As part of determining whether to perform automatic updates, WordPress checks if it is running within a version-controlled environment, recursively looking up the filesystem to the top of the drive, looking for a Subversion, Git, Mercurial, or Bazaar directory, erring on the side of detecting a VCS checkout somewhere.
This commit avoids a PHP warning if the `open_basedir` directive is in use and any of the directories checked in the process are not allowed:
{{{
is_dir(): open_basedir restriction in effect. File(/.git) is not within the allowed path(s)
}}}
Follow-up to [25421], [25700], [25764], [25835], [25859].
Props costdev, markjaquith, meyegui, dd32, arnolp, robin-labadie, hellofromTonya, afragen, pbiron, SergeyBiryukov.
Fixes#42619.
Built from https://develop.svn.wordpress.org/trunk@55425
git-svn-id: http://core.svn.wordpress.org/trunk@54958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The original filter location is `wp_notify_moderator()` in `wp-includes/pluggable.php`.
This commit updates the instance in `wp_new_comment_notify_moderator()` to point to the correct file.
Follow-up to [35339], [35725].
Props zevilz.
Fixes#57808.
Built from https://develop.svn.wordpress.org/trunk@55424
git-svn-id: http://core.svn.wordpress.org/trunk@54957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Values for the input array in `WP_List_Util::pluck()` or `wp_list_pluck()` must be either objects or arrays.
This commit adds a check to ensure that the value retrieved in the loop is an array before treating it as such, and throws a `_doing_it_wrong()` notice if it is neither an object nor an array.
Follow-up to [14108], [15686], [18602], [28900], [38928].
Props afragen, costdev, audrasjb.
Fixes#56650.
Built from https://develop.svn.wordpress.org/trunk@55423
git-svn-id: http://core.svn.wordpress.org/trunk@54956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The table is no longer created by core as of WordPress 3.0, and support for global terms was removed in WordPress 6.1, so `$wpdb->sitecategories` is unset by default.
This commit resolves a "passing null to non-nullable" deprecation notice on PHP 8.1:
{{{
Deprecated: addcslashes(): Passing null to parameter #1 ($string) of type string is deprecated in wp-includes/class-wpdb.php on line 1804
}}}
The `tables_to_repair` filter is available for plugins to readd the table or include any additional tables to repair.
Follow-up to [14854], [14880], [54240].
Props ipajen, chiragrathod103, SergeyBiryukov.
Fixes#57762.
Built from https://develop.svn.wordpress.org/trunk@55421
git-svn-id: http://core.svn.wordpress.org/trunk@54954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This addresses all the remaining WPCS warnings in bundled themes.
Includes using the correct type when checking the number of comments, as `get_comments_number()` returns a numeric string, not an integer.
Follow-up to [41285], [44562], [47941].
Props aristath, poena, afercia, SergeyBiryukov.
See #56791.
Built from https://develop.svn.wordpress.org/trunk@55420
git-svn-id: http://core.svn.wordpress.org/trunk@54953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The function checks the status of the post being deleted, and then only calls `update_posts_count()` if the deleted post was previously published, as the update query would be unnecessary otherwise.
However, by the time the function runs, the post is already deleted from the database, and the post status check fails.
This commit uses the previously retrieved post object for the status check, so that the function proceeds as expected.
Includes updating the unit test to call `wp_delete_post()` with the `$force_delete` argument, so that the post is actually deleted, not trashed, and the `after_delete_post` action is run.
Follow-up to [28835], [52207], [54760], [54762].
Fixes#57023.
Built from https://develop.svn.wordpress.org/trunk@55419
git-svn-id: http://core.svn.wordpress.org/trunk@54952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset fixes encoding issues in background update emails by applying `html_entity_decode()` on Plugin/Theme names in `send_plugin_theme_email()`.
Props paulschreiber, audrasjb, benjgrolleau, sanketchodavadiya, robinwpdeveloper, paulamit.
Fixes#56964.
