This change allows for external clients to supply a suggested filename via a `Content-Disposition` response header. This filename is processed through `sanitize_file_name()` to ensure it is allowable (on the server, MIME's, etc...) and `validate_file()` to prevent directory traversal.
If the suggested filename fails the above processing/checks, that suggestion is discarded and the standard temporary filename (generated by WordPress) is used.
If no `Content-Disposition` header is found in the response headers, the standard temporary filename continues to be used as per normal.
Included in this change are 6 additional PHPUnit tests with 9 assertions. These tests confirm that valid filename values are correctly saved, and invalid filename values are correctly rejected.
Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.
Fixes#38231.
Built from https://develop.svn.wordpress.org/trunk@51939
git-svn-id: http://core.svn.wordpress.org/trunk@51528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit adds the `public` visibility keyword to each method which did not have an explicit visibility keyword.
Why `public`?
With no visibility previously declared, these methods are implicitly `public` and available for use. Changing them to anything else would be a backwards-compatibility break.
Props costdev, jrf.
See #54177.
Built from https://develop.svn.wordpress.org/trunk@51919
git-svn-id: http://core.svn.wordpress.org/trunk@51512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[51916] fixed a bug where `array( `false` )` was added to the cron array when `_get_cron_array()` returned `false`.
This commit:
* Removes any `false` values from the cron array when upgrading to 5.9+.
* Bumps the database version.
Follow-up to [44917], [51916].
Props peterwilsoncc, jrf.
See #53950.
Built from https://develop.svn.wordpress.org/trunk@51917
git-svn-id: http://core.svn.wordpress.org/trunk@51510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Audio
* Video
* Unattached
This allows for more homogeneous translations in languages where keeping a plural form is important.
Follow-up to [6910], [7397], [8901], [9556], [11749], [13100], [12110], [15491], [15578], [22743], [29426], [29625], [34256], [45651], [46437].
Props jdy68, audrasjb, SergeyBiryukov.
Fixes#54238.
Built from https://develop.svn.wordpress.org/trunk@51903
git-svn-id: http://core.svn.wordpress.org/trunk@51496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows these actions to run ''after'' the main process, without affecting the update. Actions running on `shutdown` are immune to PHP timeouts, so in case the failure was due to a PHP timeout, we'll still be able to properly restore the previous version.
Follow-up to [51815], [51898], [51899].
Props aristath, peterwilsoncc.
See #54166.
Built from https://develop.svn.wordpress.org/trunk@51902
git-svn-id: http://core.svn.wordpress.org/trunk@51495 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This replaces the `copy_dir()` usage in `WP_Upgrader::install_package()` and aims to avoid PHP timeout issues when installing or updating large plugins on slower systems like Vagrant or the WP Docker test environment.
The new function attempts a native PHP `rename()` function first and falls back to the previous `copy_dir()`.
Follow-up to [51815], [51898].
Props afragen, aristath, peterwilsoncc, galbaras, noisysocks, pbiron.
Fixes#54166. See #51857.
Built from https://develop.svn.wordpress.org/trunk@51899
git-svn-id: http://core.svn.wordpress.org/trunk@51492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids a few type problems further in the code: boolean divided by a number, or passing `false` to `size_format()` which is documented to accept integers or strings only.
Follow-up to [51815].
Props TobiasBg.
See #51857.
Built from https://develop.svn.wordpress.org/trunk@51898
git-svn-id: http://core.svn.wordpress.org/trunk@51491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows the parent `WP_List_Table::has_items()` method to work as expected, and the override in the child class can now be removed. It also makes the class more consistent with other list table classes.
As a result of this change, the "Bulk actions" dropdown is no longer unnecessarily displayed if there are no terms.
Follow-up to [15491], [17025], [17026].
Props mattoakley, swissspidy, audrasjb, SergeyBiryukov.
Fixes#54181.
Built from https://develop.svn.wordpress.org/trunk@51896
git-svn-id: http://core.svn.wordpress.org/trunk@51489 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the first and last page pagination buttons were disabled when on their next or previous page respectively. This commit removes that unnecessary logic to keep these buttons enabled and avoid confusion in the user's navigation workflow.
