If there is no URL query in the `$_GET['redirect_to'], `wp_parse_url()` will return `null`. Passing `null` to `parse_str()` results in a PHP 8.1 deprecation notice
{{{
Deprecated: parse_str(): Passing null to parameter #1 ($string) of type string is deprecated
}}}
This commit:
- Fixes the deprecation notice.
- Skips doing the `parse_str()` when there's no URL query.
- Provides a micro-optimization performance boost.
Follow-up to [49109].
Props jrf, hellofromTonya, BinaryKitten.
See #53635.
git-svn-id: https://develop.svn.wordpress.org/trunk@51829 602fd350-edb4-49c9-b593-d223f7449a82
This avoids an "Undefined index" PHP notice displayed as part of password reset process if `$_GET['key']` is set, but `$_GET['login']` is not.
Props satrancali.
Fixes#52980.
git-svn-id: https://develop.svn.wordpress.org/trunk@50677 602fd350-edb4-49c9-b593-d223f7449a82
This makes the messages more consistent with other error messages related to authentication and registration.
Follow-up to [50589].
Props dd32.
Fixes#52914.
git-svn-id: https://develop.svn.wordpress.org/trunk@50611 602fd350-edb4-49c9-b593-d223f7449a82
This provides greater discoverability of such hooks in search results on the Code Reference site as well as increased clarity when reading the source.
See #50734, #52628
git-svn-id: https://develop.svn.wordpress.org/trunk@50505 602fd350-edb4-49c9-b593-d223f7449a82
Previously, it was unclear that the displayed password is only being suggested and should be saved by clicking the Reset Password button.
This adds separate Generate Password and Save Password buttons, for clarity.
Props xkon, estelaris, jaymanpandya, hedgefield, audrasjb, erichmond, magicroundabout, lukecavanagh, knutsp, tinodidriksen, nico_martin, markhowellsmead, kara.mcnair, e_baker, pixelverbieger, souri_wpaustria, megabyterose, poena, whyisjake.
Fixes#39638.
git-svn-id: https://develop.svn.wordpress.org/trunk@50153 602fd350-edb4-49c9-b593-d223f7449a82
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.
The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.
Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes#34281.
git-svn-id: https://develop.svn.wordpress.org/trunk@50129 602fd350-edb4-49c9-b593-d223f7449a82
Add a new `login_site_html_link` filter that developers can use to adjust the "Go to site" link displayed in the login page footer.
Props ebinnion, DrewAPicture, audrasjb, hellofromTonya, sabernhardt.
Fixes#35449.
git-svn-id: https://develop.svn.wordpress.org/trunk@50117 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.
* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
* `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
* `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
* `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.
Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.
Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.
Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.
git-svn-id: https://develop.svn.wordpress.org/trunk@49992 602fd350-edb4-49c9-b593-d223f7449a82
Standardize on "Go to..." as a more appropriate option for most cases.
Props garrett-eclipse, kharisblank, audrasjb, ramiy, valentinbora.
Fixes#47235.
git-svn-id: https://develop.svn.wordpress.org/trunk@49539 602fd350-edb4-49c9-b593-d223f7449a82
When `noopener noreferrer` was originally added in #37941 and related tickets, the `noreferrer` bit was specifically included due to Firefox not supporting `noopener` at the time.
Since `noopener` has been supported by all major browsers for a while, it should now be safe to remove the `noreferrer` attribute from core.
Props Mista-Flo, audrasjb, joostdevalk, jonoaldersonwp, peterwilsoncc, elgameel.
Fixes#49558.
git-svn-id: https://develop.svn.wordpress.org/trunk@49215 602fd350-edb4-49c9-b593-d223f7449a82
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
git-svn-id: https://develop.svn.wordpress.org/trunk@49109 602fd350-edb4-49c9-b593-d223f7449a82
After clicking remind me later, the user is shown an admin notification.
Fixes#48333.
Props desrosj, sathyapulse, Clorith, azaozz, audrasjb, afragen, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@48359 602fd350-edb4-49c9-b593-d223f7449a82
This aims to reduce some confusion and make it clearer that the email should be checked before attempting to log in right away.
Props rianrietveld, pratik028, bdbch, johnbillion, hankthetank, yashrs, williampatton, audrasjb, bmartinent, florianatwhodunit, henry.wright, birgire, SergeyBiryukov.
