Commit Graph

577 Commits

Author SHA1 Message Date
Sergey Biryukov a1fb0a378c Restore line breaks before comment text in comment notification emails.
fixes #31508.
Built from https://develop.svn.wordpress.org/trunk@31770


git-svn-id: http://core.svn.wordpress.org/trunk@31750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-13 18:29:27 +00:00
Helen Hou-Sandí 0b3170fc7d Gravatars: Remove redundant 1x srcset.
props miqrogroove.
see #22329.

Built from https://develop.svn.wordpress.org/trunk@31722


git-svn-id: http://core.svn.wordpress.org/trunk@31703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-11 16:56:27 +00:00
Helen Hou-Sandí 0bf35836c3 Gravatars: Enable HiDPI versions for browsers that support srcset.
props iseulde.
see #22329.

Built from https://develop.svn.wordpress.org/trunk@31721


git-svn-id: http://core.svn.wordpress.org/trunk@31702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-11 16:32:26 +00:00
Drew Jaynes 33d9dd8066 Adjust the description for the `$extra_attr` argument in the DocBlocks for `get_avatar_data()` and `get_avatar()`.
See [31561]. See #31469.

Built from https://develop.svn.wordpress.org/trunk@31591


git-svn-id: http://core.svn.wordpress.org/trunk@31572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-01 07:19:24 +00:00
Gary Pendergast 18bb886b22 When sanitizing a URL to redirect to, UTF-8 characters can be URL encoded, instead of being removed.
While RFC 3986 does not specify which character sets are allowed in URIs, Section 2.5 states that octects matching UTF-8 character encoding should be percent-encoded, then unreserved octets outside of the UTF-8 range should be percent-encoded. As browsers tend to only implement support for UTF-8 in URLs, this change only implements the UTF-8 encoding part. We may revisit the second part if it becomes an issue.

Fixes #31486


Built from https://develop.svn.wordpress.org/trunk@31587


git-svn-id: http://core.svn.wordpress.org/trunk@31568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-28 02:21:26 +00:00
Scott Taylor e899c370a4 In `get_avatar_data()` and `get_avatar()`, allow `height` and `width` to be specified separately (both default to `size`). Also allow arbitrary attributes on the `<img>` via the `extra_attr` arg.
Props miqrogroove.
See #31469.

Built from https://develop.svn.wordpress.org/trunk@31561


git-svn-id: http://core.svn.wordpress.org/trunk@31542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-26 21:17:24 +00:00
Sergey Biryukov add5f9bdf2 Remove `src` from duplicate hook comments for `get_avatar` and `get_avatar_data`.
see #21195.
Built from https://develop.svn.wordpress.org/trunk@31480


git-svn-id: http://core.svn.wordpress.org/trunk@31461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-19 14:59:26 +00:00
Sergey Biryukov 01bb8478ff Fix a typo in duplicate hook comment.
see [31107], #21195.
Built from https://develop.svn.wordpress.org/trunk@31479


git-svn-id: http://core.svn.wordpress.org/trunk@31460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-19 14:56:28 +00:00
Drew Jaynes 947d04f323 Improve return and parameter documentation for `check_admin_referer()`, `check_ajax_referer()`, and `wp_verify_nonce()`.
Also update and clarify docsfor the `check_admin_referer` and `check_ajax_referer` hooks.

Props johnbillion, DrewAPicture.
Fixes #31055.

Built from https://develop.svn.wordpress.org/trunk@31381


git-svn-id: http://core.svn.wordpress.org/trunk@31362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-09 04:57:27 +00:00
Scott Taylor fe6b5983df In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning.
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.

To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.

`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.

Props markoheijnen, wonderboymusic.
Fixes #25672.

Built from https://develop.svn.wordpress.org/trunk@31188


git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:06:24 +00:00
Gary Pendergast 4bc89fef32 In `get_avatar()`, revert the `<img>` tag attributes to using single quotes, instead of double quotes. This behaviour was changed in [31107], but caused problems for code that attempted to parse the `<img>` tag.
See #21195


Built from https://develop.svn.wordpress.org/trunk@31152


git-svn-id: http://core.svn.wordpress.org/trunk@31133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-12 00:03:24 +00:00
Scott Taylor ac654632fe Use `PHP_SAPI` constant instead of `php_sapi_name()` in `iis7_supports_permalinks()`, `wp_fix_server_vars()`, and `wp_redirect()`.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31120


git-svn-id: http://core.svn.wordpress.org/trunk@31101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 04:59:22 +00:00
Gary Pendergast 5ee3ff435d Add `get_avatar_url()`, for retrieving just the URL of an avatar, rather than the entire `<img>` tag that `get_avatar()` produces.
Unlike `get_avatar()`, `get_avatar_url()` is not pluggable. It can be extended/or modified through the new filters included.

Fixes #21195.

Props mdawaffe, pento, pathawks, DrewAPicture


Built from https://develop.svn.wordpress.org/trunk@31107


git-svn-id: http://core.svn.wordpress.org/trunk@31088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 04:43:23 +00:00
Sergey Biryukov e253251ef4 Remove space before comma in wp_notify_postauthor() and wp_notify_moderator().
see #30930.
Built from https://develop.svn.wordpress.org/trunk@31060


git-svn-id: http://core.svn.wordpress.org/trunk@31041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-06 17:17:21 +00:00
Sergey Biryukov 71d255fde1 Remove padding from the comment notification emails in wp_notify_moderator().
See [30015] for wp_notify_postauthor().

props pavelevap.
fixes #30930.
Built from https://develop.svn.wordpress.org/trunk@31059


git-svn-id: http://core.svn.wordpress.org/trunk@31040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-06 17:10:35 +00:00
John Blackbourn d614abe3a2 Allow brackets in a URL when it's sanitised for a redirect. Brackets are valid in query parameters.
Fixes #30308
Props voldemortensen

Built from https://develop.svn.wordpress.org/trunk@30684


git-svn-id: http://core.svn.wordpress.org/trunk@30674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 03:21:22 +00:00
John Blackbourn 17ddc06287 Allow square brackets in a URL when it's sanitised for a redirect. Square brackets are valid in query parameters and IPv6 addresses.
Fixes #17052
Props voldemortensen

Built from https://develop.svn.wordpress.org/trunk@30683


git-svn-id: http://core.svn.wordpress.org/trunk@30673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 03:16:22 +00:00
Scott Taylor 04453cbe01 Improve the `@param` docs for `src/wp-includes/pluggable*`.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30667


git-svn-id: http://core.svn.wordpress.org/trunk@30657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 22:19:25 +00:00
Drew Jaynes e4f52df62c Fix DocBlock formatting for `wp_generate_password()`.
Props stevegrunwell for the initial patch.
Fixes #30509.

Built from https://develop.svn.wordpress.org/trunk@30580


git-svn-id: http://core.svn.wordpress.org/trunk@30570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-26 20:38:23 +00:00
Dominik Schilling e002b0fc07 Type cast `$nonce` to string in `wp_verify_nonce()`.
props jesin.
fixes #29542.
Built from https://develop.svn.wordpress.org/trunk@30576


git-svn-id: http://core.svn.wordpress.org/trunk@30566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-26 19:19:23 +00:00
Drew Jaynes 188e47869f Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented.
Affects DocBlocks for the following core elements:
* Markdown-indent a code snippet in the description for `wp_salt()`
* Backtick-escape inline code in the return description for `get_avatar()`
* Various markdown formatting in the description for `add_filter()`
* Markdown-indent a code snippet in the description for `apply_filters()`
* Backtick-escape inline code in the `@see` description for `apply_filters_ref_array()`
* Backtick-escape inline code in the description for `do_action()`
* Backtick-escape variables in the parameter and return descriptions for `do_action_ref_array()`
* Various markdown formatting in the description for `get_plugin_data()`

Props rarst.
See #30473.

Built from https://develop.svn.wordpress.org/trunk@30544


git-svn-id: http://core.svn.wordpress.org/trunk@30533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-24 06:05:23 +00:00
Andrew Nacin ddb3ee5057 Use hash_equals() for old md5 hashes.
Built from https://develop.svn.wordpress.org/trunk@30412


git-svn-id: http://core.svn.wordpress.org/trunk@30407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 11:49:23 +00:00
Drew Jaynes f7648300c8 Add missing documentation for the `$password` parameter, passed to the `check_password` hook.
Props coffee2code.
Fixes #30311.

Built from https://develop.svn.wordpress.org/trunk@30381


git-svn-id: http://core.svn.wordpress.org/trunk@30378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-18 18:56:21 +00:00
Drew Jaynes 66c47f29bb Correct references of `@uses $wpdb` in core documentation to use `@global`.
See #30191, [30105].
Fixes #30217.

Built from https://develop.svn.wordpress.org/trunk@30122


git-svn-id: http://core.svn.wordpress.org/trunk@30122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-31 17:56:22 +00:00
Drew Jaynes f8657d5890 Remove redundant and erroneous `@uses` tag from most core inline documentation.
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.

Fixes #30191.

Built from https://develop.svn.wordpress.org/trunk@30105


git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
John Blackbourn 823cfebeca Remove padding from the comment notification emails which is from a bygone fixed-width font era. Prevents alignment issues in email clients which use vairable width fonts for plain text emails. Fixes #16721. Props DrewAPicture.
Built from https://develop.svn.wordpress.org/trunk@30015


git-svn-id: http://core.svn.wordpress.org/trunk@30015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-24 17:08:18 +00:00
Mark Jaquith e1f2b3b9e2 Use HTTPS URLs for trac.wordpress.org (and use core.trac.wordpress.org)
see #27115
Built from https://develop.svn.wordpress.org/trunk@29789


git-svn-id: http://core.svn.wordpress.org/trunk@29561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-29 13:37:16 +00:00
Andrew Nacin 75ff6ae302 Add safeguards for when ext/hash is not compiled with PHP.
see #29518, for trunk.

Built from https://develop.svn.wordpress.org/trunk@29751


git-svn-id: http://core.svn.wordpress.org/trunk@29523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-20 17:28:18 +00:00
Andrew Nacin 768136c6da Rename the public methods in the session tokens API.
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.

The protected abstract methods designed for alternative implementations remain the same.

props mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29635


git-svn-id: http://core.svn.wordpress.org/trunk@29409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 02:07:16 +00:00
Andrew Nacin 3951d9689c Require a non-empty $nonce value in wp_verify_nonce().
props ocean90.
fixes #29217.

Built from https://develop.svn.wordpress.org/trunk@29620


git-svn-id: http://core.svn.wordpress.org/trunk@29394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-26 07:39:19 +00:00
Drew Jaynes a227d4ff08 s/does/does not in `wp_set_password()` docblock.
See [29461]. See #28316.

Built from https://develop.svn.wordpress.org/trunk@29462


git-svn-id: http://core.svn.wordpress.org/trunk@29240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-10 02:44:16 +00:00
Drew Jaynes 0f7d35597c Improve the `wp_set_password()` PHPDoc with a note to guard against executing the function on every page load, such as through a theme's functions.php file.
See #28316.

Built from https://develop.svn.wordpress.org/trunk@29461


git-svn-id: http://core.svn.wordpress.org/trunk@29239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-10 02:39:16 +00:00
Andrew Nacin ee4ce8688d Escape late in get_avatar().
Built from https://develop.svn.wordpress.org/trunk@29397


git-svn-id: http://core.svn.wordpress.org/trunk@29175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 07:50:18 +00:00
Andrew Nacin 7d672c38a4 Constant time for wp_verify_nonce().
Built from https://develop.svn.wordpress.org/trunk@29382


git-svn-id: http://core.svn.wordpress.org/trunk@29160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:26:16 +00:00
Andrew Nacin 654e46f03d Tie cookies and nonces to user sessions so they may be invalidated upon logout.
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.

Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().

This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.

props duck_, nacin, mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29221


git-svn-id: http://core.svn.wordpress.org/trunk@29005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 09:13:15 +00:00
Sergey Biryukov 177fe21194 Asterisk is an allowed character in a URI and should not be stripped out by wp_sanitize_redirect().
fixes #28362.
Built from https://develop.svn.wordpress.org/trunk@28939


git-svn-id: http://core.svn.wordpress.org/trunk@28737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-01 15:56:15 +00:00
Scott Taylor c8852cc909 Use the `WPINC` constant when loading `class-phpass.php`
Props wojtek.szkutnik
See #14157.

Built from https://develop.svn.wordpress.org/trunk@28903


git-svn-id: http://core.svn.wordpress.org/trunk@28702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 22:12:16 +00:00
Andrew Nacin dc0aca09f5 Fix documentation for wp_create_nonce() which wrongly suggests these tokens are actually numbers used once.
Built from https://develop.svn.wordpress.org/trunk@28793


git-svn-id: http://core.svn.wordpress.org/trunk@28606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-20 20:47:14 +00:00
Scott Taylor 43bf7f271f Don't use variable variables in `wp_salt()`.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28741


git-svn-id: http://core.svn.wordpress.org/trunk@28555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 18:36:15 +00:00
Drew Jaynes cb0fc9c64b Update the `$secure_logged_in_cookie` variable in the 'secure_logged_in_cookie' hook docs following [28627].
See #15330.

Built from https://develop.svn.wordpress.org/trunk@28628


git-svn-id: http://core.svn.wordpress.org/trunk@28448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-30 15:20:16 +00:00
Andrew Nacin 733057e7d6 Use a secure logged_in_cookie when the home URL is forced HTTPS (see #27954).
see #15330.

Built from https://develop.svn.wordpress.org/trunk@28627


git-svn-id: http://core.svn.wordpress.org/trunk@28447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-30 15:08:15 +00:00
Scott Taylor 8e98541d5f Eliminate the use of `extract()` in `wp_mail()`. Check the filtered array for each value before re-setting variables.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28425


git-svn-id: http://core.svn.wordpress.org/trunk@28252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 06:17:15 +00:00
Scott Taylor f5bd0de275 Eliminate the use of `extract()` in `wp_validate_auth_cookie()`.
Don't do anything fancy here, just set the 4 returned properties to variables. This function is semi-important.
	
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28424


git-svn-id: http://core.svn.wordpress.org/trunk@28251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 06:11:13 +00:00
Andrew Nacin 7f001bfe24 Harden HMAC verification. props duck_.
Built from https://develop.svn.wordpress.org/trunk@28053


git-svn-id: http://core.svn.wordpress.org/trunk@27883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-08 18:06:16 +00:00
Drew Jaynes 684145ca81 Inline documentation fixes related to the `determine_current_user` filter
See #26706, #27700.

Built from https://develop.svn.wordpress.org/trunk@28007


git-svn-id: http://core.svn.wordpress.org/trunk@27837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-07 21:18:15 +00:00
Drew Jaynes 100e737eb0 Inline documentation for hooks in wp-includes/pluggable.php.
Props kpdesign for some cleanup.
Fixes #26888.

Built from https://develop.svn.wordpress.org/trunk@27825


git-svn-id: http://core.svn.wordpress.org/trunk@27659 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-28 21:21:15 +00:00
Andrew Nacin c3ca81ba94 Always decode special characters for email subjects.
props tlovett1, jeremyfelt.
fixes #25346.

Built from https://develop.svn.wordpress.org/trunk@27801


git-svn-id: http://core.svn.wordpress.org/trunk@27636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-28 02:44:15 +00:00
Andrew Nacin 182de5881d Avoid notices in wp_notify_postauthor() when a post has no author.
props drozdz.
fixes #26659.

Built from https://develop.svn.wordpress.org/trunk@27568


git-svn-id: http://core.svn.wordpress.org/trunk@27411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-17 20:31:14 +00:00
Andrew Nacin e7be7a0a8d Use get_comment_link() in wp_notify_postauthor().
Fixes pagination for the link directly to the moderated comment.

props eatingrules.
fixes #26133.

Built from https://develop.svn.wordpress.org/trunk@27567


git-svn-id: http://core.svn.wordpress.org/trunk@27410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-17 20:20:15 +00:00
Andrew Nacin acba3131d7 Allow for custom authentication handlers for all requests.
Turn the logic used by wp_get_current_user() into a determine_current_user filter.

props rmccue.
fixes #26706.

Built from https://develop.svn.wordpress.org/trunk@27484


git-svn-id: http://core.svn.wordpress.org/trunk@27328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-09 15:23:15 +00:00
Drew Jaynes db605f4767 Improve inline documentation for `wp_new_user_notification()`.
Props antorome for the initial patch.
Fixes #26703.

Built from https://develop.svn.wordpress.org/trunk@27149


git-svn-id: http://core.svn.wordpress.org/trunk@27016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-09 21:07:12 +00:00
Sergey Biryukov 1f86e0c1e1 Fix typo in wp_set_auth_cookie() description.
props drozdz.
fixes #27046.
Built from https://develop.svn.wordpress.org/trunk@27116


git-svn-id: http://core.svn.wordpress.org/trunk@26983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-07 09:47:12 +00:00
Drew Jaynes cd8cedc40d First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin.
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.

Built from https://develop.svn.wordpress.org/trunk@26868


git-svn-id: http://core.svn.wordpress.org/trunk@26754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-24 18:57:12 +00:00
Drew Jaynes 223a2c7138 Inline documentation for the following filter hooks in wp-includes/pluggable.php:
* `comment_notification_recipients`
* `comment_notification_notify_author`

Also removes some generic `@uses` tags from various related doc blocks.

Props markjaquith.
Fixes #25699.

Built from https://develop.svn.wordpress.org/trunk@26388


git-svn-id: http://core.svn.wordpress.org/trunk@26288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-26 04:10:09 +00:00
Mark Jaquith c2cdbf9648 Fix `comment_notification_recipients` filter behavior so that it is still respected even on comments left by the post author
The code was bailing on this-is-a-comment-on-your-own-post detection, ignoring additional recipients. Now:

* Logic check is done within `wp_notify_postauthor()`
* Logic check is overridable via `comment_notification_notify_author` filter (default still false)
* The code doesn't bail on comment-on-own-post detection, but just removes the author from the array
* The code instead now bails if the recipients list is empty, so `comment_notification_recipients` works properly

props ethitter.
fixes #25699

Built from https://develop.svn.wordpress.org/trunk@26367


git-svn-id: http://core.svn.wordpress.org/trunk@26268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-25 01:47:10 +00:00
Peter Westwood bca9252522 Deprecate the second argument for wp_notify_postauthor because it is unecessary. Fixes #17862 props scribu and wonderboymusic.
Built from https://develop.svn.wordpress.org/trunk@26358


git-svn-id: http://core.svn.wordpress.org/trunk@26259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-24 16:26:10 +00:00
Sergey Biryukov 12d10da7e6 Remove redundant cleanup of PHPMailer addresses in wp_mail().
props bananastalktome.
fixes #25789.
Built from https://develop.svn.wordpress.org/trunk@26121


git-svn-id: http://core.svn.wordpress.org/trunk@26033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 03:45:11 +00:00
Sergey Biryukov eae4e5936f Use case-insensitive comparison for email addresses. fixes #25779.
Built from https://develop.svn.wordpress.org/trunk@26115


git-svn-id: http://core.svn.wordpress.org/trunk@26027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 02:41:09 +00:00
Sergey Biryukov 9c3b98e6d3 Avoid PHP notices in wp_notify_postauthor() when using a custom comment type.
Use a switch statement for consistency with wp_notify_moderator().

fixes #25880.
Built from https://develop.svn.wordpress.org/trunk@26114


git-svn-id: http://core.svn.wordpress.org/trunk@26026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 02:32:10 +00:00
Sergey Biryukov 40391f4e37 Fall back to comment author email in get_avatar() if the user who left the comment no longer exists.
props mauryaratan, lite3.
fixes #25803.
Built from https://develop.svn.wordpress.org/trunk@26000


git-svn-id: http://core.svn.wordpress.org/trunk@25933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-02 12:20:11 +00:00
Andrew Nacin 70fd806759 Revert r25824:25875 from the core.svn.wordpress.org repository.
These commits were accidentally re-synced commits from develop.svn.wordpress.org due to a race condition. Thankfully, the history of this repository matters fairly little. It also happened only for trunk.


git-svn-id: http://core.svn.wordpress.org/trunk@25876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-25 02:29:52 +00:00
Andrew Nacin 8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Andrew Nacin 9c6a15ef8f Maintain the same output for get_avatar() as 3.6. see [25895].
Built from https://develop.svn.wordpress.org/trunk@25899


git-svn-id: http://core.svn.wordpress.org/trunk@25811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 19:32:09 +00:00
Andrew Nacin af4535596b Always escape URLs at the last possible moment.
Built from https://develop.svn.wordpress.org/trunk@25895


git-svn-id: http://core.svn.wordpress.org/trunk@25807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 18:52:11 +00:00
Andrew Nacin e2413462de Move the trim() from wp_set_password() to inside wp_hash_password().
props rpattillo, joehoyle.
fixes #24973. see #23494.

Built from https://develop.svn.wordpress.org/trunk@25709


git-svn-id: http://core.svn.wordpress.org/trunk@25623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-07 13:54:10 +00:00
Scott Taylor c2312dfe4c Use `elseif` when slurping the `nonce` in `check_ajax_referer()` to avoid accidentally overwriting it.
Fail wonderboymusic in [25433].
Props ocean90.
Fixes #25369.
See [25433].


Built from https://develop.svn.wordpress.org/trunk@25550


git-svn-id: http://core.svn.wordpress.org/trunk@25470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-21 16:26:12 +00:00
Scott Taylor 5df8338e0a Fix some undefined index notices related to Comment unit tests:
* There are several places where a `$_POST` index was unchecked before setting a variable
* In `wp_notify_postauthor()`, `$comment` was being returned null, but its properties were being accessed.
* In `check_ajax_referer()`, 3 different values can be checked for nonce on `$_REQUEST`, but only 1 had an `isset()`

See #25282.


Built from https://develop.svn.wordpress.org/trunk@25433


git-svn-id: http://core.svn.wordpress.org/trunk@25355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-13 22:18:08 +00:00
Andrew Nacin cf3fddde96 Validate referrers to prevent off-domain redirects.
Built from https://develop.svn.wordpress.org/trunk@25318


git-svn-id: http://core.svn.wordpress.org/trunk@25280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 18:07:10 +00:00
Andrew Nacin 9fdfa7ef5c Short descriptions for inline docs should end with a period, per the vast majority of core. see #25229.
Built from https://develop.svn.wordpress.org/trunk@25273


git-svn-id: http://core.svn.wordpress.org/trunk@25239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-06 01:38:09 +00:00
Sergey Biryukov 9769012244 Add phpdoc for 'wp_redirect' and 'wp_redirect_status' filters. props DrewAPicture. fixes #25215.
Built from https://develop.svn.wordpress.org/trunk@25230


git-svn-id: http://core.svn.wordpress.org/trunk@25200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-04 08:31:09 +00:00
Sergey Biryukov 6760d294bb Update phpdoc for get_user_to_edit(), get_userdata(), and get_user_by(). props tivnet. fixes #24992.
Built from https://develop.svn.wordpress.org/trunk@25204


git-svn-id: http://core.svn.wordpress.org/trunk@25176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-02 03:25:09 +00:00
Andrew Ozz 3c3ec6dd8c Logging in: when the Remember Me checkbox is checked, make sure the browser continues to send the expired cookies so the "login grace period" for POST and AJAX requests works. Fixes #24735.
Built from https://develop.svn.wordpress.org/trunk@25107


git-svn-id: http://core.svn.wordpress.org/trunk@25089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-23 21:27:08 +00:00
Sergey Biryukov 688ecb9fcc Use correct variable. see #22922.
Built from https://develop.svn.wordpress.org/trunk@25105


git-svn-id: http://core.svn.wordpress.org/trunk@25087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-23 20:57:11 +00:00
Andrew Nacin 0adcab1f7f Add filters to the recipients of emails sent by wp_notify_postauthor() and wp_notify_moderator().
The new filters are called comment_notification_recipients and comment_moderation_recipients.

Add the context of $comment_id to the comment_moderation_headers filter, to match the comment_notification_headers filter.

props chipbennett.
fixes #22922, #20353.


Built from https://develop.svn.wordpress.org/trunk@25104


git-svn-id: http://core.svn.wordpress.org/trunk@25086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-23 19:36:10 +00:00
Ryan Boren 26eb1dc6ee Return true from wp_redirect() when redirect successful. Update phpdoc.
Props tivnet
fixes #24969


git-svn-id: http://core.svn.wordpress.org/trunk@24996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-06 17:44:32 +00:00
Andrew Nacin 0f84b87380 Do not notify the post author about comments if they are no longer a member of the blog.
This updates [23294] to use capability checks to determine if the user can still edit a post, which works for super admins. Additionally, it hides Trash/Spam action links when the user is still a member of the blog but cannot (or can no longer) moderate the comment.

fixes #23136.



git-svn-id: http://core.svn.wordpress.org/trunk@24649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 22:01:12 +00:00
Sergey Biryukov 8655b33360 Make wp_mail() return the actual result of PHPMailer::Send() instead of always returning true. props chmac. fixes #23642.
git-svn-id: http://core.svn.wordpress.org/trunk@24530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-29 23:03:13 +00:00
Andrew Nacin e27d41d8e7 Add strict check to wp_verify_nonce() to avoid issues when it is improperly called.
git-svn-id: http://core.svn.wordpress.org/trunk@24461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 02:11:31 +00:00
Peter Westwood b85cb06509 Pluggable Auth: When setting new passwords for users trim any leading or trailing space to match what we do when we test passwords.
Fixes #23494


git-svn-id: http://core.svn.wordpress.org/trunk@23814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-27 14:15:13 +00:00
Mark Jaquith 576e487663 Minor revisions PHP reorg, code cleanup, restores _post_restored_from functionality.
props adamsilverstein. see #23497

git-svn-id: http://core.svn.wordpress.org/trunk@23811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-27 11:56:28 +00:00
Peter Westwood 9d6988a221 Revisions: UI Update.
* Refines the UI to make it clearer and easier to use
* Introduces weighted tickmarks
* Fixes comparison bugs.

See #23497 props adamsilverstein


git-svn-id: http://core.svn.wordpress.org/trunk@23769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-21 15:54:11 +00:00
Peter Westwood 51db623107 Revisions: Updates to the new Revisions UI.
Various Updates including:
 * i18n fixes
 * Added tracking of what revision ID was restored
 * async fetching of diffs so that slider works sooner even with many revisions

See #23497 props adamsilverstein, ethitter


git-svn-id: http://core.svn.wordpress.org/trunk@23639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-07 15:32:26 +00:00
Ryan Boren 6c14f1a116 Remove unnecessary stripslashes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 20:55:30 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Peter Westwood 9bd192fab3 Revisions: First pass an implementing a new UI/UX for reviewing the revisions of posts. See #23497 props adamsilverstein for the initial patch.
This implements a new revisions ui using Backbone and preserves all the old methods of "integration" so the change should be transparent to plugins using revisi
ons with CPTs.

This is the first pass and so there are a number of things still to be resolved, more details in the ticket. Feedback welcomed.


git-svn-id: http://core.svn.wordpress.org/trunk@23506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-28 15:14:34 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov 5f05d09dc2 Use a human-readable constant in wp_set_auth_cookie(). fixes #23372.
git-svn-id: http://core.svn.wordpress.org/trunk@23388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-06 03:44:43 +00:00
Mark Jaquith 2d6e677a03 Do not notify the post author about comments if they are no longer a member of the blog. props nickmomrick. fixes #23136
git-svn-id: http://core.svn.wordpress.org/trunk@23294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-08 04:03:16 +00:00
Mark Jaquith 3c0d96524c Move 'endif;' to its own line instead of having it room with a right curly brace. props dimadin. fixes #22586
git-svn-id: http://core.svn.wordpress.org/trunk@23228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-29 18:01:41 +00:00
Andrew Nacin ad53112897 Pass 'blank' to Gravatar rather than sending blank.gif for Gravatar to proxy. props miqrogroove, fixes #22354.
git-svn-id: http://core.svn.wordpress.org/trunk@22566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-14 05:29:56 +00:00
Andrew Nacin 557d9313a7 Introduce constants to allow for easier expression of time periods in seconds. Adds MINUTE_IN_SECONDS, HOUR_IN_SECONDS, DAY_IN_SECONDS, WEEK_IN_SECONDS, YEAR_IN_SECONDS. props nbachiyski, SergeyBiryukov. fixes #20987.
git-svn-id: http://core.svn.wordpress.org/trunk@21996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 05:26:19 +00:00
Andrew Nacin 52320dc5b3 It is 'Alternative Text', not 'Alternate Text'. props alecrust, RyanJKoehler. fixes #21176.
git-svn-id: http://core.svn.wordpress.org/trunk@21917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-19 16:55:43 +00:00
Andrew Nacin 8886eef8d9 Add nonce_user_logged_out filters to wp_create_nonce() and wp_verify_nonce() for when there is no user ID. Provides plugins the ability to tie a nonce to some other characteristic of the session. props sc0ttkclark, fixes #21111.
git-svn-id: http://core.svn.wordpress.org/trunk@21837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-13 17:17:47 +00:00
Peter Westwood fb917e5d95 Make sure that we always generate random numbers correctly even if the PHP build is slightly broken and truncates large integers.
Fixes #19571 props mdawaffe.


git-svn-id: http://core.svn.wordpress.org/trunk@21685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-31 09:45:50 +00:00
Ryan Boren c55cf716da Use set_url_scheme(). Props johnbillion, MarcusPope. see #19037 #20759
git-svn-id: http://core.svn.wordpress.org/trunk@21664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-30 13:33:00 +00:00
Andrew Nacin 46eb6f0c26 Move the optimization done to get_user_by() in [21376] higher up the stack, into map_meta_cap() and is_super_admin().
This provides nearly the same benefits without possibly receiving a stale object from get_userdata(),
which could affect authentication, and introduce side effects for plugins.

see #21120.



git-svn-id: http://core.svn.wordpress.org/trunk@21563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-20 21:58:34 +00:00
nacin 7127ed1197 Move most instances of new WP_User to get_userdata(). see #21120.
git-svn-id: http://core.svn.wordpress.org/trunk@21413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-03 01:06:05 +00:00
nacin 174dad02bc Optimize get_user_by( 'id', $id ) to return wp_get_current_user() when the current user ID is requested.
Provides for a major performance improvement by preventing repeated instantiations of WP_User in the capabilities API.

see #21120.



git-svn-id: http://core.svn.wordpress.org/trunk@21376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-31 17:45:38 +00:00
nacin 725e0cc1df Remove $wp_secret_key_default.
With the duplicate key checks, this is isn't necessary. It could also cause problems when you
temporarily update to an English translation of a new version before going back to the locale.

see #19599.



git-svn-id: http://core.svn.wordpress.org/trunk@20691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-02 19:29:39 +00:00
duck_ 0915eb5d43 Add missing "?" to gravatar_default URL in get_avatar() to set size parameter correctly. Fixes #20512.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-22 11:45:31 +00:00
duck_ b0a975512a Don't override the $current_user global in get_currentuserinfo() on an XML-RPC request
if it's non-empty. Fixes capabilities checks for XML-RPC requests. See #20372.


git-svn-id: http://svn.automattic.com/wordpress/trunk@20424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-10 16:19:53 +00:00
ryan a831898020 When fetching the user in get_currentuserinfo(), make sure it is a valid WP_User object. If it is stdClass, upgrade it to WP_User. If it is WP_Error, an int, or anything else, set the current user to ID 0.
In wp_set_current_user(), return the current user global only if it is a WP_User object. If it is not, fall through and go about setting it up properly.

Formatting cleanups for both functions.

see #20372


git-svn-id: http://svn.automattic.com/wordpress/trunk@20410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-09 22:01:07 +00:00
nacin 2410e392b9 wp_set_current_user(0) for XMLRPC_REQUEST in get_currentuserinfo(). Ensures that wp_get_current_user() always returns a WP_User object. see #20372.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20402 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-08 01:06:44 +00:00
ryan de41bc288b Introduce WP_User::exists(). see #20372
git-svn-id: http://svn.automattic.com/wordpress/trunk@20378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-06 19:18:45 +00:00
nacin 20f416f286 Internally cache return values of wp_salt(). Always run the filter. Big performance gains on a pageload that generates hundreds of nonces. see #19599.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-07 03:41:56 +00:00
ryan 6aedd9d0f0 Split the main WP_Query posts query into two queries to avoid temp tables. Leverage cache to avoid second query in persistent cache environments. Props scribu, cheald, prettyboymp. see #18536
git-svn-id: http://svn.automattic.com/wordpress/trunk@19918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-14 15:09:35 +00:00
nacin acd0f7c375 Re-purpose wp_die() for ajax responses.
* Allows unit testing of core ajax actions.
 * wp_die() now has separate filters to choose a handler depending on the context (ajax, XML-RPC, else).
 * wp_die) in ajax context does not need to be called with a string. Conversion takes place before die().
props kurtpayne, see #15327.



git-svn-id: http://svn.automattic.com/wordpress/trunk@19801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-31 22:12:58 +00:00
nacin 017f5e4aeb Provide a DB fallback for keys in wp_salt(). Fall back when any secret is used more than once. Change how we detect a localized 'put your unique phrase here' -- eliminate $wp_default_secret_key and introduce $wp_secret_key_default to be added during the localized build process, not by translators. fixes #19599.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-27 18:52:20 +00:00
duck_ 81a7ad2c81 split was deprecated in PHP 5.3.0, so use explode instead. Props garyc40. Fixes #16325.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-09 21:20:51 +00:00
ryan 81283c0561 Update wp_salt() phpdoc. fixes #18696
git-svn-id: http://svn.automattic.com/wordpress/trunk@19725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-09 20:52:08 +00:00
ryan 83b131f8e3 User lowercase true, false, null instead of uppercase. Props c3mdigital, mfields. fixes #16302
git-svn-id: http://svn.automattic.com/wordpress/trunk@19687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:50:54 +00:00
nacin d56fe066da s/is/if/. props ocean90.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-20 22:06:34 +00:00
nacin 2454f5b0d9 Gravatar emails should be trimmed before being lowered and hashed. props evansolomon. fixes #19614.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-20 22:00:44 +00:00
ryan 07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
duck_ 424cd58652 Correct @param text ordering to put "Optional." in description, see r19019 and #18958. Also remove empty docblock tag.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-20 15:53:57 +00:00
westi 5eef6313ef Improve the parsing of email addresses in wp_mail to re-support RFC2822 nameless "<address@tld.com>" style. Fixes #18463 props kitchin and SergeyBiryukov.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-19 14:30:50 +00:00
duck_ 2f51b9be0d Fix typos in documentation (wp-includes/[i-z]). See #18560.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-05 19:08:15 +00:00
ryan 0f06334e11 Introduce metadata_exists(), WP_User::get_data_by(), WP_User::get(), WP_User::has_prop(). Don't fill user objects with meta. Eliminate data duplication in cache and memory. Props scribu. see #15458
git-svn-id: http://svn.automattic.com/wordpress/trunk@18597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-24 19:32:59 +00:00
dd32 6fa755e68e Harden up is_user_logged_in() against empty $current_user instances to prevent PHP Notices on XML-RPC requests. Fixes #18458
git-svn-id: http://svn.automattic.com/wordpress/trunk@18558 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-17 08:51:36 +00:00
ryan ec4ccf2900 Deprecate get_userdatabylogin() and get_user_by_email(). Props scribu. fixes #18333
git-svn-id: http://svn.automattic.com/wordpress/trunk@18513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-05 16:57:31 +00:00
ryan 6c81d023bb Add magic get/set/isset methods to WP_User to avoid data duplication. Standardize on WP_User::ID. Props scribu. see #15458
git-svn-id: http://svn.automattic.com/wordpress/trunk@18504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-04 03:09:27 +00:00
markjaquith f030e87cdc Throw _doing_it_wrong() when nonce action not passed to check_admin_referer(). props duck_. see #16449
git-svn-id: http://svn.automattic.com/wordpress/trunk@18195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-08 16:56:26 +00:00
westi 5e908c7190 Update wp_mail to correctly call the Address adding functions on PHPMailer for To, CC, BCC in a way which preserves our support for full RFC2822 address specifications.
Older versions of PHPMailer were not too careful about validating what we passed in to them as a plain email address - the new version expects we pass in the Name and Email address seperately.
Fixes #17305 based on a patch from dllh.

