Commit Graph

590 Commits

Author SHA1 Message Date
Aaron Jorbin
946217dcca General: wp_safe_redirect() and wp_redirect() shouldn't allow non-3xx status codes
Redirects should use redirect status codes and if you attempt to call wp_safe_redirect or wp_redirect with a non redirect status it can lead to undesired behavior and head scratching.

Fixes #44317.
Props spenserhale, johnbillion, mjnewman for initial patch.


Built from https://develop.svn.wordpress.org/trunk@46641


git-svn-id: http://core.svn.wordpress.org/trunk@46441 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-11-03 22:10:02 +00:00
John Blackbourn
ac6bf7666c Docs: Add missing docs for the auth_cookie_bad_session_token action.
See #48303

Built from https://develop.svn.wordpress.org/trunk@46598


git-svn-id: http://core.svn.wordpress.org/trunk@46395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-26 23:46:00 +00:00
John Blackbourn
3caaa40fc6 Docs: Switch more docs over to typed array notation, plus some fixes.
See #48303, #41756

Built from https://develop.svn.wordpress.org/trunk@46596


git-svn-id: http://core.svn.wordpress.org/trunk@46393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-26 21:09:04 +00:00
whyisjake
b183fd1cca Administration: Ensure that admin referer nonce is valid.
Coding standards, ensure that nonce is valid with identical, rather then equal operator.

Props vortfu, xknown, whyisjake.

Built from https://develop.svn.wordpress.org/trunk@46477


git-svn-id: http://core.svn.wordpress.org/trunk@46275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 15:40:04 +00:00
Sergey Biryukov
9db44754b9 Formatting: In wp_validate_redirect(), normalize the path when validating the location for relative URLs, to account for Windows paths.
Props peterwilsoncc, rconde, jmmathc, mat-lipe, Sixes, justinahinon, cmagrin, daxelrod, SergeyBiryukov.
Fixes #47980.
Built from https://develop.svn.wordpress.org/trunk@46472


git-svn-id: http://core.svn.wordpress.org/trunk@46270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 10:52:04 +00:00
Sergey Biryukov
634242343c Users: Make sure wp_logout() clears current user, so that a subsequent call to is_user_logged_in() works as expected.
Props sebastian.pisula, donmhico, roytanck, juliobox.
Fixes #35488.
Built from https://develop.svn.wordpress.org/trunk@46467


git-svn-id: http://core.svn.wordpress.org/trunk@46265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-12 03:10:03 +00:00
Sergey Biryukov
b78a40aa4c Formatting: Make sure wp_sanitize_redirect() encodes spaces in URLs instead of stripping them out.
Props donmhico, hlashbrooke, dd32, azaozz.
Fixes #36998.
Built from https://develop.svn.wordpress.org/trunk@46462


git-svn-id: http://core.svn.wordpress.org/trunk@46260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-11 23:54:03 +00:00
John Blackbourn
e36d1bcbd8 Docs: Docblock corrections and improvements, mostly related to various pre_* filters.
See #47110

Built from https://develop.svn.wordpress.org/trunk@46232


git-svn-id: http://core.svn.wordpress.org/trunk@46044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-21 17:41:57 +00:00
Sergey Biryukov
c5fe7878ec Coding Standards: Fix WPCS issue in [46115].
See #43542.
Built from https://develop.svn.wordpress.org/trunk@46116


git-svn-id: http://core.svn.wordpress.org/trunk@45928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-14 20:42:56 +00:00
Sergey Biryukov
18bf922527 Mail: Avoid setting duplicate MIME-Version and X-Mailer headers in wp_mail(), they are added automatically by PHPMailer.
Props lbenicio, junktrunk, danieltj, studyboi, bennemann.
Fixes #43542.
Built from https://develop.svn.wordpress.org/trunk@46115


git-svn-id: http://core.svn.wordpress.org/trunk@45927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-14 20:14:54 +00:00
Sergey Biryukov
c86ee39ff4 Improve URL validation in wp_validate_redirect().
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/trunk@45971


git-svn-id: http://core.svn.wordpress.org/trunk@45782 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:57:56 +00:00
Sergey Biryukov
e199663322 I18N: Capitalize translator comments consistently, add trailing punctuation.
Includes minor code layout fixes.

See #44360.
Built from https://develop.svn.wordpress.org/trunk@45932


git-svn-id: http://core.svn.wordpress.org/trunk@45743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-03 00:41:05 +00:00
Sergey Biryukov
16b8d91baa I18N: Improve translator comments.
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.

Includes minor code layout fixes.

Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!

Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes #44360.
Built from https://develop.svn.wordpress.org/trunk@45926


git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-01 17:13:59 +00:00
Sergey Biryukov
7fd6077864 Docs: Improve documentation for auth_redirect().
Props atachibana.
Fixes #47956.
Built from https://develop.svn.wordpress.org/trunk@45924


git-svn-id: http://core.svn.wordpress.org/trunk@45735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-01 13:03:55 +00:00
Sergey Biryukov
aa8e2ff3ba Docs: Improve documentation for wp_set_auth_cookie() and related functions.
Props arafat, SergeyBiryukov.
Fixes #47886.
Built from https://develop.svn.wordpress.org/trunk@45822


git-svn-id: http://core.svn.wordpress.org/trunk@45633 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-17 13:23:55 +00:00
Sergey Biryukov
64290005f5 Docs: Document the show_split_view argument for wp_text_diff().
Convert `$args` array documentation to hash notation.

Props riddhiehta02, jeremyfelt, SergeyBiryukov.
Fixes #47224.
Built from https://develop.svn.wordpress.org/trunk@45778


git-svn-id: http://core.svn.wordpress.org/trunk@45589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-10 22:28:54 +00:00
Sergey Biryukov
ee5e044a2a Users: Use clean_user_cache() in wp_insert_user(), wp_update_user(), wp_set_password(), add_user_to_blog().
Props spacedmonkey.
Fixes #47021.
Built from https://develop.svn.wordpress.org/trunk@45715


git-svn-id: http://core.svn.wordpress.org/trunk@45526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-01 17:49:57 +00:00
Sergey Biryukov
4a6461dcc2 Users: Use get_password_reset_key() in wp_new_user_notification().
Props mrasharirfan, spacedmonkey.
Fixes #45745.
Built from https://develop.svn.wordpress.org/trunk@45712


git-svn-id: http://core.svn.wordpress.org/trunk@45523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-01 15:30:58 +00:00
Gary Pendergast
abcbee954f Coding Standards: Fix instances of WordPress.PHP.NoSilencedErrors.Discouraged.
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.

See #46732.

Built from https://develop.svn.wordpress.org/trunk@45611


git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-09 05:45:58 +00:00
Gary Pendergast
4803fc405e Coding Standards: Fix the Squiz.PHP.DisallowMultipleAssignments violations in wp-includes.
See #47632.


Built from https://develop.svn.wordpress.org/trunk@45590


git-svn-id: http://core.svn.wordpress.org/trunk@45401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-02 23:42:58 +00:00
Sergey Biryukov
573daa129c Users: Pass $length, $special_chars, and $extra_special_chars parameters to the random_password filter in wp_generate_password().
Props roytanck.
Fixes #47092.
Built from https://develop.svn.wordpress.org/trunk@45568


git-svn-id: http://core.svn.wordpress.org/trunk@45379 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-06-27 00:48:53 +00:00
John Blackbourn
bab5ed2df5 Docs: Correct and improve the docs for a few nonce-related functions.
See #47110

Built from https://develop.svn.wordpress.org/trunk@45565


git-svn-id: http://core.svn.wordpress.org/trunk@45376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-06-25 17:07:52 +00:00
Sergey Biryukov
aa59cb8359 Docs: Correct parameter name for wp_new_user_notification_email_admin filter.
Props needle.
Fixes #47476.
Built from https://develop.svn.wordpress.org/trunk@45489


git-svn-id: http://core.svn.wordpress.org/trunk@45300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-06-04 12:48:55 +00:00
John Blackbourn
75a8adb0eb Docs: Remove incorrect information about usage of the "from" filters in wp_mail(), tidy up formatting.
See #47110

Built from https://develop.svn.wordpress.org/trunk@45388


git-svn-id: http://core.svn.wordpress.org/trunk@45199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-05-23 22:42:52 +00:00
Sergey Biryukov
b36a31ae14 Docs: Fix typo in wp_mail() description.
Props seedsca.
Fixes #47208.
Built from https://develop.svn.wordpress.org/trunk@45302


git-svn-id: http://core.svn.wordpress.org/trunk@45111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-05-10 09:53:54 +00:00
John Blackbourn
d4d1267847 I18N: Improvements to and additions of translator comments for various email subject strings.
Props ramiy

Fixes #46920

Built from https://develop.svn.wordpress.org/trunk@45204


git-svn-id: http://core.svn.wordpress.org/trunk@45013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-15 22:39:50 +00:00
desrosj
79f8d9786d Text Changes: Use simpler language for login detail email subjects.
Props: peterwilsoncc, desrosj.
Fixes #37940.
Built from https://develop.svn.wordpress.org/trunk@45173


git-svn-id: http://core.svn.wordpress.org/trunk@44982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-12 18:16:52 +00:00
Gary Pendergast
9a80e2095b Text Changes: Tweak the wording of email notification subjects.
This change brings more coherence between the subject lines of the various emails WordPress will send.

Props ramiy, pento.
Fixes #37940.

