Commit Graph

1948 Commits

Author SHA1 Message Date
spacedmonkey
31a092799f REST API: Provide detailed error data in REST API response.
When the fatal error handler is triggered within a REST API request, it currently utilizes wp_die to display a specially formatted error response. However, crucial information captured by the fatal error handler, such as the exact line where the error occurred, is not included in the response due to potential security concerns, such as leaking file paths.

To address this limitation and aid developers in debugging, this enhancement introduces the inclusion of error data in the response when the `WP_DEBUG_DISPLAY` constant is set to true. This additional data, appended under the new key error_data, will facilitate more thorough debugging for REST API errors.

Props ecc, spacedmonkey, TimothyBlynJacobs, rcorrales.
Fixes #60014.
Built from https://develop.svn.wordpress.org/trunk@57610


git-svn-id: http://core.svn.wordpress.org/trunk@57111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-13 09:10:08 +00:00
joedolson
7464bdc47a Administration: Improve contrast and consistency of focus styles.
Apply new focus styles from WordPress 5.3 more broadly. An updated focus style for form inputs, buttons, and link styled as buttons was added in WordPress 5.3; this commit makes other focus styles consistent with those changes so they meet accessibility standards for color contrast.

Props johnbillion, kebbet, joedolson, afercia.
Fixes #51870.
Built from https://develop.svn.wordpress.org/trunk@57553


git-svn-id: http://core.svn.wordpress.org/trunk@57054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-07 16:56:13 +00:00
costdev
c60fc98b33 Upgrade/Install: Introduce Plugin Dependencies.
Introduces a new "Requires Plugins" plugin header so that plugin developers can list the slugs of the plugins theirs depends on.

This will inform users of the requirements, and provide links to the WordPress.org Plugins Repository that they can click to install and activate the dependencies first.

Plugins whose requirements are not met cannot be installed or activated, and they will be deactivated automatically if their requirements become unmet.
Plugins that others rely on cannot be deactivated or deleted until their dependent plugins are deactivated or deleted.

In memory of Alex Mills and Alex King.
WordPress Remembers.

Props ahoereth, afragen, alanfuller, alexkingorg, amykamala, anonymized_10690803, apeatling, ashfame, atimmer, audrasjb, aristath, azaozz, batmoo, beaulebens, blobaugh, bobbingwide, boonebgorges, brianhenryie, chanthaboune, chrisdavidmiles, coolmann, costdev, courane01, danielbachhuber, davidperez, dd32, Denis-de-Bernardy, dingo_d, DJPaul, dougal, DrewAPicture, ethitter, filosofo, georgestephanis, giuseppemazzapica-1, goldenapples, griffinjt, hellofromTonya, husobj, ideag, jarednova, jbobich, jbrinley, jltallon, joedolson, johnciacia, johnjamesjacoby, joppuyo, jsmoriss, karmatosed, kebbet, knutsp, kraftbj, kraftner, kurtpayne, lkraav, logikal16, luisherranz, man4toman, markjaquith, matt, mbijon, megphillips91, mikeschinkel, mordauk, morehawes, mrwweb, mte90, mukesh27, mzaweb, nacin, norcross, nvwd, nwjames, obliviousharmony, ocean90, oglekler, paaljoachim, pauldewouters, pbaylies, pbiron, peterwilsoncc, Philipp15b, poena, pogidude, retlehs, rmccue, ryan, sabreuse, sc0ttkclark, scribu, sereedmedia, SergeyBiryukov, ShaneF, shidouhikari, soean, spacedmonkey, stephenh1988, swissspidy, taylorde, tazotodua, threadi, TimothyBlynJacobs, TJNowell, tollmanz, toscho, tropicalista, Viper007Bond, westi, whiteshadow, williamsba1, wpsmith, ZaneMatthew.
Fixes #22316.
Built from https://develop.svn.wordpress.org/trunk@57545


git-svn-id: http://core.svn.wordpress.org/trunk@57046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-06 23:46:14 +00:00
youknowriad
cb6c706152 Editor: Show the patterns page for classic themes.
Block themes and classic themes with template parts support 
can already access the patterns list within the site editor.
This adds a "Patterns" menu item under Appearance for classic themes
without template parts support.

Props wildworks, kevin940726, aaronrobertshaw, fabiankaegy, swissspidy, get_dave, kebbet.
Fixes #58827.
Built from https://develop.svn.wordpress.org/trunk@57543


git-svn-id: http://core.svn.wordpress.org/trunk@57044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-06 19:42:13 +00:00
Sergey Biryukov
98b3a8d314 Coding Standards: Rename the $expires_offset variable in cache_javascript_headers().
This resolves a WPCS warning:
{{{
Variable "$expiresOffset" is not in valid snake_case format, try "$expires_offset"
}}}

Follow-up to [4109], [21996].

