Include 4 6.8-branch commits

imath · imath · commit 77bea11fa0dc · 2025-05-14T18:36:48.000+02:00
Commit list: 01c10003eb6149ec2786ec27fbcdcd819a30a327 5b37e6aff11f4cb278a8265160afb4cda1ae3cf7 d75f025337fdc3b7dab5ba951152c4b7e66532cd b024026e8146803d5246e6cc925426c87ad71a79 See #60
diff --git a/wp-admin/includes/class-wp-debug-data.php b/wp-admin/includes/class-wp-debug-data.php
@@ -484,19 +484,19 @@ private static function get_wp_server(): array {
 			$robotstxt_debug = true;
 
 			/* translators: %s: robots.txt */
-			$robotstxt_string = sprintf( __( 'There is a static %s file in your installation folder. WordPress can not dynamicly serve one.' ), 'robots.txt' );
+			$robotstxt_string = sprintf( __( 'There is a static %s file in your installation folder. Retraceur cannot dynamically serve one.' ), 'robots.txt' );
 		} elseif ( got_url_rewrite() ) {
 			// No robots.txt file available and rewrite rules in place, turn debug info to false.
 			$robotstxt_debug = false;
 
 			/* translators: %s: robots.txt */
-			$robotstxt_string = sprintf( __( 'Your site is using the dynamic %s file which is generated by WordPress.' ), 'robots.txt' );
+			$robotstxt_string = sprintf( __( 'Your site is using the dynamic %s file which is generated by Retraceur.' ), 'robots.txt' );
 		} else {
 			// No robots.txt file, but without rewrite rules WP can't serve one.
 			$robotstxt_debug = true;
 
 			/* translators: %s: robots.txt */
-			$robotstxt_string = sprintf( __( 'WordPress can not dynamicly serve a %s file due to a lack of rewrite rule support' ), 'robots.txt' );
+			$robotstxt_string = sprintf( __( 'Retraceur cannot dynamically serve a %s file due to a lack of rewrite rule support' ), 'robots.txt' );
 
 		}
 		$fields['static_robotstxt_file'] = array(
diff --git a/wp-admin/includes/misc.php b/wp-admin/includes/misc.php
@@ -427,7 +427,7 @@ function show_message( $message ) {
  * @since WP 2.8.0
  *
  * @param string $content
- * @return array
+ * @return string[] Array of function names.
  */
 function wp_doc_link_parse( $content ) {
 	if ( ! is_string( $content ) || empty( $content ) ) {
diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php
@@ -483,7 +483,13 @@ function edit_post( $post_data = null ) {
  *
  * @param array|null $post_data Optional. The array of post data to process.
  *                              Defaults to the `$_POST` superglobal.
- * @return array
+ * @return array {
+ *     An array of updated, skipped, and locked post IDs.
+ *
+ *     @type int[] $updated An array of updated post IDs.
+ *     @type int[] $skipped An array of skipped post IDs.
+ *     @type int[] $locked  An array of locked post IDs.
+ * }
  */
 function bulk_edit_posts( $post_data = null ) {
 	global $wpdb;
@@ -1192,7 +1198,7 @@ function get_available_post_statuses( $type = 'post' ) {
  *
  * @param array|false $q Optional. Array of query variables to use to build the query.
  *                       Defaults to the `$_GET` superglobal.
- * @return array
+ * @return string[] An array of all the statuses for the queried post type.
  */
 function wp_edit_posts_query( $q = false ) {
 	if ( false === $q ) {
@@ -1364,7 +1370,12 @@ function wp_edit_attachments_query_vars( $q = false ) {
  *
  * @param array|false $q Optional. Array of query variables to use to build the query.
  *                       Defaults to the `$_GET` superglobal.
- * @return array
+ * @return array {
+ *     Array containing the post mime types and available post mime types.
+ *
+ *     @type array[]  $post_mime_types       Post mime types.
+ *     @type string[] $avail_post_mime_types Available post mime types.
+ * }
  */
 function wp_edit_attachments_query( $q = false ) {
 	wp( wp_edit_attachments_query_vars( $q ) );
diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php
@@ -313,7 +313,7 @@ function get_users_drafts( $user_id ) {
 	$query = $wpdb->prepare( "SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id );
 
 	/**
-	 * Filters the user's drafts query string.
+	 * Filters the SQL query string for the user's drafts query.
 	 *
 	 * @since WP 2.0.0
 	 *
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
@@ -2283,7 +2283,6 @@ function wp_hash_password(
 	 * @since WP 2.5.0
 	 * @since WP 6.8.0 Passwords in WordPress are now hashed with bcrypt by default. A
 	 *                 password that wasn't hashed with bcrypt will be checked with phpass.
-	 *                 Passwords hashed with md5 are no longer supported.
 	 *
 	 * @global PasswordHash $wp_hasher phpass object. Used as a fallback for verifying
 	 *                                 passwords that were hashed with phpass.
@@ -2301,30 +2300,14 @@ function wp_check_password(
 	) {
 		global $wp_hasher;
 
