A direct URL to where a user can update PHP for their website can now be specified in one of two ways:
- Defining the `WP_DIRECT_UPDATE_PHP_URL` environment variable.
- Returning a URL to the `wp_direct_php_update_url` filter.
When a URL is specified, an additional “Update PHP” button will be displayed at the bottom of the Core dashboard widget informing administrators that their site is running an outdated version of PHP (see [42832]).
Fixes#46074.
Props afragen, desrosj, lukecarbis.
git-svn-id: https://develop.svn.wordpress.org/trunk@44814 602fd350-edb4-49c9-b593-d223f7449a82
Also, fixes some indentation where spaces were used instead of tabs.
Props nielslange, mukesh27.
Fixes#45937.
git-svn-id: https://develop.svn.wordpress.org/trunk@44791 602fd350-edb4-49c9-b593-d223f7449a82
This was introduced in [44466]. Also, this changeset adds tests for `_wp_die_process_input()` so that this never happens again.
Props dd32.
See #45933.
git-svn-id: https://develop.svn.wordpress.org/trunk@44690 602fd350-edb4-49c9-b593-d223f7449a82
This allows more accurate filtering of the filename and extension given to uploaded files.
Props desrosj, Tkama.
Fixes#45707.
git-svn-id: https://develop.svn.wordpress.org/trunk@44677 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds support for a new `wp_die()` argument `exit`, which defaults to true and determines whether `wp_die()` should actually terminate the request. The new fatal error handler then calls `wp_die()` with that argument set to false, as calling `die()` or `exit` from a PHP shutdown function prevents other shutdown functions from being called.
Props schlessera, johnbillion.
Fixes#46038. See #44458.
git-svn-id: https://develop.svn.wordpress.org/trunk@44671 602fd350-edb4-49c9-b593-d223f7449a82
Prior to this change, each `wp_die()` handler had their own logic for how to parse arguments, causing inconsistencies and even breakage because the arguments possible to pass to `wp_die()` depended on the request context. Passing a `WP_Error` as `$message` for example used to be only support by the default handler, but not the AJAX and XML-RPC handlers.
With the fatal error protection, plus the new `wp_die()` handlers related to that, improving this support and compatibility has become more significant. Therefore this changeset introduces a private `_wp_die_process_input()` function that handles all function parameters consistently.
Props spacedmonkey, flixos90, schlessera.
Fixes#45933. See #44458.
git-svn-id: https://develop.svn.wordpress.org/trunk@44666 602fd350-edb4-49c9-b593-d223f7449a82
This changeset uses the API functions introduced in [44476] to link to the resource about updating PHP when highlighting a plugin's required PHP version is not met. It furthermore expands them, introducing a new `wp_update_php_annotation()` function that prints the markup to indicate that the default URL has been altered by the web host, allowing it to be reused universally.
Furthermore, this changeset adds missing `update_php` capability checks before displaying the information about updating PHP.
Props afragen.
Fixes#45986. See #43986, #45686.
git-svn-id: https://develop.svn.wordpress.org/trunk@44627 602fd350-edb4-49c9-b593-d223f7449a82
In addition to AJAX and XML-RPC requests, `wp_die()` now handles JSON requests correctly, returning information in the expected content type.
Props spacedmonkey.
See #45933, #44458.
git-svn-id: https://develop.svn.wordpress.org/trunk@44625 602fd350-edb4-49c9-b593-d223f7449a82
This changeset removes the hack that was used before to display more complex HTML markup than a simple message in the default PHP error template via `wp_die()`. By removing HTML markup from the arguments passed to `wp_die()` it furthermore paves the way for supporting other content types than the default.
The message and arguments can be modified with new `wp_php_error_message` and `wp_php_error_args` filters respectively.
Furthermore this changeset fixes a few issues of functions not existing which could potentially have caused fatal errors when executed early in the WordPress bootstrap process.
Props flixos90, spacedmonkey.
See #45933, #44458.
git-svn-id: https://develop.svn.wordpress.org/trunk@44624 602fd350-edb4-49c9-b593-d223f7449a82
WordPress has historically often used code like `preg_split( '/[\s,]+/', $var )` to parse a string of comma-separated values into an array. However, this approach was causing an empty string to not be parsed into an empty array as expected, but rather into an array with the empty string as its sole element.
This was among other areas causing problems in the REST API where passing an empty request parameter could cause that request to fail because, instead of it being ignored, that parameter would be compared against the valid values for it, which typically do not include an empty string.
Props david.binda, sstoqnov.
Fixes#43977.
git-svn-id: https://develop.svn.wordpress.org/trunk@44546 602fd350-edb4-49c9-b593-d223f7449a82
Instead of turning the return value of `stream_get_wrappers()` into a regex to match the scheme, we can instead extract the scheme and search the return value of `stream_get_wrappers()`.
Props schlessera, swissspidy.
Fixes#45553.
git-svn-id: https://develop.svn.wordpress.org/trunk@44506 602fd350-edb4-49c9-b593-d223f7449a82
After [42832], [42891] and [43006], this changeset refines the core notice informing about an outdated PHP version:
* The link to the Update PHP information page can now be adjusted using either a `WP_UPDATE_PHP_URL` environment variable, or a new `wp_update_php_url` filter.
* If that URL is different from the default one that points to https://wordpress.org/support/update-php/ or its localized equivalent, a note indicates that the linked resource has not been provided by WordPress itself, and the default URL is still linked to as an additional resource.
* The URL for the default information page has been updated to use the slug `update-php` instead of `upgrade-php`.
* `@since` annotations have been updated.
Going forward, admin areas that display information related to the PHP version should use the new function `wp_get_update_php_url()`.
