Commit Graph

141 Commits

Author SHA1 Message Date
Felix Arntz
1f3912e9bf Bootstrap/Load: Introduce a recovery mode for fixing fatal errors.
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.

When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.

A link in the admin bar allows the client to exit recovery mode.

Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes #46130, #44458.


git-svn-id: https://develop.svn.wordpress.org/trunk@44973 602fd350-edb4-49c9-b593-d223f7449a82
2019-03-21 21:52:07 +00:00
Jonathan Desrosiers
c62eab00a7 Coding Standards: Fix PHPCS issue introduced in [44931].
See #44901.

git-svn-id: https://develop.svn.wordpress.org/trunk@44932 602fd350-edb4-49c9-b593-d223f7449a82
2019-03-19 02:47:41 +00:00
Jonathan Desrosiers
d941cf62ee Privacy: Remove unnecessary WP_Error when handling confirmaction requests.
By reordering the logic when handling the `confirmaction` action in `wp-login.php`, the need for a new `WP_Error` object to be created can be eliminated. The error message can be passed directly into a `wp_die()` call, matching the other validation errors in related code.

Props garrett-eclipse, birgire.
Fixes #44901.

git-svn-id: https://develop.svn.wordpress.org/trunk@44931 602fd350-edb4-49c9-b593-d223f7449a82
2019-03-19 02:37:38 +00:00
Andrea Fercia
eeb57f67c4 Accessibility: Login: Display error messages when both the username and password fields are empty.
For accessibility and usability, if an input error is detected, the item that is in error needs to be identified and the error needs to be described to the user in text (WCAG Success Criterion 3.3.1). The login form displays an error when the username field is empty or when the password field is empty. It omits to do so when both fields are empty.

This change restores the login form behavior to the one that used to work in WordPress 2.3 (!) and displays the related error messages also when both fields are empty.

Props birgire, audrasjb.
See #8938, #5405, #3708.
Fixes #42985.


git-svn-id: https://develop.svn.wordpress.org/trunk@44918 602fd350-edb4-49c9-b593-d223f7449a82
2019-03-16 15:21:25 +00:00
Sergey Biryukov
d52e37ea5e Acessibility: Remove title attribute in login_header().
* Deprecate `login_headertitle` filter, introduce `login_headertext` as a replacement.
* For backwards compatibility, if a `login_headertitle` is set, it will be used as link text.
* Make the login header logo URL and text consistent between single site and Multisite.
* Avoid ambiguity of where the WordPress logo points to; link to WordPress.org by default.
* `login_headerurl` filter is still available to change the URL of the header logo.

Props afercia, pratikkry, chetan200891.
Fixes #42537.

git-svn-id: https://develop.svn.wordpress.org/trunk@44899 602fd350-edb4-49c9-b593-d223f7449a82
2019-03-14 21:09:47 +00:00
Andrea Fercia
cdca702477 Accessibility: Improve the password form buttons accessibility.
- makes the "Cancel" button always visible: this allows to generate a new password also on small screens
- moves focus back to the Generate Password button when closing the form
- changes the password reset show/hide button from a clickable `<span>` element to a real `<button>` element
- improves the CSS

Props janak007, afercia.
Fixes #42853.


git-svn-id: https://develop.svn.wordpress.org/trunk@44895 602fd350-edb4-49c9-b593-d223f7449a82
2019-03-13 23:36:45 +00:00
Sergey Biryukov
010cdb3ce6 Login and Registration: Update URLs for browser cookie documentation.
Props joostdevalk.
Fixes #46254.

git-svn-id: https://develop.svn.wordpress.org/trunk@44776 602fd350-edb4-49c9-b593-d223f7449a82
2019-02-28 11:43:24 +00:00
Gary Pendergast
992184cf73 Coding Standards: Upgrade WPCS to 1.2.1.
This upgrade fixes quite a few false positives, as well as auto-fixing some indenting issues.

