John Blackbourn
f345c93563
Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
...
Merges [42258] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@42292
git-svn-id: http://core.svn.wordpress.org/branches/4.2@42121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:33:25 +00:00
Dominik Schilling
64fc7294b6
Use HTTPS URLs for codex.wordpress.org.
...
see #27115 .
Built from https://develop.svn.wordpress.org/trunk@32116
git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Helen Hou-Sandí
d85f8fe326
Admin notices: Make (most) core notices dismissible.
...
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.
props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes #31233 . see #23367 .
Built from https://develop.svn.wordpress.org/trunk@31973
git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 22:06:28 +00:00
Sergey Biryukov
2c98f83b70
Remove duplicate label on Add New User screen.
...
props abhishekfdd.
fixes #31131 .
Built from https://develop.svn.wordpress.org/trunk@31777
git-svn-id: http://core.svn.wordpress.org/trunk@31757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-14 01:04:27 +00:00
Dominik Schilling
72229b25c8
Add New User: Remove trailing whitespace from button labels.
...
fixes #31175 .
Built from https://develop.svn.wordpress.org/trunk@31298
git-svn-id: http://core.svn.wordpress.org/trunk@31279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-29 14:54:21 +00:00
Scott Taylor
7f8b548df1
In HTML5, the `action` attribute is no longer required. Remove this attribute when empty.
...
The admin HTML is served with the HTML5 doctype.
"The action and formaction content attributes, if specified, must have a value that is a valid non-empty URL potentially surrounded by spaces."
http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fs-action
Props voldemortensen.
Fixes #30126 .
Built from https://develop.svn.wordpress.org/trunk@31200
git-svn-id: http://core.svn.wordpress.org/trunk@31181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 04:16:24 +00:00
Andrew Nacin
741e0ec6de
No need for wp_get_password_hint() to be prefixed as if it is private.
...
see #21243 .
Built from https://develop.svn.wordpress.org/trunk@30855
git-svn-id: http://core.svn.wordpress.org/trunk@30845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-15 08:34:23 +00:00
John Blackbourn
bdd00b3902
Improve various hook and filter docs so they are correctly parsed for the code reference.
...
Fixes #30558
Props DrewAPicture
Built from https://develop.svn.wordpress.org/trunk@30754
git-svn-id: http://core.svn.wordpress.org/trunk@30744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-06 21:32:24 +00:00
John Blackbourn
d88ed475b0
Switch to a `403` response code in places where it is more appropriate than a `500` due to permissions errors.
...
Fixes #10551
Props nacin
Built from https://develop.svn.wordpress.org/trunk@30356
git-svn-id: http://core.svn.wordpress.org/trunk@30355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:16:22 +00:00
John Blackbourn
b1ba80de87
Rename `_wp_password_hint()` to `_wp_get_password_hint()` to bring it inline with core terminology. Fixes #21243 .
...
Built from https://develop.svn.wordpress.org/trunk@30033
git-svn-id: http://core.svn.wordpress.org/trunk@30033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-26 23:30:18 +00:00
Jeremy Felt
fd149bb220
Deprecate admin_created_user_subject()
...
When `admin_created_user_subjec()` was merged from MU, the accompanying filter was left behind. As it has never been used by WordPress core, and is not an otherwise useful function, it can be deprecated.
Fixes #29915
Built from https://develop.svn.wordpress.org/trunk@30005
git-svn-id: http://core.svn.wordpress.org/trunk@30005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-24 04:49:20 +00:00
Boone Gorges
24babfddb3
Allow apostrophes in email addresses when adding users via the Dashboard.
...
Email addresses entered in a number of interfaces were not being stripslashed
properly, with the result that the emails were not being recognized as valid.
Fixes #18039 .
Built from https://develop.svn.wordpress.org/trunk@29966
git-svn-id: http://core.svn.wordpress.org/trunk@29713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-19 20:30:19 +00:00
Sergey Biryukov
0eb758720a
Move password hint text to a function. Add 'password_hint' filter.
...
props convissor.
fixes #21243 .
Built from https://develop.svn.wordpress.org/trunk@29962
git-svn-id: http://core.svn.wordpress.org/trunk@29709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-18 20:21:18 +00:00
Jeremy Felt
3a8676278d
Do not send a welcome notification when noconfirmation has been flagged
...
When adding a new user to a site on the network, 2 emails are sent out - one for confirmation and one as a welcome. If the option for no confirmation is selected, neither should send.
props transom
Fixes #16235
Built from https://develop.svn.wordpress.org/trunk@29880
git-svn-id: http://core.svn.wordpress.org/trunk@29637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-12 01:11:18 +00:00
Sergey Biryukov
c4fce2f163
Reverse the order of roles in help text on Add New User screen to match [25695].