Built from https://develop.svn.wordpress.org/trunk@45137


git-svn-id: http://core.svn.wordpress.org/trunk@44946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-08 06:17:51 +00:00
Sergey Biryukov
931f8046d3 Docs: Improve wording in a comment in wp_set_current_user().
Props nielsdeblaauw.
Fixes #45032.
Built from https://develop.svn.wordpress.org/trunk@44826


git-svn-id: http://core.svn.wordpress.org/trunk@44658 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-11 10:57:55 +00:00
Gary Pendergast
655d44ffe8 Users: Add extra checking to wp_new_user_notification().
Prevent a notification from being sent when an unrecognised value is passed in the `$notify` parameter.

Props cthreelabs, 360zen.
Fixes #44293.


Built from https://develop.svn.wordpress.org/trunk@44611


git-svn-id: http://core.svn.wordpress.org/trunk@44442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-16 04:27:50 +00:00
desrosj
8f3ee6d243 Docs: Update since tag for X-Redirect-By header additions.
See [42408-42409], [42633], [42647].

Fixes #42313.
Built from https://develop.svn.wordpress.org/trunk@44386


git-svn-id: http://core.svn.wordpress.org/trunk@44216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-03 18:11:52 +00:00
Gary Pendergast
bfc53e6a52 i18n: Improve consistency of translator comments.
Props ramonopoly.
Fixes #44998.


Built from https://develop.svn.wordpress.org/trunk@43668


git-svn-id: http://core.svn.wordpress.org/trunk@43497 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-10-02 19:51:24 +00:00
John Blackbourn
8992656b13 Docs: Correct and improve some docblocks.
See #42505

Built from https://develop.svn.wordpress.org/trunk@43642


git-svn-id: http://core.svn.wordpress.org/trunk@43471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-09-14 13:35:25 +00:00
Gary Pendergast
56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Sergey Biryukov
0ff5536bac Posts, Post Types: Use COOKIEPATH when clearing post password cookie, as that's the path it's created with.
See #44089.
Built from https://develop.svn.wordpress.org/trunk@43318


git-svn-id: http://core.svn.wordpress.org/trunk@43147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-27 01:33:22 +00:00
Sergey Biryukov
a724d77a4e Posts, Post Types: Clear post password cookie when logging out.
Props skoldin, subrataemfluence, ianbelanger, johnbillion.
Fixes #44089.
Built from https://develop.svn.wordpress.org/trunk@43317


git-svn-id: http://core.svn.wordpress.org/trunk@43146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-26 12:43:23 +00:00
Dominik Schilling
5c291d49de Pinking shears.
See #41057.
Built from https://develop.svn.wordpress.org/trunk@42843


git-svn-id: http://core.svn.wordpress.org/trunk@42673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-18 14:23:33 +00:00
Sergey Biryukov
4848a09b35 I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
Add missing translator comments in `WP_Theme_Install_List_Table` and `wp_notify_postauthor()`.
Add missing commas in some translator comments.

Fixes #43523.
Built from https://develop.svn.wordpress.org/trunk@42827


git-svn-id: http://core.svn.wordpress.org/trunk@42657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-11 16:44:34 +00:00
Drew Jaynes
6e665d1f15 Docs: Link to the "Conditional Tags" article in the Theme Developer Handbook from the descriptions for a variety of core conditional tag functions.
These notations largely serve to direct consumers (of both the source and the parsed code reference) to extended information on individual and related conditional tags throughout WordPress. The changeset also standardizes corresponding DocBlock summaries to use third-person singular verbs.

Notations been added for the following functions:

* comments_open()
* email exists()
* has_excerpt()
* has_post_thumbnail()
* has_tag()
* in_category()
* in_the_loop()
* is_404()
* is_active_sidebar()
* is_active_widget()
* is_admin()
* is_admin_bar_showing()
* is_archive()
* is_attachment()
* is_author()
* is_blog_installed()
* is_category()
* is_comments_popup()
* is_date()
* is_day()
* is_dynamic_sidebar()
* is_feed()
* is_front_page()
* is_home()
* is_local_attachment()
* is_main_query
* is_month()
* is_multi_author
* is_new_day()
* is_page()
* is_page_template()
* is_paged()
* is_plugin_active()
* is_plugin_active_for_network()
* is_plugin_inactive()
* is_plugin_page()
* is_post_type_archive()
* is_preview()
* is_rtl()
* is_search()
* is_single()
* is_singular()
* is_sticky()
* is_tag()
* is_tax()
* is_taxonomy_hierarchical()
* is_time()
* is_trackback()
* is_user_logged_in()
* is_year()
* pings_open()
* post_type_exists()
* taxonomy_exists()
* term_exists()
* username exists()
* wp_attachment_is_image()
* wp_script_is()

Props janalwin.
Fixes #43254.

Built from https://develop.svn.wordpress.org/trunk@42710


git-svn-id: http://core.svn.wordpress.org/trunk@42538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-13 16:54:31 +00:00
John Blackbourn
a1eb261cd1 Canonical: Add $x_redirect_by parameter to wp_safe_redirect().
See [42633] and [42408].

Fixes #42313.

Built from https://develop.svn.wordpress.org/trunk@42647


git-svn-id: http://core.svn.wordpress.org/trunk@42476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-04 16:05:32 +00:00
Sergey Biryukov
673ff22b2b Canonical: Add $x_redirect_by parameter to wp_redirect() that allows applications doing the redirect to identify themselves.
This complements the `x_redirect_by` filter added in [42408].

Props NathanAtmoz, johnbillion.
Fixes #42313.
Built from https://develop.svn.wordpress.org/trunk@42633


git-svn-id: http://core.svn.wordpress.org/trunk@42462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-01 15:06:35 +00:00
Sergey Biryukov
df07690883 Canonical: After [42408], remove sprintf() call for consistency with Location header.
See #42313.
Built from https://develop.svn.wordpress.org/trunk@42409


git-svn-id: http://core.svn.wordpress.org/trunk@42238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-18 01:11:47 +00:00
Sergey Biryukov
0bc86bc220 Canonical: Introduce x_redirect_by filter that allows applications to identify themselves via X-Redirect-By header when they're doing a redirect.
Props joostdevalk.
Fixes #42313.
Built from https://develop.svn.wordpress.org/trunk@42408


git-svn-id: http://core.svn.wordpress.org/trunk@42237 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-18 01:04:52 +00:00
Sergey Biryukov
823ec0859a Docs: Correct @staticvar entry for wp_rand().
Props chetan200891, birgire.
Fixes #42796.
Built from https://develop.svn.wordpress.org/trunk@42377


git-svn-id: http://core.svn.wordpress.org/trunk@42206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-07 13:53:47 +00:00
Drew Jaynes
f4faaa53c7 Docs: Improve the usefulness of docs for wp_generate_password() by noting the use of wp_rand() vs rand() or mt_rand().
Props webdevmattcrom.
Fixes #42782.

Built from https://develop.svn.wordpress.org/trunk@42373


git-svn-id: http://core.svn.wordpress.org/trunk@42202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-04 22:40:47 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
John Blackbourn
bb5621a084 General: Pass on the return value from wp_redirect() for wp_safe_redirect().
This brings the behaviour of the two functions in line with each other.

Props Drivingralle

Fixes 42108

Built from https://develop.svn.wordpress.org/trunk@42206


git-svn-id: http://core.svn.wordpress.org/trunk@42035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-20 20:24:48 +00:00
John Blackbourn
3be5d4b4f0 Docs: Improve inline docs for the wp_redirect() and wp_safe_redirect() functions.
See #42505, #42108

Built from https://develop.svn.wordpress.org/trunk@42143


git-svn-id: http://core.svn.wordpress.org/trunk@41974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-10 13:44:47 +00:00
Sergey Biryukov
806b2a5af1 Comments: Change IP references in moderation option labels and email notifications to IP address for clarity.
Props mako09, gk.loveweb, bradparbs.
Fixes #40382.
Built from https://develop.svn.wordpress.org/trunk@41704


git-svn-id: http://core.svn.wordpress.org/trunk@41538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-03 13:09:47 +00:00
John Blackbourn
9fdbe6538e Docs: Remove & prefixes from parameter documentation to avoid doc parsing errors.
Props sudar for the original patch.

See #35974

Built from https://develop.svn.wordpress.org/trunk@41686


git-svn-id: http://core.svn.wordpress.org/trunk@41520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:03:33 +00:00
John Blackbourn
f2a0b5267d Login and Registration: Pass the user session token to the set_auth_cookie and set_logged_in_cookie filters.
This also adds some missing `@since` parameters for other uses of the token so that developers know when the token was first made available to various filters.

Fixes #41849

Built from https://develop.svn.wordpress.org/trunk@41365


git-svn-id: http://core.svn.wordpress.org/trunk@41198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-10 21:09:45 +00:00
John Blackbourn
dee0e3a67b Users: Switch to using array style filters for the newly introduced filters in wp_password_change_notification() and wp_new_user_notification().
This introduces three new filters, replacing those that were introduced in [41153]:

* `wp_password_change_notification_email`
* `wp_new_user_notification_email_admin`
* `wp_new_user_notification_email`

