`wp_normalize_path()` is called thousands of times on a given request. This patch adds memoization via a function-local static variable. This reduces the call count to the underlying `wp_is_stream()` function, and measured in testing around a 66% cache hit rate.
In testing, for a site making 4000 calls to `wp_normalize_path()`, this patch led to a reduction in runtime from 1.4 ms to 0.4 ms on the test computer. While small, this time occurs early in the hotpath of the loading WordPress.
Developed in: https://github.com/WordPress/wordpress-develop/pull/10770
Discussed in: https://core.trac.wordpress.org/ticket/64538
Props dmsnell, josephscott, mreishus, westonruter.
Fixes#64538.
Built from https://develop.svn.wordpress.org/trunk@61857
git-svn-id: http://core.svn.wordpress.org/trunk@61144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change introduces PHPStan static analysis configured at [https://phpstan.org/user-guide/rule-levels rule level 0], which includes: "basic checks, unknown classes, unknown functions, unknown methods called on `$this`, wrong number of arguments passed to those methods and functions, always undefined variables". Contributors may elect for a higher PHPStan rule level by creating a `phpstan.neon` which overrides `phpstan.neon.dist`.
* Fix various PHPStan level 0 errors by adding `@phpstan-ignore` comments, updating PHPDoc types, and adding missing return values.
* Remove existing `@phpstan-ignore` comments that are now obsolete or inapplicable for level 0.
* Add a new GitHub Actions workflow for PHPStan Static Analysis. Reports are currently provided as warnings with inline annotations in pull requests and do not fail the build.
* Add a `phpstan` Grunt task and include it in the `precommit:php` task to run before `phpunit`.
* Introduce a `typecheck:php` npm script and a `composer phpstan` script to run analysis in local development environments.
* Add documentation for PHPStan usage in `tests/phpstan/README.md`.
Developed in https://github.com/WordPress/wordpress-develop/pull/10419
Props justlevine, westonruter, johnbillion, desrosj, SirLouen, dmsnell, oglekler, joehoyle, jorbin.
See #64238, #63268, #52217, #51423.
Fixes#61175.
Built from https://develop.svn.wordpress.org/trunk@61699
git-svn-id: http://core.svn.wordpress.org/trunk@61007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset allow developers to attach custom error handlers into `wp_trigger_error()` even if `WP_DEBUG` is not truthy.
It introduces two new hooks, making `wp_trigger_error()` consistent with what is available in `_doing_it_wrong`:
- `wp_trigger_error_always_run` always fires when the given function triggers a user-level error/warning/notice/deprecation message.
- `wp_trigger_error_trigger_error` filters whether to trigger the error.
Props kkmuffme, swissspidy, audrasjb.
Fixes#60886.
Built from https://develop.svn.wordpress.org/trunk@61688
git-svn-id: http://core.svn.wordpress.org/trunk@60996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit updates `wp_resolve_post_date()` to use a regular expression for parsing the date string into year, month, and day matches. This approach handles missing leading zeros more reliably than `substr()` while remaining performant (see #57683).
It also adds checks and type-casting to `wp_checkdate()` variables before passing them into PHP's `checkdate()` function to avoid the potential for a `TypeError` in PHP 8 and newer (see #54186).
Lastly, it includes 2 new unit tests (with data providers) to cover an array of valid and invalid date formats (YYYY-MM-DD, YYYY-MM-DD HH:MM:SS, ISO 8601, RSS, leap years, malformed inputs, etc...)
Props alordiel, desrosj, johnbillion, johnjamesjacoby, johnregan3, modius5150, nacin, pbearne.
Fixes#26798.
Built from https://develop.svn.wordpress.org/trunk@61172
git-svn-id: http://core.svn.wordpress.org/trunk@60508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Several PHP functions that have not been doing anything since PHP 8.0/8.1, specifically:
* `finfo_close()` since the `ext/fileinfo` migration in PHP 8.1
* `xml_parser_free()` since the `ext/xml` migration in PHP 8.0
* `curl_close()` since the `ext/curl` migration in PHP 8.0
* `curl_share_close()` since the `ext/curl` migration in PHP 8.0
* `imagedestroy()` since the `ext/gd` migration in PHP 8.0
will be deprecated in PHP 8.5 and will thus be throwing warnings.
