diff -r 48c4eec2b7e6 -r 8c2e4d02f4ef wp/wp-admin/includes/upgrade.php --- a/wp/wp-admin/includes/upgrade.php Fri Sep 05 18:40:08 2025 +0200 +++ b/wp/wp-admin/includes/upgrade.php Fri Sep 05 18:52:52 2025 +0200 @@ -44,7 +44,16 @@ * @type string $password_message The explanatory message regarding the password. * } */ - function wp_install( $blog_title, $user_name, $user_email, $is_public, $deprecated = '', $user_password = '', $language = '' ) { + function wp_install( + $blog_title, + $user_name, + $user_email, + $is_public, + $deprecated = '', + #[\SensitiveParameter] + $user_password = '', + $language = '' + ) { if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '2.6.0' ); } @@ -75,7 +84,7 @@ update_option( 'blog_public', $is_public ); // Freshness of site - in the future, this could get more specific about actions taken, perhaps. - update_option( 'fresh_site', 1 ); + update_option( 'fresh_site', 1, false ); if ( $language ) { update_option( 'WPLANG', $language ); @@ -278,7 +287,8 @@ To get started with moderating, editing, and deleting comments, please visit the Comments screen in the dashboard. Commenter avatars come from Gravatar.' ), - esc_url( __( 'https://en.gravatar.com/' ) ) + /* translators: The localized Gravatar URL. */ + esc_url( __( 'https://gravatar.com/' ) ) ); $wpdb->insert( $wpdb->comments, @@ -459,7 +469,7 @@ * Delete any caps that snuck into the previously active blog. (Hardcoded to blog 1 for now.) * TODO: Get previous_blog_id. */ - if ( ! is_super_admin( $user_id ) && 1 != $user_id ) { + if ( ! is_super_admin( $user_id ) && 1 !== $user_id ) { $wpdb->delete( $wpdb->usermeta, array( @@ -562,7 +572,13 @@ * @param string $password Administrator's password. Note that a placeholder message is * usually passed instead of the actual password. */ - function wp_new_blog_notification( $blog_title, $blog_url, $user_id, $password ) { + function wp_new_blog_notification( + $blog_title, + $blog_url, + $user_id, + #[\SensitiveParameter] + $password + ) { $user = new WP_User( $user_id ); $email = $user->user_email; $name = $user->user_login; @@ -638,16 +654,16 @@ * * @since 2.1.0 * - * @global int $wp_current_db_version The old (current) database version. - * @global int $wp_db_version The new database version. + * @global int $wp_current_db_version The old (current) database version. + * @global int $wp_db_version The new database version. */ function wp_upgrade() { global $wp_current_db_version, $wp_db_version; - $wp_current_db_version = __get_option( 'db_version' ); + $wp_current_db_version = (int) __get_option( 'db_version' ); // We are up to date. Nothing to do. - if ( $wp_db_version == $wp_current_db_version ) { + if ( $wp_db_version === $wp_current_db_version ) { return; } @@ -699,10 +715,10 @@ function upgrade_all() { global $wp_current_db_version, $wp_db_version; - $wp_current_db_version = __get_option( 'db_version' ); + $wp_current_db_version = (int) __get_option( 'db_version' ); // We are up to date. Nothing to do. - if ( $wp_db_version == $wp_current_db_version ) { + if ( $wp_db_version === $wp_current_db_version ) { return; } @@ -862,6 +878,14 @@ upgrade_650(); } + if ( $wp_current_db_version < 58975 ) { + upgrade_670(); + } + + if ( $wp_current_db_version < 60421 ) { + upgrade_682(); + } + maybe_disable_link_manager(); maybe_disable_automattic_widgets(); @@ -922,7 +946,7 @@ foreach ( $allposts as $post ) { // Check to see if it's already been imported. $cat = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category ) ); - if ( ! $cat && 0 != $post->post_category ) { // If there's no result. + if ( ! $cat && 0 !