Commit Graph

168 Commits

Author SHA1 Message Date
John Blackbourn
2d464d4286 Users: Don't show the 'Add Existing User' form on the 'Add New User' screen to users without the promote_users capability.
Props bseddon, Mista-Flo

Fixes #37836

Built from https://develop.svn.wordpress.org/trunk@41122


git-svn-id: http://core.svn.wordpress.org/trunk@40962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-23 01:14:43 +00:00
Felix Arntz
34ad21bcfa Multisite: Remove unnecessary is_super_admin() check when adding an existing user to a site.
Prior to this change, a super admin user that is added to a site who they are already a member of would still get reinvited.

Props supercoder.
Fixes #39220. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39946


git-svn-id: http://core.svn.wordpress.org/trunk@39883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-24 12:03:43 +00:00
Felix Arntz
41fc0c0f5a Multisite: Replace is_super_admin() with manage_network_users when trying to add an existing user via username.
Props dhanendran.
Fixes #39202. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39935


git-svn-id: http://core.svn.wordpress.org/trunk@39872 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-20 17:49:41 +00:00
Felix Arntz
c22fea9120 Multisite: Replace is_super_admin() with manage_network_users when checking for users autocomplete capabilities.
Props ashokkumar24.
Fixes #39201. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39934


git-svn-id: http://core.svn.wordpress.org/trunk@39871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-20 17:43:42 +00:00
Andrea Fercia
fd40a16ad1 Accessibility: Improve the form labels on the Add New User screen.
On the Multisite - single site "Add New User" screen, some form fields have more
than one label associated with them. Form controls should have at most one
associated label element. If more than one label element is associated to the
control, assistive technologies may not read the appropriate label.

Additionally, labels can be associated to their related form fields either
explicitly (using a `for` attribute referencing the field ID) or implicitly
(using the label to wrap the field). As a best practice, never do both and
prefer explicitly associated labels when possible.

Props Ankit K Gupta.
Fixes #38459.

Built from https://develop.svn.wordpress.org/trunk@39006


git-svn-id: http://core.svn.wordpress.org/trunk@38948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-29 12:54:30 +00:00
Dominik Schilling
7819e2b4ba I18N: Introduce a locale-switching function.
With the introduction of user-specific languages in [38705] it's necessary to be able to switch translations on the fly. For example emails should be sent in the language of the recipient and not the one of the current user.

This introduces a new `WP_Locale_Switcher` class which is used for switching locales and translations. It holds the stack of locales whenever `switch_to_locale( $locale )` is called. With `restore_previous_locale()` you can restore the previous locale. `restore_current_locale()` empties the stack and sets the locale back to the initial value.

`switch_to_locale()` is added to most of core's email functions, either with the value of `get_locale()` (site language) or `get_user_locale()` (user language with fallback to site language).

Props yoavf, tfrommen, swissspidy, pbearne, ocean90.
See #29783.
Fixes #26511.
Built from https://develop.svn.wordpress.org/trunk@38961


git-svn-id: http://core.svn.wordpress.org/trunk@38904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 15:36:31 +00:00
Andrea Fercia
2eda436430 Accessibility: Remove target=_blank from the Users and Widgets screens help tabs links.
Stop taking control of users' browsers.

Props rianrietveld.
Fixes #38217. See #23432.

Built from https://develop.svn.wordpress.org/trunk@38723


git-svn-id: http://core.svn.wordpress.org/trunk@38666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-04 07:10:31 +00:00
Andrea Fercia
eeefec932f Administration: Improve the usage of the button CSS classes.
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.

- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items

Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes #27314, #37138, #37448.

Built from https://develop.svn.wordpress.org/trunk@38672


git-svn-id: http://core.svn.wordpress.org/trunk@38615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-28 19:54:28 +00:00
Sergey Biryukov
ec8f0281fa I18N: Remove unnecessary context for two strings on "Add New User" screen.
Props ramiy.
Fixes #37784.
Built from https://develop.svn.wordpress.org/trunk@38329


git-svn-id: http://core.svn.wordpress.org/trunk@38270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-23 12:54:31 +00:00
Dominik Schilling
a8ccd1ce23 Users: Update help text for user-new.php to remove reference to sending passwords via email.
Props anneschmidt.
Fixes #36763.
Built from https://develop.svn.wordpress.org/trunk@38064


git-svn-id: http://core.svn.wordpress.org/trunk@38005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-14 21:51:32 +00:00
Jeremy Felt
771212f20a Multisite: Correct logic used to display an Edit User link after adding a user.
Previously, if a user was added with the checkbox for no confirmation selected and an error was then encountered in `wpmu_activate_signup()`, a fatal error would trigger because `$new_user` was a `WP_Error` object rather than a user.

