Commit Graph

432 Commits

Author SHA1 Message Date
John Blackbourn
bb02256966 Introduce a $token argument to wp_set_auth_cookie() so session tokens can be reused by custom authentication implementations.
Props rmccue

Fixes 30247

Built from https://develop.svn.wordpress.org/trunk@32465


git-svn-id: http://core.svn.wordpress.org/trunk@32435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-09 00:28:27 +00:00
Gary Pendergast
7ca423d449 The UTF-8 regex can occasionally fail on very low memory machines. Reduce the amount of memory it uses.
See #32204.


Built from https://develop.svn.wordpress.org/trunk@32375


git-svn-id: http://core.svn.wordpress.org/trunk@32345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 06:58:24 +00:00
Sergey Biryukov
eef2dcfccd Merge two different translator comments for the same string.
props pavelevap.
fixes #31999.
Built from https://develop.svn.wordpress.org/trunk@32210


git-svn-id: http://core.svn.wordpress.org/trunk@32183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 15:36:26 +00:00
Boone Gorges
5b629644f9 Improve handling of incomplete From and Content-Type headers in wp_mail().
When an incomplete header is provided (eg, 'From' with an email address but no
name), ensure that the WP defaults are filled in properly.

Props valendesigns.
Fixes #30266.
Built from https://develop.svn.wordpress.org/trunk@32070


git-svn-id: http://core.svn.wordpress.org/trunk@32049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-07 20:10:26 +00:00
Drew Jaynes
46cf634c90 Various inline documentation syntactical fixes in wp-includes/pluggable.php for 4.2 changes.
See #31888.

Built from https://develop.svn.wordpress.org/trunk@32045


git-svn-id: http://core.svn.wordpress.org/trunk@32024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-05 16:46:26 +00:00
Sergey Biryukov
a1fb0a378c Restore line breaks before comment text in comment notification emails.
fixes #31508.
Built from https://develop.svn.wordpress.org/trunk@31770


git-svn-id: http://core.svn.wordpress.org/trunk@31750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-13 18:29:27 +00:00
Helen Hou-Sandí
0b3170fc7d Gravatars: Remove redundant 1x srcset.
props miqrogroove.
see #22329.

Built from https://develop.svn.wordpress.org/trunk@31722


git-svn-id: http://core.svn.wordpress.org/trunk@31703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-11 16:56:27 +00:00
Helen Hou-Sandí
0bf35836c3 Gravatars: Enable HiDPI versions for browsers that support srcset.
props iseulde.
see #22329.

Built from https://develop.svn.wordpress.org/trunk@31721


git-svn-id: http://core.svn.wordpress.org/trunk@31702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-11 16:32:26 +00:00
Drew Jaynes
33d9dd8066 Adjust the description for the $extra_attr argument in the DocBlocks for get_avatar_data() and get_avatar().
See [31561]. See #31469.

Built from https://develop.svn.wordpress.org/trunk@31591


git-svn-id: http://core.svn.wordpress.org/trunk@31572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-01 07:19:24 +00:00
Gary Pendergast
18bb886b22 When sanitizing a URL to redirect to, UTF-8 characters can be URL encoded, instead of being removed.
While RFC 3986 does not specify which character sets are allowed in URIs, Section 2.5 states that octects matching UTF-8 character encoding should be percent-encoded, then unreserved octets outside of the UTF-8 range should be percent-encoded. As browsers tend to only implement support for UTF-8 in URLs, this change only implements the UTF-8 encoding part. We may revisit the second part if it becomes an issue.

Fixes #31486


Built from https://develop.svn.wordpress.org/trunk@31587


git-svn-id: http://core.svn.wordpress.org/trunk@31568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-28 02:21:26 +00:00
Scott Taylor
e899c370a4 In get_avatar_data() and get_avatar(), allow height and width to be specified separately (both default to size). Also allow arbitrary attributes on the <img> via the extra_attr arg.
Props miqrogroove.
See #31469.

