Commit Graph

94 Commits

Author SHA1 Message Date
whyisjake abc5355d75 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.6 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/4.6@49400


git-svn-id: http://core.svn.wordpress.org/branches/4.6@49159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:00:24 +00:00
Dominik Schilling 25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Drew Jaynes c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Jeremy Felt 4a12078b31 Multisite: Filter the links displayed on "Edit Site" views
Introduce the `network_edit_site_nav` function, which DRYs up the code used to display a common set of links at the top of "Edit Site" views.

Introduce the `network_edit_site_nav_links` filter, which allows plugins to modify the list of links displayed at the top of Edit Site views as a "tabbed" interface.

Props johnjamesjacoby, c3mdigital, Bueltge.
Fixes #15800.

Built from https://develop.svn.wordpress.org/trunk@37466


git-svn-id: http://core.svn.wordpress.org/trunk@37434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-19 21:48:30 +00:00
Andrea Fercia 52920b8511 Introduce a new generic CSS clearfix utility class.
`.wp-clearfix` is now the recommended way to clear and contain floated elements.
Adds back compatibility for the `.nav-tab-wrapper` navigation tabs.

See #26396.
Built from https://develop.svn.wordpress.org/trunk@36171


git-svn-id: http://core.svn.wordpress.org/trunk@36138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-05 13:38:30 +00:00
Andrea Fercia 17f53091ed Bump H3 headings to H2 on the Network Admin > Sites > Edit Site screens.
The navigation tabs appear in an `<h3>` heading immediately following the main `<h1>` and need to have a proper hierarchy.
Also, fix the tabs focus style and introduce a new `.nav-tab-small` CSS class.

Fixes #34079.
Built from https://develop.svn.wordpress.org/trunk@34913


git-svn-id: http://core.svn.wordpress.org/trunk@34878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 17:35:24 +00:00
Scott Taylor 0c2b2a0e3d List Tables/WP_Screen: in `WP_Screen`, add methods to store, retrieve, and render screen reader text, primarily used by list table screens.
These additions are based on an audit and recommendations by the Accessibility team. #a11y'all

Props afercia.
Fixes #32147.

Built from https://develop.svn.wordpress.org/trunk@34891


git-svn-id: http://core.svn.wordpress.org/trunk@34856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 01:28:25 +00:00
Andrea Fercia 5a2627d38a Bump H3 headings to H2 on the Network Site Users screen for better accessibility.
Fixes #34081.
Built from https://develop.svn.wordpress.org/trunk@34742


git-svn-id: http://core.svn.wordpress.org/trunk@34707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-01 14:33:26 +00:00
Boone Gorges 85c00bd943 Move new user notification emails to `add_action()` callbacks.
When a new user is created in various places throughout the interface,
notifications are sent to the site admin and the new user. Previously, these
notifications were fired through direct calls to `wp_new_user_notification()`,
making it difficult to stop or modify the messages.

This changeset introduces a number of new action hooks in place of direct calls
to `wp_new_user_notification()`, and hooks the new wrapper function
`wp_send_new_user_notifications()` to these hooks.

Props dshanske, thomaswm, boonebgorges.
Fixes #33587.
Built from https://develop.svn.wordpress.org/trunk@34251


git-svn-id: http://core.svn.wordpress.org/trunk@34215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 22:19:24 +00:00
Dominik Schilling 4af3a3374e Passwords: Deprecate second parameter of `wp_new_user_notification()`.
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.

Adds unit tests.

Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes #33654.

(Don't ask for new pluggables kthxbye)
Built from https://develop.svn.wordpress.org/trunk@34116


git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 12:43:26 +00:00
Jeremy Felt af557379da Multisite: Update help tab text for `site-info.php` to reference "site URL".
In [32759] and [33586], we combined the domain and path entry for a site to a single "Site URL" field. This updates the help text to reflect that.

Fixes #33748. See #22383.

Built from https://develop.svn.wordpress.org/trunk@33921


git-svn-id: http://core.svn.wordpress.org/trunk@33890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-05 20:53:24 +00:00
Sergey Biryukov bc8af88903 Provide more helpful feedback than just "Cheatin' uh?" for permission errors in `wp-admin/network/site-users.php`.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33683. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33888


git-svn-id: http://core.svn.wordpress.org/trunk@33857 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 09:03:24 +00:00
Scott Taylor c15a1c2bab Replace some hyphens with `&mdash;`s in admin help tabs.
Props pixolin.
Fixes #30605.

Built from https://develop.svn.wordpress.org/trunk@33641


git-svn-id: http://core.svn.wordpress.org/trunk@33608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-19 04:53:25 +00:00
Konstantin Obenland e6bc6242ad Passwords: Restore second parameter for `wp_new_user_notification()`.
After [33023] users would always be notified, this restores previous behavior.

Props markjaquith, ocean90.
Fixes #33358.


Built from https://develop.svn.wordpress.org/trunk@33620


git-svn-id: http://core.svn.wordpress.org/trunk@33587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-17 14:25:27 +00:00
Helen Hou-Sandí d03082323e Network admin: Internationalize some existing strings that were missed in [33186].
Also adds the trailing slash to the `get_home_url()` calls.

props johnbillion.
fixes #33317.

Built from https://develop.svn.wordpress.org/trunk@33603


git-svn-id: http://core.svn.wordpress.org/trunk@33570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-10 18:11:25 +00:00
Mark Jaquith 05965d87e4 Make the multisite new user messages reflect that reset links are sent, not passwords.
fixes #33175
Built from https://develop.svn.wordpress.org/trunk@33494


git-svn-id: http://core.svn.wordpress.org/trunk@33461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 19:04:25 +00:00
Jeremy Felt a5f6dd3ea1 Network Admin: Improved header information in Edit Site tabs.
* Use the site's name rather than URL in the Edit Site header.
* Provide "Visit" and "Dashboard" links for the site on all tabs.

Props @Fab1en, @jeremyfelt.
Fixes #32525.

Built from https://develop.svn.wordpress.org/trunk@33186


git-svn-id: http://core.svn.wordpress.org/trunk@33158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 00:27:24 +00:00
Jeremy Felt 8431399e2e Fix missing period in missing site error.
Props @ocean90.
See #32934.

Built from https://develop.svn.wordpress.org/trunk@33145


git-svn-id: http://core.svn.wordpress.org/trunk@33116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-09 16:33:25 +00:00
Jeremy Felt eb26a74073 Avoid PHP notice when attempting to edit a site that does not exist.
Show a more explicit error - "The requested site does not exist."

Fixes #32934.

Built from https://develop.svn.wordpress.org/trunk@33144


git-svn-id: http://core.svn.wordpress.org/trunk@33115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-09 16:29:24 +00:00
Konstantin Obenland 7dc1d06e64 Proper heading for admin screens.
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.

Props joedolson, afercia.
Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@32974


git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 15:41:25 +00:00
Scott Taylor d2a00338f6 Don't loosely compare functions that return `bool` against a literal `bool`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32730


git-svn-id: http://core.svn.wordpress.org/trunk@32701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 17:19:27 +00:00
Andrew Nacin 9e92fab289 Update wp_die() calls modified in [31658] to use shorthand calling style.
see #31422.

Built from https://develop.svn.wordpress.org/trunk@32152


git-svn-id: http://core.svn.wordpress.org/trunk@32127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 03:27:27 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Helen Hou-Sandí d85f8fe326 Admin notices: Make (most) core notices dismissible.
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.

props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes #31233. see #23367.

