Commit Graph

470 Commits

Author SHA1 Message Date
John Blackbourn
f3b93e6b3a Media: Correct the fallback value passed to the $mimes parameter of wp_check_filetype_and_ext() from _wp_handle_upload(), and update corresponding documentation.
Previously when the `mimes` element was not specified in the overrides array passed to `_wp_handle_upload()` it resulted in boolean false being passed to this parameter, which is incorrect. The fallback value should be `null`.

Props platonkristinin, pkbhatt

Fixes #58349

Built from https://develop.svn.wordpress.org/trunk@55872


git-svn-id: http://core.svn.wordpress.org/trunk@55384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-30 19:46:22 +00:00
Sergey Biryukov
046b9afcb7 Docs: Fix a few more typos in DocBlocks and inline comments.
Follow-up to [6779], [10565], [12023], [25224], [27533], [32806], [34777], [45262], [46594], [55823], [55824].

Props Presskopp.
See #57840.
Built from https://develop.svn.wordpress.org/trunk@55827


git-svn-id: http://core.svn.wordpress.org/trunk@55339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-19 13:27:20 +00:00
Weston Ruter
4c2394eed5 General: Use static on closures whenever $this is not used to avoid memory leaks.
Props westonruter, jrf, spacedmonkey.
Fixes #58323.

Built from https://develop.svn.wordpress.org/trunk@55822


git-svn-id: http://core.svn.wordpress.org/trunk@55334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-17 22:46:24 +00:00
audrasjb
ad55717715 I18N: Replace "Roll back" with "Restore" in user facing strings.
The terms "roll back" and "rolled back" are used in user facing strings since [55720]. These termes are not that clear for novice users and may be difficult to translate in some locales. This changeset replaces "roll back" with "restore" and "rolled back" with "restored" or "not applied" depending of the context of the screen.

Follow-up to [55720].

Props kebbet, costdev, NekoJonez, audrasjb, SergeyBiryukov, davidbaumwald.
Fixes #58282.

Built from https://develop.svn.wordpress.org/trunk@55750


git-svn-id: http://core.svn.wordpress.org/trunk@55262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-11 14:50:20 +00:00
Sergey Biryukov
2ec23a82ed Code Modernization: Replace usage of strpos() with str_starts_with().
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).

WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.

While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.

Follow-up to [52039], [52040], [52326].

Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes #58012.
Built from https://develop.svn.wordpress.org/trunk@55703


git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-02 15:45:22 +00:00
Sergey Biryukov
8d7d99289d Filesystem API: Return correct error data from copy_dir() if the directory listing failed.
The `::dirlist()` method is run on the `$from` directory, so `basename( $from )` is the correct thing to pass to the `WP_Error` object.

Follow-up to [50149].

Props afragen, costdev, pravinparmar2404.
Fixes #57907.
Built from https://develop.svn.wordpress.org/trunk@55538


git-svn-id: http://core.svn.wordpress.org/trunk@55050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-11 11:34:24 +00:00
audrasjb
418a21fdbc Help/About: Use the new /documentation/ URLs for HelpHub links in WordPress Admin.
As `https://wordpress.org/support/` was redirected to `https://wordpress.org/documentation/`, this changeset replaces various `/support/article/*` links with `/documentation/article/*` to avoid an extra redirect.

This also updates links to Support Forums by replacing `https://wordpress.org/support/` URLs with `https://wordpress.org/support/forums/`.

Props SergeyBiryukov, audrasjb, dhrupo, hasanmisbah, sakibmd, sabernhardt.
See #57726.

Built from https://develop.svn.wordpress.org/trunk@55412


git-svn-id: http://core.svn.wordpress.org/trunk@54945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-23 10:38:21 +00:00
Sergey Biryukov
9c5d4ca8d1 I18N: Mark screen reader strings as such with translator comments.
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.

Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes #29748.
Built from https://develop.svn.wordpress.org/trunk@55276


git-svn-id: http://core.svn.wordpress.org/trunk@54809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 17:10:21 +00:00
Sergey Biryukov
b29536b060 General: Check that set_time_limit() function is available before using it in core.
This avoids a fatal error if the function is disabled on certain environments.