See #59650.
Built from https://develop.svn.wordpress.org/trunk@57532


git-svn-id: http://core.svn.wordpress.org/trunk@57033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-05 03:42:11 +00:00
Adam Silverstein
f94f194552 Media: enable AVIF support.
Add support for uploading, editing and saving AVIF images when supported by the server.

Add 'image/avif' to supported mime types. Correctly identify AVIF images and sizes even when PHP doesn't support AVIF. Resize uploaded AVIF files (when supported) and use for front end markup.

Props adamsilverstein, lukefiretoss, ayeshrajans, navjotjsingh, Tyrannous, jb510, gregbenz, nickpagz, JavierCasares, mukesh27, yguyon, swissspidy.
Fixes #51228.


Built from https://develop.svn.wordpress.org/trunk@57524


git-svn-id: http://core.svn.wordpress.org/trunk@57025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-02 17:48:15 +00:00
Pascal Birchler
a8616f8e33 Docs: Fix typo in do_robots() docblock.
This was introduced in [45928].

Props shailu25, mukesh27.
Fixes #60405.
Built from https://develop.svn.wordpress.org/trunk@57509


git-svn-id: http://core.svn.wordpress.org/trunk@57010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-01 08:40:16 +00:00
Pascal Birchler
c6ccfb1242 I18N: Introduce a more performant localization library.
This introduces a more lightweight library for loading `.mo` translation files which offers increased speed and lower memory usage.
It also supports loading multiple locales at the same time, which makes locale switching faster too.

For plugins interacting with the `$l10n` global variable in core, a shim is added to retain backward compatibility with the existing `pomo` library.

In addition to that, this library supports translations contained in PHP files, avoiding a binary file format and leveraging OPCache if available.
If an `.mo` translation file has a corresponding `.l10n.php` file, the latter will be loaded instead.
This behavior can be adjusted using the new `translation_file_format` and `load_translation_file` filters.

PHP translation files will be typically created by downloading language packs, but can also be generated by plugins.
See https://make.wordpress.org/core/2023/11/08/merging-performant-translations-into-core/ for more context.

Props dd32, swissspidy, flixos90, joemcgill, westonruter, akirk, SergeyBiryukov.
Fixes #59656.
Built from https://develop.svn.wordpress.org/trunk@57337


git-svn-id: http://core.svn.wordpress.org/trunk@56843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-23 13:34:11 +00:00
Felix Arntz
e19c18cba9 Bootstrap/Load: Introduce functions to check whether WordPress is serving a REST API request.
This changeset introduces two functions:
* `wp_is_serving_rest_request()` returns a boolean for whether WordPress is serving an actual REST API request.
* `wp_is_rest_endpoint()` returns a boolean for whether a WordPress REST API endpoint is currently being used. While this is always the case if `wp_is_serving_rest_request()` returns `true`, the function additionally covers the scenario of internal REST API requests, i.e. where WordPress calls a REST API endpoint within the same request.

Both functions should only be used after the `parse_request` action.

All relevant manual checks have been adjusted to use one of the new functions, depending on the use-case. They were all using the same constant check so far, while in fact some of them were intending to check for an actual REST API request while others were intending to check for REST endpoint usage.

A new filter `wp_is_rest_endpoint` can be used to alter the return value of the `wp_is_rest_endpoint()` function.

Props lots.0.logs, TimothyBlynJacobs, flixos90, joehoyle, peterwilsoncc, swissspidy, SergeyBiryukov, pento, mikejolley, iandunn, hellofromTonya, Cybr, petitphp.
Fixes #42061.

Built from https://develop.svn.wordpress.org/trunk@57312


git-svn-id: http://core.svn.wordpress.org/trunk@56818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-19 17:40:09 +00:00
audrasjb
855c1b55d6 Docs: Improve wp_admin_notice() function docblock.
This changeset adds a description for the `attributes` key of `$args` in `wp_admin_notice()`.

Props tmatsuur.
Fixes #59887.




Built from https://develop.svn.wordpress.org/trunk@57279


git-svn-id: http://core.svn.wordpress.org/trunk@56785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-14 08:42:19 +00:00
hellofromTonya
d30fe43245 Docs: Replace "sanity" with "confidence" for inclusive language.
The phrase "sanity check" unnecessarily references mental health. It's an old phrase used to denote an extra step in verifying code works as expected.

