John Blackbourn
78c7ec883d
Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
...
Merges [42258] to the 4.6 branch.
Built from https://develop.svn.wordpress.org/branches/4.6@42276
git-svn-id: http://core.svn.wordpress.org/branches/4.6@42105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:21:34 +00:00
Dominik Schilling
a8ccd1ce23
Users: Update help text for `user-new.php` to remove reference to sending passwords via email.
...
Props anneschmidt.
Fixes #36763 .
Built from https://develop.svn.wordpress.org/trunk@38064
git-svn-id: http://core.svn.wordpress.org/trunk@38005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-14 21:51:32 +00:00
Jeremy Felt
771212f20a
Multisite: Correct logic used to display an Edit User link after adding a user.
...
Previously, if a user was added with the checkbox for no confirmation selected and an error was then encountered in `wpmu_activate_signup()`, a fatal error would trigger because `$new_user` was a `WP_Error` object rather than a user.
Fixes #37223 .
Built from https://develop.svn.wordpress.org/trunk@38007
git-svn-id: http://core.svn.wordpress.org/trunk@37948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 17:48:29 +00:00
Dominik Schilling
25e66e4f1e
Text Changes: Unify permission error messages.
...
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.
Props ramiy, Presskopp.
Fixes #34521 .
Built from https://develop.svn.wordpress.org/trunk@37914
git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Drew Jaynes
c3055cc190
Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
...
See #36913 .
Built from https://develop.svn.wordpress.org/trunk@37488
git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Dominik Schilling
024ffe4980
I18N: Fix placeholders and add translator comments after [36695].
...
See #35705 .
Built from https://develop.svn.wordpress.org/trunk@36697
git-svn-id: http://core.svn.wordpress.org/trunk@36664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 21:49:26 +00:00
Jeremy Felt
b4ab399def
Multisite: Provide an "Edit user" link after adding a new user
...
Props codex-m, jeremyfelt.
Fixes #35705 .
Built from https://develop.svn.wordpress.org/trunk@36695
git-svn-id: http://core.svn.wordpress.org/trunk@36662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 21:43:25 +00:00
Dominik Schilling
9fb5c540bb
Users: Allow to create users without sending an email to the new user.
...
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.
Fixes #33504 .
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
Built from https://develop.svn.wordpress.org/trunk@35742
git-svn-id: http://core.svn.wordpress.org/trunk@35706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:38:29 +00:00
Scott Taylor
0d8a80b14c
Profile: on `user-new.php`, don't allow the password fields to be hidden. When hidden, you can't add a user.
...
Props coffee2code.
Fixes #15115 .
Built from https://develop.svn.wordpress.org/trunk@34582
git-svn-id: http://core.svn.wordpress.org/trunk@34546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 06:15:26 +00:00
Helen Hou-Sandí
48befcf361
Superglobals: Revert [34059] until further notice.
...
see #33837 .
Built from https://develop.svn.wordpress.org/trunk@34265
git-svn-id: http://core.svn.wordpress.org/trunk@34229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 12:33:26 +00:00
Boone Gorges
a7e229637e
Improve validation of `user_login` and `user_nicename` length.
...
The `user_login` field only allows 60 characters, and `user_nicename` allows
50. However, there are no protections in the interface, and few in the code,
that prevent the creation of users with values in excess of these limits. Prior
to recent changes in `$wpdb`, users were generally created anyway, MySQL
having performed the necessary truncation. More recently, the `INSERT`s and
`UPDATE`s simply fail, with no real feedback on the nature of the failure.
This changeset addresses the issue in a number of ways:
* On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length.
* In `wp_insert_user()`, throw an error if the value provided for `'user_login'` or `'user_nicename'` exceeds the maximum field length.
* In `wp_insert_user()`, when using `'user_login'` to generate a default value for `'user_nicename'`, ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc).
Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges.
Fixes #33793 .
Built from https://develop.svn.wordpress.org/trunk@34218
git-svn-id: http://core.svn.wordpress.org/trunk@34182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 22:14:26 +00:00
Scott Taylor
cd7c0f0b0d
Introduce `wp_validate_action( $action = '' )`, a helper function that checks `$_REQUEST` for `action` and returns it, or empty string if not present. If `$action` is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.
...
Implementing this removes 27 uses of direct superglobal access in the admin.
For more reading:
https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php
See #33837 .
Built from https://develop.svn.wordpress.org/trunk@34059
git-svn-id: http://core.svn.wordpress.org/trunk@34027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 21:08:26 +00:00
Scott Taylor
a40e30e7f4
Move 2 ad hoc user admin functions:
...
