This also introduces `wp_is_password_reset_allowed_for_user()` which returns `false` when password reset is not allowed for a specific user. This can be
filtered by developers using the existing `allow_password_reset` hook.
Props ocean90, cshark, robinwpdeveloper, tahmina1du, kraftbj.
Fixes#58194.
Built from https://develop.svn.wordpress.org/trunk@56150
git-svn-id: http://core.svn.wordpress.org/trunk@55662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids an `Undefined variable $checkout` PHP warning if all of the directories checked for access are disallowed due to the PHP `open_basedir` restrictions.
Follow-up to [55425].
Props jqz, costdev, audrasjb.
Fixes#58563.
Built from https://develop.svn.wordpress.org/trunk@56124
git-svn-id: http://core.svn.wordpress.org/trunk@55636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset ensures scheduled posts are actually published when changing their status to "Published" using bulk edit. Also adds related unit tests.
Props siobhan, Clorith, webcommsat, cadic, oglekler, audrasjb, pavanpatil1.
Fixes#31635.
Built from https://develop.svn.wordpress.org/trunk@56123
git-svn-id: http://core.svn.wordpress.org/trunk@55635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This removes HTML tags from the label, which were not displayed as expected due to escaping. Including the directory name in the label is also redundant, as it is already mentioned in the check result description directly below.
Includes:
* Adjusting a few other labels for consistency.
* Moving `wp-content` out of the translatable string in a similar message in `WP_Upgrader::generic_strings()`.
Follow-up to [55720].
Props dlh, mukesh27, audrasjb, SergeyBiryukov.
See #58678.
Built from https://develop.svn.wordpress.org/trunk@56117
git-svn-id: http://core.svn.wordpress.org/trunk@55629 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves an `Undefined array key "password"` PHP warning in `WP_Filesystem_SSH2::connect()` when using public/private key authentication, in which case providing a password is optional.
Follow-up to [8865].
Props J-Dill, costdev, ehsanakhgari, dd32.
Fixes#33196.
Built from https://develop.svn.wordpress.org/trunk@56111
git-svn-id: http://core.svn.wordpress.org/trunk@55623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces the `bulk_edit_posts` action hook, triggered after processing the post data for bulk edit and before the function returns its results. For example, it allows developers to save additional data without having to perform any `.ajax()` calls.
Follow-up to [8973].
Props helgatheviking, helen, Mte90, afercia, mrasharirfan, desrosj, itowhid06, pento, mensmaximus, audrasjb, costdev, webcommsat, marybaum, oglekler, mukesh27, SergeyBiryukov.
Fixes#28112.
Built from https://develop.svn.wordpress.org/trunk@56091
git-svn-id: http://core.svn.wordpress.org/trunk@55603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes unit tests to verify the logic for displaying row actions in the Media Library in certain scenarios, e.g. with and without the “Trash” or “Unattached” filter.
Follow-up to [55949].
Props costdev, kebbet, mukesh27, oglekler.
Fixes#57893.
Built from https://develop.svn.wordpress.org/trunk@56072
git-svn-id: http://core.svn.wordpress.org/trunk@55584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a new optional `$include_hidden` parameter to allow the inclusion of hidden (`.` prefixed) files.
Defaults to false for backward compatibility.
Props yani.iliev, sabernhardt, costdev, rutviksavsani, zunaid321, azaozz.
Fixes#53659.
Built from https://develop.svn.wordpress.org/trunk@56069
git-svn-id: http://core.svn.wordpress.org/trunk@55581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds the `plugins_list` hook, which can be use to filter the list of plugin displayed on WP Admin Plugins screen.
Props nateallen, fischfood, mukesh27, peterwilsoncc, SergeyBiryukov, audrasjb, costdev, ecorica, zunaid321.
Fixes#57278.
Built from https://develop.svn.wordpress.org/trunk@56068
git-svn-id: http://core.svn.wordpress.org/trunk@55580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds "Current time, "Current UTC time" and "Current Server time" under the "Server" section of Site Health debug infos. This provides the
current time, the server time, and allow for comparison if there's some time-related issues.
Props sebastienserre, Clorith, audrasjb, kebbet, robinwpdeveloper, hrrarya, mukesh27, hareesh-pillai, costdev.
Fixes#56378.
