Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
34,157 Commits 48 Branches 718 Tags 891 MiB
Commit Graph

411 Commits

Author SHA1 Message Date
Peter Wilson 42e2569843 Multisite: Improve messaging for previously activated users. 
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@44029


git-svn-id: http://core.svn.wordpress.org/branches/4.5@43859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-12-13 00:47:20 +00:00
Dominik Schilling f59a558d1f Login: Use `wp_safe_redirect()` when redirecting the login page if forced to use HTTPS. 
Merge of [42892] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@42899


git-svn-id: http://core.svn.wordpress.org/branches/4.5@42729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:31:11 +00:00
John Blackbourn 030d6166f9 General: Backport PHP 7.1 fixes to the 4.5 branch to avoid fatal errors and warnings. 
Props simonvik, ayeshrajans

See #41135

Built from https://develop.svn.wordpress.org/branches/4.5@41128


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40968 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-07-24 22:25:32 +00:00
Jeremy Felt 27e29666a8 Multisite: Handle redirect to a user's subdomain properly during login 
`wp-login.php` uses `wp_safe_redirect()` for all redirects, even those that do not involve unsafe data from the request or referer.

When a user of a subdomain site attempts to login to a network site they do not have access to, the host in the redirect URL is treated as unsafe by `wp_safe_redirect()` as it has no immediate awareness as to which hosts are valid on the network. On a subdirectoy network, everything works as expected because the host is the same.

In this specific block of `wp-login.php`, all URLs are generated by WordPress and we can use `wp_redirect()` to handle the redirects. Users authenticating via other network sites will now be redirected properly. Hosts passed via the `redirect_to` query var will continue to be handled by `wp_safe_redirect()`.

Fixes #30598.

Built from https://develop.svn.wordpress.org/trunk@36867


git-svn-id: http://core.svn.wordpress.org/trunk@36834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-06 03:06:29 +00:00
Dominik Schilling 7ebe2c1e7a Authentication: Allow users to log in using their email address. 
Introduces `wp_authenticate_email_password()` which is hooked into `authenticate` after `wp_authenticate_username_password()`.

Props Denis-de-Bernardy, ericlewis, vhomenko, MikeHansenMe, swissspidy, ocean90.
Fixes #9568.
Built from https://develop.svn.wordpress.org/trunk@36617


git-svn-id: http://core.svn.wordpress.org/trunk@36584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-22 23:15:27 +00:00
Sergey Biryukov 6e60f8b6f8 Login: In `login_header()`, use correct separator for RTL locales. 
Props ramiy.
Fixes #35737.

Built from https://develop.svn.wordpress.org/trunk@36487


git-svn-id: http://core.svn.wordpress.org/trunk@36454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-06 22:56:27 +00:00
Dion Hulse 987ce83cfc CSS: Stop using `wp-admin.min.css` and instead queue the individual stylesheets up through `load-styles.php`. 
We still generate the `wp-admin.*` files for compabitility purposes, however they only include the `@import()` lines.

Fixes #35229

Built from https://develop.svn.wordpress.org/trunk@36341


git-svn-id: http://core.svn.wordpress.org/trunk@36308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-01-18 09:57:29 +00:00
John Blackbourn d4eb85569b Login: Revert [34213] and [35897]. It has become apparent that there is a need for a separate function (and corresponding filter) which allows for the login form action URL to differ from the URL used to access the login form, so that plugins or implementations which change the login URL do not need to worry about handling the form submission at the same URL. 
For now, we'll revert to the pre-4.4 behaviour of hard-coding the login form action URL as `wp-login.php` and look at implementing a separate function and corresponding filter in 4.5.

Props KrissieV, salcode, JPry
Fixes #34925
See #35103

Built from https://develop.svn.wordpress.org/trunk@36042


git-svn-id: http://core.svn.wordpress.org/trunk@36007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-21 03:23:29 +00:00
Pascal Birchler 2981d66990 Login: After [34213], use the `login_post` scheme again for login forms. 
See #34925.
Built from https://develop.svn.wordpress.org/trunk@35897


git-svn-id: http://core.svn.wordpress.org/trunk@35861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-13 14:03:26 +00:00
Drew Jaynes b3d28ad0b9 Administration: Improve the message displayed in the login form modal when a user's session has expired. 
Props obrienlabs.
Fixes #34340.

Built from https://develop.svn.wordpress.org/trunk@35865


git-svn-id: http://core.svn.wordpress.org/trunk@35829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-11 16:01:28 +00:00
Andrea Fercia 2ae5db3856 Accessibility: remove no-purpose title attributes from the login screen. 
Also, it's hard to convey the ironic tone of the sentences used for these title attributes in languages other than English.