Fixes #45956.



git-svn-id: https://develop.svn.wordpress.org/trunk@44574 602fd350-edb4-49c9-b593-d223f7449a82
2019-01-12 06:40:16 +00:00
Andrea Fercia
238e8991f8 Accessibility: Remove negative tabindex from the login, install, and setup pages header.
Props bamadesigner, rishishah, jainnidhi.
Fixes #42632.


git-svn-id: https://develop.svn.wordpress.org/trunk@44545 602fd350-edb4-49c9-b593-d223f7449a82
2019-01-10 17:20:59 +00:00
Gary Pendergast
bc027fb70f Login: Improve the error message when retrieving a lost password.
When an invalid username or email address is entered, the form now displays a better error message.

Props mrtortai, iamfriendly, TomHarrigan, afercia, pento.
Fixes #31788.



git-svn-id: https://develop.svn.wordpress.org/trunk@44489 602fd350-edb4-49c9-b593-d223f7449a82
2019-01-09 02:05:08 +00:00
Jonathan Desrosiers
47116930ee Docs: Update since annotation for new lost_password action parameter.
Introduced in [43542].

Fixes #44512.

git-svn-id: https://develop.svn.wordpress.org/trunk@44396 602fd350-edb4-49c9-b593-d223f7449a82
2019-01-04 21:51:32 +00:00
Jeremy Felt
f7b3c32a57 REST API: Render response in user locale with ?_locale=user.
Introduces new `determine_locale()` function for deciding the proper locale to use for a response. Default value is `get_user_locale()` in the admin, and `get_locale()` on the frontend. Because REST API requests are considered frontend requests, `?_locale=user` can be used to render the response in the user's locale.

Also updates `wp-login.php?wp_lang` implementation to benefit from this abstraction.

Merges [43776] from the 5.0 branch to trunk.

Props flixos90, mnelson4, swissspidy, TimothyBlynJacobs.
Fixes #44758.


git-svn-id: https://develop.svn.wordpress.org/trunk@44134 602fd350-edb4-49c9-b593-d223f7449a82
2018-12-14 01:31:27 +00:00
Peter Wilson
b5bfe2bd82 Multisite: Improve messaging for previously activated users.
Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.


git-svn-id: https://develop.svn.wordpress.org/trunk@44021 602fd350-edb4-49c9-b593-d223f7449a82
2018-12-13 00:22:03 +00:00
John Blackbourn
3493feaa5a Docs: Improve docblocks within wp-login.php.
Props birgire

See #42505


git-svn-id: https://develop.svn.wordpress.org/trunk@43644 602fd350-edb4-49c9-b593-d223f7449a82
2018-09-14 13:47:01 +00:00
jrf
7839cf651f I18n: Improve translators comments [1].
* Add missing translators comments.
* Fix placement of some translators comments.
  Translators comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools.
  The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translators comments.

Patch `44360-src.2.diff` of the series.

Props garyj, alvarogois, michielatyoast
See #44360

git-svn-id: https://develop.svn.wordpress.org/trunk@43595 602fd350-edb4-49c9-b593-d223f7449a82
2018-08-30 12:13:53 +00:00
Gary Pendergast
a75d153eee Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.



git-svn-id: https://develop.svn.wordpress.org/trunk@43571 602fd350-edb4-49c9-b593-d223f7449a82
2018-08-17 01:50:26 +00:00
Gary Pendergast
cb3d1777b1 Coding Standards: Prepare for upgrading WPCS to 1.0.0.
In order to get the best result when running `phpcbf` across the codebase, there are some manual tweaks we need to make.

These fall into three categories:
- Fixing incorrectly indented code which has flow-on effects when auto-fixing.
- Tweaking the layout of inline PHP inside HTML tags.
- Moving more complex inline PHP inside HTML tags, to execute earlier.

