This changeset removes all instances of `_wp_http_referer` variable from the URL when creating a hidden input for `_wp_http_referer`. It prevents the hidden field from having an additional version of `_wp_http_referer` each time the form is submitted.
Props msolution, justinahinon, pbearne, mikeschroder, mukesh27, audrasjb, Clorith, chaion07, robinwpdeveloper, hztyfoon, davidbaumwald, costdev, adamsilverstein.
Fixes#54106.
git-svn-id: https://develop.svn.wordpress.org/trunk@54449 602fd350-edb4-49c9-b593-d223f7449a82
`realpath()` already checks if the file exists, and returns `false` on failure. The additional `file_exists()` check is not necessary and can be removed, improving the performance.
This commit simplifies the checks in two functions:
* `register_block_type_from_metadata()`
* `wp_json_file_decode()`
Note: In both of these cases, the values are passed through `wp_normalize_path()` after `realpath()`, so if the file does not exist, the `false` value gets converted to an empty string. The updated checks work both for `false` and `''` values.
Though this is a small tweak, it saves a lot of checks since one of the places we do this is when registering block styles, so it runs quite a few times on each page load.
Reference: [https://www.php.net/manual/en/function.realpath.php PHP Manual: realpath()].
Follow-up to [51599], [54132], [54290], [54291].
Props aristath.
Fixes#56654.
git-svn-id: https://develop.svn.wordpress.org/trunk@54309 602fd350-edb4-49c9-b593-d223f7449a82
If the `apache_get_modules()` function is redeclared to return an empty array, `apache_mod_loaded()` would assume that no Apache modules are installed and activated, which may not be correct.
This commit improves the logic by using pre-existing `phpinfo()` fallback to check for loaded modules in that case.
Includes replacing a hardcoded number passed as a flag to `phpinfo()` with the `INFO_MODULES` predefined constant for clarity.
Follow-up to [7441], [7508], [29330].
Props engahmeds3ed, audrasjb, Clorith, SergeyBiryukov.
Fixes#56010.
git-svn-id: https://develop.svn.wordpress.org/trunk@54299 602fd350-edb4-49c9-b593-d223f7449a82
Global terms was a feature from the WordPress MU days where multisite and single site installs used different code bases.
In WordPress 3.0, WordPress MU was merged into one location and the UI [14854] and “on” switch [14880] for global terms were completely removed.
Even before this merge, global terms was bug infested and unreliable. After [14854]/[14880], the feature was no longer maintained and became increasingly broken as taxonomies progressed without it (term splitting and term meta do not work at all). At this point, the feature has not worked in 12+ years and there’s no hope for saving it.
This deprecates the remaining global terms related code and no-ops the functions.
Global terms, you don’t have to go home, but you can’t stay here.
Props scribu, wonderboymusic, SergeyBiryukov, nacin, pento, desrosj, johnjamesjacoby, johnbillion, dd32.
Fixes#21734.
git-svn-id: https://develop.svn.wordpress.org/trunk@54240 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a bug where if the `timezone_string` is set to a timezone name which has since been deprecated, no option would be (pre-)selected in the generated dropdown list and when the form using the dropdown list is submitted, the “old”, originally saved value would be lost as the form would submit without a value being selected for the `timezone_string` field.
The fix is a little hacky: it basically checks ahead of generating the actual dropdown list whether the `$selected_zone` value would be recognized and set to “selected” and if not, verifies that the value ''is'' a valid but outdated timezone name and if so, adds an extra dropdown entry to the top of the list with the original value and sets this value to “selected”.
See the extensive write-up about this in ticket #56468.
Also see: [https://www.php.net/manual/en/datetimezone.listidentifiers.php PHP Manual: timezone_identifiers_list()].
Note: There are no pre-existing tests at all for this method and adding a complete set of tests for this method is outside the scope of this ticket, so this fix does not contain any tests.
Follow-up to [54207], [54217], [54227], [54229], [54230], [54232].
Props jrf, costdev, marcyoast.
