Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-04 18:01:42 +01:00
Code Issues Projects Releases Wiki Activity
30,161 Commits 50 Branches 747 Tags 788 MiB
b5973e92ec
Commit Graph

352 Commits

Author SHA1 Message Date
Drew Jaynes
8ec2d2a151 Add inline documentation for WP_User_Query default arguments in the form of a hash notation. 
Adds documentation pointers from the class-level doc for `WP_User_Query`, as well as the `get_users()` doc.

Props tschutter.
Fixes #29846.

Built from https://develop.svn.wordpress.org/trunk@29843


git-svn-id: http://core.svn.wordpress.org/trunk@29607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-10-06 15:36:17 +00:00
Boone Gorges
2dad79f6c5 Always sanitize user_nicename in wp_insert_user(). 
Previously, a 'user_nicename' parameter passed into the function was
unsanitized. This could result in a mismatch between the sanitized nicename
generated automatically at user creation, resulting in broken author archive
permalinks.

Props joemcgill.

Fixes #29696.
Built from https://develop.svn.wordpress.org/trunk@29819


git-svn-id: http://core.svn.wordpress.org/trunk@29585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-10-02 18:54:17 +00:00
Sergey Biryukov
5727b51538 Correct @return value for WP_User_Query::get_total(). 
props jesin.
fixes #29656.
Built from https://develop.svn.wordpress.org/trunk@29744


git-svn-id: http://core.svn.wordpress.org/trunk@29518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-09-13 22:24:17 +00:00
Andrew Nacin
768136c6da Rename the public methods in the session tokens API. 
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.

The protected abstract methods designed for alternative implementations remain the same.

props mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29635


git-svn-id: http://core.svn.wordpress.org/trunk@29409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-27 02:07:16 +00:00
Drew Jaynes
a8583d5f19 Fix some words that aren't words. 
See #28885.

Built from https://develop.svn.wordpress.org/trunk@29454


git-svn-id: http://core.svn.wordpress.org/trunk@29232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-09 19:30:17 +00:00
Scott Taylor
91764118fb Add an action, pre_get_users, in WP_User_Query::prepare_query(). 
Props rmccue.
Fixes #29084.

Built from https://develop.svn.wordpress.org/trunk@29363


git-svn-id: http://core.svn.wordpress.org/trunk@29139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-02 20:46:16 +00:00
Andrew Nacin
654e46f03d Tie cookies and nonces to user sessions so they may be invalidated upon logout. 
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.

Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().

This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.

props duck_, nacin, mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29221


git-svn-id: http://core.svn.wordpress.org/trunk@29005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-18 09:13:15 +00:00
Drew Jaynes
3665b5a1a1 Add periods to short descriptions for magic methods added in [28501], [28521], and [28524]. 
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29165


git-svn-id: http://core.svn.wordpress.org/trunk@28949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-14 01:12:14 +00:00
Drew Jaynes
f287dbbbde Fill out inline documentation for magic methods added to the WP_User_Query class in [28528]. 
See #27881, #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29140


git-svn-id: http://core.svn.wordpress.org/trunk@28924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-13 23:34:15 +00:00
Drew Jaynes
c0052b6af2 Convert default arguments documentation for wp_insert_user() into a hash notation. 
See #28841.

Built from https://develop.svn.wordpress.org/trunk@29116


git-svn-id: http://core.svn.wordpress.org/trunk@28902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-12 00:21:15 +00:00
Drew Jaynes
933ab734f9 Convert default arguments documentation for wp_dropdown_users() into a hash notation. 
See #28841.

Built from https://develop.svn.wordpress.org/trunk@29115


git-svn-id: http://core.svn.wordpress.org/trunk@28901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-12 00:08:15 +00:00
Dominik Schilling
a20d6ebec6 Add missing filter doc, see [29043]. 
see #27627.
Built from https://develop.svn.wordpress.org/trunk@29102


git-svn-id: http://core.svn.wordpress.org/trunk@28888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-11 19:24:28 +00:00
John Blackbourn
2ce53ede8e Persist the "Remember Me" state of the auth cookie when changing your own password. Props jesin. Fixes #27627. 
Built from https://develop.svn.wordpress.org/trunk@29043


git-svn-id: http://core.svn.wordpress.org/trunk@28831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-09 18:05:15 +00:00
Scott Taylor
c8852cc909 Use the WPINC constant when loading class-phpass.php 
Props wojtek.szkutnik
See #14157.

