Make layout support compatible with enhanced pagination by ensuring that generated class names are stable across pagination, even when the number of rendered posts is different.
With the previous implementation of enhanced pagination, the CSS corresponding to each block was not detected. Therefore, for enhanced pagination to work correctly, the CSS of the blocks present in the Post Template must be stable on all pages.
The number of posts rendered by the Query block is always the same, except in the last page, where it can be only a fraction. If any of the blocks rendered by the Post Template used the `wp_unique_id` function, the ID (which is incremental) would have been different than in the previous pages and the class names would have varied.
This is remediated by this changeset by replacing the usage of `wp_unique_id` in the layout support (which is used by the Query block) with an implementation that uses IDs that are incremental only for that block. That way, the generated class names are never affected by the number of times `wp_unique_id` runs.
Props luisherranz, andrewserong, isabel_brison, costdev, mukesh27, cbravobernal, hellofromTonya, jorbin.
Fixes#59681.
git-svn-id: https://develop.svn.wordpress.org/trunk@56994 602fd350-edb4-49c9-b593-d223f7449a82
Use `pagehide` event instead of `unload` in the following cases:
* For classic editor to release the post lock.
* In Text widget to rebuild editor after dragging widget to new location in classic widgets interface.
* To clear out the `window.name` when navigating away from a post preview.
* To suspend heartbeat, while also using `pageshow` event to resume as if it had been a focused tab in case page restored from bfcache.
Also:
* Remove obsolete mobile cleanup code in `js/_enqueues/lib/gallery.js` (introduced in [9894]). Do same for `src/js/_enqueues/wp/media/models.js` (introduced in [22872]). See #22552.
* Remove obsolete Firefox-specific workaround in `js/_enqueues/wp/mce-view.js` from [39282]. See #38511.
Fixes#55491.
Props spenserhale, westonruter, adamsilverstein, azaozz, shawfactor, peterwilsoncc, swissspidy.
git-svn-id: https://develop.svn.wordpress.org/trunk@56809 602fd350-edb4-49c9-b593-d223f7449a82
In [53941], the addition of query caching to `WP_Query` brought about an unintended issue when querying for fields equal to id=>parent. Specifically, on websites with object caching enabled and a substantial number of pages, the second run of this query triggered the `_prime_post_caches` function for id=>parent. This led to the unnecessary priming of post, meta, and term caches, even when only id and parent information were requested.
This commit addresses this issue by introducing a new function, `_prime_post_parents_caches`, which primes a dedicated cache for post parents. This cache is primed during the initial query execution. Subsequently, the `wp_cache_get_multiple` function is employed to retrieve all post parent data in a single object cache request, optimizing performance.
Additionally, this commit extends the coverage of existing unit tests to ensure the reliability of the changes.
Props kevinfodness, joemcgill, peterwilsoncc, LinSoftware, thekt12, spacedmonkey.
Fixes#59188
git-svn-id: https://develop.svn.wordpress.org/trunk@56763 602fd350-edb4-49c9-b593-d223f7449a82
The `VariableAnalysis` standard is not used by WP Core.
Follow-up to [50958], [51003], [52049], [52051], [52069], [53072], [54132], [55132], [56363], [56738], [56743], [56751], [56752].
Props jrf.
See #59161.
git-svn-id: https://develop.svn.wordpress.org/trunk@56753 602fd350-edb4-49c9-b593-d223f7449a82
* Add `wp_remove_surrounding_empty_script_tags()` to more precisely remove script tag wrappers and warn when doing it wrong.
* Add clarifying comments for XML escaping logic in `wp_get_inline_script_tag()`.
* Leverage `WP_HTML_Tag_Processor` in `test_remove_frameless_preview_messenger_channel`.
* Reuse `assertEqualMarkup` in `test_blocking_dependent_with_delayed_dependency`.
* Normalize whitespace in `parse_markup_fragment` for `assertEqualMarkup`.
Follow-up to [56687].
Props dmsnell, westonruter, flixos90.
See #58664.
git-svn-id: https://develop.svn.wordpress.org/trunk@56748 602fd350-edb4-49c9-b593-d223f7449a82
This removes ignore annotations which are unnecessary due to the configuration in the `phpcs.xml.dist` ruleset already taking care of this.
Follow-up to [45611], [50146], [50148], [50586], [50822], [56738].
Props jrf.