git-svn-id: http://svn.automattic.com/wordpress/trunk@18006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-23 11:14:05 +00:00
ryan 7f9f067e60 Use exceptions with phpmailer to avoid headers already sent errors. fixes #17228
git-svn-id: http://svn.automattic.com/wordpress/trunk@17753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 18:16:01 +00:00
ryan c5b47b029c Remove setcookie() back compat. Props hakre. see#16920
git-svn-id: http://svn.automattic.com/wordpress/trunk@17612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-06 17:07:59 +00:00
markjaquith b9487742e0 Improvement to check_admin_referer() when called without first argument (PLUGIN AUTHORS: STOP DOING THAT). props indie-ulf. fixes #16449 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-02-03 20:42:00 +00:00
ryan 8066547be3 Add some cookie filters to allow plugins more control over SSL cookie delivery. see #15330
git-svn-id: http://svn.automattic.com/wordpress/trunk@17227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-06 04:08:23 +00:00
dd32 9c4b151ba2 Restore pre-3.1 "Status:" header handling for IIS in wp_redirect. Revist in 3.2 to see if it's still required. Fixes #10187
git-svn-id: http://svn.automattic.com/wordpress/trunk@16907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-14 10:15:31 +00:00
nacin 09e076b152 Remove unnecessary space. props demetris, JohnPBloch. fixes #12797.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-06 22:56:47 +00:00
nacin de65e1f2f3 Fix arin whois link. props ozh. @todo consider its removal. see #15281.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 00:54:22 +00:00
nacin 81a8f2d3ce Use square brackets instead of braces for string access. props hakre, fixes #13900.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-13 09:53:55 +00:00
nacin d974a35fb0 Don't notify the author when they posted or moderated the comment. fixes #12774.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-11 16:28:49 +00:00
ryan 0a0d648660 Send moderation emails to post author. see #6286
git-svn-id: http://svn.automattic.com/wordpress/trunk@16223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-06 15:20:50 +00:00
ryan 98c65bd2f7 Don't fire wp_notify_postauthor() when the author moderated the comment. Props mrmist. fixes #12774
git-svn-id: http://svn.automattic.com/wordpress/trunk@16208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-05 15:36:04 +00:00
ryan 9c31fd7c70 First pass of user admin. Network admin and screen cleanups. see #14696
git-svn-id: http://svn.automattic.com/wordpress/trunk@15746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-07 19:34:18 +00:00
dd32 9ce6d04ffb Retire IIS 3,4,5 Set-Cookie redirection workaround. See [2436] for original implementation. See #10187
git-svn-id: http://svn.automattic.com/wordpress/trunk@15682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-02 04:02:24 +00:00
ryan b482fe4499 Link directly to comment in email notification. Props lancewillett. fixes #12797
git-svn-id: http://svn.automattic.com/wordpress/trunk@15553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-08-31 18:24:41 +00:00
ryan 977102dbb1 Typo fix. Props pedger, mattsains. fixes #13740
git-svn-id: http://svn.automattic.com/wordpress/trunk@15149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-06 14:44:48 +00:00
ryan 1a552dd029 Strip trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@14924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-26 02:42:15 +00:00
ryan 2a99808ad2 Email messages should be plain text. Props arena. see #13488
git-svn-id: http://svn.automattic.com/wordpress/trunk@14803 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-22 13:48:38 +00:00
nacin e85693b8a9 False alarm, something else is going on here. Revert [14780], restore [14695]. see #13317.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-21 15:08:07 +00:00
nacin 39af37992a Revert [14695]. We need to be a bit less strict. see #13317.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-21 15:03:54 +00:00
westi 6881380fc0 Don't return data for user 1 when passed in junk like an array. See #13317.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-16 20:34:02 +00:00
nacin 0961da9244 Whitespace and standards in get_userdata. fixes #13317.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-12 18:59:03 +00:00
ryan 5c48b8b015 Force reauth when auth_redirect() redirects to login. see #12142
git-svn-id: http://svn.automattic.com/wordpress/trunk@14556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-11 13:44:40 +00:00
wpmuguru 7c47fba666 use same salts/keys across network, see #12142
git-svn-id: http://svn.automattic.com/wordpress/trunk@14458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-04 22:08:53 +00:00
nacin e64a657575 s/blog/site/ in even more places. props PeteMall, see #11644.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-30 03:17:49 +00:00
nacin b18ac8fcdb Deprecate set_current_user() in favor of wp_set_current_user().
git-svn-id: http://svn.automattic.com/wordpress/trunk@14090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-14 22:06:03 +00:00
dd32 442d41291a Tweak new strings for better typography. Props demetris. Fixes #12962
git-svn-id: http://svn.automattic.com/wordpress/trunk@14070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-11 10:41:54 +00:00
ryan 11dc8e15c9 Check for urls that have a scheme but no host in wp_validate_redirect().
git-svn-id: http://svn.automattic.com/wordpress/trunk@13878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-29 16:47:17 +00:00
nacin 8c8bf5039f Remove unnecessary ternary operators such as (expr) ? true : false.
git-svn-id: http://svn.automattic.com/wordpress/trunk@13769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-19 21:15:00 +00:00
ryan e25a65b36a Trim trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@13733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-17 16:27:25 +00:00
ryan 2486cc70f7 Restrict schemes allowed in wp_validate_redirect()
git-svn-id: http://svn.automattic.com/wordpress/trunk@13657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-11 14:54:11 +00:00
ryan 086ad7d933 Improve user listing performance. Props miqrogroove. see #11914
git-svn-id: http://svn.automattic.com/wordpress/trunk@13576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-03 19:08:30 +00:00
matt 73a11f4d4e Better subdomains for faster Gravatar loading. An update to [13385].
git-svn-id: http://svn.automattic.com/wordpress/trunk@13560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-02 21:59:15 +00:00
nacin 1cade6654c Allow multiple To: recipients in wp_mail(). Improve handling of \r\n in headers and multiple CC/BCC headers. fixes #10420
git-svn-id: http://svn.automattic.com/wordpress/trunk@13456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-27 16:10:45 +00:00
nacin f1f86f16e3 Remove explicit references to the post ID from moderation and comment e-mails. Fixes #12388
git-svn-id: http://svn.automattic.com/wordpress/trunk@13432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-26 17:18:59 +00:00
ryan a312eea3a7 Hash to static gravatar domains. Props apokalyptik.
git-svn-id: http://svn.automattic.com/wordpress/trunk@13385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-24 20:50:40 +00:00
nacin 8bcc5969dc Spelling and grammar fun. Fixes #11875 props cnorris23
git-svn-id: http://svn.automattic.com/wordpress/trunk@13382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-24 20:13:23 +00:00
nacin 2dcfc0913b Remove unused 'secret' option. Fixes #12221
git-svn-id: http://svn.automattic.com/wordpress/trunk@13309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-22 20:27:02 +00:00
dd32 679250491d Variable Cleanup, Unused variables, Typo'd variables, unused code blocks. Fixes #12299
git-svn-id: http://svn.automattic.com/wordpress/trunk@13242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-20 02:01:46 +00:00
nacin 8d39376b5a Add filter to get_avatar() to allow avatars for custom comment types. Props usermrpapa. Fixes #11880
git-svn-id: http://svn.automattic.com/wordpress/trunk@13231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-19 20:27:56 +00:00
nacin 91e0c6a98c Allow more special characters in wp_generate_password() second pass. props sivel, see #12159
git-svn-id: http://svn.automattic.com/wordpress/trunk@13206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-19 00:03:36 +00:00
nacin 54c4ac3c8f Move deprecated pluggable functions to a new file to lower their profile. Also throw deprecated warnings if a plugin defines a deprecated pluggable function. See #11388
git-svn-id: http://svn.automattic.com/wordpress/trunk@13204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-18 23:17:06 +00:00
nacin db0e494344 Use an expanded special character set when generating auth keys and salts via wp_generate_password(). Props sivel, see #12159
git-svn-id: http://svn.automattic.com/wordpress/trunk@13137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-14 04:06:30 +00:00
nacin 5871a56009 Fall back to wp_generate_password() in setup-config.php if HTTPS request for secret keys fails. Also use pretty link to secret-key API, see #12159
git-svn-id: http://svn.automattic.com/wordpress/trunk@13133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-14 02:47:45 +00:00
nacin fd5f785cce Move deprecated functions to deprecated.php. Deprecate get_the_attachment_link() for wp_get_attachment_link(), get_attachment_icon_src() for wp_get_attachment_image_src(),
get_attachment_icon() and get_attachment_innerHTML() for wp_get_attachment_image(), get_link() for get_bookmark(). Add missing deprecated version numbers. Add inline documentation to pluggable functions that are deprecated. See #11388

