The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.
Adds unit tests.
Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes#33654.
(Don't ask for new pluggables kthxbye)
Built from https://develop.svn.wordpress.org/trunk@34116
git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Site and user signup notifications are moved to the new actions
`'after_signup_site'` and `'after_signup_user'`. Site and user activation
notifications are moved to the existing actions `'wpmu_activate_blog'` and
`'wpmu_activate_user'`.
Props dshanske, thomaswm, jeremyfelt.
See #33587..
Built from https://develop.svn.wordpress.org/trunk@34112
git-svn-id: http://core.svn.wordpress.org/trunk@34080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp_password_change_notification()` is now called at the 'after_password_reset'
action, rather than being invoked directly from the `reset_password()` function.
In order to make it possible to call `wp_password_change_notification()` as a
`do_action()` callback, the function signature has to be changed so that the
`$user` parameter is expected to be a value rather than a reference. Since
PHP 5.0, objects are passed by reference, so `&$user` was unnecessary anyway.
Props dshanske, thomaswm.
See #33587.
Built from https://develop.svn.wordpress.org/trunk@34107
git-svn-id: http://core.svn.wordpress.org/trunk@34075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Move the internals of `get_network_by_path()` to `WP_Network()` and allow network objects to be retrieved by passing a requested domain and path.
Props johnjamesjacoby, jeremyfelt, drewapicture, wonderboymusic.
See #31985.
Built from https://develop.svn.wordpress.org/trunk@34099
git-svn-id: http://core.svn.wordpress.org/trunk@34067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A `WP_Network` object initially matches a row from `wp_site` and is populated with additional properties used by WordPress core. The first iteration is used to retrieve an existing network based on data passed to the class.
* A network can be retrieved by its ID through `WP_Network::get_instance()`, following in the steps of `WP_Post` and `WP_Comment`.
* A network object can be created or completed by passing initial properties in as a standard object to `new WP_Network()`.
Using these methods, we are now able to populate the global `$current_site` during load via this class.
Props johnjamesjacoby, jeremyfelt, drewapicture, wonderboymusic.
See #31985.
Built from https://develop.svn.wordpress.org/trunk@34097
git-svn-id: http://core.svn.wordpress.org/trunk@34065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Post type objects are reponsible for mapping their capabilities to core caps.
As a result, when the post type is no longer registered, the caps are no
longer mapped. This causes problems when a post is left in the database after
the post type is no longer present, and WP does an 'edit_post' or other cap
check against it: a PHP notice is thrown, and the cap check always fails.
As a more graceful fallback, we map all post-type-dependent caps onto
'edit_others_posts', which allows highly privileged users to be able to
access orphaned content (such as comments belonging to disabled post types),
while minimizing the possibility of unintended privilege escalation.
We also add a `_doing_it_wrong()` notice, so that developers and site
administrators are aware that the cap mapping is failing in the absence of
the registered post type.
Props mitchoyoshitaka, DrewAPicture, imath, codeelite, boonebgorges, nofearinc, SergeyBiryukov, jorbin, dlh.
Fixes#16956.
Built from https://develop.svn.wordpress.org/trunk@34091
git-svn-id: http://core.svn.wordpress.org/trunk@34059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By forcing all clause keys to be strings, we make it possible to use strict
comparison when validating values of 'orderby' as passed to `WP_Query`. This
eliminates situations where the presence of numeric clause keys could result
in an improperly validated 'orderby' value.
Props nikolov.tmw.
Fixes#32937.
Built from https://develop.svn.wordpress.org/trunk@34090
git-svn-id: http://core.svn.wordpress.org/trunk@34058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since [29248], a table join has not been necessary to process the
`$excluded_terms` parameter of `get_adjacent_post()`. Aside from adding extra
overhead, this join meant that post records that don't have any corresponding
rows in `wp_term_relationships` were erroneously excluded from results.
Fixes#32833.
Built from https://develop.svn.wordpress.org/trunk@34088
git-svn-id: http://core.svn.wordpress.org/trunk@34056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Setting the default value of the `queried_object_id` property to `0` meant
that, when called early enough in the WP bootstrap, `get_queried_object()`
could short-circuit the normal query by fooling it into thinking that the
request was for a page with id 0. Setting the default value to `null` instead
avoids this problem.
Props gradyetc, jazbek.
Fixes#31355.
Built from https://develop.svn.wordpress.org/trunk@34073
git-svn-id: http://core.svn.wordpress.org/trunk@34041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
