Previously when the `mimes` element was not specified in the overrides array passed to `_wp_handle_upload()` it resulted in boolean false being passed to this parameter, which is incorrect. The fallback value should be `null`.
Props platonkristinin, pkbhatt
Fixes#58349
Built from https://develop.svn.wordpress.org/trunk@55872
git-svn-id: http://core.svn.wordpress.org/trunk@55384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The terms "roll back" and "rolled back" are used in user facing strings since [55720]. These termes are not that clear for novice users and may be difficult to translate in some locales. This changeset replaces "roll back" with "restore" and "rolled back" with "restored" or "not applied" depending of the context of the screen.
Follow-up to [55720].
Props kebbet, costdev, NekoJonez, audrasjb, SergeyBiryukov, davidbaumwald.
Fixes#58282.
Built from https://develop.svn.wordpress.org/trunk@55750
git-svn-id: http://core.svn.wordpress.org/trunk@55262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
Built from https://develop.svn.wordpress.org/trunk@55703
git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.
Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes#29748.
Built from https://develop.svn.wordpress.org/trunk@55276
git-svn-id: http://core.svn.wordpress.org/trunk@54809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Correctly instantiate `WP_Error()` within `move_dir()` to prevent a fatal error when unable to delete an existing directory that is intended to be replaced.
Follow-up to [55204], [55219], [55220], [55223].
Props swissspidy, costdev, afragen.
Fixes#57375.
Built from https://develop.svn.wordpress.org/trunk@55226
git-svn-id: http://core.svn.wordpress.org/trunk@54759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset improves the consistency in capitalization of fetching and outputting of request headers. It also updates occurrences found in some docblocks.
Props johnjamesjacoby, costdev, audrasjb, petitphp, mhkuu, SergeyBiryukov.
Fixes#54225.
Built from https://develop.svn.wordpress.org/trunk@55210
git-svn-id: http://core.svn.wordpress.org/trunk@54743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces:
- New function: `wp_opcache_invalidate_directory()`, to recursively call `wp_opcache_invalidate()` after overwriting .php files.
- New function: `move_dir()`, similar to `copy_dir()` that uses `WP_Filesystem::move()` followed by `wp_opcache_invalidate_directory()`, and has a fallback to `copy_dir()`.
Props: costdev, afragen, peterwilsoncc, sergeybiryukov, ironprogrammer, flixos90, bronsonquick, mukesh27, azaozz.
Fixes#57375.
Built from https://develop.svn.wordpress.org/trunk@55204
git-svn-id: http://core.svn.wordpress.org/trunk@54737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds `spellcheck="false"` attribute to various password fields.
The spellcheck global attribute defines whether the element may be checked for spelling errors. The `false` value indicates that the element should not be checked for spelling errors, which is relevant for a password field.
Furthermore, and as per MDN specs, using spellchecking can have consequences for users' security and privacy. The specification does not regulate how spellchecking is done and the content of the element may be sent to a third party for spellchecking results. Thus, it is recommended to set `spellcheck` attribute to `false` for elements that can contain sensitive information. Which is the case for password fields.
Props dziudek, audrasjb, gainesm, fosuahmed.
Fixes#56763.
Built from https://develop.svn.wordpress.org/trunk@55094
git-svn-id: http://core.svn.wordpress.org/trunk@54627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since `ABSPATH` is defined and documented to end with a forward slash `/`, this changeset removes the first `/` from strings appended to `ABSPATH` in various files, leading to `//` in the resulting path.
Props TobiasBg, audrasjb, SergeyBiryukov, emanuelx.
Fixes#57074.
See #57071.
Built from https://develop.svn.wordpress.org/trunk@54872
git-svn-id: http://core.svn.wordpress.org/trunk@54424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset ensures the directory path is provided in error messages when `_unzip_file_pclzip()` is unable to create a directory. This removes `substr()` which was returning an empty string in some use cases.
Props gunterer, SergeyBiryukov, n8finch, peterwilsoncc, audrasjb, rsiddharth, costdev , desrosj, mukesh27.
Fixes#54477.
Built from https://develop.svn.wordpress.org/trunk@54442
git-svn-id: http://core.svn.wordpress.org/trunk@54001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset implements a clearer and more consistent timeout/duration/expiration format. It updates time durations used in various files, as per WordPress coding standards:
- If the value can be represented as an integer (not a fractional) number of minutes (hours, etc.), use the appropriate constant (e.g.: `MINUTE_IN_SECONDS`) multiplied by that number.
- Otherwise, keep the value as is and add a comment with the units for clarity.
Follow-up to [11823], [13177], [21996], [37747], [53714].
Props hztyfoon, audrasjb, arrasel403, krupalpanchal, GaryJ, SergeyBiryukov, peterwilsoncc, rudlinkon, costdev, robinwpdeveloper.
Fixes#56293.
See #55647.