Fixes #34943.
Built from https://develop.svn.wordpress.org/trunk@35846


git-svn-id: http://core.svn.wordpress.org/trunk@35810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-09 22:20:29 +00:00
Sergey Biryukov 788ea5ba5a Reset Password: Improve wording for a string used in password reset email. 
Props obrienlabs.
Fixes #34605.
Built from https://develop.svn.wordpress.org/trunk@35559


git-svn-id: http://core.svn.wordpress.org/trunk@35523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-06 22:36:25 +00:00
Drew Jaynes ad6a1303dc Login: Pass the username and `WP_User` object to the `retrieve_password_title` filter. 
Adding these parameters creates parity with the `retrieve_password_message` filter, used for modifying the message body of the same password reset email.

Props sudar.
Fixes #34252.

Built from https://develop.svn.wordpress.org/trunk@35093


git-svn-id: http://core.svn.wordpress.org/trunk@35058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-13 00:51:24 +00:00
John Blackbourn d2416ca93a Correctly set the `secure` flag on the post password cookie based on the scheme of the referring URL, if it's available, instead of the home URL. 
Fixes #29641

Built from https://develop.svn.wordpress.org/trunk@34932


git-svn-id: http://core.svn.wordpress.org/trunk@34897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-08 03:09:24 +00:00
John Blackbourn 95045d629b Correctly set the `secure` flag for the test cookie based on the login URL scheme, and the same for the user settings cookies based on the admin URL scheme. 
Fixes #34159

Built from https://develop.svn.wordpress.org/trunk@34931


git-svn-id: http://core.svn.wordpress.org/trunk@34896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-08 03:05:25 +00:00
Sergey Biryukov 399c1f3c83 Reset Password: Move the code for creating password reset key into a new function, `get_password_reset_key()`, and use it in `retrieve_password()`. 
Previously: [25231].

Props DH-Shredder.
Fixes #34180.
Built from https://develop.svn.wordpress.org/trunk@34923


git-svn-id: http://core.svn.wordpress.org/trunk@34888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-08 00:11:24 +00:00
John Blackbourn 471752f59a Prevent a PHP notice when POSTing to `wp-login.php?action=register` without a `user_login` or `user_email` field in the POST request. 
Fixes #34192

Built from https://develop.svn.wordpress.org/trunk@34910


git-svn-id: http://core.svn.wordpress.org/trunk@34875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-07 14:43:25 +00:00
John Blackbourn 2d745fabe3 Prevent a PHP notice from appearing on `wp-login.php?action=postpass` when there's no `$_POST['post_password']` parameter. Redirects to the referer if there is one (if there isn't one it'll just exit with a blank screen; no need for a user-friendly error message here). 
Fixes #34160
Props iamfriendly

Built from https://develop.svn.wordpress.org/trunk@34909


git-svn-id: http://core.svn.wordpress.org/trunk@34874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-07 14:30:25 +00:00
Drew Jaynes fa4fed0f80 Login: Pass the `$errors` object as a parameter to the `lostpassword_post` hook. 
Props iamfriendly.
Fixes #32116.

Built from https://develop.svn.wordpress.org/trunk@34885


git-svn-id: http://core.svn.wordpress.org/trunk@34850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-06 23:00:25 +00:00
Scott Taylor 39552b63ca Passwords: fix the markup on the Reset Password Form for `user-pass1` so the JavaScript operates properly. 
Props ldinclaux.
See #33892.
Fixes #33908.

Built from https://develop.svn.wordpress.org/trunk@34371


git-svn-id: http://core.svn.wordpress.org/trunk@34335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-22 03:57:24 +00:00
Sergey Biryukov 19bcadf2a6 Reset Password: Move `<div>` out of `<p>` in `wp-login.php`. 
Props ldinclaux.
Fixes #33892.
Built from https://develop.svn.wordpress.org/trunk@34232


git-svn-id: http://core.svn.wordpress.org/trunk@34196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-16 11:46:25 +00:00
John Blackbourn a9e5cfddc7 Implement `wp_login_url()` and `wp_registration_url()` in places where `wp-login.php` is currently hard-coded. 
See #31495
Props GregLone

Built from https://develop.svn.wordpress.org/trunk@34213


git-svn-id: http://core.svn.wordpress.org/trunk@34177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-15 17:11:35 +00:00
John Blackbourn 3361f90a1c When a user with no role logs in, redirect them to the home page rather than their profile screen which they do not have access to. 
See #25162

Built from https://develop.svn.wordpress.org/trunk@33924


git-svn-id: http://core.svn.wordpress.org/trunk@33893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-05 21:34:24 +00:00
Helen Hou-Sandí 1f500055a6 Drop the hyphen from e-mail and standardize on email. 
The AP Stylebook changed this in 2011, and we're woefully inconsistent, so let's go with the standard.

props morganestes, voldemortensen, niallkennedy (for patching on the previous AP style).
fixes #26156.

