Improve markup on Login and Registration errors. Use list markup for multiple issues, paragraph when only one to reduce semantic burden in the most common case. Normalize classes and markup for wrapper using `wp_admin_notice()` and `wp_get_admin_notice()` functions. Move definition of those functions from `wp-admin\includes\misc.php` to `wp-includes\functions.php`. Move tests to functions group.
Props extendwings, sabernhardt, afercia, lukecavanagh, rianrietveld, oglekler, sergeybiryukov, costdev, joedolson.
Fixes#30685.
Built from https://develop.svn.wordpress.org/trunk@56654
git-svn-id: http://core.svn.wordpress.org/trunk@56166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `wp_trigger_error()` as a wrapper around PHP's native `trigger_error()`. As a wrapper, it's lean and not opinionated about the message. It accepts an E_USER family error level, meaning it is not limited to only notices.
Where `_doing_it_wrong()` intends to loudly alert developers "Hey you're doing it wrong - fix it", `wp_trigger_error()` is not opinionated and does not add wording. Rather, it passes the given message to `trigger_error()`.
`wp_trigger_error()` is meant for every `trigger_error()` instance. It can be used:
* in `_doing_it_wrong()` and each `_deprecated_*()` function.
* for PHP 8.x deprecations.
* for PHP error parity.
* for less severe "doing it wrong" instance that do not require bailing out.
* when a component or extension is not available on the server
* for instances where it's not clear if a plugin's or theme's code is the root cause.
* and more.
Technical details:
* Does not trigger the error if `WP_DEBUG` is not `true`.
* Includes `wp_trigger_error_run` action to allow hooking in for backtracing and deeper debug.
* Accepts an E_USER error level, but defaults to `E_USER_NOTICE`.
* Requires a function name, though can be an empty string. As the output message generated by `trigger_error()` references the file and line number where it was invoked, passing the function's name provides more information where the error/warning/notice/deprecation happened. It's intended to help with debug.
* A WordPress version number is not included.
* As messages can appear in the browser, the message is escaped using `esc_html()`. As noted in [https://www.php.net/manual/en/function.trigger-error.php the PHP manual]: "HTML entities in message are not escaped. Use htmlentities() on the message if the error is to be displayed in a browser."
References:
* [https://www.php.net/manual/en/function.trigger-error.php PHP manual for `trigger_error()`].
* [https://www.php.net/manual/en/errorfunc.constants.php E_USER constants (error level) in the PHP manual].
Props azaozz, hellofromTonya, flixos90, costdev, peterwilsoncc, oglekler, mukesh27.
See #57686.
Built from https://develop.svn.wordpress.org/trunk@56530
git-svn-id: http://core.svn.wordpress.org/trunk@56042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The transient `dirsize_cache` stores an array of directory sizes. This transient can grow very large, if the plugin directory has lots of sub directories in it. For example, a site with 30 plugins, the transient was around 2MB. For sites without a persistent object cache, transients without an expiration, are stored in autoloaded options. This means this option would load on every page request. Loading this option on every page request when it is not used it wasteful. Adding a expiration to this transient means it will not autoload. To ensure there is no degradation in performance, the expiration was set to a generous 10-year timeframe, making it highly unlikely to expire before it's refreshed.
Props nicomollet, spacedmonkey, flixos90, wpgurudev.
Fixes#54221.
Built from https://develop.svn.wordpress.org/trunk@56522
git-svn-id: http://core.svn.wordpress.org/trunk@56034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit renames the `$class` parameter to `$class_name` in `_deprecated_class()`.
Follow-up to [54929], [56467].
Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56514
git-svn-id: http://core.svn.wordpress.org/trunk@56026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds an exception to prevent permission issues on `.docx` generated by Google Docs. This is a temporary fix for an upstream bug on the `finfo_file()`
PHP function which returns a redundant MIME type for these documents.
Props winterstreet, jakariaistauk, mujuonly, mi5t4n, annashopina, audrasjb, azaozz, mikeschroder, oglekler.
