WordPress' code just... wasn't.
This is now dealt with.
Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes#41057.
git-svn-id: https://develop.svn.wordpress.org/trunk@42343 602fd350-edb4-49c9-b593-d223f7449a82
`session.php` is occasionally included directly by custom external code, so should continue to be available. This behaviour is deprecated.
Partial revert of [38373].
See #36335, #39027.
git-svn-id: https://develop.svn.wordpress.org/trunk@39453 602fd350-edb4-49c9-b593-d223f7449a82
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.
Fixes#36921.
git-svn-id: https://develop.svn.wordpress.org/trunk@37544 602fd350-edb4-49c9-b593-d223f7449a82
* In `WP_Importer->is_user_over_quota()`, the default value for the first argument for `upload_is_user_over_quota()` is `true`. Don't bother passing `1`.
* When calling `submit_button()` with no `$name`, pass empty string instead of `false`.
* The default value for the 2nd argument to `get_edit_post_link()` is `'display'`. Because PHP is PHP, passing `true` is the same as passing `'display'` or nothing. Don't bother passing `true`.
* In `WP_User_Meta_Session_Tokens::drop_sessions()`, pass `0` instead of `false` to `delete_metadata()` as the value for `$object_id`, which expects an int.
See #30799.
git-svn-id: https://develop.svn.wordpress.org/trunk@31220 602fd350-edb4-49c9-b593-d223f7449a82
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.
The protected abstract methods designed for alternative implementations remain the same.
props mdawaffe.
see #20276.
git-svn-id: https://develop.svn.wordpress.org/trunk@29635 602fd350-edb4-49c9-b593-d223f7449a82
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.
Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().
This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.
props duck_, nacin, mdawaffe.
see #20276.
git-svn-id: https://develop.svn.wordpress.org/trunk@29221 602fd350-edb4-49c9-b593-d223f7449a82
