Commit Graph

327 Commits

Author SHA1 Message Date
Sergey Biryukov
fa163b9c0a I18N: Separate two "About" strings with different context.
Props desrosj, XpertOne, Nao.
Merges [43527] to the 4.9 branch.
Fixes #44139.
Built from https://develop.svn.wordpress.org/branches/4.9@43528


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-24 15:06:26 +00:00
Sergey Biryukov
cb2625e260 Privacy: Use consistent values for the site name and URL used in notification emails.
The functions `send_confirmation_on_profile_email()`, `_wp_privacy_send_request_confirmation_notification()`, `_wp_privacy_send_erasure_fulfillment_notification()`, and `wp_send_user_request()` all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded.

Props subrataemfluence, desrosj.
Merges [43388], [43390], and [43435] to the 4.9 branch.
Fixes #44396.
Built from https://develop.svn.wordpress.org/branches/4.9@43459


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 14:24:26 +00:00
Sergey Biryukov
b74a18dc8b Privacy: Silence is golden and invisible.
"Be more discrete." declared matt in [3155], and since then, "Silence is Golden" has been the calling card of placeholder index files. Historically, these have been php files, but [43012] changed that and added index.html files for privacy export generated folders.

The php silence files produce no visible content. This adds consistency with these new html files in that there will be no visible content. Silence will fall when the question is asked.

Merges [43446] to the 4.9 branch.
Fixes #44195.
Props audrasjb, rafsuntaskin, Ov3rfly, johnbillion, pento
Built from https://develop.svn.wordpress.org/branches/4.9@43448


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 12:02:29 +00:00
Sergey Biryukov
e2bf0ae498 Privacy: Remove unnecessary This email has been sent to ###EMAIL### from privacy emails.
The line was copied from the emails that get sent when an email address changes, without considering if it made sense in the new context.

Props iandunn, ianbelanger, desrosj.
Merges [43353] to the 4.9 branch.
Fixes #44030.
Built from https://develop.svn.wordpress.org/branches/4.9@43354


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:33:14 +00:00
Sergey Biryukov
98eb869d8b Docs: Add missing documentation and duplicate hook references for wp_privacy_personal_data_export_file, wp_privacy_personal_data_exporters, and wp_privacy_personal_data_erasers hooks.
Props birgire.
Merges [43303] to the 4.9 branch.
See #44125.
Built from https://develop.svn.wordpress.org/branches/4.9@43305


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 13:16:25 +00:00
Sergey Biryukov
4d9aadc80c Privacy: Correct the error check when creating an export folder in wp_privacy_generate_personal_data_export_file().
`wp_mkdir_p()` returns `false` on error, not a `WP_Error` object.

Props birgire.
Merges [43299] to the 4.9 branch.
Fixes #44158.
Built from https://develop.svn.wordpress.org/branches/4.9@43300


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 12:02:29 +00:00
Andrew Ozz
f4a436c522 Privacy: Rename exports folder to avoid deleting other files.
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.

To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.

The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.

Props johnjamesjacoby, allendav.
Merges [43284] to the 4.9 branch.
Fixes #44091.
Built from https://develop.svn.wordpress.org/branches/4.9@43285


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:32:26 +00:00
Sergey Biryukov
8c9bb731ed Privacy: Normalize file paths in wp_privacy_generate_personal_data_export_file() to make sure Windows paths don't have their backslashes stripped.
Props xkon, pmbaldha.
Merges [43234] to the 4.9 branch.
Fixes #43908.
Built from https://develop.svn.wordpress.org/branches/4.9@43235


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 21:13:27 +00:00
Sergey Biryukov
4cf2959f1e Privacy: Pass export request ID to wp_privacy_personal_data_export_file_created filter.
Props thomasplevy.
Merges [43208] to the 4.9 branch.
Fixes #44031.
Built from https://develop.svn.wordpress.org/branches/4.9@43209


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 23:19:25 +00:00
Sergey Biryukov
809d5fa08e Privacy: Reuse existing archive filenames to maintain URLs.
Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.

That can be avoided by reusing the same filename when building fresh archives.

Props desrosj, tz-media, allendav.
Merges [43180] to the 4.9 branch.
Fixes #43905.
Built from https://develop.svn.wordpress.org/branches/4.9@43186


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 14:30:26 +00:00
Andrew Ozz
4eeea599bd Privacy: Store plugin callbacks in associative array for flexibility.
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.

Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.