git-svn-id: http://svn.automattic.com/wordpress/trunk@13093 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-13 06:39:51 +00:00
nacin 833f6172f7 Optimize wp_rand(), only check transient when needed. Fixes #12144.
git-svn-id: http://svn.automattic.com/wordpress/trunk@13080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-13 03:33:33 +00:00
westi 6289876414 Ensure we ignore the _SALT defines if they are set to the "default" unconfigured values or empty. See #12159.
git-svn-id: http://svn.automattic.com/wordpress/trunk@13058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-11 22:51:51 +00:00
ryan 9fc2bef3d1 Move blog deletion to ms-delete-site.php. see #11644
git-svn-id: http://svn.automattic.com/wordpress/trunk@12828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-25 22:46:41 +00:00
ryan 6da55f7792 Trailing whitespace cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@12733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-15 22:11:12 +00:00
westi 904b89dc9f Run the old WPMU random_password filter in wp_generate_password(). Fixes #11746 props uglyrobot.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-07 20:49:04 +00:00
ryan ec8e347792 Introduce home_url(). Props Denis-de-Bernardy, hakre. see #9008
git-svn-id: http://svn.automattic.com/wordpress/trunk@12598 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-04 17:23:29 +00:00
ryan 6ae74dfd09 Don't fall back to logged in cookie if in the admin.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12408 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-15 19:57:20 +00:00
azaozz acf271551d Add 'trash' in comment moderation emails, props nacin, fixes #11426
git-svn-id: http://svn.automattic.com/wordpress/trunk@12402 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-15 10:55:55 +00:00
westi 2c4aadf49f Fix some more html encoding in email subject issues. Fixes #9913.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-14 22:09:54 +00:00
westi 5d087be7e9 Don't html encode quotes in the blogname in email subjects as this is a plain text output. Fixes #9913 props tenpura.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-13 11:38:45 +00:00
markjaquith 305f103c4f Use http_response_code for wp_redirect(), so that fastcgi hosts always get 301 redirect love. props error. fixes #6779
git-svn-id: http://svn.automattic.com/wordpress/trunk@12358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-10 08:33:17 +00:00
azaozz efa493655e Show the login form in a popup when autosave hits the login grace period, fixes #10704
git-svn-id: http://svn.automattic.com/wordpress/trunk@12021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-11 11:26:59 +00:00
westi 6784dc62c6 Fix notice when adding tag from the Post Tags page. Fixes #10808 props prettyboymp.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11951 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-18 21:06:23 +00:00
ryan 8e3808bce2 Remove trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@11930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-14 14:03:32 +00:00
ryan c6debbd596 Filter the cookie scheme in auth_redirect(). Props nbachiyski. fixes #10740
git-svn-id: http://svn.automattic.com/wordpress/trunk@11905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-08 15:25:29 +00:00
azaozz 2040971211 "Trash" status for comments updates, props caesarsgrunt, see #4529
git-svn-id: http://svn.automattic.com/wordpress/trunk@11741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-24 07:23:11 +00:00
azaozz d2fec31c0e "Trash" status for comments, first run, props caesarsgrunt, see #4529
git-svn-id: http://svn.automattic.com/wordpress/trunk@11731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-21 03:11:12 +00:00
westi 0dba5eddcf Introduce _deep_replace() and use it to improve the stripping of percent encoded values from urls. Fixes #10226 for trunk.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-06-20 17:42:24 +00:00
markjaquith 6283b5aaf1 Create wp_validate_redirect(), have the upgrade done link use it. props Westi. fixes #10193 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@11610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-06-19 19:30:17 +00:00
azaozz 7182b0dbb4 Add more translator comments for placeholders, props nbachiyski, fixes #10002
git-svn-id: http://svn.automattic.com/wordpress/trunk@11506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-06-02 07:21:42 +00:00
ryan c652a8f9e3 Add comment_moderation_headers filter. Props mtdewvirus. fixes #9969
git-svn-id: http://svn.automattic.com/wordpress/trunk@11489 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-29 20:00:06 +00:00
ryan 2df887bd07 Trim tailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@11450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-24 23:47:49 +00:00
ryan 7f6ecdd706 Don't notify post author of own comments. PrProps josephscott. fixes #8695
git-svn-id: http://svn.automattic.com/wordpress/trunk@11387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-18 18:36:04 +00:00
markjaquith 6c2ffddf31 _a(), _ea(), _xa(), attr() are now esc_attr__(), esc_attr_e(), esc_attr_x(), esc_attr() -- still short, but less cryptic. see #9650
git-svn-id: http://svn.automattic.com/wordpress/trunk@11204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-05 19:43:53 +00:00
markjaquith 42ae25cb48 Exclamation mark is a valid and safe character in a URI. props hakre. fixes #8904
git-svn-id: http://svn.automattic.com/wordpress/trunk@11147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-30 23:52:32 +00:00
westi b4743048ab Fix wp_mails handling of custom boundaries. Fixes #5204 props filosofo.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-30 07:25:47 +00:00
ryan 2d489767bb s/attribute_escape/attr/. see #9650
git-svn-id: http://svn.automattic.com/wordpress/trunk@11109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-28 05:58:45 +00:00
ryan 6db7e7fbc5 Don't notify post author of own comments. Props Denis-de-Bernardy. fixes #8695
git-svn-id: http://svn.automattic.com/wordpress/trunk@11057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-22 20:55:04 +00:00
ryan 35e6b4c698 Wrap get_user_by() in function_exists check. Props alexrabe. fixes #9617
git-svn-id: http://svn.automattic.com/wordpress/trunk@11033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-21 20:27:22 +00:00
ryan 4956e5d453 Cache user lookups made by nicename. Add get_user_by(). fixes #4170
git-svn-id: http://svn.automattic.com/wordpress/trunk@10992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-17 21:25:11 +00:00
ryan 1a0ce2d2b3 Fix headers array processing for wp_mail(). Props gortsleigh. fixes #9284
git-svn-id: http://svn.automattic.com/wordpress/trunk@10967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-17 00:06:18 +00:00
ryan fe648c9e20 Updates to wp_login_url() and wp_logout_url(). Use them in more places. Props wnorris. fixes #9536
git-svn-id: http://svn.automattic.com/wordpress/trunk@10931 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-14 18:31:49 +00:00
ryan 693fd1774e Make random_seed a transient
git-svn-id: http://svn.automattic.com/wordpress/trunk@10838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-25 20:03:57 +00:00
ryan e8b6fe7347 Trim trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@10810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-18 02:43:45 +00:00
ryan d43bd8177c Use wpdb::insert() and update(). Props DD32. see #6836
git-svn-id: http://svn.automattic.com/wordpress/trunk@10730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-06 04:27:51 +00:00
ryan cf07babee1 Add auth_cookie_expiration filter
git-svn-id: http://svn.automattic.com/wordpress/trunk@10691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-03 22:51:55 +00:00
ryan 5d3a29dacd Add auth_redirect action
git-svn-id: http://svn.automattic.com/wordpress/trunk@10685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-02 23:42:28 +00:00
azaozz 00b6ce601c Fix typo, props sambauers
git-svn-id: http://svn.automattic.com/wordpress/trunk@10678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-02 00:28:52 +00:00
ryan 3f22da5123 Don't trigger wp_login_failed action for empty usernames or passwords.
git-svn-id: http://svn.automattic.com/wordpress/trunk@10638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-02-23 17:33:02 +00:00
ryan fc660a45a3 Use _n(). Props nbachiyski. fixes #9111
git-svn-id: http://svn.automattic.com/wordpress/trunk@10606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-02-20 19:35:16 +00:00
westi f1098f3644 If we have to generate people salts then make them 64 chars long. Fixes #8647 props sivel.
git-svn-id: http://svn.automattic.com/wordpress/trunk@10577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-02-15 16:21:28 +00:00
