Commit Graph

198 Commits

Author SHA1 Message Date
Adam Silverstein daa977c495 Users: improve password generation feature.
On the user edit screen improve handling and clarify language: rename the "Generate Password" and "Show password" buttons to "Set New Password". Clicking it always generates a password. Also: improve inline code comments and descriptions.

Props afercia, bookdude13, michaelarestad, pento.
Fixes #42852.


Built from https://develop.svn.wordpress.org/trunk@49248


git-svn-id: http://core.svn.wordpress.org/trunk@49010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 18:27:13 +00:00
John Blackbourn 175c2c5b7c Users: Introduce the `invited_user_email` filter for filtering the contents of the email sent when an existing user is invited to a site on Multisite.
Props contact-banker, anand.au14, nikolam, johnbillion

Fixes #42132

Built from https://develop.svn.wordpress.org/trunk@49029


git-svn-id: http://core.svn.wordpress.org/trunk@48791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-21 17:16:07 +00:00
Dominik Schilling 893c580831 Users: On the 'Add New User' screen, don't show the roles dropdown if the current user can't promote other users.
Fixes #50345.
Built from https://develop.svn.wordpress.org/trunk@48042


git-svn-id: http://core.svn.wordpress.org/trunk@47809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-14 17:03:10 +00:00
Sergey Biryukov 7932193708 Coding Standards: Use strict comparison where static strings are involved.
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47808


git-svn-id: http://core.svn.wordpress.org/trunk@47584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-16 18:42:12 +00:00
Sergey Biryukov a546a9c35c Coding Standards: Remove some extra tabs in `wp-admin/user-new.php`.
Follow-up to [47516], [47519].

See #38665.
Built from https://develop.svn.wordpress.org/trunk@47520


git-svn-id: http://core.svn.wordpress.org/trunk@47295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-03-27 22:30:09 +00:00
Sergey Biryukov ee1bf5a911 Coding Standards: Fix WPCS issues in [47516].
See #38665.
Built from https://develop.svn.wordpress.org/trunk@47519


git-svn-id: http://core.svn.wordpress.org/trunk@47294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-03-27 22:25:08 +00:00
John Blackbourn 41ae74f7b4 Users: Add a user language preference option to the "Add New User" form.
This uses the same language selection control as the user editing screen and allows new users to be invited to a site in their own language.

Props barryceelen, johnbillion

Fixes #38665
Built from https://develop.svn.wordpress.org/trunk@47516


git-svn-id: http://core.svn.wordpress.org/trunk@47291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-03-27 21:58:05 +00:00
Sergey Biryukov 5e6c949861 Coding Standards: Use Yoda conditions in some `wp-admin` files.
Props subrataemfluence, marcio-zebedeu, bookdude13, 1naveengiri, alishankhan.
Fixes #44365, #48455.
Built from https://develop.svn.wordpress.org/trunk@47218


git-svn-id: http://core.svn.wordpress.org/trunk@47018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-09 16:53:06 +00:00
Sergey Biryukov 47ed56f38f Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant.
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.

This commit also includes:

* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
 * `wp-admin/admin-header.php`
 * `wp-admin/admin-footer.php`
 * `wp-includes/version.php`

Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes #48082.
Built from https://develop.svn.wordpress.org/trunk@47198


git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-06 06:33:11 +00:00
Sergey Biryukov 001ffe81fb Docs: Improve inline comments per the documentation standards.
Includes minor code layout fixes for better readability.

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47122


git-svn-id: http://core.svn.wordpress.org/trunk@46922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 00:45:18 +00:00
John Blackbourn 7c2b9f2a2e Docs: Miscellaneous docblock fixes and improvements.
See #48303

Built from https://develop.svn.wordpress.org/trunk@46594


git-svn-id: http://core.svn.wordpress.org/trunk@46391 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-26 20:43:04 +00:00
Sergey Biryukov e199663322 I18N: Capitalize translator comments consistently, add trailing punctuation.
Includes minor code layout fixes.

See #44360.
Built from https://develop.svn.wordpress.org/trunk@45932


git-svn-id: http://core.svn.wordpress.org/trunk@45743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-03 00:41:05 +00:00
Sergey Biryukov 16b8d91baa I18N: Improve translator comments.
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.

Includes minor code layout fixes.

Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!

Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes #44360.
Built from https://develop.svn.wordpress.org/trunk@45926


git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-01 17:13:59 +00:00
Sergey Biryukov 8e85299a00 General: First pass at replacing Codex URLs with a corresponding HelpHub or DevHub article.
Props ianbelanger, tobifjellner, SergeyBiryukov.
See #47771.
Built from https://develop.svn.wordpress.org/trunk@45674


git-svn-id: http://core.svn.wordpress.org/trunk@45485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-25 22:45:57 +00:00
Gary Pendergast 87675d288b Coding Standards: Fix all `WordPress.WhiteSpace.PrecisionAlignment` issues.
See #47632.