-		$check = false;
-
-		// If the hash is still md5 or otherwise truncated then invalidate it.
 		if ( strlen( $hash ) <= 32 ) {
-			/**
-			 * Filters whether the plaintext password matches the hashed password.
-			 *
-			 * @since WP 2.5.0
-			 * @since WP 6.8.0 Passwords are now hashed with bcrypt by default.
-			 *                 Old passwords may still be hashed with phpass.
-			 *
-			 * @param bool       $check    Whether the passwords match.
-			 * @param string     $password The plaintext password.
-			 * @param string     $hash     The hashed password.
-			 * @param string|int $user_id  Optional ID of a user associated with the password.
-			 *                             Can be empty.
-			 */
-			return apply_filters( 'check_password', $check, $password, $hash, $user_id );
-		}
-
-		if ( ! empty( $wp_hasher ) ) {
+			// Check the hash using md5 regardless of the current hashing mechanism.
+			$check = hash_equals( $hash, md5( $password ) );
+		} elseif ( ! empty( $wp_hasher ) ) {
 			// Check the password using the overridden hasher.
 			$check = $wp_hasher->CheckPassword( $password, $hash );
 		} elseif ( strlen( $password ) > 4096 ) {
+			// Passwords longer than 4096 characters are not supported.
 			$check = false;
 		} elseif ( str_starts_with( $hash, '$wp' ) ) {
 			// Check the password using the current prefixed hash.
@@ -2339,7 +2322,19 @@ function wp_check_password(
 			$check = password_verify( $password, $hash );
 		}
 
-		/** This filter is documented in wp-includes/pluggable.php */
+		/**
+		 * Filters whether the plaintext password matches the hashed password.
+		 *
+		 * @since WP 2.5.0
+		 * @since WP 6.8.0 Passwords are now hashed with bcrypt by default.
+		 *                 Old passwords may still be hashed with phpass or md5.
+		 *
+		 * @param bool       $check    Whether the passwords match.
+		 * @param string     $password The plaintext password.
+		 * @param string     $hash     The hashed password.
+		 * @param string|int $user_id  Optional ID of a user associated with the password.
+		 *                             Can be empty.
+		 */
 		return apply_filters( 'check_password', $check, $password, $hash, $user_id );
 	}
 endif;
diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
@@ -259,6 +259,7 @@ public function get_items_permissions_check( $request ) {
 	 * Retrieves all users.
 	 *
 	 * @since WP 4.7.0
+	 * @since WP 6.8.0 Added support for the search_columns query param.
 	 *
 	 * @param WP_REST_Request $request Full details about the request.
 	 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
@@ -333,6 +334,27 @@ public function get_items( $request ) {
 			if ( ! current_user_can( 'list_users' ) ) {
 				$prepared_args['search_columns'] = array( 'ID', 'user_login', 'user_nicename', 'display_name' );
 			}
+			$search_columns         = $request->get_param( 'search_columns' );
+			$valid_columns          = isset( $prepared_args['search_columns'] )
+				? $prepared_args['search_columns']
+				: array( 'ID', 'user_login', 'user_nicename', 'user_email', 'display_name' );
+			$search_columns_mapping = array(
+				'id'       => 'ID',
+				'username' => 'user_login',
+				'slug'     => 'user_nicename',
+				'email'    => 'user_email',
+				'name'     => 'display_name',
+			);
+			$search_columns         = array_map(
+				static function ( $column ) use ( $search_columns_mapping ) {
+					return $search_columns_mapping[ $column ];
+				},
+				$search_columns
+			);
+			$search_columns         = array_intersect( $search_columns, $valid_columns );
+			if ( ! empty( $search_columns ) ) {
+				$prepared_args['search_columns'] = $search_columns;
+			}
 			$prepared_args['search'] = '*' . $prepared_args['search'] . '*';
 		}
 		/**
@@ -1613,6 +1635,16 @@ public function get_collection_params() {
 			),
 		);
 