See #56468.
git-svn-id: https://develop.svn.wordpress.org/trunk@54233 602fd350-edb4-49c9-b593-d223f7449a82
Allows Classic / Hybrid themes to use block-based template parts without using complete block-based templates.
* Exposes the Site Editor's template parts UI
* Adds Appearance > "Template Parts" menu
* Enabled within the theme via adding a theme support for `'block-template-parts'`
{{{#!php
add_theme_support( 'block-template-parts' );
}}}
This is a backport from Gutenberg.[https://github.com/WordPress/gutenberg/pull/42729 See WordPress/gutenberg PR 42729].
Follow-up to [52330], [52069], [52178].
Props mamaduka, fabiankaegy, poena, scruffian, manfcarlo, bernhard-reiter, hellofromTonya.
See #56467.
git-svn-id: https://develop.svn.wordpress.org/trunk@54176 602fd350-edb4-49c9-b593-d223f7449a82
Following the update to replace the HTTP API internals with Requests library in WordPress 4.6, the return value of `wp_remote_retrieve_headers()` has changed from a simple array to an object which implements `ArrayAccess`.
Since `wp_get_http_headers()` directly returns the result of `wp_remote_retrieve_headers()`, its return value should reflect that change.
Includes:
* Updating the return value for the deprecated `wp_get_http()` function, which also directly returns the result of `wp_remote_retrieve_headers()`.
* Minor DocBlock formatting changes for some other HTTP API functions per the documentation standards.
Follow-up to [2416], [6390], [8092], [9013], [37428], [37989], [38730].
Props mhkuu.
See #54225, #55646.
git-svn-id: https://develop.svn.wordpress.org/trunk@54157 602fd350-edb4-49c9-b593-d223f7449a82
In `wp_guess_url`, the regex to check for wp-login.php in the URL is slightly too permissive, not escaping `.` in "wp-login.php". `.` is a token in regex that matches any character.
This change simply escapes the `.` and adds unit test coverage for `wp_guess_url`.
Props cfinke, ocean90, jrf, voldemortensen, jdgrimes, curdin, netweb, petitphp, SergeyBiryukov, costdev.
Fixes#36827.
git-svn-id: https://develop.svn.wordpress.org/trunk@54146 602fd350-edb4-49c9-b593-d223f7449a82
The existing filter `image_editor_output_format` receives an additional parameter `$size_name` which is populated whenever it controls the output format for a specific registered image size to create. Otherwise, it remains empty. In order to achieve this, a low level change has been added in bringing a new `$size_name` class property to the `WP_Image_Editor` base class, which is introduced in a backward compatible way that will not cause conflicts with custom implementations.
This parameter is then used in new logic inside the `wp_default_image_output_mapping()` callback function for the filter, controlling whether `image/jpeg` should map to `image/webp` output or not. By default, this is enabled for all WordPress core image sizes by default, and this list can be modified using a new `wp_image_sizes_with_additional_mime_type_support` filter, e.g. to remove core sizes or add custom sizes.
The customization per image size may be further enhanced by providing a more declarative API via a new parameter on the `add_image_size()` function.
Props eugenemanuilov, flixos90, adamsilverstein, joegrainger.
Fixes#56526.
See #55443, #56288.
git-svn-id: https://develop.svn.wordpress.org/trunk@54097 602fd350-edb4-49c9-b593-d223f7449a82
This patch adjusts conditions to use strict comparisons when comparing `realpath()` in `path_is_absolute()`.
Props jrf.
See #36308.
git-svn-id: https://develop.svn.wordpress.org/trunk@53946 602fd350-edb4-49c9-b593-d223f7449a82
Remove the private delegation from the following cache priming functions for various object types:
- `_prime_post_caches()`
- `_prime_term_caches()`
- `_prime_comment_caches()`
- `_prime_network_caches()`
- `_prime_site_caches()`
- `_get_non_cached_ids() `
Plugins and themes are now encouraged to use these functions to improve the performance of their code by reducing the number of database queries.
