This commit updates the `wp_send_user_request()` function so that the updated confirmation key of the request is available to both the confirmation URL and the subsequent filters (specifically `user_request_action_email_content`).
This maintains the existing behavior of generating a new key just-in-time before every user request email is sent.
Props birgire, dingo_d, garrett-eclipse, johnjamesjacoby.
Fixes#44940.
Built from https://develop.svn.wordpress.org/trunk@61137
git-svn-id: http://core.svn.wordpress.org/trunk@60473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [33771], is_user_member_of_blog() was optimised to improve the performance of get_blogs_of_user().
That change used $meta_key = '' to fetch all user meta, which can cause unnecessary data loading and makes it difficult to use the get_{$meta_type}_metadata filter. When all meta keys are retrieved, it’s not possible to tell which specific meta value is being requested for short-circuiting or custom handling.
This commit updates the logic to request only the meta key related to the blog’s capability check, reducing overhead and improving compatibility with metadata filters.
Props rinatkhaziev, spacedmonkey.
Fixes#63989.
Built from https://develop.svn.wordpress.org/trunk@60992
git-svn-id: http://core.svn.wordpress.org/trunk@60328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [36566], a framework for lazily loading metadata was introduced, initially supporting term and comment meta. This commit extends that support to user meta.
User meta can contain a large amount of data that is not always needed, particularly on the front end. To address this, cache_users() now calls the new function wp_lazyload_user_meta(). This function accepts an array of user IDs and adds them to the queue of metadata to be lazily loaded.
Follows on from [55671], [55747].
Props spacedmonkey, westonruter.
Fixes#63021.
Built from https://develop.svn.wordpress.org/trunk@60989
git-svn-id: http://core.svn.wordpress.org/trunk@60325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces object caching to the `count_many_users_posts()` function.
Argument equivalency is checked prior to generating the cache key to ensure that the same cache is hit regardless of array order for users and post types. For example `count_many_users_posts( [ 1, 2 ] )` will hit the same cache as `count_many_users_posts( [ 2, 1 ] )`.
Props adamsilverstein, flixos90, kalpeshh, rollybueno, sachinrajcp123, shailu25, sirlouen, spacedmonkey, westonruter, wildworks.
Fixes#63045.
Built from https://develop.svn.wordpress.org/trunk@60941
git-svn-id: http://core.svn.wordpress.org/trunk@60277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [60634], `wp_set_password` is now fired during new user creation and existing user updates when a password is changed. `wp_set_password` expects the third argument to be a `WP_User` object of the user's data prior to the update. This change simply passes the newly created `WP_User` object.
Follow-up to [60634].
Props dd32.
See #22114.
Built from https://develop.svn.wordpress.org/trunk@60712
git-svn-id: http://core.svn.wordpress.org/trunk@60048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Query-based caches are now improved by reusing cache keys. Previously, cache keys for query caches were generated using the `last_changed` value as part of the key. This meant that whenever `last_changed` was updated, all the previously cached values for the group became unreachable.
The new approach allows WordPress to replace previously cached results that are known to be stale. The previous approach relied on the object cache backend evicting stale keys which is done at various levels of efficiency.
To address this, the following new helper functions have been introduced:
* wp_cache_get_salted
* wp_cache_set_salted
* wp_cache_get_multiple_salted
* wp_cache_set_multiple_salted
These functions provide a consistent way to get/set query caches. Instead of using the last_changed value as part of the cache key, it is now stored inside the cache value as a "salt". This allows cache keys to be reused, with values updated in place rather than relying on eviction of outdated entries.
Props spacedmonkey, peterwilsoncc, flixos90, sanchothefat, tillkruess, rmccue, mukesh27, adamsilverstein, owi, nickchomey.
Built from https://develop.svn.wordpress.org/trunk@60697
git-svn-id: http://core.svn.wordpress.org/trunk@60033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Modifies `wp_insert_user()` to throw the warning `The user_pass field is required when creating a new user. The user will need to reset their password before logging in.` when called without the `user_pass` argument defined.
This avoids a mix of warnings being thrown depending on the version of PHP the system is running on, anywhere between zero and three.
To retain backward compatibility the user is created with an empty password. As WordPress does not accept an empty password during authentication, this will require the newly created user complete the password reset process.
Props dd32, hbhalodia, iamadisingh, mindctrl, rollybueno, sheldorofazeroth, shilpaashokan94
Fixes#63770.
Built from https://develop.svn.wordpress.org/trunk@60650
git-svn-id: http://core.svn.wordpress.org/trunk@59986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The three default contact methods (AIM, Yahoo IM, Jabber) were removed for new installations in WordPress 3.6.
This commit removes the remaining references from the codebase, as the associated services were discontinued quite a while ago.
The `user_contactmethods` filter is available for adding or removing contact methods.
Follow-up to [23588], [25606].
Props butterflymedia, birgire, Presskopp, yashjawale, SergeyBiryukov.
Fixes#44374.
Built from https://develop.svn.wordpress.org/trunk@60644
git-svn-id: http://core.svn.wordpress.org/trunk@59980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Various filters and actions fire during user creation and editing, making available all manner of user data to be acted upon by custom code. However, a user's password was not included in the data that was made available.
This change now fires an existing action, `wp_set_password`, during initial user creation and when an existing user's password is updated.
Props ChloeD, scribu, dd32, pento, chriscct7, johnbillion, logicrays, nimeshatxecurify.
Fixes#22114.
Built from https://develop.svn.wordpress.org/trunk@60634
git-svn-id: http://core.svn.wordpress.org/trunk@59970 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Deleting a site is permanent action, so the terminology around site deletion has been updated to reflect that.
* Site deactivation has been renamed to "Flag for Deletion", and a site with this status is no longer incorrectly shown as "Deleted".
* Extra helper text has been added to the screen shown when changing a site's status to make the effects clearer to Super Admins.
Props kawauso, ryan_b, wonderboymusic, nacin, DrewAPicture, martythornley, SergeyBiryukov, jeremyfelt, ideag, jorbin, sukhendu2002, johnbillion, realloc.
Fixes#15801
Built from https://develop.svn.wordpress.org/trunk@60358
git-svn-id: http://core.svn.wordpress.org/trunk@59694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit removes an unnecessary `is_wp_error()` check, as the `WP_Error` instance is created earlier in the method, and the only mutability is whether the instance actually `::has_errors()`.
Follow-up to [49109].
Props justlevine.
See #63268.
Built from https://develop.svn.wordpress.org/trunk@60310
git-svn-id: http://core.svn.wordpress.org/trunk@59646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a check in `wp_insert_user()` to ensure the username doesn't have a length of zero after sanitization removes invalid characters.
Props kalpeshh, missveronicatv, rayhatron, rinkalpagdar, sergeybiryukov, thehercules.
Fixes#57635.
Built from https://develop.svn.wordpress.org/trunk@60288
git-svn-id: http://core.svn.wordpress.org/trunk@59624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces the filter `pre_count_many_users_posts()` to allow developers to bypass the function in favour of either avoiding counts or their own counting functionality.
Props audrasjb, ethitter, jigar-bhanushali, jorbin.
Fixes#63004.
Built from https://develop.svn.wordpress.org/trunk@59900
git-svn-id: http://core.svn.wordpress.org/trunk@59242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Passwords and security keys that were saved in prior versions of WordPress will continue to work. Each user's password will be opportunistically rehashed and resaved when they next subsequently log in using a valid password.
The following new functions have been introduced:
* `wp_password_needs_rehash()`
* `wp_fast_hash()`
* `wp_verify_fast_hash()`
The following new filters have been introduced:
* `password_needs_rehash`
* `wp_hash_password_algorithm`
* `wp_hash_password_options`
Props ayeshrajans, bgermann, dd32, deadduck169, desrosj, haozi, harrym, iandunn, jammycakes, joehoyle, johnbillion, mbijon, mojorob, mslavco, my1xt, nacin, otto42, paragoninitiativeenterprises, paulkevan, rmccue, ryanhellyer, scribu, swalkinshaw, synchro, th23, timothyblynjacobs, tomdxw, westi, xknown.
Additional thanks go to the Roots team, Soatok, Calvin Alkan, and Raphael Ahrens.
Fixes#21022, #44628
Built from https://develop.svn.wordpress.org/trunk@59828
git-svn-id: http://core.svn.wordpress.org/trunk@59170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduced caching for the `count_user_posts` function to reduce redundant database queries. This ensures better performance by storing and reusing query results when possible. Additionally, sanitized and sorted the `$post_type` array to avoid invalid queries.
Props spacedmonkey, peterwilsoncc, mamaduka, flixos90, johnjamesjacoby, swissspidy, dilip2615, johnregan3, wpgurudev, desrosj, milindmore22, Krstarica, dilipom13.
Fixes#39242.
Built from https://develop.svn.wordpress.org/trunk@59817
git-svn-id: http://core.svn.wordpress.org/trunk@59159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Values passed to parameters with this attribute will be redacted if present in a stack trace when using PHP 8.2 or later. This reduces the chance that passwords and security keys get accidentally exposed in debug logs and bug reports.
Props petitphp, TobiasBg, jrf, johnbillion.
Fixes#57304
Built from https://develop.svn.wordpress.org/trunk@59754
git-svn-id: http://core.svn.wordpress.org/trunk@59096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Document that unserialised data types are stored as strings in the database and returned as such by the meta data functions. For example, setting meta data to the integer value `1` will be returned as `"1"` when subsequently queried via `get_metadata()` and the related functions.
Props sukhendu2002, azaozz, jrf, rodrigosprimo.
Fixes ticket:61950.
Built from https://develop.svn.wordpress.org/trunk@59657
git-svn-id: http://core.svn.wordpress.org/trunk@59000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this change a new session was unnecessarily created when a user changed their own password.
Existing authentication cookies for the user will still be invalidated regardless of whether they share the same session token because session cookie keys contain a substring of the password hash.
Props snicco, narenin, johnbillion
Fixes#61366
Built from https://develop.svn.wordpress.org/trunk@59633
git-svn-id: http://core.svn.wordpress.org/trunk@58996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves a "passing null to non-nullable" deprecation notice on PHP 8.1+:
{{{
Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated
}}}
Follow-up to [50129], [54477].
Props afragen, peterwilsoncc, SergeyBiryukov.
Fixes#62298.
Built from https://develop.svn.wordpress.org/trunk@59312
git-svn-id: http://core.svn.wordpress.org/trunk@58698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This removes a redundant check for a falsey value, which is equivalent to the `empty()` check directly before.
Includes minor adjustments in the unit test:
* Adding a `@covers` tag.
* Correcting the description for clarity.
* Using `assertSame()` for strict type checking.
Follow-up to [59216].
See #60299.
Built from https://develop.svn.wordpress.org/trunk@59232
git-svn-id: http://core.svn.wordpress.org/trunk@58624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When checking for updates to use_ssl, use strings for the comparison values, matching the stored values. Fixes an issue where calls to wp_update_user updated the database meta value for use_ssl even when the value was missing or unchanged.
Props prettyboymp, rajinsharwar, adamsilverstein, johnbillion, rayhatron, mukesh27, joemcgill.
Fixes#60299.
Built from https://develop.svn.wordpress.org/trunk@59216
git-svn-id: http://core.svn.wordpress.org/trunk@58609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add `get_user()` as an alias for `get_user_by( 'id', $user_id )`. Add `get_user()` to `user.php` so it is not a pluggable function. Bring parity with other standard `get_` functions for a more intuitive developer experience.
Props sc0ttkclark, kushang78, joedolson, peterwilsoncc.
Fixes#35124.
Built from https://develop.svn.wordpress.org/trunk@59111
git-svn-id: http://core.svn.wordpress.org/trunk@58507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a note that the functions return either an empty array or an empty string for a valid but non-existing ID, depending on the `$single` parameter.
Follow-up to [48658], [50641].
Props rodrigosprimo, jrf.
See #61608.
Built from https://develop.svn.wordpress.org/trunk@58962
git-svn-id: http://core.svn.wordpress.org/trunk@58358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When WordPress sends out a password-reset or new-user email, it generates
a link for someone to follow in order to take them to the reset page. If
the user login name ends in a period, however, that generated URL will
end in a period and many email clients will confuse it with a
sentence-ending period instead of being part of the query arguments.
In this patch, the generated URL's query argument are rearranged so that
the link will never end in a period. Alternative ideas were explored to
create a new function to escape URL-ending periods, but this patch resolves
the reported problem without raising any further architectural questions.
Developed in https://github.com/WordPress/wordpress-develop/pull/6834
Discussed in https://core.trac.wordpress.org/ticket/42957
Props audrasjb, costdev, daveagp, dmsnell, hellofromTonya, markparnell, mukesh27, nhrrob, obrienlabs, paulcline.
Fixes#42957.
Built from https://develop.svn.wordpress.org/trunk@58674
git-svn-id: http://core.svn.wordpress.org/trunk@58076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset ensures the `user_activation_key` is flushed after successful login, so reset password links can not be used anymore after the user successfully log into their dashboard.
Props nsinelnikov, rajinsharwar, Rahmohn, oglekler, hellofromTonya.
Fixes#58901.
See #32429
Built from https://develop.svn.wordpress.org/trunk@58333
git-svn-id: http://core.svn.wordpress.org/trunk@57789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Any usage of `'who' => 'authors'` should be updated to use capability queries instead.
Includes documenting the capability query parameters in `wp_dropdown_users()`.
Follow-up to [51943].
Props kkmuffme, swissspidy, SergeyBiryukov.
See #61243.
Built from https://develop.svn.wordpress.org/trunk@58172
git-svn-id: http://core.svn.wordpress.org/trunk@57635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces two functions:
* `wp_is_serving_rest_request()` returns a boolean for whether WordPress is serving an actual REST API request.
* `wp_is_rest_endpoint()` returns a boolean for whether a WordPress REST API endpoint is currently being used. While this is always the case if `wp_is_serving_rest_request()` returns `true`, the function additionally covers the scenario of internal REST API requests, i.e. where WordPress calls a REST API endpoint within the same request.
Both functions should only be used after the `parse_request` action.
All relevant manual checks have been adjusted to use one of the new functions, depending on the use-case. They were all using the same constant check so far, while in fact some of them were intending to check for an actual REST API request while others were intending to check for REST endpoint usage.
A new filter `wp_is_rest_endpoint` can be used to alter the return value of the `wp_is_rest_endpoint()` function.
Props lots.0.logs, TimothyBlynJacobs, flixos90, joehoyle, peterwilsoncc, swissspidy, SergeyBiryukov, pento, mikejolley, iandunn, hellofromTonya, Cybr, petitphp.
Fixes#42061.
Built from https://develop.svn.wordpress.org/trunk@57312
git-svn-id: http://core.svn.wordpress.org/trunk@56818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