== (int) $post->post_category ) { // If there's no result. $wpdb->insert( $wpdb->post2cat, array( @@ -961,6 +985,7 @@ * * @ignore * @since 1.2.0 + * @since 6.8.0 User passwords are no longer hashed with md5. * * @global wpdb $wpdb WordPress database abstraction object. */ @@ -976,21 +1001,14 @@ } } - $users = $wpdb->get_results( "SELECT ID, user_pass from $wpdb->users" ); - foreach ( $users as $row ) { - if ( ! preg_match( '/^[A-Fa-f0-9]{32}$/', $row->user_pass ) ) { - $wpdb->update( $wpdb->users, array( 'user_pass' => md5( $row->user_pass ) ), array( 'ID' => $row->ID ) ); - } - } - // Get the GMT offset, we'll use that later on. $all_options = get_alloptions_110(); $time_difference = $all_options->time_difference; - $server_time = time() + gmdate( 'Z' ); - $weblogger_time = $server_time + $time_difference * HOUR_IN_SECONDS; - $gmt_time = time(); + $server_time = time() + (int) gmdate( 'Z' ); + $weblogger_time = $server_time + $time_difference * HOUR_IN_SECONDS; + $gmt_time = time(); $diff_gmt_server = ( $gmt_time - $server_time ) / HOUR_IN_SECONDS; $diff_weblogger_server = ( $weblogger_time - $server_time ) / HOUR_IN_SECONDS; @@ -1095,7 +1113,7 @@ // Some versions have multiple duplicate option_name rows with the same values. $options = $wpdb->get_results( "SELECT option_name, COUNT(option_name) AS dupes FROM `$wpdb->options` GROUP BY option_name" ); foreach ( $options as $option ) { - if ( 1 != $option->dupes ) { // Could this be done in the query? + if ( $option->dupes > 1 ) { // Could this be done in the query? $limit = $option->dupes - 1; $dupe_ids = $wpdb->get_col( $wpdb->prepare( "SELECT option_id FROM $wpdb->options WHERE option_name = %s LIMIT %d", $option->option_name, $limit ) ); if ( $dupe_ids ) { @@ -1445,7 +1463,7 @@ $links = $wpdb->get_results( "SELECT link_id, link_category FROM $wpdb->links" ); if ( ! empty( $links ) ) { foreach ( $links as $link ) { - if ( 0 == $link->link_category ) { + if ( 0 === (int) $link->link_category ) { continue; } if ( ! isset( $link_cat_id_map[ $link->link_category ] ) ) { @@ -1670,7 +1688,7 @@ * Previously, setting depth to 1 would redundantly disable threading, * but now 2 is the minimum depth to avoid confusion. */ - if ( get_option( 'thread_comments_depth' ) == '1' ) { + if ( 1 === (int) get_option( 'thread_comments_depth' ) ) { update_option( 'thread_comments_depth', 2 ); update_option( 'thread_comments', 0 ); } @@ -1843,7 +1861,7 @@ if ( 'yes' === $wpdb->get_var( "SELECT autoload FROM $wpdb->options WHERE option_name = 'uninstall_plugins'" ) ) { $uninstall_plugins = get_option( 'uninstall_plugins' ); delete_option( 'uninstall_plugins' ); - add_option( 'uninstall_plugins', $uninstall_plugins, null, 'no' ); + add_option( 'uninstall_plugins', $uninstall_plugins, null, false ); } } } @@ -2339,7 +2357,7 @@ $can_compress_scripts = get_option( 'can_compress_scripts', false ); if ( false !== $can_compress_scripts ) { delete_option( 'can_compress_scripts' ); - add_option( 'can_compress_scripts', $can_compress_scripts, '', 'yes' ); + add_option( 'can_compress_scripts', $can_compress_scripts, '', true ); } } } @@ -2392,10 +2410,75 @@ ) ); - $autoload = array_fill_keys( $theme_mods_options, 'no' ); + $autoload = array_fill_keys( $theme_mods_options, false ); wp_set_option_autoload_values( $autoload ); } } +/** + * Executes changes made in WordPress 6.7.0. + * + * @ignore + * @since 6.7.0 + * + * @global int $wp_current_db_version The old (current) database version. + */ +function upgrade_670() { + global $wp_current_db_version; + + if ( $wp_current_db_version < 58975 ) { + $options = array( + 'recently_activated', + '_wp_suggested_policy_text_has_changed', + 'dashboard_widget_options', + 'ftp_credentials', + 