Props robinwpdeveloper, desrosj, SergeyBiryukov, mukesh27, costdev.
Fixes#56386.
git-svn-id: https://develop.svn.wordpress.org/trunk@53944 602fd350-edb4-49c9-b593-d223f7449a82
Previously, Windows paths in the `path_is_absolute` function resulted in incorrect URIs. This patch adjusts for forward slashes and adds tests for the `get_attached_file` function.
Props Whissi, SergeyBiryukov, desrosj, stevenlinx, birgire, davidbaumwald, costdev, peterwilsoncc, audrasjb, hellofromTonya, johnbillion.
Fixes#36308.
git-svn-id: https://develop.svn.wordpress.org/trunk@53934 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds support for Enums in `is_serialized()`. It also adds new unit tests for this function.
Props ayeshrajans, konradyoast, peterwilsoncc, costdev, dennisatyoast, mukesh27.
Fixes#53299.
git-svn-id: https://develop.svn.wordpress.org/trunk@53886 602fd350-edb4-49c9-b593-d223f7449a82
* Move the colon inside the `<strong>` tags in some `Error:` prefixes, to match other strings.
* Move the full stop at the end of some sentences outside of the `<strong>` tags used for individual phrases.
Follow-up to [11669], [23844], [53118], [53458], [53476].
Props NekoJonez, Presskopp.
Fixes#56027.
git-svn-id: https://develop.svn.wordpress.org/trunk@53700 602fd350-edb4-49c9-b593-d223f7449a82
If the path starts with a slash, it will be considered absolute and returned as is earlier in the function.
It it's not absolute, then it does not start with a slash, so there is nothing to trim.
This change is covered by existing unit tests.
Follow-up to [6984], [53457].
Props karlijnbk.
See #55897.
git-svn-id: https://develop.svn.wordpress.org/trunk@53460 602fd350-edb4-49c9-b593-d223f7449a82
`phpversion()` return value and `PHP_VERSION` constant value are identical, but the latter is several times faster because it is a direct constant value lookup compared to a function call.
Props ayeshrajans, jrf, mukesh27, costdev, hellofromTonya, SergeyBiryukov.
Fixes#55680.
git-svn-id: https://develop.svn.wordpress.org/trunk@53426 602fd350-edb4-49c9-b593-d223f7449a82
Replace error suppressing in `wp_filesize()` with a `file_exists()` check before calling the native PHP `filesize()` function.
Follow up to [52837].
Props Cybr, johnbillion, spacedmonkey, antpb, azouamauriac, ironprogrammer, mukesh27, costdev, audrasjb, dlh.
Fixes#55678.
See #49412.
git-svn-id: https://develop.svn.wordpress.org/trunk@53372 602fd350-edb4-49c9-b593-d223f7449a82
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit renames the `$function` parameter to `$callback` in `wp_die_*_handler` filters, which aims to make it easier to use a non-reserved parameter name for anyone utilizing these filters.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #55327.
git-svn-id: https://develop.svn.wordpress.org/trunk@53243 602fd350-edb4-49c9-b593-d223f7449a82
The X-Frame-Options MDN documentation has been moved to `/docs/Web/HTTP/Headers/X-Frame-Options`. This changeset updates the link accordingly.
See #54729.
git-svn-id: https://develop.svn.wordpress.org/trunk@53202 602fd350-edb4-49c9-b593-d223f7449a82
`wp_list_pluck()` is used by WordPress to pluck items from a list. Of course, this requires a list. This validates the input of `wp_list_pluck()` to ensure it is a list.
This matches the behaviour of `wp_list_sort()` and `wp_filter_object_list()`.
Props marv2, davidbaumwald, mkox, SergeyBiryukov, dd32.
Fixes#54751.
git-svn-id: https://develop.svn.wordpress.org/trunk@53045 602fd350-edb4-49c9-b593-d223f7449a82
When using a block theme that declares Widgets support, it's better to not specify a menu order for the Widgets menu to avoid conflicts between menu items order.
