Several new checks:
* `max_file_uploads`
* `file_uploads`
* `post_max_size`
* `upload_max_filesize`
* `upload_max`
* `max_file_uploads`
In addition, new function `parse_ini_size()` that converts shorthand byte strings to bytes. Useful for size comparisons.
Fixes#50038.
Props dd32, donmhico, JavierCasares, SergeyBiryukov, ayeshrajans, Clorith, ipstenu, sabernhardt, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@48535
git-svn-id: http://core.svn.wordpress.org/trunk@48297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For a number of years, WordPress has been using a `#00a0d2` blue shade for the links `:hover` state. This blue shade doesn't have a sufficient color contrast with the various (too many) background colors used in the admin interface.
The new `#006799` blue shade is part of the official WordPress color palette and does have a sufficient color contrast with most of the admin backgrounds.
Props ryokuhi, audrasjb, joedolson, mapk.
See #47682.
Built from https://develop.svn.wordpress.org/trunk@48368
git-svn-id: http://core.svn.wordpress.org/trunk@48137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `_deprecated_function()`
* `_deprecated_constructor()`
* `_deprecated_file()`
* `_deprecated_argument()`
* `_deprecated_hook()`
* `apply_filters_deprecated()`
* `do_action_deprecated()`
This matches the documented type of `string` for these parameters and removes unnecessarily strict `! is_null()` checks.
Follow-up to [46792].
Props jignesh.nakrani, renathoc, SergeyBiryukov.
Fixes#49698.
Built from https://develop.svn.wordpress.org/trunk@48327
git-svn-id: http://core.svn.wordpress.org/trunk@48096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filter is the callback function added with `add_filter()`, therefore the hook passes a value to the filter, and the filter returns a value to change its behaviour.
The documentation is referring to the latter.
Props johnbillion.
See #49572, #16557.
Built from https://develop.svn.wordpress.org/trunk@48185
git-svn-id: http://core.svn.wordpress.org/trunk@47954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48115
git-svn-id: http://core.svn.wordpress.org/trunk@47884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.
Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.
Props alishanvr, jrf.
Fixes#50426.
Built from https://develop.svn.wordpress.org/trunk@48109
git-svn-id: http://core.svn.wordpress.org/trunk@47878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For a number of years, most of the WordPress error messages have been prefixed with "Error:". However, these messages appear in a context where it's already clear an error occurred. Whether it's an error, a warning, or any other classification, that's not so relevant for users. The content of the message is the relevant part. The "Error:" prefix doesn't add great value while it does add unnecessary complexity for the message readability.
Also, revises some of these messages to improve clarity and removes HTML from translatable strings.
Props garrett-eclipse, ramiy, SergeyBiryukov, afercia, sabernhardt, quadthemes, audrasjb.
See #47003, #43037, #42945, #15887.
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48059
git-svn-id: http://core.svn.wordpress.org/trunk@47826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a final pass to fix PHP compatibiilty issues in the codebase with code changes or adding `phpcs:ignore` comments.
With this change, all PHP compatibility warnings and errors without specific tickets have been addressed (see #49810 and #41750).
Props desrosj, johnbillion, jrf.
See #49922.
Built from https://develop.svn.wordpress.org/trunk@47902
git-svn-id: http://core.svn.wordpress.org/trunk@47676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that the image used as a default site icon looks good on a dark background.
The image was previously changed in the `wp-admin` directory, but the site icon is now loaded from `wp-includes`.
Follow-up to [36635], [47018], [47564], [47832].
Props ocean90.
Fixes#49798.
Built from https://develop.svn.wordpress.org/trunk@47838
git-svn-id: http://core.svn.wordpress.org/trunk@47614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the `@` operator was used to prevent possible warnings emitted by `parse_url()` in PHP < 5.3.3 when URL parsing failed.
Now that the minimum version of PHP required by WordPress is 5.6.20, this is no longer needed.
Props netpassprodsr, Howdy_McGee.
Fixes#49980. See #24780.
Built from https://develop.svn.wordpress.org/trunk@47617
git-svn-id: http://core.svn.wordpress.org/trunk@47392 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These are language constructs, not function calls, so the parentheses are unnecessary.