Built from https://develop.svn.wordpress.org/trunk@33774


git-svn-id: http://core.svn.wordpress.org/trunk@33742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-28 03:17:21 +00:00
Mark Jaquith 69107095b7 Autogenerate passwords that more reliably fit within their inputs. 
fixes #33166
Built from https://develop.svn.wordpress.org/trunk@33474


git-svn-id: http://core.svn.wordpress.org/trunk@33441 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-29 03:56:24 +00:00
Scott Taylor d92795db13 Passwords UI: clean up the new JS in `wp-admin/js/user-profile.js`. 
Instead of wrapping `#pass1` in a `<span>` dynamically, add the `<span>` to the HTML in PHP. It currently has no styling.

Fixes #33145.

Built from https://develop.svn.wordpress.org/trunk@33450


git-svn-id: http://core.svn.wordpress.org/trunk@33417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-27 21:25:25 +00:00
Konstantin Obenland 45bfab3aa8 Passwords: Add password strength meter feedback for screen readers. 
Also gives context to the show/hide button.

Props rianrietveld, afercia.
Fixes #33032.


Built from https://develop.svn.wordpress.org/trunk@33353


git-svn-id: http://core.svn.wordpress.org/trunk@33325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-22 00:15:25 +00:00
Konstantin Obenland 1f18ef86a3 Login: Reflect new password flow in registration form. 
Props Ipstenu.
Fixes #32428.


Built from https://develop.svn.wordpress.org/trunk@33265


git-svn-id: http://core.svn.wordpress.org/trunk@33237 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-14 16:08:25 +00:00
Konstantin Obenland f020fab7ef Password: Improve display of password meter on login screen. 
Fixes #32925.

Built from https://develop.svn.wordpress.org/trunk@33251


git-svn-id: http://core.svn.wordpress.org/trunk@33223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-14 03:32:24 +00:00
Mark Jaquith 04793dce34 Fix small typo from [33019]. 
see #32429
Built from https://develop.svn.wordpress.org/trunk@33034


git-svn-id: http://core.svn.wordpress.org/trunk@33005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-01 18:16:24 +00:00
Mark Jaquith 423a1a7ca4 New password change/set UI. 
* Generate the password for the user
* More tightly integrate password strength meter
* Warn on weak passwords

see #32589

props MikeHansenMe, adamsilverstein, binarykitten
Built from https://develop.svn.wordpress.org/trunk@33023


git-svn-id: http://core.svn.wordpress.org/trunk@32994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-01 14:48:24 +00:00
Dion Hulse c261ad2c57 Expire password reset links after 24 hours (by default). This causes existing password reset links to become invalid. 
Props markjaquith, voldemortensen, johnbillion, MikeHansenMe, dd32
See #32429

Built from https://develop.svn.wordpress.org/trunk@33019


git-svn-id: http://core.svn.wordpress.org/trunk@32990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-01 06:33:26 +00:00
Scott Taylor 42d51a4f89 Add doc blocks to functions that are missing them. 
If the function has no need for `@param` or `@return`, do an archeaological dig to find `@since`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32672


git-svn-id: http://core.svn.wordpress.org/trunk@32642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-05-31 03:18:25 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org. 
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-04-12 21:29:32 +00:00
John Blackbourn 7c5fc2debb Implement an `aria-describedby` attribute for login screen errors, and improve the "Forgot password?" anchor text. 
Props aferica, rianrietveld
Fixes #31143

Built from https://develop.svn.wordpress.org/trunk@31871


git-svn-id: http://core.svn.wordpress.org/trunk@31850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-03-24 16:29:26 +00:00
John Blackbourn 35f4e719b2 Introduce a `logout_redirect` filter so the redirect destination can be changed when a user logs out. Parameters: 
* string  $redirect_to           The redirect destination URL.
 * string  $requested_redirect_to The requested redirect destination URL passed as a parameter.
 * WP_User $user                  The WP_User object for the user that's logging out. 

Fixes #27617
Props SergeyBiryukov, johnbillion

Built from https://develop.svn.wordpress.org/trunk@31417


git-svn-id: http://core.svn.wordpress.org/trunk@31398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-02-11 19:19:26 +00:00
Scott Taylor 60b0cd7943 The keyword `elseif` should be used instead of `else if` so that all control keywords look like single words. 
This was a mess, is now standardized across the codebase, except for a few 3rd-party libs. 

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31090


git-svn-id: http://core.svn.wordpress.org/trunk@31071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-08 07:05:25 +00:00
Andrew Nacin 741e0ec6de No need for wp_get_password_hint() to be prefixed as if it is private. 
see #21243.

Built from https://develop.svn.wordpress.org/trunk@30855


git-svn-id: http://core.svn.wordpress.org/trunk@30845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-12-15 08:34:23 +00:00
Drew Jaynes ab3856619e Docs Formatting: Backtick-escape inline code for the `login_form_ . $action` dynamic hook in wp-login.php. 
See #30552.

