Commit Graph

638 Commits

Author SHA1 Message Date
Sergey Biryukov 7d2b400876 Users: Use `esc_url()` instead of `esc_attr()` to escape the value of the `srcset` attribute in `get_avatar()`.
Props joemcgill, henry.wright.
Fixes #41215.
Built from https://develop.svn.wordpress.org/trunk@41156


git-svn-id: http://core.svn.wordpress.org/trunk@40996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-26 13:22:44 +00:00
John Blackbourn b6ca2d77a8 Users: Introduce filters for the contents of email notifications for new user registrations and password resets.
Introduces:

* `wp_password_change_notification_subject`
* `wp_password_change_notification_message`
* `wp_password_change_notification_headers`
* `wp_new_user_notification_admin_subject`
* `wp_new_user_notification_admin_message`
* `wp_new_user_notification_admin_headers`
* `wp_new_user_notification_subject`
* `wp_new_user_notification_message`
* `wp_new_user_notification_headers`

Props pbearne, dipesh.kakadiya

Fixes #38068

Built from https://develop.svn.wordpress.org/trunk@41153


git-svn-id: http://core.svn.wordpress.org/trunk@40993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-26 00:54:43 +00:00
John Blackbourn 9c7c11f268 Users: Clear the user settings cookies when clearing auth cookies.
This prevents lingering cookies when logging out and when switching between user accounts.

Props soulseekah, shanee
Fixes #32567

Built from https://develop.svn.wordpress.org/trunk@40580


git-svn-id: http://core.svn.wordpress.org/trunk@40450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-07 16:54:42 +00:00
Pascal Birchler 72c19648bc Load: Only load `PasswordHash` class when needed.
This reverts [38371] which loaded `class-phpass.php` early in `wp-settings.php` and in turn caused backward compatibility problems.

Props DavidAnderson, ketuchetan.
Fixes #39445.

Built from https://develop.svn.wordpress.org/trunk@40387


git-svn-id: http://core.svn.wordpress.org/trunk@40294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-06 18:01:42 +00:00
Sergey Biryukov 41666b5e0c Mail: Use correct capitalization for PHPMailer methods in `wp_mail()`.
Props Soean, reidbusi.
Fixes #39702.
Built from https://develop.svn.wordpress.org/trunk@40363


git-svn-id: http://core.svn.wordpress.org/trunk@40270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-01 14:34:43 +00:00
John Blackbourn 96b2923e62 Docs: Remove the duplicate hook documentation for the newly introduced `send_auth_cookies` filter.
See #39367

Built from https://develop.svn.wordpress.org/trunk@40264


git-svn-id: http://core.svn.wordpress.org/trunk@40184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-10 15:03:42 +00:00
John Blackbourn 265a0f4d98 Build/Test tools: Don't override the `wp_set_auth_cookie()` and `wp_clear_auth_cookie()` functions.
Overriding pluggable functions in the test suite is asking for trouble in the future. In addition, it means the test suite can't be guaranteed to behave the same as core.

This instead introduces a `send_auth_cookies` filter which can be hooked in during the test suite to prevent these functions from attempting to send cookie headers to the client.

Fixes #39367

Built from https://develop.svn.wordpress.org/trunk@40263


git-svn-id: http://core.svn.wordpress.org/trunk@40183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-10 14:33:46 +00:00
John Blackbourn 4dffd5b82e Build/Test tools: Revert [40239] due to unrelated changes.
See #39486

Built from https://develop.svn.wordpress.org/trunk@40240


git-svn-id: http://core.svn.wordpress.org/trunk@40170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-08 00:05:42 +00:00
John Blackbourn 28055b9ff5 Build/Test tools: In Travis, skip some tests when not on trunk.
This skips time sensitive tests (copyright year and PHP/MySQL version requirements) when tests are run on branches on Travis.

Props netweb, jorbin
Fixes #39486

Built from https://develop.svn.wordpress.org/trunk@40239


git-svn-id: http://core.svn.wordpress.org/trunk@40169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-08 00:01:46 +00:00
Aaron Campbell 288cd46939 Strip control characters before validating redirect.
Built from https://develop.svn.wordpress.org/trunk@40183


git-svn-id: http://core.svn.wordpress.org/trunk@40122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:38:41 +00:00
Dion Hulse 577a192ebd Mail: In PHPMailer 5.2.7 the case of the `Send()` method changed to `send()`, update our call for consistency with the library.
Props michalzuber.
Fixes #39469.

Built from https://develop.svn.wordpress.org/trunk@39691


git-svn-id: http://core.svn.wordpress.org/trunk@39631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-05 08:10:42 +00:00
Dion Hulse 1a40f6b7ae Mail: Ensure that any `phpmailerException` exceptions generated by `setFrom()` are caught to avoid PHP Fatal errors.
This change avoids a PHP fatal error that can be encountered when the specified (or generated) source email is an invalid address, such as `wordpress@_`, it makes no effort to set a valid source, only avoid the fatal error.

See #25239 for correcting the email address.
Fixes #39360.

Built from https://develop.svn.wordpress.org/trunk@39655


git-svn-id: http://core.svn.wordpress.org/trunk@39595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-30 06:44:40 +00:00
John Blackbourn 80a839de13 Docs: Misc corrections and additions to inline documentation.
See #39130
Props keesiemeijer

Built from https://develop.svn.wordpress.org/trunk@39639


git-svn-id: http://core.svn.wordpress.org/trunk@39579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 09:28:40 +00:00
John Blackbourn c2d709e9d6 I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment.
See #38882

Built from https://develop.svn.wordpress.org/trunk@39326


git-svn-id: http://core.svn.wordpress.org/trunk@39266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 02:46:30 +00:00
John Blackbourn 4cf5550d8d I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment.
Adds context to one string used in two different contexts for the new user and new site signup email notification.

More to come.

See #38882

Built from https://develop.svn.wordpress.org/trunk@39323


git-svn-id: http://core.svn.wordpress.org/trunk@39263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 01:22:32 +00:00
Helen Hou-Sandí dab566d973 Mail: Set a better error code when triggering `wp_mail_failed`.
This error code is now... wait for it... `wp_mail_failed`. Previously, this would have been the originating PHPMailer error code, which could be `0`, which would then fail (pass?) the `empty()` check in the `WP_Error` constructor, thereby rendering the error object fairly useless. The PHPMailer error code is now located within the `WP_Error` data.

props Kau-Boy, stephenharris.
fixes #35598.

Built from https://develop.svn.wordpress.org/trunk@39086


git-svn-id: http://core.svn.wordpress.org/trunk@39028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 04:27:34 +00:00
Drew Jaynes 5f4497f0af Docs: Fix multiple trivial typos throughout a variety of core files.
Props ottok.
Fixes #38489.

Built from https://develop.svn.wordpress.org/trunk@39051


git-svn-id: http://core.svn.wordpress.org/trunk@38993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 06:28:32 +00:00
Dominik Schilling 7819e2b4ba I18N: Introduce a locale-switching function.
With the introduction of user-specific languages in [38705] it's necessary to be able to switch translations on the fly. For example emails should be sent in the language of the recipient and not the one of the current user.

This introduces a new `WP_Locale_Switcher` class which is used for switching locales and translations. It holds the stack of locales whenever `switch_to_locale( $locale )` is called. With `restore_previous_locale()` you can restore the previous locale. `restore_current_locale()` empties the stack and sets the locale back to the initial value.

`switch_to_locale()` is added to most of core's email functions, either with the value of `get_locale()` (site language) or `get_user_locale()` (user language with fallback to site language).

Props yoavf, tfrommen, swissspidy, pbearne, ocean90.
See #29783.
Fixes #26511.
Built from https://develop.svn.wordpress.org/trunk@38961


git-svn-id: http://core.svn.wordpress.org/trunk@38904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 15:36:31 +00:00
Scott Taylor a3ffebce30 Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38470


git-svn-id: http://core.svn.wordpress.org/trunk@38411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:31:29 +00:00
John Blackbourn a1d61a95e1 Security: Return a `403` instead of a `200` HTTP status when `check_ajax_referer()` fails.
This is, unfortunately, untestable in the current test suite, even in the AJAX tests.

Fixes #36362

Built from https://develop.svn.wordpress.org/trunk@38421


git-svn-id: http://core.svn.wordpress.org/trunk@38362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-28 17:31:30 +00:00
John Blackbourn b85e322e35 Security: Trigger a `_doing_it_wrong()` when `check_ajax_referer()` is called without its first parameter. This brings it inline with `check_admin_referer()`.
Fixes #36361

Built from https://develop.svn.wordpress.org/trunk@38420


git-svn-id: http://core.svn.wordpress.org/trunk@38361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-28 17:15:28 +00:00
Scott Taylor 390ceba6c7 Bootstrap: after r38409 and r38410, revert r38402 which reverted r38399.
This fixes the paths in `wp-vendor/` that were including `src`. I want to drop this in so we can find out what else will break.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38411


git-svn-id: http://core.svn.wordpress.org/trunk@38352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 22:32:37 +00:00
Dion Hulse 0e31a46161 Bootstrap: Revert [38399] as it's broken `/build/` and subsequently core.svn.wordpress.org.
The generated classmaps reference `/src/` files and operates in the assumption that the base directory is one level above `wp-settings.php`, which it isn't after our build processes are run.