See #59161.
git-svn-id: https://develop.svn.wordpress.org/trunk@56743 602fd350-edb4-49c9-b593-d223f7449a82
Uses `wp_kses()` instead of `esc_html()` to allow a list of HTML tags and protocols in the message rather than escaping them.
Why? To retain message readability in the browser and server logs, especially given that Core itself adds HTML to messages in functions, e.g. `_doing_it_wrong()` and each of the `_deprecated_*()` functions.
HTML tags allowed:
* `a href`
* `br`
* `code`
* `em`
* `strong`
Protocols allowed: `http` and `https`.
To inform extenders, it also documents that any other HTML tags or protocols need to be escaped before passing the message to this function to avoid them being stripped from the message.
Follow-up to [56530], [56705].
Props azaozz, costdev, flixos90, hellofromTonya, peterwilsoncc.
Fixes#57686.
git-svn-id: https://develop.svn.wordpress.org/trunk@56707 602fd350-edb4-49c9-b593-d223f7449a82
Uses `wp_trigger_error()` in `_doing_it_wrong()` and each `_deprecated_*()` function, i.e. instead of `trigger_error()`.
To avoid redundancy, uses `wp_trigger_error()` once. How? Saves each message to `$message` variable and then passes it to `wp_trigger_error()` at the end of the function.
Functions:
* _doing_it_wrong()
* _deprecated_function()
* _deprecated_constructor()
* _deprecated_class()
* _deprecated_file()
* _deprecated_argument()
* _deprecated_hook()
Follow-up to [56530].
Props azaozz, costdev, flixos90, hellofromTonya, peterwilsoncc.
See #57686.
git-svn-id: https://develop.svn.wordpress.org/trunk@56705 602fd350-edb4-49c9-b593-d223f7449a82
Using script tag helper functions allows plugins to employ the `wp_script_attributes` and `wp_inline_script_attributes` filters to inject the `nonce` attribute to apply Content Security Policy (e.g. Strict CSP). Use of helper functions also simplifies logic in `WP_Scripts`.
* Update `wp_get_inline_script_tag()` to wrap inline script in CDATA blocks for XHTML-compatibility when not using HTML5.
* Ensure the `type` attribute is printed first in `wp_get_inline_script_tag()` for back-compat.
* Wrap existing `<script>` tags in output buffering to retain IDE supports.
* In `wp_get_inline_script_tag()`, append the newline to `$javascript` before it is passed into the `wp_inline_script_attributes` filter so that the CSP hash can be computed properly.
* In `the_block_template_skip_link()`, opt to enqueue the inline script rather than print it.
* Add `ext-php` to `composer.json` under `suggest` as previously it was an undeclared dependency for running PHPUnit tests.
* Update tests to rely on `DOMDocument` to compare script markup, normalizing unsemantic differences.
Props westonruter, spacedmonkey, flixos90, 10upsimon, dmsnell, mukesh27, joemcgill, swissspidy, azaozz.
Fixes#58664.
See #39941.
git-svn-id: https://develop.svn.wordpress.org/trunk@56687 602fd350-edb4-49c9-b593-d223f7449a82
Change the `$echo` parameter added to `wp_update_php_annnotation()` to `$display` to avoid using reserved PHP keywords as parameters. Follow up to [56570].
Props kebbet, mukesh27.
See #57791.
git-svn-id: https://develop.svn.wordpress.org/trunk@56662 602fd350-edb4-49c9-b593-d223f7449a82
Improve markup on Login and Registration errors. Use list markup for multiple issues, paragraph when only one to reduce semantic burden in the most common case. Normalize classes and markup for wrapper using `wp_admin_notice()` and `wp_get_admin_notice()` functions. Move definition of those functions from `wp-admin\includes\misc.php` to `wp-includes\functions.php`. Move tests to functions group.
Props extendwings, sabernhardt, afercia, lukecavanagh, rianrietveld, oglekler, sergeybiryukov, costdev, joedolson.
Fixes#30685.
git-svn-id: https://develop.svn.wordpress.org/trunk@56654 602fd350-edb4-49c9-b593-d223f7449a82
Add usages of `wp_admin_notice()` and `wp_get_admin_notice()` on `.notice-[type]` in the root level of `/wp-admin/`. Ongoing task to implement new function across core.
Props costdev, joedolson.
See #57791.
git-svn-id: https://develop.svn.wordpress.org/trunk@56570 602fd350-edb4-49c9-b593-d223f7449a82
Introduces `wp_trigger_error()` as a wrapper around PHP's native `trigger_error()`. As a wrapper, it's lean and not opinionated about the message. It accepts an E_USER family error level, meaning it is not limited to only notices.
