Commit Graph

120 Commits

Author SHA1 Message Date
Sergey Biryukov e49ffcfddd Revert to storing a hash of the slashed password. fixes #24367. see #17018.
git-svn-id: https://develop.svn.wordpress.org/trunk@24508 602fd350-edb4-49c9-b593-d223f7449a82
2013-06-25 11:14:50 +00:00
Andrew Nacin 2523656757 delete_user_setting() and remove_action() were getting called with too many args. props rlerdorf. see #24210.
git-svn-id: https://develop.svn.wordpress.org/trunk@24125 602fd350-edb4-49c9-b593-d223f7449a82
2013-04-29 13:25:15 +00:00
Sergey Biryukov 7e7cf2bb94 When adding a new user in the admin, strip slashes from the password sent to the user by email. props hakre for initial patch. fixes #17018.
git-svn-id: https://develop.svn.wordpress.org/trunk@23634 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-07 06:00:16 +00:00
Ryan Boren 436b32ef62 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
git-svn-id: https://develop.svn.wordpress.org/trunk@23567 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 17:14:09 +00:00
Ryan Boren c363aea627 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23554 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:28:40 +00:00
Ryan Boren a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Andrew Nacin bb904fcf2b Confirm a user exists before deleting them in wp_delete_user() and wpmu_delete_user(). props scribu, fixes #23067.
git-svn-id: https://develop.svn.wordpress.org/trunk@23380 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-02 04:41:02 +00:00
Ryan Boren 8d5ca186c2 Consolidate some strings. Props pavelevap, SergeyBiryukov. see #21728
git-svn-id: https://develop.svn.wordpress.org/trunk@22124 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-05 19:04:34 +00:00
Ryan Boren fa5557c6d4 When reassigning posts and links during user deletion, clear the post and link caches. Props kurtpayne. fixes #20447
git-svn-id: https://develop.svn.wordpress.org/trunk@21798 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-10 19:56:08 +00:00
Ryan Boren 9580f65af6 Allow passing stdClass and WP_User to wp_insert_user() and wp_update_user(). Introduce WP_User::to_array(). Eliminate uses of get_object_vars() when passing to wp_*_user(). fixes #21429
git-svn-id: https://develop.svn.wordpress.org/trunk@21496 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-10 15:36:54 +00:00
Andrew Nacin a5c7405975 Move most instances of new WP_User to get_userdata(). see #21120.
git-svn-id: https://develop.svn.wordpress.org/trunk@21413 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-03 01:06:05 +00:00
Ryan Boren d2774833b2 Introduce get_edit_user_link(). Props scribu, georgestephanis, johnbillion. fixes #14787 see #20307
git-svn-id: https://develop.svn.wordpress.org/trunk@21364 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-30 18:30:03 +00:00
Mark Jaquith bfd2e57437 Allow tel: and fax: protocols. Wrangle the last hardcoded protocol enumeration so that it uses wp_allowed_protocols(). fixes #21081
git-svn-id: https://develop.svn.wordpress.org/trunk@21170 602fd350-edb4-49c9-b593-d223f7449a82
2012-06-28 20:30:10 +00:00
Ryan Boren 0de14403bf Don't delete nav menu items when the user that owns them is deleted.
* Introduce delete_with_user flag to register_post_type
* Set delete_with_user to false for the nav_menu_item post type
* Set it to true for all other core post types
* If delete_with_user is not set, fallback to post_type_supports('author')

Props nacin
Fixes #16358


git-svn-id: https://develop.svn.wordpress.org/trunk@20739 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-08 17:01:50 +00:00
Ryan Boren d3571040fb * Return empty arrays instead of false for all conditions in get_blogs_of_user().
* When deleting a user, use a delete_metadata_by_mid() loop over the meta so that the meta cache is cleared.
* Use remove_user_from_blog() for DRYness.