“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

While "sanity check" is a well-known phrase with a specific meaning, "confidence check" is a direct replacement that is more clear of its intent while being more inclusive.

Words matter.

Follow-up to [49216], [46271], [40583], [38832], [38637], [37409], [33359], [32162], [30346], [30345], [30238], [30055], [29902], [28763], [26141], [25002], [22227], [13428], [12148], [11025], [8927].

Props dartiss, hellofromTonya.
Fixes #60187.
Built from https://develop.svn.wordpress.org/trunk@57239


git-svn-id: http://core.svn.wordpress.org/trunk@56745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-03 21:59:19 +00:00
Sergey Biryukov
a0504e8091 Text Changes: Update mentions of “web site” to “website” for consistency.
While “web site” was the original spelling, this variant has become rarely used, and “website” is now the standard spelling, already used throughout most of the WordPress core.

Reference: [https://en.wikipedia.org/wiki/Website Wikipedia: Website].

Props LiamMcArthur, cafenoirdesign, sabbirshouvo, sabernhardt, ironprogrammer, mukesh27.
Fixes #59853, #54276.
Built from https://develop.svn.wordpress.org/trunk@57131


git-svn-id: http://core.svn.wordpress.org/trunk@56642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-11-22 17:44:24 +00:00
Sergey Biryukov
dd3b952a10 General: Rename wp_json_encode() parameters for parity with PHP Core.
`wp_json_encode()` is a wrapper for the PHP native `json_encode()` function with some extra safety checks.

This commit renames the `$data` parameter in the `wp_json_encode()` function and associated functions to `$value`, and the `$options` parameter to `$flags` for parity with the parameter names used in PHP Core.

Reference: [https://www.php.net/manual/en/function.json-encode.php PHP Manual: json_encode()].

Follow-up to [30055].

Props jrf, hellofromTonya.
Fixes #59630.
Built from https://develop.svn.wordpress.org/trunk@57130


git-svn-id: http://core.svn.wordpress.org/trunk@56641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-11-21 00:24:20 +00:00
Bernhard Reiter
2e0baf4f79 Blocks: Fix layout support to be compatible with enhanced pagination.
Make layout support compatible with enhanced pagination by ensuring that generated class names are stable across pagination, even when the number of rendered posts is different.

With the previous implementation of enhanced pagination, the CSS corresponding to each block was not detected. Therefore, for enhanced pagination to work correctly, the CSS of the blocks present in the Post Template must be stable on all pages.

The number of posts rendered by the Query block is always the same, except in the last page, where it can be only a fraction. If any of the blocks rendered by the Post Template used the `wp_unique_id` function, the ID (which is incremental) would have been different than in the previous pages and the class names would have varied.

This is remediated by this changeset by replacing the usage of `wp_unique_id` in the layout support (which is used by the Query block) with an implementation that uses IDs that are incremental only for that block. That way, the generated class names are never affected by the number of times `wp_unique_id` runs.

Props luisherranz, andrewserong, isabel_brison, costdev, mukesh27, cbravobernal, hellofromTonya, jorbin.
Fixes #59681.
Built from https://develop.svn.wordpress.org/trunk@56994


git-svn-id: http://core.svn.wordpress.org/trunk@56505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-24 08:51:24 +00:00
Weston Ruter
2869e3a186 Administration: Remove deprecated unload event handlers and use pagehide (and pageshow) when appropriate.
Use `pagehide` event instead of `unload` in the following cases:

* For classic editor to release the post lock.
* In Text widget to rebuild editor after dragging widget to new location in classic widgets interface.
* To clear out the `window.name` when navigating away from a post preview.
* To suspend heartbeat, while also using `pageshow` event to resume as if it had been a focused tab in case page restored from bfcache. 

Also:

* Remove obsolete mobile cleanup code in `js/_enqueues/lib/gallery.js` (introduced in [9894]). Do same for `src/js/_enqueues/wp/media/models.js` (introduced in [22872]). See #22552.
* Remove obsolete Firefox-specific workaround in `js/_enqueues/wp/mce-view.js` from [39282]. See #38511.