Built from https://develop.svn.wordpress.org/trunk@30651


git-svn-id: http://core.svn.wordpress.org/trunk@30641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-11-30 11:45:23 +00:00
Drew Jaynes 4b6abbaff4 Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented. 
Affects DocBlocks for the following core elements:
* Backtick-escape code snippets in the description for `get_object_taxonomies()`
* Backtick-escape inline code in a markdown-formatted unordered list in the description for `get_taxonomy_labels()`
* Remove an HTML tag from the summary for the `Walker_Category_Checklist` class
* Remove an HTML tag from the summary for `wp_category_checklist()`, various formatting
* Remove an HTML tag from the summary for `wp_terms_checklist()`
* Backtick-escape an HTML tag in the description for `wp_popular_terms_checklist()`
* Remove HTML tags from the summaries for `page_template_dropdown()`, `parent_dropdown()`, and `wp_dropdown_roles()`
* Backtick-escape HTML tags in a parameter description for `add_settings_error()`
* Various formatting in the description and summary for `settings_errors()`
* Markdown-indent code snippets in the descriptions for `wpdb::prepare()`, `wpdb::insert()`, `wpdb::replace()`, `wpdb::update()`, and `wpdb::delete()`
* Backtick-escape an HTML tag in a parameter description for `login_header()`
* Remove HTML tags from the summaries for the `lostpassword_form` and `signup_header` hooks

Props rarst.
See #30473.

Built from https://develop.svn.wordpress.org/trunk@30546


git-svn-id: http://core.svn.wordpress.org/trunk@30535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-11-24 06:31:21 +00:00
Andrew Nacin b271e36f47 Form validation for password resets. 
Built from https://develop.svn.wordpress.org/trunk@30417


git-svn-id: http://core.svn.wordpress.org/trunk@30412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-11-20 12:22:22 +00:00
John Blackbourn 066ee3b2b7 Add `$user_login` and `$user_data` parameters to the `retrieve_password_message` filter. 
Props ivankristianto, dcavins
Fixes #25853

Built from https://develop.svn.wordpress.org/trunk@30357


git-svn-id: http://core.svn.wordpress.org/trunk@30356 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-11-16 07:25:22 +00:00
Drew Jaynes 66c47f29bb Correct references of `@uses $wpdb` in core documentation to use `@global`. 
See #30191, [30105].
Fixes #30217.

Built from https://develop.svn.wordpress.org/trunk@30122


git-svn-id: http://core.svn.wordpress.org/trunk@30122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-10-31 17:56:22 +00:00
John Blackbourn b1ba80de87 Rename `_wp_password_hint()` to `_wp_get_password_hint()` to bring it inline with core terminology. Fixes #21243. 
Built from https://develop.svn.wordpress.org/trunk@30033


git-svn-id: http://core.svn.wordpress.org/trunk@30033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-10-26 23:30:18 +00:00
Sergey Biryukov 0eb758720a Move password hint text to a function. Add 'password_hint' filter. 
props convissor.
fixes #21243.
Built from https://develop.svn.wordpress.org/trunk@29962


git-svn-id: http://core.svn.wordpress.org/trunk@29709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-10-18 20:21:18 +00:00
Helen Hou-Sandí 36a1e543d6 Refresh the post-update login message. 
Just a little older in the soul, like your faithful release lead.

fixes #29388.

Built from https://develop.svn.wordpress.org/trunk@29644


git-svn-id: http://core.svn.wordpress.org/trunk@29418 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-27 05:32:18 +00:00
Andrew Nacin d84507c3ad Password resets: Use network_site_url() for form actions. 
props mdawaffe.
fixes #29156.

Built from https://develop.svn.wordpress.org/trunk@29631


git-svn-id: http://core.svn.wordpress.org/trunk@29405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-26 20:01:16 +00:00
Sergey Biryukov 444a25b375 Avoid PHP notices in wp-login.php if password reset cookie is not set. 
props mdawaffe.
see #29060.
Built from https://develop.svn.wordpress.org/trunk@29381


git-svn-id: http://core.svn.wordpress.org/trunk@29159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-06 02:17:15 +00:00
Andrew Nacin 4bcf60c885 Don't pass around the password reset key. 
props mdawaffe.
fixes #29060.

Built from https://develop.svn.wordpress.org/trunk@29327


git-svn-id: http://core.svn.wordpress.org/trunk@29108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-29 18:19:16 +00:00
Dominik Schilling 2e4be94288 Replace `is_https_url()` with `'https' === parse_url( $url, PHP_URL_SCHEME )`. 
see #28427, #28487.
Built from https://develop.svn.wordpress.org/trunk@29311


git-svn-id: http://core.svn.wordpress.org/trunk@29092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-27 17:46:17 +00:00