In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.
This commit extracts the Basic Auth check into a reusable function, `wp_is_site_protected_by_basic_auth()`, which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.
In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a `WWW-Authenticate` header to make this detection more robust out of the box.
Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.
Fixes#52066.
git-svn-id: https://develop.svn.wordpress.org/trunk@50006 602fd350-edb4-49c9-b593-d223f7449a82
Previously, we only supported `application/json` which prevented using subtypes like `application/activity+json`. This allows for the REST API to `json_decode` the body of requests using a JSON subtype `Content-Type`. Additionally, `wp_die()` now properly sends the error as JSON when a JSON subtype is specified in the `Accept` header.
Props pfefferle.
Fixes#49404.
git-svn-id: https://develop.svn.wordpress.org/trunk@49329 602fd350-edb4-49c9-b593-d223f7449a82
When the `mysql` extention isn't loaded and a custom db dropin is not in place, we give folks a nice error. However, we can't assume that the `WP_CONTENT_DIR` constant is set yet since this runs before we define default constants.
This fixes a PHP 8 error.
Props jorbin.
Merges [49161] to trunk.
See #50913.
git-svn-id: https://develop.svn.wordpress.org/trunk@49163 602fd350-edb4-49c9-b593-d223f7449a82
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
git-svn-id: https://develop.svn.wordpress.org/trunk@49109 602fd350-edb4-49c9-b593-d223f7449a82
These actions allow debugging tools to track `WP_Error` instances as they're created and subsequently passed between functions which check for error objects.
Props Shelob9, Mte90, TimothyBlynJacobs, johnbillion
Fixes#40568
git-svn-id: https://develop.svn.wordpress.org/trunk@49022 602fd350-edb4-49c9-b593-d223f7449a82
The intention of `wp_get_environment_type()` is to provide a consistent means of identifying the environment type, not of identifying a specific environment.
Actual environments should fit within one of the existing types: `local`, `development`, `staging`, or `production`. That should cover the types that plugins and themes might be concerned about when toggling functionality.
Props johnbillion, joostdevalk, TimothyBlynJacobs, jeremyfelt, batmoo, claytoncollie, Clorith, markjaquith, garrett-eclipse, GaryJ, elrae.
Fixes#50992.
git-svn-id: https://develop.svn.wordpress.org/trunk@48894 602fd350-edb4-49c9-b593-d223f7449a82
This gives developers a better control over their existing development workflow and ensures that `local` is not the exact same as `development` if it does not need to be.
Props claytoncollie, johnbillion, jeremyfelt, kreppar, dushakov, TimothyBlynJacobs, Ipstenu, khag7, knutsp, Clorith, markjaquith, joostdevalk, SergeyBiryukov.
Fixes#51064.
git-svn-id: https://develop.svn.wordpress.org/trunk@48856 602fd350-edb4-49c9-b593-d223f7449a82
Since `wp_get_environment_type()` runs too early for plugins to hook these filters, and the result is then cached in a static variable and cannot be changed later, the filters are not that useful.
The `WP_ENVIRONMENT_TYPES` and `WP_ENVIRONMENT_TYPE` constants and environment variables should be enough for now.
Follow-up to [47919], [48188], [48372].
Props Clorith, SergeyBiryukov.
Fixes#33161.
git-svn-id: https://develop.svn.wordpress.org/trunk@48662 602fd350-edb4-49c9-b593-d223f7449a82
This was intended as a temporary fix until `add_magic_quotes()` is modified to leave non-string values untouched, which has now been done.
Follow-up to [47370], [48205].
See #48605.
git-svn-id: https://develop.svn.wordpress.org/trunk@48206 602fd350-edb4-49c9-b593-d223f7449a82
* Rename the `wp_approved_environment_types` filter to `wp_environment_types`.
* Introduce `WP_ENVIRONMENT_TYPES` system variable and constant to complement the filter.
* Correct the argument type for the `wp_environment_types` filter.
* Cache the result in a static variable to ensure consistent return value.
* Rename the `stage` type to `staging`.
Follow-up to [47919].
Props dlh, dd32, TimothyBlynJacobs, johnbillion, pbiron.
See #33161.
git-svn-id: https://develop.svn.wordpress.org/trunk@48188 602fd350-edb4-49c9-b593-d223f7449a82
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
git-svn-id: https://develop.svn.wordpress.org/trunk@48115 602fd350-edb4-49c9-b593-d223f7449a82
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.
Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.
Props alishanvr, jrf.
Fixes#50426.
git-svn-id: https://develop.svn.wordpress.org/trunk@48109 602fd350-edb4-49c9-b593-d223f7449a82
For a number of years, most of the WordPress error messages have been prefixed with "Error:". However, these messages appear in a context where it's already clear an error occurred. Whether it's an error, a warning, or any other classification, that's not so relevant for users. The content of the message is the relevant part. The "Error:" prefix doesn't add great value while it does add unnecessary complexity for the message readability.
Also, revises some of these messages to improve clarity and removes HTML from translatable strings.
Props garrett-eclipse, ramiy, SergeyBiryukov, afercia, sabernhardt, quadthemes, audrasjb.
See #47003, #43037, #42945, #15887.
Fixes#47656.
git-svn-id: https://develop.svn.wordpress.org/trunk@48059 602fd350-edb4-49c9-b593-d223f7449a82
Many caching backend have support for multiple gets in a single request. This brings that support to core, with a compatability fallback that will loop over requests if needed.