This updates the PHPCS configuration file the enforce the sniff until it is moved from the `WordPress-Extra` ruleset to the `WordPress-Core` ruleset upstream.
Follow-up to [47198].
Props desrosj, jrf, GaryJ.
Fixes#49376.
Built from https://develop.svn.wordpress.org/trunk@47207
git-svn-id: http://core.svn.wordpress.org/trunk@47007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
Built from https://develop.svn.wordpress.org/trunk@47198
git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `wp_favicon_request()` was introduced in [13205] to avoid a performance hit of serving a full 404 page on every favicon request.
While working as intended, that implementation did not provide a way for theme or plugin authors to manage the behavior of favicon requests.
This changeset implements the following logic (only applied if WordPress is installed in the root directory):
* If there is a Site Icon set in Customizer, redirect `/favicon.ico` requests to that icon.
* Otherwise, use the WordPress logo as a default icon.
* If a physical `/favicon.ico` file exists, do nothing, let the server handle the request.
Handling `/favicon.ico` is now more consistent with handling `/robots.txt` requests.
New functions and hooks:
* Introduce `is_favicon()` conditional tag to complement `is_robots()`.
* Introduce `do_favicon` action to complement `do_robots` and use it in template loader.
* Introduce `do_favicon()` function, hooked to the above action by default, to complement `do_robots()`.
* Introduce `do_faviconico` action to complement `do_robotstxt`, for plugins to override the default behavior.
* Mark `wp_favicon_request()` as deprecated in favor of `do_favicon()`.
Props jonoaldersonwp, birgire, joostdevalk, mukesh27, SergeyBiryukov.
Fixes#47398.
Built from https://develop.svn.wordpress.org/trunk@47018
git-svn-id: http://core.svn.wordpress.org/trunk@46818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Fix PHP warnings in `wp_unique_filename()` when the destination directory is unreadable.
- Run the final name collision test only for files that are saved to the uploads directory.
- Update the unit tests to match.
Props eden159, audrasjb, azaozz.
Fixes#48960 for trunk.
Built from https://develop.svn.wordpress.org/trunk@46965
git-svn-id: http://core.svn.wordpress.org/trunk@46765 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `_deprecated_function()`
* `_deprecated_argument()`
* `_deprecated_constructor()`
* `_deprecated_file()`
The error level passed is `E_USER_DEPRECATED` for the deprecated function group and `E_USER_NOTICE` for `_doing_it_wrong()`.
Props jrf.
Fixes#36561.
Built from https://develop.svn.wordpress.org/trunk@46625
git-svn-id: http://core.svn.wordpress.org/trunk@46422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `_deprecated_function()`
* `_deprecated_argument()`
* `_deprecated_constructor()`
* `_deprecated_file()`
Plugins and themes should be allowed to use these functions to throw appropriate error notices.
This brings them in line with newer `do_action_deprecated()` and `apply_filters_deprecated()` functions, which are not marked as private.
Props jrf.
Fixes#48251.
Built from https://develop.svn.wordpress.org/trunk@46602
git-svn-id: http://core.svn.wordpress.org/trunk@46399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change introduces a new Composer script, `compat` that will scan the codebase for (detectable) potential PHP compatibility issues using the `PHP_CodeSniffer` and a custom ruleset based off of the `PHPCompayibilityWP` ruleset (`phpcompat.xml.dist`).
The command will be run as a separate job within each Travis build. While many compatibility issues and false positives have already been corrected in this commit and other Trac tickets, there are still some remaining. For that reason, the job is allowed to fail while the remainder of the potential compatibility issues are investigated and addressed. After those are resolved, the job should be set as required to pass to help prevent new compatibility issues from being introduced.
Props desrosj, jrf, all PHPCompatibilityWP and PHPCompatibility contributors.
Fixes#46152.