New behavior:
- When on page 2, the go to first page `«` button is enabled
- When on the page before the last page, the go to last page `»` button is enabled
Follow-up to [32948], [47219].
Props wp_kc, ronakganatra, knutsp, sabernhardt, Hareesh Pillai, audrasjb, hellofromTonya.
Fixes#42763.
Built from https://develop.svn.wordpress.org/trunk@51880
git-svn-id: http://core.svn.wordpress.org/trunk@51473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adjust similar code in `_post_states()` and `_media_states()` for consistency.
Follow-up to:
* [12897], [15491], [32755], [46153], [48424] for `WP_MS_Sites_List_Table::site_states()`.
* [17793], [47775], [49223] for `_media_states()`.
* [9153], [46309] for `_post_states()`.
Props joelcj91, audrasjb, desrosj.
Fixes#38296.
Built from https://develop.svn.wordpress.org/trunk@51873
git-svn-id: http://core.svn.wordpress.org/trunk@51466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress tries to avoid an issue where slugs might match an existing slug of a page/post.
If we are in a hierarchical post type, there will be a level, and we can leave it the same.
Props stormrockwell, SergeyBiryukov, terriann, tubys, jeremyfelt, Daschmi, MaximeCulea, knutsp, whyisjake.
Fixes#51147.
See also #44112 and #45260.
Built from https://develop.svn.wordpress.org/trunk@51855
git-svn-id: http://core.svn.wordpress.org/trunk@51454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to make the update process more reliable and ensures that if a plugin or theme update fails, the previous version can be safely restored.
* When updating a plugin or theme, the old version is moved to a temporary backup directory:
* `wp-content/upgrade/temp-backup/plugins/[plugin-slug]` for plugins
* `wp-content/upgrade/temp-backup/themes/[theme-slug]` for themes.
* If the update fails, then the temporary backup kept in the `upgrade/temp-backup` directory is restored to its original location.
* If the update succeeds, the temporary backup is deleted.
To further help troubleshoot plugin and theme updates, two new checks were added to the Site Health screen:
* A check to make sure that the `temp-backup` directory is writable.
* A check that there is enough disk space available to safely perform updates.
To avoid confusion: The `temp-backup` directory will NOT be used to "roll back" a plugin to a previous version after a completed update. This directory will simply contain a transient backup of the previous version of a plugin or theme being updated, and as soon as the update process finishes, the directory will be empty.
Props aristath, afragen, pbiron, dd32, poena, TimothyBlynJacobs, audrasjb, mikeschroder, a2hosting, hellofromTonya, KZeni, galbaras, richards1052, Boniu91, mai21, francina, SergeyBiryukov.
See #51857.
Built from https://develop.svn.wordpress.org/trunk@51815
git-svn-id: http://core.svn.wordpress.org/trunk@51422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that the beginning of the label matches the visible link text.
Add a similar label for the plugin URI link on the Plugins screen when the plugin is outside of the directory.
Follow-up to [28673], [28706], [35924].
Props sabernhardt, zeo, audrasjb.
Fixes#24442.
Built from https://develop.svn.wordpress.org/trunk@51795
git-svn-id: http://core.svn.wordpress.org/trunk@51402 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While the new name is much better, it doesn't fully tell what will happen when invoked nor does it fully solve the root problems.
Why? The function is doing too much. And naming is hard.
Props azaozz, desrosj, andraganescu, zieladam, hellofromTonya.
See #53811.
Built from https://develop.svn.wordpress.org/trunk@51791
git-svn-id: http://core.svn.wordpress.org/trunk@51398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In each child class: renames the parameter to match the parent's method signature.
Why? PHP 8 introduces the ability to pass named arguments to function/method calls. This means the child and parent method signatures (i.e. parameter names) need to match.
Changes for readability:
- `@since` clearly specifies the original parameter name and its new name as well as why the change happened.
Follow-up to [11005], [25806], [32655], [38199].
Props jrf, hellofromTonya, sergeybiryukov, azaozz, desrosj, johnbillion.
