Session tokens contain an IP address and user agent.
Props garrett-eclipse, nickylimjj, lakenh, xkon, rconde.
Fixes#45889.
git-svn-id: https://develop.svn.wordpress.org/trunk@47237 602fd350-edb4-49c9-b593-d223f7449a82
The value is used by the WordPress Events and News widget to show relevant WP community events.
The location information may include an IP address, location description, and latitude/longitude coordinates.
Props garrett-eclipse, coreymckrill, xkon.
Fixes#43921.
git-svn-id: https://develop.svn.wordpress.org/trunk@47236 602fd350-edb4-49c9-b593-d223f7449a82
Make sure it actually tests the change in behavior, previously it passed both before and after the patch.
Add `wp_unslash()` to the last remaining instance of `$_POST['user_login']` that didn't have it.
See #38744.
git-svn-id: https://develop.svn.wordpress.org/trunk@46650 602fd350-edb4-49c9-b593-d223f7449a82
Allows a login to have an apostorphe. Which would normally be created as a mistake, but this allows the login to happen.
Fixes#38744
Props wpkuf, desrosj, socalchristina, bibliofille, santilinwp, nsubugak, sncoker, cafenoirdesign, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@46640 602fd350-edb4-49c9-b593-d223f7449a82
All PHP files in `/tests` now conform to the PHP coding standards, or have exceptions appropriately marked.
Travis now also runs `phpcs` on the `/tests` directory, any future changes to these files must conform entirely to the WordPress PHP coding standards. 🎉
See #47632.
git-svn-id: https://develop.svn.wordpress.org/trunk@45607 602fd350-edb4-49c9-b593-d223f7449a82
A few sniffs have been renamed, this change includes the relevant `phpcs:ignore` comment updates.
Fixes#46002.
git-svn-id: https://develop.svn.wordpress.org/trunk@44645 602fd350-edb4-49c9-b593-d223f7449a82
Prevent a notification from being sent when an unrecognised value is passed in the `$notify` parameter.
Props cthreelabs, 360zen.
Fixes#44293.
git-svn-id: https://develop.svn.wordpress.org/trunk@44611 602fd350-edb4-49c9-b593-d223f7449a82
From the `WordPress.NamingConventions.ValidVariableName` sniff, this commit fixes/whitelists all `NotSnakeCaseMemberVar`, `MemberNotSnakeCase`, and `StringNotSnakeCase` violations. It also fixes a handful of the `NotSnakeCase` violations.
See #45934.
git-svn-id: https://develop.svn.wordpress.org/trunk@44573 602fd350-edb4-49c9-b593-d223f7449a82
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
git-svn-id: https://develop.svn.wordpress.org/trunk@43571 602fd350-edb4-49c9-b593-d223f7449a82
`user_status` is not considered personal data, so the total number of exported user properties is 11.
See #43547.
git-svn-id: https://develop.svn.wordpress.org/trunk@43116 602fd350-edb4-49c9-b593-d223f7449a82
`edit_user()` can also update user roles but was still using the `edit_users` capability instead of the newer `promote_users` capability introduced in [14176].
This makes the role handling consistent with the bulk dropdown menu for role changes.
Props flixos90, johnjamesjacoby, ocean90.
Fixes#42564.
git-svn-id: https://develop.svn.wordpress.org/trunk@42855 602fd350-edb4-49c9-b593-d223f7449a82
WordPress' code just... wasn't.
This is now dealt with.
Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes#41057.
git-svn-id: https://develop.svn.wordpress.org/trunk@42343 602fd350-edb4-49c9-b593-d223f7449a82
While it has always been possible to initialize a user's roles and capabilities for another site than the current one in a multisite, the actual roles available were not switched prior to this change, possibly causing invalid roles to show up or actually valid capabilities not being available.
In order to fix this bug in a clean way, relevant parts of the `WP_User` class have been refactored. The ID of the site for which capabilities are currently initialized are now stored in a private property `WP_User::$site_id`. The `WP_User::for_blog( $blog_id )` and `WP_User::_init_caps( $cap_key )` methods have been deprecated in favor of `WP_User::for_site( $site_id )`. In addition, a new method `WP_User::get_site_id()` has been introduced to retrieve the site ID for which the user's capabilities are currently initialized.
Props ryanduff, jeremyfelt, flixos90.
Fixes#36961.
git-svn-id: https://develop.svn.wordpress.org/trunk@41624 602fd350-edb4-49c9-b593-d223f7449a82
* Code editor is integrated into the Theme/Plugin Editor, Additional CSS in Customizer, and Custom HTML widget. Code editor is not yet integrated into the post editor, and it may not be until accessibility concerns are addressed.
* The CodeMirror component in the Custom HTML widget is integrated in a similar way to TinyMCE being integrated into the Text widget, adopting the same approach for integrating dynamic JavaScript-initialized fields.
* Linting is performed for JS, CSS, HTML, and JSON via JSHint, CSSLint, HTMLHint, and JSONLint respectively. Linting is not yet supported for PHP.
* When user lacks `unfiltered_html` the capability, the Custom HTML widget will report any Kses-invalid elements and attributes as errors via a custom Kses rule for HTMLHint.
* When linting errors are detected, the user will be prevented from saving the code until the errors are fixed, reducing instances of broken websites.
* The placeholder value is removed from Custom CSS in favor of a fleshed-out section description which now auto-expands when the CSS field is empty. See #39892.
* The CodeMirror library is included as `wp.CodeMirror` to prevent conflicts with any existing `CodeMirror` global.