See #36335

Built from https://develop.svn.wordpress.org/trunk@38402


git-svn-id: http://core.svn.wordpress.org/trunk@38343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 14:37:32 +00:00
Scott Taylor 6a529648cf Bootstrap: Autoload classes using a Composer-generated PHP 5.2-compatible Autoloader.
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.

The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php

We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php

When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.

The future is now.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38399


git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 09:15:29 +00:00
Scott Taylor 481123661c Load: load `class-phpass.php` (`PasswordHash` class) early in `wp-settings.php`, instead of `require_once()`'ing it in several places.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38371


git-svn-id: http://core.svn.wordpress.org/trunk@38312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-26 17:40:35 +00:00
Drew Jaynes f07f1b126e Docs: Add a missing parenthesis in an example in the DocBlock for `wp_redirect()`.
Props shayanys.
See #37770.

Built from https://develop.svn.wordpress.org/trunk@38350


git-svn-id: http://core.svn.wordpress.org/trunk@38291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-25 07:36:31 +00:00
Scott Taylor b7812bd416 AJAX: add a new function, `wp_doing_ajax()`, which can replace... (wait for it...) `DOING_AJAX` checks via the constant.
Props Mte90, sebastian.pisula, swissspidy.
Fixes #25669.

Built from https://develop.svn.wordpress.org/trunk@38334


git-svn-id: http://core.svn.wordpress.org/trunk@38275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-23 14:33:30 +00:00
Boone Gorges 54fe38c7cc Mail: Don't set Sender field when setting From.
[38058] changed `wp_mail()` so that it used PHPMailer's `setFrom()`
method rather than setting the From and FromName headers directly. See
behavior of setting the `Sender` field. This causes `mail` to be
called with the `-f` flag, which causes outgoing email to fail on some
server environments.

Props Clorith, iandunn, DrewAPicture.
Fixes #37736.
Built from https://develop.svn.wordpress.org/trunk@38286


git-svn-id: http://core.svn.wordpress.org/trunk@38227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-20 02:17:38 +00:00
Boone Gorges 905f4ec0f8 Mail: Improve handling of UTF-8 address headers.
Previously, `wp_mail()` implemented Reply-To as a generic header, using
PHPMailer's `addCustomHeader()`. As such, the email address portion of
the header was being incorrectly encoded when the name portion
contained UTF-8 characters. Switching to PHPMailer's more specific
`addReplyTo()` method fixes the issue.

For greater readability, the handling of all address-related headers
(To, CC, BCC, Reply-To) has been standardized.

Props szepe.viktor, iandunn, bpetty, stephenharris.
Fixes #21659.
Built from https://develop.svn.wordpress.org/trunk@38058


git-svn-id: http://core.svn.wordpress.org/trunk@37999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 18:04:28 +00:00
Drew Jaynes 6c7148943b Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide.
Ajax, while considered an acronym for Asynchronous JavaScript and XML, is most commonly capitalized only in the first character.

Part props ocean90.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38028


git-svn-id: http://core.svn.wordpress.org/trunk@37969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 00:51:30 +00:00
Sergey Biryukov 139387b7e5 Docs: Use 3-digit, x.x.x-style semantic versioning for `_doing_it_wrong()`, `_deprecated_function()`, `_deprecated_argument()`, and `_deprecated_file()` throughout core.
Props metodiew.
Fixes #36495.
Built from https://develop.svn.wordpress.org/trunk@37985


git-svn-id: http://core.svn.wordpress.org/trunk@37926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-06 12:40:29 +00:00
Jeremy Felt 6f3f00ea97 Multisite: Change `WP_Network` `id` property to an integer.
For consistency and developer sanity.

Props flixos90.
Fixes #37050.

Built from https://develop.svn.wordpress.org/trunk@37870


git-svn-id: http://core.svn.wordpress.org/trunk@37811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-26 14:26:29 +00:00
Sergey Biryukov bbd663415c Text Changes: Simplify two strings in `wp_password_change_notification()`.
Add translator comments.

Props ramiy.
See #35736.
Built from https://develop.svn.wordpress.org/trunk@37704


git-svn-id: http://core.svn.wordpress.org/trunk@37670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-14 22:09:28 +00:00
Jeremy Felt d75f77a410 Admin: Allow for the consistent filtering of `auth_redirect_scheme`
Fixes #37047.

Built from https://develop.svn.wordpress.org/trunk@37651


git-svn-id: http://core.svn.wordpress.org/trunk@37617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-07 20:49:30 +00:00
Drew Jaynes 9193013158 Docs: Apply inline `@see` tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

Fixes #36921.

Built from https://develop.svn.wordpress.org/trunk@37544


git-svn-id: http://core.svn.wordpress.org/trunk@37512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:02:28 +00:00
Drew Jaynes 6c534918d4 Docs: Standardize filter docs in wp-includes/pluggable.php to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37508


git-svn-id: http://core.svn.wordpress.org/trunk@37476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:35:27 +00:00
Eric Lewis 02a4e761f2 Users: Correct inline docs for cookie expiration.
Props kjbenk.
Fixes #35568.

Built from https://develop.svn.wordpress.org/trunk@37315


git-svn-id: http://core.svn.wordpress.org/trunk@37281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-27 02:52:28 +00:00
Sergey Biryukov c371296223 Users: In `wp_new_user_notification()`, sdd `'user'` option for the `$notify` parameter, which allows for sending notification only to the user created.
Props akibjorklund.
Fixes #36009.
Built from https://develop.svn.wordpress.org/trunk@37276


git-svn-id: http://core.svn.wordpress.org/trunk@37242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-21 10:20:27 +00:00
Drew Jaynes 11ab384086 Docs: Improve 4.5 changelog entries introduced in [36992] for `wp_authenticate()`, and the `authenticate` and `wp_login_failed` hooks.
See #9568. See #35986.

Built from https://develop.svn.wordpress.org/trunk@37030


git-svn-id: http://core.svn.wordpress.org/trunk@36997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-17 08:06:27 +00:00
John Blackbourn 621085a360 Users: Add `@since` entries to `wp_authenticate()` and its filters now that the `$username` parameter can also be an email address.
See #9568, #35986

Built from https://develop.svn.wordpress.org/trunk@36992


git-svn-id: http://core.svn.wordpress.org/trunk@36959 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-14 22:31:27 +00:00
Sergey Biryukov ef7a559e2e Docs: Correct filter reference in `pre_get_avatar` filter description.
Props henry.wright.
Fixes #36031.
Built from https://develop.svn.wordpress.org/trunk@36800


git-svn-id: http://core.svn.wordpress.org/trunk@36767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-02 03:41:28 +00:00
Dominik Schilling e5ea82d81a Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective).
Props obrienlabs, thewanderingbrit.
Fixes #34887.
Built from https://develop.svn.wordpress.org/trunk@36709


git-svn-id: http://core.svn.wordpress.org/trunk@36676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-25 12:53:27 +00:00
Drew Jaynes f5ea3e5dac Docs: Make a few syntactical improvements to the DocBlock for `_wp_get_current_user()`, introduced in [36651].
Includes a cross reference from the DocBlock for `wp_get_current_user()`, which itself is pluggable, but the new internal function is not.

See #19615. See #32246.

Built from https://develop.svn.wordpress.org/trunk@36705


git-svn-id: http://core.svn.wordpress.org/trunk@36672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-25 05:07:26 +00:00
Sergey Biryukov f170058209 Mail: Correct `compact()` usage in `wp_mail()`.
Props Ankit K Gupta, maweder.
Fixes #35781 for trunk.
Built from https://develop.svn.wordpress.org/trunk@36688


git-svn-id: http://core.svn.wordpress.org/trunk@36655 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 17:38:27 +00:00
Pascal Birchler 9612c26db3 Users: Introduce `_wp_get_current_user()` for improved backward compatibility.
This new helper function is used by the pluggable functions `wp_get_current_user()` and `get_currentuserinfo()`, which was previously being called by the former before [36311]. Without it, infinite loops could be caused when plugins implement these functions, as they are now called the other way around.

Fixes #19615.
Built from https://develop.svn.wordpress.org/trunk@36651


git-svn-id: http://core.svn.wordpress.org/trunk@36618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 22:26:28 +00:00
Dominik Schilling 7ebe2c1e7a Authentication: Allow users to log in using their email address.
Introduces `wp_authenticate_email_password()` which is hooked into `authenticate` after `wp_authenticate_username_password()`.

Props Denis-de-Bernardy, ericlewis, vhomenko, MikeHansenMe, swissspidy, ocean90.
Fixes #9568.
Built from https://develop.svn.wordpress.org/trunk@36617


git-svn-id: http://core.svn.wordpress.org/trunk@36584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-22 23:15:27 +00:00
Rachel Baker 06225cc394 Comments: Refresh the Moderate Comment screen for a friendlier experience with email moderation actions.
Brings some love to this neglected screen:
* format `comment_content`, instead of escaping in one massive block of text
* only wrap the comment date in a link if the comment permalink exists
* include link to the Edit Comment screen at the bottom of the comment_content
* update the message styles to match other screens
* append `#wpbody-content` to the comment email message links for accessibility

Props johnbillion, rachelbaker, afercia, melchoyce, karmatosed.

Fixes #34133
Built from https://develop.svn.wordpress.org/trunk@36588


git-svn-id: http://core.svn.wordpress.org/trunk@36555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-19 19:14:26 +00:00
Dominik Schilling 72c6f7f86f Suppress possible warnings in PHP < 5.3.3 by `parse_url()` in `wp_validate_redirect()`.
PHP 5.3.3 removed the E_WARNING that was emitted when URL parsing failed.
Built from https://develop.svn.wordpress.org/trunk@36446


git-svn-id: http://core.svn.wordpress.org/trunk@36413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 16:34:27 +00:00
Aaron Jorbin 5c4031dd84 Revert [35792]
This causes a regression and causes redirects to potentially fail.

See #5114 #34028
props ocean90

Built from https://develop.svn.wordpress.org/trunk@36445


git-svn-id: http://core.svn.wordpress.org/trunk@36412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 16:24:26 +00:00
Dominik Schilling 361ed7a3d6 Better validation of the URL used in HTTP redirects.
Built from https://develop.svn.wordpress.org/trunk@36444


git-svn-id: http://core.svn.wordpress.org/trunk@36411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 15:11:28 +00:00
Dominik Schilling c5e3716c11 Docs: Fix `@return` type for `wp_get_current_user()` after [36313].
See #19615.
Built from https://develop.svn.wordpress.org/trunk@36314


git-svn-id: http://core.svn.wordpress.org/trunk@36281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-15 11:16:26 +00:00
Pascal Birchler 9cd880d356 Users: Always return `$current_user` in `wp_get_current_user()`, never a boolean.
Fixes unit tests affected by [36311].

See #19615.
Built from https://develop.svn.wordpress.org/trunk@36313


git-svn-id: http://core.svn.wordpress.org/trunk@36280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-15 10:47:25 +00:00
Pascal Birchler 283684b616 Users: Deprecate the `get_currentuserinfo()` pluggable function.
It encourages an ugly pattern like `global $userdata; get_currentuserinfo();` in plugins/themes. `wp_get_current_user()` should be used instead, e.g. `$current_user = wp_get_current_user();`.

Props scribu for initial patch.
Fixes #19615.
Built from https://develop.svn.wordpress.org/trunk@36311


git-svn-id: http://core.svn.wordpress.org/trunk@36278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-15 10:16:27 +00:00
Eric Lewis c52af7470b Login is not a verb, change "login" to "log in".
See #35387

Built from https://develop.svn.wordpress.org/trunk@36246


git-svn-id: http://core.svn.wordpress.org/trunk@36213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-09 21:08:26 +00:00
Eric Lewis 2f41867519 Users: Fix incorrect docs for user authentication and login functions.
Fixes #35387

Built from https://develop.svn.wordpress.org/trunk@36245


git-svn-id: http://core.svn.wordpress.org/trunk@36212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-09 20:52:27 +00:00
Sergey Biryukov b0b561517d Docs: Fix typo in a comment in `wp_rand()`.
Props boluda.
Fixes #35228.
Built from https://develop.svn.wordpress.org/trunk@36102


git-svn-id: http://core.svn.wordpress.org/trunk@36067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-26 11:07:28 +00:00
Drew Jaynes 7b19006ce1 Docs: Add missing parameter and return notations to the DocBlock for `_wp_sanitize_utf8_in_redirect()`.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35980


git-svn-id: http://core.svn.wordpress.org/trunk@35945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-16 23:15:27 +00:00
John Blackbourn 593cc9abbd Add missing `@param` docs to `wp_safe_redirect()` and `wp_sanitize_redirect()`.
See #32246

Built from https://develop.svn.wordpress.org/trunk@35914


git-svn-id: http://core.svn.wordpress.org/trunk@35878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-14 02:43:25 +00:00
John Blackbourn 9f7165d522 Add missing `@param` doc to `wp_hash()`.
See #32246

Built from https://develop.svn.wordpress.org/trunk@35913


git-svn-id: http://core.svn.wordpress.org/trunk@35877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-14 02:39:26 +00:00
John Blackbourn 48380c58a5 Add missing `@param` doc to `wp_check_password()` and update the `check_password` filter docs.
See #32246

Built from https://develop.svn.wordpress.org/trunk@35909


git-svn-id: http://core.svn.wordpress.org/trunk@35873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-14 02:30:26 +00:00
Aaron Campbell 894526c78d Consider both home and site domains to be valid in `wp_validate_redirect()`.
Props layotte.
Fixes #34028.

Built from https://develop.svn.wordpress.org/trunk@35792


git-svn-id: http://core.svn.wordpress.org/trunk@35756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:17:24 +00:00
Dominik Schilling 0632e4ab84 Passwords: Support the pre-4.3 behavior of `wp_new_user_notification()`.
Hello, it's me again. A pluggable function named `wp_new_user_notification()`. A few months ago, after [33023], I have lost my second parameter `$plaintext_pass`. But thanks to [33620] I got a new one.
Bad idea - It hasn't had the same behavior as my previous parameter.
To solve that the second parameter got deprecated and reintroduced as the third parameter in [34116]. I was happy again, for a short time.
You remember my lost friend `$plaintext_pass`? No? Well, if its value was empty no notification was sent to the user. This behavior was still lost. And that's what this change is about: Don't notify a user if a plugin uses `wp_new_user_notification( $user_id )`.

You're asking if I'm happy now? Dunno, but maybe you have learned something about pluggable functions, have you?

Props danielbachhuber.
Fixes #34377.
Built from https://develop.svn.wordpress.org/trunk@35735


git-svn-id: http://core.svn.wordpress.org/trunk@35699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 23:07:26 +00:00
Scott Taylor 34a9b6e428 Mail: in `wp_notify_postauthor()` and `wp_notify_moderator()`, ensure that special chars aren't HTML-encoded in the email message body.
Props solarissmoke, leemon.
Fixes #12584.

Built from https://develop.svn.wordpress.org/trunk@35415


git-svn-id: http://core.svn.wordpress.org/trunk@35379 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-28 18:03:24 +00:00
Dion Hulse 53afc72ab7 Update to Random_Compat 1.0.9.
This update includes fixes for Windows support & libSodium support, and removes the `Throwable` Polyfill due to PHP7 incompatibilities. 

Fixes #28633

Built from https://develop.svn.wordpress.org/trunk@35365


git-svn-id: http://core.svn.wordpress.org/trunk@35330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-23 04:22:26 +00:00
Drew Jaynes f954194a1c Comments: Introduce two new filters, `notify_moderator` and `notify_post_author`, both of which make it possible to selectively override site notification email settings for new comments.
The `notify_moderator` filter makes it possible to override the value for the `moderation_notify` option, which controls whether to send new comment emails to "site moderators", that is to say, the owner of the admin email for the site and the post author if they have the ability to modify the comment.

The `notify_post_author` filter likewise makes it possible to override the value for the `comments_notify` option, which controls whether to send new comment emails to the post author. If the post author is the comment author, default behavior is not to send the notification. Note: enabling or disabling notifications via this hook could also affect other recipients added via the 'comment_notification_recipients' filter in `wp_notify_postauthor()`, if hooked.

Passing a falsey value to either of the new filters will prevent notifications from being sent, regardless of their corresponding option values.

Adds tests.

Props coffee2code, adamsilverstein, DrewAPicture.
Fixes #761.

Built from https://develop.svn.wordpress.org/trunk@35339


git-svn-id: http://core.svn.wordpress.org/trunk@35305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 18:35:31 +00:00
Drew Jaynes 217b661703 Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35170


git-svn-id: http://core.svn.wordpress.org/trunk@35136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-14 23:44:25 +00:00
Sergey Biryukov b40e362711 Fix typo in `get_avatar()` and `get_avatar_data()` docs.
Props johnjamesjacoby.
Fixes #34232.
Built from https://develop.svn.wordpress.org/trunk@34988


git-svn-id: http://core.svn.wordpress.org/trunk@34953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-09 15:52:24 +00:00
Sergey Biryukov 072cdf116a Fix typo in `wp_rand()` docs.
See #28633.
Built from https://develop.svn.wordpress.org/trunk@34986


git-svn-id: http://core.svn.wordpress.org/trunk@34951 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-09 05:20:23 +00:00
Dion Hulse 4852cbf14b Use PHP7's `random_int()` CSPRNG functionality in `wp_rand()` with a fallback to the `random_compat` library for PHP 5.x.
`random_compat` offers a set of compatible functions for older versions of PHP, filling in the gap by using other PHP extensions when available.
We still include our existing `wp_rand()` functionality as a fallback for when no proper CSPRNG exists on the system.

Take Two, this was previously committed in [34922] but had an issue on PHP 5.2 which sarciszewski has now resolved.

Props sarciszewski
See #28633

Built from https://develop.svn.wordpress.org/trunk@34981


git-svn-id: http://core.svn.wordpress.org/trunk@34946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-09 04:28:24 +00:00
Boone Gorges 48493cdf3a Allow a null `id` to do a `name` lookup in `wp_set_current_user()`.
Previously, the `name` fallback was failing in the case where the current user
was 0, due to a loose comparison between 0 (the current user) and `null` (the
value that is used to trigger the `name` fallback).

Props bobbingwide.
Fixes #20845.
Built from https://develop.svn.wordpress.org/trunk@34947


git-svn-id: http://core.svn.wordpress.org/trunk@34912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 17:29:24 +00:00
Dion Hulse bb8ba86ed1 Revert [34922] pending PHP 5.2 compatibility.
See #28633

Built from https://develop.svn.wordpress.org/trunk@34924


git-svn-id: http://core.svn.wordpress.org/trunk@34889 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 00:17:24 +00:00
Dion Hulse 0e322469a6 Use PHP7's `random_int()` CSPRNG functionality in `wp_rand()` with a fallback to the `random_compat` library for PHP 5.x.
`random_compat` offers a set of compatible functions for older versions of PHP, filling in the gap by using other PHP extensions when available.
We still include our existing `wp_rand()` functionality as a fallback for when no proper CSPRNG exists on the system.

Props sarciszewski
See #28633

Built from https://develop.svn.wordpress.org/trunk@34922


git-svn-id: http://core.svn.wordpress.org/trunk@34887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 00:02:24 +00:00
Jeremy Felt 9926983b66 Revert [34778], continue using `_site_option()` for the current network.
The `_network_option()` parameter order will be changing to accept `$network_id` first. The `_site_option()` functions will remain in use throughout core as our way of retrieving a network option for the current network.

See #28290.

Built from https://develop.svn.wordpress.org/trunk@34912


git-svn-id: http://core.svn.wordpress.org/trunk@34877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 17:11:25 +00:00
Jeremy Felt 54512d64cb MS: Use `*_network_option()` functions throughout core.
Replaces all uses of `*_site_option()` with the corresponding "network" function.

This excludes one usage in `wp-admin/admin-footer.php` that needs more investigation.

Props spacedmonkey.
See #28290.

Built from https://develop.svn.wordpress.org/trunk@34778


git-svn-id: http://core.svn.wordpress.org/trunk@34743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-02 19:08:26 +00:00
Scott Taylor 84da11d918 Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`.
Fixes #20523.

Built from https://develop.svn.wordpress.org/trunk@34348


git-svn-id: http://core.svn.wordpress.org/trunk@34312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-20 03:52:25 +00:00
Scott Taylor 956f076095 After [34160], also upgrade objects passed to `get_avatar()`.
See #32619.


Built from https://develop.svn.wordpress.org/trunk@34244


git-svn-id: http://core.svn.wordpress.org/trunk@34208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 17:34:24 +00:00
Sergey Biryukov 15b69a0862 Docs: Fix some syntactical issues with the DocBlock for `wp_mail_failed` action, introduced in [34221].
Fixes #18926.
Built from https://develop.svn.wordpress.org/trunk@34239


git-svn-id: http://core.svn.wordpress.org/trunk@34203 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 15:13:26 +00:00
Aaron Jorbin 1bd52ae1aa Fire Action when mail exception is thrown.
new action is wp_mail_failed which contains a WP_Error object with the phpmailerException code, message and an array with the mail information. Plugins can hook in and log when mails fail to send due to a phpmailer issue.

Props soulseekah
Fixes #18926


Built from https://develop.svn.wordpress.org/trunk@34221


git-svn-id: http://core.svn.wordpress.org/trunk@34185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 23:51:23 +00:00
Scott Taylor b1bc8a6522 More comment functions can accept a full object instead of comment_ID to reduce cache/db lookups.
See ##33638.


Built from https://develop.svn.wordpress.org/trunk@34129


git-svn-id: http://core.svn.wordpress.org/trunk@34097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 21:40:24 +00:00
Boone Gorges ef474c6970 Accept 'ID' as a valid `$field` in `get_user_by()`.
We already accept 'id'. `ID` more closely matches the database and
`WP_User` schemas.

Props Shelob9.
Fixes #33869.
Built from https://develop.svn.wordpress.org/trunk@34125


git-svn-id: http://core.svn.wordpress.org/trunk@34093 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 18:58:26 +00:00
Dominik Schilling 4af3a3374e Passwords: Deprecate second parameter of `wp_new_user_notification()`.
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.

Adds unit tests.

Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes #33654.

(Don't ask for new pluggables kthxbye)
Built from https://develop.svn.wordpress.org/trunk@34116


git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 12:43:26 +00:00
Boone Gorges b62bcef1b1 Send password-change email notifications via hook.
`wp_password_change_notification()` is now called at the 'after_password_reset'
action, rather than being invoked directly from the `reset_password()` function.

In order to make it possible to call `wp_password_change_notification()` as a
`do_action()` callback, the function signature has to be changed so that the
`$user` parameter is expected to be a value rather than a reference. Since
PHP 5.0, objects are passed by reference, so `&$user` was unnecessary anyway.

Props dshanske, thomaswm.
See #33587.
Built from https://develop.svn.wordpress.org/trunk@34107


git-svn-id: http://core.svn.wordpress.org/trunk@34075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:45:25 +00:00
Dominik Schilling a03488dbf6 Users: Import the global var `$wp_hasher` in `wp_new_user_notification()`.
Adds `@global` entries to the DocBlock.

Fixes #33826.
Built from https://develop.svn.wordpress.org/trunk@34052


git-svn-id: http://core.svn.wordpress.org/trunk@34020 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 19:10:26 +00:00
Scott Taylor db4f22bfb5 After [33961], pass `$comment` to `get_comment_link()` where possible to avoid extra cache/db lookups.
See #33638.

Built from https://develop.svn.wordpress.org/trunk@34042


git-svn-id: http://core.svn.wordpress.org/trunk@34010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 06:21:25 +00:00
Scott Taylor 4465a83b95 After [34015], handle orphaned comments in the Dashboard comments widget. Pass full `$comment` versus just passing the comment ID when possible.
See #33710.

Built from https://develop.svn.wordpress.org/trunk@34038


git-svn-id: http://core.svn.wordpress.org/trunk@34006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 05:56:24 +00:00
Scott Taylor e73ee5ac98 Introduce `WP_Comment` class to model/strongly-type rows from the comments database table. Inclusion of this class is a pre-req for some more general comment cleanup and sanity.
* Takes inspiration from `WP_Post` and adds sanity to comment caching. 
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now

Props wonderboymusic, nacin.

See #32619.

Built from https://develop.svn.wordpress.org/trunk@33891


git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 18:17:24 +00:00
Drew Jaynes cf7694717b Docs: Clarify the DocBlock summary for `wp_create_nonce()` to mention that nonce-creation is also now dependent on user tokens, as of [29221].
Also adds a changelog entry for when user tokens were introduced into the nonce-creation process.

Props ericlewis
Fixes #33636.

Built from https://develop.svn.wordpress.org/trunk@33827


git-svn-id: http://core.svn.wordpress.org/trunk@33795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-31 20:50:20 +00:00
Helen Hou-Sandí 1f500055a6 Drop the hyphen from e-mail and standardize on email.
The AP Stylebook changed this in 2011, and we're woefully inconsistent, so let's go with the standard.

props morganestes, voldemortensen, niallkennedy (for patching on the previous AP style).
fixes #26156.

Built from https://develop.svn.wordpress.org/trunk@33774


git-svn-id: http://core.svn.wordpress.org/trunk@33742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-28 03:17:21 +00:00
Sergey Biryukov 1f4ae40c03 Add `'wp_verify_nonce_failed'` action that fires when nonce verification fails.
props johnbillion, garza, Shelob9.
fixes #24030.
Built from https://develop.svn.wordpress.org/trunk@33744


git-svn-id: http://core.svn.wordpress.org/trunk@33712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 00:06:21 +00:00
Sergey Biryukov b34af5586a Fire the `check_ajax_referer` action on failure as well as success.
See [33017] for `check_admin_referer`.

props egill.
fixes #33342.
Built from https://develop.svn.wordpress.org/trunk@33743


git-svn-id: http://core.svn.wordpress.org/trunk@33711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 23:25:21 +00:00
Scott Taylor ef87172270 `foreach` is a statement, not a function.
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
Scott Taylor 5510b519f5 In `wp_sanitize_redirect()`, don't eat `@` characters. According to RFC 3986, "@" is a perfectly valid character in a URL path or query string.
Adds unit test.

