If the file is included directly outside of WordPress core, `ABSPATH` may not be defined.
Follow-up to [53749], [53750], [53755].
See #56268, #55647.
git-svn-id: https://develop.svn.wordpress.org/trunk@53756 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a fatal error if the file is included directly outside of WordPress core, e.g. by HyperDB.
Additionally, replace `WPINC` with `wp-includes`, as the constant may not be defined yet in that context.
Follow-up to [53749], [53750].
See #56268, #55647.
git-svn-id: https://develop.svn.wordpress.org/trunk@53755 602fd350-edb4-49c9-b593-d223f7449a82
This renames the file containing the `wpdb` class to conform to the coding standards.
This commit also includes:
* A new `wp-db.php` that loads the new file, for anyone that may have been including the file directly.
* Replacing references to the old filename with the new filename.
Fixes#56268. See #55647.
git-svn-id: https://develop.svn.wordpress.org/trunk@53749 602fd350-edb4-49c9-b593-d223f7449a82
This removes an extra `foreach` loop and the only variable variable (`$$component`) in core.
Follow-up to [20088,28342,28736-28747], [41629], [41820], [42226], [53670].
Props johnjamesjacoby.
See #54877, #55647.
git-svn-id: https://develop.svn.wordpress.org/trunk@53671 602fd350-edb4-49c9-b593-d223f7449a82
Ensure the database port number is recorded as an integer or `null` (the default port) when parsing the database host.
This is to prevent PHP/MySQLi throwing an exception caused by ports represented as numeric strings.
Props audrasjb, azouamauriac, chaion07, costdev, johnjamesjacoby, jrf, sergeybiryukov.
Fixes#54877.
git-svn-id: https://develop.svn.wordpress.org/trunk@53670 602fd350-edb4-49c9-b593-d223f7449a82
Includes:
* Wrapping long single-line comments to multi-line for better readability.
* Formatting code blocks to display correctly on the Code Reference.
* Other minor edits for consistency.
This applies to:
* `wpdb::$allow_unsafe_unquoted_parameters`
* `wpdb::escape_identifier()`
* `wpdb::_escape_identifier_value()`
* `wpdb::prepare()`
* `wpdb::has_cap()`
Follow-up to [53575].
See #52506, #55646.
git-svn-id: https://develop.svn.wordpress.org/trunk@53584 602fd350-edb4-49c9-b593-d223f7449a82
WordPress does not currently provide an explicit method for escaping SQL table and column names. This leads to potential security vulnerabilities, and makes reviewing code for security unnecessarily difficult. Also, static analysis tools also flag the queries as having unescaped SQL input.
Tables and column names in queries are usually in-the-raw, since using the existing `%s` will straight quote the value, making the query invalid.
This change introduces a new `%i` placeholder in `$wpdb->prepare` to properly quote table and column names using backticks.
Props tellyworth, iandunn, craigfrancis, peterwilsoncc, johnbillion, apokalyptik.
Fixes#52506.
git-svn-id: https://develop.svn.wordpress.org/trunk@53575 602fd350-edb4-49c9-b593-d223f7449a82
When using multilingual websites, this string could end up with multiple different translations in the error log, making it less actionable.
Unlike errors displayed to the user, a general consensus for software is that errors in logs should always be in English. Since MySQL errors are also returned in English, this brings more consistency to the logs.
Follow-up to [6391], [8168], [19760].
Props malthert.
Fixes#53125.
git-svn-id: https://develop.svn.wordpress.org/trunk@53505 602fd350-edb4-49c9-b593-d223f7449a82
This changes updates many strings to remove self-references to an undefined "we" collective across the WordPress Administration.
The goal of this change is to better match the guidelines and recommendations set forth in the make/core handbook, specifically:
> the word "we" should be avoided (…) unless its made very clear which group is speaking.
Props johnbillion, shital-patel, audrasjb, marybaum, SergeyBiryukov, peterwilsoncc, johnjamesjacoby, kebbet, costdev, chaion07, davidbaumwald.
Fixes#46057.
git-svn-id: https://develop.svn.wordpress.org/trunk@53131 602fd350-edb4-49c9-b593-d223f7449a82
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.
Props Presskopp, socalchristina, aandrewdixon, francina, SergeyBiryukov, JeffPaul, audrasjb, hellofromTonya.
Fixes#38913.
See #39176.
git-svn-id: https://develop.svn.wordpress.org/trunk@52978 602fd350-edb4-49c9-b593-d223f7449a82
To prevent potential false negatives, set `$error` to `null` initially, so we can better tell if it was ever changed during the sanitization and be able to better react if an empty string is added to it.
