The filters `user_confirmed_action_email_content`, `user_erasure_complete_email_subject`, and `user_erasure_complete_email_headers` have been deprecated.
They have been replaced with `user_erasure_fulfillment_email_content`, `user_erasure_fulfillment_email_subject`, and `user_erasure_fulfillment_email_headers`.
Props desrosj, garrett-eclipse, birgire, DrewAPicture, lifeforceinst, ocean90, pbiron, pento, coffee2code, TZ-Media, SergeyBiryukov, johnbillion, audrasjb, davidbaumwald, hellofromTonya, helen, xkon, antpb, peterwilsoncc, lukecarbis.
Fixes#44314.
Built from https://develop.svn.wordpress.org/trunk@51129
git-svn-id: http://core.svn.wordpress.org/trunk@50738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new parameter to the action and filter hooks found in `wp_insert_user()` to pass the raw user data received through `$userdata` to hooked functions.
This will allow hooked functions to perform more contextual adjustments to new users, and makes supplying custom user meta fields possible.
Props johnbillion, audrasjb.
Fixes#53110.
Built from https://develop.svn.wordpress.org/trunk@51005
git-svn-id: http://core.svn.wordpress.org/trunk@50614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `update_user_option()` function is a way to update a user meta value after adding a blog’s prefix to the beginning of the meta key. But when the fourth parameter is `true`, the behavior is exactly the same as calling `update_user_meta()` directly.
This replaces all instances of `update_user_option()` when the fourth parameter is `true` in Core with a direct call to `update_user_meta()` to prevent an unnecessary call to `update_user_option()`.
Props johnjamesjacoby, zkancs, obenland, desrosj.
Fixes#43339.
Built from https://develop.svn.wordpress.org/trunk@50981
git-svn-id: http://core.svn.wordpress.org/trunk@50590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, these properties could be unexpectedly converted to strings in some contexts.
This applies to the following functions:
* `sanitize_post_field()`
* `sanitize_term_field()`
* `sanitize_user_field()`
and the following properties:
* `WP_Post::ID`
* `WP_Post::post_parent`
* `WP_Post::menu_order`
* `WP_Term::term_id`
* `WP_Term::term_taxonomy_id`
* `WP_Term::parent`
* `WP_Term::count`
* `WP_Term::term_group`
* `WP_User::ID`
Props grantmkin, SergeyBiryukov.
Fixes#53235. See #52995.
Built from https://develop.svn.wordpress.org/trunk@50935
git-svn-id: http://core.svn.wordpress.org/trunk@50544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Share the `WP_User` instance for the current user between the functions `get_userdata()` and `wp_get_current_user()`. Both functions return the `$current_user` global for the current user.
Force refresh the `$current_user` global within `clean_user_cache()` by immediately re-calling `wp_set_current_user()` with the current user's ID. This ensures any changes to the current user's permissions or other settings are reflected in the global. As a side-effect this immediately rewarms the current user's cache.
Props chaion07, chriscct7, donmhico, hellofromtonya, lukecarbis, peterwilsoncc, rmccue, TimothyBlynJacobs.
Fixes#28020.
Built from https://develop.svn.wordpress.org/trunk@50790
git-svn-id: http://core.svn.wordpress.org/trunk@50399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[48658] documented that various metadata functions return false for an invalid ID. However, that does not clarify what an invalid ID is: a non-numeric, zero, or negative value. This change adds the clarification in all relevant metadata function docblocks.
Props icopydoc, SergeyBiryukov, davidkryzaniak, audrasjb.
Fixes#51797.
Built from https://develop.svn.wordpress.org/trunk@50641
git-svn-id: http://core.svn.wordpress.org/trunk@50253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a form option to skip the admin email alert when exporting personal data.
Props xkon, azaozz, TZ-Media, iandunn, desrosj, iprg, allendav, wesselvandenberg, karmatosed, birgire, davidbaumwald, estelaris, paaljoachim, hellofromTonya.
Fixes#43890.
Built from https://develop.svn.wordpress.org/trunk@50159
git-svn-id: http://core.svn.wordpress.org/trunk@49838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the username was checked which caused a PHP warning in some server setups, for instance Shibboleth SSO, where the server only populates the `PHP_AUTH_USER` field.
Props MadtownLems, johnbillion, richard.tape, engahmeds3ed.
Fixes#52003.
Built from https://develop.svn.wordpress.org/trunk@49919
git-svn-id: http://core.svn.wordpress.org/trunk@49618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.
Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.
Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.
Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Fixes#51939.
Built from https://develop.svn.wordpress.org/trunk@49752
git-svn-id: http://core.svn.wordpress.org/trunk@49475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously App Passwords used a mix of "enabled" and "available". We've now standardized on using "available".
Additionally, we now use a 501 status code when indicating that App Passwords is not available.
Props SergeyBiryukov, ocean90, TimothyBlynJacobs.
Fixes#51513.
Built from https://develop.svn.wordpress.org/trunk@49617
git-svn-id: http://core.svn.wordpress.org/trunk@49355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filter is the callback function added with `add_filter()`, therefore the hook passes a value to the filter, and the filter returns a value to change its behaviour.
The documentation is referring to the latter.
Props johnbillion.
See #49572, #16557.
Built from https://develop.svn.wordpress.org/trunk@48185
git-svn-id: http://core.svn.wordpress.org/trunk@47954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes#50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd