In all four of the `get_option()`, `add_option()`, `update_option()` and `delete_option()` functions, the `$option` parameter (i.e. the option name) is passed to the PHP native `trim()` function without prior input validation.
In PHP 8.1, this could lead to a `trim(): Passing null to parameter #1 ($string) of type string is deprecated` for each of these functions.
`trim()`:
- expects a text string and is only useful when ''passed'' a text string as no other variable type can contain whitespace.
- will always return a `string`, which means that in practice for any non-string values passed, it would effectively function as a type cast to string.
This commit:
- Adds a check to verify the `$option` name is a scalar before processing it with `trim()`.
- The "type cast" behavior is maintained.
- If the given `$option` name is not a scalar, such as `null`, the fix prevents the PHP 8.1 deprecation notice.
- Tests are added for valid but undesired option names to safeguard against regressions.
This issue is already covered by:
- the existing `Tests_Option_Option::test_bad_option_names()` test group.
- the new `test_valid_but_undesired_option_names()` tests.
Follow-up to [13858], [22633], [23510], [25002], [51817].
Props jrf, hellofromTonya, pbearne.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51818 602fd350-edb4-49c9-b593-d223f7449a82
The existing tests were running multiple functions through a `foreach()`. If any test failed, it would bail out and not test against the other scenarios.
This commit:
- Moves the scenarios to a data provider with named data sets, i.e. to ensure all scenarios are run and tested regardless if any fail.
- Splits each function under test into individual test methods.
- Adds a float scenario.
- Adds method visibility modifiers.
Follow-up to [25002].
Props jrf, hellofromTonya, pbearne.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51817 602fd350-edb4-49c9-b593-d223f7449a82
The shortcode content is expected to be a string, not `null`. `do_shortcode()` expects a string for `$content`.
The `img_caption_shortcode()` also expects a string for the `$content` parameter and is expected to return a string for the HTML content to display the caption.
Prior to this commit:
The default value for the `$content` parameter was set to `null`. If no `$content` was passed, the function:
- could return `null` when the `$atts['width'] < 1` or there was no caption
- else, it invoked `do_shortcode( $content )` passing `null` which on PHP 8.1+ triggers a deprecation notice:
{{{
strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated
}}}
This commit:
- Fixes the default `$content` value to align to the expected shortcode content of `string`, not `null`.
- Fixes the PHP 8.1 deprecation notice when `null` was being passed to `do_shortcode()`.
- Changes the assertion in a couple of tests to check for the empty string instead of `null.
Follow-up to [8196], [8925], [8239], [26915], [31530], [42704].
Props jrf, hellofromTonya, azaozz, joedolson.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51816 602fd350-edb4-49c9-b593-d223f7449a82
This commit:
* Removes the use of `realpath()` to prevent issues with WSL and other virtualized filesystems.
* Changes the logic of the Polyfill bootstrap loading to expect an absolute path, rather than a relative path to the root directory of the PHPUnit Polyfills library.
* Adjusts the relevant inline documentation and error messages to expect an absolute path.
* Breaks up error messages into smaller line lengths for readability.
Follow-up to [51598], [51810], [51811], [51812].
Props jrf, schlessera, hellofromTonya, jeherve, lucatume.
See #46149.
git-svn-id: https://develop.svn.wordpress.org/trunk@51813 602fd350-edb4-49c9-b593-d223f7449a82
Previously, two situations were taken in to account:
1. The `WP_TESTS_PHPUNIT_POLYFILLS_PATH` constant is defined => just show a message about the version mismatch.
2. The constant is not defined => show a message to run `composer update`. This message is intended for people trying to run the WP Core tests.
This could lead to an unclear situation for people trying to run plugin/theme integration tests without the new `WP_TESTS_PHPUNIT_POLYFILLS_PATH` constant being defined.
They could be shown the message to run `composer update` while if they would do so for their local install without adding the Polyfills, the message would still display the next time they would attempt to run the tests.
This commit:
1. Provides more information about the PHPUnit Polyfills version detected vs the version expected.
2. Shows a more specific message to guide users which have the `WP_TESTS_PHPUNIT_POLYFILLS_PATH` constant declared.
3. Only shows the message to run `composer update` when the `WP_RUN_CORE_TESTS` constant is declared to prevent confusing people more.
Follow-up to [51598], [51810], [51811].
Props jrf, schlessera, hellofromTonya, jeherve, lucatume.