Built from https://develop.svn.wordpress.org/trunk@54113
git-svn-id: http://core.svn.wordpress.org/trunk@53672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`phpversion()` return value and `PHP_VERSION` constant value are identical, but the latter is several times faster because it is a direct constant value lookup compared to a function call.
Props ayeshrajans, jrf, mukesh27, costdev, hellofromTonya, SergeyBiryukov.
Fixes#55680.
Built from https://develop.svn.wordpress.org/trunk@53426
git-svn-id: http://core.svn.wordpress.org/trunk@53015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.
Props Presskopp, socalchristina, aandrewdixon, francina, SergeyBiryukov, JeffPaul, audrasjb, hellofromTonya.
Fixes#38913.
See #39176.
Built from https://develop.svn.wordpress.org/trunk@52978
git-svn-id: http://core.svn.wordpress.org/trunk@52567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A new function `wp_filesize()` was added with [52837]. The function lived in the `wp-admin/includes/file.php` file. However, this admin specific function is not loaded into memory when hitting `media/edit` endpoint. The result was a `500` Internal Server Error. Why? The function is invoked with that endpoint, but the function does not exist in memory.
This commit relocates the new function to the `wp-includes/functions.php` file. In doing so, the function is available for both the frontend and backend.
Follow-up to [52837].
Props talldanwp, spacedmonkey, costdev, antonvlasenko.
Fixes#55367.
Built from https://develop.svn.wordpress.org/trunk@52932
git-svn-id: http://core.svn.wordpress.org/trunk@52521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Store the file size of all newly uploaded attachments, as part of the metadata stored in post meta. Storing file size means, developers will not have to resort to doing `filesize` function calls, that can be time consuming on assets on offloaded to services like Amazon’s S3.
This change also introduces a new helper function called, `wp_filesize`. This is a wrapper around the `filesize` php function, that adds some helpful filters and ensures the return value is an integer.
Props Cybr, Spacedmonkey, SergeyBiryukov, johnwatkins0, swissspidy, desrosj, joemcgill, azaozz, antpb, adamsilverstein, uday17035.
Fixes#49412.
Built from https://develop.svn.wordpress.org/trunk@52837
git-svn-id: http://core.svn.wordpress.org/trunk@52426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
#38231 added support for files fetched remotely to have their filename defined by the host using the `Content-Disposition` header. This would then take priority over the existing temporary file name created with `wp_tempnam()` earlier in the process.
The change unintentionally omitted the temporary directory path used during uploads, since the `wp_tempnam()` function would have added it previously, so that files with this header ended up being stored in the WordPress root folder, or wp-admin folder, when triggered by WP_Cron or user interactions respectively.
This change makes sure the file path includes the temporary directory location when the header is used.
Follow-up to [51939].
Props antonynz, azouamauriac.
Fixes#55109.
Built from https://develop.svn.wordpress.org/trunk@52734
git-svn-id: http://core.svn.wordpress.org/trunk@52323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In PHP 8+, `@` no longer suppresses fatal errors:
> The `@` operator will no longer silence fatal errors (`E_ERROR`, `E_CORE_ERROR`, `E_COMPILE_ERROR`, `E_USER_ERROR`, `E_RECOVERABLE_ERROR`, `E_PARSE`).
Reference: [https://www.php.net/manual/en/migration80.incompatible.php PHP 8: Backward Incompatible Changes].
`disk_free_space()` may be disabled by hosts, which will throw a fatal error on a call to undefined function.
This change prevents the fatal error, and falls back to `false` when `disk_free_space()` is unavailable.
Follow-up to [25540], [25774], [25776], [25831], [25869].
Props costdev, jrf, swb1192, SergeyBiryukov.
Fixes#54826. See #54730.
Built from https://develop.svn.wordpress.org/trunk@52585
git-svn-id: http://core.svn.wordpress.org/trunk@52175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[52232] relocated the Theme Editor menu item from Appearance to Tools for block themes. This commit relocates the Plugin Editor menu item from Plugins to Tools for block themes for a consistent workflow.
Both the Theme Editor and Plugin Editor menu items are renamed to "Theme File Editor" and "Plugin File Editor" respectively. Why? To better identify their purpose, i.e. to directly edit the code in the theme or plugin files. The rename is not limited to only block themes.
Follow-up to [52232].
Props poena, annezazu, audrasjb, clorith, courane01, costdev, dryanpress, desrosj, hellofromTonya, ipstenu, jameskoster, joen, johnbillion, joyously, manfcarlo, marybaum, pbiron, SergeyBiryukov, walbo, youknowriad.
Fixes#54382.
Built from https://develop.svn.wordpress.org/trunk@52406
git-svn-id: http://core.svn.wordpress.org/trunk@51998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Revert the rollback features introduced for theme and plugin upgrades during the WordPress 5.9 cycle. A bug (suspected to be in third party virtualisation software) causes the upgrades to fail consistently on some set ups. The revert is to allow contributors further time to investigate mitigation options.
