This also removes the random compat library which is no longer necessary, and adjusts unit tests and CI workflows that no longer need to take PHP 5.6 into account.
Thank you for your service, PHP 5. Onwards!
Props SergeyBiryukov, mukesh27, dingo_d, audrasjb, jrf, costdev, azaozz, JavierCasares, hellofromTonya, samiamnot, spacedmonkey, masteradhoc, knutsp, garyjones, chanthaboune
Fixes#57345
git-svn-id: https://develop.svn.wordpress.org/trunk@56141 602fd350-edb4-49c9-b593-d223f7449a82
This resolves a WPCS error:
{{{
Use Yoda Condition checks, you must.
}}}
Follow-up to [56015], [56016].
See #58220.
git-svn-id: https://develop.svn.wordpress.org/trunk@56017 602fd350-edb4-49c9-b593-d223f7449a82
Prior to PHP 7.0, `substr( '', -0, 0 )` returns `false` instead of an empty string, so the strict comparison further in the function did not work as expected.
This commit addresses a test failure on PHP < 7.0, making the function consistently return `true` if both haystack and needle are an empty string.
Follow-up to [52040], [56014], [56015].
See #58220.
git-svn-id: https://develop.svn.wordpress.org/trunk@56016 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a warning on PHP < 7.2.18 if haystack is an empty string:
{{{
Warning: substr_compare(): The start position cannot exceed initial string length
}}}
Follow-up to [52040], [55158], [55990], [56014].
See #58220.
git-svn-id: https://develop.svn.wordpress.org/trunk@56015 602fd350-edb4-49c9-b593-d223f7449a82
This adjusts `str_contains()` code layout to have an early exit for an empty `$needle`, matching similar fragments in `str_starts_with()` and `str_ends_with()` for better readability.
Follow-up to [52039], [52040].
See #57839.
git-svn-id: https://develop.svn.wordpress.org/trunk@55726 602fd350-edb4-49c9-b593-d223f7449a82
Parameter names for PHP polyfills in WordPress core need to 100% match the native PHP parameter names. Otherwise using named parameters with those functions could cause fatal errors for installations where the polyfills kick in.
This commit adds inline comments instructing PHPCS to ignore parameters with reserved keywords in the affected functions that should not be renamed:
* `$string` parameter in `mb_substr()` and `mb_strlen()`
* `$array` parameter in `array_key_first()` and `array_key_last()`
This resolves a few WPCS warnings along the lines of:
{{{
It is recommended not to use reserved keyword "string" as function parameter name. Found: $string
}}}
Follow-up to [7140], [10707], [17603], [17621], [32114], [52038], [53365].
Props jrf.
See #56788, #56791.
git-svn-id: https://develop.svn.wordpress.org/trunk@55136 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that parameter names for PHP polyfills in WordPress core 100% match the native PHP parameter names. Otherwise using named parameters with those functions could cause fatal errors for installs where the polyfills kick in.
This commit:
* Renames the `$string` parameter to `$message` in `_()` polyfill.
* Renames the `$str` parameter to `$string` in `mb_substr()` and `mb_strlen()` polyfills.
* Renames the `$raw_output` parameter to `$binary` in `hash_hmac()` polyfill.
* Renames the `$a` and `$b` parameters to `$known_string` and `$user_string` in `hash_equals()` polyfill.
* Renames the `$var` parameter to `$value` in `is_countable()` and `is_iterable()` polyfills.
* Renames the `$arr` parameter to `$array` in `array_key_first()` and `array_key_last()` polyfills.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #55650.
git-svn-id: https://develop.svn.wordpress.org/trunk@53365 602fd350-edb4-49c9-b593-d223f7449a82
The `_mb_substr()` function expects a string for the `$str` parameter, but does not do input validation. This function contains a `preg_match_all()` which also expects a string type for the given subject (i.e. `$str`).
Passing `null` to this parameter results in `preg_match_all(): Passing null to parameter #2 ($subject) of type string is deprecated` notice on PHP 8.1.
To maintain the same behaviour as before, a guard clause is added to bail out early when `$str` is passed as `null`. The outcome will, in that case, only ever be an empty string.
Note: this does mean that the `_mb_substr()` function now has a subtle difference in behaviour compared to the PHP native `mb_substr()` function as the latter ''will'' throw the deprecation notice.
The existing tests already cover this issue.
Follow-up to [17621], [36017], [32364].
Props jrf, hellofromTonya.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51853 602fd350-edb4-49c9-b593-d223f7449a82
* Document that WebP constants are only defined in PHP 7.1+.
* Correct the `$filename` parameter type in `wp_get_webp_info()`.
* Use a consistent message when skipping tests due to the lack of WebP support.
* Remove unnecessary `else` branches after `markTestSkipped()`.
* Replace `assertEquals()` with more appropriate assertions.
Follow-up to [50810].
See #35725.
git-svn-id: https://develop.svn.wordpress.org/trunk@50814 602fd350-edb4-49c9-b593-d223f7449a82
Add support for uploading, editing and saving WebP images when supported by the server.
Add 'image/webp' to supported mime types. Correctly identify WebP images and sizes even when PHP doesn't support WebP. Resize uploaded WebP files (when supported) and use for front end markup.
Props markoheijne, blobfolio, Clorith, joemcgill, atjn, desrosj, spacedmonkey, marylauc, mikeschroder, hellofromtonya, flixos90.
Fixes#35725.
git-svn-id: https://develop.svn.wordpress.org/trunk@50810 602fd350-edb4-49c9-b593-d223f7449a82
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.
This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast
In part, this is a follow-up to #47746.
Props jrf.
See #50767.
git-svn-id: https://develop.svn.wordpress.org/trunk@49193 602fd350-edb4-49c9-b593-d223f7449a82
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.
Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.
Props alishanvr, jrf.
Fixes#50426.
git-svn-id: https://develop.svn.wordpress.org/trunk@48109 602fd350-edb4-49c9-b593-d223f7449a82
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.
Includes minor code layout fixes for better readability.
See #49542.
git-svn-id: https://develop.svn.wordpress.org/trunk@47550 602fd350-edb4-49c9-b593-d223f7449a82
The PHP native JSON extension has been bundled and compiled with PHP by default since version 5.2.0. Because the minimum version of PHP required by WordPress is now 5.6.20 (see #46594 and [45058]), JSON extension related polyfills and backwards compatibility code can now be removed.
This change removes the `json_last_error_msg()` and `JsonSerializable` polyfills included in WordPress for full JSON extension support in PHP < 5.6.
Follow up of [46205-46206].
See #47699.
Props jrf, Clorith, pento.
git-svn-id: https://develop.svn.wordpress.org/trunk@46208 602fd350-edb4-49c9-b593-d223f7449a82
The Hash extension cannot be disabled as of PHP 7.4. So, while we can't remove these polyfills yet, we can document when we'll be able to.
Props jrf.
Fixes#47698.
git-svn-id: https://develop.svn.wordpress.org/trunk@45638 602fd350-edb4-49c9-b593-d223f7449a82
As of PHP 5.3, the SPL extension cannot be disabled, so we no longer need this polyfill.
The file is kept with a `_deprecated_file()` call, to alert any plugins or themes that may be loading it directly.
Props jrf, ayeshrajans.
See #47698, #46630.
git-svn-id: https://develop.svn.wordpress.org/trunk@45637 602fd350-edb4-49c9-b593-d223f7449a82
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.
See #46732.
git-svn-id: https://develop.svn.wordpress.org/trunk@45611 602fd350-edb4-49c9-b593-d223f7449a82
This adds a pure PHP implementation of the cryptographic functions supported in PHP 7.2+. It provides the necessary backwards compatibility required to support signature verification and other security features going forward across all supported PHP versions.
Props paragoninitiativeenterprises
Fixes#45806. See #39309.
git-svn-id: https://develop.svn.wordpress.org/trunk@44953 602fd350-edb4-49c9-b593-d223f7449a82
WordPress' code just... wasn't.
This is now dealt with.
Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes#41057.
git-svn-id: https://develop.svn.wordpress.org/trunk@42343 602fd350-edb4-49c9-b593-d223f7449a82
The WPCS `WordPress.WhiteSpace.PrecisionAlignment` rule throws warnings for a bunch of code that will likely cause issues for `wpcbf`. Fixing these manually beforehand gives us better auto-fixed results later.
See #41057.
git-svn-id: https://develop.svn.wordpress.org/trunk@42228 602fd350-edb4-49c9-b593-d223f7449a82
The `__autoload()` function is deprecated in PHP 7.2, which means WordPress' own `__autoload()` compat function for PHP 5.2 needs to be moved into a separate file to prevent the PHP 7.2 compiler from complaining.
Props ayeshrajans
See #40109
git-svn-id: https://develop.svn.wordpress.org/trunk@41178 602fd350-edb4-49c9-b593-d223f7449a82
[37748] introduced `_wp_expand_nav_menu_post_data()` together with an `array_replace_recursive()` compatibility function for PHP 5.2.
Even though that compat function is tried and tested in other projects like BuddyPress, we need to add additional `isset()` checks in order to avoid 'Undefined index' notices in our case.
See #36590.
git-svn-id: https://develop.svn.wordpress.org/trunk@37750 602fd350-edb4-49c9-b593-d223f7449a82
[36510] allowed larger menus to be created in the Edit Menu screen by JSON-encoding the entire form into a single input field. However, it did not correctly handle nested arrays.
This introduces a new `_wp_expand_nav_menu_post_data()` helper function to handle this POST data which uses `array_replace_recursive()` internally. Since the latter is only available on PHP 5.3+, we add a compatibility function to ensure PHP 5.2 support.
Props ericlewis, neverything, swissspidy.
Fixes#36590 for trunk. See #14134.
git-svn-id: https://develop.svn.wordpress.org/trunk@37748 602fd350-edb4-49c9-b593-d223f7449a82
Replaces unsecure links in documentation and translator comments with their secure versions.
Props johnpgreen, netweb
Fixes#36993
git-svn-id: https://develop.svn.wordpress.org/trunk@37674 602fd350-edb4-49c9-b593-d223f7449a82
For PHP 5.2, SPL can be disabled. As SPL provides the support for multiple autoloaders, this needs to be shimmed if not available.
Fixes#36926.
git-svn-id: https://develop.svn.wordpress.org/trunk@37636 602fd350-edb4-49c9-b593-d223f7449a82
Both will be ignored from parsing as and serve as compat functions for PHP's `hash_hmac()`.
Introduced in [18111].
See #32246.
git-svn-id: https://develop.svn.wordpress.org/trunk@36021 602fd350-edb4-49c9-b593-d223f7449a82
Both will be ignored from parsing as and serve as compat functions for PHP's `mb_strlen()`, which is not enabled by default.
Introduced in [32114].
See #32246.
git-svn-id: https://develop.svn.wordpress.org/trunk@36019 602fd350-edb4-49c9-b593-d223f7449a82
Both will be ignored from parsing as and serve as compat functions for PHP's `mb_substr()`, which is not enabled by default.
Introduced in [17621].
See #32246.
git-svn-id: https://develop.svn.wordpress.org/trunk@36017 602fd350-edb4-49c9-b593-d223f7449a82
Before the docs implied the complexity of the function was O(1) by using the term "constant time", now we use the more descriptive term "Timing attack safe".
Props AramZS.
Fixes#32778.
git-svn-id: https://develop.svn.wordpress.org/trunk@35805 602fd350-edb4-49c9-b593-d223f7449a82
