Commit Graph

589 Commits

Author SHA1 Message Date
Peter Wilson
7b26eac3a3 Users: Use localized site title for password reset emails.
When sending password reset emails, switch to the user's locale prior to obtaining the site title to allow for plugins filtering based on locale.

Follow up to [50129,50139-50141,50152,50415].

Props chouby.
Fixes #52605. See #34281.


Built from https://develop.svn.wordpress.org/trunk@50439


git-svn-id: http://core.svn.wordpress.org/trunk@50050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-26 00:52:02 +00:00
Sergey Biryukov
9a4cbd05e8 Users: Only include the IP address in password reset email if the user is not logged in.
This avoids unnecessarily disclosing the IP address when sending a password reset link to another user from the admin.

Follow-up to [49255], [50129].

Props carike, audrasjb, gmariani405, Ipstenu.
See #34281.
Built from https://develop.svn.wordpress.org/trunk@50422


git-svn-id: http://core.svn.wordpress.org/trunk@50033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-23 20:08:03 +00:00
desrosj
89f2e512f5 Users: Ensure reset password emails are in the receiving user’s locale.
This ensures that reset password emails initiated by an administrator are sent to the user in their preferred locale.

Follow up to [50129,50139-50141,50152].

Props chouby, davidbaumwald, audrasjb, johnbillion.
Fixes #52605. See #34281.
Built from https://develop.svn.wordpress.org/trunk@50415


git-svn-id: http://core.svn.wordpress.org/trunk@50026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-23 16:38:06 +00:00
Sergey Biryukov
a80f705d97 Privacy: Rename the $send_confirmation_email parameter of wp_create_user_request() to $status, for clarity.
Follow-up to [50159], [50165].

Props xkon, TimothyBlynJacobs.
Fixes #52430. See #43890.
Built from https://develop.svn.wordpress.org/trunk@50230


git-svn-id: http://core.svn.wordpress.org/trunk@49891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-05 15:50:05 +00:00
Sergey Biryukov
8984e4ef8c Docs: Update documentation for wp_create_user_request() per the documentation standards.
Add a `@since` note for the `$send_confirmation_email` parameter.

Follow-up to [50159].

See #43890.
Built from https://develop.svn.wordpress.org/trunk@50165


git-svn-id: http://core.svn.wordpress.org/trunk@49844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:42:03 +00:00
antpb
64bb29d087 Privacy: Allow Admin to Skip e-mail confirmation for Export.
This adds a form option to skip the admin email alert when exporting personal data.

Props xkon, azaozz, TZ-Media, iandunn, desrosj, iprg, allendav, wesselvandenberg, karmatosed, birgire, davidbaumwald, estelaris, paaljoachim, hellofromTonya.
Fixes #43890.

Built from https://develop.svn.wordpress.org/trunk@50159


git-svn-id: http://core.svn.wordpress.org/trunk@49838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 19:45:03 +00:00
Sergey Biryukov
c5482c9b82 Docs: Update documentation for retrieve_password() per the documentation standards.
Follow-up to [50129], [50140].

See #34281.
Built from https://develop.svn.wordpress.org/trunk@50141


git-svn-id: http://core.svn.wordpress.org/trunk@49820 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 12:43:04 +00:00
Sergey Biryukov
22188b3e85 Users: Move retrieve_password() to wp-includes/user.php, for consistency with other user functions.
Follow-up to [25231], [50129].

Props jfarthing84, dimadin.
See #34281, #31039.
Built from https://develop.svn.wordpress.org/trunk@50140


git-svn-id: http://core.svn.wordpress.org/trunk@49819 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 12:37:03 +00:00
Sergey Biryukov
4104f92d7f Privacy: Use more consistent wording for strings related to personal data requests.
This replaces "user privacy" in various error messages with "personal data", for consistency with other existing strings.

Follow-up to [49090].

Props xkon, transl8or.
Fixes #51849.
Built from https://develop.svn.wordpress.org/trunk@49970


git-svn-id: http://core.svn.wordpress.org/trunk@49671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-17 17:46:06 +00:00
Sergey Biryukov
7ced0efbf4 Docs: Use more consistent descriptions for void|false return values.
See #51800.
Built from https://develop.svn.wordpress.org/trunk@49935


git-svn-id: http://core.svn.wordpress.org/trunk@49634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-05 16:48:07 +00:00
Sergey Biryukov
37662df05e Docs: In various @return tags, list the expected type first, instead of false or WP_Error.
Follow-up to [46696], [47060], [49926], [49927].

