Make WordPress Core

Ticket #43066: document-password-strength.diff

File document-password-strength.diff, 21.2 KB (added by jjcomack, 7 years ago)
  • src/license.txt

    diff --git src/license.txt src/license.txt
    index c2df00a661..5a605dac3b 100644
     
    11WordPress - Web publishing software
    22
    3 Copyright 2011-2018 by the contributors
     3Copyright 2011-2017 by the contributors
    44
    55This program is free software; you can redistribute it and/or modify
    66it under the terms of the GNU General Public License as published by
  • src/wp-admin/includes/class-wp-comments-list-table.php

    diff --git src/wp-admin/includes/class-wp-comments-list-table.php src/wp-admin/includes/class-wp-comments-list-table.php
    index e64086d525..071313903e 100644
    class WP_Comments_List_Table extends WP_List_Table { 
    134134                        'post_type' => $post_type,
    135135                );
    136136
    137                 /**
    138                  * Filters the arguments for the comment query in the comments list table.
    139                  *
    140                  * @since 5.0.0
    141                  *
    142                  * @param array $args An array of get_comments() arguments.
    143                  */
    144                 $args = apply_filters( 'comments_list_table_query_args', $args );
    145 
    146137                $_comments = get_comments( $args );
    147138                if ( is_array( $_comments ) ) {
    148139                        update_comment_cache( $_comments );
  • src/wp-admin/includes/update-core.php

    diff --git src/wp-admin/includes/update-core.php src/wp-admin/includes/update-core.php
    index fc6681acb3..ec909143dd 100644
    function update_core( $from, $to ) { 
    11431143                if ( ! $wp_filesystem->exists( $old_file ) ) {
    11441144                        continue;
    11451145                }
    1146 
    1147                 // If the file isn't deleted, try writing an empty string to the file instead.
    1148                 if ( ! $wp_filesystem->delete( $old_file, true ) && $wp_filesystem->is_file( $old_file ) ) {
    1149                         $wp_filesystem->put_contents( $old_file, '' );
    1150                 }
     1146                $wp_filesystem->delete( $old_file, true );
    11511147        }
    11521148
    11531149        // Remove any Genericons example.html's from the filesystem
  • src/wp-admin/js/editor.js

    diff --git src/wp-admin/js/editor.js src/wp-admin/js/editor.js
    index 103d6bbf96..6010e8f7f8 100644
    window.wp = window.wp || {}; 
    695695                 */
    696696                function findBookmarkedPosition( editor ) {
    697697                        // Get the TinyMCE `window` reference, since we need to access the raw selection.
    698                         var TinyMCEWindow = editor.getWin(),
    699                                 selection = TinyMCEWindow.getSelection();
     698                        var TinyMCEWIndow = editor.getWin(),
     699                                selection = TinyMCEWIndow.getSelection();
    700700
    701                         if ( ! selection || selection.rangeCount < 1 ) {
     701                        if ( selection.rangeCount <= 0 ) {
    702702                                // no selection, no need to continue.
    703703                                return;
    704704                        }
  • src/wp-admin/js/media-upload.js

    diff --git src/wp-admin/js/media-upload.js src/wp-admin/js/media-upload.js
    index b7171a3e9c..cd969b9b3a 100644
     
