* Deleting a site is permanent action, so the terminology around site deletion has been updated to reflect that.
* Site deactivation has been renamed to "Flag for Deletion", and a site with this status is no longer incorrectly shown as "Deleted".
* Extra helper text has been added to the screen shown when changing a site's status to make the effects clearer to Super Admins.
Props kawauso, ryan_b, wonderboymusic, nacin, DrewAPicture, martythornley, SergeyBiryukov, jeremyfelt, ideag, jorbin, sukhendu2002, johnbillion, realloc.
Fixes#15801
Built from https://develop.svn.wordpress.org/trunk@60358
git-svn-id: http://core.svn.wordpress.org/trunk@59694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit removes an unnecessary `is_wp_error()` check, as the `WP_Error` instance is created earlier in the method, and the only mutability is whether the instance actually `::has_errors()`.
Follow-up to [49109].
Props justlevine.
See #63268.
Built from https://develop.svn.wordpress.org/trunk@60310
git-svn-id: http://core.svn.wordpress.org/trunk@59646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a check in `wp_insert_user()` to ensure the username doesn't have a length of zero after sanitization removes invalid characters.
Props kalpeshh, missveronicatv, rayhatron, rinkalpagdar, sergeybiryukov, thehercules.
Fixes#57635.
Built from https://develop.svn.wordpress.org/trunk@60288
git-svn-id: http://core.svn.wordpress.org/trunk@59624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces the filter `pre_count_many_users_posts()` to allow developers to bypass the function in favour of either avoiding counts or their own counting functionality.
Props audrasjb, ethitter, jigar-bhanushali, jorbin.
Fixes#63004.
Built from https://develop.svn.wordpress.org/trunk@59900
git-svn-id: http://core.svn.wordpress.org/trunk@59242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Passwords and security keys that were saved in prior versions of WordPress will continue to work. Each user's password will be opportunistically rehashed and resaved when they next subsequently log in using a valid password.
The following new functions have been introduced:
* `wp_password_needs_rehash()`
* `wp_fast_hash()`
* `wp_verify_fast_hash()`
The following new filters have been introduced:
* `password_needs_rehash`
* `wp_hash_password_algorithm`
* `wp_hash_password_options`
Props ayeshrajans, bgermann, dd32, deadduck169, desrosj, haozi, harrym, iandunn, jammycakes, joehoyle, johnbillion, mbijon, mojorob, mslavco, my1xt, nacin, otto42, paragoninitiativeenterprises, paulkevan, rmccue, ryanhellyer, scribu, swalkinshaw, synchro, th23, timothyblynjacobs, tomdxw, westi, xknown.
Additional thanks go to the Roots team, Soatok, Calvin Alkan, and Raphael Ahrens.
Fixes#21022, #44628
Built from https://develop.svn.wordpress.org/trunk@59828
git-svn-id: http://core.svn.wordpress.org/trunk@59170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduced caching for the `count_user_posts` function to reduce redundant database queries. This ensures better performance by storing and reusing query results when possible. Additionally, sanitized and sorted the `$post_type` array to avoid invalid queries.
Props spacedmonkey, peterwilsoncc, mamaduka, flixos90, johnjamesjacoby, swissspidy, dilip2615, johnregan3, wpgurudev, desrosj, milindmore22, Krstarica, dilipom13.
Fixes#39242.
Built from https://develop.svn.wordpress.org/trunk@59817
git-svn-id: http://core.svn.wordpress.org/trunk@59159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Values passed to parameters with this attribute will be redacted if present in a stack trace when using PHP 8.2 or later. This reduces the chance that passwords and security keys get accidentally exposed in debug logs and bug reports.
Props petitphp, TobiasBg, jrf, johnbillion.
Fixes#57304
Built from https://develop.svn.wordpress.org/trunk@59754
git-svn-id: http://core.svn.wordpress.org/trunk@59096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Document that unserialised data types are stored as strings in the database and returned as such by the meta data functions. For example, setting meta data to the integer value `1` will be returned as `"1"` when subsequently queried via `get_metadata()` and the related functions.