Fixes #55491.
Props spenserhale, westonruter, adamsilverstein, azaozz, shawfactor, peterwilsoncc, swissspidy.
Built from https://develop.svn.wordpress.org/trunk@56809


git-svn-id: http://core.svn.wordpress.org/trunk@56321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-09 21:31:27 +00:00
spacedmonkey
5283300aac Query: Improve caching behavior for WP_Query when retrieving id=>parent fields
In [53941], the addition of query caching to `WP_Query` brought about an unintended issue when querying for fields equal to id=>parent. Specifically, on websites with object caching enabled and a substantial number of pages, the second run of this query triggered the `_prime_post_caches` function for id=>parent. This led to the unnecessary priming of post, meta, and term caches, even when only id and parent information were requested.

This commit addresses this issue by introducing a new function, `_prime_post_parents_caches`, which primes a dedicated cache for post parents. This cache is primed during the initial query execution. Subsequently, the `wp_cache_get_multiple` function is employed to retrieve all post parent data in a single object cache request, optimizing performance.

Additionally, this commit extends the coverage of existing unit tests to ensure the reliability of the changes.

Props kevinfodness, joemcgill, peterwilsoncc, LinSoftware, thekt12, spacedmonkey.
Fixes #59188
Built from https://develop.svn.wordpress.org/trunk@56763


git-svn-id: http://core.svn.wordpress.org/trunk@56275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-03 15:01:21 +00:00
Sergey Biryukov
ffd72aac28 Coding Standards: Remove redundant ignore annotations, take 5.
The `VariableAnalysis` standard is not used by WP Core.

Follow-up to [50958], [51003], [52049], [52051], [52069], [53072], [54132], [55132], [56363], [56738], [56743], [56751], [56752].

Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56753


git-svn-id: http://core.svn.wordpress.org/trunk@56265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-02 11:27:24 +00:00
Weston Ruter
a20cb28d14 Script Loader: Harden removal of script tag wrappers.
* Add `wp_remove_surrounding_empty_script_tags()` to more precisely remove script tag wrappers and warn when doing it wrong.
* Add clarifying comments for XML escaping logic in `wp_get_inline_script_tag()`.
* Leverage `WP_HTML_Tag_Processor` in `test_remove_frameless_preview_messenger_channel`.
* Reuse `assertEqualMarkup` in `test_blocking_dependent_with_delayed_dependency`.
* Normalize whitespace in `parse_markup_fragment` for `assertEqualMarkup`.

Follow-up to [56687].
Props dmsnell, westonruter, flixos90.
See #58664.

Built from https://develop.svn.wordpress.org/trunk@56748


git-svn-id: http://core.svn.wordpress.org/trunk@56260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-29 19:47:21 +00:00
Sergey Biryukov
440b8c2aba Coding Standards: Remove redundant ignore annotations, take 2.
This removes ignore annotations which are unnecessary due to the configuration in the `phpcs.xml.dist` ruleset already taking care of this.

Follow-up to [45611], [50146], [50148], [50586], [50822], [56738].

Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56743


git-svn-id: http://core.svn.wordpress.org/trunk@56255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-29 12:21:24 +00:00
Sergey Biryukov
b2c997556a Bootstrap/Load: Remove a redundant continue statement in add_magic_quotes().
Follow-up to [48205], [48440].

Props Cybr.
See #58831.
Built from https://develop.svn.wordpress.org/trunk@56732


git-svn-id: http://core.svn.wordpress.org/trunk@56244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-27 09:42:24 +00:00
hellofromTonya
534f200e48 General: Use wp_kses() in wp_trigger_error().
Uses `wp_kses()` instead of `esc_html()` to allow a list of HTML tags and protocols in the message rather than escaping them.

Why? To retain message readability in the browser and server logs, especially given that Core itself adds HTML to messages in functions, e.g. `_doing_it_wrong()` and each of the `_deprecated_*()` functions. 

HTML tags allowed:
* `a href`
* `br`
* `code`
* `em`
* `strong`

Protocols allowed: `http` and `https`.

To inform extenders, it also documents that any other HTML tags or protocols need to be escaped before passing the message to this function to avoid them being stripped from the message.

Follow-up to [56530], [56705].

Props azaozz, costdev, flixos90, hellofromTonya, peterwilsoncc.
Fixes #57686.
Built from https://develop.svn.wordpress.org/trunk@56707


git-svn-id: http://core.svn.wordpress.org/trunk@56219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 12:38:19 +00:00
hellofromTonya
c8aea02b38 General: Use wp_trigger_error() in _doing_it_wrong() and _deprecated_*().
Uses `wp_trigger_error()` in `_doing_it_wrong()` and each `_deprecated_*()` function, i.e. instead of `trigger_error()`.

To avoid redundancy, uses `wp_trigger_error()` once. How? Saves each message to `$message` variable and then passes it to `wp_trigger_error()` at the end of the function.