See #51800.
Built from https://develop.svn.wordpress.org/trunk@49929


git-svn-id: http://core.svn.wordpress.org/trunk@49628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-04 17:18:04 +00:00
John Blackbourn
dfe1f9b322 Docs: Promote many bool types to true or false where only that value is used.
See #51800

Built from https://develop.svn.wordpress.org/trunk@49927


git-svn-id: http://core.svn.wordpress.org/trunk@49626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-03 22:04:04 +00:00
John Blackbourn
53da9208dd Docs: Various docblock corrections particularly relating to boolean types.
See #51800

Built from https://develop.svn.wordpress.org/trunk@49926


git-svn-id: http://core.svn.wordpress.org/trunk@49625 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-03 21:57:09 +00:00
TimothyBlynJacobs
fa88bbfc79 App Passwords: Only attempt auth if the username and password are set.
Previously, only the username was checked which caused a PHP warning in some server setups, for instance Shibboleth SSO, where the server only populates the `PHP_AUTH_USER` field.

Props MadtownLems, johnbillion, richard.tape, engahmeds3ed.
Fixes #52003.

Built from https://develop.svn.wordpress.org/trunk@49919


git-svn-id: http://core.svn.wordpress.org/trunk@49618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-02 21:35:04 +00:00
John Blackbourn
42fcfa5b3d Docs: Various docblock corrections.
See #51800

Built from https://develop.svn.wordpress.org/trunk@49789


git-svn-id: http://core.svn.wordpress.org/trunk@49512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-10 23:53:07 +00:00
TimothyBlynJacobs
aac98aae97 App Passwords: Prevent conflicts when Basic Auth is already used by the site.
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.

Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.

Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.

Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Fixes #51939.


Built from https://develop.svn.wordpress.org/trunk@49752


git-svn-id: http://core.svn.wordpress.org/trunk@49475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-04 21:44:07 +00:00
John Blackbourn
f4cda1b62f Docs: Upgrade more parameters in docblocks to used typed array notation.
See #51800, #41756

Built from https://develop.svn.wordpress.org/trunk@49693


git-svn-id: http://core.svn.wordpress.org/trunk@49416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-24 21:27:05 +00:00
John Blackbourn
35f6c356c1 Docs: Document parameters that accept an array of integers using typed array notation.
While many of these parameters also technically accept an array of numerical strings, they are all ultimately cast to an array of integers. Documenting them as such assists developers in understanding the expected types.

See #51800, #41756

Built from https://develop.svn.wordpress.org/trunk@49672


git-svn-id: http://core.svn.wordpress.org/trunk@49395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-19 18:24:09 +00:00
Sergey Biryukov
f7d3a8b5c4 App Passwords: Add missing i18n for an error message.
Follow-up to [49617].

See #51513.
Built from https://develop.svn.wordpress.org/trunk@49627


git-svn-id: http://core.svn.wordpress.org/trunk@49365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-17 10:21:08 +00:00
TimothyBlynJacobs
d9b35c8e98 App Passwords: Unify availability language.
Previously App Passwords used a mix of "enabled" and "available". We've now standardized on using "available".

Additionally, we now use a 501 status code when indicating that App Passwords is not available.

Props SergeyBiryukov, ocean90, TimothyBlynJacobs.
Fixes #51513.

Built from https://develop.svn.wordpress.org/trunk@49617


git-svn-id: http://core.svn.wordpress.org/trunk@49355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-16 22:42:04 +00:00
Helen Hou-Sandí
340c834fa3 Privacy: More precise checking of user request action names.
Props garrett-eclipse.
Fixes #46536.

Built from https://develop.svn.wordpress.org/trunk@49475


git-svn-id: http://core.svn.wordpress.org/trunk@49234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-02 18:42:04 +00:00
Sergey Biryukov
1ce2f12eaf Docs: Correct description for wp_pre_insert_user_data filter.
Props audrasjb.
Fixes #51637.
Built from https://develop.svn.wordpress.org/trunk@49314


git-svn-id: http://core.svn.wordpress.org/trunk@49076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-26 22:53:06 +00:00
John Blackbourn
727922c8eb Docs: Further corrections and promotions for docblocks relating to object types.
See #50768

Built from https://develop.svn.wordpress.org/trunk@49197


git-svn-id: http://core.svn.wordpress.org/trunk@48959 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-18 20:53:08 +00:00
John Blackbourn
c16ae60deb Docs: Fix and upgrade various object docblock notations.
See #50768

Built from https://develop.svn.wordpress.org/trunk@49183


git-svn-id: http://core.svn.wordpress.org/trunk@48945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-17 16:05:09 +00:00
Sergey Biryukov
22c86907c4 Docs: Improve description of the $email parameter in email_exists().
Follow-up to [49148].