Built from https://develop.svn.wordpress.org/trunk@28903


git-svn-id: http://core.svn.wordpress.org/trunk@28702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-06-29 22:12:16 +00:00
Scott Taylor
71090a7f12 Remove title attributes in wp_authenticate_username_password(). 
Props joedolson.
Fixes #26547.

Built from https://develop.svn.wordpress.org/trunk@28870


git-svn-id: http://core.svn.wordpress.org/trunk@28670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-06-27 20:05:15 +00:00
Scott Taylor
994ca59abd Don't use variable variables in wp_insert_user(). 
Add a local array, `$meta`, to provide substantial disambiguation among variables. 

See #27881.

Built from https://develop.svn.wordpress.org/trunk@28740


git-svn-id: http://core.svn.wordpress.org/trunk@28554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-06-11 18:21:14 +00:00
Scott Taylor
6a61826660 Set a variable for like-escaped string before looping in WP_User_Query::get_search_sql(). 
Props miqrogroove.
Fixes #10041.

Built from https://develop.svn.wordpress.org/trunk@28722


git-svn-id: http://core.svn.wordpress.org/trunk@28536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-06-10 02:45:16 +00:00
Scott Taylor
05eeb16e30 Replace all uses of like_escape() with $wpdb->esc_like(). 
Props miqrogroove.
See #10041.

Built from https://develop.svn.wordpress.org/trunk@28712


git-svn-id: http://core.svn.wordpress.org/trunk@28528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-06-10 00:44:15 +00:00
Drew Jaynes
3e0521c2cf Add inline documentation for the option_none_value argument added to wp_dropdown_users|categories() in [28564]. 
Fixes #16625.

Built from https://develop.svn.wordpress.org/trunk@28570


git-svn-id: http://core.svn.wordpress.org/trunk@28395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-24 05:39:15 +00:00
Scott Taylor
53ea68e838 wp_dropdown_pages() allows option_none_value to be passed. Add that arg to the $defaults for wp_dropdown_users() and wp_dropdown_categories() as well. 
Props solarissmoke. 
Fixes #16625.

Built from https://develop.svn.wordpress.org/trunk@28564


git-svn-id: http://core.svn.wordpress.org/trunk@28390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-23 20:47:15 +00:00
Scott Taylor
ab6d069f59 Add access modifiers to WP_User_Query. 
Add magic methods for BC: __get(), __set(), __isset(), __unset(), and
__call().

See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28528


git-svn-id: http://core.svn.wordpress.org/trunk@28354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-19 15:48:15 +00:00
Scott Taylor
877fad9f38 Eliminate use of extract() in wp_insert_user(). 
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28454


git-svn-id: http://core.svn.wordpress.org/trunk@28281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-16 18:15:15 +00:00
Scott Taylor
ee90a8c17c Eliminate the use of extract() in wp_dropdown_users(). 
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28420


git-svn-id: http://core.svn.wordpress.org/trunk@28247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-15 05:18:15 +00:00
Andrew Nacin
91971b28a7 User Query: Don't blindly re-append new meta queries for capabilities. 
fixes #21119.

Built from https://develop.svn.wordpress.org/trunk@28087


git-svn-id: http://core.svn.wordpress.org/trunk@27918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-04-12 19:04:15 +00:00
Drew Jaynes
5c3c97ead6 PHPDoc fixes for wp_validate_logged_in_cookie(), introduced in 3.9. 
See #27700.

Built from https://develop.svn.wordpress.org/trunk@28015


git-svn-id: http://core.svn.wordpress.org/trunk@27845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-04-07 21:43:15 +00:00
Andrew Nacin
acba3131d7 Allow for custom authentication handlers for all requests. 
Turn the logic used by wp_get_current_user() into a determine_current_user filter.

props rmccue.
fixes #26706.

Built from https://develop.svn.wordpress.org/trunk@27484


git-svn-id: http://core.svn.wordpress.org/trunk@27328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-09 15:23:15 +00:00
Sergey Biryukov
4da1691fd5 Additional clarification for wp_authenticate_cookie() parameters. 
fixes #26148.
Built from https://develop.svn.wordpress.org/trunk@27354


git-svn-id: http://core.svn.wordpress.org/trunk@27205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-02 19:51:14 +00:00
Drew Jaynes
266aa6d9d2 Inline documentation improvements for wp-includes/user.php. 
Props morganestes, SergeyBiryukov.
Fixes #26148.

