This changeset introduces several changes around usability when recovery mode is active:
* Display a notice in the admin clarifying that the user is in recovery mode.
* Use a highlight color for the admin bar link to exit recovery mode.
* Exit recovery mode automatically when logging out.
* Include a recovery mode indicator in the title tag.
Props aandrewdixon, azaozz, dhanukanuwan, flixos90, henrywright, karmatosed, mapk, melchoyce, spacedmonkey, TimothyBlynJacobs, tinkerbelly.
See #46608.
Built from https://develop.svn.wordpress.org/trunk@45117
git-svn-id: http://core.svn.wordpress.org/trunk@44926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.
When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.
A link in the admin bar allows the client to exit recovery mode.
Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes#46130, #44458.
Built from https://develop.svn.wordpress.org/trunk@44973
git-svn-id: http://core.svn.wordpress.org/trunk@44804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By reordering the logic when handling the `confirmaction` action in `wp-login.php`, the need for a new `WP_Error` object to be created can be eliminated. The error message can be passed directly into a `wp_die()` call, matching the other validation errors in related code.
Props garrett-eclipse, birgire.
Fixes#44901.
Built from https://develop.svn.wordpress.org/trunk@44931
git-svn-id: http://core.svn.wordpress.org/trunk@44762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For accessibility and usability, if an input error is detected, the item that is in error needs to be identified and the error needs to be described to the user in text (WCAG Success Criterion 3.3.1). The login form displays an error when the username field is empty or when the password field is empty. It omits to do so when both fields are empty.
This change restores the login form behavior to the one that used to work in WordPress 2.3 (!) and displays the related error messages also when both fields are empty.
Props birgire, audrasjb.
See #8938, #5405, #3708.
Fixes#42985.
Built from https://develop.svn.wordpress.org/trunk@44918
git-svn-id: http://core.svn.wordpress.org/trunk@44749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Deprecate `login_headertitle` filter, introduce `login_headertext` as a replacement.
* For backwards compatibility, if a `login_headertitle` is set, it will be used as link text.
* Make the login header logo URL and text consistent between single site and Multisite.
* Avoid ambiguity of where the WordPress logo points to; link to WordPress.org by default.
* `login_headerurl` filter is still available to change the URL of the header logo.
Props afercia, pratikkry, chetan200891.
Fixes#42537.
Built from https://develop.svn.wordpress.org/trunk@44899
git-svn-id: http://core.svn.wordpress.org/trunk@44730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- makes the "Cancel" button always visible: this allows to generate a new password also on small screens
- moves focus back to the Generate Password button when closing the form
- changes the password reset show/hide button from a clickable `<span>` element to a real `<button>` element
- improves the CSS
Props janak007, afercia.
Fixes#42853.
Built from https://develop.svn.wordpress.org/trunk@44895
git-svn-id: http://core.svn.wordpress.org/trunk@44726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces new `determine_locale()` function for deciding the proper locale to use for a response. Default value is `get_user_locale()` in the admin, and `get_locale()` on the frontend. Because REST API requests are considered frontend requests, `?_locale=user` can be used to render the response in the user's locale.
Also updates `wp-login.php?wp_lang` implementation to benefit from this abstraction.
Merges [43776] from the 5.0 branch to trunk.
Props flixos90, mnelson4, swissspidy, TimothyBlynJacobs.
Fixes#44758.
Built from https://develop.svn.wordpress.org/trunk@44134
git-svn-id: http://core.svn.wordpress.org/trunk@43964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translators comments.
* Fix placement of some translators comments.
Translators comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools.
The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translators comments.
Patch `44360-src.2.diff` of the series.
Props garyj, alvarogois, michielatyoast
See #44360
Built from https://develop.svn.wordpress.org/trunk@43595
git-svn-id: http://core.svn.wordpress.org/trunk@43424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order to get the best result when running `phpcbf` across the codebase, there are some manual tweaks we need to make.
These fall into three categories:
- Fixing incorrectly indented code which has flow-on effects when auto-fixing.
- Tweaking the layout of inline PHP inside HTML tags.
- Moving more complex inline PHP inside HTML tags, to execute earlier.
See #44600.
Built from https://develop.svn.wordpress.org/trunk@43569
git-svn-id: http://core.svn.wordpress.org/trunk@43398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Personal data collection is more likely for registered users than casual visitors, and the privacy policy might have been updated since a user last logged in. Those changes could impact the collection of personal data from registered users, so it makes sense to provide a link to the policy before users log in.
Props voneff, xkon, melchoyce, chetan200891, desrosj.
Fixes#43721.
Built from https://develop.svn.wordpress.org/trunk@43120
git-svn-id: http://core.svn.wordpress.org/trunk@42949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the (W) logo on the single site login screen linked to wordpress.org, with an appropriate `title` attribute, but the link text was the blog name.
To fix this discrepency, the link text is now the same as the `title` attribute.
Props pento, obrienlabs, afercia, flixos90, lukecavanagh, and the infinite stack of bikesheds that WordPress is balanced upon.
Fixes#34625.
Built from https://develop.svn.wordpress.org/trunk@41843
git-svn-id: http://core.svn.wordpress.org/trunk@41677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows users who are using the admin area in a language other than the site language to read the notice on the login screen
(which explains that they need to log in again) in their chosen language.
Props Nikschavan, swissspidy
Fixes#40205
Built from https://develop.svn.wordpress.org/trunk@41692
git-svn-id: http://core.svn.wordpress.org/trunk@41526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_network()` falls back to the current network when called without any arguments. Between this and `get_current_network_id()`, we can replace almost all instances of the global `$current_site` and all instances of `get_current_site()`.
This effectively deprecates `get_current_site()`, something that we'll do in a future ticket.
Props flixos90.
Fixes#37414.
Built from https://develop.svn.wordpress.org/trunk@38814
git-svn-id: http://core.svn.wordpress.org/trunk@38757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Making behavior changes based on some broad definition of what mobile is rarely, if ever, makes sense. Each bit of functionality should be more clearly targeted, whether that's for screen size, performance, or some kind of touch capability.
props akibjorklund.
see #33704.
Built from https://develop.svn.wordpress.org/trunk@38739
git-svn-id: http://core.svn.wordpress.org/trunk@38682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`wp-login.php` uses `wp_safe_redirect()` for all redirects, even those that do not involve unsafe data from the request or referer.
When a user of a subdomain site attempts to login to a network site they do not have access to, the host in the redirect URL is treated as unsafe by `wp_safe_redirect()` as it has no immediate awareness as to which hosts are valid on the network. On a subdirectoy network, everything works as expected because the host is the same.
In this specific block of `wp-login.php`, all URLs are generated by WordPress and we can use `wp_redirect()` to handle the redirects. Users authenticating via other network sites will now be redirected properly. Hosts passed via the `redirect_to` query var will continue to be handled by `wp_safe_redirect()`.
Fixes#30598.
Built from https://develop.svn.wordpress.org/trunk@36867
git-svn-id: http://core.svn.wordpress.org/trunk@36834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `wp_authenticate_email_password()` which is hooked into `authenticate` after `wp_authenticate_username_password()`.
Props Denis-de-Bernardy, ericlewis, vhomenko, MikeHansenMe, swissspidy, ocean90.
Fixes#9568.
Built from https://develop.svn.wordpress.org/trunk@36617
git-svn-id: http://core.svn.wordpress.org/trunk@36584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* string $redirect_to The redirect destination URL.
* string $requested_redirect_to The requested redirect destination URL passed as a parameter.
* WP_User $user The WP_User object for the user that's logging out.
Fixes#27617
Props SergeyBiryukov, johnbillion
Built from https://develop.svn.wordpress.org/trunk@31417
git-svn-id: http://core.svn.wordpress.org/trunk@31398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Affects DocBlocks for the following core elements:
* Backtick-escape code snippets in the description for `get_object_taxonomies()`
* Backtick-escape inline code in a markdown-formatted unordered list in the description for `get_taxonomy_labels()`
* Remove an HTML tag from the summary for the `Walker_Category_Checklist` class
* Remove an HTML tag from the summary for `wp_category_checklist()`, various formatting
* Remove an HTML tag from the summary for `wp_terms_checklist()`
* Backtick-escape an HTML tag in the description for `wp_popular_terms_checklist()`
* Remove HTML tags from the summaries for `page_template_dropdown()`, `parent_dropdown()`, and `wp_dropdown_roles()`
* Backtick-escape HTML tags in a parameter description for `add_settings_error()`
* Various formatting in the description and summary for `settings_errors()`
* Markdown-indent code snippets in the descriptions for `wpdb::prepare()`, `wpdb::insert()`, `wpdb::replace()`, `wpdb::update()`, and `wpdb::delete()`
* Backtick-escape an HTML tag in a parameter description for `login_header()`
* Remove HTML tags from the summaries for the `lostpassword_form` and `signup_header` hooks
Props rarst.
See #30473.
Built from https://develop.svn.wordpress.org/trunk@30546
git-svn-id: http://core.svn.wordpress.org/trunk@30535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
