This is an important release which makes significant changes to improve the accuracy, performance, stability and maintainability of all sniffs, as well as making WordPressCS much better at handling modern PHP.
WordPressCS 3.0.0 contains breaking changes, both for people using ignore annotations, people maintaining custom rulesets, as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.
If you are an end-user or maintain a custom WordPressCS based ruleset, please start by reading the [https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-3.0.0-for-ruleset-maintainers Upgrade Guide to WordPressCS 3.0.0 for ruleset maintainers] which lists the most important changes and contains a step by step guide for upgrading.
If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WordPressCS sniffs, please read the [https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-3.0.0-for-Developers-of-external-standards Upgrade Guide to WordPressCS 3.0.0 for Developers].
In all cases, please read the complete changelog carefully before you upgrade.
This commit:
* Updates the Composer dependencies to use the new version, including updating the underlying PHP_CodeSniffer dependency to the new minimum supported version for WPCS.[[BR]] Note: the Composer PHPCS installer plugin is no longer explicitly required as it is now a dependency of WPCS, so the dependency is inherited automatically.
* Updates the ruleset for WPCS 3.0.0. This includes:
* Raising the memory limit to be on the safe side as WPCS 3.0.0 contains a lot more sniffs.
* Removing explicit inclusions of extra rules, which have now been added to the `WordPress-Core` ruleset..
* Updating property names for select sniffs.
* Updating one exclusion — the `WordPress.CodeAnalysis.AssignmentInCondition` sniff has been (partially) replaced by the `Generic.CodeAnalysis.AssignmentInCondition` sniff.
* Adding one new exclusion.
* Downgrades one new error to a warning.[[BR]] The `Generic.Files.OneObjectStructurePerFile` sniff enforces that there is only one OO structure declaration per file. At this time, this sniff would yield 29 errors. By downgrading the sniff to a ''warning'', the build can pass and the issues can be fixed in due time. For now, the test directory will be excluded until the issues are fixed (as the test directory CS run does not allow for warnings).
* Updates ignore annotations for WPCS 3.0.0.
Reference: [https://github.com/WordPress/WordPress-Coding-Standards/releases/tag/3.0.0 WPCS 3.0.0 release notes].
Follow-up to [43571], [44574], [45600], [47927].
Props jrf, jorbin, desrosj.
See #59161.
git-svn-id: https://develop.svn.wordpress.org/trunk@56695 602fd350-edb4-49c9-b593-d223f7449a82
Prior to this change, images added in shortcodes would be considered separately from all other images within post content, which led to incorrect application of the loading optimization attributes `loading="lazy"` and `fetchpriority="high"`.
This changeset changes the filter priority of `wp_filter_content_tags()` from the default `10` to `12` on the various content filters it is hooked in, in order to run that function after parsing shortcodes. While this may technically be considered a backward compatibility break, substantial research and lack of any relevant usage led to the assessment that the change is acceptable given its benefits.
An additional related fix included is that now the duplicate processing of images is prevented not only for post content blobs (`the_content` filter), but also for widget content blobs (`widget_text_content` and `widget_block_content` filters).
Props joemcgill, mukesh27, costdev, spacedmonkey, flixos90.
Fixes#58853.
git-svn-id: https://develop.svn.wordpress.org/trunk@56693 602fd350-edb4-49c9-b593-d223f7449a82
In this commit, enhancements have been made by replacing manually constructed style tags with calls to `wp_add_inline_style`. Previously, numerous style tags were generated and output directly in the header, resulting in redundant code and bypassing the core's style enqueueing system. This approach made it challenging for third-party developers to manage and control the output of these style tags.
To ensure backward compatibility, the following functions have been deprecated and replaced:
- print_embed_styles
- print_emoji_styles
- wp_admin_bar_header
- _admin_bar_bump_cb
Backward compatibility shims have also been added, ensuring that if these functions were previously unhooked from there actions, they will continue to not output a style tag.
