A new function `wp_filesize()` was added with [52837]. The function lived in the `wp-admin/includes/file.php` file. However, this admin specific function is not loaded into memory when hitting `media/edit` endpoint. The result was a `500` Internal Server Error. Why? The function is invoked with that endpoint, but the function does not exist in memory.
This commit relocates the new function to the `wp-includes/functions.php` file. In doing so, the function is available for both the frontend and backend.
Follow-up to [52837].
Props talldanwp, spacedmonkey, costdev, antonvlasenko.
Fixes#55367.
Built from https://develop.svn.wordpress.org/trunk@52932
git-svn-id: http://core.svn.wordpress.org/trunk@52521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The list item separator is a locale property, and it doesn't make much sense to translate it separately in multiple projects. This changeset implements the following modifications:
- Define list item separator as a new WP_Locale property
- Add `wp_get_list_item_separator()` as a wrapper for `WP_Locale::get_list_item_separator`
- Replace `$wp_locale->get_list_item_separator()` calls with `wp_get_list_item_separator()`
- Added a compatibility layer for bundled themes
Props SergeyBiryukov, swissspidy, rsiddharth, johnbillion, audrasjb.
Fixes#39733.
Built from https://develop.svn.wordpress.org/trunk@52929
git-svn-id: http://core.svn.wordpress.org/trunk@52518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adjusts the regex in `wp_check_filetype()` to support query strings in URLs.
Follow-up to [30640], [32172].
Props voldemortensen, johnbillion, layotte, dd32, atomicjack, supercleanse, spencercameron, ianmjones, audrasjb.
Fixes#30377.
Built from https://develop.svn.wordpress.org/trunk@52829
git-svn-id: http://core.svn.wordpress.org/trunk@52418 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`file_get_contents()` is faster than `fread()`, because the PHP core can decide how to best read the remaining file; it could decide to issue just one `read()` call or `mmap()` the file first.
Per the PHP manual, `file_get_contents()` or `stream_get_contents()` is the preferred way to read the contents of a file into a string. It will use memory mapping techniques if supported by the OS to enhance performance.
Reference: [https://www.php.net/manual/en/function.file-get-contents.php PHP Manual: file_get_contents()].
Follow-up to [50810], [52696], [52698].
Props maxkellermann.
See #55069.
Built from https://develop.svn.wordpress.org/trunk@52701
git-svn-id: http://core.svn.wordpress.org/trunk@52290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`file_get_contents()` is faster than `fread()`, because the PHP core can decide how to best read the remaining file; it could decide to issue just one `read()` call or `mmap()` the file first.
Per the PHP manual, `file_get_contents()` or `stream_get_contents()` is the preferred way to read the contents of a file into a string. It will use memory mapping techniques if supported by the OS to enhance performance.
Reference: [https://www.php.net/manual/en/function.file-get-contents.php PHP Manual: file_get_contents()].
Follow-up to [12044], [49073], [52696].
Props maxkellermann.
See #55069.
Built from https://develop.svn.wordpress.org/trunk@52698
git-svn-id: http://core.svn.wordpress.org/trunk@52287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Twenty Twenty-Two requires WordPress 5.9 but currently can't be (re)activated in the 5.9 branch because `version_compare( '5.9-RC3-52627', '5.9', '>=' )` as used by `is_wp_version_compatible()` returns `false`. To appreciate the testing of upcoming versions any `-alpha`, `-RC`, `-beta` suffixes are now stripped off from the WordPress version before checking for compatibility.
Fixes#54882.
Built from https://develop.svn.wordpress.org/trunk@52628
git-svn-id: http://core.svn.wordpress.org/trunk@52216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This makes the strings easier to translate and provides more details about what exactly is deprecated: a PHP function, a file name, or a WordPress hook.
The changes apply to:
* `_deprecated_function()`
* `_deprecated_constructor()`
* `_deprecated_file()`
* `_deprecated_argument()`
* `_deprecated_hook()`
* `_doing_it_wrong()`
Follow-up to [6514], [7884], [12536], [12584], [16939], [16942], [16945], [24439], [24723], [32989], [37861], [39315].
Props mukesh27, audrasjb, SergeyBiryukov.
Fixes#54658.
Built from https://develop.svn.wordpress.org/trunk@52609
git-svn-id: http://core.svn.wordpress.org/trunk@52197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If after processing through `add_query_arg()` a `?#` remains, this commit removes the unnecessary and unused `?` character as there are no query args in the URL.
Includes tests.
Follow-up to [1823], [5193], [5999], [6005].
Props benjaminanakenam, sabernhardt, costdev, hellofromTonya.
Fixes#44499.