Props theode, jokerrs, johnbillion, hellofromTonya, costdev, jrf, azaozz, SergeyBiryukov.
Fixes #55711.
Built from https://develop.svn.wordpress.org/trunk@55258


git-svn-id: http://core.svn.wordpress.org/trunk@54791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 13:28:18 +00:00
Peter Wilson
be3d8fdcc3 Filesystem API: Prevent fatal error in move_dir().
Correctly instantiate `WP_Error()` within `move_dir()` to prevent a fatal error when unable to delete an existing directory that is intended to be replaced.

Follow-up to [55204], [55219], [55220], [55223].

Props swissspidy, costdev, afragen.
Fixes #57375.


Built from https://develop.svn.wordpress.org/trunk@55226


git-svn-id: http://core.svn.wordpress.org/trunk@54759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-06 04:21:20 +00:00
Sergey Biryukov
4b790e3483 Filesystem API: Simplify two conditionals in move_dir().
This updates the check whether the destination directory already exists to only call `$wp_filesystem->exists()` once.

Follow-up to [55204], [55219], [55220].

Props azaozz, afragen, SergeyBiryukov.
Fixes #57375.
Built from https://develop.svn.wordpress.org/trunk@55223


git-svn-id: http://core.svn.wordpress.org/trunk@54756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-04 15:37:16 +00:00
Andrew Ozz
8cf4b7557f Filesystem API: Update move_dir() to better handle the differences in the WP_Filesystem::move() methods.
Changes `move_dir()` to attempt to delete the destination when overwriting, before calling `WP_Filesystem::move()`.

Props: afragen, costdev, azaozz.
Fixes: #57375.
Built from https://develop.svn.wordpress.org/trunk@55219


git-svn-id: http://core.svn.wordpress.org/trunk@54752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-04 01:08:17 +00:00
audrasjb
28358ab213 HTTP API: Fix request header inconsistencies.
This changeset improves the consistency in capitalization of fetching and outputting of request headers. It also updates occurrences found in some docblocks.

Props johnjamesjacoby, costdev, audrasjb, petitphp, mhkuu, SergeyBiryukov.
Fixes #54225.

Built from https://develop.svn.wordpress.org/trunk@55210


git-svn-id: http://core.svn.wordpress.org/trunk@54743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-03 13:35:20 +00:00
Andrew Ozz
47172a2c65 Filesystem API: Add directory support to WP_Filesystem_Direct::move().
Introduces:
- New function: `wp_opcache_invalidate_directory()`, to recursively call `wp_opcache_invalidate()` after overwriting .php files.
- New function: `move_dir()`, similar to `copy_dir()` that uses `WP_Filesystem::move()` followed by `wp_opcache_invalidate_directory()`, and has a fallback to `copy_dir()`.

Props: costdev, afragen, peterwilsoncc, sergeybiryukov, ironprogrammer, flixos90, bronsonquick, mukesh27, azaozz.
Fixes #57375.
Built from https://develop.svn.wordpress.org/trunk@55204


git-svn-id: http://core.svn.wordpress.org/trunk@54737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-03 01:50:16 +00:00
audrasjb
0f28fc7aed Login and Registration: Disable spellcheck for password fields.
This changeset adds `spellcheck="false"` attribute to various password fields.

The spellcheck global attribute defines whether the element may be checked for spelling errors. The `false` value indicates that the element should not be checked for spelling errors, which is relevant for a password field.

Furthermore, and as per MDN specs, using spellchecking can have consequences for users' security and privacy. The specification does not regulate how spellchecking is done and the content of the element may be sent to a third party for spellchecking results. Thus, it is recommended to set `spellcheck` attribute to `false` for elements that can contain sensitive information. Which is the case for password fields.

Props dziudek, audrasjb, gainesm, fosuahmed.
Fixes #56763.

Built from https://develop.svn.wordpress.org/trunk@55094


git-svn-id: http://core.svn.wordpress.org/trunk@54627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-19 08:53:13 +00:00
audrasjb
a73fc6c084 Coding Standards: Various brace indentation corrections.
Props mukesh27.
Fixes #57210.
See #56791.