...
fixes #28914 .
Built from https://develop.svn.wordpress.org/trunk@29233
git-svn-id: http://core.svn.wordpress.org/trunk@29017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 23:48:15 +00:00
John Blackbourn
be12ea968a
Implement email and url input types where appropriate. Props Kau-Boy. Fixes #22183 .
...
Built from https://develop.svn.wordpress.org/trunk@29030
git-svn-id: http://core.svn.wordpress.org/trunk@28818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-08 17:52:14 +00:00
Sergey Biryukov
4a11203b06
Clarify a string on Add New User screen.
...
props vancoder, collinsinternet.
fixes #27398 .
Built from https://develop.svn.wordpress.org/trunk@29009
git-svn-id: http://core.svn.wordpress.org/trunk@28797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-07 00:54:14 +00:00
Scott Taylor
9a286d75fd
Don't use variable variables in `user-new.php`. Test by causing errors when creating a new user.
...
See #27881 .
Built from https://develop.svn.wordpress.org/trunk@28745
git-svn-id: http://core.svn.wordpress.org/trunk@28559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 19:54:13 +00:00
Sergey Biryukov
df597224e5
Add paragraph tags to 'Add Existing User' section on 'Add New User' screen in multisite.
...
props jkudish, topher1kenobe.
fixes #20271 .
Built from https://develop.svn.wordpress.org/trunk@28642
git-svn-id: http://core.svn.wordpress.org/trunk@28460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-30 21:51:14 +00:00
Andrew Nacin
5851e00b93
Add a value to the password checkbox when creating a new user so the toggle is remembered.
...
props chriseverson, SergeyBiryukov.
fixes #27006 .
Built from https://develop.svn.wordpress.org/trunk@27838
git-svn-id: http://core.svn.wordpress.org/trunk@27672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-29 06:23:17 +00:00
Andrew Nacin
c3ca81ba94
Always decode special characters for email subjects.
...
props tlovett1, jeremyfelt.
fixes #25346 .
Built from https://develop.svn.wordpress.org/trunk@27801
git-svn-id: http://core.svn.wordpress.org/trunk@27636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-28 02:44:15 +00:00
Andrew Nacin
dce0b9adea
Use SSL when linking to WordPress.org. see #27115 .
...
Built from https://develop.svn.wordpress.org/trunk@27469
git-svn-id: http://core.svn.wordpress.org/trunk@27314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-08 04:14:15 +00:00
Sergey Biryukov
5d3e652c23
Add Oxford comma to password hint.
...
props trepmal.
fixes #26457 .
Built from https://develop.svn.wordpress.org/trunk@27246
git-svn-id: http://core.svn.wordpress.org/trunk@27103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-24 23:31:15 +00:00
Andrew Ozz
8d6059b383
Remove all screen_icon() calls and deprecate the functions, props TobiasBg, fixes #26119
...
Built from https://develop.svn.wordpress.org/trunk@26518
git-svn-id: http://core.svn.wordpress.org/trunk@26411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-02 03:53:11 +00:00
Drew Jaynes
ee8aa9ee4c
Inline documentation for hooks in wp-admin/user-new.php & wp-admin/user-edit.php.
...
Also fixes one parameter type in wp-includes/user.php.
Fixes #25726 .
Built from https://develop.svn.wordpress.org/trunk@26493
git-svn-id: http://core.svn.wordpress.org/trunk@26387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-01 01:35:10 +00:00
Andrew Nacin
70fd806759
Revert r25824:25875 from the core.svn.wordpress.org repository.
...
These commits were accidentally re-synced commits from develop.svn.wordpress.org due to a race condition. Thankfully, the history of this repository matters fairly little. It also happened only for trunk.
git-svn-id: http://core.svn.wordpress.org/trunk@25876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-25 02:29:52 +00:00
Andrew Nacin
5361a8abca
Spell out duplicate hook locations.
...
props DrewAPicture.
fixes #25658 .
Built from https://develop.svn.wordpress.org/trunk@25868
git-svn-id: http://core.svn.wordpress.org/trunk@25868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:59:20 +00:00
Andrew Nacin
8ae8e01b67
Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
...
see #27704 .
Built from https://develop.svn.wordpress.org/trunk@25825
git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Ryan Boren
b87d4b77e5
Pinking shears
...
Built from https://develop.svn.wordpress.org/trunk@25880
git-svn-id: http://core.svn.wordpress.org/trunk@25792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-23 14:38:10 +00:00
Andrew Nacin
74488bdcb0
Spell out duplicate hook locations.
...
props DrewAPicture.
fixes #25658 .
