Commit Graph

62 Commits

Author SHA1 Message Date
Adam Silverstein e3d280ffd8 Users: prevent saving empty passwords, trim space from password ends on save.
Fix an issue where users could save a password with only spaces, or spaces at the beginning or end of their password, preventing them from logging in.

Props ronakganatra, 1naveengiri, ajensen, oolleegg55, bookdude13, nrqsnchz, aristath.
Fixes #42766.


Built from https://develop.svn.wordpress.org/trunk@49118


git-svn-id: http://core.svn.wordpress.org/trunk@48880 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-10 16:51:07 +00:00
Dominik Schilling 2fab13ae3e I18N: Use `wp.i18n` for translatable strings in `wp-admin/js/user-profile.js`.
This removes the usage of `wp_localize_script()` for passing translations to the script and instead adds the translatable strings in the script directly through the use of `wp.i18n` and its utilities.

Props swissspidy, ocean90.
See #20491.
Fixes #50527.
Built from https://develop.svn.wordpress.org/trunk@48270


git-svn-id: http://core.svn.wordpress.org/trunk@48039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-01 20:38:01 +00:00
desrosj 4b60af1a6a General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121


git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00
Sergey Biryukov 49007e52bc Build/Test Tools: Add banner to RTL CSS and minified JS files.
Patches occasionally come in on generated files. We should be kind to new contributors and give them a hint that these files are auto-generated.

This is a follow-up to [41271], which added the banner to minified CSS files.

Fixes #48424. See #30666.
Built from https://develop.svn.wordpress.org/trunk@46589


git-svn-id: http://core.svn.wordpress.org/trunk@46386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-26 00:17:07 +00:00
Aaron Jorbin 0e21d32900 Build/Test: Bump devDependencies for WordPress 5.3
This upgrades a number of devDependencies.  Some of these include changes to how the tasks are configured.

Uglify: There are deprecated options from 2.x to 4.x, see: https://github.com/gruntjs/grunt-contrib-uglify#options

Autoprefixer: Browserslist now warns when passing in the browser list, so that is put into package.json

As with most changes to uglify, this changes every minified JS file.

Fixes #48203.



Built from https://develop.svn.wordpress.org/trunk@46408


git-svn-id: http://core.svn.wordpress.org/trunk@46206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-05 19:49:10 +00:00
Andrea Fercia 0d75495612 Login and Registration: Add a "Show password" button on the login page.
The ability for users to see the password they're typing improves usability and accessibility of the login users flow.

- brings the login screen in line with the same feature already used in the New User, Edit User, and Reset Password pages
- improves association of labels and input fields by using explicit association with `for` / `id` attributes
- slightly increases the "Remember me" label font size

Props johnbillion, Iceable, audrasjb, joyously, adamsilverstein, boemedia, DrewAPicture, shadyvb, birgire, peterwilsoncc, pento, anevins, davidbaumwald, whyisjake, afercia.
Fixes #42888.

Built from https://develop.svn.wordpress.org/trunk@46256


git-svn-id: http://core.svn.wordpress.org/trunk@46068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-23 18:06:57 +00:00
Adam Silverstein a3eba2c201 Login and Registration: reset password - ensure submit button disabled when field empty.
Fix an issue where the submit button was enabled with an empty password when the user previously checked "Confirm use of weak password" for a weak password, then cleared the password field.

Props henry.wright.
Fixes #47924.


Built from https://develop.svn.wordpress.org/trunk@46103


git-svn-id: http://core.svn.wordpress.org/trunk@45915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-13 18:30:55 +00:00
Andrea Fercia ca53eac85e Accessibility: Improve the password form buttons accessibility.
- makes the "Cancel" button always visible: this allows to generate a new password also on small screens
- moves focus back to the Generate Password button when closing the form
- changes the password reset show/hide button from a clickable `<span>` element to a real `<button>` element
- improves the CSS

Props janak007, afercia.
Fixes #42853.

