+ %s', + esc_url( home_url( '/' ) ), + sprintf( + /* translators: %s: Site title. */ + _x( '← Go to %s', 'site' ), + get_bloginfo( 'title', 'display' ) + ) + ); + /** + * Filter the "Go to site" link displayed in the login page footer. + * + * @since 5.7.0 + * + * @param string $link HTML link to the home URL of the current site. + */ + echo apply_filters( 'login_site_html_link', $html_link ); + ?> +
', '' ); @@ -303,7 +317,7 @@ ?> add( 'empty_username', __( 'Error: Please enter a username or email address.' ) ); - } elseif ( strpos( $_POST['user_login'], '@' ) ) { - $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) ); - if ( empty( $user_data ) ) { - $errors->add( 'invalid_email', __( 'Error: There is no account with that username or email address.' ) ); - } - } else { - $login = trim( wp_unslash( $_POST['user_login'] ) ); - $user_data = get_user_by( 'login', $login ); - } - - /** - * Fires before errors are returned from a password reset request. - * - * @since 2.1.0 - * @since 4.4.0 Added the `$errors` parameter. - * @since 5.4.0 Added the `$user_data` parameter. - * - * @param WP_Error $errors A WP_Error object containing any errors generated - * by using invalid credentials. - * @param WP_User|false $user_data WP_User object if found, false if the user does not exist. - */ - do_action( 'lostpassword_post', $errors, $user_data ); - - /** - * Filters the errors encountered on a password reset request. - * - * The filtered WP_Error object may, for example, contain errors for an invalid - * username or email address. A WP_Error object should always be returned, - * but may or may not contain errors. - * - * If any errors are present in $errors, this will abort the password reset request. - * - * @since 5.5.0 - * - * @param WP_Error $errors A WP_Error object containing any errors generated - * by using invalid credentials. - * @param WP_User|false $user_data WP_User object if found, false if the user does not exist. - */ - $errors = apply_filters( 'lostpassword_errors', $errors, $user_data ); - - if ( $errors->has_errors() ) { - return $errors; - } - - if ( ! $user_data ) { - $errors->add( 'invalidcombo', __( 'Error: There is no account with that username or email address.' ) ); - return $errors; - } - - // Redefining user_login ensures we return the right case in the email. - $user_login = $user_data->user_login; - $user_email = $user_data->user_email; - $key = get_password_reset_key( $user_data ); - - if ( is_wp_error( $key ) ) { - return $key; - } - - if ( is_multisite() ) { - $site_name = get_network()->site_name; - } else { - /* - * The blogname option is escaped with esc_html on the way into the database - * in sanitize_option we want to reverse this for the plain text arena of emails. - */ - $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); - } - - $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n"; - /* translators: %s: Site name. */ - $message .= sprintf( __( 'Site Name: %s' ), $site_name ) . "\r\n\r\n"; - /* translators: %s: User login. */ - $message .= sprintf( __( 'Username: %s' ), $user_login ) . "\r\n\r\n"; - $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n"; - $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n"; - $message .= network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . "\r\n"; - - /* translators: Password reset notification email subject. %s: Site title. */ - $title = sprintf( __( '[%s] Password Reset' ), $site_name ); - - /** - * Filters the subject of the password reset email. - * - * @since 2.8.0 - * @since 4.4.0 Added the `$user_login` and `$user_data` parameters. - * - * @param string $title Default email title. - * @param string $user_login The username for the user. - * @param WP_User $user_data WP_User object. - */ - $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data ); - - /** - * Filters the message body of the password reset mail. - * - * If the filtered message is empty, the password reset email will not be sent. - * - * @since 2.8.0 - * @since 4.1.0 Added `$user_login` and `$user_data` parameters. - * - * @param string $message Default mail message. - * @param string $key The activation key. - * @param string $user_login The username for the user. - * @param WP_User $user_data WP_User object. - */ - $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data ); - - if ( $message && ! wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) { - $errors->add( - 'retrieve_password_email_failure', - sprintf( - /* translators: %s: Documentation URL. */ - __( 'Error: The email could not be sent. Your site may not be correctly configured