* An `wp.codeEditor.initialize()` API in JS is provided to convert a `textarea` into CodeMirror, with a `wp_enqueue_code_editor()` function in PHP to manage enqueueing the assets and settings needed to edit a given type of code.
* A user preference is added to manage whether or not "syntax highlighting" is enabled. The feature is opt-out, being enabled by default.
* Allowed file extensions in the theme and plugin editors have been updated to include formats which CodeMirror has modes for: `conf`, `css`, `diff`, `patch`, `html`, `htm`, `http`, `js`, `json`, `jsx`, `less`, `md`, `php`, `phtml`, `php3`, `php4`, `php5`, `php7`, `phps`, `scss`, `sass`, `sh`, `bash`, `sql`, `svg`, `xml`, `yml`, `yaml`, `txt`.
Props westonruter, georgestephanis, obenland, melchoyce, pixolin, mizejewski, michelleweber, afercia, grahamarmfield, samikeijonen, rianrietveld, iseulde.
See #38707.
Fixes#12423, #39892.
git-svn-id: https://develop.svn.wordpress.org/trunk@41376 602fd350-edb4-49c9-b593-d223f7449a82
This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their account.
Props rodrigosprimo, tharsheblows, johnbillion
Fixes#16470
git-svn-id: https://develop.svn.wordpress.org/trunk@41163 602fd350-edb4-49c9-b593-d223f7449a82
This removes the need to manually call `$this->skipWithMultisite()` and `$this->skipWithoutMultisite()` from within the test when the test only runs without Multisite or only runs on Multisite, respectively.
Props jdgrimes for the suggestion.
Fixes#40531
git-svn-id: https://develop.svn.wordpress.org/trunk@40564 602fd350-edb4-49c9-b593-d223f7449a82
This brings much needed uniformity to test skipping when a test requires Multisite or when a test should be excluded from running when Multisite is enabled.
Used in conjunction with the `@group ms-required` and `@group ms-excluded` notation, this removes a significant number of skipped tests from the default test suite run.
Fixes#40531
git-svn-id: https://develop.svn.wordpress.org/trunk@40543 602fd350-edb4-49c9-b593-d223f7449a82
Tests in the `ms-excluded` group are now excluded when running tests with multisite enabled, and tests in the `ms-required` group are excluded when running tests without multisite enabled. The end result is a significantly reduced number of skipped tests polluting PHPUnit's output, which means verbose mode can be used to more easily see which tests are skipped or incomplete, and why.
See #40531
git-svn-id: https://develop.svn.wordpress.org/trunk@40520 602fd350-edb4-49c9-b593-d223f7449a82
Hiding the `$wpdb` global behind a property decreases the readability of the code, as well as causing irrelevant output when dumping an object.
Reverts [38275], [38278], [38279], [38280], [38387].
See #37699.
git-svn-id: https://develop.svn.wordpress.org/trunk@38768 602fd350-edb4-49c9-b593-d223f7449a82
* Automatically delete objects that we were created during `wpSetUpBeforeClass` - posts, comments, terms (except 1), and user (except 1)
* The amount of leftover data between tests was breathtaking - use the new function: `_delete_all_data()`
* Commit database transactions for all `TestCase`s, not just those that implement `wpSetUpBeforeClass` and `wpTearDownAfterClass`
* The tests run 10-20 seconds faster now
See #37699.
git-svn-id: https://develop.svn.wordpress.org/trunk@38398 602fd350-edb4-49c9-b593-d223f7449a82
This prevents false positives when the ID column's incrementor has exceeded the
hardcoded invalid ID.
Fixes#37308.
git-svn-id: https://develop.svn.wordpress.org/trunk@38005 602fd350-edb4-49c9-b593-d223f7449a82
This function provides a more convenient method for resetting the
PHPMailer instance than the previous technique of reaching into the global.
Props welcher.
Fixes#36658.
git-svn-id: https://develop.svn.wordpress.org/trunk@37358 602fd350-edb4-49c9-b593-d223f7449a82
The new `get_recipient()` and `get_sent()` methods greatly simplify the
syntax required when writing tests for `wp_mail()`.
Props welcher.
Fixes#34161.
git-svn-id: https://develop.svn.wordpress.org/trunk@36594 602fd350-edb4-49c9-b593-d223f7449a82
`user_nicename` can be changed via `wp_update_user()`, so we invalidate just
to be safe.
Props thebrandonallen.
Fixes#35750.
git-svn-id: https://develop.svn.wordpress.org/trunk@36482 602fd350-edb4-49c9-b593-d223f7449a82
This gives us better compatibility with existing errors thrown by
`sanitize_user()`, especially in Multisite, where user_login has more
restrictions on allowed characters.
Props markjaquith.
Fixes#27317.
git-svn-id: https://develop.svn.wordpress.org/trunk@35772 602fd350-edb4-49c9-b593-d223f7449a82
Hello, it's me again. A pluggable function named `wp_new_user_notification()`. A few months ago, after [33023], I have lost my second parameter `$plaintext_pass`. But thanks to [33620] I got a new one.
Bad idea - It hasn't had the same behavior as my previous parameter.
To solve that the second parameter got deprecated and reintroduced as the third parameter in [34116]. I was happy again, for a short time.
You remember my lost friend `$plaintext_pass`? No? Well, if its value was empty no notification was sent to the user. This behavior was still lost. And that's what this change is about: Don't notify a user if a plugin uses `wp_new_user_notification( $user_id )`.
You're asking if I'm happy now? Dunno, but maybe you have learned something about pluggable functions, have you?
Props danielbachhuber.
Fixes#34377.
git-svn-id: https://develop.svn.wordpress.org/trunk@35735 602fd350-edb4-49c9-b593-d223f7449a82
