--- a/wp/wp-login.php Thu Sep 29 08:06:27 2022 +0200
+++ b/wp/wp-login.php Fri Sep 05 18:40:08 2025 +0200
@@ -13,7 +13,7 @@
// Redirect to HTTPS login if forced to use SSL.
if ( force_ssl_admin() && ! is_ssl() ) {
- if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
+ if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit;
} else {
@@ -23,7 +23,7 @@
}
/**
- * Output the login page header.
+ * Outputs the login page header.
*
* @since 2.1.0
*
@@ -33,14 +33,18 @@
* upon successful login.
* @global string $action The action that brought the visitor to the login page.
*
- * @param string $title Optional. WordPress login Page title to display in the `<title>` element.
- * Default 'Log In'.
- * @param string $message Optional. Message to display in header. Default empty.
- * @param WP_Error $wp_error Optional. The error to pass. Default is a WP_Error instance.
+ * @param string|null $title Optional. WordPress login page title to display in the `<title>` element.
+ * Defaults to 'Log In'.
+ * @param string $message Optional. Message to display in header. Default empty.
+ * @param WP_Error|null $wp_error Optional. The error to pass. Defaults to a WP_Error instance.
*/
-function login_header( $title = 'Log In', $message = '', $wp_error = null ) {
+function login_header( $title = null, $message = '', $wp_error = null ) {
global $error, $interim_login, $action;
+ if ( null === $title ) {
+ $title = __( 'Log In' );
+ }
+
// Don't index any of these forms.
add_filter( 'wp_robots', 'wp_robots_sensitive_page' );
add_action( 'login_head', 'wp_strict_cross_origin_referrer' );
@@ -101,13 +105,15 @@
* but maybe better if it's not removable by plugins.
*/
if ( 'loggedout' === $wp_error->get_error_code() ) {
+ ob_start();
?>
<script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script>
<?php
+ wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) );
}
/**
- * Enqueue scripts and styles for the login page.
+ * Enqueues scripts and styles for the login page.
*
* @since 3.1.0
*/
@@ -193,9 +199,10 @@
?>
</head>
<body class="login no-js <?php echo esc_attr( implode( ' ', $classes ) ); ?>">
- <script type="text/javascript">
- document.body.className = document.body.className.replace('no-js','js');
- </script>
+ <?php
+ wp_print_inline_script_tag( "document.body.className = document.body.className.replace('no-js','js');" );
+ ?>
+
<?php
/**
* Fires in the login page header after the body tag is opened.
@@ -228,29 +235,52 @@
}
if ( $wp_error->has_errors() ) {
- $errors = '';
- $messages = '';
+ $error_list = array();
+ $messages = '';
foreach ( $wp_error->get_error_codes() as $code ) {
$severity = $wp_error->get_error_data( $code );
foreach ( $wp_error->get_error_messages( $code ) as $error_message ) {
if ( 'message' === $severity ) {
- $messages .= ' ' . $error_message . "<br />\n";
+ $messages .= '<p>' . $error_message . '</p>';
} else {
- $errors .= ' ' . $error_message . "<br />\n";
+ $error_list[] = $error_message;
}
}
}
- if ( ! empty( $errors ) ) {
+ if ( ! empty( $error_list ) ) {
+ $errors = '';
+
+ if ( count( $error_list ) > 1 ) {
+ $errors .= '<ul class="login-error-list">';
+
+ foreach ( $error_list as $item ) {
+ $errors .= '<li>' . $item . '</li>';
+ }
+
+ $errors .= '</ul>';
+ } else {
+ $errors .= '<p>' . $error_list[0] . '</p>';
+ }
+
/**
* Filters the error messages displayed above the login form.
*
* @since 2.1.0
*
- * @param string $errors Login error message.
+ * @param string $errors Login error messages.
*/
- echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n";
+ $errors = apply_filters( 'login_errors', $errors );
+
+ wp_admin_notice(
+ $errors,
+ array(
+ 'type' => 'error',
+ 'id' => 'login_error',
+ 'paragraph_wrap' => false,
+ )
+ );
}
if ( ! empty( $messages ) ) {
@@ -261,7 +291,17 @@
*
* @param string $messages Login messages.
*/
- echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n";
+ $messages = apply_filters( 'login_messages', $messages );
+
+ wp_admin_notice(
+ $messages,
+ array(
+ 'type' => 'info',
+ 'id' => 'login-message',
+ 'additional_classes' => array( 'message' ),
+ 'paragraph_wrap' => false,
+ )
+ );
}
}
} // End of login_header().