Built from https://develop.svn.wordpress.org/trunk@46290
git-svn-id: http://core.svn.wordpress.org/trunk@46102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The PHP native JSON extension has been bundled and compiled with PHP by default since version 5.2.0. Because the minimum version of PHP required by WordPress is now 5.6.20 (see #46594 and [45058]), JSON extension related polyfills and backwards compatibility code can now be removed.
This change removes code that supported JSON related functionality on older versions of PHP. This includes (but is not limited to) checks that `json_last_error()` exists, checking and setting the `JSON_UNESCAPED_SLASHES` and `JSON_PRETTY_PRINT` constants if not previously defined, and deprecating the `_wp_json_prepare_data()` function (which was 100% workaround code).
Follow up of [46205].
See #47699.
Props jrf, Clorith, pento.
Built from https://develop.svn.wordpress.org/trunk@46206
git-svn-id: http://core.svn.wordpress.org/trunk@46018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removing the direct SQL query in `do_all_pings()` improves filterability.
As part of this change, the signature of `do_enclose()` is changed so that
a null `$content` parameter can be passed, with the `$content` then inferred
from the `$post` passed in the second parameter. In addition, the second
parameter was modified so that a post ID or a `WP_Post` object can be
provided. These changes make it possible to trigger enclosure checks with
a post ID alone (as in `do_all_pings()`) and also brings the function
signature in line with `do_trackbacks()` and `pingback()`.
Props dshanske, spacedmonkey, janw.oostendorp, mrmadhat, birgire.
See #36824.
Built from https://develop.svn.wordpress.org/trunk@46175
git-svn-id: http://core.svn.wordpress.org/trunk@45987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces the `wp_image_resize_identical_dimensions` filter so plugins and themes can determine whether a new image with identical dimensions should be created, defaults to false.
Props wpdennis, HKandulla, galbaras, azaozz.
See #32437.
Built from https://develop.svn.wordpress.org/trunk@46077
git-svn-id: http://core.svn.wordpress.org/trunk@45889 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes the "discourage search engines" option to output a `noindex, nofollow` robots meta tag. `Disallow: /` is removed from the `robots.txt` to allow search engines to discover they are requested not to index the site.
Disallowing search engines from accessing a site in the `robots.txt` file can result in search engines listing a site with a fragment (a listing without content).
Props donmhico, jonoaldersonwp.
Fixes#43590.
Built from https://develop.svn.wordpress.org/trunk@45928
git-svn-id: http://core.svn.wordpress.org/trunk@45739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
Built from https://develop.svn.wordpress.org/trunk@45926
git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To better support HTML and string calls to `wp_die()` without
outputting invalid HTML, wraps error messages in `<div>` rather than `<p>`.
Adds `.wp-die-message` CSS class for styling.
Props dinhtungdu, jeremyfelt, audrasjb, SergeyBiryukov, afercia, audrasjb, noisysocks.
Fixes#47580.
Built from https://develop.svn.wordpress.org/trunk@45909
git-svn-id: http://core.svn.wordpress.org/trunk@45720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Convert `date_i18n()` into a wrapper for `wp_date()`.
`wp_date()` is intended as a replacement for `date_i18n()` without legacy quirks in it. It accepts a true Unix timestamp (not summed with timezone offset) and an arbitrary timezone.
Props Rarst, mboynes, MikeHansenMe, rmccue, nacin.
Fixes#28636.
Built from https://develop.svn.wordpress.org/trunk@45901
git-svn-id: http://core.svn.wordpress.org/trunk@45712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Only use the legacy WP timestamp approach (a sum of timestamp and timezone offset) for `timestamp` and `U` formats without the `$gmt` flag.
Otherwise, make sure the function returns correct local time for any format.
Props Rarst, jdgrimes.
Fixes#40653.
Built from https://develop.svn.wordpress.org/trunk@45856
git-svn-id: http://core.svn.wordpress.org/trunk@45667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `wp_timezone_string()` retrieves the timezone from current settings as a string. Uses the `timezone_string` option to get a proper timezone if available, otherwise falls back to an offset.
* `wp_timezone()` retrieves the timezone from current settings as a `DateTimeZone` object. Timezone can be based on a PHP timezone string or a `±HH:MM` offset.