Built from https://develop.svn.wordpress.org/trunk@54881


git-svn-id: http://core.svn.wordpress.org/trunk@54433 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-26 21:01:17 +00:00
audrasjb
64a713db2b Coding Standards: Remove extra slashes when concatenating ABSPATH with a path.
Since `ABSPATH` is defined and documented to end with a forward slash `/`, this changeset removes the first `/` from strings appended to `ABSPATH` in various files, leading to `//` in the resulting path.

Props TobiasBg, audrasjb, SergeyBiryukov, emanuelx.
Fixes #57074.
See #57071.

Built from https://develop.svn.wordpress.org/trunk@54872


git-svn-id: http://core.svn.wordpress.org/trunk@54424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-24 22:11:14 +00:00
audrasjb
c5f189c4a1 Upgrade/Install: Provide dirpath in error messages when _unzip_file_pclzip() cannot create directories.
This changeset ensures the directory path is provided in error messages when `_unzip_file_pclzip()` is unable to create a directory. This removes `substr()` which was returning an empty string in some use cases.

Props gunterer, SergeyBiryukov, n8finch, peterwilsoncc, audrasjb, rsiddharth, costdev , desrosj, mukesh27.
Fixes #54477.

Built from https://develop.svn.wordpress.org/trunk@54442


git-svn-id: http://core.svn.wordpress.org/trunk@54001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-10 12:48:14 +00:00
audrasjb
fd3e5e5f21 Themes: Implement file description for theme.json.
This changeset adds a file description for `theme.json`. This description is notably used in the Theme File Editor.

Props ocean90, kapilpaul, poena.
Fixes #55325.

Built from https://develop.svn.wordpress.org/trunk@54140


git-svn-id: http://core.svn.wordpress.org/trunk@53699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-13 08:20:13 +00:00
audrasjb
c7fe0f88d2 Coding Standards: Clarify time units for various timeout or expiration values.
This changeset implements a clearer and more consistent timeout/duration/expiration format. It updates time durations used in various files, as per WordPress coding standards:

- If the value can be represented as an integer (not a fractional) number of minutes (hours, etc.), use the appropriate constant (e.g.: `MINUTE_IN_SECONDS`) multiplied by that number.
- Otherwise, keep the value as is and add a comment with the units for clarity.

Follow-up to [11823], [13177], [21996], [37747], [53714].

Props hztyfoon, audrasjb, arrasel403, krupalpanchal, GaryJ, SergeyBiryukov, peterwilsoncc, rudlinkon, costdev, robinwpdeveloper.
Fixes #56293.
See #55647.

Built from https://develop.svn.wordpress.org/trunk@54113


git-svn-id: http://core.svn.wordpress.org/trunk@53672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-09 08:16:18 +00:00
Sergey Biryukov
4e0b801910 Coding Standards: Use MINUTE_IN_SECONDS where appropriate.
This aims to clarify the time units for some timeout or expiration values.

Follow-up to [11823], [13177], [21996], [37747].

See #55647.
Built from https://develop.svn.wordpress.org/trunk@53714


git-svn-id: http://core.svn.wordpress.org/trunk@53273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-17 02:18:09 +00:00
audrasjb
bbe60d66c3 Text Changes: Improve consistency of admin error notices.
This changeset replaces `<strong>Error</strong>:` with `<strong>Error:</strong>`, for better consistency.

Props transl8or, mihaidumitrascu, audrasjb.
Fixes #50785.

Built from https://develop.svn.wordpress.org/trunk@53458


git-svn-id: http://core.svn.wordpress.org/trunk@53047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-02 15:05:13 +00:00
Sergey Biryukov
40fc19024f Code Modernization: Replace phpversion() function calls with PHP_VERSION constant.
`phpversion()` return value and `PHP_VERSION` constant value are identical, but the latter is several times faster because it is a direct constant value lookup compared to a function call.

Props ayeshrajans, jrf, mukesh27, costdev, hellofromTonya, SergeyBiryukov.
Fixes #55680.
Built from https://develop.svn.wordpress.org/trunk@53426


git-svn-id: http://core.svn.wordpress.org/trunk@53015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-05-20 17:38:14 +00:00
Sergey Biryukov
9fb5112732 Docs: Add missing description for $pagenow global in various functions.
See #54729, #55499.
Built from https://develop.svn.wordpress.org/trunk@53060


git-svn-id: http://core.svn.wordpress.org/trunk@52649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-04 18:26:06 +00:00
audrasjb
223cda987f Administration: Replace contracted verb forms for better consistency.
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.

Props Presskopp, socalchristina, aandrewdixon, francina, SergeyBiryukov, JeffPaul, audrasjb, hellofromTonya.
Fixes #38913.
See #39176.

Built from https://develop.svn.wordpress.org/trunk@52978


git-svn-id: http://core.svn.wordpress.org/trunk@52567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-22 16:25:03 +00:00
hellofromTonya
316aa2544f Media: Relocate wp_filesize() function for use in frontend and backend.
A new function `wp_filesize()` was added with [52837]. The function lived in the `wp-admin/includes/file.php` file. However, this admin specific function is not loaded into memory when hitting `media/edit` endpoint. The result was a `500` Internal Server Error. Why? The function is invoked with that endpoint, but the function does not exist in memory.

This commit relocates the new function to the `wp-includes/functions.php` file. In doing so, the function is available for both the frontend and backend.

Follow-up to [52837].

Props talldanwp, spacedmonkey, costdev, antonvlasenko.
Fixes #55367.
Built from https://develop.svn.wordpress.org/trunk@52932


git-svn-id: http://core.svn.wordpress.org/trunk@52521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-14 16:32:06 +00:00
spacedmonkey
bbf017e550 Media: Store attachment’s file size in metadata.
Store the file size of all newly uploaded attachments, as part of the metadata stored in post meta. Storing file size means, developers will not have to resort to doing `filesize` function calls, that can be time consuming on assets on offloaded to services like Amazon’s S3. 

This change also introduces a new helper function called, `wp_filesize`. This is a wrapper around the `filesize` php function, that adds some helpful filters and ensures the return value is an integer.

Props Cybr, Spacedmonkey, SergeyBiryukov, johnwatkins0, swissspidy, desrosj, joemcgill, azaozz, antpb, adamsilverstein, uday17035. 
Fixes #49412. 


Built from https://develop.svn.wordpress.org/trunk@52837


git-svn-id: http://core.svn.wordpress.org/trunk@52426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-10 13:10:02 +00:00
Clorith
c3ff2a1cc6 Filesystem API: Use a temp folder for Content-Disposition files.
#38231 added support for files fetched remotely to have their filename defined by the host using the `Content-Disposition` header. This would then take priority over the existing temporary file name created with `wp_tempnam()` earlier in the process.

The change unintentionally omitted the temporary directory path used during uploads, since the `wp_tempnam()` function would have added it previously, so that files with this header ended up being stored in the WordPress root folder, or wp-admin folder, when triggered by WP_Cron or user interactions respectively.

This change makes sure the file path includes the temporary directory location when the header is used.

Follow-up to [51939].

Props antonynz, azouamauriac.
Fixes #55109.
Built from https://develop.svn.wordpress.org/trunk@52734


git-svn-id: http://core.svn.wordpress.org/trunk@52323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-02-15 17:49:00 +00:00
Sergey Biryukov
2eaeae58ff Docs: Update spelling for inline comments in a few files.
Per the [https://make.wordpress.org/core/handbook/best-practices/spelling/ spelling] and [https://make.wordpress.org/docs/style-guide/language-grammar/word-choice/ word choice] documentation guidelines, American (US) spelling should be preferred.

Props mohadeseghasemi, subrataemfluence, rehanali, SergeyBiryukov.
Fixes #46837.
Built from https://develop.svn.wordpress.org/trunk@52640


git-svn-id: http://core.svn.wordpress.org/trunk@52229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-25 13:55:05 +00:00
audrasjb
99bac7e17c Docs: Replace "Current theme" with "Active theme" in various DocBlocks.
This change replaces "Current theme" with "Active theme" in various DocBlocks for better consistency with user-facing strings.

Follow-up to [52580].

Props Presskopp, audrasjb, costdev.
Fixes #54831.
See #54770.