See #44600.



git-svn-id: https://develop.svn.wordpress.org/trunk@43569 602fd350-edb4-49c9-b593-d223f7449a82
2018-08-15 06:22:00 +00:00
John Blackbourn
ae69878202 Login and Registration: Pass the $errors parameter to the lost_password action.
Props sebakurzyn

Fixes #44512


git-svn-id: https://develop.svn.wordpress.org/trunk@43542 602fd350-edb4-49c9-b593-d223f7449a82
2018-07-28 13:01:30 +00:00
Sergey Biryukov
2b539c3a91 Login and Registration: Set a better default value for $wp_error parameter in login_header().
To prevent someone from passing a string (which would not be added to a new `WP_Error` instance), check for `is_wp_error()` explicitly.

Props desrosj, chetan200891, spyderbytes, lbenicio, sebastien@thivinfo.com, abdullahramzan.
Fixes #44052.

git-svn-id: https://develop.svn.wordpress.org/trunk@43457 602fd350-edb4-49c9-b593-d223f7449a82
2018-07-16 14:09:22 +00:00
Sergey Biryukov
0a56b67b52 Privacy: Update request confirmation notice text for clarity.
Props desrosj, melchoyce, garrett-eclipse.
Fixes #43970.

git-svn-id: https://develop.svn.wordpress.org/trunk@43232 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 20:52:54 +00:00
Ian Dunn
6e5a2e295c Privacy: Add policy link to login screen.
Personal data collection is more likely for registered users than casual visitors, and the privacy policy might have been updated since a user last logged in. Those changes could impact the collection of personal data from registered users, so it makes sense to provide a link to the policy before users log in.

Props voneff, xkon, melchoyce, chetan200891, desrosj.
Fixes #43721.


git-svn-id: https://develop.svn.wordpress.org/trunk@43120 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 19:48:01 +00:00
Andrew Ozz
e678d4ea6d Privacy: fix inconsistencies in new strings.
Props audrasjb.
Fixes #43925.

git-svn-id: https://develop.svn.wordpress.org/trunk@43118 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 18:41:10 +00:00
Andrew Ozz
11d594e3a8 Privacy: update the method to confirm user requests by email. Use a single CPT to store the requests and to allow logging/audit trail.
Props mikejolley.
See #43443.


git-svn-id: https://develop.svn.wordpress.org/trunk@43008 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-27 10:12:01 +00:00
Andrew Ozz
531abcbdd4 Privacy: fixes and updates for the method to confirm user requests by email.
- Improve function and variable names.
- Allow extra data to be passed with the request.
- Make the option/user meta names more consistent.
- Adds an inline comment explaining use of hash.

Props mikejolley.
See #43443.

git-svn-id: https://develop.svn.wordpress.org/trunk@42964 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-06 19:09:53 +00:00
Dominik Schilling (ocean90)
7a62871459 Login: Use wp_safe_redirect() when redirecting the login page if forced to use HTTPS.
git-svn-id: https://develop.svn.wordpress.org/trunk@42892 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-03 14:31:16 +00:00
Dominik Schilling (ocean90)
8df8cf2df1 Pinking shears.
See #41057.

git-svn-id: https://develop.svn.wordpress.org/trunk@42843 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-18 14:22:09 +00:00
Sergey Biryukov
1fddd69163 I18N: Use the actual placeholder instead of a number in translator comments if the corresponding string does not use numbered placeholders.
Add missing translator comments in `WP_Theme_Install_List_Table` and `wp_notify_postauthor()`.
Add missing commas in some translator comments.

