sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language. 

“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.

git-svn-id: https://develop.svn.wordpress.org/trunk@48121 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jonathan Desrosiers 2020-06-22 17:24:34 +00:00
parent 9e3b322f8f
commit e26394bb2d
60 changed files with 423 additions and 281 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/js/_enqueues/admin/user-profile.js
View File

@ -220,7 +220,7 @@
return;
}
strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputBlacklist(), pass1 );
strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputDisallowedList(), pass1 );
switch ( strength ) {
case -1:

55
src/js/_enqueues/wp/password-strength-meter.js
View File

@ -22,16 +22,16 @@ window.wp = window.wp || {};
*
* @since 3.7.0
*
* @param {string} password1 The subject password.
* @param {Array} blacklist An array of words that will lower the entropy of
* the password.
* @param {string} password2 The password confirmation.
* @param {string} password1 The subject password.
* @param {Array} disallowedList An array of words that will lower the entropy of
* the password.
* @param {string} password2 The password confirmation.
*
* @return {number} The password strength score.
*/
meter : function( password1, blacklist, password2 ) {
if ( ! $.isArray( blacklist ) )
blacklist = [ blacklist.toString() ];
meter : function( password1, disallowedList, password2 ) {
if ( ! $.isArray( disallowedList ) )
disallowedList = [ disallowedList.toString() ];
if (password1 != password2 && password2 && password2.length > 0)
return 5;
@ -41,7 +41,7 @@ window.wp = window.wp || {};
return -1;
}
var result = zxcvbn( password1, blacklist );
var result = zxcvbn( password1, disallowedList );
return result.score;
},
@ -49,20 +49,43 @@ window.wp = window.wp || {};
* Builds an array of words that should be penalized.
*
* Certain words need to be penalized because it would lower the entropy of a
* password if they were used. The blacklist is based on user input fields such
* password if they were used. The disallowedList is based on user input fields such
* as username, first name, email etc.
*
* @since 3.7.0
* @deprecated 5.5.0 Use {@see 'userInputBlockList()'} instead.
*
* @return {string[]} The array of words to be blacklisted.
* @return {string[]} The array of words to be disallowed.
*/
userInputBlacklist : function() {
wp.deprecated( 'wp.passwordStrength.userInputBlacklist()', {
version: '5.5.0',
alternative: 'wp.passwordStrength.userInputDisallowedList()',
plugin: 'WordPress',
hint: wp.i18n.__( 'Please consider writing more inclusive code.' )
} );
return wp.passwordStrength.userInputDisallowedList();
},
/**
* Builds an array of words that should be penalized.
*
* Certain words need to be penalized because it would lower the entropy of a
* password if they were used. The disallowed list is based on user input fields such
* as username, first name, email etc.
*
* @since 5.5.0
*
* @return {string[]} The array of words to be disallowed.
*/
userInputDisallowedList : function() {
var i, userInputFieldsLength, rawValuesLength, currentField,
rawValues = [],
blacklist = [],
disallowedList = [],
userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
// Collect all the strings we want to blacklist.
// Collect all the strings we want to disallow.
rawValues.push( document.title );
rawValues.push( document.URL );
@ -85,7 +108,7 @@ window.wp = window.wp || {};
rawValuesLength = rawValues.length;
for ( i = 0; i < rawValuesLength; i++ ) {
if ( rawValues[ i ] ) {
blacklist = blacklist.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
disallowedList = disallowedList.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
}
}
@ -93,15 +116,15 @@ window.wp = window.wp || {};
* Remove empty values, short words and duplicates. Short words are likely to
* cause many false positives.
*/
blacklist = $.grep( blacklist, function( value, key ) {
disallowedList = $.grep( disallowedList, function( value, key ) {
if ( '' === value || 4 > value.length ) {
return false;
}
return $.inArray( value, blacklist ) === key;
return $.inArray( value, disallowedList ) === key;
});
return blacklist;
return disallowedList;
}
};

2
src/wp-admin/includes/admin-filters.php
View File

@ -74,7 +74,7 @@ add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' );
add_action( 'admin_head-nav-menus.php', '_wp_delete_orphaned_draft_menu_items' );
// Plugin hooks.
add_filter( 'whitelist_options', 'option_update_filter' );
add_filter( 'allowed_options', 'option_update_filter' );
// Plugin Install hooks.
add_action( 'install_plugins_featured', 'install_dashboard' );

4
src/wp-admin/includes/class-wp-plugins-list-table.php
View File

@ -47,10 +47,10 @@ class WP_Plugins_List_Table extends WP_List_Table {
)
);
$status_whitelist = array( 'active', 'inactive', 'recently_activated', 'upgrade', 'mustuse', 'dropins', 'search', 'paused', 'auto-update-enabled', 'auto-update-disabled' );
$allowed_statuses = array( 'active', 'inactive', 'recently_activated', 'upgrade', 'mustuse', 'dropins', 'search', 'paused', 'auto-update-enabled', 'auto-update-disabled' );
$status = 'all';
if ( isset( $_REQUEST['plugin_status'] ) && in_array( $_REQUEST['plugin_status'], $status_whitelist, true ) ) {
if ( isset( $_REQUEST['plugin_status'] ) && in_array( $_REQUEST['plugin_status'], $allowed_statuses, true ) ) {
$status = $_REQUEST['plugin_status'];
}

9
src/wp-admin/includes/class-wp-site-health.php
View File

@ -1776,8 +1776,9 @@ class WP_Site_Health {
/**
* Test if HTTP requests are blocked.
*
* It's possible to block all outgoing communication (with the possibility of whitelisting hosts) via the
* HTTP API. This may create problems for users as many features are running as services these days.
* It's possible to block all outgoing communication (with the possibility of allowing certain
* hosts) via the HTTP API. This may create problems for users as many features are running as
* services these days.
*
* @since 5.2.0
*
@ -1833,8 +1834,8 @@ class WP_Site_Health {
$result['description'] .= sprintf(
'<p>%s</p>',
sprintf(
/* translators: 1: Name of the constant used. 2: List of hostnames whitelisted. */
__( 'HTTP requests have been blocked by the %1$s constant, with some hosts whitelisted: %2$s.' ),
/* translators: 1: Name of the constant used. 2: List of allowed hostnames. */
__( 'HTTP requests have been blocked by the %1$s constant, with some allowed hosts: %2$s.' ),
'<code>WP_HTTP_BLOCK_EXTERNAL</code>',
implode( ',', $hosts )
)

6
src/wp-admin/includes/deprecated.php
View File

@ -159,8 +159,8 @@ function wp_dropdown_cats( $currentcat = 0, $currentparent = 0, $parent = 0, $le
* @deprecated 3.0.0 Use register_setting()
* @see register_setting()
*
* @param string $option_group A settings group name. Should correspond to a whitelisted option key name.
* Default whitelisted option key names include 'general', 'discussion', 'media',
* @param string $option_group A settings group name. Should correspond to an allowed option key name.
* Default allowed option key names include 'general', 'discussion', 'media',
* 'reading', 'writing', 'misc', 'options', and 'privacy'.
* @param string $option_name The name of an option to sanitize and save.
* @param callable $sanitize_callback A callback function that sanitizes the option's value.
@ -1530,7 +1530,7 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Data_Export_Reque
$args['screen'] = 'export-personal-data';
}
parent::__construct( $args );
parent::__construct( $args );
}
}

50
src/wp-admin/includes/plugin.php
View File

@ -2136,12 +2136,12 @@ function user_can_access_admin_page() {
return true;
}
/* Whitelist functions */
/* Allowed list functions */
/**
* Refreshes the value of the options whitelist available via the 'whitelist_options' hook.
* Refreshes the value of the allowed options list available via the 'allowed_options' hook.
*
* See the {@see 'whitelist_options'} filter.
* See the {@see 'allowed_options'} filter.
*
* @since 2.7.0
*
@ -2154,77 +2154,77 @@ function option_update_filter( $options ) {
global $new_whitelist_options;
if ( is_array( $new_whitelist_options ) ) {
$options = add_option_whitelist( $new_whitelist_options, $options );
$options = add_option_allowed_list( $new_whitelist_options, $options );
}
return $options;
}
/**
* Adds an array of options to the options whitelist.
* Adds an array of options to the list of allowed options.
*
* @since 2.7.0
*
* @global array $whitelist_options
* @global array $allowed_options
*
* @param array $new_options
* @param string|array $options
* @return array
*/
function add_option_whitelist( $new_options, $options = '' ) {
function add_option_allowed_list( $new_options, $options = '' ) {
if ( '' === $options ) {
global $whitelist_options;
global $allowed_options;
} else {
$whitelist_options = $options;
$allowed_options = $options;
}
foreach ( $new_options as $page => $keys ) {
foreach ( $keys as $key ) {
if ( ! isset( $whitelist_options[ $page ] ) || ! is_array( $whitelist_options[ $page ] ) ) {
$whitelist_options[ $page ] = array();
$whitelist_options[ $page ][] = $key;
if ( ! isset( $allowed_options[ $page ] ) || ! is_array( $allowed_options[ $page ] ) ) {
$allowed_options[ $page ] = array();
$allowed_options[ $page ][] = $key;
} else {
$pos = array_search( $key, $whitelist_options[ $page ], true );
$pos = array_search( $key, $allowed_options[ $page ], true );
if ( false === $pos ) {
$whitelist_options[ $page ][] = $key;
$allowed_options[ $page ][] = $key;
}
}
}
}
return $whitelist_options;
return $allowed_options;
}
/**
* Removes a list of options from the options whitelist.
* Removes a list of options from the allowed options list.
*
* @since 2.7.0
* @since 5.5.0
*
* @global array $whitelist_options
* @global array $allowed_options
*
* @param array $del_options
* @param string|array $options
* @return array
*/
function remove_option_whitelist( $del_options, $options = '' ) {
function remove_option_allowed_list( $del_options, $options = '' ) {
if ( '' === $options ) {
global $whitelist_options;
global $allowed_options;
} else {
$whitelist_options = $options;
$allowed_options = $options;
}
foreach ( $del_options as $page => $keys ) {
foreach ( $keys as $key ) {
if ( isset( $whitelist_options[ $page ] ) && is_array( $whitelist_options[ $page ] ) ) {
$pos = array_search( $key, $whitelist_options[ $page ], true );
if ( isset( $allowed_options[ $page ] ) && is_array( $allowed_options[ $page ] ) ) {
$pos = array_search( $key, $allowed_options[ $page ], true );
if ( false !== $pos ) {
unset( $whitelist_options[ $page ][ $pos ] );
unset( $allowed_options[ $page ][ $pos ] );
}
}
}
}
return $whitelist_options;
return $allowed_options;
}
/**

2
src/wp-admin/includes/post.php
View File

@ -2234,7 +2234,7 @@ function get_block_categories( $post ) {
function get_block_editor_server_block_settings() {
$block_registry = WP_Block_Type_Registry::get_instance();
$blocks = array();
$fields_to_pick = array(
$fields_to_pick = array(
'title' => 'title',
'description' => 'description',
'icon' => 'icon',

10
src/wp-admin/includes/schema.php
View File

@ -446,8 +446,6 @@ function populate_options( array $options = array() ) {
'recently_edited' => '',
'template' => $template,
'stylesheet' => $stylesheet,
'comment_whitelist' => 1,
'blacklist_keys' => '',
'comment_registration' => 0,
'html_type' => 'text/html',
@ -532,6 +530,10 @@ function populate_options( array $options = array() ) {
// 5.3.0
'admin_email_lifespan' => ( time() + 6 * MONTH_IN_SECONDS ),
// 5.5.0
'blocklist_keys' => '',
'comment_previously_approved' => 1,
);
// 3.3.0
@ -550,7 +552,7 @@ function populate_options( array $options = array() ) {
$options = wp_parse_args( $options, $defaults );
// Set autoload to no for these options.
$fat_options = array( 'moderation_keys', 'recently_edited', 'blacklist_keys', 'uninstall_plugins' );
$fat_options = array( 'moderation_keys', 'recently_edited', 'blocklist_keys', 'uninstall_plugins' );
$keys = "'" . implode( "', '", array_keys( $options ) ) . "'";
$existing_options = $wpdb->get_col( "SELECT option_name FROM $wpdb->options WHERE option_name in ( $keys )" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
@ -1140,7 +1142,7 @@ function populate_network_meta( $network_id, array $meta = array() ) {
$allowed_themes[ WP_DEFAULT_THEME ] = true;
}
// If WP_DEFAULT_THEME doesn't exist, also whitelist the latest core default theme.
// If WP_DEFAULT_THEME doesn't exist, also include the latest core default theme.
if ( ! wp_get_theme( WP_DEFAULT_THEME )->exists() ) {
$core_default = WP_Theme::get_core_default_theme();
if ( $core_default ) {

11
src/wp-admin/includes/upgrade.php
View File

@ -835,7 +835,7 @@ function upgrade_all() {
upgrade_530();
}
if ( $wp_current_db_version < 47597 ) {
if ( $wp_current_db_version < 48082 ) {
upgrade_550();
}
@ -2168,6 +2168,15 @@ function upgrade_530() {
function upgrade_550() {
update_option( 'finished_updating_comment_type', 0 );
wp_schedule_single_event( time() + ( 1 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' );
// Use more clear and inclusive language.
$blocklist = get_option( 'blacklist_keys', '' );
update_option( 'blocklist_keys', $blocklist );
delete_option( 'blacklist_keys' );
$comment_previously_approved = get_option( 'comment_whitelist', '' );
update_option( 'comment_previously_approved', $comment_previously_approved );
delete_option( 'comment_whitelist' );
}
/**

6
src/wp-admin/options-discussion.php
View File

@ -181,7 +181,7 @@ printf( __( 'Comments should be displayed with the %s comments at the top of eac
<input name="comment_moderation" type="checkbox" id="comment_moderation" value="1" <?php checked( '1', get_option( 'comment_moderation' ) ); ?> />
<?php _e( 'Comment must be manually approved' ); ?> </label>
<br />
<label for="comment_whitelist"><input type="checkbox" name="comment_whitelist" id="comment_whitelist" value="1" <?php checked( '1', get_option( 'comment_whitelist' ) ); ?> /> <?php _e( 'Comment author must have a previously approved comment' ); ?></label>
<label for="comment_previously_approved"><input type="checkbox" name="comment_previously_approved" id="comment_previously_approved" value="1" <?php checked( '1', get_option( 'comment_previously_approved' ) ); ?> /> <?php _e( 'Comment author must have a previously approved comment' ); ?></label>
</fieldset></td>
</tr>
<tr>
@ -206,9 +206,9 @@ printf(
<tr>
<th scope="row"><?php _e( 'Comment Blocklist' ); ?></th>
<td><fieldset><legend class="screen-reader-text"><span><?php _e( 'Comment Blocklist' ); ?></span></legend>
<p><label for="blacklist_keys"><?php _e( 'When a comment contains any of these words in its content, author name, URL, email, IP address, or browser&#8217;s user agent string, it will be put in the Trash. One word or IP address per line. It will match inside words, so &#8220;press&#8221; will match &#8220;WordPress&#8221;.' ); ?></label></p>
<p><label for="blocklist_keys"><?php _e( 'When a comment contains any of these words in its content, author name, URL, email, IP address, or browser&#8217;s user agent string, it will be put in the Trash. One word or IP address per line. It will match inside words, so &#8220;press&#8221; will match &#8220;WordPress&#8221;.' ); ?></label></p>
<p>
<textarea name="blacklist_keys" rows="10" cols="50" id="blacklist_keys" class="large-text code"><?php echo esc_textarea( get_option( 'blacklist_keys' ) ); ?></textarea>
<textarea name="blocklist_keys" rows="10" cols="50" id="blocklist_keys" class="large-text code"><?php echo esc_textarea( get_option( 'blocklist_keys' ) ); ?></textarea>
</p>
</fieldset></td>
</tr>

60
src/wp-admin/options.php
View File

@ -80,7 +80,7 @@ if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update
);
}
$whitelist_options = array(
$allowed_options = array(
'general' => array(
'blogname',
'blogdescription',
@ -100,10 +100,10 @@ $whitelist_options = array(
'moderation_notify',
'comment_moderation',
'require_name_email',
'comment_whitelist',
'comment_previously_approved',
'comment_max_links',
'moderation_keys',
'blacklist_keys',
'blocklist_keys',
'show_avatars',
'avatar_rating',
'avatar_default',
@ -146,36 +146,36 @@ $whitelist_options = array(
'default_post_format',
),
);
$whitelist_options['misc'] = array();
$whitelist_options['options'] = array();
$whitelist_options['privacy'] = array();
$allowed_options['misc'] = array();
$allowed_options['options'] = array();
$allowed_options['privacy'] = array();
$mail_options = array( 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass' );
if ( ! in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ), true ) ) {
$whitelist_options['reading'][] = 'blog_charset';
$allowed_options['reading'][] = 'blog_charset';
}
if ( get_site_option( 'initial_db_version' ) < 32453 ) {
$whitelist_options['writing'][] = 'use_smilies';
$whitelist_options['writing'][] = 'use_balanceTags';
$allowed_options['writing'][] = 'use_smilies';
$allowed_options['writing'][] = 'use_balanceTags';
}
if ( ! is_multisite() ) {
if ( ! defined( 'WP_SITEURL' ) ) {
$whitelist_options['general'][] = 'siteurl';
$allowed_options['general'][] = 'siteurl';
}
if ( ! defined( 'WP_HOME' ) ) {
$whitelist_options['general'][] = 'home';
$allowed_options['general'][] = 'home';
}
$whitelist_options['general'][] = 'users_can_register';
$whitelist_options['general'][] = 'default_role';
$allowed_options['general'][] = 'users_can_register';
$allowed_options['general'][] = 'default_role';
$whitelist_options['writing'] = array_merge( $whitelist_options['writing'], $mail_options );
$whitelist_options['writing'][] = 'ping_sites';
$allowed_options['writing'] = array_merge( $allowed_options['writing'], $mail_options );
$allowed_options['writing'][] = 'ping_sites';
$whitelist_options['media'][] = 'uploads_use_yearmonth_folders';
$allowed_options['media'][] = 'uploads_use_yearmonth_folders';
/*
* If upload_url_path is not the default (empty),
@ -183,8 +183,8 @@ if ( ! is_multisite() ) {
* they can be edited, otherwise they're locked.
*/
if ( get_option( 'upload_url_path' ) || ( get_option( 'upload_path' ) != 'wp-content/uploads' && get_option( 'upload_path' ) ) ) {
$whitelist_options['media'][] = 'upload_path';
$whitelist_options['media'][] = 'upload_url_path';
$allowed_options['media'][] = 'upload_path';
$allowed_options['media'][] = 'upload_url_path';
}
} else {
/**
@ -195,18 +195,28 @@ if ( ! is_multisite() ) {
* @param bool $enabled Whether post-by-email configuration is enabled. Default true.
*/
if ( apply_filters( 'enable_post_by_email_configuration', true ) ) {
$whitelist_options['writing'] = array_merge( $whitelist_options['writing'], $mail_options );
$allowed_options['writing'] = array_merge( $allowed_options['writing'], $mail_options );
}
}
/**
* Filters the options whitelist.
* Filters the allowed options list.
*
* @since 2.7.0
* @deprecated 5.5.0 Use {@see 'allowed_options'} instead.
*
* @param array $whitelist_options The options whitelist.
* @param array $allowed_options The allowed options list.
*/
$whitelist_options = apply_filters( 'whitelist_options', $whitelist_options );
$allowed_options = apply_filters_deprecated( 'whitelist_options', array( $allowed_options ), '5.5.0', 'apply_filters_deprecated', __( 'Please consider writing more inclusive code.' ) );
/**
* Filters the allowed options list.
*
* @since 5.5.0
*
* @param array $allowed_options The allowed options list.
*/
$allowed_options = apply_filters( 'allowed_options', $allowed_options );
if ( 'update' === $action ) { // We are saving settings sent from a settings page.
if ( 'options' === $option_page && ! isset( $_POST['option_page'] ) ) { // This is for back compat and will eventually be removed.
@ -217,11 +227,11 @@ if ( 'update' === $action ) { // We are saving settings sent from a settings pag
check_admin_referer( $option_page . '-options' );
}
if ( ! isset( $whitelist_options[ $option_page ] ) ) {
if ( ! isset( $allowed_options[ $option_page ] ) ) {
wp_die(
sprintf(
/* translators: %s: The options page name. */
__( '<strong>Error</strong>: Options page %s not found in the options whitelist.' ),
__( '<strong>Error</strong>: Options page %s not found in the allowed options list.' ),
'<code>' . esc_html( $option_page ) . '</code>'
)
);
@ -233,7 +243,7 @@ if ( 'update' === $action ) { // We are saving settings sent from a settings pag
}
$options = explode( ',', wp_unslash( $_POST['page_options'] ) );
} else {
$options = $whitelist_options[ $option_page ];
$options = $allowed_options[ $option_page ];
}
if ( 'general' === $option_page ) {

