Adds a new optional `$include_hidden` parameter to allow the inclusion of hidden (`.` prefixed) files.
Defaults to false for backward compatibility.
Props yani.iliev, sabernhardt, costdev, rutviksavsani, zunaid321, azaozz.
Fixes#53659.
git-svn-id: https://develop.svn.wordpress.org/trunk@56069 602fd350-edb4-49c9-b593-d223f7449a82
`str_starts_with()` and `str_ends_with()` were introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins or ends with the given substring (needle).
WordPress core includes a polyfill for these functions on PHP < 8.0 as of WordPress 5.9.
This commit uses `str_starts_with()` and `str_ends_with()` in core files where appropriate:
* `$needle === substr( $string, 0, $length )`, where `$length` is the length of `$needle`, is replaced with `str_starts_with( $haystack, $needle )`.
* `$needle === substr( $string, $offset )`, where `$offset` is negative and the absolute value of `$offset` is the length of `$needle`, is replaced with `str_ends_with( $haystack, $needle )`.
This aims to make the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987], [55988].
Props Soean, spacedmonkey, Clorith, ocean90, azaozz, sabernhardt, SergeyBiryukov.
Fixes#58220.
git-svn-id: https://develop.svn.wordpress.org/trunk@55990 602fd350-edb4-49c9-b593-d223f7449a82
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
git-svn-id: https://develop.svn.wordpress.org/trunk@55988 602fd350-edb4-49c9-b593-d223f7449a82
Adds a check to the start of `copy_dir()` that the destination directory exists and attempts to create it if it does not.
An error is returned if the directory can not be created, either due to a permissions error or the parent directory not existing.
Props caraffande, costdev, zunaid321.
Fixes#41855.
git-svn-id: https://develop.svn.wordpress.org/trunk@55938 602fd350-edb4-49c9-b593-d223f7449a82
Previously when the `mimes` element was not specified in the overrides array passed to `_wp_handle_upload()` it resulted in boolean false being passed to this parameter, which is incorrect. The fallback value should be `null`.
Props platonkristinin, pkbhatt
Fixes#58349
git-svn-id: https://develop.svn.wordpress.org/trunk@55872 602fd350-edb4-49c9-b593-d223f7449a82
The terms "roll back" and "rolled back" are used in user facing strings since [55720]. These termes are not that clear for novice users and may be difficult to translate in some locales. This changeset replaces "roll back" with "restore" and "rolled back" with "restored" or "not applied" depending of the context of the screen.
Follow-up to [55720].
Props kebbet, costdev, NekoJonez, audrasjb, SergeyBiryukov, davidbaumwald.
Fixes#58282.
git-svn-id: https://develop.svn.wordpress.org/trunk@55750 602fd350-edb4-49c9-b593-d223f7449a82
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
git-svn-id: https://develop.svn.wordpress.org/trunk@55703 602fd350-edb4-49c9-b593-d223f7449a82
The `::dirlist()` method is run on the `$from` directory, so `basename( $from )` is the correct thing to pass to the `WP_Error` object.
Follow-up to [50149].
Props afragen, costdev, pravinparmar2404.
Fixes#57907.
git-svn-id: https://develop.svn.wordpress.org/trunk@55538 602fd350-edb4-49c9-b593-d223f7449a82
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.
Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes#29748.
git-svn-id: https://develop.svn.wordpress.org/trunk@55276 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a fatal error if the function is disabled on certain environments.
Props theode, jokerrs, johnbillion, hellofromTonya, costdev, jrf, azaozz, SergeyBiryukov.
Fixes#55711.
git-svn-id: https://develop.svn.wordpress.org/trunk@55258 602fd350-edb4-49c9-b593-d223f7449a82
Correctly instantiate `WP_Error()` within `move_dir()` to prevent a fatal error when unable to delete an existing directory that is intended to be replaced.
Follow-up to [55204], [55219], [55220], [55223].
Props swissspidy, costdev, afragen.
Fixes#57375.
git-svn-id: https://develop.svn.wordpress.org/trunk@55226 602fd350-edb4-49c9-b593-d223f7449a82
This updates the check whether the destination directory already exists to only call `$wp_filesystem->exists()` once.
Follow-up to [55204], [55219], [55220].
Props azaozz, afragen, SergeyBiryukov.
Fixes#57375.
git-svn-id: https://develop.svn.wordpress.org/trunk@55223 602fd350-edb4-49c9-b593-d223f7449a82
Changes `move_dir()` to attempt to delete the destination when overwriting, before calling `WP_Filesystem::move()`.
Props: afragen, costdev, azaozz.