This commit adds conditional checks to only call these functions on the relevant PHP versions.
Reference: [https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_no-op_functions_from_the_resource_to_object_conversion PHP RFC: Deprecations for PHP 8.5: Deprecate no-op functions from the resource to object conversion].
Props TobiasBg, SergeyBiryukov.
See #63061.
Built from https://develop.svn.wordpress.org/trunk@60703
git-svn-id: http://core.svn.wordpress.org/trunk@60039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Corrects the type for the `$time` and `$previous_time` parameters in the filter to indicate the times are expressed as strings. The values are generated from a call to `microtime()` which returns the time as a string in the form `msec sec`.
Props tillkruess, westonruter.
Fixes#63194.
Built from https://develop.svn.wordpress.org/trunk@60128
git-svn-id: http://core.svn.wordpress.org/trunk@59464 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Application passwords that aren't hashed using BLAKE2b should be checked using `wp_check_password()` rather than assuming they were hashed with phpass. This provides full back compat support for application passwords that were created via an overridden `wp_hash_password()` function that uses an alternative hashing algorithm.
Props snicco, debarghyabanerjee, peterwilsoncc, jorbin, johnbillion.
Fixes#63203
Built from https://develop.svn.wordpress.org/trunk@60123
git-svn-id: http://core.svn.wordpress.org/trunk@59459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes:
* Standardizing on the `bool` type for the `$gmt` parameter between `current_time()` and `date_i18n()`.
* Documenting `null` as an acceptable value for `$timestamp` and `$timezone` parameters in `wp_date()`.
* Removing a redundant note on the `$gmt` parameter for the `date_i18n` filter, as defaults are normally only documented for function parameters.
Follow-up to [1001], [9616], [28109], [45901].
Props dilipbheda.
Fixes#63207.
Built from https://develop.svn.wordpress.org/trunk@60119
git-svn-id: http://core.svn.wordpress.org/trunk@59455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This reduces the hash length from 32 bytes to 30 so the overall length of an activation key after encoding, prefixing, and prepending a timestamp fits into 60 bytes.
A key is also introduced for domain separation. This doesn't affect the output length.
Props dd32, paragoninitiativeenterprises, peterwilsoncc, johnbillion
Fixes#21022
Built from https://develop.svn.wordpress.org/trunk@59904
git-svn-id: http://core.svn.wordpress.org/trunk@59246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Passwords and security keys that were saved in prior versions of WordPress will continue to work. Each user's password will be opportunistically rehashed and resaved when they next subsequently log in using a valid password.
The following new functions have been introduced:
* `wp_password_needs_rehash()`
* `wp_fast_hash()`
* `wp_verify_fast_hash()`
The following new filters have been introduced:
* `password_needs_rehash`
* `wp_hash_password_algorithm`
* `wp_hash_password_options`
Props ayeshrajans, bgermann, dd32, deadduck169, desrosj, haozi, harrym, iandunn, jammycakes, joehoyle, johnbillion, mbijon, mojorob, mslavco, my1xt, nacin, otto42, paragoninitiativeenterprises, paulkevan, rmccue, ryanhellyer, scribu, swalkinshaw, synchro, th23, timothyblynjacobs, tomdxw, westi, xknown.
Additional thanks go to the Roots team, Soatok, Calvin Alkan, and Raphael Ahrens.
Fixes#21022, #44628
Built from https://develop.svn.wordpress.org/trunk@59828
git-svn-id: http://core.svn.wordpress.org/trunk@59170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset improves a bunch of error messages, notably replacing the good old cryptic "Something went wrong" message with more helpful information.
Props peterwilsoncc, netweb, karmatosed, JoshuaWold, mrtortai, audrasjb, sukhendu2002, joedolson.