See #46149.
git-svn-id: https://develop.svn.wordpress.org/trunk@51812 602fd350-edb4-49c9-b593-d223f7449a82
Previously, two situations were taken in to account:
1. The `WP_TESTS_PHPUNIT_POLYFILLS_PATH` constant is defined => show message specific to that constant not being set correctly.
This message would typically be shown for plugin/theme integration tests which are already aware of the changes in WP 5.9.
2. The constant is not defined => show a message to run `composer update`.
This message is intended for people trying to run the WP Core tests.
This left two situations unaccounted for:
- Someone trying to run the WP Core tests, but not having set the `WP_RUN_CORE_TESTS` constant or not having set it to `1`.
- Someone trying to run plugin/theme integration tests without the new `WP_TESTS_PHPUNIT_POLYFILLS_PATH` constant being defined as they are not (yet) aware of the changes made in WP 5.9.
The changes made in this commit, are intended to improve the error messages displayed in those situations.
Follow-up to [51598], [51810].
Props jrf, schlessera, hellofromTonya, jeherve, lucatume.
See #46149.
git-svn-id: https://develop.svn.wordpress.org/trunk@51811 602fd350-edb4-49c9-b593-d223f7449a82
The constant `WP_TESTS_PHPUNIT_POLYFILLS_PATH` is intended to contain the path to the root directory of the PHPUnit Polyfills library without trailing slash.
The code already took into account that the value could potentially include a trailing slash.
Now it will also take into account if it is accidentally set to point to the autoload file instead of the path.
Follow-up to [51598].
Props jrf, schlessera, hellofromTonya, jeherve, lucatume.
See #46149.
git-svn-id: https://develop.svn.wordpress.org/trunk@51810 602fd350-edb4-49c9-b593-d223f7449a82
The `Tests_Admin_IncludesPlugin::_create_plugin()` expects the first parameter to be a text string to be written to a plugin file using `fwrite()`.
Passing null causes a `fwrite(): Passing null to parameter #2 ($data) of type string is deprecated` notice.
Ref: https://www.php.net/manual/en/function.fwrite
Follow-up to [31002]. [41806].
Props jrf, hellofromTonya.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51800 602fd350-edb4-49c9-b593-d223f7449a82
Adds a new dedicated test file.
Adds a test to check that various input types passed to `wpdb::_real_escape()` are handled correctly.
Note: This new test does not test the actual escaping or other logic in the function. Rather, it just and only tests and documents how the function handles various input types.
Props jrf, hellofromTonya.
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51798 602fd350-edb4-49c9-b593-d223f7449a82
Adds a few more invalid IP test cases.
Adds extra `@covers` tag for the two functions which are testing the `wp_privacy_anonymize_ip()` function.
(At class level, the `wp_privacy_anonymize_data()` is set as covered).
Follow-up to [42971].
Props jrf, hellofromTonya.
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51792 602fd350-edb4-49c9-b593-d223f7449a82
While the new name is much better, it doesn't fully tell what will happen when invoked nor does it fully solve the root problems.
Why? The function is doing too much. And naming is hard.
Props azaozz, desrosj, andraganescu, zieladam, hellofromTonya.
See #53811.
git-svn-id: https://develop.svn.wordpress.org/trunk@51791 602fd350-edb4-49c9-b593-d223f7449a82
This allows custom user meta values to be provided when creating or updating a user in the same way custom post meta can be provided to `wp_insert_post()` when creating or updating a post.
Also introduces the `insert_custom_user_meta` to filter these values.
Props desrosj, donmhico
Fixes#41950
git-svn-id: https://develop.svn.wordpress.org/trunk@51738 602fd350-edb4-49c9-b593-d223f7449a82
Adds missing and moves placement of existing @covers tags for consistency.
Follow-up to [40607], [42726], [49145].
Props pbearne, jrf, hellofromTonya.
See #39265.
git-svn-id: https://develop.svn.wordpress.org/trunk@51725 602fd350-edb4-49c9-b593-d223f7449a82
The original name `retrieve_widgets()` was unclear as it suggested it was a getter, i.e. getting the widgets. This function does more than get: finds orphaned widgets, assigns them to the inactive sidebar, and updates the database.
The new name is `sync_registered_widgets()` which better represents what happens when this function is invoked.
The original `retrieve_widgets()` function is soft deprecated to avoid unnecessary code churn downstream for developers that support more than the latest version of WordPress.
Follow-up to [18630].
Props zieladam, timothyblynjacobs, andraganescu, hellofromTonya.
