#21022 Introduce the wp_hash_password_algorithm filter for controlling the password hashing algorithm
#6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…Zip. The `php_uname()` function can be disabled on some hosts, in which case the call fails. The `PHP_OS_FAMILY` constant indicates the operating system family PHP was built for, and is available as of PHP 7.2.0. Reference: [https://www.php.net/manual/en/reserved.constants.php#constant.php-os-family PHP Manual: Predefined Constants: PHP_OS_FAMILY]. Follow-up to [6779], [57985], [58678], [58684]. Props daymobrew, costdev, desrosj. Fixes #57711. git-svn-id: https://develop.svn.wordpress.org/trunk@59506 602fd350-edb4-49c9-b593-d223f7449a82
…flows. Because reusable workflows could be called from any other repository in a variety of contexts, repository specific `if` conditions should not be present. Instead, this logic should be included in the calling workflows only. Props johnbillion. See #62221. git-svn-id: https://develop.svn.wordpress.org/trunk@59507 602fd350-edb4-49c9-b593-d223f7449a82
The upgrade testing workflow is currently at ~978 jobs spawned from the strategy matrix. While it's great to test all possible combinations, GitHub's UI cannot keep up with tracking that number of jobs, often taking 30-45 minutes to accurately report the outcome even though the jobs themselves all complete in under 5 minutes. This is 2x the total number of concurrent jobs allowed for the entire organization (which creates a backlog and slows everything down even more). This trims down the number of combinations included in the testing matrices to be a bit more thoughtful following the following methodology: - The last two releases of WordPress are tested against all PHP and MySQL LTS version combinations and the most recent innovation release. - The next 6 oldest versions of WordPress are tested against both the oldest and newest releases of PHP currently supported for both PHP 7 & 8 along with the oldest and newest MySQL LTS versions currently supported (no innovation releases). - For the remaining versions of WordPress receiving security updates, they are only included if the database version was different that the previous major release. - The oldest version of WordPress receiving security updates should always be tested against the same full list of combinations as the last two releases. When choosing which MySQL versions to test against: - Only the most recent innovation release should be included in testing. - Even though MySQL >= 5.5.5 is currently supported, there are no 5.5.x Docker containers available that work on modern architectures. - 5.6.x Docker containers are available and work, but 5.6 only accounts for ~2.3% of installs as of 12/6/2024.defaults: - 5.7.x accounts for ~20% of installs, so this is used below instead. With these changes, the total number of jobs is reduced by ~58%. Props johnbillion, mukesh27. See #62221. git-svn-id: https://develop.svn.wordpress.org/trunk@59508 602fd350-edb4-49c9-b593-d223f7449a82
This updates the following `devDependencies`: - `dotenv` from `16.4.5` to `16.4.7` - `dotenv-expand` from `11.0.6` to `12.0.1` - `postcss` from `8.4.47` to `8.4.49` - `qunit` from `2.22.0` to `2.23.1` - `sass` from `1.79.4` to `1.79.6` - `terser-webpack-plugin` from `5.3.10` to `5.3.11` - `uglify-js` from `3.17.4` to `3.19.3` - `uuid` from `9.0.1` to `11.0.3` - `webpack` from `5.90.2` to `5.97.1` Additionally, `npm audit fix` has been run. Follow up to [58585]. See #62220. git-svn-id: https://develop.svn.wordpress.org/trunk@59509 602fd350-edb4-49c9-b593-d223f7449a82
Remove CSS that could occasionally trigger the accordion buttons to be 100% the height of the accordion container. Props dhewercorus, im3dabasia1, sabernhardt, rvoigt, ghinamt, vishy-moghan, frankbiganski, redkite. Fixes #62491. git-svn-id: https://develop.svn.wordpress.org/trunk@59510 602fd350-edb4-49c9-b593-d223f7449a82
