> The currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued contains an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. In some cases the OpenSSL 1.0.2 version will regard the certificates issued by the Let’s Encrypt CA as having an expired trust chain.
>
> Most up-to-date CA cert trusted bundles, as provided by operating systems, contain this soon-to-be-expired certificate. The current CA cert bundles also contain an ISRG Root X1 self-signed certificate. This means that clients verifying certificate chains can find the alternative non-expired path to the ISRG Root X1 self-signed certificate in their trust store.
>
> Unfortunately this does not apply to OpenSSL 1.0.2 which always prefers the untrusted chain and if that chain contains a path that leads to an expired trusted root certificate (DST Root CA X3), it will be selected for the certificate verification and the expiration will be reported.
References:
* [https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2]
* [https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ DST Root CA X3 Expiration (September 2021)]
Follow-up to [25224], [25426], [25569], [27307], [30491], [30765], [34283], [35919], [36570], [46094].
Props bradleyt, fierevere.
Fixes#54207. See #50828.
Built from https://develop.svn.wordpress.org/trunk@51883
git-svn-id: http://core.svn.wordpress.org/trunk@51476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the first and last page pagination buttons were disabled when on their next or previous page respectively. This commit removes that unnecessary logic to keep these buttons enabled and avoid confusion in the user's navigation workflow.
New behavior:
- When on page 2, the go to first page `«` button is enabled
- When on the page before the last page, the go to last page `»` button is enabled
Follow-up to [32948], [47219].
Props wp_kc, ronakganatra, knutsp, sabernhardt, Hareesh Pillai, audrasjb, hellofromTonya.
Fixes#42763.
Built from https://develop.svn.wordpress.org/trunk@51880
git-svn-id: http://core.svn.wordpress.org/trunk@51473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49294, 49752], the `placeholder` attribute changed to `"WordPress App on My Phone"`. This change causes confusion as the field can be used in a variety of ways and is not limited to a phone.
Given a label exists for each field and clearly identifies its purpose, this commit removes the `placeholder` attribute from the `input` field.
Follow-up to [49109], [49294], [49752].
Props seedsca, audrasjb, joedolson, rehanali.
Fixes#54047.
Built from https://develop.svn.wordpress.org/trunk@51878
git-svn-id: http://core.svn.wordpress.org/trunk@51471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adjust similar code in `_post_states()` and `_media_states()` for consistency.
Follow-up to:
* [12897], [15491], [32755], [46153], [48424] for `WP_MS_Sites_List_Table::site_states()`.
* [17793], [47775], [49223] for `_media_states()`.
* [9153], [46309] for `_post_states()`.
Props joelcj91, audrasjb, desrosj.
Fixes#38296.
Built from https://develop.svn.wordpress.org/trunk@51873
git-svn-id: http://core.svn.wordpress.org/trunk@51466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since PHPUnit 9.5.10 and 8.5.21, PHP deprecations are no longer converted to exceptions by default (`convertDeprecationsToExceptions="true"` can be configured to enable this).
Reference: [fac02620f6 Do not convert PHP deprecations to exceptions by default]; [https://github.com/sebastianbergmann/phpunit/blob/9.5.10/ChangeLog-9.5.md#9510---2021-09-25 PHPUnit 9.5.10 changelog].
With this change, the test for the `Services_JSON` compat class started failing:
{{{
There was 1 failure:
1) Tests_Compat_jsonEncodeDecode::test_json_encode_decode
Failed asserting that exception of type "PHPUnit\Framework\Error\Deprecated" is thrown.
}}}
This converts the native PHPUnit `::expectDeprecation()` method call in the test to a set of individual WP-specific `::setExpectedDeprecated()` method calls in order to not depend on PHPUnit behavior that is no longer the default.
Additionally, this commit includes support for catching deprecation notices from `_deprecated_file()` function calls to the `WP_UnitTestCase_Base::expectDeprecated()` method.
Follow-up to [46205], [46625], [48996], [51563], [51852], [51871].