Props nacin, duck_
Fixes #19500


git-svn-id: https://develop.svn.wordpress.org/trunk@20581 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-24 22:13:47 +00:00
Jon Cave e8a29e70d6 clean_user_cache() after the DELETE query in wp_delete_user(). See #20460.
This is to prevent plugins managing to hook in between the cache cleaning and the actual deletion.


git-svn-id: https://develop.svn.wordpress.org/trunk@20523 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-18 21:24:53 +00:00
Jon Cave c0dd73f68d Pass full user objects to clean_user_cache(). See #19500, fixes #20460.
Prevents notices when clean_user_cache() is called for a user that has been removed from the database.


git-svn-id: https://develop.svn.wordpress.org/trunk@20522 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-18 21:07:31 +00:00
Andrew Nacin 54a6a40533 Introduce $wpdb->delete(). props justindgivens, scribu. fixes #18948.
git-svn-id: https://develop.svn.wordpress.org/trunk@20287 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-24 15:24:31 +00:00
Ryan Boren 2b186b0c45 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: https://develop.svn.wordpress.org/trunk@19712 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-08 17:01:11 +00:00
Jon Cave c90c0e8600 Remove "the hackiest hack that ever did hack" from add_user(). wp_insert_user()/edit_user() can deal with adding new users of any defined role. Fixes #18749.
git-svn-id: https://develop.svn.wordpress.org/trunk@19686 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-05 20:38:40 +00:00
Andrew Nacin bb89b80c5b Remove remnants of show_admin_bar_admin. see #18811, see #18197.
git-svn-id: https://develop.svn.wordpress.org/trunk@18812 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-29 06:12:51 +00:00
Jon Cave 60d321b14b Fix typos in documentation (wp-admin/). See #18560.
git-svn-id: https://develop.svn.wordpress.org/trunk@18632 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-03 14:18:10 +00:00
Ryan Boren 1d3e616495 Introduce metadata_exists(), WP_User::get_data_by(), WP_User::get(), WP_User::has_prop(). Don't fill user objects with meta. Eliminate data duplication in cache and memory. Props scribu. see #15458
git-svn-id: https://develop.svn.wordpress.org/trunk@18597 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-24 19:32:59 +00:00
Ryan Boren bf811456b4 Admin bar visibility prefs. Props duck_. see #15829
git-svn-id: https://develop.svn.wordpress.org/trunk@17032 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-17 21:48:30 +00:00
Ryan Boren 36a4508140 Update since phpdoc. Props demetris. fixes #15445
git-svn-id: https://develop.svn.wordpress.org/trunk@16660 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-01 19:24:38 +00:00
Andrew Nacin 1612e23e86 We don't want a populated WP_User object here. see #14642.
git-svn-id: https://develop.svn.wordpress.org/trunk@16443 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-18 00:26:29 +00:00
Andrew Nacin 8d9b2cd2b3 Properly check, initialize, or cast a number of variables. props ChenHui. see #14642.
git-svn-id: https://develop.svn.wordpress.org/trunk@16377 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-15 06:38:10 +00:00
Andrew Nacin 6d20960c97 Pass user object through _wp_get_user_contactmethods() to the user_contactmethods filter. props aaroncampbell, fixes #15186.
git-svn-id: https://develop.svn.wordpress.org/trunk@15896 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-21 15:42:06 +00:00
Ryan Boren 8da08f0073 Fix notice when creating users. Props coffee2code. fixes #14286
git-svn-id: https://develop.svn.wordpress.org/trunk@15799 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-13 20:26:43 +00:00
Mark Jaquith dfa0e20a64 Fix an English fail.
git-svn-id: https://develop.svn.wordpress.org/trunk@15740 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-07 08:04:15 +00:00
Andrew Nacin 66874878a1 Don't show the default password nag on the profile screen. props duck_, fixes #14861.
git-svn-id: https://develop.svn.wordpress.org/trunk@15614 602fd350-edb4-49c9-b593-d223f7449a82
2010-09-13 16:49:04 +00:00
scribu 33f73ce32f Deprecated get_editable_user_ids() altogether, along with similar, unused functions. See #14572
git-svn-id: https://develop.svn.wordpress.org/trunk@15542 602fd350-edb4-49c9-b593-d223f7449a82
2010-08-27 01:07:21 +00:00