Fixes#40605, #41514.
git-svn-id: https://develop.svn.wordpress.org/trunk@48304 602fd350-edb4-49c9-b593-d223f7449a82
The attribute is specific to XHTML and is not needed in HTML5.
Props audrasjb, diddledan, hommealone, joyously, mukesh27, valentinbora, peterwilsoncc, SergeyBiryukov.
Fixes#49126.
git-svn-id: https://develop.svn.wordpress.org/trunk@48126 602fd350-edb4-49c9-b593-d223f7449a82
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
git-svn-id: https://develop.svn.wordpress.org/trunk@48115 602fd350-edb4-49c9-b593-d223f7449a82
This complements the `registration_errors` filter in `register_new_user()`.
Props wpdo5ea, dilipbheda.
Fixes#49521.
git-svn-id: https://develop.svn.wordpress.org/trunk@48084 602fd350-edb4-49c9-b593-d223f7449a82
For a number of years, most of the WordPress error messages have been prefixed with "Error:". However, these messages appear in a context where it's already clear an error occurred. Whether it's an error, a warning, or any other classification, that's not so relevant for users. The content of the message is the relevant part. The "Error:" prefix doesn't add great value while it does add unnecessary complexity for the message readability.
Also, revises some of these messages to improve clarity and removes HTML from translatable strings.
Props garrett-eclipse, ramiy, SergeyBiryukov, afercia, sabernhardt, quadthemes, audrasjb.
See #47003, #43037, #42945, #15887.
Fixes#47656.
git-svn-id: https://develop.svn.wordpress.org/trunk@48059 602fd350-edb4-49c9-b593-d223f7449a82
In WordPress 3.2 support for IE6 was dropped, IE7 followed a few versions later. With the 4.8 release, WordPress officially ended support for Internet Explorer versions 8, 9, and 10. Yet, we still have shipped CSS for the unsupported IE versions....until now! Goodbye to ie.css and star hacks!
* Removes ie.css and `ie` style handle.
* Removes IE specific class names and any related CSS.
* Drops support for IE8 and older in `wp_customize_support_script()`.
* Updates compatibility mode for CSS minification to `ie11`.
Props ayeshrajans, isabel_brison, afercia, netweb, peterwilsoncc, ocean90.
Fixes#17232, #46015.
git-svn-id: https://develop.svn.wordpress.org/trunk@47771 602fd350-edb4-49c9-b593-d223f7449a82
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
git-svn-id: https://develop.svn.wordpress.org/trunk@47198 602fd350-edb4-49c9-b593-d223f7449a82
Using all caps should be avoided for better readability and because screen readers may pronounce all-caps words as abbreviations.
Props afercia, ryokuhi, sabernhardt, garrett-eclipse.
See #47656, #43037, #42945.
git-svn-id: https://develop.svn.wordpress.org/trunk@47156 602fd350-edb4-49c9-b593-d223f7449a82
The brackets were originally added in [16285] per W3C recommendation in https://www.w3.org/Addressing/URL/5.1_Wrappers.html to avoid wrapping the URL across multiple lines in plain text in older email clients.
This doesn't seem like a common issue in modern email clients, and the current implementation causes more issues than it solves. Since the URL is on a line by itself, it should not require any delimiters.
The URL in recovery mode email introduced in [44973] doesn't have angle brackets, so it's time to retire them in password reset email too if they're not used consistently.
Props donmhico, Otto42, sproutchris, iandunn, dd32, DaveWP196, sebastian.pisula, tommix, sablednah, julian.kimmig, Rahe, clayisland, arenddeboer, nicole2292, nagoke, squarecandy, eatingrules, SergeyBiryukov.
Fixes#21095, #23578, #44589.
git-svn-id: https://develop.svn.wordpress.org/trunk@47086 602fd350-edb4-49c9-b593-d223f7449a82
Make sure it actually tests the change in behavior, previously it passed both before and after the patch.
Add `wp_unslash()` to the last remaining instance of `$_POST['user_login']` that didn't have it.
See #38744.
git-svn-id: https://develop.svn.wordpress.org/trunk@46650 602fd350-edb4-49c9-b593-d223f7449a82
Allows a login to have an apostorphe. Which would normally be created as a mistake, but this allows the login to happen.
Fixes#38744
Props wpkuf, desrosj, socalchristina, bibliofille, santilinwp, nsubugak, sncoker, cafenoirdesign, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@46640 602fd350-edb4-49c9-b593-d223f7449a82