    11/* global tinymce, QTags */
    2 
    3 /**
    4  * Contains global functions for the media upload within the post edit screen.
    5  *
    6  * Updates the ThickBox anchor href and the ThickBox's own properties in order
    7  * to set the size and position on every resize event. Also adds a function to
    8  * send HTML or text to the currently active editor.
    9  *
    10  * @file
    11  * @since 2.5.0
    12  *
    13  * @requires jQuery
    14  */
     2// send html to the post editor
    153
    164var wpActiveEditor, send_to_editor;
    175
    18 /**
    19  * Sends the HTML passed in the parameters to TinyMCE.
    20  *
    21  * @since 2.5.0
    22  *
    23  * @global
    24  *
    25  * @param {string} html The HTML to be sent to the editor.
    26  * @returns {void|boolean} Returns false when both TinyMCE and QTags instances
    27  *                         are unavailable. This means that the HTML was not
    28  *                         sent to the editor.
    29  */
    306send_to_editor = function( html ) {
    317        var editor,
    328                hasTinymce = typeof tinymce !== 'undefined',
    339                hasQuicktags = typeof QTags !== 'undefined';
    3410
    35         // If no active editor is set, try to set it.
    3611        if ( ! wpActiveEditor ) {
    3712                if ( hasTinymce && tinymce.activeEditor ) {
    3813                        editor = tinymce.activeEditor;
    send_to_editor = function( html ) { 
    4419                editor = tinymce.get( wpActiveEditor );
    4520        }
    4621
    47         // If the editor is set and not hidden, insert the HTML into the content of the
    48         // editor.
    4922        if ( editor && ! editor.isHidden() ) {
    5023                editor.execCommand( 'mceInsertContent', false, html );
    5124        } else if ( hasQuicktags ) {
    52                 // If quick tags are available, insert the HTML into its content.
    5325                QTags.insertContent( html );
    5426        } else {
    55                 // If neither the TinyMCE editor and the quick tags are available, add the HTML
    56                 // to the current active editor.
    5727                document.getElementById( wpActiveEditor ).value += html;
    5828        }
    5929
    60         // If the old thickbox remove function exists, call it.
     30        // If the old thickbox remove function exists, call it
    6131        if ( window.tb_remove ) {
    6232                try { window.tb_remove(); } catch( e ) {}
    6333        }
    6434};
    6535
     36// thickbox settings
    6637var tb_position;
    6738(function($) {
    68         /**
    69          * Recalculates and applies the new ThickBox position based on the current
    70          * window size.
    71          *
    72          * @since 2.6.0
    73          *
    74          * @global
    75          *
    76          * @returns {Object[]} Array containing jQuery objects for all the found
    77          *                     ThickBox anchors.
    78          */
    7939        tb_position = function() {
    8040                var tbWindow = $('#TB_window'),
    8141                        width = $(window).width(),
    var tb_position; 
    9555                                tbWindow.css({'top': 20 + adminbar_height + 'px', 'margin-top': '0'});
    9656                }
    9757
    98                 /**
    99                  * Recalculates the new height and width for all links with a ThickBox class.
    100                  *
    101                  * @since 2.6.0
    102                  */
    10358                return $('a.thickbox').each( function() {
    10459                        var href = $(this).attr('href');
    10560                        if ( ! href ) return;
    var tb_position; 
    10964                });
    11065        };
    11166
    112         // Add handler to recalculates the ThickBox position when the window is resized.
    11367        $(window).resize(function(){ tb_position(); });
    11468
    11569})(jQuery);
  • src/wp-admin/js/password-strength-meter.js