Additionally, and mainly for the sake of the Settings API at this point, add error messages to some `WP_Error` objects returned from `wpdb` methods that were previously causing the issues here.
Follow-up to [32791].
Props iCaleb, audrasjb, hellofromTonya, SergeyBiryukov.
Fixes#53986.
git-svn-id: https://develop.svn.wordpress.org/trunk@52294 602fd350-edb4-49c9-b593-d223f7449a82
For consistency and simplification, replaces the `function_exists( '__' )` checks with `wp_load_translations_early()` to make sure i18n functions are available. This change removes the extra code introduced in [52176] for using non-translated error messages when `__()` is not available.
Improves the plural versions of the error messages.
For performance, when there are more than one problem field, uses `reset()` to populate the field in the error message.
Follow-up to [52176], [52195].
Props sergeybiryukov, hellofromTonya.
Fixes#32315.
git-svn-id: https://develop.svn.wordpress.org/trunk@52218 602fd350-edb4-49c9-b593-d223f7449a82
This avoids an `Undefined array key 0` PHP warning if no values are passed to the method besides the query string.
Follow-up to [41470].
Props mjaschen.
Fixes#54453.
git-svn-id: https://develop.svn.wordpress.org/trunk@52206 602fd350-edb4-49c9-b593-d223f7449a82
This follows the pattern used in other `wpdb` methods to make sure the i18n functions are available.
Follow-up to [29840].
Props nacin, johnbillion.
See #32315.
git-svn-id: https://develop.svn.wordpress.org/trunk@52195 602fd350-edb4-49c9-b593-d223f7449a82
Instead of silently failing when attempting to insert a value into a field, this commit saves the error in the `wpdb::$last_error` property.
Sets `last_error` with an error message if:
* `wpdb::query()` fails for invalid data
* `wpdb::process_fields()` fails to process the value(s) for the field(s) where the value could be too long or contain invalid data
Sets `last_query` if `wpdb::query()` fails for invalid data.
If `__()` is not available, uses non-translated error message to ensure the error is captured.
There is no change to wpdb aborting when an error occurs.
Adds tests.
Props dlt101, mnelson4, dd32, pento, hellofromTonya, davidbaumwald, sergeybiryukov, johnbillion, swissspidy, datainterlock, anandau14, anthonyeden, asif2bd, audrasjb, chaion07, dpegasusm, fpcsjames, galbaras, jdgrimes, justindocanto, kwisatz, liammitchell, lucasw89, lukecarbis, nettsite, nlpro, procodewp, psufan, richardfoley, skunkbad, travisnorthcutt, woodyhayday, zoiec.
Fixes#37267.
git-svn-id: https://develop.svn.wordpress.org/trunk@52176 602fd350-edb4-49c9-b593-d223f7449a82
This commit adds the `public` visibility keyword to each method which did not have an explicit visibility keyword.
Why `public`?
With no visibility previously declared, these methods are implicitly `public` and available for use. Changing them to anything else would be a backwards-compatibility break.
Props costdev, jrf.
See #54177.
git-svn-id: https://develop.svn.wordpress.org/trunk@51919 602fd350-edb4-49c9-b593-d223f7449a82
The PHP native `mysqli_real_escape_string()` function expects to be passed a string as the second parameter and this is not a nullable parameter.
Passing `null` to it will result in a `mysqli_real_escape_string(): Passing null to parameter #2 ($string) of type string is deprecated` notice on PHP 8.1.
Previously, an input type check was put in place to prevent fatal errors on PHP 8.0 when an array, object or resource was passed. Changeset [48980].
A `null` value was explicitly excluded from that check, even though a `null` value being passed would only ever result in an empty string anyway.
This commit changes the previous input type check to also bow out early for `null` values and to automatically return an empty string for those.
Refs:
- https://www.php.net/manual/en/mysqli.real-escape-string.php
- https://wiki.php.net/rfc/deprecate_null_to_scalar_internal_arg
Follow-up to [48980].
Props jrf, hellofromTonya.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51799 602fd350-edb4-49c9-b593-d223f7449a82
Prior to PHP 8.1, the default error handling mode was `MYSQLI_REPORT_OFF`. An error in the extension, database, query, or the database connection returned `false` and emitted a PHP warning:
{{{
$mysqli = new mysqli("localhost", "non-existing-user", "", "");
Warning: mysqli::__construct(): (HY000/2002): No connection could be made because the target machine actively refused it in ... on line ...
}}}
From PHP 8.1 and later, the default error mode is set to `MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT`. An error in the extension, database, query, or the database connection throws an exception:
{{{
$mysqli = new mysqli("localhost", "non-existing-user", "", "");
Fatal error: Uncaught mysqli_sql_exception: Connection refused in ...:...