Props sukhendu2002, azaozz, jrf, rodrigosprimo.
Fixes ticket:61950.
Built from https://develop.svn.wordpress.org/trunk@59657
git-svn-id: http://core.svn.wordpress.org/trunk@59000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this change a new session was unnecessarily created when a user changed their own password.
Existing authentication cookies for the user will still be invalidated regardless of whether they share the same session token because session cookie keys contain a substring of the password hash.
Props snicco, narenin, johnbillion
Fixes#61366
Built from https://develop.svn.wordpress.org/trunk@59633
git-svn-id: http://core.svn.wordpress.org/trunk@58996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves a "passing null to non-nullable" deprecation notice on PHP 8.1+:
{{{
Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated
}}}
Follow-up to [50129], [54477].
Props afragen, peterwilsoncc, SergeyBiryukov.
Fixes#62298.
Built from https://develop.svn.wordpress.org/trunk@59312
git-svn-id: http://core.svn.wordpress.org/trunk@58698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This removes a redundant check for a falsey value, which is equivalent to the `empty()` check directly before.
Includes minor adjustments in the unit test:
* Adding a `@covers` tag.
* Correcting the description for clarity.
* Using `assertSame()` for strict type checking.
Follow-up to [59216].
See #60299.
Built from https://develop.svn.wordpress.org/trunk@59232
git-svn-id: http://core.svn.wordpress.org/trunk@58624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When checking for updates to use_ssl, use strings for the comparison values, matching the stored values. Fixes an issue where calls to wp_update_user updated the database meta value for use_ssl even when the value was missing or unchanged.
Props prettyboymp, rajinsharwar, adamsilverstein, johnbillion, rayhatron, mukesh27, joemcgill.
Fixes#60299.
Built from https://develop.svn.wordpress.org/trunk@59216
git-svn-id: http://core.svn.wordpress.org/trunk@58609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add `get_user()` as an alias for `get_user_by( 'id', $user_id )`. Add `get_user()` to `user.php` so it is not a pluggable function. Bring parity with other standard `get_` functions for a more intuitive developer experience.
Props sc0ttkclark, kushang78, joedolson, peterwilsoncc.
Fixes#35124.
Built from https://develop.svn.wordpress.org/trunk@59111
git-svn-id: http://core.svn.wordpress.org/trunk@58507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a note that the functions return either an empty array or an empty string for a valid but non-existing ID, depending on the `$single` parameter.
Follow-up to [48658], [50641].
Props rodrigosprimo, jrf.
See #61608.
Built from https://develop.svn.wordpress.org/trunk@58962
git-svn-id: http://core.svn.wordpress.org/trunk@58358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When WordPress sends out a password-reset or new-user email, it generates
a link for someone to follow in order to take them to the reset page. If
the user login name ends in a period, however, that generated URL will
end in a period and many email clients will confuse it with a
sentence-ending period instead of being part of the query arguments.
In this patch, the generated URL's query argument are rearranged so that
the link will never end in a period. Alternative ideas were explored to
create a new function to escape URL-ending periods, but this patch resolves
the reported problem without raising any further architectural questions.
Developed in https://github.com/WordPress/wordpress-develop/pull/6834
Discussed in https://core.trac.wordpress.org/ticket/42957
Props audrasjb, costdev, daveagp, dmsnell, hellofromTonya, markparnell, mukesh27, nhrrob, obrienlabs, paulcline.
Fixes#42957.
Built from https://develop.svn.wordpress.org/trunk@58674
git-svn-id: http://core.svn.wordpress.org/trunk@58076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset ensures the `user_activation_key` is flushed after successful login, so reset password links can not be used anymore after the user successfully log into their dashboard.
Props nsinelnikov, rajinsharwar, Rahmohn, oglekler, hellofromTonya.
Fixes#58901.
See #32429
Built from https://develop.svn.wordpress.org/trunk@58333
git-svn-id: http://core.svn.wordpress.org/trunk@57789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Any usage of `'who' => 'authors'` should be updated to use capability queries instead.
Includes documenting the capability query parameters in `wp_dropdown_users()`.
