Commit Graph

486 Commits

Author SHA1 Message Date
John Blackbourn
9c7c11f268 Users: Clear the user settings cookies when clearing auth cookies.
This prevents lingering cookies when logging out and when switching between user accounts.

Props soulseekah, shanee
Fixes #32567

Built from https://develop.svn.wordpress.org/trunk@40580


git-svn-id: http://core.svn.wordpress.org/trunk@40450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-07 16:54:42 +00:00
Pascal Birchler
72c19648bc Load: Only load PasswordHash class when needed.
This reverts [38371] which loaded `class-phpass.php` early in `wp-settings.php` and in turn caused backward compatibility problems.

Props DavidAnderson, ketuchetan.
Fixes #39445.

Built from https://develop.svn.wordpress.org/trunk@40387


git-svn-id: http://core.svn.wordpress.org/trunk@40294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-06 18:01:42 +00:00
Sergey Biryukov
41666b5e0c Mail: Use correct capitalization for PHPMailer methods in wp_mail().
Props Soean, reidbusi.
Fixes #39702.
Built from https://develop.svn.wordpress.org/trunk@40363


git-svn-id: http://core.svn.wordpress.org/trunk@40270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-01 14:34:43 +00:00
John Blackbourn
96b2923e62 Docs: Remove the duplicate hook documentation for the newly introduced send_auth_cookies filter.
See #39367

Built from https://develop.svn.wordpress.org/trunk@40264


git-svn-id: http://core.svn.wordpress.org/trunk@40184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-10 15:03:42 +00:00
John Blackbourn
265a0f4d98 Build/Test tools: Don't override the wp_set_auth_cookie() and wp_clear_auth_cookie() functions.
Overriding pluggable functions in the test suite is asking for trouble in the future. In addition, it means the test suite can't be guaranteed to behave the same as core.

This instead introduces a `send_auth_cookies` filter which can be hooked in during the test suite to prevent these functions from attempting to send cookie headers to the client.

Fixes #39367

Built from https://develop.svn.wordpress.org/trunk@40263


git-svn-id: http://core.svn.wordpress.org/trunk@40183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-10 14:33:46 +00:00
John Blackbourn
4dffd5b82e Build/Test tools: Revert [40239] due to unrelated changes.
See #39486

Built from https://develop.svn.wordpress.org/trunk@40240


git-svn-id: http://core.svn.wordpress.org/trunk@40170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-08 00:05:42 +00:00
John Blackbourn
28055b9ff5 Build/Test tools: In Travis, skip some tests when not on trunk.
This skips time sensitive tests (copyright year and PHP/MySQL version requirements) when tests are run on branches on Travis.

Props netweb, jorbin
Fixes #39486

Built from https://develop.svn.wordpress.org/trunk@40239


git-svn-id: http://core.svn.wordpress.org/trunk@40169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-08 00:01:46 +00:00
Aaron Campbell
288cd46939 Strip control characters before validating redirect.
Built from https://develop.svn.wordpress.org/trunk@40183


git-svn-id: http://core.svn.wordpress.org/trunk@40122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:38:41 +00:00
Dion Hulse
577a192ebd Mail: In PHPMailer 5.2.7 the case of the Send() method changed to send(), update our call for consistency with the library.
Props michalzuber.
Fixes #39469.

Built from https://develop.svn.wordpress.org/trunk@39691


git-svn-id: http://core.svn.wordpress.org/trunk@39631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-05 08:10:42 +00:00
Dion Hulse
1a40f6b7ae Mail: Ensure that any phpmailerException exceptions generated by setFrom() are caught to avoid PHP Fatal errors.
This change avoids a PHP fatal error that can be encountered when the specified (or generated) source email is an invalid address, such as `wordpress@_`, it makes no effort to set a valid source, only avoid the fatal error.

See #25239 for correcting the email address.
Fixes #39360.

Built from https://develop.svn.wordpress.org/trunk@39655


git-svn-id: http://core.svn.wordpress.org/trunk@39595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-30 06:44:40 +00:00
John Blackbourn
80a839de13 Docs: Misc corrections and additions to inline documentation.
See #39130
Props keesiemeijer

Built from https://develop.svn.wordpress.org/trunk@39639


git-svn-id: http://core.svn.wordpress.org/trunk@39579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 09:28:40 +00:00
John Blackbourn
c2d709e9d6 I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment.
See #38882

Built from https://develop.svn.wordpress.org/trunk@39326


git-svn-id: http://core.svn.wordpress.org/trunk@39266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 02:46:30 +00:00
John Blackbourn
4cf5550d8d I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment.
Adds context to one string used in two different contexts for the new user and new site signup email notification.

More to come.

