Load a language switcher on the login and registration screens that allows users to choose any already-installed language. Set user locale on registration.
Props johnbillion, Nikschavan, afercia, sabernhardt, garrett-eclipse, keyur5, paaljoachim, Clorith, tobifjellner.
Fixes#43700.
Built from https://develop.svn.wordpress.org/trunk@52058
git-svn-id: http://core.svn.wordpress.org/trunk@51650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Similar to the existing `role`/`role__in`/`role__not_in` query arguments, this adds support for three new query arguments in `WP_User_Query`:
* `capability`
* `capability__in`
* `capability__not_in`
These can be used to fetch users with (or without) a specific set of capabilities, for example to get all users
with the capability to edit a certain post type.
Under the hood, this will check all existing roles on the site and perform a `LIKE` query against the `capabilities` user meta field to find:
* all users with a role that has this capability
* all users with the capability being assigned directly
Note: In WordPress, not all capabilities are stored in the database. Capabilities can also be modified using filters like `map_meta_cap`. These new query arguments do NOT work for such capabilities.
The prime use case for capability queries is to get all "authors", i.e. users with the capability to edit a certain post type.
Until now, `'who' => 'authors'` was used for this, which relies on user levels. However, user levels were deprecated a long time ago and thus never added to custom roles. This led to constant frustration due to users with custom roles missing from places like author dropdowns.
This updates any usage of `'who' => 'authors'` in core to use capability queries instead.
Subsequently, `'who' => 'authors'` queries are being **deprecated** in favor of these new query arguments.
Also adds a new `capabilities` parameter (mapping to `capability__in` in `WP_User_Query`) to the REST API users controller.
Also updates `twentyfourteen_list_authors()` in Twenty Fourteen to make use of this new functionality, adding a new `twentyfourteen_list_authors_query_args` filter to make it easier to override this behavior.
Props scribu, lgladdly, boonebgorges, spacedmonkey, peterwilsoncc, SergeyBiryukov, swissspidy.
Fixes#16841.
Built from https://develop.svn.wordpress.org/trunk@51943
git-svn-id: http://core.svn.wordpress.org/trunk@51532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows custom user meta values to be provided when creating or updating a user in the same way custom post meta can be provided to `wp_insert_post()` when creating or updating a post.
Also introduces the `insert_custom_user_meta` to filter these values.
Props desrosj, donmhico
Fixes#41950
Built from https://develop.svn.wordpress.org/trunk@51738
git-svn-id: http://core.svn.wordpress.org/trunk@51346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Typo corrections in filter descriptions.
- DocBlocks are now now wrapped to the next line after 80 characters, and not extending beyond 120 total characters wide.
- Remove unnecessary repeated references to the suggested replacement hooks.
- Adjustments to the indentation for consistency with other emails in Core, allowing the `phpcs:ignore` comment to be removed.
Props SergeyBiryukov.
Fixes#44314.
Built from https://develop.svn.wordpress.org/trunk@51410
git-svn-id: http://core.svn.wordpress.org/trunk@51021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filters `user_confirmed_action_email_content`, `user_erasure_complete_email_subject`, and `user_erasure_complete_email_headers` have been deprecated.
They have been replaced with `user_erasure_fulfillment_email_content`, `user_erasure_fulfillment_email_subject`, and `user_erasure_fulfillment_email_headers`.
Props desrosj, garrett-eclipse, birgire, DrewAPicture, lifeforceinst, ocean90, pbiron, pento, coffee2code, TZ-Media, SergeyBiryukov, johnbillion, audrasjb, davidbaumwald, hellofromTonya, helen, xkon, antpb, peterwilsoncc, lukecarbis.
Fixes#44314.
Built from https://develop.svn.wordpress.org/trunk@51129
git-svn-id: http://core.svn.wordpress.org/trunk@50738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new parameter to the action and filter hooks found in `wp_insert_user()` to pass the raw user data received through `$userdata` to hooked functions.
This will allow hooked functions to perform more contextual adjustments to new users, and makes supplying custom user meta fields possible.
Props johnbillion, audrasjb.
Fixes#53110.
Built from https://develop.svn.wordpress.org/trunk@51005
git-svn-id: http://core.svn.wordpress.org/trunk@50614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `update_user_option()` function is a way to update a user meta value after adding a blog’s prefix to the beginning of the meta key. But when the fourth parameter is `true`, the behavior is exactly the same as calling `update_user_meta()` directly.
This replaces all instances of `update_user_option()` when the fourth parameter is `true` in Core with a direct call to `update_user_meta()` to prevent an unnecessary call to `update_user_option()`.
Props johnjamesjacoby, zkancs, obenland, desrosj.
Fixes#43339.
Built from https://develop.svn.wordpress.org/trunk@50981
git-svn-id: http://core.svn.wordpress.org/trunk@50590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, these properties could be unexpectedly converted to strings in some contexts.
This applies to the following functions:
* `sanitize_post_field()`
* `sanitize_term_field()`
* `sanitize_user_field()`
and the following properties:
* `WP_Post::ID`
* `WP_Post::post_parent`
* `WP_Post::menu_order`
* `WP_Term::term_id`
* `WP_Term::term_taxonomy_id`
* `WP_Term::parent`
* `WP_Term::count`
* `WP_Term::term_group`
* `WP_User::ID`
Props grantmkin, SergeyBiryukov.