2
src/wp-content/themes/twentyfourteen/inc/featured-content.php
View File

@ -233,7 +233,7 @@ class Featured_Content {
return;
}
// We need to respect post IDs already in the blacklist.
// We need to respect post IDs already in the exclude list.
$post__not_in = $query->get( 'post__not_in' );
if ( ! empty( $post__not_in ) ) {

1
src/wp-content/themes/twentynineteen/package.json
View File

@ -20,7 +20,6 @@
"options": {
"autoRename": false,
"autoRenameStrict": false,
"blacklist": {},
"clean": true,
"greedy": false,
"processUrls": false,

1
src/wp-content/themes/twentytwenty/package.json
View File

@ -33,7 +33,6 @@
"options": {
"autoRename": false,
"autoRenameStrict": false,
"blacklist": {},
"clean": true,
"greedy": false,
"processUrls": false,

4
src/wp-includes/Requests/SSL.php
View File

@ -125,7 +125,7 @@ class Requests_SSL {
* @return boolean Does the domain match?
*/
public static function match_domain($host, $reference) {
// Check if the reference is blacklisted first
// Check if the reference is blocklisted first
if (self::verify_reference_name($reference) !== true) {
return false;
}
@ -149,4 +149,4 @@ class Requests_SSL {
return false;
}
}
}

2
src/wp-includes/class-wp-customize-widgets.php
View File

@ -1684,7 +1684,7 @@ final class WP_Customize_Widgets {
* List of the tag names seen for before_widget strings.
*
* This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the
* data-* attributes can be whitelisted.
* data-* attributes can be allowed.
*
* @since 4.5.0
* @var array

8
src/wp-includes/class-wp-date-query.php
View File

@ -462,10 +462,10 @@ class WP_Date_Query {
/**
* Validates a column name parameter.
*
* Column names without a table prefix (like 'post_date') are checked against a whitelist of
* known tables, and then, if found, have a table prefix (such as 'wp_posts.') prepended.
* Prefixed column names (such as 'wp_posts.post_date') bypass this whitelist check,
* and are only sanitized to remove illegal characters.
* Column names without a table prefix (like 'post_date') are checked against a list of
* allowed and known tables, and then, if found, have a table prefix (such as 'wp_posts.')
* prepended. Prefixed column names (such as 'wp_posts.post_date') bypass this allowed
* check, and are only sanitized to remove illegal characters.
*
* @since 3.7.0
*

4
src/wp-includes/class-wp-image-editor-imagick.php
View File

@ -305,8 +305,8 @@ class WP_Image_Editor_Imagick extends WP_Image_Editor {
);
/**
* Set the filter value if '$filter_name' name is in our whitelist and the related
* Imagick constant is defined or fall back to our default filter.
* Set the filter value if '$filter_name' name is in the allowed list and the related
* Imagick constant is defined or fall back to the default filter.
*/
if ( in_array( $filter_name, $allowed_filters, true ) && defined( 'Imagick::' . $filter_name ) ) {
$filter = constant( 'Imagick::' . $filter_name );

2
src/wp-includes/class-wp-oembed-controller.php
View File

@ -94,7 +94,7 @@ final class WP_oEmbed_Controller {
'sanitize_callback' => 'absint',
),
'discover' => array(
'description' => __( 'Whether to perform an oEmbed discovery request for non-whitelisted providers.' ),
'description' => __( 'Whether to perform an oEmbed discovery request for unsanctioned providers.' ),
'type' => 'boolean',
'default' => true,
),

4
src/wp-includes/class-wp-oembed.php
View File

@ -131,10 +131,10 @@ class WP_oEmbed {
self::$early_providers = array();
/**
* Filters the list of whitelisted oEmbed providers.
* Filters the list of sanctioned oEmbed providers.
*
* Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized
* iframes. The providers in this list are whitelisted, meaning they are trusted and allowed to
* iframes. The providers in this list are sanctioned, meaning they are trusted and allowed to
* embed any content, such as iframes, videos, JavaScript, and arbitrary HTML.
*
* Supported providers:

4
src/wp-includes/class-wp.php
View File

@ -275,7 +275,7 @@ class WP {
}
/**
* Filters the query variables whitelist before processing.
* Filters the query variables allowed before processing.
*
* Allows (publicly allowed) query vars to be added, removed, or changed prior
* to executing the query. Needed to allow custom rewrite rules using your own arguments
@ -283,7 +283,7 @@ class WP {
*
* @since 1.5.0
*
* @param string[] $public_query_vars The array of whitelisted query variable names.
* @param string[] $public_query_vars The array of allowed query variable names.
*/
$this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars );

41
src/wp-includes/comment.php
View File

@ -10,15 +10,15 @@
* Check whether a comment passes internal checks to be allowed to add.
*
* If manual comment moderation is set in the administration, then all checks,
* regardless of their type and whitelist, will fail and the function will
* regardless of their type and substance, will fail and the function will
* return false.
*
* If the number of links exceeds the amount in the administration, then the
* check fails. If any of the parameter contents match the blacklist of words,
* check fails. If any of the parameter contents contain any disallowed words,
* then the check fails.
*
* If the comment author was approved before, then the comment is automatically
* whitelisted.
* approved.
*
* If all checks pass, the function will return true.
*
@ -126,7 +126,7 @@ function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent,
* as well as whether there are any moderation keywords (if set) present in the author
* email address. If both checks pass, return true. Otherwise, return false.
*/
if ( 1 == get_option( 'comment_whitelist' ) ) {
if ( 1 == get_option( 'comment_previously_approved' ) ) {
if ( 'trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email ) {
$comment_user = get_user_by( 'email', wp_unslash( $email ) );
if ( ! empty( $comment_user->ID ) ) {
@ -815,7 +815,7 @@ function wp_allow_comment( $commentdata, $avoid_die = false ) {
$approved = 0;
}
if ( wp_blacklist_check(
if ( wp_blocklist_check(
$commentdata['comment_author'],
$commentdata['comment_author_email'],
$commentdata['comment_author_url'],
@ -1262,9 +1262,9 @@ function wp_check_comment_data_max_lengths( $comment_data ) {
}
/**
* Does comment contain blacklisted characters or words.
* Checks if a comment contains disallowed characters or words.
*
* @since 1.5.0
* @since 5.5.0
*
* @param string $author The author of the comment
* @param string $email The email of the comment
@ -1272,13 +1272,14 @@ function wp_check_comment_data_max_lengths( $comment_data ) {
* @param string $comment The comment content
* @param string $user_ip The comment author's IP address
* @param string $user_agent The author's browser user agent
* @return bool True if comment contains blacklisted content, false if comment does not
* @return bool True if comment contains disallowed content, false if comment does not
*/
function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
function wp_blocklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
/**
* Fires before the comment is tested for blacklisted characters or words.
* Fires before the comment is tested for disallowed characters or words.
*
* @since 1.5.0
* @deprecated 5.5.0 Use {@see 'wp_blocklist_check'} instead.
*
* @param string $author Comment author.
* @param string $email Comment author's email.
@ -1287,14 +1288,28 @@ function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_ag
* @param string $user_ip Comment author's IP address.
* @param string $user_agent Comment author's browser user agent.
*/
do_action( 'wp_blacklist_check', $author, $email, $url, $comment, $user_ip, $user_agent );
do_action_deprecated( 'wp_blacklist_check', array( $author, $email, $url, $comment, $user_ip, $user_agent ), '5.5.0', 'wp_blocklist_check', __( 'Please consider writing more inclusive code.' ) );
$mod_keys = trim( get_option( 'blacklist_keys' ) );
/**
* Fires before the comment is tested for disallowed characters or words.
*
* @since 5.5.0
*
* @param string $author Comment author.
* @param string $email Comment author's email.
* @param string $url Comment author's URL.
* @param string $comment Comment content.
* @param string $user_ip Comment author's IP address.
* @param string $user_agent Comment author's browser user agent.
*/
do_action( 'wp_blocklist_check', $author, $email, $url, $comment, $user_ip, $user_agent );
$mod_keys = trim( get_option( 'blocklist_keys' ) );
if ( '' === $mod_keys ) {
return false; // If moderation keys are empty.
}
// Ensure HTML tags are not being used to bypass the blacklist.
// Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
$comment_without_html = wp_strip_all_tags( $comment );
$words = explode( "\n", $mod_keys );

