vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
27,746 Commits 1 Branch 0 Tags 243 MiB
32d38fc080
Commit Graph

48 Commits

Author SHA1 Message Date
John Blackbourn
d033be1f9d Remove padding from the comment notification emails which is from a bygone fixed-width font era. Prevents alignment issues in email clients which use vairable width fonts for plain text emails. Fixes #16721. Props DrewAPicture. 
git-svn-id: https://develop.svn.wordpress.org/trunk@30015 602fd350-edb4-49c9-b593-d223f7449a82
 2014-10-24 17:07:53 +00:00
Mark Jaquith
be8a0c6f89 Use HTTPS URLs for trac.wordpress.org (and use core.trac.wordpress.org) 
see #27115

git-svn-id: https://develop.svn.wordpress.org/trunk@29789 602fd350-edb4-49c9-b593-d223f7449a82
 2014-09-29 13:36:38 +00:00
Andrew Nacin
4c1462f2ff Add safeguards for when ext/hash is not compiled with PHP. 
see #29518, for trunk.


git-svn-id: https://develop.svn.wordpress.org/trunk@29751 602fd350-edb4-49c9-b593-d223f7449a82
 2014-09-20 17:27:46 +00:00
Andrew Nacin
e3345398aa Rename the public methods in the session tokens API. 
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.

The protected abstract methods designed for alternative implementations remain the same.

props mdawaffe.
see #20276.


git-svn-id: https://develop.svn.wordpress.org/trunk@29635 602fd350-edb4-49c9-b593-d223f7449a82
 2014-08-27 02:06:53 +00:00
Andrew Nacin
bf0272c8b1 Require a non-empty $nonce value in wp_verify_nonce(). 
props ocean90.
fixes #29217.


git-svn-id: https://develop.svn.wordpress.org/trunk@29620 602fd350-edb4-49c9-b593-d223f7449a82
 2014-08-26 07:38:51 +00:00
Drew Jaynes (DrewAPicture)
e8adffff96 s/does/does not in wp_set_password() docblock. 
See [29461]. See #28316.


git-svn-id: https://develop.svn.wordpress.org/trunk@29462 602fd350-edb4-49c9-b593-d223f7449a82
 2014-08-10 02:43:07 +00:00
Drew Jaynes (DrewAPicture)
5aef1c5aa5 Improve the wp_set_password() PHPDoc with a note to guard against executing the function on every page load, such as through a theme's functions.php file. 
See #28316.


git-svn-id: https://develop.svn.wordpress.org/trunk@29461 602fd350-edb4-49c9-b593-d223f7449a82
 2014-08-10 02:38:52 +00:00
Andrew Nacin
4984b04b81 Escape late in get_avatar(). 
git-svn-id: https://develop.svn.wordpress.org/trunk@29397 602fd350-edb4-49c9-b593-d223f7449a82
 2014-08-06 07:49:30 +00:00
Andrew Nacin
b2d8983dcc Constant time for wp_verify_nonce(). 
git-svn-id: https://develop.svn.wordpress.org/trunk@29382 602fd350-edb4-49c9-b593-d223f7449a82
 2014-08-06 05:25:03 +00:00
Andrew Nacin
97fcbef707 Tie cookies and nonces to user sessions so they may be invalidated upon logout. 
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.

Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().

This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.

props duck_, nacin, mdawaffe.
see #20276.


git-svn-id: https://develop.svn.wordpress.org/trunk@29221 602fd350-edb4-49c9-b593-d223f7449a82
 2014-07-18 09:12:05 +00:00
Sergey Biryukov
92a7523362 Asterisk is an allowed character in a URI and should not be stripped out by wp_sanitize_redirect(). 
fixes #28362.

git-svn-id: https://develop.svn.wordpress.org/trunk@28939 602fd350-edb4-49c9-b593-d223f7449a82
 2014-07-01 15:55:04 +00:00
Scott Taylor
dcd7ff837d Use the WPINC constant when loading class-phpass.php 
Props wojtek.szkutnik
See #14157.