Built from https://develop.svn.wordpress.org/trunk@45602


git-svn-id: http://core.svn.wordpress.org/trunk@45413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-05 05:21:56 +00:00
Sergey Biryukov 4e4ef1170b I18N: Merge duplicate strings in notifications displayed when a new user has been created or added to the site.
Props ramiy.
Fixes #35746.
Built from https://develop.svn.wordpress.org/trunk@45542


git-svn-id: http://core.svn.wordpress.org/trunk@45353 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-06-15 18:57:52 +00:00
Sergey Biryukov b77cf42c0b Accessibility: Make sure layout tables across the admin are correctly linearized.
Adds `role="presentation"` to the `<table>` elements used for layout purposes.

Ideally, HTML tables should be used for tabular data. When tables are used for layout purposes, it's important to remove any native semantics so that assistive technologies can correctly announce the table content in a linearized fashion.

Props greatislander, afercia.
Fixes #46899.
Built from https://develop.svn.wordpress.org/trunk@45403


git-svn-id: http://core.svn.wordpress.org/trunk@45214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-05-24 21:56:54 +00:00
John Blackbourn d4d1267847 I18N: Improvements to and additions of translator comments for various email subject strings.
Props ramiy

Fixes #46920

Built from https://develop.svn.wordpress.org/trunk@45204


git-svn-id: http://core.svn.wordpress.org/trunk@45013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-15 22:39:50 +00:00
Gary Pendergast 4487551344 Help: Update support forum links.
There are a lot of places in Core that link to https://wordpress.org/support/ for the support forums, but that's now the URL for HelpHub. The new forums link is https://wordpress.org/support/forums/.

Props jitendrabanjara1991, dilipbheda, mukesh27, ianbelanger.
Fixes #46790.


Built from https://develop.svn.wordpress.org/trunk@45140


git-svn-id: http://core.svn.wordpress.org/trunk@44949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-08 22:59:56 +00:00
Gary Pendergast 9a80e2095b Text Changes: Tweak the wording of email notification subjects.
This change brings more coherence between the subject lines of the various emails WordPress will send.

Props ramiy, pento.
Fixes #37940.

Built from https://develop.svn.wordpress.org/trunk@45137


git-svn-id: http://core.svn.wordpress.org/trunk@44946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-08 06:17:51 +00:00
Andrea Fercia ca53eac85e Accessibility: Improve the password form buttons accessibility.
- makes the "Cancel" button always visible: this allows to generate a new password also on small screens
- moves focus back to the Generate Password button when closing the form
- changes the password reset show/hide button from a clickable `<span>` element to a real `<button>` element
- improves the CSS

Props janak007, afercia.
Fixes #42853.

Built from https://develop.svn.wordpress.org/trunk@44895


git-svn-id: http://core.svn.wordpress.org/trunk@44726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-13 23:37:57 +00:00
Gary Pendergast 97aef0e336 Docs: Remove duplicate docblocks for the `pre_user_login` and `link_category` filters.
Props coffee2code.
Fixes #45308.


Built from https://develop.svn.wordpress.org/trunk@44612


git-svn-id: http://core.svn.wordpress.org/trunk@44443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-16 05:29:49 +00:00
Gary Pendergast 56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Sergey Biryukov 0e802a627d General: Introduce `WP_Error::has_errors()` method and use it where appropriate.
Props robdxw, DrewAPicture, SergeyBiryukov.
Fixes #42742.
Built from https://develop.svn.wordpress.org/trunk@42761


git-svn-id: http://core.svn.wordpress.org/trunk@42591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-27 02:31:31 +00:00
Peter Wilson e6ccdf161f General: Further improve error messages following [42648].
Props kristastevens, melchoyce.
Fixes #38332 for trunk.


Built from https://develop.svn.wordpress.org/trunk@42719


git-svn-id: http://core.svn.wordpress.org/trunk@42547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-19 02:13:32 +00:00
Peter Wilson 0d39b35c11 General: Replace `Cheatin’ uh?` with friendlier error messages.
While intended as a playful error message, `Cheatin’ uh?` can be interpreted as insulting or accusatory in an already stressful situation. This replaces Cheatin’ with more meaningful error messages, depending on the error that occurs.

Props ElectricFeet, EricMeyer, karmatosed, dd32, BandonRandon, melchoyce for language; dmsnell for original patch; peterwilsoncc.
Fixes #38332.


