Commit Graph

245 Commits

Author SHA1 Message Date
Andrew Ozz
7d9265e5c5 Privacy: cleanup of the "Export Personal Data" and "Erase Personal Data" screens.
Props desrosj, xkon.
See #43929.
Built from https://develop.svn.wordpress.org/trunk@43212


git-svn-id: http://core.svn.wordpress.org/trunk@43041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 10:01:21 +00:00
Sergey Biryukov
367c2e945a Privacy: Add id attribute to WP_Privacy_Requests_Table and WP_Privacy_Data_Export_Requests_Table rows, for consistency with other post list tables.
Props desrosj.
Fixes #44015.
Built from https://develop.svn.wordpress.org/trunk@43191


git-svn-id: http://core.svn.wordpress.org/trunk@43020 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 15:06:22 +00:00
iandunn
4467a9226c Privacy: Mark erasure requests as completed after processing.
r42986 introduced the beginnings of an Ajax handler for processing requests to erase personal data. At the time, a method for marking requests as completed was planned, but had not yet been created. This commit introduces that mechanism, bringing the erasure process closer to completion.

Props coreymckrill, allendav.
Fixes #43922.

Built from https://develop.svn.wordpress.org/trunk@43185


git-svn-id: http://core.svn.wordpress.org/trunk@43014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 01:02:22 +00:00
iandunn
76efbf47da Privacy: Mark processed requests as completed instead of confirmed.
r43008 refactored the request flow to make several improvements, but accidentally marked `completed` requests as `confirmed`. This commit restores the intended statuses, so that the data and corresponding UI reflect reality.

Props allendav, birgire.
Fixes #43913.

Built from https://develop.svn.wordpress.org/trunk@43183


git-svn-id: http://core.svn.wordpress.org/trunk@43012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-08 23:29:20 +00:00
Sergey Biryukov
8bc4e6d94f Privacy: Use the terms "erase"/"erasure" instead of "remove"/"removal" for personal data.
Props allendav.
Fixes #43920.
Built from https://develop.svn.wordpress.org/trunk@43175


git-svn-id: http://core.svn.wordpress.org/trunk@43004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-07 16:45:22 +00:00
Sergey Biryukov
daacd57fd4 Privacy: Change "Email Data" link text on "Export Personal Data" screen to "Send Export Link" for clarity.
Props birgire, ianbelanger.
Fixes #43964.
Built from https://develop.svn.wordpress.org/trunk@43172


git-svn-id: http://core.svn.wordpress.org/trunk@43001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-05 09:17:21 +00:00
Sergey Biryukov
abb666a812 Docs: Add missing duplicate hook comment for user_request_key_expiration filter.
Props birgire, desrosj.
Fixes #43934.
Built from https://develop.svn.wordpress.org/trunk@43168


git-svn-id: http://core.svn.wordpress.org/trunk@42997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-04 01:49:22 +00:00
Andrew Ozz
dd68722112 Privacy: fix typo.
Props casiepa.
Fixes #43939.
Built from https://develop.svn.wordpress.org/trunk@43121


git-svn-id: http://core.svn.wordpress.org/trunk@42950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 20:07:22 +00:00
Andrew Ozz
3a43a64c20 Privacy: fix inconsistencies in new strings.
Props audrasjb.
Fixes #43925.
Built from https://develop.svn.wordpress.org/trunk@43118


git-svn-id: http://core.svn.wordpress.org/trunk@42947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 18:42:21 +00:00
iandunn
93a90a9aa4 Privacy: Limit export and erasure to super admins on Multisite.
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.

Props allendav, jeremyfelt, iandunn.
Fixes #43919.

Built from https://develop.svn.wordpress.org/trunk@43085


git-svn-id: http://core.svn.wordpress.org/trunk@42914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 01:07:22 +00:00
Andrew Ozz
2aa8414d09 Privacy: make the emails in export and erasure list-tables clickable.
Props birgire.
See #43911.
Built from https://develop.svn.wordpress.org/trunk@43057


git-svn-id: http://core.svn.wordpress.org/trunk@42886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 17:12:22 +00:00
Andrew Ozz
b044b4053e Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run.
Props allendav.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43012


git-svn-id: http://core.svn.wordpress.org/trunk@42841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 19:54:21 +00:00
Andrew Ozz
e9eb7518c0 Privacy: update and enhance the method to confirm user requests by email. Introduce WP_User_Request to hold all request vars similarly to WP_Post.
Props mikejolley.
See #43443.