Props jrf, netweb, SergeyBiryukov.
See #54183, #54029, #53363.
Built from https://develop.svn.wordpress.org/trunk@51872
git-svn-id: http://core.svn.wordpress.org/trunk@51465 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since PHPUnit 9.5.10 and 8.5.21, PHP deprecations are no longer converted to exceptions by default (`convertDeprecationsToExceptions="true"` can be configured to enable this).
Reference: [fac02620f6 Do not convert PHP deprecations to exceptions by default]; [https://github.com/sebastianbergmann/phpunit/blob/9.5.10/ChangeLog-9.5.md#9510---2021-09-25 PHPUnit 9.5.10 changelog].
Let's unpack this:
Previously (PHPUnit < 9.5.10/8.5.21), if PHPUnit would encounter a PHP native deprecation notice, it would:
1. Show a test which causes a deprecation notice to be thrown as **"errored"**,
2. Show the **first** deprecation notice it encountered and
3. PHPUnit would exit with a **non-0 exit code** (2), which will fail a CI build.
As of PHPUnit 9.5.10/8.5.21, if PHPUnit encounters a PHP native deprecation notice, it will no longer do so. Instead PHPUnit will:
1. Show a test which causes a PHP deprecation notice to be thrown as **"risky"**,
2. Show the **all** deprecation notices it encountered and
3. PHPUnit will exit with a **0 exit code**, which will show a CI build as passing.
This commit reverts PHPUnit to the previous behaviour by adding `convertDeprecationsToExceptions="true"` to the PHPUnit configuration. It also adds the other related directives for consistency.
Props jrf, netweb, costdev, SergeyBiryukov.
See #54183.
Built from https://develop.svn.wordpress.org/trunk@51871
git-svn-id: http://core.svn.wordpress.org/trunk@51464 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These were originally added in [26252] to suppress database errors on `setUp()` and restore on `tearDown()` for tests that call `wpmu_create_blog()`, blog factory, or installation code that attempts to clear transients.
As the multisite test coverage expanded, these methods ended up being unnecessarily copied into other test classes, where database error suppression is not required.
Follow-up to [26252], [29916], [30286], [33184], [34898], [34899], [34901], [37234], [37477], [37894], [49212], [49616], [51859].
See #53363.
Built from https://develop.svn.wordpress.org/trunk@51869
git-svn-id: http://core.svn.wordpress.org/trunk@51462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit:
* Removes the PHPUnit `wordpressdevelop/phpunit` container as a service to the Docker environment.
* Updates `test:php` (the default way to run tests) to run the Composer PHPUnit package default.
* Removes the `test:php-composer` script.
There is no longer a need for core to keep the `wordpressdevelop/phpunit` container as a service in `docker-compose.yml`. Removing it will reduce the overhead and bandwidth needed to set up WordPress locally and remove confusion about its use.
Follow-up to [45783-45784], [49099], [49362], [51545], [51736], [51685].
Props johnbillion, hellofromTonya.
Fixes#54112.
Built from https://develop.svn.wordpress.org/trunk@51868
git-svn-id: http://core.svn.wordpress.org/trunk@51461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Rename the test filename and class to match the name of the function being tested.
* Remove unnecessary `setUp()` and `tearDown()` methods.
* Replace the `only` test group with `post`.
Follow-up to [51855-51857].
See #51147.
Built from https://develop.svn.wordpress.org/trunk@51859
git-svn-id: http://core.svn.wordpress.org/trunk@51458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Improvements include:
- Upgrades the test fixture methods to the new snake_case methods.
- Reorders the fixture methods for consistency.
- Uses strict assertions of assertSame and assertNotSame.
Follow-up to [51855-51856].
Props hellofromTonya.
See #51147.
Built from https://develop.svn.wordpress.org/trunk@51857
git-svn-id: http://core.svn.wordpress.org/trunk@51456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress tries to avoid an issue where slugs might match an existing slug of a page/post.
If we are in a hierarchical post type, there will be a level, and we can leave it the same.
