Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-18 08:36:04 +01:00
Code Issues Projects Releases Wiki Activity
34,001 Commits 50 Branches 748 Tags 792 MiB
f74e50d1dd
Commit Graph

450 Commits

Author SHA1 Message Date
Sergey Biryukov
1f4ae40c03 Add 'wp_verify_nonce_failed' action that fires when nonce verification fails. 
props johnbillion, garza, Shelob9.
fixes #24030.
Built from https://develop.svn.wordpress.org/trunk@33744


git-svn-id: http://core.svn.wordpress.org/trunk@33712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-26 00:06:21 +00:00
Sergey Biryukov
b34af5586a Fire the check_ajax_referer action on failure as well as success. 
See [33017] for `check_admin_referer`.

props egill.
fixes #33342.
Built from https://develop.svn.wordpress.org/trunk@33743


git-svn-id: http://core.svn.wordpress.org/trunk@33711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-25 23:25:21 +00:00
Scott Taylor
ef87172270 foreach is a statement, not a function. 
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-25 20:28:22 +00:00
Scott Taylor
5510b519f5 In wp_sanitize_redirect(), don't eat @ characters. According to RFC 3986, "@" is a perfectly valid character in a URL path or query string. 
Adds unit test.

Props markjaquith.
Fixes #18818.

Built from https://develop.svn.wordpress.org/trunk@33707


git-svn-id: http://core.svn.wordpress.org/trunk@33674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-22 17:05:24 +00:00
Drew Jaynes
bec5bcf717 Docs: Mark the $notify parameter in the DocBlock for wp_new_user_notification() as optional, and provide additional context on the difference between the accepted values. 
See [33620] and [33023] for background.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@33664


git-svn-id: http://core.svn.wordpress.org/trunk@33631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-20 18:26:26 +00:00
Konstantin Obenland
e6bc6242ad Passwords: Restore second parameter for wp_new_user_notification(). 
After [33023] users would always be notified, this restores previous behavior.

Props markjaquith, ocean90.
Fixes #33358.


Built from https://develop.svn.wordpress.org/trunk@33620


git-svn-id: http://core.svn.wordpress.org/trunk@33587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-17 14:25:27 +00:00
Konstantin Obenland
7e3f0cf45e Passwords: New UI for install screen. 
Also synchronises the use of `pw_weak` as an input name and removes trailing
periods from checkbox labels.

Props MikeHansenMe, adamsilverstein, obenland.
See #32589.


Built from https://develop.svn.wordpress.org/trunk@33246


git-svn-id: http://core.svn.wordpress.org/trunk@33218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-13 22:22:24 +00:00
Drew Jaynes
92d342f0d2 Fix the parameter description syntax in the hook docs for the wp_safe_redirect_fallback filter, added in 4.3. 
See #32891.

Built from https://develop.svn.wordpress.org/trunk@33233


git-svn-id: http://core.svn.wordpress.org/trunk@33205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-13 21:46:25 +00:00
Mark Jaquith
423a1a7ca4 New password change/set UI. 
* Generate the password for the user
* More tightly integrate password strength meter
* Warn on weak passwords

see #32589

props MikeHansenMe, adamsilverstein, binarykitten
Built from https://develop.svn.wordpress.org/trunk@33023


git-svn-id: http://core.svn.wordpress.org/trunk@32994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-01 14:48:24 +00:00
Helen Hou-Sandí
275bff1895 Fire the check_admin_referer action on failure as well as success. 
This enables things like logging nonce failures in the admin.

props markjaquith.
fixes #32207.

Built from https://develop.svn.wordpress.org/trunk@33017


git-svn-id: http://core.svn.wordpress.org/trunk@32988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-07-01 03:37:23 +00:00
Sergey Biryukov
74c7f59bb2 Revert [32702]. The URL may not have an s parameter as there are filters in place so that a plugin can return a URL with a completely different structure. 
see #32572.
Built from https://develop.svn.wordpress.org/trunk@32969


git-svn-id: http://core.svn.wordpress.org/trunk@32940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-27 08:35:24 +00:00
Scott Taylor
f23199caaa Remove the whois.arin.net link from wp_notify_postauthor() and wp_notify_moderator(). 
Also, remove from `edit-form-comment.php` and add a new filter: `edit_comment_misc_actions`. 

Props ozh, joedolson, rachelbaker.
Fixes #15281.

