Mark Jaquith
423a1a7ca4
New password change/set UI.
...
* Generate the password for the user
* More tightly integrate password strength meter
* Warn on weak passwords
see #32589
props MikeHansenMe, adamsilverstein, binarykitten
Built from https://develop.svn.wordpress.org/trunk@33023
git-svn-id: http://core.svn.wordpress.org/trunk@32994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 14:48:24 +00:00
Helen Hou-Sandí
275bff1895
Fire the `check_admin_referer` action on failure as well as success.
...
This enables things like logging nonce failures in the admin.
props markjaquith.
fixes #32207 .
Built from https://develop.svn.wordpress.org/trunk@33017
git-svn-id: http://core.svn.wordpress.org/trunk@32988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 03:37:23 +00:00
Sergey Biryukov
74c7f59bb2
Revert [32702]. The URL may not have an `s` parameter as there are filters in place so that a plugin can return a URL with a completely different structure.
...
see #32572 .
Built from https://develop.svn.wordpress.org/trunk@32969
git-svn-id: http://core.svn.wordpress.org/trunk@32940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 08:35:24 +00:00
Scott Taylor
f23199caaa
Remove the `whois.arin.net` link from `wp_notify_postauthor()` and `wp_notify_moderator()`.
...
Also, remove from `edit-form-comment.php` and add a new filter: `edit_comment_misc_actions`.
Props ozh, joedolson, rachelbaker.
Fixes #15281 .
Built from https://develop.svn.wordpress.org/trunk@32929
git-svn-id: http://core.svn.wordpress.org/trunk@32900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-24 20:56:27 +00:00
Scott Taylor
5c6b63d3a6
`if` is a statment, not a function.
...
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32800
git-svn-id: http://core.svn.wordpress.org/trunk@32771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 20:01:25 +00:00
Dion Hulse
2b2368d68f
Add a filter to wp_safe_redirect() for the fallback URL.
...
Props anubisthejackle. Fixes #22612
Built from https://develop.svn.wordpress.org/trunk@32793
git-svn-id: http://core.svn.wordpress.org/trunk@32764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 05:26:26 +00:00
Scott Taylor
f888767c73
`$status` shouldn't be loosely compared to `true` in `wp_xmlrpc_server::wp_deleteComment()`.
...
`$initial` shouldn't be loosely compared to `true` in `get_calendar()`.
`current_user_can()` shouldn't be loosely compared to `false` in `kses_init()`
`$get_all` shouldn't be loosely compared to `true` in `get_blog_details()`.
`is_array()` and `in_array()` shouldn't be loosely compared in `wpmu_validate_user_signup()`.
`$result` should by strictly compared in `check_ajax_referer()`.
`wp_verify_nonce()` should by strictly compared in `_show_post_preview()`.
`is_user_logged_in()` should not be loosly compared against `false` in `wp-signup.php`.
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32733
git-svn-id: http://core.svn.wordpress.org/trunk@32704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 17:48:26 +00:00
Sergey Biryukov
c9dd28908a
In `get_avatar()`, avoid a second `get_avatar_data()` call to get the 2x URL.
...
props ravinderk.
fixes #32572 .
Built from https://develop.svn.wordpress.org/trunk@32702
git-svn-id: http://core.svn.wordpress.org/trunk@32672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-07 14:58:26 +00:00
Boone Gorges
f88996bed7
In `wp_notify_moderator()`, don't throw notice when comment belongs to a post with no author.
...
Props Oxymoron.
Fixes #32566 .
Built from https://develop.svn.wordpress.org/trunk@32692
git-svn-id: http://core.svn.wordpress.org/trunk@32662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-04 17:29:25 +00:00
Scott Taylor
26554549c7
Add missing doc blocks for `pluggable.php`.
...
Correct some `@return` values.
`is_user_logged_in()` can simply return the `->exists()` call instead of if/else'ing true/false.
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32614
git-svn-id: http://core.svn.wordpress.org/trunk@32584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-27 15:32:26 +00:00
John Blackbourn
bb02256966
Introduce a `$token` argument to `wp_set_auth_cookie()` so session tokens can be reused by custom authentication implementations.
...
Props rmccue
Fixes 30247
Built from https://develop.svn.wordpress.org/trunk@32465
git-svn-id: http://core.svn.wordpress.org/trunk@32435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-09 00:28:27 +00:00
Gary Pendergast
7ca423d449
The UTF-8 regex can occasionally fail on very low memory machines. Reduce the amount of memory it uses.
...
See #32204 .
