The `user_login` field only allows 60 characters, and `user_nicename` allows
50. However, there are no protections in the interface, and few in the code,
that prevent the creation of users with values in excess of these limits. Prior
to recent changes in `$wpdb`, users were generally created anyway, MySQL
having performed the necessary truncation. More recently, the `INSERT`s and
`UPDATE`s simply fail, with no real feedback on the nature of the failure.
This changeset addresses the issue in a number of ways:
* On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length.
* In `wp_insert_user()`, throw an error if the value provided for `'user_login'` or `'user_nicename'` exceeds the maximum field length.
* In `wp_insert_user()`, when using `'user_login'` to generate a default value for `'user_nicename'`, ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc).
Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges.
Fixes#33793.
git-svn-id: https://develop.svn.wordpress.org/trunk@34218 602fd350-edb4-49c9-b593-d223f7449a82
In `_unregister_post_type()` (unit tests), don't add query vars of non-viewable post types to `WP::public_query_vars`.
Adds unit test.
Fixes#30018.
git-svn-id: https://develop.svn.wordpress.org/trunk@34215 602fd350-edb4-49c9-b593-d223f7449a82
We already accept 'id'. `ID` more closely matches the database and
`WP_User` schemas.
Props Shelob9.
Fixes#33869.
git-svn-id: https://develop.svn.wordpress.org/trunk@34125 602fd350-edb4-49c9-b593-d223f7449a82
The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.
Adds unit tests.
Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes#33654.
(Don't ask for new pluggables kthxbye)
git-svn-id: https://develop.svn.wordpress.org/trunk@34116 602fd350-edb4-49c9-b593-d223f7449a82
Post type objects are reponsible for mapping their capabilities to core caps.
As a result, when the post type is no longer registered, the caps are no
longer mapped. This causes problems when a post is left in the database after
the post type is no longer present, and WP does an 'edit_post' or other cap
check against it: a PHP notice is thrown, and the cap check always fails.
As a more graceful fallback, we map all post-type-dependent caps onto
'edit_others_posts', which allows highly privileged users to be able to
access orphaned content (such as comments belonging to disabled post types),
while minimizing the possibility of unintended privilege escalation.
We also add a `_doing_it_wrong()` notice, so that developers and site
administrators are aware that the cap mapping is failing in the absence of
the registered post type.
Props mitchoyoshitaka, DrewAPicture, imath, codeelite, boonebgorges, nofearinc, SergeyBiryukov, jorbin, dlh.
Fixes#16956.
git-svn-id: https://develop.svn.wordpress.org/trunk@34091 602fd350-edb4-49c9-b593-d223f7449a82
Since [29248], a table join has not been necessary to process the
`$excluded_terms` parameter of `get_adjacent_post()`. Aside from adding extra
overhead, this join meant that post records that don't have any corresponding
rows in `wp_term_relationships` were erroneously excluded from results.
Fixes#32833.
git-svn-id: https://develop.svn.wordpress.org/trunk@34088 602fd350-edb4-49c9-b593-d223f7449a82
Setting the default value of the `queried_object_id` property to `0` meant
that, when called early enough in the WP bootstrap, `get_queried_object()`
could short-circuit the normal query by fooling it into thinking that the
request was for a page with id 0. Setting the default value to `null` instead
avoids this problem.
Props gradyetc, jazbek.
Fixes#31355.
git-svn-id: https://develop.svn.wordpress.org/trunk@34073 602fd350-edb4-49c9-b593-d223f7449a82
`wp_delete_user()` and `wpmu_delete_user()` both require an `$id` parameter.
Previously, the functions did not verify that the value passed was, in fact,
a number. As such, passing an object or any other entity that would be cast
to int `1` would result in user 1 being deleted. We fix this by enforcing
the requirement that `$id` be numeric.
Props dipesh.kakadiya, utkarshpatel, juliobox.
Fixes#33800.
git-svn-id: https://develop.svn.wordpress.org/trunk@34034 602fd350-edb4-49c9-b593-d223f7449a82
Other users in a network can now be given capabilities to manage users without also having global super admin privileges.
* Users with `manage_network_users` can not edit super admins.
* Users with `manage_network_users` can not promote users to super admin.
* Uses of `is_super_admin()` in `user-new.php` are now updated to `manage_network_users`.
Props daniellandau, chriscct7.
Fixes#16860.
git-svn-id: https://develop.svn.wordpress.org/trunk@33988 602fd350-edb4-49c9-b593-d223f7449a82
An administrator in multisite can not edit users other than itself.
Props daniellandau for the initial patch.
See #16860.
git-svn-id: https://develop.svn.wordpress.org/trunk@33987 602fd350-edb4-49c9-b593-d223f7449a82
This also includes a unit test to ensure we're only recommending actively supported versions of PHP in the future.
Fixes#33758.
git-svn-id: https://develop.svn.wordpress.org/trunk@33937 602fd350-edb4-49c9-b593-d223f7449a82
There are no uses of `wp_list_comments()` in Core where `$comments` are passed as the 2nd argument.
Adds unit tests.
Props wonderboymusic, bradt.
Fixes#16894.
git-svn-id: https://develop.svn.wordpress.org/trunk@33925 602fd350-edb4-49c9-b593-d223f7449a82
[29128] introduced updated documentation for the `'orderby'` parameter of
`get_terms()`. The new documentation mistakenly said that 'term_id' was a valid
orderby value. The current changeset makes that fantasy...A REALITY.
Props ixkaito.
Fixes#33726.
git-svn-id: https://develop.svn.wordpress.org/trunk@33903 602fd350-edb4-49c9-b593-d223f7449a82
Add unit tests - there were none. Mock `set_user_setting()` since it won't run due to `headers_sent()` being `true`.
Fixes#22781.
git-svn-id: https://develop.svn.wordpress.org/trunk@33840 602fd350-edb4-49c9-b593-d223f7449a82
Fixes a bug where `$new_theme` got set before the second argument was
appropriately handled, causing the `current_theme` option to later always be
updated to the parent theme's name.
Introduced in [21131].
Props obenland, wonderboymusic.
Fixes#32635.
git-svn-id: https://develop.svn.wordpress.org/trunk@33815 602fd350-edb4-49c9-b593-d223f7449a82
Add a bunch of unit tests to `tests/image/intermediate_size.php`.
Props joemcgill, ericlewis, kitchin, SergeyBiryukov, chipbennett.
Fixes#17626.
git-svn-id: https://develop.svn.wordpress.org/trunk@33807 602fd350-edb4-49c9-b593-d223f7449a82
* Cases for `0` and `1` should be `'1'` and `'0'`
* Add unit tests for `get_comment_count()`. Currently, there are none.
See #33414.
git-svn-id: https://develop.svn.wordpress.org/trunk@33806 602fd350-edb4-49c9-b593-d223f7449a82
This allows the 'current-cat' or 'current-cat-parent' classes to be applied
to more than one item in the list.
Props vilkatis.
Fixes#33565.
git-svn-id: https://develop.svn.wordpress.org/trunk@33804 602fd350-edb4-49c9-b593-d223f7449a82
When generating a `<ul>` using `wp_list_categories()`, a title `<li>` element
is put at the top of the term list. Current behavior is that this title `<li>`
appears even when no terms are found. The new `hide_title_if_no_cats` param
allows developers to specify that the title should be hidden when the term list
is empty.
Props vilkatis.
Fixes#33460.
git-svn-id: https://develop.svn.wordpress.org/trunk@33764 602fd350-edb4-49c9-b593-d223f7449a82
This allows the `count` property to reflect the pre-delete state of affairs,
rather than always being 0.
Props nicholas_io.
Fixes#33485.
git-svn-id: https://develop.svn.wordpress.org/trunk@33711 602fd350-edb4-49c9-b593-d223f7449a82
Add a query var, `title`, that allows you to query posts by `post_title`. To accomplish this now, you have to do something like:
{{{
$tacos = get_posts( [
'post_type' => 'taco',
's' => $name,
'exact' => true,
'sentence' => true,
'post_status' => 'publish',
'fields' => 'ids',
'posts_per_page' => 1
] );
}}}
Adds unit tests.