Built from https://develop.svn.wordpress.org/trunk@56056
git-svn-id: http://core.svn.wordpress.org/trunk@55568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Register all core blocks in a new function called `register_core_block_style_handles`. This mirrors the function `wp_default_styles` where all core styles are registered in one place. This improves block registration performance, as it avoids expensive file lookups, like realpath in `register_block_style_handle`. The new function `register_core_block_style_handles` uses `glob` to get all css files in the blocks directory. This glob is cached in a transient to save lookups on subsequent requests. The function `register_block_style_handle` now checks to see if the style handle is already registered before trying to register it again.
Props mukesh27, westonruter, flixos90, joemcgill, spacedmonkey.
Fixes#58528.
Built from https://develop.svn.wordpress.org/trunk@56044
git-svn-id: http://core.svn.wordpress.org/trunk@55556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [55988], [56021].
See #58206.
Built from https://develop.svn.wordpress.org/trunk@56031
git-svn-id: http://core.svn.wordpress.org/trunk@55543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a up/down arrow for visual affordance about the purpose of the button link; change button text from "Show details" to "More details".
Props krupajnanda, subrataemfluence, audrasjb, afercia, nrqsnchz, joedolson.
Fixes#44714.
Built from https://develop.svn.wordpress.org/trunk@56027
git-svn-id: http://core.svn.wordpress.org/trunk@55539 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Move the visual positioning of the posts search form into it's DOM position. Fixes an accessibility bug where the keyboard focus sequence did not match the visual order. Change the media search form in list view to match the format of other post views. Give search forms a consistent layout on mobile.
Props oglekler, sabernhardt, joedolson.
Fixes#57949.
Built from https://develop.svn.wordpress.org/trunk@56023
git-svn-id: http://core.svn.wordpress.org/trunk@55535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure that quick edit does not define a publish date if the post status is one of 'draft', 'pending', or 'auto-draft'.
Props uxtremist, SergeyBiryukov, Denis-de-Bernardy, jane, rfischmann, mista-flo, rutviksavsani, oglekler, joedolson.
Fixes#19907.
Built from https://develop.svn.wordpress.org/trunk@56022
git-svn-id: http://core.svn.wordpress.org/trunk@55534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add labels; change Enter new/Cancel link to a button; move focus to input when creating new field; move Add Custom Field out of fields table.
Props jane, batmoo, karmatosed, franrosa, sabernhardt, annashopina, oglekler, joedolson.
Fixes#15631.
Built from https://develop.svn.wordpress.org/trunk@56018
git-svn-id: http://core.svn.wordpress.org/trunk@55530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replace use of `list` to parse array keys into variables. `list` throws errors if the keys don't exist, and many extenders will not define the new array keys. The code path already falls back effectively for empty values.
Also add translator comments to screen reader hidden text, fix a docblock, and fix an HTML error.
Follow up to [r55971].
Props kebbet, chouby, joedolson.
Fixes#32170.
Built from https://develop.svn.wordpress.org/trunk@56004
git-svn-id: http://core.svn.wordpress.org/trunk@55516 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` and `str_ends_with()` were introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins or ends with the given substring (needle).
WordPress core includes a polyfill for these functions on PHP < 8.0 as of WordPress 5.9.
This commit uses `str_starts_with()` and `str_ends_with()` in core files where appropriate:
* `$needle === substr( $string, 0, $length )`, where `$length` is the length of `$needle`, is replaced with `str_starts_with( $haystack, $needle )`.
* `$needle === substr( $string, $offset )`, where `$offset` is negative and the absolute value of `$offset` is the length of `$needle`, is replaced with `str_ends_with( $haystack, $needle )`.
This aims to make the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987], [55988].
Props Soean, spacedmonkey, Clorith, ocean90, azaozz, sabernhardt, SergeyBiryukov.
Fixes#58220.
Built from https://develop.svn.wordpress.org/trunk@55990
git-svn-id: http://core.svn.wordpress.org/trunk@55502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
Built from https://develop.svn.wordpress.org/trunk@55988
git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset improve Dashboard screen options by stacking them vertically on small screens.
Props dhrumilk, prashantbhivsane, marybaum, dhruvishah2203, ababir, mukesh27, chiragrathod103, oglekler, tb1909, jahidcse, audrasjb.
Fixes#57977.
Built from https://develop.svn.wordpress.org/trunk@55984
git-svn-id: http://core.svn.wordpress.org/trunk@55496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Implement `aria-sort` and change icon states to indicate current sort for list tables. Allow screen reader users to get context about the current sort and allow sighted users to know how the table is currently sorted.
Props afercia, rianrietveld, joedolson, alexstine, johnjamesjacoby.
Fixes#32170.