Props Rufus87, ironprogrammer, audrasjb, hellofromTonya, davidbaumwald.
Fixes#54916.
git-svn-id: https://develop.svn.wordpress.org/trunk@53020 602fd350-edb4-49c9-b593-d223f7449a82
The new location is next to the pre-existing `count_users()` function, along with other user-specific functions, and should be a more appropriate place in terms of consistency.
This affects:
* `get_user_count()`
* `wp_maybe_update_user_counts()`
* `wp_update_user_counts()`
* `wp_schedule_update_user_counts()`
* `wp_is_large_user_count()`
Follow-up to [53011], [53016].
See #38741.
git-svn-id: https://develop.svn.wordpress.org/trunk@53018 602fd350-edb4-49c9-b593-d223f7449a82
Currently in WordPress multisite there is a concept of large networks. The function `wp_is_large_network` is used to determine if a network has a large number of sites or users. If a network is marked as large, then
expensive queries to calculate user counts are not run on page load but deferred to scheduled events. However there are a number of places in a single site installation where this functionality would also be useful, as
expensive calls to count users and roles can make screens in the admin extremely slow.
In this change, the `get_user_count` function and related functionality around it is ported to be available in a single site context. This means that expensive calls to the `count_users` function are replaced with
calls to `get_user_count`. This change also includes a new function called `wp_is_large_user_count` and a filter of the same name, to mark if a site is large.
Props johnbillion, Spacedmonkey, Mista-Flo, lumpysimon, tharsheblows, obenland, miss_jwo, jrchamp, flixos90, macbookandrew, pento, desrosj, johnjamesjacoby, jb510, davidbaumwald, costdev.
Fixes#38741.
git-svn-id: https://develop.svn.wordpress.org/trunk@53011 602fd350-edb4-49c9-b593-d223f7449a82
A new function `wp_filesize()` was added with [52837]. The function lived in the `wp-admin/includes/file.php` file. However, this admin specific function is not loaded into memory when hitting `media/edit` endpoint. The result was a `500` Internal Server Error. Why? The function is invoked with that endpoint, but the function does not exist in memory.
This commit relocates the new function to the `wp-includes/functions.php` file. In doing so, the function is available for both the frontend and backend.
Follow-up to [52837].
Props talldanwp, spacedmonkey, costdev, antonvlasenko.
Fixes#55367.
git-svn-id: https://develop.svn.wordpress.org/trunk@52932 602fd350-edb4-49c9-b593-d223f7449a82
The list item separator is a locale property, and it doesn't make much sense to translate it separately in multiple projects. This changeset implements the following modifications:
- Define list item separator as a new WP_Locale property
- Add `wp_get_list_item_separator()` as a wrapper for `WP_Locale::get_list_item_separator`
- Replace `$wp_locale->get_list_item_separator()` calls with `wp_get_list_item_separator()`
- Added a compatibility layer for bundled themes
Props SergeyBiryukov, swissspidy, rsiddharth, johnbillion, audrasjb.
Fixes#39733.
git-svn-id: https://develop.svn.wordpress.org/trunk@52929 602fd350-edb4-49c9-b593-d223f7449a82
Revert [52829] due to fatal errors in some Multisite configurations.
Props dd32, SergeyBiryukov, audrasjb.
See #30377.
git-svn-id: https://develop.svn.wordpress.org/trunk@52832 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adjusts the regex in `wp_check_filetype()` to support query strings in URLs.
Follow-up to [30640], [32172].
Props voldemortensen, johnbillion, layotte, dd32, atomicjack, supercleanse, spencercameron, ianmjones, audrasjb.
Fixes#30377.
git-svn-id: https://develop.svn.wordpress.org/trunk@52829 602fd350-edb4-49c9-b593-d223f7449a82
`file_get_contents()` is faster than `fread()`, because the PHP core can decide how to best read the remaining file; it could decide to issue just one `read()` call or `mmap()` the file first.