    diff --git src/wp-admin/js/password-strength-meter.js src/wp-admin/js/password-strength-meter.js
    index efd26bbc5a..3a8c9da9f0 100644
    window.wp = window.wp || {}; 
    33
    44var passwordStrength;
    55(function($){
     6
     7        /**
     8         * The Password Strength object.
     9         *
     10         * Contains functions to determine the password strength.
     11         *
     12         * @since 3.7.0
     13         *
     14         * @namespace
     15         */
    616        wp.passwordStrength = {
    717                /**
    8                  * Determine the strength of a given password
     18                 * Determines the strength of a given password.
     19                 *
     20                 * @since 3.7.0
     21                 *
     22                 * @param {string} password1 The password.
     23                 * @param {Array} blacklist An array of words that will lower the entropy of the password.
     24                 * @param {string} password2 The confirmed password.
    925                 *
    10                  * @param string password1 The password
    11                  * @param array blacklist An array of words that will lower the entropy of the password
    12                  * @param string password2 The confirmed password
     26                 * @returns {number} The password strength score.
    1327                 */
    1428                meter : function( password1, blacklist, password2 ) {
    1529                        if ( ! $.isArray( blacklist ) )
    var passwordStrength; 
    2842                },
    2943
    3044                /**
    31                  * Builds an array of data that should be penalized, because it would lower the entropy of a password if it were used
     45                 * Builds an array of data that should be penalized.
     46                 *
     47                 * Certain words need to be penalized because it would lower the entropy of a password if they were used.
     48                 * The blacklist is based on user input fields such as username, first name, email etc.
     49                 *
     50                 * @since 3.7.0
    3251                 *
    33                  * @return array The array of data to be blacklisted
     52                 * @returns {Array} The array of data to be blacklisted.
    3453                 */
    3554                userInputBlacklist : function() {
    3655                        var i, userInputFieldsLength, rawValuesLength, currentField,
    var passwordStrength; 
    3857                                blacklist       = [],
    3958                                userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
    4059
    41                         // Collect all the strings we want to blacklist
     60                        // Collect all the strings we want to blacklist.
    4261                        rawValues.push( document.title );
    4362                        rawValues.push( document.URL );
    4463
    var passwordStrength; 
    5473                                rawValues.push( currentField.val() );
    5574                        }
    5675
    57                         // Strip out non-alphanumeric characters and convert each word to an individual entry
     76                        // Strip out non-alphanumeric characters and convert each word to an individual entry.
    5877                        rawValuesLength = rawValues.length;
    5978                        for ( i = 0; i < rawValuesLength; i++ ) {
    6079                                if ( rawValues[ i ] ) {
    var passwordStrength; 
    6281                                }
    6382                        }
    6483
    65                         // Remove empty values, short words, and duplicates. Short words are likely to cause many false positives.
     84                        // Remove empty values, short words and duplicates. Short words are likely to cause many false positives.
    6685                        blacklist = $.grep( blacklist, function( value, key ) {
    6786                                if ( '' === value || 4 > value.length ) {
    6887                                        return false;
    var passwordStrength; 
    7594                }
    7695        };
    7796
    78         // Back-compat.
     97        // Backward compatibility.
    7998        passwordStrength = wp.passwordStrength.meter;
    8099})(jQuery);
  • src/wp-includes/formatting.php

    diff --git src/wp-includes/formatting.php src/wp-includes/formatting.php
    index f9795fdaec..ce2c851bc5 100644
    function wp_basename( $path, $suffix = '' ) { 
    50775077        return urldecode( basename( str_replace( array( '%2F', '%5C' ), '/', urlencode( $path ) ), $suffix ) );
    50785078}
    50795079
    5080 // phpcs:disable WordPress.WP.CapitalPDangit.Misspelled, WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid -- 8-)
    50815080/**
    5082  * Forever eliminate "Wordpress" from the planet (or at least the little bit we can influence).
     5081 * Forever eliminate "WordPress" from the planet (or at least the little bit we can influence).
    50835082 *
    50845083 * Violating our coding standards for a good function name.
    50855084 *
    function capital_P_dangit( $text ) { 
    50945093        // Simple replacement for titles
    50955094        $current_filter = current_filter();
    50965095        if ( 'the_title' === $current_filter || 'wp_title' === $current_filter ) {
    5097                 return str_replace( 'Wordpress', 'WordPress', $text );
     5096                return str_replace( 'WordPress', 'WordPress', $text );
    50985097        }
    50995098        // Still here? Use the more judicious replacement
    51005099        static $dblq = false;
    function capital_P_dangit( $text ) { 
    51075106                $text
    51085107        );
    51095108}
    5110 // phpcs:enable
    51115109
    51125110/**
    51135111 * Sanitize a mime type
  • src/wp-includes/functions.php