Functions:
* _doing_it_wrong()
* _deprecated_function()
* _deprecated_constructor()
* _deprecated_class()
* _deprecated_file()
* _deprecated_argument()
* _deprecated_hook()

Follow-up to [56530].

Props azaozz, costdev, flixos90, hellofromTonya, peterwilsoncc.
See #57686.
Built from https://develop.svn.wordpress.org/trunk@56705


git-svn-id: http://core.svn.wordpress.org/trunk@56217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 11:51:19 +00:00
Weston Ruter
e7747ce23e Script Loader: Use wp_get_script_tag() and wp_get_inline_script_tag()/wp_print_inline_script_tag() helper functions to output scripts on the frontend and login screen.
Using script tag helper functions allows plugins to employ the `wp_script_attributes` and `wp_inline_script_attributes` filters to inject the `nonce` attribute to apply Content Security Policy (e.g. Strict CSP). Use of helper functions also simplifies logic in `WP_Scripts`.

* Update `wp_get_inline_script_tag()` to wrap inline script in CDATA blocks for XHTML-compatibility when not using HTML5.
* Ensure the `type` attribute is printed first in `wp_get_inline_script_tag()` for back-compat.
* Wrap existing `<script>` tags in output buffering to retain IDE supports.
* In `wp_get_inline_script_tag()`, append the newline to `$javascript` before it is passed into the `wp_inline_script_attributes` filter so that the CSP hash can be computed properly.
* In `the_block_template_skip_link()`, opt to enqueue the inline script rather than print it.
* Add `ext-php` to `composer.json` under `suggest` as previously it was an undeclared dependency for running PHPUnit tests.
* Update tests to rely on `DOMDocument` to compare script markup, normalizing unsemantic differences.

Props westonruter, spacedmonkey, flixos90, 10upsimon, dmsnell, mukesh27, joemcgill, swissspidy, azaozz.
Fixes #58664.
See #39941.

Built from https://develop.svn.wordpress.org/trunk@56687


git-svn-id: http://core.svn.wordpress.org/trunk@56199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 21:05:21 +00:00
joedolson
4b17383d2c Code Modernization: Rename reserved keyword used as variable.
Change the `$echo` parameter added to `wp_update_php_annnotation()` to `$display` to avoid using reserved PHP keywords as parameters. Follow up to [56570].

Props kebbet, mukesh27.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56662


git-svn-id: http://core.svn.wordpress.org/trunk@56174 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 18:14:16 +00:00
joedolson
491a21da64 Login and Registration: Improve HTML for errors and notices.
Improve markup on Login and Registration errors. Use list markup for multiple issues, paragraph when only one to reduce semantic burden in the most common case. Normalize classes and markup for wrapper using `wp_admin_notice()` and `wp_get_admin_notice()` functions. Move definition of those functions from `wp-admin\includes\misc.php` to `wp-includes\functions.php`. Move tests to functions group. 

Props extendwings, sabernhardt, afercia, lukecavanagh, rianrietveld, oglekler, sergeybiryukov, costdev, joedolson.
Fixes #30685.
Built from https://develop.svn.wordpress.org/trunk@56654


git-svn-id: http://core.svn.wordpress.org/trunk@56166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 18:24:15 +00:00
joedolson
0f4010bd49 Administration: Use wp_admin_notice() in /wp-admin/.
Add usages of `wp_admin_notice()` and `wp_get_admin_notice()` on `.notice-[type]` in the root level of `/wp-admin/`. Ongoing task to implement new function across core.

Props costdev, joedolson.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56570


git-svn-id: http://core.svn.wordpress.org/trunk@56082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-14 00:54:19 +00:00
Sergey Biryukov
e5490118af Coding Standards: Include one space after function keyword for closures.
Note: This is enforced by WPCS 3.0.0.

Reference: [https://github.com/WordPress/WordPress-Coding-Standards/pull/2328 WPCS: PR #2328 Core: properly check formatting of function declaration statements].

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56559


git-svn-id: http://core.svn.wordpress.org/trunk@56071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-12 15:23:18 +00:00
Sergey Biryukov
b80ce60f70 Coding Standards: Use pre-increment/decrement for stand-alone statements.
Note: This is enforced by WPCS 3.0.0:

1. There should be no space between an increment/decrement operator and the variable it applies to.
2. Pre-increment/decrement should be favoured over post-increment/decrement for stand-alone statements. “Pre” will in/decrement and then return, “post” will return and then in/decrement. Using the “pre” version is slightly more performant and can prevent future bugs when code gets moved around.