Per the PHP manual, `file_get_contents()` or `stream_get_contents()` is the preferred way to read the contents of a file into a string. It will use memory mapping techniques if supported by the OS to enhance performance.
Reference: [https://www.php.net/manual/en/function.file-get-contents.php PHP Manual: file_get_contents()].
Follow-up to [50810], [52696], [52698].
Props maxkellermann.
See #55069.
git-svn-id: https://develop.svn.wordpress.org/trunk@52701 602fd350-edb4-49c9-b593-d223f7449a82
`file_get_contents()` is faster than `fread()`, because the PHP core can decide how to best read the remaining file; it could decide to issue just one `read()` call or `mmap()` the file first.
Per the PHP manual, `file_get_contents()` or `stream_get_contents()` is the preferred way to read the contents of a file into a string. It will use memory mapping techniques if supported by the OS to enhance performance.
Reference: [https://www.php.net/manual/en/function.file-get-contents.php PHP Manual: file_get_contents()].
Follow-up to [12044], [49073], [52696].
Props maxkellermann.
See #55069.
git-svn-id: https://develop.svn.wordpress.org/trunk@52698 602fd350-edb4-49c9-b593-d223f7449a82
Twenty Twenty-Two requires WordPress 5.9 but currently can't be (re)activated in the 5.9 branch because `version_compare( '5.9-RC3-52627', '5.9', '>=' )` as used by `is_wp_version_compatible()` returns `false`. To appreciate the testing of upcoming versions any `-alpha`, `-RC`, `-beta` suffixes are now stripped off from the WordPress version before checking for compatibility.
Fixes#54882.
git-svn-id: https://develop.svn.wordpress.org/trunk@52628 602fd350-edb4-49c9-b593-d223f7449a82
This makes the strings easier to translate and provides more details about what exactly is deprecated: a PHP function, a file name, or a WordPress hook.
The changes apply to:
* `_deprecated_function()`
* `_deprecated_constructor()`
* `_deprecated_file()`
* `_deprecated_argument()`
* `_deprecated_hook()`
* `_doing_it_wrong()`
Follow-up to [6514], [7884], [12536], [12584], [16939], [16942], [16945], [24439], [24723], [32989], [37861], [39315].
Props mukesh27, audrasjb, SergeyBiryukov.
Fixes#54658.
git-svn-id: https://develop.svn.wordpress.org/trunk@52609 602fd350-edb4-49c9-b593-d223f7449a82
If after processing through `add_query_arg()` a `?#` remains, this commit removes the unnecessary and unused `?` character as there are no query args in the URL.
Includes tests.
Follow-up to [1823], [5193], [5999], [6005].
Props benjaminanakenam, sabernhardt, costdev, hellofromTonya.
Fixes#44499.
git-svn-id: https://develop.svn.wordpress.org/trunk@52187 602fd350-edb4-49c9-b593-d223f7449a82
Clarify messaging of when `wp_nonce_ays('log-out')` is called due to an invalid log out nonce. The HTML title now describes the action being taken rather than using the generic text "something went wrong".
Props davidkryzaniak, hellofromTonya, peterwilsoncc.
Fixes#52600.
git-svn-id: https://develop.svn.wordpress.org/trunk@52088 602fd350-edb4-49c9-b593-d223f7449a82
The code in `wp_list_filter()` was a duplicate of `wp_filter_object_list()`, minus the `WP_List_Util::pluck()` (used when `$field` is configured).
In testing the wrapper, discovered an edge case (and potential bug) in `WP_List_Util::filter()` where if the operator matches an empty array was returned without resetting the output property. Without that property being set correctly, `WP_List_Util::get_output()` was not correct. This commit also fixes this by resetting the property to an empty array.
Follow-up to [15686], [17427], [38928], [51044].
Props pbearne, sergeybiryukov, hellofromTonya.
Fixes#53988.
git-svn-id: https://develop.svn.wordpress.org/trunk@52066 602fd350-edb4-49c9-b593-d223f7449a82
Previously, when uploading a media item type that is not supported, the default error message claims that the reason it cannot upload is due to security reasons. This is not always true. Now the warning says that the type is not allowed, which is always true.