scribu 0b1b005b66 Deprecate unused get_author_user_ids()and get_editable_authors(). See #14572
git-svn-id: https://develop.svn.wordpress.org/trunk@15540 602fd350-edb4-49c9-b593-d223f7449a82
2010-08-27 00:22:29 +00:00
scribu 8993abd1be use get_users() in get_editable_user_ids() and cache result. See #14572
git-svn-id: https://develop.svn.wordpress.org/trunk@15539 602fd350-edb4-49c9-b593-d223f7449a82
2010-08-27 00:18:57 +00:00
scribu fb9394167f Ajaxify list-type screens in the admin. See #14579
git-svn-id: https://develop.svn.wordpress.org/trunk@15491 602fd350-edb4-49c9-b593-d223f7449a82
2010-08-11 21:54:51 +00:00
Ryan Boren 494ee995b5 Use get_current_user() and get_current_user_id() instead of global . Props filofo. see #13934 for trunk
git-svn-id: https://develop.svn.wordpress.org/trunk@15315 602fd350-edb4-49c9-b593-d223f7449a82
2010-06-24 15:01:29 +00:00
Peter Westwood 38407f0af5 Fix the default password nag clearer to work when an admin sets someone elses password away from the default. Fixes #12334.
git-svn-id: https://develop.svn.wordpress.org/trunk@14608 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-13 21:08:01 +00:00
Andrew Nacin 490a0a99cd More typos. see #13358.
git-svn-id: https://develop.svn.wordpress.org/trunk@14588 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-12 21:03:33 +00:00
Andrew Nacin 323342deec Move post type object capabilities to a 'cap' object. Allow them to be initialized via the 'capabilities' key (an array) when registering support for the post type. Caps are now referred to by the name of the cap as if it was a post, i.e. ->cap->edit_post. see #13358.
git-svn-id: https://develop.svn.wordpress.org/trunk@14585 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-12 20:45:18 +00:00
Ryan Boren 56e95f24c5 Fix user validation feedback. Props sivel. fixes #13162
git-svn-id: https://develop.svn.wordpress.org/trunk@14428 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-03 23:46:42 +00:00
Ryan Boren 172c975f2d User deletion fixes. Props yoavf. fixes #13242
git-svn-id: https://develop.svn.wordpress.org/trunk@14422 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-03 23:04:42 +00:00
Andrew Nacin 01369d744f Some default password nag and user-edit div.error style cleanups.
git-svn-id: https://develop.svn.wordpress.org/trunk@14261 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-27 21:57:18 +00:00
Nikolay Bachiyski ebb05d65d4 Split the default password nag text to several translatable strings
git-svn-id: https://develop.svn.wordpress.org/trunk@14170 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-20 17:15:07 +00:00
Ron Rennick 46fe5b484f use meta caps in [14032], see #12109
git-svn-id: https://develop.svn.wordpress.org/trunk@14033 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-07 21:04:42 +00:00
Ryan Boren e53c2d4da4 User is_super_admin(). Props ocean90. fixes #12888
git-svn-id: https://develop.svn.wordpress.org/trunk@14032 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-07 15:28:10 +00:00
Andrew Nacin b4ae4c89e9 Allow "No role for this blog" to be chosen on user-edit. Add defensive checks for a few potential notices. fixes #10833
git-svn-id: https://develop.svn.wordpress.org/trunk@13961 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-03 08:08:12 +00:00
Andrew Nacin 5be7345c1b Use correct cap in get_editable_user_ids(). edit_cap is the meta cap (edit_post) and needs a post id passed, edit_type_cap is the primitive edit_posts cap.
git-svn-id: https://develop.svn.wordpress.org/trunk@13955 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-03 04:38:20 +00:00
Ryan Boren a7ef69777b Use wpdb->prefix instead of wpdb->base_prefix(). base_prefix() does not return the correct prefix when a blog ID is not passed.
git-svn-id: https://develop.svn.wordpress.org/trunk@13947 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-02 17:23:36 +00:00
Andrew Nacin fb7ea4ea42 Allow MS cape-wearers to demote their blog roles to something without the edit_users cap. see #12387
git-svn-id: https://develop.svn.wordpress.org/trunk@13934 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-02 04:30:00 +00:00
Andrew Nacin 11dfbcba06 Password nag string cleanup. Could be good to also increase the line-height on div.updated/error at some point.
git-svn-id: https://develop.svn.wordpress.org/trunk@13844 602fd350-edb4-49c9-b593-d223f7449a82
2010-03-27 07:22:05 +00:00