Commit Graph

373 Commits

Author SHA1 Message Date
audrasjb
f6ee7d285f Users: Use type="hidden" for hidden input on User edit administration panel.
This hidden field added in [24552] to fix an issue with Chrome that was ignoring `autocomplete="off"` in `<input>`, by using a hidden, non-named, non-empty 
input right before the password field. However this input was only hidden via CSS and didn't have any label, which is considered as an accessibility issue. 
This changeset replaces `class="hidden"` with `type="hidden"` to properly indicate to user agents that it is an hidden field.

Follow-up to [24552].

Props smit08, audrasjb, sabernhardt, ryokuhi, tushar284, ashikurwp, siddhantwadhwani, pavanpatil1.
Fixes #56776.
 --Cette ligne, et les suivantes 
ci-dessous, seront ignorées--

M    trunk/src/wp-admin/user-edit.php
M    trunk/src/wp-admin/user-new.php

Built from https://develop.svn.wordpress.org/trunk@55892


git-svn-id: http://core.svn.wordpress.org/trunk@55404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-07 21:25:18 +00:00
Sergey Biryukov
f940bc822d Coding Standards: Apply various alignment corrections from composer format.
This fixes a few WPCS warnings along the lines of:
* Array double arrow not aligned correctly
* Equals sign not aligned with surrounding statements
* Usage of ELSE IF is discouraged; use ELSEIF instead

Follow-up to [55099], [55192], [55194], [55271].

Props davidbaumwald, jrf, SergeyBiryukov.
Fixes #57994.
Built from https://develop.svn.wordpress.org/trunk@55606


git-svn-id: http://core.svn.wordpress.org/trunk@55118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-29 07:13:23 +00:00
audrasjb
34229a4286 Help/About: Avoid extra redirections on HelpHub Links.
This changeset replaces various HelpHub links that have changed to avoid extra 301 redirections.

Props sabernhardt, audrasjb.
See #57726.

Built from https://develop.svn.wordpress.org/trunk@55414


git-svn-id: http://core.svn.wordpress.org/trunk@54947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-23 11:06:19 +00:00
audrasjb
418a21fdbc Help/About: Use the new /documentation/ URLs for HelpHub links in WordPress Admin.
As `https://wordpress.org/support/` was redirected to `https://wordpress.org/documentation/`, this changeset replaces various `/support/article/*` links with `/documentation/article/*` to avoid an extra redirect.

This also updates links to Support Forums by replacing `https://wordpress.org/support/` URLs with `https://wordpress.org/support/forums/`.

Props SergeyBiryukov, audrasjb, dhrupo, hasanmisbah, sakibmd, sabernhardt.
See #57726.

Built from https://develop.svn.wordpress.org/trunk@55412


git-svn-id: http://core.svn.wordpress.org/trunk@54945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-23 10:38:21 +00:00
Sergey Biryukov
9c5d4ca8d1 I18N: Mark screen reader strings as such with translator comments.
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.

Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes #29748.
Built from https://develop.svn.wordpress.org/trunk@55276


git-svn-id: http://core.svn.wordpress.org/trunk@54809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 17:10:21 +00:00
Sergey Biryukov
89706afd21 Coding Standards: Bring some consistency to the order of attributes in password fields.
Follow-up to [11359], [13592], [13696], [33023], [33246], [33353], [41556], [46256], [49248], [53111], [55094].

See #56791.
Built from https://develop.svn.wordpress.org/trunk@55145


git-svn-id: http://core.svn.wordpress.org/trunk@54678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-26 18:12:11 +00:00
Pascal Birchler
58545bacce I18N: Allow installing new translations when changing the user locale on the profile page.
Up until now, new translations could only be installed via Settings -> General.
When editing the user profile, one could only select locales that were already installed.

This change allows also installing new translations if the editing user has the necessary capabilities.

