Commit Graph

43445 Commits

Author SHA1 Message Date
Sergey Biryukov
1e7305ed4b Privacy: Update URLs to the Privacy Policy Guide in help tabs.
Follow-up to [50147], [50161].

Props xkon.
See #52430.
Built from https://develop.svn.wordpress.org/trunk@50181


git-svn-id: http://core.svn.wordpress.org/trunk@49860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-04 12:06:07 +00:00
desrosj
2ca808a94c Build/Test Tools: Update NPM dependencies
This updates two dependencies to their latest versions:
- `uglify-js` from `3.12.5` to `3.12.6`.
- `sass` from `1.32.5` to `1.32.6`.

See #51801.
Built from https://develop.svn.wordpress.org/trunk@50176


git-svn-id: http://core.svn.wordpress.org/trunk@49855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-03 14:55:25 +00:00
Sergey Biryukov
21457d76d8 Docs: Consistently document the default value for $args parameter in various cron functions.
See #51800.
Built from https://develop.svn.wordpress.org/trunk@50175


git-svn-id: http://core.svn.wordpress.org/trunk@49854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-03 11:08:04 +00:00
Sergey Biryukov
a47580b247 Docs: Add a @since note to wp_clear_scheduled_hook() for the $wp_error parameter.
Follow-up to [50143].

See #49961.
Built from https://develop.svn.wordpress.org/trunk@50174


git-svn-id: http://core.svn.wordpress.org/trunk@49853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-03 10:58:07 +00:00
Sergey Biryukov
286dd01212 Post WordPress 5.7 Beta 1 version bump.
Built from https://develop.svn.wordpress.org/trunk@50172


git-svn-id: http://core.svn.wordpress.org/trunk@49851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 22:23:03 +00:00
Sergey Biryukov
896e9d7974 WordPress 5.7 Beta 1.
Built from https://develop.svn.wordpress.org/trunk@50171


git-svn-id: http://core.svn.wordpress.org/trunk@49850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 22:06:06 +00:00
antpb
b566631d5e Media: Consistency in logic to pass wp_getimagesize() tests.
Previously, we used `DIR_TESTDATA` to determine if a test should skip a newly silenced error in `wp_getimagesize()`.

We are now using `WP_RUN_CORE_TESTS` instead for consistency.

Props hellofromTonya, SergeyBiryukov.
See #49889.

Built from https://develop.svn.wordpress.org/trunk@50170


git-svn-id: http://core.svn.wordpress.org/trunk@49849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 21:36:03 +00:00
antpb
a2fb85da68 Taxonomy: Add filter for post statuses when updating term count.
This adds a filter that allows `$post_statuses` to be modified in term count.

Props GunGeekATX, adamsilverstein, davecpage, nwjames, hellofromTonya, audrasjb, peterwilsoncc, TimothyBlynJacobs.
Fixes #38843.

Built from https://develop.svn.wordpress.org/trunk@50169


git-svn-id: http://core.svn.wordpress.org/trunk@49848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 21:06:05 +00:00
Sergey Biryukov
23b015ed48 General: Remove admin exception for https in network_home_url().
Previously, `network_home_url()` would automatically switch to `https` if the current request is already `https`, but would only do so on the front end.

This mirrors the change made earlier for `get_home_url()`.

Follow-up to [12598], [21937], [24844], [50156].
See #52421.
Built from https://develop.svn.wordpress.org/trunk@50168


git-svn-id: http://core.svn.wordpress.org/trunk@49847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:59:05 +00:00
Adam Silverstein
a506e02edd Security: add Content-Security-Policy script loaders.
Add new functions `wp_get_script_tag`, `wp_print_script_tag`, `wp_print_inline_script_tag` and `wp_get_inline_script_tag` that support script attributes. Enables passing attributes such as `async` or `nonce`, creating a path forward for enabling a Content-Security-Policy in core, plugins and themes.

Props tomdxw, johnbillion, jadeddragoon, jrchamp, mallorydxw, epicfaace, alinod, enricocarraro, ocean90.
Fixes #39941.