See #53811.
git-svn-id: https://develop.svn.wordpress.org/trunk@51705 602fd350-edb4-49c9-b593-d223f7449a82
The `assertDiscardWhitespace()` method uses `assertEquals()` under the hood, meaning that in reality any type of actual/expected value should be accepted by the function. Fixed the documentation to reflect that.
At the same time, only strings can contain whitespace differences. So the whitespace replacement should only be done when string values are passed.
This change (a) prevents potential `passing null to non-nullable` errors on PHP 8.1, if either of the inputs would turn out to be `null` and (b) increases tests stability.
Follow-up to [35003], [44902].
Props jrf.
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51698 602fd350-edb4-49c9-b593-d223f7449a82
The following changes improve tests stability.
The `assertEqualFields()` method expects an object and a fields array as inputs and subsequently approaches the received parameters as such, but did not verify whether the received parameters are of the expected types.
Along the same lines, the `assertSameSets()`, `assertEqualSets()`, `assertSameSetsWithIndex()` and the `assertEqualSetsWithIndex()` methods all expect arrays for both the actual as well as the expected values and uses the array function `[k]sort()` on both, but never verified that the received inputs were actually arrays, which could lead to PHP errors on the sorting function calls.
Follow-up to [30687], [42343], [48937], [48939], [51480], [51481].
Props jrf.
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51697 602fd350-edb4-49c9-b593-d223f7449a82
The private `_set_cron_array()` function expects a cron array as the first parameter, but will often be passed the - potentially updated - output of a call to `_get_cron_array()`.
When the `_get_cron_array()` function returns `false`, a "Deprecated: Automatic conversion of false to array is deprecated" warning will be thrown on PHP 8.1.
The input validation resolves the deprecation warning by setting the cron value to an empty array when not given an `array` data type.
Adds a full set of `_set_cron_array()` tests.
Follow-up to [4189], [50152].
Props jrf, hellofromTonya, peterwilsoncc.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51695 602fd350-edb4-49c9-b593-d223f7449a82
The `serializeAttributes()` function in JavaScript uses `JSON.stringify`, which does not encode slashes and unicode characters by default. This resulted in the PHP serialization through `json_encode()` producing different results.
This also switches from `json_encode()` to `wp_json_encode()` to prevent failures when any non UTF-8 characters are included.
Props kevinfodness, SergeyBiryukov, timothyblynjacobs.
Fixes#53936.
git-svn-id: https://develop.svn.wordpress.org/trunk@51674 602fd350-edb4-49c9-b593-d223f7449a82
The PHPUnit tests are/should generally be run on the `src` directory, so changes just made can be tested. While testing via the `build` directory is also still supported, this is not the default.
This was last changed in [50441], but that commit did not remove/update the error message thrown by the test bootstrap file.
This last change also did not take into account that that change meant that people had to update their own `wp`tests-config.php` file to match the change made in Core and would otherwise still get the outdated error message.
This commit changes the messaging in the test bootstrap file to be more in line with the current reality, while still accounting for the fact that tests can be run from both `src` as well as `build`.
Follow-up to [49569], [50441], [51581].
Props jrf, hellofromTonya.
git-svn-id: https://develop.svn.wordpress.org/trunk@51669 602fd350-edb4-49c9-b593-d223f7449a82
The tests were partially duplicated in two separate files, and are now located in their own file.
Follow-up to [431/tests], [28900], [38928], [42527], [51663].
See #53363, #53987.
git-svn-id: https://develop.svn.wordpress.org/trunk@51664 602fd350-edb4-49c9-b593-d223f7449a82
When a closure does not use `$this`, it can be made `static` for improved performance.
Static closures are supported in PHP since PHP 5.4.
Props jrf, hellofromTonya, swissspidy, SergeyBiryukov.
See #53359.
git-svn-id: https://develop.svn.wordpress.org/trunk@51657 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that the class is loaded once before the first test of the test case class is run, and `require_once()` is not unnecessarily called for each test method individually.
Follow-up to [40607], [51628].
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51641 602fd350-edb4-49c9-b593-d223f7449a82
The following warnings could, in very select circumstances, be shown:
{{{
// PHP 8.0 and higher:
Warning: foreach() argument must be of type array|object, bool given
// PHP 5.6 – 7.4
Warning: Invalid argument supplied for foreach()
}}}
In `WP_Media_List_Table::prepare_items()`, the cron info array is retrieved via a call to `_get_cron_array()`, but as the documentation (correctly) states, the return type of that function is `array|false`, where `false` is returned for a virgin site, with no cron jobs scheduled yet.