However, for the following functions, conversion to use inline styles was not feasible due to the potential disruption it might cause by changing the style tag IDs, potentially breaking JavaScript functionality for a number of plugins in the repository:
- custom-background
- wp-custom
These changes improve code maintainability and enhance the flexibility and control available to developers when managing style outputs within WordPress core.
Props spacedmonkey, hlunter, westonruter, flixos90.
Fixes#58775.
git-svn-id: https://develop.svn.wordpress.org/trunk@56682 602fd350-edb4-49c9-b593-d223f7449a82
Includes removing redundant `@covers` tags. There is already an existing annotation for the whole test class, following the [https://docs.phpunit.de/en/9.6/annotations.html#covers PHPUnit recommendation]:
> This annotation can be added to the docblock of the test class or the individual test methods. The recommended way is to add the annotation to the docblock of the test class, not to the docblock of the test methods.
Follow-up to [56560].
See #58682.
git-svn-id: https://develop.svn.wordpress.org/trunk@56561 602fd350-edb4-49c9-b593-d223f7449a82
All blocks relevant for the excerpt are already being parsed in `excerpt_remove_blocks()`. Therefore running `do_blocks()` on the post content only to create the excerpt is unnecessary and wasteful from a performance perspective.
Props thekt12, spacedmonkey, mukesh27, joemcgill.
Fixes#58682.
git-svn-id: https://develop.svn.wordpress.org/trunk@56560 602fd350-edb4-49c9-b593-d223f7449a82
Adds the `excerpt_remove_footnotes` function to trim footnote anchors from post excerpts.
Props: ramonopoly, costdev, mukesh27, mcsf, azaozz.
Fixes#58805.
git-svn-id: https://develop.svn.wordpress.org/trunk@56244 602fd350-edb4-49c9-b593-d223f7449a82
When saving the settings via the admin UI, the default value for any options not passed in the current `$_POST` request is set to `null` in `wp-admin/options.php`. Some options, e.g. `blog_public`, then rely on `null` being passed to `update_option()` to determine whether the value was changed or not.
This commit resolves a PHP 8.1 deprecation notice when saving the `gmt_offset` option without any changes:
{{{
Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
}}}
Includes a similar fix for the `blog_charset` option.
Follow-up to [4112], [4329], [5541], [21849].
Props adi3890, dhrupo, hrdelwar, hasanmisbah, oglekler, mukesh27, SergeyBiryukov.
Fixes#57728.
git-svn-id: https://develop.svn.wordpress.org/trunk@56132 602fd350-edb4-49c9-b593-d223f7449a82
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [55988], [56021].
See #58206.
git-svn-id: https://develop.svn.wordpress.org/trunk@56031 602fd350-edb4-49c9-b593-d223f7449a82
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [55988].
Props spacedmonkey.
See #58220.
git-svn-id: https://develop.svn.wordpress.org/trunk@56021 602fd350-edb4-49c9-b593-d223f7449a82
`str_starts_with()` and `str_ends_with()` were introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins or ends with the given substring (needle).
WordPress core includes a polyfill for these functions on PHP < 8.0 as of WordPress 5.9.
This commit uses `str_starts_with()` and `str_ends_with()` in core files where appropriate:
* `$needle === substr( $string, 0, $length )`, where `$length` is the length of `$needle`, is replaced with `str_starts_with( $haystack, $needle )`.
* `$needle === substr( $string, $offset )`, where `$offset` is negative and the absolute value of `$offset` is the length of `$needle`, is replaced with `str_ends_with( $haystack, $needle )`.
This aims to make the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987], [55988].
Props Soean, spacedmonkey, Clorith, ocean90, azaozz, sabernhardt, SergeyBiryukov.
Fixes#58220.
git-svn-id: https://develop.svn.wordpress.org/trunk@55990 602fd350-edb4-49c9-b593-d223f7449a82
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
git-svn-id: https://develop.svn.wordpress.org/trunk@55988 602fd350-edb4-49c9-b593-d223f7449a82
The `sprintf()` is not being passed any values, and there is no placeholder to replace.
This originated in r52132 in which I erroneously included this `sprintf()` in
two places. I fixed one of the cases in r52151 but I missed the other.