Wrap the classic editor 'Skip to Editor' link in a conditional to prevent it from rendering on post types that do not have editor support. Props wildworks, parthvataliya, narenin, sainathpoojary, ankitkumarshah, parthvataliya, im3dabasia1. Fixes #62623. git-svn-id: https://develop.svn.wordpress.org/trunk@59511 602fd350-edb4-49c9-b593-d223f7449a82
Follow-up to [https://mu.trac.wordpress.org/changeset/1538 mu:1538]. Props debarghyabanerjee. See #62283. git-svn-id: https://develop.svn.wordpress.org/trunk@59512 602fd350-edb4-49c9-b593-d223f7449a82
…l checks page. When reinstalling a theme by uploading a ZIP file, the wording used in some strings referred to the "active" theme even though it's not the currrently active theme. This changeset replaces these strings to refer to the "installed" theme, which is more accurate. Follow-up to [52610], [52580]. Props afercia, ankitkumarshah, abcd95, yogeshbhutkar, parthvataliya, sainathpoojary, virgar, gaellebesson, nuryko, guillaumeturpin, maximemeganck, sabrineg. Fixes #62603. See #54831, #54770 git-svn-id: https://develop.svn.wordpress.org/trunk@59513 602fd350-edb4-49c9-b593-d223f7449a82
Fix a bug where a comment reply would be discarded if `esc` was pressed to dismiss the context menu in Safari or Firefox. Checks whether the contextmenu is open and ignores the `esc` key if it is. Props yellowafterlife, yogeshbhutkar, joedolson. Fixes #62346. git-svn-id: https://develop.svn.wordpress.org/trunk@59514 602fd350-edb4-49c9-b593-d223f7449a82
This aims to avoid a fatal error from `count()` when `preg_split()` fails on large input. Includes: * Optimizing the regular expression used to split the input by tags to avoid unlimited backtracking for better performance. * Adjusting the function logic for better readability. Follow-up to [340], [4380], [26191]. Props podpirate, nathkrill, rajinsharwar, dmsnell, bjorsch, q0rban, audrasjb, rupw, Ov3rfly, jorbin, nhrrob, chaion07, mcqueen22, azaozz, narenin, roybellingan, SergeyBiryukov. See #51019. git-svn-id: https://develop.svn.wordpress.org/trunk@59515 602fd350-edb4-49c9-b593-d223f7449a82
Includes: * Removing redundant `use_smilies` option switches, as it is set to 1 by default. * Restoring the `$wpsmiliestrans` array before performing assertions, not after. * Moving most of the `smilies_init()` calls to a `set_up()` method. Follow-up to [409/tests], [26191], [28717]. See #62278. git-svn-id: https://develop.svn.wordpress.org/trunk@59516 602fd350-edb4-49c9-b593-d223f7449a82
…orted()`. Follow up to [56664]. Props peter8nss, debarghyabanerjee, sebastienserre, geekofshire, swissspidy, desrosj. Fixes #62252. See #58494. git-svn-id: https://develop.svn.wordpress.org/trunk@59517 602fd350-edb4-49c9-b593-d223f7449a82
This makes the necessary changes to update the Slack GitHub Action to the latest version, currently `2.0.0`. Most notably this update provides more control over how attempts re retried when rate limiting is encountered. Reverts [59209]. See #61701, #62221. git-svn-id: https://develop.svn.wordpress.org/trunk@59519 602fd350-edb4-49c9-b593-d223f7449a82
This is the only workflow that does not currently support manually running. See #62221. git-svn-id: https://develop.svn.wordpress.org/trunk@59520 602fd350-edb4-49c9-b593-d223f7449a82
This updates the `codecov/codecov-action` to from version `4.6.0` to `5.1.1`. See #62221. git-svn-id: https://develop.svn.wordpress.org/trunk@59521 602fd350-edb4-49c9-b593-d223f7449a82
…ked post notice. This aims to avoid slowing down the post editing by using a cached value instead of calling `get_users()`, which can be slow when plugins add various filters to all `get_users()` calls, especially with meta value comparisons on large `user_meta` tables. Follow-up to [24304], [24543], [41829], [53011], [53018]. Props berislav.grgicak, bor0, costdev. See #55958. git-svn-id: https://develop.svn.wordpress.org/trunk@59522 602fd350-edb4-49c9-b593-d223f7449a82