References:
* [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#increment-decrement-operators WordPress PHP Coding Standards: Increment/decrement operators]
* [https://github.com/WordPress/WordPress-Coding-Standards/pull/2130 WPCS: PR #2130 Core: add sniffs to check formatting of increment/decrement operators]

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56549


git-svn-id: http://core.svn.wordpress.org/trunk@56061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-09 09:28:26 +00:00
Sergey Biryukov
d8936a9fe7 Coding Standards: Remove superfluous blank lines at the end of various functions.
Note: This is enforced by WPCS 3.0.0.

Follow-up to [56536], [56547].

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56548


git-svn-id: http://core.svn.wordpress.org/trunk@56060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-08 10:03:21 +00:00
hellofromTonya
2653e93e09 General: Introduce wp_trigger_error().
Introduces `wp_trigger_error()` as a wrapper around PHP's native `trigger_error()`. As a wrapper, it's lean and not opinionated about the message. It accepts an E_USER family error level, meaning it is not limited to only notices.

Where `_doing_it_wrong()` intends to loudly alert developers "Hey you're doing it wrong - fix it", `wp_trigger_error()` is not opinionated and does not add wording. Rather, it passes the given message to `trigger_error()`.

`wp_trigger_error()` is meant for every `trigger_error()` instance. It can be used:
* in `_doing_it_wrong()` and each `_deprecated_*()` function.
* for PHP 8.x deprecations.
* for PHP error parity.
* for less severe "doing it wrong" instance that do not require bailing out.
* when a component or extension is not available on the server
* for instances where it's not clear if a plugin's or theme's code is the root cause.
* and more.

Technical details:

* Does not trigger the error if `WP_DEBUG` is not `true`.

* Includes `wp_trigger_error_run` action to allow hooking in for backtracing and deeper debug.

* Accepts an E_USER error level, but defaults to `E_USER_NOTICE`.

* Requires a function name, though can be an empty string. As the output message generated by `trigger_error()` references the file and line number where it was invoked, passing the function's name provides more information where the error/warning/notice/deprecation happened. It's intended to help with debug.

* A WordPress version number is not included.

* As messages can appear in the browser, the message is escaped using `esc_html()`. As noted in [https://www.php.net/manual/en/function.trigger-error.php the PHP manual]: "HTML entities in message are not escaped. Use htmlentities() on the message if the error is to be displayed in a browser."

References:
* [https://www.php.net/manual/en/function.trigger-error.php PHP manual for `trigger_error()`].
* [https://www.php.net/manual/en/errorfunc.constants.php E_USER constants (error level) in the PHP manual].

Props azaozz, hellofromTonya, flixos90, costdev, peterwilsoncc, oglekler, mukesh27.
See #57686.
Built from https://develop.svn.wordpress.org/trunk@56530


git-svn-id: http://core.svn.wordpress.org/trunk@56042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-06 22:08:18 +00:00
spacedmonkey
eb7094465d Database: Add expiration for dirsize_cache to transient to improve performance.
The transient `dirsize_cache` stores an array of directory sizes. This transient can grow very large, if the plugin directory has lots of sub directories in it. For example, a site with 30 plugins, the transient was around 2MB. For sites without a persistent object cache, transients without an expiration, are stored in autoloaded options. This means this option would load on every page request. Loading this option on every page request when it is not used it wasteful. Adding a expiration to this transient means it will not autoload. To ensure there is no degradation in performance, the expiration was set to a generous 10-year timeframe, making it highly unlikely to expire before it's refreshed.

Props nicomollet, spacedmonkey, flixos90, wpgurudev.
Fixes #54221.
Built from https://develop.svn.wordpress.org/trunk@56522


git-svn-id: http://core.svn.wordpress.org/trunk@56034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-06 10:03:20 +00:00
Sergey Biryukov
70d853b9cd Code Modernization: Rename parameters that use reserved keywords in wp-includes/functions.php.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit renames the `$class` parameter to `$class_name` in `_deprecated_class()`.

Follow-up to [54929], [56467].

Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56514


git-svn-id: http://core.svn.wordpress.org/trunk@56026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-05 12:25:13 +00:00
Sergey Biryukov
dc9517a3e0 Upload: Correct duplicate MIME type for .xlsx files generated by Google Docs.
This expands the code block previously added for `.docx` files to include `.xlsx` files as well, which are known to have the same issue with `finfo_file()`.

Includes a unit test case for `wp_check_filetype_and_ext()`.

Reference: [https://bugs.php.net/bug.php?id=77784 PHP Bug #77784: mime_content_type() result gets doubled for .xlsx].

