Commit Graph

336 Commits

Author SHA1 Message Date
Felix Arntz f704fc808a Multisite: Handle capability check for removing oneself via `map_meta_cap()`.
Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from `wp-admin/users.php` to `remove_user_from_blog()` via the `remove_user` capability, which furthermore allows us to get rid of two additional clauses and their `is_super_admin()` checks in `wp-admin/users.php`. A unit test for the new behavior has been added.

Fixes #39063. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39588


git-svn-id: http://core.svn.wordpress.org/trunk@39528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 21:42:42 +00:00
Andrea Fercia 87882d0463 Accessibility: Remove inappropriate content from the Users screen heading.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39534


git-svn-id: http://core.svn.wordpress.org/trunk@39474 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 18:29:38 +00:00
Sergey Biryukov dca7d8d0ea Text Changes: Merge strings referring to `list_users` capability.
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39312


git-svn-id: http://core.svn.wordpress.org/trunk@39252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 02:16:30 +00:00
Sergey Biryukov b1ed607578 Text Changes: Merge and clarify some permission error strings in the admin.
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39308


git-svn-id: http://core.svn.wordpress.org/trunk@39248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:38:31 +00:00
Sergey Biryukov a7af7c89a4 Text Changes: Unify permission error messages in `wp-admin/users.php`.
Props ramiy.
Fixes #38804.
Built from https://develop.svn.wordpress.org/trunk@39258


git-svn-id: http://core.svn.wordpress.org/trunk@39198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 22:25:30 +00:00
John Blackbourn bc5c87710e Administration: Standardise the docblocks for the `handle_bulk_actions-*` filters.
Props ericlewis, Veraxus
Fixes #16031

Built from https://develop.svn.wordpress.org/trunk@38958


git-svn-id: http://core.svn.wordpress.org/trunk@38901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 14:45:29 +00:00
Andrea Fercia 2eda436430 Accessibility: Remove target=_blank from the Users and Widgets screens help tabs links.
Stop taking control of users' browsers.

Props rianrietveld.
Fixes #38217. See #23432.

Built from https://develop.svn.wordpress.org/trunk@38723


git-svn-id: http://core.svn.wordpress.org/trunk@38666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-04 07:10:31 +00:00
Sergey Biryukov ee109482db Text Changes: Unify two more permission error messages.
Props ramiy.
Fixes #38158. See #34521.
Built from https://develop.svn.wordpress.org/trunk@38666


git-svn-id: http://core.svn.wordpress.org/trunk@38609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-28 00:17:28 +00:00
Eric Lewis d27606936b Allow custom bulk actions in admin list tables.
Bulk action filtering was introduced in 3.1, but only to remove default bulk actions, not add new ones.

Bulk actions can now be registered for all admin list table dropdowns via the `bulk_actions-{get_current_screen()->id}` filter. Handling custom bulk actions can be performed in the corresponding and newly introduced `handle_bulk_actions-${get_current_screen()->id}` filter.

Props scribu, flixos90, Veraxus.
See #16031.


Built from https://develop.svn.wordpress.org/trunk@38647


git-svn-id: http://core.svn.wordpress.org/trunk@38590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-23 20:33:30 +00:00
Dominik Schilling 25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Andrea Fercia d01b200e6e Accessibility: Help text improvements.
Avoid references to "visual" positions in favour of positions in the document
structure. The help text shouldn't assume users can see.

Also, in the Posts screen don't mention specific types of posts and use a more
generic text instead.

Props odysseygate, pansotdev, zakb8.
Fixes #34761.
Built from https://develop.svn.wordpress.org/trunk@37680


git-svn-id: http://core.svn.wordpress.org/trunk@37646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 21:43:29 +00:00
Sergey Biryukov 90c7ce63d9 Use `admin_url()` for "Add New" links in `wp-admin/users.php`.
Props johnjamesjacoby.
Fixes #36186.
Built from https://develop.svn.wordpress.org/trunk@36902


git-svn-id: http://core.svn.wordpress.org/trunk@36870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-09 19:09:50 +00:00
Drew Jaynes 54ab5fa68c Users: Pass the array of user IDs being deleted to the `delete_user_form` action hook in two places.
Also updates documentation for the first parameter, `$current_user`, to clarify that it holds the `WP_User` object for the _current_ user, not the one being deleted.

Props usermrpapa.
Fixes #35063. 

Built from https://develop.svn.wordpress.org/trunk@36640


git-svn-id: http://core.svn.wordpress.org/trunk@36607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 17:42:27 +00:00
Dominik Schilling e512f158df Add translators comments to wp-admin/users.php.
Props ramiy.
Fixes #35885.
Built from https://develop.svn.wordpress.org/trunk@36621


git-svn-id: http://core.svn.wordpress.org/trunk@36588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 00:05:28 +00:00
Pascal Birchler aaa11d6207 Allow searching for `0` throughout the admin.
Fixes #31025.
Built from https://develop.svn.wordpress.org/trunk@36302


git-svn-id: http://core.svn.wordpress.org/trunk@36269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-14 20:06:25 +00:00
Dion Hulse 04bca9732b Users: When determining whether to show the reassign content option during user delete, don't rely upon `WP_Query` as it doesn't return all forms of content `wp_delete_user()` operates on.
This restores the reassign form when a user has a non-public post type or links assigned to them.

Props swissspidy & tharsheblows for initial patches.
Fixes #34993 for trunk.

Built from https://develop.svn.wordpress.org/trunk@36068


git-svn-id: http://core.svn.wordpress.org/trunk@36033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-23 04:46:28 +00:00
Boone Gorges 714be37ea5 Show user_login in Dashboard user dropdowns.
User dropdowns in wp-admin have traditionally shown the users' display names.
However, this causes ambiguity when users share display names. To correct this,
we now show the unique user_login in parentheses after the display name.

The new `display_name_with_login` value for the `show` parameter of
`wp_dropdown_users()` enables this functionality. The default value of `show`
has not been changed, for backward compatibility, but all instances of
`wp_dropdown_users()` in core wp-admin have been switched.

This changeset also reduces some duplicated logic when assembling a user list
when `include_selected` is true.

Props krogsgard, boonebgorges.
Fixes #31251.
Built from https://develop.svn.wordpress.org/trunk@35790


git-svn-id: http://core.svn.wordpress.org/trunk@35754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 20:57:26 +00:00
Drew Jaynes efdc838019 Docs: Add a missing version to the file header for wp-admin/users.php.
See #33701.

Built from https://develop.svn.wordpress.org/trunk@35558


git-svn-id: http://core.svn.wordpress.org/trunk@35522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-06 21:54:33 +00:00
Helen Hou-Sandí f3107e5842 Make some primary action buttons look primary.
* User deletion/removal
* Site status change (multisite)
* Network upgrade
* Import file upload
* Media browser upload

props Dezzy for the initial patch.
fixes #23738.

Built from https://develop.svn.wordpress.org/trunk@35182


git-svn-id: http://core.svn.wordpress.org/trunk@35148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-15 03:08:24 +00:00
Scott Taylor 0c2b2a0e3d List Tables/WP_Screen: in `WP_Screen`, add methods to store, retrieve, and render screen reader text, primarily used by list table screens.
These additions are based on an audit and recommendations by the Accessibility team. #a11y'all

Props afercia.
Fixes #32147.

Built from https://develop.svn.wordpress.org/trunk@34891


git-svn-id: http://core.svn.wordpress.org/trunk@34856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 01:28:25 +00:00
Scott Taylor f78170934a Users List Table: show the "Change role to" dropdown on the top and bottom. Currently only shows on top.
See #27743.

Built from https://develop.svn.wordpress.org/trunk@34636


git-svn-id: http://core.svn.wordpress.org/trunk@34600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-27 19:11:26 +00:00
Drew Jaynes 35246a957f Docs: The User API is singular.
See #33701.

Built from https://develop.svn.wordpress.org/trunk@34393


git-svn-id: http://core.svn.wordpress.org/trunk@34357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 12:31:26 +00:00
Scott Taylor 49b8ccec79 When deleting via User List Table, don't prompt for re-attribution if the user(s) do(es) not have any posts.
Props rajnikmit, wojtek.szkutnik, benjmay, wonderboymusic.
Fixes #6405. 

Built from https://develop.svn.wordpress.org/trunk@34000


git-svn-id: http://core.svn.wordpress.org/trunk@33969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 16:47:24 +00:00
Sergey Biryukov bc8af88903 Provide more helpful feedback than just "Cheatin' uh?" for permission errors in `wp-admin/network/site-users.php`.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33683. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33888


git-svn-id: http://core.svn.wordpress.org/trunk@33857 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 09:03:24 +00:00
Sergey Biryukov ce05b02a59 Provide more helpful feedback than just "Cheatin' uh?" for permission errors in `wp-admin/users.php`.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33679. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33885


git-svn-id: http://core.svn.wordpress.org/trunk@33854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 08:54:24 +00:00
Sergey Biryukov a883227772 Multisite: Introduce a singular string for user removal (we already have one for deletion).
props pavelevap.
fixes #32387.
Built from https://develop.svn.wordpress.org/trunk@33434


git-svn-id: http://core.svn.wordpress.org/trunk@33401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-26 23:19:24 +00:00
Konstantin Obenland bd974d7bf2 Use a less element-specific class name for links within page titles.
After [32974] these links are no longer within an `h2`, making the class name
inaccurate. `add-new-h1` has the potential to expose the same problem for in a
possible future change.

Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@33067


git-svn-id: http://core.svn.wordpress.org/trunk@33038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-03 16:42:24 +00:00
Konstantin Obenland 7dc1d06e64 Proper heading for admin screens.
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.

Props joedolson, afercia.
Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@32974


git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 15:41:25 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Helen Hou-Sandí d85f8fe326 Admin notices: Make (most) core notices dismissible.
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.

props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes #31233. see #23367.

Built from https://develop.svn.wordpress.org/trunk@31973


git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 22:06:28 +00:00
Sergey Biryukov 36643388ef Decouple strings where the singular and plural form are not just the same string with different numbers, but essentially two different strings.
This allows for using proper plural forms in languages with more than two forms, and also resolves string conflicts when the same string is present in both singular and plural form.

fixes #28502.
Built from https://develop.svn.wordpress.org/trunk@31941


git-svn-id: http://core.svn.wordpress.org/trunk@31920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-31 18:45:28 +00:00
Dominik Schilling 13ad2d4e16 Screen Options: Improve items per page option label.
Previously the label just said "Posts", "Pages", or "Comments". This was bad in terms of accessibility and internationalization because of missing context.
This change adds a default label "Number of items per page:" to `WP_Screen->render_per_page_options()` and removes all the existing one-word labels.

props afercia.
fixes #31349, #15576.
Built from https://develop.svn.wordpress.org/trunk@31696


git-svn-id: http://core.svn.wordpress.org/trunk@31677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-10 15:32:27 +00:00
Scott Taylor 7f8b548df1 In HTML5, the `action` attribute is no longer required. Remove this attribute when empty.
The admin HTML is served with the HTML5 doctype.

"The action and formaction content attributes, if specified, must have a value that is a valid non-empty URL potentially surrounded by spaces." 
http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fs-action

Props voldemortensen.
Fixes #30126.

Built from https://develop.svn.wordpress.org/trunk@31200


git-svn-id: http://core.svn.wordpress.org/trunk@31181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 04:16:24 +00:00
John Blackbourn d88ed475b0 Switch to a `403` response code in places where it is more appropriate than a `500` due to permissions errors.
Fixes #10551
Props nacin

Built from https://develop.svn.wordpress.org/trunk@30356


git-svn-id: http://core.svn.wordpress.org/trunk@30355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:16:22 +00:00
Andrew Nacin f7392ef917 Pinking shears.
Built from https://develop.svn.wordpress.org/trunk@29707


git-svn-id: http://core.svn.wordpress.org/trunk@29481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-04 15:23:16 +00:00
Scott Taylor 9f1eb2b13e Add new action 'delete_user_form' in `wp-admin/users.php` and `wp-admin/network/users.php`.
Props SergeyBiryukov, usermrpapa.
Fixes #27230.

Built from https://develop.svn.wordpress.org/trunk@28885


git-svn-id: http://core.svn.wordpress.org/trunk@28684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-28 04:43:16 +00:00
Scott Taylor 2f513d3320 Fix some `hackificator` odds and ends in `wp-admin`:
* `wp-activate.php` and `wp-admin/themes.php` don't need the closing PHP tag
* Switch single quotes for HTML attribute values to double in a few places
* Convert `include_once file.php` syntax to `include_once( 'file.php' )`
* Add access modifiers to methods/members in: `_WP_List_Table_Compat`, `Walker_Nav_Menu_Edit`, `Walker_Nav_Menu_Checklist`, `WP_Screen`, `Walker_Category_Checklist`
* `edit_user()` doesn't need to import the `$wpdb` global
* `wp_list_widgets()` doesn't need to import the `$sidebars_widgets` global
* switch/endswitch syntax is not supported in Hack
* A `<ul>` in `wp-admin/users.php` is unclosed

See #27881.

Built from https://develop.svn.wordpress.org/trunk@28500


git-svn-id: http://core.svn.wordpress.org/trunk@28326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 05:04:16 +00:00
Scott Taylor 5f27d149a3 In `wp-admin/users.php`, `break` is unreachabled after `exit`.
See #27882.

Built from https://develop.svn.wordpress.org/trunk@28315


git-svn-id: http://core.svn.wordpress.org/trunk@28143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-06 18:19:14 +00:00
Helen Hou-Sandí 84946c75e3 Indicate that the user deletion process affects all content attributed to a given user, not just posts. props seanchayes. fixes #26709.
Built from https://develop.svn.wordpress.org/trunk@27416


git-svn-id: http://core.svn.wordpress.org/trunk@27263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-05 19:20:14 +00:00
Andrew Nacin 0c16c0477b Reference https://wordpress.org rather than http://wordpress.org in strings, links, comments, etc.
props Ipstenu, markjaquith.
see #27115.

Built from https://develop.svn.wordpress.org/trunk@27369


git-svn-id: http://core.svn.wordpress.org/trunk@27219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-03 02:34:27 +00:00
Andrew Ozz 8d6059b383 Remove all screen_icon() calls and deprecate the functions, props TobiasBg, fixes #26119
Built from https://develop.svn.wordpress.org/trunk@26518


git-svn-id: http://core.svn.wordpress.org/trunk@26411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-02 03:53:11 +00:00
Andrew Nacin fd57b239d2 Don't rely on include_path to include files.
Always use dirname() or, once available, ABSPATH.

props ketwaroo, hakre.
fixes #17092.

Built from https://develop.svn.wordpress.org/trunk@25616


git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Ryan Boren 15a06a35ab Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: http://core.svn.wordpress.org/trunk@23591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 16:30:38 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov 6cb5f510b8 Select "Attribute all posts to..." radio button automatically when selecting a username from the dropdown. fixes #23224.
git-svn-id: http://core.svn.wordpress.org/trunk@23366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-01 18:43:23 +00:00
Peter Westwood ae48899878 i18n: Fix the usage of sprintf replacements in the user management admin page. See #22260.
git-svn-id: http://core.svn.wordpress.org/trunk@22273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-23 11:32:41 +00:00
Andrew Nacin e3d18dc0fc Force the user to explicitly choose between content deletion and reassignment when deleting users. props Dan Rivera, Ben Brooks, GhostToast. fixes #20045.
git-svn-id: http://core.svn.wordpress.org/trunk@22166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-10 14:07:59 +00:00
Andrew Nacin 84c3a86036 Hide the link manager from the UI on upgrade, if the site has no links. New DB option, link_manager_enabled.
Enforce this by denying the 'manage_links' capability, which hides the All Links, Add New Link, and Link Categories screens. Hide WP_Widget_Links and the UI for the default_link_category as well.

Convert all references to 'posts and links' when handling reassignment on user deletion to just 'posts'.

see #21307.



git-svn-id: http://core.svn.wordpress.org/trunk@21501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-13 16:18:42 +00:00
nacin 7127ed1197 Move most instances of new WP_User to get_userdata(). see #21120.
git-svn-id: http://core.svn.wordpress.org/trunk@21413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-03 01:06:05 +00:00