The `$credentials['user_login']` and `$credentials['user_password']` parameters are passed by reference to the `wp_authenticate` action, and are at that point [https://www.php.net/manual/en/language.references.pass.php#124383 created as null] if they don't exist in the array.
This commit sets those values to an empty string, resolving two PHP 8.1 deprecation notices:
* One from `preg_replace()` in `wp_strip_all_tags()` via `sanitize_user()` in `wp_authenticate()`:
{{{
Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
}}}
* One from `trim()` in `wp_authenticate()` itself:
{{{
Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated
}}}
Includes documenting the `$credentials` parameter using hash notation.
Follow-up to [6643], [37697].
Props lenasterg, TobiasBg, ocean90, afragen, lkraav, SergeyBiryukov.
Fixes#56850.
Built from https://develop.svn.wordpress.org/trunk@55301
git-svn-id: http://core.svn.wordpress.org/trunk@54834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This new function makes it easier to switch to a specific user’s locale by reducing duplicate code and storing the user’s ID as additional context for plugins to consume. Existing usage of `switch_to_locale()` in core has been replaced with `switch_to_user_locale()` where appropriate.
Also, this change ensures `WP_Locale_Switcher` properly filters `determine_locale` so that anyyone using the `determine_locale()` function will get the correct locale information when switching is in effect.
Props costdev.
Fixes#57123.
See #26511.
Built from https://develop.svn.wordpress.org/trunk@55161
git-svn-id: http://core.svn.wordpress.org/trunk@54694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit renames the `$global` parameter to `$is_global` in:
* `update_user_option()`
* `delete_user_option()`
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951], [54952], [54956], [54959], [54960], [54961], [54962], [54964], [54965], [54969], [54970], [54971], [54972], [54996], [55000], [55011], [55013], [55014].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@55015
git-svn-id: http://core.svn.wordpress.org/trunk@54548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Unlike other clean cache functions like `clean_post_cache`, `clean_user_cache` did not also clear user meta caches. This is inconsistent and can result in some strange side effects. Update the `clean_user_cache` function to also clear user meta caches when called.
Props dd32, spacedmonkey, peterwilsoncc.
Fixes#54316.
Built from https://develop.svn.wordpress.org/trunk@54940
git-svn-id: http://core.svn.wordpress.org/trunk@54492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that sending a password reset link works as expected if the user's login and email were initially the same, but the email address was subsequently updated and no longer matches the login, which is still set to the old address.
Follow-up to [6643], [18513], [19056], [37474], [50129], [50140].
Props donmhico, pbearne, azouamauriac, boblindner, daxelrod, audrasjb, SergeyBiryukov.
Fixes#53634.
Built from https://develop.svn.wordpress.org/trunk@54477
git-svn-id: http://core.svn.wordpress.org/trunk@54036 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The user meta `context` property in `wp_register_persisted_preferences_meta()` was incorrectly configured. It should be part of the `schema` array, not the `show_in_rest` array.
Follow-up to [54182].
Props talldanwp, dd32.
Fixes#56665. See #56467.
Built from https://develop.svn.wordpress.org/trunk@54329
git-svn-id: http://core.svn.wordpress.org/trunk@53888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit adds three filters to customize the `wp_list_authors()` and `wp_list_users()` output:
* `wp_list_authors_args`: Filters the query arguments for the list of all authors of the site.
* `pre_wp_list_authors_post_counts_query`: Filters whether to short-circuit performing the query for author post counts. This may be useful to account for custom post types or post statuses.
* `wp_list_users_args`: Filters the query arguments for the list of all users of the site.
Follow-up to [979], [3848], [5135], [5727], [31653], [52064], [53486], [53501].
Props kevinB, wonderboymusic, DrewAPicture, Mte90, audrasjb, rafiahmedd, costdev, nacin, afercia, chetan200891, hellofromTonya, TimothyBlynJacobs, chaion07, SergeyBiryukov.
Fixes#17025.
Built from https://develop.svn.wordpress.org/trunk@54262
git-svn-id: http://core.svn.wordpress.org/trunk@53821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a new feature to persist editor UI preferences between page loads and browsers.
* Adds a new preferences persistence API.
* Saves editor preferences in user meta instead of in browser's local storage.
Why?
Due to the transient nature of browser storage, this persistence is not as sticky as it is expected to be, including: switching browsers (unique storage between browsers), or using private browsing tabs (storage cleared between sessions), or the same user across a network of sites (storage unique by domain).
This is a backport from Gutenberg.[https://github.com/WordPress/gutenberg/pull/39795 See WordPress/gutenberg PR 39795].
Props talldanwp, youknowriad, noisysocks, mamaduka, costdev, ironprogrammer, hellofromTonya.
See #56467.
Built from https://develop.svn.wordpress.org/trunk@54182
git-svn-id: http://core.svn.wordpress.org/trunk@53741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some plugins may call the `wp_cache_*()` functions with an empty string, `false`, or `null` as cache key, usually as a result of not checking the return value of another function that's used as the key.
Previously, this was silently failing, leading to odd behavior at best and often breakage due to key collisions.
A valid cache key must be either an integer number or a non-empty string.
This commit introduces a quick type check on the given cache keys and adds a `_doing_it_wrong()` message that should help plugin developers to notice these issues quicker.
Includes:
* A check in `update_user_caches()` and `clean_user_cache()` to make sure user email is not empty before being cached or removed from cache, as it is technically possible to create a user with empty email via `wp_insert_user()`.
* Some minor cleanup in unit tests where the email was passed to `wp_insert_user()` incorrectly or was unintentionally reset.
Props tillkruess, malthert, dd32, spacedmonkey, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#56198.
Built from https://develop.svn.wordpress.org/trunk@53818
git-svn-id: http://core.svn.wordpress.org/trunk@53377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
That allows locales to switch the order of the first name and last name, should they prefer to do so.
The string was previously used in `wp_insert_user()` and is now reused in other places for consistency:
* `WP_MS_Users_List_Table::column_name()`
* `WP_Users_List_Table::column_name()`
* `wp_list_authors()`
* `wp_list_users()`
Note: This also removes the `wp_list_author_full_name` filter, introduced for the same purpose in `wp_list_authors()`, as redundant for now.
Follow-up to [53486].
See #17025.
Built from https://develop.svn.wordpress.org/trunk@53501
git-svn-id: http://core.svn.wordpress.org/trunk@53090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.
Follow-up to [11383], [13096], [51597], [53452].
Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes#55852.
Built from https://develop.svn.wordpress.org/trunk@53455
git-svn-id: http://core.svn.wordpress.org/trunk@53044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For consistency with some similar filters like `send_password_change_email` or `send_email_change_email`, and for more flexibility, pass `$user_login` and `$user_data` parameters directly to the new `send_retrieve_password_email` and `retrieve_password_notification_email` filters.
Follow-up to [52604], [52605], [52606], [52607].
Props SergeyBiryukov, costdev, peterwilsoncc.
Fixes#54690.
Built from https://develop.svn.wordpress.org/trunk@53178
git-svn-id: http://core.svn.wordpress.org/trunk@52767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new location is next to the pre-existing `count_users()` function, along with other user-specific functions, and should be a more appropriate place in terms of consistency.
This affects:
* `get_user_count()`
* `wp_maybe_update_user_counts()`
* `wp_update_user_counts()`
* `wp_schedule_update_user_counts()`
* `wp_is_large_user_count()`
Follow-up to [53011], [53016].
See #38741.
Built from https://develop.svn.wordpress.org/trunk@53018
git-svn-id: http://core.svn.wordpress.org/trunk@52607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.
Props Presskopp, socalchristina, aandrewdixon, francina, SergeyBiryukov, JeffPaul, audrasjb, hellofromTonya.
Fixes#38913.
See #39176.
Built from https://develop.svn.wordpress.org/trunk@52978
git-svn-id: http://core.svn.wordpress.org/trunk@52567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Similar to other checks on `user_login` and `user_url`, this change moves the maximum length check on `user_nicename` after the `pre_user_nicename` filter has been applied, to account for any changes to the value prior to saving.
Props SergeyBiryukov, ravipatel, muhammadfaizanhaidar, mukesh27, csesumonpro, azouamauriac.
Fixes#54987.
Built from https://develop.svn.wordpress.org/trunk@52954
git-svn-id: http://core.svn.wordpress.org/trunk@52543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `user_url` database field only allows up to 100 characters, and if the value is longer than that, the function should return a proper error message instead of silently failing.
This complements similar checks for `user_login` and `user_nicename` fields.
Follow-up to [45], [1575], [32299], [34218], [34626].
Props mkox, sabernhardt, tszming, SergeyBiryukov.
Fixes#44107.
Built from https://develop.svn.wordpress.org/trunk@52650
git-svn-id: http://core.svn.wordpress.org/trunk@52239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change introduces two new hooks to help developers to filter retrieve password emails:
- `send_retrieve_password_email` can be used to filter whether to send the retrieve password email;
- `retrieve_password_notification_email` can be used to filter the contents of the reset password notification email sent to the user.
This changesets also adds unit tests for these new filters.
Props connapptivity, costdev, audrasjb, johnbillion.
Fixes#54690.
Built from https://develop.svn.wordpress.org/trunk@52604
git-svn-id: http://core.svn.wordpress.org/trunk@52192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `add_filter( 'wp_is_application_passwords_available', '__return_false' )` exists, HTTPS requirement message is shown even if HTTPS is enabled on the site. This happens because `wp_is_application_passwords_available_for_user()` first invokes `wp_is_application_passwords_available()` which is filterable. The situation could happen if the `'wp_is_application_passwords_available_for_user'` filter returns `false`.
To fix this, the check for HTTPS (or if in a 'local' environment) is moved to a new function called `wp_is_application_passwords_supported()`. Then the return from this function is used as an OR condition for the Application Passwords section and for displaying the HTTPS required message.
Tests are included for both `wp_is_application_passwords_supported()` and `wp_is_application_passwords_available()`.
Follow-up to [51980], [51988].
Props davidbinda, SergeyBiryukov, ocean90, felipeelia, costdev, hellofromTonya.
Fixes#53658.
Built from https://develop.svn.wordpress.org/trunk@52398
git-svn-id: http://core.svn.wordpress.org/trunk@51990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds the `wp_login_url()` login link to the Error message to be more helpful to users when their user email already is registered.
Improves the error message to more clearly communicate next step.
Follow-up to [16009], [22124], [31963].
Props andynick, costdev, dansoschin, sabernhardt, webcommsat.
Fixes#53631.
Built from https://develop.svn.wordpress.org/trunk@52074
git-svn-id: http://core.svn.wordpress.org/trunk@51666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a new function called `wp_list_users()`. Similar to other list functions such as `wp_list_authors()`, it lists all the users of the site. Options are available to configure the HTML output.
Following the same pattern of the other list functions, the list's HTML output is rendered by default. Setting the `echo` argument to `false`, returns the list's HTML output.
A new test class is included.
Props afercia, audrasjb, chriscct7, costdev, desrosj, greenshady, hellofromTonya, mte90, nacin, rohan013, sergeybiryukov.
Fixes#15145.
Built from https://develop.svn.wordpress.org/trunk@52064
git-svn-id: http://core.svn.wordpress.org/trunk@51656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Load a language switcher on the login and registration screens that allows users to choose any already-installed language. Set user locale on registration.
Props johnbillion, Nikschavan, afercia, sabernhardt, garrett-eclipse, keyur5, paaljoachim, Clorith, tobifjellner.
Fixes#43700.
Built from https://develop.svn.wordpress.org/trunk@52058
git-svn-id: http://core.svn.wordpress.org/trunk@51650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Similar to the existing `role`/`role__in`/`role__not_in` query arguments, this adds support for three new query arguments in `WP_User_Query`:
* `capability`
* `capability__in`
* `capability__not_in`
These can be used to fetch users with (or without) a specific set of capabilities, for example to get all users
with the capability to edit a certain post type.
Under the hood, this will check all existing roles on the site and perform a `LIKE` query against the `capabilities` user meta field to find:
* all users with a role that has this capability
* all users with the capability being assigned directly
Note: In WordPress, not all capabilities are stored in the database. Capabilities can also be modified using filters like `map_meta_cap`. These new query arguments do NOT work for such capabilities.
The prime use case for capability queries is to get all "authors", i.e. users with the capability to edit a certain post type.
Until now, `'who' => 'authors'` was used for this, which relies on user levels. However, user levels were deprecated a long time ago and thus never added to custom roles. This led to constant frustration due to users with custom roles missing from places like author dropdowns.
This updates any usage of `'who' => 'authors'` in core to use capability queries instead.
Subsequently, `'who' => 'authors'` queries are being **deprecated** in favor of these new query arguments.
Also adds a new `capabilities` parameter (mapping to `capability__in` in `WP_User_Query`) to the REST API users controller.
Also updates `twentyfourteen_list_authors()` in Twenty Fourteen to make use of this new functionality, adding a new `twentyfourteen_list_authors_query_args` filter to make it easier to override this behavior.
Props scribu, lgladdly, boonebgorges, spacedmonkey, peterwilsoncc, SergeyBiryukov, swissspidy.
Fixes#16841.
Built from https://develop.svn.wordpress.org/trunk@51943
git-svn-id: http://core.svn.wordpress.org/trunk@51532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows custom user meta values to be provided when creating or updating a user in the same way custom post meta can be provided to `wp_insert_post()` when creating or updating a post.
Also introduces the `insert_custom_user_meta` to filter these values.
Props desrosj, donmhico
Fixes#41950
Built from https://develop.svn.wordpress.org/trunk@51738
git-svn-id: http://core.svn.wordpress.org/trunk@51346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Typo corrections in filter descriptions.
- DocBlocks are now now wrapped to the next line after 80 characters, and not extending beyond 120 total characters wide.
- Remove unnecessary repeated references to the suggested replacement hooks.
- Adjustments to the indentation for consistency with other emails in Core, allowing the `phpcs:ignore` comment to be removed.
Props SergeyBiryukov.
Fixes#44314.
Built from https://develop.svn.wordpress.org/trunk@51410
git-svn-id: http://core.svn.wordpress.org/trunk@51021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filters `user_confirmed_action_email_content`, `user_erasure_complete_email_subject`, and `user_erasure_complete_email_headers` have been deprecated.
They have been replaced with `user_erasure_fulfillment_email_content`, `user_erasure_fulfillment_email_subject`, and `user_erasure_fulfillment_email_headers`.
Props desrosj, garrett-eclipse, birgire, DrewAPicture, lifeforceinst, ocean90, pbiron, pento, coffee2code, TZ-Media, SergeyBiryukov, johnbillion, audrasjb, davidbaumwald, hellofromTonya, helen, xkon, antpb, peterwilsoncc, lukecarbis.
Fixes#44314.
Built from https://develop.svn.wordpress.org/trunk@51129
git-svn-id: http://core.svn.wordpress.org/trunk@50738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new parameter to the action and filter hooks found in `wp_insert_user()` to pass the raw user data received through `$userdata` to hooked functions.
This will allow hooked functions to perform more contextual adjustments to new users, and makes supplying custom user meta fields possible.
Props johnbillion, audrasjb.
Fixes#53110.
Built from https://develop.svn.wordpress.org/trunk@51005
git-svn-id: http://core.svn.wordpress.org/trunk@50614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `update_user_option()` function is a way to update a user meta value after adding a blog’s prefix to the beginning of the meta key. But when the fourth parameter is `true`, the behavior is exactly the same as calling `update_user_meta()` directly.
This replaces all instances of `update_user_option()` when the fourth parameter is `true` in Core with a direct call to `update_user_meta()` to prevent an unnecessary call to `update_user_option()`.
Props johnjamesjacoby, zkancs, obenland, desrosj.
Fixes#43339.
Built from https://develop.svn.wordpress.org/trunk@50981
git-svn-id: http://core.svn.wordpress.org/trunk@50590 1a063a9b-81f0-0310-95a4-ce76da25c4cd