Commit Graph

387 Commits

Author SHA1 Message Date
Sergey Biryukov c15614f3cb Users: Restore spacing between the messages on Edit User screen.
Includes restoring paragraph tags for “User updated” and “← Go to Users” messages, so that the arrow is not on the same line as the previous message.

Follow-up to [56570].

Props Presskopp, narenin, swissspidy, SergeyBiryukov.
Fixes #61506.
Built from https://develop.svn.wordpress.org/trunk@58581


git-svn-id: http://core.svn.wordpress.org/trunk@58028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-26 15:23:14 +00:00
audrasjb d3b8237ade User: Make the `user_login` field `readonly` instead of `disabled`.
On the profile edit screen in ``wp-admin, the username was previously displayed using an input field with the `disabled` attribute. This field was skipped by screen readers, which leads to a loss of information for visually impaired users. This changeset switches it to a `readonly` attribute, which is exactly the purpose of this field.

Props roytanck, audrasjb, rajinsharwar, joedolson.
Fixes #60774.



Built from https://develop.svn.wordpress.org/trunk@58280


git-svn-id: http://core.svn.wordpress.org/trunk@57740 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-02 09:55:10 +00:00
Pascal Birchler d2fb0bd81e General: Remove any usage of `wp_reset_vars()`.
The way `wp_reset_vars()` sets global variables based on `$_POST` and `$_GET` values makes code hard to understand and maintain. It also makes it easy to forget to sanitize input.

This change removes the few places where `wp_reset_vars()` is used in the admin to explicitly use `$_REQUEST` and sanitize any input.

Props swissspidy, audrasjb, davideferre, killua99, weijland, voldemortensen.
Fixes #38073.
Built from https://develop.svn.wordpress.org/trunk@58069


git-svn-id: http://core.svn.wordpress.org/trunk@57534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-05-01 18:01:12 +00:00
Sergey Biryukov 6d0770e8df Coding Standards: Correct alignment in `wp-admin/user-edit.php`.
This resolves a WPCS warning:
{{{
Array double arrow not aligned correctly;
expected 1 space(s) between "'type'" and double arrow, but found 15.
}}}

Follow-up to [56570], [56680].

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56798


git-svn-id: http://core.svn.wordpress.org/trunk@56310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-07 13:55:30 +00:00
Sergey Biryukov 28af9eafb0 Coding Standards: Fix a few newly introduced WPCS issues.
Follow-up to [56570], [56573], [56589], [56604], [56612], [56620], [56629], [56631], [56638], [56642], [56644], [56649].

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56680


git-svn-id: http://core.svn.wordpress.org/trunk@56192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 15:36:18 +00:00
joedolson 9922dfd54c Administration: Move `tabindex="-1"` from notice to JS.
In a handful of admin notices, a `tabindex` attribute is set so that JS can move focus to the notice `div`. Rather than adding `tabindex` to globally accepted attributes for `wp_kses_post()`, move the assignment of `tabindex` into the JS handlers that display those notices. The attribute is only relevant if JS is running, so there is no reason to add it in the original HTML notice.

Follow up to [56408], [56409], [56410], [56518], [56570], [56571], [56572], [56573], [56576], [56589], [56590], [56597], [56599], [56600], [56601].

Props costdev, joedolson.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56602


git-svn-id: http://core.svn.wordpress.org/trunk@56114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-17 22:51:24 +00:00
joedolson 3356f6e33f Administration: Use `wp_admin_notice()` more in `wp-admin/`.
Add additional usage of `wp_admin_notice()` in `wp-admin/` on `.error` and miscellaneous usages previously overlooked. 

Follow up to [56408], [56409], [56410], [56518], [56570], [56571], [56572], [56573], [56576], [56589], [56590], [56597], [56599].

Props costdev, joedolson.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56600


git-svn-id: http://core.svn.wordpress.org/trunk@56112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-17 15:33:17 +00:00
joedolson 768f51f60c Administration: Use `wp_admin_notice()` for `.updated`.
Add usages of `wp_admin_notice()` and `wp_get_admin_notice()` on `.updated` in the root level of `/wp-admin/`. Ongoing task to implement new function across core.

