Commit Graph

336 Commits

Author SHA1 Message Date
whyisjake 7077580716 User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 4.2 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/4.2@47657


git-svn-id: http://core.svn.wordpress.org/branches/4.2@47434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 16:52:22 +00:00
Boone Gorges bbc5a2de2f Ensure that 'who' param is respected when generating meta_query in `WP_User_Query`.
Since [31669], the 'who' param had been parsed after meta_query was generated,
so that 'who' was effectively ignored.

Props imath.
Fixes #32019.
Built from https://develop.svn.wordpress.org/trunk@32207


git-svn-id: http://core.svn.wordpress.org/trunk@32180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 15:16:27 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Drew Jaynes ba1e7a7243 Correct grammar when referring to "a user" vs "an user" in several places.
Props ocean90.
Fixes #31894.

Built from https://develop.svn.wordpress.org/trunk@32025


git-svn-id: http://core.svn.wordpress.org/trunk@32004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-05 14:44:27 +00:00
Boone Gorges 820b895cf6 `WP_User_Query`: When querying users with 'fields=all', ensure that caps and roles are filled for the current site.
See [15566] for a parallel fix for 'fields=all_with_meta'.

Fixes #31878.
Built from https://develop.svn.wordpress.org/trunk@32001


git-svn-id: http://core.svn.wordpress.org/trunk@31980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-03 14:14:57 +00:00
Scott Taylor 0fccadaa35 When updating the email address for an existing user, make sure the email address is not already in use.
Adds unit tests.

Props rittesh.patel, DrewAPicture.
Fixes #30647.

Built from https://develop.svn.wordpress.org/trunk@31963


git-svn-id: http://core.svn.wordpress.org/trunk@31942 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 18:23:28 +00:00
Drew Jaynes bfdc2f3ac6 Ensure the `$wp_hasher` global has an entry in the `check_password_reset_key()` DocBlock.
Props lamosty.
Fixes #31756.

Built from https://develop.svn.wordpress.org/trunk@31883


git-svn-id: http://core.svn.wordpress.org/trunk@31862 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-25 16:24:27 +00:00
John Blackbourn 7c5fc2debb Implement an `aria-describedby` attribute for login screen errors, and improve the "Forgot password?" anchor text.
Props aferica, rianrietveld
Fixes #31143

Built from https://develop.svn.wordpress.org/trunk@31871


git-svn-id: http://core.svn.wordpress.org/trunk@31850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-24 16:29:26 +00:00
Boone Gorges f5513227db Improved 'orderby' meta syntax in `WP_User_Query`.
Recent commits have added the ability to order query results by specific
clauses of the 'meta_query' parameter (comments [31467], posts [31312] and
[31340]). The current changeset ports the same functionality to `WP_User_Query`.

Also introduced is the ability to pass the value of `$meta_key` to 'orderby'.

The internals of `WP_User_Query::prepare_users()` had to be reordered
somewhat to support these changes, primarily to ensure that the `meta_query`
object generates its SQL clauses before the 'orderby' parameter is parsed.

See #31265.
Built from https://develop.svn.wordpress.org/trunk@31669


git-svn-id: http://core.svn.wordpress.org/trunk@31650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-07 18:38:27 +00:00
Boone Gorges f07ebeff91 In `WP_User_Query`, `$meta_query` should be a class property rather than a local variable.
This provides better parity with other query classes, and makes it possible to
write more direct unit tests.

See #31265.
Built from https://develop.svn.wordpress.org/trunk@31665


git-svn-id: http://core.svn.wordpress.org/trunk@31646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-07 16:35:27 +00:00
Boone Gorges 503b36dd23 Fix documentation whitespace after [31663].
See #31265.
Built from https://develop.svn.wordpress.org/trunk@31664


git-svn-id: http://core.svn.wordpress.org/trunk@31645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-07 16:08:27 +00:00
Boone Gorges 1101444648 Improve 'orderby' syntax for `WP_User_Query`.
This changeset ports a number of 'orderby' features from `WP_Query` and
`WP_Comment_Query`:

* Allow multiple 'orderby' values to be passed as a space-separated list.
* Allow multiple 'orderby' values to be passed as a flat array.
* Allow multi-dimensional 'orderby', with orderby fields as array keys and ASC/DESC as the corresponding values.

See #31265.
Built from https://develop.svn.wordpress.org/trunk@31663


git-svn-id: http://core.svn.wordpress.org/trunk@31644 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-07 16:06:27 +00:00
Drew Jaynes 3b267afbf4 Correct a typo in the hash notation for `wp_insert_user()`: The argument name should be `$user_registered` not `$date_registered`.
Props floriansimeth.
Fixes #31513.

Built from https://develop.svn.wordpress.org/trunk@31608


git-svn-id: http://core.svn.wordpress.org/trunk@31589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-04 09:51:26 +00:00
Boone Gorges 17330354bc Add `orderby=meta_value_num` support to `WP_User_Query`.
Props tyxla, genkisan.
Fixes #27887.
Built from https://develop.svn.wordpress.org/trunk@31369


git-svn-id: http://core.svn.wordpress.org/trunk@31350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-08 16:59:22 +00:00
Sergey Biryukov a47a5a1779 In wp_update_user(), make sure $userdata['ID'] is set before using it.
props tyxla.
fixes #31097.
Built from https://develop.svn.wordpress.org/trunk@31269


git-svn-id: http://core.svn.wordpress.org/trunk@31250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-22 14:46:23 +00:00
Scott Taylor fe6b5983df In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning.
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.

To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.

`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.

Props markoheijnen, wonderboymusic.
Fixes #25672.

Built from https://develop.svn.wordpress.org/trunk@31188


git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:06:24 +00:00
Scott Taylor a79c242038 In `WP_User_Query`, only call magic method internals against a whitelist of properties, `$compat_fields`.
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31144


git-svn-id: http://core.svn.wordpress.org/trunk@31125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:00:23 +00:00
Scott Taylor 0a511680f4 Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Constructors do not have meaningful return values, anything that is returned from here is discarded.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31126


git-svn-id: http://core.svn.wordpress.org/trunk@31107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 06:54:23 +00:00
Scott Taylor 60b0cd7943 The keyword `elseif` should be used instead of `else if` so that all control keywords look like single words.
This was a mess, is now standardized across the codebase, except for a few 3rd-party libs. 

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31090


git-svn-id: http://core.svn.wordpress.org/trunk@31071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 07:05:25 +00:00
Andrew Nacin 741e0ec6de No need for wp_get_password_hint() to be prefixed as if it is private.
see #21243.

Built from https://develop.svn.wordpress.org/trunk@30855


git-svn-id: http://core.svn.wordpress.org/trunk@30845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-15 08:34:23 +00:00
Drew Jaynes 23707b1ada Convert various uses of `(optional)` in core parameter descriptions to use the style prescribed in the inline documentation standards for PHP.
The style for marking parameters optional in inline PHP docs is: `@param type $var Optional. Description. Accepts. Default.`, where Accepts can be omitted on a case-by-case basis.

Props coffee2code.
Fixes #30591.

Built from https://develop.svn.wordpress.org/trunk@30753


git-svn-id: http://core.svn.wordpress.org/trunk@30743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-06 21:24:45 +00:00
Scott Taylor 04a4cf6156 Improve the `@param` docs for `src/wp-includes/user.php`.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30666


git-svn-id: http://core.svn.wordpress.org/trunk@30656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 22:11:23 +00:00
Drew Jaynes bffe95d34c Docs Formatting: Backtick-escape inline code for all remaining dynamic hook docs in wp-includes/*.
Affects DocBlocks for the following hooks:
* `auth_post_meta_{$meta_key}`
* `term_links-$taxonomy`
* `customize_render_control_ . $this->id`
* `customize_render_panel_{$this->id}`
* `customize_render_section_{$this->id}`
* `customize_preview_{$this->id}`
* `customize_save_ . $this->id_data[ 'base' ]`
* `customize_update_ . $this->type`
* `customize_value_ . $this->id_data[ 'base' ]`
* `customize_sanitize_js_{$this->id}`
* `comment_form_field_{$name}`
* `comment_{$old_status}_to_{$new_status}`
* `comment_{$new_status}_{$comment->comment_type}`
* `extra_{$context}_headers`
* `get_template_part_{$slug}`
* `get_the_generator_{$type}`
* `get_{$adjacent}_post_join`
* `get_{$adjacent}_post_where`
* `get_{$adjacent}_post_sort`
* `{$adjacent}_post_rel_link`
* `{$adjacent}_post_link`
* `{$adjacent}_image_link`
* `blog_option_{$option}`
* `$permastructname . _rewrite_rules`
* `{$type}_template`
* `theme_mod_{$name}`
* `pre_set_theme_mod_$name`
* `current_theme_supports-{$feature}`
* `get_user_option_{$option}`
* `edit_user_{$field}`
* `pre_user_{$field}`
* `user_{$field}`

See #30552.