Reverts [52337], [52289], [52284], [51951], [52192], [51902], [51899], [51898], [51815].
Props pbiron, dlh, peterwilsoncc, galbaras, SergeyBiryukov, afragen, costdev, bronsonquick, aristath, noisysocks, desrosj, TobiasBg, hellofromTonya, francina, Boniu91.
See #54543, #54166, #51857.
Built from https://develop.svn.wordpress.org/trunk@52351
git-svn-id: http://core.svn.wordpress.org/trunk@51943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Check for direct PHP flle access and only use `rename()` if true.
* Check whether the destination directory was successfully created.
* Clear the working directory so there is internal parity within the function between the results of a successful `rename()` and a fallback to `copy_dir()`.
* Use `move_dir()` in `WP_Upgrader::move_to_temp_backup_dir()` and `::restore_temp_backup()`.
Follow-up to [51815], [51898], [51899], [51902], [52192], [52284].
Props afragen, peterwilsoncc, dd32, SergeyBiryukov.
See #54166, #51857.
Built from https://develop.svn.wordpress.org/trunk@52289
git-svn-id: http://core.svn.wordpress.org/trunk@51881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, when uploading a media item type that is not supported, the default error message claims that the reason it cannot upload is due to security reasons. This is not always true. Now the warning says that the type is not allowed, which is always true.
Props antpb, Presskopp, peterwilsoncc, desrosj, iluy, circlecube, mikeschroder.
Fixes#53626.
Built from https://develop.svn.wordpress.org/trunk@52032
git-svn-id: http://core.svn.wordpress.org/trunk@51624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change allows for external clients to supply a suggested filename via a `Content-Disposition` response header. This filename is processed through `sanitize_file_name()` to ensure it is allowable (on the server, MIME's, etc...) and `validate_file()` to prevent directory traversal.
If the suggested filename fails the above processing/checks, that suggestion is discarded and the standard temporary filename (generated by WordPress) is used.
If no `Content-Disposition` header is found in the response headers, the standard temporary filename continues to be used as per normal.
Included in this change are 6 additional PHPUnit tests with 9 assertions. These tests confirm that valid filename values are correctly saved, and invalid filename values are correctly rejected.
Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.
Fixes#38231.
Built from https://develop.svn.wordpress.org/trunk@51939
git-svn-id: http://core.svn.wordpress.org/trunk@51528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This replaces the `copy_dir()` usage in `WP_Upgrader::install_package()` and aims to avoid PHP timeout issues when installing or updating large plugins on slower systems like Vagrant or the WP Docker test environment.
The new function attempts a native PHP `rename()` function first and falls back to the previous `copy_dir()`.
Follow-up to [51815], [51898].
Props afragen, aristath, peterwilsoncc, galbaras, noisysocks, pbiron.
Fixes#54166. See #51857.
Built from https://develop.svn.wordpress.org/trunk@51899
git-svn-id: http://core.svn.wordpress.org/trunk@51492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As per the PHP manual:
> If the `component` parameter is omitted, an associative array is returned.
> If the `component` parameter is specified, `parse_url()` returns a string (or an int, in the case of `PHP_URL_PORT`) instead of an array. If the requested component doesn't exist within the given URL, `null` will be returned.
Reference: [https://www.php.net/manual/en/function.parse-url.php#refsect1-function.parse-url-returnvalues PHP Manual: parse_url(): Return Values]
This commit adds three unit tests for `download_url()`:
* The first test is "girl-scouting" to make sure that the code up to the point where the error is expected is tested.
* The second test exposed a PHP 8.1 `basename(): Passing null to parameter #1 ($path) of type string is deprecated` error due to the call to `parse_url()` returning `null` when the component requested does not exist in the passed URL.
* The output of the call to `parse_url()` stored in the `$url_path` variable is used in more places in the function logic. The third test exposes a second PHP 8.1 deprecation notice, this time for `substr(): Passing null to parameter #1 ($string) of type string is deprecated`.
This commit also removes duplicate `parse_url()` calls. Neither `$url` nor `$url_filename` are changed between when they are first received/defined and when they are re-used, so there is no need to repeat the function calls.
Follow-up to [51606], [51622].
Props jrf, hellofromTonya, SergeyBiryukov.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51626
git-svn-id: http://core.svn.wordpress.org/trunk@51232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Italicized text can be difficult to read for some people with dyslexia or related forms of reading disorders. This removes italics on a number of larger blocks onpm run grunt rpf text in the admin. This has been a task 5.3; this commit closes the task. Further instances of italicized text should be addressed individually.
Props afercia, xkon, audrasjb
Fixes#47327
Built from https://develop.svn.wordpress.org/trunk@50032
git-svn-id: http://core.svn.wordpress.org/trunk@49733 1a063a9b-81f0-0310-95a4-ce76da25c4cd