See #51553.
Built from https://develop.svn.wordpress.org/trunk@51782
git-svn-id: http://core.svn.wordpress.org/trunk@51389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the parent class, renames the parameter `$string` to `$feedback`.
Why? `string` is a PHP reserved keyword.
In each child class: renames the parameter to match the parent's method signature.
Why? PHP 8 introduces the ability to pass named arguments to function/method calls. This means the child and parent method signatures (i.e. parameter names) need to match.
Changes for readability:
- `@since` clearly specifies the original parameter name and its new name as well as why the change happened.
Follow-up to [11005], [25228], [30680], [32655], [38199], [49596].
Props jrf, hellofromTonya, sergeybiryukov, azaozz, desrosj, johnbillion.
See #51553.
Built from https://develop.svn.wordpress.org/trunk@51781
git-svn-id: http://core.svn.wordpress.org/trunk@51388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the parent class, renames the parameter `$object` to `$data_object`.
Why? `object` is a PHP reserved keyword. The parameter name is selected for consistency with `Walker::start_el()`.
In each child class: renames the parameter to match the parent's method signature.
Why? PHP 8 introduces the ability to pass named arguments to function/method calls. This means the child and parent method signatures (i.e. parameter names) need to match.
Changes for readability:
- `@since` clearly specifies the original parameter name and its new name as well as why the change happened.
Follow-up to [7737], [8900], [8970], [14248], [16100], [25642], [25644], [37051], [37056].
Props jrf, hellofromTonya, sergeybiryukov, azaozz, desrosj, johnbillion.
See #51553.
Built from https://develop.svn.wordpress.org/trunk@51780
git-svn-id: http://core.svn.wordpress.org/trunk@51387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The parent class uses `$current_object_id` while most of the child classes use `$id`. As the parent class' is more descriptive, renaming the last parameter in each of child class.
Why? PHP 8 introduces the ability to pass named arguments to function/method calls. This means the child and parent method signatures (i.e. parameter names) need to match.
Changes for readability:
- `@since` clearly specifies the original parameter name and its new name as well as why the change happened.
- In methods longer than a single line, the generic parameter is reassigned to the original parameter restoring it for context for use within the method. An inline comment is added to explain why this reassignment is made.
- In cases where the original parameter name was too generic or misleading, renamed (when reassigning) to a more descriptive name for use within the method.
Follow-up to [7737], [8900], [8970], [14248], [15077], [16100], [25642], [25644], [37051], [37054], [37056], [46271], [47189], [51739].
Props jrf, hellofromTonya, sergeybiryukov, azaozz, desrosj, johnbillion.
See #51553.
Built from https://develop.svn.wordpress.org/trunk@51779
git-svn-id: http://core.svn.wordpress.org/trunk@51386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the parent class, renames the parameter `$object` to `$data_object`.
Why? `object` is a PHP reserved keyword.
In each child class: renames the corresponding parameter to match the parent's method signature.
Why?
PHP 8 introduces the ability to pass named arguments to function/method calls. This means the child and parent method signatures (i.e. parameter names) need to match.
Changes for readability:
- `@since` clearly specifies the original parameter name and its new name as well as why the change happened.
- in methods longer than a single line, the generic parameter is reassigned to the original parameter restoring it for context for use within the method. An inline comment is added to explain why this reassignment is made.
- in cases where the original parameter name was too generic, renamed (when reassigning) to a more descriptive name for use within the method.
Follow-up to [7737], [8900], [8970], [14248], [15077], [16100], [25642], [25644], [37051], [37054], [37056], [46271], [47189].
Props jrf, hellofromTonya, sergeybiryukov, azaozz, desrosj, johnbillion.
See #51553.
Built from https://develop.svn.wordpress.org/trunk@51739
git-svn-id: http://core.svn.wordpress.org/trunk@51347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Matches the method signatures of the parent class and each child class.
Why? PHP 8 introduces the ability to pass named arguments to function/method calls. This means the child and parent method signatures (i.e. parameter names) need to match.