Built from https://develop.svn.wordpress.org/trunk@31561


git-svn-id: http://core.svn.wordpress.org/trunk@31542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-26 21:17:24 +00:00
Sergey Biryukov
add5f9bdf2 Remove src from duplicate hook comments for get_avatar and get_avatar_data.
see #21195.
Built from https://develop.svn.wordpress.org/trunk@31480


git-svn-id: http://core.svn.wordpress.org/trunk@31461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-19 14:59:26 +00:00
Sergey Biryukov
01bb8478ff Fix a typo in duplicate hook comment.
see [31107], #21195.
Built from https://develop.svn.wordpress.org/trunk@31479


git-svn-id: http://core.svn.wordpress.org/trunk@31460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-19 14:56:28 +00:00
Drew Jaynes
947d04f323 Improve return and parameter documentation for check_admin_referer(), check_ajax_referer(), and wp_verify_nonce().
Also update and clarify docsfor the `check_admin_referer` and `check_ajax_referer` hooks.

Props johnbillion, DrewAPicture.
Fixes #31055.

Built from https://develop.svn.wordpress.org/trunk@31381


git-svn-id: http://core.svn.wordpress.org/trunk@31362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-09 04:57:27 +00:00
Scott Taylor
fe6b5983df In PHP 5.0.0, is_a() became deprecated in favour of the instanceof operator. Calling is_a() would result in an E_STRICT warning.
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.

To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.

`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.

Props markoheijnen, wonderboymusic.
Fixes #25672.

Built from https://develop.svn.wordpress.org/trunk@31188


git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:06:24 +00:00
Gary Pendergast
4bc89fef32 In get_avatar(), revert the <img> tag attributes to using single quotes, instead of double quotes. This behaviour was changed in [31107], but caused problems for code that attempted to parse the <img> tag.
See #21195


Built from https://develop.svn.wordpress.org/trunk@31152


git-svn-id: http://core.svn.wordpress.org/trunk@31133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-12 00:03:24 +00:00
Scott Taylor
ac654632fe Use PHP_SAPI constant instead of php_sapi_name() in iis7_supports_permalinks(), wp_fix_server_vars(), and wp_redirect().
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31120


git-svn-id: http://core.svn.wordpress.org/trunk@31101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 04:59:22 +00:00
Gary Pendergast
5ee3ff435d Add get_avatar_url(), for retrieving just the URL of an avatar, rather than the entire <img> tag that get_avatar() produces.
Unlike `get_avatar()`, `get_avatar_url()` is not pluggable. It can be extended/or modified through the new filters included.

Fixes #21195.

Props mdawaffe, pento, pathawks, DrewAPicture


Built from https://develop.svn.wordpress.org/trunk@31107


git-svn-id: http://core.svn.wordpress.org/trunk@31088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 04:43:23 +00:00
Sergey Biryukov
e253251ef4 Remove space before comma in wp_notify_postauthor() and wp_notify_moderator().
see #30930.
Built from https://develop.svn.wordpress.org/trunk@31060


git-svn-id: http://core.svn.wordpress.org/trunk@31041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-06 17:17:21 +00:00
Sergey Biryukov
71d255fde1 Remove padding from the comment notification emails in wp_notify_moderator().
See [30015] for wp_notify_postauthor().

props pavelevap.
fixes #30930.
Built from https://develop.svn.wordpress.org/trunk@31059


git-svn-id: http://core.svn.wordpress.org/trunk@31040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-06 17:10:35 +00:00
John Blackbourn
d614abe3a2 Allow brackets in a URL when it's sanitised for a redirect. Brackets are valid in query parameters.
Fixes #30308
Props voldemortensen

Built from https://develop.svn.wordpress.org/trunk@30684


git-svn-id: http://core.svn.wordpress.org/trunk@30674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 03:21:22 +00:00
John Blackbourn
17ddc06287 Allow square brackets in a URL when it's sanitised for a redirect. Square brackets are valid in query parameters and IPv6 addresses.
Fixes #17052
Props voldemortensen

Built from https://develop.svn.wordpress.org/trunk@30683


git-svn-id: http://core.svn.wordpress.org/trunk@30673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 03:16:22 +00:00
Scott Taylor
04453cbe01 Improve the @param docs for src/wp-includes/pluggable*.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30667


git-svn-id: http://core.svn.wordpress.org/trunk@30657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 22:19:25 +00:00
Drew Jaynes
e4f52df62c Fix DocBlock formatting for wp_generate_password().
Props stevegrunwell for the initial patch.
Fixes #30509.