Built from https://develop.svn.wordpress.org/trunk@27353


git-svn-id: http://core.svn.wordpress.org/trunk@27204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-02 19:40:14 +00:00
Sergey Biryukov
2e288a108c Remove redundant add_filter() call. see [24848]. fixes #27255. 
Built from https://develop.svn.wordpress.org/trunk@27351


git-svn-id: http://core.svn.wordpress.org/trunk@27202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-02 18:21:14 +00:00
Sergey Biryukov
45ac85f67f Default value for $credentials parameter in wp_signon() should be an array, not a string. 
props tivnet.
fixes #27130.
Built from https://develop.svn.wordpress.org/trunk@27350


git-svn-id: http://core.svn.wordpress.org/trunk@27201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-02 18:05:14 +00:00
Sergey Biryukov
ab8847316c Correct return values for update_metadata() and related functions. 
fixes #21864.
Built from https://develop.svn.wordpress.org/trunk@27191


git-svn-id: http://core.svn.wordpress.org/trunk@27050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-02-18 21:36:14 +00:00
Scott Taylor
55b4eee4c2 Make WP_User_Query::prepare_query() public by allowing it to be passed an array of args. Previously, if the WP_User_Query constructor was not passed args, the object was basically unusable. Adds unit tests, all other tests pass. 
Props scribu, for the initial patch.
Fixes #21119.


Built from https://develop.svn.wordpress.org/trunk@27185


git-svn-id: http://core.svn.wordpress.org/trunk@27045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-02-17 21:41:12 +00:00
Sergey Biryukov
9145c85fc7 Correct 'found_users_query' filter description. see #25533. 
Built from https://develop.svn.wordpress.org/trunk@26904


git-svn-id: http://core.svn.wordpress.org/trunk@26787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-01-04 18:50:11 +00:00
Drew Jaynes
e73caae160 Inline documentation for hooks in wp-includes/user.php. 
Props stephenharris, kpdesign.
Fixes #25533.

Built from https://develop.svn.wordpress.org/trunk@26901


git-svn-id: http://core.svn.wordpress.org/trunk@26784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-01-04 06:18:10 +00:00
Drew Jaynes
ee8aa9ee4c Inline documentation for hooks in wp-admin/user-new.php & wp-admin/user-edit.php. 
Also fixes one parameter type in wp-includes/user.php.

Fixes #25726.

Built from https://develop.svn.wordpress.org/trunk@26493


git-svn-id: http://core.svn.wordpress.org/trunk@26387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-12-01 01:35:10 +00:00
Sergey Biryukov
8d659b278c Fix docblock formatting. fixes #25893. 
Built from https://develop.svn.wordpress.org/trunk@26081


git-svn-id: http://core.svn.wordpress.org/trunk@26001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-11-11 13:32:10 +00:00
Sergey Biryukov
0888c85811 Correct $user_id parameter description. props mauryaratan, Corphi. fixes #25774. 
Built from https://develop.svn.wordpress.org/trunk@25997


git-svn-id: http://core.svn.wordpress.org/trunk@25930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-10-30 20:18:10 +00:00
Andrew Nacin
d0cfa40983 Add jshintrc to qunit. 
props jorbin.
see #25187.

Built from https://develop.svn.wordpress.org/trunk@25992


git-svn-id: http://core.svn.wordpress.org/trunk@25925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-10-30 14:39:10 +00:00
Andrew Nacin
823ad1ae6e Have get_current_user_id() return 0 when pluggable.php is not yet included (which brings the ability to set or get the current user). 
fixes #25690 for trunk.

Built from https://develop.svn.wordpress.org/trunk@25929


git-svn-id: http://core.svn.wordpress.org/trunk@25888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-10-26 03:20:09 +00:00
Andrew Nacin
6113669e22 Hash password reset keys in the database. 
All existing, unused password reset keys are now considered "expired" and the user will be told they should try again.

Introduces a password_reset_key_expired filter to allow plugins to introduce a grace period.

fixes #24783.

Built from https://develop.svn.wordpress.org/trunk@25696


git-svn-id: http://core.svn.wordpress.org/trunk@25611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-10-06 11:29:11 +00:00
Andrew Nacin
0e620877fd Use the wpdb method instead of $wpdb->prefix. 
props hakre.
fixes #16756.

