Commit Graph

214 Commits

Author SHA1 Message Date
Mark Jaquith f120a109ff Combat Chrome's insanely aggressive user/pass autofilling ಠ_ಠ
Chrome now ignores `autocomplete="off"` in <input>, so this hack uses
a hidden, non-named, non-empty input, right before the password field.

see #24364. props azaozz, nacin, bobbingwide, aaroncampbell.

git-svn-id: https://develop.svn.wordpress.org/trunk@24552 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-03 21:24:02 +00:00
Mark Jaquith a6177929c4 Rejigger some whitespace in anticipation of a fix for #24364.
see #24364

git-svn-id: https://develop.svn.wordpress.org/trunk@24551 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-03 21:23:55 +00:00
Dominik Schilling (ocean90) f05db78268 Add a label to the second password field on User New and User Edit screen. props MikeHansenMe. fixes #20294.
git-svn-id: https://develop.svn.wordpress.org/trunk@24531 602fd350-edb4-49c9-b593-d223f7449a82
2013-06-30 11:13:34 +00:00
Andrew Nacin 865defcb1a Revert [24291] pending further discussion and sleuthing. see #24364.
git-svn-id: https://develop.svn.wordpress.org/trunk@24317 602fd350-edb4-49c9-b593-d223f7449a82
2013-05-22 18:37:43 +00:00
Andrew Ozz ea91e4bcab Fix Chrome disregarding autocomplete="off" for password fields. Add autocomplete="off" to forms where the users can choose new password. Fixes #24364.
git-svn-id: https://develop.svn.wordpress.org/trunk@24291 602fd350-edb4-49c9-b593-d223f7449a82
2013-05-18 22:56:21 +00:00
Ryan Boren 9f3b5a4c4b Remove obsolete TODO.
Props wonderboymusic
fixes #11635


git-svn-id: https://develop.svn.wordpress.org/trunk@24247 602fd350-edb4-49c9-b593-d223f7449a82
2013-05-14 12:44:44 +00:00
Ryan Boren f1a3189b22 Cleanup additional capabilities display in user-edit.php. Mark a string for translation.
Props johnjamesjacoby, SergeyBiryukov
fixes #14267


git-svn-id: https://develop.svn.wordpress.org/trunk@23737 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-18 13:27:57 +00:00
Ryan Boren 37fae23001 Always wp_unslash() the return of wp_get_referer().
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23570 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 17:20:32 +00:00
Ryan Boren c363aea627 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23554 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:28:40 +00:00
Andrew Nacin 780c74d246 Remove unused variables reset by wp_reset_vars(). Many of these haven't been used since b2. see #21767.
git-svn-id: https://develop.svn.wordpress.org/trunk@23445 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-16 18:28:41 +00:00
Ryan Boren a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Sergey Biryukov e135387172 Only show "There is a pending change of your e-mail..." message on the current user's profile page. fixes #23146.
git-svn-id: https://develop.svn.wordpress.org/trunk@23364 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-01 01:50:19 +00:00
Andrew Nacin a164ab840b As wp_dropdown_roles() only prints editable roles, ensure that the
"selected" role passed into it on the user-edit screen is editable.

props johnjamesjacoby. see #22361.