2
src/wp-includes/default-filters.php
View File

@ -96,7 +96,7 @@ add_filter( 'pre_post_mime_type', 'sanitize_mime_type' );
add_filter( 'post_mime_type', 'sanitize_mime_type' );
// Meta.
add_filter( 'register_meta_args', '_wp_register_meta_args_whitelist', 10, 2 );
add_filter( 'register_meta_args', '_wp_register_meta_args_allowed_list', 10, 2 );
// Post meta.
add_action( 'added_post_meta', 'wp_cache_set_posts_last_changed' );

80
src/wp-includes/deprecated.php
View File

@ -3995,3 +3995,83 @@ function wp_unregister_GLOBALS() { // phpcs:ignore WordPress.NamingConventions.
// register_globals was deprecated in PHP 5.3 and removed entirely in PHP 5.4.
_deprecated_function( __FUNCTION__, '5.5.0' );
}
/**
* Does comment contain disallowed characters or words.
*
* @since 1.5.0
* @deprecated 5.5.0 Use wp_blocklist_check() instead.
* Please consider writing more inclusive code.
*
* @param string $author The author of the comment
* @param string $email The email of the comment
* @param string $url The url used in the comment
* @param string $comment The comment content
* @param string $user_ip The comment author's IP address
* @param string $user_agent The author's browser user agent
* @return bool True if comment contains disallowed content, false if comment does not
*/
function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
_deprecated_function( __FUNCTION__, '5.5.0', 'wp_blocklist_check()' );
return wp_blocklist_check( $author, $email, $url, $comment, $user_ip, $user_agent );
}
/**
* Filters out `register_meta()` args based on an allowed list.
*
* `register_meta()` args may change over time, so requiring the allowed list
* to be explicitly turned off is a warranty seal of sorts.
*
* @access private
* @since 4.6.0
* @deprecated 5.5.0 Use _wp_register_meta_args_allowed_list() instead.
* Please consider writing more inclusive code.
*
* @param array $args Arguments from `register_meta()`.
* @param array $default_args Default arguments for `register_meta()`.
* @return array Filtered arguments.
*/
function _wp_register_meta_args_whitelist( $args, $default_args ) {
_deprecated_function( __FUNCTION__, '5.5.0', '_wp_register_meta_args_allowed_list()' );
return _wp_register_meta_args_allowed_list( $args, $default_args );
}
/**
* Adds an array of options to the list of allowed options.
*
* @since 2.7.0
* @deprecated 5.5.0 Use add_option_allowed_list() instead.
* Please consider writing more inclusive code.
*
* @global array $allowed_options
*
* @param array $new_options
* @param string|array $options
* @return array
*/
function add_option_whitelist( $new_options, $options = '' ) {
_deprecated_function( __FUNCTION__, '5.5.0', 'add_option_allowed_list()' );
return add_option_allowed_list( $new_options, $options );
}
/**
* Removes a list of options from the allowed options list.
*
* @since 2.7.0
* @deprecated 5.5.0 Use remove_option_allowed_list() instead.
* Please consider writing more inclusive code.
*
* @global array $allowed_options
*
* @param array $del_options
* @param string|array $options
* @return array
*/
function remove_option_whitelist( $del_options, $options = '' ) {
_deprecated_function( __FUNCTION__, '5.5.0', 'remove_option_allowed_list()' );
return remove_option_allowed_list( $del_options, $options );
}

4
src/wp-includes/formatting.php
View File

@ -2048,7 +2048,7 @@ function sanitize_file_name( $filename ) {
/*
* Loop over any intermediate extensions. Postfix them with a trailing underscore
* if they are a 2 - 5 character long alpha string not in the extension whitelist.
* if they are a 2 - 5 character long alpha string not in the allowed extension list.
*/
foreach ( (array) $parts as $part ) {
$filename .= '.' . $part;
@ -4852,7 +4852,7 @@ function sanitize_option( $option, $value ) {
break;
case 'moderation_keys':
case 'blacklist_keys':
case 'blocklist_keys':
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
if ( is_wp_error( $value ) ) {
$error = $value->get_error_message();

5
src/wp-includes/http.php
View File

@ -593,7 +593,7 @@ function wp_http_validate_url( $url ) {
}
/**
* Whitelists allowed redirect hosts for safe HTTP requests as well.
* Mark allowed redirect hosts safe for HTTP requests as well.
*
* Attached to the {@see 'http_request_host_is_external'} filter.
*
@ -611,7 +611,8 @@ function allowed_http_request_hosts( $is_external, $host ) {
}
/**
* Whitelists any domain in a multisite installation for safe HTTP requests.
* Adds any domain in a multisite installation for safe HTTP requests to the
* allowed list.
*
* Attached to the {@see 'http_request_host_is_external'} filter.
*

9
src/wp-includes/kses.php
View File

@ -1720,13 +1720,14 @@ function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) {
* Callback for `wp_kses_bad_protocol_once()` regular expression.
*
* This function processes URL protocols, checks to see if they're in the
* whitelist or not, and returns different data depending on the answer.
* list of allowed protocols or not, and returns different data depending
* on the answer.
*
* @access private
* @ignore
* @since 1.0.0
*
* @param string $string URI scheme to check against the whitelist.
* @param string $string URI scheme to check against the list of allowed protocols.
* @param string[] $allowed_protocols Array of allowed URL protocols.
* @return string Sanitized content.
*/
@ -1772,7 +1773,7 @@ function wp_kses_normalize_entities( $string, $context = 'html' ) {
// Disarm all entities by converting & to &amp;
$string = str_replace( '&', '&amp;', $string );
// Change back the allowed entities in our entity whitelist.
// Change back the allowed entities in our list of allowed entities.
if ( 'xml' === $context ) {
$string = preg_replace_callback( '/&amp;([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_xml_named_entities', $string );
} else {
@ -1912,7 +1913,7 @@ function valid_unicode( $i ) {
*
* This function decodes numeric HTML entities (`&#65;` and `&#x41;`).
* It doesn't do anything with named entities like `&auml;`, but we don't
* need them in the URL protocol whitelisting system anyway.
* need them in the allowed URL protocols system anyway.
*
* @since 1.0.0
*

8
src/wp-includes/meta.php
View File

@ -1396,19 +1396,19 @@ function get_registered_metadata( $object_type, $object_id, $meta_key = '' ) {
}
/**
* Filters out `register_meta()` args based on a whitelist.
* Filters out `register_meta()` args based on an allowed list.
*
* `register_meta()` args may change over time, so requiring the whitelist
* `register_meta()` args may change over time, so requiring the allowed list
* to be explicitly turned off is a warranty seal of sorts.
*
* @access private
* @since 4.6.0
* @since 5.5.0
*
* @param array $args Arguments from `register_meta()`.
* @param array $default_args Default arguments for `register_meta()`.
* @return array Filtered arguments.
*/
function _wp_register_meta_args_whitelist( $args, $default_args ) {
function _wp_register_meta_args_allowed_list( $args, $default_args ) {
return array_intersect_key( $args, $default_args );
}

4
src/wp-includes/ms-blogs.php
View File

@ -720,9 +720,9 @@ function update_blog_status( $blog_id, $pref, $value, $deprecated = null ) {
_deprecated_argument( __FUNCTION__, '3.1.0' );
}
$pref_whitelist = array( 'site_id', 'domain', 'path', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
$allowed_field_names = array( 'site_id', 'domain', 'path', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
if ( ! in_array( $pref, $pref_whitelist, true ) ) {
if ( ! in_array( $pref, $allowed_field_names, true ) ) {
return $value;
}

2
src/wp-includes/ms-default-filters.php
View File

@ -124,5 +124,5 @@ add_action( 'update_option_home', 'clean_site_details_cache', 10, 0 );
// If the network upgrade hasn't run yet, assume ms-files.php rewriting is used.
add_filter( 'default_site_option_ms_files_rewriting', '__return_true' );
// Whitelist multisite domains for HTTP requests.
// Allow multisite domains for HTTP requests.
add_filter( 'http_request_host_is_external', 'ms_allowed_http_request_hosts', 20, 2 );

