Commit Graph

364 Commits

Author SHA1 Message Date
Sergey Biryukov
444a25b375 Avoid PHP notices in wp-login.php if password reset cookie is not set.
props mdawaffe.
see #29060.
Built from https://develop.svn.wordpress.org/trunk@29381


git-svn-id: http://core.svn.wordpress.org/trunk@29159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 02:17:15 +00:00
Andrew Nacin
4bcf60c885 Don't pass around the password reset key.
props mdawaffe.
fixes #29060.

Built from https://develop.svn.wordpress.org/trunk@29327


git-svn-id: http://core.svn.wordpress.org/trunk@29108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-29 18:19:16 +00:00
Dominik Schilling
2e4be94288 Replace is_https_url() with 'https' === parse_url( $url, PHP_URL_SCHEME ).
see #28427, #28487.
Built from https://develop.svn.wordpress.org/trunk@29311


git-svn-id: http://core.svn.wordpress.org/trunk@29092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-27 17:46:17 +00:00
Sergey Biryukov
f6206e5850 Don't always focus password field on interim login.
props johnbillion.
fixes #28961.
Built from https://develop.svn.wordpress.org/trunk@29258


git-svn-id: http://core.svn.wordpress.org/trunk@29041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-21 16:21:14 +00:00
Drew Jaynes
e731028303 Fix syntax for single- and multi-line comments in root-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29205


git-svn-id: http://core.svn.wordpress.org/trunk@28989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:12:16 +00:00
John Blackbourn
be12ea968a Implement email and url input types where appropriate. Props Kau-Boy. Fixes #22183.
Built from https://develop.svn.wordpress.org/trunk@29030


git-svn-id: http://core.svn.wordpress.org/trunk@28818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-08 17:52:14 +00:00
Sergey Biryukov
ec3d119861 Avoid overwriting $error global with an interim variable.
props MikeLittle.
fixes #28691.
Built from https://develop.svn.wordpress.org/trunk@28925


git-svn-id: http://core.svn.wordpress.org/trunk@28724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-30 14:39:17 +00:00
Scott Taylor
c8852cc909 Use the WPINC constant when loading class-phpass.php
Props wojtek.szkutnik
See #14157.

Built from https://develop.svn.wordpress.org/trunk@28903


git-svn-id: http://core.svn.wordpress.org/trunk@28702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 22:12:16 +00:00
John Blackbourn
548c41455a Remove the WordPress logo from the focusable elements on the install/update screens. Fixes #28674. Props stompweb
Built from https://develop.svn.wordpress.org/trunk@28896


git-svn-id: http://core.svn.wordpress.org/trunk@28695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 14:10:15 +00:00
John Blackbourn
60ff3a61f9 Conditionally set the the secure flag on the test cookie, post password cookie, settings cookies, and comment author cookies depending on whether the front end and/or admin area are served over https. Fixes #28427
Built from https://develop.svn.wordpress.org/trunk@28895


git-svn-id: http://core.svn.wordpress.org/trunk@28694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 13:25:16 +00:00
Scott Taylor
6997001d12 Don't annotate $wp_error twice in login_header() docs. $wp_error is always expected to be of type WP_Error.
Props SergeyBiryukov.
Fixes #28518.

Built from https://develop.svn.wordpress.org/trunk@28792


git-svn-id: http://core.svn.wordpress.org/trunk@28605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-20 19:19:14 +00:00
Andrew Nacin
d29dc48134 Forcing SSL logins now forces SSL for the entire admin, with no middle ground.
fixes #10267.

Built from https://develop.svn.wordpress.org/trunk@28609


git-svn-id: http://core.svn.wordpress.org/trunk@28433 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-29 03:59:15 +00:00
Scott Taylor
aa83aea519 In wp-login.php, break is unreachable after exit
See #27882.

Built from https://develop.svn.wordpress.org/trunk@28340


git-svn-id: http://core.svn.wordpress.org/trunk@28168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-07 03:58:15 +00:00
Drew Jaynes
d77e78d685 Clean up duplicate hook notations and adjacency for calls to the wp_signup_location filter.
Also adds braces missed in [25535].

See #26869.

Built from https://develop.svn.wordpress.org/trunk@28215


git-svn-id: http://core.svn.wordpress.org/trunk@28045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-25 07:12:14 +00:00
Drew Jaynes
05537ab967 Ensure the register filter hook is only documented once.
See #26869.

Built from https://develop.svn.wordpress.org/trunk@28208


git-svn-id: http://core.svn.wordpress.org/trunk@28038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-25 06:24:15 +00:00
Andrew Nacin
41d2a7f82b RTL for login screen.
props yoavf.
fixes #27784.

Built from https://develop.svn.wordpress.org/trunk@28096


git-svn-id: http://core.svn.wordpress.org/trunk@27927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-13 16:06:14 +00:00
Drew Jaynes
21d15059f4 Improve hook docs for the resetpass_form hook added in 3.9.
See #21044, #27700.

Built from https://develop.svn.wordpress.org/trunk@28017


git-svn-id: http://core.svn.wordpress.org/trunk@27847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-07 22:06:14 +00:00
Andrew Nacin
2f9713104b Only show test cookie warnings on submit as caching/proxies may intercept the test cookie for GET requests.
Introduce a new string for when headers are sent and link them to http://codex.wordpress.org/Cookies (new page).

props SergeyBiryukov.
fixes #27373.

Built from https://develop.svn.wordpress.org/trunk@27859


git-svn-id: http://core.svn.wordpress.org/trunk@27690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-30 00:41:15 +00:00
Andrew Nacin
c3ca81ba94 Always decode special characters for email subjects.
props tlovett1, jeremyfelt.
fixes #25346.

Built from https://develop.svn.wordpress.org/trunk@27801


git-svn-id: http://core.svn.wordpress.org/trunk@27636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-28 02:44:15 +00:00
Andrew Nacin
0c16c0477b Reference https://wordpress.org rather than http://wordpress.org in strings, links, comments, etc.
props Ipstenu, markjaquith.
see #27115.

Built from https://develop.svn.wordpress.org/trunk@27369


git-svn-id: http://core.svn.wordpress.org/trunk@27219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-03 02:34:27 +00:00
Sergey Biryukov
5d3e652c23 Add Oxford comma to password hint.
props trepmal.
fixes #26457.
Built from https://develop.svn.wordpress.org/trunk@27246


git-svn-id: http://core.svn.wordpress.org/trunk@27103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-24 23:31:15 +00:00
Helen Hou-Sandí
060cc19157 Make login styles standalone. see #12506.
Built from https://develop.svn.wordpress.org/trunk@27199


git-svn-id: http://core.svn.wordpress.org/trunk@27056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-20 03:24:14 +00:00
Andrew Nacin
0e0c2d3cdc New resetpass_form hook in wp-login.php.
props romaimperator.
fixes #21044.

Built from https://develop.svn.wordpress.org/trunk@27068


git-svn-id: http://core.svn.wordpress.org/trunk@26941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-02 07:52:13 +00:00
Matt Thomas
4df7acf1d9 Reset the login form inputs to the standard sans-serif font in IE8 to prevent invisible password field inputs when webfonts are used. Fixes #26348, props SergeyBiryukov, iammattthomas.
Built from https://develop.svn.wordpress.org/trunk@26583


git-svn-id: http://core.svn.wordpress.org/trunk@26473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-03 20:12:11 +00:00
Sergey Biryukov
74f77b85a6 Use get_current_site() instead of the $current_site global when possible.
props jeremyfelt.
fixes #25158.
Built from https://develop.svn.wordpress.org/trunk@26120


git-svn-id: http://core.svn.wordpress.org/trunk@26032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 03:23:10 +00:00
Andrew Nacin
d0cfa40983 Add jshintrc to qunit.
props jorbin.
see #25187.