Built from https://develop.svn.wordpress.org/trunk@55411
git-svn-id: http://core.svn.wordpress.org/trunk@54944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset moves the `wp-theme-plugin-editor` admin script before `</body>` instead of in the `<head>`. This fixes an issue where the collapse admin menu feature was not working in the Theme|Plugin File Editor screens.
Props itsnikhilpatel, dilipbheda, stalukder03, audrasjb, adeltahri, Ankit-K-Gupta, mahbubshovan.
Fixes#57073.
Built from https://develop.svn.wordpress.org/trunk@55410
git-svn-id: http://core.svn.wordpress.org/trunk@54943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `rss_widget_feed_link` filter added in [52031] documents the parameter as a string, but recommends removing by returning false. Change the recommendation and documentation to make this consistent and update Twenty Twenty One to use the new recommended return value. Maintains documentation as possibly returning `false` for backwards compatibility.
Props sabernhardt, Mista-Flo.
Fixes#57594.
Built from https://develop.svn.wordpress.org/trunk@55409
git-svn-id: http://core.svn.wordpress.org/trunk@54942 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This type of transformation isn't always appropriate, especially for non-English language sites. Displaying the original option name makes it more clear what option is being changed.
Props SergeyBiryukov, sabernhardt, afrin29, afshanadiya
Fixes#50572
Built from https://develop.svn.wordpress.org/trunk@55408
git-svn-id: http://core.svn.wordpress.org/trunk@54941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Setting a bookmark on a tag should set its "start" position before the opening "<", e.g.:
{{{
<div> Testing a <b>Bookmark</b>
----------------^
}}}
The previous calculation assumed this is always one byte to the left from `$tag_name_starts_at`.
However, in a closing tag that index points to a solidus symbol "/":
{{{
<div> Testing a <b>Bookmark</b>
----------------------------^
}}}
The bookmark should therefore start two bytes before the tag name:
{{{
<div> Testing a <b>Bookmark</b>
---------------------------^
}}}
This changeset achieves this by:
* Using the correct starting index for closing tag bookmarks.
* Adding `array( 'tag_closers' => 'visit' )` in `WP_HTML_Tag_Processor::seek()`.
Follow-up to [55203].
Props zieladam, dmsnell, flixos90.
Fixes#57787.
See #57575.
Built from https://develop.svn.wordpress.org/trunk@55407
git-svn-id: http://core.svn.wordpress.org/trunk@54940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While the guard condition was technically correct, it's not practical or necessary to provide this protection for every use of every filter, and it adds unnecessary burden to translators to provide translations for strings that will likely not be seen.
Follow up to [55254].
Fixes#57320
Built from https://develop.svn.wordpress.org/trunk@55406
git-svn-id: http://core.svn.wordpress.org/trunk@54939 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds Deep, Outlined, and Crisp default shadow presets to Core's `theme.json` file.
Updates the Natural and Sharp `'shadow'` styles.
These shadow presets are used to populate the Shadow tools in the Site Editor's Global Styles UI.
References:
* [https://github.com/WordPress/gutenberg/pull/46502 Gutenberg PR 46502]
Follow-up to [55176].
Props franz00, madhudollu, ajlende, beafialho, costdev, dhrupo, fabiankaegy, hellofromTonya, jameskoster, joen, kellychoffman, mamaduka, mtias, oandregal, priethor, richtabor, scruffian.
Fixes#57708.
See #57559.
Built from https://develop.svn.wordpress.org/trunk@55405
git-svn-id: http://core.svn.wordpress.org/trunk@54938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to avoid timeout in Imagick operations.
Previously, Imagick operations could silently error by timeout and produce unexpected results. The new `::set_imagick_time_limit()` method, now used in `::resize()` and `::crop()`, will better handle garbage collection in these cases as well as better align Imagick's timeout with PHP timeout, assuming it is set.
Props drzraf, audrasjb, costdev, antpb, SergeyBiryukov.
Fixes#52569.
