This updates two fragments for sending a `304 Not Modified` header to better align with each other by using consistent variable names and formatting.
Follow-up to [1036], [1037], [1043], [2534], [2584], [2627], [12603], [12936], [56362].
See #58831.
git-svn-id: https://develop.svn.wordpress.org/trunk@56395 602fd350-edb4-49c9-b593-d223f7449a82
Includes minor code layout fixes for better readability.
Follow-up to [1043], [2534], [2584], [2627], [2958], [3252], [3564], [21818], [37356].
Props aristath, poena, afercia, SergeyBiryukov.
See #58831.
git-svn-id: https://develop.svn.wordpress.org/trunk@56362 602fd350-edb4-49c9-b593-d223f7449a82
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
git-svn-id: https://develop.svn.wordpress.org/trunk@55988 602fd350-edb4-49c9-b593-d223f7449a82
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
git-svn-id: https://develop.svn.wordpress.org/trunk@55703 602fd350-edb4-49c9-b593-d223f7449a82
The logic for sending the `X-Pingback` header for single posts that allow pings was recently moved from `WP::handle_404()` to a more appropriate place in `WP::send_headers()`.
To check whether pings are open for a particular post, that logic relies on the `$wp_query` global, which is declared in `WP::handle_404()`, but not in `WP::send_headers()`
This commit ensures that `$wp_query` is globalized in `WP::send_headers()` too, so that the check works as expected.
Follow-up to [54250].
Props strategio, sabernhardt, dlh, davidbaumwald, SergeyBiryukov.
Fixes#56840.
git-svn-id: https://develop.svn.wordpress.org/trunk@54636 602fd350-edb4-49c9-b593-d223f7449a82
By running `WP::send_headers()` after posts have been queried, we can ensure that conditional tags like `is_front_page()`, `is_home()`, etc. work as expected.
This provides better context and more flexibility when adjusting HTTP headers via the `wp_headers` filter or `send_headers` action.
Previously, the earliest action where conditional tags worked correctly was `wp`.
Includes moving the `X-Pingback` header, previously sent in `WP::handle_404()` after posts have been queried, to a more appropriate place in `WP::send_headers()`.
Follow-up to [2627], [34442].
Props jonoaldersonwp, joostdevalk, peterwilsoncc, adamsilverstein, SergeyBiryukov.
Fixes#56068.
git-svn-id: https://develop.svn.wordpress.org/trunk@54250 602fd350-edb4-49c9-b593-d223f7449a82
Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0.
There are a number of ways to mitigate this:
* If it is an accidental typo for a declared property: fix the typo.
* For known properties: declare them on the class.
* For unknown properties: add the magic `__get()`, `__set()`, et al. methods to the class or let the class extend `stdClass` which has highly optimized versions of these magic methods built in.
* For unknown ''use'' of dynamic properties, the `#[AllowDynamicProperties]` attribute can be added to the class. The attribute will automatically be inherited by child classes.
Trac ticket #56034 is open to investigate and handle the third and fourth type of situations, however it has become clear this will need more time and will not be ready in time for WP 6.1.
To reduce “noise” in the meantime, both in the error logs of WP users moving onto PHP 8.2, in the test run logs of WP itself, in test runs of plugins and themes, as well as to prevent duplicate tickets from being opened for the same issue, this commit adds the `#[AllowDynamicProperties]` attribute to all “parent” classes in WP.
The logic used for this commit is as follows:
* If a class already has the attribute: no action needed.
* If a class does not `extend`: add the attribute.
* If a class does `extend`:
- If it extends `stdClass`: no action needed (as `stdClass` supports dynamic properties).
- If it extends a PHP native class: add the attribute.
- If it extends a class from one of WP's external dependencies: add the attribute.
* In all other cases: no action — the attribute should not be needed as child classes inherit from the parent.
Whether or not a class contains magic methods has not been taken into account, as a review of the currently existing magic methods has shown that those are generally not sturdy enough and often even set dynamic properties (which they should not). See the [https://www.youtube.com/watch?v=vDZWepDQQVE live stream from August 16, 2022] for more details.