Follow-up to [52132], [52151].
Fixes#58436.
See #44632.
git-svn-id: https://develop.svn.wordpress.org/trunk@55875 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds support for schwa character. Ə (U+018F) and ə (U+0259) are part of Latin Extended-B and used in
several languages like Azerbaijani or also in gender neutral Italian.
Props suleymankenar, audrasjb, przemekhernik.
Fixes#57609.
git-svn-id: https://develop.svn.wordpress.org/trunk@55858 602fd350-edb4-49c9-b593-d223f7449a82
The `wp_filter_content_tags()` function, which modifies image tags for example to optimize performance, is hooked into the `the_content` filter by default. When rendering an excerpt for a post that doesn't have a manually provided excerpt, the post content is used to generate the excerpt, handled by the `wp_trim_excerpt()` function.
Prior to this changeset, this led to `wp_filter_content_tags()` being called on the content when generating the excerpt, which is wasteful as all tags are stripped from the excerpt, and it furthermore could result in a lazy-loading bug when the post content contained images, as those images were being counted even though they would never be rendered as part of the excerpt.
This changeset fixes the bug and slightly improves performance for generating an excerpt by temporarily unhooking the `wp_filter_content_tags()` function from the `the_content` filter when using it to generate the excerpt.
Props costdev, flixos90, joemcgill, mukesh27, salvoaranzulla, spacedmonkey, thekt12, westonruter.
Fixes#56588.
git-svn-id: https://develop.svn.wordpress.org/trunk@55850 602fd350-edb4-49c9-b593-d223f7449a82
Introduce the `sanitize_locale_name()` for sanitizing user input of locales.
Props xknown, timothyblynjacobs, ocean90, peterwilsoncc.
git-svn-id: https://develop.svn.wordpress.org/trunk@55760 602fd350-edb4-49c9-b593-d223f7449a82
This resolves a WPCS warning:
{{{
Variable "$myHTML" is not in valid snake_case format, try "$my_h_t_m_l"
}}}
It also matches other formatting functions with the `$text` parameter, e.g. `esc_html()`, `ent2ncr()`, etc.
Follow-up to [1727], [3717], [8662], [8743], [54927].
Props victoranto, audrasjb, jrf.
Fixes#58129.
git-svn-id: https://develop.svn.wordpress.org/trunk@55651 602fd350-edb4-49c9-b593-d223f7449a82
Includes documenting data provider values using hash notation in the tests for:
* `convert_smilies()`
* `get_url_in_content()`
* `links_add_target()`
* `normalize_whitespace()`
Follow-up to [26191], [26327], [26328], [26972], [55562].
See #57841.
git-svn-id: https://develop.svn.wordpress.org/trunk@55563 602fd350-edb4-49c9-b593-d223f7449a82
After the introduction of `_make_clickable_rel_attr()` in an earlier commit, the function ended up returning link markup with a mix of single and double quotes.
This commit ensures that `_make_web_ftp_clickable_cb()` always returns double quotes, restoring consistency with other similar callback functions used by `make_clickable()`:
* `_make_url_clickable_cb()`
* `_make_email_clickable_cb()`
Follow-up to [55289].
See #53290, #56444.
git-svn-id: https://develop.svn.wordpress.org/trunk@55495 602fd350-edb4-49c9-b593-d223f7449a82
This changeset replaces various HelpHub links that have changed to avoid extra 301 redirections.
Props sabernhardt, audrasjb.
See #57726.
git-svn-id: https://develop.svn.wordpress.org/trunk@55414 602fd350-edb4-49c9-b593-d223f7449a82
This aims to clarify a few inline comments related to removing percent-encoded characters and HTML entities.
Affected functions:
* `sanitize_user()`
* `sanitize_title_with_dashes()`
* `sanitize_html_class()`
* `_sanitize_text_fields()`
* `get_comments_number_text()`
Follow-up to [465], [3454], [11433], [12503], [37987].
Props ace100, tanjimtc71, codemonksuvro, SergeyBiryukov.