Props desrosj, allendav, ocean90.
Merges [43154] to the 4.9 branch.
Fixes #43931.
Built from https://develop.svn.wordpress.org/branches/4.9@43157


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 19:38:27 +00:00
Andrew Ozz
7cf7767298 Privacy: fix inconsistencies in new strings.
Props audrasjb.
Merges [43118] to the 4.9 branch.
Fixes #43925.
Built from https://develop.svn.wordpress.org/branches/4.9@43119


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 18:51:26 +00:00
Sergey Biryukov
8114ac92ef Privacy: add attachments to the personal data export file.
Props allendav.
Merges [43054] to the 4.9 branch.
See #43883.
Built from https://develop.svn.wordpress.org/branches/4.9@43108


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:34:25 +00:00
Sergey Biryukov
894cec5697 Privacy: Add wp_privacy_personal_data_export_file_created filter.
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.

Props iandunn.
Merges [43047] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43096


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:35:27 +00:00
Sergey Biryukov
06dd3449e9 Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
Merges [43046] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43095


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:33:26 +00:00
Sergey Biryukov
7a7e45a530 Privacy: Use a CSPRNG in export filenames for more security.
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.

Props iandunn.
Merges [43045] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43094


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:19:25 +00:00
Sergey Biryukov
e5c53b9bbd Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run.
Props allendav.
Merges [43012] and [43089] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43092


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:16:25 +00:00
Sergey Biryukov
a91c3fbdc0 General: Replace Cheatin’ uh? with friendlier error messages.
While intended as a playful error message, `Cheatin’ uh?` can be interpreted as insulting or accusatory in an already stressful situation. This replaces Cheatin’ with more meaningful error messages, depending on the error that occurs.

Props ElectricFeet, EricMeyer, karmatosed, dd32, BandonRandon, melchoyce, kristastevens for language; dmsnell for original patch; peterwilsoncc.
Merged [42648] and [42719] to the 4.9 branch.
Fixes #38332.
Built from https://develop.svn.wordpress.org/branches/4.9@42811


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-09 00:15:42 +00:00
Dion Hulse
9fe3e9edf0 Theme Editor: Validate files are editable based on their relative filenames, rather than full file path.
This fixes theme editing on Windows platforms where `validate_file()` will return `2` on a full file path.

Merges [42244] to the 4.9 branch.
Fixes #42609.

Built from https://develop.svn.wordpress.org/branches/4.9@42245


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 03:29:25 +00:00
Weston Ruter
83c29a4d08 Theme Editor: Ensure files listed recursively can be both viewed and edited.
Prevent edits to 2-level deep theme files from returning a `disallowed_theme_file` error when attempting to save an edit. Aligns logic for gathering `$allowed_files` in `theme-editor.php` for listing files with the validation logic in `wp_edit_theme_plugin_file()`.

Amends [41806].
See #6531.
Fixes #42425.

Built from https://develop.svn.wordpress.org/trunk@42112


git-svn-id: http://core.svn.wordpress.org/trunk@41941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-02 23:05:48 +00:00
John Blackbourn
2f3e91028a Filesystem API: Add more specificity to the rules for valid files in validate_file().
This now treats files containing `./` as valid, and also treats files containing a trailing `../` as valid due to widespread use of this pattern in theme and plugin zip files.

Adds tests.

Props Ipstenu, borgesbruno, DavidAnderson, philipjohn, birgire
Fixes #42016, #36170

Built from https://develop.svn.wordpress.org/trunk@42011


git-svn-id: http://core.svn.wordpress.org/trunk@41845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 23:15:49 +00:00
John Blackbourn
16cfe96580 Filesystem API: Don't immediately return an error for invalid file names contained within a Zip while it's being extracted.
This allows the extraction of the rest of the valid files within the archive to continue.

See #42016

Built from https://develop.svn.wordpress.org/trunk@42010


git-svn-id: http://core.svn.wordpress.org/trunk@41844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 23:11:50 +00:00
John Blackbourn
4812370aab Docs: Improve the docs for validate_file() and validate_file_to_edit().
See #42016, #36170, #41017

Built from https://develop.svn.wordpress.org/trunk@42007


git-svn-id: http://core.svn.wordpress.org/trunk@41841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 22:50:49 +00:00
Gary Pendergast
58db3cb54e File Editor: Add support for more than one sub-directory level.
The theme and plugin editors now list all files in the selected theme or plugin, recursing through subdirectories as necessary.