Built from https://develop.svn.wordpress.org/trunk@32929


git-svn-id: http://core.svn.wordpress.org/trunk@32900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-24 20:56:27 +00:00
Scott Taylor
5c6b63d3a6 if is a statment, not a function. 
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32800


git-svn-id: http://core.svn.wordpress.org/trunk@32771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-16 20:01:25 +00:00
Dion Hulse
2b2368d68f Add a filter to wp_safe_redirect() for the fallback URL. 
Props anubisthejackle. Fixes #22612

Built from https://develop.svn.wordpress.org/trunk@32793


git-svn-id: http://core.svn.wordpress.org/trunk@32764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-16 05:26:26 +00:00
Scott Taylor
f888767c73 $status shouldn't be loosely compared to true in wp_xmlrpc_server::wp_deleteComment(). 
`$initial` shouldn't be loosely compared to `true` in `get_calendar()`.
`current_user_can()` shouldn't be loosely compared to `false` in `kses_init()`
`$get_all` shouldn't be loosely compared to `true` in `get_blog_details()`.
`is_array()` and `in_array()` shouldn't be loosely compared in `wpmu_validate_user_signup()`.
`$result` should by strictly compared in `check_ajax_referer()`.
`wp_verify_nonce()` should by strictly compared in `_show_post_preview()`.
`is_user_logged_in()` should not be loosly compared against `false` in `wp-signup.php`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32733


git-svn-id: http://core.svn.wordpress.org/trunk@32704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-12 17:48:26 +00:00
Sergey Biryukov
c9dd28908a In get_avatar(), avoid a second get_avatar_data() call to get the 2x URL. 
props ravinderk.
fixes #32572.
Built from https://develop.svn.wordpress.org/trunk@32702


git-svn-id: http://core.svn.wordpress.org/trunk@32672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-07 14:58:26 +00:00
Boone Gorges
f88996bed7 In wp_notify_moderator(), don't throw notice when comment belongs to a post with no author. 
Props Oxymoron.
Fixes #32566.
Built from https://develop.svn.wordpress.org/trunk@32692


git-svn-id: http://core.svn.wordpress.org/trunk@32662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-06-04 17:29:25 +00:00
Scott Taylor
26554549c7 Add missing doc blocks for pluggable.php. 
Correct some `@return` values.
`is_user_logged_in()` can simply return the `->exists()` call instead of if/else'ing true/false.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32614


git-svn-id: http://core.svn.wordpress.org/trunk@32584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-05-27 15:32:26 +00:00
John Blackbourn
bb02256966 Introduce a $token argument to wp_set_auth_cookie() so session tokens can be reused by custom authentication implementations. 
Props rmccue

Fixes 30247

Built from https://develop.svn.wordpress.org/trunk@32465


git-svn-id: http://core.svn.wordpress.org/trunk@32435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-05-09 00:28:27 +00:00
Gary Pendergast
7ca423d449 The UTF-8 regex can occasionally fail on very low memory machines. Reduce the amount of memory it uses. 
See #32204.


Built from https://develop.svn.wordpress.org/trunk@32375


git-svn-id: http://core.svn.wordpress.org/trunk@32345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-05-06 06:58:24 +00:00
Sergey Biryukov
eef2dcfccd Merge two different translator comments for the same string. 
props pavelevap.
fixes #31999.
Built from https://develop.svn.wordpress.org/trunk@32210


git-svn-id: http://core.svn.wordpress.org/trunk@32183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-04-20 15:36:26 +00:00
Boone Gorges
5b629644f9 Improve handling of incomplete From and Content-Type headers in wp_mail(). 
When an incomplete header is provided (eg, 'From' with an email address but no
name), ensure that the WP defaults are filled in properly.

Props valendesigns.
Fixes #30266.
Built from https://develop.svn.wordpress.org/trunk@32070


git-svn-id: http://core.svn.wordpress.org/trunk@32049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-04-07 20:10:26 +00:00
Drew Jaynes
46cf634c90 Various inline documentation syntactical fixes in wp-includes/pluggable.php for 4.2 changes. 
See #31888.

Built from https://develop.svn.wordpress.org/trunk@32045


git-svn-id: http://core.svn.wordpress.org/trunk@32024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-04-05 16:46:26 +00:00
Sergey Biryukov
a1fb0a378c Restore line breaks before comment text in comment notification emails. 
fixes #31508.
Built from https://develop.svn.wordpress.org/trunk@31770


git-svn-id: http://core.svn.wordpress.org/trunk@31750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-03-13 18:29:27 +00:00
Helen Hou-Sandí
0b3170fc7d Gravatars: Remove redundant 1x srcset. 
props miqrogroove.
see #22329.

