This fixes a few WPCS warnings along the lines of:
* Array double arrow not aligned correctly
* Equals sign not aligned with surrounding statements
* Usage of ELSE IF is discouraged; use ELSEIF instead
Follow-up to [55099], [55192], [55194], [55271].
Props davidbaumwald, jrf, SergeyBiryukov.
Fixes#57994.
git-svn-id: https://develop.svn.wordpress.org/trunk@55606 602fd350-edb4-49c9-b593-d223f7449a82
This changeset replaces various HelpHub links that have changed to avoid extra 301 redirections.
Props sabernhardt, audrasjb.
See #57726.
git-svn-id: https://develop.svn.wordpress.org/trunk@55414 602fd350-edb4-49c9-b593-d223f7449a82
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.
Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes#29748.
git-svn-id: https://develop.svn.wordpress.org/trunk@55276 602fd350-edb4-49c9-b593-d223f7449a82
Up until now, new translations could only be installed via Settings -> General.
When editing the user profile, one could only select locales that were already installed.
This change allows also installing new translations if the editing user has the necessary capabilities.
Props barryceelen, johnbillion, ocean90, swissspidy.
Fixes#38664.
git-svn-id: https://develop.svn.wordpress.org/trunk@55099 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds `spellcheck="false"` attribute to various password fields.
The spellcheck global attribute defines whether the element may be checked for spelling errors. The `false` value indicates that the element should not be checked for spelling errors, which is relevant for a password field.
Furthermore, and as per MDN specs, using spellchecking can have consequences for users' security and privacy. The specification does not regulate how spellchecking is done and the content of the element may be sent to a third party for spellchecking results. Thus, it is recommended to set `spellcheck` attribute to `false` for elements that can contain sensitive information. Which is the case for password fields.
Props dziudek, audrasjb, gainesm, fosuahmed.
Fixes#56763.
git-svn-id: https://develop.svn.wordpress.org/trunk@55094 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds an anchor in Comments keyboard shortcut documentation links to direct the user to a more specific section of the HelpHub documentation. It also removes `target="_blank" from a link, since preventing data loss when clicking any on User Edit and Comment Edit screens is already handled by another existing ticket (#40493).
Props NekoJonez, SergeyBiryukov, sabernhardt, dennisatyoast, robinwpdeveloper.
Fixes#56920.
git-svn-id: https://develop.svn.wordpress.org/trunk@55042 602fd350-edb4-49c9-b593-d223f7449a82
This changeset replaces a HelpHub link with more accurate DevHub link about environment types in User profile edit screen.
Props greg24, whaze.
Fixes#56267.
git-svn-id: https://develop.svn.wordpress.org/trunk@53752 602fd350-edb4-49c9-b593-d223f7449a82
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.
Follow-up to [11383], [13096], [51597], [53452].
Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes#55852.
git-svn-id: https://develop.svn.wordpress.org/trunk@53455 602fd350-edb4-49c9-b593-d223f7449a82
This changes updates many strings to remove self-references to an undefined "we" collective across the WordPress Administration.
The goal of this change is to better match the guidelines and recommendations set forth in the make/core handbook, specifically:
> the word "we" should be avoided (…) unless its made very clear which group is speaking.
Props johnbillion, shital-patel, audrasjb, marybaum, SergeyBiryukov, peterwilsoncc, johnjamesjacoby, kebbet, costdev, chaion07, davidbaumwald.
Fixes#46057.
git-svn-id: https://develop.svn.wordpress.org/trunk@53131 602fd350-edb4-49c9-b593-d223f7449a82
Assign appropriate autocomplete values for new and edited user, user email, and password fields.
Props clonemykey, sabernhardt, WraithKenny, bookdude13, konradyoast.
Fixes#43886, #52714.
git-svn-id: https://develop.svn.wordpress.org/trunk@53111 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the helper text of the application password section was misleading for a Super Admin because an application password for a Super Admin grants access to all sites on the network, not just ones that they are a member of. This changeset provides a slightly different message for Super admin role.
Props johnbillion, rsiddharth, audrasjb.