Built from https://develop.svn.wordpress.org/trunk@42648


git-svn-id: http://core.svn.wordpress.org/trunk@42477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-05 02:30:34 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
John Blackbourn eaf1cfdc1f Hardening: Use a properly generated hash for the `newbloguser` key instead of a determinate substring.
Built from https://develop.svn.wordpress.org/trunk@42258


git-svn-id: http://core.svn.wordpress.org/trunk@42087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 15:52:50 +00:00
Jeremy Felt abdfe59c28 Multisite: Use `get_current_blog_id()` instead of `$wpdb->blogid`.
`get_current_blog_id()` is more appropriate for determining the ID of the current site in most cases. This eliminates the need for the global `$wpdb` in several functions and is better than the implicit global used in admin pages.

Props bnap00, spacedmonkey.
Fixes #41684.

Built from https://develop.svn.wordpress.org/trunk@41661


git-svn-id: http://core.svn.wordpress.org/trunk@41495 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 01:44:47 +00:00
Felix Arntz 7e2ca92e69 Multisite: Introduce a `can_add_user_to_blog` filter to prevent adding a user to a site.
Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new `can_add_user_to_blog` filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.

The user-facing parts and the REST API route that interact with `add_user_to_blog()` have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.

Props jmdodd.
Fixes #41101.

Built from https://develop.svn.wordpress.org/trunk@41225


git-svn-id: http://core.svn.wordpress.org/trunk@41065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 21:41:45 +00:00
John Blackbourn 2d464d4286 Users: Don't show the 'Add Existing User' form on the 'Add New User' screen to users without the `promote_users` capability.
Props bseddon, Mista-Flo

Fixes #37836

Built from https://develop.svn.wordpress.org/trunk@41122


git-svn-id: http://core.svn.wordpress.org/trunk@40962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-23 01:14:43 +00:00
Felix Arntz 34ad21bcfa Multisite: Remove unnecessary `is_super_admin()` check when adding an existing user to a site.
Prior to this change, a super admin user that is added to a site who they are already a member of would still get reinvited.

Props supercoder.
Fixes #39220. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39946


git-svn-id: http://core.svn.wordpress.org/trunk@39883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-24 12:03:43 +00:00
Felix Arntz 41fc0c0f5a Multisite: Replace `is_super_admin()` with `manage_network_users` when trying to add an existing user via username.
Props dhanendran.
Fixes #39202. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39935


git-svn-id: http://core.svn.wordpress.org/trunk@39872 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-20 17:49:41 +00:00
Felix Arntz c22fea9120 Multisite: Replace `is_super_admin()` with `manage_network_users` when checking for users autocomplete capabilities.
Props ashokkumar24.
Fixes #39201. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39934


git-svn-id: http://core.svn.wordpress.org/trunk@39871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-20 17:43:42 +00:00
Andrea Fercia fd40a16ad1 Accessibility: Improve the form labels on the Add New User screen.
On the Multisite - single site "Add New User" screen, some form fields have more
than one label associated with them. Form controls should have at most one
associated label element. If more than one label element is associated to the
control, assistive technologies may not read the appropriate label.

Additionally, labels can be associated to their related form fields either
explicitly (using a `for` attribute referencing the field ID) or implicitly
(using the label to wrap the field). As a best practice, never do both and
prefer explicitly associated labels when possible.

Props Ankit K Gupta.
Fixes #38459.

Built from https://develop.svn.wordpress.org/trunk@39006


git-svn-id: http://core.svn.wordpress.org/trunk@38948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-29 12:54:30 +00:00
Dominik Schilling 7819e2b4ba I18N: Introduce a locale-switching function.
With the introduction of user-specific languages in [38705] it's necessary to be able to switch translations on the fly. For example emails should be sent in the language of the recipient and not the one of the current user.

This introduces a new `WP_Locale_Switcher` class which is used for switching locales and translations. It holds the stack of locales whenever `switch_to_locale( $locale )` is called. With `restore_previous_locale()` you can restore the previous locale. `restore_current_locale()` empties the stack and sets the locale back to the initial value.

`switch_to_locale()` is added to most of core's email functions, either with the value of `get_locale()` (site language) or `get_user_locale()` (user language with fallback to site language).

Props yoavf, tfrommen, swissspidy, pbearne, ocean90.
See #29783.
Fixes #26511.
Built from https://develop.svn.wordpress.org/trunk@38961


git-svn-id: http://core.svn.wordpress.org/trunk@38904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 15:36:31 +00:00
Andrea Fercia 2eda436430 Accessibility: Remove target=_blank from the Users and Widgets screens help tabs links.
Stop taking control of users' browsers.