13
src/wp-includes/ms-functions.php
View File

@ -441,7 +441,8 @@ function is_email_address_unsafe( $user_email ) {
* Sanitize and validate data required for a user sign-up.
*
* Verifies the validity and uniqueness of user names and user email addresses,
* and checks email addresses against admin-provided domain whitelists and blacklists.
* and checks email addresses against allowed and disallowed domains provided by
* administrators.
*
* The {@see 'wpmu_validate_user_signup'} hook provides an easy way to modify the sign-up
* process. The value $result, which is passed to the hook, contains both the user-provided
@ -1358,7 +1359,7 @@ function wpmu_create_blog( $domain, $path, $title, $user_id, $options = array(),
wp_installing( true );
}
$site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
$allowed_data_fields = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
$site_data = array_merge(
array(
@ -1366,14 +1367,14 @@ function wpmu_create_blog( $domain, $path, $title, $user_id, $options = array(),
'path' => $path,
'network_id' => $network_id,
),
array_intersect_key( $options, array_flip( $site_data_whitelist ) )
array_intersect_key( $options, array_flip( $allowed_data_fields ) )
);
// Data to pass to wp_initialize_site().
$site_initialization_data = array(
'title' => $title,
'user_id' => $user_id,
'options' => array_diff_key( $options, array_flip( $site_data_whitelist ) ),
'options' => array_diff_key( $options, array_flip( $allowed_data_fields ) ),
);
$blog_id = wp_insert_site( array_merge( $site_data, $site_initialization_data ) );
@ -1840,12 +1841,12 @@ function get_most_recent_post_of_user( $user_id ) {
//
/**
* Check an array of MIME types against a whitelist.
* Check an array of MIME types against a list of allowed types.
*
* WordPress ships with a set of allowed upload filetypes,
* which is defined in wp-includes/functions.php in
* get_allowed_mime_types(). This function is used to filter
* that list against the filetype whitelist provided by Multisite
* that list against the filetypes allowed provided by Multisite
* Super Admins at wp-admin/network/settings.php.
*
* @since MU (3.0.0)

12
src/wp-includes/ms-site.php
View File

@ -114,10 +114,10 @@ function wp_insert_site( array $data ) {
$meta['WPLANG'] = get_network_option( $new_site->network_id, 'WPLANG' );
}
// Rebuild the data expected by the `wpmu_new_blog` hook prior to 5.1.0 using whitelisted keys.
// The `$site_data_whitelist` matches the one used in `wpmu_create_blog()`.
$site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
$meta = array_merge( array_intersect_key( $data, array_flip( $site_data_whitelist ) ), $meta );
// Rebuild the data expected by the `wpmu_new_blog` hook prior to 5.1.0 using allowed keys.
// The `$allowed_data_fields` matches the one used in `wpmu_create_blog()`.
$allowed_data_fields = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
$meta = array_merge( array_intersect_key( $data, array_flip( $allowed_data_fields ) ), $meta );
/**
* Fires immediately after a new site is created.
@ -492,8 +492,8 @@ function wp_prepare_site_data( $data, $defaults, $old_site = null ) {
*/
$data = apply_filters( 'wp_normalize_site_data', $data );
$whitelist = array( 'domain', 'path', 'network_id', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
$data = array_intersect_key( wp_parse_args( $data, $defaults ), array_flip( $whitelist ) );
$allowed_data_fields = array( 'domain', 'path', 'network_id', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
$data = array_intersect_key( wp_parse_args( $data, $defaults ), array_flip( $allowed_data_fields ) );
$errors = new WP_Error();

4
src/wp-includes/option.php
View File

@ -2097,8 +2097,8 @@ function register_initial_settings() {
* @global array $new_whitelist_options
* @global array $wp_registered_settings
*
* @param string $option_group A settings group name. Should correspond to a whitelisted option key name.
* Default whitelisted option key names include 'general', 'discussion', 'media',
* @param string $option_group A settings group name. Should correspond to an allowed option key name.
* Default allowed option key names include 'general', 'discussion', 'media',
* 'reading', 'writing', 'misc', 'options', and 'privacy'.
* @param string $option_name The name of an option to sanitize and save.
* @param array $args {

2
src/wp-includes/pluggable.php
View File

@ -1466,7 +1466,7 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
$wpp = parse_url( home_url() );
/**
* Filters the whitelist of hosts to redirect to.
* Filters the list of allowed hosts to redirect to.
*
* @since 2.3.0
*

2
src/wp-includes/rest-api/class-wp-rest-server.php
View File

@ -605,7 +605,7 @@ class WP_REST_Server {
$embedded = array();
foreach ( $data['_links'] as $rel => $links ) {
// If a list of relations was specified, and the link relation is not in the whitelist, don't process the link.
// If a list of relations was specified, and the link relation is not in the list of allowed relations, don't process the link.
if ( is_array( $embed ) && ! in_array( $rel, $embed, true ) ) {
continue;
}

4
src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
View File

@ -251,7 +251,7 @@ class WP_REST_Settings_Controller extends WP_REST_Controller {
}
/*
* Whitelist the supported types for settings, as we don't want invalid types
* Allow the supported types for settings, as we don't want invalid types
* to be updated with arbitrary values that we can't do decent sanitizing for.
*/
if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'integer', 'string', 'boolean', 'array', 'object' ), true ) ) {
@ -304,7 +304,7 @@ class WP_REST_Settings_Controller extends WP_REST_Controller {
*
* By default, the schema of settings will throw an error if a value is set to
* `null` as it's not a valid value for something like "type => string". We
* provide a wrapper sanitizer to whitelist the use of `null`.
* provide a wrapper sanitizer to allow the use of `null`.
*
* @since 4.7.0
*

3
src/wp-includes/script-loader.php
View File

@ -1064,7 +1064,7 @@ function wp_default_scripts( $scripts ) {
)
);
$scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 );
$scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'wp-deprecated', 'zxcvbn-async' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'password-strength-meter',
'pwsL10n',
@ -1077,6 +1077,7 @@ function wp_default_scripts( $scripts ) {
'mismatch' => _x( 'Mismatch', 'password mismatch' ),
)
);
$scripts->set_translations( 'password-strength-meter' );
$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter', 'wp-util' ), false, 1 );
did_action( 'init' ) && $scripts->localize(

12
src/wp-includes/sodium_compat/src/Core/Ed25519.php
View File

@ -376,8 +376,8 @@ abstract class ParagonIE_Sodium_Core_Ed25519 extends ParagonIE_Sodium_Core_Curve
*/
public static function small_order($R)
{
/** @var array<int, array<int, int>> $blacklist */
$blacklist = array(
/** @var array<int, array<int, int>> $blocklist */
$blocklist = array(
/* 0 (order 4) */
array(
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -463,13 +463,13 @@ abstract class ParagonIE_Sodium_Core_Ed25519 extends ParagonIE_Sodium_Core_Curve
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
)
);
/** @var int $countBlacklist */
$countBlacklist = count($blacklist);
/** @var int $countBlocklist */
$countBlocklist = count($blocklist);
for ($i = 0; $i < $countBlacklist; ++$i) {
for ($i = 0; $i < $countBlocklist; ++$i) {
$c = 0;
for ($j = 0; $j < 32; ++$j) {
$c |= self::chrToInt($R[$j]) ^ (int) $blacklist[$i][$j];
$c |= self::chrToInt($R[$j]) ^ (int) $blocklist[$i][$j];
}
if ($c === 0) {
return true;

10
src/wp-includes/sodium_compat/src/Core32/Ed25519.php
View File

@ -378,7 +378,7 @@ abstract class ParagonIE_Sodium_Core32_Ed25519 extends ParagonIE_Sodium_Core32_C
*/
public static function small_order($R)
{
static $blacklist = array(
static $blocklist = array(
/* 0 (order 4) */
array(
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -464,13 +464,13 @@ abstract class ParagonIE_Sodium_Core32_Ed25519 extends ParagonIE_Sodium_Core32_C
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
)
);
/** @var array<int, array<int, int>> $blacklist */
$countBlacklist = count($blacklist);
/** @var array<int, array<int, int>> $blocklist */
$countBlocklist = count($blocklist);
for ($i = 0; $i < $countBlacklist; ++$i) {
for ($i = 0; $i < $countBlocklist; ++$i) {
$c = 0;
for ($j = 0; $j < 32; ++$j) {
$c |= self::chrToInt($R[$j]) ^ $blacklist[$i][$j];
$c |= self::chrToInt($R[$j]) ^ $blocklist[$i][$j];
}
if ($c === 0) {
return true;

6
src/wp-includes/theme.php
View File

@ -2823,7 +2823,7 @@ function get_theme_support( $feature, ...$args ) {
* @return bool|void Whether feature was removed.
*/
function remove_theme_support( $feature ) {
// Blacklist: for internal registrations not used directly by themes.
// Do not remove internal registrations that are not used directly by themes.
if ( in_array( $feature, array( 'editor-style', 'widgets', 'menus' ), true ) ) {
return false;
}
@ -2832,11 +2832,11 @@ function remove_theme_support( $feature ) {
}
/**
* Do not use. Removes theme support internally, ignorant of the blacklist.
* Do not use. Removes theme support internally without knowledge of those not used by
* themes directly.
*
* @access private
* @since 3.1.0
*
* @global array $_wp_theme_features
* @global Custom_Image_Header $custom_image_header
* @global Custom_Background $custom_background

4
src/wp-includes/user.php
View File

@ -1593,11 +1593,11 @@ function wp_insert_user( $userdata ) {
}
/**
* Filters the list of blacklisted usernames.
* Filters the list of disallowed usernames.
*
* @since 4.4.0
*
* @param array $usernames Array of blacklisted usernames.
* @param array $usernames Array of disallowed usernames.
*/
$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );

2
src/wp-includes/version.php
View File

@ -20,7 +20,7 @@ $wp_version = '5.5-alpha-47426-src';
*
* @global int $wp_db_version
*/
$wp_db_version = 48072;
$wp_db_version = 48121;
/**
* Holds the TinyMCE version.