Fixes#53234
git-svn-id: https://develop.svn.wordpress.org/trunk@53101 602fd350-edb4-49c9-b593-d223f7449a82
This change improves the formatting of `/wp-admin/user-edit.php` to avoid PHPCS failures when adding new code, which previously required new code to be indented multiple times, breaking alignment of the HTML parts. This change avoids disabling/enabling PHPCS for failing sniffs.
Props costdev, johnregan3, peterwilsoncc.
Fixes#54673.
git-svn-id: https://develop.svn.wordpress.org/trunk@52820 602fd350-edb4-49c9-b593-d223f7449a82
This brings the naming more in line with other variables like `$current_user`.
Follow-up to [2872].
See #54728.
git-svn-id: https://develop.svn.wordpress.org/trunk@52689 602fd350-edb4-49c9-b593-d223f7449a82
When `add_filter( 'wp_is_application_passwords_available', '__return_false' )` exists, HTTPS requirement message is shown even if HTTPS is enabled on the site. This happens because `wp_is_application_passwords_available_for_user()` first invokes `wp_is_application_passwords_available()` which is filterable. The situation could happen if the `'wp_is_application_passwords_available_for_user'` filter returns `false`.
To fix this, the check for HTTPS (or if in a 'local' environment) is moved to a new function called `wp_is_application_passwords_supported()`. Then the return from this function is used as an OR condition for the Application Passwords section and for displaying the HTTPS required message.
Tests are included for both `wp_is_application_passwords_supported()` and `wp_is_application_passwords_available()`.
Follow-up to [51980], [51988].
Props davidbinda, SergeyBiryukov, ocean90, felipeelia, costdev, hellofromTonya.
Fixes#53658.
git-svn-id: https://develop.svn.wordpress.org/trunk@52398 602fd350-edb4-49c9-b593-d223f7449a82
* Add missing translators comment.
* Add missing space, correct indentation.
* Put opening and closing PHP tag on a line by itself.
* Remove unnecessary escaping for consistency with other strings.
Follow-up to [51980].
See #53658.
git-svn-id: https://develop.svn.wordpress.org/trunk@51988 602fd350-edb4-49c9-b593-d223f7449a82
This change intends to avoid confusion around the requirements of the Application Passwords feature, specific to it requiring HTTPS and the `WP_ENVIRONMENT_TYPE` constant.
It does this by conditionally hiding the traditional UI and showing some insightful explanations instead, including a translatable link to the `WP_ENVIRONMENT_TYPE` documentation on the "Editing wp-config.php" support page.
Props ashfame, audrasjb, iluy, johnbillion.
Fixes #53658.
git-svn-id: https://develop.svn.wordpress.org/trunk@51980 602fd350-edb4-49c9-b593-d223f7449a82
In [49294, 49752], the `placeholder` attribute changed to `"WordPress App on My Phone"`. This change causes confusion as the field can be used in a variety of ways and is not limited to a phone.
Given a label exists for each field and clearly identifies its purpose, this commit removes the `placeholder` attribute from the `input` field.
Follow-up to [49109], [49294], [49752].
Props seedsca, audrasjb, joedolson, rehanali.
Fixes#54047.
git-svn-id: https://develop.svn.wordpress.org/trunk@51878 602fd350-edb4-49c9-b593-d223f7449a82
This should make it clear that the variable is used as part of the HTML `<title>` tag on admin screens.
Props ravipatel, hellofromTonya, sabernhardt, audrasjb, SergeyBiryukov.
Fixes#53729.
git-svn-id: https://develop.svn.wordpress.org/trunk@51475 602fd350-edb4-49c9-b593-d223f7449a82
Fix the enter key in profile form fields moving focus to the application password input instead of submitting the profile update for. Replace the submit button type used for application passwords with `button type="button"` and ensure that the enter key's native behavior isn't overwritten.
props audrasjb, alexstine, promz, sabernhardt.
Fixes#52849.
git-svn-id: https://develop.svn.wordpress.org/trunk@51086 602fd350-edb4-49c9-b593-d223f7449a82
Adjust some newly introduced strings to remove unnecessary numbered placeholders for consistency.