Props garrett-eclipse.
See #51379.
Built from https://develop.svn.wordpress.org/trunk@49153


git-svn-id: http://core.svn.wordpress.org/trunk@48915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-15 00:16:08 +00:00
Sergey Biryukov
118b9aea4d Users: Introduce email_exists filter, to complement username_exists.
Props garrett-eclipse, apermo, mukesh27, Mista-Flo, sebastian.pisula, mikelopez.
Fixes #51379. See #35509.
Built from https://develop.svn.wordpress.org/trunk@49148


git-svn-id: http://core.svn.wordpress.org/trunk@48910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-14 19:04:08 +00:00
Dominik Schilling
4dfe5ecfe1 Users: Enable Application Passwords for local development environments, even if HTTPS is not available.
This will make testing the new feature easier since the local development environment is only accessible via HTTP by default.
Also update docs to link to the relevant filters.

See #42790.
Fixes #51503.
Built from https://develop.svn.wordpress.org/trunk@49139


git-svn-id: http://core.svn.wordpress.org/trunk@48901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-13 20:10:04 +00:00
TimothyBlynJacobs
d5ebe12f11 REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.

This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.

Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.

Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.

Built from https://develop.svn.wordpress.org/trunk@49109


git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 22:14:06 +00:00
Sergey Biryukov
1651342d2b Privacy: Improve clarity of privacy error strings.
Primarily this adds "user privacy" to the strings for privacy requests, so they are more easily distinguished from other system actions within logs.

Props garrett-eclipse, carike, birgire.
Fixes #51351.
Built from https://develop.svn.wordpress.org/trunk@49090


git-svn-id: http://core.svn.wordpress.org/trunk@48852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-04 03:23:09 +00:00
Sergey Biryukov
d4a319c453 Users: Check if the user ID passed as selected to wp_dropdown_users() corresponds to an existing user.
This avoids a few PHP notices if the `include_selected` parameter was specified and a non-existing user ID was passed.

Props campusboy1987.
Fixes #51370.
Built from https://develop.svn.wordpress.org/trunk@49036


git-svn-id: http://core.svn.wordpress.org/trunk@48798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-23 00:27:07 +00:00
John Blackbourn
aef504acfd Docs: Correct the indentation for some array type docs.
See #50768

Built from https://develop.svn.wordpress.org/trunk@49028


git-svn-id: http://core.svn.wordpress.org/trunk@48790 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-21 16:46:06 +00:00
Sergey Biryukov
1f85e7484f Docs: Consistently use third-person singular verbs for various filter descriptions, per the documentation standards.
See #50768.
Built from https://develop.svn.wordpress.org/trunk@48782


git-svn-id: http://core.svn.wordpress.org/trunk@48544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-08-11 00:34:08 +00:00
Sergey Biryukov
5f6d6a79e8 Docs: Document that various metadata functions return false for an invalid ID.
Props salcode.
See #40519.
Built from https://develop.svn.wordpress.org/trunk@48658


git-svn-id: http://core.svn.wordpress.org/trunk@48420 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-28 10:15:04 +00:00
John Blackbourn
9bc7d0a776 Docs: Another pass at some inline docs fixes mostly made by PHPCBF.
See #49572, #50744
Built from https://develop.svn.wordpress.org/trunk@48590


git-svn-id: http://core.svn.wordpress.org/trunk@48352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 21:11:05 +00:00
John Blackbourn
7f898dd9c4 Docs: Use more appropriate variable names in the inline docs for action and filter parameters.
See #49572
Built from https://develop.svn.wordpress.org/trunk@48585


git-svn-id: http://core.svn.wordpress.org/trunk@48347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 19:06:03 +00:00
Sergey Biryukov
347e831768 Docs: Improve documentation for the $prev_value parameter and return result of various metadata update functions.
Props stevenlinx.
Fixes #50502. See #49572.
Built from https://develop.svn.wordpress.org/trunk@48214


git-svn-id: http://core.svn.wordpress.org/trunk@47983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-29 21:22:09 +00:00
Sergey Biryukov
40c389c95e Docs: Standardize on "Returning a value from the filter" vs. "Passing a value to the filter".
The filter is the callback function added with `add_filter()`, therefore the hook passes a value to the filter, and the filter returns a value to change its behaviour.