Fixes #43523.

git-svn-id: https://develop.svn.wordpress.org/trunk@42827 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-11 16:43:59 +00:00
Andrew Ozz
0005ad91d6 Add a method to confirm user requests by email. First run.
Props mikejolley.
See #43443.

git-svn-id: https://develop.svn.wordpress.org/trunk@42791 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-06 23:46:44 +00:00
Sergey Biryukov
1cc516f2e8 General: Introduce WP_Error::has_errors() method and use it where appropriate.
Props robdxw, DrewAPicture, SergeyBiryukov.
Fixes #42742.

git-svn-id: https://develop.svn.wordpress.org/trunk@42761 602fd350-edb4-49c9-b593-d223f7449a82
2018-02-27 02:30:46 +00:00
John Blackbourn
8f92dcf4a4 Login and Registration: Instruct the browser to disable autocapitalisation for the user login field on the login screen.
Props drywallbmb
Fixes #42886


git-svn-id: https://develop.svn.wordpress.org/trunk@42406 602fd350-edb4-49c9-b593-d223f7449a82
2017-12-16 13:40:31 +00:00
Gary Pendergast
8f95800d52 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.



git-svn-id: https://develop.svn.wordpress.org/trunk@42343 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-30 23:09:33 +00:00
Gary Pendergast
1eda9654da Login: Swap bloginfo() usage for get_bloginfo().
[41843] introduced a use of `bloginfo()`, where it should be using `get_bloginfo()`.

Props dlh.
Fixes #34625.



git-svn-id: https://develop.svn.wordpress.org/trunk@41850 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-13 02:09:42 +00:00
pento
a0a05744a9 Login: On the single site login screen, match the logo link text with the title.
Previously, the (W) logo on the single site login screen linked to wordpress.org, with an appropriate `title` attribute, but the link text was the blog name.

To fix this discrepency, the link text is now the same as the `title` attribute.

Props pento, obrienlabs, afercia, flixos90, lukecavanagh, and the infinite stack of bikesheds that WordPress is balanced upon.
Fixes #34625.



git-svn-id: https://develop.svn.wordpress.org/trunk@41843 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-12 04:56:05 +00:00
Sergey Biryukov
59bd66aeec Login and Registration: Prevent PHP warnings when POSTing to wp-login.php with an array as a user_login or user_email field.
Props menakas, johnjamesjacoby.
Fixes #40888.

git-svn-id: https://develop.svn.wordpress.org/trunk@41782 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-06 17:36:12 +00:00
John Blackbourn
1e16e5eee8 I18N: Allow the login screen language to be specified via a wp_lang query variable, and use this for the interim login modal.
This allows users who are using the admin area in a language other than the site language to read the notice on the login screen
(which explains that they need to log in again) in their chosen language.

Props Nikschavan, swissspidy

Fixes #40205


git-svn-id: https://develop.svn.wordpress.org/trunk@41692 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-02 23:20:12 +00:00
Sergey Biryukov
b0c40f74d4 Login and Registration: Introduce login_title filter for the <title> tag content on login page.
The new filter mirrors the `admin_title` filter used on admin pages.

Props nishitlangaliya, henry.wright, SergeyBiryukov.
Fixes #40812.

git-svn-id: https://develop.svn.wordpress.org/trunk@41691 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-02 22:59:25 +00:00
Sergey Biryukov
d12b5a5b98 Login and Registration: Make the order of <title> tag parts on login page consistent with the rest of admin pages.
Props nishitlangaliya, henry.wright.
Fixes #40814.

git-svn-id: https://develop.svn.wordpress.org/trunk@41690 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-02 22:29:55 +00:00
Sergey Biryukov
de9ab629eb Login and Registration: Replace home URL in password reset email with the site name to avoid confusing the user with multiple links.
Props Presskopp, code-monkey.
Fixes #38328.

git-svn-id: https://develop.svn.wordpress.org/trunk@41578 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-23 11:43:28 +00:00
Adam Silverstein
52bdeee37d Login: Password reset - add hide icon & confirm weak password checkbox.
Extends the password features added in 4.3 to the password reset flow.

Props johnbillion, manolis09, umesh.nevase, Nikschavan.



git-svn-id: https://develop.svn.wordpress.org/trunk@41556 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-21 21:28:07 +00:00
John Blackbourn
0d407f3625 Login and Registration: Introduce a login_link_separator filter to allow the separator between links in the footer of the
login screen to be filtered.