@@ -294,7 +334,7 @@
)
);
/**
- * Filter the "Go to site" link displayed in the login page footer.
+ * Filters the "Go to site" link displayed in the login page footer.
*
* @since 5.7.0
*
@@ -315,11 +355,11 @@
if (
! $interim_login &&
/**
- * Filters the Languages select input activation on the login screen.
+ * Filters whether to display the Language selector on the login screen.
*
* @since 5.9.0
*
- * @param bool Whether to display the Languages select input on the login screen.
+ * @param bool $display Whether to display the Language selector on the login screen.
*/
apply_filters( 'login_display_language_dropdown', true )
) {
@@ -328,11 +368,16 @@
if ( ! empty( $languages ) ) {
?>
<div class="language-switcher">
- <form id="language-switcher" action="" method="get">
+ <form id="language-switcher" method="get">
<label for="language-switcher-locales">
<span class="dashicons dashicons-translation" aria-hidden="true"></span>
- <span class="screen-reader-text"><?php _e( 'Language' ); ?></span>
+ <span class="screen-reader-text">
+ <?php
+ /* translators: Hidden accessibility text. */
+ _e( 'Language' );
+ ?>
+ </span>
</label>
<?php
@@ -348,6 +393,8 @@
/**
* Filters default arguments for the Languages select input on the login screen.
*
+ * The arguments get passed to the wp_dropdown_languages() function.
+ *
* @since 5.9.0
*
* @param array $args Arguments for the Languages select input on the login screen.
@@ -360,7 +407,7 @@
<?php } ?>
<?php if ( isset( $_GET['redirect_to'] ) && '' !== $_GET['redirect_to'] ) { ?>
- <input type="hidden" name="redirect_to" value="<?php echo esc_url_raw( $_GET['redirect_to'] ); ?>" />
+ <input type="hidden" name="redirect_to" value="<?php echo sanitize_url( $_GET['redirect_to'] ); ?>" />
<?php } ?>
<?php if ( isset( $_GET['action'] ) && '' !== $_GET['action'] ) { ?>
@@ -376,12 +423,14 @@
<?php
if ( ! empty( $input_id ) ) {
+ ob_start();
?>
- <script type="text/javascript">
+ <script>
try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){}
if(typeof wpOnload==='function')wpOnload();
</script>
<?php
+ wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) );
}
/**
@@ -392,7 +441,6 @@
do_action( 'login_footer' );
?>
- <div class="clear"></div>
</body>
</html>
<?php
@@ -404,11 +452,7 @@
* @since 3.0.0
*/
function wp_shake_js() {
- ?>
- <script type="text/javascript">
- document.querySelector('form').classList.add('shake');
- </script>
- <?php
+ wp_print_inline_script_tag( "document.querySelector('form').classList.add('shake');" );
}
/**
@@ -423,7 +467,9 @@
}
/*
- * Main part: check the request and redirect or display a form based on the current action.
+ * Main part.
+ *
+ * Check the request and redirect or display a form based on the current action.
*/
$action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'login';
@@ -642,10 +688,13 @@
<?php
/* translators: URL to the WordPress help section about admin email. */
- $admin_email_help_url = __( 'https://wordpress.org/support/article/settings-general-screen/#email-address' );
+ $admin_email_help_url = __( 'https://wordpress.org/documentation/article/settings-general-screen/#email-address' );
- /* translators: Accessibility text. */
- $accessibility_text = sprintf( '<span class="screen-reader-text"> %s</span>', __( '(opens in a new tab)' ) );
+ $accessibility_text = sprintf(
+ '<span class="screen-reader-text"> %s</span>',
+ /* translators: Hidden accessibility text. */
+ __( '(opens in a new tab)' )
+ );
printf(
'<a href="%s" rel="noopener" target="_blank">%s%s</a>',
@@ -708,7 +757,7 @@
break;
case 'postpass':
- if ( ! array_key_exists( 'post_password', $_POST ) ) {
+ if ( ! isset( $_POST['post_password'] ) || ! is_string( $_POST['post_password'] ) ) {
wp_safe_redirect( wp_get_referer() );
exit;
}
@@ -747,7 +796,7 @@
wp_logout();
- if ( ! empty( $_REQUEST['redirect_to'] ) ) {
+ if ( ! empty( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ) {
$redirect_to = $_REQUEST['redirect_to'];
$requested_redirect_to = $redirect_to;
} else {
@@ -790,9 +839,9 @@
if ( isset( $_GET['error'] ) ) {
if ( 'invalidkey' === $_GET['error'] ) {
- $errors->add( 'invalidkey', __( '<strong>Error</strong>: Your password reset link appears to be invalid. Please request a new link below.' ) );
+ $errors->add( 'invalidkey', __( '<strong>Error:</strong> Your password reset link appears to be invalid. Please request a new link below.' ) );
} elseif ( 'expiredkey' === $_GET['error'] ) {
- $errors->add( 'expiredkey', __( '<strong>Error</strong>: Your password reset link has expired. Please request a new link below.' ) );
