This expands the code block previously added for `.docx` files to include `.xlsx` files as well, which are known to have the same issue with `finfo_file()`.
Includes a unit test case for `wp_check_filetype_and_ext()`.
Reference: [https://bugs.php.net/bug.php?id=77784 PHP Bug #77784: mime_content_type() result gets doubled for .xlsx].
Follow-up to [56497].
See #57898.
git-svn-id: https://develop.svn.wordpress.org/trunk@56510 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds an exception to prevent permission issues on `.docx` generated by Google Docs. This is a temporary fix for an upstream bug on the `finfo_file()`
PHP function which returns a redundant MIME type for these documents.
Props winterstreet, jakariaistauk, mujuonly, mi5t4n, annashopina, audrasjb, azaozz, mikeschroder, oglekler.
Fixes#57898.
git-svn-id: https://develop.svn.wordpress.org/trunk@56497 602fd350-edb4-49c9-b593-d223f7449a82
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.
This replaces the two remaining instances of `esc_url_raw()` with `sanitize_url()` in WordPress core.
Follow-up to [53455], [53933], [54522].
Props rajinsharwar, SergeyBiryukov.
Fixes#59247.
git-svn-id: https://develop.svn.wordpress.org/trunk@56494 602fd350-edb4-49c9-b593-d223f7449a82
Includes a few other formatting adjustments for consistency.
Follow-up to [48327], [56467], [56471].
See #58833.
git-svn-id: https://develop.svn.wordpress.org/trunk@56474 602fd350-edb4-49c9-b593-d223f7449a82
Similar to other function in the `_deprecated_*` series, `_deprecated_class()` comes with two new hooks: `deprecated_class_run` and `deprecated_class_trigger_error`.
Support has also been added for setting class deprecation expectations in tests.
Props jrf, wvega, ohryan.
See #41125.
git-svn-id: https://develop.svn.wordpress.org/trunk@56467 602fd350-edb4-49c9-b593-d223f7449a82
This changeset modifies how the `dashicons-external` icon is used in external links by editing its styles and adding a space between the text and the icon
for better accessibility.
Props SergeyBiryukov, afercia, isabel_brison, mukesh27, sabernhardt, oglekler, audrasjb.
Fixes#47303.
git-svn-id: https://develop.svn.wordpress.org/trunk@56211 602fd350-edb4-49c9-b593-d223f7449a82
It's expected that this query variable contains a string when it's set, but it's possible for its type to be something else such as an array. Ignoring non-string values prevents cascading errors when its value is passed through functions that expect a string.
Props xknown, costdev, jrf, azaozz
Fixes#57670
git-svn-id: https://develop.svn.wordpress.org/trunk@56115 602fd350-edb4-49c9-b593-d223f7449a82
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [55988], [56021].
See #58206.
git-svn-id: https://develop.svn.wordpress.org/trunk@56031 602fd350-edb4-49c9-b593-d223f7449a82
`str_starts_with()` and `str_ends_with()` were introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins or ends with the given substring (needle).
WordPress core includes a polyfill for these functions on PHP < 8.0 as of WordPress 5.9.
This commit uses `str_starts_with()` and `str_ends_with()` in core files where appropriate:
* `$needle === substr( $string, 0, $length )`, where `$length` is the length of `$needle`, is replaced with `str_starts_with( $haystack, $needle )`.
* `$needle === substr( $string, $offset )`, where `$offset` is negative and the absolute value of `$offset` is the length of `$needle`, is replaced with `str_ends_with( $haystack, $needle )`.
This aims to make the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987], [55988].
Props Soean, spacedmonkey, Clorith, ocean90, azaozz, sabernhardt, SergeyBiryukov.