* Move `use_ssl_preference()` from `wp-admin/user-edit.php` to `wp-admin/includes/user.php`.
* Move `admin_created_user_email()` from `wp-admin/user-new.php` to `wp-admin/includes/user.php`.
See #33813 .
Built from https://develop.svn.wordpress.org/trunk@34021
git-svn-id: http://core.svn.wordpress.org/trunk@33990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 21:33:33 +00:00
Jeremy Felt
d1f818a61d
Multisite: Allow users with `manage_network_users` to edit network users.
...
Other users in a network can now be given capabilities to manage users without also having global super admin privileges.
* Users with `manage_network_users` can not edit super admins.
* Users with `manage_network_users` can not promote users to super admin.
* Uses of `is_super_admin()` in `user-new.php` are now updated to `manage_network_users`.
Props daniellandau, chriscct7.
Fixes #16860 .
Built from https://develop.svn.wordpress.org/trunk@33988
git-svn-id: http://core.svn.wordpress.org/trunk@33957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 03:34:23 +00:00
Andrea Fercia
a49f9ef68f
Bump H3 headings to H2 on the Network Add New User screen for better accessibility.
...
Props Cheffheid.
Fixes #33605 .
Built from https://develop.svn.wordpress.org/trunk@33945
git-svn-id: http://core.svn.wordpress.org/trunk@33914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-07 16:03:25 +00:00
Sergey Biryukov
b4fbbf53cf
Provide more helpful feedback than just "Cheatin' uh?" for permission errors in `wp-admin/user-new.php`.
...
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33678 . see #14530 .
Built from https://develop.svn.wordpress.org/trunk@33884
git-svn-id: http://core.svn.wordpress.org/trunk@33853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 08:46:52 +00:00
Helen Hou-Sandí
1f500055a6
Drop the hyphen from e-mail and standardize on email.
...
The AP Stylebook changed this in 2011, and we're woefully inconsistent, so let's go with the standard.
props morganestes, voldemortensen, niallkennedy (for patching on the previous AP style).
fixes #26156 .
Built from https://develop.svn.wordpress.org/trunk@33774
git-svn-id: http://core.svn.wordpress.org/trunk@33742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-28 03:17:21 +00:00
Sergey Biryukov
85d3345e05
Multisite: Add `'invite_user'` action that fires immediately after a user is invited to join a site, but before the notification is sent.
...
props ebinnion, MikeHansenMe, DrewAPicture.
fixes #33008 .
Built from https://develop.svn.wordpress.org/trunk@33732
git-svn-id: http://core.svn.wordpress.org/trunk@33700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 17:48:21 +00:00
Scott Taylor
d92795db13
Passwords UI: clean up the new JS in `wp-admin/js/user-profile.js`.
...
Instead of wrapping `#pass1` in a `<span>` dynamically, add the `<span>` to the HTML in PHP. It currently has no styling.
Fixes #33145 .
Built from https://develop.svn.wordpress.org/trunk@33450
git-svn-id: http://core.svn.wordpress.org/trunk@33417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-27 21:25:25 +00:00
Mark Jaquith
5abcb6938c
Toggle between dashicons-hidden and dashicons-visibility in the password hide/show button.
...
fixes #33135
Built from https://develop.svn.wordpress.org/trunk@33438
git-svn-id: http://core.svn.wordpress.org/trunk@33405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-27 03:13:24 +00:00
Sergey Biryukov
bd0f6a2132
Remove unused `pw-weak` ID attributes.
...
see #33077 .
Built from https://develop.svn.wordpress.org/trunk@33419
git-svn-id: http://core.svn.wordpress.org/trunk@33387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-26 00:58:24 +00:00
Mark Jaquith
1ef40251b9
Introduce a Cancel button and onUnload warning for password changes.
...
fixes #33079
props johnjamesjacoby
Built from https://develop.svn.wordpress.org/trunk@33364
git-svn-id: http://core.svn.wordpress.org/trunk@33336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 18:36:24 +00:00
Mark Jaquith
f08f12f7cc
Fix up and normalize pw_weak/pw-weak IDs and labels.
...
props johnjamesjacoby
fixes #33077
Built from https://develop.svn.wordpress.org/trunk@33363
git-svn-id: http://core.svn.wordpress.org/trunk@33335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 17:24:24 +00:00
Konstantin Obenland
45bfab3aa8
Passwords: Add password strength meter feedback for screen readers.