Built from https://develop.svn.wordpress.org/trunk@25992


git-svn-id: http://core.svn.wordpress.org/trunk@25925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-30 14:39:10 +00:00
Andrew Nacin
70fd806759 Revert r25824:25875 from the core.svn.wordpress.org repository.
These commits were accidentally re-synced commits from develop.svn.wordpress.org due to a race condition. Thankfully, the history of this repository matters fairly little. It also happened only for trunk.


git-svn-id: http://core.svn.wordpress.org/trunk@25876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-25 02:29:52 +00:00
Andrew Nacin
5361a8abca Spell out duplicate hook locations.
props DrewAPicture.
fixes #25658.

Built from https://develop.svn.wordpress.org/trunk@25868


git-svn-id: http://core.svn.wordpress.org/trunk@25868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:59:20 +00:00
Andrew Nacin
de7977d66c Move upgrader_process_complete for core to its proper place in Core_Upgrader.
This means it will be firing as a JS redirect is taking place if the update is from pre-3.4. Acceptable.

props dd32.
fixes #25659.

Built from https://develop.svn.wordpress.org/trunk@25861


git-svn-id: http://core.svn.wordpress.org/trunk@25861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:58:23 +00:00
Drew Jaynes
4d1482cd0d Inline documentation for the WP_Date_Query class in wp-includes/date.php.
- Adds a complete hash notation for the `WP_Date_Query` arguments array.
- Adds missing documentation for the `date_query_valid_columns` and `get_date_sql` filter hooks.

Props aeg0125 for the incremental patches.
Fixes #25552.

Built from https://develop.svn.wordpress.org/trunk@25860


git-svn-id: http://core.svn.wordpress.org/trunk@25860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:58:12 +00:00
Andrew Nacin
8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Ryan Boren
b87d4b77e5 Pinking shears
Built from https://develop.svn.wordpress.org/trunk@25880


git-svn-id: http://core.svn.wordpress.org/trunk@25792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-23 14:38:10 +00:00
Andrew Nacin
74488bdcb0 Spell out duplicate hook locations.
props DrewAPicture.
fixes #25658.

Built from https://develop.svn.wordpress.org/trunk@25868


git-svn-id: http://core.svn.wordpress.org/trunk@25780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-22 17:22:11 +00:00
Drew Jaynes
9ba8ffb5e3 Inline documentation for hooks in wp-login.php.
Props ShinichiN, kpdesign.
Fixes #25393.

Built from https://develop.svn.wordpress.org/trunk@25701


git-svn-id: http://core.svn.wordpress.org/trunk@25616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-06 16:24:09 +00:00
Andrew Nacin
6113669e22 Hash password reset keys in the database.
All existing, unused password reset keys are now considered "expired" and the user will be told they should try again.

Introduces a password_reset_key_expired filter to allow plugins to introduce a grace period.

fixes #24783.

Built from https://develop.svn.wordpress.org/trunk@25696


git-svn-id: http://core.svn.wordpress.org/trunk@25611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-06 11:29:11 +00:00
Helen Hou-Sandí
77a7702deb Simplify the login page viewport meta for mobile devices, so it's less restrictive on the user. Allows for developers to override if necessary via the login_head action. props azaozz. fixes #24777.
Built from https://develop.svn.wordpress.org/trunk@25619


git-svn-id: http://core.svn.wordpress.org/trunk@25536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 15:20:09 +00:00
Andrew Nacin
70edef0df4 Introduce post_password_expires filter to control the expiration of the post password cookie.
props Viper007Bond for initial patch.
fixes #21466.