Block Hooks were previously only applied to layout elements such as templates, template parts, patterns, and navigation menus -- things that are edited in the Site Editor. This changeset enables Block Hooks in post content. The parity between frontend and editor is preserved: Blocks inserted by Block Hooks are visible both on the frontend and in the editor, and any customizations made by the user are respected on the frontend. This is possible thanks to setting the `metadata.ignoredHookedBlocks` attribute on anchor blocks (a technique first introduced in [57594]). For first child and last child insertion into a Post Content block, the corresponding post object's `_wp_ignored_hooked_blocks` post meta is set. Props bernhard-reiter, gziolo, jonsurrell, karolmanijak, leewillis77. Fixes #61074. git-svn-id: https://develop.svn.wordpress.org/trunk@59523 602fd350-edb4-49c9-b593-d223f7449a82
Updates the baseline used for the performance tests to 6.7, so that the theme is available in those test runs. Props joemcgill, flixos90, desrosj, swissspidy. Fixes #62148. git-svn-id: https://develop.svn.wordpress.org/trunk@59524 602fd350-edb4-49c9-b593-d223f7449a82
The tagged version on GitHub requires the trailing `.0`. See #62148. git-svn-id: https://develop.svn.wordpress.org/trunk@59525 602fd350-edb4-49c9-b593-d223f7449a82
…ce tests. The tagged version on GitHub requires the trailing `.0`, but `wp core update` doesn't accept a trailing zero. Follow-up to [59525]. See #62148. git-svn-id: https://develop.svn.wordpress.org/trunk@59526 602fd350-edb4-49c9-b593-d223f7449a82
MySQL 8.4 is the latest LTS. See #62221. git-svn-id: https://develop.svn.wordpress.org/trunk@59527 602fd350-edb4-49c9-b593-d223f7449a82
In [58010], the external test suite from `html5lib` was imported to validate the tree-construction steps in the HTML Processor to ensure that they are behaving according to the HTML specification. The test group was excluded by default because there are a high number of skipped tests. The number of skipped tests has come down, but the group does not need to be run on every job. This introduces a new job in the PHPUnit workflow for regularly running these tests on their own using the changes in [59251[. Props desrosj, jonsurrell, jorbin, dmsnell, costdev, chaion07, engahmeds3ed. Fixes #61209. git-svn-id: https://develop.svn.wordpress.org/trunk@59528 602fd350-edb4-49c9-b593-d223f7449a82
This adds an input to the Test Old Branches workflow that allows a specific branch to be specified or `all` to run all old branches. The default behavior is to only test the currently supported version of WordPress as defined in the `CURRENTLY_SUPPORTED_BRANCH` environment variable. Follow up to [59520]. See #62221. git-svn-id: https://develop.svn.wordpress.org/trunk@59529 602fd350-edb4-49c9-b593-d223f7449a82
The `devDependencies` for all default themes with `package.json` files (Twenty Nineteen, Twenty Twenty, and Twenty Twenty-One) are now updated to their latest versions with a few exceptions in Twenty Twenty-One: - Upgrading `stylelint`/`@wordpress/stylelint-config` requires some work to address rule deprecations. - `@wordpress/eslint-plugin` does not yet support `eslint` 9.x. Additionally, `npm audit fix` has been run for each theme. See #62220. git-svn-id: https://develop.svn.wordpress.org/trunk@59530 602fd350-edb4-49c9-b593-d223f7449a82
There should be inline documentation anytime a strategy matrix has an `exclude` combination configured so that contributors have proper context as to why it’s there. See #62221. git-svn-id: https://develop.svn.wordpress.org/trunk@59531 602fd350-edb4-49c9-b593-d223f7449a82
This aims to improve privacy by switching to a more secure algorithm, as an MD5 string can be reversed. Follow-up to [6748], [31107]. Props henry.wright, jucaduca, haozi, desrosj, dd32, SergeyBiryukov. See #60638. git-svn-id: https://develop.svn.wordpress.org/trunk@59532 602fd350-edb4-49c9-b593-d223f7449a82
Follow-up to [59532]. See #60638. git-svn-id: https://develop.svn.wordpress.org/trunk@59533 602fd350-edb4-49c9-b593-d223f7449a82
None of the steps in any of the workflows use svn, so this debugging step is unnecessary, and svn has been removed in the ubuntu-24.04 runner which will be rolling out to GitHub Actions imminently. See #62221 git-svn-id: https://develop.svn.wordpress.org/trunk@59534 602fd350-edb4-49c9-b593-d223f7449a82
… password hashing algorithm.