However, no type check is done on the return value, and the method just blindly continues by using it in a `foreach`.
Fixed by adding validation for the returned value from `_get_cron_array()` and only running the `foreach` when the returned value is an array.
Reference: [https://developer.wordpress.org/reference/functions/_get_cron_array/ WordPress Developer Resources: _get_cron_array()]
Follow-up to [48417].
Props jrf, hellofromTonya, mukesh27.
Fixes#53949.
git-svn-id: https://develop.svn.wordpress.org/trunk@51638 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that the class is loaded once before the first test of the test case class is run, and `require_once()` is not unnecessarily called for each test method individually.
Follow-up to [1106/tests].
See #53363.
git-svn-id: https://develop.svn.wordpress.org/trunk@51628 602fd350-edb4-49c9-b593-d223f7449a82
Since the `pathinfo()` function accepts a string, checking for that specifically is more consistent with similar checks elsewhere in core.
Follow-up to [51606], [51622], [51626].
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51627 602fd350-edb4-49c9-b593-d223f7449a82
As per the PHP manual:
> If the `component` parameter is omitted, an associative array is returned.
> If the `component` parameter is specified, `parse_url()` returns a string (or an int, in the case of `PHP_URL_PORT`) instead of an array. If the requested component doesn't exist within the given URL, `null` will be returned.
Reference: [https://www.php.net/manual/en/function.parse-url.php#refsect1-function.parse-url-returnvalues PHP Manual: parse_url(): Return Values]
This commit adds three unit tests for `download_url()`:
* The first test is "girl-scouting" to make sure that the code up to the point where the error is expected is tested.
* The second test exposed a PHP 8.1 `basename(): Passing null to parameter #1 ($path) of type string is deprecated` error due to the call to `parse_url()` returning `null` when the component requested does not exist in the passed URL.
* The output of the call to `parse_url()` stored in the `$url_path` variable is used in more places in the function logic. The third test exposes a second PHP 8.1 deprecation notice, this time for `substr(): Passing null to parameter #1 ($string) of type string is deprecated`.
This commit also removes duplicate `parse_url()` calls. Neither `$url` nor `$url_filename` are changed between when they are first received/defined and when they are re-used, so there is no need to repeat the function calls.
Follow-up to [51606], [51622].
Props jrf, hellofromTonya, SergeyBiryukov.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51626 602fd350-edb4-49c9-b593-d223f7449a82
This fixes `parse_str(): Passing null to parameter #1 ($string) of type string is deprecated` notices on PHP 8.1, without change in behaviour.
Impact: 311 of the pre-existing tests are affected by this issue.
The PHP native `parse_str()` function expects a string, however, based on the failing tests, it is clear there are functions in WordPress which passes a non-string – including `null` – value to the `wp_parse_str()` function, which would subsequently pass it onto the PHP native function without further input validation.
Most notable offender is the `wp_parse_args()` function which special cases arrays and objects, but passes everything else off to `wp_parse_str()`.
Several ways to fix this issue have been explored, including checking the received value with `is_string()` or `is_scalar()` before passing it off to the PHP native `parse_str()` function.
In the end it was decided against these in favor of a string cast as:
* `is_string()` would significantly change the behavior for anything non-string.
* `is_scalar()` up to a point as well, as it does not take objects with a `__toString()` method into account.
Executing a string cast on the received value before passing it on maintains the pre-existing behavior while still preventing the deprecation notice coming from PHP 8.1.
Reference: [https://www.php.net/manual/en/function.parse-str.php PHP Manual: parse_str()]
Follow-up to [5709].
Props jrf, hellofromTonya, lucatume, SergeyBiryukov.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51624 602fd350-edb4-49c9-b593-d223f7449a82
As per the PHP manual:
> If the `component` parameter is omitted, an associative array is returned.
> If the `component` parameter is specified, `parse_url()` returns a string (or an int, in the case of `PHP_URL_PORT`) instead of an array. If the requested component doesn't exist within the given URL, `null` will be returned.
Reference: [https://www.php.net/manual/en/function.parse-url.php#refsect1-function.parse-url-returnvalues PHP Manual: parse_url(): Return Values]
In this case, `parse_url()` is called with the `PHP_URL_PATH` as `$component`. This will return `null` in the majority of cases, as – exсept for subdirectory-based sites – `home_url()` returns a URL without the trailing slash, like `http://example.org`.
The return value of `parse_url()` was subsequently passed to `trim()`, leading to a `trim(): Passing null to parameter #1 ($string) of type string is deprecated` notice on PHP 8.1.
