Dominik Schilling
e7865eb9ae
Users: Provide a fallback for incorrect HTTP referrers.
...
Merge of [41398] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@41423
git-svn-id: http://core.svn.wordpress.org/branches/4.2@41256 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 11:14:36 +00:00
Dominik Schilling
1c4f8827a2
Multisite: Validate new email address confirmations.
...
Merge of [37103] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@37106
git-svn-id: http://core.svn.wordpress.org/branches/4.2@37073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 14:50:27 +00:00
Dominik Schilling
64fc7294b6
Use HTTPS URLs for codex.wordpress.org.
...
see #27115 .
Built from https://develop.svn.wordpress.org/trunk@32116
git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Helen Hou-Sandí
d85f8fe326
Admin notices: Make (most) core notices dismissible.
...
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.
props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes #31233 . see #23367 .
Built from https://develop.svn.wordpress.org/trunk@31973
git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 22:06:28 +00:00
Scott Taylor
bce851dcf2
Replace `array_shift()` with `reset()` where appropriate for performance.
...
Props SergeyBiryukov.
Fixes #31259 .
Built from https://develop.svn.wordpress.org/trunk@31829
git-svn-id: http://core.svn.wordpress.org/trunk@31811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-19 03:56:27 +00:00
Jeremy Felt
754636aaf1
Avoid clearing stored capabilities for a user when removing their built in role in multisite.
...
Previously, if “No role on this site” was assigned to a user AND that user did not have an empty role array stored for the site, the `$blog_prefix . ‘capabilities’` meta for that user would be deleted completely after changes to the user were saved. Any custom capabilities stored (i.e. `$user->add_role()`) would be removed as well.
This removes the code controlling the old WPMU handling of “no role” and allows custom stored capabilities to remain. Users with no role and custom capabilities will now appear in the users list table with “None” as the role.
In the process we’re able to better clarify the multisite specific pieces that do occur.
Props PeteMall, jeremyfelt.
Fixes #18934 .
Built from https://develop.svn.wordpress.org/trunk@31516
git-svn-id: http://core.svn.wordpress.org/trunk@31497 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-23 01:34:24 +00:00
Sergey Biryukov
98da858b40
Revert [30027]. These fields are already sufficiently labeled; duplicate labels can lead to confused behavior for screen readers.
...
see #31117 , #30101 .
Built from https://develop.svn.wordpress.org/trunk@31281
git-svn-id: http://core.svn.wordpress.org/trunk@31262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-25 18:33:22 +00:00
Sergey Biryukov
1c9e1836ac
Remove obsolete help sentence on Edit User screen.
...
fixes #30750 .
Built from https://develop.svn.wordpress.org/trunk@31067
git-svn-id: http://core.svn.wordpress.org/trunk@31048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-07 08:23:23 +00:00
Aaron Jorbin
7ea306dd9d
Set the type attribute of the buttons for logging out of all sessions to buttons
...
By not setting this attribute, the buttons default to submit and as the first
submit button on the page, it causes pressing the enter key to log you out of
all sessions. This change restores the pre 4.1 behavior where pressing enter
while focused on a form field submits the form.
props ocean90
fixes #30871 for trunk
Built from https://develop.svn.wordpress.org/trunk@31010
git-svn-id: http://core.svn.wordpress.org/trunk@30991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-31 17:33:24 +00:00
Andrew Nacin
23f4b0f62f
Updates to the 'Log out everywhere' implementation.
...
* Include a message and a disabled button when you're only logged in at one location.
* Avoid leaking the session token in HTML.
* Simplify, simplify, simplify.
see #30264 .
Built from https://develop.svn.wordpress.org/trunk@30888
git-svn-id: http://core.svn.wordpress.org/trunk@30878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-16 09:15:23 +00:00
Andrew Nacin
741e0ec6de
No need for wp_get_password_hint() to be prefixed as if it is private.
...
see #21243 .
Built from https://develop.svn.wordpress.org/trunk@30855
git-svn-id: http://core.svn.wordpress.org/trunk@30845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-15 08:34:23 +00:00
John Blackbourn
bdd00b3902
Improve various hook and filter docs so they are correctly parsed for the code reference.
...