Built from https://develop.svn.wordpress.org/trunk@44895


git-svn-id: http://core.svn.wordpress.org/trunk@44726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-13 23:37:57 +00:00
Gary Pendergast 2772e5ec06 Admin: Don't use the `keyup` event in addition to the `input` event.
The `keyup` event was used to provide support for IE8, where which doesn't support the `input` event. As we dropped IE8 support some time ago, this was simply adding unnecessary complexity and double-event triggers.

Props dlh, afercia.
Fixes #32882.


Built from https://develop.svn.wordpress.org/trunk@44539


git-svn-id: http://core.svn.wordpress.org/trunk@44370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-10 02:57:50 +00:00
Adam Silverstein 220d5aec74 Login: Password reset - add hide icon & confirm weak password checkbox.
Extends the password features added in 4.3 to the password reset flow.

Props johnbillion, manolis09, umesh.nevase, Nikschavan.


Built from https://develop.svn.wordpress.org/trunk@41556


git-svn-id: http://core.svn.wordpress.org/trunk@41389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-21 21:29:48 +00:00
Adam Silverstein cb2eac9e06 Users: Update name in toolbar when changing user display name.
When changing the user name in Users -> Your Profile, update the name displayed in the toolbar dynamically using JavaScript.

Props menakas, lukecavanagh, maguiar.
Fixes #40342.


Built from https://develop.svn.wordpress.org/trunk@40657


git-svn-id: http://core.svn.wordpress.org/trunk@40520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-12 20:06:42 +00:00
Aaron Jorbin 32be6f7bb7 Bump grunt-contrib-uglify from 1.0.1 to 2.0.0
Sets `screwIE8` to false as it is now enabled by default

Files Changed:
build/wp-admin/js/customize-nav-menus.min.js
build/wp-admin/js/customize-widgets.min.js
build/wp-includes/js/customize-loader.min.js

Changelog:
2016-07-19   v2.0.0   Update uglify-js to v2.7.0. screwIE8 is enabled by default.
2016-07-19   v1.0.2   Update grunt to ^1.0.0. Fix beautify when passed as an object. Fix docs about report values.

See #38199.


Built from https://develop.svn.wordpress.org/trunk@39117


git-svn-id: http://core.svn.wordpress.org/trunk@39059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 05:40:34 +00:00
Sergey Biryukov 2b5d7555b4 Users: After [33766], don't reset the password when clicking "Show Password" and then "Cancel" on Add New User screen.
Props smerriman for reporting.
Fixes #37902. See #33419.
Built from https://develop.svn.wordpress.org/trunk@38494


git-svn-id: http://core.svn.wordpress.org/trunk@38435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-01 12:24:29 +00:00
Peter Wilson 26c07ed8d9 Users: Check zxcvbn is defined before calling.
Prevents JavaScript errors by checking zxcvbn is defined before calling.

Changes `wp.passwordStrength.meter()` to return `-1` if the strength of the password is unknown.

On the user profile screen, `generatePassword()` checks if the user has entered the password before setting the value of the password input box.

Props peterwilsoncc, adamsilverstein.
Fixes #34905.

Built from https://develop.svn.wordpress.org/trunk@37940


git-svn-id: http://core.svn.wordpress.org/trunk@37881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-01 12:45:29 +00:00
Pascal Birchler 5fa8ea8c6b Passwords: Hide weak password confirmation checkbox when password strength improves.
Props subharanjan for initial patch.
Fixes #34950.
Built from https://develop.svn.wordpress.org/trunk@35870


git-svn-id: http://core.svn.wordpress.org/trunk@35834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-11 21:54:27 +00:00
Dominik Schilling 7f3082491d Passwords: Re-enable password fields before submitting the form.
Avoids an PHP undefined notice when creating new users.

Fixes #33699.
Built from https://develop.svn.wordpress.org/trunk@35733


git-svn-id: http://core.svn.wordpress.org/trunk@35697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-24 21:17:27 +00:00
Dominik Schilling 9df7c4edea Passwords: Only disable hidden password fields if they are really hidden.
Makes the password field on install and for password resets editable again. Both fields were accidentally set to disabled in [35603].