Props WraithKenny, schlessera, chsxf, MikeHansenMe, Daedalon, valendesigns, westonruter, pento.
Fixes #6531.


Built from https://develop.svn.wordpress.org/trunk@41806


git-svn-id: http://core.svn.wordpress.org/trunk@41640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 05:34:49 +00:00
Weston Ruter
1a22fb3b60 File Editor: Increase robustness of fatal error checking when saving PHP file edits.
* Increase PHP execution time limit prior to issuing loopback requests where are themselves given timeouts to ensure PHP file can be reverted.
* Output scrape messages on success and failure so that absence of either can also be flagged as an error condition.
* Forward browser's HTTP Basic Auth credentials in loopback requests to admin and home URL.
* Display more helpful message when loopback request fails.

Amends [41721].
See #21622.
Fixes #42102.

Built from https://develop.svn.wordpress.org/trunk@41805


git-svn-id: http://core.svn.wordpress.org/trunk@41639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 05:27:49 +00:00
Weston Ruter
5f7a5c1246 File Editors: Introduce sandboxed live editing of PHP files with rollbacks for both themes and plugins.
* Edits to active plugins which cause PHP fatal errors will no longer auto-deactivate the plugin. Supersedes #39766.
* Introduce sandboxed PHP file edits for active themes, preventing accidental whitescreening of a user's site when introducing a fatal error.
* After writing a change to a PHP file for an active theme or plugin, perform loopback requests on the file editor admin screens and the homepage to check for fatal errors. If a fatal error is encountered, roll back the edited file and display the error to the user to fix and try again.
* Introduce a secure way to scrape PHP fatal errors from a site via `wp_start_scraping_edited_file_errors()` and `wp_finalize_scraping_edited_file_errors()`.
* Moves file modifications from `theme-editor.php` and `plugin-editor.php` to common `wp_edit_theme_plugin_file()` function.
* Refactor themes and plugin editors to submit file changes via Ajax instead of doing full page refreshes when JS is available.
* Use `get` method for theme/plugin dropdowns.
* Improve styling of plugin editors, including width of plugin/theme dropdowns.
* Improve notices API for theme/plugin editor JS component.
* Strip common base directory from plugin file list. See #24048.
* Factor out functions to list editable file types in `wp_get_theme_file_editable_extensions()` and `wp_get_plugin_file_editable_extensions()`.
* Scroll to line in editor that has linting error when attempting to save. See #41886.
* Add checkbox to dismiss lint errors to proceed with saving. See #41887.
* Only style the Update File button as disabled instead of actually disabling it for accessibility reasons.
* Ensure that value from CodeMirror is used instead of `textarea` when CodeMirror is present.
* Add "Are you sure?" check when leaving editor when there are unsaved changes.

Supersedes [41560].
See #39766, #24048, #41886.
Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
Fixes #21622, #41887.

Built from https://develop.svn.wordpress.org/trunk@41721


git-svn-id: http://core.svn.wordpress.org/trunk@41555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 00:20:45 +00:00
John Blackbourn
69de73224f Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
Built from https://develop.svn.wordpress.org/trunk@41457


git-svn-id: http://core.svn.wordpress.org/trunk@41290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:36:47 +00:00
Weston Ruter
203d220c6f Customize: Re-use homepage settings help tab text from Reading Options admin screen in description for corresponding Customizer section.
Also remove "Static" reference in template name, missed in [41363].

See #41829.

Built from https://develop.svn.wordpress.org/trunk@41364


git-svn-id: http://core.svn.wordpress.org/trunk@41197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-10 17:08:43 +00:00
Weston Ruter
a74e98d7be Customize: Rename "Static front page" to just "Homepage".
Props danieltj, melchoyce.
Fixes #41828.

Built from https://develop.svn.wordpress.org/trunk@41363


git-svn-id: http://core.svn.wordpress.org/trunk@41196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-10 16:20:44 +00:00
Drew Jaynes
d5e3ea444d Filesystem: Introduce the pre_move_uploaded_file filter.
Passing a non-null value to the filter will prevent the uploaded file from being moved to the uploads directory for any of the functions leveraging `_wp_handle_upload()`, such as `wp_handle_upload()` or `wp_handle_sideload()`.

Error reporting related to the file being moved will also be skipped.

Props ryan, Mte90.
Fixes #24603.

Built from https://develop.svn.wordpress.org/trunk@41258


git-svn-id: http://core.svn.wordpress.org/trunk@41098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-16 21:59:43 +00:00
Sergey Biryukov
581707de6c Docs: Add a @global entry for $allowed_files in get_file_description().
Props div33, ajayghaghretiya1.
Fixes #41294.
Built from https://develop.svn.wordpress.org/trunk@41032


git-svn-id: http://core.svn.wordpress.org/trunk@40882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-12 21:40:40 +00:00
Aaron Campbell
38347d7c58 Add nonce for updating file system credentials.
Built from https://develop.svn.wordpress.org/trunk@40723


git-svn-id: http://core.svn.wordpress.org/trunk@40581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:48:44 +00:00
Pascal Birchler
064e62cbea Cron API: Add a new wp_doing_cron() helper function.
This replaces `DOING_CRON` checks via the constant.

Props tfrommen.
Fixes #39591.

Built from https://develop.svn.wordpress.org/trunk@40575


git-svn-id: http://core.svn.wordpress.org/trunk@40445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-06 14:30:40 +00:00
Dion Hulse
6066654967 Updates: Remove a stray " from a tag.
Props afercia.
See #39057.

Built from https://develop.svn.wordpress.org/trunk@39656


git-svn-id: http://core.svn.wordpress.org/trunk@39596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-30 07:42:42 +00:00
Andrea Fercia
eeefec932f Administration: Improve the usage of the button CSS classes.
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.

- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items

Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes #27314, #37138, #37448.

Built from https://develop.svn.wordpress.org/trunk@38672


git-svn-id: http://core.svn.wordpress.org/trunk@38615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-28 19:54:28 +00:00
Scott Taylor
a3ffebce30 Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38470


git-svn-id: http://core.svn.wordpress.org/trunk@38411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:31:29 +00:00
Scott Taylor
390ceba6c7 Bootstrap: after r38409 and r38410, revert r38402 which reverted r38399.
This fixes the paths in `wp-vendor/` that were including `src`. I want to drop this in so we can find out what else will break.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38411


git-svn-id: http://core.svn.wordpress.org/trunk@38352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 22:32:37 +00:00
Dion Hulse
0e31a46161 Bootstrap: Revert [38399] as it's broken /build/ and subsequently core.svn.wordpress.org.
The generated classmaps reference `/src/` files and operates in the assumption that the base directory is one level above `wp-settings.php`, which it isn't after our build processes are run.

See #36335

Built from https://develop.svn.wordpress.org/trunk@38402


git-svn-id: http://core.svn.wordpress.org/trunk@38343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 14:37:32 +00:00
Scott Taylor
6a529648cf Bootstrap: Autoload classes using a Composer-generated PHP 5.2-compatible Autoloader.
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.

The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php

We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php

When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.

The future is now.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38399


git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 09:15:29 +00:00
Scott Taylor
7ac88c02fa Media: when calling pathinfo(), also pass a PATHINFO_* constant to avoid array notices for unset keys.
Props JaworskiMatt.
Fixes #37608.

Built from https://develop.svn.wordpress.org/trunk@38294


git-svn-id: http://core.svn.wordpress.org/trunk@38235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-20 23:36:28 +00:00
Dominik Schilling
771fc167b6 Media: In _wp_handle_upload() use call_user_func_array() to call the upload error handler.
The default error handler `wp_handle_upload_error()` expects a reference for the first parameter but `call_user_func()` doesn't pass parameters by reference. The current code didn't produce any issues until now. PHP 7.0.9 (and PHP 7.1) is now stricter and prevents calling the error handler with a warning:
> PHP Warning:  Parameter 1 to wp_handle_upload_error() expected to be a reference, value given.

To restore the error handler `_wp_handle_upload()` now uses `call_user_func_array()`.

Props jbrinley.
Props jorbin for review.
Fixes #37570.
Built from https://develop.svn.wordpress.org/trunk@38235


git-svn-id: http://core.svn.wordpress.org/trunk@38176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-09 21:54:30 +00:00
Dominik Schilling
d7253ca244 Filesystem API: Prevent an endless self-calling loop in wp_tempnam().
Under certain conditions upgrades on Windows may fail because `wp_tempnam()` gets called in a loop.
This can happen when `wp_tempnam()` is called with `\.maintenance` for the `$filename` parameter. The function strips the extension, in this case `.maintenance`, which results in an empty filename. Because it's empty, `wp_tempnam()` calls itself with `dirname( '\.maintenance' )`. On *nix systems this would be `"/"` which allows `wp_tempnam()` to fall back on `time()`. But on Windows it's `"\"`.