Fixes: #57375.
git-svn-id: https://develop.svn.wordpress.org/trunk@55219 602fd350-edb4-49c9-b593-d223f7449a82
This changeset improves the consistency in capitalization of fetching and outputting of request headers. It also updates occurrences found in some docblocks.
Props johnjamesjacoby, costdev, audrasjb, petitphp, mhkuu, SergeyBiryukov.
Fixes#54225.
git-svn-id: https://develop.svn.wordpress.org/trunk@55210 602fd350-edb4-49c9-b593-d223f7449a82
Introduces:
- New function: `wp_opcache_invalidate_directory()`, to recursively call `wp_opcache_invalidate()` after overwriting .php files.
- New function: `move_dir()`, similar to `copy_dir()` that uses `WP_Filesystem::move()` followed by `wp_opcache_invalidate_directory()`, and has a fallback to `copy_dir()`.
Props: costdev, afragen, peterwilsoncc, sergeybiryukov, ironprogrammer, flixos90, bronsonquick, mukesh27, azaozz.
Fixes#57375.
git-svn-id: https://develop.svn.wordpress.org/trunk@55204 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds `spellcheck="false"` attribute to various password fields.
The spellcheck global attribute defines whether the element may be checked for spelling errors. The `false` value indicates that the element should not be checked for spelling errors, which is relevant for a password field.
Furthermore, and as per MDN specs, using spellchecking can have consequences for users' security and privacy. The specification does not regulate how spellchecking is done and the content of the element may be sent to a third party for spellchecking results. Thus, it is recommended to set `spellcheck` attribute to `false` for elements that can contain sensitive information. Which is the case for password fields.
Props dziudek, audrasjb, gainesm, fosuahmed.
Fixes#56763.
git-svn-id: https://develop.svn.wordpress.org/trunk@55094 602fd350-edb4-49c9-b593-d223f7449a82
Since `ABSPATH` is defined and documented to end with a forward slash `/`, this changeset removes the first `/` from strings appended to `ABSPATH` in various files, leading to `//` in the resulting path.
Props TobiasBg, audrasjb, SergeyBiryukov, emanuelx.
Fixes#57074.
See #57071.
git-svn-id: https://develop.svn.wordpress.org/trunk@54872 602fd350-edb4-49c9-b593-d223f7449a82
This changeset ensures the directory path is provided in error messages when `_unzip_file_pclzip()` is unable to create a directory. This removes `substr()` which was returning an empty string in some use cases.
Props gunterer, SergeyBiryukov, n8finch, peterwilsoncc, audrasjb, rsiddharth, costdev , desrosj, mukesh27.
Fixes#54477.
git-svn-id: https://develop.svn.wordpress.org/trunk@54442 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds a file description for `theme.json`. This description is notably used in the Theme File Editor.
Props ocean90, kapilpaul, poena.
Fixes#55325.
git-svn-id: https://develop.svn.wordpress.org/trunk@54140 602fd350-edb4-49c9-b593-d223f7449a82
This changeset implements a clearer and more consistent timeout/duration/expiration format. It updates time durations used in various files, as per WordPress coding standards:
- If the value can be represented as an integer (not a fractional) number of minutes (hours, etc.), use the appropriate constant (e.g.: `MINUTE_IN_SECONDS`) multiplied by that number.
- Otherwise, keep the value as is and add a comment with the units for clarity.
Follow-up to [11823], [13177], [21996], [37747], [53714].
Props hztyfoon, audrasjb, arrasel403, krupalpanchal, GaryJ, SergeyBiryukov, peterwilsoncc, rudlinkon, costdev, robinwpdeveloper.
Fixes#56293.
See #55647.
git-svn-id: https://develop.svn.wordpress.org/trunk@54113 602fd350-edb4-49c9-b593-d223f7449a82
This aims to clarify the time units for some timeout or expiration values.
Follow-up to [11823], [13177], [21996], [37747].
See #55647.
git-svn-id: https://develop.svn.wordpress.org/trunk@53714 602fd350-edb4-49c9-b593-d223f7449a82
`phpversion()` return value and `PHP_VERSION` constant value are identical, but the latter is several times faster because it is a direct constant value lookup compared to a function call.
Props ayeshrajans, jrf, mukesh27, costdev, hellofromTonya, SergeyBiryukov.
Fixes#55680.
git-svn-id: https://develop.svn.wordpress.org/trunk@53426 602fd350-edb4-49c9-b593-d223f7449a82
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.
Props Presskopp, socalchristina, aandrewdixon, francina, SergeyBiryukov, JeffPaul, audrasjb, hellofromTonya.
Fixes#38913.