+ $errors->add( 'expiredkey', __( '<strong>Error:</strong> Your password reset link has expired. Please request a new link below.' ) );
}
}
@@ -817,7 +866,17 @@
*/
do_action( 'lost_password', $errors );
- login_header( __( 'Lost Password' ), '<p class="message">' . __( 'Please enter your username or email address. You will receive an email message with instructions on how to reset your password.' ) . '</p>', $errors );
+ login_header(
+ __( 'Lost Password' ),
+ wp_get_admin_notice(
+ __( 'Please enter your username or email address. You will receive an email message with instructions on how to reset your password.' ),
+ array(
+ 'type' => 'info',
+ 'additional_classes' => array( 'message' ),
+ )
+ ),
+ $errors
+ );
$user_login = '';
@@ -830,7 +889,7 @@
<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
<p>
<label for="user_login"><?php _e( 'Username or Email Address' ); ?></label>
- <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" />
+ <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" />
</p>
<?php
@@ -849,11 +908,11 @@
</form>
<p id="nav">
- <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
+ <a class="wp-login-log-in" href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
<?php
if ( get_option( 'users_can_register' ) ) {
- $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
+ $registration_url = sprintf( '<a class="wp-login-register" href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
echo esc_html( $login_link_separator );
@@ -918,7 +977,7 @@
// Check if password fields do not match.
if ( ! empty( $_POST['pass1'] ) && trim( $_POST['pass2'] ) !== $_POST['pass1'] ) {
- $errors->add( 'password_reset_mismatch', __( '<strong>Error</strong>: The passwords do not match.' ) );
+ $errors->add( 'password_reset_mismatch', __( '<strong>Error:</strong> The passwords do not match.' ) );
}
/**
@@ -934,7 +993,16 @@
if ( ( ! $errors->has_errors() ) && isset( $_POST['pass1'] ) && ! empty( $_POST['pass1'] ) ) {
reset_password( $user, $_POST['pass1'] );
setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
- login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
+ login_header(
+ __( 'Password Reset' ),
+ wp_get_admin_notice(
+ __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a>',
+ array(
+ 'type' => 'info',
+ 'additional_classes' => array( 'message', 'reset-pass' ),
+ )
+ )
+ );
login_footer();
exit;
}
@@ -942,7 +1010,17 @@
wp_enqueue_script( 'utils' );
wp_enqueue_script( 'user-profile' );
- login_header( __( 'Reset Password' ), '<p class="message reset-pass">' . __( 'Enter your new password below or generate one.' ) . '</p>', $errors );
+ login_header(
+ __( 'Reset Password' ),
+ wp_get_admin_notice(
+ __( 'Enter your new password below or generate one.' ),
+ array(
+ 'type' => 'info',
+ 'additional_classes' => array( 'message', 'reset-pass' ),
+ )
+ ),
+ $errors
+ );
?>
<form name="resetpassform" id="resetpassform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off">
@@ -954,7 +1032,7 @@
</p>
<div class="wp-pwd">
- <input type="password" data-reveal="1" data-pw="<?php echo esc_attr( wp_generate_password( 16 ) ); ?>" name="pass1" id="pass1" class="input password-input" size="24" value="" autocomplete="new-password" aria-describedby="pass-strength-result" />
+ <input type="password" name="pass1" id="pass1" class="input password-input" size="24" value="" autocomplete="new-password" spellcheck="false" data-reveal="1" data-pw="<?php echo esc_attr( wp_generate_password( 16 ) ); ?>" aria-describedby="pass-strength-result" />
<button type="button" class="button button-secondary wp-hide-pw hide-if-no-js" data-toggle="0" aria-label="<?php esc_attr_e( 'Hide password' ); ?>">
<span class="dashicons dashicons-hidden" aria-hidden="true"></span>
@@ -969,11 +1047,10 @@
<p class="user-pass2-wrap">
<label for="pass2"><?php _e( 'Confirm new password' ); ?></label>
- <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="new-password" />
+ <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="new-password" spellcheck="false" />
</p>
<p class="description indicator-hint"><?php echo wp_get_password_hint(); ?></p>
- <br class="clear" />
<?php
@@ -995,11 +1072,11 @@
</form>
<p id="nav">
- <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
+ <a class="wp-login-log-in" href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
<?php
if ( get_option( 'users_can_register' ) ) {
- $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