Built from https://develop.svn.wordpress.org/trunk@32375
git-svn-id: http://core.svn.wordpress.org/trunk@32345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 06:58:24 +00:00
Sergey Biryukov
eef2dcfccd
Merge two different translator comments for the same string.
...
props pavelevap.
fixes #31999 .
Built from https://develop.svn.wordpress.org/trunk@32210
git-svn-id: http://core.svn.wordpress.org/trunk@32183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 15:36:26 +00:00
Boone Gorges
5b629644f9
Improve handling of incomplete From and Content-Type headers in `wp_mail()`.
...
When an incomplete header is provided (eg, 'From' with an email address but no
name), ensure that the WP defaults are filled in properly.
Props valendesigns.
Fixes #30266 .
Built from https://develop.svn.wordpress.org/trunk@32070
git-svn-id: http://core.svn.wordpress.org/trunk@32049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-07 20:10:26 +00:00
Drew Jaynes
46cf634c90
Various inline documentation syntactical fixes in wp-includes/pluggable.php for 4.2 changes.
...
See #31888 .
Built from https://develop.svn.wordpress.org/trunk@32045
git-svn-id: http://core.svn.wordpress.org/trunk@32024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-05 16:46:26 +00:00
Sergey Biryukov
a1fb0a378c
Restore line breaks before comment text in comment notification emails.
...
fixes #31508 .
Built from https://develop.svn.wordpress.org/trunk@31770
git-svn-id: http://core.svn.wordpress.org/trunk@31750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-13 18:29:27 +00:00
Helen Hou-Sandí
0b3170fc7d
Gravatars: Remove redundant 1x srcset.
...
props miqrogroove.
see #22329 .
Built from https://develop.svn.wordpress.org/trunk@31722
git-svn-id: http://core.svn.wordpress.org/trunk@31703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-11 16:56:27 +00:00
Helen Hou-Sandí
0bf35836c3
Gravatars: Enable HiDPI versions for browsers that support srcset.
...
props iseulde.
see #22329 .
Built from https://develop.svn.wordpress.org/trunk@31721
git-svn-id: http://core.svn.wordpress.org/trunk@31702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-11 16:32:26 +00:00
Drew Jaynes
33d9dd8066
Adjust the description for the `$extra_attr` argument in the DocBlocks for `get_avatar_data()` and `get_avatar()`.
...
See [31561]. See #31469 .
Built from https://develop.svn.wordpress.org/trunk@31591
git-svn-id: http://core.svn.wordpress.org/trunk@31572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-01 07:19:24 +00:00
Gary Pendergast
18bb886b22
When sanitizing a URL to redirect to, UTF-8 characters can be URL encoded, instead of being removed.
...
While RFC 3986 does not specify which character sets are allowed in URIs, Section 2.5 states that octects matching UTF-8 character encoding should be percent-encoded, then unreserved octets outside of the UTF-8 range should be percent-encoded. As browsers tend to only implement support for UTF-8 in URLs, this change only implements the UTF-8 encoding part. We may revisit the second part if it becomes an issue.
Fixes #31486
Built from https://develop.svn.wordpress.org/trunk@31587
git-svn-id: http://core.svn.wordpress.org/trunk@31568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-28 02:21:26 +00:00
Scott Taylor
e899c370a4
In `get_avatar_data()` and `get_avatar()`, allow `height` and `width` to be specified separately (both default to `size`). Also allow arbitrary attributes on the `<img>` via the `extra_attr` arg.
...
Props miqrogroove.
See #31469 .
Built from https://develop.svn.wordpress.org/trunk@31561
git-svn-id: http://core.svn.wordpress.org/trunk@31542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-26 21:17:24 +00:00
Sergey Biryukov
add5f9bdf2
Remove `src` from duplicate hook comments for `get_avatar` and `get_avatar_data`.
...
see #21195 .
Built from https://develop.svn.wordpress.org/trunk@31480
git-svn-id: http://core.svn.wordpress.org/trunk@31461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-19 14:59:26 +00:00
Sergey Biryukov
01bb8478ff
Fix a typo in duplicate hook comment.
...
see [31107], #21195 .
Built from https://develop.svn.wordpress.org/trunk@31479
git-svn-id: http://core.svn.wordpress.org/trunk@31460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-19 14:56:28 +00:00
Drew Jaynes
947d04f323
Improve return and parameter documentation for `check_admin_referer()`, `check_ajax_referer()`, and `wp_verify_nonce()`.
...
Also update and clarify docsfor the `check_admin_referer` and `check_ajax_referer` hooks.
Props johnbillion, DrewAPicture.
Fixes #31055 .
Built from https://develop.svn.wordpress.org/trunk@31381
git-svn-id: http://core.svn.wordpress.org/trunk@31362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-09 04:57:27 +00:00
Scott Taylor
fe6b5983df
In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning.
