Commit Graph

27 Commits

Author SHA1 Message Date
Scott Taylor 85a6189ad8 Users: when calling `wp_insert_user()` with an valid user ID, return `WP_Error` instead of arbitrarily updating user meta.
Adds unit test.

Props swissspidy, bilalcoder.
Fixes #28004.

Built from https://develop.svn.wordpress.org/trunk@35280


git-svn-id: http://core.svn.wordpress.org/trunk@35246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-20 05:28:24 +00:00
Sergey Biryukov 7f08716c16 Users: Add `'illegal_user_logins'` filter to allow certain usernames to be blacklisted.
Props danielbachhuber, chriscct7, crazycoolcam, SergeyBiryukov.
Fixes #27317.
Built from https://develop.svn.wordpress.org/trunk@35189


git-svn-id: http://core.svn.wordpress.org/trunk@35155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-15 05:43:26 +00:00
Drew Jaynes 217b661703 Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35170


git-svn-id: http://core.svn.wordpress.org/trunk@35136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-14 23:44:25 +00:00
Scott Taylor fc842e33c9 Users: when passing a `WP_User` instance to `wp_update_user()`, ensure that the user password is not accidentally double-hashed. This is terrifying.
Adds unit tests.

Props tbcorr, salcode.
Fixes #28435.

Built from https://develop.svn.wordpress.org/trunk@35116


git-svn-id: http://core.svn.wordpress.org/trunk@35081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-13 02:48:24 +00:00
John Blackbourn b62e798c17 Introduce the ability to filter the Users admin listing screen by users with no role, if such users exist.
Fixes #22993
Props spmlucas, johnbillion

Built from https://develop.svn.wordpress.org/trunk@34965


git-svn-id: http://core.svn.wordpress.org/trunk@34930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 22:07:47 +00:00
Sergey Biryukov 399c1f3c83 Reset Password: Move the code for creating password reset key into a new function, `get_password_reset_key()`, and use it in `retrieve_password()`.
Previously: [25231].

Props DH-Shredder.
Fixes #34180.
Built from https://develop.svn.wordpress.org/trunk@34923


git-svn-id: http://core.svn.wordpress.org/trunk@34888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 00:11:24 +00:00
Boone Gorges 846510ea6f Handle `WP_User` objects properly in `update_user_caches()`.
We should not be storing the `WP_User` object in the cache, as it may contain
usermeta and other data that's cache elsewhere.

Props dd32.
See #24635.
Built from https://develop.svn.wordpress.org/trunk@34919


git-svn-id: http://core.svn.wordpress.org/trunk@34884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 22:42:25 +00:00
Jeremy Felt 9926983b66 Revert [34778], continue using `_site_option()` for the current network.
The `_network_option()` parameter order will be changing to accept `$network_id` first. The `_site_option()` functions will remain in use throughout core as our way of retrieving a network option for the current network.

See #28290.

Built from https://develop.svn.wordpress.org/trunk@34912


git-svn-id: http://core.svn.wordpress.org/trunk@34877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 17:11:25 +00:00
Drew Jaynes 7b82d75ec8 Users: Empty sanitized usernames should be considered invalid when passed through `validate_username()`.
Adds tests.

Props gwinhlopez for the initial patch.
Props mordauk, chriscct7.
Fixes #24618.

Built from https://develop.svn.wordpress.org/trunk@34856


git-svn-id: http://core.svn.wordpress.org/trunk@34821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-06 05:35:25 +00:00
Sergey Biryukov a285a1cf22 Use `home_url()` instead of `get_option( 'siteurl' )` in notifications that are sent when a user's email address or password is changed.
Props tyxla, ramay.
Fixes #34071.
Built from https://develop.svn.wordpress.org/trunk@34820


git-svn-id: http://core.svn.wordpress.org/trunk@34785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-04 23:03:26 +00:00
Jeremy Felt 54512d64cb MS: Use `*_network_option()` functions throughout core.
Replaces all uses of `*_site_option()` with the corresponding "network" function.

This excludes one usage in `wp-admin/admin-footer.php` that needs more investigation.

Props spacedmonkey.
See #28290.

Built from https://develop.svn.wordpress.org/trunk@34778


git-svn-id: http://core.svn.wordpress.org/trunk@34743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-02 19:08:26 +00:00
Drew Jaynes 492c11508a Users: Add the default arguments array as a second parameter to the `wp_dropdown_users_args` filter, introduced in [34692].
Adjust hook doc descriptions accordingly.

See #19867.

Built from https://develop.svn.wordpress.org/trunk@34705


git-svn-id: http://core.svn.wordpress.org/trunk@34669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 22:39:25 +00:00
Drew Jaynes 7866772449 Users: Introduce the `wp_dropdown_users_args` filter, making it possible to filter the arguments for `wp_dropdown_users()` before the query is run.
The 'name' argument (or the `WP_Screen` object if in the admin) can be used to help target specific instances of `wp_dropdown_users()` via this hook.

Props norcross.
See #19867.

Built from https://develop.svn.wordpress.org/trunk@34692


git-svn-id: http://core.svn.wordpress.org/trunk@34656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 15:40:27 +00:00
Scott Taylor 939d9b7395 Remove some unused globals and/or their docs.
See ##33491.

Built from https://develop.svn.wordpress.org/trunk@34446


git-svn-id: http://core.svn.wordpress.org/trunk@34410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 20:27:25 +00:00
Drew Jaynes 35246a957f Docs: The User API is singular.
See #33701.