See #38882

Built from https://develop.svn.wordpress.org/trunk@39323


git-svn-id: http://core.svn.wordpress.org/trunk@39263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 01:22:32 +00:00
Helen Hou-Sandí
dab566d973 Mail: Set a better error code when triggering wp_mail_failed.
This error code is now... wait for it... `wp_mail_failed`. Previously, this would have been the originating PHPMailer error code, which could be `0`, which would then fail (pass?) the `empty()` check in the `WP_Error` constructor, thereby rendering the error object fairly useless. The PHPMailer error code is now located within the `WP_Error` data.

props Kau-Boy, stephenharris.
fixes #35598.

Built from https://develop.svn.wordpress.org/trunk@39086


git-svn-id: http://core.svn.wordpress.org/trunk@39028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 04:27:34 +00:00
Drew Jaynes
5f4497f0af Docs: Fix multiple trivial typos throughout a variety of core files.
Props ottok.
Fixes #38489.

Built from https://develop.svn.wordpress.org/trunk@39051


git-svn-id: http://core.svn.wordpress.org/trunk@38993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 06:28:32 +00:00
Dominik Schilling
7819e2b4ba I18N: Introduce a locale-switching function.
With the introduction of user-specific languages in [38705] it's necessary to be able to switch translations on the fly. For example emails should be sent in the language of the recipient and not the one of the current user.

This introduces a new `WP_Locale_Switcher` class which is used for switching locales and translations. It holds the stack of locales whenever `switch_to_locale( $locale )` is called. With `restore_previous_locale()` you can restore the previous locale. `restore_current_locale()` empties the stack and sets the locale back to the initial value.

`switch_to_locale()` is added to most of core's email functions, either with the value of `get_locale()` (site language) or `get_user_locale()` (user language with fallback to site language).

Props yoavf, tfrommen, swissspidy, pbearne, ocean90.
See #29783.
Fixes #26511.
Built from https://develop.svn.wordpress.org/trunk@38961


git-svn-id: http://core.svn.wordpress.org/trunk@38904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 15:36:31 +00:00
Scott Taylor
a3ffebce30 Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38470


git-svn-id: http://core.svn.wordpress.org/trunk@38411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:31:29 +00:00
John Blackbourn
a1d61a95e1 Security: Return a 403 instead of a 200 HTTP status when check_ajax_referer() fails.
This is, unfortunately, untestable in the current test suite, even in the AJAX tests.

Fixes #36362

Built from https://develop.svn.wordpress.org/trunk@38421


git-svn-id: http://core.svn.wordpress.org/trunk@38362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-28 17:31:30 +00:00
John Blackbourn
b85e322e35 Security: Trigger a _doing_it_wrong() when check_ajax_referer() is called without its first parameter. This brings it inline with check_admin_referer().
Fixes #36361

Built from https://develop.svn.wordpress.org/trunk@38420


git-svn-id: http://core.svn.wordpress.org/trunk@38361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-28 17:15:28 +00:00
Scott Taylor
390ceba6c7 Bootstrap: after r38409 and r38410, revert r38402 which reverted r38399.
This fixes the paths in `wp-vendor/` that were including `src`. I want to drop this in so we can find out what else will break.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38411


git-svn-id: http://core.svn.wordpress.org/trunk@38352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 22:32:37 +00:00
Dion Hulse
0e31a46161 Bootstrap: Revert [38399] as it's broken /build/ and subsequently core.svn.wordpress.org.
The generated classmaps reference `/src/` files and operates in the assumption that the base directory is one level above `wp-settings.php`, which it isn't after our build processes are run.

See #36335

Built from https://develop.svn.wordpress.org/trunk@38402


git-svn-id: http://core.svn.wordpress.org/trunk@38343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 14:37:32 +00:00
Scott Taylor
6a529648cf Bootstrap: Autoload classes using a Composer-generated PHP 5.2-compatible Autoloader.
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.

The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php

We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php

When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.

The future is now.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38399


git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 09:15:29 +00:00
Scott Taylor
481123661c Load: load class-phpass.php (PasswordHash class) early in wp-settings.php, instead of require_once()'ing it in several places.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38371


git-svn-id: http://core.svn.wordpress.org/trunk@38312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-26 17:40:35 +00:00
Drew Jaynes
f07f1b126e Docs: Add a missing parenthesis in an example in the DocBlock for wp_redirect().
Props shayanys.
See #37770.

Built from https://develop.svn.wordpress.org/trunk@38350


git-svn-id: http://core.svn.wordpress.org/trunk@38291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-25 07:36:31 +00:00
Scott Taylor
b7812bd416 AJAX: add a new function, wp_doing_ajax(), which can replace... (wait for it...) DOING_AJAX checks via the constant.
Props Mte90, sebastian.pisula, swissspidy.
Fixes #25669.