Props markjaquith.
Fixes #18818.

Built from https://develop.svn.wordpress.org/trunk@33707


git-svn-id: http://core.svn.wordpress.org/trunk@33674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-22 17:05:24 +00:00
Drew Jaynes bec5bcf717 Docs: Mark the `$notify` parameter in the DocBlock for `wp_new_user_notification()` as optional, and provide additional context on the difference between the accepted values.
See [33620] and [33023] for background.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@33664


git-svn-id: http://core.svn.wordpress.org/trunk@33631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 18:26:26 +00:00
Konstantin Obenland e6bc6242ad Passwords: Restore second parameter for `wp_new_user_notification()`.
After [33023] users would always be notified, this restores previous behavior.

Props markjaquith, ocean90.
Fixes #33358.


Built from https://develop.svn.wordpress.org/trunk@33620


git-svn-id: http://core.svn.wordpress.org/trunk@33587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-17 14:25:27 +00:00
Konstantin Obenland 7e3f0cf45e Passwords: New UI for install screen.
Also synchronises the use of `pw_weak` as an input name and removes trailing
periods from checkbox labels.

Props MikeHansenMe, adamsilverstein, obenland.
See #32589.


Built from https://develop.svn.wordpress.org/trunk@33246


git-svn-id: http://core.svn.wordpress.org/trunk@33218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 22:22:24 +00:00
Drew Jaynes 92d342f0d2 Fix the parameter description syntax in the hook docs for the `wp_safe_redirect_fallback` filter, added in 4.3.
See #32891.

Built from https://develop.svn.wordpress.org/trunk@33233


git-svn-id: http://core.svn.wordpress.org/trunk@33205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 21:46:25 +00:00
Mark Jaquith 423a1a7ca4 New password change/set UI.
* Generate the password for the user
* More tightly integrate password strength meter
* Warn on weak passwords

see #32589

props MikeHansenMe, adamsilverstein, binarykitten
Built from https://develop.svn.wordpress.org/trunk@33023


git-svn-id: http://core.svn.wordpress.org/trunk@32994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 14:48:24 +00:00
Helen Hou-Sandí 275bff1895 Fire the `check_admin_referer` action on failure as well as success.
This enables things like logging nonce failures in the admin.

props markjaquith.
fixes #32207.

Built from https://develop.svn.wordpress.org/trunk@33017


git-svn-id: http://core.svn.wordpress.org/trunk@32988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 03:37:23 +00:00
Sergey Biryukov 74c7f59bb2 Revert [32702]. The URL may not have an `s` parameter as there are filters in place so that a plugin can return a URL with a completely different structure.
see #32572.
Built from https://develop.svn.wordpress.org/trunk@32969


git-svn-id: http://core.svn.wordpress.org/trunk@32940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 08:35:24 +00:00
Scott Taylor f23199caaa Remove the `whois.arin.net` link from `wp_notify_postauthor()` and `wp_notify_moderator()`.
Also, remove from `edit-form-comment.php` and add a new filter: `edit_comment_misc_actions`. 

Props ozh, joedolson, rachelbaker.
Fixes #15281.

Built from https://develop.svn.wordpress.org/trunk@32929


git-svn-id: http://core.svn.wordpress.org/trunk@32900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-24 20:56:27 +00:00
Scott Taylor 5c6b63d3a6 `if` is a statment, not a function.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32800


git-svn-id: http://core.svn.wordpress.org/trunk@32771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 20:01:25 +00:00
Dion Hulse 2b2368d68f Add a filter to wp_safe_redirect() for the fallback URL.
Props anubisthejackle. Fixes #22612

Built from https://develop.svn.wordpress.org/trunk@32793


git-svn-id: http://core.svn.wordpress.org/trunk@32764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 05:26:26 +00:00
Scott Taylor f888767c73 `$status` shouldn't be loosely compared to `true` in `wp_xmlrpc_server::wp_deleteComment()`.
`$initial` shouldn't be loosely compared to `true` in `get_calendar()`.
`current_user_can()` shouldn't be loosely compared to `false` in `kses_init()`
`$get_all` shouldn't be loosely compared to `true` in `get_blog_details()`.
`is_array()` and `in_array()` shouldn't be loosely compared in `wpmu_validate_user_signup()`.
`$result` should by strictly compared in `check_ajax_referer()`.
`wp_verify_nonce()` should by strictly compared in `_show_post_preview()`.
`is_user_logged_in()` should not be loosly compared against `false` in `wp-signup.php`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32733


git-svn-id: http://core.svn.wordpress.org/trunk@32704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 17:48:26 +00:00
Sergey Biryukov c9dd28908a In `get_avatar()`, avoid a second `get_avatar_data()` call to get the 2x URL.
props ravinderk.
fixes #32572.
Built from https://develop.svn.wordpress.org/trunk@32702


git-svn-id: http://core.svn.wordpress.org/trunk@32672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-07 14:58:26 +00:00
Boone Gorges f88996bed7 In `wp_notify_moderator()`, don't throw notice when comment belongs to a post with no author.
Props Oxymoron.
Fixes #32566.
Built from https://develop.svn.wordpress.org/trunk@32692


git-svn-id: http://core.svn.wordpress.org/trunk@32662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-04 17:29:25 +00:00
Scott Taylor 26554549c7 Add missing doc blocks for `pluggable.php`.
Correct some `@return` values.
`is_user_logged_in()` can simply return the `->exists()` call instead of if/else'ing true/false.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32614


git-svn-id: http://core.svn.wordpress.org/trunk@32584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-27 15:32:26 +00:00
John Blackbourn bb02256966 Introduce a `$token` argument to `wp_set_auth_cookie()` so session tokens can be reused by custom authentication implementations.
Props rmccue

Fixes 30247

Built from https://develop.svn.wordpress.org/trunk@32465


git-svn-id: http://core.svn.wordpress.org/trunk@32435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-09 00:28:27 +00:00
Gary Pendergast 7ca423d449 The UTF-8 regex can occasionally fail on very low memory machines. Reduce the amount of memory it uses.
See #32204.


Built from https://develop.svn.wordpress.org/trunk@32375


git-svn-id: http://core.svn.wordpress.org/trunk@32345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 06:58:24 +00:00
Sergey Biryukov eef2dcfccd Merge two different translator comments for the same string.
props pavelevap.
fixes #31999.
Built from https://develop.svn.wordpress.org/trunk@32210


git-svn-id: http://core.svn.wordpress.org/trunk@32183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 15:36:26 +00:00
Boone Gorges 5b629644f9 Improve handling of incomplete From and Content-Type headers in `wp_mail()`.
When an incomplete header is provided (eg, 'From' with an email address but no
name), ensure that the WP defaults are filled in properly.

Props valendesigns.
Fixes #30266.
Built from https://develop.svn.wordpress.org/trunk@32070


git-svn-id: http://core.svn.wordpress.org/trunk@32049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-07 20:10:26 +00:00
Drew Jaynes 46cf634c90 Various inline documentation syntactical fixes in wp-includes/pluggable.php for 4.2 changes.
See #31888.

Built from https://develop.svn.wordpress.org/trunk@32045


git-svn-id: http://core.svn.wordpress.org/trunk@32024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-05 16:46:26 +00:00
Sergey Biryukov a1fb0a378c Restore line breaks before comment text in comment notification emails.
fixes #31508.
Built from https://develop.svn.wordpress.org/trunk@31770


git-svn-id: http://core.svn.wordpress.org/trunk@31750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-13 18:29:27 +00:00
Helen Hou-Sandí 0b3170fc7d Gravatars: Remove redundant 1x srcset.
props miqrogroove.
see #22329.

Built from https://develop.svn.wordpress.org/trunk@31722


git-svn-id: http://core.svn.wordpress.org/trunk@31703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-11 16:56:27 +00:00
Helen Hou-Sandí 0bf35836c3 Gravatars: Enable HiDPI versions for browsers that support srcset.
props iseulde.
see #22329.

Built from https://develop.svn.wordpress.org/trunk@31721


git-svn-id: http://core.svn.wordpress.org/trunk@31702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-11 16:32:26 +00:00
Drew Jaynes 33d9dd8066 Adjust the description for the `$extra_attr` argument in the DocBlocks for `get_avatar_data()` and `get_avatar()`.
See [31561]. See #31469.

Built from https://develop.svn.wordpress.org/trunk@31591


git-svn-id: http://core.svn.wordpress.org/trunk@31572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-01 07:19:24 +00:00
Gary Pendergast 18bb886b22 When sanitizing a URL to redirect to, UTF-8 characters can be URL encoded, instead of being removed.
While RFC 3986 does not specify which character sets are allowed in URIs, Section 2.5 states that octects matching UTF-8 character encoding should be percent-encoded, then unreserved octets outside of the UTF-8 range should be percent-encoded. As browsers tend to only implement support for UTF-8 in URLs, this change only implements the UTF-8 encoding part. We may revisit the second part if it becomes an issue.