18
src/wp-includes/widgets.php
View File

@ -1282,7 +1282,7 @@ function retrieve_widgets( $theme_changed = false ) {
}
/**
* Compares a list of sidebars with their widgets against a whitelist.
* Compares a list of sidebars with their widgets against an allowed list.
*
* @since 4.9.0
* @since 4.9.2 Always tries to restore widget assignments from previous data, not just if sidebars needed mapping.
@ -1457,22 +1457,22 @@ function wp_map_sidebars_widgets( $existing_sidebars_widgets ) {
}
/**
* Compares a list of sidebars with their widgets against a whitelist.
* Compares a list of sidebars with their widgets against an allowed list.
*
* @since 4.9.0
*
* @param array $sidebars_widgets List of sidebars and their widget instance IDs.
* @param array $whitelist Optional. List of widget IDs to compare against. Default: Registered widgets.
* @return array Sidebars with whitelisted widgets.
* @param array $sidebars_widgets List of sidebars and their widget instance IDs.
* @param array $allowed_widget_ids Optional. List of widget IDs to compare against. Default: Registered widgets.
* @return array Sidebars with allowed widgets.
*/
function _wp_remove_unregistered_widgets( $sidebars_widgets, $whitelist = array() ) {
if ( empty( $whitelist ) ) {
$whitelist = array_keys( $GLOBALS['wp_registered_widgets'] );
function _wp_remove_unregistered_widgets( $sidebars_widgets, $allowed_widget_ids = array() ) {
if ( empty( $allowed_widget_ids ) ) {
$allowed_widget_ids = array_keys( $GLOBALS['wp_registered_widgets'] );
}
foreach ( $sidebars_widgets as $sidebar => $widgets ) {
if ( is_array( $widgets ) ) {
$sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $whitelist );
$sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $allowed_widget_ids );
}
}

8
tests/phpunit/includes/factory/class-wp-unittest-factory-for-blog.php
View File

@ -40,12 +40,12 @@ class WP_UnitTest_Factory_For_Blog extends WP_UnitTest_Factory_For_Thing {
}
if ( isset( $args['meta'] ) ) {
// The `$site_data_whitelist` matches the one used in `wpmu_create_blog()`.
$site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
// The `$allowed_data_fields` matches the one used in `wpmu_create_blog()`.
$allowed_data_fields = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
foreach ( $args['meta'] as $key => $value ) {
// Promote whitelisted keys to top-level arguments, add others to the options array.
if ( in_array( $key, $site_data_whitelist, true ) ) {
// Promote allowed keys to top-level arguments, add others to the options array.
if ( in_array( $key, $allowed_data_fields, true ) ) {
$args[ $key ] = $value;
} else {
$args['options'][ $key ] = $value;

2
tests/phpunit/tests/admin/includesSchema.php
View File

@ -159,7 +159,7 @@ class Tests_Admin_Includes_Schema extends WP_UnitTestCase {
'use_quicktags' => '1',
),
array(
// This option is on a blacklist and should never exist.
// This option disallowed and should never exist.
'use_quicktags' => false,
),
),

28
tests/phpunit/tests/comment/checkComment.php
View File

@ -4,7 +4,7 @@
* @group comment
*/
class Tests_Comment_CheckComment extends WP_UnitTestCase {
public function test_should_return_true_when_comment_whitelist_is_disabled() {
public function test_should_return_true_when_comment_previously_approved_is_disabled() {
$author = 'BobtheBuilder';
$author_email = 'bob@example.com';
$author_url = 'http://example.com';
@ -13,12 +13,12 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
$user_agent = '';
$comment_type = '';
update_option( 'comment_whitelist', 0 );
update_option( 'comment_previously_approved', 0 );
$results = check_comment( $author, $author_email, $author_url, $comment, $author_ip, $user_agent, $comment_type );
$this->assertTrue( $results );
}
public function test_should_return_false_when_comment_whitelist_is_enabled_and_author_does_not_have_approved_comment() {
public function test_should_return_false_when_comment_previously_approved_is_enabled_and_author_does_not_have_approved_comment() {
$author = 'BobtheBuilder';
$author_email = 'bob@example.com';
$author_url = 'http://example.com';
@ -27,13 +27,13 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
$user_agent = '';
$comment_type = '';
update_option( 'comment_whitelist', 1 );
update_option( 'comment_previously_approved', 1 );
$results = check_comment( $author, $author_email, $author_url, $comment, $author_ip, $user_agent, $comment_type );
$this->assertFalse( $results );
}
public function test_should_return_true_when_comment_whitelist_is_enabled_and_author_has_approved_comment() {
public function test_should_return_true_when_comment_previously_approved_is_enabled_and_author_has_approved_comment() {
$post_id = self::factory()->post->create();
$prev_args = array(
'comment_post_ID' => $post_id,
@ -44,7 +44,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
);
$prev_comment_id = self::factory()->comment->create( $prev_args );
update_option( 'comment_whitelist', 1 );
update_option( 'comment_previously_approved', 1 );
$author = 'BobtheBuilder';
$author_email = 'bob@example.com';
@ -69,7 +69,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
}
public function test_should_return_false_when_content_matches_moderation_key() {
update_option( 'comment_whitelist', 0 );
update_option( 'comment_previously_approved', 0 );
$author = 'WendytheBuilder';
$author_email = 'wendy@example.com';
@ -85,7 +85,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
}
public function test_should_return_true_when_content_does_not_match_moderation_keys() {
update_option( 'comment_whitelist', 0 );
update_option( 'comment_previously_approved', 0 );
$author = 'WendytheBuilder';
$author_email = 'wendy@example.com';
@ -101,7 +101,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
}
public function test_should_return_false_when_link_count_exceeds_comment_max_length_setting() {
update_option( 'comment_whitelist', 0 );
update_option( 'comment_previously_approved', 0 );
$author = 'BobtheBuilder';
$author_email = 'bob@example.com';
@ -117,7 +117,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
}
public function test_should_return_true_when_link_count_does_not_exceed_comment_max_length_setting() {
update_option( 'comment_whitelist', 0 );
update_option( 'comment_previously_approved', 0 );
$author = 'BobtheBuilder';
$author_email = 'bob@example.com';
@ -135,7 +135,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
/**
* @ticket 28603
*/
public function test_should_return_true_when_comment_whitelist_is_enabled_and_user_has_previously_approved_comments_with_different_email() {
public function test_should_return_true_when_comment_previously_approved_is_enabled_and_user_has_previously_approved_comments_with_different_email() {
$subscriber_id = $this->factory()->user->create(
array(
'role' => 'subscriber',
@ -158,7 +158,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
wp_update_user( $subscriber_user );
update_option( 'comment_whitelist', 1 );
update_option( 'comment_previously_approved', 1 );
$results = check_comment( 'foo', 'newsub@example.com', 'http://example.com', 'This is a comment.', '66.155.40.249', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0', 'comment', 4 );
$this->assertTrue( $results );
@ -167,7 +167,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
/**
* @ticket 28603
*/
public function test_should_return_false_when_comment_whitelist_is_enabled_and_user_does_not_have_a_previously_approved_comment_with_any_email() {
public function test_should_return_false_when_comment_previously_approved_is_enabled_and_user_does_not_have_a_previously_approved_comment_with_any_email() {
$subscriber_id = $this->factory()->user->create(
array(
'role' => 'subscriber',
@ -180,7 +180,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
wp_update_user( $subscriber_user );
update_option( 'comment_whitelist', 1 );
update_option( 'comment_previously_approved', 1 );
$results = check_comment( 'bar', 'zag@example.com', 'http://example.com', 'This is my first comment.', '66.155.40.249', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0', 'comment', 4 );
$this->assertFalse( $results );

4
tests/phpunit/tests/comment/wpAllowComment.php
View File

@ -22,14 +22,14 @@ class Tests_Comment_WpAllowComment extends WP_UnitTestCase {
)
);
update_option( 'comment_whitelist', 0 );
update_option( 'comment_previously_approved', 0 );
}
function tearDown() {
wp_delete_post( self::$post_id, true );
wp_delete_comment( self::$comment_id, true );
update_option( 'comment_whitelist', 1 );
update_option( 'comment_previously_approved', 1 );
}
public function test_allow_comment_if_comment_author_emails_differ() {

