Edit File by line
/home/barbar84/www/wp-admin/includes
File: user.php
$new_data = get_userdata( $user_ID );
[500] Fix | Delete
[501] Fix | Delete
// Remove the nag if the password has been changed.
[502] Fix | Delete
if ( $new_data->user_pass != $old_data->user_pass ) {
[503] Fix | Delete
delete_user_setting( 'default_password_nag' );
[504] Fix | Delete
update_user_option( $user_ID, 'default_password_nag', false, true );
[505] Fix | Delete
}
[506] Fix | Delete
}
[507] Fix | Delete
[508] Fix | Delete
/**
[509] Fix | Delete
* @since 2.8.0
[510] Fix | Delete
*
[511] Fix | Delete
* @global string $pagenow
[512] Fix | Delete
*/
[513] Fix | Delete
function default_password_nag() {
[514] Fix | Delete
global $pagenow;
[515] Fix | Delete
// Short-circuit it.
[516] Fix | Delete
if ( 'profile.php' === $pagenow || ! get_user_option( 'default_password_nag' ) ) {
[517] Fix | Delete
return;
[518] Fix | Delete
}
[519] Fix | Delete
[520] Fix | Delete
echo '<div class="error default-password-nag">';
[521] Fix | Delete
echo '<p>';
[522] Fix | Delete
echo '<strong>' . __( 'Notice:' ) . '</strong> ';
[523] Fix | Delete
_e( 'You&rsquo;re using the auto-generated password for your account. Would you like to change it?' );
[524] Fix | Delete
echo '</p><p>';
[525] Fix | Delete
printf( '<a href="%s">' . __( 'Yes, take me to my profile page' ) . '</a> | ', get_edit_profile_url() . '#password' );
[526] Fix | Delete
printf( '<a href="%s" id="default-password-nag-no">' . __( 'No thanks, do not remind me again' ) . '</a>', '?default_password_nag=0' );
[527] Fix | Delete
echo '</p></div>';
[528] Fix | Delete
}
[529] Fix | Delete
[530] Fix | Delete
/**
[531] Fix | Delete
* @since 3.5.0
[532] Fix | Delete
* @access private
[533] Fix | Delete
*/
[534] Fix | Delete
function delete_users_add_js() {
[535] Fix | Delete
?>
[536] Fix | Delete
<script>
[537] Fix | Delete
jQuery(document).ready( function($) {
[538] Fix | Delete
var submit = $('#submit').prop('disabled', true);
[539] Fix | Delete
$('input[name="delete_option"]').one('change', function() {
[540] Fix | Delete
submit.prop('disabled', false);
[541] Fix | Delete
});
[542] Fix | Delete
$('#reassign_user').focus( function() {
[543] Fix | Delete
$('#delete_option1').prop('checked', true).trigger('change');
[544] Fix | Delete
});
[545] Fix | Delete
});
[546] Fix | Delete
</script>
[547] Fix | Delete
<?php
[548] Fix | Delete
}
[549] Fix | Delete
[550] Fix | Delete
/**
[551] Fix | Delete
* Optional SSL preference that can be turned on by hooking to the 'personal_options' action.
[552] Fix | Delete
*
[553] Fix | Delete
* See the {@see 'personal_options'} action.
[554] Fix | Delete
*
[555] Fix | Delete
* @since 2.7.0
[556] Fix | Delete
*
[557] Fix | Delete
* @param WP_User $user User data object.
[558] Fix | Delete
*/
[559] Fix | Delete
function use_ssl_preference( $user ) {
[560] Fix | Delete
?>
[561] Fix | Delete
<tr class="user-use-ssl-wrap">
[562] Fix | Delete
<th scope="row"><?php _e( 'Use https' ); ?></th>
[563] Fix | Delete
<td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked( '1', $user->use_ssl ); ?> /> <?php _e( 'Always use https when visiting the admin' ); ?></label></td>
[564] Fix | Delete
</tr>
[565] Fix | Delete
<?php
[566] Fix | Delete
}
[567] Fix | Delete
[568] Fix | Delete
/**
[569] Fix | Delete
* @since MU (3.0.0)
[570] Fix | Delete
*
[571] Fix | Delete
* @param string $text
[572] Fix | Delete
* @return string
[573] Fix | Delete
*/
[574] Fix | Delete
function admin_created_user_email( $text ) {
[575] Fix | Delete
$roles = get_editable_roles();
[576] Fix | Delete
$role = $roles[ $_REQUEST['role'] ];
[577] Fix | Delete
[578] Fix | Delete
return sprintf(
[579] Fix | Delete
/* translators: 1: Site title, 2: Site URL, 3: User role. */
[580] Fix | Delete
__(
[581] Fix | Delete
'Hi,
[582] Fix | Delete
You\'ve been invited to join \'%1$s\' at
[583] Fix | Delete
%2$s with the role of %3$s.