Props costdev, joedolson.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56573


git-svn-id: http://core.svn.wordpress.org/trunk@56085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-14 02:15:17 +00:00
joedolson 0f4010bd49 Administration: Use `wp_admin_notice()` in `/wp-admin/`.
Add usages of `wp_admin_notice()` and `wp_get_admin_notice()` on `.notice-[type]` in the root level of `/wp-admin/`. Ongoing task to implement new function across core.

Props costdev, joedolson.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56570


git-svn-id: http://core.svn.wordpress.org/trunk@56082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-14 00:54:19 +00:00
joedolson 0aa0c763e2 Administration: Add improved context for `add new` links.
Consistently expand `Add New` links to include the type of content to add. Improve consistency of text casing to use initial caps throughout.

Props afercia, gonzomir, alexstine, swissspidy, joedolson.
Fixes #47125.
Built from https://develop.svn.wordpress.org/trunk@56515


git-svn-id: http://core.svn.wordpress.org/trunk@56027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-05 19:26:26 +00:00
audrasjb c4b57cbbe3 Docs: Replace multiple single line comments with multi-line comments.
This changeset updates various comments as per WordPress PHP Inline Documentation Standards.
See https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/#5-inline-comments.

Follow-up to [56174].

Props costdev, audrasjb.
See #58459.



Built from https://develop.svn.wordpress.org/trunk@56175


git-svn-id: http://core.svn.wordpress.org/trunk@55687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-09 19:56:23 +00:00
audrasjb e952b31145 Users: Remove password reset links when the feature is not allowed for a specific user.
This also introduces `wp_is_password_reset_allowed_for_user()` which returns `false` when password reset is not allowed for a specific user. This can be 
filtered by developers using the existing `allow_password_reset` hook.

Props ocean90, cshark, robinwpdeveloper, tahmina1du, kraftbj.
Fixes #58194.



Built from https://develop.svn.wordpress.org/trunk@56150


git-svn-id: http://core.svn.wordpress.org/trunk@55662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-06 12:47:23 +00:00
joedolson 549163d3e9 Upgrade/Install: Show/hide toggle on password fields.
Add a show/hide toggle for new passwords in initial user creation and database access during install and setup process using the same model as on user profiles. Add a new password toggle script. Change setup config table to two columns, matching the install table layout.

Props xmarcos, matt, markjaquith, nazgul, akbigdog, intoxination, rob1n, MichaelH, empireoflight, rmccue, markoheijnen, r0uter, amansurov, bi0xid, DrewAPicture, Narthur, wpnook, markparnell, costdev, clorith, ryokuhi, sabernhardt, bgoewert, ironprogrammer, adeltahri, joedolson, mukesh27, audrasjb, sergeybiryukov.
Fixes #3534.
Built from https://develop.svn.wordpress.org/trunk@56008


git-svn-id: http://core.svn.wordpress.org/trunk@55520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-23 23:09:29 +00:00
Sergey Biryukov 1ce5dc7444 Code Modernization: Replace usage of `strpos()` with `str_contains()`.
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).

WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].

Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes #58206.
Built from https://develop.svn.wordpress.org/trunk@55988


git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-22 14:36:26 +00:00
audrasjb f6ee7d285f Users: Use `type="hidden"` for hidden input on User edit administration panel.
This hidden field added in [24552] to fix an issue with Chrome that was ignoring `autocomplete="off"` in `<input>`, by using a hidden, non-named, non-empty 
input right before the password field. However this input was only hidden via CSS and didn't have any label, which is considered as an accessibility issue. 
This changeset replaces `class="hidden"` with `type="hidden"` to properly indicate to user agents that it is an hidden field.

Follow-up to [24552].

Props smit08, audrasjb, sabernhardt, ryokuhi, tushar284, ashikurwp, siddhantwadhwani, pavanpatil1.
Fixes #56776.
 --Cette ligne, et les suivantes 
ci-dessous, seront ignorées--

M    trunk/src/wp-admin/user-edit.php
M    trunk/src/wp-admin/user-new.php

Built from https://develop.svn.wordpress.org/trunk@55892


git-svn-id: http://core.svn.wordpress.org/trunk@55404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-07 21:25:18 +00:00
Sergey Biryukov f940bc822d Coding Standards: Apply various alignment corrections from `composer format`.
This fixes a few WPCS warnings along the lines of:
* Array double arrow not aligned correctly
* Equals sign not aligned with surrounding statements
* Usage of ELSE IF is discouraged; use ELSEIF instead

Follow-up to [55099], [55192], [55194], [55271].

