Commit Graph

27 Commits

Author SHA1 Message Date
Scott Taylor
85a6189ad8 Users: when calling wp_insert_user() with an valid user ID, return WP_Error instead of arbitrarily updating user meta.
Adds unit test.

Props swissspidy, bilalcoder.
Fixes #28004.

Built from https://develop.svn.wordpress.org/trunk@35280


git-svn-id: http://core.svn.wordpress.org/trunk@35246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-20 05:28:24 +00:00
Sergey Biryukov
7f08716c16 Users: Add 'illegal_user_logins' filter to allow certain usernames to be blacklisted.
Props danielbachhuber, chriscct7, crazycoolcam, SergeyBiryukov.
Fixes #27317.
Built from https://develop.svn.wordpress.org/trunk@35189


git-svn-id: http://core.svn.wordpress.org/trunk@35155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-15 05:43:26 +00:00
Drew Jaynes
217b661703 Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35170


git-svn-id: http://core.svn.wordpress.org/trunk@35136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-14 23:44:25 +00:00
Scott Taylor
fc842e33c9 Users: when passing a WP_User instance to wp_update_user(), ensure that the user password is not accidentally double-hashed. This is terrifying.
Adds unit tests.

Props tbcorr, salcode.
Fixes #28435.

Built from https://develop.svn.wordpress.org/trunk@35116


git-svn-id: http://core.svn.wordpress.org/trunk@35081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-13 02:48:24 +00:00
John Blackbourn
b62e798c17 Introduce the ability to filter the Users admin listing screen by users with no role, if such users exist.
Fixes #22993
Props spmlucas, johnbillion

Built from https://develop.svn.wordpress.org/trunk@34965


git-svn-id: http://core.svn.wordpress.org/trunk@34930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 22:07:47 +00:00
Sergey Biryukov
399c1f3c83 Reset Password: Move the code for creating password reset key into a new function, get_password_reset_key(), and use it in retrieve_password().
Previously: [25231].

Props DH-Shredder.
Fixes #34180.
Built from https://develop.svn.wordpress.org/trunk@34923


git-svn-id: http://core.svn.wordpress.org/trunk@34888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 00:11:24 +00:00
Boone Gorges
846510ea6f Handle WP_User objects properly in update_user_caches().
We should not be storing the `WP_User` object in the cache, as it may contain
usermeta and other data that's cache elsewhere.

Props dd32.
See #24635.
Built from https://develop.svn.wordpress.org/trunk@34919


git-svn-id: http://core.svn.wordpress.org/trunk@34884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 22:42:25 +00:00
Jeremy Felt
9926983b66 Revert [34778], continue using _site_option() for the current network.
The `_network_option()` parameter order will be changing to accept `$network_id` first. The `_site_option()` functions will remain in use throughout core as our way of retrieving a network option for the current network.

See #28290.

Built from https://develop.svn.wordpress.org/trunk@34912


git-svn-id: http://core.svn.wordpress.org/trunk@34877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 17:11:25 +00:00
Drew Jaynes
7b82d75ec8 Users: Empty sanitized usernames should be considered invalid when passed through validate_username().
Adds tests.

Props gwinhlopez for the initial patch.
Props mordauk, chriscct7.
Fixes #24618.

Built from https://develop.svn.wordpress.org/trunk@34856


git-svn-id: http://core.svn.wordpress.org/trunk@34821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-06 05:35:25 +00:00
Sergey Biryukov
a285a1cf22 Use home_url() instead of get_option( 'siteurl' ) in notifications that are sent when a user's email address or password is changed.
Props tyxla, ramay.
Fixes #34071.
Built from https://develop.svn.wordpress.org/trunk@34820


git-svn-id: http://core.svn.wordpress.org/trunk@34785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-04 23:03:26 +00:00
Jeremy Felt
54512d64cb MS: Use *_network_option() functions throughout core.
Replaces all uses of `*_site_option()` with the corresponding "network" function.

This excludes one usage in `wp-admin/admin-footer.php` that needs more investigation.

Props spacedmonkey.
See #28290.

Built from https://develop.svn.wordpress.org/trunk@34778


git-svn-id: http://core.svn.wordpress.org/trunk@34743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-02 19:08:26 +00:00
Drew Jaynes
492c11508a Users: Add the default arguments array as a second parameter to the wp_dropdown_users_args filter, introduced in [34692].
Adjust hook doc descriptions accordingly.

See #19867.

Built from https://develop.svn.wordpress.org/trunk@34705


git-svn-id: http://core.svn.wordpress.org/trunk@34669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 22:39:25 +00:00
Drew Jaynes
7866772449 Users: Introduce the wp_dropdown_users_args filter, making it possible to filter the arguments for wp_dropdown_users() before the query is run.
The 'name' argument (or the `WP_Screen` object if in the admin) can be used to help target specific instances of `wp_dropdown_users()` via this hook.

Props norcross.
See #19867.

Built from https://develop.svn.wordpress.org/trunk@34692


git-svn-id: http://core.svn.wordpress.org/trunk@34656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 15:40:27 +00:00
Scott Taylor
939d9b7395 Remove some unused globals and/or their docs.
See ##33491.

Built from https://develop.svn.wordpress.org/trunk@34446


git-svn-id: http://core.svn.wordpress.org/trunk@34410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 20:27:25 +00:00
Drew Jaynes
35246a957f Docs: The User API is singular.
See #33701.

Built from https://develop.svn.wordpress.org/trunk@34393


git-svn-id: http://core.svn.wordpress.org/trunk@34357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 12:31:26 +00:00
Dominik Schilling
d2414cbd2f Login: Move the "Lost your password?" link into a separate string to reduce HTML tags in translation strings.
Props ramiy.
Fixes #31870.
Built from https://develop.svn.wordpress.org/trunk@34354


git-svn-id: http://core.svn.wordpress.org/trunk@34318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-20 09:11:24 +00:00
Scott Taylor
170a2cc4be Add a 'clean_user_cache' action at the end of clean_user_cache(). This is mighty similar to clean_post_cache().
Props elliott-stocks, wonderboymusic.
Fixes #31918.

Built from https://develop.svn.wordpress.org/trunk@34318


git-svn-id: http://core.svn.wordpress.org/trunk@34282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-19 05:41:26 +00:00
Boone Gorges
cdc6bc8ad5 Tell the insert_user_meta filter whether user is being updated.
`insert_user_meta` was introduced in [33708]. This changeset passes the
`$update` parameter to it.

Props tharsheblows, geminorum.
Fixes #31549.
Built from https://develop.svn.wordpress.org/trunk@34266


git-svn-id: http://core.svn.wordpress.org/trunk@34230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 14:35:26 +00:00
Boone Gorges
85c00bd943 Move new user notification emails to add_action() callbacks.
When a new user is created in various places throughout the interface,
notifications are sent to the site admin and the new user. Previously, these
notifications were fired through direct calls to `wp_new_user_notification()`,
making it difficult to stop or modify the messages.

This changeset introduces a number of new action hooks in place of direct calls
to `wp_new_user_notification()`, and hooks the new wrapper function
`wp_send_new_user_notifications()` to these hooks.

Props dshanske, thomaswm, boonebgorges.
Fixes #33587.
Built from https://develop.svn.wordpress.org/trunk@34251


git-svn-id: http://core.svn.wordpress.org/trunk@34215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 22:19:24 +00:00
Boone Gorges
a7e229637e Improve validation of user_login and user_nicename length.
The `user_login` field only allows 60 characters, and `user_nicename` allows
50. However, there are no protections in the interface, and few in the code,
that prevent the creation of users with values in excess of these limits. Prior
to recent changes in `$wpdb`, users were generally created anyway, MySQL
having performed the necessary truncation. More recently, the `INSERT`s and
`UPDATE`s simply fail, with no real feedback on the nature of the failure.

This changeset addresses the issue in a number of ways:
* On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length.
* In `wp_insert_user()`, throw an error if the value provided for `'user_login'` or `'user_nicename'` exceeds the maximum field length.
* In `wp_insert_user()`, when using `'user_login'` to generate a default value for `'user_nicename'`, ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc).

Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges.
Fixes #33793.
Built from https://develop.svn.wordpress.org/trunk@34218


git-svn-id: http://core.svn.wordpress.org/trunk@34182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 22:14:26 +00:00
Dominik Schilling
4af3a3374e Passwords: Deprecate second parameter of wp_new_user_notification().
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.

Adds unit tests.

Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes #33654.

(Don't ask for new pluggables kthxbye)
Built from https://develop.svn.wordpress.org/trunk@34116


git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 12:43:26 +00:00
Boone Gorges
b62bcef1b1 Send password-change email notifications via hook.
`wp_password_change_notification()` is now called at the 'after_password_reset'
action, rather than being invoked directly from the `reset_password()` function.

In order to make it possible to call `wp_password_change_notification()` as a
`do_action()` callback, the function signature has to be changed so that the
`$user` parameter is expected to be a value rather than a reference. Since
PHP 5.0, objects are passed by reference, so `&$user` was unnecessary anyway.

Props dshanske, thomaswm.
See #33587.
Built from https://develop.svn.wordpress.org/trunk@34107


git-svn-id: http://core.svn.wordpress.org/trunk@34075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 02:45:25 +00:00
Scott Taylor
c1bb5b5ce3 After [33843], update the location of some files in This filter is documented in docs
Props dimadin.
See #33413.

Built from https://develop.svn.wordpress.org/trunk@33954


git-svn-id: http://core.svn.wordpress.org/trunk@33923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-08 22:17:26 +00:00
Drew Jaynes
3be117216e Docs: Clarify the file header summary for wp-includes/user-functions.php, introduced in [33749].
See #33413. See #33701.

Built from https://develop.svn.wordpress.org/trunk@33896


git-svn-id: http://core.svn.wordpress.org/trunk@33865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-04 01:29:24 +00:00
Helen Hou-Sandí
1f500055a6 Drop the hyphen from e-mail and standardize on email.
The AP Stylebook changed this in 2011, and we're woefully inconsistent, so let's go with the standard.

props morganestes, voldemortensen, niallkennedy (for patching on the previous AP style).
fixes #26156.

Built from https://develop.svn.wordpress.org/trunk@33774


git-svn-id: http://core.svn.wordpress.org/trunk@33742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-28 03:17:21 +00:00
John Blackbourn
69bee8ed43 Improve the efficiency of is_user_member_of_blog() by removing its use of get_blogs_of_user(). Adds additional tests.
Fixes #32472
Props BinaryKitten, sammybeats, johnbillion

Built from https://develop.svn.wordpress.org/trunk@33771


git-svn-id: http://core.svn.wordpress.org/trunk@33739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-27 20:02:23 +00:00
Scott Taylor
484331e492 Users: move WP_User_Query into its own file. user.php loads the new files, so this is 100% BC if someone is loading user.php directly (a lot of plugins do). New files created using svn cp.
Creates: 
`class-wp-user-query.php` 
`user-functions.php` 

`user.php` contains only top-level code. Class file only contains the class. Functions file only contains functions.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@33749


git-svn-id: http://core.svn.wordpress.org/trunk@33717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 04:20:21 +00:00