mirror of
https://github.com/WordPress/WordPress.git
synced 2024-08-22 05:43:45 +02:00
4b60af1a6a
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.” With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434). Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase. Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort. Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam. See #48900, #50434. Fixes #50413. Built from https://develop.svn.wordpress.org/trunk@48121 git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
145 lines
4.0 KiB
JavaScript
145 lines
4.0 KiB
JavaScript
/**
|
|
* @output wp-admin/js/password-strength-meter.js
|
|
*/
|
|
|
|
/* global zxcvbn */
|
|
window.wp = window.wp || {};
|
|
|
|
(function($){
|
|
|
|
/**
|
|
* Contains functions to determine the password strength.
|
|
*
|
|
* @since 3.7.0
|
|
*
|
|
* @namespace
|
|
*/
|
|
wp.passwordStrength = {
|
|
/**
|
|
* Determines the strength of a given password.
|
|
*
|
|
* Compares first password to the password confirmation.
|
|
*
|
|
* @since 3.7.0
|
|
*
|
|
* @param {string} password1 The subject password.
|
|
* @param {Array} disallowedList An array of words that will lower the entropy of
|
|
* the password.
|
|
* @param {string} password2 The password confirmation.
|
|
*
|
|
* @return {number} The password strength score.
|
|
*/
|
|
meter : function( password1, disallowedList, password2 ) {
|
|
if ( ! $.isArray( disallowedList ) )
|
|
disallowedList = [ disallowedList.toString() ];
|
|
|
|
if (password1 != password2 && password2 && password2.length > 0)
|
|
return 5;
|
|
|
|
if ( 'undefined' === typeof window.zxcvbn ) {
|
|
// Password strength unknown.
|
|
return -1;
|
|
}
|
|
|
|
var result = zxcvbn( password1, disallowedList );
|
|
return result.score;
|
|
},
|
|
|
|
/**
|
|
* Builds an array of words that should be penalized.
|
|
*
|
|
* Certain words need to be penalized because it would lower the entropy of a
|
|
* password if they were used. The disallowedList is based on user input fields such
|
|
* as username, first name, email etc.
|
|
*
|
|
* @since 3.7.0
|
|
* @deprecated 5.5.0 Use {@see 'userInputBlockList()'} instead.
|
|
*
|
|
* @return {string[]} The array of words to be disallowed.
|
|
*/
|
|
userInputBlacklist : function() {
|
|
wp.deprecated( 'wp.passwordStrength.userInputBlacklist()', {
|
|
version: '5.5.0',
|
|
alternative: 'wp.passwordStrength.userInputDisallowedList()',
|
|
plugin: 'WordPress',
|
|
hint: wp.i18n.__( 'Please consider writing more inclusive code.' )
|
|
} );
|
|
|
|
return wp.passwordStrength.userInputDisallowedList();
|
|
},
|
|
|
|
/**
|
|
* Builds an array of words that should be penalized.
|
|
*
|
|
* Certain words need to be penalized because it would lower the entropy of a
|
|
* password if they were used. The disallowed list is based on user input fields such
|
|
* as username, first name, email etc.
|
|
*
|
|
* @since 5.5.0
|
|
*
|
|
* @return {string[]} The array of words to be disallowed.
|
|
*/
|
|
userInputDisallowedList : function() {
|
|
var i, userInputFieldsLength, rawValuesLength, currentField,
|
|
rawValues = [],
|
|
disallowedList = [],
|
|
userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
|
|
|
|
// Collect all the strings we want to disallow.
|
|
rawValues.push( document.title );
|
|
rawValues.push( document.URL );
|
|
|
|
userInputFieldsLength = userInputFields.length;
|
|
for ( i = 0; i < userInputFieldsLength; i++ ) {
|
|
currentField = $( '#' + userInputFields[ i ] );
|
|
|
|
if ( 0 === currentField.length ) {
|
|
continue;
|
|
}
|
|
|
|
rawValues.push( currentField[0].defaultValue );
|
|
rawValues.push( currentField.val() );
|
|
}
|
|
|
|
/*
|
|
* Strip out non-alphanumeric characters and convert each word to an
|
|
* individual entry.
|
|
*/
|
|
rawValuesLength = rawValues.length;
|
|
for ( i = 0; i < rawValuesLength; i++ ) {
|
|
if ( rawValues[ i ] ) {
|
|
disallowedList = disallowedList.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Remove empty values, short words and duplicates. Short words are likely to
|
|
* cause many false positives.
|
|
*/
|
|
disallowedList = $.grep( disallowedList, function( value, key ) {
|
|
if ( '' === value || 4 > value.length ) {
|
|
return false;
|
|
}
|
|
|
|
return $.inArray( value, disallowedList ) === key;
|
|
});
|
|
|
|
return disallowedList;
|
|
}
|
|
};
|
|
|
|
// Backward compatibility.
|
|
|
|
/**
|
|
* Password strength meter function.
|
|
*
|
|
* @since 2.5.0
|
|
* @deprecated 3.7.0 Use wp.passwordStrength.meter instead.
|
|
*
|
|
* @global
|
|
*
|
|
* @type {wp.passwordStrength.meter}
|
|
*/
|
|
window.passwordStrength = wp.passwordStrength.meter;
|
|
})(jQuery);
|