This commit only affects classes in the `src` directory of WordPress core.
* Tests should not get this attribute, but should be fixed to not use dynamic properties instead. Patches for this are already being committed under ticket #56033.
* While a number bundled themes (2014, 2019, 2020, 2021) contain classes, they are not a part of this commit and may be updated separately.
Reference: [https://wiki.php.net/rfc/deprecate_dynamic_properties PHP RFC: Deprecate dynamic properties].
Follow-up to [53922].
Props jrf, hellofromTonya, markjaquith, peterwilsoncc, costdev, knutsp, aristath.
See #56513, #56034.
git-svn-id: https://develop.svn.wordpress.org/trunk@54133 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the `Last-Modified` header of comments feed was using the date/time of the last comment. This behavior was breaking caching and causing feed readers to believe there is no new content even when there might be new posts.
This commit changes this behavior to use the newest date from both `get_lastcommentmodified()` and `get_lastpostmodified()` functions instead of only using the result from `get_lastcommentmodified()`.
Props xiven, mauteri, costdev, audrasjb.
Fixes#47968.
git-svn-id: https://develop.svn.wordpress.org/trunk@53233 602fd350-edb4-49c9-b593-d223f7449a82
Includes minor code layout fixes for consistency. Additionally, this moves a more general unit test above the more specific one.
Follow-up to [52814].
See #10886.
git-svn-id: https://develop.svn.wordpress.org/trunk@52815 602fd350-edb4-49c9-b593-d223f7449a82
Developers of plugins and themes can use the `do_parse_request` filter to hot-wire requests and hook in early to render custom pages. However, even through these request may not need post queries and 404 lookups to be run, they run anyway. This can results in unnecessary SQL queries running on these requests. By adding a return value to the `parse_request` method of the `WP` class, these queries can now be skipped.
Props junsuijin, ryan, westi, sivel, dd32, wonderboymusic, arnee, tyxla, DrewAPicture, lukecavanagh, SergeyBiryukov, davidbaumwald, Spacedmonkey, pbearne.
Fixes#10886.
git-svn-id: https://develop.svn.wordpress.org/trunk@52814 602fd350-edb4-49c9-b593-d223f7449a82
The `WP::$matched_rule` property is always set now, so we should check that it's not empty instead.
Follow-up to [52804].
See #55222.
git-svn-id: https://develop.svn.wordpress.org/trunk@52805 602fd350-edb4-49c9-b593-d223f7449a82
This avoids an `array_keys() expects parameter 1 to be array, null given` PHP warning for the `query_vars` property in `WP::build_query_string()` when disabling request parsing via the `do_parse_request` filter.
Props dd32, SergeyBiryukov.
Fixes#55222.
git-svn-id: https://develop.svn.wordpress.org/trunk@52804 602fd350-edb4-49c9-b593-d223f7449a82
As per the PHP manual:
> If the `component` parameter is omitted, an associative array is returned.
> If the `component` parameter is specified, `parse_url()` returns a string (or an int, in the case of `PHP_URL_PORT`) instead of an array. If the requested component doesn't exist within the given URL, `null` will be returned.
Reference: [https://www.php.net/manual/en/function.parse-url.php#refsect1-function.parse-url-returnvalues PHP Manual: parse_url(): Return Values]
In this case, `parse_url()` is called with the `PHP_URL_PATH` as `$component`. This will return `null` in the majority of cases, as – exсept for subdirectory-based sites – `home_url()` returns a URL without the trailing slash, like `http://example.org`.
The return value of `parse_url()` was subsequently passed to `trim()`, leading to a `trim(): Passing null to parameter #1 ($string) of type string is deprecated` notice on PHP 8.1.
Fixed by adjusting the logic flow to:
* Only pass the return value of `parse_url()` to follow-on functions if it makes sense, i.e. if it isn't `null`, nor an empty string.
* Preventing calls to `preg_replace()` and `trim()` further down in the function logic flow, when `preg_replace()`/`trim()` would have nothing to do anyhow.