git-svn-id: https://develop.svn.wordpress.org/trunk@22687 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-19 19:23:54 +00:00
Ryan Boren 2086631047 Remove unnecessary label. Props waclawjacek. fixes #17978
git-svn-id: https://develop.svn.wordpress.org/trunk@21927 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-20 13:59:39 +00:00
Ryan Boren 19252e7462 Allow granting the network admin email user super admin. Props JustinSainton, garyc40. fixes #16629
git-svn-id: https://develop.svn.wordpress.org/trunk@21925 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-20 13:50:35 +00:00
Ryan Boren 9580f65af6 Allow passing stdClass and WP_User to wp_insert_user() and wp_update_user(). Introduce WP_User::to_array(). Eliminate uses of get_object_vars() when passing to wp_*_user(). fixes #21429
git-svn-id: https://develop.svn.wordpress.org/trunk@21496 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-10 15:36:54 +00:00
Ryan Boren d2774833b2 Introduce get_edit_user_link(). Props scribu, georgestephanis, johnbillion. fixes #14787 see #20307
git-svn-id: https://develop.svn.wordpress.org/trunk@21364 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-30 18:30:03 +00:00
Andrew Nacin 6ef3ff3062 Remove charset attribute from script elements. props neoxx, fixes #21146.
git-svn-id: https://develop.svn.wordpress.org/trunk@21204 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-03 13:27:14 +00:00
Andrew Ozz ba848978ac Do not clear the old values in "Display name publicly as" drop-down on the user profile screen, append new values there when the user changes any of20747 the name fields, fixes #20747
git-svn-id: https://develop.svn.wordpress.org/trunk@20964 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-30 21:54:33 +00:00
Andrew Nacin ce48b0d471 Revert type="email" (HTML5) as some browsers that do validation on these fields do not work for IDN domains yet. Core does not support these well either, but server-side validation can at least be dealt with by a plugin. see #17863.
git-svn-id: https://develop.svn.wordpress.org/trunk@20196 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-15 18:09:14 +00:00
Andrew Ozz fcbd8f7f57 Set proper HTML5 input types in the admin, props georgestephanis, fixes #17863
git-svn-id: https://develop.svn.wordpress.org/trunk@20168 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-10 01:23:48 +00:00
Ryan Boren 2b186b0c45 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: https://develop.svn.wordpress.org/trunk@19712 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-08 17:01:11 +00:00
Ryan Boren 5e76729992 One newline is enough.
git-svn-id: https://develop.svn.wordpress.org/trunk@19684 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-05 20:10:39 +00:00
Ryan Boren c9b84969c3 s/Admin Bar/Toolbar/. Props ocean90. fixes #19461
git-svn-id: https://develop.svn.wordpress.org/trunk@19569 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-08 16:49:16 +00:00
Andrew Nacin 57da602f61 Help tweaks for users, tools. props jane, see #19020.
git-svn-id: https://develop.svn.wordpress.org/trunk@19509 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-01 01:17:14 +00:00
Daryl Koopersmith 3b7414641b Update help content for user edit page. props Ipstenu, see #19020.
git-svn-id: https://develop.svn.wordpress.org/trunk@19459 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-28 16:32:33 +00:00
Andrew Nacin a4f3850205 Show 'Profile updated' for profile.php. props johnbillion, fixes #19053.
git-svn-id: https://develop.svn.wordpress.org/trunk@19285 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-14 22:09:15 +00:00
Andrew Nacin 33ee9a7d04 s/add_help_sidebar/set_help_sidebar/g and introduce screen->remove_help_tab($id) and screen->remove_help_tabs(). see #19020, #18785.
git-svn-id: https://develop.svn.wordpress.org/trunk@19119 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-02 20:14:10 +00:00
Ryan Boren db63861af8 Use add_help_sidebar(). see #19020
git-svn-id: https://develop.svn.wordpress.org/trunk@19111 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-02 03:12:37 +00:00
Ryan Boren 9566269dfc Validation fix for user-edit.php. Props sorich87. fixes #18921
git-svn-id: https://develop.svn.wordpress.org/trunk@18953 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-12 19:47:00 +00:00
Andrew Nacin d021bbd1d4 Force the admin bar on in the admin as it is now integrated. Removes the second UI option. Leaves out the upgrade routine for now. see #18197.
git-svn-id: https://develop.svn.wordpress.org/trunk@18700 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-17 22:26:01 +00:00
Andrew Nacin 4ae79da741 Add 'Add New' buttons to edit links, edit media, and edit user screens. props sbressler, fixes #17499.