    diff --git src/wp-includes/functions.php src/wp-includes/functions.php
    index 320d76918e..9b5f292eec 100644
    function _device_can_upload() { 
    54595459 */
    54605460function wp_is_stream( $path ) {
    54615461        $wrappers    = stream_get_wrappers();
    5462         $wrappers    = array_map( 'preg_quote', $wrappers );
    54635462        $wrappers_re = '(' . join( '|', $wrappers ) . ')';
    54645463
    54655464        return preg_match( "!^$wrappers_re://!", $path ) === 1;
  • src/wp-includes/js/tinymce/plugins/wplink/plugin.js

    diff --git src/wp-includes/js/tinymce/plugins/wplink/plugin.js src/wp-includes/js/tinymce/plugins/wplink/plugin.js
    index f20d7c9d89..2a7f697368 100644
     
    468468                                                        }
    469469                                                }
    470470                                        } ).autocomplete( 'instance' )._renderItem = function( ul, item ) {
    471                                                 var fallbackTitle = ( typeof window.wpLinkL10n !== 'undefined' ) ? window.wpLinkL10n.noTitle : '',
    472                                                         title = item.title ? item.title : fallbackTitle;
    473 
    474471                                                return $( '<li role="option" id="mce-wp-autocomplete-' + item.ID + '">' )
    475                                                 .append( '<span>' + title + '</span>&nbsp;<span class="wp-editor-float-right">' + item.info + '</span>' )
     472                                                .append( '<span>' + item.title + '</span>&nbsp;<span class="wp-editor-float-right">' + item.info + '</span>' )
    476473                                                .appendTo( ul );
    477474                                        };
    478475
  • src/wp-includes/rest-api/class-wp-rest-server.php

    diff --git src/wp-includes/rest-api/class-wp-rest-server.php src/wp-includes/rest-api/class-wp-rest-server.php
    index 2a0af4b283..fbc47dab5b 100644
    class WP_REST_Server { 
    915915                                                if ( is_wp_error( $permission ) ) {
    916916                                                        $response = $permission;
    917917                                                } elseif ( false === $permission || null === $permission ) {
    918                                                         $response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to do that.' ), array( 'status' => rest_authorization_required_code() ) );
     918                                                        $response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to do that.' ), array( 'status' => 403 ) );
    919919                                                }
    920920                                        }
    921921                                }
  • deleted file tests/phpunit/tests/formatting/CapitalPDangit.php

    diff --git tests/phpunit/tests/formatting/CapitalPDangit.php tests/phpunit/tests/formatting/CapitalPDangit.php
    deleted file mode 100644
    index 06aec81b49..0000000000
    + -  
    1 <?php
    2 // phpcs:disable WordPress.WP.CapitalPDangit.Misspelled -- 🙃
    3 
    4 /**
    5  * @group formatting
    6  */
    7 class Tests_Formatting_CapitalPDangit extends WP_UnitTestCase {
    8         function test_esc_attr_quotes() {
    9                 global $wp_current_filter;
    10                 $this->assertEquals( 'Something about WordPress', capital_P_dangit( 'Something about Wordpress' ) );
    11                 $this->assertEquals( 'Something about (WordPress', capital_P_dangit( 'Something about (Wordpress' ) );
    12                 $this->assertEquals( 'Something about &#8216;WordPress', capital_P_dangit( 'Something about &#8216;Wordpress' ) );
    13                 $this->assertEquals( 'Something about &#8220;WordPress', capital_P_dangit( 'Something about &#8220;Wordpress' ) );
    14                 $this->assertEquals( 'Something about >WordPress', capital_P_dangit( 'Something about >Wordpress' ) );
    15                 $this->assertEquals( 'Wordpress', capital_P_dangit( 'Wordpress' ) );
    16 
    17                 $wp_current_filter = array( 'the_title' );
    18                 $this->assertEquals( 'WordPress', capital_P_dangit( 'Wordpress' ) );
    19         }
    20 }
  • tests/phpunit/tests/image/editorImagick.php