Follow-up to [25617].
Props jrf, hellofromTonya, SergeyBiryukov.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51622 602fd350-edb4-49c9-b593-d223f7449a82
`$this` is a pseudo-variable that cannot be used as the name of a function parameter, so renaming these helps prevent errors when implementing hook callback functions.
Fixes#53457
git-svn-id: https://develop.svn.wordpress.org/trunk@51518 602fd350-edb4-49c9-b593-d223f7449a82
This extension is necessary because the comment approval notification opt-in form introduced in [47887] uses the same mechanism, and the previous limit of one minute meant that users on a slow connection, using assistive technology, with limited motor skills, or who are generally indecisive may not complete the opt-in action within one minute, and therefore not see the confirmation message.
Props joedolson, imath, hellofromTonya, peterwilsoncc, alexstine, davidbaumwald
Fixes#52406
git-svn-id: https://develop.svn.wordpress.org/trunk@50271 602fd350-edb4-49c9-b593-d223f7449a82
This brings the behaviour inline with the `<title>` element of the page which always shows the author name.
Props Tkama, subrataemfluence
Fixes#44183
git-svn-id: https://develop.svn.wordpress.org/trunk@49843 602fd350-edb4-49c9-b593-d223f7449a82
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes#50413.
git-svn-id: https://develop.svn.wordpress.org/trunk@48121 602fd350-edb4-49c9-b593-d223f7449a82
After a comment is submitted, only allow a brief window where the comment is live on the site.
Fixes#49956.
Props: jonkolbert, ayeshrajans, Asif2BD, peterwilsoncc, imath, audrasjb, jonoaldersonwp, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@47887 602fd350-edb4-49c9-b593-d223f7449a82
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.
Includes minor code layout fixes for better readability.
See #49542.
git-svn-id: https://develop.svn.wordpress.org/trunk@47808 602fd350-edb4-49c9-b593-d223f7449a82
This avoids displaying duplicate content of the home page under different URLs with appended page numbers.
This change only affects the `<!--nextpage-->` pagination (`page` query variable) and not the regular multiple posts pagination (`paged` query variable).
The posts page does not support the `<!--nextpage-->` pagination, so requests for invalid page numbers should be redirected to the page permalink, applying the logic previously implemented for single posts or pages.
Follow-up to [34492], [47727].
Props jeremyfelt, sachit.tandukar, SergeyBiryukov.
Fixes#45337. See #40773, #28081, #11694.
git-svn-id: https://develop.svn.wordpress.org/trunk@47760 602fd350-edb4-49c9-b593-d223f7449a82
This avoids displaying duplicate content of the same post under different URLs and ensures the canonical URL is correct.
Previously, requests for invalid page numbers were only redirected to the post permalink if the post was actually paginated using the `<!--nextpage-->` marker.
Follow-up to [34492].
Props jeremyfelt, prografika, sachit.tandukar, subrataemfluence, hronak, ekatherine, henry.wright, chesio, dd32, SergeyBiryukov.
Fixes#40773. See #45337, #28081, #11694.
git-svn-id: https://develop.svn.wordpress.org/trunk@47727 602fd350-edb4-49c9-b593-d223f7449a82
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.
Includes minor code layout fixes for better readability.
See #49542.
git-svn-id: https://develop.svn.wordpress.org/trunk@47550 602fd350-edb4-49c9-b593-d223f7449a82
Previously, `wp_favicon_request()` was introduced in [13205] to avoid a performance hit of serving a full 404 page on every favicon request.
While working as intended, that implementation did not provide a way for theme or plugin authors to manage the behavior of favicon requests.
This changeset implements the following logic (only applied if WordPress is installed in the root directory):
* If there is a Site Icon set in Customizer, redirect `/favicon.ico` requests to that icon.
* Otherwise, use the WordPress logo as a default icon.
* If a physical `/favicon.ico` file exists, do nothing, let the server handle the request.
Handling `/favicon.ico` is now more consistent with handling `/robots.txt` requests.