...
Also gives context to the show/hide button.
Props rianrietveld, afercia.
Fixes #33032 .
Built from https://develop.svn.wordpress.org/trunk@33353
git-svn-id: http://core.svn.wordpress.org/trunk@33325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 00:15:25 +00:00
Konstantin Obenland
e4305c7b28
Passwords: Make show/hide toggle translatable.
...
See #32589 .
Built from https://develop.svn.wordpress.org/trunk@33249
git-svn-id: http://core.svn.wordpress.org/trunk@33221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 22:35:24 +00:00
Konstantin Obenland
7e3f0cf45e
Passwords: New UI for install screen.
...
Also synchronises the use of `pw_weak` as an input name and removes trailing
periods from checkbox labels.
Props MikeHansenMe, adamsilverstein, obenland.
See #32589 .
Built from https://develop.svn.wordpress.org/trunk@33246
git-svn-id: http://core.svn.wordpress.org/trunk@33218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 22:22:24 +00:00
Konstantin Obenland
d932607416
Passwords: Add trailing periods in new strings.
...
Props akibjorklund.
See #32589 .
Built from https://develop.svn.wordpress.org/trunk@33208
git-svn-id: http://core.svn.wordpress.org/trunk@33180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 18:30:24 +00:00
Jeremy Felt
0dbe4d6c95
Set autocapitalize to none, autocorrect to off for new username inputs on iOS.
...
This corrects both the standard wp-admin new user form and the network new user form.
Props @brad2dabone, @sunnnyratilal.
Fixes #32644 .
Built from https://develop.svn.wordpress.org/trunk@33160
git-svn-id: http://core.svn.wordpress.org/trunk@33132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-11 02:35:24 +00:00
Dominik Schilling
73d57e6c86
Add/Edit User: Move weak password label to the checkbox.
...
props paulwilde.
fixes #32908 .
Built from https://develop.svn.wordpress.org/trunk@33137
git-svn-id: http://core.svn.wordpress.org/trunk@33108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-08 21:28:25 +00:00
Mark Jaquith
504101460f
Slow down on calling zxcvbn if it isn't loaded.
...
see #32589
Built from https://develop.svn.wordpress.org/trunk@33033
git-svn-id: http://core.svn.wordpress.org/trunk@33004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 18:13:24 +00:00
Mark Jaquith
423a1a7ca4
New password change/set UI.
...
* Generate the password for the user
* More tightly integrate password strength meter
* Warn on weak passwords
see #32589
props MikeHansenMe, adamsilverstein, binarykitten
Built from https://develop.svn.wordpress.org/trunk@33023
git-svn-id: http://core.svn.wordpress.org/trunk@32994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 14:48:24 +00:00
Konstantin Obenland
7dc1d06e64
Proper heading for admin screens.
...
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.
Props joedolson, afercia.
Fixes #31650 .
Built from https://develop.svn.wordpress.org/trunk@32974
git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 15:41:25 +00:00
Scott Taylor
c6a4512b1b
Add missing doc blocks to `wp-admin/includes/*`.
...
Fix some egregious uses of tabbing.
Some functions can simply return `apply_filters(...)` instead of setting a variable that is immediately returned.
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32654
git-svn-id: http://core.svn.wordpress.org/trunk@32624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 20:17:26 +00:00
Dominik Schilling
64fc7294b6
Use HTTPS URLs for codex.wordpress.org.
...
see #27115 .
Built from https://develop.svn.wordpress.org/trunk@32116
git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Helen Hou-Sandí
d85f8fe326
Admin notices: Make (most) core notices dismissible.
...
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.
props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes #31233 . see #23367 .
Built from https://develop.svn.wordpress.org/trunk@31973
git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 22:06:28 +00:00
Sergey Biryukov
2c98f83b70
Remove duplicate label on Add New User screen.
...
props abhishekfdd.
fixes #31131 .
Built from https://develop.svn.wordpress.org/trunk@31777
git-svn-id: http://core.svn.wordpress.org/trunk@31757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-14 01:04:27 +00:00
Dominik Schilling
72229b25c8
Add New User: Remove trailing whitespace from button labels.
...
fixes #31175 .
Built from https://develop.svn.wordpress.org/trunk@31298
git-svn-id: http://core.svn.wordpress.org/trunk@31279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-29 14:54:21 +00:00
Scott Taylor
7f8b548df1
In HTML5, the `action` attribute is no longer required. Remove this attribute when empty.
...
The admin HTML is served with the HTML5 doctype.