Built from https://develop.svn.wordpress.org/trunk@38334


git-svn-id: http://core.svn.wordpress.org/trunk@38275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-23 14:33:30 +00:00
Boone Gorges
54fe38c7cc Mail: Don't set Sender field when setting From.
[38058] changed `wp_mail()` so that it used PHPMailer's `setFrom()`
method rather than setting the From and FromName headers directly. See
behavior of setting the `Sender` field. This causes `mail` to be
called with the `-f` flag, which causes outgoing email to fail on some
server environments.

Props Clorith, iandunn, DrewAPicture.
Fixes #37736.
Built from https://develop.svn.wordpress.org/trunk@38286


git-svn-id: http://core.svn.wordpress.org/trunk@38227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-20 02:17:38 +00:00
Boone Gorges
905f4ec0f8 Mail: Improve handling of UTF-8 address headers.
Previously, `wp_mail()` implemented Reply-To as a generic header, using
PHPMailer's `addCustomHeader()`. As such, the email address portion of
the header was being incorrectly encoded when the name portion
contained UTF-8 characters. Switching to PHPMailer's more specific
`addReplyTo()` method fixes the issue.

For greater readability, the handling of all address-related headers
(To, CC, BCC, Reply-To) has been standardized.

Props szepe.viktor, iandunn, bpetty, stephenharris.
Fixes #21659.
Built from https://develop.svn.wordpress.org/trunk@38058


git-svn-id: http://core.svn.wordpress.org/trunk@37999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 18:04:28 +00:00
Drew Jaynes
6c7148943b Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide.
Ajax, while considered an acronym for Asynchronous JavaScript and XML, is most commonly capitalized only in the first character.

Part props ocean90.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38028


git-svn-id: http://core.svn.wordpress.org/trunk@37969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 00:51:30 +00:00
Sergey Biryukov
139387b7e5 Docs: Use 3-digit, x.x.x-style semantic versioning for _doing_it_wrong(), _deprecated_function(), _deprecated_argument(), and _deprecated_file() throughout core.
Props metodiew.
Fixes #36495.
Built from https://develop.svn.wordpress.org/trunk@37985


git-svn-id: http://core.svn.wordpress.org/trunk@37926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-06 12:40:29 +00:00
Jeremy Felt
6f3f00ea97 Multisite: Change WP_Network id property to an integer.
For consistency and developer sanity.

Props flixos90.
Fixes #37050.

Built from https://develop.svn.wordpress.org/trunk@37870


git-svn-id: http://core.svn.wordpress.org/trunk@37811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-26 14:26:29 +00:00
Sergey Biryukov
bbd663415c Text Changes: Simplify two strings in wp_password_change_notification().
Add translator comments.

Props ramiy.
See #35736.
Built from https://develop.svn.wordpress.org/trunk@37704


git-svn-id: http://core.svn.wordpress.org/trunk@37670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-14 22:09:28 +00:00
Jeremy Felt
d75f77a410 Admin: Allow for the consistent filtering of auth_redirect_scheme
Fixes #37047.

Built from https://develop.svn.wordpress.org/trunk@37651


git-svn-id: http://core.svn.wordpress.org/trunk@37617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-07 20:49:30 +00:00
Drew Jaynes
9193013158 Docs: Apply inline @see tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

Fixes #36921.

Built from https://develop.svn.wordpress.org/trunk@37544


git-svn-id: http://core.svn.wordpress.org/trunk@37512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:02:28 +00:00
Drew Jaynes
6c534918d4 Docs: Standardize filter docs in wp-includes/pluggable.php to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37508


git-svn-id: http://core.svn.wordpress.org/trunk@37476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:35:27 +00:00
Eric Lewis
02a4e761f2 Users: Correct inline docs for cookie expiration.
Props kjbenk.
Fixes #35568.

Built from https://develop.svn.wordpress.org/trunk@37315


git-svn-id: http://core.svn.wordpress.org/trunk@37281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-27 02:52:28 +00:00
Sergey Biryukov
c371296223 Users: In wp_new_user_notification(), sdd 'user' option for the $notify parameter, which allows for sending notification only to the user created.
Props akibjorklund.
Fixes #36009.
Built from https://develop.svn.wordpress.org/trunk@37276


git-svn-id: http://core.svn.wordpress.org/trunk@37242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-21 10:20:27 +00:00
Drew Jaynes
11ab384086 Docs: Improve 4.5 changelog entries introduced in [36992] for wp_authenticate(), and the authenticate and wp_login_failed hooks.
See #9568. See #35986.