Props pbearne

Fixes #38068

Built from https://develop.svn.wordpress.org/trunk@41213


git-svn-id: http://core.svn.wordpress.org/trunk@41053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 13:21:46 +00:00
Sergey Biryukov
7d2b400876 Users: Use esc_url() instead of esc_attr() to escape the value of the srcset attribute in get_avatar().
Props joemcgill, henry.wright.
Fixes #41215.
Built from https://develop.svn.wordpress.org/trunk@41156


git-svn-id: http://core.svn.wordpress.org/trunk@40996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-26 13:22:44 +00:00
John Blackbourn
b6ca2d77a8 Users: Introduce filters for the contents of email notifications for new user registrations and password resets.
Introduces:

* `wp_password_change_notification_subject`
* `wp_password_change_notification_message`
* `wp_password_change_notification_headers`
* `wp_new_user_notification_admin_subject`
* `wp_new_user_notification_admin_message`
* `wp_new_user_notification_admin_headers`
* `wp_new_user_notification_subject`
* `wp_new_user_notification_message`
* `wp_new_user_notification_headers`

Props pbearne, dipesh.kakadiya

Fixes #38068

Built from https://develop.svn.wordpress.org/trunk@41153


git-svn-id: http://core.svn.wordpress.org/trunk@40993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-26 00:54:43 +00:00
John Blackbourn
9c7c11f268 Users: Clear the user settings cookies when clearing auth cookies.
This prevents lingering cookies when logging out and when switching between user accounts.

Props soulseekah, shanee
Fixes #32567

Built from https://develop.svn.wordpress.org/trunk@40580


git-svn-id: http://core.svn.wordpress.org/trunk@40450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-07 16:54:42 +00:00
Pascal Birchler
72c19648bc Load: Only load PasswordHash class when needed.
This reverts [38371] which loaded `class-phpass.php` early in `wp-settings.php` and in turn caused backward compatibility problems.

Props DavidAnderson, ketuchetan.
Fixes #39445.

Built from https://develop.svn.wordpress.org/trunk@40387


git-svn-id: http://core.svn.wordpress.org/trunk@40294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-06 18:01:42 +00:00
Sergey Biryukov
41666b5e0c Mail: Use correct capitalization for PHPMailer methods in wp_mail().
Props Soean, reidbusi.
Fixes #39702.
Built from https://develop.svn.wordpress.org/trunk@40363


git-svn-id: http://core.svn.wordpress.org/trunk@40270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-01 14:34:43 +00:00
John Blackbourn
96b2923e62 Docs: Remove the duplicate hook documentation for the newly introduced send_auth_cookies filter.
See #39367

Built from https://develop.svn.wordpress.org/trunk@40264


git-svn-id: http://core.svn.wordpress.org/trunk@40184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-10 15:03:42 +00:00
John Blackbourn
265a0f4d98 Build/Test tools: Don't override the wp_set_auth_cookie() and wp_clear_auth_cookie() functions.
Overriding pluggable functions in the test suite is asking for trouble in the future. In addition, it means the test suite can't be guaranteed to behave the same as core.

This instead introduces a `send_auth_cookies` filter which can be hooked in during the test suite to prevent these functions from attempting to send cookie headers to the client.

Fixes #39367

Built from https://develop.svn.wordpress.org/trunk@40263


git-svn-id: http://core.svn.wordpress.org/trunk@40183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-10 14:33:46 +00:00
John Blackbourn
4dffd5b82e Build/Test tools: Revert [40239] due to unrelated changes.
See #39486

Built from https://develop.svn.wordpress.org/trunk@40240


git-svn-id: http://core.svn.wordpress.org/trunk@40170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-08 00:05:42 +00:00
John Blackbourn
28055b9ff5 Build/Test tools: In Travis, skip some tests when not on trunk.
This skips time sensitive tests (copyright year and PHP/MySQL version requirements) when tests are run on branches on Travis.

Props netweb, jorbin
Fixes #39486

Built from https://develop.svn.wordpress.org/trunk@40239


git-svn-id: http://core.svn.wordpress.org/trunk@40169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-08 00:01:46 +00:00
Aaron Campbell
288cd46939 Strip control characters before validating redirect.
Built from https://develop.svn.wordpress.org/trunk@40183


git-svn-id: http://core.svn.wordpress.org/trunk@40122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-06 13:38:41 +00:00
Dion Hulse
577a192ebd Mail: In PHPMailer 5.2.7 the case of the Send() method changed to send(), update our call for consistency with the library.
Props michalzuber.
Fixes #39469.

Built from https://develop.svn.wordpress.org/trunk@39691


git-svn-id: http://core.svn.wordpress.org/trunk@39631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-05 08:10:42 +00:00
Dion Hulse
1a40f6b7ae Mail: Ensure that any phpmailerException exceptions generated by setFrom() are caught to avoid PHP Fatal errors.
This change avoids a PHP fatal error that can be encountered when the specified (or generated) source email is an invalid address, such as `wordpress@_`, it makes no effort to set a valid source, only avoid the fatal error.