Built from https://develop.svn.wordpress.org/trunk@43011


git-svn-id: http://core.svn.wordpress.org/trunk@42840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 17:31:22 +00:00
Andrew Ozz
f1703c0e70 Privacy: update the method to confirm user requests by email. Use a single CPT to store the requests and to allow logging/audit trail.
Props mikejolley.
See #43443.

Built from https://develop.svn.wordpress.org/trunk@43008


git-svn-id: http://core.svn.wordpress.org/trunk@42837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 10:12:22 +00:00
Andrew Ozz
13875fbddb Privacy: fix styling of counts on the list tables for user requests.
Props allendav.
Fixes #43846.
Built from https://develop.svn.wordpress.org/trunk@43000


git-svn-id: http://core.svn.wordpress.org/trunk@42829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-24 21:35:21 +00:00
Andrew Ozz
b4fdb9ebf2 Privacy: add means to erase personal data by username or email address. First run.
Props allendav, coreymckrill, ericdaams, azaozz.
See #43637, #43602.
Built from https://develop.svn.wordpress.org/trunk@42986


git-svn-id: http://core.svn.wordpress.org/trunk@42815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-18 22:30:22 +00:00
Andrew Ozz
600c5082a3 Privacy: fix error message and list table sorting errors on the Export Personal Data and Remove Personal Data screens.
See #43481.
Built from https://develop.svn.wordpress.org/trunk@42977


git-svn-id: http://core.svn.wordpress.org/trunk@42806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-13 16:15:21 +00:00
Andrew Ozz
108578a8ec Privacy: add new wp-admin screens for exporting and removing of personal data.
Props @melchoyce, @mikejolley, @allendav, @xkon.
See #43481.
Built from https://develop.svn.wordpress.org/trunk@42967


git-svn-id: http://core.svn.wordpress.org/trunk@42796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-10 18:02:30 +00:00
John Blackbourn
b13e73d05c Docs: Document more parameters and properties using typed array notation.
See #41756

Built from https://develop.svn.wordpress.org/trunk@42875


git-svn-id: http://core.svn.wordpress.org/trunk@42705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-25 18:10:32 +00:00
Dominik Schilling
61ba57abb7 Users: Use promote_users for role updates in edit_user().
`edit_user()` can also update user roles but was still using the `edit_users` capability instead of the newer `promote_users` capability introduced in [14176].
This makes the role handling consistent with the bulk dropdown menu for role changes.

Props flixos90, johnjamesjacoby, ocean90.
Fixes #42564.
Built from https://develop.svn.wordpress.org/trunk@42855


git-svn-id: http://core.svn.wordpress.org/trunk@42685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-19 20:29:34 +00:00
Sergey Biryukov
4848a09b35 I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
Add missing translator comments in `WP_Theme_Install_List_Table` and `wp_notify_postauthor()`.
Add missing commas in some translator comments.

Fixes #43523.
Built from https://develop.svn.wordpress.org/trunk@42827


git-svn-id: http://core.svn.wordpress.org/trunk@42657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-11 16:44:34 +00:00
Sergey Biryukov
0e802a627d General: Introduce WP_Error::has_errors() method and use it where appropriate.
Props robdxw, DrewAPicture, SergeyBiryukov.
Fixes #42742.
Built from https://develop.svn.wordpress.org/trunk@42761


git-svn-id: http://core.svn.wordpress.org/trunk@42591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-27 02:31:31 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Gary Pendergast
c90cfa3b50 General: Fix some precision alignment formatting warnings.
The WPCS `WordPress.WhiteSpace.PrecisionAlignment` rule throws warnings for a bunch of code that will likely cause issues for `wpcbf`. Fixing these manually beforehand gives us better auto-fixed results later.

See #41057.


Built from https://develop.svn.wordpress.org/trunk@42228


git-svn-id: http://core.svn.wordpress.org/trunk@42057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-26 23:57:55 +00:00
John Blackbourn
9fdbe6538e Docs: Remove & prefixes from parameter documentation to avoid doc parsing errors.
Props sudar for the original patch.

See #35974

Built from https://develop.svn.wordpress.org/trunk@41686


git-svn-id: http://core.svn.wordpress.org/trunk@41520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:03:33 +00:00
Weston Ruter
90bedf8f9d Editor: Add CodeMirror-powered code editor with syntax highlighting, linting, and auto-completion.
* Code editor is integrated into the Theme/Plugin Editor, Additional CSS in Customizer, and Custom HTML widget. Code editor is not yet integrated into the post editor, and it may not be until accessibility concerns are addressed.
* The CodeMirror component in the Custom HTML widget is integrated in a similar way to TinyMCE being integrated into the Text widget, adopting the same approach for integrating dynamic JavaScript-initialized fields.
* Linting is performed for JS, CSS, HTML, and JSON via JSHint, CSSLint, HTMLHint, and JSONLint respectively. Linting is not yet supported for PHP.
* When user lacks `unfiltered_html` the capability, the Custom HTML widget will report any Kses-invalid elements and attributes as errors via a custom Kses rule for HTMLHint.
* When linting errors are detected, the user will be prevented from saving the code until the errors are fixed, reducing instances of broken websites.
* The placeholder value is removed from Custom CSS in favor of a fleshed-out section description which now auto-expands when the CSS field is empty. See #39892.
* The CodeMirror library is included as `wp.CodeMirror` to prevent conflicts with any existing `CodeMirror` global.
* An `wp.codeEditor.initialize()` API in JS is provided to convert a `textarea` into CodeMirror, with a `wp_enqueue_code_editor()` function in PHP to manage enqueueing the assets and settings needed to edit a given type of code.
* A user preference is added to manage whether or not "syntax highlighting" is enabled. The feature is opt-out, being enabled by default.
* Allowed file extensions in the theme and plugin editors have been updated to include formats which CodeMirror has modes for: `conf`, `css`, `diff`, `patch`, `html`, `htm`, `http`, `js`, `json`, `jsx`, `less`, `md`, `php`, `phtml`, `php3`, `php4`, `php5`, `php7`, `phps`, `scss`, `sass`, `sh`, `bash`, `sql`, `svg`, `xml`, `yml`, `yaml`, `txt`.

Props westonruter, georgestephanis, obenland, melchoyce, pixolin, mizejewski, michelleweber, afercia, grahamarmfield, samikeijonen, rianrietveld, iseulde.
See #38707.
Fixes #12423, #39892.

Built from https://develop.svn.wordpress.org/trunk@41376


git-svn-id: http://core.svn.wordpress.org/trunk@41209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-13 06:08:47 +00:00
John Blackbourn
a507248146 Users: Use more appropriate HTTP status codes for errors relating to user management.
Also re-uses one error message string.

Props tuanmh

Fixes #40230

Built from https://develop.svn.wordpress.org/trunk@40940


git-svn-id: http://core.svn.wordpress.org/trunk@40790 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-25 18:46:44 +00:00
John Blackbourn
9e095f0791 Mail: Ensure entities in the site title are decoded when used in the body of the new user email.
Props ajoah
Fixes #39446

Built from https://develop.svn.wordpress.org/trunk@40127


git-svn-id: http://core.svn.wordpress.org/trunk@40064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-26 22:20:44 +00:00
Dominik Schilling
e4a83d2e6f Users: In edit_user() fall back to site's locale instead of en_US for invalid user locales.
See #38632, #29783.
Fixes #38798.
Built from https://develop.svn.wordpress.org/trunk@39269


git-svn-id: http://core.svn.wordpress.org/trunk@39209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-16 20:12:31 +00:00
Pascal Birchler
548ac82b06 I18N: Add ability to change user's locale back to site's locale.
Previously there was no way to remove the user locale setting again, even though that might be desirable.

This adds a new 'Site Default' option to the user-specific language setting by introducing a new `show_site_locale_default` argument to `wp_dropdown_languages()`.

Props ocean90.
See #29783.
Fixes #38632.
Built from https://develop.svn.wordpress.org/trunk@39169


git-svn-id: http://core.svn.wordpress.org/trunk@39109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 23:01:31 +00:00
Pascal Birchler
4a88d55054 I18N: Introduce a user-specific language setting.
By enabling the user to select their preferred locale when editing the profile, we allow for greater personalization of the WordPress admin and therefore a better user experience.

The back end will be displayed in the user's individual locale while the locale used on the front end equals the one set for the whole site. If the user didn't specify a locale, the site's locale will be used as a fallback. The new `locale` property of the `WP_User` class can be used to retrieve the user's locale setting.

Props ocean90, ipm-frommen, swissspidy.
Fixes #29783.
Built from https://develop.svn.wordpress.org/trunk@38705


git-svn-id: http://core.svn.wordpress.org/trunk@38648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-03 07:04:29 +00:00
John Blackbourn
94c8ca0f2e Docs: Correct various documentation around object and stdClass types.
See #37770

Built from https://develop.svn.wordpress.org/trunk@38369


git-svn-id: http://core.svn.wordpress.org/trunk@38310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-26 16:49:45 +00:00
Drew Jaynes
1947f4d17c Docs: Apply inline @see tags to hooks referenced in DocBlocks for wp-admin/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37537


git-svn-id: http://core.svn.wordpress.org/trunk@37505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 17:28:27 +00:00
Drew Jaynes
c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Drew Jaynes
fe3b007fdd Docs: Remove inline @see tags from function, class, and method references in inline docs.
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.

Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@37342


git-svn-id: http://core.svn.wordpress.org/trunk@37308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-02 04:00:28 +00:00
Dominik Schilling
6c81a0cbf6 Users: In edit_user() check for a blank password when adding a user.
Props wesleye, gitlost, adamsilverstein.
Fixes #35715.
Built from https://develop.svn.wordpress.org/trunk@37059


git-svn-id: http://core.svn.wordpress.org/trunk@37026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-22 23:07:27 +00:00
Boone Gorges
43d1ab4720 Use 'invalid_username' error code when tripping 'illegal_user_logins'.
This gives us better compatibility with existing errors thrown by
`sanitize_user()`, especially in Multisite, where user_login has more
restrictions on allowed characters.

Props markjaquith.
Fixes #27317.
Built from https://develop.svn.wordpress.org/trunk@35772


git-svn-id: http://core.svn.wordpress.org/trunk@35736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 23:25:26 +00:00
Dominik Schilling
9fb5c540bb Users: Allow to create users without sending an email to the new user.
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.

Fixes #33504.
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
Built from https://develop.svn.wordpress.org/trunk@35742


git-svn-id: http://core.svn.wordpress.org/trunk@35706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:38:29 +00:00
Sergey Biryukov
bc1e479fd0 After [35718], update the location of some files in This filter is documented in docs.
Partially reverts [33954].

Fixes #33413.
Built from https://develop.svn.wordpress.org/trunk@35725


git-svn-id: http://core.svn.wordpress.org/trunk@35689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-22 03:51:28 +00:00
Sergey Biryukov
95c55ca251 Cast 'illegal_user_logins' filter result to array.
See #27317.
Built from https://develop.svn.wordpress.org/trunk@35630


git-svn-id: http://core.svn.wordpress.org/trunk@35594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-12 16:34:27 +00:00
Sergey Biryukov
b08ae1d60b Users: After [35189], make 'illegal_user_logins' check case-insensitive.
Props juliobox.
Fixes #27317.
Built from https://develop.svn.wordpress.org/trunk@35629


git-svn-id: http://core.svn.wordpress.org/trunk@35593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-12 16:30:28 +00:00
Sergey Biryukov
8aa7fb88f0 Remove a one-time variable from edit_user() added in [35189].
See #27317.
Built from https://develop.svn.wordpress.org/trunk@35190


git-svn-id: http://core.svn.wordpress.org/trunk@35156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-15 05:46:24 +00:00
Sergey Biryukov
7f08716c16 Users: Add 'illegal_user_logins' filter to allow certain usernames to be blacklisted.
Props danielbachhuber, chriscct7, crazycoolcam, SergeyBiryukov.
Fixes #27317.
Built from https://develop.svn.wordpress.org/trunk@35189


git-svn-id: http://core.svn.wordpress.org/trunk@35155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-15 05:43:26 +00:00
Drew Jaynes
217b661703 Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35170


git-svn-id: http://core.svn.wordpress.org/trunk@35136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-14 23:44:25 +00:00
Sergey Biryukov
a5c1f545c4 Users: Remove redundant error message when password is only entered once.
"Please enter the same password in both password fields" should cover all the scenarios.

Props MikeHansenMe, jmayhak, desrosj, gounder.
Fixes #33101.
Built from https://develop.svn.wordpress.org/trunk@35008


git-svn-id: http://core.svn.wordpress.org/trunk@34973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-10 13:22:26 +00:00
Boone Gorges
fd946a9b5a Pinking shears.
Built from https://develop.svn.wordpress.org/trunk@34534


git-svn-id: http://core.svn.wordpress.org/trunk@34498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 04:44:25 +00:00
John Blackbourn
41edf2bc22 Correctly present an error to the user if the nickname field is empty when updating a user profile. It's strange that this field is required, but it is, so be it.
Fixes #33310
Props prasad-nevase, metodiew

Built from https://develop.svn.wordpress.org/trunk@34505


git-svn-id: http://core.svn.wordpress.org/trunk@34469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 17:49:25 +00:00
Boone Gorges
85c00bd943 Move new user notification emails to add_action() callbacks.
When a new user is created in various places throughout the interface,
notifications are sent to the site admin and the new user. Previously, these
notifications were fired through direct calls to `wp_new_user_notification()`,
making it difficult to stop or modify the messages.

This changeset introduces a number of new action hooks in place of direct calls
to `wp_new_user_notification()`, and hooks the new wrapper function
`wp_send_new_user_notifications()` to these hooks.

Props dshanske, thomaswm, boonebgorges.
Fixes #33587.
Built from https://develop.svn.wordpress.org/trunk@34251


git-svn-id: http://core.svn.wordpress.org/trunk@34215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 22:19:24 +00:00
Dominik Schilling
4af3a3374e Passwords: Deprecate second parameter of wp_new_user_notification().
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.

Adds unit tests.

Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes #33654.

(Don't ask for new pluggables kthxbye)
Built from https://develop.svn.wordpress.org/trunk@34116


git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 12:43:26 +00:00
Boone Gorges
39fb7992a9 Require numeric IDs in user deletion functions.
`wp_delete_user()` and `wpmu_delete_user()` both require an `$id` parameter.
Previously, the functions did not verify that the value passed was, in fact,
a number. As such, passing an object or any other entity that would be cast
to int `1` would result in user 1 being deleted. We fix this by enforcing
the requirement that `$id` be numeric.

Props dipesh.kakadiya, utkarshpatel, juliobox.
Fixes #33800.
Built from https://develop.svn.wordpress.org/trunk@34034


git-svn-id: http://core.svn.wordpress.org/trunk@34002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 02:25:23 +00:00
Scott Taylor
a40e30e7f4 Move 2 ad hoc user admin functions:
* Move `use_ssl_preference()` from `wp-admin/user-edit.php` to `wp-admin/includes/user.php`.
* Move `admin_created_user_email()` from `wp-admin/user-new.php` to `wp-admin/includes/user.php`.

See #33813.

Built from https://develop.svn.wordpress.org/trunk@34021


git-svn-id: http://core.svn.wordpress.org/trunk@33990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 21:33:33 +00:00
Scott Taylor
49b8ccec79 When deleting via User List Table, don't prompt for re-attribution if the user(s) do(es) not have any posts.
Props rajnikmit, wojtek.szkutnik, benjmay, wonderboymusic.
Fixes #6405. 

Built from https://develop.svn.wordpress.org/trunk@34000


git-svn-id: http://core.svn.wordpress.org/trunk@33969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 16:47:24 +00:00
Helen Hou-Sandí
1f500055a6 Drop the hyphen from e-mail and standardize on email.
The AP Stylebook changed this in 2011, and we're woefully inconsistent, so let's go with the standard.

props morganestes, voldemortensen, niallkennedy (for patching on the previous AP style).
fixes #26156.

Built from https://develop.svn.wordpress.org/trunk@33774


git-svn-id: http://core.svn.wordpress.org/trunk@33742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-28 03:17:21 +00:00
John Blackbourn
a60d143f7b Correct the hook docs for the user_profile_update_errors action.
Fixes #33537
Props yamchhetri

Built from https://develop.svn.wordpress.org/trunk@33769


git-svn-id: http://core.svn.wordpress.org/trunk@33737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-27 17:16:21 +00:00
Konstantin Obenland
e6bc6242ad Passwords: Restore second parameter for wp_new_user_notification().
After [33023] users would always be notified, this restores previous behavior.

Props markjaquith, ocean90.
Fixes #33358.


Built from https://develop.svn.wordpress.org/trunk@33620


git-svn-id: http://core.svn.wordpress.org/trunk@33587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-17 14:25:27 +00:00
Dion Hulse
aace7c2c8d Function documentation: Fix a broken docbock introduced with [32642].
See #32444.

Built from https://develop.svn.wordpress.org/trunk@33601


git-svn-id: http://core.svn.wordpress.org/trunk@33568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-10 10:50:26 +00:00
Mark Jaquith
c5719ba15a Make the "using default password" nag more accurate.
"Easy to remember" isn't necessarily what we want to encourage.

fixes #33168
props arjunskumar
Built from https://develop.svn.wordpress.org/trunk@33485


git-svn-id: http://core.svn.wordpress.org/trunk@33452 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 14:06:25 +00:00
Mark Jaquith
423a1a7ca4 New password change/set UI.
* Generate the password for the user
* More tightly integrate password strength meter
* Warn on weak passwords

see #32589

props MikeHansenMe, adamsilverstein, binarykitten
Built from https://develop.svn.wordpress.org/trunk@33023


git-svn-id: http://core.svn.wordpress.org/trunk@32994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 14:48:24 +00:00
Scott Taylor
c6a4512b1b Add missing doc blocks to wp-admin/includes/*.
Fix some egregious uses of tabbing.
Some functions can simply return `apply_filters(...)` instead of setting a variable that is immediately returned.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32654


git-svn-id: http://core.svn.wordpress.org/trunk@32624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 20:17:26 +00:00
Scott Taylor
a51dfa3971 In the style of #30947 and default-filters.php, add 2 new files to wp-admin/includes:
`admin-filters.php`
`ms-admin-filters.php`

There are random actions and filters littered among files like `misc.php`. These files contain functions that won't work outside of admin context and are typically only loaded in files that have already loaded the admin bootstrap.

See #32529.

Built from https://develop.svn.wordpress.org/trunk@32653


git-svn-id: http://core.svn.wordpress.org/trunk@32623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 17:04:26 +00:00
Scott Taylor
b56b9b3e5c Add @global annotations for wp-admin/*.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32642


git-svn-id: http://core.svn.wordpress.org/trunk@32612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-28 21:41:30 +00:00
Drew Jaynes
ba1e7a7243 Correct grammar when referring to "a user" vs "an user" in several places.
Props ocean90.
Fixes #31894.

Built from https://develop.svn.wordpress.org/trunk@32025


git-svn-id: http://core.svn.wordpress.org/trunk@32004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-05 14:44:27 +00:00
Scott Taylor
7d7a8aa0eb Correct all @return unknown instances.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30202


git-svn-id: http://core.svn.wordpress.org/trunk@30202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 06:17:22 +00:00
Boone Gorges
24babfddb3 Allow apostrophes in email addresses when adding users via the Dashboard.
Email addresses entered in a number of interfaces were not being stripslashed
properly, with the result that the emails were not being recognized as valid.

Fixes #18039.
Built from https://develop.svn.wordpress.org/trunk@29966


git-svn-id: http://core.svn.wordpress.org/trunk@29713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-19 20:30:19 +00:00
Drew Jaynes
097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Scott Taylor
2f513d3320 Fix some hackificator odds and ends in wp-admin:
* `wp-activate.php` and `wp-admin/themes.php` don't need the closing PHP tag
* Switch single quotes for HTML attribute values to double in a few places
* Convert `include_once file.php` syntax to `include_once( 'file.php' )`
* Add access modifiers to methods/members in: `_WP_List_Table_Compat`, `Walker_Nav_Menu_Edit`, `Walker_Nav_Menu_Checklist`, `WP_Screen`, `Walker_Category_Checklist`
* `edit_user()` doesn't need to import the `$wpdb` global
* `wp_list_widgets()` doesn't need to import the `$sidebars_widgets` global
* switch/endswitch syntax is not supported in Hack
* A `<ul>` in `wp-admin/users.php` is unclosed

See #27881.

Built from https://develop.svn.wordpress.org/trunk@28500


git-svn-id: http://core.svn.wordpress.org/trunk@28326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 05:04:16 +00:00
Andrew Nacin
edfe443afc Remove lame debugging. see #23057.
Built from https://develop.svn.wordpress.org/trunk@27467


git-svn-id: http://core.svn.wordpress.org/trunk@27312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-08 03:16:27 +00:00
Andrew Nacin
60953e88fd Normalize $reassign in wp_delete_user() to ensure the hooks receive consistent values.
fixes #23057.

Built from https://develop.svn.wordpress.org/trunk@27466


git-svn-id: http://core.svn.wordpress.org/trunk@27311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-08 03:16:14 +00:00
Sergey Biryukov
0a0589414e Fix docblock formatting in [27462]. see #23057.
Built from https://develop.svn.wordpress.org/trunk@27463


git-svn-id: http://core.svn.wordpress.org/trunk@27308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-08 01:26:13 +00:00
Sergey Biryukov
9c6504120f Pass $reassign parameter to 'delete_user' and 'deleted_user' actions.
props genkisan.
fixes #23057.
Built from https://develop.svn.wordpress.org/trunk@27462


git-svn-id: http://core.svn.wordpress.org/trunk@27307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-08 01:23:15 +00:00
Andrew Nacin
c102fd5a9d Make the user arguments for get_edit_profile_url() and get_dashboard_url() optional, defaulting to the current user.
props garyc40.
fixes #16686.

Built from https://develop.svn.wordpress.org/trunk@27260


git-svn-id: http://core.svn.wordpress.org/trunk@27117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-25 17:08:13 +00:00
Drew Jaynes
cd8cedc40d First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin.
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.

Built from https://develop.svn.wordpress.org/trunk@26868


git-svn-id: http://core.svn.wordpress.org/trunk@26754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-24 18:57:12 +00:00
Drew Jaynes
c9077348ee Inline documentation for hooks in wp-admin/includes/user.php.
Props aaronholbrook for the initial patch.
Fixes #26099.

Built from https://develop.svn.wordpress.org/trunk@26503


git-svn-id: http://core.svn.wordpress.org/trunk@26397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-01 17:54:10 +00:00
Andrew Nacin
00c545606e Introduce wp_get_user_contact_methods() as a public version of _wp_get_user_contactmethods.
props johnnyb.
fixes #24273.

Built from https://develop.svn.wordpress.org/trunk@25606


git-svn-id: http://core.svn.wordpress.org/trunk@25523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-24 18:14:09 +00:00
Sergey Biryukov
6760d294bb Update phpdoc for get_user_to_edit(), get_userdata(), and get_user_by(). props tivnet. fixes #24992.
Built from https://develop.svn.wordpress.org/trunk@25204