Built from https://develop.svn.wordpress.org/trunk@25615


git-svn-id: http://core.svn.wordpress.org/trunk@25532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-09-24 23:41:10 +00:00
Andrew Nacin
00c545606e Introduce wp_get_user_contact_methods() as a public version of _wp_get_user_contactmethods. 
props johnnyb.
fixes #24273.

Built from https://develop.svn.wordpress.org/trunk@25606


git-svn-id: http://core.svn.wordpress.org/trunk@25523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-09-24 18:14:09 +00:00
Scott Taylor
6744355f70 * Add isset() checks all over WP_User_Query::prepare_query() and WP_User_Query::query(). When a WP_User_Query instance is constructed without passing args, no query vars are filled in, thus $qv doesn't contain most of the expected indices. 
* Suppress an undefined index notice in `tests/user/query.php`

Fixes #25292.
See #25282.


Built from https://develop.svn.wordpress.org/trunk@25392


git-svn-id: http://core.svn.wordpress.org/trunk@25326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-09-12 06:25:09 +00:00
Scott Taylor
dbec80b469 Support orderby => meta_value in WP_User_Query. Adds unit test. 
Props wpsmith.
Fixes #21581.


Built from https://develop.svn.wordpress.org/trunk@25331


git-svn-id: http://core.svn.wordpress.org/trunk@25293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-09-10 23:10:09 +00:00
Sergey Biryukov
1d79b0bdf3 Move check_password_reset_key(), reset_password(), and register_new_user() from wp-login.php to wp-includes/user.php, to make them reusable. props beaulebens for initial patch. fixes #20279. 
Built from https://develop.svn.wordpress.org/trunk@25231


git-svn-id: http://core.svn.wordpress.org/trunk@25201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-09-04 08:59:09 +00:00
Andrew Nacin
34ce599935 Don't override an existing WP_Error object in wp_authenticate_username_password(). 
props willnorris.
fixes #19714.



git-svn-id: http://core.svn.wordpress.org/trunk@24850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-29 03:43:22 +00:00
Andrew Nacin
5c20d1eca1 Remove "special" multisite spam check in the authentication API. 
The spamming of a site no longer directly affects a user of said site.

Moves the spam check to the wp_authenticate filter. Networks in need
of enhanced spam-fighting should leverage this same technique.

Allow is_user_spammy() to accept a WP_User object.

props willnorris, brianhogg.
fixes #24771. see #19714.



git-svn-id: http://core.svn.wordpress.org/trunk@24848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-29 03:23:51 +00:00
Andrew Nacin
de7375b5d1 Avoid a sanitize_key() call on ID, as this causes it to be lowercased. wp_dropdown_users() requires user_login as a fallback; specify it for get_users(). see #21767. 
git-svn-id: http://core.svn.wordpress.org/trunk@24719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-17 04:46:09 +00:00
Andrew Nacin
4fd4d4452f Use sanitize_key() instead of esc_sql() when 'escaping' variable DB field names. see #21767. 
git-svn-id: http://core.svn.wordpress.org/trunk@24714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-16 14:21:05 +00:00
Sergey Biryukov
58c364947f PHPDoc fixes and additions. fixes #24616. 
git-svn-id: http://core.svn.wordpress.org/trunk@24490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-06-21 12:45:11 +00:00
Andrew Nacin
97ce5922db Remove docs suggesting that wp_update_user() creates a user if no ID is provided. See #16731, that is incorrect at this time. 
git-svn-id: http://core.svn.wordpress.org/trunk@24345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-05-24 16:22:22 +00:00
Mark Jaquith
082e067a2d Screen option for Post Format UI. 
props nacin. see #23930.

git-svn-id: http://core.svn.wordpress.org/trunk@24092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-04-25 07:28:33 +00:00
Andrew Nacin
8131644bf6 Add user_search_columns filter to WP_User_Query::prepare_query(). 
props aaroncampbell.
fixes #16366.



git-svn-id: http://core.svn.wordpress.org/trunk@24056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-04-22 20:37:50 +00:00
Sergey Biryukov
f86b1502a0 Fix fatal error in WP_User_Query when searching users by URL. Move wp_is_large_network() to wp-includes. fixes #23683 for trunk. 
git-svn-id: http://core.svn.wordpress.org/trunk@23664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-12 09:19:55 +00:00
Ryan Boren
315bfb019a Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-03 21:11:40 +00:00
Andrew Nacin
3579814b3e Remove the three default contact methods (AIM, YIM, Jabber) for new installs. fixes #11541. 
git-svn-id: http://core.svn.wordpress.org/trunk@23588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-03 03:00:34 +00:00
Sergey Biryukov
3a86ceb816 Use distinct error code in wp_authenticate_username_password() when user is a spammer. props sirzooro. fixes #19445. 
git-svn-id: http://core.svn.wordpress.org/trunk@23579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 18:01:16 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767 
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments. 
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-14 22:51:06 +00:00
Andrew Nacin
7c5a0db7c1 Return WP_Error from wp_update_user() on a non-existent user, avoiding a fatal error in the process. 
props n7studios, SergeyBiryukov.
fixes #22858 for trunk.
Unit tests: [11776/tests].



git-svn-id: http://core.svn.wordpress.org/trunk@23210 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-12-27 15:36:08 +00:00
Andrew Nacin
c04587d409 Add a $public_only argument to count_many_users_posts() and get_posts_by_author_sql(). Defaults to false, and allows the counts to be returned for only public posts. props ryan, westi. fixes #21431. 
git-svn-id: http://core.svn.wordpress.org/trunk@22386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-11-05 23:11:25 +00:00
Ryan Boren
f9ddde8da6 Return WP_User objects when querying 'all' fields with WP_User_Query. 
Allow passing stdClass or WP_User to the WP_User constructor.

fixes #22057


git-svn-id: http://core.svn.wordpress.org/trunk@22248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-10-16 20:05:40 +00:00
Ryan Boren
51920e1858 Consolidate some strings. Props pavelevap, SergeyBiryukov. see #21728 
git-svn-id: http://core.svn.wordpress.org/trunk@22124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-10-05 19:04:34 +00:00
Andrew Nacin
0ada88ef52 Add get() and set() methods to WP_User_Query for modifying query variables the way you might with WP_Query. props wonderboymusic. fixes #21426. 
git-svn-id: http://core.svn.wordpress.org/trunk@21995 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-09-25 05:01:59 +00:00
Andrew Nacin
1f9ce958f7 Deprecate user_pass_ok() in favor of wp_authenticate(). see #21907. 
git-svn-id: http://core.svn.wordpress.org/trunk@21911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-09-19 01:35:35 +00:00
Andrew Nacin
57ad8da7d0 On user creation, default the display name to the first and last names provided. props mikelittle for the initial patch. fixes #20637. 
git-svn-id: http://core.svn.wordpress.org/trunk@21876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-09-16 22:33:24 +00:00
Ryan Boren
88d549cbe4 Set the archived, spam, and deleted properties in the objects returned from get_blogs_of_user(). Props wonderboymusic. fixes #16225 
git-svn-id: http://core.svn.wordpress.org/trunk@21794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-09-10 17:50:13 +00:00
Ryan Boren
38c261bc37 Update phpdoc for count_many_users_posts(). Props willmot. fixes #21640 
git-svn-id: http://core.svn.wordpress.org/trunk@21747 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-09-04 21:07:27 +00:00
Ryan Boren
5f8ae64dd6 Add @since for _wp_get_user_contactmethods() and _get_additional_user_keys(). Props SergeyBiryukov. fixes #21246 
git-svn-id: http://core.svn.wordpress.org/trunk@21522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-08-15 15:33:59 +00:00
Ryan Boren
17f544b798 Update wp_update_user() phpdoc to reflect a possible return of WP_Error. Props SergeyBiryukov. fixes #21439 
git-svn-id: http://core.svn.wordpress.org/trunk@21509 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-08-14 19:29:40 +00:00
Ryan Boren
cbd6a8becd Allow passing stdClass and WP_User to wp_insert_user() and wp_update_user(). Introduce WP_User::to_array(). Eliminate uses of get_object_vars() when passing to wp_*_user(). fixes #21429 
git-svn-id: http://core.svn.wordpress.org/trunk@21496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-08-10 15:36:54 +00:00
nacin
7127ed1197 Move most instances of new WP_User to get_userdata(). see #21120. 
git-svn-id: http://core.svn.wordpress.org/trunk@21413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-08-03 01:06:05 +00:00
ryan
996366cc0e Better phpdoc for user_nicename. Props SergeyBiryukov. fixes #21427 
git-svn-id: http://core.svn.wordpress.org/trunk@21374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-07-31 15:50:29 +00:00
nacin
261817a0c4 Eliminate $user_pass_md5. fixes #21125. 
git-svn-id: http://core.svn.wordpress.org/trunk@21202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-06-30 15:04:06 +00:00
nacin
c68f8c46f0 Use maybe_serialize() where appropriate. fixes #19617. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@20612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-04-27 15:57:51 +00:00
ryan
646cb4e2ce * Return empty arrays instead of false for all conditions in get_blogs_of_user(). 
* When deleting a user, use a delete_metadata_by_mid() loop over the meta so that the meta cache is cleared.
* Use remove_user_from_blog() for DRYness.