Fixes #31486


Built from https://develop.svn.wordpress.org/trunk@31587


git-svn-id: http://core.svn.wordpress.org/trunk@31568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-28 02:21:26 +00:00
Scott Taylor e899c370a4 In `get_avatar_data()` and `get_avatar()`, allow `height` and `width` to be specified separately (both default to `size`). Also allow arbitrary attributes on the `<img>` via the `extra_attr` arg.
Props miqrogroove.
See #31469.

Built from https://develop.svn.wordpress.org/trunk@31561


git-svn-id: http://core.svn.wordpress.org/trunk@31542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-26 21:17:24 +00:00
Sergey Biryukov add5f9bdf2 Remove `src` from duplicate hook comments for `get_avatar` and `get_avatar_data`.
see #21195.
Built from https://develop.svn.wordpress.org/trunk@31480


git-svn-id: http://core.svn.wordpress.org/trunk@31461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-19 14:59:26 +00:00
Sergey Biryukov 01bb8478ff Fix a typo in duplicate hook comment.
see [31107], #21195.
Built from https://develop.svn.wordpress.org/trunk@31479


git-svn-id: http://core.svn.wordpress.org/trunk@31460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-19 14:56:28 +00:00
Drew Jaynes 947d04f323 Improve return and parameter documentation for `check_admin_referer()`, `check_ajax_referer()`, and `wp_verify_nonce()`.
Also update and clarify docsfor the `check_admin_referer` and `check_ajax_referer` hooks.

Props johnbillion, DrewAPicture.
Fixes #31055.

Built from https://develop.svn.wordpress.org/trunk@31381


git-svn-id: http://core.svn.wordpress.org/trunk@31362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-09 04:57:27 +00:00
Scott Taylor fe6b5983df In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning.
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.

To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.

`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.

Props markoheijnen, wonderboymusic.
Fixes #25672.

Built from https://develop.svn.wordpress.org/trunk@31188


git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:06:24 +00:00
Gary Pendergast 4bc89fef32 In `get_avatar()`, revert the `<img>` tag attributes to using single quotes, instead of double quotes. This behaviour was changed in [31107], but caused problems for code that attempted to parse the `<img>` tag.
See #21195


Built from https://develop.svn.wordpress.org/trunk@31152


git-svn-id: http://core.svn.wordpress.org/trunk@31133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-12 00:03:24 +00:00
Scott Taylor ac654632fe Use `PHP_SAPI` constant instead of `php_sapi_name()` in `iis7_supports_permalinks()`, `wp_fix_server_vars()`, and `wp_redirect()`.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31120


git-svn-id: http://core.svn.wordpress.org/trunk@31101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 04:59:22 +00:00
Gary Pendergast 5ee3ff435d Add `get_avatar_url()`, for retrieving just the URL of an avatar, rather than the entire `<img>` tag that `get_avatar()` produces.
Unlike `get_avatar()`, `get_avatar_url()` is not pluggable. It can be extended/or modified through the new filters included.

Fixes #21195.

Props mdawaffe, pento, pathawks, DrewAPicture


Built from https://develop.svn.wordpress.org/trunk@31107


git-svn-id: http://core.svn.wordpress.org/trunk@31088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 04:43:23 +00:00
Sergey Biryukov e253251ef4 Remove space before comma in wp_notify_postauthor() and wp_notify_moderator().
see #30930.
Built from https://develop.svn.wordpress.org/trunk@31060


git-svn-id: http://core.svn.wordpress.org/trunk@31041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-06 17:17:21 +00:00
Sergey Biryukov 71d255fde1 Remove padding from the comment notification emails in wp_notify_moderator().
See [30015] for wp_notify_postauthor().

props pavelevap.
fixes #30930.
Built from https://develop.svn.wordpress.org/trunk@31059


git-svn-id: http://core.svn.wordpress.org/trunk@31040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-06 17:10:35 +00:00
John Blackbourn d614abe3a2 Allow brackets in a URL when it's sanitised for a redirect. Brackets are valid in query parameters.
Fixes #30308
Props voldemortensen

Built from https://develop.svn.wordpress.org/trunk@30684


git-svn-id: http://core.svn.wordpress.org/trunk@30674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 03:21:22 +00:00
John Blackbourn 17ddc06287 Allow square brackets in a URL when it's sanitised for a redirect. Square brackets are valid in query parameters and IPv6 addresses.
Fixes #17052
Props voldemortensen

Built from https://develop.svn.wordpress.org/trunk@30683


git-svn-id: http://core.svn.wordpress.org/trunk@30673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 03:16:22 +00:00
Scott Taylor 04453cbe01 Improve the `@param` docs for `src/wp-includes/pluggable*`.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30667


git-svn-id: http://core.svn.wordpress.org/trunk@30657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 22:19:25 +00:00
Drew Jaynes e4f52df62c Fix DocBlock formatting for `wp_generate_password()`.
Props stevegrunwell for the initial patch.
Fixes #30509.

Built from https://develop.svn.wordpress.org/trunk@30580


git-svn-id: http://core.svn.wordpress.org/trunk@30570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-26 20:38:23 +00:00
Dominik Schilling e002b0fc07 Type cast `$nonce` to string in `wp_verify_nonce()`.
props jesin.
fixes #29542.
Built from https://develop.svn.wordpress.org/trunk@30576


git-svn-id: http://core.svn.wordpress.org/trunk@30566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-26 19:19:23 +00:00
Drew Jaynes 188e47869f Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented.
Affects DocBlocks for the following core elements:
* Markdown-indent a code snippet in the description for `wp_salt()`
* Backtick-escape inline code in the return description for `get_avatar()`
* Various markdown formatting in the description for `add_filter()`
* Markdown-indent a code snippet in the description for `apply_filters()`
* Backtick-escape inline code in the `@see` description for `apply_filters_ref_array()`
* Backtick-escape inline code in the description for `do_action()`
* Backtick-escape variables in the parameter and return descriptions for `do_action_ref_array()`
* Various markdown formatting in the description for `get_plugin_data()`

Props rarst.
See #30473.

Built from https://develop.svn.wordpress.org/trunk@30544


git-svn-id: http://core.svn.wordpress.org/trunk@30533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-24 06:05:23 +00:00
Andrew Nacin ddb3ee5057 Use hash_equals() for old md5 hashes.
Built from https://develop.svn.wordpress.org/trunk@30412


git-svn-id: http://core.svn.wordpress.org/trunk@30407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 11:49:23 +00:00
Drew Jaynes f7648300c8 Add missing documentation for the `$password` parameter, passed to the `check_password` hook.
Props coffee2code.
Fixes #30311.

Built from https://develop.svn.wordpress.org/trunk@30381


git-svn-id: http://core.svn.wordpress.org/trunk@30378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-18 18:56:21 +00:00
Drew Jaynes 66c47f29bb Correct references of `@uses $wpdb` in core documentation to use `@global`.
See #30191, [30105].
Fixes #30217.

Built from https://develop.svn.wordpress.org/trunk@30122


git-svn-id: http://core.svn.wordpress.org/trunk@30122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-31 17:56:22 +00:00
Drew Jaynes f8657d5890 Remove redundant and erroneous `@uses` tag from most core inline documentation.
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.

Fixes #30191.

Built from https://develop.svn.wordpress.org/trunk@30105


git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
John Blackbourn 823cfebeca Remove padding from the comment notification emails which is from a bygone fixed-width font era. Prevents alignment issues in email clients which use vairable width fonts for plain text emails. Fixes #16721. Props DrewAPicture.
Built from https://develop.svn.wordpress.org/trunk@30015


git-svn-id: http://core.svn.wordpress.org/trunk@30015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-24 17:08:18 +00:00
Mark Jaquith e1f2b3b9e2 Use HTTPS URLs for trac.wordpress.org (and use core.trac.wordpress.org)
see #27115
Built from https://develop.svn.wordpress.org/trunk@29789


git-svn-id: http://core.svn.wordpress.org/trunk@29561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-29 13:37:16 +00:00
Andrew Nacin 75ff6ae302 Add safeguards for when ext/hash is not compiled with PHP.
see #29518, for trunk.

Built from https://develop.svn.wordpress.org/trunk@29751


git-svn-id: http://core.svn.wordpress.org/trunk@29523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-20 17:28:18 +00:00
Andrew Nacin 768136c6da Rename the public methods in the session tokens API.
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.

The protected abstract methods designed for alternative implementations remain the same.

props mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29635


git-svn-id: http://core.svn.wordpress.org/trunk@29409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 02:07:16 +00:00
Andrew Nacin 3951d9689c Require a non-empty $nonce value in wp_verify_nonce().
props ocean90.
fixes #29217.