Props afragen, fierevere, flixos90, markjaquith, miss_jwo, nerrad, pento, schlessera, SergeyBiryukov, spacedmonkey.
Fixes#45686. See #41191.
git-svn-id: https://develop.svn.wordpress.org/trunk@44476 602fd350-edb4-49c9-b593-d223f7449a82
This adds some special case handling in 'wp_check_filetype_and_ext()' that prevents some common file types from being blocked based on mismatched MIME checks, which were made more strict in WordPress 5.0.1.
Props Kloon, birgire, tellyworth, joemcgill.
See #45615.
git-svn-id: https://develop.svn.wordpress.org/trunk@44438 602fd350-edb4-49c9-b593-d223f7449a82
A static variable contains an integer that is incremented with each call. This number is returned with the optional prefix.
As such the returned value is not universally unique, but it is unique across the life of the PHP process.
Props westonruter, dlh.
See #44883.
git-svn-id: https://develop.svn.wordpress.org/trunk@43658 602fd350-edb4-49c9-b593-d223f7449a82
* Add a `human_readable_duration` function including tests.
* Add 'pixels' after image width/height.
* Add screen reader text for durations.
Props Presskopp, kiranpotphode, milindmore22, stormrockwell, afercia.
Fixes#39667.
git-svn-id: https://develop.svn.wordpress.org/trunk@43633 602fd350-edb4-49c9-b593-d223f7449a82
Previously, UTC context was implied, but could be unreliable due to being affected by plugins.
Props Rarst, rahulsprajapati, marco.marsala.
Fixes#37440.
git-svn-id: https://develop.svn.wordpress.org/trunk@43594 602fd350-edb4-49c9-b593-d223f7449a82
`$function`, `$message`, and `$version` have historically been passed to the `doing_it_wrong_run` action. It makes sense to pass those to the filter as well, so that one can conditionally determine the filter value to return.
Fixes#34183.
git-svn-id: https://develop.svn.wordpress.org/trunk@43587 602fd350-edb4-49c9-b593-d223f7449a82
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
git-svn-id: https://develop.svn.wordpress.org/trunk@43571 602fd350-edb4-49c9-b593-d223f7449a82
Some versions of PHP appear to have a memory leak that is occasionally triggered by calling `stream_get_wrappers()`. In order to avoid calling this, we can return early from `wp_is_stream()` when `$path` doesn't contain `://`.
Props pbiron, JPry, dontstealmyfish.
Fixes#44532.
git-svn-id: https://develop.svn.wordpress.org/trunk@43466 602fd350-edb4-49c9-b593-d223f7449a82
The docs for `date_i18n()` and its filter now correctly state that the `$gmt` parameter is only taken into account if no timestamp is provided. Furthermore, a bug with that parameter is fixed, as it is now ensured that the timezone used with it is `UTC`.
Props Rarst.
Fixes#38771.
git-svn-id: https://develop.svn.wordpress.org/trunk@43389 602fd350-edb4-49c9-b593-d223f7449a82
Prior to this change, `date_i18n()` only supported the `timezone_string` option, causing incorrect timezones to appear in formatted dates on sites that still rely on the `gmt_offset` option.
Props Rarst.
Fixes#34835.
git-svn-id: https://develop.svn.wordpress.org/trunk@43387 602fd350-edb4-49c9-b593-d223f7449a82
Erasing timezone with a regular expression is redundant, the date could be just formatted in the respective format instead.
Props Rarst.
Fixes#42542.
git-svn-id: https://develop.svn.wordpress.org/trunk@43384 602fd350-edb4-49c9-b593-d223f7449a82
Despite historical function name, the output does not conform to RFC3339 format, which must contain timezone.
Props Rarst.
See #42542.
git-svn-id: https://develop.svn.wordpress.org/trunk@43383 602fd350-edb4-49c9-b593-d223f7449a82
Despite previously being labeled as a Unix timestamp, in reality it's a sum of Unix timestamp and timezone offset in seconds.
Props Rarst.
See #38771.
git-svn-id: https://develop.svn.wordpress.org/trunk@43380 602fd350-edb4-49c9-b593-d223f7449a82
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.
To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.
The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.
Props johnjamesjacoby, allendav.
Fixes#44091.
git-svn-id: https://develop.svn.wordpress.org/trunk@43284 602fd350-edb4-49c9-b593-d223f7449a82
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue.
An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.
The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.
Props azaozz, xkon, iandunn.
Fixes#43954. See #43953.
git-svn-id: https://develop.svn.wordpress.org/trunk@43223 602fd350-edb4-49c9-b593-d223f7449a82
r43046 introduced `wp_schedule_delete_old_privacy_export_files()` to schedule the `wp_privacy_delete_old_export_files` cron job, but it did not check to make sure it wasn't running in the context of the install process. When it did run in that context, it created a database error, because the necessary database tables don't exist at that point.
Checking the current context and returning early during the installation phase avoids that issue.
Props helen, timothyblynjacobs, iandunn.
Fixes#43952.
git-svn-id: https://develop.svn.wordpress.org/trunk@43162 602fd350-edb4-49c9-b593-d223f7449a82
`list_files()` is defined in `wp-admin/includes/file.php`, which is not included by `wp-cron.php`, so it needs to be included by the caller in order to avoid a fatal PHP error.
This bug was not detected during testing because the file _is_ included when executing jobs via `wp cron event run`.
Props mikejolley, iandunn.
See #43546.
See https://wordpress.slack.com/archives/C9695RJBW/p1525190405000860.
git-svn-id: https://develop.svn.wordpress.org/trunk@43059 602fd350-edb4-49c9-b593-d223f7449a82