    diff --git tests/phpunit/tests/image/editorImagick.php tests/phpunit/tests/image/editorImagick.php
    index fb88f3346d..ec75106239 100644
    class Tests_Image_Editor_Imagick extends WP_Image_UnitTestCase { 
    550550         * @ticket 37140
    551551         */
    552552        public function test_remove_orientation_data_on_rotate() {
    553                 if ( ! function_exists( 'exif_read_data' ) ) {
    554                         $this->markTestSkipped( 'This test requires the exif_read_data function.' );
    555                 }
    556 
    557553                $file = DIR_TESTDATA . '/images/test-image-upside-down.jpg';
    558554                $data = wp_read_image_metadata( $file );
    559555
  • tests/phpunit/tests/rest-api/rest-attachments-controller.php

    diff --git tests/phpunit/tests/rest-api/rest-attachments-controller.php tests/phpunit/tests/rest-api/rest-attachments-controller.php
    index a25d31358a..02daded298 100644
    class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 
    524524                $this->assertFalse( isset( $data['media_details']['sizes']['rest-api-test']['source_url'] ) );
    525525        }
    526526
    527         public function test_get_item_private_post_not_authenticated() {
     527        public function test_get_item_private_post() {
    528528                wp_set_current_user( 0 );
    529529                $draft_post = $this->factory->post->create( array( 'post_status' => 'draft' ) );
    530530                $id1        = $this->factory->attachment->create_object(
    class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 
    535535                );
    536536                $request    = new WP_REST_Request( 'GET', '/wp/v2/media/' . $id1 );
    537537                $response   = $this->server->dispatch( $request );
    538                 $this->assertEquals( 401, $response->get_status() );
     538                $this->assertEquals( 403, $response->get_status() );
    539539        }
    540540
    541541        public function test_get_item_inherit_status_with_invalid_parent() {
    class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 
    553553                $this->assertEquals( $attachment_id, $data['id'] );
    554554        }
    555555
    556         public function test_get_item_auto_status_with_invalid_parent_not_authenticated_returns_error() {
     556        public function test_get_item_auto_status_with_invalid_parent_returns_error() {
    557557                $attachment_id = $this->factory->attachment->create_object(
    558558                        $this->test_file, REST_TESTS_IMPOSSIBLY_HIGH_NUMBER, array(
    559559                                'post_mime_type' => 'image/jpeg',
    class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 
    564564                $request       = new WP_REST_Request( 'GET', sprintf( '/wp/v2/media/%d', $attachment_id ) );
    565565                $response      = $this->server->dispatch( $request );
    566566
    567                 $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
     567                $this->assertErrorResponse( 'rest_forbidden', $response, 403 );
    568568        }
    569569
    570570        public function test_create_item() {
  • tests/phpunit/tests/rest-api/rest-posts-controller.php

    diff --git tests/phpunit/tests/rest-api/rest-posts-controller.php tests/phpunit/tests/rest-api/rest-posts-controller.php
    index b6cb4ce074..e2c7bf7c89 100644
    class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 
    13271327                $this->assertEquals( rest_url( '/wp/v2/users/' . self::$author_id ), $links['author'][0]['href'] );
    13281328        }
    13291329
    1330         public function test_get_post_draft_status_not_authenicated() {
     1330        public function test_get_post_without_permission() {
    13311331                $draft_id = $this->factory->post->create(
    13321332                        array(
    13331333                                'post_status' => 'draft',
    class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 
    13381338                $request  = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', $draft_id ) );
    13391339                $response = $this->server->dispatch( $request );
    13401340
    1341                 $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
     1341                $this->assertErrorResponse( 'rest_forbidden', $response, 403 );
    13421342        }
    13431343
    13441344        public function test_get_post_invalid_id() {
    class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 
    14641464                $this->assertTrue( $data['excerpt']['protected'] );
    14651465        }
    14661466
    1467         public function test_get_item_read_permission_custom_post_status_not_authenticated() {
     1467        public function test_get_item_read_permission_custom_post_status() {
    14681468                register_post_status( 'testpubstatus', array( 'public' => true ) );
    14691469                register_post_status( 'testprivtatus', array( 'public' => false ) );
    14701470                // Public status
    class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 
    14861486                );
    14871487                $request  = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', self::$post_id ) );
    14881488                $response = $this->server->dispatch( $request );
    1489                 $this->assertEquals( 401, $response->get_status() );
     1489                $this->assertEquals( 403, $response->get_status() );
    14901490        }
    14911491
    14921492        public function test_prepare_item() {
  • tests/phpunit/tests/rest-api/rest-settings-controller.php