Built from https://develop.svn.wordpress.org/trunk@55404
git-svn-id: http://core.svn.wordpress.org/trunk@54937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the HTML API was introduced a number of fields were switched from private visibility to protected so that Gutenberg and other systems could more easily enhance the behaviors through subclassing. The $this->html property was overlooked but important for systems using the Tag Processor to stich HTML, specifically performing operations on innerHTML and innerText.
Follow-up [55203].
Props dmsnell.
See #57575.
Built from https://develop.svn.wordpress.org/trunk@55402
git-svn-id: http://core.svn.wordpress.org/trunk@54935 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures the `$term_ids` variable only contains term IDs and is not filled with full term objects due to deprecated term caching.
Introduced in [55252].
Props skithund, Chouby, joemcgill, flixos90, ocean90.
Fixes#57150.
Built from https://develop.svn.wordpress.org/trunk@55401
git-svn-id: http://core.svn.wordpress.org/trunk@54934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the wp_check_password function was used for validating keys, while the PasswordHash class was used for creating keys. This would prevent Recovery Mode from working on sites that provide a custom implementation for the wp_check_password pluggable function.
Props calvinalkan.
Fixes#56787.
Built from https://develop.svn.wordpress.org/trunk@55397
git-svn-id: http://core.svn.wordpress.org/trunk@54930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a regression introduced in [41163], where the link in change confirmation emails for users with no roles in a multisite install was incorrect, causing them to be unable to change their email address. This changeset replaces `admin_url()` with `self_admin_url()` to restore the previous fix.
Follow-up to [38876], [40632], [41165], [41163].
Props roytanck, SergeyBiryukov, johnbillion, afrin29.
Fixes#57164.
Built from https://develop.svn.wordpress.org/trunk@55396
git-svn-id: http://core.svn.wordpress.org/trunk@54929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes the following changes:
- Upgrade Playwright to 1.30.0
- [Block Editor - Inserter]: preload media categories empty check - client side
- Navigation: Fixes undo and redo for nesting operations in the navigation block's inspector
- Fix: OffCanvasEditor does not inserts submenu on collapsed items.
- OffCanvasEditor: Only allow some blocks to be converted to submenus
- Navigation: Updates "Add Submenu item" text to "Add Submenu link"
- Update: Make OffCanvasEditor use LeafMoreMenu by default.
- Template Part: Performance: Replace usage of wp_get_theme()->get_stylesheet() with get_stylesheet()
- Widget Editor: Fix a problem with 'Move to Widget Area' button not working
- Reusable Blocks: Use React 18 rendering for import dropdown
- useAsyncList: flush state updates when processing queue
- Refactor the site editor URLs for better backward compatibility
- Template editor: only disable the save button if no changes rather than hiding it
- [Quote]: Fix deprectated large style specificity rule
- Style Book: Allow button text labels for style book icon
- List View: Scroll selected block into view when single block selection changes
- Post editor: revert iframed editor for WP core only
- Fix the Publish region position and focus style.
- Remove "& Shadow" from the Border ScreenHeader title
- Site editor: specify focus state color for template navigation button
References: [1e2b2f680c Gutenberg's commit for publishing the packages]
Props ntsekouras, ellatrix.
See #57471.
Built from https://develop.svn.wordpress.org/trunk@55392
git-svn-id: http://core.svn.wordpress.org/trunk@54925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Modifies `WP_Http::make_absolute_url()` to prevent it from dropping URL fragments, this in turn fixes the same issue for `links_add_base_url()`.
Props costdev, sergeybiryukov, dshanske, schlessera, jrf, desrosj, dd32.
Fixes#56231.
Built from https://develop.svn.wordpress.org/trunk@55370
git-svn-id: http://core.svn.wordpress.org/trunk@54903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces client and server side validation to ensure the `replytocom` query string parameter can not be exploited to reply to an unapproved comment or display the name of an unapproved commenter.
