We already accept 'id'. `ID` more closely matches the database and
`WP_User` schemas.
Props Shelob9.
Fixes#33869.
git-svn-id: https://develop.svn.wordpress.org/trunk@34125 602fd350-edb4-49c9-b593-d223f7449a82
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.
Adds unit tests.
Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes#33654.
(Don't ask for new pluggables kthxbye)
git-svn-id: https://develop.svn.wordpress.org/trunk@34116 602fd350-edb4-49c9-b593-d223f7449a82
Post type objects are reponsible for mapping their capabilities to core caps.
As a result, when the post type is no longer registered, the caps are no
longer mapped. This causes problems when a post is left in the database after
the post type is no longer present, and WP does an 'edit_post' or other cap
check against it: a PHP notice is thrown, and the cap check always fails.
As a more graceful fallback, we map all post-type-dependent caps onto
'edit_others_posts', which allows highly privileged users to be able to
access orphaned content (such as comments belonging to disabled post types),
while minimizing the possibility of unintended privilege escalation.
We also add a `_doing_it_wrong()` notice, so that developers and site
administrators are aware that the cap mapping is failing in the absence of
the registered post type.
Props mitchoyoshitaka, DrewAPicture, imath, codeelite, boonebgorges, nofearinc, SergeyBiryukov, jorbin, dlh.
Fixes#16956.
git-svn-id: https://develop.svn.wordpress.org/trunk@34091 602fd350-edb4-49c9-b593-d223f7449a82
Since [29248], a table join has not been necessary to process the
`$excluded_terms` parameter of `get_adjacent_post()`. Aside from adding extra
overhead, this join meant that post records that don't have any corresponding
rows in `wp_term_relationships` were erroneously excluded from results.
Fixes#32833.
git-svn-id: https://develop.svn.wordpress.org/trunk@34088 602fd350-edb4-49c9-b593-d223f7449a82
Setting the default value of the `queried_object_id` property to `0` meant
that, when called early enough in the WP bootstrap, `get_queried_object()`
could short-circuit the normal query by fooling it into thinking that the
request was for a page with id 0. Setting the default value to `null` instead
avoids this problem.
Props gradyetc, jazbek.
Fixes#31355.
git-svn-id: https://develop.svn.wordpress.org/trunk@34073 602fd350-edb4-49c9-b593-d223f7449a82
`wp_delete_user()` and `wpmu_delete_user()` both require an `$id` parameter.
Previously, the functions did not verify that the value passed was, in fact,
a number. As such, passing an object or any other entity that would be cast
to int `1` would result in user 1 being deleted. We fix this by enforcing
the requirement that `$id` be numeric.
Props dipesh.kakadiya, utkarshpatel, juliobox.
Fixes#33800.
git-svn-id: https://develop.svn.wordpress.org/trunk@34034 602fd350-edb4-49c9-b593-d223f7449a82
Other users in a network can now be given capabilities to manage users without also having global super admin privileges.
* Users with `manage_network_users` can not edit super admins.
* Users with `manage_network_users` can not promote users to super admin.
* Uses of `is_super_admin()` in `user-new.php` are now updated to `manage_network_users`.
Props daniellandau, chriscct7.
Fixes#16860.
git-svn-id: https://develop.svn.wordpress.org/trunk@33988 602fd350-edb4-49c9-b593-d223f7449a82
An administrator in multisite can not edit users other than itself.
Props daniellandau for the initial patch.
See #16860.
git-svn-id: https://develop.svn.wordpress.org/trunk@33987 602fd350-edb4-49c9-b593-d223f7449a82
This also includes a unit test to ensure we're only recommending actively supported versions of PHP in the future.
Fixes#33758.
git-svn-id: https://develop.svn.wordpress.org/trunk@33937 602fd350-edb4-49c9-b593-d223f7449a82
There are no uses of `wp_list_comments()` in Core where `$comments` are passed as the 2nd argument.
Adds unit tests.
Props wonderboymusic, bradt.
Fixes#16894.
git-svn-id: https://develop.svn.wordpress.org/trunk@33925 602fd350-edb4-49c9-b593-d223f7449a82
[29128] introduced updated documentation for the `'orderby'` parameter of
`get_terms()`. The new documentation mistakenly said that 'term_id' was a valid
orderby value. The current changeset makes that fantasy...A REALITY.
Props ixkaito.
Fixes#33726.
git-svn-id: https://develop.svn.wordpress.org/trunk@33903 602fd350-edb4-49c9-b593-d223f7449a82