Props adamsilverstein, flixos90.
Fixes #33699.
Built from https://develop.svn.wordpress.org/trunk@35649


git-svn-id: http://core.svn.wordpress.org/trunk@35613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-16 20:49:26 +00:00
Dominik Schilling 66dee42444 Passwords: Disable hidden input fields on profile/user edit page.
Prevents an issue where password helpers would autofill the hidden password fields and inadvertently causing password changes when editing other fields on the profile page.

Props adamsilverstein.
Fixes #33699.
Built from https://develop.svn.wordpress.org/trunk@35603


git-svn-id: http://core.svn.wordpress.org/trunk@35567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-10 20:41:26 +00:00
Scott Taylor fa58223b49 Profile: when clicking "Generate Password", toggling visibility, then canceling, ensure that the UI resets properly for when the "Generate Password" button is clicked again.
Props umesh.nevase.
Fixes #33897.

Built from https://develop.svn.wordpress.org/trunk@34539


git-svn-id: http://core.svn.wordpress.org/trunk@34503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 13:54:24 +00:00
Scott Taylor 39552b63ca Passwords: fix the markup on the Reset Password Form for `user-pass1` so the JavaScript operates properly.
Props ldinclaux.
See #33892.
Fixes #33908.

Built from https://develop.svn.wordpress.org/trunk@34371


git-svn-id: http://core.svn.wordpress.org/trunk@34335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 03:57:24 +00:00
Scott Taylor c43f72fbfb Profile: when clicking "Cancel" after clicking "Generate Password", request and generate a new password to present to the user.
Props adamsilverstein, wonderboymusic.
Fixes #33450.

Built from https://develop.svn.wordpress.org/trunk@34312


git-svn-id: http://core.svn.wordpress.org/trunk@34276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 20:14:24 +00:00
Dominik Schilling d36ffeb160 Passwords: Trigger a `wp-check-valid-field` event when the password field is filled with a password by `generatePassword()`.
Updates event handler in `wpAjax.invalidateForm()` to support `wp-check-valid-field`.

See #33406.
Built from https://develop.svn.wordpress.org/trunk@34114


git-svn-id: http://core.svn.wordpress.org/trunk@34082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 10:39:27 +00:00
Andrew Ozz e1ccdf760e Settings: properly set the password field label on loading.
See #33778.
Built from https://develop.svn.wordpress.org/trunk@34062


git-svn-id: http://core.svn.wordpress.org/trunk@34030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 23:05:24 +00:00
Andrew Ozz 0406f50cfb Settings: reassign the label when switching password fields so it always highlights the visible field.
Props umesh.nevase.
Fixes #33778 for trunk.
Built from https://develop.svn.wordpress.org/trunk@34061


git-svn-id: http://core.svn.wordpress.org/trunk@34029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 22:52:26 +00:00
Dominik Schilling efcdeea2f1 Passwords: Refresh password fields when content is pasted into fields.
Use feature detection to determine whether password inputs should use the `keyup` or `input` event.

Props peterwilsoncc, adamsilverstein.
Fixes #33398.
Built from https://develop.svn.wordpress.org/trunk@34060


git-svn-id: http://core.svn.wordpress.org/trunk@34028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 21:52:27 +00:00
Sergey Biryukov be59078ef8 Prevent unintended password change after clicking "Generate Password" and then "Cancel" when editing a user profile.
props peterwilsoncc.
fixes #33419 for trunk.
Built from https://develop.svn.wordpress.org/trunk@33766


git-svn-id: http://core.svn.wordpress.org/trunk@33734 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-27 00:11:21 +00:00
Konstantin Obenland 69146f6b10 Passwords: Use `keyup` event to prevent IE8's misinterpretation of `propertychange`.
Props adamsilverstein, peterwilsoncc.
Fixes #33385.