Built from https://develop.svn.wordpress.org/trunk@29620


git-svn-id: http://core.svn.wordpress.org/trunk@29394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-26 07:39:19 +00:00
Drew Jaynes a227d4ff08 s/does/does not in `wp_set_password()` docblock.
See [29461]. See #28316.

Built from https://develop.svn.wordpress.org/trunk@29462


git-svn-id: http://core.svn.wordpress.org/trunk@29240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-10 02:44:16 +00:00
Drew Jaynes 0f7d35597c Improve the `wp_set_password()` PHPDoc with a note to guard against executing the function on every page load, such as through a theme's functions.php file.
See #28316.

Built from https://develop.svn.wordpress.org/trunk@29461


git-svn-id: http://core.svn.wordpress.org/trunk@29239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-10 02:39:16 +00:00
Andrew Nacin ee4ce8688d Escape late in get_avatar().
Built from https://develop.svn.wordpress.org/trunk@29397


git-svn-id: http://core.svn.wordpress.org/trunk@29175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 07:50:18 +00:00
Andrew Nacin 7d672c38a4 Constant time for wp_verify_nonce().
Built from https://develop.svn.wordpress.org/trunk@29382


git-svn-id: http://core.svn.wordpress.org/trunk@29160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:26:16 +00:00
Andrew Nacin 654e46f03d Tie cookies and nonces to user sessions so they may be invalidated upon logout.
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.

Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().

This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.

props duck_, nacin, mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29221


git-svn-id: http://core.svn.wordpress.org/trunk@29005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 09:13:15 +00:00
Sergey Biryukov 177fe21194 Asterisk is an allowed character in a URI and should not be stripped out by wp_sanitize_redirect().
fixes #28362.
Built from https://develop.svn.wordpress.org/trunk@28939


git-svn-id: http://core.svn.wordpress.org/trunk@28737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-01 15:56:15 +00:00
Scott Taylor c8852cc909 Use the `WPINC` constant when loading `class-phpass.php`
Props wojtek.szkutnik
See #14157.

Built from https://develop.svn.wordpress.org/trunk@28903


git-svn-id: http://core.svn.wordpress.org/trunk@28702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 22:12:16 +00:00
Andrew Nacin dc0aca09f5 Fix documentation for wp_create_nonce() which wrongly suggests these tokens are actually numbers used once.
Built from https://develop.svn.wordpress.org/trunk@28793


git-svn-id: http://core.svn.wordpress.org/trunk@28606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-20 20:47:14 +00:00
Scott Taylor 43bf7f271f Don't use variable variables in `wp_salt()`.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28741


git-svn-id: http://core.svn.wordpress.org/trunk@28555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 18:36:15 +00:00
Drew Jaynes cb0fc9c64b Update the `$secure_logged_in_cookie` variable in the 'secure_logged_in_cookie' hook docs following [28627].
See #15330.

Built from https://develop.svn.wordpress.org/trunk@28628


git-svn-id: http://core.svn.wordpress.org/trunk@28448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-30 15:20:16 +00:00
Andrew Nacin 733057e7d6 Use a secure logged_in_cookie when the home URL is forced HTTPS (see #27954).
see #15330.

Built from https://develop.svn.wordpress.org/trunk@28627


git-svn-id: http://core.svn.wordpress.org/trunk@28447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-30 15:08:15 +00:00
Scott Taylor 8e98541d5f Eliminate the use of `extract()` in `wp_mail()`. Check the filtered array for each value before re-setting variables.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28425


git-svn-id: http://core.svn.wordpress.org/trunk@28252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 06:17:15 +00:00
Scott Taylor f5bd0de275 Eliminate the use of `extract()` in `wp_validate_auth_cookie()`.
Don't do anything fancy here, just set the 4 returned properties to variables. This function is semi-important.
	
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28424


git-svn-id: http://core.svn.wordpress.org/trunk@28251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 06:11:13 +00:00
Andrew Nacin 7f001bfe24 Harden HMAC verification. props duck_.
Built from https://develop.svn.wordpress.org/trunk@28053


git-svn-id: http://core.svn.wordpress.org/trunk@27883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-08 18:06:16 +00:00
Drew Jaynes 684145ca81 Inline documentation fixes related to the `determine_current_user` filter
See #26706, #27700.

Built from https://develop.svn.wordpress.org/trunk@28007


git-svn-id: http://core.svn.wordpress.org/trunk@27837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-07 21:18:15 +00:00
Drew Jaynes 100e737eb0 Inline documentation for hooks in wp-includes/pluggable.php.
Props kpdesign for some cleanup.
Fixes #26888.

Built from https://develop.svn.wordpress.org/trunk@27825


git-svn-id: http://core.svn.wordpress.org/trunk@27659 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-28 21:21:15 +00:00
Andrew Nacin c3ca81ba94 Always decode special characters for email subjects.
props tlovett1, jeremyfelt.
fixes #25346.

Built from https://develop.svn.wordpress.org/trunk@27801


git-svn-id: http://core.svn.wordpress.org/trunk@27636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-28 02:44:15 +00:00
Andrew Nacin 182de5881d Avoid notices in wp_notify_postauthor() when a post has no author.
props drozdz.
fixes #26659.

Built from https://develop.svn.wordpress.org/trunk@27568


git-svn-id: http://core.svn.wordpress.org/trunk@27411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-17 20:31:14 +00:00
Andrew Nacin e7be7a0a8d Use get_comment_link() in wp_notify_postauthor().
Fixes pagination for the link directly to the moderated comment.

props eatingrules.
fixes #26133.

Built from https://develop.svn.wordpress.org/trunk@27567


git-svn-id: http://core.svn.wordpress.org/trunk@27410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-17 20:20:15 +00:00
Andrew Nacin acba3131d7 Allow for custom authentication handlers for all requests.
Turn the logic used by wp_get_current_user() into a determine_current_user filter.

props rmccue.
fixes #26706.

Built from https://develop.svn.wordpress.org/trunk@27484


git-svn-id: http://core.svn.wordpress.org/trunk@27328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-09 15:23:15 +00:00
Drew Jaynes db605f4767 Improve inline documentation for `wp_new_user_notification()`.
Props antorome for the initial patch.
Fixes #26703.

Built from https://develop.svn.wordpress.org/trunk@27149


git-svn-id: http://core.svn.wordpress.org/trunk@27016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-09 21:07:12 +00:00
Sergey Biryukov 1f86e0c1e1 Fix typo in wp_set_auth_cookie() description.
props drozdz.
fixes #27046.
Built from https://develop.svn.wordpress.org/trunk@27116


git-svn-id: http://core.svn.wordpress.org/trunk@26983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-07 09:47:12 +00:00
Drew Jaynes cd8cedc40d First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin.
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.

Built from https://develop.svn.wordpress.org/trunk@26868


git-svn-id: http://core.svn.wordpress.org/trunk@26754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-24 18:57:12 +00:00
Drew Jaynes 223a2c7138 Inline documentation for the following filter hooks in wp-includes/pluggable.php:
* `comment_notification_recipients`
* `comment_notification_notify_author`

Also removes some generic `@uses` tags from various related doc blocks.

Props markjaquith.
Fixes #25699.

Built from https://develop.svn.wordpress.org/trunk@26388


git-svn-id: http://core.svn.wordpress.org/trunk@26288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-26 04:10:09 +00:00
Mark Jaquith c2cdbf9648 Fix `comment_notification_recipients` filter behavior so that it is still respected even on comments left by the post author
The code was bailing on this-is-a-comment-on-your-own-post detection, ignoring additional recipients. Now:

* Logic check is done within `wp_notify_postauthor()`
* Logic check is overridable via `comment_notification_notify_author` filter (default still false)
* The code doesn't bail on comment-on-own-post detection, but just removes the author from the array
* The code instead now bails if the recipients list is empty, so `comment_notification_recipients` works properly

props ethitter.
fixes #25699

Built from https://develop.svn.wordpress.org/trunk@26367


git-svn-id: http://core.svn.wordpress.org/trunk@26268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-25 01:47:10 +00:00
Peter Westwood bca9252522 Deprecate the second argument for wp_notify_postauthor because it is unecessary. Fixes #17862 props scribu and wonderboymusic.
Built from https://develop.svn.wordpress.org/trunk@26358


git-svn-id: http://core.svn.wordpress.org/trunk@26259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-24 16:26:10 +00:00
Sergey Biryukov 12d10da7e6 Remove redundant cleanup of PHPMailer addresses in wp_mail().
props bananastalktome.
fixes #25789.
Built from https://develop.svn.wordpress.org/trunk@26121


git-svn-id: http://core.svn.wordpress.org/trunk@26033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 03:45:11 +00:00
Sergey Biryukov eae4e5936f Use case-insensitive comparison for email addresses. fixes #25779.
Built from https://develop.svn.wordpress.org/trunk@26115


git-svn-id: http://core.svn.wordpress.org/trunk@26027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 02:41:09 +00:00
Sergey Biryukov 9c3b98e6d3 Avoid PHP notices in wp_notify_postauthor() when using a custom comment type.
Use a switch statement for consistency with wp_notify_moderator().