Fixes #30558
Props DrewAPicture
Built from https://develop.svn.wordpress.org/trunk@30754
git-svn-id: http://core.svn.wordpress.org/trunk@30744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-06 21:32:24 +00:00
John Blackbourn
9b9424aa77
Admin help text changes for the General Settings screen, post editing screen, network settings screen, and user editing screen.
...
Fixes #30547
Props kpdesign
Built from https://develop.svn.wordpress.org/trunk@30705
git-svn-id: http://core.svn.wordpress.org/trunk@30695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-02 05:15:23 +00:00
Drew Jaynes
2faf449f51
Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*.
...
Also includes some changes to move hook docs to directly precede hook lines. This is necessary to prevent DocBlock-matching confusion when core is parsed.
Affects DocBlocks for the following hooks:
* `wp_ajax_ . $_REQUEST['action']`
* `wp_ajax_nopriv_ . $_REQUEST['action']`
* `admin_footer- . $GLOBALS['hook_suffix']`
* `admin_head-$hook_suffix`
* `admin_post_nopriv_{$action}`
* `admin_post_{$action}`
* `load- . $page_hook`
* `load- . $plugin_page`
* `load-importer- . $importer`
* `load- . $pagenow`
* `admin_action_ . $_REQUEST['action']`
* `async_upload_{$type}`
* `add_meta_boxes_ . $post_type`
* `{$taxonomy}_pre_edit_form`
* `{$taxonomy}_term_edit_form_tag`
* `{$taxonomy}_edit_form_fields`
* `{$taxonomy}_edit_form`
* `after-{$taxonomy}-table`
* `{$taxonomy}_pre_add_form`
* `{$taxonomy}_term_new_form_tag`
* `{$taxonomy}_add_form_fields`
* `{$taxonomy}_add_form`
* `media_upload_$type`
* `media_upload_$tab`
* `install_plugins_pre_$tab`
* `install_plugins_$tab`
* `install_themes_pre_{$tab}`
* `install_themes_{$tab}`
* `update-core-custom_{$action}`
* `update-custom_{$action}`
* `user_{$name}_label`
See #30552 .
Built from https://develop.svn.wordpress.org/trunk@30649
git-svn-id: http://core.svn.wordpress.org/trunk@30639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 11:42:24 +00:00
Drew Jaynes
74175fb08c
Document the `$user_id` parameter added to the 'admin_color_scheme_picker' hook in 3.8.1.
...
Props Ipstenu.
Fixes #30551 .
Built from https://develop.svn.wordpress.org/trunk@30632
git-svn-id: http://core.svn.wordpress.org/trunk@30622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 05:42:23 +00:00
Helen Hou-Sandí
c83f96ec61
Sessions UI: Ensure screen readers provide feedback on action taken.
...
Also fixes some invalid HTML that occurs on DOM changes.
props joedolson.
fixes #30364 .
Built from https://develop.svn.wordpress.org/trunk@30504
git-svn-id: http://core.svn.wordpress.org/trunk@30493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-21 16:25:23 +00:00
Dominik Schilling
4a1cb796fc
Improvements to [30333]:
...
* Move `.hide-if-no-js` class to table row
* Add a wrapper class
* Add missing translators comment
see #30264 .
Built from https://develop.svn.wordpress.org/trunk@30334
git-svn-id: http://core.svn.wordpress.org/trunk@30333 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 15:54:20 +00:00
John Blackbourn
c02845330e
Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions. Only appears when there are applicable sessions which can be cleared.
...
See #30264 .
Props jorbin, ocean90, johnbillion
Built from https://develop.svn.wordpress.org/trunk@30333
git-svn-id: http://core.svn.wordpress.org/trunk@30332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 15:21:21 +00:00
John Blackbourn
b1ba80de87
Rename `_wp_password_hint()` to `_wp_get_password_hint()` to bring it inline with core terminology. Fixes #21243 .
...
Built from https://develop.svn.wordpress.org/trunk@30033
git-svn-id: http://core.svn.wordpress.org/trunk@30033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-26 23:30:18 +00:00
John Blackbourn
f74f20ab7f
Add labels to the Personal Options input fields on the user profile editing screen. Fixes #30101 . Props Ankit K Gupta
...