}}}
WordPress has its own error reporting and gracefully handles the database errors by inspecting the error codes. Setting the MySQLi error reporting to off avoids fatal errors due to uncaught exceptions and maintains the current behavior.
References:
* [https://php.watch/versions/8.1/mysqli-error-mode PHP 8.1: MySQLi: Default error mode set to exceptions]
* [https://wiki.php.net/rfc/mysqli_default_errmode PHP RFC: Change Default mysqli Error Mode]
Props ayeshrajans, jrf.
Fixes#52825.
git-svn-id: https://develop.svn.wordpress.org/trunk@51582 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a deprecation notice on PHP 8.1 caused by passing `null` instead of a string to `ltrim()` in `wpdb::check_safe_collation()`, and maintains the current behaviour.
Follow-up to [30345], [32162], [33455].
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51396 602fd350-edb4-49c9-b593-d223f7449a82
Using `var` or only `static` to declare a class property is PHP 4 code.
This updates the codebase to use explicit visibility modifiers introduced in PHP 5.
Props jrf.
Fixes#51557. See #22234.
git-svn-id: https://develop.svn.wordpress.org/trunk@49184 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a fatal error on PHP 8 caused by passing an empty string to `mysqli_query()`, and maintains the current behaviour.
Follow-up to [48980], [48981].
See #50913, #50639.
git-svn-id: https://develop.svn.wordpress.org/trunk@49072 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a fatal error on PHP 8 caused by passing mismatched arguments to `vsprintf()`, and maintains the current behaviour.
Follow-up to [48979], [48980].
See #50913, #50639.
git-svn-id: https://develop.svn.wordpress.org/trunk@48981 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a fatal error on PHP 8 caused by passing a non-string value to ` mysqli_real_escape_string()`, and maintains the current behaviour.
See #50913, #50639.
git-svn-id: https://develop.svn.wordpress.org/trunk@48980 602fd350-edb4-49c9-b593-d223f7449a82
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
git-svn-id: https://develop.svn.wordpress.org/trunk@48115 602fd350-edb4-49c9-b593-d223f7449a82
For a number of years, most of the WordPress error messages have been prefixed with "Error:". However, these messages appear in a context where it's already clear an error occurred. Whether it's an error, a warning, or any other classification, that's not so relevant for users. The content of the message is the relevant part. The "Error:" prefix doesn't add great value while it does add unnecessary complexity for the message readability.
Also, revises some of these messages to improve clarity and removes HTML from translatable strings.
Props garrett-eclipse, ramiy, SergeyBiryukov, afercia, sabernhardt, quadthemes, audrasjb.
See #47003, #43037, #42945, #15887.
Fixes#47656.
git-svn-id: https://develop.svn.wordpress.org/trunk@48059 602fd350-edb4-49c9-b593-d223f7449a82
Restore some previous edits from [46696], [47060], [47122], [47230] that were accidentally reverted in [47740].
See #49572.
git-svn-id: https://develop.svn.wordpress.org/trunk@47749 602fd350-edb4-49c9-b593-d223f7449a82
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.
Includes minor code layout fixes for better readability.
See #49542.
git-svn-id: https://develop.svn.wordpress.org/trunk@47550 602fd350-edb4-49c9-b593-d223f7449a82
This complements `wpdb::db_version()`, which only returns a numeric version string and strips any additional information, e.g. vendor name.
Props clarinetlord, birgire, webaware, pento.
Fixes#40037. See #27703.
git-svn-id: https://develop.svn.wordpress.org/trunk@47451 602fd350-edb4-49c9-b593-d223f7449a82
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
git-svn-id: https://develop.svn.wordpress.org/trunk@47198 602fd350-edb4-49c9-b593-d223f7449a82
Starting with MySQL 5.7.5, the `ANSI` mode implies `ONLY_FULL_GROUP_BY`, which is already listed in `wpdb` as incompatible per [27072].
When `ANSI` is enabled on MySQL 5.7.5+, `ONLY_FULL_GROUP_BY` remains enabled even after being "unset" by `wpdb::set_sql_mode()`.
To prevent this, the `ANSI` mode should also be listed as incompatible. It is not enabled on default MySQL installations.
Props jnylen0.
Fixes#48377.
git-svn-id: https://develop.svn.wordpress.org/trunk@47171 602fd350-edb4-49c9-b593-d223f7449a82
Using all caps should be avoided for better readability and because screen readers may pronounce all-caps words as abbreviations.
Props afercia, ryokuhi, sabernhardt, garrett-eclipse.
See #47656, #43037, #42945.
git-svn-id: https://develop.svn.wordpress.org/trunk@47156 602fd350-edb4-49c9-b593-d223f7449a82