Fixes#57898.
Built from https://develop.svn.wordpress.org/trunk@56497
git-svn-id: http://core.svn.wordpress.org/trunk@56009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.
This replaces the two remaining instances of `esc_url_raw()` with `sanitize_url()` in WordPress core.
Follow-up to [53455], [53933], [54522].
Props rajinsharwar, SergeyBiryukov.
Fixes#59247.
Built from https://develop.svn.wordpress.org/trunk@56494
git-svn-id: http://core.svn.wordpress.org/trunk@56006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Similar to other function in the `_deprecated_*` series, `_deprecated_class()` comes with two new hooks: `deprecated_class_run` and `deprecated_class_trigger_error`.
Support has also been added for setting class deprecation expectations in tests.
Props jrf, wvega, ohryan.
See #41125.
Built from https://develop.svn.wordpress.org/trunk@56467
git-svn-id: http://core.svn.wordpress.org/trunk@55979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset modifies how the `dashicons-external` icon is used in external links by editing its styles and adding a space between the text and the icon
for better accessibility.
Props SergeyBiryukov, afercia, isabel_brison, mukesh27, sabernhardt, oglekler, audrasjb.
Fixes#47303.
Built from https://develop.svn.wordpress.org/trunk@56211
git-svn-id: http://core.svn.wordpress.org/trunk@55723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It's expected that this query variable contains a string when it's set, but it's possible for its type to be something else such as an array. Ignoring non-string values prevents cascading errors when its value is passed through functions that expect a string.
Props xknown, costdev, jrf, azaozz
Fixes#57670
Built from https://develop.svn.wordpress.org/trunk@56115
git-svn-id: http://core.svn.wordpress.org/trunk@55627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [55988], [56021].
See #58206.
Built from https://develop.svn.wordpress.org/trunk@56031
git-svn-id: http://core.svn.wordpress.org/trunk@55543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` and `str_ends_with()` were introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins or ends with the given substring (needle).
WordPress core includes a polyfill for these functions on PHP < 8.0 as of WordPress 5.9.
This commit uses `str_starts_with()` and `str_ends_with()` in core files where appropriate:
* `$needle === substr( $string, 0, $length )`, where `$length` is the length of `$needle`, is replaced with `str_starts_with( $haystack, $needle )`.
* `$needle === substr( $string, $offset )`, where `$offset` is negative and the absolute value of `$offset` is the length of `$needle`, is replaced with `str_ends_with( $haystack, $needle )`.
This aims to make the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987], [55988].
Props Soean, spacedmonkey, Clorith, ocean90, azaozz, sabernhardt, SergeyBiryukov.
Fixes#58220.
Built from https://develop.svn.wordpress.org/trunk@55990
git-svn-id: http://core.svn.wordpress.org/trunk@55502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
Built from https://develop.svn.wordpress.org/trunk@55988
git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The intention behind this change is to prevent sensitive data in responses for logged in users being cached and available to others, for example via the browser history after the user logs out.
The `no-store` directive instructs caches in the browser or within proxies not to store the response in the cache. This is subtly different from the `no-cache` directive which means the response can be cached but must be revalidated before re-use. WordPress does not use ETag headers by default therefore this does not achieve the same result.
The `private` directive complements the `no-store` directive by specifying that the response contains private information that should not be stored in a public cache. Som
e proxy caches may ignore the `no-store` directive but respect the `private` directive, thus it is included.
The existing `Cache-Control` header for users who are not logged in remains unchanged, and the existing cache prevention directives remain in place for backwards compatib
ility.
Props soulseekah, luehrsen, Dharm1025, markdoliner, rutviksavsani, ayeshrajans, paulkevan, clorith, andy786, johnbillion
Fixes#21938, Fixes#57627
Built from https://develop.svn.wordpress.org/trunk@55968
git-svn-id: http://core.svn.wordpress.org/trunk@55480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously when the `mimes` element was not specified in the overrides array passed to `_wp_handle_upload()` it resulted in boolean false being passed to this parameter, which is incorrect. The fallback value should be `null`.
