`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
git-svn-id: https://develop.svn.wordpress.org/trunk@55988 602fd350-edb4-49c9-b593-d223f7449a82
As of [55749] wp_queue_comments_for_comment_meta_lazyload is no longer used in core. This commit, deprecates this function. Update docs and tests accordingly.
Props sh4lin, spacedmonkey, costdev, peterwilsoncc.
Fixes#58301.
git-svn-id: https://develop.svn.wordpress.org/trunk@55855 602fd350-edb4-49c9-b593-d223f7449a82
In [34270] introduced lazy loading of comment meta. However, this was only in the context of `WP_Query`. Other parts of the codebase, like `WP_Comment_Query` did not lazily load comment meta. In this change, calls to `update_meta_cache` are now replaced with `wp_lazyload_comment_meta`, that instead of priming comment meta caches, just adds them to the queue to be primed it ever called. This results in far less database queries, as there a number of places where comment meta is being primed unnecessarily and never used. Adding everything to the comment meta queue, also means that if comment meta is used, that is all loaded in a single database / cache call.
Follow on from [55671], [55747].
Props spacedmonkey, peterwilsoncc, flixos90, mukesh27.
Fixes#57801.
git-svn-id: https://develop.svn.wordpress.org/trunk@55749 602fd350-edb4-49c9-b593-d223f7449a82
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
git-svn-id: https://develop.svn.wordpress.org/trunk@55703 602fd350-edb4-49c9-b593-d223f7449a82
Add a helper function called `wp_cache_set_last_changed` to set the last changed value for cache groups. This function has a new action called `wp_cache_set_last_changed`, allowing for developers to cache invalidate when last changed value is changed.
Props tillkruess, spacedmonkey, peterwilsoncc, mukesh27, johnjamesjacoby.
Fixes#57905.
git-svn-id: https://develop.svn.wordpress.org/trunk@55702 602fd350-edb4-49c9-b593-d223f7449a82
Per [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#writing-include-require-statements WordPress PHP coding standards], it is ''strongly recommended'' to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found.
Follow-up to [1674], [1812], [1964], [6779], [8540], [10521], [11005], [11911], [16065], [16149], [25421], [25466], [25823], [37714], [42981], [45448], [47198], [54276], [55633].
Props kausaralm, SergeyBiryukov.
See #57839.
git-svn-id: https://develop.svn.wordpress.org/trunk@55641 602fd350-edb4-49c9-b593-d223f7449a82
Give developers more control over how query caches are handled within an object caches. Now all caches that cache the result of a query, are cached in a group that is suffixed with -queries. Developers can use these groups, to add custom cache invalidation rules or to make them none persistent.
Props spacedmonkey, owi, tillkruess, skithund, peterwilsoncc, flixos90, sergeybiryukov, mukesh27.
Fixes#57625.
git-svn-id: https://develop.svn.wordpress.org/trunk@55526 602fd350-edb4-49c9-b593-d223f7449a82
The original filter location is `wp_notify_moderator()` in `wp-includes/pluggable.php`.
This commit updates the instance in `wp_new_comment_notify_moderator()` to point to the correct file.
Follow-up to [35339], [35725].
Props zevilz.
Fixes#57808.
git-svn-id: https://develop.svn.wordpress.org/trunk@55424 602fd350-edb4-49c9-b593-d223f7449a82
Introduces client and server side validation to ensure the `replytocom` query string parameter can not be exploited to reply to an unapproved comment or display the name of an unapproved commenter.
This only affects commenting via the front end of the site. Comment replies via the dashboard continue their current behaviour of logging the reply and approving the parent comment.
Introduces the `$post` parameter, defaulting to the current global post, to `get_cancel_comment_reply_link()` and `comment_form_title()`.
Introduces `_get_comment_reply_id()` for determining the comment reply ID based on the `replytocom` query string parameter.
Renames the parameter `$post_id` to `$post` in `get_comment_id_fields()` and `comment_id_fields()` to accept either a post ID or `WP_Post` object.
Adds a new `WP_Error` return state to `wp_handle_comment_submission()` to prevent replies to unapproved comments. The error code is `comment_reply_to_unapproved_comment` with the message `Sorry, replies to unapproved comments are not allowed.`.
Props costdev, jrf, hellofromtonya, fasuto, boniu91, milana_cap.
Fixes#53962.
git-svn-id: https://develop.svn.wordpress.org/trunk@55369 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that `get_comments()` is called with the correct parameter name in:
* `wp_comments_personal_data_exporter()`
* `wp_comments_personal_data_eraser()`
Follow-up to [42888], [42994].
Props smeunus, kapilpaul, SergeyBiryukov.
Fixes#57700.
git-svn-id: https://develop.svn.wordpress.org/trunk@55324 602fd350-edb4-49c9-b593-d223f7449a82
This resolves 80+ WPCS warnings in core:
{{{
Variable "$comment_ID" is not in valid snake_case format
}}}
While matching the database field of the same name, the `$comment_ID` variable did not follow the WordPress coding standards, and is now renamed to address that.
This affects:
* Function parameters in:
* `get_comment_author()`
* `comment_author()`
* `get_comment_author_email()`
* `comment_author_email()`
* `get_comment_author_link()`
* `comment_author_link()`
* `get_comment_author_IP()`
* `comment_author_IP()`
* `get_comment_author_rl()`
* `comment_author_url()`
* `get_comment_date()`
* `comment_date()`
* `get_comment_excerpt()`
* `comment_excerpt()`
* `get_comment_text()`
* `comment_text()`
* `get_comment_time()`
* `comment_time()`
* `get_comment_type()`
* `get_page_of_comment()`
* `wp_new_comment_notify_moderator()`
* `wp_new_comment_notify_postauthor()`
* `get_commentdata()`
* Internal variables in:
* `get_comment_ID()`
* `wp_new_comment()`
* `wp_xmlrpc_server::wp_deleteComment()`
* `wp_xmlrpc_server::wp_editComment()`
* `wp_xmlrpc_server::wp_newComment()`
* `wp_xmlrpc_server::pingback_ping()`
* Hook parameters in:
* `get_comment_author`
* `comment_author`
* `get_comment_author_email`
* `author_email`
* `get_comment_author_link`
* `get_comment_author_IP`
* `get_comment_author_url`
* `comment_url`
* `get_comment_excerpt`
* `comment_excerpt`
* `get_comment_ID`
* `get_comment_type`
* `get_page_of_comment`
* `comment_{$new_status}_{$comment->comment_type}`
* `comment_post`
* `notify_moderator`
* `notify_post_author`
* `commentrss2_item`
* `xmlrpc_call_success_wp_deleteComment`
* `xmlrpc_call_success_wp_editComment`
* `xmlrpc_call_success_wp_newComment`
* `pingback_post`
Note: The name change only affects variable names and DocBlocks.
The change does not affect:
* `comment_ID` as the `$orderby` value in `WP_Comment_Query::__construct()`
* `comment_ID` as the `$orderby` value in `WP_Comment::get_children()`
* `comment_ID` as part of `$commentarr` parameter in `wp_update_comment()`
The associated array keys still match the database field.
Follow-up to [53723].
Props krunal265, costdev, SergeyBiryukov.
Fixes#57671. See #56791.
git-svn-id: https://develop.svn.wordpress.org/trunk@55308 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a fatal error if the function is disabled on certain environments.
Props theode, jokerrs, johnbillion, hellofromTonya, costdev, jrf, azaozz, SergeyBiryukov.
Fixes#55711.
git-svn-id: https://develop.svn.wordpress.org/trunk@55258 602fd350-edb4-49c9-b593-d223f7449a82
This changeset improves the consistency in capitalization of fetching and outputting of request headers. It also updates occurrences found in some docblocks.
Props johnjamesjacoby, costdev, audrasjb, petitphp, mhkuu, SergeyBiryukov.
Fixes#54225.
git-svn-id: https://develop.svn.wordpress.org/trunk@55210 602fd350-edb4-49c9-b593-d223f7449a82
The `check_comment()` and `wp_check_comment_disallowed_list()` functions are expected to be case-insensitive, but that only worked for words using Latin script and consisting of ASCII characters.
This commit adds the Unicode flag to the regular expression used for the check in these functions, so that both pattern and subject can be treated as UTF-8 strings.