git-svn-id: http://core.svn.wordpress.org/trunk@25176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-02 03:25:09 +00:00
Sergey Biryukov
34d0f347ad Revert to storing a hash of the slashed password. fixes #24367. see #17018.
git-svn-id: http://core.svn.wordpress.org/trunk@24508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-25 11:14:50 +00:00
Andrew Nacin
17ddaa8de0 delete_user_setting() and remove_action() were getting called with too many args. props rlerdorf. see #24210.
git-svn-id: http://core.svn.wordpress.org/trunk@24125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-29 13:25:15 +00:00
Sergey Biryukov
831afad92c When adding a new user in the admin, strip slashes from the password sent to the user by email. props hakre for initial patch. fixes #17018.
git-svn-id: http://core.svn.wordpress.org/trunk@23634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-07 06:00:16 +00:00
Ryan Boren
f3a83744e9 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
git-svn-id: http://core.svn.wordpress.org/trunk@23567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:14:09 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin
55ba72f46e Confirm a user exists before deleting them in wp_delete_user() and wpmu_delete_user(). props scribu, fixes #23067.
git-svn-id: http://core.svn.wordpress.org/trunk@23380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-02 04:41:02 +00:00
Ryan Boren
51920e1858 Consolidate some strings. Props pavelevap, SergeyBiryukov. see #21728
git-svn-id: http://core.svn.wordpress.org/trunk@22124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-05 19:04:34 +00:00
Ryan Boren
3a5cf2395d When reassigning posts and links during user deletion, clear the post and link caches. Props kurtpayne. fixes #20447
git-svn-id: http://core.svn.wordpress.org/trunk@21798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-10 19:56:08 +00:00
Ryan Boren
cbd6a8becd Allow passing stdClass and WP_User to wp_insert_user() and wp_update_user(). Introduce WP_User::to_array(). Eliminate uses of get_object_vars() when passing to wp_*_user(). fixes #21429
git-svn-id: http://core.svn.wordpress.org/trunk@21496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-10 15:36:54 +00:00
nacin
7127ed1197 Move most instances of new WP_User to get_userdata(). see #21120.
git-svn-id: http://core.svn.wordpress.org/trunk@21413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-03 01:06:05 +00:00
ryan
7b49ad8493 Introduce get_edit_user_link(). Props scribu, georgestephanis, johnbillion. fixes #14787 see #20307
git-svn-id: http://core.svn.wordpress.org/trunk@21364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-30 18:30:03 +00:00
markjaquith
168cc20a42 Allow tel: and fax: protocols. Wrangle the last hardcoded protocol enumeration so that it uses wp_allowed_protocols(). fixes #21081
git-svn-id: http://core.svn.wordpress.org/trunk@21170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-28 20:30:10 +00:00
ryan
f5366a2ccf Don't delete nav menu items when the user that owns them is deleted.
* Introduce delete_with_user flag to register_post_type
* Set delete_with_user to false for the nav_menu_item post type
* Set it to true for all other core post types
* If delete_with_user is not set, fallback to post_type_supports('author')

Props nacin
Fixes #16358


git-svn-id: http://core.svn.wordpress.org/trunk@20739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-08 17:01:50 +00:00
ryan
646cb4e2ce * Return empty arrays instead of false for all conditions in get_blogs_of_user().
* When deleting a user, use a delete_metadata_by_mid() loop over the meta so that the meta cache is cleared.
* Use remove_user_from_blog() for DRYness.

Props nacin, duck_
Fixes #19500


git-svn-id: http://svn.automattic.com/wordpress/trunk@20581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-24 22:13:47 +00:00
duck_
53e6ba7959 clean_user_cache() after the DELETE query in wp_delete_user(). See #20460.
This is to prevent plugins managing to hook in between the cache cleaning and the actual deletion.


git-svn-id: http://svn.automattic.com/wordpress/trunk@20523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-18 21:24:53 +00:00
duck_
e641c48a72 Pass full user objects to clean_user_cache(). See #19500, fixes #20460.
Prevents notices when clean_user_cache() is called for a user that has been removed from the database.


git-svn-id: http://svn.automattic.com/wordpress/trunk@20522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-18 21:07:31 +00:00
nacin
0730535015 Introduce $wpdb->delete(). props justindgivens, scribu. fixes #18948.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-24 15:24:31 +00:00
ryan
e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
duck_
965a71033e Remove "the hackiest hack that ever did hack" from add_user(). wp_insert_user()/edit_user() can deal with adding new users of any defined role. Fixes #18749.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:38:40 +00:00
nacin
ccf47d55c4 Remove remnants of show_admin_bar_admin. see #18811, see #18197.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 06:12:51 +00:00
duck_
c1d1590171 Fix typos in documentation (wp-admin/). See #18560.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-03 14:18:10 +00:00
ryan
0f06334e11 Introduce metadata_exists(), WP_User::get_data_by(), WP_User::get(), WP_User::has_prop(). Don't fill user objects with meta. Eliminate data duplication in cache and memory. Props scribu. see #15458
git-svn-id: http://svn.automattic.com/wordpress/trunk@18597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-24 19:32:59 +00:00
ryan
58e65d1855 Admin bar visibility prefs. Props duck_. see #15829
git-svn-id: http://svn.automattic.com/wordpress/trunk@17032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-17 21:48:30 +00:00
ryan
3f72e340d6 Update since phpdoc. Props demetris. fixes #15445
git-svn-id: http://svn.automattic.com/wordpress/trunk@16660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-01 19:24:38 +00:00