Built from https://develop.svn.wordpress.org/trunk@52187
git-svn-id: http://core.svn.wordpress.org/trunk@51779 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Clarify messaging of when `wp_nonce_ays('log-out')` is called due to an invalid log out nonce. The HTML title now describes the action being taken rather than using the generic text "something went wrong".
Props davidkryzaniak, hellofromTonya, peterwilsoncc.
Fixes#52600.
Built from https://develop.svn.wordpress.org/trunk@52088
git-svn-id: http://core.svn.wordpress.org/trunk@51680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The code in `wp_list_filter()` was a duplicate of `wp_filter_object_list()`, minus the `WP_List_Util::pluck()` (used when `$field` is configured).
In testing the wrapper, discovered an edge case (and potential bug) in `WP_List_Util::filter()` where if the operator matches an empty array was returned without resetting the output property. Without that property being set correctly, `WP_List_Util::get_output()` was not correct. This commit also fixes this by resetting the property to an empty array.
Follow-up to [15686], [17427], [38928], [51044].
Props pbearne, sergeybiryukov, hellofromTonya.
Fixes#53988.
Built from https://develop.svn.wordpress.org/trunk@52066
git-svn-id: http://core.svn.wordpress.org/trunk@51658 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, when uploading a media item type that is not supported, the default error message claims that the reason it cannot upload is due to security reasons. This is not always true. Now the warning says that the type is not allowed, which is always true.
Props antpb, Presskopp, peterwilsoncc, desrosj, iluy, circlecube, mikeschroder.
Fixes#53626.
Built from https://develop.svn.wordpress.org/trunk@52032
git-svn-id: http://core.svn.wordpress.org/trunk@51624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
>PHP natively allows for autovivification (auto-creation of arrays from falsey values). This feature is very useful and used in a lot of PHP projects, especially if the variable is undefined. However, there is a little oddity that allows creating an array from a `false` and `null` value.
The above quote is from the PHP 8.1 RFC and the (accepted) RFC changes the behaviour described above to deprecated auto creation of arrays from `false`. As it is deprecated, it _will_ still work for the time being, but as of PHP 9.0, this will become a Fatal Error, so we may as well fix it now.
The `recurse_dirsize()` function retrieves a transient and places it in the `$directory_cache` variable, but the `get_transient()` function in WP returns `false` when the transient doesn't exist, which subsequently can lead to the above mentioned deprecation notice.
By verifying that the `$directory_cache` variable is an array before assigning to it and initializing it to an empty array, if it's not, we prevent the deprecation notice, as well as harden the function against potentially corrupted transients where this transient would not return the expected array format, but some other variable type.
Includes adding dedicated unit tests for both the PHP 8.1 issue, as well as the hardening against corrupted transients.
Includes some girl-scouting: touching up a parameter description and some code layout.
Refs:
* https://wiki.php.net/rfc/autovivification_false
* https://developer.wordpress.org/reference/functions/get_transient/
Follow-up to [49212], [49744].
Props jrf, hellofromTonya.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51911
git-svn-id: http://core.svn.wordpress.org/trunk@51504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the PHP native `dirname()` function is used on a Windows disk name - i.e. `C:\`-, it will return the same, i.e, it will return `C:\` again.
The `clean_dirsize_cache()` function didn't have guard clause against this, which meant that on Windows based systems and IIS servers, this function would result in WordPress getting stuck into an infinite loop.
The adjustment to the `while` part of the function fix this by checking if the return value of the `dirname()` function call is the same as the original path passed to `dirname()`, which effectively fixes the infinite loop.
A number of other improvements made:
1. Add input validation for the `$path` parameter to guard against invalid variable types being passed into the function.
2. Guard against an empty `$path` parameter, which would result in an infinite loop on both Windows as well as *nix based systems.
In both these cases, a PHP notice will now be thrown.
3. When a non-empty string, which isn't a path would previously be passed, the `dirname()` function would transform that to a `.` and the `.` key in the transient cache would be cleared out.
This was a bug as there is no relation between a non-path string and the root directory of file system.
This bug has been fixed by checking that something could actually be a path and handling received non-empty, non-path input parameters in a special way, i.e only removing the cache key for the passed string and bowing out from further processing.
Unfortunately, no tests can be added to guard against the infinite loop.
For the other fixes, we have added appropriate unit tests.
Follow-up up [49212], [49616], [49744].
Props jrf, hellofromTonya, raubvogel, sergeybiryukov, codezen8, sjlevy, drosmog, teachlynx, ekojr, bartoszgrzesik, joegasper, janthiel, josephdickson, ocean90, audrasjb.
Fixes#52241.