Props davidbaumwald, jrf, SergeyBiryukov.
Fixes #57994.
Built from https://develop.svn.wordpress.org/trunk@55606


git-svn-id: http://core.svn.wordpress.org/trunk@55118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-29 07:13:23 +00:00
audrasjb 34229a4286 Help/About: Avoid extra redirections on HelpHub Links.
This changeset replaces various HelpHub links that have changed to avoid extra 301 redirections.

Props sabernhardt, audrasjb.
See #57726.

Built from https://develop.svn.wordpress.org/trunk@55414


git-svn-id: http://core.svn.wordpress.org/trunk@54947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-23 11:06:19 +00:00
audrasjb 418a21fdbc Help/About: Use the new `/documentation/` URLs for HelpHub links in WordPress Admin.
As `https://wordpress.org/support/` was redirected to `https://wordpress.org/documentation/`, this changeset replaces various `/support/article/*` links with `/documentation/article/*` to avoid an extra redirect.

This also updates links to Support Forums by replacing `https://wordpress.org/support/` URLs with `https://wordpress.org/support/forums/`.

Props SergeyBiryukov, audrasjb, dhrupo, hasanmisbah, sakibmd, sabernhardt.
See #57726.

Built from https://develop.svn.wordpress.org/trunk@55412


git-svn-id: http://core.svn.wordpress.org/trunk@54945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-23 10:38:21 +00:00
Sergey Biryukov 9c5d4ca8d1 I18N: Mark screen reader strings as such with translator comments.
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.

Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes #29748.
Built from https://develop.svn.wordpress.org/trunk@55276


git-svn-id: http://core.svn.wordpress.org/trunk@54809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 17:10:21 +00:00
Sergey Biryukov 89706afd21 Coding Standards: Bring some consistency to the order of attributes in password fields.
Follow-up to [11359], [13592], [13696], [33023], [33246], [33353], [41556], [46256], [49248], [53111], [55094].

See #56791.
Built from https://develop.svn.wordpress.org/trunk@55145


git-svn-id: http://core.svn.wordpress.org/trunk@54678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-26 18:12:11 +00:00
Pascal Birchler 58545bacce I18N: Allow installing new translations when changing the user locale on the profile page.
Up until now, new translations could only be installed via Settings -> General.
When editing the user profile, one could only select locales that were already installed.

This change allows also installing new translations if the editing user has the necessary capabilities.

Props barryceelen, johnbillion, ocean90, swissspidy.
Fixes #38664.
Built from https://develop.svn.wordpress.org/trunk@55099


git-svn-id: http://core.svn.wordpress.org/trunk@54632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-19 14:13:13 +00:00
audrasjb f92b90116a Application Passwords: Disable spellcheck for password field.
This changeset adds `spellcheck="false"` attribute to application password field.

Follow-up to [55094], [55095].

Props Spaceshipone.
Fixes #56763.

Built from https://develop.svn.wordpress.org/trunk@55096


git-svn-id: http://core.svn.wordpress.org/trunk@54629 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-19 11:48:12 +00:00
audrasjb 0f28fc7aed Login and Registration: Disable spellcheck for password fields.
This changeset adds `spellcheck="false"` attribute to various password fields.

The spellcheck global attribute defines whether the element may be checked for spelling errors. The `false` value indicates that the element should not be checked for spelling errors, which is relevant for a password field.

Furthermore, and as per MDN specs, using spellchecking can have consequences for users' security and privacy. The specification does not regulate how spellchecking is done and the content of the element may be sent to a third party for spellchecking results. Thus, it is recommended to set `spellcheck` attribute to `false` for elements that can contain sensitive information. Which is the case for password fields.

Props dziudek, audrasjb, gainesm, fosuahmed.
Fixes #56763.

Built from https://develop.svn.wordpress.org/trunk@55094


git-svn-id: http://core.svn.wordpress.org/trunk@54627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-19 08:53:13 +00:00
audrasjb 2058cdd91f Help/About: Improve comments keyboard shortcuts HelpHub links.
This changeset adds an anchor in Comments keyboard shortcut documentation links to direct the user to a more specific section of the HelpHub documentation. It also removes `target="_blank" from a link, since preventing data loss when clicking any on User Edit and Comment Edit screens is already handled by another existing ticket (#40493).