Props platonkristinin, pkbhatt
Fixes#58349
Built from https://develop.svn.wordpress.org/trunk@55872
git-svn-id: http://core.svn.wordpress.org/trunk@55384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since cron events often consume extra memory by nature, it makes sense to give them the full amount available by default. In practice this means the memory will be increased to `WP_MAX_MEMORY_LIMIT` (which is 256MB by default) during cron event processing if the default memory limit is lower than this value.
The new `cron_memory_limit` filter can be used to adjust this value if necessary.
Note that this change will not by default affect external means of processing cron events, such as the `wp cron` command in WP-CLI, server-level crontab events, or any other cron event processing mechanism that bypasses `wp-cron.php`.
Props iandunn, thakkarhardik
Fixes#56628
Built from https://develop.svn.wordpress.org/trunk@55871
git-svn-id: http://core.svn.wordpress.org/trunk@55383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When using a block theme, `_wp_array_get()` is the most called function on the front end of a site.
This commit makes a few minor performance optimizations, which add up to a noticeable improvement.
Follow-up to [49135], [49143], [49580].
Props aristath, jrf, afercia, costdev, swissspidy, flixos90, spacedmonkey, mukesh27, samiamnot, SergeyBiryukov.
Fixes#58376.
Built from https://develop.svn.wordpress.org/trunk@55851
git-svn-id: http://core.svn.wordpress.org/trunk@55363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
Built from https://develop.svn.wordpress.org/trunk@55703
git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a helper function called `wp_cache_set_last_changed` to set the last changed value for cache groups. This function has a new action called `wp_cache_set_last_changed`, allowing for developers to cache invalidate when last changed value is changed.
Props tillkruess, spacedmonkey, peterwilsoncc, mukesh27, johnjamesjacoby.
Fixes#57905.
Built from https://develop.svn.wordpress.org/trunk@55702
git-svn-id: http://core.svn.wordpress.org/trunk@55214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#writing-include-require-statements WordPress PHP coding standards], it is ''strongly recommended'' to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found.
Follow-up to [1674], [1812], [1964], [6779], [8540], [10521], [11005], [11911], [16065], [16149], [25421], [25466], [25823], [37714], [42981], [45448], [47198], [54276], [55633].
Props kausaralm, SergeyBiryukov.
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55641
git-svn-id: http://core.svn.wordpress.org/trunk@55153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduced a regression for partial-hour timezones such as +05:30 UTC which is India and Sri Lanka. How? These timezones are in float. The change made in [55054] type casted them to integer which dropped the decimal for the partial-hour, making the time inaccurate. For example, +05:30 UTC (India and Sri Lanka)'s `'gmt_offset'` is `5.5`, but with the changeset, it was changed to `5`.
Reverting the changeset restores the original state of `current_time()` and thus resolves the regression.
Props reputeinfosystems, Rarst, hellofromTonya, desrosj, audrasjb, sergeybiryukov, costdev, priethor, francina, nekojonez, codingchicken, cbringmann.
See #57035.
Fixes#57998.
Built from https://develop.svn.wordpress.org/trunk@55598
git-svn-id: http://core.svn.wordpress.org/trunk@55110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes:
* Capitalizing "ID" in a consistent way.
* Expanding the comment on not using `filter_var()`.
* Adding a `@covers` tag for the function in unit tests.
* Minor tweak to the `_doing_it_wrong()` message.
Follow-up to [53818], [55543].
See #57593.
Built from https://develop.svn.wordpress.org/trunk@55549
git-svn-id: http://core.svn.wordpress.org/trunk@55061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sanitize the array of ids passed to the `_get_non_cached_ids` function and add a `_doing_it_wrong` call, if an invalid type is passed.
Props tillkruess, spacedmonkey, peterwilsoncc, flixos90, SergeyBiryukov.
Fixes#57593.