Built from https://develop.svn.wordpress.org/trunk@31722


git-svn-id: http://core.svn.wordpress.org/trunk@31703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-03-11 16:56:27 +00:00
Helen Hou-Sandí
0bf35836c3 Gravatars: Enable HiDPI versions for browsers that support srcset. 
props iseulde.
see #22329.

Built from https://develop.svn.wordpress.org/trunk@31721


git-svn-id: http://core.svn.wordpress.org/trunk@31702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-03-11 16:32:26 +00:00
Drew Jaynes
33d9dd8066 Adjust the description for the $extra_attr argument in the DocBlocks for get_avatar_data() and get_avatar(). 
See [31561]. See #31469.

Built from https://develop.svn.wordpress.org/trunk@31591


git-svn-id: http://core.svn.wordpress.org/trunk@31572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-03-01 07:19:24 +00:00
Gary Pendergast
18bb886b22 When sanitizing a URL to redirect to, UTF-8 characters can be URL encoded, instead of being removed. 
While RFC 3986 does not specify which character sets are allowed in URIs, Section 2.5 states that octects matching UTF-8 character encoding should be percent-encoded, then unreserved octets outside of the UTF-8 range should be percent-encoded. As browsers tend to only implement support for UTF-8 in URLs, this change only implements the UTF-8 encoding part. We may revisit the second part if it becomes an issue.

Fixes #31486


Built from https://develop.svn.wordpress.org/trunk@31587


git-svn-id: http://core.svn.wordpress.org/trunk@31568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-02-28 02:21:26 +00:00
Scott Taylor
e899c370a4 In get_avatar_data() and get_avatar(), allow height and width to be specified separately (both default to size). Also allow arbitrary attributes on the <img> via the extra_attr arg. 
Props miqrogroove.
See #31469.

Built from https://develop.svn.wordpress.org/trunk@31561


git-svn-id: http://core.svn.wordpress.org/trunk@31542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-02-26 21:17:24 +00:00
Sergey Biryukov
add5f9bdf2 Remove src from duplicate hook comments for get_avatar and get_avatar_data. 
see #21195.
Built from https://develop.svn.wordpress.org/trunk@31480


git-svn-id: http://core.svn.wordpress.org/trunk@31461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-02-19 14:59:26 +00:00
Sergey Biryukov
01bb8478ff Fix a typo in duplicate hook comment. 
see [31107], #21195.
Built from https://develop.svn.wordpress.org/trunk@31479


git-svn-id: http://core.svn.wordpress.org/trunk@31460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-02-19 14:56:28 +00:00
Drew Jaynes
947d04f323 Improve return and parameter documentation for check_admin_referer(), check_ajax_referer(), and wp_verify_nonce(). 
Also update and clarify docsfor the `check_admin_referer` and `check_ajax_referer` hooks.

Props johnbillion, DrewAPicture.
Fixes #31055.

Built from https://develop.svn.wordpress.org/trunk@31381


git-svn-id: http://core.svn.wordpress.org/trunk@31362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-02-09 04:57:27 +00:00
Scott Taylor
fe6b5983df In PHP 5.0.0, is_a() became deprecated in favour of the instanceof operator. Calling is_a() would result in an E_STRICT warning. 
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.

To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.

`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.

Props markoheijnen, wonderboymusic.
Fixes #25672.

Built from https://develop.svn.wordpress.org/trunk@31188


git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-16 01:06:24 +00:00
Gary Pendergast
4bc89fef32 In get_avatar(), revert the <img> tag attributes to using single quotes, instead of double quotes. This behaviour was changed in [31107], but caused problems for code that attempted to parse the <img> tag. 
See #21195


Built from https://develop.svn.wordpress.org/trunk@31152


git-svn-id: http://core.svn.wordpress.org/trunk@31133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-12 00:03:24 +00:00
Scott Taylor
ac654632fe Use PHP_SAPI constant instead of php_sapi_name() in iis7_supports_permalinks(), wp_fix_server_vars(), and wp_redirect(). 
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31120


git-svn-id: http://core.svn.wordpress.org/trunk@31101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-10 04:59:22 +00:00
Gary Pendergast
5ee3ff435d Add get_avatar_url(), for retrieving just the URL of an avatar, rather than the entire <img> tag that get_avatar() produces. 
Unlike `get_avatar()`, `get_avatar_url()` is not pluggable. It can be extended/or modified through the new filters included.

Fixes #21195.

Props mdawaffe, pento, pathawks, DrewAPicture


Built from https://develop.svn.wordpress.org/trunk@31107


git-svn-id: http://core.svn.wordpress.org/trunk@31088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-09 04:43:23 +00:00
Sergey Biryukov
e253251ef4 Remove space before comma in wp_notify_postauthor() and wp_notify_moderator(). 
see #30930.
Built from https://develop.svn.wordpress.org/trunk@31060


git-svn-id: http://core.svn.wordpress.org/trunk@31041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-06 17:17:21 +00:00
Sergey Biryukov
71d255fde1 Remove padding from the comment notification emails in wp_notify_moderator(). 
See [30015] for wp_notify_postauthor().

props pavelevap.
fixes #30930.
Built from https://develop.svn.wordpress.org/trunk@31059


git-svn-id: http://core.svn.wordpress.org/trunk@31040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-01-06 17:10:35 +00:00
John Blackbourn
d614abe3a2 Allow brackets in a URL when it's sanitised for a redirect. Brackets are valid in query parameters. 
Fixes #30308
Props voldemortensen

Built from https://develop.svn.wordpress.org/trunk@30684


git-svn-id: http://core.svn.wordpress.org/trunk@30674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-12-01 03:21:22 +00:00
John Blackbourn
17ddc06287 Allow square brackets in a URL when it's sanitised for a redirect. Square brackets are valid in query parameters and IPv6 addresses. 
Fixes #17052
Props voldemortensen

Built from https://develop.svn.wordpress.org/trunk@30683


git-svn-id: http://core.svn.wordpress.org/trunk@30673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-12-01 03:16:22 +00:00
Scott Taylor
04453cbe01 Improve the @param docs for src/wp-includes/pluggable*. 
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30667


git-svn-id: http://core.svn.wordpress.org/trunk@30657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-11-30 22:19:25 +00:00
Drew Jaynes
e4f52df62c Fix DocBlock formatting for wp_generate_password(). 
Props stevegrunwell for the initial patch.
Fixes #30509.

Built from https://develop.svn.wordpress.org/trunk@30580


git-svn-id: http://core.svn.wordpress.org/trunk@30570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-11-26 20:38:23 +00:00
Dominik Schilling
e002b0fc07 Type cast $nonce to string in wp_verify_nonce(). 
props jesin.
fixes #29542.
Built from https://develop.svn.wordpress.org/trunk@30576


git-svn-id: http://core.svn.wordpress.org/trunk@30566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-11-26 19:19:23 +00:00
Drew Jaynes
188e47869f Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented. 
Affects DocBlocks for the following core elements:
* Markdown-indent a code snippet in the description for `wp_salt()`
* Backtick-escape inline code in the return description for `get_avatar()`
* Various markdown formatting in the description for `add_filter()`
* Markdown-indent a code snippet in the description for `apply_filters()`
* Backtick-escape inline code in the `@see` description for `apply_filters_ref_array()`
* Backtick-escape inline code in the description for `do_action()`
* Backtick-escape variables in the parameter and return descriptions for `do_action_ref_array()`
* Various markdown formatting in the description for `get_plugin_data()`

Props rarst.
See #30473.

Built from https://develop.svn.wordpress.org/trunk@30544


git-svn-id: http://core.svn.wordpress.org/trunk@30533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-11-24 06:05:23 +00:00
Andrew Nacin
ddb3ee5057 Use hash_equals() for old md5 hashes. 
Built from https://develop.svn.wordpress.org/trunk@30412


git-svn-id: http://core.svn.wordpress.org/trunk@30407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-11-20 11:49:23 +00:00
Drew Jaynes
f7648300c8 Add missing documentation for the $password parameter, passed to the check_password hook. 
Props coffee2code.
Fixes #30311.

Built from https://develop.svn.wordpress.org/trunk@30381


git-svn-id: http://core.svn.wordpress.org/trunk@30378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-11-18 18:56:21 +00:00
Drew Jaynes
66c47f29bb Correct references of @uses $wpdb in core documentation to use @global. 
See #30191, [30105].
Fixes #30217.

Built from https://develop.svn.wordpress.org/trunk@30122


git-svn-id: http://core.svn.wordpress.org/trunk@30122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-10-31 17:56:22 +00:00
Drew Jaynes
f8657d5890 Remove redundant and erroneous @uses tag from most core inline documentation. 
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.

Fixes #30191.

Built from https://develop.svn.wordpress.org/trunk@30105


git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-10-30 01:05:24 +00:00
John Blackbourn
823cfebeca Remove padding from the comment notification emails which is from a bygone fixed-width font era. Prevents alignment issues in email clients which use vairable width fonts for plain text emails. Fixes #16721. Props DrewAPicture. 
Built from https://develop.svn.wordpress.org/trunk@30015


git-svn-id: http://core.svn.wordpress.org/trunk@30015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-10-24 17:08:18 +00:00
Mark Jaquith
e1f2b3b9e2 Use HTTPS URLs for trac.wordpress.org (and use core.trac.wordpress.org) 
see #27115
Built from https://develop.svn.wordpress.org/trunk@29789


git-svn-id: http://core.svn.wordpress.org/trunk@29561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-09-29 13:37:16 +00:00
Andrew Nacin
75ff6ae302 Add safeguards for when ext/hash is not compiled with PHP. 
see #29518, for trunk.

Built from https://develop.svn.wordpress.org/trunk@29751


git-svn-id: http://core.svn.wordpress.org/trunk@29523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-09-20 17:28:18 +00:00
Andrew Nacin
768136c6da Rename the public methods in the session tokens API. 
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.

The protected abstract methods designed for alternative implementations remain the same.

props mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29635


git-svn-id: http://core.svn.wordpress.org/trunk@29409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-27 02:07:16 +00:00
Andrew Nacin
3951d9689c Require a non-empty $nonce value in wp_verify_nonce(). 
props ocean90.
fixes #29217.

Built from https://develop.svn.wordpress.org/trunk@29620


git-svn-id: http://core.svn.wordpress.org/trunk@29394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-26 07:39:19 +00:00
Drew Jaynes
a227d4ff08 s/does/does not in wp_set_password() docblock. 
See [29461]. See #28316.

Built from https://develop.svn.wordpress.org/trunk@29462


git-svn-id: http://core.svn.wordpress.org/trunk@29240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-10 02:44:16 +00:00
Drew Jaynes
0f7d35597c Improve the wp_set_password() PHPDoc with a note to guard against executing the function on every page load, such as through a theme's functions.php file. 
See #28316.

Built from https://develop.svn.wordpress.org/trunk@29461


git-svn-id: http://core.svn.wordpress.org/trunk@29239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-10 02:39:16 +00:00
Andrew Nacin
ee4ce8688d Escape late in get_avatar(). 
Built from https://develop.svn.wordpress.org/trunk@29397


git-svn-id: http://core.svn.wordpress.org/trunk@29175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-06 07:50:18 +00:00
Andrew Nacin
7d672c38a4 Constant time for wp_verify_nonce(). 
Built from https://develop.svn.wordpress.org/trunk@29382


git-svn-id: http://core.svn.wordpress.org/trunk@29160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-08-06 05:26:16 +00:00
Andrew Nacin
654e46f03d Tie cookies and nonces to user sessions so they may be invalidated upon logout. 
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.

Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().

This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.

props duck_, nacin, mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29221


git-svn-id: http://core.svn.wordpress.org/trunk@29005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-18 09:13:15 +00:00
Sergey Biryukov
177fe21194 Asterisk is an allowed character in a URI and should not be stripped out by wp_sanitize_redirect(). 
fixes #28362.
Built from https://develop.svn.wordpress.org/trunk@28939


git-svn-id: http://core.svn.wordpress.org/trunk@28737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-01 15:56:15 +00:00
Scott Taylor
c8852cc909 Use the WPINC constant when loading class-phpass.php 
Props wojtek.szkutnik
See #14157.

Built from https://develop.svn.wordpress.org/trunk@28903


git-svn-id: http://core.svn.wordpress.org/trunk@28702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-06-29 22:12:16 +00:00
Andrew Nacin
dc0aca09f5 Fix documentation for wp_create_nonce() which wrongly suggests these tokens are actually numbers used once. 
Built from https://develop.svn.wordpress.org/trunk@28793


git-svn-id: http://core.svn.wordpress.org/trunk@28606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-06-20 20:47:14 +00:00
Scott Taylor
43bf7f271f Don't use variable variables in wp_salt(). 
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28741


git-svn-id: http://core.svn.wordpress.org/trunk@28555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-06-11 18:36:15 +00:00
Drew Jaynes
cb0fc9c64b Update the $secure_logged_in_cookie variable in the 'secure_logged_in_cookie' hook docs following [28627]. 
See #15330.

Built from https://develop.svn.wordpress.org/trunk@28628


git-svn-id: http://core.svn.wordpress.org/trunk@28448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-30 15:20:16 +00:00
Andrew Nacin
733057e7d6 Use a secure logged_in_cookie when the home URL is forced HTTPS (see #27954). 
see #15330.

Built from https://develop.svn.wordpress.org/trunk@28627


git-svn-id: http://core.svn.wordpress.org/trunk@28447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-30 15:08:15 +00:00
Scott Taylor
8e98541d5f Eliminate the use of extract() in wp_mail(). Check the filtered array for each value before re-setting variables. 
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28425


git-svn-id: http://core.svn.wordpress.org/trunk@28252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-15 06:17:15 +00:00
Scott Taylor
f5bd0de275 Eliminate the use of extract() in wp_validate_auth_cookie(). 
Don't do anything fancy here, just set the 4 returned properties to variables. This function is semi-important.
	
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28424


git-svn-id: http://core.svn.wordpress.org/trunk@28251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-15 06:11:13 +00:00
Andrew Nacin
7f001bfe24 Harden HMAC verification. props duck_. 
Built from https://develop.svn.wordpress.org/trunk@28053


git-svn-id: http://core.svn.wordpress.org/trunk@27883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-04-08 18:06:16 +00:00
Drew Jaynes
684145ca81 Inline documentation fixes related to the determine_current_user filter 
See #26706, #27700.

Built from https://develop.svn.wordpress.org/trunk@28007


git-svn-id: http://core.svn.wordpress.org/trunk@27837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-04-07 21:18:15 +00:00
Drew Jaynes
100e737eb0 Inline documentation for hooks in wp-includes/pluggable.php. 
Props kpdesign for some cleanup.
Fixes #26888.

Built from https://develop.svn.wordpress.org/trunk@27825


git-svn-id: http://core.svn.wordpress.org/trunk@27659 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-28 21:21:15 +00:00
Andrew Nacin
c3ca81ba94 Always decode special characters for email subjects. 
props tlovett1, jeremyfelt.
fixes #25346.

Built from https://develop.svn.wordpress.org/trunk@27801


git-svn-id: http://core.svn.wordpress.org/trunk@27636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-28 02:44:15 +00:00
Andrew Nacin
182de5881d Avoid notices in wp_notify_postauthor() when a post has no author. 
props drozdz.
fixes #26659.

Built from https://develop.svn.wordpress.org/trunk@27568


git-svn-id: http://core.svn.wordpress.org/trunk@27411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-17 20:31:14 +00:00
Andrew Nacin
e7be7a0a8d Use get_comment_link() in wp_notify_postauthor(). 
Fixes pagination for the link directly to the moderated comment.

props eatingrules.
fixes #26133.

Built from https://develop.svn.wordpress.org/trunk@27567


git-svn-id: http://core.svn.wordpress.org/trunk@27410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-17 20:20:15 +00:00
Andrew Nacin
acba3131d7 Allow for custom authentication handlers for all requests. 
Turn the logic used by wp_get_current_user() into a determine_current_user filter.

props rmccue.
fixes #26706.

Built from https://develop.svn.wordpress.org/trunk@27484


git-svn-id: http://core.svn.wordpress.org/trunk@27328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-03-09 15:23:15 +00:00
Drew Jaynes
db605f4767 Improve inline documentation for wp_new_user_notification(). 
Props antorome for the initial patch.
Fixes #26703.

Built from https://develop.svn.wordpress.org/trunk@27149


git-svn-id: http://core.svn.wordpress.org/trunk@27016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-02-09 21:07:12 +00:00
Sergey Biryukov
1f86e0c1e1 Fix typo in wp_set_auth_cookie() description. 
props drozdz.
fixes #27046.
Built from https://develop.svn.wordpress.org/trunk@27116


git-svn-id: http://core.svn.wordpress.org/trunk@26983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-02-07 09:47:12 +00:00
Drew Jaynes
cd8cedc40d First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.