Built from https://develop.svn.wordpress.org/trunk@55971
git-svn-id: http://core.svn.wordpress.org/trunk@55483 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Change the `label` for `.check-column` inside list tables to a block filling the entire cell. Improves accessibility by increasing the target area for the control.
Props mitchoyoshitaka, lessbloat, sabernhardt, ogleker, tacoverdo, joostdevalk, karmatosed.
Fixes#21516.
Built from https://develop.svn.wordpress.org/trunk@55954
git-svn-id: http://core.svn.wordpress.org/trunk@55466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to partially duplicated logic for displaying row actions in the Media Library with and without the “Unattached” filter, the “Copy URL” and “Download file” row actions were unintentionally missing with the filter applied.
This commit aims to simplify the logic and bring more consistency to the code.
Includes displaying the “Download file” row action even when the “Trash” filter is applied, giving the user one more chance to download the media file before they delete it.
Follow-up to [8901], [13100], [16227], [16229], [52842], [55198], [55221].
Props kebbet, costdev, pbiron, oglekler, SergeyBiryukov.
Fixes#57890, #57893.
Built from https://develop.svn.wordpress.org/trunk@55949
git-svn-id: http://core.svn.wordpress.org/trunk@55461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a check to the start of `copy_dir()` that the destination directory exists and attempts to create it if it does not.
An error is returned if the directory can not be created, either due to a permissions error or the parent directory not existing.
Props caraffande, costdev, zunaid321.
Fixes#41855.
Built from https://develop.svn.wordpress.org/trunk@55938
git-svn-id: http://core.svn.wordpress.org/trunk@55450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Significant restructure of the admin image editor interface, but no new functionality. Reorganize editing buttons into a common region at the top of the editor. Move image rotation tools into a pop-out menu. Add 180 degree rotation option. Add scale button to control group. Move sidebar tools next to the editing canvas to improve visual proximity between action and result. Enlarge editing canvas and crop handles. Separate activating crop functions from applying crop. Add numeric inputs for crop & scale values.
A long term goal is to move undo/redo and cancel/save into the modal title bar, but that is not feasible without significant updates to the modal framework.
Props afercia, karmatosed, nrqsnchz, antpb, chaion07, costdev, peterwilsoncc, antpb, sabernhardt, prashantbhivsane, joedolson.
Fixes#50523.
Built from https://develop.svn.wordpress.org/trunk@55919
git-svn-id: http://core.svn.wordpress.org/trunk@55431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds a `pre` class to "Downloading update from…" user facing strings located in `Core_Upgrader`, `Language_Pack_Upgrader`, `Plugin_Upgrader` and
`Theme_Upgrader` classes.
Follow-up to [11295].
Props sumitsingh, costdev.
Fixes#58477.
Built from https://develop.svn.wordpress.org/trunk@55899
git-svn-id: http://core.svn.wordpress.org/trunk@55411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds context to various strings:
- `'Background'` string when referring to Custom Background appearance screens
- `'Header'` string when referring to Custom Header appearance screens
- `'General'`, `'Header'` and `'Footer'` strings when referring to template part areas
Props gonzomir, SergeyBiryukov, mukesh27, costdev, ankitmaru.
Fixes#58424.
Built from https://develop.svn.wordpress.org/trunk@55881
git-svn-id: http://core.svn.wordpress.org/trunk@55393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously when the `mimes` element was not specified in the overrides array passed to `_wp_handle_upload()` it resulted in boolean false being passed to this parameter, which is incorrect. The fallback value should be `null`.
Props platonkristinin, pkbhatt
Fixes#58349
Built from https://develop.svn.wordpress.org/trunk@55872
git-svn-id: http://core.svn.wordpress.org/trunk@55384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This moves the query for user ID of the new network's administrator closer to where the value is actually used.
Includes removing unnecessary `get_userdata()` call, as user ID is the only data needed here.
Follow-up to [12756], [35575], [43628].
Props nihar007, sakibmd, mukesh27, costdev, SergeyBiryukov.
Fixes#58423.
Built from https://develop.svn.wordpress.org/trunk@55869
git-svn-id: http://core.svn.wordpress.org/trunk@55381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Change button is supposed to perform the “Change role to...” action only, but could unintentionally be used for other bulk actions if the role was not selected.
This commit removes an extra check and ensures the correct error message is displayed in that case:
Sorry, you are not allowed to give users that role.
Follow-up to [6990], [8691], [9028], [15576], [15642], [34636], [49944].
Props haritpanchal, costdev, ankit-k-gupta, SergeyBiryukov.