westi ea903eba7e Add documentation to detail reasoning for default from address. See #5007 props pishmishy
git-svn-id: http://svn.automattic.com/wordpress/trunk@10575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-02-15 13:31:43 +00:00
ryan b3b3e7f2ce If no angle brackets, assume email address. Props donncha. fixes #9086 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@10541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-02-10 23:51:51 +00:00
ryan 002f1ebce3 Seed cookie hash key with a fragment from the password hash
git-svn-id: http://svn.automattic.com/wordpress/trunk@10486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-02-03 05:03:16 +00:00
ryan 07489f05e8 Pluggables phpdoc updates. Props filosofo. fixes #9001
git-svn-id: http://svn.automattic.com/wordpress/trunk@10469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-01-30 18:08:28 +00:00
westi 8855daf707 Much better handling of wp-login.php page load. See #8938 props wnorris.
git-svn-id: http://svn.automattic.com/wordpress/trunk@10463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-01-29 21:30:16 +00:00
ryan aea6896bf8 Use secure.gravatar.com for SSL avatar requests. fixes #8988 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@10461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-01-29 17:58:16 +00:00
westi f02590c921 Don't show the error on normal login page loads. See #8938.
git-svn-id: http://svn.automattic.com/wordpress/trunk@10455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-01-28 22:11:49 +00:00
westi a98d30864f Make authentication more pluggable than ever before. See #8938 props wnorris.
git-svn-id: http://svn.automattic.com/wordpress/trunk@10437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-01-24 22:38:19 +00:00
ryan 1761cba906 Remove update_user_cache(). Long dead.
git-svn-id: http://svn.automattic.com/wordpress/trunk@10395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-01-21 19:21:51 +00:00
ryan 13dec849de phpdoc updates for wp_generate_password(). Props sivel. fixes #8688 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@10271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-12-30 19:47:59 +00:00
ryan 5dd1a876b8 Update secret-key url. Props sivel. fixes #8687 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@10241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-12-22 23:00:13 +00:00
ryan e89192b1a8 Strip trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@10150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-12-09 18:03:31 +00:00
ryan 0f927649f8 Introduce NONCE_SALT and NONCE_KEY
git-svn-id: http://svn.automattic.com/wordpress/trunk@10120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-12-07 21:31:13 +00:00
markjaquith 0435f3d294 Do not redirect to options.php on login if user was POSTing to options.php from another page. props fitztrev. fixes #8133
git-svn-id: http://svn.automattic.com/wordpress/trunk@9775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-19 05:07:24 +00:00
markjaquith e3c5f05f3c A couple more hCard CSS classes for comments from wnorris. fixes #8264
git-svn-id: http://svn.automattic.com/wordpress/trunk@9764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-18 22:06:51 +00:00
azaozz 469170c44c Fix default Gravatar URLs, props DD32, fixes #8232
git-svn-id: http://svn.automattic.com/wordpress/trunk@9728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-15 23:30:33 +00:00
ryan 40c754df1d Unused var fixes. Props DD32. see #8220
git-svn-id: http://svn.automattic.com/wordpress/trunk@9716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-15 18:10:35 +00:00
ryan ce1cc49825 Provide fallback salt to accommodate custom schemes. Props tellyworth. fixes #8212
git-svn-id: http://svn.automattic.com/wordpress/trunk@9680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-14 16:35:14 +00:00
ryan 9d05b9595a Remove debug
git-svn-id: http://svn.automattic.com/wordpress/trunk@9374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-10-28 03:43:52 +00:00
ryan 33f8a5e080 Introduce normalize_whitespace(). Use it instead of wp_text_diff() when checking for identical autosave revisions. Props tellyworth. fixes #7691
git-svn-id: http://svn.automattic.com/wordpress/trunk@9302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-10-23 20:03:16 +00:00
ryan 3fc6097a5a phpdoc corrections from jacobsantos. see #7918
git-svn-id: http://svn.automattic.com/wordpress/trunk@9243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-10-18 20:46:30 +00:00
westi 8453f12963 Add attachment support to wp_mail. Fixes #7787 props AaronCampbell.
git-svn-id: http://svn.automattic.com/wordpress/trunk@9213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-10-16 20:57:49 +00:00
ryan c43a7cf1eb get_avatar() phpdoc update from Speedboxer. fixes #7536
git-svn-id: http://svn.automattic.com/wordpress/trunk@9200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-10-16 18:37:05 +00:00
westi 869cd2ffa1 Default to an empty alt attribute on Avatars. Fixes #7536.
git-svn-id: http://svn.automattic.com/wordpress/trunk@9127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-10-12 18:03:54 +00:00
ryan 3f5753f4b1 get_comment_type() sets comment_type to 'comment'. Allow for that in get_avatar().
git-svn-id: http://svn.automattic.com/wordpress/trunk@9084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-10-05 04:48:17 +00:00
ryan f03180a5e1 Avatar alt fixes from nbachiyski. fixes #7536
git-svn-id: http://svn.automattic.com/wordpress/trunk@9076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-10-03 03:20:54 +00:00
ryan f286979c28 Don't show avatar for pingbacks or trackbacks
git-svn-id: http://svn.automattic.com/wordpress/trunk@9075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-10-03 03:12:42 +00:00
westi 42aaa50b6f Fix notice in check_admin_referrer.
git-svn-id: http://svn.automattic.com/wordpress/trunk@9026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-09-28 21:08:25 +00:00
ryan d3abd242b0 Don't append HTTPOnly if cookie domain is empty. see #7677
git-svn-id: http://svn.automattic.com/wordpress/trunk@8811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-09-05 05:35:58 +00:00
ryan 49fe9a77a4 No HTTPOnly for Safari
git-svn-id: http://svn.automattic.com/wordpress/trunk@8810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-09-05 00:10:34 +00:00
ryan b4de7baf2a HttpOnly for PHP < 5.2. Props _ck_. see #7677
git-svn-id: http://svn.automattic.com/wordpress/trunk@8808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-09-04 19:55:30 +00:00
ryan c38f460aa6 Try out httponly for auth cookies. see #7677
git-svn-id: http://svn.automattic.com/wordpress/trunk@8798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-09-03 18:24:28 +00:00
ryan 37d88adaff Don't ignore scheme when cookie value is empty. Props bendalton. fixes #7521
git-svn-id: http://svn.automattic.com/wordpress/trunk@8731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-25 21:09:26 +00:00
ryan 8dfd6d050f Do secure redirect only for admin destinations. see #7561
git-svn-id: http://svn.automattic.com/wordpress/trunk@8730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-25 20:40:34 +00:00
ryan dccf7edf8e wp_rand() - more randy rands
git-svn-id: http://svn.automattic.com/wordpress/trunk@8728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-25 17:52:28 +00:00
ryan 203086a4de Option to force SSL. see #7561
git-svn-id: http://svn.automattic.com/wordpress/trunk@8701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-21 17:40:38 +00:00
ryan 01e3a5ec79 Some cookie validation hooks. fixes #7440
git-svn-id: http://svn.automattic.com/wordpress/trunk@8696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-21 00:08:25 +00:00
westi bfa931c5d1 alt attibutes for get_avatar(). Fixes #7523 props Speedboxer.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-17 11:23:49 +00:00
ryan 35b18e5034 Trailing whitespace cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@8600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-09 05:36:14 +00:00
ryan 642c8d9b54 Fix Text/Diff includes. Props codestyling. fixes #7391 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@8581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-07 21:02:07 +00:00
markjaquith 74c46749cb Cast to array when using foreach(). Props santosj (and thanks for your perseverance!). fixes #2784
git-svn-id: http://svn.automattic.com/wordpress/trunk@8572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-06 20:31:54 +00:00
azaozz dc9f3139a1 Revert 8562
git-svn-id: http://svn.automattic.com/wordpress/trunk@8564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-06 00:44:40 +00:00