See #25239 for correcting the email address.
Fixes #39360.

Built from https://develop.svn.wordpress.org/trunk@39655


git-svn-id: http://core.svn.wordpress.org/trunk@39595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-30 06:44:40 +00:00
John Blackbourn
80a839de13 Docs: Misc corrections and additions to inline documentation.
See #39130
Props keesiemeijer

Built from https://develop.svn.wordpress.org/trunk@39639


git-svn-id: http://core.svn.wordpress.org/trunk@39579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 09:28:40 +00:00
John Blackbourn
c2d709e9d6 I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment.
See #38882

Built from https://develop.svn.wordpress.org/trunk@39326


git-svn-id: http://core.svn.wordpress.org/trunk@39266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 02:46:30 +00:00
John Blackbourn
4cf5550d8d I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment.
Adds context to one string used in two different contexts for the new user and new site signup email notification.

More to come.

See #38882

Built from https://develop.svn.wordpress.org/trunk@39323


git-svn-id: http://core.svn.wordpress.org/trunk@39263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 01:22:32 +00:00
Helen Hou-Sandí
dab566d973 Mail: Set a better error code when triggering wp_mail_failed.
This error code is now... wait for it... `wp_mail_failed`. Previously, this would have been the originating PHPMailer error code, which could be `0`, which would then fail (pass?) the `empty()` check in the `WP_Error` constructor, thereby rendering the error object fairly useless. The PHPMailer error code is now located within the `WP_Error` data.

props Kau-Boy, stephenharris.
fixes #35598.

Built from https://develop.svn.wordpress.org/trunk@39086


git-svn-id: http://core.svn.wordpress.org/trunk@39028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 04:27:34 +00:00
Drew Jaynes
5f4497f0af Docs: Fix multiple trivial typos throughout a variety of core files.
Props ottok.
Fixes #38489.

Built from https://develop.svn.wordpress.org/trunk@39051


git-svn-id: http://core.svn.wordpress.org/trunk@38993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 06:28:32 +00:00
Dominik Schilling
7819e2b4ba I18N: Introduce a locale-switching function.
With the introduction of user-specific languages in [38705] it's necessary to be able to switch translations on the fly. For example emails should be sent in the language of the recipient and not the one of the current user.

This introduces a new `WP_Locale_Switcher` class which is used for switching locales and translations. It holds the stack of locales whenever `switch_to_locale( $locale )` is called. With `restore_previous_locale()` you can restore the previous locale. `restore_current_locale()` empties the stack and sets the locale back to the initial value.

`switch_to_locale()` is added to most of core's email functions, either with the value of `get_locale()` (site language) or `get_user_locale()` (user language with fallback to site language).

Props yoavf, tfrommen, swissspidy, pbearne, ocean90.
See #29783.
Fixes #26511.
Built from https://develop.svn.wordpress.org/trunk@38961


git-svn-id: http://core.svn.wordpress.org/trunk@38904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 15:36:31 +00:00
Scott Taylor
a3ffebce30 Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38470


git-svn-id: http://core.svn.wordpress.org/trunk@38411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:31:29 +00:00
John Blackbourn
a1d61a95e1 Security: Return a 403 instead of a 200 HTTP status when check_ajax_referer() fails.
This is, unfortunately, untestable in the current test suite, even in the AJAX tests.

Fixes #36362

Built from https://develop.svn.wordpress.org/trunk@38421


git-svn-id: http://core.svn.wordpress.org/trunk@38362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-28 17:31:30 +00:00
John Blackbourn
b85e322e35 Security: Trigger a _doing_it_wrong() when check_ajax_referer() is called without its first parameter. This brings it inline with check_admin_referer().
Fixes #36361

Built from https://develop.svn.wordpress.org/trunk@38420


git-svn-id: http://core.svn.wordpress.org/trunk@38361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-28 17:15:28 +00:00
Scott Taylor
390ceba6c7 Bootstrap: after r38409 and r38410, revert r38402 which reverted r38399.
This fixes the paths in `wp-vendor/` that were including `src`. I want to drop this in so we can find out what else will break.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38411


git-svn-id: http://core.svn.wordpress.org/trunk@38352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 22:32:37 +00:00
Dion Hulse
0e31a46161 Bootstrap: Revert [38399] as it's broken /build/ and subsequently core.svn.wordpress.org.
The generated classmaps reference `/src/` files and operates in the assumption that the base directory is one level above `wp-settings.php`, which it isn't after our build processes are run.

See #36335

Built from https://develop.svn.wordpress.org/trunk@38402


git-svn-id: http://core.svn.wordpress.org/trunk@38343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 14:37:32 +00:00
Scott Taylor
6a529648cf Bootstrap: Autoload classes using a Composer-generated PHP 5.2-compatible Autoloader.
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.