Fixes#57712.
git-svn-id: https://develop.svn.wordpress.org/trunk@55346 602fd350-edb4-49c9-b593-d223f7449a82
Internal links should be followed and it should be easier to modify other rel attributes on comments. This adds a helper function for determining if a URL is internal and also adds some new filters to make it easy to modify rel attributes in comments.
Props thomasplevy, desrosj, sabernhardt, benish74, samiamnot, galbaras, jorbin.
Fixes#53290, #56444.
git-svn-id: https://develop.svn.wordpress.org/trunk@55289 602fd350-edb4-49c9-b593-d223f7449a82
This changesets adds a `word_count_type` property, so that it does not need to be translated separately across multiple projects.
List of changes:
- New property: `WP_Locale::word_count_type`.
- New method: `WP_Locale::get_word_count_type()`.
- New function: `wp_get_word_count_type()` as a wrapper for `WP_Locale::get_word_count_type()`.
- All `_x( 'words', 'Word count type. Do not translate!' )` strings have been replaced with a call to `wp_get_word_count_type()`.
Props pedromendonca, desrosj, costdev, mukesh27, johnbillion.
Fixes#56698.
git-svn-id: https://develop.svn.wordpress.org/trunk@55279 602fd350-edb4-49c9-b593-d223f7449a82
The `math` element can be displayed either as a block or inline element. If `wpautop` only treats it as an inline element, it will break multiline elements by inserting `br` elements. Treating the element as a block element means that the editor won't break common normative usages of the `math` element.
Prevent `math` elements from having internal elements split up with `br` elements, disrupting formatting.
Props nicholaswilson, wojtek.szkutnik, hakre, conner_bw, ericlewis, hughie.molloy, SteelWagstaff, ryokuhi, joedolson, bgoewert, adamsilverstein, joedolson.
Fixes#13340.
git-svn-id: https://develop.svn.wordpress.org/trunk@55272 602fd350-edb4-49c9-b593-d223f7449a82
Check the input of `wp_strip_all_tags()` before passing it to `strip_tags()`. This protects against fatal errors introduced in PHP 8, retaining the `E_USER_WARNING` from PHP 7, and prevents a PHP 8.1 deprecation notice when passing null.
Props chocofc1, costdev, jrf, dd32, audrasjb, peterwilsoncc.
Fixes#56434.
git-svn-id: https://develop.svn.wordpress.org/trunk@55245 602fd350-edb4-49c9-b593-d223f7449a82
On some servers, consecutive periods in a filename can cause a 403 Forbidden response.
This changeset replaces consecutive periods with a single period, and adds related unit tests.
Props ArtZ91, costdev, SergeyBiryukov, arthurshlain, mukesh27.
Fixes#57242.
git-svn-id: https://develop.svn.wordpress.org/trunk@55209 602fd350-edb4-49c9-b593-d223f7449a82
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit renames the `$class` parameter to `$classname` in `sanitize_html_class()`.
Follow-up to [54927].
See also: [search:?q=code+modernization+rename+parameters+that+use+reserved+keywords&changeset=on equivalent commits for other files].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
git-svn-id: https://develop.svn.wordpress.org/trunk@55162 602fd350-edb4-49c9-b593-d223f7449a82
This changeset updates the use of "-ise" suffix to American English "-ize" in various files.
Follow-up to [54663], [54664], [55043], [55044].
Props kebbet, mukesh27.
See #56811, #56792.
git-svn-id: https://develop.svn.wordpress.org/trunk@55051 602fd350-edb4-49c9-b593-d223f7449a82
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$echo` parameter to `$display` in:
* `wp_nonce_field()`
* `wp_referer_field()`
* `wp_original_referer_field()`
* Renames the `$string` parameter to `$input_string` in
* `_wp_json_convert_string()`
* `_wp_to_kebab_case()`
* Renames the `$list` parameter to `$input_list` in:
* `wp_parse_list()`
* `wp_parse_id_list()`
* `wp_parse_slug_list()`
* `wp_filter_object_list()`
* `wp_list_filter()`
* `wp_list_pluck()`
* `wp_list_sort()`
* Renames the `$array` parameter to `$input_array` in:
* `add_magic_quotes()`
* `wp_array_slice_assoc()`
* `_wp_array_get()`
* `_wp_array_set()`
* Renames the `$function` parameter to `$function_name` in:
* `_deprecated_function()`
* `_deprecated_argument()`
* `_doing_it_wrong()`
* Renames the `$class` parameter to `$class_name` in `_deprecated_constructor()`.