johnbillion
changed the title
wp_hash_password_algorithm filter for controlling the password hashing algorithmwp_hash_password_algorithm filter for controlling the password hashing algorithm
…ncy. This changeset addresses adjusts margins around the login form for visual consistency. The margin above and below the form is now consistently set to 24px, and the margin below the logo has also been adjusted to 24px. Follow-up to [26072]. Props deeppatel8950, audrasjb, priyank9033, viralsampat, vijaysinh9094, sabernhardt, . Fixes #61667. git-svn-id: https://develop.svn.wordpress.org/trunk@59551 602fd350-edb4-49c9-b593-d223f7449a82
…slation tools. Follow-up to [59545]. See #62386. git-svn-id: https://develop.svn.wordpress.org/trunk@59552 602fd350-edb4-49c9-b593-d223f7449a82
…mobile. This changeset fixes an issue where the theme browser created unwanted horizontal scrolling on some mobile devices. The issue occured when viewing theme details on mobile. Follow-up to [26142]. Props wildworks, abcd95, sainathpoojary, dhruvang21, sabernhardt. Fixes #62411. git-svn-id: https://develop.svn.wordpress.org/trunk@59553 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds a `noun` or `verb` context to the various occurrences of "upload" in the admin, to make it easier for translators to differenciate these strings depending on the context. Props timse201, wpgerd. Fixes #62732. git-svn-id: https://develop.svn.wordpress.org/trunk@59554 602fd350-edb4-49c9-b593-d223f7449a82
In [59224], customizer accordion item HTML structure was changed to include a `button` element as the interactive control. However, some themes inject custom markup for panel headings. Fix `controls.js` to handle both the new markup and the old markup, which is relatively common in themes. Props paullb, desrosj, sabernhardt, joedolson, jorbin. Fixes #62494. git-svn-id: https://develop.svn.wordpress.org/trunk@59555 602fd350-edb4-49c9-b593-d223f7449a82
…ion()`. Follow-up to [549], [1985], [2464], [2556], [2558], [34799], [40667]. Props deepakrohilla, narenin. See #62316. git-svn-id: https://develop.svn.wordpress.org/trunk@59556 602fd350-edb4-49c9-b593-d223f7449a82
…()`. Follow-up to [14298], [19852]. Props debarghyabanerjee. See #62283. git-svn-id: https://develop.svn.wordpress.org/trunk@59557 602fd350-edb4-49c9-b593-d223f7449a82
…hp`. Follow-up to [58703]. Props mukesh27. See #62279. git-svn-id: https://develop.svn.wordpress.org/trunk@59558 602fd350-edb4-49c9-b593-d223f7449a82
Add the ID `wp-skip-link` to the block theme generated skip link, so that block themes have a standardized target at the top of the `body` element. Props philliproth, audrasjb, debarghyabanerjee, sabernhardt, joedolson, apermo. Fixes #62311. git-svn-id: https://develop.svn.wordpress.org/trunk@59559 602fd350-edb4-49c9-b593-d223f7449a82
…tion()`. Follow-up to [https://mu.trac.wordpress.org/changeset/1970 mu:1970]. Props debarghyabanerjee. See #62283. git-svn-id: https://develop.svn.wordpress.org/trunk@59560 602fd350-edb4-49c9-b593-d223f7449a82
Follow-up to [https://mu.trac.wordpress.org/changeset/543 mu:543]. Props debarghyabanerjee, aristath, poena, afercia, SergeyBiryukov. See #62279, #62283. git-svn-id: https://develop.svn.wordpress.org/trunk@59561 602fd350-edb4-49c9-b593-d223f7449a82
Follow-up to [https://mu.trac.wordpress.org/changeset/804 mu:804], [https://mu.trac.wordpress.org/changeset/1918 mu:1918]. Props debarghyabanerjee, aristath, poena, afercia, SergeyBiryukov. See #62279, #62283. git-svn-id: https://develop.svn.wordpress.org/trunk@59562 602fd350-edb4-49c9-b593-d223f7449a82
Follow-up to [https://mu.trac.wordpress.org/changeset/1640 mu:1640]. Props debarghyabanerjee, aristath, poena, afercia, SergeyBiryukov. See #62279, #62283. git-svn-id: https://develop.svn.wordpress.org/trunk@59563 602fd350-edb4-49c9-b593-d223f7449a82
…thout any fields. This brings consistency with the `before_section` HTML content, which did get printed in `do_settings_sections()` regardless of whether the settings section has any fields attached. Follow-up to [8855], [21742], [54247]. Props alpipego, SergeyBiryukov. Fixes #62746. git-svn-id: https://develop.svn.wordpress.org/trunk@59564 602fd350-edb4-49c9-b593-d223f7449a82
Follow-up to [12062]. Props aristath, poena, afercia, SergeyBiryukov. See #62279. git-svn-id: https://develop.svn.wordpress.org/trunk@59565 602fd350-edb4-49c9-b593-d223f7449a82