Props barryceelen, johnbillion, ocean90, swissspidy.
Fixes #38664.
Built from https://develop.svn.wordpress.org/trunk@55099


git-svn-id: http://core.svn.wordpress.org/trunk@54632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-19 14:13:13 +00:00
audrasjb
f92b90116a Application Passwords: Disable spellcheck for password field.
This changeset adds `spellcheck="false"` attribute to application password field.

Follow-up to [55094], [55095].

Props Spaceshipone.
Fixes #56763.

Built from https://develop.svn.wordpress.org/trunk@55096


git-svn-id: http://core.svn.wordpress.org/trunk@54629 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-19 11:48:12 +00:00
audrasjb
0f28fc7aed Login and Registration: Disable spellcheck for password fields.
This changeset adds `spellcheck="false"` attribute to various password fields.

The spellcheck global attribute defines whether the element may be checked for spelling errors. The `false` value indicates that the element should not be checked for spelling errors, which is relevant for a password field.

Furthermore, and as per MDN specs, using spellchecking can have consequences for users' security and privacy. The specification does not regulate how spellchecking is done and the content of the element may be sent to a third party for spellchecking results. Thus, it is recommended to set `spellcheck` attribute to `false` for elements that can contain sensitive information. Which is the case for password fields.

Props dziudek, audrasjb, gainesm, fosuahmed.
Fixes #56763.

Built from https://develop.svn.wordpress.org/trunk@55094


git-svn-id: http://core.svn.wordpress.org/trunk@54627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-19 08:53:13 +00:00
audrasjb
2058cdd91f Help/About: Improve comments keyboard shortcuts HelpHub links.
This changeset adds an anchor in Comments keyboard shortcut documentation links to direct the user to a more specific section of the HelpHub documentation. It also removes `target="_blank" from a link, since preventing data loss when clicking any on User Edit and Comment Edit screens is already handled by another existing ticket (#40493).

Props NekoJonez, SergeyBiryukov, sabernhardt, dennisatyoast, robinwpdeveloper.
Fixes #56920.

Built from https://develop.svn.wordpress.org/trunk@55042


git-svn-id: http://core.svn.wordpress.org/trunk@54575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-10 09:01:13 +00:00
Sergey Biryukov
3ba44120d0 Coding Standards: Always use parentheses when instantiating an object.
Note: This will be enforced by WPCS 3.0.0.

Props jrf.
See #56791.
Built from https://develop.svn.wordpress.org/trunk@54891


git-svn-id: http://core.svn.wordpress.org/trunk@54443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-29 15:51:14 +00:00
audrasjb
6b06b2cc25 Application Passwords: Link a more accurate documentation page in User profile edit screen.
This changeset replaces a HelpHub link with more accurate DevHub link about environment types in User profile edit screen.

Props greg24, whaze.
Fixes #56267.

Built from https://develop.svn.wordpress.org/trunk@53752


git-svn-id: http://core.svn.wordpress.org/trunk@53311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-21 19:32:12 +00:00
Sergey Biryukov
01d172b581 General: Replace all esc_url_raw() calls in core with sanitize_url().
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.
Built from https://develop.svn.wordpress.org/trunk@53455


git-svn-id: http://core.svn.wordpress.org/trunk@53044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-01 18:14:10 +00:00
audrasjb
12fc2d9146 Administration: Remove self-reference ("we") in WordPress Admin.
This changes updates many strings to remove self-references to an undefined "we" collective across the WordPress Administration.

The goal of this change is to better match the guidelines and recommendations set forth in the make/core handbook, specifically:

> the word "we" should be avoided (…) unless its made very clear which group is speaking.

Props johnbillion, shital-patel, audrasjb, marybaum, SergeyBiryukov, peterwilsoncc, johnjamesjacoby, kebbet, costdev, chaion07, davidbaumwald.
Fixes #46057.

Built from https://develop.svn.wordpress.org/trunk@53131


git-svn-id: http://core.svn.wordpress.org/trunk@52720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-11 11:42:04 +00:00
joedolson
b518b73602 Users: Use autocomplete values on user profiles.
Assign appropriate autocomplete values for new and edited user, user email, and password fields.

Props clonemykey, sabernhardt, WraithKenny, bookdude13, konradyoast.
Fixes #43886, #52714.
Built from https://develop.svn.wordpress.org/trunk@53111


git-svn-id: http://core.svn.wordpress.org/trunk@52700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-08 17:40:07 +00:00
Sergey Biryukov
0f8bdeb263 I18N: Add missing translator comment for application password helper text for Super Admins.
Follow-up to [53101].

See #53234.
Built from https://develop.svn.wordpress.org/trunk@53102


git-svn-id: http://core.svn.wordpress.org/trunk@52691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-08 00:03:05 +00:00
audrasjb
13dbc8c063 Application Passwords: Use a more appropriate helper text message for super-admins.
Previously, the helper text of the application password section was misleading for a Super Admin because an application password for a Super Admin grants access to all sites on the network, not just ones that they are a member of. This changeset provides a slightly different message for Super admin role.

Props johnbillion, rsiddharth, audrasjb.
Fixes #53234

Built from https://develop.svn.wordpress.org/trunk@53101


git-svn-id: http://core.svn.wordpress.org/trunk@52690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-07 23:16:02 +00:00
audrasjb
318205d459 Coding Standards: Improve formatting in /wp-admin/user-edit.php.
This change improves the formatting of `/wp-admin/user-edit.php` to avoid PHPCS failures when adding new code, which previously required new code to be indented multiple times, breaking alignment of the HTML parts. This change avoids disabling/enabling PHPCS for failing sniffs.

Props costdev, johnregan3, peterwilsoncc.
Fixes #54673.

Built from https://develop.svn.wordpress.org/trunk@52820


git-svn-id: http://core.svn.wordpress.org/trunk@52409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-04 11:29:04 +00:00
Sergey Biryukov
602b46626c Coding Standards: Rename the $profileuser variable to $profile_user in wp-admin/user-edit.php.
This brings the naming more in line with other variables like `$current_user`.

Follow-up to [2872].

See #54728.
Built from https://develop.svn.wordpress.org/trunk@52689


git-svn-id: http://core.svn.wordpress.org/trunk@52278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-02-07 15:26:01 +00:00
Sergey Biryukov
1b22e56ad0 Coding Standards: Use strict comparison in wp-admin/user-edit.php.
Follow-up to [2872], [13941], [12722], [14043], [14802], [23364], [42688].

Props azouamauriac.
See #54728.
Built from https://develop.svn.wordpress.org/trunk@52687


git-svn-id: http://core.svn.wordpress.org/trunk@52276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-02-07 14:47:02 +00:00
hellofromTonya
28b0710360 Application Passwords: Show HTTPS required message without filtering when not enabled or not in local environment.
When `add_filter( 'wp_is_application_passwords_available', '__return_false' )` exists, HTTPS requirement message is shown even if HTTPS is enabled on the site. This happens because `wp_is_application_passwords_available_for_user()` first invokes `wp_is_application_passwords_available()` which is filterable. The situation could happen if the `'wp_is_application_passwords_available_for_user'` filter returns `false`.

To fix this, the check for HTTPS (or if in a 'local' environment) is moved to a new function called `wp_is_application_passwords_supported()`. Then the return from this function is used as an OR condition for the Application Passwords section and for displaying the HTTPS required message.

Tests are included for both `wp_is_application_passwords_supported()` and `wp_is_application_passwords_available()`.

Follow-up to [51980], [51988].

Props davidbinda, SergeyBiryukov, ocean90, felipeelia, costdev, hellofromTonya.
Fixes #53658.
Built from https://develop.svn.wordpress.org/trunk@52398


git-svn-id: http://core.svn.wordpress.org/trunk@51990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-12-21 02:45:03 +00:00
Sergey Biryukov
1fdea15a96 Coding Standards: Fix some WPCS errors and warnings in wp-admin/user-edit.php:
* Add missing translators comment.
* Add missing space, correct indentation.
* Put opening and closing PHP tag on a line by itself.
* Remove unnecessary escaping for consistency with other strings.

Follow-up to [51980].

See #53658.
Built from https://develop.svn.wordpress.org/trunk@51988


git-svn-id: http://core.svn.wordpress.org/trunk@51577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 20:19:59 +00:00
johnjamesjacoby
fae48afc92 Application Passwords: display guiding text & link in user-edit.php when unavailable.
This change intends to avoid confusion around the requirements of the Application Passwords feature, specific to it requiring HTTPS and the `WP_ENVIRONMENT_TYPE` constant.

It does this by conditionally hiding the traditional UI and showing some insightful explanations instead, including a translatable link to the `WP_ENVIRONMENT_TYPE` documentation on the "Editing wp-config.php" support page.

Props ashfame, audrasjb, iluy, johnbillion.

Fixes  #53658.
Built from https://develop.svn.wordpress.org/trunk@51980


git-svn-id: http://core.svn.wordpress.org/trunk@51569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 17:57:03 +00:00
hellofromTonya
bc217668e2 App Passwords: Remove placeholder from the app password name input field.
In [49294, 49752], the `placeholder` attribute changed to `"WordPress App on My Phone"`. This change causes confusion as the field can be used in a variety of ways and is not limited to a phone.

Given a label exists for each field and clearly identifies its purpose, this commit removes the `placeholder` attribute from the `input` field.

Follow-up to [49109], [49294], [49752].

Props seedsca, audrasjb, joedolson, rehanali.
Fixes #54047.
Built from https://develop.svn.wordpress.org/trunk@51878


git-svn-id: http://core.svn.wordpress.org/trunk@51471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-01 13:49:00 +00:00
John Blackbourn
ae9eae8f64 Docs: Document some more common names for dynamic hooks and standardise the phrasing used.
Fixes #53581

Built from https://develop.svn.wordpress.org/trunk@51837


git-svn-id: http://core.svn.wordpress.org/trunk@51444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-21 18:21:00 +00:00
Sergey Biryukov
8a90b8691f Docs: Add a comment about the $title global usage in various admin files.
This should make it clear that the variable is used as part of the HTML `<title>` tag on admin screens.

Props ravipatel, hellofromTonya, sabernhardt, audrasjb, SergeyBiryukov.
Fixes #53729.
Built from https://develop.svn.wordpress.org/trunk@51475


git-svn-id: http://core.svn.wordpress.org/trunk@51086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-07-22 13:53:00 +00:00
John Blackbourn
2e6a782a5f Docs: Miscellaneous docblock improvements.
See #53399

Built from https://develop.svn.wordpress.org/trunk@51330


git-svn-id: http://core.svn.wordpress.org/trunk@50939 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-07-05 15:48:00 +00:00
joedolson
e53ace6056 Application Passwords: Allow enter key to submit profile form.
Fix the enter key in profile form fields moving focus to the application password input instead of submitting the profile update for. Replace the submit button type used for application passwords with `button type="button"` and ensure that the enter key's native behavior isn't overwritten.

props audrasjb, alexstine, promz, sabernhardt.
Fixes #52849.
Built from https://develop.svn.wordpress.org/trunk@51086


git-svn-id: http://core.svn.wordpress.org/trunk@50695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-07 23:49:58 +00:00
Sergey Biryukov
96beaa51d3 App Passwords: Use "sites" terminology instead of "blogs" in application passwords help text.
Follow-up to [49270].

Props jeremy80, johnbillion, audrasjb.
Fixes #53225.
Built from https://develop.svn.wordpress.org/trunk@50932


git-svn-id: http://core.svn.wordpress.org/trunk@50541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-19 18:17:56 +00:00
Sergey Biryukov
af9675bdcb Users: Give the Password Reset table row its own wrapper class.
Previously, the class of the Sessions table row was duplicated.

Follow-up to [50129], [50411].

See #52597.
Built from https://develop.svn.wordpress.org/trunk@50412


git-svn-id: http://core.svn.wordpress.org/trunk@50023 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-23 14:35:03 +00:00
Sergey Biryukov
e0b66dd56c Users: Relocate the Password Reset feature to the Account Management section.
Follow-up to [50129].

Props mukesh27, audrasjb, hellofromTonya.
Fixes #52597.
Built from https://develop.svn.wordpress.org/trunk@50411


git-svn-id: http://core.svn.wordpress.org/trunk@50022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-23 14:21:05 +00:00
Sergey Biryukov
b88325dbc6 I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
Adjust some newly introduced strings to remove unnecessary numbered placeholders for consistency.

Follow-up to [42827].

See #51800.
Built from https://develop.svn.wordpress.org/trunk@50234


git-svn-id: http://core.svn.wordpress.org/trunk@49895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-07 12:44:04 +00:00
Adam Silverstein
315b1c185d Users: enable admins to send users a reset password link.
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.

The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.

Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes #34281.


Built from https://develop.svn.wordpress.org/trunk@50129


git-svn-id: http://core.svn.wordpress.org/trunk@49808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-01 22:13:03 +00:00
TimothyBlynJacobs
6a8a83ea09 App Passwords: Extract Basic Auth check into a reusable filterable function.
In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.

This commit extracts the Basic Auth check into a reusable function, `wp_is_site_protected_by_basic_auth()`, which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.

In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a `WWW-Authenticate` header to make this detection more robust out of the box.

Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.
Fixes #52066.

Built from https://develop.svn.wordpress.org/trunk@50006


git-svn-id: http://core.svn.wordpress.org/trunk@49707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-24 02:57:59 +00:00
TimothyBlynJacobs
aac98aae97 App Passwords: Prevent conflicts when Basic Auth is already used by the site.
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.

Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.

Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.

Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Fixes #51939.


Built from https://develop.svn.wordpress.org/trunk@49752


git-svn-id: http://core.svn.wordpress.org/trunk@49475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-04 21:44:07 +00:00
TimothyBlynJacobs
5ee48d6915 App Passwords: MOAR accessibility improvements.
Corrects the "Application Name" field's aria-describedby attribute and makes the description visible.

Props alexstine, SergeyBiryukov.
Fixes #51580.

Built from https://develop.svn.wordpress.org/trunk@49573


git-svn-id: http://core.svn.wordpress.org/trunk@49311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-12 18:14:08 +00:00
Sergey Biryukov
3a1265e188 I18N: Add trailing punctuation to some translator comments.
Follow-up to [49549].

See #51580.
Built from https://develop.svn.wordpress.org/trunk@49562


git-svn-id: http://core.svn.wordpress.org/trunk@49300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-11 10:41:07 +00:00
TimothyBlynJacobs
74969e7fbe App Passwords: Further accessibility improvements.
- Add a label to the readonly password input.
- Handle focus loss after revoking app passwords.
- Handle focus loss after dismissing notices.
- Mark app name as `aria-required`.
- Use `aria-label` for detailed revoke button text instead of `title`.
- Use `-1` for `tabindex` instead of `0`.

Props alexstine, afercia, sabernhardt, audrasjb, joedolson, TimothyBlynJacobs.
Fixes #51580.

Built from https://develop.svn.wordpress.org/trunk@49549


git-svn-id: http://core.svn.wordpress.org/trunk@49287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-09 18:05:08 +00:00
Sergey Biryukov
a2d42351c5 Text Changes: Unify various "Back to..." vs. "Return to..." vs. "Go to..." strings.
Standardize on "Go to..." as a more appropriate option for most cases.

Props garrett-eclipse, kharisblank, audrasjb, ramiy, valentinbora.
Fixes #47235.
Built from https://develop.svn.wordpress.org/trunk@49539


git-svn-id: http://core.svn.wordpress.org/trunk@49277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-09 10:53:10 +00:00
Adam Silverstein
25918dd10b Users: Password generation - restore "Cancel" aria label after r49248.
Restore the "Cancel" button aria label to "Cancel password change" after it was inadvertently changed in r49248.

Props SergeyBiryukov.
Fixes #42852.