Built from https://develop.svn.wordpress.org/trunk@33625


git-svn-id: http://core.svn.wordpress.org/trunk@33592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-17 18:46:25 +00:00
Mark Jaquith 61dd2bfdde Persist (and mask) the password on the install screen if the install does not proceed due to errors.
If you forget or enter an invalid username/e-mail, the password choosing shouldn't start over.

fixes #33162
Built from https://develop.svn.wordpress.org/trunk@33495


git-svn-id: http://core.svn.wordpress.org/trunk@33462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 19:22:26 +00:00
Mark Jaquith bca4465edf Do not re-generate the password after pressing "cancel". Persist the state.
Also removes pass2 code not needed since we're generating from one field.

fixes #33164
Built from https://develop.svn.wordpress.org/trunk@33475


git-svn-id: http://core.svn.wordpress.org/trunk@33442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 04:30:24 +00:00
Mark Jaquith 0217951e44 Re-work user-profile.js so the password meter works in IE8 and password managers can fill multiple times.
props adamsilverstein
fixes #32886
Built from https://develop.svn.wordpress.org/trunk@33473


git-svn-id: http://core.svn.wordpress.org/trunk@33440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 03:27:25 +00:00
Mark Jaquith 959f36699b Lose the clunky `setTimeout()` code and just track the password value changes.
see #32886
Built from https://develop.svn.wordpress.org/trunk@33465


git-svn-id: http://core.svn.wordpress.org/trunk@33432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-28 21:11:26 +00:00
Scott Taylor d92795db13 Passwords UI: clean up the new JS in `wp-admin/js/user-profile.js`.
Instead of wrapping `#pass1` in a `<span>` dynamically, add the `<span>` to the HTML in PHP. It currently has no styling.

Fixes #33145.

Built from https://develop.svn.wordpress.org/trunk@33450


git-svn-id: http://core.svn.wordpress.org/trunk@33417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-27 21:25:25 +00:00
Mark Jaquith 5abcb6938c Toggle between dashicons-hidden and dashicons-visibility in the password hide/show button.
fixes #33135
Built from https://develop.svn.wordpress.org/trunk@33438


git-svn-id: http://core.svn.wordpress.org/trunk@33405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-27 03:13:24 +00:00
Mark Jaquith 9682eb0108 Do not propagate empty passwords from the hidden form field.
fixes #32886
Built from https://develop.svn.wordpress.org/trunk@33384


git-svn-id: http://core.svn.wordpress.org/trunk@33353 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-23 05:00:25 +00:00
Mark Jaquith 1ef40251b9 Introduce a Cancel button and onUnload warning for password changes.
fixes #33079
props johnjamesjacoby
Built from https://develop.svn.wordpress.org/trunk@33364


git-svn-id: http://core.svn.wordpress.org/trunk@33336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 18:36:24 +00:00
Mark Jaquith ae03a8a0a2 Make password field toggling work in IE8, and clean up a bunch of password CSS issues.
fixes #32886
props peterwilsoncc, adamsilverstein
Built from https://develop.svn.wordpress.org/trunk@33362


git-svn-id: http://core.svn.wordpress.org/trunk@33334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 16:56:27 +00:00
Konstantin Obenland 45bfab3aa8 Passwords: Add password strength meter feedback for screen readers.
Also gives context to the show/hide button.

Props rianrietveld, afercia.
Fixes #33032.


Built from https://develop.svn.wordpress.org/trunk@33353


git-svn-id: http://core.svn.wordpress.org/trunk@33325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 00:15:25 +00:00
Konstantin Obenland e4305c7b28 Passwords: Make show/hide toggle translatable.
See #32589.