Built from https://develop.svn.wordpress.org/trunk@25868
git-svn-id: http://core.svn.wordpress.org/trunk@25780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-22 17:22:11 +00:00
Helen Hou-Sandí
6cee949cab
Add a `user_new_form` hook, with context. props johnjamesjacoby, strangerstudios, jeremyfelt, DrewAPicture. fixes #18709 .
...
Built from https://develop.svn.wordpress.org/trunk@25629
git-svn-id: http://core.svn.wordpress.org/trunk@25546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-26 01:48:10 +00:00
Andrew Nacin
fd57b239d2
Don't rely on include_path to include files.
...
Always use dirname() or, once available, ABSPATH.
props ketwaroo, hakre.
fixes #17092 .
Built from https://develop.svn.wordpress.org/trunk@25616
git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Sergey Biryukov
637fa4f1af
Inline documentation for hooks in wp-admin/user-new.php.
...
props bftrick.
see #25229 .
Built from https://develop.svn.wordpress.org/trunk@25470
git-svn-id: http://core.svn.wordpress.org/trunk@25391 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-17 08:33:10 +00:00
Ryan Boren
dd7a9120df
Bestow sentience upon users. Level up their pronoun.
...
Props johnbillion
fixes #24513
git-svn-id: http://core.svn.wordpress.org/trunk@24992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-06 16:04:07 +00:00
Mark Jaquith
bd94dc655c
Combat Chrome's insanely aggressive user/pass autofilling ಠ_ಠ
...
Chrome now ignores `autocomplete="off"` in <input>, so this hack uses
a hidden, non-named, non-empty input, right before the password field.
see #24364 . props azaozz, nacin, bobbingwide, aaroncampbell.
git-svn-id: http://core.svn.wordpress.org/trunk@24552 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-03 21:24:02 +00:00
Mark Jaquith
5b8aad1039
Rejigger some whitespace in anticipation of a fix for #24364 .
...
see #24364
git-svn-id: http://core.svn.wordpress.org/trunk@24551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-03 21:23:55 +00:00
Dominik Schilling
2446c80c49
Add a label to the second password field on User New and User Edit screen. props MikeHansenMe. fixes #20294 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-30 11:13:34 +00:00
Andrew Nacin
cfa947193f
Revert [24291] pending further discussion and sleuthing. see #24364 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-22 18:37:43 +00:00
Andrew Ozz
dbda48bd2a
Fix Chrome disregarding autocomplete="off" for password fields. Add autocomplete="off" to forms where the users can choose new password. Fixes #24364 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-18 22:56:21 +00:00
Sergey Biryukov
4471620636
Fix copy/paste error in user-new.php. props tivnet. fixes #24022 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-10 16:13:59 +00:00
Ryan Boren
15a06a35ab
Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
...
see #WP21767
git-svn-id: http://core.svn.wordpress.org/trunk@23591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 16:30:38 +00:00
Ryan Boren
43a7e695e9
Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
...
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485
Change all core API to expect unslashed rather than slashed arguments.
...
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov
08269aa6b0
Remove unused error string. props pavelevap. fixes #22107 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 05:36:28 +00:00
Andrew Ozz
cbd737470c
Kill use of colons in class names, props SergeyBiryukov, fixes #21152
...
git-svn-id: http://core.svn.wordpress.org/trunk@22396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-06 01:01:52 +00:00
ryan
104b50cf58
s/newuserconfimation/newuserconfirmation/
...
Props Jayjdk, lesteph
fixes #21415
git-svn-id: http://core.svn.wordpress.org/trunk@21362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-30 16:13:18 +00:00
ryan
5ac8a32840
Translate role names in the new user notification email. Props obenland. fixes #20764
...
git-svn-id: http://core.svn.wordpress.org/trunk@21316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-24 17:32:40 +00:00
nacin
3ebea2f218
Remove user/site suggestions (autocompletion) from search inputs, as the UX isn't proper.
...
* Removes all instances of site-search, so away it goes. Sidesteps a number of bugs with site-search.
* Renames user-search to user-suggest, which means it better describes the current behavior (autocompletion) while allowing for future behavior (instant search).
* Ties user suggestions to a single .wp-suggest-user class.
with help from markjaquith, helenyhou, wonderboymusic.
fixes #20835 .
git-svn-id: http://core.svn.wordpress.org/trunk@21003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-05 18:51:33 +00:00
nacin
4ffc5dd0f4
After adding a user, take them back to users.php with an 'Edit user' link in the message.
...
This removes the (possibly ineffective) search from the redirect, as well as the URL hash that will get covered up by the toolbar.
fixes #19470 . props merty and SergeyBiryukov for initial patches.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-27 23:13:39 +00:00
nacin
81407efd05
Clean up cap checks for autocompletes for sites and users in a network. see #19810 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-30 21:04:48 +00:00