fixes #25880.
Built from https://develop.svn.wordpress.org/trunk@26114


git-svn-id: http://core.svn.wordpress.org/trunk@26026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 02:32:10 +00:00
Sergey Biryukov 40391f4e37 Fall back to comment author email in get_avatar() if the user who left the comment no longer exists.
props mauryaratan, lite3.
fixes #25803.
Built from https://develop.svn.wordpress.org/trunk@26000


git-svn-id: http://core.svn.wordpress.org/trunk@25933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-02 12:20:11 +00:00
Andrew Nacin 70fd806759 Revert r25824:25875 from the core.svn.wordpress.org repository.
These commits were accidentally re-synced commits from develop.svn.wordpress.org due to a race condition. Thankfully, the history of this repository matters fairly little. It also happened only for trunk.


git-svn-id: http://core.svn.wordpress.org/trunk@25876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-25 02:29:52 +00:00
Andrew Nacin 8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Andrew Nacin 9c6a15ef8f Maintain the same output for get_avatar() as 3.6. see [25895].
Built from https://develop.svn.wordpress.org/trunk@25899


git-svn-id: http://core.svn.wordpress.org/trunk@25811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 19:32:09 +00:00
Andrew Nacin af4535596b Always escape URLs at the last possible moment.
Built from https://develop.svn.wordpress.org/trunk@25895


git-svn-id: http://core.svn.wordpress.org/trunk@25807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 18:52:11 +00:00
Andrew Nacin e2413462de Move the trim() from wp_set_password() to inside wp_hash_password().
props rpattillo, joehoyle.
fixes #24973. see #23494.

Built from https://develop.svn.wordpress.org/trunk@25709


git-svn-id: http://core.svn.wordpress.org/trunk@25623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-07 13:54:10 +00:00
Scott Taylor c2312dfe4c Use `elseif` when slurping the `nonce` in `check_ajax_referer()` to avoid accidentally overwriting it.
Fail wonderboymusic in [25433].
Props ocean90.
Fixes #25369.
See [25433].


Built from https://develop.svn.wordpress.org/trunk@25550


git-svn-id: http://core.svn.wordpress.org/trunk@25470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-21 16:26:12 +00:00
Scott Taylor 5df8338e0a Fix some undefined index notices related to Comment unit tests:
* There are several places where a `$_POST` index was unchecked before setting a variable
* In `wp_notify_postauthor()`, `$comment` was being returned null, but its properties were being accessed.
* In `check_ajax_referer()`, 3 different values can be checked for nonce on `$_REQUEST`, but only 1 had an `isset()`

See #25282.


Built from https://develop.svn.wordpress.org/trunk@25433


git-svn-id: http://core.svn.wordpress.org/trunk@25355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-13 22:18:08 +00:00
Andrew Nacin cf3fddde96 Validate referrers to prevent off-domain redirects.
Built from https://develop.svn.wordpress.org/trunk@25318


git-svn-id: http://core.svn.wordpress.org/trunk@25280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 18:07:10 +00:00
Andrew Nacin 9fdfa7ef5c Short descriptions for inline docs should end with a period, per the vast majority of core. see #25229.
Built from https://develop.svn.wordpress.org/trunk@25273


git-svn-id: http://core.svn.wordpress.org/trunk@25239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-06 01:38:09 +00:00
Sergey Biryukov 9769012244 Add phpdoc for 'wp_redirect' and 'wp_redirect_status' filters. props DrewAPicture. fixes #25215.
Built from https://develop.svn.wordpress.org/trunk@25230


git-svn-id: http://core.svn.wordpress.org/trunk@25200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-04 08:31:09 +00:00
Sergey Biryukov 6760d294bb Update phpdoc for get_user_to_edit(), get_userdata(), and get_user_by(). props tivnet. fixes #24992.
Built from https://develop.svn.wordpress.org/trunk@25204


git-svn-id: http://core.svn.wordpress.org/trunk@25176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-02 03:25:09 +00:00
Andrew Ozz 3c3ec6dd8c Logging in: when the Remember Me checkbox is checked, make sure the browser continues to send the expired cookies so the "login grace period" for POST and AJAX requests works. Fixes #24735.
Built from https://develop.svn.wordpress.org/trunk@25107


git-svn-id: http://core.svn.wordpress.org/trunk@25089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-23 21:27:08 +00:00
Sergey Biryukov 688ecb9fcc Use correct variable. see #22922.
Built from https://develop.svn.wordpress.org/trunk@25105


git-svn-id: http://core.svn.wordpress.org/trunk@25087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-23 20:57:11 +00:00
Andrew Nacin 0adcab1f7f Add filters to the recipients of emails sent by wp_notify_postauthor() and wp_notify_moderator().
The new filters are called comment_notification_recipients and comment_moderation_recipients.

Add the context of $comment_id to the comment_moderation_headers filter, to match the comment_notification_headers filter.

props chipbennett.
fixes #22922, #20353.


Built from https://develop.svn.wordpress.org/trunk@25104


git-svn-id: http://core.svn.wordpress.org/trunk@25086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-23 19:36:10 +00:00
Ryan Boren 26eb1dc6ee Return true from wp_redirect() when redirect successful. Update phpdoc.
Props tivnet
fixes #24969


git-svn-id: http://core.svn.wordpress.org/trunk@24996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-06 17:44:32 +00:00
Andrew Nacin 0f84b87380 Do not notify the post author about comments if they are no longer a member of the blog.
This updates [23294] to use capability checks to determine if the user can still edit a post, which works for super admins. Additionally, it hides Trash/Spam action links when the user is still a member of the blog but cannot (or can no longer) moderate the comment.

fixes #23136.



git-svn-id: http://core.svn.wordpress.org/trunk@24649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 22:01:12 +00:00
Sergey Biryukov 8655b33360 Make wp_mail() return the actual result of PHPMailer::Send() instead of always returning true. props chmac. fixes #23642.
git-svn-id: http://core.svn.wordpress.org/trunk@24530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-29 23:03:13 +00:00
Andrew Nacin e27d41d8e7 Add strict check to wp_verify_nonce() to avoid issues when it is improperly called.
git-svn-id: http://core.svn.wordpress.org/trunk@24461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 02:11:31 +00:00
Peter Westwood b85cb06509 Pluggable Auth: When setting new passwords for users trim any leading or trailing space to match what we do when we test passwords.
Fixes #23494


git-svn-id: http://core.svn.wordpress.org/trunk@23814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-27 14:15:13 +00:00
Mark Jaquith 576e487663 Minor revisions PHP reorg, code cleanup, restores _post_restored_from functionality.
props adamsilverstein. see #23497

git-svn-id: http://core.svn.wordpress.org/trunk@23811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-27 11:56:28 +00:00
Peter Westwood 9d6988a221 Revisions: UI Update.
* Refines the UI to make it clearer and easier to use
* Introduces weighted tickmarks
* Fixes comparison bugs.

See #23497 props adamsilverstein


git-svn-id: http://core.svn.wordpress.org/trunk@23769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-21 15:54:11 +00:00
Peter Westwood 51db623107 Revisions: Updates to the new Revisions UI.
Various Updates including:
 * i18n fixes
 * Added tracking of what revision ID was restored
 * async fetching of diffs so that slider works sooner even with many revisions

See #23497 props adamsilverstein, ethitter


git-svn-id: http://core.svn.wordpress.org/trunk@23639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-07 15:32:26 +00:00
Ryan Boren 6c14f1a116 Remove unnecessary stripslashes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 20:55:30 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Peter Westwood 9bd192fab3 Revisions: First pass an implementing a new UI/UX for reviewing the revisions of posts. See #23497 props adamsilverstein for the initial patch.
This implements a new revisions ui using Backbone and preserves all the old methods of "integration" so the change should be transparent to plugins using revisi
ons with CPTs.

This is the first pass and so there are a number of things still to be resolved, more details in the ticket. Feedback welcomed.


git-svn-id: http://core.svn.wordpress.org/trunk@23506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-28 15:14:34 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov 5f05d09dc2 Use a human-readable constant in wp_set_auth_cookie(). fixes #23372.
git-svn-id: http://core.svn.wordpress.org/trunk@23388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-06 03:44:43 +00:00
Mark Jaquith 2d6e677a03 Do not notify the post author about comments if they are no longer a member of the blog. props nickmomrick. fixes #23136
git-svn-id: http://core.svn.wordpress.org/trunk@23294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-08 04:03:16 +00:00
Mark Jaquith 3c0d96524c Move 'endif;' to its own line instead of having it room with a right curly brace. props dimadin. fixes #22586
git-svn-id: http://core.svn.wordpress.org/trunk@23228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-29 18:01:41 +00:00