Built from https://develop.svn.wordpress.org/trunk@30580


git-svn-id: http://core.svn.wordpress.org/trunk@30570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-26 20:38:23 +00:00
Dominik Schilling
e002b0fc07 Type cast $nonce to string in wp_verify_nonce().
props jesin.
fixes #29542.
Built from https://develop.svn.wordpress.org/trunk@30576


git-svn-id: http://core.svn.wordpress.org/trunk@30566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-26 19:19:23 +00:00
Drew Jaynes
188e47869f Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented.
Affects DocBlocks for the following core elements:
* Markdown-indent a code snippet in the description for `wp_salt()`
* Backtick-escape inline code in the return description for `get_avatar()`
* Various markdown formatting in the description for `add_filter()`
* Markdown-indent a code snippet in the description for `apply_filters()`
* Backtick-escape inline code in the `@see` description for `apply_filters_ref_array()`
* Backtick-escape inline code in the description for `do_action()`
* Backtick-escape variables in the parameter and return descriptions for `do_action_ref_array()`
* Various markdown formatting in the description for `get_plugin_data()`

Props rarst.
See #30473.

Built from https://develop.svn.wordpress.org/trunk@30544


git-svn-id: http://core.svn.wordpress.org/trunk@30533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-24 06:05:23 +00:00
Andrew Nacin
ddb3ee5057 Use hash_equals() for old md5 hashes.
Built from https://develop.svn.wordpress.org/trunk@30412


git-svn-id: http://core.svn.wordpress.org/trunk@30407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 11:49:23 +00:00
Drew Jaynes
f7648300c8 Add missing documentation for the $password parameter, passed to the check_password hook.
Props coffee2code.
Fixes #30311.

Built from https://develop.svn.wordpress.org/trunk@30381


git-svn-id: http://core.svn.wordpress.org/trunk@30378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-18 18:56:21 +00:00
Drew Jaynes
66c47f29bb Correct references of @uses $wpdb in core documentation to use @global.
See #30191, [30105].
Fixes #30217.

Built from https://develop.svn.wordpress.org/trunk@30122


git-svn-id: http://core.svn.wordpress.org/trunk@30122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-31 17:56:22 +00:00
Drew Jaynes
f8657d5890 Remove redundant and erroneous @uses tag from most core inline documentation.
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.

Fixes #30191.

Built from https://develop.svn.wordpress.org/trunk@30105


git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
John Blackbourn
823cfebeca Remove padding from the comment notification emails which is from a bygone fixed-width font era. Prevents alignment issues in email clients which use vairable width fonts for plain text emails. Fixes #16721. Props DrewAPicture.
Built from https://develop.svn.wordpress.org/trunk@30015


git-svn-id: http://core.svn.wordpress.org/trunk@30015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-24 17:08:18 +00:00
Mark Jaquith
e1f2b3b9e2 Use HTTPS URLs for trac.wordpress.org (and use core.trac.wordpress.org)
see #27115
Built from https://develop.svn.wordpress.org/trunk@29789


git-svn-id: http://core.svn.wordpress.org/trunk@29561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-29 13:37:16 +00:00
Andrew Nacin
75ff6ae302 Add safeguards for when ext/hash is not compiled with PHP.
see #29518, for trunk.

Built from https://develop.svn.wordpress.org/trunk@29751


git-svn-id: http://core.svn.wordpress.org/trunk@29523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-20 17:28:18 +00:00
Andrew Nacin
768136c6da Rename the public methods in the session tokens API.
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.