Built from https://develop.svn.wordpress.org/trunk@26868


git-svn-id: http://core.svn.wordpress.org/trunk@26754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-12-24 18:57:12 +00:00
Drew Jaynes
223a2c7138 Inline documentation for the following filter hooks in wp-includes/pluggable.php: 
* `comment_notification_recipients`
* `comment_notification_notify_author`

Also removes some generic `@uses` tags from various related doc blocks.

Props markjaquith.
Fixes #25699.

Built from https://develop.svn.wordpress.org/trunk@26388


git-svn-id: http://core.svn.wordpress.org/trunk@26288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-11-26 04:10:09 +00:00
Mark Jaquith
c2cdbf9648 Fix comment_notification_recipients filter behavior so that it is still respected even on comments left by the post author 
The code was bailing on this-is-a-comment-on-your-own-post detection, ignoring additional recipients. Now:

* Logic check is done within `wp_notify_postauthor()`
* Logic check is overridable via `comment_notification_notify_author` filter (default still false)
* The code doesn't bail on comment-on-own-post detection, but just removes the author from the array
* The code instead now bails if the recipients list is empty, so `comment_notification_recipients` works properly

props ethitter.
fixes #25699

Built from https://develop.svn.wordpress.org/trunk@26367


git-svn-id: http://core.svn.wordpress.org/trunk@26268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-11-25 01:47:10 +00:00
Peter Westwood
bca9252522 Deprecate the second argument for wp_notify_postauthor because it is unecessary. Fixes #17862 props scribu and wonderboymusic. 
Built from https://develop.svn.wordpress.org/trunk@26358


git-svn-id: http://core.svn.wordpress.org/trunk@26259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-11-24 16:26:10 +00:00
Sergey Biryukov
12d10da7e6 Remove redundant cleanup of PHPMailer addresses in wp_mail(). 
props bananastalktome.
fixes #25789.
Built from https://develop.svn.wordpress.org/trunk@26121


git-svn-id: http://core.svn.wordpress.org/trunk@26033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-11-13 03:45:11 +00:00
Sergey Biryukov
eae4e5936f Use case-insensitive comparison for email addresses. fixes #25779. 
Built from https://develop.svn.wordpress.org/trunk@26115


git-svn-id: http://core.svn.wordpress.org/trunk@26027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-11-13 02:41:09 +00:00
Sergey Biryukov
9c3b98e6d3 Avoid PHP notices in wp_notify_postauthor() when using a custom comment type. 
Use a switch statement for consistency with wp_notify_moderator().

fixes #25880.
Built from https://develop.svn.wordpress.org/trunk@26114


git-svn-id: http://core.svn.wordpress.org/trunk@26026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-11-13 02:32:10 +00:00
Sergey Biryukov
40391f4e37 Fall back to comment author email in get_avatar() if the user who left the comment no longer exists. 
props mauryaratan, lite3.
fixes #25803.
Built from https://develop.svn.wordpress.org/trunk@26000


git-svn-id: http://core.svn.wordpress.org/trunk@25933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-11-02 12:20:11 +00:00
Andrew Nacin
70fd806759 Revert r25824:25875 from the core.svn.wordpress.org repository. 
These commits were accidentally re-synced commits from develop.svn.wordpress.org due to a race condition. Thankfully, the history of this repository matters fairly little. It also happened only for trunk.


git-svn-id: http://core.svn.wordpress.org/trunk@25876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-10-25 02:29:52 +00:00
Andrew Nacin
8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone. 
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-10-24 22:53:14 +00:00
Andrew Nacin
9c6a15ef8f Maintain the same output for get_avatar() as 3.6. see [25895]. 
Built from https://develop.svn.wordpress.org/trunk@25899


git-svn-id: http://core.svn.wordpress.org/trunk@25811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-10-24 19:32:09 +00:00
Andrew Nacin
af4535596b Always escape URLs at the last possible moment. 
Built from https://develop.svn.wordpress.org/trunk@25895


git-svn-id: http://core.svn.wordpress.org/trunk@25807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-10-24 18:52:11 +00:00
Andrew Nacin
e2413462de Move the trim() from wp_set_password() to inside wp_hash_password(). 
props rpattillo, joehoyle.
fixes #24973. see #23494.

Built from https://develop.svn.wordpress.org/trunk@25709


git-svn-id: http://core.svn.wordpress.org/trunk@25623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-10-07 13:54:10 +00:00
Scott Taylor
c2312dfe4c Use elseif when slurping the nonce in check_ajax_referer() to avoid accidentally overwriting it. 
Fail wonderboymusic in [25433].
Props ocean90.
Fixes #25369.
See [25433].


Built from https://develop.svn.wordpress.org/trunk@25550


git-svn-id: http://core.svn.wordpress.org/trunk@25470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-09-21 16:26:12 +00:00
Scott Taylor
5df8338e0a Fix some undefined index notices related to Comment unit tests: 
* There are several places where a `$_POST` index was unchecked before setting a variable
* In `wp_notify_postauthor()`, `$comment` was being returned null, but its properties were being accessed.
* In `check_ajax_referer()`, 3 different values can be checked for nonce on `$_REQUEST`, but only 1 had an `isset()`

See #25282.


Built from https://develop.svn.wordpress.org/trunk@25433


git-svn-id: http://core.svn.wordpress.org/trunk@25355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-09-13 22:18:08 +00:00
Andrew Nacin
cf3fddde96 Validate referrers to prevent off-domain redirects. 
Built from https://develop.svn.wordpress.org/trunk@25318


git-svn-id: http://core.svn.wordpress.org/trunk@25280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-09-10 18:07:10 +00:00
Andrew Nacin
9fdfa7ef5c Short descriptions for inline docs should end with a period, per the vast majority of core. see #25229. 
Built from https://develop.svn.wordpress.org/trunk@25273


git-svn-id: http://core.svn.wordpress.org/trunk@25239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-09-06 01:38:09 +00:00
Sergey Biryukov
9769012244 Add phpdoc for 'wp_redirect' and 'wp_redirect_status' filters. props DrewAPicture. fixes #25215. 
Built from https://develop.svn.wordpress.org/trunk@25230


git-svn-id: http://core.svn.wordpress.org/trunk@25200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-09-04 08:31:09 +00:00
Sergey Biryukov
6760d294bb Update phpdoc for get_user_to_edit(), get_userdata(), and get_user_by(). props tivnet. fixes #24992. 
Built from https://develop.svn.wordpress.org/trunk@25204


git-svn-id: http://core.svn.wordpress.org/trunk@25176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-09-02 03:25:09 +00:00
Andrew Ozz
3c3ec6dd8c Logging in: when the Remember Me checkbox is checked, make sure the browser continues to send the expired cookies so the "login grace period" for POST and AJAX requests works. Fixes #24735. 
Built from https://develop.svn.wordpress.org/trunk@25107


git-svn-id: http://core.svn.wordpress.org/trunk@25089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-08-23 21:27:08 +00:00
Sergey Biryukov
688ecb9fcc Use correct variable. see #22922. 
Built from https://develop.svn.wordpress.org/trunk@25105


git-svn-id: http://core.svn.wordpress.org/trunk@25087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-08-23 20:57:11 +00:00
Andrew Nacin
0adcab1f7f Add filters to the recipients of emails sent by wp_notify_postauthor() and wp_notify_moderator(). 
The new filters are called comment_notification_recipients and comment_moderation_recipients.

Add the context of $comment_id to the comment_moderation_headers filter, to match the comment_notification_headers filter.

props chipbennett.
fixes #22922, #20353.


Built from https://develop.svn.wordpress.org/trunk@25104


git-svn-id: http://core.svn.wordpress.org/trunk@25086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-08-23 19:36:10 +00:00
Ryan Boren
26eb1dc6ee Return true from wp_redirect() when redirect successful. Update phpdoc. 
Props tivnet
fixes #24969


git-svn-id: http://core.svn.wordpress.org/trunk@24996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-08-06 17:44:32 +00:00
Andrew Nacin
0f84b87380 Do not notify the post author about comments if they are no longer a member of the blog. 
This updates [23294] to use capability checks to determine if the user can still edit a post, which works for super admins. Additionally, it hides Trash/Spam action links when the user is still a member of the blog but cannot (or can no longer) moderate the comment.

fixes #23136.



git-svn-id: http://core.svn.wordpress.org/trunk@24649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-10 22:01:12 +00:00
Sergey Biryukov
8655b33360 Make wp_mail() return the actual result of PHPMailer::Send() instead of always returning true. props chmac. fixes #23642. 
git-svn-id: http://core.svn.wordpress.org/trunk@24530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-06-29 23:03:13 +00:00