Fixes#57952.
Built from https://develop.svn.wordpress.org/trunk@55864
git-svn-id: http://core.svn.wordpress.org/trunk@55376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, when scaling an image larger than the source size in the image edit states the image would silently fail the scaling action. This patch provides an error when someone attempts to scale an image larger than the source size while also disabling the button to initiate the action.
Props brookedot, joedolson, markoheijnen, mikeschroder, desrosj, Mista-Flo, costdev.
Fixes#26381.
Built from https://develop.svn.wordpress.org/trunk@55859
git-svn-id: http://core.svn.wordpress.org/trunk@55371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of [55855] wp_queue_comments_for_comment_meta_lazyload was deprecated. But deprecate to wp-admin/deprecated.php and not wp-includes/deprecated.php.This is incorrect, as this is a public function and not an admin function.
Props SergeyBiryukov, spacedmonkey.
See #58301.
Built from https://develop.svn.wordpress.org/trunk@55856
git-svn-id: http://core.svn.wordpress.org/trunk@55368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of [55749] wp_queue_comments_for_comment_meta_lazyload is no longer used in core. This commit, deprecates this function. Update docs and tests accordingly.
Props sh4lin, spacedmonkey, costdev, peterwilsoncc.
Fixes#58301.
Built from https://develop.svn.wordpress.org/trunk@55855
git-svn-id: http://core.svn.wordpress.org/trunk@55367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensure that the option `can_compress_scripts` is autoloaded on single sites, as this option is used in all requests. This change saves one database query per page request.
Props RavanH, spacedmonkey, costdev, azaozz, flixos90.
Fixes#55270.
Built from https://develop.svn.wordpress.org/trunk@55854
git-svn-id: http://core.svn.wordpress.org/trunk@55366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`$new_title` and `$new_slug` can be null if `get_sample_permalink_html()`
was called with default parameters, and they are documented as
`string|null` in the function DocBlock.
Follow-up to [34347].
Props Enchiridion, audrasjb, SergeyBiryukov.
Fixes#58322.
See #33927. --Cette ligne, et les
suivantes
ci-dessous, seront ignorées--
M trunk/src/wp-admin/includes/post.php
Built from https://develop.svn.wordpress.org/trunk@55758
git-svn-id: http://core.svn.wordpress.org/trunk@55270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The terms "roll back" and "rolled back" are used in user facing strings since [55720]. These termes are not that clear for novice users and may be difficult to translate in some locales. This changeset replaces "roll back" with "restore" and "rolled back" with "restored" or "not applied" depending of the context of the screen.
Follow-up to [55720].
Props kebbet, costdev, NekoJonez, audrasjb, SergeyBiryukov, davidbaumwald.
Fixes#58282.
Built from https://develop.svn.wordpress.org/trunk@55750
git-svn-id: http://core.svn.wordpress.org/trunk@55262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [34270] introduced lazy loading of comment meta. However, this was only in the context of `WP_Query`. Other parts of the codebase, like `WP_Comment_Query` did not lazily load comment meta. In this change, calls to `update_meta_cache` are now replaced with `wp_lazyload_comment_meta`, that instead of priming comment meta caches, just adds them to the queue to be primed it ever called. This results in far less database queries, as there a number of places where comment meta is being primed unnecessarily and never used. Adding everything to the comment meta queue, also means that if comment meta is used, that is all loaded in a single database / cache call.
Follow on from [55671], [55747].
Props spacedmonkey, peterwilsoncc, flixos90, mukesh27.
Fixes#57801.
Built from https://develop.svn.wordpress.org/trunk@55749
git-svn-id: http://core.svn.wordpress.org/trunk@55261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to make the update process more reliable and ensures that if a plugin or theme update fails, the previous version can be safely restored.
* When updating a plugin or theme, the old version is moved to a temporary backup directory:
* `wp-content/upgrade-temp-backup/plugins/[plugin-slug]` for plugins
* `wp-content/upgrade-temp-backup/themes/[theme-slug]` for themes.
* If the update fails, then the backup kept in the temporary backup directory is restored to its original location.
* If the update succeeds, the temporary backup is deleted.
To further help troubleshoot plugin and theme updates, two new checks were added to the Site Health screen:
* A check to make sure that the `upgrade-temp-backup` directory is writable.
* A check that there is enough disk space available to safely perform updates.
To avoid confusion: The temporary backup directory will NOT be used to “roll back” a plugin to a previous version after a completed update. This directory will simply contain a transient backup of the previous version of a plugin or theme being updated, and as soon as the update process finishes, the directory will be empty.