Fixes: #20875.
Props: nacin, tollmanz, wonderboymusic, ryan, jeremyfelt, spacedmonkey, boonebgorges, dd32, rmccue, ocean90, jipmoors, johnjamesjacoby, tillkruess, donmhico, davidbaumwald, SergeyBiryukov, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@47938 602fd350-edb4-49c9-b593-d223f7449a82
The type can be set via the `WP_ENVIRONMENT_TYPE` global system variable, a constant of the same name, or the `wp_get_environment_type` filter.
Possible values include `development`, `stage`, `production'. If not set, the type defaults to `production`.
Props Clorith, krogsgard, joostdevalk, frank-klein, Maelacuna, nathanrice, grierson, jchristopher, davidvee, jackfungi, johnbillion, tabrisrp, knutsp, ev3rywh3re, Rastaban, danielbachhuber, pfefferle, audrasjb, SergeyBiryukov.
Fixes#33161.
git-svn-id: https://develop.svn.wordpress.org/trunk@47919 602fd350-edb4-49c9-b593-d223f7449a82
While the former name might be a bit more accurate, the latter matches the existing naming pattern.
Follow-up to [47623].
Fixes#49959.
git-svn-id: https://develop.svn.wordpress.org/trunk@47871 602fd350-edb4-49c9-b593-d223f7449a82
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.
Includes minor code layout fixes for better readability.
See #49542.
git-svn-id: https://develop.svn.wordpress.org/trunk@47808 602fd350-edb4-49c9-b593-d223f7449a82
The `register_globals` directive in PHP was deprecated in version 5.3 and removed entirely in 5.4.
Now that WordPress only supports PHP 5.6.20 and newer, the `wp_unregister_GLOBALS()` function can be deprecated.
Props ayeshrajans, desrosj, SergeyBiryukov.
Fixes#49938.
git-svn-id: https://develop.svn.wordpress.org/trunk@47612 602fd350-edb4-49c9-b593-d223f7449a82
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.
Includes minor code layout fixes for better readability.
See #49542.
git-svn-id: https://develop.svn.wordpress.org/trunk@47550 602fd350-edb4-49c9-b593-d223f7449a82
Among other things, this preserves compatibility of WP with PHPUnit Code Coverage generation.
Props jrf, Veraxus, Rarst.
See #48605.
git-svn-id: https://develop.svn.wordpress.org/trunk@47370 602fd350-edb4-49c9-b593-d223f7449a82
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
git-svn-id: https://develop.svn.wordpress.org/trunk@47198 602fd350-edb4-49c9-b593-d223f7449a82
Using all caps should be avoided for better readability and because screen readers may pronounce all-caps words as abbreviations.
Props afercia, ryokuhi, sabernhardt, garrett-eclipse.
See #47656, #43037, #42945.
git-svn-id: https://develop.svn.wordpress.org/trunk@47156 602fd350-edb4-49c9-b593-d223f7449a82
Previously, `wp_favicon_request()` was introduced in [13205] to avoid a performance hit of serving a full 404 page on every favicon request.
While working as intended, that implementation did not provide a way for theme or plugin authors to manage the behavior of favicon requests.
This changeset implements the following logic (only applied if WordPress is installed in the root directory):
* If there is a Site Icon set in Customizer, redirect `/favicon.ico` requests to that icon.
* Otherwise, use the WordPress logo as a default icon.
* If a physical `/favicon.ico` file exists, do nothing, let the server handle the request.
Handling `/favicon.ico` is now more consistent with handling `/robots.txt` requests.
New functions and hooks:
* Introduce `is_favicon()` conditional tag to complement `is_robots()`.
* Introduce `do_favicon` action to complement `do_robots` and use it in template loader.
* Introduce `do_favicon()` function, hooked to the above action by default, to complement `do_robots()`.
* Introduce `do_faviconico` action to complement `do_robotstxt`, for plugins to override the default behavior.
* Mark `wp_favicon_request()` as deprecated in favor of `do_favicon()`.
Props jonoaldersonwp, birgire, joostdevalk, mukesh27, SergeyBiryukov.
Fixes#47398.
git-svn-id: https://develop.svn.wordpress.org/trunk@47018 602fd350-edb4-49c9-b593-d223f7449a82
This allows us to use PHP 5.6+ syntax in more files, and display a proper error message on older PHP versions, instead of causing a parse error.
Fixes#48059.
git-svn-id: https://develop.svn.wordpress.org/trunk@46183 602fd350-edb4-49c9-b593-d223f7449a82
The path to magic quote sanity took a fun and exciting turn: PHP core removed it and WordPress updated the minimum version.
For the formally external pclzip, the code is commented out to make investigating easier and in case we ever need to merge upstream (if that still exists) changes.
Props ayeshrajans, jrf, jorbin.
See #47783.
Fixes#18322.
git-svn-id: https://develop.svn.wordpress.org/trunk@46105 602fd350-edb4-49c9-b593-d223f7449a82
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
git-svn-id: https://develop.svn.wordpress.org/trunk@45926 602fd350-edb4-49c9-b593-d223f7449a82
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.
See #46732.
git-svn-id: https://develop.svn.wordpress.org/trunk@45611 602fd350-edb4-49c9-b593-d223f7449a82