"The action and formaction content attributes, if specified, must have a value that is a valid non-empty URL potentially surrounded by spaces."
http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fs-action
Props voldemortensen.
Fixes #30126 .
Built from https://develop.svn.wordpress.org/trunk@31200
git-svn-id: http://core.svn.wordpress.org/trunk@31181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 04:16:24 +00:00
Andrew Nacin
741e0ec6de
No need for wp_get_password_hint() to be prefixed as if it is private.
...
see #21243 .
Built from https://develop.svn.wordpress.org/trunk@30855
git-svn-id: http://core.svn.wordpress.org/trunk@30845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-15 08:34:23 +00:00
John Blackbourn
bdd00b3902
Improve various hook and filter docs so they are correctly parsed for the code reference.
...
Fixes #30558
Props DrewAPicture
Built from https://develop.svn.wordpress.org/trunk@30754
git-svn-id: http://core.svn.wordpress.org/trunk@30744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-06 21:32:24 +00:00
John Blackbourn
d88ed475b0
Switch to a `403` response code in places where it is more appropriate than a `500` due to permissions errors.
...
Fixes #10551
Props nacin
Built from https://develop.svn.wordpress.org/trunk@30356
git-svn-id: http://core.svn.wordpress.org/trunk@30355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:16:22 +00:00
John Blackbourn
b1ba80de87
Rename `_wp_password_hint()` to `_wp_get_password_hint()` to bring it inline with core terminology. Fixes #21243 .
...
Built from https://develop.svn.wordpress.org/trunk@30033
git-svn-id: http://core.svn.wordpress.org/trunk@30033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-26 23:30:18 +00:00
Jeremy Felt
fd149bb220
Deprecate admin_created_user_subject()
...
When `admin_created_user_subjec()` was merged from MU, the accompanying filter was left behind. As it has never been used by WordPress core, and is not an otherwise useful function, it can be deprecated.
Fixes #29915
Built from https://develop.svn.wordpress.org/trunk@30005
git-svn-id: http://core.svn.wordpress.org/trunk@30005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-24 04:49:20 +00:00
Boone Gorges
24babfddb3
Allow apostrophes in email addresses when adding users via the Dashboard.
...
Email addresses entered in a number of interfaces were not being stripslashed
properly, with the result that the emails were not being recognized as valid.
Fixes #18039 .
Built from https://develop.svn.wordpress.org/trunk@29966
git-svn-id: http://core.svn.wordpress.org/trunk@29713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-19 20:30:19 +00:00
Sergey Biryukov
0eb758720a
Move password hint text to a function. Add 'password_hint' filter.
...
props convissor.
fixes #21243 .
Built from https://develop.svn.wordpress.org/trunk@29962
git-svn-id: http://core.svn.wordpress.org/trunk@29709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-18 20:21:18 +00:00
Jeremy Felt
3a8676278d
Do not send a welcome notification when noconfirmation has been flagged
...
When adding a new user to a site on the network, 2 emails are sent out - one for confirmation and one as a welcome. If the option for no confirmation is selected, neither should send.
props transom
Fixes #16235
Built from https://develop.svn.wordpress.org/trunk@29880
git-svn-id: http://core.svn.wordpress.org/trunk@29637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-12 01:11:18 +00:00
Sergey Biryukov
c4fce2f163
Reverse the order of roles in help text on Add New User screen to match [25695].
...
fixes #28914 .
Built from https://develop.svn.wordpress.org/trunk@29233
git-svn-id: http://core.svn.wordpress.org/trunk@29017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 23:48:15 +00:00
John Blackbourn
be12ea968a
Implement email and url input types where appropriate. Props Kau-Boy. Fixes #22183 .
...
Built from https://develop.svn.wordpress.org/trunk@29030
git-svn-id: http://core.svn.wordpress.org/trunk@28818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-08 17:52:14 +00:00
Sergey Biryukov
4a11203b06
Clarify a string on Add New User screen.
...
props vancoder, collinsinternet.
fixes #27398 .
Built from https://develop.svn.wordpress.org/trunk@29009
git-svn-id: http://core.svn.wordpress.org/trunk@28797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-07 00:54:14 +00:00
Scott Taylor
9a286d75fd
Don't use variable variables in `user-new.php`. Test by causing errors when creating a new user.
...
See #27881 .
Built from https://develop.svn.wordpress.org/trunk@28745
git-svn-id: http://core.svn.wordpress.org/trunk@28559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 19:54:13 +00:00