Follow-up to [51943].
Props kkmuffme, swissspidy, SergeyBiryukov.
See #61243.
Built from https://develop.svn.wordpress.org/trunk@58172
git-svn-id: http://core.svn.wordpress.org/trunk@57635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces two functions:
* `wp_is_serving_rest_request()` returns a boolean for whether WordPress is serving an actual REST API request.
* `wp_is_rest_endpoint()` returns a boolean for whether a WordPress REST API endpoint is currently being used. While this is always the case if `wp_is_serving_rest_request()` returns `true`, the function additionally covers the scenario of internal REST API requests, i.e. where WordPress calls a REST API endpoint within the same request.
Both functions should only be used after the `parse_request` action.
All relevant manual checks have been adjusted to use one of the new functions, depending on the use-case. They were all using the same constant check so far, while in fact some of them were intending to check for an actual REST API request while others were intending to check for REST endpoint usage.
A new filter `wp_is_rest_endpoint` can be used to alter the return value of the `wp_is_rest_endpoint()` function.
Props lots.0.logs, TimothyBlynJacobs, flixos90, joehoyle, peterwilsoncc, swissspidy, SergeyBiryukov, pento, mikejolley, iandunn, hellofromTonya, Cybr, petitphp.
Fixes#42061.
Built from https://develop.svn.wordpress.org/trunk@57312
git-svn-id: http://core.svn.wordpress.org/trunk@56818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a micro-optimization that removes a few unnecessary function calls.
Follow-up to [31188], [34369], [38986], [41159], [43211], [43230], [44606], [45757].
Props ayeshrajans, jrf, rajinsharwar, costdev, mukesh27, SergeyBiryukov.
Fixes#58943.
Built from https://develop.svn.wordpress.org/trunk@56352
git-svn-id: http://core.svn.wordpress.org/trunk@55864 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This also introduces `wp_is_password_reset_allowed_for_user()` which returns `false` when password reset is not allowed for a specific user. This can be
filtered by developers using the existing `allow_password_reset` hook.
Props ocean90, cshark, robinwpdeveloper, tahmina1du, kraftbj.
Fixes#58194.
Built from https://develop.svn.wordpress.org/trunk@56150
git-svn-id: http://core.svn.wordpress.org/trunk@55662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` and `str_ends_with()` were introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins or ends with the given substring (needle).
WordPress core includes a polyfill for these functions on PHP < 8.0 as of WordPress 5.9.
This commit uses `str_starts_with()` and `str_ends_with()` in core files where appropriate:
* `$needle === substr( $string, 0, $length )`, where `$length` is the length of `$needle`, is replaced with `str_starts_with( $haystack, $needle )`.
* `$needle === substr( $string, $offset )`, where `$offset` is negative and the absolute value of `$offset` is the length of `$needle`, is replaced with `str_ends_with( $haystack, $needle )`.
This aims to make the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987], [55988].
Props Soean, spacedmonkey, Clorith, ocean90, azaozz, sabernhardt, SergeyBiryukov.
Fixes#58220.
Built from https://develop.svn.wordpress.org/trunk@55990
git-svn-id: http://core.svn.wordpress.org/trunk@55502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
Built from https://develop.svn.wordpress.org/trunk@55988
git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [36566] a framework to lazily load metadata was introduced. This supported term and comment meta by default. In this commit, extends support for site ( blog ) meta. Site meta is not heavily used by core and is used by developers to extend multisite. In this change, `_prime_site_caches` and `WP_Site_Query` now call the new function `wp_lazyload_site_meta`. The function `wp_lazyload_site_meta` accepts an array of ids and adds them to the queue of metadata to be lazily loaded. The function `get_blogs_of_user` was updated to now lazily load site meta.
Follow on from [55671].
Props spacedmonkey, johnjamesjacoby, peterwilsoncc, mukesh27.
Fixes#58185.
Built from https://develop.svn.wordpress.org/trunk@55747
git-svn-id: http://core.svn.wordpress.org/trunk@55259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
Built from https://develop.svn.wordpress.org/trunk@55703
git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