Props NekoJonez, SergeyBiryukov, sabernhardt, dennisatyoast, robinwpdeveloper.
Fixes #56920.

Built from https://develop.svn.wordpress.org/trunk@55042


git-svn-id: http://core.svn.wordpress.org/trunk@54575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-10 09:01:13 +00:00
Sergey Biryukov 3ba44120d0 Coding Standards: Always use parentheses when instantiating an object.
Note: This will be enforced by WPCS 3.0.0.

Props jrf.
See #56791.
Built from https://develop.svn.wordpress.org/trunk@54891


git-svn-id: http://core.svn.wordpress.org/trunk@54443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-29 15:51:14 +00:00
audrasjb 6b06b2cc25 Application Passwords: Link a more accurate documentation page in User profile edit screen.
This changeset replaces a HelpHub link with more accurate DevHub link about environment types in User profile edit screen.

Props greg24, whaze.
Fixes #56267.

Built from https://develop.svn.wordpress.org/trunk@53752


git-svn-id: http://core.svn.wordpress.org/trunk@53311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-21 19:32:12 +00:00
Sergey Biryukov 01d172b581 General: Replace all `esc_url_raw()` calls in core with `sanitize_url()`.
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.
Built from https://develop.svn.wordpress.org/trunk@53455


git-svn-id: http://core.svn.wordpress.org/trunk@53044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-01 18:14:10 +00:00
audrasjb 12fc2d9146 Administration: Remove self-reference ("we") in WordPress Admin.
This changes updates many strings to remove self-references to an undefined "we" collective across the WordPress Administration.

The goal of this change is to better match the guidelines and recommendations set forth in the make/core handbook, specifically:

> the word "we" should be avoided (…) unless its made very clear which group is speaking.

Props johnbillion, shital-patel, audrasjb, marybaum, SergeyBiryukov, peterwilsoncc, johnjamesjacoby, kebbet, costdev, chaion07, davidbaumwald.
Fixes #46057.

Built from https://develop.svn.wordpress.org/trunk@53131


git-svn-id: http://core.svn.wordpress.org/trunk@52720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-11 11:42:04 +00:00
joedolson b518b73602 Users: Use autocomplete values on user profiles.
Assign appropriate autocomplete values for new and edited user, user email, and password fields.

Props clonemykey, sabernhardt, WraithKenny, bookdude13, konradyoast.
Fixes #43886, #52714.
Built from https://develop.svn.wordpress.org/trunk@53111


git-svn-id: http://core.svn.wordpress.org/trunk@52700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-08 17:40:07 +00:00
Sergey Biryukov 0f8bdeb263 I18N: Add missing translator comment for application password helper text for Super Admins.
Follow-up to [53101].

See #53234.
Built from https://develop.svn.wordpress.org/trunk@53102


git-svn-id: http://core.svn.wordpress.org/trunk@52691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-08 00:03:05 +00:00
audrasjb 13dbc8c063 Application Passwords: Use a more appropriate helper text message for super-admins.
Previously, the helper text of the application password section was misleading for a Super Admin because an application password for a Super Admin grants access to all sites on the network, not just ones that they are a member of. This changeset provides a slightly different message for Super admin role.

Props johnbillion, rsiddharth, audrasjb.
Fixes #53234

Built from https://develop.svn.wordpress.org/trunk@53101


git-svn-id: http://core.svn.wordpress.org/trunk@52690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-07 23:16:02 +00:00
audrasjb 318205d459 Coding Standards: Improve formatting in `/wp-admin/user-edit.php`.
This change improves the formatting of `/wp-admin/user-edit.php` to avoid PHPCS failures when adding new code, which previously required new code to be indented multiple times, breaking alignment of the HTML parts. This change avoids disabling/enabling PHPCS for failing sniffs.

Props costdev, johnregan3, peterwilsoncc.
Fixes #54673.

Built from https://develop.svn.wordpress.org/trunk@52820


git-svn-id: http://core.svn.wordpress.org/trunk@52409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-04 11:29:04 +00:00
Sergey Biryukov 602b46626c Coding Standards: Rename the `$profileuser` variable to `$profile_user` in `wp-admin/user-edit.php`.
This brings the naming more in line with other variables like `$current_user`.