Built from https://develop.svn.wordpress.org/trunk@30656


git-svn-id: http://core.svn.wordpress.org/trunk@30646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 12:10:23 +00:00
Drew Jaynes e11c0a9d3e 4.1 Docs Audit: Fix formatting for changelog entries in `count_user_posts()` and the `get_usernumposts` hook.
See #30469.

Built from https://develop.svn.wordpress.org/trunk@30623


git-svn-id: http://core.svn.wordpress.org/trunk@30613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-28 12:29:23 +00:00
Andrew Nacin fce07e17eb Invalidate password keys when a user's email changes.
Built from https://develop.svn.wordpress.org/trunk@30430


git-svn-id: http://core.svn.wordpress.org/trunk@30425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:40:23 +00:00
Boone Gorges 92e3890daa Correct `@since` tag in `count_user_posts()` docs.
Props pavelevap, DrewAPicture.
See #21364.
Built from https://develop.svn.wordpress.org/trunk@30328


git-svn-id: http://core.svn.wordpress.org/trunk@30327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 12:15:23 +00:00
Boone Gorges a0b8caa29b Introduce `$post_type` param for `count_user_posts()`.
Props Caspie, engelen, DrewAPicture.
Fixes #21364.
Built from https://develop.svn.wordpress.org/trunk@30322


git-svn-id: http://core.svn.wordpress.org/trunk@30321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 02:19:22 +00:00
Drew Jaynes 66c47f29bb Correct references of `@uses $wpdb` in core documentation to use `@global`.
See #30191, [30105].
Fixes #30217.

Built from https://develop.svn.wordpress.org/trunk@30122


git-svn-id: http://core.svn.wordpress.org/trunk@30122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-31 17:56:22 +00:00
Drew Jaynes f8657d5890 Remove redundant and erroneous `@uses` tag from most core inline documentation.
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.

Fixes #30191.

Built from https://develop.svn.wordpress.org/trunk@30105


git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
Konstantin Kovshenin 73f6a574b7 Use a nested meta query when querying by role in `WP_User_Query`.
If a user query includes a meta query together with a role argument,
nest the original meta query and append the role meta query with an
AND relationship.

fixes #23849, #27026.

Built from https://develop.svn.wordpress.org/trunk@30094


git-svn-id: http://core.svn.wordpress.org/trunk@30094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-29 21:41:22 +00:00
John Blackbourn b1ba80de87 Rename `_wp_password_hint()` to `_wp_get_password_hint()` to bring it inline with core terminology. Fixes #21243.
Built from https://develop.svn.wordpress.org/trunk@30033


git-svn-id: http://core.svn.wordpress.org/trunk@30033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-26 23:30:18 +00:00
Boone Gorges be4bc9a7e1 Accept 'orderby=include' in `WP_User_Query`.
This lets the results of a user query be sorted manually by the value of the
'include' param.

Props jipmoors.
Fixes #30064.
Built from https://develop.svn.wordpress.org/trunk@30016


git-svn-id: http://core.svn.wordpress.org/trunk@30016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-24 19:51:21 +00:00
Sergey Biryukov 0eb758720a Move password hint text to a function. Add 'password_hint' filter.
props convissor.
fixes #21243.
Built from https://develop.svn.wordpress.org/trunk@29962


git-svn-id: http://core.svn.wordpress.org/trunk@29709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-18 20:21:18 +00:00
Boone Gorges bde2c97aee Support date_query by user_registered in WP_User_Query.
Props ChriCo, nacin.
Fixes #27283.
Built from https://develop.svn.wordpress.org/trunk@29934


git-svn-id: http://core.svn.wordpress.org/trunk@29686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-17 01:37:18 +00:00
Drew Jaynes 8ec2d2a151 Add inline documentation for `WP_User_Query` default arguments in the form of a hash notation.
Adds documentation pointers from the class-level doc for `WP_User_Query`, as well as the `get_users()` doc.

Props tschutter.
Fixes #29846.

Built from https://develop.svn.wordpress.org/trunk@29843


git-svn-id: http://core.svn.wordpress.org/trunk@29607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-06 15:36:17 +00:00
Boone Gorges 2dad79f6c5 Always sanitize user_nicename in wp_insert_user().
Previously, a 'user_nicename' parameter passed into the function was
unsanitized. This could result in a mismatch between the sanitized nicename
generated automatically at user creation, resulting in broken author archive
permalinks.

Props joemcgill.

Fixes #29696.
Built from https://develop.svn.wordpress.org/trunk@29819


git-svn-id: http://core.svn.wordpress.org/trunk@29585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-02 18:54:17 +00:00
Sergey Biryukov 5727b51538 Correct @return value for WP_User_Query::get_total().
props jesin.
fixes #29656.
Built from https://develop.svn.wordpress.org/trunk@29744


git-svn-id: http://core.svn.wordpress.org/trunk@29518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-13 22:24:17 +00:00
Andrew Nacin 768136c6da Rename the public methods in the session tokens API.
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.

The protected abstract methods designed for alternative implementations remain the same.

props mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29635


git-svn-id: http://core.svn.wordpress.org/trunk@29409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 02:07:16 +00:00
Drew Jaynes a8583d5f19 Fix some words that aren't words.
See #28885.

Built from https://develop.svn.wordpress.org/trunk@29454


git-svn-id: http://core.svn.wordpress.org/trunk@29232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-09 19:30:17 +00:00
Scott Taylor 91764118fb Add an action, `pre_get_users`, in `WP_User_Query::prepare_query()`.
Props rmccue.
Fixes #29084.

Built from https://develop.svn.wordpress.org/trunk@29363


git-svn-id: http://core.svn.wordpress.org/trunk@29139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-02 20:46:16 +00:00
Andrew Nacin 654e46f03d Tie cookies and nonces to user sessions so they may be invalidated upon logout.
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.

Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().

This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.

props duck_, nacin, mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29221


git-svn-id: http://core.svn.wordpress.org/trunk@29005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 09:13:15 +00:00
Drew Jaynes 3665b5a1a1 Add periods to short descriptions for magic methods added in [28501], [28521], and [28524].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29165


git-svn-id: http://core.svn.wordpress.org/trunk@28949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 01:12:14 +00:00
Drew Jaynes f287dbbbde Fill out inline documentation for magic methods added to the `WP_User_Query` class in [28528].
See #27881, #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29140


git-svn-id: http://core.svn.wordpress.org/trunk@28924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-13 23:34:15 +00:00
Drew Jaynes c0052b6af2 Convert default arguments documentation for `wp_insert_user()` into a hash notation.
See #28841.

Built from https://develop.svn.wordpress.org/trunk@29116


git-svn-id: http://core.svn.wordpress.org/trunk@28902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-12 00:21:15 +00:00
Drew Jaynes 933ab734f9 Convert default arguments documentation for `wp_dropdown_users()` into a hash notation.
See #28841.

Built from https://develop.svn.wordpress.org/trunk@29115


git-svn-id: http://core.svn.wordpress.org/trunk@28901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-12 00:08:15 +00:00
Dominik Schilling a20d6ebec6 Add missing filter doc, see [29043].
see #27627.
Built from https://develop.svn.wordpress.org/trunk@29102


git-svn-id: http://core.svn.wordpress.org/trunk@28888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-11 19:24:28 +00:00
John Blackbourn 2ce53ede8e Persist the "Remember Me" state of the auth cookie when changing your own password. Props jesin. Fixes #27627.
Built from https://develop.svn.wordpress.org/trunk@29043


git-svn-id: http://core.svn.wordpress.org/trunk@28831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-09 18:05:15 +00:00
Scott Taylor c8852cc909 Use the `WPINC` constant when loading `class-phpass.php`
Props wojtek.szkutnik
See #14157.

Built from https://develop.svn.wordpress.org/trunk@28903


git-svn-id: http://core.svn.wordpress.org/trunk@28702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 22:12:16 +00:00
Scott Taylor 71090a7f12 Remove title attributes in `wp_authenticate_username_password()`.
Props joedolson.
Fixes #26547.

Built from https://develop.svn.wordpress.org/trunk@28870


git-svn-id: http://core.svn.wordpress.org/trunk@28670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-27 20:05:15 +00:00
Scott Taylor 994ca59abd Don't use variable variables in `wp_insert_user()`.
Add a local array, `$meta`, to provide substantial disambiguation among variables. 

See #27881.

Built from https://develop.svn.wordpress.org/trunk@28740


git-svn-id: http://core.svn.wordpress.org/trunk@28554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 18:21:14 +00:00