New functions and hooks:
* Introduce `is_favicon()` conditional tag to complement `is_robots()`.
* Introduce `do_favicon` action to complement `do_robots` and use it in template loader.
* Introduce `do_favicon()` function, hooked to the above action by default, to complement `do_robots()`.
* Introduce `do_faviconico` action to complement `do_robotstxt`, for plugins to override the default behavior.
* Mark `wp_favicon_request()` as deprecated in favor of `do_favicon()`.
Props jonoaldersonwp, birgire, joostdevalk, mukesh27, SergeyBiryukov.
Fixes#47398.
git-svn-id: https://develop.svn.wordpress.org/trunk@47018 602fd350-edb4-49c9-b593-d223f7449a82
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.
See #46732.
git-svn-id: https://develop.svn.wordpress.org/trunk@45611 602fd350-edb4-49c9-b593-d223f7449a82
Use of `date()` in core depends on PHP timezone set to UTC and not changed by third party code (which cannot be guaranteed).
`gmdate()` is functionally equivalent, but is not affected by PHP timezone setting: it's always UTC, which is the exact behavior the core needs.
Props nielsdeblaauw, Rarst.
Fixes#46438. See #44491.
git-svn-id: https://develop.svn.wordpress.org/trunk@45424 602fd350-edb4-49c9-b593-d223f7449a82
WordPress' code just... wasn't.
This is now dealt with.
Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes#41057.
git-svn-id: https://develop.svn.wordpress.org/trunk@42343 602fd350-edb4-49c9-b593-d223f7449a82
The WPCS `WordPress.WhiteSpace.PrecisionAlignment` rule throws warnings for a bunch of code that will likely cause issues for `wpcbf`. Fixing these manually beforehand gives us better auto-fixed results later.
See #41057.
git-svn-id: https://develop.svn.wordpress.org/trunk@42228 602fd350-edb4-49c9-b593-d223f7449a82
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.
See #41452.
git-svn-id: https://develop.svn.wordpress.org/trunk@41162 602fd350-edb4-49c9-b593-d223f7449a82
Fixes bug where an invalid Last-Modified value would be returned in feed requests for sites that had 0 items to return. Comment or post feeds will now return the current timestamp as the Last-Modified header value. Example: a request for the comments feed for a site without any comments.
Replaced use of the local static variable `$cache_lastcommentmodified` to store the modified date in `get_lastcommentmodified()` with the Object Cache API. The `get_lastcommentmodified()` function returns early if there is a cached value and returns `false` if there where no comments found. Introduced `_clear_modified_cache_on_transition_comment_status()` to flush the `lastcommentmodified` cache key when a comment enters or leaves approval status. In `get_lastpostmodified()` return early if there is a cached value and return `false` if there are no posts found.
Props swissspidy, rachelbaker, dllh, leobaiano.
Fixes#38027.
git-svn-id: https://develop.svn.wordpress.org/trunk@38925 602fd350-edb4-49c9-b593-d223f7449a82
It is possible to delegate pingback processing to a service function outside of WordPress itself. All other calls in default themes (and likely other themes) uses `bloginfo` which automatically adds the filter argument of "display". This adds consistency.
Props dshanske.
Fixes#34633.
git-svn-id: https://develop.svn.wordpress.org/trunk@38671 602fd350-edb4-49c9-b593-d223f7449a82
This private query var allows the hierarchical page query on the Pages listing screen to query for `wp_posts.ID, wp_posts.post_parent` instead of `wp_posts.*`. This introduces large memory and time savings when the site contains a large number of Pages. Combined with the processing time savings introduced in [31730] this makes the Pages listing screen considerably more performant.
Fixes#34982
Props rodrigosprimo
git-svn-id: https://develop.svn.wordpress.org/trunk@38451 602fd350-edb4-49c9-b593-d223f7449a82
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.
See #36921.
git-svn-id: https://develop.svn.wordpress.org/trunk@37542 602fd350-edb4-49c9-b593-d223f7449a82