The protected abstract methods designed for alternative implementations remain the same.

props mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29635


git-svn-id: http://core.svn.wordpress.org/trunk@29409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 02:07:16 +00:00
Andrew Nacin
3951d9689c Require a non-empty $nonce value in wp_verify_nonce().
props ocean90.
fixes #29217.

Built from https://develop.svn.wordpress.org/trunk@29620


git-svn-id: http://core.svn.wordpress.org/trunk@29394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-26 07:39:19 +00:00
Drew Jaynes
a227d4ff08 s/does/does not in wp_set_password() docblock.
See [29461]. See #28316.

Built from https://develop.svn.wordpress.org/trunk@29462


git-svn-id: http://core.svn.wordpress.org/trunk@29240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-10 02:44:16 +00:00
Drew Jaynes
0f7d35597c Improve the wp_set_password() PHPDoc with a note to guard against executing the function on every page load, such as through a theme's functions.php file.
See #28316.

Built from https://develop.svn.wordpress.org/trunk@29461


git-svn-id: http://core.svn.wordpress.org/trunk@29239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-10 02:39:16 +00:00
Andrew Nacin
ee4ce8688d Escape late in get_avatar().
Built from https://develop.svn.wordpress.org/trunk@29397


git-svn-id: http://core.svn.wordpress.org/trunk@29175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 07:50:18 +00:00
Andrew Nacin
7d672c38a4 Constant time for wp_verify_nonce().
Built from https://develop.svn.wordpress.org/trunk@29382


git-svn-id: http://core.svn.wordpress.org/trunk@29160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:26:16 +00:00
Andrew Nacin
654e46f03d Tie cookies and nonces to user sessions so they may be invalidated upon logout.
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.

Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().

This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.

props duck_, nacin, mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29221


git-svn-id: http://core.svn.wordpress.org/trunk@29005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 09:13:15 +00:00
Sergey Biryukov
177fe21194 Asterisk is an allowed character in a URI and should not be stripped out by wp_sanitize_redirect().
fixes #28362.
Built from https://develop.svn.wordpress.org/trunk@28939


git-svn-id: http://core.svn.wordpress.org/trunk@28737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-01 15:56:15 +00:00
Scott Taylor
c8852cc909 Use the WPINC constant when loading class-phpass.php
Props wojtek.szkutnik
See #14157.

Built from https://develop.svn.wordpress.org/trunk@28903


git-svn-id: http://core.svn.wordpress.org/trunk@28702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 22:12:16 +00:00
Andrew Nacin
dc0aca09f5 Fix documentation for wp_create_nonce() which wrongly suggests these tokens are actually numbers used once.
Built from https://develop.svn.wordpress.org/trunk@28793


git-svn-id: http://core.svn.wordpress.org/trunk@28606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-20 20:47:14 +00:00
Scott Taylor
43bf7f271f Don't use variable variables in wp_salt().
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28741


git-svn-id: http://core.svn.wordpress.org/trunk@28555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 18:36:15 +00:00
Drew Jaynes
cb0fc9c64b Update the $secure_logged_in_cookie variable in the 'secure_logged_in_cookie' hook docs following [28627].
See #15330.

Built from https://develop.svn.wordpress.org/trunk@28628


git-svn-id: http://core.svn.wordpress.org/trunk@28448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-30 15:20:16 +00:00
Andrew Nacin
733057e7d6 Use a secure logged_in_cookie when the home URL is forced HTTPS (see #27954).
see #15330.

Built from https://develop.svn.wordpress.org/trunk@28627


git-svn-id: http://core.svn.wordpress.org/trunk@28447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-30 15:08:15 +00:00
Scott Taylor
8e98541d5f Eliminate the use of extract() in wp_mail(). Check the filtered array for each value before re-setting variables.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28425


git-svn-id: http://core.svn.wordpress.org/trunk@28252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 06:17:15 +00:00
Scott Taylor
f5bd0de275 Eliminate the use of extract() in wp_validate_auth_cookie().
Don't do anything fancy here, just set the 4 returned properties to variables. This function is semi-important.
	