Built from https://develop.svn.wordpress.org/trunk@49392


git-svn-id: http://core.svn.wordpress.org/trunk@49151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 18:43:06 +00:00
TimothyBlynJacobs
f6d39d1c51 App Passwords: Improve accessibility.
- Make form inputs stacked instead of inline.
- Provide a visible label for the app name.
- Add screen reader text to dismiss button.
- Make "Revoke" button label more descriptive.
- Use aria-disabled instead of disabled to avoid focus loss.
- Display password in a readonly input to assist copy and paste.
- Remove large sections of italic text.
- Use `.form-wrap` and `.form-field` to give consistent form styling.
- Improve labeling and placeholder text.

Props alexstine, georgestephanis, afercia, TimothyBlynJacobs.
Fixes #51580.

Built from https://develop.svn.wordpress.org/trunk@49294


git-svn-id: http://core.svn.wordpress.org/trunk@49056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-24 03:34:06 +00:00
Sergey Biryukov
298cd04a63 Coding Standards: Update some alignment in wp-admin/authorize-application.php for consistency.
Save blogs count to a variable for reusing.

Follow-up to [49270].

See #51489.
Built from https://develop.svn.wordpress.org/trunk@49282


git-svn-id: http://core.svn.wordpress.org/trunk@49042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-23 01:19:06 +00:00
TimothyBlynJacobs
85c49351af App Passwords: Explain that apps can access to all sites in a network.
Props georgestephanis, spacedmonkey, johnjamesjacoby, SergeyBiryukov, marybaum.
Fixes #51489.

Built from https://develop.svn.wordpress.org/trunk@49270


git-svn-id: http://core.svn.wordpress.org/trunk@49032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-22 02:36:11 +00:00
Adam Silverstein
b789b4ae11 Coding Standards: Fix WPCS issues in [49248].
See #42852.

Built from https://develop.svn.wordpress.org/trunk@49251


git-svn-id: http://core.svn.wordpress.org/trunk@49013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 19:07:10 +00:00
Adam Silverstein
daa977c495 Users: improve password generation feature.
On the user edit screen improve handling and clarify language: rename the "Generate Password" and "Show password" buttons to "Set New Password". Clicking it always generates a password. Also: improve inline code comments and descriptions.

Props afercia, bookdude13, michaelarestad, pento.
Fixes #42852.


Built from https://develop.svn.wordpress.org/trunk@49248


git-svn-id: http://core.svn.wordpress.org/trunk@49010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 18:27:13 +00:00
TimothyBlynJacobs
d5ebe12f11 REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.

This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.

Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.

Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.

Built from https://develop.svn.wordpress.org/trunk@49109


git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 22:14:06 +00:00
Sergey Biryukov
7932193708 Coding Standards: Use strict comparison where static strings are involved.
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47808


git-svn-id: http://core.svn.wordpress.org/trunk@47584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-16 18:42:12 +00:00
Sergey Biryukov
71dea21c5f Users: Change "Your Profile" and "My Profile" links in admin menu and toolbar to just "Profile" for consistency.
Props donmhico, bcworkz, seanchayes, mikeschroder, garrett-eclipse, akhileshsabharwal, ScottSmith, nacin, jenmylo, afercia, swissspidy, felix-edelmann, helen, melchoyce, karmatosed.
Fixes #26769.
Built from https://develop.svn.wordpress.org/trunk@47600


git-svn-id: http://core.svn.wordpress.org/trunk@47375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-20 08:39:06 +00:00
Sergey Biryukov
38676936ba Coding Standards: Use strict type check for in_array() and array_search() where strings are involved.
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47550


git-svn-id: http://core.svn.wordpress.org/trunk@47325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-05 03:02:11 +00:00
Sergey Biryukov
47ed56f38f Code Modernization: Replace dirname( __FILE__ ) calls with __DIR__ magic constant.
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.

This commit also includes:

* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
 * `wp-admin/admin-header.php`
 * `wp-admin/admin-footer.php`
 * `wp-includes/version.php`

Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes #48082.
Built from https://develop.svn.wordpress.org/trunk@47198


git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-06 06:33:11 +00:00