Reference: [https://www.php.net/manual/en/reference.pcre.pattern.modifiers.php PHP Manual: Pattern Modifiers].
Follow-up to [984], [2075], [48121], [48575].
Props bonjour52, SergeyBiryukov.
Fixes#57207.
git-svn-id: https://develop.svn.wordpress.org/trunk@54888 602fd350-edb4-49c9-b593-d223f7449a82
For backward compatibility, the `user_id` parameter of `wp_new_comment()` can be spelled as `user_ID`, and plugins utilizing the `preprocess_comment` filter or the `comment_post` action should be able to receive both variations.
Follow-up to [12267], [12300], [28915], [36038], [53729].
Props peterwilsoncc, SergeyBiryukov.
Fixes#56244.
git-svn-id: https://develop.svn.wordpress.org/trunk@54489 602fd350-edb4-49c9-b593-d223f7449a82
This affects the following parameters subsequently passed to `wp_new_comment()`:
* `comment_author`
* `comment_author_email`
* `comment_author_url`
* `comment_content`
The default values for these parameters were previously set to `null`, causing PHP 8.1 "null to non-nullable" deprecation notices when running sanitization filters on them via `wp_filter_comment()`.
While the deprecation notices were temporarily silenced in the unit test suite, that caused an unexpected issue in a test for [source:tags/6.0.2/tests/phpunit/tests/comment-submission.php#L202 submitting a comment to a password protected post], where the `$_COOKIE[ 'wp-postpass_' . COOKIEHASH ]` value was no longer unset, as the test stopped any further execution once the deprecation notice was triggered.
Due to how WordPress handles password protected posts, once that value is set, it affects all posts protected with the same password, so this resulted in unintentionally affecting [source:tags/6.0.2/tests/phpunit/tests/rest-api/rest-posts-controller.php#L1866 another test] which happened to use the same password.
These values are all documented to be a string in various related filters, and core also expects them to be a string, so there is no reason for these defaults to be set to `null`. Setting them to an empty string instead resolves the issues.
This commit includes:
* Setting the defaults in `wp_handle_comment_submission()` to an empty string.
* Adding a dedicated unit test to verify the type of these default values.
* Removing the deprecation notice silencing as no longer needed.
Follow-up to [34799], [34801], [51968].
Props jrf, desrosj, mukesh27, SergeyBiryukov.
Fixes#56712. See #56681, #55656.
git-svn-id: https://develop.svn.wordpress.org/trunk@54368 602fd350-edb4-49c9-b593-d223f7449a82
Remove the private delegation from the following cache priming functions for various object types:
- `_prime_post_caches()`
- `_prime_term_caches()`
- `_prime_comment_caches()`
- `_prime_network_caches()`
- `_prime_site_caches()`
- `_get_non_cached_ids() `
Plugins and themes are now encouraged to use these functions to improve the performance of their code by reducing the number of database queries.
Props robinwpdeveloper, desrosj, SergeyBiryukov, mukesh27, costdev.
Fixes#56386.
git-svn-id: https://develop.svn.wordpress.org/trunk@53944 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a PHP compatibility error in `wp_handle_comment_submission()`:
* `Trailing comma's are not allowed in function calls in PHP 7.2 or earlier`
Follow-up to [53729].
See #55647, #56244.
git-svn-id: https://develop.svn.wordpress.org/trunk@53730 602fd350-edb4-49c9-b593-d223f7449a82
The `wp_new_comment()`, `wp_update_comment()`, and `wp_filter_comment()` functions already normalize the `user_ID` parameter internally to `user_id`, which matches the database field name.
This commit aims to bring some consistency when passing the parameter in core.
The corresponding `$user_ID` variable is also renamed to `$user_id` to match the other variables when not referring to the `$user_ID` global, which has an exception in the WordPress coding standards.
Follow-up to [8543], [8720], [12267], [12300], [26491], [28915], [28922], [34799], [49303].