For readability:
- `@since` clearly specifies the original parameter name and its new name as well as why the change happened
- in methods longer than a single line, the generic parameter is reassigned to the original parameter restoring it for context for use within the method. An inline comment is added to explain why this reassignment is made.
Follow-up to [32644], [32664], [32798], [38489], [49183], [49197].
Props jrf, hellofromTonya, sergeybiryukov, azaozz, desrosj, johnbillion.
See #51553.
Built from https://develop.svn.wordpress.org/trunk@51737
git-svn-id: http://core.svn.wordpress.org/trunk@51345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Matches the method signatures of the parent class and each child class.
Why? PHP 8 introduces the ability to pass named arguments to function/method calls. This means the child and parent method signatures (i.e. parameter names) need to match.
For readability:
- `@since` clearly specifies the original parameter name and its new name as well as why the change happened
- in methods longer than a single line, the generic parameter is reassigned to the original parameter restoring it for context for use within the method. An inline comment is added to explain why this reassignment is made.
Follow-up to [15632], [30679], [31210], [32740], [32753], [32754], [32755], [32756], [32757].
Props jrf, hellofromTonya, sergeybiryukov, azaozz, desrosj, johnbillion.
See #51553.
Built from https://develop.svn.wordpress.org/trunk@51735
git-svn-id: http://core.svn.wordpress.org/trunk@51343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `$response` parameter is an object, not an array.
This is a minor inconsistency with the corresponding `in_theme_update_message-{$theme_key}` action for themes, where the `$response` parameter is an array.
For backward compatibility, it is safer not to change the parameter type at this point, but to make sure the documentation is correct.
Follow-up to [11193], [16141], [26540].
Props davidmosterd, audrasjb, SergeyBiryukov.
See #40006.
Built from https://develop.svn.wordpress.org/trunk@51733
git-svn-id: http://core.svn.wordpress.org/trunk@51341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The action fires after the Save Draft (or Save as Pending) and Preview (or Preview Changes) buttons in the Publish meta box.
The previous description stated that the action fires before the post date/time setting, which was not quite correct, as there are also post status and visibility settings between the action and the date/time setting.
Follow-up to [34895].
Props bedas, audrasjb.
Fixes#54045.
Built from https://develop.svn.wordpress.org/trunk@51732
git-svn-id: http://core.svn.wordpress.org/trunk@51338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Matches the method signatures of the parent class and each child class.
Why? PHP 8 introduces the ability to pass named arguments to function/method calls. This means the child and parent method signatures (i.e. parameter names) need to match.
For readability:
- `@since` clearly specifies the original parameter name and its new name as well as why the change happened
- in methods longer than a single line, the generic parameter is reassigned to the original parameter restoring it for context for use within the method. An inline comment is added to explain why this reassignment is made.
Follow-up to [15632], [30679], [31210], [32740], [32753], [32754], [32755], [32756], [32757].
Props jrf, hellofromTonya, @sergeybiryukov, @azaozz, @desrosj, @johnbillion
See #51553.
Built from https://develop.svn.wordpress.org/trunk@51728
git-svn-id: http://core.svn.wordpress.org/trunk@51334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The original name `retrieve_widgets()` was unclear as it suggested it was a getter, i.e. getting the widgets. This function does more than get: finds orphaned widgets, assigns them to the inactive sidebar, and updates the database.
The new name is `sync_registered_widgets()` which better represents what happens when this function is invoked.
The original `retrieve_widgets()` function is soft deprecated to avoid unnecessary code churn downstream for developers that support more than the latest version of WordPress.
Follow-up to [18630].
Props zieladam, timothyblynjacobs, andraganescu, hellofromTonya.
See #53811.
Built from https://develop.svn.wordpress.org/trunk@51705
git-svn-id: http://core.svn.wordpress.org/trunk@51311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids a fatal error on PHP 8 caused by passing a zero value to `fread()` as the `$length` argument, which must be greater than zero.
This commit also amends the previous solution for similar issues elsewhere in the file to ensure consistent type for string values, instead of changing the type from `string` to `bool` when trying to read from an empty file.
Follow-up to [50355].
Props DavidAnderson, jrf, SergeyBiryukov.