The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php

We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php

When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.

The future is now.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38399


git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 09:15:29 +00:00
Scott Taylor
481123661c Load: load class-phpass.php (PasswordHash class) early in wp-settings.php, instead of require_once()'ing it in several places.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38371


git-svn-id: http://core.svn.wordpress.org/trunk@38312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-26 17:40:35 +00:00
Drew Jaynes
f07f1b126e Docs: Add a missing parenthesis in an example in the DocBlock for wp_redirect().
Props shayanys.
See #37770.

Built from https://develop.svn.wordpress.org/trunk@38350


git-svn-id: http://core.svn.wordpress.org/trunk@38291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-25 07:36:31 +00:00
Scott Taylor
b7812bd416 AJAX: add a new function, wp_doing_ajax(), which can replace... (wait for it...) DOING_AJAX checks via the constant.
Props Mte90, sebastian.pisula, swissspidy.
Fixes #25669.

Built from https://develop.svn.wordpress.org/trunk@38334


git-svn-id: http://core.svn.wordpress.org/trunk@38275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-23 14:33:30 +00:00
Boone Gorges
54fe38c7cc Mail: Don't set Sender field when setting From.
[38058] changed `wp_mail()` so that it used PHPMailer's `setFrom()`
method rather than setting the From and FromName headers directly. See
behavior of setting the `Sender` field. This causes `mail` to be
called with the `-f` flag, which causes outgoing email to fail on some
server environments.

Props Clorith, iandunn, DrewAPicture.
Fixes #37736.
Built from https://develop.svn.wordpress.org/trunk@38286


git-svn-id: http://core.svn.wordpress.org/trunk@38227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-20 02:17:38 +00:00
Boone Gorges
905f4ec0f8 Mail: Improve handling of UTF-8 address headers.
Previously, `wp_mail()` implemented Reply-To as a generic header, using
PHPMailer's `addCustomHeader()`. As such, the email address portion of
the header was being incorrectly encoded when the name portion
contained UTF-8 characters. Switching to PHPMailer's more specific
`addReplyTo()` method fixes the issue.

For greater readability, the handling of all address-related headers
(To, CC, BCC, Reply-To) has been standardized.

Props szepe.viktor, iandunn, bpetty, stephenharris.
Fixes #21659.
Built from https://develop.svn.wordpress.org/trunk@38058


git-svn-id: http://core.svn.wordpress.org/trunk@37999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 18:04:28 +00:00
Drew Jaynes
6c7148943b Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide.
Ajax, while considered an acronym for Asynchronous JavaScript and XML, is most commonly capitalized only in the first character.

Part props ocean90.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38028


git-svn-id: http://core.svn.wordpress.org/trunk@37969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 00:51:30 +00:00
Sergey Biryukov
139387b7e5 Docs: Use 3-digit, x.x.x-style semantic versioning for _doing_it_wrong(), _deprecated_function(), _deprecated_argument(), and _deprecated_file() throughout core.
Props metodiew.
Fixes #36495.
Built from https://develop.svn.wordpress.org/trunk@37985


git-svn-id: http://core.svn.wordpress.org/trunk@37926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-06 12:40:29 +00:00
Jeremy Felt
6f3f00ea97 Multisite: Change WP_Network id property to an integer.
For consistency and developer sanity.

Props flixos90.
Fixes #37050.

Built from https://develop.svn.wordpress.org/trunk@37870


git-svn-id: http://core.svn.wordpress.org/trunk@37811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-26 14:26:29 +00:00
Sergey Biryukov
bbd663415c Text Changes: Simplify two strings in wp_password_change_notification().
Add translator comments.

Props ramiy.
See #35736.
Built from https://develop.svn.wordpress.org/trunk@37704


git-svn-id: http://core.svn.wordpress.org/trunk@37670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-14 22:09:28 +00:00
Jeremy Felt
d75f77a410 Admin: Allow for the consistent filtering of auth_redirect_scheme
Fixes #37047.

Built from https://develop.svn.wordpress.org/trunk@37651


git-svn-id: http://core.svn.wordpress.org/trunk@37617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-07 20:49:30 +00:00
Drew Jaynes
9193013158 Docs: Apply inline @see tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

Fixes #36921.

Built from https://develop.svn.wordpress.org/trunk@37544


git-svn-id: http://core.svn.wordpress.org/trunk@37512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:02:28 +00:00
Drew Jaynes
6c534918d4 Docs: Standardize filter docs in wp-includes/pluggable.php to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37508


git-svn-id: http://core.svn.wordpress.org/trunk@37476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:35:27 +00:00
Eric Lewis
02a4e761f2 Users: Correct inline docs for cookie expiration.
Props kjbenk.
Fixes #35568.