git-svn-id: https://develop.svn.wordpress.org/trunk@28903 602fd350-edb4-49c9-b593-d223f7449a82
 2014-06-29 22:11:44 +00:00
Andrew Nacin
18d069703b Fix documentation for wp_create_nonce() which wrongly suggests these tokens are actually numbers used once. 
git-svn-id: https://develop.svn.wordpress.org/trunk@28793 602fd350-edb4-49c9-b593-d223f7449a82
 2014-06-20 20:46:13 +00:00
Scott Taylor
0675902ec8 Don't use variable variables in wp_salt(). 
See #27881.


git-svn-id: https://develop.svn.wordpress.org/trunk@28741 602fd350-edb4-49c9-b593-d223f7449a82
 2014-06-11 18:35:42 +00:00
Drew Jaynes (DrewAPicture)
1da8a18e5f Update the $secure_logged_in_cookie variable in the 'secure_logged_in_cookie' hook docs following [28627]. 
See #15330.


git-svn-id: https://develop.svn.wordpress.org/trunk@28628 602fd350-edb4-49c9-b593-d223f7449a82
 2014-05-30 15:19:29 +00:00
Andrew Nacin
8d980de0ee Use a secure logged_in_cookie when the home URL is forced HTTPS (see #27954). 
see #15330.


git-svn-id: https://develop.svn.wordpress.org/trunk@28627 602fd350-edb4-49c9-b593-d223f7449a82
 2014-05-30 15:07:18 +00:00
Scott Taylor
6dd449551e Eliminate the use of extract() in wp_mail(). Check the filtered array for each value before re-setting variables. 
See #22400.


git-svn-id: https://develop.svn.wordpress.org/trunk@28425 602fd350-edb4-49c9-b593-d223f7449a82
 2014-05-15 06:16:34 +00:00
Scott Taylor
3c418d4b57 Eliminate the use of extract() in wp_validate_auth_cookie(). 
Don't do anything fancy here, just set the 4 returned properties to variables. This function is semi-important.
	
See #22400.


git-svn-id: https://develop.svn.wordpress.org/trunk@28424 602fd350-edb4-49c9-b593-d223f7449a82
 2014-05-15 06:10:21 +00:00
Andrew Nacin
3234ade164 Harden HMAC verification. props duck_. 
git-svn-id: https://develop.svn.wordpress.org/trunk@28053 602fd350-edb4-49c9-b593-d223f7449a82
 2014-04-08 18:05:42 +00:00
Drew Jaynes (DrewAPicture)
c765ed8832 Inline documentation fixes related to the determine_current_user filter 
See #26706, #27700.


git-svn-id: https://develop.svn.wordpress.org/trunk@28007 602fd350-edb4-49c9-b593-d223f7449a82
 2014-04-07 21:17:44 +00:00
Drew Jaynes (DrewAPicture)
57f3e4ca3c Inline documentation for hooks in wp-includes/pluggable.php. 
Props kpdesign for some cleanup.
Fixes #26888.


git-svn-id: https://develop.svn.wordpress.org/trunk@27825 602fd350-edb4-49c9-b593-d223f7449a82
 2014-03-28 21:20:08 +00:00
Andrew Nacin
98ac075d8b Always decode special characters for email subjects. 
props tlovett1, jeremyfelt.
fixes #25346.


git-svn-id: https://develop.svn.wordpress.org/trunk@27801 602fd350-edb4-49c9-b593-d223f7449a82
 2014-03-28 02:43:04 +00:00
Andrew Nacin
2e9869e49a Avoid notices in wp_notify_postauthor() when a post has no author. 
props drozdz.
fixes #26659.


git-svn-id: https://develop.svn.wordpress.org/trunk@27568 602fd350-edb4-49c9-b593-d223f7449a82
 2014-03-17 20:30:04 +00:00
Andrew Nacin
7fa7c1340e Use get_comment_link() in wp_notify_postauthor(). 
Fixes pagination for the link directly to the moderated comment.

props eatingrules.
fixes #26133.


git-svn-id: https://develop.svn.wordpress.org/trunk@27567 602fd350-edb4-49c9-b593-d223f7449a82
 2014-03-17 20:19:29 +00:00
Andrew Nacin
517de7ea31 Allow for custom authentication handlers for all requests. 
Turn the logic used by wp_get_current_user() into a determine_current_user filter.

props rmccue.
fixes #26706.