Props stormrockwell, SergeyBiryukov, terriann, tubys, jeremyfelt, Daschmi, MaximeCulea, knutsp, whyisjake.
Fixes#51147.
See also #44112 and #45260.
Built from https://develop.svn.wordpress.org/trunk@51855
git-svn-id: http://core.svn.wordpress.org/trunk@51454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `_mb_substr()` function expects a string for the `$str` parameter, but does not do input validation. This function contains a `preg_match_all()` which also expects a string type for the given subject (i.e. `$str`).
Passing `null` to this parameter results in `preg_match_all(): Passing null to parameter #2 ($subject) of type string is deprecated` notice on PHP 8.1.
To maintain the same behaviour as before, a guard clause is added to bail out early when `$str` is passed as `null`. The outcome will, in that case, only ever be an empty string.
Note: this does mean that the `_mb_substr()` function now has a subtle difference in behaviour compared to the PHP native `mb_substr()` function as the latter ''will'' throw the deprecation notice.
The existing tests already cover this issue.
Follow-up to [17621], [36017], [32364].
Props jrf, hellofromTonya.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51853
git-svn-id: http://core.svn.wordpress.org/trunk@51452 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Splits the tests in the `tests/phpunit/tests/compat.php` file up into individual test classes for each function being tested.
Improvements to individual test cases:
* Adds `@covers` tags.
* Adds visibility modifiers to all methods.
* Adds function availability test.
* Where relevant, fixes the assertion parameter order.
* Data provider:
* Where relevant, reworks a test to use a data provider.
* Where relevant, renames data provider methods to have a more obvious link to the test it applies to.
* Makes the data provider more readable by adding keys within the data sets.
* Moves the data provider below its associated tests.
* Adds/removes data sets in data providers.
* Makes the actual test code more readable by using descriptive variables and multi-line function calls.
* Adds the `$message` parameter to all assertions when a test method contains more than one assertion.
Specifically for the `_mb_substr()` tests:
* Splits the `test_mb_substr_phpcore()` method into two test methods based on the PHP Core test files they are emulating.
* Makes the actual test code within the `test_mb_substr_phpcore_basic()` method more readable by using descriptive variables and multi-line function calls.
* Splits the data used for the second part of the `test_mb_substr_phpcore()` function, now `test_mb_substr_phpcore_input_type_handling()`, off into a separate data provider with named data sets.
* Removes duplicate data sets from the `data_mb_substr_phpcore_input_type_handling()`.
* Why? The PHP native tests test against upper/lowercase `false`, `true`, `null` and some other text string single quote/double quote variations. As things were, those differentiations had been undone when the coding standards were put in place, so in effect those weren't being tested anymore. And as this is userland code, there's no point in adding these differentiations back as they will be handled the same by PHP anyway (and that is safeguarded via the PHP native tests).
* Removes the "undefined variable" and "unset variable" test cases as, while those are relevant to the C code in which PHP is written, they are not relevant for testing userland code and will behave the same as the test passing `null`.
Follow-to [25002], [32364], [42228], [42343], [43034], [43036], [43220], [43571], [45607], [47122], [47198], [48937], [48996], [51415], [51563], [51594].
Props jrf, hellofromTonya.
See #39265, #53363.
Built from https://develop.svn.wordpress.org/trunk@51852
git-svn-id: http://core.svn.wordpress.org/trunk@51451 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Basically, the whole `assertSameIgnoreEOL()` assertion was fundamentally flawed. The assertion contends that it checks that the expected and actual values are of the same type and value, but the reality was very different.
* The function uses `map_deep()` to potentially handle all sorts of inputs.
* `map_deep()` handles arrays and objects with special casing, but will call the callback on everything else without further distinction.
* The callback used passes the expected/actual value on to the `str_replace()` function to remove potential new line differences.
* And the `str_replace()` function will - with a non-array input for the `$subject` - always return a string.
* The output of these calls to `map_deep()` will therefore have "normalized" _all properties_ in objects, _all values_ in arrays and _all non-object, non-array values_ to strings.
* And a call to `assertSame()` will therefore NEVER do a proper type check as the type of all input has already, unintentionally, been "normalized" to string.
Aside from this clear flaw in the design of the assertion, PHP 8.1 now exposes a further issue as a `null` value for an object property, an array value or a plain value, will now yield a ` str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated` notice.
To fix both these issues, the fix in this PR ensures that the call to `str_replace()` will now only be made if the input is a text string.
All other values passed to the callback are left in their original type.
This ensures that a proper value AND type comparison can be done as well as prevents the PHP 8.1 deprecation notices.
Ref:
* https://developer.wordpress.org/reference/functions/map_deep/
* https://www.php.net/manual/en/function.str-replace.php
This commit:
- Fixes type-casting of non-string values to `string` (the flawed part of this assertion) by invoking `str_replace()` when the value is of string type.
- Fixes the PHP 8.1 `str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated` deprecation notice.
- Micro-optimization: skips `map_deep()` when actual and/or expected are `null` (no need to process).
- Adjusts the method documentation for both this method and the `assertEqualsIgnoreEOL()` alias method to document that the `$expected` and `$actual` parameters can be of any type.
Follow-up to [48937], [51135], [51478].
Props jrf, hellofromTonya.
See #53363, #53635.
Built from https://develop.svn.wordpress.org/trunk@51831
git-svn-id: http://core.svn.wordpress.org/trunk@51438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If the `'widget_testwidget'` option does not exist, `false` was returned from `get_option()`. The `set_up()` logic expects an `array()` and assigns values to keys without checking for an array. The automatic creation of an array (autovivification) triggers a `Deprecated: Automatic conversion of false to array is deprecated in` deprecation notice on PHP 8.1.
This commit:
- Fixes the deprecation notice by making the default value an empty array.
- Moves getting the option within the conditional where it's needed.
- Provides a micro-optimization by only getting the options when the conditions are correct for processing.
- Makes the code consistent within the `set_up()` for both `get_option()` instances.
Follow-up to [51029].
Props jrf, hellofromTonya, BinaryKitten.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51830
git-svn-id: http://core.svn.wordpress.org/trunk@51437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If there is no URL query in the `$_GET['redirect_to'], `wp_parse_url()` will return `null`. Passing `null` to `parse_str()` results in a PHP 8.1 deprecation notice
{{{
Deprecated: parse_str(): Passing null to parameter #1 ($string) of type string is deprecated
}}}
This commit:
- Fixes the deprecation notice.
- Skips doing the `parse_str()` when there's no URL query.
- Provides a micro-optimization performance boost.
Follow-up to [49109].
Props jrf, hellofromTonya, BinaryKitten.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51829
git-svn-id: http://core.svn.wordpress.org/trunk@51436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Refines the test bootstrap error message to include the `-W` in the Composer update command.
Why?
To also update the chain of dependencies for the tests' dependencies.
`composer update` will update the tests' direct dependencies.
`composer update -W` will update the dependencies including *their* dependencies, which is the recommended course of action for WP.
Follow-up to [51598], [51811], [51813].
Props jrf.
See #46149.
Built from https://develop.svn.wordpress.org/trunk@51828
git-svn-id: http://core.svn.wordpress.org/trunk@51435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Global styles are used in a few different contexts (front, editor, customizer, the theme directory). In the last two contexts, it's important that switching themes immediately refreshes the global stylesheet, to avoid situations in which the styles of the previous theme load with the new one. This was brought up at WordPress/gutenberg#34531 (customizer) and at meta.trac.wordpress.org/ticket/5818 (theme directory).
This commit makes sure the stylesheet is regenerated upon switching themes.
Props oandregal, dd32.
See #53175.
Built from https://develop.svn.wordpress.org/trunk@51819
git-svn-id: http://core.svn.wordpress.org/trunk@51426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In all four of the `get_option()`, `add_option()`, `update_option()` and `delete_option()` functions, the `$option` parameter (i.e. the option name) is passed to the PHP native `trim()` function without prior input validation.
In PHP 8.1, this could lead to a `trim(): Passing null to parameter #1 ($string) of type string is deprecated` for each of these functions.
`trim()`:
- expects a text string and is only useful when ''passed'' a text string as no other variable type can contain whitespace.
- will always return a `string`, which means that in practice for any non-string values passed, it would effectively function as a type cast to string.
This commit:
- Adds a check to verify the `$option` name is a scalar before processing it with `trim()`.
- The "type cast" behavior is maintained.
- If the given `$option` name is not a scalar, such as `null`, the fix prevents the PHP 8.1 deprecation notice.
- Tests are added for valid but undesired option names to safeguard against regressions.
This issue is already covered by:
- the existing `Tests_Option_Option::test_bad_option_names()` test group.
- the new `test_valid_but_undesired_option_names()` tests.
Follow-up to [13858], [22633], [23510], [25002], [51817].
Props jrf, hellofromTonya, pbearne.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51818
git-svn-id: http://core.svn.wordpress.org/trunk@51425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The existing tests were running multiple functions through a `foreach()`. If any test failed, it would bail out and not test against the other scenarios.
This commit:
- Moves the scenarios to a data provider with named data sets, i.e. to ensure all scenarios are run and tested regardless if any fail.
- Splits each function under test into individual test methods.
- Adds a float scenario.
- Adds method visibility modifiers.
Follow-up to [25002].
Props jrf, hellofromTonya, pbearne.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51817
git-svn-id: http://core.svn.wordpress.org/trunk@51424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The shortcode content is expected to be a string, not `null`. `do_shortcode()` expects a string for `$content`.
The `img_caption_shortcode()` also expects a string for the `$content` parameter and is expected to return a string for the HTML content to display the caption.
Prior to this commit:
The default value for the `$content` parameter was set to `null`. If no `$content` was passed, the function:
- could return `null` when the `$atts['width'] < 1` or there was no caption
- else, it invoked `do_shortcode( $content )` passing `null` which on PHP 8.1+ triggers a deprecation notice:
{{{
strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated
}}}
This commit:
- Fixes the default `$content` value to align to the expected shortcode content of `string`, not `null`.
- Fixes the PHP 8.1 deprecation notice when `null` was being passed to `do_shortcode()`.
- Changes the assertion in a couple of tests to check for the empty string instead of `null.
Follow-up to [8196], [8925], [8239], [26915], [31530], [42704].
Props jrf, hellofromTonya, azaozz, joedolson.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51816
git-svn-id: http://core.svn.wordpress.org/trunk@51423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to make the update process more reliable and ensures that if a plugin or theme update fails, the previous version can be safely restored.
* When updating a plugin or theme, the old version is moved to a temporary backup directory:
* `wp-content/upgrade/temp-backup/plugins/[plugin-slug]` for plugins
* `wp-content/upgrade/temp-backup/themes/[theme-slug]` for themes.
* If the update fails, then the temporary backup kept in the `upgrade/temp-backup` directory is restored to its original location.
* If the update succeeds, the temporary backup is deleted.
To further help troubleshoot plugin and theme updates, two new checks were added to the Site Health screen:
* A check to make sure that the `temp-backup` directory is writable.
* A check that there is enough disk space available to safely perform updates.
To avoid confusion: The `temp-backup` directory will NOT be used to "roll back" a plugin to a previous version after a completed update. This directory will simply contain a transient backup of the previous version of a plugin or theme being updated, and as soon as the update process finishes, the directory will be empty.
Props aristath, afragen, pbiron, dd32, poena, TimothyBlynJacobs, audrasjb, mikeschroder, a2hosting, hellofromTonya, KZeni, galbaras, richards1052, Boniu91, mai21, francina, SergeyBiryukov.
See #51857.
Built from https://develop.svn.wordpress.org/trunk@51815
git-svn-id: http://core.svn.wordpress.org/trunk@51422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