Fixes#33074.
git-svn-id: https://develop.svn.wordpress.org/trunk@33706 602fd350-edb4-49c9-b593-d223f7449a82
`test_transient_data_with_timeout()`, `test_transient_add_timeout()`, `test_nonexistent_key_dont_delete_if_false()`, and `test_nonexistent_key_old_timeout` are testing option values which aren't available with an an external object cache like memcache.
see #31491.
git-svn-id: https://develop.svn.wordpress.org/trunk@33702 602fd350-edb4-49c9-b593-d223f7449a82
As of [32484], `wp_dropdown_categories()` uses the `$value_field` value to
decide whether a given `<option>` should be 'selected'. However, `$value_field`
can refer to a value that is a string, such as a category's slug. This causes
problems when doing a loose comparison (`==`) with the value of the `'selected'`
parameter, which defaults to `0`, because when doing a loose comparison
between an integer and a string, PHP will cast the string to an integer. This
creates false matches, resulting in `<option>` elements getting a 'selected'
attribute incorrectly.
We address the issue by casting the comparison values to strings, and then
using the strict comparison operator `===`.
Fixes#33452 for trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@33681 602fd350-edb4-49c9-b593-d223f7449a82
If the post cache is not cleared at this point, the cache can become stale
for operations performed before the cache is cleared later in the function.
Specifically, the generation of a `guid` for new posts can use stale data,
resulting in non-unique values. [33262] introduced a call to `get_post()`
that introduced just such an invalidation problem.
Fixes#5305.
git-svn-id: https://develop.svn.wordpress.org/trunk@33630 602fd350-edb4-49c9-b593-d223f7449a82
After [33615], `wp_update_term()` no longer checks `$wp_db_version` before
attempting a split. This is because pre-4.1 versions of WordPress must be
allowed to update to 4.3+.
See #30261.
git-svn-id: https://develop.svn.wordpress.org/trunk@33616 602fd350-edb4-49c9-b593-d223f7449a82
Also avoid PHP notices because of orphaned comments in the comments list table.
Includes unit test.
props pento, dd32.
fixes#33154.
git-svn-id: https://develop.svn.wordpress.org/trunk@33614 602fd350-edb4-49c9-b593-d223f7449a82
`assertNotFalse()` is not included in PHPUnit 3.6.12, use `assertInternalType( 'int' )` instead.
fixes#32814.
git-svn-id: https://develop.svn.wordpress.org/trunk@33526 602fd350-edb4-49c9-b593-d223f7449a82
Available items now fade from view while you're searching, and there is an explicit way to clear search results. No results gives a better message, though still brief this time around.
props valendesigns, designsimply, DH-Shredder, helen.
fixes#32710.
git-svn-id: https://develop.svn.wordpress.org/trunk@33511 602fd350-edb4-49c9-b593-d223f7449a82
* Ensure that a Custom Menu widget selecting a newly-inserted menu gets updated to use the new menu ID upon Save & Publish.
* Dynamically update the visibility of the Custom Menu widget's "no menus" message when the number of menus changes between 0 and 1+.
* Send all dirty Customized settings in `update-widget` Ajax request and `preview()` them so that the widget update/form callbacks have access to any data dependencies in the current Customizer session (such as newly created unsaved menus).
* Update link in Custom Menu widget to point to Menus panel as opposed to Menus admin page, when in the Customizer.
* Fix an issue with extra space at top immediately after creating new menu.
* Fix doubled `update-widget` Ajax requests when changing select dropdown; prevent initial from being aborted.
* Add missing `wp_get_nav_menus()` hooks to preview Customizer updates/inserts for `nav_menu` settings; includes tests.
* Update `wp_get_nav_menu_object()` to allow a menu object to be passed in (and thus passed through).
Props westonruter, adamsilverstein.
Fixes#32814.
git-svn-id: https://develop.svn.wordpress.org/trunk@33488 602fd350-edb4-49c9-b593-d223f7449a82
* Tokenize newlines in `WP_Embed::autoembed()` before running `->autoembed_callback()`
* Tokenize newlines with placeholders in `wpautop()`
* Introduce `wp_html_split()` to DRY the RegEx from `wp_replace_in_html_tags()` and `do_shortcodes_in_html_tags()`
Adds unit tests.
Props miqrogroove, kitchin, azaozz.
Fixes#33106.
git-svn-id: https://develop.svn.wordpress.org/trunk@33469 602fd350-edb4-49c9-b593-d223f7449a82