git-svn-id: https://develop.svn.wordpress.org/trunk@27484 602fd350-edb4-49c9-b593-d223f7449a82
 2014-03-09 15:22:13 +00:00
Drew Jaynes
d670819b03 Improve inline documentation for wp_new_user_notification(). 
Props antorome for the initial patch.
Fixes #26703.


git-svn-id: https://develop.svn.wordpress.org/trunk@27149 602fd350-edb4-49c9-b593-d223f7449a82
 2014-02-09 21:07:01 +00:00
Sergey Biryukov
ab112fecb8 Fix typo in wp_set_auth_cookie() description. 
props drozdz.
fixes #27046.

git-svn-id: https://develop.svn.wordpress.org/trunk@27116 602fd350-edb4-49c9-b593-d223f7449a82
 2014-02-07 09:46:19 +00:00
Drew Jaynes
bd39e26032 First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin. 
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.


git-svn-id: https://develop.svn.wordpress.org/trunk@26868 602fd350-edb4-49c9-b593-d223f7449a82
 2013-12-24 18:56:05 +00:00
Drew Jaynes
a736126e83 Inline documentation for the following filter hooks in wp-includes/pluggable.php: 
* `comment_notification_recipients`
* `comment_notification_notify_author`

Also removes some generic `@uses` tags from various related doc blocks.

Props markjaquith.
Fixes #25699.


git-svn-id: https://develop.svn.wordpress.org/trunk@26388 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-26 04:09:30 +00:00
Mark Jaquith
9cbffc9222 Fix comment_notification_recipients filter behavior so that it is still respected even on comments left by the post author 
The code was bailing on this-is-a-comment-on-your-own-post detection, ignoring additional recipients. Now:

* Logic check is done within `wp_notify_postauthor()`
* Logic check is overridable via `comment_notification_notify_author` filter (default still false)
* The code doesn't bail on comment-on-own-post detection, but just removes the author from the array
* The code instead now bails if the recipients list is empty, so `comment_notification_recipients` works properly

props ethitter.
fixes #25699


git-svn-id: https://develop.svn.wordpress.org/trunk@26367 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-25 01:46:49 +00:00
Peter Westwood
92ee005ea0 Deprecate the second argument for wp_notify_postauthor because it is unecessary. Fixes #17862 props scribu and wonderboymusic. 
git-svn-id: https://develop.svn.wordpress.org/trunk@26358 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-24 16:25:44 +00:00
Sergey Biryukov
a6f9656497 Remove redundant cleanup of PHPMailer addresses in wp_mail(). 
props bananastalktome.
fixes #25789.

git-svn-id: https://develop.svn.wordpress.org/trunk@26121 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-13 03:44:16 +00:00
Sergey Biryukov
7cd8d225a3 Use case-insensitive comparison for email addresses. fixes #25779. 
git-svn-id: https://develop.svn.wordpress.org/trunk@26115 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-13 02:40:28 +00:00
Sergey Biryukov
c7c382b077 Avoid PHP notices in wp_notify_postauthor() when using a custom comment type. 
Use a switch statement for consistency with wp_notify_moderator().

fixes #25880.

git-svn-id: https://develop.svn.wordpress.org/trunk@26114 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-13 02:31:15 +00:00
Sergey Biryukov
acc8ac64b8 Fall back to comment author email in get_avatar() if the user who left the comment no longer exists. 
props mauryaratan, lite3.
fixes #25803.

git-svn-id: https://develop.svn.wordpress.org/trunk@26000 602fd350-edb4-49c9-b593-d223f7449a82
 2013-11-02 12:19:43 +00:00
Andrew Nacin
ceaf87ff2d Maintain the same output for get_avatar() as 3.6. see [25895]. 
git-svn-id: https://develop.svn.wordpress.org/trunk@25899 602fd350-edb4-49c9-b593-d223f7449a82
 2013-10-24 19:31:06 +00:00
Andrew Nacin
31e45a7aeb Always escape URLs at the last possible moment. 
git-svn-id: https://develop.svn.wordpress.org/trunk@25895 602fd350-edb4-49c9-b593-d223f7449a82
 2013-10-24 18:51:59 +00:00
Andrew Nacin
fc1438c8bc Move the trim() from wp_set_password() to inside wp_hash_password(). 
props rpattillo, joehoyle.
fixes #24973. see #23494.