Built from https://develop.svn.wordpress.org/trunk@51910
git-svn-id: http://core.svn.wordpress.org/trunk@51503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Document the post statuses global as an array of `stdClass` objects
* Document the taxonomies global as an array of `WP_Taxonomy` objects
* Document the return value of the post count functions as `stdClass` objects
* Fix some typos
See #53399
Built from https://develop.svn.wordpress.org/trunk@51885
git-svn-id: http://core.svn.wordpress.org/trunk@51478 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `wp_privacy_anonymize_ip()` function expects a string for the `$ip_addr` parameter, but did not do any input validation.
One of the pre-existing test cases, passed `null` to the function, leading to a `substr_count(): Passing null to parameter #1 ($haystack) of type string is deprecated` notice on PHP 8.1.
Fixed now by doing a cursory check on the variable at the start of the function and bowing out early for a number of cases (`null`, `false`, `0`, `''`) which would all result in the same `0.0.0.0` output anyway.
Follow-up [42971].
Props jrf, hellofromTonya.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51793
git-svn-id: http://core.svn.wordpress.org/trunk@51400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a `preg_match_all(): Passing null to parameter #2 ($subject) of type string is deprecated` notice on PHP 8.1.
The behavior for `null` and `string` input is covered by the existing `Tests_Functions::test_validate_file()` test.
Effect: Errors down by 238, assertions up by 1920, failures down by 1.
Props jrf, hellofromTonya, SergeyBiryukov.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51625
git-svn-id: http://core.svn.wordpress.org/trunk@51231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r51211 accidentally introduced a fatal error for Multisite instances with `ms_files_rewriting` enabled. Reverting removes the error, and the original purpose of the commit can be solved in another way.
Props otto42, barry, ryelle, azaozz.
Fixes#53492. See #53475.
Built from https://develop.svn.wordpress.org/trunk@51223
git-svn-id: http://core.svn.wordpress.org/trunk@50832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Update the function DocBlock per the documentation standards.
* Move the unit tests to a more appropriate place.
* Rename and reorder the tests for consistency with `_wp_array_get()` tests.
Follow-up to [50958], [50962], [50964].
See #53175, #52625.
Built from https://develop.svn.wordpress.org/trunk@50965
git-svn-id: http://core.svn.wordpress.org/trunk@50574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As a result of the recent changes, both functions were calling each other if the `exif` PHP extension is not available.
The issue is now resolved by calling the `getimagesize()` PHP function directly, instead of the `wp_getimagesize()` wrapper.
Follow-up to [50146], [50810], [50814], [50815], [50818-50821].
See #35725.
Built from https://develop.svn.wordpress.org/trunk@50822
git-svn-id: http://core.svn.wordpress.org/trunk@50431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Document that WebP constants are only defined in PHP 7.1+.
* Correct the `$filename` parameter type in `wp_get_webp_info()`.
* Use a consistent message when skipping tests due to the lack of WebP support.
* Remove unnecessary `else` branches after `markTestSkipped()`.
* Replace `assertEquals()` with more appropriate assertions.
Follow-up to [50810].
See #35725.
Built from https://develop.svn.wordpress.org/trunk@50814
git-svn-id: http://core.svn.wordpress.org/trunk@50423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add support for uploading, editing and saving WebP images when supported by the server.
Add 'image/webp' to supported mime types. Correctly identify WebP images and sizes even when PHP doesn't support WebP. Resize uploaded WebP files (when supported) and use for front end markup.
Props markoheijne, blobfolio, Clorith, joemcgill, atjn, desrosj, spacedmonkey, marylauc, mikeschroder, hellofromtonya, flixos90.
Fixes#35725.
Built from https://develop.svn.wordpress.org/trunk@50810
git-svn-id: http://core.svn.wordpress.org/trunk@50419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Move `wp_get_script_tag()`, `wp_print_script_tag()`, `wp_print_inline_script_tag()` and `wp_get_inline_script_tag()` functions from `functions.php` to `script-loader.php`.
Relocate related tests to `dependencies` sub-directory.
Follow up to [50167].
Props adamsilverstein, hellofromTonya, SergeyBiryukov.
Fixes#39941.
Built from https://develop.svn.wordpress.org/trunk@50409
git-svn-id: http://core.svn.wordpress.org/trunk@50020 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add new functions `wp_get_script_tag`, `wp_print_script_tag`, `wp_print_inline_script_tag` and `wp_get_inline_script_tag` that support script attributes. Enables passing attributes such as `async` or `nonce`, creating a path forward for enabling a Content-Security-Policy in core, plugins and themes.
Props tomdxw, johnbillion, jadeddragoon, jrchamp, mallorydxw, epicfaace, alinod, enricocarraro, ocean90.
Fixes#39941.
Built from https://develop.svn.wordpress.org/trunk@50167
git-svn-id: http://core.svn.wordpress.org/trunk@49846 1a063a9b-81f0-0310-95a4-ce76da25c4cd