Fixed by adjusting the logic flow to:
* Only pass the return value of `parse_url()` to follow-on functions if it makes sense, i.e. if it isn't `null`, nor an empty string.
* Preventing calls to `preg_replace()` and `trim()` further down in the function logic flow, when `preg_replace()`/`trim()` would have nothing to do anyhow.
Follow-up to [25617].
Props jrf, hellofromTonya, SergeyBiryukov.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51622 602fd350-edb4-49c9-b593-d223f7449a82
This fixes a "Deprecated: Automatic conversion of false to array is deprecated" warning on PHP 8.1.
In `wp_schedule_event()`, the cron info array is retrieved via a call to `_get_cron_array()`, but as the documentation (correctly) states, the return type of that function is `array|false`, where `false` is returned for a virgin site, with no cron jobs scheduled yet.
However, no type check is done on the return value, and the `wp_schedule_event()` function just blindly continues by assigning a value to a subkey of the `$crons` "array".
Fixed by adding validation for the returned value from `_get_cron_array()` and initializing an empty array if `false` was returned.
Reference: [https://developer.wordpress.org/reference/functions/_get_cron_array/ WordPress Developer Resources: _get_cron_array()]
Props jrf, hellofromTonya, lucatume, pbearne, iluy, pedromendonca, SergeyBiryukov.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51619 602fd350-edb4-49c9-b593-d223f7449a82
Update the `wp_die_handler()` method to pass the response into `WPDieException` so that `expectExceptionCode()` calls work as expected.
Follow-up to [1221/tests], [3934], [4009], [12309].
Props pbearne, jrf, mukesh27.
Fixes#53882.
git-svn-id: https://develop.svn.wordpress.org/trunk@51608 602fd350-edb4-49c9-b593-d223f7449a82
As per the PHP manual:
> If the `component` parameter is omitted, an associative array is returned.
> If the `component` parameter is specified, `parse_url()` returns a string (or an int, in the case of `PHP_URL_PORT`) instead of an array. If the requested component doesn't exist within the given URL, `null` will be returned.
Reference: [https://www.php.net/manual/en/function.parse-url.php#refsect1-function.parse-url-returnvalues PHP Manual: parse_url(): Return Values]
In this case, `parse_url()` is called with the `PHP_URL_PATH` as `$component`, but the returned value is subsequently checked against `false`.
In other words, this condition would previously always result in `true` and would lead to `null` potentially being passed to the PHP native `pathinfo()` function which expects a string.
On PHP 8.1, this would result in a test failure with a `pathinfo(): Passing null to parameter #1 ($path) of type string is deprecated` error.
Reference: [https://www.php.net/manual/en/function.pathinfo.php PHP Manual: pathinfo()]
Follow-up to [46175].
Props jrf.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51606 602fd350-edb4-49c9-b593-d223f7449a82
The `WP_UnitTestCase_Base::checkRequirements()` method calls the `parent::checkRequirements()` method, but this method became `private` in PHPUnit 7.0 via commit [932238a6a3sebastianbergmann/phpunit@932238a].
Aside from that, the `TestCase::getAnnotations()` method which is called next is now also removed in PHPUnit 9.5.
WP core does not use the method anymore, and the method only remains to prevent potentially breaking external integration tests relying on the method. However, in effect, the method is not functional anymore in PHPUnit 7.0+.
Follow-up to [893/tests], [894/tests], [896/tests], [918/tests], [30526], [40520], [40564], [43005], [44701], [51559-51577].
Props jrf.
See #46149.
git-svn-id: https://develop.svn.wordpress.org/trunk@51605 602fd350-edb4-49c9-b593-d223f7449a82
The `WP_UnitTestCase_Base::checkRequirements()` method calls the `parent::checkRequirements()` method, but this method became `private` in PHPUnit 7.0 via commit [932238a6a3sebastianbergmann/phpunit@932238a].
Aside from that, the `TestCase::getAnnotations()` method which is called next is now also removed in PHPUnit 9.5.
WP core does not use the method anymore, and the method only remains to prevent potentially breaking external integration tests relying on the method. However, in effect, the method is not functional anymore in PHPUnit 7.0+.
Follow-up to [893/tests], [894/tests], [896/tests], [918/tests], [30526], [40520], [40564], [43005], [44701], [51559-51577].
Props jrf.
See #46149.
git-svn-id: https://develop.svn.wordpress.org/trunk@51602 602fd350-edb4-49c9-b593-d223f7449a82
