The `user_login` field only allows 60 characters, and `user_nicename` allows
50. However, there are no protections in the interface, and few in the code,
that prevent the creation of users with values in excess of these limits. Prior
to recent changes in `$wpdb`, users were generally created anyway, MySQL
having performed the necessary truncation. More recently, the `INSERT`s and
`UPDATE`s simply fail, with no real feedback on the nature of the failure.
This changeset addresses the issue in a number of ways:
* On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length.
* In `wp_insert_user()`, throw an error if the value provided for `'user_login'` or `'user_nicename'` exceeds the maximum field length.
* In `wp_insert_user()`, when using `'user_login'` to generate a default value for `'user_nicename'`, ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc).
Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges.
Fixes#33793.
Built from https://develop.svn.wordpress.org/trunk@34218
git-svn-id: http://core.svn.wordpress.org/trunk@34182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.
Adds unit tests.
Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes#33654.
(Don't ask for new pluggables kthxbye)
Built from https://develop.svn.wordpress.org/trunk@34116
git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [32759], we adjusted `site-info.php` to display a single input for a site's full URL if the network was configured for subdomains. We also enforced path only editing for non-subdomain networks, which is a regression in expected behavior.
The full URL of a site can now be edited in both subdomain and subdirectory configurations.
Props @michaelryanmcneill.
Fixes#22383.
Built from https://develop.svn.wordpress.org/trunk@33586
git-svn-id: http://core.svn.wordpress.org/trunk@33553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Simplify URLs used for row actions to remove messaging and site domain/path.
* Use confirmation messaging from a managed list of actions when handling the request.
* Find the site address from the site ID rather than using information passed in the URL.
Fixes#32963.
Built from https://develop.svn.wordpress.org/trunk@33173
git-svn-id: http://core.svn.wordpress.org/trunk@33145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.
Props joedolson, afercia.
Fixes#31650.
Built from https://develop.svn.wordpress.org/trunk@32974
git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
We also need to set novalidate on the form due to some browsers rejecting valid email addresses containing an IDN. We should holistically investigate whether this is still an issue in any major browsers at some point.
props earnjam.
fixes#32643.
Built from https://develop.svn.wordpress.org/trunk@32774
git-svn-id: http://core.svn.wordpress.org/trunk@32745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Rather than provide a checkbox to update the `siteurl` and `home` options, we can make an educated decision based on the current state. If the home and/or siteurl domain and path match the existing domain and path of the site, then we update with the new information.
Also, while scheme is not stored in `wp_blogs` along with a site, the scheme of the `home` and `siteurl` options can now be modified via the Site URL setting in `site-info.php` when the `home` and/or `siteurl` options match the existing domain.
Props @hugobaeta, @earnjam, @jeremyfelt.
Fixes#32503, see #22383.
Built from https://develop.svn.wordpress.org/trunk@32760
git-svn-id: http://core.svn.wordpress.org/trunk@32731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a network is configured as subdomain, allow for the input of arbitrary domain and path combinations when editing a site rather than just the domain.
This takes a step or two toward #32503.
Props @scribu, @ericlewis, @jeremyfelt.
See #22383.
Built from https://develop.svn.wordpress.org/trunk@32759
git-svn-id: http://core.svn.wordpress.org/trunk@32730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.
props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes#31233. see #23367.
Built from https://develop.svn.wordpress.org/trunk@31973
git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the label just said "Posts", "Pages", or "Comments". This was bad in terms of accessibility and internationalization because of missing context.
This change adds a default label "Number of items per page:" to `WP_Screen->render_per_page_options()` and removes all the existing one-word labels.
props afercia.
fixes#31349, #15576.
Built from https://develop.svn.wordpress.org/trunk@31696
git-svn-id: http://core.svn.wordpress.org/trunk@31677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When deleting a user who is not associated with any sites, the current messaging can be confusing as only users associated with at least one site actually appear on the confirmation page for deletion.
This experience can be improved by showing all users being deleted as well as their current site associations.
* If an empty array of users is passed, don't attempt to confirm deletion.
* If one user is passed, show a message crafted for a user of one.
* If multiple users are passed, show a message crafted for many.
* Show the pending results of all users to be deleted.
* Update messaging around the deletion/confirmation process to be less misleading.
Props Idealien, HarishChaudhari, DrewAPicture.
Fixes#18132.
Built from https://develop.svn.wordpress.org/trunk@31656
git-svn-id: http://core.svn.wordpress.org/trunk@31637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add labels previously missing for many inputs throughout the network admin screen.