+ $registration_url = sprintf( '<a class="wp-login-register" href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
echo esc_html( $login_link_separator );
@@ -1067,17 +1144,27 @@
*/
$redirect_to = apply_filters( 'registration_redirect', $registration_redirect, $errors );
- login_header( __( 'Registration Form' ), '<p class="message register">' . __( 'Register For This Site' ) . '</p>', $errors );
+ login_header(
+ __( 'Registration Form' ),
+ wp_get_admin_notice(
+ __( 'Register For This Site' ),
+ array(
+ 'type' => 'info',
+ 'additional_classes' => array( 'message', 'register' ),
+ )
+ ),
+ $errors
+ );
?>
<form name="registerform" id="registerform" action="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login_post' ) ); ?>" method="post" novalidate="novalidate">
<p>
<label for="user_login"><?php _e( 'Username' ); ?></label>
- <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( wp_unslash( $user_login ) ); ?>" size="20" autocapitalize="off" autocomplete="username" />
+ <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( wp_unslash( $user_login ) ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" />
</p>
<p>
<label for="user_email"><?php _e( 'Email' ); ?></label>
- <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" autocomplete="email" />
+ <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" autocomplete="email" required="required" />
</p>
<?php
@@ -1092,7 +1179,6 @@
<p id="reg_passmail">
<?php _e( 'Registration confirmation will be emailed to you.' ); ?>
</p>
- <br class="clear" />
<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
<p class="submit">
<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Register' ); ?>" />
@@ -1100,9 +1186,17 @@
</form>
<p id="nav">
- <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
- <?php echo esc_html( $login_link_separator ); ?>
- <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>"><?php _e( 'Lost your password?' ); ?></a>
+ <a class="wp-login-log-in" href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
+ <?php
+
+ echo esc_html( $login_link_separator );
+
+ $html_link = sprintf( '<a class="wp-login-lost-password" href="%s">%s</a>', esc_url( wp_lostpassword_url() ), __( 'Lost your password?' ) );
+
+ /** This filter is documented in wp-login.php */
+ echo apply_filters( 'lost_password_html_link', $html_link );
+
+ ?>
</p>
<?php
@@ -1206,10 +1300,10 @@
}
}
- if ( isset( $_REQUEST['redirect_to'] ) ) {
+ if ( isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to HTTPS if user wants SSL.
- if ( $secure_cookie && false !== strpos( $redirect_to, 'wp-admin' ) ) {
+ if ( $secure_cookie && str_contains( $redirect_to, 'wp-admin' ) ) {
$redirect_to = preg_replace( '|^http://|', 'https://', $redirect_to );
}
} else {
@@ -1226,25 +1320,26 @@
'test_cookie',
sprintf(
/* translators: 1: Browser cookie documentation URL, 2: Support forums URL. */
- __( '<strong>Error</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.' ),
- __( 'https://wordpress.org/support/article/cookies/' ),
+ __( '<strong>Error:</strong> Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.' ),
+ __( 'https://developer.wordpress.org/advanced-administration/wordpress/cookies/' ),
__( 'https://wordpress.org/support/forums/' )
)
);
} elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) {
- // If cookies are disabled, we can't log in even with a valid user and password.
+ // If cookies are disabled, the user can't log in even with a valid username and password.
$user = new WP_Error(
'test_cookie',
sprintf(
/* translators: %s: Browser cookie documentation URL. */
- __( '<strong>Error</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.' ),
- __( 'https://wordpress.org/support/article/cookies/#enable-cookies-in-your-browser' )
+ __( '<strong>Error:</strong> Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.' ),
+ __( 'https://developer.wordpress.org/advanced-administration/wordpress/cookies/#enable-cookies-in-your-browser' )
)
);
}
}
- $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
+ $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
+
/**
* Filters the login redirect URL.
*
@@ -1270,9 +1365,11 @@
do_action( 'login_footer' );
if ( $customize_login ) {
+ ob_start();
?>
- <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
+ <script>setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
<?php
+ wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) );
}
?>
@@ -1283,7 +1380,7 @@
}
// Check if it is time to add a redirect to the admin email confirmation screen.
