Commit Graph

474 Commits

Author SHA1 Message Date
whyisjake 0aef0d4b97 Customize: Add additional filters to Customizer to prevent JSON corruption.
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47637], and [47638] to the 4.9 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, westonruter, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/4.9@47648


git-svn-id: http://core.svn.wordpress.org/branches/4.9@47423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 16:16:26 +00:00
Sergey Biryukov 3769f76ca6 Privacy: Revert [43624] from the 4.9 branch.
This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

See #44685.
Built from https://develop.svn.wordpress.org/branches/4.9@43708


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-10-11 04:23:26 +00:00
Sergey Biryukov b1f105e400 Privacy: Revert [43614] from the 4.9 branch.
This change is out of the 4.9.x scope, and will be reintroduced in 5.0.x.

See #43985.
Built from https://develop.svn.wordpress.org/branches/4.9@43705


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-10-11 04:04:26 +00:00
Sergey Biryukov c04ce8198b Privacy: When clicking a confirmation link for a privacy request, return a `WP_Error` object if the link has expired.
Returning a string caused a success message to be displayed instead of the correct error message.

Props desrosj.
Merges [43623] to the 4.9 branch.
Fixes #44685.
Built from https://develop.svn.wordpress.org/branches/4.9@43624


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43453 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-09-03 21:47:25 +00:00
Sergey Biryukov a69b052f3f Privacy: Ensure the user request email is sent in the requested user's locale (or the site's default locale if they are not a registered user) when the administrator creating the request uses a different locale.
Props desrosj, Chouby, iandunn, lbenicio, birgire, earnjam, swissspidy, garrett-eclipse.
Merges [43568] to the 4.9 branch.
Fixes #43985.
Built from https://develop.svn.wordpress.org/branches/4.9@43614


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-09-03 21:01:26 +00:00
Sergey Biryukov c22ddf38ed Privacy: Add `$request` to `$email_data` to make it available to all filters.
Props desrosj.
Merges [43477] to the 4.9 branch.
Fixes #44379.
Built from https://develop.svn.wordpress.org/branches/4.9@43488


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 16:10:27 +00:00
Andrew Ozz 42a2dc2f7a Privacy: Add filter for the subject of the erasure complete notification emails.
Props desrosj.
Merges [43475] to the 4.9 branch.
Fixes #44265.


Built from https://develop.svn.wordpress.org/branches/4.9@43476


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43303 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 13:44:25 +00:00
Sergey Biryukov cb2625e260 Privacy: Use consistent values for the site name and URL used in notification emails.
The functions `send_confirmation_on_profile_email()`, `_wp_privacy_send_request_confirmation_notification()`, `_wp_privacy_send_erasure_fulfillment_notification()`, and `wp_send_user_request()` all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded.

Props subrataemfluence, desrosj.
Merges [43388], [43390], and [43435] to the 4.9 branch.
Fixes #44396.
Built from https://develop.svn.wordpress.org/branches/4.9@43459


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 14:24:26 +00:00
Sergey Biryukov 665b28aad0 Privacy: use `wp_login_url()` for the link in the user confirmation email.
Props desrosj, usmankhalid.
Merges [43379] to the 4.9 branch.
Fixes #44353.
Built from https://develop.svn.wordpress.org/branches/4.9@43456


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:54:26 +00:00
Sergey Biryukov 14a11fc4db Privacy: Change `@since` entry for `user_request_confirmed_email_subject` filter added in [43373] to 4.9.8.
Merges [43451] to the 4.9 branch.
Fixes #44382.
Built from https://develop.svn.wordpress.org/branches/4.9@43452


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:24:27 +00:00
Sergey Biryukov 8f33283493 Privacy: add user request type to the admin notification email subject.
Merges [43375] to the 4.9 branch.
Props birgire, desrosj.
Fixes #44099.
Built from https://develop.svn.wordpress.org/branches/4.9@43450


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 12:09:26 +00:00
John Blackbourn 1f5f8129de Security: Harden the random aspect of the hash used for user profile and admin email address changes.
Props BjornW

Fixes #43771

Merges [43367] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@43368


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:39:07 +00:00
Sergey Biryukov e2bf0ae498 Privacy: Remove unnecessary `This email has been sent to ###EMAIL###` from privacy emails.
The line was copied from the emails that get sent when an email address changes, without considering if it made sense in the new context.