Fixes #37223.

Built from https://develop.svn.wordpress.org/trunk@38007


git-svn-id: http://core.svn.wordpress.org/trunk@37948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 17:48:29 +00:00
Dominik Schilling
25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Drew Jaynes
c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Dominik Schilling
024ffe4980 I18N: Fix placeholders and add translator comments after [36695].
See #35705.
Built from https://develop.svn.wordpress.org/trunk@36697


git-svn-id: http://core.svn.wordpress.org/trunk@36664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 21:49:26 +00:00
Jeremy Felt
b4ab399def Multisite: Provide an "Edit user" link after adding a new user
Props codex-m, jeremyfelt.
Fixes #35705.

Built from https://develop.svn.wordpress.org/trunk@36695


git-svn-id: http://core.svn.wordpress.org/trunk@36662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 21:43:25 +00:00
Dominik Schilling
9fb5c540bb Users: Allow to create users without sending an email to the new user.
This adds a checkbox to `wp-admin/user-new.php` to prevent sending an email with the username and a password reset link to the new user. Restores the behavior of pre-4.3.

Fixes #33504.
Props tharsheblows, SergeyBiryukov, DrewAPicture, ocean90.
Built from https://develop.svn.wordpress.org/trunk@35742


git-svn-id: http://core.svn.wordpress.org/trunk@35706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:38:29 +00:00
Scott Taylor
0d8a80b14c Profile: on user-new.php, don't allow the password fields to be hidden. When hidden, you can't add a user.
Props coffee2code.
Fixes #15115.

Built from https://develop.svn.wordpress.org/trunk@34582


git-svn-id: http://core.svn.wordpress.org/trunk@34546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 06:15:26 +00:00
Helen Hou-Sandí
48befcf361 Superglobals: Revert [34059] until further notice.
see #33837.

Built from https://develop.svn.wordpress.org/trunk@34265


git-svn-id: http://core.svn.wordpress.org/trunk@34229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 12:33:26 +00:00
Boone Gorges
a7e229637e Improve validation of user_login and user_nicename length.
The `user_login` field only allows 60 characters, and `user_nicename` allows
50. However, there are no protections in the interface, and few in the code,
that prevent the creation of users with values in excess of these limits. Prior
to recent changes in `$wpdb`, users were generally created anyway, MySQL
having performed the necessary truncation. More recently, the `INSERT`s and
`UPDATE`s simply fail, with no real feedback on the nature of the failure.

This changeset addresses the issue in a number of ways:
* On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length.
* In `wp_insert_user()`, throw an error if the value provided for `'user_login'` or `'user_nicename'` exceeds the maximum field length.
* In `wp_insert_user()`, when using `'user_login'` to generate a default value for `'user_nicename'`, ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc).

Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges.
Fixes #33793.
Built from https://develop.svn.wordpress.org/trunk@34218


git-svn-id: http://core.svn.wordpress.org/trunk@34182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 22:14:26 +00:00
Scott Taylor
cd7c0f0b0d Introduce wp_validate_action( $action = '' ), a helper function that checks $_REQUEST for action and returns it, or empty string if not present. If $action is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.
Implementing this removes 27 uses of direct superglobal access in the admin.

For more reading:
https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php

See #33837.

Built from https://develop.svn.wordpress.org/trunk@34059


git-svn-id: http://core.svn.wordpress.org/trunk@34027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 21:08:26 +00:00
Scott Taylor
a40e30e7f4 Move 2 ad hoc user admin functions:
* Move `use_ssl_preference()` from `wp-admin/user-edit.php` to `wp-admin/includes/user.php`.
* Move `admin_created_user_email()` from `wp-admin/user-new.php` to `wp-admin/includes/user.php`.

See #33813.

Built from https://develop.svn.wordpress.org/trunk@34021


git-svn-id: http://core.svn.wordpress.org/trunk@33990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 21:33:33 +00:00
Jeremy Felt
d1f818a61d Multisite: Allow users with manage_network_users to edit network users.
Other users in a network can now be given capabilities to manage users without also having global super admin privileges.

* Users with `manage_network_users` can not edit super admins.
* Users with `manage_network_users` can not promote users to super admin.
* Uses of `is_super_admin()` in `user-new.php` are now updated to `manage_network_users`.

Props daniellandau, chriscct7.
Fixes #16860.

