Commit Graph

285 Commits

Author SHA1 Message Date
Andrew Nacin 8886eef8d9 Add nonce_user_logged_out filters to wp_create_nonce() and wp_verify_nonce() for when there is no user ID. Provides plugins the ability to tie a nonce to some other characteristic of the session. props sc0ttkclark, fixes #21111.
git-svn-id: http://core.svn.wordpress.org/trunk@21837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-13 17:17:47 +00:00
Peter Westwood fb917e5d95 Make sure that we always generate random numbers correctly even if the PHP build is slightly broken and truncates large integers.
Fixes #19571 props mdawaffe.


git-svn-id: http://core.svn.wordpress.org/trunk@21685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-31 09:45:50 +00:00
Ryan Boren c55cf716da Use set_url_scheme(). Props johnbillion, MarcusPope. see #19037 #20759
git-svn-id: http://core.svn.wordpress.org/trunk@21664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-30 13:33:00 +00:00
Andrew Nacin 46eb6f0c26 Move the optimization done to get_user_by() in [21376] higher up the stack, into map_meta_cap() and is_super_admin().
This provides nearly the same benefits without possibly receiving a stale object from get_userdata(),
which could affect authentication, and introduce side effects for plugins.

see #21120.



git-svn-id: http://core.svn.wordpress.org/trunk@21563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-20 21:58:34 +00:00
nacin 7127ed1197 Move most instances of new WP_User to get_userdata(). see #21120.
git-svn-id: http://core.svn.wordpress.org/trunk@21413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-03 01:06:05 +00:00
nacin 174dad02bc Optimize get_user_by( 'id', $id ) to return wp_get_current_user() when the current user ID is requested.
Provides for a major performance improvement by preventing repeated instantiations of WP_User in the capabilities API.

see #21120.



git-svn-id: http://core.svn.wordpress.org/trunk@21376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-31 17:45:38 +00:00
nacin 725e0cc1df Remove $wp_secret_key_default.
With the duplicate key checks, this is isn't necessary. It could also cause problems when you
temporarily update to an English translation of a new version before going back to the locale.

see #19599.



git-svn-id: http://core.svn.wordpress.org/trunk@20691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-02 19:29:39 +00:00
duck_ 0915eb5d43 Add missing "?" to gravatar_default URL in get_avatar() to set size parameter correctly. Fixes #20512.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-22 11:45:31 +00:00
duck_ b0a975512a Don't override the $current_user global in get_currentuserinfo() on an XML-RPC request
if it's non-empty. Fixes capabilities checks for XML-RPC requests. See #20372.


git-svn-id: http://svn.automattic.com/wordpress/trunk@20424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-10 16:19:53 +00:00
ryan a831898020 When fetching the user in get_currentuserinfo(), make sure it is a valid WP_User object. If it is stdClass, upgrade it to WP_User. If it is WP_Error, an int, or anything else, set the current user to ID 0.
In wp_set_current_user(), return the current user global only if it is a WP_User object. If it is not, fall through and go about setting it up properly.

Formatting cleanups for both functions.

see #20372


git-svn-id: http://svn.automattic.com/wordpress/trunk@20410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-09 22:01:07 +00:00
nacin 2410e392b9 wp_set_current_user(0) for XMLRPC_REQUEST in get_currentuserinfo(). Ensures that wp_get_current_user() always returns a WP_User object. see #20372.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20402 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-08 01:06:44 +00:00
ryan de41bc288b Introduce WP_User::exists(). see #20372
git-svn-id: http://svn.automattic.com/wordpress/trunk@20378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-06 19:18:45 +00:00
nacin 20f416f286 Internally cache return values of wp_salt(). Always run the filter. Big performance gains on a pageload that generates hundreds of nonces. see #19599.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-07 03:41:56 +00:00
ryan 6aedd9d0f0 Split the main WP_Query posts query into two queries to avoid temp tables. Leverage cache to avoid second query in persistent cache environments. Props scribu, cheald, prettyboymp. see #18536
git-svn-id: http://svn.automattic.com/wordpress/trunk@19918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-14 15:09:35 +00:00
nacin acd0f7c375 Re-purpose wp_die() for ajax responses.
* Allows unit testing of core ajax actions.
 * wp_die() now has separate filters to choose a handler depending on the context (ajax, XML-RPC, else).
 * wp_die) in ajax context does not need to be called with a string. Conversion takes place before die().
props kurtpayne, see #15327.