'adminhash', + 'nav_menu_options', + 'wp_force_deactivated_plugins', + 'delete_blog_hash', + 'allowedthemes', + 'recovery_keys', + 'https_detection_errors', + 'fresh_site', + ); + + wp_set_options_autoload( $options, false ); + } +} + +/** + * Executes changes made in WordPress 6.8.2. + * + * @ignore + * @since 6.8.2 + * + * @global int $wp_current_db_version The old (current) database version. + */ +function upgrade_682() { + global $wp_current_db_version; + + if ( $wp_current_db_version < 60421 ) { + // Upgrade Ping-O-Matic and Twingly to use HTTPS. + $ping_sites_value = get_option( 'ping_sites' ); + $ping_sites_value = explode( "\n", $ping_sites_value ); + $ping_sites_value = array_map( + function ( $url ) { + $url = trim( $url ); + $url = sanitize_url( $url ); + if ( + str_ends_with( trailingslashit( $url ), '://rpc.pingomatic.com/' ) + || str_ends_with( trailingslashit( $url ), '://rpc.twingly.com/' ) + ) { + $url = set_url_scheme( $url, 'https' ); + } + return $url; + }, + $ping_sites_value + ); + $ping_sites_value = array_filter( $ping_sites_value ); + $ping_sites_value = implode( "\n", $ping_sites_value ); + update_option( 'ping_sites', $ping_sites_value ); + } +} /** * Executes network-level upgrade routines. @@ -2518,7 +2601,7 @@ $upgrade = false; $indexes = $wpdb->get_results( "SHOW INDEXES FROM $wpdb->signups" ); foreach ( $indexes as $index ) { - if ( 'domain_path' === $index->Key_name && 'domain' === $index->Column_name && 140 != $index->Sub_part ) { + if ( 'domain_path' === $index->Key_name && 'domain' === $index->Column_name && '140' !== $index->Sub_part ) { $upgrade = true; break; } @@ -2818,7 +2901,7 @@ * semicolons. Default empty string. * @param bool $execute Optional. Whether or not to execute the query right away. * Default true. - * @return array Strings containing the results of the various update queries. + * @return string[] Strings containing the results of the various update queries. */ function dbDelta( $queries = '', $execute = true ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid global $wpdb; @@ -3088,7 +3171,7 @@ $fieldtype_base = strtok( $fieldtype_without_parentheses, ' ' ); // Is actual field type different from the field type in query? - if ( $tablefield->Type != $fieldtype ) { + if ( $tablefield->Type !== $fieldtype ) { $do_change = true; if ( in_array( $fieldtype_lowercased, $text_fields, true ) && in_array( $tablefield_type_lowercased, $text_fields, true ) ) { if ( array_search( $fieldtype_lowercased, $text_fields, true ) < array_search( $tablefield_type_lowercased, $text_fields, true ) ) { @@ -3128,7 +3211,7 @@ // Get the default value from the array. if ( preg_match( "| DEFAULT '(.*?)'|i", $cfields[ $tablefield_field_lowercased ], $matches ) ) { $default_value = $matches[1]; - if ( $tablefield->Default != $default_value ) { + if ( $tablefield->Default !== $default_value ) { // Add a query to change the column's default value $cqueries[] = "ALTER TABLE {$table} ALTER COLUMN `{$tablefield->Field}` SET DEFAULT '{$default_value}'"; @@ -3167,7 +3250,7 @@ 'fieldname' => $tableindex->Column_name, 'subpart' => $tableindex->Sub_part, ); - $index_ary[ $keyname ]['unique'] = ( 0 == $tableindex->Non_unique ) ? true : false; + $index_ary[ $keyname ]['unique'] = ( '0' === $tableindex->Non_unique ) ? true : false; $index_ary[ $keyname ]['index_type'] = $tableindex->Index_type; } @@ -3519,7 +3602,7 @@ // Make the new site theme active. $current_template = __get_option( 'template' ); - if ( WP_DEFAULT_THEME == $current_template ) { + if ( WP_DEFAULT_THEME === $current_template ) { update_option( 'template', $template ); update_option( 'stylesheet', $template ); }