Commit Graph

336 Commits

Author SHA1 Message Date
Felix Arntz
f704fc808a Multisite: Handle capability check for removing oneself via map_meta_cap().
Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from `wp-admin/users.php` to `remove_user_from_blog()` via the `remove_user` capability, which furthermore allows us to get rid of two additional clauses and their `is_super_admin()` checks in `wp-admin/users.php`. A unit test for the new behavior has been added.

Fixes #39063. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39588


git-svn-id: http://core.svn.wordpress.org/trunk@39528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 21:42:42 +00:00
Andrea Fercia
87882d0463 Accessibility: Remove inappropriate content from the Users screen heading.
See #26601.

Built from https://develop.svn.wordpress.org/trunk@39534


git-svn-id: http://core.svn.wordpress.org/trunk@39474 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-07 18:29:38 +00:00
Sergey Biryukov
dca7d8d0ea Text Changes: Merge strings referring to list_users capability.
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39312


git-svn-id: http://core.svn.wordpress.org/trunk@39252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 02:16:30 +00:00
Sergey Biryukov
b1ed607578 Text Changes: Merge and clarify some permission error strings in the admin.
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39308


git-svn-id: http://core.svn.wordpress.org/trunk@39248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:38:31 +00:00
Sergey Biryukov
a7af7c89a4 Text Changes: Unify permission error messages in wp-admin/users.php.
Props ramiy.
Fixes #38804.
Built from https://develop.svn.wordpress.org/trunk@39258


git-svn-id: http://core.svn.wordpress.org/trunk@39198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 22:25:30 +00:00
John Blackbourn
bc5c87710e Administration: Standardise the docblocks for the handle_bulk_actions-* filters.
Props ericlewis, Veraxus
Fixes #16031

Built from https://develop.svn.wordpress.org/trunk@38958


git-svn-id: http://core.svn.wordpress.org/trunk@38901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 14:45:29 +00:00
Andrea Fercia
2eda436430 Accessibility: Remove target=_blank from the Users and Widgets screens help tabs links.
Stop taking control of users' browsers.

Props rianrietveld.
Fixes #38217. See #23432.

Built from https://develop.svn.wordpress.org/trunk@38723


git-svn-id: http://core.svn.wordpress.org/trunk@38666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-04 07:10:31 +00:00
Sergey Biryukov
ee109482db Text Changes: Unify two more permission error messages.
Props ramiy.
Fixes #38158. See #34521.
Built from https://develop.svn.wordpress.org/trunk@38666


git-svn-id: http://core.svn.wordpress.org/trunk@38609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-28 00:17:28 +00:00
Eric Lewis
d27606936b Allow custom bulk actions in admin list tables.
Bulk action filtering was introduced in 3.1, but only to remove default bulk actions, not add new ones.

Bulk actions can now be registered for all admin list table dropdowns via the `bulk_actions-{get_current_screen()->id}` filter. Handling custom bulk actions can be performed in the corresponding and newly introduced `handle_bulk_actions-${get_current_screen()->id}` filter.

Props scribu, flixos90, Veraxus.
See #16031.


Built from https://develop.svn.wordpress.org/trunk@38647


git-svn-id: http://core.svn.wordpress.org/trunk@38590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-23 20:33:30 +00:00
Dominik Schilling
25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Andrea Fercia
d01b200e6e Accessibility: Help text improvements.
Avoid references to "visual" positions in favour of positions in the document
structure. The help text shouldn't assume users can see.

Also, in the Posts screen don't mention specific types of posts and use a more
generic text instead.

Props odysseygate, pansotdev, zakb8.
Fixes #34761.
Built from https://develop.svn.wordpress.org/trunk@37680


git-svn-id: http://core.svn.wordpress.org/trunk@37646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 21:43:29 +00:00
Sergey Biryukov
90c7ce63d9 Use admin_url() for "Add New" links in wp-admin/users.php.
Props johnjamesjacoby.
Fixes #36186.
Built from https://develop.svn.wordpress.org/trunk@36902


git-svn-id: http://core.svn.wordpress.org/trunk@36870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-09 19:09:50 +00:00
Drew Jaynes
54ab5fa68c Users: Pass the array of user IDs being deleted to the delete_user_form action hook in two places.
Also updates documentation for the first parameter, `$current_user`, to clarify that it holds the `WP_User` object for the _current_ user, not the one being deleted.