Props Rarst, remcotolsma, johnjamesjacoby, rmccue.
Fixes#24730.
Built from https://develop.svn.wordpress.org/trunk@45853
git-svn-id: http://core.svn.wordpress.org/trunk@45664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.
See #46732.
Built from https://develop.svn.wordpress.org/trunk@45611
git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use of `date()` in core depends on PHP timezone set to UTC and not changed by third party code (which cannot be guaranteed).
`gmdate()` is functionally equivalent, but is not affected by PHP timezone setting: it's always UTC, which is the exact behavior the core needs.
Props nielsdeblaauw, Rarst.
Fixes#46438. See #44491.
Built from https://develop.svn.wordpress.org/trunk@45424
git-svn-id: http://core.svn.wordpress.org/trunk@45235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Change `recurse_dirsize()` to accept an array of excluded paths.
- Change so we don't calculate the sizes of dirs in wp-content twice.
- Add the size in bytes to the "debug" into.
- Add a custom DOM event after the dir sizes request is done. Can be used by plugins to "daisy chain" more requests.
- Move "WordPress directory location" and "WordPress directory size" to the top in the "Directories and Sizes" section.
- Move "Theme directory location" to the "Active Theme" section.
- Fix labels capitalization.
Props xkon, afercia, Clorith, azaozz.
Fixes#46707.
Built from https://develop.svn.wordpress.org/trunk@45220
git-svn-id: http://core.svn.wordpress.org/trunk@45029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Prevent fatal errors from timeouts on the Tools => Site Health => Info tab.
- Use the `get_dirsize()` and `recurse_dirsize()` functions to calculate directory sizes. The results are cached.
- Introduce "timeout protection" in `recurse_dirsize()`.
Props pento, Clorith, xkon, afercia, jeremyfelt, azaozz.
Fixes#46645.
Built from https://develop.svn.wordpress.org/trunk@45104
git-svn-id: http://core.svn.wordpress.org/trunk@44913 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduce `validate_plugin_requirements()` for validating a plugin's WordPress and PHP version requirements.
Introduce `wp_is_wp_compatible()` and `wp_is_php_compatible()` for checking compatibility with the current WordPress or PHP version.
Props afragen, joyously, DrewAPicture, TimothyBlynJacobs, desrosj, flixos90, SergeyBiryukov.
See #43992.
Built from https://develop.svn.wordpress.org/trunk@44978
git-svn-id: http://core.svn.wordpress.org/trunk@44809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change introduces the `wp_get_update_php_annotation()` function, which returns the message displayed when a host filters the direct PHP update or PHP update education URLs to indicate the information is site specific and provided by the host, not WordPress core.
It also updates `wp_update_php_annotation()` to accept a `$before` and `$after` parameter, which makes this notice more flexible for displaying in multiple locations within the admin area. Previously, the markup output in `wp_update_php_annotation()` was hardcoded, which was making it difficult to display it properly in multiple locations.
Props afragen, aaroncampbell, flixos90, TimothyBlynJacobs, desrosj.
Fixes#46044.
Built from https://develop.svn.wordpress.org/trunk@44935
git-svn-id: http://core.svn.wordpress.org/trunk@44766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A direct URL to where a user can update PHP for their website can now be specified in one of two ways:
- Defining the `WP_DIRECT_UPDATE_PHP_URL` environment variable.
- Returning a URL to the `wp_direct_php_update_url` filter.
When a URL is specified, an additional “Update PHP” button will be displayed at the bottom of the Core dashboard widget informing administrators that their site is running an outdated version of PHP (see [42832]).
Fixes#46074.
Props afragen, desrosj, lukecarbis.
Built from https://develop.svn.wordpress.org/trunk@44814
git-svn-id: http://core.svn.wordpress.org/trunk@44646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds support for a new `wp_die()` argument `exit`, which defaults to true and determines whether `wp_die()` should actually terminate the request. The new fatal error handler then calls `wp_die()` with that argument set to false, as calling `die()` or `exit` from a PHP shutdown function prevents other shutdown functions from being called.
Props schlessera, johnbillion.
Fixes#46038. See #44458.