Follow-up to [2872].

See #54728.
Built from https://develop.svn.wordpress.org/trunk@52689


git-svn-id: http://core.svn.wordpress.org/trunk@52278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-02-07 15:26:01 +00:00
Sergey Biryukov 1b22e56ad0 Coding Standards: Use strict comparison in `wp-admin/user-edit.php`.
Follow-up to [2872], [13941], [12722], [14043], [14802], [23364], [42688].

Props azouamauriac.
See #54728.
Built from https://develop.svn.wordpress.org/trunk@52687


git-svn-id: http://core.svn.wordpress.org/trunk@52276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-02-07 14:47:02 +00:00
hellofromTonya 28b0710360 Application Passwords: Show HTTPS required message without filtering when not enabled or not in local environment.
When `add_filter( 'wp_is_application_passwords_available', '__return_false' )` exists, HTTPS requirement message is shown even if HTTPS is enabled on the site. This happens because `wp_is_application_passwords_available_for_user()` first invokes `wp_is_application_passwords_available()` which is filterable. The situation could happen if the `'wp_is_application_passwords_available_for_user'` filter returns `false`.

To fix this, the check for HTTPS (or if in a 'local' environment) is moved to a new function called `wp_is_application_passwords_supported()`. Then the return from this function is used as an OR condition for the Application Passwords section and for displaying the HTTPS required message.

Tests are included for both `wp_is_application_passwords_supported()` and `wp_is_application_passwords_available()`.

Follow-up to [51980], [51988].

Props davidbinda, SergeyBiryukov, ocean90, felipeelia, costdev, hellofromTonya.
Fixes #53658.
Built from https://develop.svn.wordpress.org/trunk@52398


git-svn-id: http://core.svn.wordpress.org/trunk@51990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-12-21 02:45:03 +00:00
Sergey Biryukov 1fdea15a96 Coding Standards: Fix some WPCS errors and warnings in `wp-admin/user-edit.php`:
* Add missing translators comment.
* Add missing space, correct indentation.
* Put opening and closing PHP tag on a line by itself.
* Remove unnecessary escaping for consistency with other strings.

Follow-up to [51980].

See #53658.
Built from https://develop.svn.wordpress.org/trunk@51988


git-svn-id: http://core.svn.wordpress.org/trunk@51577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 20:19:59 +00:00
johnjamesjacoby fae48afc92 Application Passwords: display guiding text & link in `user-edit.php` when unavailable.
This change intends to avoid confusion around the requirements of the Application Passwords feature, specific to it requiring HTTPS and the `WP_ENVIRONMENT_TYPE` constant.

It does this by conditionally hiding the traditional UI and showing some insightful explanations instead, including a translatable link to the `WP_ENVIRONMENT_TYPE` documentation on the "Editing wp-config.php" support page.

Props ashfame, audrasjb, iluy, johnbillion.

Fixes  #53658.
Built from https://develop.svn.wordpress.org/trunk@51980


git-svn-id: http://core.svn.wordpress.org/trunk@51569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 17:57:03 +00:00
hellofromTonya bc217668e2 App Passwords: Remove placeholder from the app password name input field.
In [49294, 49752], the `placeholder` attribute changed to `"WordPress App on My Phone"`. This change causes confusion as the field can be used in a variety of ways and is not limited to a phone.

Given a label exists for each field and clearly identifies its purpose, this commit removes the `placeholder` attribute from the `input` field.

Follow-up to [49109], [49294], [49752].

Props seedsca, audrasjb, joedolson, rehanali.
Fixes #54047.
Built from https://develop.svn.wordpress.org/trunk@51878


git-svn-id: http://core.svn.wordpress.org/trunk@51471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-01 13:49:00 +00:00
John Blackbourn ae9eae8f64 Docs: Document some more common names for dynamic hooks and standardise the phrasing used.
Fixes #53581

Built from https://develop.svn.wordpress.org/trunk@51837


git-svn-id: http://core.svn.wordpress.org/trunk@51444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-21 18:21:00 +00:00
Sergey Biryukov 8a90b8691f Docs: Add a comment about the `$title` global usage in various admin files.
This should make it clear that the variable is used as part of the HTML `<title>` tag on admin screens.

Props ravipatel, hellofromTonya, sabernhardt, audrasjb, SergeyBiryukov.
Fixes #53729.
Built from https://develop.svn.wordpress.org/trunk@51475


git-svn-id: http://core.svn.wordpress.org/trunk@51086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-07-22 13:53:00 +00:00
John Blackbourn 2e6a782a5f Docs: Miscellaneous docblock improvements.
See #53399

Built from https://develop.svn.wordpress.org/trunk@51330


git-svn-id: http://core.svn.wordpress.org/trunk@50939 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-07-05 15:48:00 +00:00
joedolson e53ace6056 Application Passwords: Allow enter key to submit profile form.
Fix the enter key in profile form fields moving focus to the application password input instead of submitting the profile update for. Replace the submit button type used for application passwords with `button type="button"` and ensure that the enter key's native behavior isn't overwritten.

props audrasjb, alexstine, promz, sabernhardt.
Fixes #52849.
Built from https://develop.svn.wordpress.org/trunk@51086


git-svn-id: http://core.svn.wordpress.org/trunk@50695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-07 23:49:58 +00:00
Sergey Biryukov 96beaa51d3 App Passwords: Use "sites" terminology instead of "blogs" in application passwords help text.
Follow-up to [49270].

Props jeremy80, johnbillion, audrasjb.
Fixes #53225.
Built from https://develop.svn.wordpress.org/trunk@50932


git-svn-id: http://core.svn.wordpress.org/trunk@50541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-19 18:17:56 +00:00
Sergey Biryukov af9675bdcb Users: Give the Password Reset table row its own wrapper class.
Previously, the class of the Sessions table row was duplicated.

Follow-up to [50129], [50411].

See #52597.
Built from https://develop.svn.wordpress.org/trunk@50412


git-svn-id: http://core.svn.wordpress.org/trunk@50023 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-23 14:35:03 +00:00
Sergey Biryukov e0b66dd56c Users: Relocate the Password Reset feature to the Account Management section.
Follow-up to [50129].

Props mukesh27, audrasjb, hellofromTonya.
Fixes #52597.
Built from https://develop.svn.wordpress.org/trunk@50411


git-svn-id: http://core.svn.wordpress.org/trunk@50022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-23 14:21:05 +00:00
Sergey Biryukov b88325dbc6 I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
Adjust some newly introduced strings to remove unnecessary numbered placeholders for consistency.

Follow-up to [42827].

See #51800.
Built from https://develop.svn.wordpress.org/trunk@50234


git-svn-id: http://core.svn.wordpress.org/trunk@49895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-07 12:44:04 +00:00
Adam Silverstein 315b1c185d Users: enable admins to send users a reset password link.
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.

The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.

Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes #34281.


Built from https://develop.svn.wordpress.org/trunk@50129


git-svn-id: http://core.svn.wordpress.org/trunk@49808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-01 22:13:03 +00:00
TimothyBlynJacobs 6a8a83ea09 App Passwords: Extract Basic Auth check into a reusable filterable function.
In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.

This commit extracts the Basic Auth check into a reusable function, `wp_is_site_protected_by_basic_auth()`, which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.

In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a `WWW-Authenticate` header to make this detection more robust out of the box.

Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.
Fixes #52066.

Built from https://develop.svn.wordpress.org/trunk@50006


git-svn-id: http://core.svn.wordpress.org/trunk@49707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-24 02:57:59 +00:00
TimothyBlynJacobs aac98aae97 App Passwords: Prevent conflicts when Basic Auth is already used by the site.
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.

Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.

Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.

Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Fixes #51939.


Built from https://develop.svn.wordpress.org/trunk@49752


git-svn-id: http://core.svn.wordpress.org/trunk@49475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-04 21:44:07 +00:00
TimothyBlynJacobs 5ee48d6915 App Passwords: MOAR accessibility improvements.
Corrects the "Application Name" field's aria-describedby attribute and makes the description visible.

Props alexstine, SergeyBiryukov.
Fixes #51580.

Built from https://develop.svn.wordpress.org/trunk@49573


git-svn-id: http://core.svn.wordpress.org/trunk@49311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-12 18:14:08 +00:00