* Renames the `$default` parameter to `$default_value` in `apache_mod_loaded()`.
* Renames the `$var` parameter to `$value` in `wp_validate_boolean()`.
* Amends the `$input` parameter in `wp_parse_str()` for consistency.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
git-svn-id: https://develop.svn.wordpress.org/trunk@54929 602fd350-edb4-49c9-b593-d223f7449a82
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$string` parameter to `$text` in:
* `_wp_specialchars()`
* `wp_specialchars_decode()`
* `wp_check_invalid_utf8()`
* `remove_accents()`
* `_split_str_by_whitespace()`
* `wp_strip_all_tags()`
* Renames the `$string` parameter to `$value` in:
* `backslashit()`
* `trailingslashit()`
* `untrailingslashit()`
* Renames the `$string` parameter to `$subject` in `wp_iso_descrambler()`.
* Renames the `$match` parameter to `$matches` in `_wp_iso_convert()`.
* Renames the `$string` parameter to `$date_string` in:
* `get_gmt_from_date()`
* `get_date_from_gmt()`
* Renames the `$string` parameter to`$input` in `wp_parse_str()`.
* Renames the `$string` parameter to `$content` in `wp_pre_kses_block_attributes()`.
* Amends the `$text` parameter in `wp_pre_kses_less_than()` for consistency.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
git-svn-id: https://develop.svn.wordpress.org/trunk@54927 602fd350-edb4-49c9-b593-d223f7449a82
This applies to:
* `normalizer_is_normalized()`
* `normalizer_normalize()`
Includes removing the `Normalizer::FORM_C` constant as a parameter, since it is the default value for both functions and does not need to be explicitly passed. This avoids a fatal error if a plugin includes polyfill for any of the functions but the `Normalizer` class has a different namespace, for example when using the Symfony polyfill.
Follow-up to [53754].
Props hellofromTonya, costdev, desrosj, mukesh27, zodiac1978, jchambo, gisgeo, SergeyBiryukov.
Fixes#56980.
git-svn-id: https://develop.svn.wordpress.org/trunk@54813 602fd350-edb4-49c9-b593-d223f7449a82
This changeset fixes a potential fatal error, for example when "Max upload file size" setting is set to an empty value. It also adds unit tests for `upload_size_limit_filter`.
Props mjkhajeh, bhrugesh12, SergeyBiryukov, kebbet, audrasjb, felipeelia.
Fixes#55926.
git-svn-id: https://develop.svn.wordpress.org/trunk@54482 602fd350-edb4-49c9-b593-d223f7449a82
This changeset prevents object replacement characters – UTF-8 `%ef%bf%bc`, used as a placeholder in text for an otherwise unspecified object – from being added to slugs.
Props cantuaria, costdev, audrasjb, SergeyBiryukov, archon810, maciejmackowiak, BaneD, markparnell, ironprogrammer, dmsnell, nikkigagency, webprom.
Fixes#55117.
git-svn-id: https://develop.svn.wordpress.org/trunk@54474 602fd350-edb4-49c9-b593-d223f7449a82
The current coding standards note that the name of the class files should be based on the class name with `class-` prepended, and the underscores replaced by hyphens (see the [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#naming-conventions Naming Conventions] section in the handbook), except for the three legacy files: `class.wp-dependencies.php`, `class.wp-scripts.php`, `class.wp-styles.php`.