Follow-up to [55204], [55220].
Props afragen, costdev, pbiron, azaozz, hellofromTonya, aristath, peterwilsoncc, TJNowell, bronsonquick, Clorith, dd32, poena, TimothyBlynJacobs, audrasjb, mikeschroder, a2hosting, KZeni, galbaras, richards1052, Boniu91, mai21, francina, TobiasBg, desrosj, noisysocks, johnbillion, dlh, chaion07, davidbaumwald, jrf, thisisyeasin, ignatggeorgiev, SergeyBiryukov.
Fixes#51857.
Built from https://develop.svn.wordpress.org/trunk@55720
git-svn-id: http://core.svn.wordpress.org/trunk@55232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
Built from https://develop.svn.wordpress.org/trunk@55703
git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use `continue` to help separate each case for better readability, instead of having a wall of `if`/`elseif`.
Includes simplifying a similar fragment in `make_site_theme_from_default()`.
Follow-up to [1575], [2037], [2040], [2044], [2346], [7999], [14080], [14485].
Props costdev, krunal265, hellofromTonya, brookedot, SergeyBiryukov.
Fixes#56982.
Built from https://develop.svn.wordpress.org/trunk@55688
git-svn-id: http://core.svn.wordpress.org/trunk@55200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds support for the new selectors property for block types. It adds it to the allowed metadata when registering a block type, makes the WP_Block_Type class aware of it, exposes it through the block types REST API, and the get_block_editor_server_block_settings function.
Corresponding work in the Gutenberg plugin: https://github.com/WordPress/gutenberg/pull/46496.
Fixes#57585.
Props aaronrobertshaw, hellofromTonya.
Built from https://develop.svn.wordpress.org/trunk@55673
git-svn-id: http://core.svn.wordpress.org/trunk@55185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This replaces a site ID comparison when displaying action links in `WP_MS_Sites_List_Table::handle_row_actions()` with a dedicated function call, `is_main_site()`, for clarity.
Follow-up to [13918], [25125], [26120], [32644], [38814].
Props ecorica, spacedmonkey, SergeyBiryukov.
Fixes#58150.
Built from https://develop.svn.wordpress.org/trunk@55666
git-svn-id: http://core.svn.wordpress.org/trunk@55178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#writing-include-require-statements WordPress PHP coding standards], it is ''strongly recommended'' to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found.
Follow-up to [1674], [1812], [1964], [6779], [8540], [10521], [11005], [11911], [16065], [16149], [25421], [25466], [25823], [37714], [42981], [45448], [47198], [54276], [55633].
Props kausaralm, SergeyBiryukov.
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55641
git-svn-id: http://core.svn.wordpress.org/trunk@55153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It is best to always escape the complete value of an attribute, not a partial value, as otherwise the escaping could be (partially) undone when the values are joined together.
While the hardcoded prefix/suffix values in this case don't necessarily create that risk, those may change to values which could be problematic, so making it a habit to escape the value in one go is best practice.
Includes:
* Moving a few `esc_url()` calls closer to the actual output and escaping the hash parts too.
* Wrapping a few long lines for better readability.
Follow-up to [14248], [23707], [42217], [55615].
Props jrf, SergeyBiryukov.
Fixes#57110.
Built from https://develop.svn.wordpress.org/trunk@55616
git-svn-id: http://core.svn.wordpress.org/trunk@55128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that post type or taxonomy name is consistently escaped in:
* `wp_nav_menu_item_post_type_meta_box()`
* `wp_nav_menu_item_taxonomy_meta_box()`
Follow-up to [14248], [23707].
Props zenaulislam, SergeyBiryukov.
Fixes#57110.
Built from https://develop.svn.wordpress.org/trunk@55615
git-svn-id: http://core.svn.wordpress.org/trunk@55127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the green background from the "dot" accent, to prevent low contrast for the dismiss button. Use menu colors for the background on alternate color schemes. Remove the "Edit styles" link as there is no longer a direct link to the global styles section of the site editor.
Follow-up to [55451].
Props sabernhardt, ryokuhi, laurlittle, richtabor.
Fixes#57759.
Built from https://develop.svn.wordpress.org/trunk@55574
git-svn-id: http://core.svn.wordpress.org/trunk@55086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `ftp_nlist()` receives an empty path, it checks the current working directory and may return `true`.