Built from https://develop.svn.wordpress.org/trunk@31973


git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 22:06:28 +00:00
Sergey Biryukov d013c703e4 Merge title strings on Edit Site screens.
props ramiy.
fixes #31844.
Built from https://develop.svn.wordpress.org/trunk@31962


git-svn-id: http://core.svn.wordpress.org/trunk@31941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 18:00:28 +00:00
Dominik Schilling 13ad2d4e16 Screen Options: Improve items per page option label.
Previously the label just said "Posts", "Pages", or "Comments". This was bad in terms of accessibility and internationalization because of missing context.
This change adds a default label "Number of items per page:" to `WP_Screen->render_per_page_options()` and removes all the existing one-word labels.

props afercia.
fixes #31349, #15576.
Built from https://develop.svn.wordpress.org/trunk@31696


git-svn-id: http://core.svn.wordpress.org/trunk@31677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-10 15:32:27 +00:00
Jeremy Felt 80d13281ed Return HTTP status code 403 in network admin when access is forbidden.
When the error message "You do not have permission to access this page" is used in network admin screens, return an HTTP status code of 403 to match. Previously: [30356] and [31300].

Props yo-l1982.

Fixes #31422.

Built from https://develop.svn.wordpress.org/trunk@31658


git-svn-id: http://core.svn.wordpress.org/trunk@31639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-07 06:00:28 +00:00
Jeremy Felt 7644e68119 Provide proper label associations and descriptions throughout the network admin
* Add labels previously missing for many inputs throughout the network admin screen.
* Add proper `aria-describedby` attributes to provide better descriptions.
* Wrap grouped inputs with `fieldset` elements.
* Remove now unneeded `title` attributes when appropriate.

Props cfoellmann, afercia, rianrietveld.

Fixes #38406.

Built from https://develop.svn.wordpress.org/trunk@31517


git-svn-id: http://core.svn.wordpress.org/trunk@31498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-23 02:29:26 +00:00
Scott Taylor 7f8b548df1 In HTML5, the `action` attribute is no longer required. Remove this attribute when empty.
The admin HTML is served with the HTML5 doctype.

"The action and formaction content attributes, if specified, must have a value that is a valid non-empty URL potentially surrounded by spaces." 
http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fs-action

Props voldemortensen.
Fixes #30126.

Built from https://develop.svn.wordpress.org/trunk@31200


git-svn-id: http://core.svn.wordpress.org/trunk@31181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 04:16:24 +00:00
Scott Taylor af0e5cc851 Inline `<script>`s that are only printed in the admin for pages that are served with the HTML5 doctype absolutely do not need `CDATA` comments.
Props tw2113 for the initial patch.
See #18788.

Built from https://develop.svn.wordpress.org/trunk@31034


git-svn-id: http://core.svn.wordpress.org/trunk@31015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-03 05:46:25 +00:00
John Blackbourn d88ed475b0 Switch to a `403` response code in places where it is more appropriate than a `500` due to permissions errors.
Fixes #10551
Props nacin

Built from https://develop.svn.wordpress.org/trunk@30356


git-svn-id: http://core.svn.wordpress.org/trunk@30355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:16:22 +00:00
Scott Taylor 130771a383 `hackificator` doesn't like mixed quote styles in some generated HTML. The switch from single to double allows these files to be parsed.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28497


git-svn-id: http://core.svn.wordpress.org/trunk@28323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 01:59:15 +00:00
Andrew Nacin 11e5eaa6d5 Network Admin: Fix pagination on site-themes and site-users.
props kawauso, jeremyfelt.
fixes #17545.

Built from https://develop.svn.wordpress.org/trunk@27715


git-svn-id: http://core.svn.wordpress.org/trunk@27554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-25 16:57:15 +00:00
Andrew Nacin dce0b9adea Use SSL when linking to WordPress.org. see #27115.
Built from https://develop.svn.wordpress.org/trunk@27469


git-svn-id: http://core.svn.wordpress.org/trunk@27314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-08 04:14:15 +00:00
Sergey Biryukov af4f68b410 Use wp_dropdown_roles() in wp-admin/network/site-users.php.
props jeremyfelt.
fixes #27215.
Built from https://develop.svn.wordpress.org/trunk@27310


git-svn-id: http://core.svn.wordpress.org/trunk@27163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-27 10:22:14 +00:00
Andrew Ozz 8d6059b383 Remove all screen_icon() calls and deprecate the functions, props TobiasBg, fixes #26119
Built from https://develop.svn.wordpress.org/trunk@26518


git-svn-id: http://core.svn.wordpress.org/trunk@26411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-02 03:53:11 +00:00
Drew Jaynes ceb16bc719 Inline documentation for hooks in wp-admin/network/site-users.php.
Props sboisvert for the initial patch. Props kpdesign.
Fixes #25497.

Built from https://develop.svn.wordpress.org/trunk@25939


git-svn-id: http://core.svn.wordpress.org/trunk@25898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-26 20:33:09 +00:00
Andrew Nacin fd57b239d2 Don't rely on include_path to include files.
Always use dirname() or, once available, ABSPATH.

props ketwaroo, hakre.
fixes #17092.

Built from https://develop.svn.wordpress.org/trunk@25616


git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Sergey Biryukov 5744245cc3 Avoid a fatal error when adding a non-existent user to a site. props duck_. fixes #24460.
git-svn-id: http://core.svn.wordpress.org/trunk@24509 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-25 14:24:18 +00:00
Ryan Boren 003941b2e7 Use API instead of bare SQL queries in site-users.php.
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-12 13:35:45 +00:00
Andrew Nacin 087b6ace16 Remove unused edit-site nonce fields from site-users and site-themes. props jeremyfelt, fixes #21277.
git-svn-id: http://core.svn.wordpress.org/trunk@21903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-18 23:06:22 +00:00
Andrew Nacin d91ae96dc9 Simplify the markup and hierarchy of the Add Existing and Add New user forms on site-users.php. props obenland, fixes #21223.
git-svn-id: http://core.svn.wordpress.org/trunk@21854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-15 19:38:23 +00:00
ryan 5ca54e7d2f Deprecate get_blog_option(), add_blog_option(), update_blog_option(), and delete_blog_option().
Use the regular option functions wrapped in switch_to_blog() and restore_current_blog() instead.

Group multiple operations within a single switch where possible.

fixes #21432


git-svn-id: http://core.svn.wordpress.org/trunk@21414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-03 17:51:42 +00:00
nacin 7127ed1197 Move most instances of new WP_User to get_userdata(). see #21120.
git-svn-id: http://core.svn.wordpress.org/trunk@21413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-03 01:06:05 +00:00
nacin 3ebea2f218 Remove user/site suggestions (autocompletion) from search inputs, as the UX isn't proper.
* Removes all instances of site-search, so away it goes. Sidesteps a number of bugs with site-search.
 * Renames user-search to user-suggest, which means it better describes the current behavior (autocompletion) while allowing for future behavior (instant search).
 * Ties user suggestions to a single .wp-suggest-user class.

with help from markjaquith, helenyhou, wonderboymusic. 
fixes #20835.



git-svn-id: http://core.svn.wordpress.org/trunk@21003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-05 18:51:33 +00:00
nacin eb8e069932 Correct the link to http://codex.wordpress.org/Network_Admin_Sites_Screen in the network admin help sidebars. props Nao. fixes #20607.
git-svn-id: http://core.svn.wordpress.org/trunk@20713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-03 13:34:33 +00:00
markjaquith 2a8c7bbc7a Autocomplete site names in Network Admin. More user completion areas. props Japh, DrewAPicture. see #19810.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-24 04:54:58 +00:00
nacin 8c841df86d Revert type="email" (HTML5) as some browsers that do validation on these fields do not work for IDN domains yet. Core does not support these well either, but server-side validation can at least be dealt with by a plugin. see #17863.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-15 18:09:14 +00:00
azaozz f3b63e4537 Set proper HTML5 input types in the admin, props georgestephanis, fixes #17863
git-svn-id: http://svn.automattic.com/wordpress/trunk@20168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-10 01:23:48 +00:00
markjaquith 481959acec Autocomplete for add-user screens in multisite. props boonebgorges, Japh, DrewAPicture, PeteMall, nacin, koopersmith, markjaquith. see #19810.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-10 08:45:17 +00:00