Built from https://develop.svn.wordpress.org/trunk@34393


git-svn-id: http://core.svn.wordpress.org/trunk@34357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 12:31:26 +00:00
Dominik Schilling d2414cbd2f Login: Move the "Lost your password?" link into a separate string to reduce HTML tags in translation strings.
Props ramiy.
Fixes #31870.
Built from https://develop.svn.wordpress.org/trunk@34354


git-svn-id: http://core.svn.wordpress.org/trunk@34318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-20 09:11:24 +00:00
Scott Taylor 170a2cc4be Add a `'clean_user_cache'` action at the end of `clean_user_cache()`. This is mighty similar to `clean_post_cache()`.
Props elliott-stocks, wonderboymusic.
Fixes #31918.

Built from https://develop.svn.wordpress.org/trunk@34318


git-svn-id: http://core.svn.wordpress.org/trunk@34282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-19 05:41:26 +00:00
Boone Gorges cdc6bc8ad5 Tell the `insert_user_meta` filter whether user is being updated.
`insert_user_meta` was introduced in [33708]. This changeset passes the
`$update` parameter to it.

Props tharsheblows, geminorum.
Fixes #31549.
Built from https://develop.svn.wordpress.org/trunk@34266


git-svn-id: http://core.svn.wordpress.org/trunk@34230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 14:35:26 +00:00
Boone Gorges 85c00bd943 Move new user notification emails to `add_action()` callbacks.
When a new user is created in various places throughout the interface,
notifications are sent to the site admin and the new user. Previously, these
notifications were fired through direct calls to `wp_new_user_notification()`,
making it difficult to stop or modify the messages.

This changeset introduces a number of new action hooks in place of direct calls
to `wp_new_user_notification()`, and hooks the new wrapper function
`wp_send_new_user_notifications()` to these hooks.

Props dshanske, thomaswm, boonebgorges.
Fixes #33587.
Built from https://develop.svn.wordpress.org/trunk@34251


git-svn-id: http://core.svn.wordpress.org/trunk@34215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 22:19:24 +00:00
Boone Gorges a7e229637e Improve validation of `user_login` and `user_nicename` length.
The `user_login` field only allows 60 characters, and `user_nicename` allows
50. However, there are no protections in the interface, and few in the code,
that prevent the creation of users with values in excess of these limits. Prior
to recent changes in `$wpdb`, users were generally created anyway, MySQL
having performed the necessary truncation. More recently, the `INSERT`s and
`UPDATE`s simply fail, with no real feedback on the nature of the failure.

This changeset addresses the issue in a number of ways:
* On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length.
* In `wp_insert_user()`, throw an error if the value provided for `'user_login'` or `'user_nicename'` exceeds the maximum field length.
* In `wp_insert_user()`, when using `'user_login'` to generate a default value for `'user_nicename'`, ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc).

Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges.
Fixes #33793.
Built from https://develop.svn.wordpress.org/trunk@34218


git-svn-id: http://core.svn.wordpress.org/trunk@34182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 22:14:26 +00:00
Dominik Schilling 4af3a3374e Passwords: Deprecate second parameter of `wp_new_user_notification()`.
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.

Adds unit tests.

Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes #33654.

(Don't ask for new pluggables kthxbye)
Built from https://develop.svn.wordpress.org/trunk@34116


git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 12:43:26 +00:00
Boone Gorges b62bcef1b1 Send password-change email notifications via hook.
`wp_password_change_notification()` is now called at the 'after_password_reset'
action, rather than being invoked directly from the `reset_password()` function.

In order to make it possible to call `wp_password_change_notification()` as a
`do_action()` callback, the function signature has to be changed so that the
`$user` parameter is expected to be a value rather than a reference. Since
PHP 5.0, objects are passed by reference, so `&$user` was unnecessary anyway.

Props dshanske, thomaswm.
See #33587.
Built from https://develop.svn.wordpress.org/trunk@34107


git-svn-id: http://core.svn.wordpress.org/trunk@34075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:45:25 +00:00
Scott Taylor c1bb5b5ce3 After [33843], update the location of some files in `This filter is documented in` docs
Props dimadin.
See #33413.

Built from https://develop.svn.wordpress.org/trunk@33954


git-svn-id: http://core.svn.wordpress.org/trunk@33923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-08 22:17:26 +00:00
Drew Jaynes 3be117216e Docs: Clarify the file header summary for wp-includes/user-functions.php, introduced in [33749].
See #33413. See #33701.

Built from https://develop.svn.wordpress.org/trunk@33896


git-svn-id: http://core.svn.wordpress.org/trunk@33865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-04 01:29:24 +00:00
Helen Hou-Sandí 1f500055a6 Drop the hyphen from e-mail and standardize on email.
The AP Stylebook changed this in 2011, and we're woefully inconsistent, so let's go with the standard.

props morganestes, voldemortensen, niallkennedy (for patching on the previous AP style).
fixes #26156.

Built from https://develop.svn.wordpress.org/trunk@33774


git-svn-id: http://core.svn.wordpress.org/trunk@33742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-28 03:17:21 +00:00
John Blackbourn 69bee8ed43 Improve the efficiency of `is_user_member_of_blog()` by removing its use of `get_blogs_of_user()`. Adds additional tests.
Fixes #32472
Props BinaryKitten, sammybeats, johnbillion

Built from https://develop.svn.wordpress.org/trunk@33771


git-svn-id: http://core.svn.wordpress.org/trunk@33739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-27 20:02:23 +00:00
Scott Taylor 484331e492 Users: move `WP_User_Query` into its own file. `user.php` loads the new files, so this is 100% BC if someone is loading `user.php` directly (a lot of plugins do). New files created using `svn cp`.
Creates: 
`class-wp-user-query.php` 
`user-functions.php` 

`user.php` contains only top-level code. Class file only contains the class. Functions file only contains functions.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@33749


git-svn-id: http://core.svn.wordpress.org/trunk@33717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 04:20:21 +00:00