Built from https://develop.svn.wordpress.org/trunk@44671
git-svn-id: http://core.svn.wordpress.org/trunk@44502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this change, each `wp_die()` handler had their own logic for how to parse arguments, causing inconsistencies and even breakage because the arguments possible to pass to `wp_die()` depended on the request context. Passing a `WP_Error` as `$message` for example used to be only support by the default handler, but not the AJAX and XML-RPC handlers.
With the fatal error protection, plus the new `wp_die()` handlers related to that, improving this support and compatibility has become more significant. Therefore this changeset introduces a private `_wp_die_process_input()` function that handles all function parameters consistently.
Props spacedmonkey, flixos90, schlessera.
Fixes#45933. See #44458.
Built from https://develop.svn.wordpress.org/trunk@44666
git-svn-id: http://core.svn.wordpress.org/trunk@44497 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset uses the API functions introduced in [44476] to link to the resource about updating PHP when highlighting a plugin's required PHP version is not met. It furthermore expands them, introducing a new `wp_update_php_annotation()` function that prints the markup to indicate that the default URL has been altered by the web host, allowing it to be reused universally.
Furthermore, this changeset adds missing `update_php` capability checks before displaying the information about updating PHP.
Props afragen.
Fixes#45986. See #43986, #45686.
Built from https://develop.svn.wordpress.org/trunk@44627
git-svn-id: http://core.svn.wordpress.org/trunk@44458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes the hack that was used before to display more complex HTML markup than a simple message in the default PHP error template via `wp_die()`. By removing HTML markup from the arguments passed to `wp_die()` it furthermore paves the way for supporting other content types than the default.
The message and arguments can be modified with new `wp_php_error_message` and `wp_php_error_args` filters respectively.
Furthermore this changeset fixes a few issues of functions not existing which could potentially have caused fatal errors when executed early in the WordPress bootstrap process.
Props flixos90, spacedmonkey.
See #45933, #44458.
Built from https://develop.svn.wordpress.org/trunk@44624
git-svn-id: http://core.svn.wordpress.org/trunk@44455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress has historically often used code like `preg_split( '/[\s,]+/', $var )` to parse a string of comma-separated values into an array. However, this approach was causing an empty string to not be parsed into an empty array as expected, but rather into an array with the empty string as its sole element.
This was among other areas causing problems in the REST API where passing an empty request parameter could cause that request to fail because, instead of it being ignored, that parameter would be compared against the valid values for it, which typically do not include an empty string.
Props david.binda, sstoqnov.
Fixes#43977.
Built from https://develop.svn.wordpress.org/trunk@44546
git-svn-id: http://core.svn.wordpress.org/trunk@44377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Instead of turning the return value of `stream_get_wrappers()` into a regex to match the scheme, we can instead extract the scheme and search the return value of `stream_get_wrappers()`.
Props schlessera, swissspidy.
Fixes#45553.
Built from https://develop.svn.wordpress.org/trunk@44506
git-svn-id: http://core.svn.wordpress.org/trunk@44337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [42832], [42891] and [43006], this changeset refines the core notice informing about an outdated PHP version:
* The link to the Update PHP information page can now be adjusted using either a `WP_UPDATE_PHP_URL` environment variable, or a new `wp_update_php_url` filter.
* If that URL is different from the default one that points to https://wordpress.org/support/update-php/ or its localized equivalent, a note indicates that the linked resource has not been provided by WordPress itself, and the default URL is still linked to as an additional resource.
* The URL for the default information page has been updated to use the slug `update-php` instead of `upgrade-php`.
* `@since` annotations have been updated.
Going forward, admin areas that display information related to the PHP version should use the new function `wp_get_update_php_url()`.
Props afragen, fierevere, flixos90, markjaquith, miss_jwo, nerrad, pento, schlessera, SergeyBiryukov, spacedmonkey.
Fixes#45686. See #41191.
Built from https://develop.svn.wordpress.org/trunk@44476
git-svn-id: http://core.svn.wordpress.org/trunk@44307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds some special case handling in 'wp_check_filetype_and_ext()' that prevents some common file types from being blocked based on mismatched MIME checks, which were made more strict in WordPress 5.0.1.