Where `_doing_it_wrong()` intends to loudly alert developers "Hey you're doing it wrong - fix it", `wp_trigger_error()` is not opinionated and does not add wording. Rather, it passes the given message to `trigger_error()`.
`wp_trigger_error()` is meant for every `trigger_error()` instance. It can be used:
* in `_doing_it_wrong()` and each `_deprecated_*()` function.
* for PHP 8.x deprecations.
* for PHP error parity.
* for less severe "doing it wrong" instance that do not require bailing out.
* when a component or extension is not available on the server
* for instances where it's not clear if a plugin's or theme's code is the root cause.
* and more.
Technical details:
* Does not trigger the error if `WP_DEBUG` is not `true`.
* Includes `wp_trigger_error_run` action to allow hooking in for backtracing and deeper debug.
* Accepts an E_USER error level, but defaults to `E_USER_NOTICE`.
* Requires a function name, though can be an empty string. As the output message generated by `trigger_error()` references the file and line number where it was invoked, passing the function's name provides more information where the error/warning/notice/deprecation happened. It's intended to help with debug.
* A WordPress version number is not included.
* As messages can appear in the browser, the message is escaped using `esc_html()`. As noted in [https://www.php.net/manual/en/function.trigger-error.php the PHP manual]: "HTML entities in message are not escaped. Use htmlentities() on the message if the error is to be displayed in a browser."
References:
* [https://www.php.net/manual/en/function.trigger-error.php PHP manual for `trigger_error()`].
* [https://www.php.net/manual/en/errorfunc.constants.php E_USER constants (error level) in the PHP manual].
Props azaozz, hellofromTonya, flixos90, costdev, peterwilsoncc, oglekler, mukesh27.
See #57686.
git-svn-id: https://develop.svn.wordpress.org/trunk@56530 602fd350-edb4-49c9-b593-d223f7449a82
The transient `dirsize_cache` stores an array of directory sizes. This transient can grow very large, if the plugin directory has lots of sub directories in it. For example, a site with 30 plugins, the transient was around 2MB. For sites without a persistent object cache, transients without an expiration, are stored in autoloaded options. This means this option would load on every page request. Loading this option on every page request when it is not used it wasteful. Adding a expiration to this transient means it will not autoload. To ensure there is no degradation in performance, the expiration was set to a generous 10-year timeframe, making it highly unlikely to expire before it's refreshed.
Props nicomollet, spacedmonkey, flixos90, wpgurudev.
Fixes#54221.
git-svn-id: https://develop.svn.wordpress.org/trunk@56522 602fd350-edb4-49c9-b593-d223f7449a82
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit renames the `$class` parameter to `$class_name` in `_deprecated_class()`.
Follow-up to [54929], [56467].
Props jrf.
See #59161.
git-svn-id: https://develop.svn.wordpress.org/trunk@56514 602fd350-edb4-49c9-b593-d223f7449a82
This expands the code block previously added for `.docx` files to include `.xlsx` files as well, which are known to have the same issue with `finfo_file()`.
Includes a unit test case for `wp_check_filetype_and_ext()`.
Reference: [https://bugs.php.net/bug.php?id=77784 PHP Bug #77784: mime_content_type() result gets doubled for .xlsx].
Follow-up to [56497].
See #57898.
git-svn-id: https://develop.svn.wordpress.org/trunk@56510 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds an exception to prevent permission issues on `.docx` generated by Google Docs. This is a temporary fix for an upstream bug on the `finfo_file()`
PHP function which returns a redundant MIME type for these documents.
Props winterstreet, jakariaistauk, mujuonly, mi5t4n, annashopina, audrasjb, azaozz, mikeschroder, oglekler.
Fixes#57898.
git-svn-id: https://develop.svn.wordpress.org/trunk@56497 602fd350-edb4-49c9-b593-d223f7449a82
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.
This replaces the two remaining instances of `esc_url_raw()` with `sanitize_url()` in WordPress core.
Follow-up to [53455], [53933], [54522].
Props rajinsharwar, SergeyBiryukov.
Fixes#59247.
git-svn-id: https://develop.svn.wordpress.org/trunk@56494 602fd350-edb4-49c9-b593-d223f7449a82
Includes a few other formatting adjustments for consistency.
Follow-up to [48327], [56467], [56471].