Follow-up to [42827].
See #51800.
git-svn-id: https://develop.svn.wordpress.org/trunk@50234 602fd350-edb4-49c9-b593-d223f7449a82
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.
The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.
Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes#34281.
git-svn-id: https://develop.svn.wordpress.org/trunk@50129 602fd350-edb4-49c9-b593-d223f7449a82
In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.
This commit extracts the Basic Auth check into a reusable function, `wp_is_site_protected_by_basic_auth()`, which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.
In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a `WWW-Authenticate` header to make this detection more robust out of the box.
Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.
Fixes#52066.
git-svn-id: https://develop.svn.wordpress.org/trunk@50006 602fd350-edb4-49c9-b593-d223f7449a82
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.
Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.
Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.
Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Fixes#51939.
git-svn-id: https://develop.svn.wordpress.org/trunk@49752 602fd350-edb4-49c9-b593-d223f7449a82
Corrects the "Application Name" field's aria-describedby attribute and makes the description visible.
Props alexstine, SergeyBiryukov.
Fixes#51580.
git-svn-id: https://develop.svn.wordpress.org/trunk@49573 602fd350-edb4-49c9-b593-d223f7449a82
- Add a label to the readonly password input.
- Handle focus loss after revoking app passwords.
- Handle focus loss after dismissing notices.
- Mark app name as `aria-required`.
- Use `aria-label` for detailed revoke button text instead of `title`.
- Use `-1` for `tabindex` instead of `0`.
Props alexstine, afercia, sabernhardt, audrasjb, joedolson, TimothyBlynJacobs.
Fixes#51580.
git-svn-id: https://develop.svn.wordpress.org/trunk@49549 602fd350-edb4-49c9-b593-d223f7449a82
Standardize on "Go to..." as a more appropriate option for most cases.
Props garrett-eclipse, kharisblank, audrasjb, ramiy, valentinbora.
Fixes#47235.
git-svn-id: https://develop.svn.wordpress.org/trunk@49539 602fd350-edb4-49c9-b593-d223f7449a82
Restore the "Cancel" button aria label to "Cancel password change" after it was inadvertently changed in r49248.
Props SergeyBiryukov.
Fixes#42852.
git-svn-id: https://develop.svn.wordpress.org/trunk@49392 602fd350-edb4-49c9-b593-d223f7449a82
- Make form inputs stacked instead of inline.
- Provide a visible label for the app name.
- Add screen reader text to dismiss button.
- Make "Revoke" button label more descriptive.
- Use aria-disabled instead of disabled to avoid focus loss.
- Display password in a readonly input to assist copy and paste.
- Remove large sections of italic text.
- Use `.form-wrap` and `.form-field` to give consistent form styling.
- Improve labeling and placeholder text.
Props alexstine, georgestephanis, afercia, TimothyBlynJacobs.
Fixes#51580.
git-svn-id: https://develop.svn.wordpress.org/trunk@49294 602fd350-edb4-49c9-b593-d223f7449a82
On the user edit screen improve handling and clarify language: rename the "Generate Password" and "Show password" buttons to "Set New Password". Clicking it always generates a password. Also: improve inline code comments and descriptions.
Props afercia, bookdude13, michaelarestad, pento.
Fixes#42852.
git-svn-id: https://develop.svn.wordpress.org/trunk@49248 602fd350-edb4-49c9-b593-d223f7449a82
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
git-svn-id: https://develop.svn.wordpress.org/trunk@49109 602fd350-edb4-49c9-b593-d223f7449a82
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.
Includes minor code layout fixes for better readability.
See #49542.
git-svn-id: https://develop.svn.wordpress.org/trunk@47808 602fd350-edb4-49c9-b593-d223f7449a82
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.
Includes minor code layout fixes for better readability.
See #49542.
git-svn-id: https://develop.svn.wordpress.org/trunk@47550 602fd350-edb4-49c9-b593-d223f7449a82
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
git-svn-id: https://develop.svn.wordpress.org/trunk@47198 602fd350-edb4-49c9-b593-d223f7449a82