Built from https://develop.svn.wordpress.org/trunk@30027
git-svn-id: http://core.svn.wordpress.org/trunk@30027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-26 21:29:19 +00:00
Sergey Biryukov
0eb758720a
Move password hint text to a function. Add 'password_hint' filter.
...
props convissor.
fixes #21243 .
Built from https://develop.svn.wordpress.org/trunk@29962
git-svn-id: http://core.svn.wordpress.org/trunk@29709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-18 20:21:18 +00:00
Sergey Biryukov
a47214cfa6
Use a more consistent markup on taxonomy and user screens.
...
props paulwilde.
fixes #29842 .
Built from https://develop.svn.wordpress.org/trunk@29820
git-svn-id: http://core.svn.wordpress.org/trunk@29586 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-02 19:40:16 +00:00
Sergey Biryukov
eccf8e1a12
Add classes to form containers on Edit User screen.
...
props jarednova.
fixes #29348 .
Built from https://develop.svn.wordpress.org/trunk@29804
git-svn-id: http://core.svn.wordpress.org/trunk@29571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-02 00:56:16 +00:00
John Blackbourn
be12ea968a
Implement email and url input types where appropriate. Props Kau-Boy. Fixes #22183 .
...
Built from https://develop.svn.wordpress.org/trunk@29030
git-svn-id: http://core.svn.wordpress.org/trunk@28818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-08 17:52:14 +00:00
Scott Taylor
b9afafffe3
`hackificator` complains if you call `include 'file.php'` without the parens, needs to be `include( 'file.php' )`
...
See #27881 .
Built from https://develop.svn.wordpress.org/trunk@28479
git-svn-id: http://core.svn.wordpress.org/trunk@28306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-18 20:52:15 +00:00
Andrew Nacin
0331d62fef
Fix LTR field handling:
...
* Restore .ltr class lost in the conversion to RTL as a build process.
* Make email and url inputs always LTR.
* Set an email field on user-edit to be LTR.
props MikeHansenMe, yoavf for initial patches.
fixes #26824 .
Built from https://develop.svn.wordpress.org/trunk@27743
git-svn-id: http://core.svn.wordpress.org/trunk@27580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-26 17:12:14 +00:00
Andrew Nacin
dce0b9adea
Use SSL when linking to WordPress.org. see #27115 .
...
Built from https://develop.svn.wordpress.org/trunk@27469
git-svn-id: http://core.svn.wordpress.org/trunk@27314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-08 04:14:15 +00:00
Sergey Biryukov
5d3e652c23
Add Oxford comma to password hint.
...
props trepmal.
fixes #26457 .
Built from https://develop.svn.wordpress.org/trunk@27246
git-svn-id: http://core.svn.wordpress.org/trunk@27103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-24 23:31:15 +00:00
Andrew Nacin
59f86351c9
Use get_current_user_id() instead of $user_ID in user-edit.php.
...
props kovshenin.
fixes #26274 .
Built from https://develop.svn.wordpress.org/trunk@27069
git-svn-id: http://core.svn.wordpress.org/trunk@26942 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-02 10:04:13 +00:00
Andrew Ozz
90403aed4b
Deprecate rich_edit_exists(). It doesn't make sense to support deleting the TinyMCE directory when we have auto-updates. Fixes #26786 .
...
Built from https://develop.svn.wordpress.org/trunk@26933
git-svn-id: http://core.svn.wordpress.org/trunk@26814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-13 00:00:12 +00:00
Helen Hou-Sandí
60f3e98d51
Pass the $user_id to the `admin_color_scheme_picker` hook for context. props nacin. see #26607 for trunk.
...
Built from https://develop.svn.wordpress.org/trunk@26924
git-svn-id: http://core.svn.wordpress.org/trunk@26805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-08 21:49:10 +00:00
Drew Jaynes
077afc8d48
Fix a copy/paste error in the 'show_user_profile' hook description in wp-admin/user-edit.php.
...
Props neoxx.
Fixes #26597 .
Built from https://develop.svn.wordpress.org/trunk@26907
git-svn-id: http://core.svn.wordpress.org/trunk@26790 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-05 18:58:11 +00:00
Andrew Ozz
8d6059b383
Remove all screen_icon() calls and deprecate the functions, props TobiasBg, fixes #26119
...