Props usermrpapa.
Fixes #35063. 

Built from https://develop.svn.wordpress.org/trunk@36640


git-svn-id: http://core.svn.wordpress.org/trunk@36607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 17:42:27 +00:00
Dominik Schilling
e512f158df Add translators comments to wp-admin/users.php.
Props ramiy.
Fixes #35885.
Built from https://develop.svn.wordpress.org/trunk@36621


git-svn-id: http://core.svn.wordpress.org/trunk@36588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 00:05:28 +00:00
Pascal Birchler
aaa11d6207 Allow searching for 0 throughout the admin.
Fixes #31025.
Built from https://develop.svn.wordpress.org/trunk@36302


git-svn-id: http://core.svn.wordpress.org/trunk@36269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-14 20:06:25 +00:00
Dion Hulse
04bca9732b Users: When determining whether to show the reassign content option during user delete, don't rely upon WP_Query as it doesn't return all forms of content wp_delete_user() operates on.
This restores the reassign form when a user has a non-public post type or links assigned to them.

Props swissspidy & tharsheblows for initial patches.
Fixes #34993 for trunk.

Built from https://develop.svn.wordpress.org/trunk@36068


git-svn-id: http://core.svn.wordpress.org/trunk@36033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-23 04:46:28 +00:00
Boone Gorges
714be37ea5 Show user_login in Dashboard user dropdowns.
User dropdowns in wp-admin have traditionally shown the users' display names.
However, this causes ambiguity when users share display names. To correct this,
we now show the unique user_login in parentheses after the display name.

The new `display_name_with_login` value for the `show` parameter of
`wp_dropdown_users()` enables this functionality. The default value of `show`
has not been changed, for backward compatibility, but all instances of
`wp_dropdown_users()` in core wp-admin have been switched.

This changeset also reduces some duplicated logic when assembling a user list
when `include_selected` is true.

Props krogsgard, boonebgorges.
Fixes #31251.
Built from https://develop.svn.wordpress.org/trunk@35790


git-svn-id: http://core.svn.wordpress.org/trunk@35754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 20:57:26 +00:00
Drew Jaynes
efdc838019 Docs: Add a missing version to the file header for wp-admin/users.php.
See #33701.

Built from https://develop.svn.wordpress.org/trunk@35558


git-svn-id: http://core.svn.wordpress.org/trunk@35522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-06 21:54:33 +00:00
Helen Hou-Sandí
f3107e5842 Make some primary action buttons look primary.
* User deletion/removal
* Site status change (multisite)
* Network upgrade
* Import file upload
* Media browser upload

props Dezzy for the initial patch.
fixes #23738.

Built from https://develop.svn.wordpress.org/trunk@35182


git-svn-id: http://core.svn.wordpress.org/trunk@35148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-15 03:08:24 +00:00
Scott Taylor
0c2b2a0e3d List Tables/WP_Screen: in WP_Screen, add methods to store, retrieve, and render screen reader text, primarily used by list table screens.
These additions are based on an audit and recommendations by the Accessibility team. #a11y'all

Props afercia.
Fixes #32147.

Built from https://develop.svn.wordpress.org/trunk@34891


git-svn-id: http://core.svn.wordpress.org/trunk@34856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 01:28:25 +00:00
Scott Taylor
f78170934a Users List Table: show the "Change role to" dropdown on the top and bottom. Currently only shows on top.
See #27743.

Built from https://develop.svn.wordpress.org/trunk@34636


git-svn-id: http://core.svn.wordpress.org/trunk@34600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-27 19:11:26 +00:00
Drew Jaynes
35246a957f Docs: The User API is singular.
See #33701.

Built from https://develop.svn.wordpress.org/trunk@34393


git-svn-id: http://core.svn.wordpress.org/trunk@34357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 12:31:26 +00:00
Scott Taylor
49b8ccec79 When deleting via User List Table, don't prompt for re-attribution if the user(s) do(es) not have any posts.
Props rajnikmit, wojtek.szkutnik, benjmay, wonderboymusic.
Fixes #6405. 

Built from https://develop.svn.wordpress.org/trunk@34000


git-svn-id: http://core.svn.wordpress.org/trunk@33969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 16:47:24 +00:00
Sergey Biryukov
bc8af88903 Provide more helpful feedback than just "Cheatin' uh?" for permission errors in wp-admin/network/site-users.php.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33683. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33888


git-svn-id: http://core.svn.wordpress.org/trunk@33857 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 09:03:24 +00:00
Sergey Biryukov
ce05b02a59 Provide more helpful feedback than just "Cheatin' uh?" for permission errors in wp-admin/users.php.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33679. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33885


git-svn-id: http://core.svn.wordpress.org/trunk@33854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 08:54:24 +00:00
Sergey Biryukov
a883227772 Multisite: Introduce a singular string for user removal (we already have one for deletion).
props pavelevap.
fixes #32387.
Built from https://develop.svn.wordpress.org/trunk@33434


git-svn-id: http://core.svn.wordpress.org/trunk@33401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-26 23:19:24 +00:00
Konstantin Obenland
bd974d7bf2 Use a less element-specific class name for links within page titles.
After [32974] these links are no longer within an `h2`, making the class name
inaccurate. `add-new-h1` has the potential to expose the same problem for in a
possible future change.

Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@33067


git-svn-id: http://core.svn.wordpress.org/trunk@33038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-03 16:42:24 +00:00
Konstantin Obenland
7dc1d06e64 Proper heading for admin screens.
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.

Props joedolson, afercia.
Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@32974


git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 15:41:25 +00:00
Dominik Schilling
64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Helen Hou-Sandí
d85f8fe326 Admin notices: Make (most) core notices dismissible.
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.

props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes #31233. see #23367.

Built from https://develop.svn.wordpress.org/trunk@31973


git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 22:06:28 +00:00
Sergey Biryukov
36643388ef Decouple strings where the singular and plural form are not just the same string with different numbers, but essentially two different strings.
This allows for using proper plural forms in languages with more than two forms, and also resolves string conflicts when the same string is present in both singular and plural form.

fixes #28502.
Built from https://develop.svn.wordpress.org/trunk@31941


git-svn-id: http://core.svn.wordpress.org/trunk@31920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-31 18:45:28 +00:00
Dominik Schilling
13ad2d4e16 Screen Options: Improve items per page option label.
Previously the label just said "Posts", "Pages", or "Comments". This was bad in terms of accessibility and internationalization because of missing context.
This change adds a default label "Number of items per page:" to `WP_Screen->render_per_page_options()` and removes all the existing one-word labels.

props afercia.
fixes #31349, #15576.
Built from https://develop.svn.wordpress.org/trunk@31696


git-svn-id: http://core.svn.wordpress.org/trunk@31677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-10 15:32:27 +00:00
Scott Taylor
7f8b548df1 In HTML5, the action attribute is no longer required. Remove this attribute when empty.
The admin HTML is served with the HTML5 doctype.

"The action and formaction content attributes, if specified, must have a value that is a valid non-empty URL potentially surrounded by spaces." 
http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fs-action

Props voldemortensen.
Fixes #30126.

Built from https://develop.svn.wordpress.org/trunk@31200


git-svn-id: http://core.svn.wordpress.org/trunk@31181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 04:16:24 +00:00
John Blackbourn
d88ed475b0 Switch to a 403 response code in places where it is more appropriate than a 500 due to permissions errors.
Fixes #10551
Props nacin

Built from https://develop.svn.wordpress.org/trunk@30356


git-svn-id: http://core.svn.wordpress.org/trunk@30355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:16:22 +00:00
Andrew Nacin
f7392ef917 Pinking shears.
Built from https://develop.svn.wordpress.org/trunk@29707


git-svn-id: http://core.svn.wordpress.org/trunk@29481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-04 15:23:16 +00:00
Scott Taylor
9f1eb2b13e Add new action 'delete_user_form' in wp-admin/users.php and wp-admin/network/users.php.
Props SergeyBiryukov, usermrpapa.
Fixes #27230.