This only affects commenting via the front end of the site. Comment replies via the dashboard continue their current behaviour of logging the reply and approving the parent comment.
Introduces the `$post` parameter, defaulting to the current global post, to `get_cancel_comment_reply_link()` and `comment_form_title()`.
Introduces `_get_comment_reply_id()` for determining the comment reply ID based on the `replytocom` query string parameter.
Renames the parameter `$post_id` to `$post` in `get_comment_id_fields()` and `comment_id_fields()` to accept either a post ID or `WP_Post` object.
Adds a new `WP_Error` return state to `wp_handle_comment_submission()` to prevent replies to unapproved comments. The error code is `comment_reply_to_unapproved_comment` with the message `Sorry, replies to unapproved comments are not allowed.`.
Props costdev, jrf, hellofromtonya, fasuto, boniu91, milana_cap.
Fixes#53962.
Built from https://develop.svn.wordpress.org/trunk@55369
git-svn-id: http://core.svn.wordpress.org/trunk@54902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes the conditions for when to enqueue the opinionated block styles (i.e. `'wp-block-library-theme'` stylesheet):
* the theme adds `'wp-block-styles'` theme support;
* and no editor styles are declared.
This resolves an issue with themes that do not add the `'wp-block-styles'` theme support while not impacting themes that do.
Follow-up to [53419], [52069], [50761], [44157].
Props mikachan, costdev, glendaviesnz, hellofromTonya, jffng, mamaduka, ndiego, poena, sannevndrmeulen, scruffian.
Fixes#57561.
Built from https://develop.svn.wordpress.org/trunk@55368
git-svn-id: http://core.svn.wordpress.org/trunk@54901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves a fatal error and displays an actionable message if the `mysqli` PHP extension is missing.
Previously, `wp_check_php_mysql_versions()` performed an early check whether `mysql`, `mysqli`, or `mysqlnd` extensions are loaded, but that did not work if the `mysqlnd` extension is the only one present.
Checking specifically for `mysqli_connect()` or `mysql_connect()` functions should be a more reliable approach and more closely mirrors the existing checks in the `wpdb` class.
Follow-up to [1955], [4489], [7234], [12732], [19760], [27257], [36434].
Props bgin, desrosj, dimadin, ipajen, hellofromTonya, sc0ttkclark, azaozz, SergeyBiryukov.
Fixes#51988.
Built from https://develop.svn.wordpress.org/trunk@55367
git-svn-id: http://core.svn.wordpress.org/trunk@54900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `$post_ID` variable is [546f59c678/WordPress/Sniffs/NamingConventions/ValidVariableNameSniff.php (L54) technically allowed in WPCS], as there is a global of the same name that needs to remain for backward compatibility. However, this name is mostly a remnant of legacy code, and switching to `$post_id` where appropriate brings more consistency with the rest of core.
Additionally, this commit resolves a few WPCS warnings in core:
{{{
Variable "$post_IDs" is not in valid snake_case format
}}}
This affects:
* Function parameters in:
* `add_meta()`
* `post_preview()`
* `WP_Embed::delete_oembed_caches()`
* `WP_Embed::cache_oembed()`
* `wp_get_post_cats()`
* `wp_set_post_cats()`
* `wp_unique_post_slug()`
* `wp_set_post_categories()`
* `wp_check_post_hierarchy_for_loops()`
* `wp_add_trashed_suffix_to_post_name_for_trashed_posts()`
* `wp_filter_wp_template_unique_post_slug()`
* `wp_xmlrpc_server::add_enclosure_if_new()`
* `wp_xmlrpc_server::attach_uploads()`
* `wp_xmlrpc_server::mt_getTrackbackPings()`
* Internal variables in:
* `wp_ajax_inline_save()`
* `wp_ajax_set_post_thumbnail()`
* `wp_ajax_get_post_thumbnail_html()`
* `edit_post()`
* `bulk_edit_posts()`
* `wp_write_post()`
* `WP_Embed::shortcode()`
* `wp_insert_post()`
* `wp_xmlrpc_server::_insert_post()`
* `wp_xmlrpc_server::blogger_getPost()`
* `wp_xmlrpc_server::blogger_newPost()`
* `wp_xmlrpc_server::blogger_editPost()`
* `wp_xmlrpc_server::blogger_deletePost()`
* `wp_xmlrpc_server::mw_getPost()`
* `wp_xmlrpc_server::mw_newPost()`
* `wp_xmlrpc_server::mw_editPost()`
* `wp_xmlrpc_server::mt_getPostCategories()`
* `wp_xmlrpc_server::mt_setPostCategories()`
* `wp_xmlrpc_server::mt_publishPost()`
* `wp_xmlrpc_server::pingback_ping()`
* Hook parameters in:
* `oembed_ttl`
* `embed_oembed_html`
* `wp_insert_post_parent`
* `add_trashed_suffix_to_trashed_posts`
* `pre_post_update`
* `edit_attachment`
* `attachment_updated`
* `add_attachment`
* `edit_post_{$post->post_type}`
* `edit_post`
* `post_updated`
* `save_post_{$post->post_type}`
* `save_post`
* `wp_insert_post`
* `pre_wp_unique_post_slug`
* `wp_unique_post_slug`
* `xmlrpc_call_success_blogger_newPost`
* `xmlrpc_call_success_blogger_editPost`
* `xmlrpc_call_success_blogger_deletePost`
* `xmlrpc_call_success_mw_newPost`
* `xmlrpc_call_success_mw_editPost`
Note: The name change only affects variable names and DocBlocks.
The change does not affect the `$post_ID` global still used in a few places.
Follow-up to [51399], [52958], [53723], [53729], [55190], [55308], [55334].
Props mahekkalola, tanjimtc71, SergeyBiryukov.
Fixes#57692.
Built from https://develop.svn.wordpress.org/trunk@55365
git-svn-id: http://core.svn.wordpress.org/trunk@54898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit renames a few internal variables for better clarity and consistency:
* `$nextpage` to `$next_page` in:
* `get_next_posts_page_link()`
* `get_next_posts_link()`
* `get_next_comments_link()`
* `$nextpage` to `$previous_page` in:
* `get_previous_posts_page_link()`
* `$prevpage` to `$previous_page` in:
* `get_previous_comments_link()`
Includes minor code layout fixes for better readability.
Follow-up to [5045], [8502], [8961], [28111].
Props dalirajab, SergeyBiryukov.
Fixes#57746.
Built from https://develop.svn.wordpress.org/trunk@55364
git-svn-id: http://core.svn.wordpress.org/trunk@54897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the `rest_pre_dispatch` filter could be used to return a `WP_Error` instance. This would cause a fatal error for `rest_post_dispath`
filters that were rightly expecting a `WP_REST_Response` object to be passed instead.
Props DaveFX, felipeelia.
Fixes#56566.
Built from https://develop.svn.wordpress.org/trunk@55361
git-svn-id: http://core.svn.wordpress.org/trunk@54894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset fixes an issue where the available theme updates count was not updated after a theme is deleted.
Props nazmulhasan103, riccardodicurti, sabernhardt, ironprogrammer, costdev, robinwpdeveloper, rahmantasnia.
Fixes#57183.
Built from https://develop.svn.wordpress.org/trunk@55359
git-svn-id: http://core.svn.wordpress.org/trunk@54892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This now runs in local Docker as well. Sets the executable propset to explicitly identify `install-tool.sh` and `setup.sh` as executable. Unclear if this will sync via the Git mirror; ideally it would as otherwise the two files show as modified in a Git clone even in a fresh container.
Props samruddhikhandale.
See #57187.
Built from https://develop.svn.wordpress.org/trunk@55353
git-svn-id: http://core.svn.wordpress.org/trunk@54886 1a063a9b-81f0-0310-95a4-ce76da25c4cd