Built from https://develop.svn.wordpress.org/trunk@25450


git-svn-id: http://core.svn.wordpress.org/trunk@25371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-16 17:40:10 +00:00
Sergey Biryukov
1d79b0bdf3 Move check_password_reset_key(), reset_password(), and register_new_user() from wp-login.php to wp-includes/user.php, to make them reusable. props beaulebens for initial patch. fixes #20279.
Built from https://develop.svn.wordpress.org/trunk@25231


git-svn-id: http://core.svn.wordpress.org/trunk@25201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-04 08:59:09 +00:00
Sergey Biryukov
b1dc91c447 Clear 'default_password_nag' flag when resetting a user's password, since the new password is entered manually. props wikicms. fixes #25206.
Built from https://develop.svn.wordpress.org/trunk@25203


git-svn-id: http://core.svn.wordpress.org/trunk@25175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-02 03:18:10 +00:00
Andrew Nacin
cf02025fe0 Check for a WP_Error return from wp_create_user() in register_new_user().
props coffee2code.
fixes #14290.

Built from https://develop.svn.wordpress.org/trunk@25174


git-svn-id: http://core.svn.wordpress.org/trunk@25148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-29 22:16:09 +00:00
Andrew Ozz
29739b2508 In wp-login.php check if cookies are enabled before attempting to log the user in with wp_signon(), fixes #24961.
Built from https://develop.svn.wordpress.org/trunk@25045


git-svn-id: http://core.svn.wordpress.org/trunk@25032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-17 01:01:09 +00:00
Andrew Nacin
d2224d687c Use commas, not semicolons, to separate meta viewport values. props bobbravo2. see #24777.
git-svn-id: http://core.svn.wordpress.org/trunk@24779 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-23 07:27:56 +00:00
Mark Jaquith
c8853cff92 Set autocomplete="off" on the password reset form itself, in addition to the individual inputs, to work around a Chrome bug.
fixes #24364. props azaozz.

git-svn-id: http://core.svn.wordpress.org/trunk@24553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-03 21:29:53 +00:00
Andrew Nacin
95800ae4f2 Validate post password hash.
git-svn-id: http://core.svn.wordpress.org/trunk@24466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 03:00:26 +00:00
Andrew Nacin
cfa947193f Revert [24291] pending further discussion and sleuthing. see #24364.
git-svn-id: http://core.svn.wordpress.org/trunk@24317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-22 18:37:43 +00:00
Andrew Ozz
dbda48bd2a Fix Chrome disregarding autocomplete="off" for password fields. Add autocomplete="off" to forms where the users can choose new password. Fixes #24364.
git-svn-id: http://core.svn.wordpress.org/trunk@24291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-18 22:56:21 +00:00
Andrew Ozz
19c3b4bfdc Logged out warnings:
- Don't use <base> tag to set target="_blank". It can break form submission. Instead, set target only on links with JS.
- Fix same domain comparison in wp_auth_check_html() when FORCE_SSL_LOGIN == true.
- Properly show/hide the "Close" button when the dialog is shown multiple times.
See #23295

git-svn-id: http://core.svn.wordpress.org/trunk@24208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-08 22:45:58 +00:00
Sergey Biryukov
57c10eadbb Use ellipsis instead of three dots. props tjsingleton, jordie23, wojtek.szkutnik, DrewAPicture, SergeyBiryukov. see #8714.
git-svn-id: http://core.svn.wordpress.org/trunk@24207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-08 21:27:31 +00:00
Andrew Ozz
badaefce06 Logged out warnings:
- Don't remove login error messages coming from wp_signon().
- When the login form is shown in iframe, open all links in a new tab/window.
- Add filter for the login form error message.
See #23295

git-svn-id: http://core.svn.wordpress.org/trunk@24179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-06 21:35:50 +00:00
Andrew Nacin
a9712e0183 Add wp_registration_url() and register_url filter.
props scribu, JustinSainton, SergeyBiryukov.
fixes #17950.



git-svn-id: http://core.svn.wordpress.org/trunk@24053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-22 20:21:22 +00:00