git-svn-id: http://svn.automattic.com/wordpress/trunk@19801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-31 22:12:58 +00:00
nacin 017f5e4aeb Provide a DB fallback for keys in wp_salt(). Fall back when any secret is used more than once. Change how we detect a localized 'put your unique phrase here' -- eliminate $wp_default_secret_key and introduce $wp_secret_key_default to be added during the localized build process, not by translators. fixes #19599.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-27 18:52:20 +00:00
duck_ 81a7ad2c81 split was deprecated in PHP 5.3.0, so use explode instead. Props garyc40. Fixes #16325.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-09 21:20:51 +00:00
ryan 81283c0561 Update wp_salt() phpdoc. fixes #18696
git-svn-id: http://svn.automattic.com/wordpress/trunk@19725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-09 20:52:08 +00:00
ryan 83b131f8e3 User lowercase true, false, null instead of uppercase. Props c3mdigital, mfields. fixes #16302
git-svn-id: http://svn.automattic.com/wordpress/trunk@19687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:50:54 +00:00
nacin d56fe066da s/is/if/. props ocean90.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-20 22:06:34 +00:00
nacin 2454f5b0d9 Gravatar emails should be trimmed before being lowered and hashed. props evansolomon. fixes #19614.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-20 22:00:44 +00:00
ryan 07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
duck_ 424cd58652 Correct @param text ordering to put "Optional." in description, see r19019 and #18958. Also remove empty docblock tag.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-20 15:53:57 +00:00
westi 5eef6313ef Improve the parsing of email addresses in wp_mail to re-support RFC2822 nameless "<address@tld.com>" style. Fixes #18463 props kitchin and SergeyBiryukov.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-19 14:30:50 +00:00
duck_ 2f51b9be0d Fix typos in documentation (wp-includes/[i-z]). See #18560.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-05 19:08:15 +00:00
ryan 0f06334e11 Introduce metadata_exists(), WP_User::get_data_by(), WP_User::get(), WP_User::has_prop(). Don't fill user objects with meta. Eliminate data duplication in cache and memory. Props scribu. see #15458
git-svn-id: http://svn.automattic.com/wordpress/trunk@18597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-24 19:32:59 +00:00
dd32 6fa755e68e Harden up is_user_logged_in() against empty $current_user instances to prevent PHP Notices on XML-RPC requests. Fixes #18458
git-svn-id: http://svn.automattic.com/wordpress/trunk@18558 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-17 08:51:36 +00:00
ryan ec4ccf2900 Deprecate get_userdatabylogin() and get_user_by_email(). Props scribu. fixes #18333
git-svn-id: http://svn.automattic.com/wordpress/trunk@18513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-05 16:57:31 +00:00
ryan 6c81d023bb Add magic get/set/isset methods to WP_User to avoid data duplication. Standardize on WP_User::ID. Props scribu. see #15458
git-svn-id: http://svn.automattic.com/wordpress/trunk@18504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-04 03:09:27 +00:00
markjaquith f030e87cdc Throw _doing_it_wrong() when nonce action not passed to check_admin_referer(). props duck_. see #16449
git-svn-id: http://svn.automattic.com/wordpress/trunk@18195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-08 16:56:26 +00:00
westi 5e908c7190 Update wp_mail to correctly call the Address adding functions on PHPMailer for To, CC, BCC in a way which preserves our support for full RFC2822 address specifications.
Older versions of PHPMailer were not too careful about validating what we passed in to them as a plain email address - the new version expects we pass in the Name and Email address seperately.
Fixes #17305 based on a patch from dllh.

git-svn-id: http://svn.automattic.com/wordpress/trunk@18006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-23 11:14:05 +00:00
ryan 7f9f067e60 Use exceptions with phpmailer to avoid headers already sent errors. fixes #17228
git-svn-id: http://svn.automattic.com/wordpress/trunk@17753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 18:16:01 +00:00
ryan c5b47b029c Remove setcookie() back compat. Props hakre. see#16920
git-svn-id: http://svn.automattic.com/wordpress/trunk@17612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-06 17:07:59 +00:00
markjaquith b9487742e0 Improvement to check_admin_referer() when called without first argument (PLUGIN AUTHORS: STOP DOING THAT). props indie-ulf. fixes #16449 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-02-03 20:42:00 +00:00
ryan 8066547be3 Add some cookie filters to allow plugins more control over SSL cookie delivery. see #15330
git-svn-id: http://svn.automattic.com/wordpress/trunk@17227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-06 04:08:23 +00:00
dd32 9c4b151ba2 Restore pre-3.1 "Status:" header handling for IIS in wp_redirect. Revist in 3.2 to see if it's still required. Fixes #10187
git-svn-id: http://svn.automattic.com/wordpress/trunk@16907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-14 10:15:31 +00:00
nacin 09e076b152 Remove unnecessary space. props demetris, JohnPBloch. fixes #12797.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-06 22:56:47 +00:00
nacin de65e1f2f3 Fix arin whois link. props ozh. @todo consider its removal. see #15281.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 00:54:22 +00:00
nacin 81a8f2d3ce Use square brackets instead of braces for string access. props hakre, fixes #13900.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-13 09:53:55 +00:00
nacin d974a35fb0 Don't notify the author when they posted or moderated the comment. fixes #12774.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-11 16:28:49 +00:00
ryan 0a0d648660 Send moderation emails to post author. see #6286
git-svn-id: http://svn.automattic.com/wordpress/trunk@16223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-06 15:20:50 +00:00
ryan 98c65bd2f7 Don't fire wp_notify_postauthor() when the author moderated the comment. Props mrmist. fixes #12774
git-svn-id: http://svn.automattic.com/wordpress/trunk@16208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-05 15:36:04 +00:00
ryan 9c31fd7c70 First pass of user admin. Network admin and screen cleanups. see #14696
git-svn-id: http://svn.automattic.com/wordpress/trunk@15746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-07 19:34:18 +00:00
dd32 9ce6d04ffb Retire IIS 3,4,5 Set-Cookie redirection workaround. See [2436] for original implementation. See #10187
git-svn-id: http://svn.automattic.com/wordpress/trunk@15682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-02 04:02:24 +00:00
ryan b482fe4499 Link directly to comment in email notification. Props lancewillett. fixes #12797
git-svn-id: http://svn.automattic.com/wordpress/trunk@15553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-08-31 18:24:41 +00:00
ryan 977102dbb1 Typo fix. Props pedger, mattsains. fixes #13740
git-svn-id: http://svn.automattic.com/wordpress/trunk@15149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-06 14:44:48 +00:00
ryan 1a552dd029 Strip trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@14924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-26 02:42:15 +00:00
ryan 2a99808ad2 Email messages should be plain text. Props arena. see #13488
git-svn-id: http://svn.automattic.com/wordpress/trunk@14803 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-22 13:48:38 +00:00
nacin e85693b8a9 False alarm, something else is going on here. Revert [14780], restore [14695]. see #13317.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-21 15:08:07 +00:00
nacin 39af37992a Revert [14695]. We need to be a bit less strict. see #13317.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-21 15:03:54 +00:00