Props iandunn, ianbelanger, desrosj.
Merges [43353] to the 4.9 branch.
Fixes #44030.
Built from https://develop.svn.wordpress.org/branches/4.9@43354


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:33:14 +00:00
Sergey Biryukov ddc8032efd Users: In `wp_validate_user_request_key()`, properly return the `WP_Error` object in case the confirmation email has expired.
Props itowhid06.
Merges [43331] to the 4.9 branch.
Fixes #44298.
Built from https://develop.svn.wordpress.org/branches/4.9@43342


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:28:08 +00:00
Andrew Ozz b82ed28add Privacy: improve inline documentation.
Props desrosj.
Merges [43256] to the 4.9 branch.
Fixes #44075.
Built from https://develop.svn.wordpress.org/branches/4.9@43257


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 15:12:25 +00:00
Sergey Biryukov 843c263881 Privacy: Expose erasure notification recipient to filter callbacks.
The previous `user_email` value was redundant, because it always matched `$request_data->email`. That value might be different from where the message is sent, though, if `the user_erasure_fulfillment_email_to` filter is used. If they are different, then callbacks for the `user_confirmed_action_email_content` filter may want to distinguish between the email address of the user making the request, and the email address that the confirmation notification is being sent to.

Props desrosj, iandunn.
Merges [43236] to the 4.9 branch.
See #43973.
Built from https://develop.svn.wordpress.org/branches/4.9@43237


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 21:22:26 +00:00
Sergey Biryukov faf5abc16e Privacy: Update request confirmation notice text for clarity.
Props desrosj, melchoyce, garrett-eclipse.
Merges [43232] to the 4.9 branch.
Fixes #43970.
Built from https://develop.svn.wordpress.org/branches/4.9@43233


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 21:05:26 +00:00
Sergey Biryukov ad8efe232e Privacy: Send an email notification to the user once their personal data erasure request is fulfilled.
Props desrosj, allendav, garrett-eclipse.
Merges [43230] to the 4.9 branch.
Fixes #43973.
Built from https://develop.svn.wordpress.org/branches/4.9@43231


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 20:44:25 +00:00
Sergey Biryukov b9bda541d4 Privacy: Notify admin via email when a request is confirmed.
Previously the admin didn't have any way to know if a pending request was ready to be processed, aside from manually checking the Export/Erase pages. Sending them an email is a much more convenient option.

Props garrett-eclipse, desrosj, iandunn.
Merges [43211] to the 4.9 branch.
See #43967.
Built from https://develop.svn.wordpress.org/branches/4.9@43215


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 15:56:25 +00:00
Andrew Ozz bf039f8987 Privacy: cleanup of the "Export Personal Data" and "Erase Personal Data" screens.
Props desrosj, xkon.
Merges [43212] to the 4.9 branch.
See #43929.
Built from https://develop.svn.wordpress.org/branches/4.9@43213


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 10:03:27 +00:00
Andrew Ozz 451d53723b Privacy: remove leftover comment after [43197].
Merges [43199] to the 4.9 branch.
See #43968.
Built from https://develop.svn.wordpress.org/branches/4.9@43200


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 17:59:24 +00:00
Andrew Ozz 1d477066e4 Privacy: add request type and filter to the subject of request confirmation emails for GDPR.
Props desrosj, azaozz.
Merges [43197] to the 4.9 branch.
Fixes #43968.
Built from https://develop.svn.wordpress.org/branches/4.9@43198


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 17:54:24 +00:00
Sergey Biryukov 9209c0738c Docs: Remove unused `###USERNAME###` placeholder reference from `user_request_action_email_content` filter documentation.
Props desrosj.
Merges [43189] to the 4.9 branch.
Fixes #44016.
Built from https://develop.svn.wordpress.org/branches/4.9@43190