- if ( is_a( $user, 'WP_User' ) && $user->exists() && $user->has_cap( 'manage_options' ) ) {
+ if ( $user instanceof WP_User && $user->exists() && $user->has_cap( 'manage_options' ) ) {
$admin_email_lifespan = (int) get_option( 'admin_email_lifespan' );
/*
@@ -1341,12 +1438,14 @@
if ( isset( $_GET['loggedout'] ) && $_GET['loggedout'] ) {
$errors->add( 'loggedout', __( 'You are now logged out.' ), 'message' );
} elseif ( isset( $_GET['registration'] ) && 'disabled' === $_GET['registration'] ) {
- $errors->add( 'registerdisabled', __( '<strong>Error</strong>: User registration is currently not allowed.' ) );
- } elseif ( strpos( $redirect_to, 'about.php?updated' ) ) {
+ $errors->add( 'registerdisabled', __( '<strong>Error:</strong> User registration is currently not allowed.' ) );
+ } elseif ( str_contains( $redirect_to, 'about.php?updated' ) ) {
$errors->add( 'updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to see what’s new.' ), 'message' );
} elseif ( WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) {
$errors->add( 'enter_recovery_mode', __( 'Recovery Mode Initialized. Please log in to continue.' ), 'message' );
- } elseif ( isset( $_GET['redirect_to'] ) && false !== strpos( $_GET['redirect_to'], 'wp-admin/authorize-application.php' ) ) {
+ } elseif ( isset( $_GET['redirect_to'] ) && is_string( $_GET['redirect_to'] )
+ && str_contains( $_GET['redirect_to'], 'wp-admin/authorize-application.php' )
+ ) {
$query_component = wp_parse_url( $_GET['redirect_to'], PHP_URL_QUERY );
$query = array();
if ( $query_component ) {
@@ -1388,10 +1487,15 @@
$rememberme = ! empty( $_POST['rememberme'] );
- if ( $errors->has_errors() ) {
- $aria_describedby_error = ' aria-describedby="login_error"';
- } else {
- $aria_describedby_error = '';
+ $aria_describedby = '';
+ $has_errors = $errors->has_errors();
+
+ if ( $has_errors ) {
+ $aria_describedby = ' aria-describedby="login_error"';
+ }
+
+ if ( $has_errors && 'message' === $errors->get_error_data() ) {
+ $aria_describedby = ' aria-describedby="login-message"';
}
wp_enqueue_script( 'user-profile' );
@@ -1400,13 +1504,13 @@
<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
<p>
<label for="user_login"><?php _e( 'Username or Email Address' ); ?></label>
- <input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" />
+ <input type="text" name="log" id="user_login"<?php echo $aria_describedby; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" />
</p>
<div class="user-pass-wrap">
<label for="user_pass"><?php _e( 'Password' ); ?></label>
<div class="wp-pwd">
- <input type="password" name="pwd" id="user_pass"<?php echo $aria_describedby_error; ?> class="input password-input" value="" size="20" autocomplete="current-password" />
+ <input type="password" name="pwd" id="user_pass"<?php echo $aria_describedby; ?> class="input password-input" value="" size="20" autocomplete="current-password" spellcheck="false" required="required" />
<button type="button" class="button button-secondary wp-hide-pw hide-if-no-js" data-toggle="0" aria-label="<?php esc_attr_e( 'Show password' ); ?>">
<span class="dashicons dashicons-visibility" aria-hidden="true"></span>
</button>
@@ -1456,7 +1560,7 @@
<?php
if ( get_option( 'users_can_register' ) ) {
- $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
+ $registration_url = sprintf( '<a class="wp-login-register" href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
/** This filter is documented in wp-includes/general-template.php */
echo apply_filters( 'register', $registration_url );
@@ -1464,8 +1568,18 @@
echo esc_html( $login_link_separator );
}
+ $html_link = sprintf( '<a class="wp-login-lost-password" href="%s">%s</a>', esc_url( wp_lostpassword_url() ), __( 'Lost your password?' ) );
+
+ /**
+ * Filters the link that allows the user to reset the lost password.
+ *
+ * @since 6.1.0
+ *
+ * @param string $html_link HTML link to the lost password form.
+ */
+ echo apply_filters( 'lost_password_html_link', $html_link );
+
?>
- <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>"><?php _e( 'Lost your password?' ); ?></a>
</p>
<?php
}
@@ -1503,15 +1617,12 @@
// Run `wpOnload()` if defined.
$login_script .= "if ( typeof wpOnload === 'function' ) { wpOnload() }";
- ?>
- <script type="text/javascript">
- <?php echo $login_script; ?>
- </script>
- <?php
+ wp_print_inline_script_tag( $login_script );
if ( $interim_login ) {
+ ob_start();
?>
- <script type="text/javascript">
+ <script>
( function() {
try {
var i, links = document.getElementsByTagName( 'a' );
@@ -1525,6 +1636,7 @@
}());
</script>
<?php
+ wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) );
}
login_footer();