    diff --git tests/phpunit/tests/rest-api/rest-settings-controller.php tests/phpunit/tests/rest-api/rest-settings-controller.php
    index 97670a21c0..dcf2d57af3 100644
     
    1010 * @group restapi
    1111 */
    1212class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase {
    13        
    1413        protected static $administrator;
    15         protected static $author;
    1614
    1715        public static function wpSetUpBeforeClass( $factory ) {
    1816                self::$administrator = $factory->user->create(
    class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase 
    2018                                'role' => 'administrator',
    2119                        )
    2220                );
    23 
    24                 self::$author        = $factory->user->create(
    25                         array(
    26                                 'role' => 'author',
    27                         )
    28                 );
    2921        }
    3022
    3123        public static function wpTearDownAfterClass() {
    3224                self::delete_user( self::$administrator );
    33                 self::delete_user( self::$author );
    3425        }
    3526
    3627        public function setUp() {
    class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase 
    5445        public function test_context_param() {
    5546        }
    5647
    57         public function test_get_item_is_not_public_not_authenticated() {
    58                 $request  = new WP_REST_Request( 'GET', '/wp/v2/settings' );
    59                 $response = $this->server->dispatch( $request );
    60                 $this->assertEquals( 401, $response->get_status() );
    61         }
    62 
    63         public function test_get_item_is_not_public_no_permission() {
    64                 wp_set_current_user( self::$author );
     48        public function test_get_item_is_not_public() {
    6549                $request  = new WP_REST_Request( 'GET', '/wp/v2/settings' );
    6650                $response = $this->server->dispatch( $request );
    6751                $this->assertEquals( 403, $response->get_status() );
  • tests/phpunit/tests/rest-api/rest-taxonomies-controller.php

    diff --git tests/phpunit/tests/rest-api/rest-taxonomies-controller.php tests/phpunit/tests/rest-api/rest-taxonomies-controller.php
    index 5a736086aa..205a041f23 100644
     
    1111 */
    1212class WP_Test_REST_Taxonomies_Controller extends WP_Test_REST_Controller_Testcase {
    1313
    14         protected static $contributor_id;
    15 
    16         public static function wpSetUpBeforeClass( $factory ) {
    17                 self::$contributor_id = $factory->user->create(
    18                         array(
    19                                 'role' => 'contributor',
    20                         )
    21                 );
    22         }
    23 
    24         public static function wpTearDownAfterClass() {
    25                 self::delete_user( self::$contributor_id );
    26         }
    27 
    2814        public function test_register_routes() {
    2915                $routes = $this->server->get_routes();
    3016
    class WP_Test_REST_Taxonomies_Controller extends WP_Test_REST_Controller_Testcas 
    115101                $this->assertErrorResponse( 'rest_taxonomy_invalid', $response, 404 );
    116102        }
    117103
    118         public function test_get_non_public_taxonomy_not_authenticated() {
    119                 register_taxonomy( 'api-private', 'post', array( 'public' => false ) );
    120 
    121                 $request  = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' );
    122                 $response = $this->server->dispatch( $request );
    123                 $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
    124         }
    125 
    126                 public function test_get_non_public_taxonomy_no_permission() {
    127                 wp_set_current_user( self::$contributor_id );
     104        public function test_get_non_public_taxonomy() {
    128105                register_taxonomy( 'api-private', 'post', array( 'public' => false ) );
    129106
    130107                $request  = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' );