Built from https://develop.svn.wordpress.org/trunk@55543
git-svn-id: http://core.svn.wordpress.org/trunk@55055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `wp_get_referer()` and `wp_get_original_referer()` functions both depend on `wp_validate_redirect()` and check whether it is defined by the time they run, but do so in a slightly different way.
This commit ensures both functions return early if they are called before `wp_validate_redirect()` is defined.
Follow-up to [3908], [25399], [25400].
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55540
git-svn-id: http://core.svn.wordpress.org/trunk@55052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.
Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes#29748.
Built from https://develop.svn.wordpress.org/trunk@55276
git-svn-id: http://core.svn.wordpress.org/trunk@54809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset improves the consistency in capitalization of fetching and outputting of request headers. It also updates occurrences found in some docblocks.
Props johnjamesjacoby, costdev, audrasjb, petitphp, mhkuu, SergeyBiryukov.
Fixes#54225.
Built from https://develop.svn.wordpress.org/trunk@55210
git-svn-id: http://core.svn.wordpress.org/trunk@54743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$array` parameter to `$input_array` in `wp_recursive_ksort()`.
* Moves the function next to other array-related functions for consistency.
Follow-up to [53129], [54929].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@55117
git-svn-id: http://core.svn.wordpress.org/trunk@54650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset moves typecasting to affect the `get_option` value, which ensures that when math is done it does not generate any error. In PHP 7.4 and earlier the previous implementation was dismissed as a warning, but in PHP 8+ it would have throw a fatal error.
Follow-up to [45856].
Props Nick_theGeek, SergeyBiryukov, johnbillion.
Fixes#57035.
Built from https://develop.svn.wordpress.org/trunk@55054
git-svn-id: http://core.svn.wordpress.org/trunk@54587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
This commit also resolves 2 blocking issues which previously caused the revert of [52244]:
* New Requests files are loaded into `wp-includes/Requests/src/`, matching the location of the library. In doing so, filesystems that are case-insensitive are not impacted (see #54582).
* Preload: During a Core update, the old Requests files are preloaded into memory before the update deletes the files. Preloading avoids fatal errors noted in #54562.
Follow-up to [50842], [51078], [52244], [52315], [52327], [52328].
Props jrf, schlessera, datagutten, wojsmol, dustinrue, soulseekah, szepeviktor. costdev, sergeybiryukov, peterwilsoncc, ironprogrammer, antonvlasenko, hellofromTonya, swissspidy, dd32, azaozz, TobiasBg, audrasjb.
Fixes#54504.
See #54582, #54562.
Built from https://develop.svn.wordpress.org/trunk@54997
git-svn-id: http://core.svn.wordpress.org/trunk@54530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$echo` parameter to `$display` in:
* `wp_nonce_field()`
* `wp_referer_field()`
* `wp_original_referer_field()`
* Renames the `$string` parameter to `$input_string` in
* `_wp_json_convert_string()`
* `_wp_to_kebab_case()`
* Renames the `$list` parameter to `$input_list` in:
* `wp_parse_list()`
* `wp_parse_id_list()`
* `wp_parse_slug_list()`
* `wp_filter_object_list()`
* `wp_list_filter()`
* `wp_list_pluck()`
* `wp_list_sort()`
* Renames the `$array` parameter to `$input_array` in:
* `add_magic_quotes()`
* `wp_array_slice_assoc()`
* `_wp_array_get()`
* `_wp_array_set()`
* Renames the `$function` parameter to `$function_name` in:
* `_deprecated_function()`
* `_deprecated_argument()`
* `_doing_it_wrong()`
* Renames the `$class` parameter to `$class_name` in `_deprecated_constructor()`.
* Renames the `$default` parameter to `$default_value` in `apache_mod_loaded()`.
* Renames the `$var` parameter to `$value` in `wp_validate_boolean()`.
* Amends the `$input` parameter in `wp_parse_str()` for consistency.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54929
git-svn-id: http://core.svn.wordpress.org/trunk@54481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