See #39176.
git-svn-id: https://develop.svn.wordpress.org/trunk@52978 602fd350-edb4-49c9-b593-d223f7449a82
A new function `wp_filesize()` was added with [52837]. The function lived in the `wp-admin/includes/file.php` file. However, this admin specific function is not loaded into memory when hitting `media/edit` endpoint. The result was a `500` Internal Server Error. Why? The function is invoked with that endpoint, but the function does not exist in memory.
This commit relocates the new function to the `wp-includes/functions.php` file. In doing so, the function is available for both the frontend and backend.
Follow-up to [52837].
Props talldanwp, spacedmonkey, costdev, antonvlasenko.
Fixes#55367.
git-svn-id: https://develop.svn.wordpress.org/trunk@52932 602fd350-edb4-49c9-b593-d223f7449a82
Store the file size of all newly uploaded attachments, as part of the metadata stored in post meta. Storing file size means, developers will not have to resort to doing `filesize` function calls, that can be time consuming on assets on offloaded to services like Amazon’s S3.
This change also introduces a new helper function called, `wp_filesize`. This is a wrapper around the `filesize` php function, that adds some helpful filters and ensures the return value is an integer.
Props Cybr, Spacedmonkey, SergeyBiryukov, johnwatkins0, swissspidy, desrosj, joemcgill, azaozz, antpb, adamsilverstein, uday17035.
Fixes#49412.
git-svn-id: https://develop.svn.wordpress.org/trunk@52837 602fd350-edb4-49c9-b593-d223f7449a82
#38231 added support for files fetched remotely to have their filename defined by the host using the `Content-Disposition` header. This would then take priority over the existing temporary file name created with `wp_tempnam()` earlier in the process.
The change unintentionally omitted the temporary directory path used during uploads, since the `wp_tempnam()` function would have added it previously, so that files with this header ended up being stored in the WordPress root folder, or wp-admin folder, when triggered by WP_Cron or user interactions respectively.
This change makes sure the file path includes the temporary directory location when the header is used.
Follow-up to [51939].
Props antonynz, azouamauriac.
Fixes#55109.
git-svn-id: https://develop.svn.wordpress.org/trunk@52734 602fd350-edb4-49c9-b593-d223f7449a82
This change replaces "Current theme" with "Active theme" in various DocBlocks for better consistency with user-facing strings.
Follow-up to [52580].
Props Presskopp, audrasjb, costdev.
Fixes#54831.
See #54770.
git-svn-id: https://develop.svn.wordpress.org/trunk@52610 602fd350-edb4-49c9-b593-d223f7449a82
In PHP 8+, `@` no longer suppresses fatal errors:
> The `@` operator will no longer silence fatal errors (`E_ERROR`, `E_CORE_ERROR`, `E_COMPILE_ERROR`, `E_USER_ERROR`, `E_RECOVERABLE_ERROR`, `E_PARSE`).
Reference: [https://www.php.net/manual/en/migration80.incompatible.php PHP 8: Backward Incompatible Changes].
`disk_free_space()` may be disabled by hosts, which will throw a fatal error on a call to undefined function.
This change prevents the fatal error, and falls back to `false` when `disk_free_space()` is unavailable.
Follow-up to [25540], [25774], [25776], [25831], [25869].
Props costdev, jrf, swb1192, SergeyBiryukov.
Fixes#54826. See #54730.
git-svn-id: https://develop.svn.wordpress.org/trunk@52585 602fd350-edb4-49c9-b593-d223f7449a82
[52232] relocated the Theme Editor menu item from Appearance to Tools for block themes. This commit relocates the Plugin Editor menu item from Plugins to Tools for block themes for a consistent workflow.
Both the Theme Editor and Plugin Editor menu items are renamed to "Theme File Editor" and "Plugin File Editor" respectively. Why? To better identify their purpose, i.e. to directly edit the code in the theme or plugin files. The rename is not limited to only block themes.
Follow-up to [52232].
Props poena, annezazu, audrasjb, clorith, courane01, costdev, dryanpress, desrosj, hellofromTonya, ipstenu, jameskoster, joen, johnbillion, joyously, manfcarlo, marybaum, pbiron, SergeyBiryukov, walbo, youknowriad.
Fixes#54382.
git-svn-id: https://develop.svn.wordpress.org/trunk@52406 602fd350-edb4-49c9-b593-d223f7449a82
Revert the rollback features introduced for theme and plugin upgrades during the WordPress 5.9 cycle. A bug (suspected to be in third party virtualisation software) causes the upgrades to fail consistently on some set ups. The revert is to allow contributors further time to investigate mitigation options.
Reverts [52337], [52289], [52284], [51951], [52192], [51902], [51899], [51898], [51815].