Follow-up to [7074], [15758], [21559], [21953]. Props aristath, poena, afercia, SergeyBiryukov. See #62279. git-svn-id: https://develop.svn.wordpress.org/trunk@59566 602fd350-edb4-49c9-b593-d223f7449a82
Follow-up to [54255]. Props aristath, poena, afercia, SergeyBiryukov. See #62279. git-svn-id: https://develop.svn.wordpress.org/trunk@59567 602fd350-edb4-49c9-b593-d223f7449a82
Update copyright year to 2025 in `license.txt` and bundled themes. Follow-up to [18201], [23306], [28064], [36855], [36856], [39659], [40241], [42424], [46719], [46720], [47025], [47026], [49915], [52427], [55024], [57235]. git-svn-id: https://develop.svn.wordpress.org/trunk@59568 602fd350-edb4-49c9-b593-d223f7449a82
Update copyright year to 2025 in the Twenty Twenty-Five bundled theme's `readme.txt`. Follow-up to [18201], [23306], [28064], [36855], [36856], [39659], [40241], [42424], [46719], [46720], [47025], [47026], [49915], [52427], [55024], [57235], [59568]. git-svn-id: https://develop.svn.wordpress.org/trunk@59569 602fd350-edb4-49c9-b593-d223f7449a82
…ss Code Vitals Dashboard. Props mukesh27, ayeshrajans. Fixes #62766. git-svn-id: https://develop.svn.wordpress.org/trunk@59570 602fd350-edb4-49c9-b593-d223f7449a82
The fix did not work properly and is causing performance data for commits to not be sent at all. It is therefore reverted until a proper solution has been implemented. See #62766. git-svn-id: https://develop.svn.wordpress.org/trunk@59571 602fd350-edb4-49c9-b593-d223f7449a82
…s_for_post()`. Follow-up to [6337], [25686]. Props aristath, poena, afercia, SergeyBiryukov. See #62279. git-svn-id: https://develop.svn.wordpress.org/trunk@59572 602fd350-edb4-49c9-b593-d223f7449a82
…()`. Follow-up to [https://mu.trac.wordpress.org/changeset/8 mu:8], [https://mu.trac.wordpress.org/changeset/543 mu:543], [https://mu.trac.wordpress.org/changeset/550 mu:550], [https://mu.trac.wordpress.org/changeset/1364 mu:1364], [https://mu.trac.wordpress.org/changeset/1958 mu:1958], [12603], [32733]. Props debarghyabanerjee, aristath, poena, afercia, SergeyBiryukov. See #62279, #62283. git-svn-id: https://develop.svn.wordpress.org/trunk@59573 602fd350-edb4-49c9-b593-d223f7449a82
…ion()`. Follow-up to [https://mu.trac.wordpress.org/changeset/543 mu:543]. Props debarghyabanerjee, aristath, poena, afercia, SergeyBiryukov. Fixes #62283. See #62279. git-svn-id: https://develop.svn.wordpress.org/trunk@59574 602fd350-edb4-49c9-b593-d223f7449a82
Follow-up to [4180], [49108]. Props aristath, poena, afercia, SergeyBiryukov. See #62279. git-svn-id: https://develop.svn.wordpress.org/trunk@59575 602fd350-edb4-49c9-b593-d223f7449a82
Adds a `noindex` directive to pages displaying a preview of an unapproved comment, ie pages with both an `approved` and `moderation-hash` parameter. This is to prevent the pages from appearing in search engines which can be the case if they ignore the canonical URL directive. Props peterwilsoncc, flixos90, joostdevalk. Fixes #62760. git-svn-id: https://develop.svn.wordpress.org/trunk@59576 602fd350-edb4-49c9-b593-d223f7449a82
Run tests against Multisite (possible since [58097]) and on single post pages. Also improve cache flushes/resets between iterations. Props swissspidy, flixos90, desrosj, mukesh27. Fixes #62725. git-svn-id: https://develop.svn.wordpress.org/trunk@59577 602fd350-edb4-49c9-b593-d223f7449a82
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some feedback on WordPress#7333 and #5 pointed out that the logic in
wp_hash_password()andwp_check_password()has increased, andwp_password_needs_rehash()has been introduced, which means that overriding those pluggable functions just to change the hashing algorith means duplicating a lot of code from core and ensuring it remains up to date (this isn't a new problem with pluggables in general).In order to switch from bcrypt to argon2id for example means duplicating ~180 lines of code.
This PR introduces a
wp_hash_password_algorithmfilter to control the algorithm in use without necessitating overriding three pluggable functions in order to do so.Example:
Due to the automatic hashing upgrade support this will "just work". Existing valid bcrypt or phpass hashes will continue to be accepted and will automatically get upgraded when users log in.
Trac ticket: https://core.trac.wordpress.org/ticket/21022