To bring more consistency to the codebase and make it easier to implement autoloading in the future, this commit renames those three legacy files to conform to the coding standards:
* `wp-includes/class.wp-dependencies.php` → `wp-includes/class-wp-dependencies.php`
* `wp-includes/class.wp-scripts.php` → `wp-includes/class-wp-scripts.php`
* `wp-includes/class.wp-styles.php` → `wp-includes/class-wp-styles.php`
Includes:
* Loading the new files from the old ones, for anyone that may have been including the files directly.
* Replacing references to the old filenames with the new filenames.
Follow-up to [7970], [45654], [45662], [45663], [45678], [47197], [52026], [53749].
Props afragen, schlessera, swissspidy, dingo_d, hellofromTonya, SergeyBiryukov.
Fixes#37861. See #55647.
git-svn-id: https://develop.svn.wordpress.org/trunk@54254 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a bug where if the `timezone_string` is set to a timezone name which has since been deprecated, the option value would be “lost” when saving the value again, as the comparison being done to verify whether it is a valid timezone name would only take “current” timezone names into account and would invalidate deprecated timezone names.
By passing the `DateTimeZone::ALL_WITH_BC` constant as the `$timezoneGroup` parameter to the PHP native `timezone_identifiers_list()` function, a timezone name list is retrieved containing both current and deprecated timezone names, preventing the invalidation of the option value.
See the extensive write-up about this in ticket #56468.
Also see: [https://www.php.net/manual/en/datetimezone.listidentifiers.php PHP Manual: timezone_identifiers_list()].
Includes adding a dedicated test to the data provider used in the `Tests_Option_SanitizeOption` test class.
Note: The new data set is ''named'', even though the other data sets are unnamed, to make sure it is clear what this data set is testing. Adding test names for the original data sets in this data provider would be a great future improvement, but is outside of the scope of this commit.
Follow-up to [18323], [33119], [54207], [54217], [54227].
Props jrf, costdev.
See #56468.
git-svn-id: https://develop.svn.wordpress.org/trunk@54229 602fd350-edb4-49c9-b593-d223f7449a82
- Usage of `get_magic_quotes_gpc()` was removed from `addslashes_gpc()` in [46105] / #47783.
- A similar description fragment was removed from `wp_parse_str()` in that changeset, but this one was missed.
- The `get_magic_quotes_gpc()` function itself was deprecated in PHP 7.4 and removed in PHP 8.0.
Props mitweka, audrasjb, SergeyBiryukov.
Fixes#56233.
See #55646.
git-svn-id: https://develop.svn.wordpress.org/trunk@53776 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds Unicode sequence normalization from NFD to NFC, via the `normalizer_normalize()` PHP function which is available with the recommended `intl` PHP extension.
This fixes an issue where NFD characters were not properly sanitized. It also provides a unit test for NFD sequences (alternate Unicode representations of the same characters).
Props NumidWasNotAvailable, targz, nacin, nunomorgadinho, p_enrique, gitlost, SergeyBiryukov, markoheijnen, mikeschroder, ocean90, pento, helen, rodrigosevero, zodiac1978, ironprogrammer, audrasjb, azaozz, laboiteare, nuryko, virgar, dxd5001, onnimonni, johnbillion.
Fixes#24661, #47763, #35951.
See #30130, #52654.
git-svn-id: https://develop.svn.wordpress.org/trunk@53754 602fd350-edb4-49c9-b593-d223f7449a82
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.
Follow-up to [11383], [13096], [51597], [53452].
Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes#55852.
git-svn-id: https://develop.svn.wordpress.org/trunk@53455 602fd350-edb4-49c9-b593-d223f7449a82
A general security rule is "Sanitize when you save, escape when you echo".
In WordPress 5.9, `sanitize_url()` was un-deprecated in order to better align with the naming of other sanitizing functions, while still being an alias for `esc_url_raw()`.
This commit reverses the order and turns `esc_url_raw()` into a wrapper for `sanitize_url()`, making the latter the canonical function call and aiming to improve performance by reducing the number of function calls required when using the recommended technique.
Follow-up to [11383], [13096], [51597].
Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
See #55852.
git-svn-id: https://develop.svn.wordpress.org/trunk@53452 602fd350-edb4-49c9-b593-d223f7449a82
