When a new user is created in various places throughout the interface,
notifications are sent to the site admin and the new user. Previously, these
notifications were fired through direct calls to `wp_new_user_notification()`,
making it difficult to stop or modify the messages.
This changeset introduces a number of new action hooks in place of direct calls
to `wp_new_user_notification()`, and hooks the new wrapper function
`wp_send_new_user_notifications()` to these hooks.
Props dshanske, thomaswm, boonebgorges.
Fixes#33587.
Built from https://develop.svn.wordpress.org/trunk@34251
git-svn-id: http://core.svn.wordpress.org/trunk@34215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `user_login` field only allows 60 characters, and `user_nicename` allows
50. However, there are no protections in the interface, and few in the code,
that prevent the creation of users with values in excess of these limits. Prior
to recent changes in `$wpdb`, users were generally created anyway, MySQL
having performed the necessary truncation. More recently, the `INSERT`s and
`UPDATE`s simply fail, with no real feedback on the nature of the failure.
This changeset addresses the issue in a number of ways:
* On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length.
* In `wp_insert_user()`, throw an error if the value provided for `'user_login'` or `'user_nicename'` exceeds the maximum field length.
* In `wp_insert_user()`, when using `'user_login'` to generate a default value for `'user_nicename'`, ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc).
Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges.
Fixes#33793.
Built from https://develop.svn.wordpress.org/trunk@34218
git-svn-id: http://core.svn.wordpress.org/trunk@34182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.
Adds unit tests.
Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes#33654.
(Don't ask for new pluggables kthxbye)
Built from https://develop.svn.wordpress.org/trunk@34116
git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [32759], we adjusted `site-info.php` to display a single input for a site's full URL if the network was configured for subdomains. We also enforced path only editing for non-subdomain networks, which is a regression in expected behavior.
The full URL of a site can now be edited in both subdomain and subdirectory configurations.
Props @michaelryanmcneill.
Fixes#22383.
Built from https://develop.svn.wordpress.org/trunk@33586
git-svn-id: http://core.svn.wordpress.org/trunk@33553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Simplify URLs used for row actions to remove messaging and site domain/path.
* Use confirmation messaging from a managed list of actions when handling the request.
* Find the site address from the site ID rather than using information passed in the URL.
Fixes#32963.
Built from https://develop.svn.wordpress.org/trunk@33173
git-svn-id: http://core.svn.wordpress.org/trunk@33145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.
Props joedolson, afercia.
Fixes#31650.
Built from https://develop.svn.wordpress.org/trunk@32974
git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
We also need to set novalidate on the form due to some browsers rejecting valid email addresses containing an IDN. We should holistically investigate whether this is still an issue in any major browsers at some point.
props earnjam.
fixes#32643.
Built from https://develop.svn.wordpress.org/trunk@32774
git-svn-id: http://core.svn.wordpress.org/trunk@32745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Rather than provide a checkbox to update the `siteurl` and `home` options, we can make an educated decision based on the current state. If the home and/or siteurl domain and path match the existing domain and path of the site, then we update with the new information.
Also, while scheme is not stored in `wp_blogs` along with a site, the scheme of the `home` and `siteurl` options can now be modified via the Site URL setting in `site-info.php` when the `home` and/or `siteurl` options match the existing domain.
Props @hugobaeta, @earnjam, @jeremyfelt.
Fixes#32503, see #22383.
Built from https://develop.svn.wordpress.org/trunk@32760
git-svn-id: http://core.svn.wordpress.org/trunk@32731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a network is configured as subdomain, allow for the input of arbitrary domain and path combinations when editing a site rather than just the domain.
This takes a step or two toward #32503.
Props @scribu, @ericlewis, @jeremyfelt.
See #22383.
Built from https://develop.svn.wordpress.org/trunk@32759
git-svn-id: http://core.svn.wordpress.org/trunk@32730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.
props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes#31233. see #23367.
Built from https://develop.svn.wordpress.org/trunk@31973
git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the label just said "Posts", "Pages", or "Comments". This was bad in terms of accessibility and internationalization because of missing context.
This change adds a default label "Number of items per page:" to `WP_Screen->render_per_page_options()` and removes all the existing one-word labels.
props afercia.
fixes#31349, #15576.
Built from https://develop.svn.wordpress.org/trunk@31696
git-svn-id: http://core.svn.wordpress.org/trunk@31677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When deleting a user who is not associated with any sites, the current messaging can be confusing as only users associated with at least one site actually appear on the confirmation page for deletion.
This experience can be improved by showing all users being deleted as well as their current site associations.
* If an empty array of users is passed, don't attempt to confirm deletion.
* If one user is passed, show a message crafted for a user of one.
* If multiple users are passed, show a message crafted for many.
* Show the pending results of all users to be deleted.
* Update messaging around the deletion/confirmation process to be less misleading.
Props Idealien, HarishChaudhari, DrewAPicture.
Fixes#18132.
Built from https://develop.svn.wordpress.org/trunk@31656
git-svn-id: http://core.svn.wordpress.org/trunk@31637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add labels previously missing for many inputs throughout the network admin screen.
* Add proper `aria-describedby` attributes to provide better descriptions.
* Wrap grouped inputs with `fieldset` elements.
* Remove now unneeded `title` attributes when appropriate.
Props cfoellmann, afercia, rianrietveld.
Fixes#38406.
Built from https://develop.svn.wordpress.org/trunk@31517
git-svn-id: http://core.svn.wordpress.org/trunk@31498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When editing a site, if `home` and `siteurl` are checked to be updated along with a site's domain and path, they should receive the results of any modifications in `update_blog_details()` rather than trusting the POST data.
Previously, it was possible to save a value without a leading slash on the path, causing an invalid URL to be stored.
Props earnjam.
Fixes#30417.
Built from https://develop.svn.wordpress.org/trunk@31156
git-svn-id: http://core.svn.wordpress.org/trunk@31137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The language dropdown now includes installed languages and all available translations when the filesystem is writable by WordPress.
Go to wp-admin/options-general.php, select one of the available translations, submit the form and let WordPress handle the rest.
Works for Multisite's Default Language too.
see #29395.
Built from https://develop.svn.wordpress.org/trunk@30335
git-svn-id: http://core.svn.wordpress.org/trunk@30334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* The WPLANG constant is no longer needed. Remove define('WPLANG', ''); from wp-config-sample.php. Populate WPLANG option based on the WPLANG constant. When get_option('WPLANG') is an empty string it will override WPLANG.
* Introduce translations_api() which is available to communicate with the translation API. Move translation install related functions to a new file.
* Replace mu_dropdown_languages() with wp_dropdown_languages(). wp_dropdown_languages() is now populated by the translation API.
* Remove wp_install_load_language() and allow load_default_textdomain() to switch a core translation.
fixes#13069, #15677, #19760, #28730, #29281.
Built from https://develop.svn.wordpress.org/trunk@29630
git-svn-id: http://core.svn.wordpress.org/trunk@29404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `wp-activate.php` and `wp-admin/themes.php` don't need the closing PHP tag
* Switch single quotes for HTML attribute values to double in a few places
* Convert `include_once file.php` syntax to `include_once( 'file.php' )`
* Add access modifiers to methods/members in: `_WP_List_Table_Compat`, `Walker_Nav_Menu_Edit`, `Walker_Nav_Menu_Checklist`, `WP_Screen`, `Walker_Category_Checklist`
* `edit_user()` doesn't need to import the `$wpdb` global
* `wp_list_widgets()` doesn't need to import the `$sidebars_widgets` global
* switch/endswitch syntax is not supported in Hack
* A `<ul>` in `wp-admin/users.php` is unclosed
See #27881.
Built from https://develop.svn.wordpress.org/trunk@28500
git-svn-id: http://core.svn.wordpress.org/trunk@28326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If you want to use a Dashicon before an element you can use the class because it will not change the elements content styling. With that you don't need to copy the entire `.dashicons` styling to your :before styling anymore.
To demonstrate this change, Admin Menu now uses Dashicons classes directly.
And it fixes a glitch in IE.
fixes#26630.
Built from https://develop.svn.wordpress.org/trunk@27418
git-svn-id: http://core.svn.wordpress.org/trunk@27265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
JavaScript is rarely disabled, but graceful degradation is still important. For example, syntax errors can occur, usually with major WP updates that overhaul entire experiences and update external libraries combined with themes or plugins doing weird or old things. If this error is due to their current theme, a user needs to be able to access the themes screen to switch away from the theme. A more subtle issue could make things painful to diagnose.
This commit renders the grid in PHP (the template is duplicated, but it lightweight, fairly mundane, and easy to sync). On Backbone render, the grid is then re-rendered from JavaScript so searches can occur. Customize and Live Preview is disabled if JS fails to kick in. If JS is disabled, old-school "Preview" links are displayed.
No-Customizer support: The customizer is only supported when the browser supports postMessage (IE8+), and if the frontend is a different domain, CORS (IE10+). We use the .hide-if-no-customize class for this. Pre-customize "Preview" links should use .hide-if-customize.
The .load-customize class should be used to declare a link that opens the customizer. This enables customize-loader.js to intercept this link and load the customizer on top of the current window, making for a smoother experience.
fixes#25964.
Built from https://develop.svn.wordpress.org/trunk@26726
git-svn-id: http://core.svn.wordpress.org/trunk@26615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Creating a wp-config.php file
* Installation
* Database upgrade
* Database repair
* Readme.html
* Network sites actions
What's changed:
* Bring background/text/link/border colours in line with mp6
* Bring fonts in line with mp6 (see note below)
* Switch to device-width for the viewport and tweak margins etc so the layout works nicely on all device sizes
* Switch to the new vector WordPress logo in the header to match the log in screen
* Force table cells into rows in the <782px media query
Fixes#25951, props johnbillion.
Built from https://develop.svn.wordpress.org/trunk@26298
git-svn-id: http://core.svn.wordpress.org/trunk@26203 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove contextual help for Dashboard Site from the network settings screen.
Props sillybean, ocean90
fixes#24838
git-svn-id: http://core.svn.wordpress.org/trunk@24993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Enforce this by denying the 'manage_links' capability, which hides the All Links, Add New Link, and Link Categories screens. Hide WP_Widget_Links and the UI for the default_link_category as well.
Convert all references to 'posts and links' when handling reassignment on user deletion to just 'posts'.
see #21307.
git-svn-id: http://core.svn.wordpress.org/trunk@21501 1a063a9b-81f0-0310-95a4-ce76da25c4cd