This affects:
* `WP_Filesystem_FTPext::exists()`
* `WP_Filesystem_ftpsockets::exists()`
As the purpose of the API is to provide a consistent interface for various filesystem implementations, this commit updates the affected methods to returns `false` when an empty path is provided, bringing consistency with the other filesystem abstraction classes, specifically `WP_Filesystem_Direct` and `WP_Filesystem_SSH2`.
Follow-up to [6779], [11821], [25274], [31815].
Props mkox, costdev, Zdrobau, dd32, pbiron, azaozz, mukesh27, SergeyBiryukov.
Fixes#33058.
Built from https://develop.svn.wordpress.org/trunk@55556
git-svn-id: http://core.svn.wordpress.org/trunk@55068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the `WP_Comments_List_Table` class, when the function `get_comments` is called, pass the parameter `update_comment_post_cache` set to true. This primes all the related posts for the displayed comments. This improves performance, as all posts are primed at once.
Props spacedmonkey, adarshposimyth.
Fixes#57802.
Built from https://develop.svn.wordpress.org/trunk@55513
git-svn-id: http://core.svn.wordpress.org/trunk@55045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes the `wp_ajax_save_attachment_updated` hook by reverting [55106], [55111], and [55450], to give it more time for further discussions as there are still concerns about whether this hook is necessary.
Follow-up to [55106], [55111], [55450].
Props costdev, SergeyBiryukov, peterwilsoncc, azaozz.
See #23148.
Built from https://develop.svn.wordpress.org/trunk@55474
git-svn-id: http://core.svn.wordpress.org/trunk@55007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset renames the `wp_ajax_save_attachment` action to `wp_ajax_save_attachment_updated` to avoid confusion with the similarly named `wp_ajax_save-attachment` action. This also add a dockblock note to indicate that when checking if an action is being done, `doing_action( 'wp_ajax_save-attachment' )` may be used if that is more convenient.
Follow-up to [55106].
Props azaozz, sc0ttkclark, costdev.
Fixes#23148
Built from https://develop.svn.wordpress.org/trunk@55450
git-svn-id: http://core.svn.wordpress.org/trunk@54983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As part of determining whether to perform automatic updates, WordPress checks if it is running within a version-controlled environment, recursively looking up the filesystem to the top of the drive, looking for a Subversion, Git, Mercurial, or Bazaar directory, erring on the side of detecting a VCS checkout somewhere.
This commit avoids a PHP warning if the `open_basedir` directive is in use and any of the directories checked in the process are not allowed:
{{{
is_dir(): open_basedir restriction in effect. File(/.git) is not within the allowed path(s)
}}}
Follow-up to [25421], [25700], [25764], [25835], [25859].
Props costdev, markjaquith, meyegui, dd32, arnolp, robin-labadie, hellofromTonya, afragen, pbiron, SergeyBiryukov.
Fixes#42619.
Built from https://develop.svn.wordpress.org/trunk@55425
git-svn-id: http://core.svn.wordpress.org/trunk@54958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset fixes encoding issues in background update emails by applying `html_entity_decode()` on Plugin/Theme names in `send_plugin_theme_email()`.
Props paulschreiber, audrasjb, benjgrolleau, sanketchodavadiya, robinwpdeveloper, paulamit.
Fixes#56964.
Built from https://develop.svn.wordpress.org/trunk@55411
git-svn-id: http://core.svn.wordpress.org/trunk@54944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to avoid timeout in Imagick operations.
Previously, Imagick operations could silently error by timeout and produce unexpected results. The new `::set_imagick_time_limit()` method, now used in `::resize()` and `::crop()`, will better handle garbage collection in these cases as well as better align Imagick's timeout with PHP timeout, assuming it is set.
Props drzraf, audrasjb, costdev, antpb, SergeyBiryukov.
Fixes#52569.
Built from https://develop.svn.wordpress.org/trunk@55404
git-svn-id: http://core.svn.wordpress.org/trunk@54937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `$post_ID` variable is [546f59c678/WordPress/Sniffs/NamingConventions/ValidVariableNameSniff.php (L54) technically allowed in WPCS], as there is a global of the same name that needs to remain for backward compatibility. However, this name is mostly a remnant of legacy code, and switching to `$post_id` where appropriate brings more consistency with the rest of core.