Props antpb, Presskopp, peterwilsoncc, desrosj, iluy, circlecube, mikeschroder.
Fixes#53626.
git-svn-id: https://develop.svn.wordpress.org/trunk@52032 602fd350-edb4-49c9-b593-d223f7449a82
>PHP natively allows for autovivification (auto-creation of arrays from falsey values). This feature is very useful and used in a lot of PHP projects, especially if the variable is undefined. However, there is a little oddity that allows creating an array from a `false` and `null` value.
The above quote is from the PHP 8.1 RFC and the (accepted) RFC changes the behaviour described above to deprecated auto creation of arrays from `false`. As it is deprecated, it _will_ still work for the time being, but as of PHP 9.0, this will become a Fatal Error, so we may as well fix it now.
The `recurse_dirsize()` function retrieves a transient and places it in the `$directory_cache` variable, but the `get_transient()` function in WP returns `false` when the transient doesn't exist, which subsequently can lead to the above mentioned deprecation notice.
By verifying that the `$directory_cache` variable is an array before assigning to it and initializing it to an empty array, if it's not, we prevent the deprecation notice, as well as harden the function against potentially corrupted transients where this transient would not return the expected array format, but some other variable type.
Includes adding dedicated unit tests for both the PHP 8.1 issue, as well as the hardening against corrupted transients.
Includes some girl-scouting: touching up a parameter description and some code layout.
Refs:
* https://wiki.php.net/rfc/autovivification_false
* https://developer.wordpress.org/reference/functions/get_transient/
Follow-up to [49212], [49744].
Props jrf, hellofromTonya.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51911 602fd350-edb4-49c9-b593-d223f7449a82
When the PHP native `dirname()` function is used on a Windows disk name - i.e. `C:\`-, it will return the same, i.e, it will return `C:\` again.
The `clean_dirsize_cache()` function didn't have guard clause against this, which meant that on Windows based systems and IIS servers, this function would result in WordPress getting stuck into an infinite loop.
The adjustment to the `while` part of the function fix this by checking if the return value of the `dirname()` function call is the same as the original path passed to `dirname()`, which effectively fixes the infinite loop.
A number of other improvements made:
1. Add input validation for the `$path` parameter to guard against invalid variable types being passed into the function.
2. Guard against an empty `$path` parameter, which would result in an infinite loop on both Windows as well as *nix based systems.
In both these cases, a PHP notice will now be thrown.
3. When a non-empty string, which isn't a path would previously be passed, the `dirname()` function would transform that to a `.` and the `.` key in the transient cache would be cleared out.
This was a bug as there is no relation between a non-path string and the root directory of file system.
This bug has been fixed by checking that something could actually be a path and handling received non-empty, non-path input parameters in a special way, i.e only removing the cache key for the passed string and bowing out from further processing.
Unfortunately, no tests can be added to guard against the infinite loop.
For the other fixes, we have added appropriate unit tests.
Follow-up up [49212], [49616], [49744].
Props jrf, hellofromTonya, raubvogel, sergeybiryukov, codezen8, sjlevy, drosmog, teachlynx, ekojr, bartoszgrzesik, joegasper, janthiel, josephdickson, ocean90, audrasjb.
Fixes#52241.
git-svn-id: https://develop.svn.wordpress.org/trunk@51910 602fd350-edb4-49c9-b593-d223f7449a82
* Document the post statuses global as an array of `stdClass` objects
* Document the taxonomies global as an array of `WP_Taxonomy` objects
* Document the return value of the post count functions as `stdClass` objects
* Fix some typos
See #53399
git-svn-id: https://develop.svn.wordpress.org/trunk@51885 602fd350-edb4-49c9-b593-d223f7449a82
The `wp_privacy_anonymize_ip()` function expects a string for the `$ip_addr` parameter, but did not do any input validation.