Built from https://develop.svn.wordpress.org/trunk@52610


git-svn-id: http://core.svn.wordpress.org/trunk@52198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-20 23:53:05 +00:00
Sergey Biryukov
ab263f93e5 Upgrade/Install: Check if the disk_free_space() function exists before calling it.
In PHP 8+, `@` no longer suppresses fatal errors:
> The `@` operator will no longer silence fatal errors (`E_ERROR`, `E_CORE_ERROR`, `E_COMPILE_ERROR`, `E_USER_ERROR`, `E_RECOVERABLE_ERROR`, `E_PARSE`).

Reference: [https://www.php.net/manual/en/migration80.incompatible.php PHP 8: Backward Incompatible Changes].

`disk_free_space()` may be disabled by hosts, which will throw a fatal error on a call to undefined function.

This change prevents the fatal error, and falls back to `false` when `disk_free_space()` is unavailable.

Follow-up to [25540], [25774], [25776], [25831], [25869].

Props costdev, jrf, swb1192, SergeyBiryukov.
Fixes #54826. See #54730.
Built from https://develop.svn.wordpress.org/trunk@52585


git-svn-id: http://core.svn.wordpress.org/trunk@52175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-17 11:41:03 +00:00
Sergey Biryukov
3ec2d2fcfa Build/Test Tools: Update PHPCompatibilityWP to version 2.1.3.
The latest release takes the new polyfills added in WordPress 5.9 into account.

This commit also removes redundant inline ignore comments for WP-polyfilled functionality. The PHPCompatibilityWP ruleset explicitly excludes those polyfills, so they don't need to be annotated as ignored.

Release notes:
https://github.com/PHPCompatibility/PHPCompatibilityWP/releases/tag/2.1.3

For a full list of changes in this update, see the PHPCompatibilityWP GitHub:
https://github.com/PHPCompatibility/PHPCompatibilityWP/compare/2.1.2...2.1.3

Follow-up to [46290], [51543].

Props jrf.
Fixes #54711.
Built from https://develop.svn.wordpress.org/trunk@52425


git-svn-id: http://core.svn.wordpress.org/trunk@52017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-12-31 13:55:03 +00:00
hellofromTonya
673ab8a677 Administration: Add "File" to Theme/Plugin Editor menu names and relocate "Plugin File Editor" to Tools for block themes.
[52232] relocated the Theme Editor menu item from Appearance to Tools for block themes. This commit relocates the Plugin  Editor menu item from Plugins to Tools for block themes for a consistent workflow.

Both the Theme Editor and Plugin Editor menu items are renamed to "Theme File Editor" and "Plugin File Editor" respectively. Why? To better identify their purpose, i.e. to directly edit the code in the theme or plugin files. The rename is not limited to only block themes. 

Follow-up to [52232].

Props poena, annezazu, audrasjb, clorith, courane01, costdev, dryanpress, desrosj, hellofromTonya, ipstenu, jameskoster, joen, johnbillion, joyously, manfcarlo, marybaum, pbiron, SergeyBiryukov, walbo, youknowriad.
Fixes #54382.
Built from https://develop.svn.wordpress.org/trunk@52406


git-svn-id: http://core.svn.wordpress.org/trunk@51998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-12-21 20:06:02 +00:00
Peter Wilson
88b1019dc3 Upgrade/install: Revert upgrader rollback features.
Revert the rollback features introduced for theme and plugin upgrades during the WordPress 5.9 cycle. A bug (suspected to be in third party virtualisation software) causes the upgrades to fail consistently on some set ups. The revert is to allow contributors further time to investigate mitigation options.

Reverts [52337], [52289], [52284], [51951], [52192], [51902], [51899], [51898], [51815].

Props pbiron, dlh, peterwilsoncc, galbaras, SergeyBiryukov, afragen, costdev, bronsonquick, aristath, noisysocks, desrosj, TobiasBg, hellofromTonya, francina, Boniu91.
See #54543, #54166, #51857.



Built from https://develop.svn.wordpress.org/trunk@52351


git-svn-id: http://core.svn.wordpress.org/trunk@51943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-12-10 00:06:04 +00:00
Sergey Biryukov
576116927b Upgrade/Install: Make some adjustments to the move_dir() function:
* Check for direct PHP flle access and only use `rename()` if true.
* Check whether the destination directory was successfully created.
* Clear the working directory so there is internal parity within the function between the results of a successful `rename()` and a fallback to `copy_dir()`.
* Use `move_dir()` in `WP_Upgrader::move_to_temp_backup_dir()` and `::restore_temp_backup()`.

Follow-up to [51815], [51898], [51899], [51902], [52192], [52284].

Props afragen, peterwilsoncc, dd32, SergeyBiryukov.
See #54166, #51857.
Built from https://develop.svn.wordpress.org/trunk@52289


git-svn-id: http://core.svn.wordpress.org/trunk@51881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-30 19:12:00 +00:00
Sergey Biryukov
dfdbbb4e62 Docs: Miscellaneous DocBlock corrections.
See #53399.
Built from https://develop.svn.wordpress.org/trunk@52242


git-svn-id: http://core.svn.wordpress.org/trunk@51834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-24 23:59:59 +00:00
antpb
c1f6817cad Media: Remove security messaging in media upload failures.
Previously, when uploading a media item type that is not supported, the default error message claims that the reason it cannot upload is due to security reasons. This is not always true. Now the warning says that the type is not allowed, which is always true.

Props antpb, Presskopp, peterwilsoncc, desrosj, iluy, circlecube, mikeschroder.
Fixes #53626.


Built from https://develop.svn.wordpress.org/trunk@52032


git-svn-id: http://core.svn.wordpress.org/trunk@51624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-07 23:29:56 +00:00
johnjamesjacoby
7a0a07d691 Admin/HTTP API: add suggested filename support to download_url().
This change allows for external clients to supply a suggested filename via a `Content-Disposition` response header. This filename is processed through `sanitize_file_name()` to ensure it is allowable (on the server, MIME's, etc...) and `validate_file()` to prevent directory traversal.

If the suggested filename fails the above processing/checks, that suggestion is discarded and the standard temporary filename (generated by WordPress) is used.

If no `Content-Disposition` header is found in the response headers, the standard temporary filename continues to be used as per normal.

Included in this change are 6 additional PHPUnit tests with 9 assertions. These tests confirm that valid filename values are correctly saved, and invalid filename values are correctly rejected.

Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.

Fixes #38231.
Built from https://develop.svn.wordpress.org/trunk@51939


git-svn-id: http://core.svn.wordpress.org/trunk@51528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-27 15:00:01 +00:00
Sergey Biryukov
d5887aeec3 Upgrade/Install: Introduce a move_dir() function.
This replaces the `copy_dir()` usage in `WP_Upgrader::install_package()` and aims to avoid PHP timeout issues when installing or updating large plugins on slower systems like Vagrant or the WP Docker test environment.

The new function attempts a native PHP `rename()` function first and falls back to the previous `copy_dir()`.

Follow-up to [51815], [51898].

Props afragen, aristath, peterwilsoncc, galbaras, noisysocks, pbiron.
Fixes #54166. See #51857.
Built from https://develop.svn.wordpress.org/trunk@51899


git-svn-id: http://core.svn.wordpress.org/trunk@51492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-09 03:38:57 +00:00
Sergey Biryukov
9f222b708a Code Modernization: Check the return type of parse_url() in download_url().
As per the PHP manual:
> If the `component` parameter is omitted, an associative array is returned.
> If the `component` parameter is specified, `parse_url()` returns a string (or an int, in the case of `PHP_URL_PORT`) instead of an array. If the requested component doesn't exist within the given URL, `null` will be returned.

Reference: [https://www.php.net/manual/en/function.parse-url.php#refsect1-function.parse-url-returnvalues PHP Manual: parse_url(): Return Values]

This commit adds three unit tests for `download_url()`:

* The first test is "girl-scouting" to make sure that the code up to the point where the error is expected is tested.
* The second test exposed a PHP 8.1 `basename(): Passing null to parameter #1 ($path) of type string is deprecated` error due to the call to `parse_url()` returning `null` when the component requested does not exist in the passed URL.
* The output of the call to `parse_url()` stored in the `$url_path` variable is used in more places in the function logic. The third test exposes a second PHP 8.1 deprecation notice, this time for `substr(): Passing null to parameter #1 ($string) of type string is deprecated`.