Additionally, this commit resolves a few WPCS warnings in core:
{{{
Variable "$post_IDs" is not in valid snake_case format
}}}
This affects:
* Function parameters in:
* `add_meta()`
* `post_preview()`
* `WP_Embed::delete_oembed_caches()`
* `WP_Embed::cache_oembed()`
* `wp_get_post_cats()`
* `wp_set_post_cats()`
* `wp_unique_post_slug()`
* `wp_set_post_categories()`
* `wp_check_post_hierarchy_for_loops()`
* `wp_add_trashed_suffix_to_post_name_for_trashed_posts()`
* `wp_filter_wp_template_unique_post_slug()`
* `wp_xmlrpc_server::add_enclosure_if_new()`
* `wp_xmlrpc_server::attach_uploads()`
* `wp_xmlrpc_server::mt_getTrackbackPings()`
* Internal variables in:
* `wp_ajax_inline_save()`
* `wp_ajax_set_post_thumbnail()`
* `wp_ajax_get_post_thumbnail_html()`
* `edit_post()`
* `bulk_edit_posts()`
* `wp_write_post()`
* `WP_Embed::shortcode()`
* `wp_insert_post()`
* `wp_xmlrpc_server::_insert_post()`
* `wp_xmlrpc_server::blogger_getPost()`
* `wp_xmlrpc_server::blogger_newPost()`
* `wp_xmlrpc_server::blogger_editPost()`
* `wp_xmlrpc_server::blogger_deletePost()`
* `wp_xmlrpc_server::mw_getPost()`
* `wp_xmlrpc_server::mw_newPost()`
* `wp_xmlrpc_server::mw_editPost()`
* `wp_xmlrpc_server::mt_getPostCategories()`
* `wp_xmlrpc_server::mt_setPostCategories()`
* `wp_xmlrpc_server::mt_publishPost()`
* `wp_xmlrpc_server::pingback_ping()`
* Hook parameters in:
* `oembed_ttl`
* `embed_oembed_html`
* `wp_insert_post_parent`
* `add_trashed_suffix_to_trashed_posts`
* `pre_post_update`
* `edit_attachment`
* `attachment_updated`
* `add_attachment`
* `edit_post_{$post->post_type}`
* `edit_post`
* `post_updated`
* `save_post_{$post->post_type}`
* `save_post`
* `wp_insert_post`
* `pre_wp_unique_post_slug`
* `wp_unique_post_slug`
* `xmlrpc_call_success_blogger_newPost`
* `xmlrpc_call_success_blogger_editPost`
* `xmlrpc_call_success_blogger_deletePost`
* `xmlrpc_call_success_mw_newPost`
* `xmlrpc_call_success_mw_editPost`
Note: The name change only affects variable names and DocBlocks.
The change does not affect the `$post_ID` global still used in a few places.
Follow-up to [51399], [52958], [53723], [53729], [55190], [55308], [55334].
Props mahekkalola, tanjimtc71, SergeyBiryukov.
Fixes#57692.
Built from https://develop.svn.wordpress.org/trunk@55365
git-svn-id: http://core.svn.wordpress.org/trunk@54898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Skip preloading Requests files in `_preload_old_requests_classes_and_interfaces()` when updating from a WordPress version older than 4.6.
Why?
Requests library was first introduced into WordPress 4.6 via #33055 / [37428]. If a user is upgrading from a version older than 4.6, this changeset prevents the Requests preloading to prevent a fatal error of attempting to load files that do not exist in their current WordPress version.
Follow-up to [54997], [37428].
Props afragen, costdev, ironprogrammer, antonvlasenko.
Fixes#57662.
Built from https://develop.svn.wordpress.org/trunk@55296
git-svn-id: http://core.svn.wordpress.org/trunk@54829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It's not uncommon for local environments to run over HTTP due to the relative complexity of configuring HTTPS for a local environment. This change allows HTTP URLs for application password responses when that is the case.
Props peterwilsoncc, wppunk, cadic, viralsampat
Fixes#52617
Built from https://develop.svn.wordpress.org/trunk@55283
git-svn-id: http://core.svn.wordpress.org/trunk@54816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.
Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes#29748.
Built from https://develop.svn.wordpress.org/trunk@55276
git-svn-id: http://core.svn.wordpress.org/trunk@54809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This reverts [55108] pending confirmation that this hook is still needed, that the right variable is passed, and that the docs are correct.
The necessity and implementation of this hook will be reconsidered in a future release.
See #28112.
Built from https://develop.svn.wordpress.org/trunk@55265
git-svn-id: http://core.svn.wordpress.org/trunk@54798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If the `clear_working` flag in `WP_Upgrader::install_package()` is false, the source should not be removed, so `copy_dir()` should be used instead.
Partial updates, like language packs, may want to retain the destination. If the destination exists or has contents, this may be a partial update, and the destination should not be removed, so `copy_dir()` should be used instead.