Built from https://develop.svn.wordpress.org/trunk@50167


git-svn-id: http://core.svn.wordpress.org/trunk@49846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:55:05 +00:00
whyisjake
d9cb5af64e Coding Standards: Update links to be https in package-lock.json
See [50163].

Unprops whyisjake.

Props clorith, antpb, jorbin.

Built from https://develop.svn.wordpress.org/trunk@50166


git-svn-id: http://core.svn.wordpress.org/trunk@49845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:48:04 +00:00
Sergey Biryukov
8984e4ef8c Docs: Update documentation for wp_create_user_request() per the documentation standards.
Add a `@since` note for the `$send_confirmation_email` parameter.

Follow-up to [50159].

See #43890.
Built from https://develop.svn.wordpress.org/trunk@50165


git-svn-id: http://core.svn.wordpress.org/trunk@49844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:42:03 +00:00
Sergey Biryukov
4773bc5699 General: Restore the $pagenow global in get_home_url().
This fixes test failures in `Tests_WP_Resource_Hints`.

Follow-up to [50156].

See #52421.
Built from https://develop.svn.wordpress.org/trunk@50164


git-svn-id: http://core.svn.wordpress.org/trunk@49843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:37:05 +00:00
whyisjake
8e8fe6d2c0 Administration: New filter ahead of the months drop-down.
As this can cause large, long running queries on sites with many posts, this filter allows the query to be modified, bypassing entirely if needed. 

Fixes #51660.

Props geoffguillain, SergeyBiryukov, hareesh-pillai, hellofromTonya, TimothyBlynJacobs, whyisjake. 


Built from https://develop.svn.wordpress.org/trunk@50163


git-svn-id: http://core.svn.wordpress.org/trunk@49842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:34:04 +00:00
Aaron Jorbin
56c9aa3cab Administration: use shorthand css properties to improve readability
Consolidating `border`, `padding`, and `margin` instances where the shorthand can be used to improve readability.

Props ankitmaru, audrasjb, sabernhardt, mukesh27, hellofromTonya.
Fixes #52148.


Built from https://develop.svn.wordpress.org/trunk@50162


git-svn-id: http://core.svn.wordpress.org/trunk@49841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:28:08 +00:00
TimothyBlynJacobs
9bab39685a Privacy: Redesign the Privacy settings pages.
The Privacy settings pages now use the same design patterns as the Site Health screen. Additionally, each privacy policy guide is now contained in an accordion to make the page easier to navigate when multiple plugins are in use.

Props xkon, hedgefield, garrett-eclipse, hellofromTonya, paaljoachim, joedolson.
Fixes #49264.

Built from https://develop.svn.wordpress.org/trunk@50161


git-svn-id: http://core.svn.wordpress.org/trunk@49840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:14:03 +00:00
antpb
f1483599a2 Coding Standards: Fix spacing in test_pending_status_with_false_send_confirmation_email test.
Follow-up to [50159] adjusts alignment of the `$request_data` value.

See #43890.

Built from https://develop.svn.wordpress.org/trunk@50160


git-svn-id: http://core.svn.wordpress.org/trunk@49839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:01:06 +00:00
antpb
64bb29d087 Privacy: Allow Admin to Skip e-mail confirmation for Export.
This adds a form option to skip the admin email alert when exporting personal data.

Props xkon, azaozz, TZ-Media, iandunn, desrosj, iprg, allendav, wesselvandenberg, karmatosed, birgire, davidbaumwald, estelaris, paaljoachim, hellofromTonya.
Fixes #43890.

Built from https://develop.svn.wordpress.org/trunk@50159


git-svn-id: http://core.svn.wordpress.org/trunk@49838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 19:45:03 +00:00
desrosj
2896790d57 Twenty Twenty-One: Fix wrapping for long text within comments.
This ensures that word wrapping occurs within comment content. 

Props mayankmajeji, audrasjb.
Fixes #52380.
Built from https://develop.svn.wordpress.org/trunk@50158


git-svn-id: http://core.svn.wordpress.org/trunk@49837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 19:40:04 +00:00
TimothyBlynJacobs
44b83e84ec REST API: Allow for the posts endpoint include/exclude terms query to include_children.
For example the `categories` or `categories_exclude` parameters can now optionally accept an object with a `terms` property that accepts the list of term ids and a new `include_children` property which controls the Tax Query `include_children` field.

