.
Built from https://develop.svn.wordpress.org/trunk@52809


git-svn-id: http://core.svn.wordpress.org/trunk@52398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-02-28 15:42:05 +00:00
hellofromTonya
1f56c94459 Formatting: Make terms in wpautop() and shortcode_unautop() more welcoming and inclusive.
The developer facing humor in these functions were from a different era of WordPress. Tolerance for in-jokes and other developer facing humor has decreased over the years. Terms like "pee" and "tinkle" may make some folks chuckle while for others it makes them uncomfortable.

Terminology of the past is being (or has been) re-evaluated to transform words into a language that are inclusive and welcome for all. This commit is part of that effort as it replaces.

Follow-up [13], [9255].

Props ricomoorman, tzipporahwitty, ironprogrammer, peterwilsoncc, jeremyfelt, Viper007Bond, rmccue, SergeyBiryukov, hellofromTonya.
Fixes #25615.
Built from https://develop.svn.wordpress.org/trunk@52789


git-svn-id: http://core.svn.wordpress.org/trunk@52378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-02-23 20:03:09 +00:00
Sergey Biryukov
2eaeae58ff Docs: Update spelling for inline comments in a few files.
Per the [https://make.wordpress.org/core/handbook/best-practices/spelling/ spelling] and [https://make.wordpress.org/docs/style-guide/language-grammar/word-choice/ word choice] documentation guidelines, American (US) spelling should be preferred.

Props mohadeseghasemi, subrataemfluence, rehanali, SergeyBiryukov.
Fixes #46837.
Built from https://develop.svn.wordpress.org/trunk@52640


git-svn-id: http://core.svn.wordpress.org/trunk@52229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-25 13:55:05 +00:00
desrosj
77a972838c Formatting: Correctly encode ASCII characters in post slugs.
Props zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn.
Built from https://develop.svn.wordpress.org/trunk@52457


git-svn-id: http://core.svn.wordpress.org/trunk@52049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-06 17:10:00 +00:00
hellofromTonya
dfef2c917f Formatting: Use is_scalar() in sanitize_key().
This is a follow-up to [52292] which introduced `is_string()` to check the given key is a string to be sanitized, else the key is set to an empty string. 

`sanitize_key()` is clearly identified (in the documentation) to only work with ''string'' keys. However, it had a bug in it that allowed non-strings to pass through it:
* A non-scalar "key" would throw a PHP Warning (which was resolved in [52292]. 
* A non-string scalar "key" was handled by the PHP native `strtolower()` which converted it into a string.

While `is_string()` is valid, non-string scalar types passed as the key to be sanitized were being set to an empty string. Given that `strtolower()` handles these without error or deprecation as of PHP 8.1, `is_scalar()` protects the website from issues while retaining the past behavior of converting integer keys (for example) into a string.

Changes include:
* Using `is_scalar()` instead of `is_string()`
* Refactor for readability and less code
* More tests

Please note, this does not change the behavior of the function, nor redefine it to now accept non-string scalars.

References:
* https://developer.wordpress.org/reference/functions/sanitize_key/
* https://www.php.net/manual/en/function.strtolower.php

Follow-up [52292].

Props wppunk, hellofromTonya, costdev, jrf.
Fixes #54160.
Built from https://develop.svn.wordpress.org/trunk@52370


git-svn-id: http://core.svn.wordpress.org/trunk@51962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-12-14 15:01:03 +00:00
John Blackbourn
39bff93b6b Docs: Various inline documentation corrections and improvements.
See #53399

Built from https://develop.svn.wordpress.org/trunk@52332


git-svn-id: http://core.svn.wordpress.org/trunk@51924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-12-07 12:20:02 +00:00
Sergey Biryukov
a9edd7ba88 Build/Test Tools: Remove the replace:emoji-banner-text Grunt task.
The task was previously used to ensure that `/*! This file is auto-generated */` comment is not included on front end as part of the inline emoji detection script.

As the `wp-emoji-loader.js` script is now included via `file_get_contents()` and `wp_print_inline_script_tag()` instead of `grunt-include` to simplify the logic, the task does not find anything to replace and is no longer necessary.

Additionally, include a line break before the `wp-emoji-loader.js` script content for better line wrapping.

Follow-up to [48096], [50651], [52132].

See #44632, #44306, #53363.
Built from https://develop.svn.wordpress.org/trunk@52325


git-svn-id: http://core.svn.wordpress.org/trunk@51917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-12-06 10:14:06 +00:00
Sergey Biryukov
566d5d2170 Options, Meta APIs: Improve error handling in sanitize_option().
To prevent potential false negatives, set `$error` to `null` initially, so we can better tell if it was ever changed during the sanitization and be able to better react if an empty string is added to it.

Additionally, and mainly for the sake of the Settings API at this point, add error messages to some `WP_Error` objects returned from `wpdb` methods that were previously causing the issues here.

Follow-up to [32791].

Props iCaleb, audrasjb, hellofromTonya, SergeyBiryukov.
Fixes #53986.
Built from https://develop.svn.wordpress.org/trunk@52294


git-svn-id: http://core.svn.wordpress.org/trunk@51886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-30 21:03:00 +00:00
hellofromTonya
9ede1fe55b Formatting: Handle non-scalar types passed to sanitize_key().
`sanitize_key()` expects a string type for the given `key`. Passing any other data type to `strtolower()` can result in `E_WARNING: strtolower() expects parameter 1 to be string, array given`.

A check is added that if the key is not a string, the key is set to an empty string. For performance, the additional string processing is skipped if the key is an empty string.

This change maintains backwards-compatibility for valid string keys while fixing the bug of non-string keys.

Props costdev, dd32. 
Fixes #54160.
Built from https://develop.svn.wordpress.org/trunk@52292


git-svn-id: http://core.svn.wordpress.org/trunk@51884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-30 20:11:02 +00:00
hellofromTonya
8d5af49e49 Formatting: Add additional support for single and nestable tags in force_balance_tags().
Adds `track` and `wbr` support for single tags.

Adds `article`, `aside`, `details`, `figure`, and `section` for nestable tags.

Updates tests.

Follow-up to [5805], [21828], [45929].

Props glendaviesnz, costdev, talldanwp, ramonopoly, sergeybiryukov.
Fixes #50225.
Built from https://develop.svn.wordpress.org/trunk@52188


git-svn-id: http://core.svn.wordpress.org/trunk@51780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-16 19:42:01 +00:00
Weston Ruter
9038612705 Embeds: Conditionally enqueue wp-embed only if needed and send ready message in case script loads after post embed windows.
* Prevent loading `wp-embed` script unconditionally on every page in favor of conditionally enqueueing when a post embed is detected. The `wp-embed` script is also explicitly marked as being in the footer group. Sites which currently disable post embed scripts from being enqueued via `remove_action( 'wp_head', 'wp_oembed_add_host_js' )` will continue to do so.
* Send a `ready` message from the host page to each post embed window in case the `iframe` loads before the `wp-embed` script does. When the `ready` message is received by the post embed window, it sends the same `height` message as it sends when it loads.
* Eliminate use of `grunt-include` to inject emoji script and the post embed script. Instead obtain the script contents via `file_get_contents()` (as is done elsewhere in core) and utilize `wp_print_inline_script_tag()`/`wp_get_inline_script_tag()` to construct out the script. This simplifies the logic and allows the running of src without `SCRIPT_DEBUG` enabled.
* For the embed code that users are provided to copy for embedding outside of WP, add the `secret` on the `blockquote` and `iframe`. This ensures the `blockquote` will be hidden when the `iframe` loads. The embed code in question is accessed here via `get_post_embed_html()`.

Props westonruter, swissspidy, pento, flixos90, ocean90.
Fixes #44632, #44306.

Built from https://develop.svn.wordpress.org/trunk@52132


git-svn-id: http://core.svn.wordpress.org/trunk@51724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-11 02:49:18 +00:00
John Blackbourn
2a3ad7c430 Docs: Various docblock improvements and corrections.
See #53399

Built from https://develop.svn.wordpress.org/trunk@52035


git-svn-id: http://core.svn.wordpress.org/trunk@51627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-08 10:48:59 +00:00
johnjamesjacoby
43644069ea Permalinks: Sanitize non-visible characters inside sanitize_title_with_dashes().
This change prevents non-visible characters in titles from creating encoded values in permalinks, opting instead for the following replacement strategy:

* Non-visible non-zero-width characters are replaced with hyphens
* Non-visible zero-width characters are removed entirely

Included with this change are 64 additional PHPUnit assertions to confirm that only the targeted non-visible characters are sanitized as intended.

Before this change, URLs would unintentionally contain encoded values where these non-visible characters were. After this change, URLs intentionally strip out or hyphenate these non-visible characters.

Props costdev, dhanendran, hellofromtonya, paaljoachim, peterwilsoncc, poena, sergeybiryukov.

Fixes #47912.
Built from https://develop.svn.wordpress.org/trunk@51984


git-svn-id: http://core.svn.wordpress.org/trunk@51573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 18:47:57 +00:00
John Blackbourn
6babc3833b Docs: Miscellaneous docblock improvements.
See #53399

Built from https://develop.svn.wordpress.org/trunk@51955


git-svn-id: http://core.svn.wordpress.org/trunk@51544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 23:13:05 +00:00
Sergey Biryukov
a60032feec Coding Standards: Add a leading zero in the CSS declarations printed by the print_emoji_styles() function.
Follow-up to [31733], [31786].

