This fixes theme editing on Windows platforms where `validate_file()` will return `2` on a full file path.
Fixes#42609.
git-svn-id: https://develop.svn.wordpress.org/trunk@42244 602fd350-edb4-49c9-b593-d223f7449a82
Using a filename which was generated from `time()` could cause two processes to try to use the same filename, causing unexpected behaviour.
Props jrchamp, bikecrazyy.
Fixes#42265.
git-svn-id: https://develop.svn.wordpress.org/trunk@42224 602fd350-edb4-49c9-b593-d223f7449a82
This pattern occurs a handful of times across the codebase:
`<div class="foo<?php if ( $bar ) { echo ' baz'; } ?>">`
Unfortunately, it doesn't really play nicely with `phpcbf`, so all instances need to be removed in preperation for auto code formatting.
See #41057.
git-svn-id: https://develop.svn.wordpress.org/trunk@42217 602fd350-edb4-49c9-b593-d223f7449a82
Prevent edits to 2-level deep theme files from returning a `disallowed_theme_file` error when attempting to save an edit. Aligns logic for gathering `$allowed_files` in `theme-editor.php` for listing files with the validation logic in `wp_edit_theme_plugin_file()`.
Amends [41806].
See #6531.
Fixes#42425.
git-svn-id: https://develop.svn.wordpress.org/trunk@42112 602fd350-edb4-49c9-b593-d223f7449a82
This now treats files containing `./` as valid, and also treats files containing a trailing `../` as valid due to widespread use of this pattern in theme and plugin zip files.
Adds tests.
Props Ipstenu, borgesbruno, DavidAnderson, philipjohn, birgire
Fixes#42016, #36170
git-svn-id: https://develop.svn.wordpress.org/trunk@42011 602fd350-edb4-49c9-b593-d223f7449a82
The theme and plugin editors now list all files in the selected theme or plugin, recursing through subdirectories as necessary.
Props WraithKenny, schlessera, chsxf, MikeHansenMe, Daedalon, valendesigns, westonruter, pento.
Fixes#6531.
git-svn-id: https://develop.svn.wordpress.org/trunk@41806 602fd350-edb4-49c9-b593-d223f7449a82
* Increase PHP execution time limit prior to issuing loopback requests where are themselves given timeouts to ensure PHP file can be reverted.
* Output scrape messages on success and failure so that absence of either can also be flagged as an error condition.
* Forward browser's HTTP Basic Auth credentials in loopback requests to admin and home URL.
* Display more helpful message when loopback request fails.
Amends [41721].
See #21622.
Fixes#42102.
git-svn-id: https://develop.svn.wordpress.org/trunk@41805 602fd350-edb4-49c9-b593-d223f7449a82
* Edits to active plugins which cause PHP fatal errors will no longer auto-deactivate the plugin. Supersedes #39766.
* Introduce sandboxed PHP file edits for active themes, preventing accidental whitescreening of a user's site when introducing a fatal error.
* After writing a change to a PHP file for an active theme or plugin, perform loopback requests on the file editor admin screens and the homepage to check for fatal errors. If a fatal error is encountered, roll back the edited file and display the error to the user to fix and try again.
* Introduce a secure way to scrape PHP fatal errors from a site via `wp_start_scraping_edited_file_errors()` and `wp_finalize_scraping_edited_file_errors()`.
* Moves file modifications from `theme-editor.php` and `plugin-editor.php` to common `wp_edit_theme_plugin_file()` function.
* Refactor themes and plugin editors to submit file changes via Ajax instead of doing full page refreshes when JS is available.
* Use `get` method for theme/plugin dropdowns.
* Improve styling of plugin editors, including width of plugin/theme dropdowns.
* Improve notices API for theme/plugin editor JS component.
* Strip common base directory from plugin file list. See #24048.
* Factor out functions to list editable file types in `wp_get_theme_file_editable_extensions()` and `wp_get_plugin_file_editable_extensions()`.
* Scroll to line in editor that has linting error when attempting to save. See #41886.
* Add checkbox to dismiss lint errors to proceed with saving. See #41887.
* Only style the Update File button as disabled instead of actually disabling it for accessibility reasons.
* Ensure that value from CodeMirror is used instead of `textarea` when CodeMirror is present.
* Add "Are you sure?" check when leaving editor when there are unsaved changes.
Supersedes [41560].
See #39766, #24048, #41886.
Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
Fixes#21622, #41887.
git-svn-id: https://develop.svn.wordpress.org/trunk@41721 602fd350-edb4-49c9-b593-d223f7449a82
Passing a non-null value to the filter will prevent the uploaded file from being moved to the uploads directory for any of the functions leveraging `_wp_handle_upload()`, such as `wp_handle_upload()` or `wp_handle_sideload()`.
Error reporting related to the file being moved will also be skipped.
Props ryan, Mte90.
Fixes#24603.
git-svn-id: https://develop.svn.wordpress.org/trunk@41258 602fd350-edb4-49c9-b593-d223f7449a82
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.
- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items
Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes#27314, #37138, #37448.
git-svn-id: https://develop.svn.wordpress.org/trunk@38672 602fd350-edb4-49c9-b593-d223f7449a82
This fixes the paths in `wp-vendor/` that were including `src`. I want to drop this in so we can find out what else will break.