Follow-up to [56497].

See #57898.
Built from https://develop.svn.wordpress.org/trunk@56510


git-svn-id: http://core.svn.wordpress.org/trunk@56022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-03 12:51:20 +00:00
audrasjb
f6bd4ab08e Upload: Add a MIME type exception for .docx generated by Google Docs.
This changeset adds an exception to prevent permission issues on `.docx` generated by Google Docs. This is a temporary fix for an upstream bug on the `finfo_file()` 
PHP function which returns a redundant MIME type for these documents.

Props winterstreet, jakariaistauk, mujuonly, mi5t4n, annashopina, audrasjb, azaozz, mikeschroder, oglekler.
Fixes #57898.




Built from https://develop.svn.wordpress.org/trunk@56497


git-svn-id: http://core.svn.wordpress.org/trunk@56009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-30 22:32:19 +00:00
costdev
b5789d72c3 General: Replace two esc_url_raw() calls in core with sanitize_url().
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.

This replaces the two remaining instances of `esc_url_raw()` with `sanitize_url()` in WordPress core.

Follow-up to [53455], [53933], [54522].

Props rajinsharwar, SergeyBiryukov.
Fixes #59247.
Built from https://develop.svn.wordpress.org/trunk@56494


git-svn-id: http://core.svn.wordpress.org/trunk@56006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-30 20:25:18 +00:00
Sergey Biryukov
b79e69ba3b Docs: Fix typo in a translator comment in _deprecated_class().
Includes a few other formatting adjustments for consistency.

Follow-up to [48327], [56467], [56471].

See #58833.
Built from https://develop.svn.wordpress.org/trunk@56474


git-svn-id: http://core.svn.wordpress.org/trunk@55986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-26 04:49:21 +00:00
audrasjb
1b245d9568 Docs: Improve PHPCS comments general consistency.
Props nekojonez.
See #58833.



Built from https://develop.svn.wordpress.org/trunk@56472


git-svn-id: http://core.svn.wordpress.org/trunk@55984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-25 05:11:17 +00:00
audrasjb
510c3e9628 Docs: Docblock improvements in _deprecated_class() function, as per docblocks standards.
Follow-up to [56467].

See #58833.



Built from https://develop.svn.wordpress.org/trunk@56471


git-svn-id: http://core.svn.wordpress.org/trunk@55983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-25 05:04:19 +00:00
Drew Jaynes
55d1c71d56 Fix coding standards for translatable _deprecated_class() message strings
See #41125

Built from https://develop.svn.wordpress.org/trunk@56468


git-svn-id: http://core.svn.wordpress.org/trunk@55980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-25 03:35:17 +00:00
Drew Jaynes
668dceb31c Introduce a _deprecated_class() function.
Similar to other function in the `_deprecated_*` series, `_deprecated_class()` comes with two new hooks: `deprecated_class_run` and `deprecated_class_trigger_error`.

Support has also been added for setting class deprecation expectations in tests.

Props jrf, wvega, ohryan.
See #41125.

Built from https://develop.svn.wordpress.org/trunk@56467


git-svn-id: http://core.svn.wordpress.org/trunk@55979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-25 03:25:21 +00:00
John Blackbourn
4667b9323f Docs: Miscellaneous docblock corrections and improvements.
See #58833

Built from https://develop.svn.wordpress.org/trunk@56414


git-svn-id: http://core.svn.wordpress.org/trunk@55926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-18 17:29:20 +00:00
Sergey Biryukov
6035d50bab Coding Standards: Use strict comparison in wp-includes/functions.php.
Follow-up to [5999], [6342], [7406], [8369], [10322], [11288], [11332], [11597], [12405], [13569], [14649], [15806], [19773], [26449], [26926], [39831], [40124].

Props aristath, poena, afercia, SergeyBiryukov.
See #58831.
Built from https://develop.svn.wordpress.org/trunk@56326


git-svn-id: http://core.svn.wordpress.org/trunk@55838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-31 13:33:24 +00:00
audrasjb
897d9c221e I18n: Improve the use of dashicons-external icon for external links.
This changeset modifies how the `dashicons-external` icon is used in external links by editing its styles and adding a space between the text and the icon 
for better accessibility.

Props SergeyBiryukov, afercia, isabel_brison, mukesh27, sabernhardt, oglekler, audrasjb.
Fixes #47303.



Built from https://develop.svn.wordpress.org/trunk@56211


git-svn-id: http://core.svn.wordpress.org/trunk@55723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-11 12:59:25 +00:00
audrasjb
321158f726 Docs: Replace multiple single line comments with multi-line comments.
This changeset updates various comments as per WordPress PHP Inline Documentation Standards.
See https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/#5-inline-comments.

Follow-up to [56174], [56175], [56176], [56177], [56178], [56179], [56180].

Props costdev, audrasjb.
See #58459.



Built from https://develop.svn.wordpress.org/trunk@56191


git-svn-id: http://core.svn.wordpress.org/trunk@55703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-10 22:38:25 +00:00
John Blackbourn
6a33072f68 General: Ignore invalid types for the '_wp_http_referer' URL query variable.
It's expected that this query variable contains a string when it's set, but it's possible for its type to be something else such as an array. Ignoring non-string values prevents cascading errors when its value is passed through functions that expect a string.

Props xknown, costdev, jrf, azaozz

Fixes #57670

Built from https://develop.svn.wordpress.org/trunk@56115


git-svn-id: http://core.svn.wordpress.org/trunk@55627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-29 23:27:23 +00:00
Sergey Biryukov
ad16732d27 Code Modernization: Use str_contains() in a few more places.
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).

WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [55988], [56021].

See #58206.
Built from https://develop.svn.wordpress.org/trunk@56031


git-svn-id: http://core.svn.wordpress.org/trunk@55543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-26 10:17:25 +00:00
Sergey Biryukov
84e9601e5a Code Modernization: Replace usage of substr() with str_starts_with() and str_ends_with().
`str_starts_with()` and `str_ends_with()` were introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins or ends with the given substring (needle).

WordPress core includes a polyfill for these functions on PHP < 8.0 as of WordPress 5.9.

This commit uses `str_starts_with()` and `str_ends_with()` in core files where appropriate:
* `$needle === substr( $string, 0, $length )`, where `$length` is the length of `$needle`, is replaced with `str_starts_with( $haystack, $needle )`.
* `$needle === substr( $string, $offset )`, where `$offset` is negative and the absolute value of `$offset` is the length of `$needle`, is replaced with `str_ends_with( $haystack, $needle )`.

This aims to make the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [52039], [52040], [52326], [55703], [55710], [55987], [55988].

Props Soean, spacedmonkey, Clorith, ocean90, azaozz, sabernhardt, SergeyBiryukov.
Fixes #58220.
Built from https://develop.svn.wordpress.org/trunk@55990


git-svn-id: http://core.svn.wordpress.org/trunk@55502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-22 14:57:24 +00:00
Sergey Biryukov
1ce5dc7444 Code Modernization: Replace usage of strpos() with str_contains().
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).

WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].

Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes #58206.
Built from https://develop.svn.wordpress.org/trunk@55988


git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-22 14:36:26 +00:00
John Blackbourn
aa05fbf5f5 Administration: Add the no-store and private directives to the Cache-Control header when preventing caching for logged in users.
The intention behind this change is to prevent sensitive data in responses for logged in users being cached and available to others, for example via the browser history after the user logs out.

The `no-store` directive instructs caches in the browser or within proxies not to store the response in the cache. This is subtly different from the `no-cache` directive which means the response can be cached but must be revalidated before re-use. WordPress does not use ETag headers by default therefore this does not achieve the same result.

The `private` directive complements the `no-store` directive by specifying that the response contains private information that should not be stored in a public cache. Som
e proxy caches may ignore the `no-store` directive but respect the `private` directive, thus it is included.

The existing `Cache-Control` header for users who are not logged in remains unchanged, and the existing cache prevention directives remain in place for backwards compatib
ility.

Props soulseekah, luehrsen, Dharm1025, markdoliner, rutviksavsani, ayeshrajans, paulkevan, clorith, andy786, johnbillion

Fixes #21938, Fixes #57627

Built from https://develop.svn.wordpress.org/trunk@55968


git-svn-id: http://core.svn.wordpress.org/trunk@55480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-21 18:27:18 +00:00
John Blackbourn
f3b93e6b3a Media: Correct the fallback value passed to the $mimes parameter of wp_check_filetype_and_ext() from _wp_handle_upload(), and update corresponding documentation.
Previously when the `mimes` element was not specified in the overrides array passed to `_wp_handle_upload()` it resulted in boolean false being passed to this parameter, which is incorrect. The fallback value should be `null`.

Props platonkristinin, pkbhatt

Fixes #58349

Built from https://develop.svn.wordpress.org/trunk@55872


git-svn-id: http://core.svn.wordpress.org/trunk@55384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-30 19:46:22 +00:00