...
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.
To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.
`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.
Props markoheijnen, wonderboymusic.
Fixes #25672 .
Built from https://develop.svn.wordpress.org/trunk@31188
git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:06:24 +00:00
Gary Pendergast
4bc89fef32
In `get_avatar()`, revert the `<img>` tag attributes to using single quotes, instead of double quotes. This behaviour was changed in [31107], but caused problems for code that attempted to parse the `<img>` tag.
...
See #21195
Built from https://develop.svn.wordpress.org/trunk@31152
git-svn-id: http://core.svn.wordpress.org/trunk@31133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-12 00:03:24 +00:00
Scott Taylor
ac654632fe
Use `PHP_SAPI` constant instead of `php_sapi_name()` in `iis7_supports_permalinks()`, `wp_fix_server_vars()`, and `wp_redirect()`.
...
See #30799 .
Built from https://develop.svn.wordpress.org/trunk@31120
git-svn-id: http://core.svn.wordpress.org/trunk@31101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 04:59:22 +00:00
Gary Pendergast
5ee3ff435d
Add `get_avatar_url()`, for retrieving just the URL of an avatar, rather than the entire `<img>` tag that `get_avatar()` produces.
...
Unlike `get_avatar()`, `get_avatar_url()` is not pluggable. It can be extended/or modified through the new filters included.
Fixes #21195 .
Props mdawaffe, pento, pathawks, DrewAPicture
Built from https://develop.svn.wordpress.org/trunk@31107
git-svn-id: http://core.svn.wordpress.org/trunk@31088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 04:43:23 +00:00
Sergey Biryukov
e253251ef4
Remove space before comma in wp_notify_postauthor() and wp_notify_moderator().
...
see #30930 .
Built from https://develop.svn.wordpress.org/trunk@31060
git-svn-id: http://core.svn.wordpress.org/trunk@31041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-06 17:17:21 +00:00
Sergey Biryukov
71d255fde1
Remove padding from the comment notification emails in wp_notify_moderator().
...
See [30015] for wp_notify_postauthor().
props pavelevap.
fixes #30930 .
Built from https://develop.svn.wordpress.org/trunk@31059
git-svn-id: http://core.svn.wordpress.org/trunk@31040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-06 17:10:35 +00:00
John Blackbourn
d614abe3a2
Allow brackets in a URL when it's sanitised for a redirect. Brackets are valid in query parameters.
...
Fixes #30308
Props voldemortensen
Built from https://develop.svn.wordpress.org/trunk@30684
git-svn-id: http://core.svn.wordpress.org/trunk@30674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 03:21:22 +00:00
John Blackbourn
17ddc06287
Allow square brackets in a URL when it's sanitised for a redirect. Square brackets are valid in query parameters and IPv6 addresses.
...
Fixes #17052
Props voldemortensen
Built from https://develop.svn.wordpress.org/trunk@30683
git-svn-id: http://core.svn.wordpress.org/trunk@30673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 03:16:22 +00:00
Scott Taylor
04453cbe01
Improve the `@param` docs for `src/wp-includes/pluggable*`.
...
See #30224 .
Built from https://develop.svn.wordpress.org/trunk@30667
git-svn-id: http://core.svn.wordpress.org/trunk@30657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 22:19:25 +00:00
Drew Jaynes
e4f52df62c
Fix DocBlock formatting for `wp_generate_password()`.
...
Props stevegrunwell for the initial patch.
Fixes #30509 .
Built from https://develop.svn.wordpress.org/trunk@30580
git-svn-id: http://core.svn.wordpress.org/trunk@30570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-26 20:38:23 +00:00
Dominik Schilling
e002b0fc07
Type cast `$nonce` to string in `wp_verify_nonce()`.
...
props jesin.
fixes #29542 .
Built from https://develop.svn.wordpress.org/trunk@30576
git-svn-id: http://core.svn.wordpress.org/trunk@30566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-26 19:19:23 +00:00
Drew Jaynes
188e47869f
Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented.
...
Affects DocBlocks for the following core elements:
* Markdown-indent a code snippet in the description for `wp_salt()`
* Backtick-escape inline code in the return description for `get_avatar()`
* Various markdown formatting in the description for `add_filter()`
* Markdown-indent a code snippet in the description for `apply_filters()`
* Backtick-escape inline code in the `@see` description for `apply_filters_ref_array()`
* Backtick-escape inline code in the description for `do_action()`
* Backtick-escape variables in the parameter and return descriptions for `do_action_ref_array()`
* Various markdown formatting in the description for `get_plugin_data()`
Props rarst.