Props henry.wright

Fixes #40802


git-svn-id: https://develop.svn.wordpress.org/trunk@41291 602fd350-edb4-49c9-b593-d223f7449a82
2017-08-22 14:22:24 +00:00
Sergey Biryukov
8ab52911d8 Login and Registration: Prevent the enable_login_autofocus filter DocBlock from spilling into JS code.
Props chris@vendiadvertising.com.
Fixes #41176.

git-svn-id: https://develop.svn.wordpress.org/trunk@40954 602fd350-edb4-49c9-b593-d223f7449a82
2017-06-26 20:36:28 +00:00
Andrea Fercia
2596b5ac1c Login and Registration: Add a filter to disable the initial auto-focus on the login screen.
Fixes #40301.


git-svn-id: https://develop.svn.wordpress.org/trunk@40652 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-12 17:11:17 +00:00
Pascal Birchler
ca0aa133ff Load: Only load PasswordHash class when needed.
This reverts [38371] which loaded `class-phpass.php` early in `wp-settings.php` and in turn caused backward compatibility problems.

Props DavidAnderson, ketuchetan.
Fixes #39445.


git-svn-id: https://develop.svn.wordpress.org/trunk@40387 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-06 18:00:16 +00:00
Sergey Biryukov
8900e2466e Docs: Add a note to retrieve_password_message filter that password reset email will not be sent if the filtered message is empty.
Props sudar.
Fixes #39788.

git-svn-id: https://develop.svn.wordpress.org/trunk@40048 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-06 04:15:22 +00:00
Boone Gorges
07b8be1177 Allow apostrophes in email address during wp-login.php registration.
See #18039 for a related fix when creating users via the Dashboard.

Props tomdxw.
Fixes #34483.

git-svn-id: https://develop.svn.wordpress.org/trunk@39544 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-08 03:57:08 +00:00
John Blackbourn
347040745d I18n: Introduce more translator comments for strings that contain placeholders but don't have an accompanying translator comment.
See #38882


git-svn-id: https://develop.svn.wordpress.org/trunk@39326 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-21 02:45:53 +00:00
John Blackbourn
f6f0e6098d I18n: Begin introducing translator comments for strings which include placeholders but no accompanying translator comment.
Adds context to one string used in two different contexts for the new user and new site signup email notification.

More to come.

See #38882


git-svn-id: https://develop.svn.wordpress.org/trunk@39323 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-21 01:21:01 +00:00
Jeremy Felt
2979167ba7 Multisite: Use get_network() and get_current_network_id() for current network data.
`get_network()` falls back to the current network when called without any arguments. Between this and `get_current_network_id()`, we can replace almost all instances of the global `$current_site` and all instances of `get_current_site()`.

This effectively deprecates `get_current_site()`, something that we'll do in a future ticket.

Props flixos90.
Fixes #37414.


git-svn-id: https://develop.svn.wordpress.org/trunk@38814 602fd350-edb4-49c9-b593-d223f7449a82
2016-10-19 04:46:14 +00:00
Helen Hou-Sandi
7cc095a1a0 Login: Don't rely on wp_is_mobile() for functionality.
Making behavior changes based on some broad definition of what mobile is rarely, if ever, makes sense. Each bit of functionality should be more clearly targeted, whether that's for screen size, performance, or some kind of touch capability.

props akibjorklund.
see #33704.


git-svn-id: https://develop.svn.wordpress.org/trunk@38739 602fd350-edb4-49c9-b593-d223f7449a82
2016-10-06 15:51:53 +00:00
Sergey Biryukov
73c5683903 Login and Registration: Change login label to Username or Email Address for clarity.
Props GaryJ.
Fixes #37871.

git-svn-id: https://develop.svn.wordpress.org/trunk@38477 602fd350-edb4-49c9-b593-d223f7449a82
2016-08-31 18:50:34 +00:00