See #36335.
git-svn-id: https://develop.svn.wordpress.org/trunk@38411 602fd350-edb4-49c9-b593-d223f7449a82
The generated classmaps reference `/src/` files and operates in the assumption that the base directory is one level above `wp-settings.php`, which it isn't after our build processes are run.
See #36335
git-svn-id: https://develop.svn.wordpress.org/trunk@38402 602fd350-edb4-49c9-b593-d223f7449a82
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.
The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php
We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php
When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.
The future is now.
See #36335.
git-svn-id: https://develop.svn.wordpress.org/trunk@38399 602fd350-edb4-49c9-b593-d223f7449a82
The default error handler `wp_handle_upload_error()` expects a reference for the first parameter but `call_user_func()` doesn't pass parameters by reference. The current code didn't produce any issues until now. PHP 7.0.9 (and PHP 7.1) is now stricter and prevents calling the error handler with a warning:
> PHP Warning: Parameter 1 to wp_handle_upload_error() expected to be a reference, value given.
To restore the error handler `_wp_handle_upload()` now uses `call_user_func_array()`.
Props jbrinley.
Props jorbin for review.
Fixes#37570.
git-svn-id: https://develop.svn.wordpress.org/trunk@38235 602fd350-edb4-49c9-b593-d223f7449a82
Under certain conditions upgrades on Windows may fail because `wp_tempnam()` gets called in a loop.
This can happen when `wp_tempnam()` is called with `\.maintenance` for the `$filename` parameter. The function strips the extension, in this case `.maintenance`, which results in an empty filename. Because it's empty, `wp_tempnam()` calls itself with `dirname( '\.maintenance' )`. On *nix systems this would be `"/"` which allows `wp_tempnam()` to fall back on `time()`. But on Windows it's `"\"`.
This change adds the backslash to the list of characters which allow `wp_tempnam()` to fall back on `time()`.
See [32322], [31936].
Fixes#33999.
git-svn-id: https://develop.svn.wordpress.org/trunk@38151 602fd350-edb4-49c9-b593-d223f7449a82
`$context` is a full path to the directory that is tested for being writable. A path shouldn't be a boolean value.
This also updates `WP_Upgrader_Skin::request_filesystem_credentials()` and `Automatic_Upgrader_Skin::request_filesystem_credentials()` and adds missing docs.
Props DrewAPicture, ocean90.
Fixes#37412.
git-svn-id: https://develop.svn.wordpress.org/trunk@38138 602fd350-edb4-49c9-b593-d223f7449a82
* Don't lower memory limit if the current limit is greater than `WP_MAX_MEMORY_LIMIT`.
* Set `WP_MEMORY_LIMIT` and `WP_MAX_MEMORY_LIMIT` to current limit if the `memory_limit` setting can't be changed at runtime.
* Use `wp_convert_hr_to_bytes()` when parsing the value of the `memory_limit` setting because it can be a shorthand or an integer value.
* Introduce `wp_raise_memory_limit( $context )` to raise the PHP memory limit for memory intensive processes. This DRYs up some logic and includes the existing `admin_memory_limit` and `image_memory_limit` filters. The function can also be used for custom contexts, the `{$context}_memory_limit` filter allows to customize the limit.
* Introduce `wp_is_ini_value_changeable( $setting )` to determine whether a PHP ini value is changeable at runtime.
* Remove a `function_exists( 'memory_get_usage' )` check. Since PHP 5.2.1 support for memory limit is always enabled.
Related commits: [38011-38013]
Props jrf, A5hleyRich, swissspidy, ocean90.
Fixes#32075.
git-svn-id: https://develop.svn.wordpress.org/trunk@38015 602fd350-edb4-49c9-b593-d223f7449a82
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.
See #36921.
git-svn-id: https://develop.svn.wordpress.org/trunk@37537 602fd350-edb4-49c9-b593-d223f7449a82
Prevents a PHP warning by `WP_Filesystem_Direct::mkdir()` when installing a language pack which doesn't have subdirectories.
Props tfrommen.
Fixes#36570.
git-svn-id: https://develop.svn.wordpress.org/trunk@37421 602fd350-edb4-49c9-b593-d223f7449a82
Twelve years later, after no fewer than three themes have intentionally implemented popup comments in their functionality, before being abandoned for at least the last six years, we've reached a time where we can put this era behind us. A time when we can remove comment popup functionality from WordPress.
If this breaks the internet, I'll eat my hat.
Fixes#28617
git-svn-id: https://develop.svn.wordpress.org/trunk@35848 602fd350-edb4-49c9-b593-d223f7449a82
Keeping myhacks support is a small price to pay for not breaking people's sites. Even if it is very very very few sites, breaking sites isn't something that should be encouraged. Even with 10 years of deprecation notices.
https://core.trac.wordpress.org/ticket/33741#comment:18 outlines all the ways that the hack_file and my-hacks options can be setup and thus all the ways that the removal of those options could break sites.
Fixes#33741.
git-svn-id: https://develop.svn.wordpress.org/trunk@35688 602fd350-edb4-49c9-b593-d223f7449a82
This also switches from using `touch()` to using `fopen( $file, 'x')` to ensure that we're the process creating the file.
Fixes#34562
git-svn-id: https://develop.svn.wordpress.org/trunk@35644 602fd350-edb4-49c9-b593-d223f7449a82