This change adds the backslash to the list of characters which allow `wp_tempnam()` to fall back on `time()`.

See [32322], [31936].
Fixes #33999.
Built from https://develop.svn.wordpress.org/trunk@38151


git-svn-id: http://core.svn.wordpress.org/trunk@38092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-25 15:28:29 +00:00
Dominik Schilling
3a3828c396 Filesystem API: Change the default value for the $context parameter of get_filesystem_method() and request_filesystem_credentials() to an empty string.
`$context` is a full path to the directory that is tested for being writable. A path shouldn't be a boolean value.
This also updates `WP_Upgrader_Skin::request_filesystem_credentials()` and `Automatic_Upgrader_Skin::request_filesystem_credentials()` and adds missing docs.

Props DrewAPicture, ocean90.
Fixes #37412.

Built from https://develop.svn.wordpress.org/trunk@38138


git-svn-id: http://core.svn.wordpress.org/trunk@38079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-22 12:10:27 +00:00
Dominik Schilling
aa561e67a1 Bootstrap: Enhance core's memory limit handling.
* Don't lower memory limit if the current limit is greater than `WP_MAX_MEMORY_LIMIT`.
* Set `WP_MEMORY_LIMIT` and `WP_MAX_MEMORY_LIMIT` to current limit if the `memory_limit` setting can't be changed at runtime.
* Use `wp_convert_hr_to_bytes()` when parsing the value of the `memory_limit` setting because it can be a shorthand or an integer value.
* Introduce `wp_raise_memory_limit( $context )` to raise the PHP memory limit for memory intensive processes. This DRYs up some logic and includes the existing `admin_memory_limit` and `image_memory_limit` filters. The function can also be used for custom contexts, the `{$context}_memory_limit` filter allows to customize the limit.
* Introduce `wp_is_ini_value_changeable( $setting )` to determine whether a PHP ini value is changeable at runtime.
* Remove a `function_exists( 'memory_get_usage' )` check. Since PHP 5.2.1 support for memory limit is always enabled.

Related commits: [38011-38013]

Props jrf, A5hleyRich, swissspidy, ocean90.
Fixes #32075.
Built from https://develop.svn.wordpress.org/trunk@38015


git-svn-id: http://core.svn.wordpress.org/trunk@37956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 14:37:30 +00:00
Dion Hulse
c959b63539 Updates: Only use the filename component of URLs to form part of the temporary filename.
Previously we were passing the entire URL to `wp_tempnam()` (incorrectly) which caused the query string to be used as part of the temporary filename.
We now only use the file component of a url such as `https://example.com/filename.zip?arg1=1&arg2=2....&arg100=100` to prevent a long filename.

Fixes #34938

Built from https://develop.svn.wordpress.org/trunk@37598


git-svn-id: http://core.svn.wordpress.org/trunk@37566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-31 02:21:29 +00:00
Drew Jaynes
1947f4d17c Docs: Apply inline @see tags to hooks referenced in DocBlocks for wp-admin/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37537


git-svn-id: http://core.svn.wordpress.org/trunk@37505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 17:28:27 +00:00
Drew Jaynes
c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Andrea Fercia
ce94f2dfbd Refine the FTP credentials form interaction.
Properly toggle SSH2 Authentication Keys fieldset visibility.
JavaScript and CSS clean-up.

Props Mte90.
Fixes #34376.
Built from https://develop.svn.wordpress.org/trunk@37467


git-svn-id: http://core.svn.wordpress.org/trunk@37435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-19 22:59:28 +00:00
Dominik Schilling
546b031453 Filesystem API: Don't add '.' to the list of directories which need to be checked/created when extracting a file.
Prevents a PHP warning by `WP_Filesystem_Direct::mkdir()` when installing a language pack which doesn't have subdirectories.

Props tfrommen.
Fixes #36570.
Built from https://develop.svn.wordpress.org/trunk@37421


git-svn-id: http://core.svn.wordpress.org/trunk@37387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-12 12:40:28 +00:00
Sergey Biryukov
f79aad8e0c Theme Editor: After [37217], add other embed templates to file descriptions.
Props Frozzare.
Fixes #34561. See #34561.
Built from https://develop.svn.wordpress.org/trunk@37232


git-svn-id: http://core.svn.wordpress.org/trunk@37198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-18 01:05:27 +00:00