The documentation is referring to the latter.

Props johnbillion.
See #49572, #16557.
Built from https://develop.svn.wordpress.org/trunk@48185


git-svn-id: http://core.svn.wordpress.org/trunk@47954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-26 18:49:09 +00:00
desrosj
4b60af1a6a General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121


git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00
Andrea Fercia
ae447adaf4 I18N: Restore the "Error:" prefix for error messages.
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].

Fixes #47656.

Built from https://develop.svn.wordpress.org/trunk@48115


git-svn-id: http://core.svn.wordpress.org/trunk@47884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-21 14:00:09 +00:00
Sergey Biryukov
d586e4330d Docs: Miscellaneous DocBlock corrections for email filters in wp-includes/user.php.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48107


git-svn-id: http://core.svn.wordpress.org/trunk@47876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-20 12:22:07 +00:00
John Blackbourn
1a77bb81d8 Docs: Remove unnecessary variables names from @return tags.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48100


git-svn-id: http://core.svn.wordpress.org/trunk@47869 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-19 22:55:12 +00:00
Sergey Biryukov
2c19aee6d5 Login and Registration: Introduce lostpassword_errors filter in retrieve_password() for errors encountered on a password reset request.
This complements the `registration_errors` filter in `register_new_user()`.

Props wpdo5ea, dilipbheda.
Fixes #49521.
Built from https://develop.svn.wordpress.org/trunk@48084


git-svn-id: http://core.svn.wordpress.org/trunk@47851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-18 20:24:09 +00:00
Sergey Biryukov
de59ad23a4 Docs: Consistently include an empty line between @since tag and @see, @link, or @global, per the documentation standards.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48067


git-svn-id: http://core.svn.wordpress.org/trunk@47834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-16 21:07:14 +00:00
Sergey Biryukov
8fdb0728be Text Changes: Replace "webmaster" with "site admin" in register_new_user().
Follow-up to [48049], accidentally reverted in [48059].

Props kebbet.
See #50394.
Built from https://develop.svn.wordpress.org/trunk@48066


git-svn-id: http://core.svn.wordpress.org/trunk@47833 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-16 20:05:10 +00:00
Andrea Fercia
f83c504b88 I18N: Remove the "Error:" prefix from error messages.
For a number of years, most of the WordPress error messages have been prefixed with "Error:". However, these messages appear in a context where it's already clear an error occurred. Whether it's an error, a warning, or any other classification, that's not so relevant for users. The content of the message is the relevant part. The "Error:" prefix doesn't add great value while it does add unnecessary complexity for the message readability.

Also, revises some of these messages to improve clarity and removes HTML from translatable strings.

Props garrett-eclipse, ramiy, SergeyBiryukov, afercia, sabernhardt, quadthemes, audrasjb. 
See #47003, #43037, #42945, #15887.
Fixes #47656.

Built from https://develop.svn.wordpress.org/trunk@48059


git-svn-id: http://core.svn.wordpress.org/trunk@47826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-16 15:35:13 +00:00
Sergey Biryukov
6aa5788189 Text Changes: Replace "Webmaster" in output messages with more appropriate terms:
* "All at `###SITENAME###`" in `wp-admin/ms-delete-site.php`, for consistency with other Multisite emails.
* "Site admin" in `register_new_user()`, for clarity.

Props Presskopp, marybaum.
Fixes #50394.
Built from https://develop.svn.wordpress.org/trunk@48049


git-svn-id: http://core.svn.wordpress.org/trunk@47816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-15 19:41:11 +00:00
Sergey Biryukov
7932193708 Coding Standards: Use strict comparison where static strings are involved.
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47808


git-svn-id: http://core.svn.wordpress.org/trunk@47584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-16 18:42:12 +00:00
whyisjake
f7b4147bea User: Invalidate user_activation_key on password update.
Props: sstoqnov, sergeybiryukov.


Built from https://develop.svn.wordpress.org/trunk@47634


git-svn-id: http://core.svn.wordpress.org/trunk@47409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 15:25:07 +00:00
Sergey Biryukov
427405535f Docs: Synchronize parameter documentation for various metadata functions, update per the documentation standards.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@47611


git-svn-id: http://core.svn.wordpress.org/trunk@47386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-22 10:31:09 +00:00
Sergey Biryukov
9aa0fff80e Docs: Document the default value of $single and $prev_value parameters in various metadata functions.
Props denisco.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@47610


git-svn-id: http://core.svn.wordpress.org/trunk@47385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-22 09:40:10 +00:00