Built from https://develop.svn.wordpress.org/trunk@28885


git-svn-id: http://core.svn.wordpress.org/trunk@28684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-28 04:43:16 +00:00
Scott Taylor
2f513d3320 Fix some hackificator odds and ends in wp-admin:
* `wp-activate.php` and `wp-admin/themes.php` don't need the closing PHP tag
* Switch single quotes for HTML attribute values to double in a few places
* Convert `include_once file.php` syntax to `include_once( 'file.php' )`
* Add access modifiers to methods/members in: `_WP_List_Table_Compat`, `Walker_Nav_Menu_Edit`, `Walker_Nav_Menu_Checklist`, `WP_Screen`, `Walker_Category_Checklist`
* `edit_user()` doesn't need to import the `$wpdb` global
* `wp_list_widgets()` doesn't need to import the `$sidebars_widgets` global
* switch/endswitch syntax is not supported in Hack
* A `<ul>` in `wp-admin/users.php` is unclosed

See #27881.

Built from https://develop.svn.wordpress.org/trunk@28500


git-svn-id: http://core.svn.wordpress.org/trunk@28326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 05:04:16 +00:00
Scott Taylor
5f27d149a3 In wp-admin/users.php, break is unreachabled after exit.
See #27882.

Built from https://develop.svn.wordpress.org/trunk@28315


git-svn-id: http://core.svn.wordpress.org/trunk@28143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-06 18:19:14 +00:00
Helen Hou-Sandí
84946c75e3 Indicate that the user deletion process affects all content attributed to a given user, not just posts. props seanchayes. fixes #26709.
Built from https://develop.svn.wordpress.org/trunk@27416


git-svn-id: http://core.svn.wordpress.org/trunk@27263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-05 19:20:14 +00:00
Andrew Nacin
0c16c0477b Reference https://wordpress.org rather than http://wordpress.org in strings, links, comments, etc.
props Ipstenu, markjaquith.
see #27115.

Built from https://develop.svn.wordpress.org/trunk@27369


git-svn-id: http://core.svn.wordpress.org/trunk@27219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-03 02:34:27 +00:00
Andrew Ozz
8d6059b383 Remove all screen_icon() calls and deprecate the functions, props TobiasBg, fixes #26119
Built from https://develop.svn.wordpress.org/trunk@26518


git-svn-id: http://core.svn.wordpress.org/trunk@26411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-02 03:53:11 +00:00
Andrew Nacin
fd57b239d2 Don't rely on include_path to include files.
Always use dirname() or, once available, ABSPATH.

props ketwaroo, hakre.
fixes #17092.

Built from https://develop.svn.wordpress.org/trunk@25616


git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Ryan Boren
15a06a35ab Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: http://core.svn.wordpress.org/trunk@23591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 16:30:38 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov
6cb5f510b8 Select "Attribute all posts to..." radio button automatically when selecting a username from the dropdown. fixes #23224.
git-svn-id: http://core.svn.wordpress.org/trunk@23366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-01 18:43:23 +00:00
Peter Westwood
ae48899878 i18n: Fix the usage of sprintf replacements in the user management admin page. See #22260.
git-svn-id: http://core.svn.wordpress.org/trunk@22273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-23 11:32:41 +00:00
Andrew Nacin
e3d18dc0fc Force the user to explicitly choose between content deletion and reassignment when deleting users. props Dan Rivera, Ben Brooks, GhostToast. fixes #20045.
git-svn-id: http://core.svn.wordpress.org/trunk@22166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-10 14:07:59 +00:00
Andrew Nacin
84c3a86036 Hide the link manager from the UI on upgrade, if the site has no links. New DB option, link_manager_enabled.
Enforce this by denying the 'manage_links' capability, which hides the All Links, Add New Link, and Link Categories screens. Hide WP_Widget_Links and the UI for the default_link_category as well.

Convert all references to 'posts and links' when handling reassignment on user deletion to just 'posts'.

see #21307.



git-svn-id: http://core.svn.wordpress.org/trunk@21501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-13 16:18:42 +00:00
nacin
7127ed1197 Move most instances of new WP_User to get_userdata(). see #21120.
git-svn-id: http://core.svn.wordpress.org/trunk@21413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-03 01:06:05 +00:00