See #58833.
git-svn-id: https://develop.svn.wordpress.org/trunk@56474 602fd350-edb4-49c9-b593-d223f7449a82
Similar to other function in the `_deprecated_*` series, `_deprecated_class()` comes with two new hooks: `deprecated_class_run` and `deprecated_class_trigger_error`.
Support has also been added for setting class deprecation expectations in tests.
Props jrf, wvega, ohryan.
See #41125.
git-svn-id: https://develop.svn.wordpress.org/trunk@56467 602fd350-edb4-49c9-b593-d223f7449a82
This changeset modifies how the `dashicons-external` icon is used in external links by editing its styles and adding a space between the text and the icon
for better accessibility.
Props SergeyBiryukov, afercia, isabel_brison, mukesh27, sabernhardt, oglekler, audrasjb.
Fixes#47303.
git-svn-id: https://develop.svn.wordpress.org/trunk@56211 602fd350-edb4-49c9-b593-d223f7449a82
It's expected that this query variable contains a string when it's set, but it's possible for its type to be something else such as an array. Ignoring non-string values prevents cascading errors when its value is passed through functions that expect a string.
Props xknown, costdev, jrf, azaozz
Fixes#57670
git-svn-id: https://develop.svn.wordpress.org/trunk@56115 602fd350-edb4-49c9-b593-d223f7449a82
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [55988], [56021].
See #58206.
git-svn-id: https://develop.svn.wordpress.org/trunk@56031 602fd350-edb4-49c9-b593-d223f7449a82
`str_starts_with()` and `str_ends_with()` were introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins or ends with the given substring (needle).
WordPress core includes a polyfill for these functions on PHP < 8.0 as of WordPress 5.9.
This commit uses `str_starts_with()` and `str_ends_with()` in core files where appropriate:
* `$needle === substr( $string, 0, $length )`, where `$length` is the length of `$needle`, is replaced with `str_starts_with( $haystack, $needle )`.
* `$needle === substr( $string, $offset )`, where `$offset` is negative and the absolute value of `$offset` is the length of `$needle`, is replaced with `str_ends_with( $haystack, $needle )`.
This aims to make the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987], [55988].
Props Soean, spacedmonkey, Clorith, ocean90, azaozz, sabernhardt, SergeyBiryukov.
Fixes#58220.
git-svn-id: https://develop.svn.wordpress.org/trunk@55990 602fd350-edb4-49c9-b593-d223f7449a82
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
git-svn-id: https://develop.svn.wordpress.org/trunk@55988 602fd350-edb4-49c9-b593-d223f7449a82
The intention behind this change is to prevent sensitive data in responses for logged in users being cached and available to others, for example via the browser history after the user logs out.
The `no-store` directive instructs caches in the browser or within proxies not to store the response in the cache. This is subtly different from the `no-cache` directive which means the response can be cached but must be revalidated before re-use. WordPress does not use ETag headers by default therefore this does not achieve the same result.
The `private` directive complements the `no-store` directive by specifying that the response contains private information that should not be stored in a public cache. Som
e proxy caches may ignore the `no-store` directive but respect the `private` directive, thus it is included.
The existing `Cache-Control` header for users who are not logged in remains unchanged, and the existing cache prevention directives remain in place for backwards compatib
ility.
Props soulseekah, luehrsen, Dharm1025, markdoliner, rutviksavsani, ayeshrajans, paulkevan, clorith, andy786, johnbillion
Fixes#21938, Fixes#57627
git-svn-id: https://develop.svn.wordpress.org/trunk@55968 602fd350-edb4-49c9-b593-d223f7449a82
Previously when the `mimes` element was not specified in the overrides array passed to `_wp_handle_upload()` it resulted in boolean false being passed to this parameter, which is incorrect. The fallback value should be `null`.
Props platonkristinin, pkbhatt
Fixes#58349
git-svn-id: https://develop.svn.wordpress.org/trunk@55872 602fd350-edb4-49c9-b593-d223f7449a82
Since cron events often consume extra memory by nature, it makes sense to give them the full amount available by default. In practice this means the memory will be increased to `WP_MAX_MEMORY_LIMIT` (which is 256MB by default) during cron event processing if the default memory limit is lower than this value.
The new `cron_memory_limit` filter can be used to adjust this value if necessary.
Note that this change will not by default affect external means of processing cron events, such as the `wp cron` command in WP-CLI, server-level crontab events, or any other cron event processing mechanism that bypasses `wp-cron.php`.