Props pbiron, dlh, peterwilsoncc, galbaras, SergeyBiryukov, afragen, costdev, bronsonquick, aristath, noisysocks, desrosj, TobiasBg, hellofromTonya, francina, Boniu91.
See #54543, #54166, #51857.
git-svn-id: https://develop.svn.wordpress.org/trunk@52351 602fd350-edb4-49c9-b593-d223f7449a82
* Check for direct PHP flle access and only use `rename()` if true.
* Check whether the destination directory was successfully created.
* Clear the working directory so there is internal parity within the function between the results of a successful `rename()` and a fallback to `copy_dir()`.
* Use `move_dir()` in `WP_Upgrader::move_to_temp_backup_dir()` and `::restore_temp_backup()`.
Follow-up to [51815], [51898], [51899], [51902], [52192], [52284].
Props afragen, peterwilsoncc, dd32, SergeyBiryukov.
See #54166, #51857.
git-svn-id: https://develop.svn.wordpress.org/trunk@52289 602fd350-edb4-49c9-b593-d223f7449a82
Previously, when uploading a media item type that is not supported, the default error message claims that the reason it cannot upload is due to security reasons. This is not always true. Now the warning says that the type is not allowed, which is always true.
Props antpb, Presskopp, peterwilsoncc, desrosj, iluy, circlecube, mikeschroder.
Fixes#53626.
git-svn-id: https://develop.svn.wordpress.org/trunk@52032 602fd350-edb4-49c9-b593-d223f7449a82
This change allows for external clients to supply a suggested filename via a `Content-Disposition` response header. This filename is processed through `sanitize_file_name()` to ensure it is allowable (on the server, MIME's, etc...) and `validate_file()` to prevent directory traversal.
If the suggested filename fails the above processing/checks, that suggestion is discarded and the standard temporary filename (generated by WordPress) is used.
If no `Content-Disposition` header is found in the response headers, the standard temporary filename continues to be used as per normal.
Included in this change are 6 additional PHPUnit tests with 9 assertions. These tests confirm that valid filename values are correctly saved, and invalid filename values are correctly rejected.
Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.
Fixes#38231.
git-svn-id: https://develop.svn.wordpress.org/trunk@51939 602fd350-edb4-49c9-b593-d223f7449a82
This replaces the `copy_dir()` usage in `WP_Upgrader::install_package()` and aims to avoid PHP timeout issues when installing or updating large plugins on slower systems like Vagrant or the WP Docker test environment.
The new function attempts a native PHP `rename()` function first and falls back to the previous `copy_dir()`.
Follow-up to [51815], [51898].
Props afragen, aristath, peterwilsoncc, galbaras, noisysocks, pbiron.
Fixes#54166. See #51857.
git-svn-id: https://develop.svn.wordpress.org/trunk@51899 602fd350-edb4-49c9-b593-d223f7449a82
As per the PHP manual:
> If the `component` parameter is omitted, an associative array is returned.
> If the `component` parameter is specified, `parse_url()` returns a string (or an int, in the case of `PHP_URL_PORT`) instead of an array. If the requested component doesn't exist within the given URL, `null` will be returned.
Reference: [https://www.php.net/manual/en/function.parse-url.php#refsect1-function.parse-url-returnvalues PHP Manual: parse_url(): Return Values]
This commit adds three unit tests for `download_url()`:
* The first test is "girl-scouting" to make sure that the code up to the point where the error is expected is tested.
* The second test exposed a PHP 8.1 `basename(): Passing null to parameter #1 ($path) of type string is deprecated` error due to the call to `parse_url()` returning `null` when the component requested does not exist in the passed URL.
* The output of the call to `parse_url()` stored in the `$url_path` variable is used in more places in the function logic. The third test exposes a second PHP 8.1 deprecation notice, this time for `substr(): Passing null to parameter #1 ($string) of type string is deprecated`.
This commit also removes duplicate `parse_url()` calls. Neither `$url` nor `$url_filename` are changed between when they are first received/defined and when they are re-used, so there is no need to repeat the function calls.
Follow-up to [51606], [51622].
Props jrf, hellofromTonya, SergeyBiryukov.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51626 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a fatal error when the function is called via REST API from `WP_Site_Health_Auto_Updates::test_check_wp_filesystem_method()`.
Props lakrisgubben, mukesh27, Clorith, SergeyBiryukov.
Fixes#53206.
git-svn-id: https://develop.svn.wordpress.org/trunk@50979 602fd350-edb4-49c9-b593-d223f7449a82
This provides greater discoverability of such hooks in search results on the Code Reference site as well as increased clarity when reading the source.
See #50734, #52628
git-svn-id: https://develop.svn.wordpress.org/trunk@50505 602fd350-edb4-49c9-b593-d223f7449a82