See #55647, #56244.
git-svn-id: https://develop.svn.wordpress.org/trunk@53729 602fd350-edb4-49c9-b593-d223f7449a82
This fixes two WPCS warnings:
* `Variable "$comment_post_ID" is not in valid snake_case format`
* `Variable "$comment_author_IP" is not in valid snake_case format`
While matching the database fields of the same name, these variables did not follow the WordPress coding standards, and are now renamed to address that.
Note: The name change only affects internal variables and parameters for a few actions receiving a comment post ID:
* `edit_comment`
* `comment_id_not_found`
* `comment_closed`
* `comment_on_trash`
* `comment_on_draft`
* `comment_on_password_protected`
* `pre_comment_on_post`
The change does not affect parameters for functions receiving an array of comment data:
* `wp_insert_comment()`
* `wp_new_comment()`
* `wp_update_comment()`
* `wp_handle_comment_submission()`
The associated array keys still match the database fields: `comment_post_ID` and `comment_author_IP`.
Follow-up to [1706], [2894], [8720], [28427], [28437], [28457], [34799], [53720],
See #55647, #56244.
git-svn-id: https://develop.svn.wordpress.org/trunk@53723 602fd350-edb4-49c9-b593-d223f7449a82
Remove reference to uncached database query now `get_comment_count()` uses `WP_Comment_Query` which contains caching. Remove reference to `$wpdb` global, it is no longer used.
Follow up to [53036].
Fixes#19901.
git-svn-id: https://develop.svn.wordpress.org/trunk@53225 602fd350-edb4-49c9-b593-d223f7449a82
Improve performance of the `wp_count_comments` function by replacing a complex query with multiple calls to the `get_comments` function. Passing the `count` parameter to the `get_comments` function results in a simple
count query that returns quickly. Using `get_comments` also means that query is cached and run through filters.
Props FolioVision, markjaquith, nacin, ryan, coffee2code, wonderboymusic, ComputerGuru, jb510, SergeyBiryukov, Znuff, Rahe, uday17035, spacedmonkey, peterwilsoncc.
Fixes#19901.
git-svn-id: https://develop.svn.wordpress.org/trunk@53036 602fd350-edb4-49c9-b593-d223f7449a82
Implement the `wp_cache_add_multiple`, `wp_cache_set_multiple` and `wp_cache_delete_multiple` in a number of core functions after they were introduced in [52700]
Props: spacedmonkey, adamsilverstein, flixos90, mitogh.
Fixes: #55029.
git-svn-id: https://develop.svn.wordpress.org/trunk@52707 602fd350-edb4-49c9-b593-d223f7449a82
Add required asterisk to the comment text field. Historically, the name and email fields are marked as required, but the comment text field is not, though it is actually a required field.
Props infected, solarissmoke, rianrietveld, afercia, sabernhardt, strider72, mai21, audrasjb.
Fixes#16206.
git-svn-id: https://develop.svn.wordpress.org/trunk@52029 602fd350-edb4-49c9-b593-d223f7449a82
[48658] documented that various metadata functions return false for an invalid ID. However, that does not clarify what an invalid ID is: a non-numeric, zero, or negative value. This change adds the clarification in all relevant metadata function docblocks.
Props icopydoc, SergeyBiryukov, davidkryzaniak, audrasjb.
Fixes#51797.
git-svn-id: https://develop.svn.wordpress.org/trunk@50641 602fd350-edb4-49c9-b593-d223f7449a82
This extension is necessary because the comment approval notification opt-in form introduced in [47887] uses the same mechanism, and the previous limit of one minute meant that users on a slow connection, using assistive technology, with limited motor skills, or who are generally indecisive may not complete the opt-in action within one minute, and therefore not see the confirmation message.
Props joedolson, imath, hellofromTonya, peterwilsoncc, alexstine, davidbaumwald
Fixes#52406
git-svn-id: https://develop.svn.wordpress.org/trunk@50271 602fd350-edb4-49c9-b593-d223f7449a82
The opt-in form is shown after the comment is submitted and held for moderation.
Sorry this took five years.
Props jeffr0, swissspidy, mrahmadawais, wonderboymusic, jdgrimes, obenland, Monika, imath, garrett-eclipse, johnbillion
Fixes#33717
git-svn-id: https://develop.svn.wordpress.org/trunk@50109 602fd350-edb4-49c9-b593-d223f7449a82