Props Kloon, birgire, tellyworth, joemcgill.
See #45615.
Built from https://develop.svn.wordpress.org/trunk@44438
git-svn-id: http://core.svn.wordpress.org/trunk@44269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A static variable contains an integer that is incremented with each call. This number is returned with the optional prefix.
As such the returned value is not universally unique, but it is unique across the life of the PHP process.
Props westonruter, dlh.
See #44883.
Built from https://develop.svn.wordpress.org/trunk@43658
git-svn-id: http://core.svn.wordpress.org/trunk@43487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add a `human_readable_duration` function including tests.
* Add 'pixels' after image width/height.
* Add screen reader text for durations.
Props Presskopp, kiranpotphode, milindmore22, stormrockwell, afercia.
Fixes#39667.
Built from https://develop.svn.wordpress.org/trunk@43633
git-svn-id: http://core.svn.wordpress.org/trunk@43462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`$function`, `$message`, and `$version` have historically been passed to the `doing_it_wrong_run` action. It makes sense to pass those to the filter as well, so that one can conditionally determine the filter value to return.
Fixes#34183.
Built from https://develop.svn.wordpress.org/trunk@43587
git-svn-id: http://core.svn.wordpress.org/trunk@43416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some versions of PHP appear to have a memory leak that is occasionally triggered by calling `stream_get_wrappers()`. In order to avoid calling this, we can return early from `wp_is_stream()` when `$path` doesn't contain `://`.
Props pbiron, JPry, dontstealmyfish.
Fixes#44532.
Built from https://develop.svn.wordpress.org/trunk@43466
git-svn-id: http://core.svn.wordpress.org/trunk@43293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The docs for `date_i18n()` and its filter now correctly state that the `$gmt` parameter is only taken into account if no timestamp is provided. Furthermore, a bug with that parameter is fixed, as it is now ensured that the timezone used with it is `UTC`.
Props Rarst.
Fixes#38771.
Built from https://develop.svn.wordpress.org/trunk@43389
git-svn-id: http://core.svn.wordpress.org/trunk@43217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.
To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.
The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.
Props johnjamesjacoby, allendav.
Fixes#44091.
Built from https://develop.svn.wordpress.org/trunk@43284
git-svn-id: http://core.svn.wordpress.org/trunk@43113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue.
An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.
The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.
Props azaozz, xkon, iandunn.
Fixes#43954. See #43953.
Built from https://develop.svn.wordpress.org/trunk@43223
git-svn-id: http://core.svn.wordpress.org/trunk@43052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r43046 introduced `wp_schedule_delete_old_privacy_export_files()` to schedule the `wp_privacy_delete_old_export_files` cron job, but it did not check to make sure it wasn't running in the context of the install process. When it did run in that context, it created a database error, because the necessary database tables don't exist at that point.
Checking the current context and returning early during the installation phase avoids that issue.
Props helen, timothyblynjacobs, iandunn.
Fixes#43952.
Built from https://develop.svn.wordpress.org/trunk@43162
git-svn-id: http://core.svn.wordpress.org/trunk@42991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.
`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.
This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.
`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.
Props iandunn, desrosj.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43046
git-svn-id: http://core.svn.wordpress.org/trunk@42875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A new global multisite table `wp_blogmeta` is added to the database schema, and a set of `*_site_meta()` API functions are introduced.
The implementation fails gracefully when the new table is not yet available, which may happen especially shortly after the core update, before the network has been upgraded to the new database schema. The presence of the table is detected once and stored as a global setting on the main network.
Core does not yet use site metadata, but there are several use-cases to be implemented or explored in the near future, and it allows plugins to extend sites with arbitrary data, which will come in particularly handy with the upcoming REST API endpoint for sites.
Props spacedmonkey, johnjamesjacoby, jeremyfelt, flixos90.
Fixes#37923.
Built from https://develop.svn.wordpress.org/trunk@42836
git-svn-id: http://core.svn.wordpress.org/trunk@42666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