36
tests/phpunit/tests/comment/wpBlacklistCheck.php
View File

@ -3,9 +3,9 @@
/**
* @group comment
*/
class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
class Tests_WP_Blocklist_Check extends WP_UnitTestCase {
public function test_should_return_true_when_content_matches_blacklist_keys() {
public function test_should_return_true_when_content_matches_blocklist_keys() {
$author = 'Sting';
$author_email = 'sting@example.com';
$author_url = 'http://example.com';
@ -13,9 +13,9 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
$author_ip = '192.168.0.1';
$user_agent = '';
update_option( 'blacklist_keys', "well\nfoo" );
update_option( 'blocklist_keys', "well\nfoo" );
$result = wp_blacklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
$result = wp_blocklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
$this->assertTrue( $result );
}
@ -23,7 +23,7 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
/**
* @ticket 37208
*/
public function test_should_return_true_when_content_with_html_matches_blacklist_keys() {
public function test_should_return_true_when_content_with_html_matches_blocklist_keys() {
$author = 'Sting';
$author_email = 'sting@example.com';
$author_url = 'http://example.com';
@ -31,14 +31,14 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
$author_ip = '192.168.0.1';
$user_agent = '';
update_option( 'blacklist_keys', "halfway\nfoo" );
update_option( 'blocklist_keys', "halfway\nfoo" );
$result = wp_blacklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
$result = wp_blocklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
$this->assertTrue( $result );
}
public function test_should_return_true_when_author_matches_blacklist_keys() {
public function test_should_return_true_when_author_matches_blocklist_keys() {
$author = 'Sideshow Mel';
$author_email = 'mel@example.com';
$author_url = 'http://example.com';
@ -46,14 +46,14 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
$author_ip = '192.168.0.1';
$user_agent = '';
update_option( 'blacklist_keys', "sideshow\nfoo" );
update_option( 'blocklist_keys', "sideshow\nfoo" );
$result = wp_blacklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
$result = wp_blocklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
$this->assertTrue( $result );
}
public function test_should_return_true_when_url_matches_blacklist_keys() {
public function test_should_return_true_when_url_matches_blocklist_keys() {
$author = 'Rainier Wolfcastle';
$author_email = 'rainier@wolfcastle.com';
$author_url = 'http://example.com';
@ -61,9 +61,9 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
$author_ip = '192.168.0.1';
$user_agent = '';
update_option( 'blacklist_keys', "example\nfoo" );
update_option( 'blocklist_keys', "example\nfoo" );
$result = wp_blacklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
$result = wp_blocklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
$this->assertTrue( $result );
}
@ -71,7 +71,7 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
/**
* @ticket 37208
*/
public function test_should_return_true_when_link_matches_blacklist_keys() {
public function test_should_return_true_when_link_matches_blocklist_keys() {
$author = 'Rainier Wolfcastle';
$author_email = 'rainier@wolfcastle.com';
$author_url = 'http://example.com';
@ -79,9 +79,9 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
$author_ip = '192.168.0.1';
$user_agent = '';
update_option( 'blacklist_keys', '/spam/' );
update_option( 'blocklist_keys', '/spam/' );
$result = wp_blacklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
$result = wp_blocklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
$this->assertTrue( $result );
}
@ -94,9 +94,9 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase {
$author_ip = '192.168.0.1';
$user_agent = '';
update_option( 'blacklist_keys', "sideshow\nfoobar" );
update_option( 'blocklist_keys', "sideshow\nfoobar" );
$result = wp_blacklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
$result = wp_blocklist_check( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
$this->assertFalse( $result );
}

8
tests/phpunit/tests/media.php
View File

@ -1473,7 +1473,7 @@ EOF;
$expected = '';
foreach ( $image_meta['sizes'] as $name => $size ) {
// Whitelist the sizes that should be included so we pick up 'medium_large' in 4.4.
// Allow the sizes that should be included so we pick up 'medium_large' in 4.4.
if ( in_array( $name, $intermediates, true ) ) {
$expected .= $uploads_dir_url . $year_month . '/' . $size['file'] . ' ' . $size['width'] . 'w, ';
}
@ -1518,7 +1518,7 @@ EOF;
$expected = '';
foreach ( $image_meta['sizes'] as $name => $size ) {
// Whitelist the sizes that should be included so we pick up 'medium_large' in 4.4.
// Allow the sizes that should be included so we pick up 'medium_large' in 4.4.
if ( in_array( $name, $intermediates, true ) ) {
$expected .= $uploads_dir_url . $size['file'] . ' ' . $size['width'] . 'w, ';
}
@ -1595,7 +1595,7 @@ EOF;
$expected = '';
foreach ( $image_meta['sizes'] as $name => $size ) {
// Whitelist the sizes that should be included so we pick up 'medium_large' in 4.4.
// Allow the sizes that should be included so we pick up 'medium_large' in 4.4.
if ( in_array( $name, $intermediates, true ) ) {
$expected .= $uploads_dir_url . $year_month . '/' . $size['file'] . ' ' . $size['width'] . 'w, ';
}
@ -1874,7 +1874,7 @@ EOF;
$expected = '';
foreach ( $image_meta['sizes'] as $name => $size ) {
// Whitelist the sizes that should be included so we pick up 'medium_large' in 4.4.
// Allow the sizes that should be included so we pick up 'medium_large' in 4.4.
if ( in_array( $name, $intermediates, true ) ) {
$expected .= $uploads_dir . $year_month . '/' . $size['file'] . ' ' . $size['width'] . 'w, ';
}

8
tests/phpunit/tests/multisite/site.php
View File

@ -2461,14 +2461,14 @@ if ( is_multisite() ) :
public function data_wpmu_new_blog_action_backward_commpatible() {
return array(
'default values' => array(
'default values' => array(
array(),
array(
'public' => 0, // `public` is one of the default metas in `wpmu_create_blog()' function prior to WordPress 5.1.0.
'WPLANG' => 'en_US', // WPLANG is another default meta in `wpmu_create_blog()` function prior to WordPress 5.1.0.
),
),
'public site' => array(
'public site' => array(
array(
'public' => 1,
),
@ -2477,7 +2477,7 @@ if ( is_multisite() ) :
'WPLANG' => 'en_US',
),
),
'all whitelisted' => array(
'allowed_keys' => array(
array(
'public' => -1,
'archived' => 0,
@ -2497,7 +2497,7 @@ if ( is_multisite() ) :
'lang_id' => 11,
),
),
'extra meta key' => array(
'extra meta key' => array(
array(
'foo' => 'bar',
),

52
tests/phpunit/tests/multisite/siteDetails.php
View File

@ -9,101 +9,101 @@ if ( is_multisite() ) :
*/
class Tests_Multisite_Site_Details extends WP_UnitTestCase {
/**
* @dataProvider data_whitelisted_options
* @dataProvider data_allowed_options
*
* @ticket 40063
*/
public function test_update_whitelisted_option_deletes_site_details_cache( $whitelisted_option, $temporary_value ) {
public function test_update_allowed_option_deletes_site_details_cache( $allowed_option, $temporary_value ) {
$site = get_site();
$original_value = $site->$whitelisted_option;
update_option( $whitelisted_option, $temporary_value );
$original_value = $site->$allowed_option;
update_option( $allowed_option, $temporary_value );
$cached_result = wp_cache_get( $site->id, 'site-details' );
/* Reset to original value. */
update_option( $whitelisted_option, $original_value );
update_option( $allowed_option, $original_value );
$this->assertFalse( $cached_result );
}
/**
* @dataProvider data_whitelisted_options
* @dataProvider data_allowed_options
*
* @ticket 40063
*/
public function test_update_whitelisted_option_deletes_blog_details_cache( $whitelisted_option, $temporary_value ) {
public function test_update_allowed_option_deletes_blog_details_cache( $allowed_option, $temporary_value ) {
$blog_details = get_blog_details();
$original_value = $blog_details->$whitelisted_option;
update_option( $whitelisted_option, $temporary_value );
$original_value = $blog_details->$allowed_option;
update_option( $allowed_option, $temporary_value );
$cached_result = wp_cache_get( $blog_details->id, 'blog-details' );
/* Reset to original value. */
update_option( $whitelisted_option, $original_value );
update_option( $allowed_option, $original_value );
$this->assertFalse( $cached_result );
}
/**
* @dataProvider data_whitelisted_options
* @dataProvider data_allowed_options
*
* @ticket 40063
*/
public function test_update_whitelisted_option_does_not_delete_site_cache( $whitelisted_option, $temporary_value ) {
public function test_update_allowed_option_does_not_delete_site_cache( $allowed_option, $temporary_value ) {
$site = get_site();
$original_value = $site->$whitelisted_option;
update_option( $whitelisted_option, $temporary_value );
$original_value = $site->$allowed_option;
update_option( $allowed_option, $temporary_value );
$cached_result = wp_cache_get( $site->id, 'sites' );
/* Reset to original value. */
update_option( $whitelisted_option, $original_value );
update_option( $allowed_option, $original_value );
$this->assertNotFalse( $cached_result );
}
/**
* @dataProvider data_whitelisted_options
* @dataProvider data_allowed_options
*
* @ticket 40063
*/
public function test_update_whitelisted_option_does_not_delete_short_blog_details_cache( $whitelisted_option, $temporary_value ) {
public function test_update_allowed_option_does_not_delete_short_blog_details_cache( $allowed_option, $temporary_value ) {
$blog_details = get_blog_details( null, false );
$original_value = get_option( $whitelisted_option );
update_option( $whitelisted_option, $temporary_value );
$original_value = get_option( $allowed_option );
update_option( $allowed_option, $temporary_value );
$cached_result = wp_cache_get( $blog_details->id . 'short', 'blog-details' );
/* Reset to original value. */
update_option( $whitelisted_option, $original_value );
update_option( $allowed_option, $original_value );
$this->assertNotFalse( $cached_result );
}
/**
* @dataProvider data_whitelisted_options
* @dataProvider data_allowed_options
*
* @ticket 40063
*/
public function test_update_whitelisted_option_does_not_update_sites_last_changed( $whitelisted_option, $temporary_value ) {
public function test_update_allowed_option_does_not_update_sites_last_changed( $allowed_option, $temporary_value ) {
$last_changed = wp_cache_get_last_changed( 'sites' );
$original_value = get_option( $whitelisted_option );
update_option( $whitelisted_option, $temporary_value );
$original_value = get_option( $allowed_option );
update_option( $allowed_option, $temporary_value );
$new_last_changed = wp_cache_get_last_changed( 'sites' );
/* Reset to original value. */
update_option( $whitelisted_option, $original_value );
update_option( $allowed_option, $original_value );
$this->assertSame( $new_last_changed, $last_changed );
}
public function data_whitelisted_options() {
public function data_allowed_options() {
return array(
array( 'blogname', 'Custom Site' ),
array( 'home', 'http://custom-site-url.org' ),