See #30473 .
Built from https://develop.svn.wordpress.org/trunk@30544
git-svn-id: http://core.svn.wordpress.org/trunk@30533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-24 06:05:23 +00:00
Andrew Nacin
ddb3ee5057
Use hash_equals() for old md5 hashes.
...
Built from https://develop.svn.wordpress.org/trunk@30412
git-svn-id: http://core.svn.wordpress.org/trunk@30407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 11:49:23 +00:00
Drew Jaynes
f7648300c8
Add missing documentation for the `$password` parameter, passed to the `check_password` hook.
...
Props coffee2code.
Fixes #30311 .
Built from https://develop.svn.wordpress.org/trunk@30381
git-svn-id: http://core.svn.wordpress.org/trunk@30378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-18 18:56:21 +00:00
Drew Jaynes
66c47f29bb
Correct references of `@uses $wpdb` in core documentation to use `@global`.
...
See #30191 , [30105].
Fixes #30217 .
Built from https://develop.svn.wordpress.org/trunk@30122
git-svn-id: http://core.svn.wordpress.org/trunk@30122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-31 17:56:22 +00:00
Drew Jaynes
f8657d5890
Remove redundant and erroneous `@uses` tag from most core inline documentation.
...
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.
Fixes #30191 .
Built from https://develop.svn.wordpress.org/trunk@30105
git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
John Blackbourn
823cfebeca
Remove padding from the comment notification emails which is from a bygone fixed-width font era. Prevents alignment issues in email clients which use vairable width fonts for plain text emails. Fixes #16721 . Props DrewAPicture.
...
Built from https://develop.svn.wordpress.org/trunk@30015
git-svn-id: http://core.svn.wordpress.org/trunk@30015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-24 17:08:18 +00:00
Mark Jaquith
e1f2b3b9e2
Use HTTPS URLs for trac.wordpress.org (and use core.trac.wordpress.org)
...
see #27115
Built from https://develop.svn.wordpress.org/trunk@29789
git-svn-id: http://core.svn.wordpress.org/trunk@29561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-29 13:37:16 +00:00
Andrew Nacin
75ff6ae302
Add safeguards for when ext/hash is not compiled with PHP.
...
see #29518 , for trunk.
Built from https://develop.svn.wordpress.org/trunk@29751
git-svn-id: http://core.svn.wordpress.org/trunk@29523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-20 17:28:18 +00:00
Andrew Nacin
768136c6da
Rename the public methods in the session tokens API.
...
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.
The protected abstract methods designed for alternative implementations remain the same.
props mdawaffe.
see #20276 .
Built from https://develop.svn.wordpress.org/trunk@29635
git-svn-id: http://core.svn.wordpress.org/trunk@29409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 02:07:16 +00:00
Andrew Nacin
3951d9689c
Require a non-empty $nonce value in wp_verify_nonce().
...
props ocean90.
fixes #29217 .
Built from https://develop.svn.wordpress.org/trunk@29620
git-svn-id: http://core.svn.wordpress.org/trunk@29394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-26 07:39:19 +00:00
Drew Jaynes
a227d4ff08
s/does/does not in `wp_set_password()` docblock.
...
See [29461]. See #28316 .
Built from https://develop.svn.wordpress.org/trunk@29462
git-svn-id: http://core.svn.wordpress.org/trunk@29240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-10 02:44:16 +00:00
Drew Jaynes
0f7d35597c
Improve the `wp_set_password()` PHPDoc with a note to guard against executing the function on every page load, such as through a theme's functions.php file.
...
See #28316 .
Built from https://develop.svn.wordpress.org/trunk@29461
git-svn-id: http://core.svn.wordpress.org/trunk@29239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-10 02:39:16 +00:00
Andrew Nacin
ee4ce8688d
Escape late in get_avatar().
...
Built from https://develop.svn.wordpress.org/trunk@29397
git-svn-id: http://core.svn.wordpress.org/trunk@29175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 07:50:18 +00:00
Andrew Nacin
7d672c38a4
Constant time for wp_verify_nonce().
...
Built from https://develop.svn.wordpress.org/trunk@29382
git-svn-id: http://core.svn.wordpress.org/trunk@29160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:26:16 +00:00
Andrew Nacin
654e46f03d
Tie cookies and nonces to user sessions so they may be invalidated upon logout.
...
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.
Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().
This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.
props duck_, nacin, mdawaffe.
see #20276 .
Built from https://develop.svn.wordpress.org/trunk@29221
git-svn-id: http://core.svn.wordpress.org/trunk@29005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 09:13:15 +00:00