Fixes#58220.
git-svn-id: https://develop.svn.wordpress.org/trunk@55990 602fd350-edb4-49c9-b593-d223f7449a82
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
git-svn-id: https://develop.svn.wordpress.org/trunk@55988 602fd350-edb4-49c9-b593-d223f7449a82
The intention behind this change is to prevent sensitive data in responses for logged in users being cached and available to others, for example via the browser history after the user logs out.
The `no-store` directive instructs caches in the browser or within proxies not to store the response in the cache. This is subtly different from the `no-cache` directive which means the response can be cached but must be revalidated before re-use. WordPress does not use ETag headers by default therefore this does not achieve the same result.
The `private` directive complements the `no-store` directive by specifying that the response contains private information that should not be stored in a public cache. Som
e proxy caches may ignore the `no-store` directive but respect the `private` directive, thus it is included.
The existing `Cache-Control` header for users who are not logged in remains unchanged, and the existing cache prevention directives remain in place for backwards compatib
ility.
Props soulseekah, luehrsen, Dharm1025, markdoliner, rutviksavsani, ayeshrajans, paulkevan, clorith, andy786, johnbillion
Fixes#21938, Fixes#57627
git-svn-id: https://develop.svn.wordpress.org/trunk@55968 602fd350-edb4-49c9-b593-d223f7449a82
Previously when the `mimes` element was not specified in the overrides array passed to `_wp_handle_upload()` it resulted in boolean false being passed to this parameter, which is incorrect. The fallback value should be `null`.
Props platonkristinin, pkbhatt
Fixes#58349
git-svn-id: https://develop.svn.wordpress.org/trunk@55872 602fd350-edb4-49c9-b593-d223f7449a82
Since cron events often consume extra memory by nature, it makes sense to give them the full amount available by default. In practice this means the memory will be increased to `WP_MAX_MEMORY_LIMIT` (which is 256MB by default) during cron event processing if the default memory limit is lower than this value.
The new `cron_memory_limit` filter can be used to adjust this value if necessary.
Note that this change will not by default affect external means of processing cron events, such as the `wp cron` command in WP-CLI, server-level crontab events, or any other cron event processing mechanism that bypasses `wp-cron.php`.
Props iandunn, thakkarhardik
Fixes#56628
git-svn-id: https://develop.svn.wordpress.org/trunk@55871 602fd350-edb4-49c9-b593-d223f7449a82
When using a block theme, `_wp_array_get()` is the most called function on the front end of a site.
This commit makes a few minor performance optimizations, which add up to a noticeable improvement.
Follow-up to [49135], [49143], [49580].
Props aristath, jrf, afercia, costdev, swissspidy, flixos90, spacedmonkey, mukesh27, samiamnot, SergeyBiryukov.
Fixes#58376.
git-svn-id: https://develop.svn.wordpress.org/trunk@55851 602fd350-edb4-49c9-b593-d223f7449a82
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
git-svn-id: https://develop.svn.wordpress.org/trunk@55703 602fd350-edb4-49c9-b593-d223f7449a82
Add a helper function called `wp_cache_set_last_changed` to set the last changed value for cache groups. This function has a new action called `wp_cache_set_last_changed`, allowing for developers to cache invalidate when last changed value is changed.
Props tillkruess, spacedmonkey, peterwilsoncc, mukesh27, johnjamesjacoby.
Fixes#57905.
git-svn-id: https://develop.svn.wordpress.org/trunk@55702 602fd350-edb4-49c9-b593-d223f7449a82
Per [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#writing-include-require-statements WordPress PHP coding standards], it is ''strongly recommended'' to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found.
Follow-up to [1674], [1812], [1964], [6779], [8540], [10521], [11005], [11911], [16065], [16149], [25421], [25466], [25823], [37714], [42981], [45448], [47198], [54276], [55633].
Props kausaralm, SergeyBiryukov.
See #57839.
git-svn-id: https://develop.svn.wordpress.org/trunk@55641 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduced a regression for partial-hour timezones such as +05:30 UTC which is India and Sri Lanka. How? These timezones are in float. The change made in [55054] type casted them to integer which dropped the decimal for the partial-hour, making the time inaccurate. For example, +05:30 UTC (India and Sri Lanka)'s `'gmt_offset'` is `5.5`, but with the changeset, it was changed to `5`.
Reverting the changeset restores the original state of `current_time()` and thus resolves the regression.
Props reputeinfosystems, Rarst, hellofromTonya, desrosj, audrasjb, sergeybiryukov, costdev, priethor, francina, nekojonez, codingchicken, cbringmann.
See #57035.
Fixes#57998.
git-svn-id: https://develop.svn.wordpress.org/trunk@55598 602fd350-edb4-49c9-b593-d223f7449a82
The parameter represents the cache group, not the cache key.
Follow-up to [19918].
Props johnjamesjacoby, spacedmonkey.
Fixes#40420.
git-svn-id: https://develop.svn.wordpress.org/trunk@55566 602fd350-edb4-49c9-b593-d223f7449a82
Includes:
* Capitalizing "ID" in a consistent way.
* Expanding the comment on not using `filter_var()`.
* Adding a `@covers` tag for the function in unit tests.
* Minor tweak to the `_doing_it_wrong()` message.
Follow-up to [53818], [55543].
See #57593.
git-svn-id: https://develop.svn.wordpress.org/trunk@55549 602fd350-edb4-49c9-b593-d223f7449a82
Sanitize the array of ids passed to the `_get_non_cached_ids` function and add a `_doing_it_wrong` call, if an invalid type is passed.
Props tillkruess, spacedmonkey, peterwilsoncc, flixos90, SergeyBiryukov.
Fixes#57593.
git-svn-id: https://develop.svn.wordpress.org/trunk@55543 602fd350-edb4-49c9-b593-d223f7449a82
The `wp_get_referer()` and `wp_get_original_referer()` functions both depend on `wp_validate_redirect()` and check whether it is defined by the time they run, but do so in a slightly different way.
This commit ensures both functions return early if they are called before `wp_validate_redirect()` is defined.
Follow-up to [3908], [25399], [25400].
See #57839.
git-svn-id: https://develop.svn.wordpress.org/trunk@55540 602fd350-edb4-49c9-b593-d223f7449a82
Save a call to wp_timezone in mysql2date by saving the timezone to a variable and pass it into wp_date function call.
Props spacedmonkey, costdev, SergeyBiryukov, audrasjb.
Fixes#57705.
git-svn-id: https://develop.svn.wordpress.org/trunk@55514 602fd350-edb4-49c9-b593-d223f7449a82
Save a call to `wp_timezone` in `mysql2date` by saving the timezone to a variable and pass it into `wp_date` function call.
Props spacedmonkey, costdev, SergeyBiryukov, audrasjb.
Fixes#57705.
git-svn-id: https://develop.svn.wordpress.org/trunk@55343 602fd350-edb4-49c9-b593-d223f7449a82
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.
Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes#29748.
git-svn-id: https://develop.svn.wordpress.org/trunk@55276 602fd350-edb4-49c9-b593-d223f7449a82
This changeset improves the consistency in capitalization of fetching and outputting of request headers. It also updates occurrences found in some docblocks.
Props johnjamesjacoby, costdev, audrasjb, petitphp, mhkuu, SergeyBiryukov.
Fixes#54225.
git-svn-id: https://develop.svn.wordpress.org/trunk@55210 602fd350-edb4-49c9-b593-d223f7449a82
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$array` parameter to `$input_array` in `wp_recursive_ksort()`.
* Moves the function next to other array-related functions for consistency.
Follow-up to [53129], [54929].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
git-svn-id: https://develop.svn.wordpress.org/trunk@55117 602fd350-edb4-49c9-b593-d223f7449a82
This changeset moves typecasting to affect the `get_option` value, which ensures that when math is done it does not generate any error. In PHP 7.4 and earlier the previous implementation was dismissed as a warning, but in PHP 8+ it would have throw a fatal error.
Follow-up to [45856].
Props Nick_theGeek, SergeyBiryukov, johnbillion.
Fixes#57035.
git-svn-id: https://develop.svn.wordpress.org/trunk@55054 602fd350-edb4-49c9-b593-d223f7449a82
This is a major release and contains breaking changes.
Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.
Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0
For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0
This commit also resolves 2 blocking issues which previously caused the revert of [52244]:
* New Requests files are loaded into `wp-includes/Requests/src/`, matching the location of the library. In doing so, filesystems that are case-insensitive are not impacted (see #54582).
* Preload: During a Core update, the old Requests files are preloaded into memory before the update deletes the files. Preloading avoids fatal errors noted in #54562.
Follow-up to [50842], [51078], [52244], [52315], [52327], [52328].
Props jrf, schlessera, datagutten, wojsmol, dustinrue, soulseekah, szepeviktor. costdev, sergeybiryukov, peterwilsoncc, ironprogrammer, antonvlasenko, hellofromTonya, swissspidy, dd32, azaozz, TobiasBg, audrasjb.
Fixes#54504.
See #54582, #54562.
git-svn-id: https://develop.svn.wordpress.org/trunk@54997 602fd350-edb4-49c9-b593-d223f7449a82
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$echo` parameter to `$display` in:
* `wp_nonce_field()`
* `wp_referer_field()`
* `wp_original_referer_field()`
* Renames the `$string` parameter to `$input_string` in
* `_wp_json_convert_string()`
* `_wp_to_kebab_case()`
* Renames the `$list` parameter to `$input_list` in:
* `wp_parse_list()`
* `wp_parse_id_list()`
* `wp_parse_slug_list()`
* `wp_filter_object_list()`
* `wp_list_filter()`
* `wp_list_pluck()`
* `wp_list_sort()`
* Renames the `$array` parameter to `$input_array` in:
* `add_magic_quotes()`
* `wp_array_slice_assoc()`
* `_wp_array_get()`
* `_wp_array_set()`
* Renames the `$function` parameter to `$function_name` in:
* `_deprecated_function()`
* `_deprecated_argument()`
* `_doing_it_wrong()`
* Renames the `$class` parameter to `$class_name` in `_deprecated_constructor()`.
* Renames the `$default` parameter to `$default_value` in `apache_mod_loaded()`.
* Renames the `$var` parameter to `$value` in `wp_validate_boolean()`.
* Amends the `$input` parameter in `wp_parse_str()` for consistency.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
git-svn-id: https://develop.svn.wordpress.org/trunk@54929 602fd350-edb4-49c9-b593-d223f7449a82
In [53874] the optional `$locale` parameter was added to `load_textdomain()`. While most `load_textdomain()` calls in core were were updated, some were missed. Passing the original locale avoids the need to call `determine_locale()` by `load_textdomain()` which is used as a fallback.
Props ocean90, swissspidy, desrosj.
See #57060.
git-svn-id: https://develop.svn.wordpress.org/trunk@54797 602fd350-edb4-49c9-b593-d223f7449a82
This fixes `Equals sign not aligned with surrounding statements` WPCS warnings, so that the output of `composer format` is clean.
Follow-up to [54445], [54476], [54494], [54522], [54652], [54687].
See #56791.
git-svn-id: https://develop.svn.wordpress.org/trunk@54754 602fd350-edb4-49c9-b593-d223f7449a82
Based on feedback from network storage configurations there was a noticed slowdown due to the usage of the `path_join()` function. This needs more time to find a workaround.
Follow-up to [53934].
Props mreishus, SergeyBiryukov, desrosj, mikeschroder.
Reverts [53934].
See #56924.
git-svn-id: https://develop.svn.wordpress.org/trunk@54712 602fd350-edb4-49c9-b593-d223f7449a82