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28424


git-svn-id: http://core.svn.wordpress.org/trunk@28251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 06:11:13 +00:00
Andrew Nacin
7f001bfe24 Harden HMAC verification. props duck_.
Built from https://develop.svn.wordpress.org/trunk@28053


git-svn-id: http://core.svn.wordpress.org/trunk@27883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-08 18:06:16 +00:00
Drew Jaynes
684145ca81 Inline documentation fixes related to the determine_current_user filter
See #26706, #27700.

Built from https://develop.svn.wordpress.org/trunk@28007


git-svn-id: http://core.svn.wordpress.org/trunk@27837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-07 21:18:15 +00:00
Drew Jaynes
100e737eb0 Inline documentation for hooks in wp-includes/pluggable.php.
Props kpdesign for some cleanup.
Fixes #26888.

Built from https://develop.svn.wordpress.org/trunk@27825


git-svn-id: http://core.svn.wordpress.org/trunk@27659 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-28 21:21:15 +00:00
Andrew Nacin
c3ca81ba94 Always decode special characters for email subjects.
props tlovett1, jeremyfelt.
fixes #25346.

Built from https://develop.svn.wordpress.org/trunk@27801


git-svn-id: http://core.svn.wordpress.org/trunk@27636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-28 02:44:15 +00:00
Andrew Nacin
182de5881d Avoid notices in wp_notify_postauthor() when a post has no author.
props drozdz.
fixes #26659.

Built from https://develop.svn.wordpress.org/trunk@27568


git-svn-id: http://core.svn.wordpress.org/trunk@27411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-17 20:31:14 +00:00
Andrew Nacin
e7be7a0a8d Use get_comment_link() in wp_notify_postauthor().
Fixes pagination for the link directly to the moderated comment.

props eatingrules.
fixes #26133.

Built from https://develop.svn.wordpress.org/trunk@27567


git-svn-id: http://core.svn.wordpress.org/trunk@27410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-17 20:20:15 +00:00
Andrew Nacin
acba3131d7 Allow for custom authentication handlers for all requests.
Turn the logic used by wp_get_current_user() into a determine_current_user filter.

props rmccue.
fixes #26706.

Built from https://develop.svn.wordpress.org/trunk@27484


git-svn-id: http://core.svn.wordpress.org/trunk@27328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-09 15:23:15 +00:00
Drew Jaynes
db605f4767 Improve inline documentation for wp_new_user_notification().
Props antorome for the initial patch.
Fixes #26703.

Built from https://develop.svn.wordpress.org/trunk@27149


git-svn-id: http://core.svn.wordpress.org/trunk@27016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-09 21:07:12 +00:00
Sergey Biryukov
1f86e0c1e1 Fix typo in wp_set_auth_cookie() description.
props drozdz.
fixes #27046.
Built from https://develop.svn.wordpress.org/trunk@27116


git-svn-id: http://core.svn.wordpress.org/trunk@26983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-07 09:47:12 +00:00
Drew Jaynes
cd8cedc40d First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin.
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.

Built from https://develop.svn.wordpress.org/trunk@26868


git-svn-id: http://core.svn.wordpress.org/trunk@26754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-24 18:57:12 +00:00
Drew Jaynes
223a2c7138 Inline documentation for the following filter hooks in wp-includes/pluggable.php:
* `comment_notification_recipients`
* `comment_notification_notify_author`

Also removes some generic `@uses` tags from various related doc blocks.

Props markjaquith.
Fixes #25699.

Built from https://develop.svn.wordpress.org/trunk@26388


git-svn-id: http://core.svn.wordpress.org/trunk@26288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-26 04:10:09 +00:00
Mark Jaquith
c2cdbf9648 Fix comment_notification_recipients filter behavior so that it is still respected even on comments left by the post author
The code was bailing on this-is-a-comment-on-your-own-post detection, ignoring additional recipients. Now:

* Logic check is done within `wp_notify_postauthor()`
* Logic check is overridable via `comment_notification_notify_author` filter (default still false)
* The code doesn't bail on comment-on-own-post detection, but just removes the author from the array
* The code instead now bails if the recipients list is empty, so `comment_notification_recipients` works properly

props ethitter.
fixes #25699

Built from https://develop.svn.wordpress.org/trunk@26367


git-svn-id: http://core.svn.wordpress.org/trunk@26268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-25 01:47:10 +00:00
Peter Westwood
bca9252522 Deprecate the second argument for wp_notify_postauthor because it is unecessary. Fixes #17862 props scribu and wonderboymusic.
Built from https://develop.svn.wordpress.org/trunk@26358


git-svn-id: http://core.svn.wordpress.org/trunk@26259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-24 16:26:10 +00:00
Sergey Biryukov
12d10da7e6 Remove redundant cleanup of PHPMailer addresses in wp_mail().
props bananastalktome.
fixes #25789.
Built from https://develop.svn.wordpress.org/trunk@26121


git-svn-id: http://core.svn.wordpress.org/trunk@26033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 03:45:11 +00:00
Sergey Biryukov
eae4e5936f Use case-insensitive comparison for email addresses. fixes #25779.
Built from https://develop.svn.wordpress.org/trunk@26115


git-svn-id: http://core.svn.wordpress.org/trunk@26027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 02:41:09 +00:00
Sergey Biryukov
9c3b98e6d3 Avoid PHP notices in wp_notify_postauthor() when using a custom comment type.
Use a switch statement for consistency with wp_notify_moderator().

fixes #25880.
Built from https://develop.svn.wordpress.org/trunk@26114


git-svn-id: http://core.svn.wordpress.org/trunk@26026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 02:32:10 +00:00
Sergey Biryukov
40391f4e37 Fall back to comment author email in get_avatar() if the user who left the comment no longer exists.
props mauryaratan, lite3.
fixes #25803.
Built from https://develop.svn.wordpress.org/trunk@26000


git-svn-id: http://core.svn.wordpress.org/trunk@25933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-02 12:20:11 +00:00
Andrew Nacin
70fd806759 Revert r25824:25875 from the core.svn.wordpress.org repository.
These commits were accidentally re-synced commits from develop.svn.wordpress.org due to a race condition. Thankfully, the history of this repository matters fairly little. It also happened only for trunk.


git-svn-id: http://core.svn.wordpress.org/trunk@25876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-25 02:29:52 +00:00
Andrew Nacin
8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Andrew Nacin
9c6a15ef8f Maintain the same output for get_avatar() as 3.6. see [25895].
Built from https://develop.svn.wordpress.org/trunk@25899


git-svn-id: http://core.svn.wordpress.org/trunk@25811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 19:32:09 +00:00
Andrew Nacin
af4535596b Always escape URLs at the last possible moment.
Built from https://develop.svn.wordpress.org/trunk@25895


git-svn-id: http://core.svn.wordpress.org/trunk@25807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 18:52:11 +00:00
Andrew Nacin
e2413462de Move the trim() from wp_set_password() to inside wp_hash_password().
props rpattillo, joehoyle.
fixes #24973. see #23494.

Built from https://develop.svn.wordpress.org/trunk@25709


git-svn-id: http://core.svn.wordpress.org/trunk@25623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-07 13:54:10 +00:00
Scott Taylor
c2312dfe4c Use elseif when slurping the nonce in check_ajax_referer() to avoid accidentally overwriting it.
Fail wonderboymusic in [25433].
Props ocean90.
Fixes #25369.
See [25433].


Built from https://develop.svn.wordpress.org/trunk@25550


git-svn-id: http://core.svn.wordpress.org/trunk@25470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-21 16:26:12 +00:00
Scott Taylor
5df8338e0a Fix some undefined index notices related to Comment unit tests:
* There are several places where a `$_POST` index was unchecked before setting a variable
* In `wp_notify_postauthor()`, `$comment` was being returned null, but its properties were being accessed.
* In `check_ajax_referer()`, 3 different values can be checked for nonce on `$_REQUEST`, but only 1 had an `isset()`

See #25282.


Built from https://develop.svn.wordpress.org/trunk@25433


git-svn-id: http://core.svn.wordpress.org/trunk@25355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-13 22:18:08 +00:00
Andrew Nacin
cf3fddde96 Validate referrers to prevent off-domain redirects.
Built from https://develop.svn.wordpress.org/trunk@25318


git-svn-id: http://core.svn.wordpress.org/trunk@25280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 18:07:10 +00:00
Andrew Nacin
9fdfa7ef5c Short descriptions for inline docs should end with a period, per the vast majority of core. see #25229.
Built from https://develop.svn.wordpress.org/trunk@25273


git-svn-id: http://core.svn.wordpress.org/trunk@25239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-06 01:38:09 +00:00
Sergey Biryukov
9769012244 Add phpdoc for 'wp_redirect' and 'wp_redirect_status' filters. props DrewAPicture. fixes #25215.
Built from https://develop.svn.wordpress.org/trunk@25230


git-svn-id: http://core.svn.wordpress.org/trunk@25200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-04 08:31:09 +00:00
Sergey Biryukov
6760d294bb Update phpdoc for get_user_to_edit(), get_userdata(), and get_user_by(). props tivnet. fixes #24992.
Built from https://develop.svn.wordpress.org/trunk@25204


git-svn-id: http://core.svn.wordpress.org/trunk@25176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-02 03:25:09 +00:00
Andrew Ozz
3c3ec6dd8c Logging in: when the Remember Me checkbox is checked, make sure the browser continues to send the expired cookies so the "login grace period" for POST and AJAX requests works. Fixes #24735.
Built from https://develop.svn.wordpress.org/trunk@25107


git-svn-id: http://core.svn.wordpress.org/trunk@25089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-23 21:27:08 +00:00
Sergey Biryukov
688ecb9fcc Use correct variable. see #22922.
Built from https://develop.svn.wordpress.org/trunk@25105


git-svn-id: http://core.svn.wordpress.org/trunk@25087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-23 20:57:11 +00:00
Andrew Nacin
0adcab1f7f Add filters to the recipients of emails sent by wp_notify_postauthor() and wp_notify_moderator().
The new filters are called comment_notification_recipients and comment_moderation_recipients.

Add the context of $comment_id to the comment_moderation_headers filter, to match the comment_notification_headers filter.

props chipbennett.
fixes #22922, #20353.


Built from https://develop.svn.wordpress.org/trunk@25104


git-svn-id: http://core.svn.wordpress.org/trunk@25086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-23 19:36:10 +00:00
Ryan Boren
26eb1dc6ee Return true from wp_redirect() when redirect successful. Update phpdoc.
Props tivnet
fixes #24969


git-svn-id: http://core.svn.wordpress.org/trunk@24996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-06 17:44:32 +00:00
Andrew Nacin
0f84b87380 Do not notify the post author about comments if they are no longer a member of the blog.
This updates [23294] to use capability checks to determine if the user can still edit a post, which works for super admins. Additionally, it hides Trash/Spam action links when the user is still a member of the blog but cannot (or can no longer) moderate the comment.

fixes #23136.



git-svn-id: http://core.svn.wordpress.org/trunk@24649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 22:01:12 +00:00
Sergey Biryukov
8655b33360 Make wp_mail() return the actual result of PHPMailer::Send() instead of always returning true. props chmac. fixes #23642.
git-svn-id: http://core.svn.wordpress.org/trunk@24530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-29 23:03:13 +00:00
Andrew Nacin
e27d41d8e7 Add strict check to wp_verify_nonce() to avoid issues when it is improperly called.
git-svn-id: http://core.svn.wordpress.org/trunk@24461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 02:11:31 +00:00
Peter Westwood
b85cb06509 Pluggable Auth: When setting new passwords for users trim any leading or trailing space to match what we do when we test passwords.
Fixes #23494


git-svn-id: http://core.svn.wordpress.org/trunk@23814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-27 14:15:13 +00:00
Mark Jaquith
576e487663 Minor revisions PHP reorg, code cleanup, restores _post_restored_from functionality.
props adamsilverstein. see #23497

git-svn-id: http://core.svn.wordpress.org/trunk@23811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-27 11:56:28 +00:00
Peter Westwood
9d6988a221 Revisions: UI Update.
* Refines the UI to make it clearer and easier to use
* Introduces weighted tickmarks
* Fixes comparison bugs.