Follow-up to [55204], [55219], [55220], [55223], [55226].
Props afragen, costdev, swissspidy.
See #57557.
Built from https://develop.svn.wordpress.org/trunk@55229
git-svn-id: http://core.svn.wordpress.org/trunk@54762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Correctly instantiate `WP_Error()` within `move_dir()` to prevent a fatal error when unable to delete an existing directory that is intended to be replaced.
Follow-up to [55204], [55219], [55220], [55223].
Props swissspidy, costdev, afragen.
Fixes#57375.
Built from https://develop.svn.wordpress.org/trunk@55226
git-svn-id: http://core.svn.wordpress.org/trunk@54759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Intentional preloading of Requests 2.x classes and interfaces using their old (Requests 1.x) names should not produce deprecation notices.
This commit defines `REQUESTS_SILENCE_PSR0_DEPRECATIONS` as `true` in `_preload_old_requests_classes_and_interfaces()`.
Follow-up to [54997], [55007], [55046].
Props costdev, afragen, jrf.
Fixes#54504.
Built from https://develop.svn.wordpress.org/trunk@55225
git-svn-id: http://core.svn.wordpress.org/trunk@54758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset improves the consistency in capitalization of fetching and outputting of request headers. It also updates occurrences found in some docblocks.
Props johnjamesjacoby, costdev, audrasjb, petitphp, mhkuu, SergeyBiryukov.
Fixes#54225.
Built from https://develop.svn.wordpress.org/trunk@55210
git-svn-id: http://core.svn.wordpress.org/trunk@54743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces:
- New function: `wp_opcache_invalidate_directory()`, to recursively call `wp_opcache_invalidate()` after overwriting .php files.
- New function: `move_dir()`, similar to `copy_dir()` that uses `WP_Filesystem::move()` followed by `wp_opcache_invalidate_directory()`, and has a fallback to `copy_dir()`.
Props: costdev, afragen, peterwilsoncc, sergeybiryukov, ironprogrammer, flixos90, bronsonquick, mukesh27, azaozz.
Fixes#57375.
Built from https://develop.svn.wordpress.org/trunk@55204
git-svn-id: http://core.svn.wordpress.org/trunk@54737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset makes it easier for users to download their uploaded media by providing a Download row action to the Media List Table. It also rephrases the Copy URL row action for better consistency and to give room for the new Download action.
Follow-up to [55156].
Props pbiron, joedolson, kebbet, Mista-Flo, costdev, amin7, mukesh27.
Fixes#57574.
Built from https://develop.svn.wordpress.org/trunk@55198
git-svn-id: http://core.svn.wordpress.org/trunk@54731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset rephrases the Add Plugins screen description to clarify the purpose of the two available options for installing plugins.
Props tahmidulkarim, audrasjb, costdev, ryokuhi, krupalpanchal, SergeyBiryukov.
Fixes#57155.
Built from https://develop.svn.wordpress.org/trunk@55197
git-svn-id: http://core.svn.wordpress.org/trunk@54730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves a few WPCS warnings:
{{{
Variable "$cat_ID" is not in valid snake_case format, try "$cat_i_d"
}}}
Follow-up to [2695], [4490], [52958].
Props hilayt24, viralsampat, desrosj, robinwpdeveloper, tanazmasaba, costdev, SergeyBiryukov.
See #56754.
Built from https://develop.svn.wordpress.org/trunk@55190
git-svn-id: http://core.svn.wordpress.org/trunk@54723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset modifies the HTTP request in `themes_api()` to use the same HTTP request timeout as in `plugins_api()`, which is 15 seconds, instead of a default value of 5 seconds.
Props ahortin, peterwilsoncc, dd32, costdev.
Fixes#57315.
Built from https://develop.svn.wordpress.org/trunk@55188
git-svn-id: http://core.svn.wordpress.org/trunk@54721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This new function makes it easier to switch to a specific user’s locale by reducing duplicate code and storing the user’s ID as additional context for plugins to consume. Existing usage of `switch_to_locale()` in core has been replaced with `switch_to_user_locale()` where appropriate.
Also, this change ensures `WP_Locale_Switcher` properly filters `determine_locale` so that anyyone using the `determine_locale()` function will get the correct locale information when switching is in effect.
Props costdev.
Fixes#57123.
See #26511.
Built from https://develop.svn.wordpress.org/trunk@55161
git-svn-id: http://core.svn.wordpress.org/trunk@54694 1a063a9b-81f0-0310-95a4-ce76da25c4cd