Built from https://develop.svn.wordpress.org/trunk@33988


git-svn-id: http://core.svn.wordpress.org/trunk@33957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 03:34:23 +00:00
Andrea Fercia
a49f9ef68f Bump H3 headings to H2 on the Network Add New User screen for better accessibility.
Props Cheffheid.
Fixes #33605.
Built from https://develop.svn.wordpress.org/trunk@33945


git-svn-id: http://core.svn.wordpress.org/trunk@33914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-07 16:03:25 +00:00
Sergey Biryukov
b4fbbf53cf Provide more helpful feedback than just "Cheatin' uh?" for permission errors in wp-admin/user-new.php.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33678. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33884


git-svn-id: http://core.svn.wordpress.org/trunk@33853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 08:46:52 +00:00
Helen Hou-Sandí
1f500055a6 Drop the hyphen from e-mail and standardize on email.
The AP Stylebook changed this in 2011, and we're woefully inconsistent, so let's go with the standard.

props morganestes, voldemortensen, niallkennedy (for patching on the previous AP style).
fixes #26156.

Built from https://develop.svn.wordpress.org/trunk@33774


git-svn-id: http://core.svn.wordpress.org/trunk@33742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-28 03:17:21 +00:00
Sergey Biryukov
85d3345e05 Multisite: Add 'invite_user' action that fires immediately after a user is invited to join a site, but before the notification is sent.
props ebinnion, MikeHansenMe, DrewAPicture.
fixes #33008.
Built from https://develop.svn.wordpress.org/trunk@33732


git-svn-id: http://core.svn.wordpress.org/trunk@33700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 17:48:21 +00:00
Scott Taylor
d92795db13 Passwords UI: clean up the new JS in wp-admin/js/user-profile.js.
Instead of wrapping `#pass1` in a `<span>` dynamically, add the `<span>` to the HTML in PHP. It currently has no styling.

Fixes #33145.

Built from https://develop.svn.wordpress.org/trunk@33450


git-svn-id: http://core.svn.wordpress.org/trunk@33417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-27 21:25:25 +00:00
Mark Jaquith
5abcb6938c Toggle between dashicons-hidden and dashicons-visibility in the password hide/show button.
fixes #33135
Built from https://develop.svn.wordpress.org/trunk@33438


git-svn-id: http://core.svn.wordpress.org/trunk@33405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-27 03:13:24 +00:00
Sergey Biryukov
bd0f6a2132 Remove unused pw-weak ID attributes.
see #33077.
Built from https://develop.svn.wordpress.org/trunk@33419


git-svn-id: http://core.svn.wordpress.org/trunk@33387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-26 00:58:24 +00:00
Mark Jaquith
1ef40251b9 Introduce a Cancel button and onUnload warning for password changes.
fixes #33079
props johnjamesjacoby
Built from https://develop.svn.wordpress.org/trunk@33364


git-svn-id: http://core.svn.wordpress.org/trunk@33336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 18:36:24 +00:00
Mark Jaquith
f08f12f7cc Fix up and normalize pw_weak/pw-weak IDs and labels.
props johnjamesjacoby
fixes #33077
Built from https://develop.svn.wordpress.org/trunk@33363


git-svn-id: http://core.svn.wordpress.org/trunk@33335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 17:24:24 +00:00
Konstantin Obenland
45bfab3aa8 Passwords: Add password strength meter feedback for screen readers.
Also gives context to the show/hide button.

Props rianrietveld, afercia.
Fixes #33032.


Built from https://develop.svn.wordpress.org/trunk@33353


git-svn-id: http://core.svn.wordpress.org/trunk@33325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 00:15:25 +00:00
Konstantin Obenland
e4305c7b28 Passwords: Make show/hide toggle translatable.
See #32589.

Built from https://develop.svn.wordpress.org/trunk@33249


git-svn-id: http://core.svn.wordpress.org/trunk@33221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 22:35:24 +00:00
Konstantin Obenland
7e3f0cf45e Passwords: New UI for install screen.
Also synchronises the use of `pw_weak` as an input name and removes trailing
periods from checkbox labels.

Props MikeHansenMe, adamsilverstein, obenland.
See #32589.


Built from https://develop.svn.wordpress.org/trunk@33246


git-svn-id: http://core.svn.wordpress.org/trunk@33218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 22:22:24 +00:00
Konstantin Obenland
d932607416 Passwords: Add trailing periods in new strings.
Props akibjorklund.
See #32589.