* Add proper `aria-describedby` attributes to provide better descriptions.
* Wrap grouped inputs with `fieldset` elements.
* Remove now unneeded `title` attributes when appropriate.
Props cfoellmann, afercia, rianrietveld.
Fixes#38406.
Built from https://develop.svn.wordpress.org/trunk@31517
git-svn-id: http://core.svn.wordpress.org/trunk@31498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When editing a site, if `home` and `siteurl` are checked to be updated along with a site's domain and path, they should receive the results of any modifications in `update_blog_details()` rather than trusting the POST data.
Previously, it was possible to save a value without a leading slash on the path, causing an invalid URL to be stored.
Props earnjam.
Fixes#30417.
Built from https://develop.svn.wordpress.org/trunk@31156
git-svn-id: http://core.svn.wordpress.org/trunk@31137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The language dropdown now includes installed languages and all available translations when the filesystem is writable by WordPress.
Go to wp-admin/options-general.php, select one of the available translations, submit the form and let WordPress handle the rest.
Works for Multisite's Default Language too.
see #29395.
Built from https://develop.svn.wordpress.org/trunk@30335
git-svn-id: http://core.svn.wordpress.org/trunk@30334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* The WPLANG constant is no longer needed. Remove define('WPLANG', ''); from wp-config-sample.php. Populate WPLANG option based on the WPLANG constant. When get_option('WPLANG') is an empty string it will override WPLANG.
* Introduce translations_api() which is available to communicate with the translation API. Move translation install related functions to a new file.
* Replace mu_dropdown_languages() with wp_dropdown_languages(). wp_dropdown_languages() is now populated by the translation API.
* Remove wp_install_load_language() and allow load_default_textdomain() to switch a core translation.
fixes#13069, #15677, #19760, #28730, #29281.
Built from https://develop.svn.wordpress.org/trunk@29630
git-svn-id: http://core.svn.wordpress.org/trunk@29404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `wp-activate.php` and `wp-admin/themes.php` don't need the closing PHP tag
* Switch single quotes for HTML attribute values to double in a few places
* Convert `include_once file.php` syntax to `include_once( 'file.php' )`
* Add access modifiers to methods/members in: `_WP_List_Table_Compat`, `Walker_Nav_Menu_Edit`, `Walker_Nav_Menu_Checklist`, `WP_Screen`, `Walker_Category_Checklist`
* `edit_user()` doesn't need to import the `$wpdb` global
* `wp_list_widgets()` doesn't need to import the `$sidebars_widgets` global
* switch/endswitch syntax is not supported in Hack
* A `<ul>` in `wp-admin/users.php` is unclosed
See #27881.
Built from https://develop.svn.wordpress.org/trunk@28500
git-svn-id: http://core.svn.wordpress.org/trunk@28326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If you want to use a Dashicon before an element you can use the class because it will not change the elements content styling. With that you don't need to copy the entire `.dashicons` styling to your :before styling anymore.
To demonstrate this change, Admin Menu now uses Dashicons classes directly.
And it fixes a glitch in IE.
fixes#26630.
Built from https://develop.svn.wordpress.org/trunk@27418
git-svn-id: http://core.svn.wordpress.org/trunk@27265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
JavaScript is rarely disabled, but graceful degradation is still important. For example, syntax errors can occur, usually with major WP updates that overhaul entire experiences and update external libraries combined with themes or plugins doing weird or old things. If this error is due to their current theme, a user needs to be able to access the themes screen to switch away from the theme. A more subtle issue could make things painful to diagnose.
This commit renders the grid in PHP (the template is duplicated, but it lightweight, fairly mundane, and easy to sync). On Backbone render, the grid is then re-rendered from JavaScript so searches can occur. Customize and Live Preview is disabled if JS fails to kick in. If JS is disabled, old-school "Preview" links are displayed.
No-Customizer support: The customizer is only supported when the browser supports postMessage (IE8+), and if the frontend is a different domain, CORS (IE10+). We use the .hide-if-no-customize class for this. Pre-customize "Preview" links should use .hide-if-customize.
The .load-customize class should be used to declare a link that opens the customizer. This enables customize-loader.js to intercept this link and load the customizer on top of the current window, making for a smoother experience.
fixes#25964.
Built from https://develop.svn.wordpress.org/trunk@26726
git-svn-id: http://core.svn.wordpress.org/trunk@26615 1a063a9b-81f0-0310-95a4-ce76da25c4cd