Props jason_the_adams, jnylen0, birgire, dlh.
Fixes #39494.

Built from https://develop.svn.wordpress.org/trunk@50157


git-svn-id: http://core.svn.wordpress.org/trunk@49836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 19:25:05 +00:00
Sergey Biryukov
640c03842e General: Remove admin and login exceptions for https in get_home_url().
Previously, `get_home_url()` would automatically switch to `https` if the current request is already `https`, but would only do so on the front end.

This addresses the inconsistent behavior of returning different values in the admin and on the frontend.

Follow-up to [12598], [21937], [24844].

Props herregroen, mukesh27.
Fixes #52421.
Built from https://develop.svn.wordpress.org/trunk@50156


git-svn-id: http://core.svn.wordpress.org/trunk@49835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 19:03:04 +00:00
Sergey Biryukov
9dac2542aa Block Editor: Drop Noto Serif in favor of system fonts.
This aims to improve privacy and performance of the editor.

Follow-up to [37361].

Props Joen, hellofromTonya, garrett-eclipse, aristath, noisysocks, hedgefield, pento, sabernhardt, joyously, yannkozon.
Fixes #46169.
Built from https://develop.svn.wordpress.org/trunk@50155


git-svn-id: http://core.svn.wordpress.org/trunk@49834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 18:37:04 +00:00
antpb
ea3a1d782a Twenty Twenty-One: Make transparent PNG logo visible on focus.
This ensures a transparent logo remains visible while focused.

Props bduclos, poena, paaljoachim, hellofromTonya.
Fixes #52257.

Built from https://develop.svn.wordpress.org/trunk@50154


git-svn-id: http://core.svn.wordpress.org/trunk@49833 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 18:29:05 +00:00
Sergey Biryukov
87f1e31871 Login and Registration: Improve the UX of the Reset Password screen.
Previously, it was unclear that the displayed password is only being suggested and should be saved by clicking the Reset Password button.

This adds separate Generate Password and Save Password buttons, for clarity.

Props xkon, estelaris, jaymanpandya, hedgefield, audrasjb, erichmond, magicroundabout, lukecavanagh, knutsp, tinodidriksen, nico_martin, markhowellsmead, kara.mcnair, e_baker, pixelverbieger, souri_wpaustria, megabyterose, poena, whyisjake.
Fixes #39638.
Built from https://develop.svn.wordpress.org/trunk@50153


git-svn-id: http://core.svn.wordpress.org/trunk@49832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 18:13:04 +00:00
desrosj
230c1c5c8a Coding Standards: Fix several minor coding standards issues.
These are made by running `composer format`.

Follow up to [50124], [50129], [50143].

See #49961, #52192, #34281.
Built from https://develop.svn.wordpress.org/trunk@50152


git-svn-id: http://core.svn.wordpress.org/trunk@49831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 18:04:03 +00:00
Sergey Biryukov
2cb2651c00 Upgrade/Install: Introduce a filter for the result of WP_Upgrader::install_package().
This allows for the capture and usage of error data from the method, to facilitate a potential plugin/theme rollback in the event of an update failure.

Props afragen, dd32.
Fixes #52381.
Built from https://develop.svn.wordpress.org/trunk@50151


git-svn-id: http://core.svn.wordpress.org/trunk@49830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 17:31:05 +00:00
TimothyBlynJacobs
8a51ab57e0 REST API: Return detailed error information from request validation.
Previously, only the first error message for each parameter was made available. Now, all error messages for a parameter are concatenated. Additionally, the detailed error for each parameter is made available in a new `details` section of the validation error. Each error is formatted following the standard REST API error formatting.

The `WP_REST_Server::error_to_response` method has been abstracted out into a standalone function `rest_convert_error_to_response` to allow for reuse by `WP_REST_Request`. The formatted errors now also contain an `additional_data` property which contains the additional error data provided by `WP_Error::get_all_error_data`.

Props dlh, xkon, TimothyBlynJacobs.
Fixes #46191.

Built from https://develop.svn.wordpress.org/trunk@50150


git-svn-id: http://core.svn.wordpress.org/trunk@49829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 17:28:02 +00:00
Sergey Biryukov
90ca61ba07 Upgrade/Install: Return a WP_Error from copy_dir() and _copy_dir() if the directory listing failed.
Props afragen, dd32.
Fixes #52342.
Built from https://develop.svn.wordpress.org/trunk@50149


git-svn-id: http://core.svn.wordpress.org/trunk@49828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 17:23:06 +00:00
Sergey Biryukov
aab7206ff8 Media: Move wp_getimagesize() to wp-includes/media.php, for consistency with other media functions.
Follow-up to [50146].

See #49889.
Built from https://develop.svn.wordpress.org/trunk@50148


git-svn-id: http://core.svn.wordpress.org/trunk@49827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 17:10:04 +00:00
Sergey Biryukov
f5857c6a9f Privacy: Add help tabs for Export Personal Data and Erase Personal Data screens.
Props xkon, burtrw, netweblogic, desrosj, hellofromTonya, garrett-eclipse.
Fixes #43994.
Built from https://develop.svn.wordpress.org/trunk@50147


git-svn-id: http://core.svn.wordpress.org/trunk@49826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 16:55:03 +00:00
antpb
f80e5d0919 Media: Avoid suppressing errors when using getimagesize().
Previously, all logic utilizing `getimagesize()` was supressing errors making it difficult to debug usage of the function. 

A new `wp_getimagesize()` function has been added to allow the errors to no longer be suppressed when `WP_DEBUG` is enabled.

Props Howdy_McGee, SergeyBiryukov, mukesh27, davidbaumwald, noisysocks, hellofromTonya.
Fixes #49889.

Built from https://develop.svn.wordpress.org/trunk@50146


git-svn-id: http://core.svn.wordpress.org/trunk@49825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 16:53:04 +00:00
Sergey Biryukov
ce816eeda1 Privacy: Introduce manage_{$this->screen->id}_custom_column action in WP_Privacy_Requests_Table::column_default().
This brings some consistency with other list tables and allows for adding custom column data to columns registered with `manage_export-personal-data_columns` or `manage_erase-personal-data_columns` filters.

Props xkon, garrett-eclipse, birgire, pbiron, hellofromTonya, TimothyBlynJacobs, 7studio, mukesh27, Mista-Flo.
Fixes #44354.
Built from https://develop.svn.wordpress.org/trunk@50145


git-svn-id: http://core.svn.wordpress.org/trunk@49824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 16:44:04 +00:00
Joe McGill
373ee89c83 Media: Make filename checks less strict in 'wp_image_src_get_dimensions'.
This modifies the check for full size files so that only the basename is compared with the image `src` to avoid misses whenever the `src` path has been modified.

Props ianmjones.
Fixes: #52417.

Built from https://develop.svn.wordpress.org/trunk@50144


git-svn-id: http://core.svn.wordpress.org/trunk@49823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 15:28:04 +00:00
John Blackbourn
06c4b334fa Cron API: Introduce a $wp_error parameter to functions that write to the cron array.
This allows the functions to return a `WP_Error` object containing more information in case of a problem, instead of just boolean false.

The various `pre_` filters in these functions are also updated so they can return or be passed a `WP_Error` object.

Fixes #49961

Built from https://develop.svn.wordpress.org/trunk@50143


git-svn-id: http://core.svn.wordpress.org/trunk@49822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 13:49:03 +00:00
Sergey Biryukov
c504140c32 Block Editor: Remove the .is-dark-theme body class from the admin header.
With the changes to dark theme support in https://github.com/WordPress/gutenberg/pull/28233 to check the real background color of the theme, this no longer serves any purpose.

Follow-up to [44133].

Props scruffian, sabernhardt.
Fixes #52385.
Built from https://develop.svn.wordpress.org/trunk@50142


git-svn-id: http://core.svn.wordpress.org/trunk@49821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 13:05:02 +00:00
Sergey Biryukov
c5482c9b82 Docs: Update documentation for retrieve_password() per the documentation standards.
Follow-up to [50129], [50140].