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 14:39:26 +00:00
Sergey Biryukov 1d2fd8ef87 Privacy: Use the terms "erase"/"erasure" instead of "remove"/"removal" for personal data.
Props allendav.
Merges [43175] to the 4.9 branch.
Fixes #43920.
Built from https://develop.svn.wordpress.org/branches/4.9@43176


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-07 16:46:26 +00:00
Andrew Ozz 4eeea599bd Privacy: Store plugin callbacks in associative array for flexibility.
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.

Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.

Props desrosj, allendav, ocean90.
Merges [43154] to the 4.9 branch.
Fixes #43931.
Built from https://develop.svn.wordpress.org/branches/4.9@43157


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 19:38:27 +00:00
Andrew Ozz 7cf7767298 Privacy: fix inconsistencies in new strings.
Props audrasjb.
Merges [43118] to the 4.9 branch.
Fixes #43925.
Built from https://develop.svn.wordpress.org/branches/4.9@43119


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 18:51:26 +00:00
Sergey Biryukov a2be0cd32b Privacy: add user information to the personal data export file.
Props TZ-Media, desrosj.
Merges [43055] and [43116] to the 4.9 branch.
See #43547.
Built from https://develop.svn.wordpress.org/branches/4.9@43117


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 04:21:25 +00:00
Sergey Biryukov e5c53b9bbd Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run.
Props allendav.
Merges [43012] and [43089] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43092


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:16:25 +00:00
Sergey Biryukov 14d25f6094 Privacy: update and enhance the method to confirm user requests by email. Introduce WP_User_Request to hold all request vars similarly to WP_Post.
Props mikejolley, desrosj.
Merges [43011] and [43014] to the 4.9 branch.
See #43443.
Built from https://develop.svn.wordpress.org/branches/4.9@43084


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42913 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 01:04:26 +00:00
Sergey Biryukov e5b5b15b88 Privacy: update the method to confirm user requests by email. Use a single CPT to store the requests and to allow logging/audit trail.
Props mikejolley.
Merges [43008] to the 4.9 branch.
See #43443.
Built from https://develop.svn.wordpress.org/branches/4.9@43083


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 01:01:25 +00:00
Sergey Biryukov 88bc6a609e Privacy: add new wp-admin screens for exporting and removing of personal data.
Props melchoyce, mikejolley, allendav, xkon.
Merges [42967] to the 4.9 branch.
See #43481.
Built from https://develop.svn.wordpress.org/branches/4.9@43071


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 23:42:25 +00:00
Sergey Biryukov e08597f8fa Privacy: fixes and updates for the method to confirm user requests by email.
- Improve function and variable names.
- Allow extra data to be passed with the request.
- Make the option/user meta names more consistent.
- Adds an inline comment explaining use of hash.

Props mikejolley.
Merges [42964] to the 4.9 branch.
See #43443.
Built from https://develop.svn.wordpress.org/branches/4.9@43070


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 23:37:27 +00:00
Sergey Biryukov 01e3c640fe Add a method to confirm user requests by email. First run.
Props mikejolley.
Merges [42791] to the 4.9 branch.
See #43443.
Built from https://develop.svn.wordpress.org/branches/4.9@43069


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 23:34:26 +00:00
John Blackbourn 2ad86e1e82 Docs: Correct some `@since MU` notation that was broken in [41200].
Every function introduced by MU was introduced in 3.0.0 as this was when MU was merged.

See #41509

Built from https://develop.svn.wordpress.org/trunk@41714


git-svn-id: http://core.svn.wordpress.org/trunk@41548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-03 17:44:48 +00:00
John Blackbourn 4a16295dc5 Docs: Standardise the format used for documenting parameters passed by reference.
See #35974, #41017

Built from https://develop.svn.wordpress.org/trunk@41688


git-svn-id: http://core.svn.wordpress.org/trunk@41522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:14:46 +00:00
Felix Arntz eedca8f3da Multisite: Fix `wp_get_users_with_no_role()` possibly including users with a role on a different site.
Prior to this change, when passing another site than the current one to `wp_get_users_with_no_role()` through its `$site_id` parameter, the function still used the roles available on the current site, which would cause users with other roles that possibly exist on the other site to show up as users without a role. Switching the site before retrieving the available rules fixes the issue.