Built from https://develop.svn.wordpress.org/trunk@33208


git-svn-id: http://core.svn.wordpress.org/trunk@33180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 18:30:24 +00:00
Jeremy Felt
0dbe4d6c95 Set autocapitalize to none, autocorrect to off for new username inputs on iOS.
This corrects both the standard wp-admin new user form and the network new user form.

Props @brad2dabone, @sunnnyratilal.
Fixes #32644.

Built from https://develop.svn.wordpress.org/trunk@33160


git-svn-id: http://core.svn.wordpress.org/trunk@33132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-11 02:35:24 +00:00
Dominik Schilling
73d57e6c86 Add/Edit User: Move weak password label to the checkbox.
props paulwilde.
fixes #32908.
Built from https://develop.svn.wordpress.org/trunk@33137


git-svn-id: http://core.svn.wordpress.org/trunk@33108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-08 21:28:25 +00:00
Mark Jaquith
504101460f Slow down on calling zxcvbn if it isn't loaded.
see #32589
Built from https://develop.svn.wordpress.org/trunk@33033


git-svn-id: http://core.svn.wordpress.org/trunk@33004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 18:13:24 +00:00
Mark Jaquith
423a1a7ca4 New password change/set UI.
* Generate the password for the user
* More tightly integrate password strength meter
* Warn on weak passwords

see #32589

props MikeHansenMe, adamsilverstein, binarykitten
Built from https://develop.svn.wordpress.org/trunk@33023


git-svn-id: http://core.svn.wordpress.org/trunk@32994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 14:48:24 +00:00
Konstantin Obenland
7dc1d06e64 Proper heading for admin screens.
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.

Props joedolson, afercia.
Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@32974


git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 15:41:25 +00:00
Scott Taylor
c6a4512b1b Add missing doc blocks to wp-admin/includes/*.
Fix some egregious uses of tabbing.
Some functions can simply return `apply_filters(...)` instead of setting a variable that is immediately returned.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32654


git-svn-id: http://core.svn.wordpress.org/trunk@32624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 20:17:26 +00:00
Dominik Schilling
64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Helen Hou-Sandí
d85f8fe326 Admin notices: Make (most) core notices dismissible.
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.

props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes #31233. see #23367.

Built from https://develop.svn.wordpress.org/trunk@31973


git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 22:06:28 +00:00
Sergey Biryukov
2c98f83b70 Remove duplicate label on Add New User screen.
props abhishekfdd.
fixes #31131.
Built from https://develop.svn.wordpress.org/trunk@31777


git-svn-id: http://core.svn.wordpress.org/trunk@31757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-14 01:04:27 +00:00
Dominik Schilling
72229b25c8 Add New User: Remove trailing whitespace from button labels.
fixes #31175.
Built from https://develop.svn.wordpress.org/trunk@31298


git-svn-id: http://core.svn.wordpress.org/trunk@31279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-29 14:54:21 +00:00
Scott Taylor
7f8b548df1 In HTML5, the action attribute is no longer required. Remove this attribute when empty.
The admin HTML is served with the HTML5 doctype.

"The action and formaction content attributes, if specified, must have a value that is a valid non-empty URL potentially surrounded by spaces." 
http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fs-action

Props voldemortensen.
Fixes #30126.

Built from https://develop.svn.wordpress.org/trunk@31200


git-svn-id: http://core.svn.wordpress.org/trunk@31181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 04:16:24 +00:00
Andrew Nacin
741e0ec6de No need for wp_get_password_hint() to be prefixed as if it is private.
see #21243.

Built from https://develop.svn.wordpress.org/trunk@30855


git-svn-id: http://core.svn.wordpress.org/trunk@30845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-15 08:34:23 +00:00
John Blackbourn
bdd00b3902 Improve various hook and filter docs so they are correctly parsed for the code reference.
Fixes #30558
Props DrewAPicture

Built from https://develop.svn.wordpress.org/trunk@30754


git-svn-id: http://core.svn.wordpress.org/trunk@30744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-06 21:32:24 +00:00
John Blackbourn
d88ed475b0 Switch to a 403 response code in places where it is more appropriate than a 500 due to permissions errors.
Fixes #10551
Props nacin

Built from https://develop.svn.wordpress.org/trunk@30356


git-svn-id: http://core.svn.wordpress.org/trunk@30355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:16:22 +00:00
John Blackbourn
b1ba80de87 Rename _wp_password_hint() to _wp_get_password_hint() to bring it inline with core terminology. Fixes #21243.
Built from https://develop.svn.wordpress.org/trunk@30033


git-svn-id: http://core.svn.wordpress.org/trunk@30033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-26 23:30:18 +00:00