4
tests/phpunit/tests/multisite/wpmuValidateUserSignup.php
View File

@ -54,7 +54,7 @@ if ( is_multisite() ) :
remove_filter( 'is_email', '__return_false' );
}
public function test_should_fail_for_emails_from_non_whitelisted_domains() {
public function test_should_fail_for_emails_from_disallowed_domains() {
$domains = array( 'foo.com', 'bar.org' );
update_site_option( 'limited_email_domains', $domains );
@ -62,7 +62,7 @@ if ( is_multisite() ) :
$this->assertContains( 'user_email', $v['errors']->get_error_codes() );
}
public function test_should_not_fail_for_emails_from_whitelisted_domains_with_mixed_case() {
public function test_should_not_fail_for_emails_from_allowed_domains_with_mixed_case() {
$domains = array( 'foo.com', 'bar.org' );
update_site_option( 'limited_email_domains', $domains );

12
tests/phpunit/tests/post/attachments.php
View File

@ -466,7 +466,7 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
public function test_wp_attachment_is_default() {
// On Multisite, psd is not an allowed mime type by default.
if ( is_multisite() ) {
add_filter( 'upload_mimes', array( $this, 'whitelist_psd_mime_type' ), 10, 2 );
add_filter( 'upload_mimes', array( $this, 'allow_psd_mime_type' ), 10, 2 );
}
$filename = DIR_TESTDATA . '/images/test-image.psd';
@ -481,7 +481,7 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
$this->assertFalse( wp_attachment_is( 'video', $attachment_id ) );
if ( is_multisite() ) {
remove_filter( 'upload_mimes', array( $this, 'whitelist_psd_mime_type' ), 10, 2 );
remove_filter( 'upload_mimes', array( $this, 'allow_psd_mime_type' ), 10, 2 );
}
}
@ -493,21 +493,21 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
$this->assertFalse( $upload['error'] );
add_filter( 'upload_mimes', array( $this, 'blacklist_jpg_mime_type' ) );
add_filter( 'upload_mimes', array( $this, 'disallow_jpg_mime_type' ) );
$upload = wp_upload_bits( wp_basename( $filename ), null, $contents );
remove_filter( 'upload_mimes', array( $this, 'blacklist_jpg_mime_type' ) );
remove_filter( 'upload_mimes', array( $this, 'disallow_jpg_mime_type' ) );
$this->assertNotEmpty( $upload['error'] );
}
public function whitelist_psd_mime_type( $mimes ) {
public function allow_psd_mime_type( $mimes ) {
$mimes['psd'] = 'application/octet-stream';
return $mimes;
}
public function blacklist_jpg_mime_type( $mimes ) {
public function disallow_jpg_mime_type( $mimes ) {
unset( $mimes['jpg|jpeg|jpe'] );
return $mimes;
}

6
tests/phpunit/tests/post/wpUniquePostSlug.php
View File

@ -128,9 +128,9 @@ class Tests_Post_WpUniquePostSlug extends WP_UnitTestCase {
}
/**
* @dataProvider whitelist_post_statuses
* @dataProvider allowed_post_statuses
*/
public function test_whitelisted_post_statuses_should_not_be_forced_to_be_unique( $status ) {
public function test_allowed_post_statuses_should_not_be_forced_to_be_unique( $status ) {
$p1 = self::factory()->post->create(
array(
'post_type' => 'post',
@ -149,7 +149,7 @@ class Tests_Post_WpUniquePostSlug extends WP_UnitTestCase {
$this->assertSame( 'foo', $actual );
}
public function whitelist_post_statuses() {
public function allowed_post_statuses() {
return array(
array( 'draft' ),
array( 'pending' ),

12
tests/phpunit/tests/rest-api.php
View File

@ -378,7 +378,7 @@ class Tests_REST_API extends WP_UnitTestCase {
}
/**
* Ensure that result fields are not whitelisted if no request['_fields'] is present.
* Ensure that result fields are not allowed if no request['_fields'] is present.
*/
public function test_rest_filter_response_fields_no_request_filter() {
$response = new WP_REST_Response();
@ -390,7 +390,7 @@ class Tests_REST_API extends WP_UnitTestCase {
}
/**
* Ensure that result fields are whitelisted if request['_fields'] is present.
* Ensure that result fields are allowed if request['_fields'] is present.
*/
public function test_rest_filter_response_fields_single_field_filter() {
$response = new WP_REST_Response();
@ -410,7 +410,7 @@ class Tests_REST_API extends WP_UnitTestCase {
}
/**
* Ensure that multiple comma-separated fields may be whitelisted with request['_fields'].
* Ensure that multiple comma-separated fields may be allowed with request['_fields'].
*/
public function test_rest_filter_response_fields_multi_field_filter() {
$response = new WP_REST_Response();
@ -440,7 +440,7 @@ class Tests_REST_API extends WP_UnitTestCase {
}
/**
* Ensure that multiple comma-separated fields may be whitelisted
* Ensure that multiple comma-separated fields may be allowed
* with request['_fields'] using query parameter array syntax.
*/
public function test_rest_filter_response_fields_multi_field_filter_array() {
@ -472,7 +472,7 @@ class Tests_REST_API extends WP_UnitTestCase {
}
/**
* Ensure that request['_fields'] whitelists apply to items in response collections.
* Ensure that request['_fields'] allowed list apply to items in response collections.
*/
public function test_rest_filter_response_fields_numeric_array() {
$response = new WP_REST_Response();
@ -520,7 +520,7 @@ class Tests_REST_API extends WP_UnitTestCase {
}
/**
* Ensure that nested fields may be whitelisted with request['_fields'].
* Ensure that nested fields may be allowed with request['_fields'].
*
* @ticket 42094
*/

4
tests/phpunit/tests/widgets.php
View File

@ -1054,9 +1054,9 @@ class Tests_Widgets extends WP_UnitTestCase {
'array_version' => 3,
);
$whitelist = array( 'tag_cloud-1', 'text-1' );
$allowed_widgets = array( 'tag_cloud-1', 'text-1' );
$filtered_widgets = _wp_remove_unregistered_widgets( $widgets, $whitelist );
$filtered_widgets = _wp_remove_unregistered_widgets( $widgets, $allowed_widgets );
$this->assertInternalType( 'array', $filtered_widgets );
$this->assertArrayHasKey( 'fantasy', $filtered_widgets );

2
tests/phpunit/tests/widgets/text-widget.php
View File

@ -602,7 +602,7 @@ class Test_WP_Widget_Text extends WP_UnitTestCase {
$this->assertTrue( $widget->is_legacy_instance( $instance ), 'Legacy when not-wpautop and there is HTML that is not liable to be mutated.' );
}
// Check text examples that will migrate to TinyMCE, where elements and attributes are not in whitelist.
// Check text examples that will migrate to TinyMCE, where elements and attributes are not in the allowed list.
$migratable_text_examples = array(
'Check out <a href="http://example.com">Example</a>',
'<img src="http://example.com/img.jpg" alt="Img">',

4
tests/qunit/fixtures/wp-api-generated.js
View File

@ -137,7 +137,7 @@ mockedApiResponse.Schema = {
"discover": {
"required": false,
"default": true,
"description": "Whether to perform an oEmbed discovery request for non-whitelisted providers.",
"description": "Whether to perform an oEmbed discovery request for unsanctioned providers.",
"type": "boolean"
}
}
@ -4702,7 +4702,7 @@ mockedApiResponse.oembed = {
"discover": {
"required": false,
"default": true,
"description": "Whether to perform an oEmbed discovery request for non-whitelisted providers.",
"description": "Whether to perform an oEmbed discovery request for unsanctioned providers.",
"type": "boolean"
}
}

18
tests/qunit/wp-admin/js/password-strength-meter.js
View File

@ -80,23 +80,23 @@ jQuery( function() {
}
});
QUnit.test( 'blacklisted words in password should be penalized', function( assert ) {
QUnit.test( 'disallowed words in password should be penalized', function( assert ) {
var allowedPasswordScore, penalizedPasswordScore,
allowedPassword = 'a[janedoefoe]4',
penalizedPassword = 'a[johndoefoe]4',
blacklist = [ 'extra', 'johndoefoe', 'superfluous' ];
disallowedList = [ 'extra', 'johndoefoe', 'superfluous' ];
allowedPasswordScore = passwordStrength( allowedPassword, blacklist, allowedPassword );
penalizedPasswordScore = passwordStrength( penalizedPassword, blacklist, penalizedPassword );
allowedPasswordScore = passwordStrength( allowedPassword, disallowedList, allowedPassword );
penalizedPasswordScore = passwordStrength( penalizedPassword, disallowedList, penalizedPassword );
assert.ok( penalizedPasswordScore < allowedPasswordScore, 'Penalized password scored ' + penalizedPasswordScore + '; allowed password scored: ' + allowedPasswordScore );
});
QUnit.test( 'user input blacklist array should contain expected words', function( assert ) {
var blacklist = wp.passwordStrength.userInputBlacklist();
QUnit.test( 'user input disallowed list array should contain expected words', function( assert ) {
var disallowedList = wp.passwordStrength.userInputDisallowedList();
assert.ok( jQuery.isArray( blacklist ), 'blacklist is an array' );
assert.ok( jQuery.inArray( 'WordPress', blacklist ) > -1, 'blacklist contains "WordPress" from page title' );
assert.ok( jQuery.inArray( 'tests', blacklist ) > -1, 'blacklist contains "tests" from site URL' );
assert.ok( jQuery.isArray( disallowedList ), 'disallowed list is an array' );
assert.ok( jQuery.inArray( 'WordPress', disallowedList ) > -1, 'disallowed list contains "WordPress" from page title' );
assert.ok( jQuery.inArray( 'tests', disallowedList ) > -1, 'disallowed list contains "tests" from site URL' );
});
});