Fixes #42015.

Built from https://develop.svn.wordpress.org/trunk@41654


git-svn-id: http://core.svn.wordpress.org/trunk@41488 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-30 04:10:45 +00:00
Felix Arntz 5edfea22b9 Multisite: Fix `count_users()` possibly querying incorrect roles when passed a different site ID.
The `time` strategy in `count_users()` queries users by role. However, the roles queried for were not affected by passing another site than the current one through the `$site_id` parameter, causing users having roles that were not queried for to appear as users without a role. This changeset fixes the issue by switching the site before retrieving the roles to query for.

Fixes #42014.

Built from https://develop.svn.wordpress.org/trunk@41653


git-svn-id: http://core.svn.wordpress.org/trunk@41487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-30 03:54:45 +00:00
Sergey Biryukov 5046ef73c3 Docs: Correct description for `insert_user_meta` filter.
Props milana_cap, desrosj.
Fixes #41951.
Built from https://develop.svn.wordpress.org/trunk@41564


git-svn-id: http://core.svn.wordpress.org/trunk@41397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-22 13:14:45 +00:00
Weston Ruter 90bedf8f9d Editor: Add CodeMirror-powered code editor with syntax highlighting, linting, and auto-completion.
* Code editor is integrated into the Theme/Plugin Editor, Additional CSS in Customizer, and Custom HTML widget. Code editor is not yet integrated into the post editor, and it may not be until accessibility concerns are addressed.
* The CodeMirror component in the Custom HTML widget is integrated in a similar way to TinyMCE being integrated into the Text widget, adopting the same approach for integrating dynamic JavaScript-initialized fields.
* Linting is performed for JS, CSS, HTML, and JSON via JSHint, CSSLint, HTMLHint, and JSONLint respectively. Linting is not yet supported for PHP.
* When user lacks `unfiltered_html` the capability, the Custom HTML widget will report any Kses-invalid elements and attributes as errors via a custom Kses rule for HTMLHint.
* When linting errors are detected, the user will be prevented from saving the code until the errors are fixed, reducing instances of broken websites.
* The placeholder value is removed from Custom CSS in favor of a fleshed-out section description which now auto-expands when the CSS field is empty. See #39892.
* The CodeMirror library is included as `wp.CodeMirror` to prevent conflicts with any existing `CodeMirror` global.
* An `wp.codeEditor.initialize()` API in JS is provided to convert a `textarea` into CodeMirror, with a `wp_enqueue_code_editor()` function in PHP to manage enqueueing the assets and settings needed to edit a given type of code.
* A user preference is added to manage whether or not "syntax highlighting" is enabled. The feature is opt-out, being enabled by default.
* Allowed file extensions in the theme and plugin editors have been updated to include formats which CodeMirror has modes for: `conf`, `css`, `diff`, `patch`, `html`, `htm`, `http`, `js`, `json`, `jsx`, `less`, `md`, `php`, `phtml`, `php3`, `php4`, `php5`, `php7`, `phps`, `scss`, `sass`, `sh`, `bash`, `sql`, `svg`, `xml`, `yml`, `yaml`, `txt`.

Props westonruter, georgestephanis, obenland, melchoyce, pixolin, mizejewski, michelleweber, afercia, grahamarmfield, samikeijonen, rianrietveld, iseulde.
See #38707.
Fixes #12423, #39892.

Built from https://develop.svn.wordpress.org/trunk@41376


git-svn-id: http://core.svn.wordpress.org/trunk@41209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-13 06:08:47 +00:00
John Blackbourn 28eda6f4bc General: Improve terminology used when referring to installations of WordPress and its extensions.
"Install" is not a noun, and while it might be acceptable to use the verb as a noun, it is not correct. Using the correct
noun, "installation", increases clarity, especially for non-native English speakers.

This change fixes the usage in user-facing text and in developer documentation.

Fixes #41620

Built from https://develop.svn.wordpress.org/trunk@41289


git-svn-id: http://core.svn.wordpress.org/trunk@41129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-22 11:52:48 +00:00
Drew Jaynes d2b78649a2 Docs: Document user object parameters for a variety of functions in wp-includes/user.php as `WP_User` type instead of the more generic `object` type.
Props sebastianpisula.
Fixes #40945.

Built from https://develop.svn.wordpress.org/trunk@41272


git-svn-id: http://core.svn.wordpress.org/trunk@41112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-19 20:19:44 +00:00
John Blackbourn c184d766e9 Docs: Correct and improve the documentation for the `send_confirmation_on_profile_email()` function and the `new_user_email_content` filter.
See #41017

Built from https://develop.svn.wordpress.org/trunk@41209


git-svn-id: http://core.svn.wordpress.org/trunk@41049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-02 20:43:44 +00:00
Drew Jaynes 0401cee8b3 Docs: Reduce confusion in `@since MU` notationss by indicating the WP version (3.0.0) the code was merged into core while retaining the original context.
Props sathyapulse.
Fixes #41509.

Built from https://develop.svn.wordpress.org/trunk@41200


git-svn-id: http://core.svn.wordpress.org/trunk@41040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-01 20:44:43 +00:00
Drew Jaynes 7f5e00ba29 Docs: Remove an unrelated description about post meta from the DocBlock for add_user_meta().
Clean up syntax.

See #41017.

Built from https://develop.svn.wordpress.org/trunk@41186


git-svn-id: http://core.svn.wordpress.org/trunk@41026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-30 14:32:45 +00:00
John Blackbourn fb515a8a63 Users: Further fixes to entitiy decoding in the user email address change confirmation email, and the corresponding tests.
See #16470, #40015

Built from https://develop.svn.wordpress.org/trunk@41171


git-svn-id: http://core.svn.wordpress.org/trunk@41011 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 14:59:43 +00:00
John Blackbourn ff20054573 Users: Add the new email address to the email address change notification email.
Fixes #39112

Built from https://develop.svn.wordpress.org/trunk@41166


git-svn-id: http://core.svn.wordpress.org/trunk@41006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 02:57:43 +00:00
John Blackbourn 30d5450508 Users: Re-add entity decoding to the site name before it's used in the email address change confirmation email.
This was accidentally removed in [41163].

See #40015, #16470

Built from https://develop.svn.wordpress.org/trunk@41165


git-svn-id: http://core.svn.wordpress.org/trunk@41005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 02:55:43 +00:00
John Blackbourn 62fe4be994 Users: Require a confirmation link in an email to be clicked when a user attempts to change their email address.
This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their account.

Props rodrigosprimo, tharsheblows, johnbillion

Fixes #16470

Built from https://develop.svn.wordpress.org/trunk@41163


git-svn-id: http://core.svn.wordpress.org/trunk@41003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 02:10:42 +00:00
John Blackbourn 6b22dbe59a Login and Registration: Introduce a `username_exists` filter, which allows for control over registration of usernames.
Props shamim51

Fixes #39320

Built from https://develop.svn.wordpress.org/trunk@41158


git-svn-id: http://core.svn.wordpress.org/trunk@40998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-26 16:25:40 +00:00
John Blackbourn b4c2f16d01 Users: Ensure that users with no role on a site are taken into consideration when listing users on Multisite.
This ensures that users who are a member of a site but have no role are correctly listed on the Users screen and can be filtered from the 'None' role filter.

Props tobi823, flixos90, scottlee

Fixes #36196

Built from https://develop.svn.wordpress.org/trunk@41138


git-svn-id: http://core.svn.wordpress.org/trunk@40978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-25 00:24:43 +00:00