Fixes#53235. See #52995.
Built from https://develop.svn.wordpress.org/trunk@50935
git-svn-id: http://core.svn.wordpress.org/trunk@50544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Share the `WP_User` instance for the current user between the functions `get_userdata()` and `wp_get_current_user()`. Both functions return the `$current_user` global for the current user.
Force refresh the `$current_user` global within `clean_user_cache()` by immediately re-calling `wp_set_current_user()` with the current user's ID. This ensures any changes to the current user's permissions or other settings are reflected in the global. As a side-effect this immediately rewarms the current user's cache.
Props chaion07, chriscct7, donmhico, hellofromtonya, lukecarbis, peterwilsoncc, rmccue, TimothyBlynJacobs.
Fixes#28020.
Built from https://develop.svn.wordpress.org/trunk@50790
git-svn-id: http://core.svn.wordpress.org/trunk@50399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[48658] documented that various metadata functions return false for an invalid ID. However, that does not clarify what an invalid ID is: a non-numeric, zero, or negative value. This change adds the clarification in all relevant metadata function docblocks.
Props icopydoc, SergeyBiryukov, davidkryzaniak, audrasjb.
Fixes#51797.
Built from https://develop.svn.wordpress.org/trunk@50641
git-svn-id: http://core.svn.wordpress.org/trunk@50253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a form option to skip the admin email alert when exporting personal data.
Props xkon, azaozz, TZ-Media, iandunn, desrosj, iprg, allendav, wesselvandenberg, karmatosed, birgire, davidbaumwald, estelaris, paaljoachim, hellofromTonya.
Fixes#43890.
Built from https://develop.svn.wordpress.org/trunk@50159
git-svn-id: http://core.svn.wordpress.org/trunk@49838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the username was checked which caused a PHP warning in some server setups, for instance Shibboleth SSO, where the server only populates the `PHP_AUTH_USER` field.
Props MadtownLems, johnbillion, richard.tape, engahmeds3ed.
Fixes#52003.
Built from https://develop.svn.wordpress.org/trunk@49919
git-svn-id: http://core.svn.wordpress.org/trunk@49618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.
Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.
Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.
Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Fixes#51939.
Built from https://develop.svn.wordpress.org/trunk@49752
git-svn-id: http://core.svn.wordpress.org/trunk@49475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously App Passwords used a mix of "enabled" and "available". We've now standardized on using "available".
Additionally, we now use a 501 status code when indicating that App Passwords is not available.
Props SergeyBiryukov, ocean90, TimothyBlynJacobs.
Fixes#51513.
Built from https://develop.svn.wordpress.org/trunk@49617
git-svn-id: http://core.svn.wordpress.org/trunk@49355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filter is the callback function added with `add_filter()`, therefore the hook passes a value to the filter, and the filter returns a value to change its behaviour.
The documentation is referring to the latter.
Props johnbillion.
See #49572, #16557.
Built from https://develop.svn.wordpress.org/trunk@48185
git-svn-id: http://core.svn.wordpress.org/trunk@47954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes#50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48115
git-svn-id: http://core.svn.wordpress.org/trunk@47884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For a number of years, most of the WordPress error messages have been prefixed with "Error:". However, these messages appear in a context where it's already clear an error occurred. Whether it's an error, a warning, or any other classification, that's not so relevant for users. The content of the message is the relevant part. The "Error:" prefix doesn't add great value while it does add unnecessary complexity for the message readability.
Also, revises some of these messages to improve clarity and removes HTML from translatable strings.
Props garrett-eclipse, ramiy, SergeyBiryukov, afercia, sabernhardt, quadthemes, audrasjb.
See #47003, #43037, #42945, #15887.
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48059
git-svn-id: http://core.svn.wordpress.org/trunk@47826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The value is used by the WordPress Events and News widget to show relevant WP community events.
The location information may include an IP address, location description, and latitude/longitude coordinates.
Props garrett-eclipse, coreymckrill, xkon.
Fixes#43921.
Built from https://develop.svn.wordpress.org/trunk@47236
git-svn-id: http://core.svn.wordpress.org/trunk@47036 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allows a login to have an apostorphe. Which would normally be created as a mistake, but this allows the login to happen.
Fixes#38744
Props wpkuf, desrosj, socalchristina, bibliofille, santilinwp, nsubugak, sncoker, cafenoirdesign, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@46640
git-svn-id: http://core.svn.wordpress.org/trunk@46440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- explicitly informs users they can use their email to log in as an alternative to their username and vice-versa
- shows the `Lost your password?` link only when an wrong password has been entered
- uses a more appropriate copy by changing "invalid" to "unknown"
- removes the all caps `ERROR`
Props subrataemfluence, zalak151291, ryokuhi, SergeyBiryukov, audrasjb, joedolson, marybaum, ramiy, markjaquith, chanthaboune, afercia.
Fixes#43037.
Built from https://develop.svn.wordpress.org/trunk@46417
git-svn-id: http://core.svn.wordpress.org/trunk@46215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Hook documentation should be on the line directly above the line containing the `do_action()` or `apply_filters()` call. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of duplicate hook references.
Includes minor code layout fixes.
See #47110.
Built from https://develop.svn.wordpress.org/trunk@46088
git-svn-id: http://core.svn.wordpress.org/trunk@45900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
Built from https://develop.svn.wordpress.org/trunk@45926
git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd