Commit Graph

340 Commits

Author SHA1 Message Date
whyisjake 8cf894710b App Passwords: Extract Basic Auth check into a reusable filterable function.
In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.

This commit extracts the Basic Auth check into a reusable function, wp_is_site_protected_by_basic_auth(), which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.

In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a WWW-Authenticate header to make this detection more robust out of the box.

This brings the changes from [50006] to the 5.6 branch.

Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.

Fixes #52066.

Built from https://develop.svn.wordpress.org/branches/5.6@50044


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-28 00:28:58 +00:00
Helen Hou-Sandí 1fc7b75913 App Passwords: Prevent conflicts when Basic Auth is already used by the site.
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.

Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.

Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.

Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Reviewed by TimothyBlynJacobs, helen.
Merges [49752] to the 5.6 branch.
Fixes #51939.

Built from https://develop.svn.wordpress.org/branches/5.6@49754


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-04 21:48:03 +00:00
TimothyBlynJacobs 5ee48d6915 App Passwords: MOAR accessibility improvements.
Corrects the "Application Name" field's aria-describedby attribute and makes the description visible.

Props alexstine, SergeyBiryukov.
Fixes #51580.

Built from https://develop.svn.wordpress.org/trunk@49573


git-svn-id: http://core.svn.wordpress.org/trunk@49311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-12 18:14:08 +00:00
Sergey Biryukov 3a1265e188 I18N: Add trailing punctuation to some translator comments.
Follow-up to [49549].

See #51580.
Built from https://develop.svn.wordpress.org/trunk@49562


git-svn-id: http://core.svn.wordpress.org/trunk@49300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-11 10:41:07 +00:00
TimothyBlynJacobs 74969e7fbe App Passwords: Further accessibility improvements.
- Add a label to the readonly password input.
- Handle focus loss after revoking app passwords.
- Handle focus loss after dismissing notices.
- Mark app name as `aria-required`.
- Use `aria-label` for detailed revoke button text instead of `title`.
- Use `-1` for `tabindex` instead of `0`.

Props alexstine, afercia, sabernhardt, audrasjb, joedolson, TimothyBlynJacobs.
Fixes #51580.

Built from https://develop.svn.wordpress.org/trunk@49549


git-svn-id: http://core.svn.wordpress.org/trunk@49287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-09 18:05:08 +00:00
Sergey Biryukov a2d42351c5 Text Changes: Unify various "Back to..." vs. "Return to..." vs. "Go to..." strings.
Standardize on "Go to..." as a more appropriate option for most cases.

Props garrett-eclipse, kharisblank, audrasjb, ramiy, valentinbora.
Fixes #47235.
Built from https://develop.svn.wordpress.org/trunk@49539


git-svn-id: http://core.svn.wordpress.org/trunk@49277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-09 10:53:10 +00:00
Adam Silverstein 25918dd10b Users: Password generation - restore "Cancel" aria label after r49248.
Restore the "Cancel" button aria label to "Cancel password change" after it was inadvertently changed in r49248.

Props SergeyBiryukov.
Fixes #42852.


Built from https://develop.svn.wordpress.org/trunk@49392


git-svn-id: http://core.svn.wordpress.org/trunk@49151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 18:43:06 +00:00
TimothyBlynJacobs f6d39d1c51 App Passwords: Improve accessibility.
- Make form inputs stacked instead of inline.
- Provide a visible label for the app name.
- Add screen reader text to dismiss button.
- Make "Revoke" button label more descriptive.
- Use aria-disabled instead of disabled to avoid focus loss.
- Display password in a readonly input to assist copy and paste.
- Remove large sections of italic text.
- Use `.form-wrap` and `.form-field` to give consistent form styling.
- Improve labeling and placeholder text.

Props alexstine, georgestephanis, afercia, TimothyBlynJacobs.
Fixes #51580.

Built from https://develop.svn.wordpress.org/trunk@49294


git-svn-id: http://core.svn.wordpress.org/trunk@49056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-24 03:34:06 +00:00
Sergey Biryukov 298cd04a63 Coding Standards: Update some alignment in `wp-admin/authorize-application.php` for consistency.
Save blogs count to a variable for reusing.

Follow-up to [49270].

See #51489.
Built from https://develop.svn.wordpress.org/trunk@49282


git-svn-id: http://core.svn.wordpress.org/trunk@49042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-23 01:19:06 +00:00
TimothyBlynJacobs 85c49351af App Passwords: Explain that apps can access to all sites in a network.
Props georgestephanis, spacedmonkey, johnjamesjacoby, SergeyBiryukov, marybaum.
Fixes #51489.

Built from https://develop.svn.wordpress.org/trunk@49270


git-svn-id: http://core.svn.wordpress.org/trunk@49032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-22 02:36:11 +00:00
Adam Silverstein b789b4ae11 Coding Standards: Fix WPCS issues in [49248].
See #42852.

Built from https://develop.svn.wordpress.org/trunk@49251


git-svn-id: http://core.svn.wordpress.org/trunk@49013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 19:07:10 +00:00
Adam Silverstein daa977c495 Users: improve password generation feature.
On the user edit screen improve handling and clarify language: rename the "Generate Password" and "Show password" buttons to "Set New Password". Clicking it always generates a password. Also: improve inline code comments and descriptions.

Props afercia, bookdude13, michaelarestad, pento.
Fixes #42852.


Built from https://develop.svn.wordpress.org/trunk@49248


git-svn-id: http://core.svn.wordpress.org/trunk@49010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 18:27:13 +00:00
TimothyBlynJacobs d5ebe12f11 REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.

This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.

Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.

Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.

Built from https://develop.svn.wordpress.org/trunk@49109


git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 22:14:06 +00:00
Sergey Biryukov 7932193708 Coding Standards: Use strict comparison where static strings are involved.
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47808


git-svn-id: http://core.svn.wordpress.org/trunk@47584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-16 18:42:12 +00:00
Sergey Biryukov 71dea21c5f Users: Change "Your Profile" and "My Profile" links in admin menu and toolbar to just "Profile" for consistency.
Props donmhico, bcworkz, seanchayes, mikeschroder, garrett-eclipse, akhileshsabharwal, ScottSmith, nacin, jenmylo, afercia, swissspidy, felix-edelmann, helen, melchoyce, karmatosed.
Fixes #26769.
Built from https://develop.svn.wordpress.org/trunk@47600


git-svn-id: http://core.svn.wordpress.org/trunk@47375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-20 08:39:06 +00:00
Sergey Biryukov 38676936ba Coding Standards: Use strict type check for `in_array()` and `array_search()` where strings are involved.
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47550


git-svn-id: http://core.svn.wordpress.org/trunk@47325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-05 03:02:11 +00:00
Sergey Biryukov 47ed56f38f Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant.
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.

This commit also includes:

* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
 * `wp-admin/admin-header.php`
 * `wp-admin/admin-footer.php`
 * `wp-includes/version.php`

Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes #48082.
Built from https://develop.svn.wordpress.org/trunk@47198


git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-06 06:33:11 +00:00
Sergey Biryukov 4f67024da6 Administration: Add punctuation to "If you change this, we will send you an email" message on General Settings, Network Settings, and Profile screens.
Props kinjaldalwadi, donmhico.
Fixes #49235.
Built from https://develop.svn.wordpress.org/trunk@47143


git-svn-id: http://core.svn.wordpress.org/trunk@46943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-31 00:28:04 +00:00
Sergey Biryukov 001ffe81fb Docs: Improve inline comments per the documentation standards.
Includes minor code layout fixes for better readability.

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47122


git-svn-id: http://core.svn.wordpress.org/trunk@46922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 00:45:18 +00:00
Sergey Biryukov 63fefb540a Users: Use correct variable when displaying the Additional Capabilities list in user profile.
Addresses a regression in [45926].

Props wpgurudev, aravindajith, anantajitjg, davidbaumwald.
Fixes #48725.
Built from https://develop.svn.wordpress.org/trunk@46782


git-svn-id: http://core.svn.wordpress.org/trunk@46582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-11-25 14:01:03 +00:00
Sergey Biryukov e199663322 I18N: Capitalize translator comments consistently, add trailing punctuation.
Includes minor code layout fixes.

See #44360.
Built from https://develop.svn.wordpress.org/trunk@45932


git-svn-id: http://core.svn.wordpress.org/trunk@45743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-03 00:41:05 +00:00
Sergey Biryukov 16b8d91baa I18N: Improve translator comments.
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.

Includes minor code layout fixes.

Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!

Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes #44360.
Built from https://develop.svn.wordpress.org/trunk@45926


git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-01 17:13:59 +00:00
Sergey Biryukov 98642b4821 Users: Use case-insensitive email address comparison when checking whether "Grant this user super admin privileges" checkbox should be displayed on Edit User screen.
Props trepmal.
Fixes #47119.
Built from https://develop.svn.wordpress.org/trunk@45698


git-svn-id: http://core.svn.wordpress.org/trunk@45509 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-28 17:42:55 +00:00
Sergey Biryukov 8e85299a00 General: First pass at replacing Codex URLs with a corresponding HelpHub or DevHub article.
Props ianbelanger, tobifjellner, SergeyBiryukov.
See #47771.
Built from https://develop.svn.wordpress.org/trunk@45674


git-svn-id: http://core.svn.wordpress.org/trunk@45485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-25 22:45:57 +00:00
Gary Pendergast cf3fa9f7c8 Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in `wp-admin`.
See #47632.


Built from https://develop.svn.wordpress.org/trunk@45583


git-svn-id: http://core.svn.wordpress.org/trunk@45394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-01 12:52:01 +00:00
Andrea Fercia 48d9d94881 Accessibility: Improve settings tables and forms after [45403].
- adds `role="presentation"` to the edit comment table 
- removes a few pointless `<fieldset>` elements
- adds a few missing `<label>` elements
- adds the CSS class `class="td-full"` to table rows spanning to multiple cells
- adds explicit `scope="row"` attribute to the table headers in `options-permalink.php`: this table is better communicated as data table 
- uses consistent label association in the "Privacy Settings" page
- in the installation page "Set up your database connection": associates descriptions to their inout fields using `aria-describedby`
- improves the link to gravatar.com in the `user-edit.php` page

See #46899.
Fixes #47390.

Built from https://develop.svn.wordpress.org/trunk@45416


git-svn-id: http://core.svn.wordpress.org/trunk@45227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-05-25 15:19:53 +00:00
Sergey Biryukov b77cf42c0b Accessibility: Make sure layout tables across the admin are correctly linearized.
Adds `role="presentation"` to the `<table>` elements used for layout purposes.

Ideally, HTML tables should be used for tabular data. When tables are used for layout purposes, it's important to remove any native semantics so that assistive technologies can correctly announce the table content in a linearized fashion.

Props greatislander, afercia.
Fixes #46899.
Built from https://develop.svn.wordpress.org/trunk@45403


git-svn-id: http://core.svn.wordpress.org/trunk@45214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-05-24 21:56:54 +00:00
John Blackbourn 01917b9f74 I18N: Add a language icon next to language selectors.
This change means that users who can't read the site's current language can more easily identify controls that allow them to change either the site language or their own admin area language.

Props janak007, atlasmahesh, afercia, birgire, JoshuaWold

Fixes #43144

Built from https://develop.svn.wordpress.org/trunk@45402


git-svn-id: http://core.svn.wordpress.org/trunk@45213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-05-24 20:43:52 +00:00
Gary Pendergast 4487551344 Help: Update support forum links.
There are a lot of places in Core that link to https://wordpress.org/support/ for the support forums, but that's now the URL for HelpHub. The new forums link is https://wordpress.org/support/forums/.

Props jitendrabanjara1991, dilipbheda, mukesh27, ianbelanger.
Fixes #46790.


Built from https://develop.svn.wordpress.org/trunk@45140


git-svn-id: http://core.svn.wordpress.org/trunk@44949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-08 22:59:56 +00:00
Andrea Fercia ca53eac85e Accessibility: Improve the password form buttons accessibility.
- makes the "Cancel" button always visible: this allows to generate a new password also on small screens
- moves focus back to the Generate Password button when closing the form
- changes the password reset show/hide button from a clickable `<span>` element to a real `<button>` element
- improves the CSS

Props janak007, afercia.
Fixes #42853.

Built from https://develop.svn.wordpress.org/trunk@44895


git-svn-id: http://core.svn.wordpress.org/trunk@44726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-13 23:37:57 +00:00
Andrea Fercia 34b3b388fd Accessibility: Remove unnecessary fieldset and legend elements from the User Profile page.
Also fixes a CSS margin issue in the mobile view.

Props punit5658.
Fixes #46093.

Built from https://develop.svn.wordpress.org/trunk@44756


git-svn-id: http://core.svn.wordpress.org/trunk@44588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-02-20 19:03:51 +00:00
Gary Pendergast 7a617078fa Coding Standards: Upgrade WPCS to 1.2.1.
This upgrade fixes quite a few false positives, as well as auto-fixing some indenting issues.

Fixes #45956.


Built from https://develop.svn.wordpress.org/trunk@44574


git-svn-id: http://core.svn.wordpress.org/trunk@44405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-12 06:41:52 +00:00
Gary Pendergast 6d5cd6842a Coding Standards: Document intentional `case` block fall-throughs.
Fixes `PSR2.ControlStructures.SwitchDeclaration.TerminatingComment` violations.

See #45934.


Built from https://develop.svn.wordpress.org/trunk@44565


git-svn-id: http://core.svn.wordpress.org/trunk@44396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-11 06:26:50 +00:00
Gary Pendergast 56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Dominik Schilling 80c9ed8bfa Users: Don't show roles dropdown on user-edit.php if current user cannot promote user.
Fixes #43580.
Built from https://develop.svn.wordpress.org/trunk@42856


git-svn-id: http://core.svn.wordpress.org/trunk@42686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-19 20:56:32 +00:00
Sergey Biryukov 4848a09b35 I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
Add missing translator comments in `WP_Theme_Install_List_Table` and `wp_notify_postauthor()`.
Add missing commas in some translator comments.

Fixes #43523.
Built from https://develop.svn.wordpress.org/trunk@42827


git-svn-id: http://core.svn.wordpress.org/trunk@42657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-11 16:44:34 +00:00
Sergey Biryukov e97d2c0407 Users: After [41163], add a notice for Email field on Profile screen that the new address will not become active until confirmed.
Props dilipbheda.
Fixes #43106. See #16470.
Built from https://develop.svn.wordpress.org/trunk@42688


git-svn-id: http://core.svn.wordpress.org/trunk@42516 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-11 12:23:31 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Gary Pendergast a779284c00 General: Reformat inline `if ()` statements inside HTML tags.
This pattern occurs a handful of times across the codebase:

`<div class="foo<?php if ( $bar ) { echo ' baz'; } ?>">`

Unfortunately, it doesn't really play nicely with `phpcbf`, so all instances need to be removed in preperation for auto code formatting.

See #41057.


Built from https://develop.svn.wordpress.org/trunk@42217


git-svn-id: http://core.svn.wordpress.org/trunk@42046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-23 04:09:49 +00:00
Dominik Schilling f2589e222e Taxonomy/Users: Use correct escaping function for URLs.
Built from https://develop.svn.wordpress.org/trunk@41522


git-svn-id: http://core.svn.wordpress.org/trunk@41355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 21:14:47 +00:00
Dominik Schilling 9041e7a071 Taxonomy/Users: Provide a fallback for incorrect HTTP referrers.
Built from https://develop.svn.wordpress.org/trunk@41398


git-svn-id: http://core.svn.wordpress.org/trunk@41231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 09:13:44 +00:00
Weston Ruter 90bedf8f9d Editor: Add CodeMirror-powered code editor with syntax highlighting, linting, and auto-completion.
* Code editor is integrated into the Theme/Plugin Editor, Additional CSS in Customizer, and Custom HTML widget. Code editor is not yet integrated into the post editor, and it may not be until accessibility concerns are addressed.
* The CodeMirror component in the Custom HTML widget is integrated in a similar way to TinyMCE being integrated into the Text widget, adopting the same approach for integrating dynamic JavaScript-initialized fields.
* Linting is performed for JS, CSS, HTML, and JSON via JSHint, CSSLint, HTMLHint, and JSONLint respectively. Linting is not yet supported for PHP.
* When user lacks `unfiltered_html` the capability, the Custom HTML widget will report any Kses-invalid elements and attributes as errors via a custom Kses rule for HTMLHint.
* When linting errors are detected, the user will be prevented from saving the code until the errors are fixed, reducing instances of broken websites.
* The placeholder value is removed from Custom CSS in favor of a fleshed-out section description which now auto-expands when the CSS field is empty. See #39892.
* The CodeMirror library is included as `wp.CodeMirror` to prevent conflicts with any existing `CodeMirror` global.
* An `wp.codeEditor.initialize()` API in JS is provided to convert a `textarea` into CodeMirror, with a `wp_enqueue_code_editor()` function in PHP to manage enqueueing the assets and settings needed to edit a given type of code.
* A user preference is added to manage whether or not "syntax highlighting" is enabled. The feature is opt-out, being enabled by default.
* Allowed file extensions in the theme and plugin editors have been updated to include formats which CodeMirror has modes for: `conf`, `css`, `diff`, `patch`, `html`, `htm`, `http`, `js`, `json`, `jsx`, `less`, `md`, `php`, `phtml`, `php3`, `php4`, `php5`, `php7`, `phps`, `scss`, `sass`, `sh`, `bash`, `sql`, `svg`, `xml`, `yml`, `yaml`, `txt`.

Props westonruter, georgestephanis, obenland, melchoyce, pixolin, mizejewski, michelleweber, afercia, grahamarmfield, samikeijonen, rianrietveld, iseulde.
See #38707.
Fixes #12423, #39892.

Built from https://develop.svn.wordpress.org/trunk@41376


git-svn-id: http://core.svn.wordpress.org/trunk@41209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-13 06:08:47 +00:00
John Blackbourn 62fe4be994 Users: Require a confirmation link in an email to be clicked when a user attempts to change their email address.
This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their account.

Props rodrigosprimo, tharsheblows, johnbillion

Fixes #16470

Built from https://develop.svn.wordpress.org/trunk@41163


git-svn-id: http://core.svn.wordpress.org/trunk@41003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 02:10:42 +00:00
Sergey Biryukov 9ba7ab1cfc Users: Display the name of user being edited on Edit User screen.
Props seanchayes.
Fixes #28182.
Built from https://develop.svn.wordpress.org/trunk@39907


git-svn-id: http://core.svn.wordpress.org/trunk@39844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-15 07:14:39 +00:00
Andrea Fercia 57c2604200 Accessibility: Remove inappropriate content from the Edit User screen heading.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39538


git-svn-id: http://core.svn.wordpress.org/trunk@39478 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 22:08:43 +00:00
John Blackbourn 16371b99d8 Users: Style the super admin message on the user editing screen as a notice, not a success message.
Fixes #39131

Built from https://develop.svn.wordpress.org/trunk@39531


git-svn-id: http://core.svn.wordpress.org/trunk@39471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 01:28:40 +00:00
Dominik Schilling 2328e7b17a I18N: In `wp_dropdown_languages()` rename the new `show_site_locale_default` argument to `show_option_site_default`.
This makes it consistent with arguments of other `wp_dropdown_*()` functions.

Props SergeyBiryukov.
See #38632.
Fixes #38871.
Built from https://develop.svn.wordpress.org/trunk@39331


git-svn-id: http://core.svn.wordpress.org/trunk@39271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 16:14:30 +00:00
Pascal Birchler 548ac82b06 I18N: Add ability to change user's locale back to site's locale.
Previously there was no way to remove the user locale setting again, even though that might be desirable.

This adds a new 'Site Default' option to the user-specific language setting by introducing a new `show_site_locale_default` argument to `wp_dropdown_languages()`.

Props ocean90.
See #29783.
Fixes #38632.
Built from https://develop.svn.wordpress.org/trunk@39169


git-svn-id: http://core.svn.wordpress.org/trunk@39109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 23:01:31 +00:00
Dominik Schilling ba9b3cf6a6 I18N: Don't use `get_user_option()` for retrieving user's language.
`get_user_option()` checks for both option types, site and network. Since `locale` is only a network option we can directly access the field via `WP_User`s magic getter.

Props johnjamesjacoby.
Fixes #38578.
Built from https://develop.svn.wordpress.org/trunk@39040


git-svn-id: http://core.svn.wordpress.org/trunk@38982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 22:26:31 +00:00
Dominik Schilling cf571b12c1 I18N: Use correct value for the `for` attribute of the user language setting label.
Props johnjamesjacoby.
Fixes #38576.
Built from https://develop.svn.wordpress.org/trunk@39039


git-svn-id: http://core.svn.wordpress.org/trunk@38981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 21:58:38 +00:00