Props nacin, duck_
Fixes #19500


git-svn-id: http://svn.automattic.com/wordpress/trunk@20581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-04-24 22:13:47 +00:00
duck_
9694d46b27 Don't deprecate cleaning the user cache by ID. See #20460. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@20532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-04-19 11:51:27 +00:00
duck_
e641c48a72 Pass full user objects to clean_user_cache(). See #19500, fixes #20460. 
Prevents notices when clean_user_cache() is called for a user that has been removed from the database.


git-svn-id: http://svn.automattic.com/wordpress/trunk@20522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-04-18 21:07:31 +00:00
ryan
de41bc288b Introduce WP_User::exists(). see #20372 
git-svn-id: http://svn.automattic.com/wordpress/trunk@20378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-04-06 19:18:45 +00:00
duck_
fc02ff4a73 Remove unused $field_no_prefix variable and associated documentation from sanitize_user_field(). Fixes #20274. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@20239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-03-21 17:33:11 +00:00
nacin
1729a14278 $userdata should be null for anonymous requests. props MattyRob. props duck_ for the unit test. fixes #19769 for trunk. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@20085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-03-02 20:59:30 +00:00
nacin
51cdc1719d Docs, see ##19882. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-02-10 22:49:56 +00:00
ryan
0da56e5c15 Exclude user_url from default user search columns for large networks. fixes #19999 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-02-09 17:15:24 +00:00
nacin
cf22bbb523 Add search_columns arg to WP_User_Query to allow for explicit column choices. Without it, the columns will be detected based on the search term. see #19810. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-02-08 21:48:47 +00:00
ryan
d23f8fcb48 Match the exact role name when counting users in a role. Props 082net. fixes #12693 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-20 16:34:26 +00:00
ryan
e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-08 17:01:11 +00:00
duck_
65b840b565 Fix mistakes in parameter documentation and add some missing param docs. See #19756. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-06 18:31:43 +00:00
duck_
34b7010df8 Fix some mismatching parameter documentation. Props akshayagarwal, linuxologos. See #19756. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-06 11:42:00 +00:00
ryan
83b131f8e3 User lowercase true, false, null instead of uppercase. Props c3mdigital, mfields. fixes #16302 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-05 20:50:54 +00:00
ryan
616c35e71c One newline is enough. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-05 20:10:39 +00:00
nacin
dcd09d51eb An empty database prefix is not supported for multisite. <small>Add a sanity check anyway.</small> see #19566. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-12-30 23:22:09 +00:00
ryan
b20fbf6fd1 Assign the full WP_User object to the userdata global. Props scribu. fixes #19595 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-12-21 20:07:54 +00:00
ryan
07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-12-13 23:45:31 +00:00
duck_
4cf30f3410 is_user_member_of_blog() [no args] should return true for logged in users on single site. $wpdb->blogid is 0, but the current blog ID isn't. Fixes #19160. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-11-07 23:07:07 +00:00
duck_
e0b10ef8a7 get_blogs_of_user() should return false for logged out and non-existent users on single site. See #19160. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-11-07 23:05:13 +00:00
nacin
92ba22e537 Use wp_lostpassword_url() instead of site_url(wp-login...). Update wp_lostpassword_url() to use network_site_url(). props markoheijnen, fixes #18808. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-10-20 14:40:11 +00:00
ryan
b957c72f9a Turn is_blog_user() into a wrapper around is_user_member_of_blog() and deprecate. Make user_id optional for is_user_member_of_blog(). Props SergeyBiryukov. fixes #16702 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-10-19 22:35:15 +00:00
nacin
a0606b3c93 is_blog_user() is from MU. see #16702. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-10-19 15:56:05 +00:00
ryan
9d8e281a80 Turn is_blog_user() into a convenience wrapper around get_blogs_of_user(). Fixes is_blog_user() for blog prefixes that do not contain a blog ID. Props SergeyBiryukov. fixes #16702 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-10-19 15:53:14 +00:00
ryan
8306f943dd Avoid warning when creating new users. fixes #18898 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-10-10 23:14:38 +00:00