One of the pre-existing test cases, passed `null` to the function, leading to a `substr_count(): Passing null to parameter #1 ($haystack) of type string is deprecated` notice on PHP 8.1.
Fixed now by doing a cursory check on the variable at the start of the function and bowing out early for a number of cases (`null`, `false`, `0`, `''`) which would all result in the same `0.0.0.0` output anyway.
Follow-up [42971].
Props jrf, hellofromTonya.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51793 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a `preg_match_all(): Passing null to parameter #2 ($subject) of type string is deprecated` notice on PHP 8.1.
The behavior for `null` and `string` input is covered by the existing `Tests_Functions::test_validate_file()` test.
Effect: Errors down by 238, assertions up by 1920, failures down by 1.
Props jrf, hellofromTonya, SergeyBiryukov.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51625 602fd350-edb4-49c9-b593-d223f7449a82
We integrated variations with block types and the corresponding REST API endpoint in #52688. It's a follow-up patch to add missing support to the `block.json` metadata file when using `register_block_type`.
Some fields for variations are translatable.Therefore, i18n schema was copied over from Gutenberg: https://github.com/WordPress/gutenberg/blob/trunk/packages/blocks/src/api/i18n-block.json. The accompanying implementation was adapted as `translate_settings_using_i18n_schema`.
Props: gwwar, swissspidy, schlessera, jorgefilipecosta.
Fixes#53238.
git-svn-id: https://develop.svn.wordpress.org/trunk@51599 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a "Calling `current_time()` with a `$type` of `timestamp` or `U` is strongly discouraged as it will not return a Unix (UTC) timestamp" warning.
Props jrf.
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51557 602fd350-edb4-49c9-b593-d223f7449a82
r51211 accidentally introduced a fatal error for Multisite instances with `ms_files_rewriting` enabled. Reverting removes the error, and the original purpose of the commit can be solved in another way.
Props otto42, barry, ryelle, azaozz.
Fixes#53492. See #53475.
git-svn-id: https://develop.svn.wordpress.org/trunk@51223 602fd350-edb4-49c9-b593-d223f7449a82
This allows for using headers in the format of `<?php // Template Name: Something ?>`, which previously could not be recognized correctly.
Props dd32, m_uysl, thomas-vitale, boblinthorst.
Fixes#33387.
git-svn-id: https://develop.svn.wordpress.org/trunk@51182 602fd350-edb4-49c9-b593-d223f7449a82
This should make the purpose and behavior of these functions more obvious without reading the code.
Props ribaricplusplus.
Fixes#52808.
git-svn-id: https://develop.svn.wordpress.org/trunk@51044 602fd350-edb4-49c9-b593-d223f7449a82
This avoids "A non-numeric value encountered" warning when `mbstring.func_overload` is set to something other than a numeric string, e.g. an empty string instead of the default `'0'` value.
Props djbu.
Fixes#53282.
git-svn-id: https://develop.svn.wordpress.org/trunk@51032 602fd350-edb4-49c9-b593-d223f7449a82
* Update the function DocBlock per the documentation standards.
* Move the unit tests to a more appropriate place.
* Rename and reorder the tests for consistency with `_wp_array_get()` tests.
Follow-up to [50958], [50962], [50964].
See #53175, #52625.
git-svn-id: https://develop.svn.wordpress.org/trunk@50965 602fd350-edb4-49c9-b593-d223f7449a82
This adds the _wp_array_set function, which is the counterpart of the existing _wp_array_get.
This utility is to be used by the Global Settings work.
Props nosolosw, jorgefilipecosta.
See #53175.
git-svn-id: https://develop.svn.wordpress.org/trunk@50958 602fd350-edb4-49c9-b593-d223f7449a82
As a result of the recent changes, both functions were calling each other if the `exif` PHP extension is not available.
The issue is now resolved by calling the `getimagesize()` PHP function directly, instead of the `wp_getimagesize()` wrapper.
Follow-up to [50146], [50810], [50814], [50815], [50818-50821].