See #34281.
Built from https://develop.svn.wordpress.org/trunk@50141


git-svn-id: http://core.svn.wordpress.org/trunk@49820 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 12:43:04 +00:00
Sergey Biryukov
22188b3e85 Users: Move retrieve_password() to wp-includes/user.php, for consistency with other user functions.
Follow-up to [25231], [50129].

Props jfarthing84, dimadin.
See #34281, #31039.
Built from https://develop.svn.wordpress.org/trunk@50140


git-svn-id: http://core.svn.wordpress.org/trunk@49819 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 12:37:03 +00:00
Sergey Biryukov
e0bda3a704 Users: Use consistent strings for error messages in wp-admin/users.php.
Use `_n()` for a string with plural forms.

Follow-up to [50129].

See #34281.
Built from https://develop.svn.wordpress.org/trunk@50139


git-svn-id: http://core.svn.wordpress.org/trunk@49818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 12:17:04 +00:00
Sergey Biryukov
9a64276184 Docs: Add a @since note to map_meta_cap() for the update_https capability.
Follow-up to [50122], [50131].

See #51800.
Built from https://develop.svn.wordpress.org/trunk@50138


git-svn-id: http://core.svn.wordpress.org/trunk@49817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 12:13:07 +00:00
noisysocks
351400af80 Editor: Update @wordpress npm packages
Update @wordpress npm packages to the latest published versions. This means that
the block editor includes functionality that exists in Gutenberg 9.9.

Fixes #52334.

Built from https://develop.svn.wordpress.org/trunk@50137


git-svn-id: http://core.svn.wordpress.org/trunk@49816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 05:17:13 +00:00
Joe McGill
2642a446b3 Media: Sanity check image meta in 'wp_image_src_get_dimensions'.
This fixes a potential illegal offset error introduced in [50134] if the `$image_meta` doesn't include a `file` key.
    
Props dd32.
Fixes #51865.

Built from https://develop.svn.wordpress.org/trunk@50136


git-svn-id: http://core.svn.wordpress.org/trunk@49815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 04:27:06 +00:00
Peter Wilson
7a8a7fdcd4 Cron API: Run alternative wp-cron later, do not run on archived blogs.
Runs cron jobs later on sites using alternative cron, ie the `ALTERNATE_WP_CRON` constant is true, to more closely match when standard cron jobs are run. Jobs now run on the `wp_loaded` hook at priority `20`. Prior to this change they would run on the `init` hook. This ensures custom post types and taxonomies are registered prior to the jobs running.

This change also prevents alternative wp-cron from running on archived or suspended multisite blogs as these are shut down prior to the `wp_loaded` hook from running.

Moves the existing functionality of `wp_cron()` in to a new private function `_wp_cron()`.

Props flixos90, jeremyfelt, johnbillion, jrf, kurtpayne, nacin, peterwilsoncc, prettyboymp, r-a-y, ryan, stevenkword, swissspidy.
Fixes #20537, #24160.


Built from https://develop.svn.wordpress.org/trunk@50135


git-svn-id: http://core.svn.wordpress.org/trunk@49814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 03:10:08 +00:00
Joe McGill
5ca780edb1 Media: Add filter to wp_image_src_get_dimensions.
This adds a new filter, `wp_image_src_get_dimensions` to the `wp_image_src_get_dimensions()` function to correct the dimensions returned for a file whenever WordPress isn't able to correctly get the dimensions from attachment metadata.

Fixes #51865.

Built from https://develop.svn.wordpress.org/trunk@50134


git-svn-id: http://core.svn.wordpress.org/trunk@49813 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 02:59:05 +00:00
iandunn
683e767517 Community Events: Show organizer CTA when less than 3 events.
When no events are available in the Events Widget, people have always been shown a message encouraging them to help organize one (see `tmpl-community-events-no-upcoming-events`). Now that it's common for online WordCamps and Learn discussion groups to be pinned to the Events API, it's rare that there are no events in the widget, even if there are no _local_ events. Because of that, users are rarely encouraged to join their local community and help organize.

This commit adds an additional call-to-action message, which is shown when there are only 1 or 2 events available.

Props anyssa, sippis, AmethystAnswers.
Fixes #51664.

Built from https://develop.svn.wordpress.org/trunk@50133


git-svn-id: http://core.svn.wordpress.org/trunk@49812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:43:06 +00:00
Peter Wilson
faa29f5716 Canonical: Prevent ID enumeration of private post slugs.
Add check to `redirect_canonical()` to ensure private posts only redirect for logged in users.

Modifies the `read_post` mata capability to user `get_post_status()` rather than the post's `post_status` property to allow attachments to redirect based on the inherited post status.

Introduces `wp_force_ugly_post_permalink()` to unify the check to determine if an ugly link should be displayed in each of the functions used for determining permalinks: `get_permalink()`, `get_post_permalink()`, `_get_page_link()` and `get_attachment_link()`.

Improves logic of `get_attachment_link()` to validate parent post and resolution of inherited post status. This is an incomplete fix of #52373 to prevent the function returning links resulting in a file not found error. Required to unblock this ticket.

Props peterwilsoncc, TimothyBlynJacobs.
See #52373.
Fixes #5272.

Built from https://develop.svn.wordpress.org/trunk@50132


git-svn-id: http://core.svn.wordpress.org/trunk@49811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:40:01 +00:00
Felix Arntz
dbfbf5501a Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.

This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.

* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
    * A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
    * The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
    * The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
    * For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
    * A new `wp_update_urls_to_https()` function takes care of the update routine.
    * A new `update_https` meta capability is introduced to control access.
    * If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
    * A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
    * A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.

Props flixos90, timothyblynjacobs.
Fixes #51437.

Built from https://develop.svn.wordpress.org/trunk@50131


git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:10:01 +00:00
Peter Wilson
17ee62881a Posts, Post Types: Additional functions to check if a post is publicly viewable.
Introduces `is_post_status_viewable()` as a sibling to `is_post_type_viewable()`. Internal and protected statuses are never considered viewable. For built in posts statuses the `public` attribute is checked, for custom statuses the `publicly_queryable` attribute is checked.

Introduces `is_post_publicly_viewable()` for determining if an individual post can be viewed by logged out users. A post is considered viewable if both `is_post_status_viewable()` and `is_post_type_viewable()` return `true` for the post's attributes.

Additionally modifies `is_post_type_viewable()` to return `false` if an unregistered post type is passed to the function to avoid attempting to access properties on a non-object.

Props peterwilsoncc, SergeyBiryukov, whyisjake, TimothyBlynJacobs.
Fixes #49380.


Built from https://develop.svn.wordpress.org/trunk@50130


git-svn-id: http://core.svn.wordpress.org/trunk@49809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-01 23:33:02 +00:00
Adam Silverstein
315b1c185d Users: enable admins to send users a reset password link.
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.

The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.

Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes #34281.


Built from https://develop.svn.wordpress.org/trunk@50129


git-svn-id: http://core.svn.wordpress.org/trunk@49808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-01 22:13:03 +00:00
Adam Silverstein
68c6e9982b Revisions: Address PHP/JS errors when viewing autosave on imported posts.
Fix an issue where viewing an autosave created on a post without any previous revisions would throw a PHP notice. Also fixes the revision screen which was broken in these cases and showed a console error.

Props iseulde.
Fixes #31249.


Built from https://develop.svn.wordpress.org/trunk@50128


git-svn-id: http://core.svn.wordpress.org/trunk@49807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-01 22:03:01 +00:00
John Blackbourn
3e12235a79 Posts, Post Types: Introduce new functions for determining if a post has a parent (has_post_parent()) and to fetch the post parent (get_post_parent()).
These functions are simple but reduce the logic needed in themes and plugins.

Props ramiy, sebastian.pisula, birgire, audrasjb, xkon

Fixes #33045

Built from https://develop.svn.wordpress.org/trunk@50127


git-svn-id: http://core.svn.wordpress.org/trunk@49806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-01 21:22:02 +00:00