to send emails. Get support for resetting your password.' ), - esc_url( __( 'https://wordpress.org/support/article/resetting-your-password/' ) ) - ) - ); - return $errors; - } - - return true; -} - // // Main. // @@ -551,8 +430,22 @@ * Fires before a specified login form action. * * The dynamic portion of the hook name, `$action`, refers to the action - * that brought the visitor to the login form. Actions include 'postpass', - * 'logout', 'lostpassword', etc. + * that brought the visitor to the login form. + * + * Possible hook names include: + * + * - 'login_form_checkemail' + * - 'login_form_confirm_admin_email' + * - 'login_form_confirmaction' + * - 'login_form_entered_recovery_mode' + * - 'login_form_login' + * - 'login_form_logout' + * - 'login_form_lostpassword' + * - 'login_form_postpass' + * - 'login_form_register' + * - 'login_form_resetpass' + * - 'login_form_retrievepassword' + * - 'login_form_rp' * * @since 2.8.0 */ @@ -685,11 +578,11 @@ /* translators: URL to the WordPress help section about admin email. */ $admin_email_help_url = __( 'https://wordpress.org/support/article/settings-general-screen/#email-address' ); - /* translators: accessibility text */ + /* translators: Accessibility text. */ $accessibility_text = sprintf( ' %s', __( '(opens in a new tab)' ) ); printf( - '%s%s', + '%s%s', esc_url( $admin_email_help_url ), __( 'Why is this important?' ), $accessibility_text @@ -831,9 +724,9 @@ if ( isset( $_GET['error'] ) ) { if ( 'invalidkey' === $_GET['error'] ) { - $errors->add( 'invalidkey', __( 'Your password reset link appears to be invalid. Please request a new link below.' ) ); + $errors->add( 'invalidkey', __( 'Error: Your password reset link appears to be invalid. Please request a new link below.' ) ); } elseif ( 'expiredkey' === $_GET['error'] ) { - $errors->add( 'expiredkey', __( 'Your password reset link has expired. Please request a new link below.' ) ); + $errors->add( 'expiredkey', __( 'Error: Your password reset link has expired. Please request a new link below.' ) ); } } @@ -914,7 +807,7 @@ list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) ); $rp_cookie = 'wp-resetpass-' . COOKIEHASH; - if ( isset( $_GET['key'] ) ) { + if ( isset( $_GET['key'] ) && isset( $_GET['login'] ) ) { $value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) ); setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); @@ -949,7 +842,7 @@ $errors = new WP_Error(); if ( isset( $_POST['pass1'] ) && $_POST['pass1'] !== $_POST['pass2'] ) { - $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) ); + $errors->add( 'password_reset_mismatch', __( 'Error: The passwords do not match.' ) ); } /** @@ -973,7 +866,7 @@ wp_enqueue_script( 'utils' ); wp_enqueue_script( 'user-profile' ); - login_header( __( 'Reset Password' ), '', $errors ); + login_header( __( 'Reset Password' ), '', $errors ); ?> @@ -1366,11 +1260,24 @@ if ( isset( $_GET['loggedout'] ) && $_GET['loggedout'] ) { $errors->add( 'loggedout', __( 'You are now logged out.' ), 'message' ); } elseif ( isset( $_GET['registration'] ) && 'disabled' === $_GET['registration'] ) { - $errors->add( 'registerdisabled', __( 'User registration is currently not allowed.' ) ); + $errors->add( 'registerdisabled', __( 'Error: User registration is currently not allowed.' ) ); } elseif ( strpos( $redirect_to, 'about.php?updated' ) ) { $errors->add( 'updated', __( 'You have successfully updated WordPress! Please log back in to see what’s new.' ), 'message' ); } elseif ( WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) { $errors->add( 'enter_recovery_mode', __( 'Recovery Mode Initialized. Please log in to continue.' ), 'message' ); + } elseif ( isset( $_GET['redirect_to'] ) && false !== strpos( $_GET['redirect_to'], 'wp-admin/authorize-application.php' ) ) { + $query_component = wp_parse_url( $_GET['redirect_to'], PHP_URL_QUERY ); + parse_str( $query_component, $query ); + + if ( ! empty( $query['app_name'] ) ) { + /* translators: 1: Website name, 2: Application name. */ + $message = sprintf( 'Please log in to %1$s to authorize %2$s to connect to your account.', get_bloginfo( 'name', 'display' ), '' . esc_html( $query['app_name'] ) . '' ); + } else { + /* translators: %s: Website name. */ + $message = sprintf( 'Please log in to %s to proceed with authorization.', get_bloginfo( 'name', 'display' ) ); + } + + $errors->add( 'authorize_application', $message, 'message' ); } } @@ -1527,7 +1434,7 @@ for ( i in links ) { if ( links[i].href ) { links[i].target = '_blank'; - links[i].rel = 'noreferrer noopener'; + links[i].rel = 'noopener'; } } } catch( er ) {}