The `user_login` field only allows 60 characters, and `user_nicename` allows
50. However, there are no protections in the interface, and few in the code,
that prevent the creation of users with values in excess of these limits. Prior
to recent changes in `$wpdb`, users were generally created anyway, MySQL
having performed the necessary truncation. More recently, the `INSERT`s and
`UPDATE`s simply fail, with no real feedback on the nature of the failure.
This changeset addresses the issue in a number of ways:
* On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length.
* In `wp_insert_user()`, throw an error if the value provided for `'user_login'` or `'user_nicename'` exceeds the maximum field length.
* In `wp_insert_user()`, when using `'user_login'` to generate a default value for `'user_nicename'`, ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc).
Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges.
Fixes#33793.
git-svn-id: https://develop.svn.wordpress.org/trunk@34218 602fd350-edb4-49c9-b593-d223f7449a82
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.
Adds unit tests.
Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes#33654.
(Don't ask for new pluggables kthxbye)
git-svn-id: https://develop.svn.wordpress.org/trunk@34116 602fd350-edb4-49c9-b593-d223f7449a82
The previous move from `echo()` to `_e()` left some of the output hanging. Introduced in [32333].
Props figureone.
Fixes#33811 for trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@34012 602fd350-edb4-49c9-b593-d223f7449a82
In [32759] and [33586], we combined the domain and path entry for a site to a single "Site URL" field. This updates the help text to reflect that.
Fixes#33748. See #22383.
git-svn-id: https://develop.svn.wordpress.org/trunk@33921 602fd350-edb4-49c9-b593-d223f7449a82
After [33023] users would always be notified, this restores previous behavior.
Props markjaquith, ocean90.
Fixes#33358.
git-svn-id: https://develop.svn.wordpress.org/trunk@33620 602fd350-edb4-49c9-b593-d223f7449a82
In [32759], we adjusted `site-info.php` to display a single input for a site's full URL if the network was configured for subdomains. We also enforced path only editing for non-subdomain networks, which is a regression in expected behavior.
The full URL of a site can now be edited in both subdomain and subdirectory configurations.
Props @michaelryanmcneill.
Fixes#22383.
git-svn-id: https://develop.svn.wordpress.org/trunk@33586 602fd350-edb4-49c9-b593-d223f7449a82
After [33173], bulk actions would not process due to broken verification of the `bulk-sites` action. This reintroduces the proper action and treats bulk actions differently than individual site actions.
See #32963.
git-svn-id: https://develop.svn.wordpress.org/trunk@33194 602fd350-edb4-49c9-b593-d223f7449a82
* Use the site's name rather than URL in the Edit Site header.
* Provide "Visit" and "Dashboard" links for the site on all tabs.
Props @Fab1en, @jeremyfelt.
Fixes#32525.
git-svn-id: https://develop.svn.wordpress.org/trunk@33186 602fd350-edb4-49c9-b593-d223f7449a82
* Simplify URLs used for row actions to remove messaging and site domain/path.
* Use confirmation messaging from a managed list of actions when handling the request.
* Find the site address from the site ID rather than using information passed in the URL.
Fixes#32963.
git-svn-id: https://develop.svn.wordpress.org/trunk@33173 602fd350-edb4-49c9-b593-d223f7449a82
This corrects both the standard wp-admin new user form and the network new user form.
Props @brad2dabone, @sunnnyratilal.
Fixes#32644.
git-svn-id: https://develop.svn.wordpress.org/trunk@33160 602fd350-edb4-49c9-b593-d223f7449a82
After [32974] these links are no longer within an `h2`, making the class name
inaccurate. `add-new-h1` has the potential to expose the same problem for in a
possible future change.
Fixes#31650.
git-svn-id: https://develop.svn.wordpress.org/trunk@33067 602fd350-edb4-49c9-b593-d223f7449a82
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.
Props joedolson, afercia.
Fixes#31650.
git-svn-id: https://develop.svn.wordpress.org/trunk@32974 602fd350-edb4-49c9-b593-d223f7449a82
We also need to set novalidate on the form due to some browsers rejecting valid email addresses containing an IDN. We should holistically investigate whether this is still an issue in any major browsers at some point.
props earnjam.
fixes#32643.
git-svn-id: https://develop.svn.wordpress.org/trunk@32774 602fd350-edb4-49c9-b593-d223f7449a82
Now that we decide when to automatically update `home` and `siteurl`, we no longer need to switch to the site while displaying the form output.
See #32503.
git-svn-id: https://develop.svn.wordpress.org/trunk@32761 602fd350-edb4-49c9-b593-d223f7449a82
Rather than provide a checkbox to update the `siteurl` and `home` options, we can make an educated decision based on the current state. If the home and/or siteurl domain and path match the existing domain and path of the site, then we update with the new information.
Also, while scheme is not stored in `wp_blogs` along with a site, the scheme of the `home` and `siteurl` options can now be modified via the Site URL setting in `site-info.php` when the `home` and/or `siteurl` options match the existing domain.
Props @hugobaeta, @earnjam, @jeremyfelt.
Fixes#32503, see #22383.
git-svn-id: https://develop.svn.wordpress.org/trunk@32760 602fd350-edb4-49c9-b593-d223f7449a82
When a network is configured as subdomain, allow for the input of arbitrary domain and path combinations when editing a site rather than just the domain.
This takes a step or two toward #32503.
Props @scribu, @ericlewis, @jeremyfelt.
See #22383.
git-svn-id: https://develop.svn.wordpress.org/trunk@32759 602fd350-edb4-49c9-b593-d223f7449a82
Fix some egregious uses of tabbing.
Some functions can simply return `apply_filters(...)` instead of setting a variable that is immediately returned.
See #32444.
git-svn-id: https://develop.svn.wordpress.org/trunk@32654 602fd350-edb4-49c9-b593-d223f7449a82
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.
props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes#31233. see #23367.
git-svn-id: https://develop.svn.wordpress.org/trunk@31973 602fd350-edb4-49c9-b593-d223f7449a82
This allows for using proper plural forms in languages with more than two forms, and also resolves string conflicts when the same string is present in both singular and plural form.
fixes#28502.
git-svn-id: https://develop.svn.wordpress.org/trunk@31941 602fd350-edb4-49c9-b593-d223f7449a82
Previously the label just said "Posts", "Pages", or "Comments". This was bad in terms of accessibility and internationalization because of missing context.
This change adds a default label "Number of items per page:" to `WP_Screen->render_per_page_options()` and removes all the existing one-word labels.
props afercia.
fixes#31349, #15576.
git-svn-id: https://develop.svn.wordpress.org/trunk@31696 602fd350-edb4-49c9-b593-d223f7449a82
When the error message "You do not have permission to access this page" is used in network admin screens, return an HTTP status code of 403 to match. Previously: [30356] and [31300].
Props yo-l1982.
Fixes#31422.
git-svn-id: https://develop.svn.wordpress.org/trunk@31658 602fd350-edb4-49c9-b593-d223f7449a82
When deleting a user who is not associated with any sites, the current messaging can be confusing as only users associated with at least one site actually appear on the confirmation page for deletion.
This experience can be improved by showing all users being deleted as well as their current site associations.
* If an empty array of users is passed, don't attempt to confirm deletion.
* If one user is passed, show a message crafted for a user of one.
* If multiple users are passed, show a message crafted for many.
* Show the pending results of all users to be deleted.
* Update messaging around the deletion/confirmation process to be less misleading.
Props Idealien, HarishChaudhari, DrewAPicture.
Fixes#18132.
git-svn-id: https://develop.svn.wordpress.org/trunk@31656 602fd350-edb4-49c9-b593-d223f7449a82
* Add labels previously missing for many inputs throughout the network admin screen.
* Add proper `aria-describedby` attributes to provide better descriptions.
* Wrap grouped inputs with `fieldset` elements.
* Remove now unneeded `title` attributes when appropriate.
Props cfoellmann, afercia, rianrietveld.
Fixes#38406.
git-svn-id: https://develop.svn.wordpress.org/trunk@31517 602fd350-edb4-49c9-b593-d223f7449a82