Props audrasjb, sabernhardt.
Fixes #54284.
Built from https://develop.svn.wordpress.org/trunk@51918


git-svn-id: http://core.svn.wordpress.org/trunk@51511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-18 16:53:57 +00:00
hellofromTonya
c7d3e267b8 Coding Standards: Use static closures when not using $this.
When a closure does not use `$this`, it can be made `static` for improved performance.

Static closures are supported in PHP since PHP 5.4. ​

Props jrf, hellofromTonya, swissspidy, SergeyBiryukov.
See #53359.
Built from https://develop.svn.wordpress.org/trunk@51657


git-svn-id: http://core.svn.wordpress.org/trunk@51263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-08-26 12:59:02 +00:00
Sergey Biryukov
8a98b96f36 Code Modernization: Correct handling of null in wp_parse_str().
This fixes `parse_str(): Passing null to parameter #1 ($string) of type string is deprecated` notices on PHP 8.1, without change in behaviour.

Impact: 311 of the pre-existing tests are affected by this issue.

The PHP native `parse_str()` function expects a string, however, based on the failing tests, it is clear there are functions in WordPress which passes a non-string – including `null` – value to the `wp_parse_str()` function, which would subsequently pass it onto the PHP native function without further input validation.

Most notable offender is the `wp_parse_args()` function which special cases arrays and objects, but passes everything else off to `wp_parse_str()`.

Several ways to fix this issue have been explored, including checking the received value with `is_string()` or `is_scalar()` before passing it off to the PHP native `parse_str()` function.

In the end it was decided against these in favor of a string cast as:
* `is_string()` would significantly change the behavior for anything non-string.
* `is_scalar()` up to a point as well, as it does not take objects with a `__toString()` method into account.

Executing a string cast on the received value before passing it on maintains the pre-existing behavior while still preventing the deprecation notice coming from PHP 8.1.

Reference: [https://www.php.net/manual/en/function.parse-str.php PHP Manual: parse_str()]

Follow-up to [5709].

Props jrf, hellofromTonya, lucatume, SergeyBiryukov.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51624


git-svn-id: http://core.svn.wordpress.org/trunk@51230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-08-16 22:18:02 +00:00
Sergey Biryukov
6b144ab46a Docs: Correct @since version for the wp_parse_str filter.
The filter was introduced along with the `wp_parse_str()` function in WordPress 2.2.1.

Follow-up to [5709], [8662], [26485].

See #53399.
Built from https://develop.svn.wordpress.org/trunk@51609


git-svn-id: http://core.svn.wordpress.org/trunk@51220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-08-13 15:50:58 +00:00
Sergey Biryukov
d8413a32e1 General: Restore (un-deprecate) the sanitize_url() function.
A general security rule is "Sanitize when you save, escape when you echo", and for the most part WordPress has well-named functions like `sanitize_email()` and others, with `esc_url_raw()` being a single exception that does not follow the naming.

This commit restores the previously deprecated `sanitize_url()` function as a valid alias of `esc_url_raw()`.

This better aligns with the naming with other `sanitize_*()` functions:

* `sanitize_bookmark()`
* `sanitize_bookmark_field()`
* `sanitize_category()`
* `sanitize_category_field()`
* `sanitize_comment_cookies()`
* `sanitize_email()`
* `sanitize_file_name()`
* `sanitize_hex_color()`
* `sanitize_hex_color_no_hash()`
* `sanitize_html_class()`
* `sanitize_key()`
* `sanitize_meta()`
* `sanitize_mime_type()`
* `sanitize_option()`
* `sanitize_post()`
* `sanitize_post_field()`
* `sanitize_sql_orderby()`
* `sanitize_term()`
* `sanitize_term_field()`
* `sanitize_text_field()`
* `sanitize_textarea_field()`
* `sanitize_title()`
* `sanitize_title_for_query()`
* `sanitize_title_with_dashes()`
* `sanitize_trackback_urls()`
* `sanitize_user()`
* `sanitize_user_field()`

Follow-up to [11383], [13096].

Props Ipstenu, aadilali.
Fixes #53876.
Built from https://develop.svn.wordpress.org/trunk@51597


git-svn-id: http://core.svn.wordpress.org/trunk@51208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-08-10 19:44:59 +00:00
Sergey Biryukov
31c5fc58f2 Docs: Add a @see reference to the wp_mail_content_type filter in wp_staticize_emoji_for_email().
Follow-up to [31860].

See #53399.
Built from https://develop.svn.wordpress.org/trunk@51589


git-svn-id: http://core.svn.wordpress.org/trunk@51200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-08-10 12:53:59 +00:00