Fixes#43622.
Built from https://develop.svn.wordpress.org/trunk@59790
git-svn-id: http://core.svn.wordpress.org/trunk@59132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The intention of these headers is to prevent any form of caching, whether that's in the browser or in an intermediate cache such as a proxy server. These directives instruct an intermediate cache to not store the response in their cache for any user – not just for logged-in users.
This does not affect the caching behaviour of assets within a page such as images, CSS, and JavaScript files.
Props kkmuffme, devansh2002, johnbillion.
Fixes#61942
Built from https://develop.svn.wordpress.org/trunk@59724
git-svn-id: http://core.svn.wordpress.org/trunk@59066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This sets the same referrer policy of `strict-origin-when-cross-origin` that's used in the admin area to prevent a referrer being sent to other origins. This helps prevent unwanted exposure of potentially sensitive information that may be contained within the URL.
The header can be disabled if necessary by removing the `wp_admin_headers` action from the `login_init` hook.
Props kkmuffme, sagarlakhani, albatross10
Fixes#62273
See #42036
Built from https://develop.svn.wordpress.org/trunk@59712
git-svn-id: http://core.svn.wordpress.org/trunk@59054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Partially reverts [59479] and [59461], which previously tried to move some functions from `wp-admin/includes/plugin.php` to `wp-includes/functions.php` so they are available early, so that `get_plugin_data()` can be used.
However, other functions from that file are often used by plugins without necessarily checking whether they are available, easily causing fatal errors. Requiring this file directly is a safer approach to avoid such errors.
Props peterwilsoncc, dd32, swissspidy, johnbillion.
Fixes#62244.
Built from https://develop.svn.wordpress.org/trunk@59488
git-svn-id: http://core.svn.wordpress.org/trunk@58874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a follow-up to [59461], which moved `get_plugin_data()` from `wp-admin/includes/plugin.php` to `wp-includes/functions.php` so it's available during the plugin loading process.
Related functions like `is_plugin_active()` are often used together and should therefore be moved as well, to improve backward compatibility for plugins which load `wp-admin/includes/plugin.php` only conditionally.
Props johnbillion, dd32, swissspidy.
See #62244.
Built from https://develop.svn.wordpress.org/trunk@59479
git-svn-id: http://core.svn.wordpress.org/trunk@58865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This addresses several instances of `gmdate( 'w' )` being used directly as an integer, when it's actually a numeric string. The issue is remediated by casting the value to `int` before use.
Affected functions:
* `get_calendar()`
* `get_weekstartend()`
Follow-up to [508], [1632].
Props justlevine.
See #52217.
Built from https://develop.svn.wordpress.org/trunk@59471
git-svn-id: http://core.svn.wordpress.org/trunk@58857 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In #34114, just-in-time (JIT) translation loading was implemented for projects hosted on WordPress.org. This is now expanded to all other plugins/themes.
Projects with a custom `Text Domain` and `Domain Path` header no longer need to call `load_plugin_textdomain()` or `load_theme_textdomain()`.
This reduces the risk of calling them too late, after some translation calls already happened, and generally makes it easier to properly internationalize a plugin or theme.
This moves the `get_plugin_data()` from `wp-admin/includes/plugin.php` to `wp-includes/functions.php` so it's available during the plugin loading process.
Props swissspidy.
Fixes#62244.
Built from https://develop.svn.wordpress.org/trunk@59461
git-svn-id: http://core.svn.wordpress.org/trunk@58847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When uploading `wav` files in the editor, Chrome and other browsers identify the mime type of the file as `audio/wav`. Firefox, however, identifies the mime type as `audio/x-wav`.
This commit updates the `'wav'` mime type key in `wp_get_mime_types()` to support `x-wav` so that uploading wav files work in Firefox. Previously, the editor reported an unsupported mime type error.
Props imranh920, ramonopoly.
Fixes #61948.
Built from https://develop.svn.wordpress.org/trunk@59389
git-svn-id: http://core.svn.wordpress.org/trunk@58775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