+		$query_params['search_columns'] = array(
+			'default'     => array(),
+			'description' => __( 'Array of column names to be searched.' ),
+			'type'        => 'array',
+			'items'       => array(
+				'enum' => array( 'email', 'name', 'id', 'username', 'slug' ),
+				'type' => 'string',
+			),
+		);
+
 		/**
 		 * Filters REST API collection parameters for the users controller.
 		 *
diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php
@@ -1716,7 +1716,7 @@ function wp_style_loader_src( $src, $handle ) {
  *
  * @global bool $concatenate_scripts
  *
- * @return array
+ * @return string[] Handles of the scripts that were printed.
  */
 function print_head_scripts() {
 	global $concatenate_scripts;
@@ -1755,7 +1755,7 @@ function print_head_scripts() {
  * @global WP_Scripts $wp_scripts
  * @global bool       $concatenate_scripts
  *
- * @return array
+ * @return string[] Handles of the scripts that were printed.
  */
 function print_footer_scripts() {
 	global $wp_scripts, $concatenate_scripts;
@@ -1836,7 +1836,7 @@ function _print_scripts() {
  *
  * @global WP_Scripts $wp_scripts
  *
- * @return array
+ * @return string[] Handles of the scripts that were printed.
  */
 function wp_print_head_scripts() {
 	global $wp_scripts;
@@ -1901,7 +1901,7 @@ function wp_enqueue_scripts() {
  *
  * @global bool $concatenate_scripts
  *
- * @return array
+ * @return string[] Handles of the styles that were printed.
  */
 function print_admin_styles() {
 	global $concatenate_scripts;
diff --git a/wp-includes/update.php b/wp-includes/update.php
@@ -819,7 +819,12 @@ function retraceur_is_updater_enabled() {
  *
  * @since WP 3.3.0
  *
- * @return array
+ * @return array {
+ *     Fetched update data.
+ *
+ *     @type int[]   $counts       An array of counts for available plugin, theme, and WordPress updates.
+ *     @type string  $update_title Titles of available updates.
+ * }
  */
 function wp_get_update_data() {
 	$counts = array(

Original file line number	Diff line number	Diff line change
`@@ -427,7 +427,7 @@ function show_message( $message ) {`
`427`	`427`	`* @since WP 2.8.0`
`428`	`428`	`*`
`429`	`429`	`* @param string $content`
`430`		`- * @return array`
	`430`	`+ * @return string[] Array of function names.`
`431`	`431`	`*/`
`432`	`432`	`function wp_doc_link_parse( $content ) {`
`433`	`433`	`if ( ! is_string( $content ) \|\| empty( $content ) ) {`
Original file line number	Diff line number	Diff line change
`@@ -313,7 +313,7 @@ function get_users_drafts( $user_id ) {`
`313`	`313`	`$query = $wpdb->prepare( "SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id );`
`314`	`314`
`315`	`315`	`/**`
`316`		`- * Filters the user's drafts query string.`
	`316`	`+ * Filters the SQL query string for the user's drafts query.`
`317`	`317`	`*`
`318`	`318`	`* @since WP 2.0.0`
`319`	`319`	`*`
Original file line number	Diff line number	Diff line change
`@@ -1716,7 +1716,7 @@ function wp_style_loader_src( $src, $handle ) {`
`1716`	`1716`	`*`
`1717`	`1717`	`* @global bool $concatenate_scripts`
`1718`	`1718`	`*`
`1719`		`- * @return array`
	`1719`	`+ * @return string[] Handles of the scripts that were printed.`
`1720`	`1720`	`*/`
`1721`	`1721`	`function print_head_scripts() {`
`1722`	`1722`	`global $concatenate_scripts;`
`@@ -1755,7 +1755,7 @@ function print_head_scripts() {`
`1755`	`1755`	`* @global WP_Scripts $wp_scripts`
`1756`	`1756`	`* @global bool $concatenate_scripts`
`1757`	`1757`	`*`
`1758`		`- * @return array`
	`1758`	`+ * @return string[] Handles of the scripts that were printed.`
`1759`	`1759`	`*/`
`1760`	`1760`	`function print_footer_scripts() {`
`1761`	`1761`	`global $wp_scripts, $concatenate_scripts;`
`@@ -1836,7 +1836,7 @@ function _print_scripts() {`
`1836`	`1836`	`*`
`1837`	`1837`	`* @global WP_Scripts $wp_scripts`
`1838`	`1838`	`*`
`1839`		`- * @return array`
	`1839`	`+ * @return string[] Handles of the scripts that were printed.`
`1840`	`1840`	`*/`
`1841`	`1841`	`function wp_print_head_scripts() {`
`1842`	`1842`	`global $wp_scripts;`
`@@ -1901,7 +1901,7 @@ function wp_enqueue_scripts() {`
`1901`	`1901`	`*`
`1902`	`1902`	`* @global bool $concatenate_scripts`
`1903`	`1903`	`*`
`1904`		`- * @return array`
	`1904`	`+ * @return string[] Handles of the styles that were printed.`
`1905`	`1905`	`*/`
`1906`	`1906`	`function print_admin_styles() {`
`1907`	`1907`	`global $concatenate_scripts;`
Original file line number	Diff line number	Diff line change
`@@ -819,7 +819,12 @@ function retraceur_is_updater_enabled() {`
`819`	`819`	`*`
`820`	`820`	`* @since WP 3.3.0`
`821`	`821`	`*`
`822`		`- * @return array`
	`822`	`+ * @return array {`
	`823`	`+ * Fetched update data.`
	`824`	`+ *`
	`825`	`+ * @type int[] $counts An array of counts for available plugin, theme, and WordPress updates.`
	`826`	`+ * @type string $update_title Titles of available updates.`
	`827`	`+ * }`
`823`	`828`	`*/`
`824`	`829`	`function wp_get_update_data() {`
`825`	`830`	`$counts = array(`