Built from https://develop.svn.wordpress.org/trunk@37315


git-svn-id: http://core.svn.wordpress.org/trunk@37281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-27 02:52:28 +00:00
Sergey Biryukov
c371296223 Users: In wp_new_user_notification(), sdd 'user' option for the $notify parameter, which allows for sending notification only to the user created.
Props akibjorklund.
Fixes #36009.
Built from https://develop.svn.wordpress.org/trunk@37276


git-svn-id: http://core.svn.wordpress.org/trunk@37242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-21 10:20:27 +00:00
Drew Jaynes
11ab384086 Docs: Improve 4.5 changelog entries introduced in [36992] for wp_authenticate(), and the authenticate and wp_login_failed hooks.
See #9568. See #35986.

Built from https://develop.svn.wordpress.org/trunk@37030


git-svn-id: http://core.svn.wordpress.org/trunk@36997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-17 08:06:27 +00:00
John Blackbourn
621085a360 Users: Add @since entries to wp_authenticate() and its filters now that the $username parameter can also be an email address.
See #9568, #35986

Built from https://develop.svn.wordpress.org/trunk@36992


git-svn-id: http://core.svn.wordpress.org/trunk@36959 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-14 22:31:27 +00:00
Sergey Biryukov
ef7a559e2e Docs: Correct filter reference in pre_get_avatar filter description.
Props henry.wright.
Fixes #36031.
Built from https://develop.svn.wordpress.org/trunk@36800


git-svn-id: http://core.svn.wordpress.org/trunk@36767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-02 03:41:28 +00:00
Dominik Schilling
e5ea82d81a Spelling: Standardize on "front end"/"back end" (noun) and "front-end"/"back-end" (adjective).
Props obrienlabs, thewanderingbrit.
Fixes #34887.
Built from https://develop.svn.wordpress.org/trunk@36709


git-svn-id: http://core.svn.wordpress.org/trunk@36676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-25 12:53:27 +00:00
Drew Jaynes
f5ea3e5dac Docs: Make a few syntactical improvements to the DocBlock for _wp_get_current_user(), introduced in [36651].
Includes a cross reference from the DocBlock for `wp_get_current_user()`, which itself is pluggable, but the new internal function is not.

See #19615. See #32246.

Built from https://develop.svn.wordpress.org/trunk@36705


git-svn-id: http://core.svn.wordpress.org/trunk@36672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-25 05:07:26 +00:00
Sergey Biryukov
f170058209 Mail: Correct compact() usage in wp_mail().
Props Ankit K Gupta, maweder.
Fixes #35781 for trunk.
Built from https://develop.svn.wordpress.org/trunk@36688


git-svn-id: http://core.svn.wordpress.org/trunk@36655 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 17:38:27 +00:00
Pascal Birchler
9612c26db3 Users: Introduce _wp_get_current_user() for improved backward compatibility.
This new helper function is used by the pluggable functions `wp_get_current_user()` and `get_currentuserinfo()`, which was previously being called by the former before [36311]. Without it, infinite loops could be caused when plugins implement these functions, as they are now called the other way around.

Fixes #19615.
Built from https://develop.svn.wordpress.org/trunk@36651


git-svn-id: http://core.svn.wordpress.org/trunk@36618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 22:26:28 +00:00
Dominik Schilling
7ebe2c1e7a Authentication: Allow users to log in using their email address.
Introduces `wp_authenticate_email_password()` which is hooked into `authenticate` after `wp_authenticate_username_password()`.

Props Denis-de-Bernardy, ericlewis, vhomenko, MikeHansenMe, swissspidy, ocean90.
Fixes #9568.
Built from https://develop.svn.wordpress.org/trunk@36617


git-svn-id: http://core.svn.wordpress.org/trunk@36584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-22 23:15:27 +00:00
Rachel Baker
06225cc394 Comments: Refresh the Moderate Comment screen for a friendlier experience with email moderation actions.
Brings some love to this neglected screen:
* format `comment_content`, instead of escaping in one massive block of text
* only wrap the comment date in a link if the comment permalink exists
* include link to the Edit Comment screen at the bottom of the comment_content
* update the message styles to match other screens
* append `#wpbody-content` to the comment email message links for accessibility

Props johnbillion, rachelbaker, afercia, melchoyce, karmatosed.

Fixes #34133
Built from https://develop.svn.wordpress.org/trunk@36588


git-svn-id: http://core.svn.wordpress.org/trunk@36555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-19 19:14:26 +00:00
Dominik Schilling
72c6f7f86f Suppress possible warnings in PHP < 5.3.3 by parse_url() in wp_validate_redirect().
PHP 5.3.3 removed the E_WARNING that was emitted when URL parsing failed.
Built from https://develop.svn.wordpress.org/trunk@36446


git-svn-id: http://core.svn.wordpress.org/trunk@36413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 16:34:27 +00:00