Built from https://develop.svn.wordpress.org/trunk@26518
git-svn-id: http://core.svn.wordpress.org/trunk@26411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-02 03:53:11 +00:00
Drew Jaynes
ee8aa9ee4c
Inline documentation for hooks in wp-admin/user-new.php & wp-admin/user-edit.php.
...
Also fixes one parameter type in wp-includes/user.php.
Fixes #25726 .
Built from https://develop.svn.wordpress.org/trunk@26493
git-svn-id: http://core.svn.wordpress.org/trunk@26387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-01 01:35:10 +00:00
Mark Jaquith
22c6024f9e
Remove unnecessarily gendered pronouns.
...
fixes #26225
Built from https://develop.svn.wordpress.org/trunk@26368
git-svn-id: http://core.svn.wordpress.org/trunk@26269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-25 02:05:10 +00:00
Matt Thomas
fe476702fc
Make password inputs on profile.php match the width of other text inputs. Fixes #26079 , props johnbillion.
...
Built from https://develop.svn.wordpress.org/trunk@26253
git-svn-id: http://core.svn.wordpress.org/trunk@26159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-18 21:31:09 +00:00
Andrew Nacin
fd57b239d2
Don't rely on include_path to include files.
...
Always use dirname() or, once available, ABSPATH.
props ketwaroo, hakre.
fixes #17092 .
Built from https://develop.svn.wordpress.org/trunk@25616
git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Andrew Nacin
00c545606e
Introduce wp_get_user_contact_methods() as a public version of _wp_get_user_contactmethods.
...
props johnnyb.
fixes #24273 .
Built from https://develop.svn.wordpress.org/trunk@25606
git-svn-id: http://core.svn.wordpress.org/trunk@25523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-24 18:14:09 +00:00
Scott Taylor
988caeb9a7
Check `$profileuser->rich_editing` for empty before using it in Edit User admin code.
...
Props sorich87, c3mdigital.
Fixes #17328 .
Built from https://develop.svn.wordpress.org/trunk@25330
git-svn-id: http://core.svn.wordpress.org/trunk@25292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 22:49:08 +00:00
Mark Jaquith
bd94dc655c
Combat Chrome's insanely aggressive user/pass autofilling ಠ_ಠ
...
Chrome now ignores `autocomplete="off"` in <input>, so this hack uses
a hidden, non-named, non-empty input, right before the password field.
see #24364 . props azaozz, nacin, bobbingwide, aaroncampbell.
git-svn-id: http://core.svn.wordpress.org/trunk@24552 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-03 21:24:02 +00:00
Mark Jaquith
5b8aad1039
Rejigger some whitespace in anticipation of a fix for #24364 .
...
see #24364
git-svn-id: http://core.svn.wordpress.org/trunk@24551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-03 21:23:55 +00:00
Dominik Schilling
2446c80c49
Add a label to the second password field on User New and User Edit screen. props MikeHansenMe. fixes #20294 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-30 11:13:34 +00:00
Andrew Nacin
cfa947193f
Revert [24291] pending further discussion and sleuthing. see #24364 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-22 18:37:43 +00:00
Andrew Ozz
dbda48bd2a
Fix Chrome disregarding autocomplete="off" for password fields. Add autocomplete="off" to forms where the users can choose new password. Fixes #24364 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-18 22:56:21 +00:00
Ryan Boren
5a15e5364d
Remove obsolete TODO.
...
Props wonderboymusic
fixes #11635
git-svn-id: http://core.svn.wordpress.org/trunk@24247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-14 12:44:44 +00:00
Ryan Boren
d967428a04
Cleanup additional capabilities display in user-edit.php. Mark a string for translation.
...
Props johnjamesjacoby, SergeyBiryukov
fixes #14267
git-svn-id: http://core.svn.wordpress.org/trunk@23737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-18 13:27:57 +00:00
Ryan Boren
09d2c65970
Always wp_unslash() the return of wp_get_referer().
...
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:20:32 +00:00
Ryan Boren
43a7e695e9
Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
...
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Andrew Nacin
83e0ce2ac1
Remove unused variables reset by wp_reset_vars(). Many of these haven't been used since b2. see #21767 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-16 18:28:41 +00:00
Ryan Boren
cc5ed3a485
Change all core API to expect unslashed rather than slashed arguments.
...
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00