The filters `user_confirmed_action_email_content`, `user_erasure_complete_email_subject`, and `user_erasure_complete_email_headers` have been deprecated.
They have been replaced with `user_erasure_fulfillment_email_content`, `user_erasure_fulfillment_email_subject`, and `user_erasure_fulfillment_email_headers`.
Props desrosj, garrett-eclipse, birgire, DrewAPicture, lifeforceinst, ocean90, pbiron, pento, coffee2code, TZ-Media, SergeyBiryukov, johnbillion, audrasjb, davidbaumwald, hellofromTonya, helen, xkon, antpb, peterwilsoncc, lukecarbis.
Fixes#44314.
git-svn-id: https://develop.svn.wordpress.org/trunk@51129 602fd350-edb4-49c9-b593-d223f7449a82
The new message is more clear and makes the next step more clear to the user.
Props dd32, SergeyBiryukov, audrasjb, desrosj, dlh, marybaum, chanthaboune, jeffpaul.
Fixes#52915.
git-svn-id: https://develop.svn.wordpress.org/trunk@51126 602fd350-edb4-49c9-b593-d223f7449a82
This adds a new parameter to the action and filter hooks found in `wp_insert_user()` to pass the raw user data received through `$userdata` to hooked functions.
This will allow hooked functions to perform more contextual adjustments to new users, and makes supplying custom user meta fields possible.
Props johnbillion, audrasjb.
Fixes#53110.
git-svn-id: https://develop.svn.wordpress.org/trunk@51005 602fd350-edb4-49c9-b593-d223f7449a82
The `update_user_option()` function is a way to update a user meta value after adding a blog’s prefix to the beginning of the meta key. But when the fourth parameter is `true`, the behavior is exactly the same as calling `update_user_meta()` directly.
This replaces all instances of `update_user_option()` when the fourth parameter is `true` in Core with a direct call to `update_user_meta()` to prevent an unnecessary call to `update_user_option()`.
Props johnjamesjacoby, zkancs, obenland, desrosj.
Fixes#43339.
git-svn-id: https://develop.svn.wordpress.org/trunk@50981 602fd350-edb4-49c9-b593-d223f7449a82
Previously, these properties could be unexpectedly converted to strings in some contexts.
This applies to the following functions:
* `sanitize_post_field()`
* `sanitize_term_field()`
* `sanitize_user_field()`
and the following properties:
* `WP_Post::ID`
* `WP_Post::post_parent`
* `WP_Post::menu_order`
* `WP_Term::term_id`
* `WP_Term::term_taxonomy_id`
* `WP_Term::parent`
* `WP_Term::count`
* `WP_Term::term_group`
* `WP_User::ID`
Props grantmkin, SergeyBiryukov.
Fixes#53235. See #52995.
git-svn-id: https://develop.svn.wordpress.org/trunk@50935 602fd350-edb4-49c9-b593-d223f7449a82
Share the `WP_User` instance for the current user between the functions `get_userdata()` and `wp_get_current_user()`. Both functions return the `$current_user` global for the current user.
Force refresh the `$current_user` global within `clean_user_cache()` by immediately re-calling `wp_set_current_user()` with the current user's ID. This ensures any changes to the current user's permissions or other settings are reflected in the global. As a side-effect this immediately rewarms the current user's cache.
Props chaion07, chriscct7, donmhico, hellofromtonya, lukecarbis, peterwilsoncc, rmccue, TimothyBlynJacobs.
Fixes#28020.
git-svn-id: https://develop.svn.wordpress.org/trunk@50790 602fd350-edb4-49c9-b593-d223f7449a82
[48658] documented that various metadata functions return false for an invalid ID. However, that does not clarify what an invalid ID is: a non-numeric, zero, or negative value. This change adds the clarification in all relevant metadata function docblocks.
Props icopydoc, SergeyBiryukov, davidkryzaniak, audrasjb.
Fixes#51797.
git-svn-id: https://develop.svn.wordpress.org/trunk@50641 602fd350-edb4-49c9-b593-d223f7449a82
This makes the message more consistent with other error messages related to authentication and registration.
Follow-up to [46417].
Props dd32.
See #52914, #52915.
git-svn-id: https://develop.svn.wordpress.org/trunk@50589 602fd350-edb4-49c9-b593-d223f7449a82
When sending password reset emails, switch to the user's locale prior to obtaining the site title to allow for plugins filtering based on locale.
Follow up to [50129,50139-50141,50152,50415].
Props chouby.
Fixes#52605. See #34281.
git-svn-id: https://develop.svn.wordpress.org/trunk@50439 602fd350-edb4-49c9-b593-d223f7449a82
This avoids unnecessarily disclosing the IP address when sending a password reset link to another user from the admin.
Follow-up to [49255], [50129].
Props carike, audrasjb, gmariani405, Ipstenu.
See #34281.
git-svn-id: https://develop.svn.wordpress.org/trunk@50422 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that reset password emails initiated by an administrator are sent to the user in their preferred locale.
Follow up to [50129,50139-50141,50152].
Props chouby, davidbaumwald, audrasjb, johnbillion.
Fixes#52605. See #34281.
git-svn-id: https://develop.svn.wordpress.org/trunk@50415 602fd350-edb4-49c9-b593-d223f7449a82
This adds a form option to skip the admin email alert when exporting personal data.
Props xkon, azaozz, TZ-Media, iandunn, desrosj, iprg, allendav, wesselvandenberg, karmatosed, birgire, davidbaumwald, estelaris, paaljoachim, hellofromTonya.
Fixes#43890.
git-svn-id: https://develop.svn.wordpress.org/trunk@50159 602fd350-edb4-49c9-b593-d223f7449a82
This replaces "user privacy" in various error messages with "personal data", for consistency with other existing strings.
Follow-up to [49090].
Props xkon, transl8or.
Fixes#51849.
git-svn-id: https://develop.svn.wordpress.org/trunk@49970 602fd350-edb4-49c9-b593-d223f7449a82
Previously, only the username was checked which caused a PHP warning in some server setups, for instance Shibboleth SSO, where the server only populates the `PHP_AUTH_USER` field.
Props MadtownLems, johnbillion, richard.tape, engahmeds3ed.
Fixes#52003.
git-svn-id: https://develop.svn.wordpress.org/trunk@49919 602fd350-edb4-49c9-b593-d223f7449a82
Application Passwords uses Basic Authentication to transfer authentication details. If the site is already using Basic Auth, for instance to implement a private staging environment, then the REST API will treat this as an authentication attempt and would end up generating an error for any REST API request.
Now, Application Password authentication will only be attempted if Application Passwords is in use by a site. This is flagged by setting an option whenever an Application Password is created. An upgrade routine is added to set this option if any App Passwords already exist.
Lastly, creating an Application Password will be prevented if the site appears to already be using Basic Authentication.
Props chexwarrior, georgestephanis, adamsilverstein, helen, Clorith, marybaum, TimothyBlynJacobs.
Fixes#51939.
git-svn-id: https://develop.svn.wordpress.org/trunk@49752 602fd350-edb4-49c9-b593-d223f7449a82
While many of these parameters also technically accept an array of numerical strings, they are all ultimately cast to an array of integers. Documenting them as such assists developers in understanding the expected types.
See #51800, #41756
git-svn-id: https://develop.svn.wordpress.org/trunk@49672 602fd350-edb4-49c9-b593-d223f7449a82
Previously App Passwords used a mix of "enabled" and "available". We've now standardized on using "available".
Additionally, we now use a 501 status code when indicating that App Passwords is not available.
Props SergeyBiryukov, ocean90, TimothyBlynJacobs.
Fixes#51513.
git-svn-id: https://develop.svn.wordpress.org/trunk@49617 602fd350-edb4-49c9-b593-d223f7449a82
This will make testing the new feature easier since the local development environment is only accessible via HTTP by default.
Also update docs to link to the relevant filters.
See #42790.
Fixes#51503.
git-svn-id: https://develop.svn.wordpress.org/trunk@49139 602fd350-edb4-49c9-b593-d223f7449a82
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
git-svn-id: https://develop.svn.wordpress.org/trunk@49109 602fd350-edb4-49c9-b593-d223f7449a82
Primarily this adds "user privacy" to the strings for privacy requests, so they are more easily distinguished from other system actions within logs.
Props garrett-eclipse, carike, birgire.
Fixes#51351.
git-svn-id: https://develop.svn.wordpress.org/trunk@49090 602fd350-edb4-49c9-b593-d223f7449a82
This avoids a few PHP notices if the `include_selected` parameter was specified and a non-existing user ID was passed.
Props campusboy1987.
Fixes#51370.
git-svn-id: https://develop.svn.wordpress.org/trunk@49036 602fd350-edb4-49c9-b593-d223f7449a82
The filter is the callback function added with `add_filter()`, therefore the hook passes a value to the filter, and the filter returns a value to change its behaviour.
The documentation is referring to the latter.
Props johnbillion.
See #49572, #16557.
git-svn-id: https://develop.svn.wordpress.org/trunk@48185 602fd350-edb4-49c9-b593-d223f7449a82
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes#50413.
git-svn-id: https://develop.svn.wordpress.org/trunk@48121 602fd350-edb4-49c9-b593-d223f7449a82
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
git-svn-id: https://develop.svn.wordpress.org/trunk@48115 602fd350-edb4-49c9-b593-d223f7449a82