[584] Fix | Delete
If you do not want to join this site please ignore
[585] Fix | Delete
this email. This invitation will expire in a few days.
[586] Fix | Delete
[587] Fix | Delete
Please click the following link to activate your user account:
[588] Fix | Delete
%%s'
[589] Fix | Delete
),
[590] Fix | Delete
wp_specialchars_decode( get_bloginfo( 'name' ), ENT_QUOTES ),
[591] Fix | Delete
home_url(),
[592] Fix | Delete
wp_specialchars_decode( translate_user_role( $role['name'] ) )
[593] Fix | Delete
);
[594] Fix | Delete
}
[595] Fix | Delete
[596] Fix | Delete
/**
[597] Fix | Delete
* Checks if the Authorize Application Password request is valid.
[598] Fix | Delete
*
[599] Fix | Delete
* @since 5.6.0
[600] Fix | Delete
* @since 6.2.0 Allow insecure HTTP connections for the local environment.
[601] Fix | Delete
* @since 6.3.2 Validates the success and reject URLs to prevent javascript pseudo protocol being executed.
[602] Fix | Delete
*
[603] Fix | Delete
* @param array $request {
[604] Fix | Delete
* The array of request data. All arguments are optional and may be empty.
[605] Fix | Delete
*
[606] Fix | Delete
* @type string $app_name The suggested name of the application.
[607] Fix | Delete
* @type string $app_id A uuid provided by the application to uniquely identify it.
[608] Fix | Delete
* @type string $success_url The url the user will be redirected to after approving the application.
[609] Fix | Delete
* @type string $reject_url The url the user will be redirected to after rejecting the application.
[610] Fix | Delete
* }
[611] Fix | Delete
* @param WP_User $user The user authorizing the application.
[612] Fix | Delete
* @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
[613] Fix | Delete
*/
[614] Fix | Delete
function wp_is_authorize_application_password_request_valid( $request, $user ) {
[615] Fix | Delete
$error = new WP_Error();
[616] Fix | Delete
[617] Fix | Delete
if ( isset( $request['success_url'] ) ) {
[618] Fix | Delete
$validated_success_url = wp_is_authorize_application_redirect_url_valid( $request['success_url'] );
[619] Fix | Delete
if ( is_wp_error( $validated_success_url ) ) {
[620] Fix | Delete
$error->add(
[621] Fix | Delete
$validated_success_url->get_error_code(),
[622] Fix | Delete
$validated_success_url->get_error_message()
[623] Fix | Delete
);
[624] Fix | Delete
}
[625] Fix | Delete
}
[626] Fix | Delete
[627] Fix | Delete
if ( isset( $request['reject_url'] ) ) {
[628] Fix | Delete
$validated_reject_url = wp_is_authorize_application_redirect_url_valid( $request['reject_url'] );
[629] Fix | Delete
if ( is_wp_error( $validated_reject_url ) ) {
[630] Fix | Delete
$error->add(
[631] Fix | Delete
$validated_reject_url->get_error_code(),
[632] Fix | Delete
$validated_reject_url->get_error_message()
[633] Fix | Delete
);
[634] Fix | Delete
}
[635] Fix | Delete
}
[636] Fix | Delete
[637] Fix | Delete
if ( ! empty( $request['app_id'] ) && ! wp_is_uuid( $request['app_id'] ) ) {
[638] Fix | Delete
$error->add(
[639] Fix | Delete
'invalid_app_id',
[640] Fix | Delete
__( 'The app id must be a uuid.' )
[641] Fix | Delete
);
[642] Fix | Delete
}
[643] Fix | Delete
[644] Fix | Delete
/**
[645] Fix | Delete
* Fires before application password errors are returned.