Props iandunn, thakkarhardik
Fixes#56628
git-svn-id: https://develop.svn.wordpress.org/trunk@55871 602fd350-edb4-49c9-b593-d223f7449a82
When using a block theme, `_wp_array_get()` is the most called function on the front end of a site.
This commit makes a few minor performance optimizations, which add up to a noticeable improvement.
Follow-up to [49135], [49143], [49580].
Props aristath, jrf, afercia, costdev, swissspidy, flixos90, spacedmonkey, mukesh27, samiamnot, SergeyBiryukov.
Fixes#58376.
git-svn-id: https://develop.svn.wordpress.org/trunk@55851 602fd350-edb4-49c9-b593-d223f7449a82
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
git-svn-id: https://develop.svn.wordpress.org/trunk@55703 602fd350-edb4-49c9-b593-d223f7449a82
Add a helper function called `wp_cache_set_last_changed` to set the last changed value for cache groups. This function has a new action called `wp_cache_set_last_changed`, allowing for developers to cache invalidate when last changed value is changed.
Props tillkruess, spacedmonkey, peterwilsoncc, mukesh27, johnjamesjacoby.
Fixes#57905.
git-svn-id: https://develop.svn.wordpress.org/trunk@55702 602fd350-edb4-49c9-b593-d223f7449a82
Per [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#writing-include-require-statements WordPress PHP coding standards], it is ''strongly recommended'' to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found.
Follow-up to [1674], [1812], [1964], [6779], [8540], [10521], [11005], [11911], [16065], [16149], [25421], [25466], [25823], [37714], [42981], [45448], [47198], [54276], [55633].
Props kausaralm, SergeyBiryukov.
See #57839.
git-svn-id: https://develop.svn.wordpress.org/trunk@55641 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduced a regression for partial-hour timezones such as +05:30 UTC which is India and Sri Lanka. How? These timezones are in float. The change made in [55054] type casted them to integer which dropped the decimal for the partial-hour, making the time inaccurate. For example, +05:30 UTC (India and Sri Lanka)'s `'gmt_offset'` is `5.5`, but with the changeset, it was changed to `5`.
Reverting the changeset restores the original state of `current_time()` and thus resolves the regression.
Props reputeinfosystems, Rarst, hellofromTonya, desrosj, audrasjb, sergeybiryukov, costdev, priethor, francina, nekojonez, codingchicken, cbringmann.
See #57035.
Fixes#57998.
git-svn-id: https://develop.svn.wordpress.org/trunk@55598 602fd350-edb4-49c9-b593-d223f7449a82
The parameter represents the cache group, not the cache key.
Follow-up to [19918].
Props johnjamesjacoby, spacedmonkey.
Fixes#40420.
git-svn-id: https://develop.svn.wordpress.org/trunk@55566 602fd350-edb4-49c9-b593-d223f7449a82
Includes:
* Capitalizing "ID" in a consistent way.
* Expanding the comment on not using `filter_var()`.
* Adding a `@covers` tag for the function in unit tests.
* Minor tweak to the `_doing_it_wrong()` message.
Follow-up to [53818], [55543].
See #57593.
git-svn-id: https://develop.svn.wordpress.org/trunk@55549 602fd350-edb4-49c9-b593-d223f7449a82
Sanitize the array of ids passed to the `_get_non_cached_ids` function and add a `_doing_it_wrong` call, if an invalid type is passed.
Props tillkruess, spacedmonkey, peterwilsoncc, flixos90, SergeyBiryukov.
Fixes#57593.
git-svn-id: https://develop.svn.wordpress.org/trunk@55543 602fd350-edb4-49c9-b593-d223f7449a82
The `wp_get_referer()` and `wp_get_original_referer()` functions both depend on `wp_validate_redirect()` and check whether it is defined by the time they run, but do so in a slightly different way.
This commit ensures both functions return early if they are called before `wp_validate_redirect()` is defined.
Follow-up to [3908], [25399], [25400].
See #57839.
git-svn-id: https://develop.svn.wordpress.org/trunk@55540 602fd350-edb4-49c9-b593-d223f7449a82
Save a call to wp_timezone in mysql2date by saving the timezone to a variable and pass it into wp_date function call.
Props spacedmonkey, costdev, SergeyBiryukov, audrasjb.
Fixes#57705.
git-svn-id: https://develop.svn.wordpress.org/trunk@55514 602fd350-edb4-49c9-b593-d223f7449a82