Built from https://develop.svn.wordpress.org/trunk@33249


git-svn-id: http://core.svn.wordpress.org/trunk@33221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 22:35:24 +00:00
Dominik Schilling 153511f78f Password UI: The non-breaking space doesn't need to be translatable. Add some context to password strength strings.
see #32589.
Built from https://develop.svn.wordpress.org/trunk@33166


git-svn-id: http://core.svn.wordpress.org/trunk@33138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-11 20:48:24 +00:00
Mark Jaquith 504101460f Slow down on calling zxcvbn if it isn't loaded.
see #32589
Built from https://develop.svn.wordpress.org/trunk@33033


git-svn-id: http://core.svn.wordpress.org/trunk@33004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 18:13:24 +00:00
Mark Jaquith cb93e24c62 Add a missing "var". see #32589
Built from https://develop.svn.wordpress.org/trunk@33031


git-svn-id: http://core.svn.wordpress.org/trunk@33002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 17:16:25 +00:00
Mark Jaquith 423a1a7ca4 New password change/set UI.
* Generate the password for the user
* More tightly integrate password strength meter
* Warn on weak passwords

see #32589

props MikeHansenMe, adamsilverstein, binarykitten
Built from https://develop.svn.wordpress.org/trunk@33023


git-svn-id: http://core.svn.wordpress.org/trunk@32994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 14:48:24 +00:00
Sergey Biryukov 109295cdd4 When creating a new user, pasting a password should update the password strength indicator.
props dipesh.kakadiya.
fixes #31226.
Built from https://develop.svn.wordpress.org/trunk@31483


git-svn-id: http://core.svn.wordpress.org/trunk@31464 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-20 13:05:27 +00:00
Sergey Biryukov f166a51809 Update body class when switching between admin color schemes.
props valendesigns.
fixes #30488.
Built from https://develop.svn.wordpress.org/trunk@31400


git-svn-id: http://core.svn.wordpress.org/trunk@31381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-10 02:23:28 +00:00
Andrew Nacin 23f4b0f62f Updates to the 'Log out everywhere' implementation.
* Include a message and a disabled button when you're only logged in at one location.
 * Avoid leaking the session token in HTML.
 * Simplify, simplify, simplify.

see #30264.

Built from https://develop.svn.wordpress.org/trunk@30888


git-svn-id: http://core.svn.wordpress.org/trunk@30878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-16 09:15:23 +00:00
John Blackbourn c02845330e Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions. Only appears when there are applicable sessions which can be cleared.
See #30264.
Props jorbin, ocean90, johnbillion


Built from https://develop.svn.wordpress.org/trunk@30333


git-svn-id: http://core.svn.wordpress.org/trunk@30332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 15:21:21 +00:00
Andrew Nacin 12a64b39db Fix the conditional enqueueing/printing of colors stylesheets, without breaking dependencies.
fixes #18380.
see #20729 which should properly fix this.

Built from https://develop.svn.wordpress.org/trunk@27111


git-svn-id: http://core.svn.wordpress.org/trunk@26978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-06 22:16:11 +00:00
Scott Taylor 0347a8944e Update the versions of several `devDependencies` in `package.json`. `grunt-cssjanus` has been updated to `0.2.2`, we no longer need the fork. Run `npm install` to receive updates for `node_modules` in the project root.
Props yoavf, TobiasBg.
Fixes #26073.


Built from https://develop.svn.wordpress.org/trunk@27053


git-svn-id: http://core.svn.wordpress.org/trunk@26927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-29 04:43:30 +00:00
Andrew Nacin c09252b950 Core updates for the new color schemes.
* Update about page, there's now 8.
 * Display them four wide, not three, and ensure adequate spacing.
 * Use a dedicated nonce.
 * Push Light to the front in addition to Default.
 * Use user-profile.js on about.php. A few extra things are initialized but they are harmless.

see #26468, #26387.

Built from https://develop.svn.wordpress.org/trunk@26776


git-svn-id: http://core.svn.wordpress.org/trunk@26663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-07 07:46:21 +00:00
Andrew Nacin 0617feaa30 Final SVG painter fixes.
* wp.svgPainter and now moved to wp-admin.
 * Restore !important background-image handling.
 * Delay executing the IE9-specific base64 code if we don't need it.
 * Make painted icons lose their color after hover at the same speed as dashicons (100ms).

props azaozz.
fixes #26333.

Built from https://develop.svn.wordpress.org/trunk@26693


git-svn-id: http://core.svn.wordpress.org/trunk@26583 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-05 22:01:10 +00:00