See #23497 props adamsilverstein


git-svn-id: http://core.svn.wordpress.org/trunk@23769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-21 15:54:11 +00:00
Peter Westwood
51db623107 Revisions: Updates to the new Revisions UI.
Various Updates including:
 * i18n fixes
 * Added tracking of what revision ID was restored
 * async fetching of diffs so that slider works sooner even with many revisions

See #23497 props adamsilverstein, ethitter


git-svn-id: http://core.svn.wordpress.org/trunk@23639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-07 15:32:26 +00:00
Ryan Boren
6c14f1a116 Remove unnecessary stripslashes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 20:55:30 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Peter Westwood
9bd192fab3 Revisions: First pass an implementing a new UI/UX for reviewing the revisions of posts. See #23497 props adamsilverstein for the initial patch.
This implements a new revisions ui using Backbone and preserves all the old methods of "integration" so the change should be transparent to plugins using revisi
ons with CPTs.

This is the first pass and so there are a number of things still to be resolved, more details in the ticket. Feedback welcomed.


git-svn-id: http://core.svn.wordpress.org/trunk@23506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-28 15:14:34 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov
5f05d09dc2 Use a human-readable constant in wp_set_auth_cookie(). fixes #23372.
git-svn-id: http://core.svn.wordpress.org/trunk@23388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-06 03:44:43 +00:00
Mark Jaquith
2d6e677a03 Do not notify the post author about comments if they are no longer a member of the blog. props nickmomrick. fixes #23136
git-svn-id: http://core.svn.wordpress.org/trunk@23294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-08 04:03:16 +00:00
Mark Jaquith
3c0d96524c Move 'endif;' to its own line instead of having it room with a right curly brace. props dimadin. fixes #22586
git-svn-id: http://core.svn.wordpress.org/trunk@23228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-29 18:01:41 +00:00
Andrew Nacin
ad53112897 Pass 'blank' to Gravatar rather than sending blank.gif for Gravatar to proxy. props miqrogroove, fixes #22354.
git-svn-id: http://core.svn.wordpress.org/trunk@22566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-14 05:29:56 +00:00
Andrew Nacin
557d9313a7 Introduce constants to allow for easier expression of time periods in seconds. Adds MINUTE_IN_SECONDS, HOUR_IN_SECONDS, DAY_IN_SECONDS, WEEK_IN_SECONDS, YEAR_IN_SECONDS. props nbachiyski, SergeyBiryukov. fixes #20987.
git-svn-id: http://core.svn.wordpress.org/trunk@21996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 05:26:19 +00:00
Andrew Nacin
52320dc5b3 It is 'Alternative Text', not 'Alternate Text'. props alecrust, RyanJKoehler. fixes #21176.
git-svn-id: http://core.svn.wordpress.org/trunk@21917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-19 16:55:43 +00:00
Andrew Nacin
8886eef8d9 Add nonce_user_logged_out filters to wp_create_nonce() and wp_verify_nonce() for when there is no user ID. Provides plugins the ability to tie a nonce to some other characteristic of the session. props sc0ttkclark, fixes #21111.
git-svn-id: http://core.svn.wordpress.org/trunk@21837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-13 17:17:47 +00:00
Peter Westwood
fb917e5d95 Make sure that we always generate random numbers correctly even if the PHP build is slightly broken and truncates large integers.
Fixes #19571 props mdawaffe.


git-svn-id: http://core.svn.wordpress.org/trunk@21685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-31 09:45:50 +00:00
Ryan Boren
c55cf716da Use set_url_scheme(). Props johnbillion, MarcusPope. see #19037 #20759
git-svn-id: http://core.svn.wordpress.org/trunk@21664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-30 13:33:00 +00:00