Fixes#54036.
Built from https://develop.svn.wordpress.org/trunk@51686
git-svn-id: http://core.svn.wordpress.org/trunk@51292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Installation and activation of incompatible plugins was previously disallowed in [43436] and [44978], but if such a plugin was installed manually, there was nothing on the Plugins screen that would show its compatibility status.
Showing an appropriate notice with a documentation link makes the UI more consistent and improves user experience.
Follow-up to [43436], [44937], [44939], [44978], [45043], [45165], [45546], [47573], [47816], [47819], [48172], [48636], [48637], [48638], [48640], [48652], [48653], [48654], [48660].
Props TacoVerdo, SergeyBiryukov.
Fixes#53990.
Built from https://develop.svn.wordpress.org/trunk@51678
git-svn-id: http://core.svn.wordpress.org/trunk@51284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The following warnings could, in very select circumstances, be shown:
{{{
// PHP 8.0 and higher:
Warning: foreach() argument must be of type array|object, bool given
// PHP 5.6 – 7.4
Warning: Invalid argument supplied for foreach()
}}}
In `WP_Media_List_Table::prepare_items()`, the cron info array is retrieved via a call to `_get_cron_array()`, but as the documentation (correctly) states, the return type of that function is `array|false`, where `false` is returned for a virgin site, with no cron jobs scheduled yet.
However, no type check is done on the return value, and the method just blindly continues by using it in a `foreach`.
Fixed by adding validation for the returned value from `_get_cron_array()` and only running the `foreach` when the returned value is an array.
Reference: [https://developer.wordpress.org/reference/functions/_get_cron_array/ WordPress Developer Resources: _get_cron_array()]
Follow-up to [48417].
Props jrf, hellofromTonya, mukesh27.
Fixes#53949.
Built from https://develop.svn.wordpress.org/trunk@51638
git-svn-id: http://core.svn.wordpress.org/trunk@51244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Hide the browser's native radio button on the custom background position selector in the Customizer and the legacy background screen. This fixes an issue causing both to display.
Props mukesh27, ravipatel, sabernhardt, walbo.
Fixes#53803.
Built from https://develop.svn.wordpress.org/trunk@51637
git-svn-id: http://core.svn.wordpress.org/trunk@51243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As per the PHP manual:
> If the `component` parameter is omitted, an associative array is returned.
> If the `component` parameter is specified, `parse_url()` returns a string (or an int, in the case of `PHP_URL_PORT`) instead of an array. If the requested component doesn't exist within the given URL, `null` will be returned.
Reference: [https://www.php.net/manual/en/function.parse-url.php#refsect1-function.parse-url-returnvalues PHP Manual: parse_url(): Return Values]
This commit adds three unit tests for `download_url()`:
* The first test is "girl-scouting" to make sure that the code up to the point where the error is expected is tested.
* The second test exposed a PHP 8.1 `basename(): Passing null to parameter #1 ($path) of type string is deprecated` error due to the call to `parse_url()` returning `null` when the component requested does not exist in the passed URL.
* The output of the call to `parse_url()` stored in the `$url_path` variable is used in more places in the function logic. The third test exposes a second PHP 8.1 deprecation notice, this time for `substr(): Passing null to parameter #1 ($string) of type string is deprecated`.
This commit also removes duplicate `parse_url()` calls. Neither `$url` nor `$url_filename` are changed between when they are first received/defined and when they are re-used, so there is no need to repeat the function calls.
Follow-up to [51606], [51622].
Props jrf, hellofromTonya, SergeyBiryukov.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51626
git-svn-id: http://core.svn.wordpress.org/trunk@51232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that when multiple plugins or themes are updated and one succeeds and another fails, the error is reported accordingly.
Previously, both updates would end up treated as a success, due to `$this->result` containing the result of the previous operation and not the current one.
Follow-up to [12097].
Props pwtyler, afragen.
Fixes#53002.
Built from https://develop.svn.wordpress.org/trunk@51528
git-svn-id: http://core.svn.wordpress.org/trunk@51139 1a063a9b-81f0-0310-95a4-ce76da25c4cd