See #35725.
git-svn-id: https://develop.svn.wordpress.org/trunk@50822 602fd350-edb4-49c9-b593-d223f7449a82
* Document that WebP constants are only defined in PHP 7.1+.
* Correct the `$filename` parameter type in `wp_get_webp_info()`.
* Use a consistent message when skipping tests due to the lack of WebP support.
* Remove unnecessary `else` branches after `markTestSkipped()`.
* Replace `assertEquals()` with more appropriate assertions.
Follow-up to [50810].
See #35725.
git-svn-id: https://develop.svn.wordpress.org/trunk@50814 602fd350-edb4-49c9-b593-d223f7449a82
Add support for uploading, editing and saving WebP images when supported by the server.
Add 'image/webp' to supported mime types. Correctly identify WebP images and sizes even when PHP doesn't support WebP. Resize uploaded WebP files (when supported) and use for front end markup.
Props markoheijne, blobfolio, Clorith, joemcgill, atjn, desrosj, spacedmonkey, marylauc, mikeschroder, hellofromtonya, flixos90.
Fixes#35725.
git-svn-id: https://develop.svn.wordpress.org/trunk@50810 602fd350-edb4-49c9-b593-d223f7449a82
This provides greater discoverability of such hooks in search results on the Code Reference site as well as increased clarity when reading the source.
See #50734, #52628
git-svn-id: https://develop.svn.wordpress.org/trunk@50505 602fd350-edb4-49c9-b593-d223f7449a82
Move `wp_get_script_tag()`, `wp_print_script_tag()`, `wp_print_inline_script_tag()` and `wp_get_inline_script_tag()` functions from `functions.php` to `script-loader.php`.
Relocate related tests to `dependencies` sub-directory.
Follow up to [50167].
Props adamsilverstein, hellofromTonya, SergeyBiryukov.
Fixes#39941.
git-svn-id: https://develop.svn.wordpress.org/trunk@50409 602fd350-edb4-49c9-b593-d223f7449a82
Add new functions `wp_get_script_tag`, `wp_print_script_tag`, `wp_print_inline_script_tag` and `wp_get_inline_script_tag` that support script attributes. Enables passing attributes such as `async` or `nonce`, creating a path forward for enabling a Content-Security-Policy in core, plugins and themes.
Props tomdxw, johnbillion, jadeddragoon, jrchamp, mallorydxw, epicfaace, alinod, enricocarraro, ocean90.
Fixes#39941.
git-svn-id: https://develop.svn.wordpress.org/trunk@50167 602fd350-edb4-49c9-b593-d223f7449a82
Previously, all logic utilizing `getimagesize()` was supressing errors making it difficult to debug usage of the function.
A new `wp_getimagesize()` function has been added to allow the errors to no longer be suppressed when `WP_DEBUG` is enabled.
Props Howdy_McGee, SergeyBiryukov, mukesh27, davidbaumwald, noisysocks, hellofromTonya.
Fixes#49889.
git-svn-id: https://develop.svn.wordpress.org/trunk@50146 602fd350-edb4-49c9-b593-d223f7449a82
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes#51437.
git-svn-id: https://develop.svn.wordpress.org/trunk@50131 602fd350-edb4-49c9-b593-d223f7449a82
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.
The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.
Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes#34281.
git-svn-id: https://develop.svn.wordpress.org/trunk@50129 602fd350-edb4-49c9-b593-d223f7449a82
By moving from `.html` to `.php` files, we can prevent directory listings, and ensure that WordPress can load.
Fixes#52299.
Props lucasbustamante, xkon, freewebmentor, SergeyBiryukov, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@50037 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
git-svn-id: https://develop.svn.wordpress.org/trunk@49992 602fd350-edb4-49c9-b593-d223f7449a82
The function simply converts a comma- or space-separated list of scalar values to an array and does not perform any sanitization on its own.
Follow-up to [44546].
Props johnjamesjacoby.
See #51800.
git-svn-id: https://develop.svn.wordpress.org/trunk@49941 602fd350-edb4-49c9-b593-d223f7449a82