git-svn-id: https://develop.svn.wordpress.org/trunk@25709 602fd350-edb4-49c9-b593-d223f7449a82
 2013-10-07 13:53:09 +00:00
Scott Taylor
825faf32da Use elseif when slurping the nonce in check_ajax_referer() to avoid accidentally overwriting it. 
Fail wonderboymusic in [25433].
Props ocean90.
Fixes #25369.
See [25433].



git-svn-id: https://develop.svn.wordpress.org/trunk@25550 602fd350-edb4-49c9-b593-d223f7449a82
 2013-09-21 16:25:57 +00:00
Scott Taylor
402e61f269 Fix some undefined index notices related to Comment unit tests: 
* There are several places where a `$_POST` index was unchecked before setting a variable
* In `wp_notify_postauthor()`, `$comment` was being returned null, but its properties were being accessed.
* In `check_ajax_referer()`, 3 different values can be checked for nonce on `$_REQUEST`, but only 1 had an `isset()`

See #25282.



git-svn-id: https://develop.svn.wordpress.org/trunk@25433 602fd350-edb4-49c9-b593-d223f7449a82
 2013-09-13 22:17:51 +00:00
Andrew Nacin
ac3361e997 Validate referrers to prevent off-domain redirects. 
git-svn-id: https://develop.svn.wordpress.org/trunk@25318 602fd350-edb4-49c9-b593-d223f7449a82
 2013-09-10 18:06:43 +00:00
Andrew Nacin
37d92f4851 Short descriptions for inline docs should end with a period, per the vast majority of core. see #25229. 
git-svn-id: https://develop.svn.wordpress.org/trunk@25273 602fd350-edb4-49c9-b593-d223f7449a82
 2013-09-06 01:37:59 +00:00
Sergey Biryukov
7aa0fd9a78 Add phpdoc for 'wp_redirect' and 'wp_redirect_status' filters. props DrewAPicture. fixes #25215. 
git-svn-id: https://develop.svn.wordpress.org/trunk@25230 602fd350-edb4-49c9-b593-d223f7449a82
 2013-09-04 08:30:37 +00:00
Sergey Biryukov
6bef163456 Update phpdoc for get_user_to_edit(), get_userdata(), and get_user_by(). props tivnet. fixes #24992. 
git-svn-id: https://develop.svn.wordpress.org/trunk@25204 602fd350-edb4-49c9-b593-d223f7449a82
 2013-09-02 03:24:33 +00:00
Andrew Ozz
961bbcb780 Logging in: when the Remember Me checkbox is checked, make sure the browser continues to send the expired cookies so the "login grace period" for POST and AJAX requests works. Fixes #24735. 
git-svn-id: https://develop.svn.wordpress.org/trunk@25107 602fd350-edb4-49c9-b593-d223f7449a82
 2013-08-23 21:26:58 +00:00
Sergey Biryukov
ad94ffb64d Use correct variable. see #22922. 
git-svn-id: https://develop.svn.wordpress.org/trunk@25105 602fd350-edb4-49c9-b593-d223f7449a82
 2013-08-23 20:56:50 +00:00
Andrew Nacin
1f24e6d76b Add filters to the recipients of emails sent by wp_notify_postauthor() and wp_notify_moderator(). 
The new filters are called comment_notification_recipients and comment_moderation_recipients.

Add the context of $comment_id to the comment_moderation_headers filter, to match the comment_notification_headers filter.

props chipbennett.
fixes #22922, #20353.



git-svn-id: https://develop.svn.wordpress.org/trunk@25104 602fd350-edb4-49c9-b593-d223f7449a82
 2013-08-23 19:35:04 +00:00
Andrew Nacin
b43712e0f7 New develop.svn.wordpress.org repository based on the old core.svn repository. 
* All WordPress files move to a src/ directory.
 * New task runner (Grunt), configured to copy a built WordPress to build/.
 * svn:ignore and .gitignore for Gruntfile.js, wp-config.php, and node.js.
 * Remove Akismet external from develop.svn. Still exists in core.svn.
 * Drop minified files from src/. The build process will now generate these.

props koop.
see #24976.

and see http://wp.me/p2AvED-1AI.



git-svn-id: https://develop.svn.wordpress.org/trunk@25001 602fd350-edb4-49c9-b593-d223f7449a82
 2013-08-07 05:25:25 +00:00