Props rianrietveld.
Fixes #38217. See #23432.

Built from https://develop.svn.wordpress.org/trunk@38723


git-svn-id: http://core.svn.wordpress.org/trunk@38666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-04 07:10:31 +00:00
Andrea Fercia eeefec932f Administration: Improve the usage of the button CSS classes.
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.

- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items

Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes #27314, #37138, #37448.

Built from https://develop.svn.wordpress.org/trunk@38672


git-svn-id: http://core.svn.wordpress.org/trunk@38615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-28 19:54:28 +00:00
Sergey Biryukov ec8f0281fa I18N: Remove unnecessary context for two strings on "Add New User" screen.
Props ramiy.
Fixes #37784.
Built from https://develop.svn.wordpress.org/trunk@38329


git-svn-id: http://core.svn.wordpress.org/trunk@38270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-23 12:54:31 +00:00
Dominik Schilling a8ccd1ce23 Users: Update help text for `user-new.php` to remove reference to sending passwords via email.
Props anneschmidt.
Fixes #36763.
Built from https://develop.svn.wordpress.org/trunk@38064


git-svn-id: http://core.svn.wordpress.org/trunk@38005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-14 21:51:32 +00:00
Jeremy Felt 771212f20a Multisite: Correct logic used to display an Edit User link after adding a user.
Previously, if a user was added with the checkbox for no confirmation selected and an error was then encountered in `wpmu_activate_signup()`, a fatal error would trigger because `$new_user` was a `WP_Error` object rather than a user.

Fixes #37223.

Built from https://develop.svn.wordpress.org/trunk@38007


git-svn-id: http://core.svn.wordpress.org/trunk@37948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 17:48:29 +00:00
Dominik Schilling 25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Drew Jaynes c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Dominik Schilling 024ffe4980 I18N: Fix placeholders and add translator comments after [36695].
See #35705.
Built from https://develop.svn.wordpress.org/trunk@36697


git-svn-id: http://core.svn.wordpress.org/trunk@36664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 21:49:26 +00:00
Jeremy Felt b4ab399def Multisite: Provide an "Edit user" link after adding a new user
Props codex-m, jeremyfelt.
Fixes #35705.

Built from https://develop.svn.wordpress.org/trunk@36695


git-svn-id: http://core.svn.wordpress.org/trunk@36662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 21:43:25 +00:00
Dominik Schilling 9fb5c540bb Users: Allow to create users without sending an email to the new user.
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.

Fixes #33504.
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
Built from https://develop.svn.wordpress.org/trunk@35742


git-svn-id: http://core.svn.wordpress.org/trunk@35706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:38:29 +00:00
Scott Taylor 0d8a80b14c Profile: on `user-new.php`, don't allow the password fields to be hidden. When hidden, you can't add a user.
Props coffee2code.
Fixes #15115.

Built from https://develop.svn.wordpress.org/trunk@34582


git-svn-id: http://core.svn.wordpress.org/trunk@34546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 06:15:26 +00:00
Helen Hou-Sandí 48befcf361 Superglobals: Revert [34059] until further notice.
see #33837.

Built from https://develop.svn.wordpress.org/trunk@34265


git-svn-id: http://core.svn.wordpress.org/trunk@34229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 12:33:26 +00:00
Boone Gorges a7e229637e Improve validation of `user_login` and `user_nicename` length.
The `user_login` field only allows 60 characters, and `user_nicename` allows
50. However, there are no protections in the interface, and few in the code,
that prevent the creation of users with values in excess of these limits. Prior
to recent changes in `$wpdb`, users were generally created anyway, MySQL
having performed the necessary truncation. More recently, the `INSERT`s and
`UPDATE`s simply fail, with no real feedback on the nature of the failure.

This changeset addresses the issue in a number of ways:
* On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length.
* In `wp_insert_user()`, throw an error if the value provided for `'user_login'` or `'user_nicename'` exceeds the maximum field length.
* In `wp_insert_user()`, when using `'user_login'` to generate a default value for `'user_nicename'`, ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc).

Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges.
Fixes #33793.
Built from https://develop.svn.wordpress.org/trunk@34218


git-svn-id: http://core.svn.wordpress.org/trunk@34182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 22:14:26 +00:00
Scott Taylor cd7c0f0b0d Introduce `wp_validate_action( $action = '' )`, a helper function that checks `$_REQUEST` for `action` and returns it, or empty string if not present. If `$action` is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.
Implementing this removes 27 uses of direct superglobal access in the admin.

For more reading:
https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php

See #33837.

Built from https://develop.svn.wordpress.org/trunk@34059


git-svn-id: http://core.svn.wordpress.org/trunk@34027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 21:08:26 +00:00