[646] Fix | Delete
*
[647] Fix | Delete
* @since 5.6.0
[648] Fix | Delete
*
[649] Fix | Delete
* @param WP_Error $error The error object.
[650] Fix | Delete
* @param array $request The array of request data.
[651] Fix | Delete
* @param WP_User $user The user authorizing the application.
[652] Fix | Delete
*/
[653] Fix | Delete
do_action( 'wp_authorize_application_password_request_errors', $error, $request, $user );
[654] Fix | Delete
[655] Fix | Delete
if ( $error->has_errors() ) {
[656] Fix | Delete
return $error;
[657] Fix | Delete
}
[658] Fix | Delete
[659] Fix | Delete
return true;
[660] Fix | Delete
}
[661] Fix | Delete
[662] Fix | Delete
/**
[663] Fix | Delete
* Validates the redirect URL protocol scheme. The protocol can be anything except http and javascript.
[664] Fix | Delete
*
[665] Fix | Delete
* @since 6.3.2
[666] Fix | Delete
*
[667] Fix | Delete
* @param string $url - The redirect URL to be validated.
[668] Fix | Delete
*
[669] Fix | Delete
* @return true|WP_Error True if the redirect URL is valid, a WP_Error object otherwise.
[670] Fix | Delete
*/
[671] Fix | Delete
function wp_is_authorize_application_redirect_url_valid( $url ) {
[672] Fix | Delete
$bad_protocols = array( 'javascript', 'data' );
[673] Fix | Delete
if ( empty( $url ) ) {
[674] Fix | Delete
return true;
[675] Fix | Delete
}
[676] Fix | Delete
[677] Fix | Delete
// Based on https://www.rfc-editor.org/rfc/rfc2396#section-3.1
[678] Fix | Delete
$valid_scheme_regex = '/^[a-zA-Z][a-zA-Z0-9+.-]*:/';
[679] Fix | Delete
if ( ! preg_match( $valid_scheme_regex, $url ) ) {
[680] Fix | Delete
return new WP_Error(
[681] Fix | Delete
'invalid_redirect_url_format',
[682] Fix | Delete
__( 'Invalid URL format.' )
[683] Fix | Delete
);
[684] Fix | Delete
}
[685] Fix | Delete
[686] Fix | Delete
/**
[687] Fix | Delete
* Filters the list of invalid protocols used in applications redirect URLs.
[688] Fix | Delete
*
[689] Fix | Delete
* @since 6.3.2
[690] Fix | Delete
*
[691] Fix | Delete
* @param string[] $bad_protocols Array of invalid protocols.
[692] Fix | Delete
* @param string $url The redirect URL to be validated.
[693] Fix | Delete
*/
[694] Fix | Delete
$invalid_protocols = array_map( 'strtolower', apply_filters( 'wp_authorize_application_redirect_url_invalid_protocols', $bad_protocols, $url ) );
[695] Fix | Delete
[696] Fix | Delete
$scheme = wp_parse_url( $url, PHP_URL_SCHEME );
[697] Fix | Delete
$host = wp_parse_url( $url, PHP_URL_HOST );
[698] Fix | Delete
$is_local = 'local' === wp_get_environment_type();
[699] Fix | Delete
[700] Fix | Delete
// validates if the proper URI format is applied to the $url
[701] Fix | Delete
if ( empty( $host ) || empty( $scheme ) || in_array( strtolower( $scheme ), $invalid_protocols, true ) ) {
[702] Fix | Delete
return new WP_Error(
[703] Fix | Delete
'invalid_redirect_url_format',
[704] Fix | Delete
__( 'Invalid URL format.' )
[705] Fix | Delete
);
[706] Fix | Delete
}
[707] Fix | Delete
[708] Fix | Delete
if ( 'http' === $scheme && ! $is_local ) {
[709] Fix | Delete
return new WP_Error(
[710] Fix | Delete
'invalid_redirect_scheme',
[711] Fix | Delete
__( 'The URL must be served over a secure connection.' )
[712] Fix | Delete
);
[713] Fix | Delete
}
[714] Fix | Delete
[715] Fix | Delete
return true;
[716] Fix | Delete
}
[717] Fix | Delete
[718] Fix | Delete
12
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function