git-svn-id: https://develop.svn.wordpress.org/trunk@17975 602fd350-edb4-49c9-b593-d223f7449a82
2011-05-19 19:52:11 +00:00
Andrew Nacin f504e221e1 Switch from Panel/SubPanel to Screen in inline documentation and Codex links. props michaelh, fixes #17265.
git-svn-id: https://develop.svn.wordpress.org/trunk@17748 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-28 15:24:49 +00:00
Ryan Boren 5b090267f0 Back to Authors and Users should say Back to Users. Props SergeyBiryukov. fixes #16054
git-svn-id: https://develop.svn.wordpress.org/trunk@17657 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-18 21:53:15 +00:00
Dion Hulse 739e666801 Add missing closing fieldset tag. Props bluntelk. Fixes #17042 for trunk
git-svn-id: https://develop.svn.wordpress.org/trunk@17593 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-04 08:04:41 +00:00
Andrew Ozz 44a5c913d8 Fix display of apostrophes in the user's first and last names on the User Profile page, partial props andrewryno, see #17004
git-svn-id: https://develop.svn.wordpress.org/trunk@17587 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-01 20:40:16 +00:00
Andrew Nacin f9eb15c0ce Remove cryptic bitwise check. Todo, CPT/supports checks. see #17005.
git-svn-id: https://develop.svn.wordpress.org/trunk@17574 602fd350-edb4-49c9-b593-d223f7449a82
2011-03-31 06:33:20 +00:00
Mark Jaquith 0c02c273cb Remove unused/non-functional code with old-style CSRF checking. see #16499
git-svn-id: https://develop.svn.wordpress.org/trunk@17381 602fd350-edb4-49c9-b593-d223f7449a82
2011-02-03 07:23:05 +00:00
Andrew Nacin 6d4007a6ee Err, oops. Put the class on the table row. props yoast, see [17234], see #16004.
git-svn-id: https://develop.svn.wordpress.org/trunk@17235 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-07 16:47:39 +00:00
Andrew Nacin 465650292a Revert _admin_bar_preferences() and add a class to the table row to allow it to be hidden. Forcing the use of CSS at least attempts to ensure that the developer will recognize that the saving aspect isn't handled. Handle this in the future across all settings screens. Reverts [17161]. fixes #16004.
git-svn-id: https://develop.svn.wordpress.org/trunk@17234 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-07 16:39:18 +00:00
Andrew Nacin e1ffe72def Allow us to return from whence we came. Specify wp_http_referer for user-edit in the network admin, as we may come from network/users or site-users. props PeteMall, SergeyBiryukov, fixes #16053.
git-svn-id: https://develop.svn.wordpress.org/trunk@17201 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-01 22:30:46 +00:00
Andrew Nacin cf122e2b22 Move the admin bar profile preferences to a hook. fixes #16004.
git-svn-id: https://develop.svn.wordpress.org/trunk@17161 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-28 19:37:11 +00:00
Andrew Nacin ae22a6d462 Tag textareas escaped earlier with textarea_escaped. see #15454.
git-svn-id: https://develop.svn.wordpress.org/trunk@17141 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-25 17:58:01 +00:00
Andrew Nacin c7397ea1ec Final string tweaks to admin bar preferences. props jane, fixes #15829.
git-svn-id: https://develop.svn.wordpress.org/trunk@17095 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-21 14:45:55 +00:00
Andrew Nacin 7d38302ca0 String changes to admin bar preferences. props jane, see #15829.
git-svn-id: https://develop.svn.wordpress.org/trunk@17055 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-19 05:23:25 +00:00
Ryan Boren bf811456b4 Admin bar visibility prefs. Props duck_. see #15829
git-svn-id: https://develop.svn.wordpress.org/trunk@17032 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-17 21:48:30 +00:00
Ryan Boren 712aeeae45 Don't show super admin checkbox for the user that has the network admin email address. Props duck_. fixes #14051
git-svn-id: https://develop.svn.wordpress.org/trunk@16767 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-07 18:10:16 +00:00
Andrew Nacin d7ddf41809 Don't double-escape user description. see #15454.
git-svn-id: https://develop.svn.wordpress.org/trunk@16744 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-06 08:55:09 +00:00
Pete Mall 6bf48a4d50 Ignore role selector in network admin user-edit. See #14435.
git-svn-id: https://develop.svn.wordpress.org/trunk@16563 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-24 08:06:38 +00:00
Andrew Nacin 1715830cf9 Codex links should open in a new window. fixes #14665, props qwertymaniac.
git-svn-id: https://develop.svn.wordpress.org/trunk@16448 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-18 03:26:03 +00:00