This commit also removes duplicate `parse_url()` calls. Neither `$url` nor `$url_filename` are changed between when they are first received/defined and when they are re-used, so there is no need to repeat the function calls.

Follow-up to [51606], [51622].

Props jrf, hellofromTonya, SergeyBiryukov.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51626


git-svn-id: http://core.svn.wordpress.org/trunk@51232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-08-17 00:16:01 +00:00
John Blackbourn
ea60cd8191 Docs: Descriptive improvements and corrections for various docblocks.
See #53399

Built from https://develop.svn.wordpress.org/trunk@51300


git-svn-id: http://core.svn.wordpress.org/trunk@50909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-07-01 21:12:58 +00:00
Sergey Biryukov
c4182fd00f Site Health: Make sure the submit_button() function is available in request_filesystem_credentials().
This avoids a fatal error when the function is called via REST API from `WP_Site_Health_Auto_Updates::test_check_wp_filesystem_method()`.

Props lakrisgubben, mukesh27, Clorith, SergeyBiryukov.
Fixes #53206.
Built from https://develop.svn.wordpress.org/trunk@50979


git-svn-id: http://core.svn.wordpress.org/trunk@50588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-24 19:24:57 +00:00
Sergey Biryukov
8e059f3657 Coding Standards: Rewrite a fragment in request_filesystem_credentials() for clarity and to avoid repetition.
Follow-up to [8540], [8865].

See #52627.
Built from https://develop.svn.wordpress.org/trunk@50701


git-svn-id: http://core.svn.wordpress.org/trunk@50310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-12 18:34:05 +00:00
Sergey Biryukov
82042a0377 Coding Standards: Use strict comparison in wp-admin/includes/file.php.
Includes minor code layout fixes for better readability.

See #52627.
Built from https://develop.svn.wordpress.org/trunk@50700


git-svn-id: http://core.svn.wordpress.org/trunk@50309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-12 18:19:09 +00:00
John Blackbourn
52679edbff Docs: Add examples of possible names for various hooks whose name contains a dynamic portion.
This provides greater discoverability of such hooks in search results on the Code Reference site as well as increased clarity when reading the source.

See #50734, #52628

Built from https://develop.svn.wordpress.org/trunk@50505


git-svn-id: http://core.svn.wordpress.org/trunk@50118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-03-07 12:32:09 +00:00
Sergey Biryukov
90ca61ba07 Upgrade/Install: Return a WP_Error from copy_dir() and _copy_dir() if the directory listing failed.
Props afragen, dd32.
Fixes #52342.
Built from https://develop.svn.wordpress.org/trunk@50149


git-svn-id: http://core.svn.wordpress.org/trunk@49828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 17:23:06 +00:00
joedolson
ee751b9779 Administration: Remove italic text to improve readability.
Italicized text can be difficult to read for some people with dyslexia or related forms of reading disorders. This removes italics on a number of larger blocks onpm run grunt rpf text in the admin. This has been a task 5.3; this commit closes the task. Further instances of italicized text should be addressed individually.

Props afercia, xkon, audrasjb
Fixes #47327
Built from https://develop.svn.wordpress.org/trunk@50032


git-svn-id: http://core.svn.wordpress.org/trunk@49733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-27 21:03:57 +00:00
John Blackbourn
f0078d043e Docs: Miscellaneous docblock corrections and improvements.
See #51800.
Built from https://develop.svn.wordpress.org/trunk@49942


git-svn-id: http://core.svn.wordpress.org/trunk@49641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-07 14:17:11 +00:00
John Blackbourn
b59c0f307b Docs: Corrections and improvements to types used in various docblocks.
See #51800, #52217

Built from https://develop.svn.wordpress.org/trunk@49936


git-svn-id: http://core.svn.wordpress.org/trunk@49635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-05 17:16:11 +00:00
Sergey Biryukov
37662df05e Docs: In various @return tags, list the expected type first, instead of false or WP_Error.
Follow-up to [46696], [47060], [49926], [49927].

See #51800.
Built from https://develop.svn.wordpress.org/trunk@49929


git-svn-id: http://core.svn.wordpress.org/trunk@49628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-04 17:18:04 +00:00