Built from https://develop.svn.wordpress.org/trunk@37030


git-svn-id: http://core.svn.wordpress.org/trunk@36997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-17 08:06:27 +00:00
John Blackbourn
621085a360 Users: Add @since entries to wp_authenticate() and its filters now that the $username parameter can also be an email address.
See #9568, #35986

Built from https://develop.svn.wordpress.org/trunk@36992


git-svn-id: http://core.svn.wordpress.org/trunk@36959 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-14 22:31:27 +00:00
Sergey Biryukov
ef7a559e2e Docs: Correct filter reference in pre_get_avatar filter description.
Props henry.wright.
Fixes #36031.
Built from https://develop.svn.wordpress.org/trunk@36800


git-svn-id: http://core.svn.wordpress.org/trunk@36767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-02 03:41:28 +00:00
Dominik Schilling
e5ea82d81a Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective).
Props obrienlabs, thewanderingbrit.
Fixes #34887.
Built from https://develop.svn.wordpress.org/trunk@36709


git-svn-id: http://core.svn.wordpress.org/trunk@36676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-25 12:53:27 +00:00
Drew Jaynes
f5ea3e5dac Docs: Make a few syntactical improvements to the DocBlock for _wp_get_current_user(), introduced in [36651].
Includes a cross reference from the DocBlock for `wp_get_current_user()`, which itself is pluggable, but the new internal function is not.

See #19615. See #32246.

Built from https://develop.svn.wordpress.org/trunk@36705


git-svn-id: http://core.svn.wordpress.org/trunk@36672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-25 05:07:26 +00:00
Sergey Biryukov
f170058209 Mail: Correct compact() usage in wp_mail().
Props Ankit K Gupta, maweder.
Fixes #35781 for trunk.
Built from https://develop.svn.wordpress.org/trunk@36688


git-svn-id: http://core.svn.wordpress.org/trunk@36655 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 17:38:27 +00:00
Pascal Birchler
9612c26db3 Users: Introduce _wp_get_current_user() for improved backward compatibility.
This new helper function is used by the pluggable functions `wp_get_current_user()` and `get_currentuserinfo()`, which was previously being called by the former before [36311]. Without it, infinite loops could be caused when plugins implement these functions, as they are now called the other way around.

Fixes #19615.
Built from https://develop.svn.wordpress.org/trunk@36651


git-svn-id: http://core.svn.wordpress.org/trunk@36618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 22:26:28 +00:00
Dominik Schilling
7ebe2c1e7a Authentication: Allow users to log in using their email address.
Introduces `wp_authenticate_email_password()` which is hooked into `authenticate` after `wp_authenticate_username_password()`.

Props Denis-de-Bernardy, ericlewis, vhomenko, MikeHansenMe, swissspidy, ocean90.
Fixes #9568.
Built from https://develop.svn.wordpress.org/trunk@36617


git-svn-id: http://core.svn.wordpress.org/trunk@36584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-22 23:15:27 +00:00
Rachel Baker
06225cc394 Comments: Refresh the Moderate Comment screen for a friendlier experience with email moderation actions.
Brings some love to this neglected screen:
* format `comment_content`, instead of escaping in one massive block of text
* only wrap the comment date in a link if the comment permalink exists
* include link to the Edit Comment screen at the bottom of the comment_content
* update the message styles to match other screens
* append `#wpbody-content` to the comment email message links for accessibility

Props johnbillion, rachelbaker, afercia, melchoyce, karmatosed.

Fixes #34133
Built from https://develop.svn.wordpress.org/trunk@36588


git-svn-id: http://core.svn.wordpress.org/trunk@36555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-19 19:14:26 +00:00
Dominik Schilling
72c6f7f86f Suppress possible warnings in PHP < 5.3.3 by parse_url() in wp_validate_redirect().
PHP 5.3.3 removed the E_WARNING that was emitted when URL parsing failed.
Built from https://develop.svn.wordpress.org/trunk@36446


git-svn-id: http://core.svn.wordpress.org/trunk@36413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 16:34:27 +00:00
Aaron Jorbin
5c4031dd84 Revert [35792]
This causes a regression and causes redirects to potentially fail.

See #5114 #34028
props ocean90

Built from https://develop.svn.wordpress.org/trunk@36445


git-svn-id: http://core.svn.wordpress.org/trunk@36412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 16:24:26 +00:00
Dominik Schilling
361ed7a3d6 Better validation of the URL used in HTTP redirects.
Built from https://develop.svn.wordpress.org/trunk@36444


git-svn-id: http://core.svn.wordpress.org/trunk@36411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 15:11:28 +00:00
Dominik Schilling
c5e3716c11 Docs: Fix @return type for wp_get_current_user() after [36313].
See #19615.
Built from https://develop.svn.wordpress.org/trunk@36314


git-svn-id: http://core.svn.wordpress.org/trunk@36281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-15 11:16:26 +00:00
Pascal Birchler
9cd880d356 Users: Always return $current_user in wp_get_current_user(), never a boolean.
Fixes unit tests affected by [36311].

See #19615.
Built from https://develop.svn.wordpress.org/trunk@36313


git-svn-id: http://core.svn.wordpress.org/trunk@36280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-15 10:47:25 +00:00