Commit Graph

38166 Commits

Author SHA1 Message Date
iandunn
23bf0c7535 Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43046


git-svn-id: http://core.svn.wordpress.org/trunk@42875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 20:09:23 +00:00
iandunn
5b4aa26436 Privacy: Use a CSPRNG in export filenames for more security.
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.

See #43546.

Built from https://develop.svn.wordpress.org/trunk@43045


git-svn-id: http://core.svn.wordpress.org/trunk@42874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 18:53:25 +00:00
Andrew Ozz
c21c4e25b3 Privacy: add default text for a privacy policy. First run.
Props xkon, idea15, allendav, azaozz.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43044


git-svn-id: http://core.svn.wordpress.org/trunk@42873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 14:47:21 +00:00
John Blackbourn
d488e773b0 Docs: Update the inline docs for is_protected_meta().
See #42505

Built from https://develop.svn.wordpress.org/trunk@43043


git-svn-id: http://core.svn.wordpress.org/trunk@42872 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 14:39:21 +00:00
John Blackbourn
cf02373b39 Comments: Update the inline docs following [42772].
See #43436

Built from https://develop.svn.wordpress.org/trunk@43042


git-svn-id: http://core.svn.wordpress.org/trunk@42871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 13:10:20 +00:00
Andrea Fercia
eac393b6f1 Coding standards: Change a few occurrences of font weight 700 to 600 in multisite signup and activate.
Props chetan200891.
Amends [43018].
See #43897.

Built from https://develop.svn.wordpress.org/trunk@43041


git-svn-id: http://core.svn.wordpress.org/trunk@42870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 07:05:21 +00:00
Sergey Biryukov
4b6794ba57 Themes: Avoid a PHP 7.2 warning in get_theme_roots() when $wp_theme_directories is an uncountable value.
See [41174] for `wp_get_themes()` and `get_raw_theme_root()`.

Props burlingtonbytes, teddytime, lbenicio, desrosj.
Fixes #43374. See #40109.
Built from https://develop.svn.wordpress.org/trunk@43039


git-svn-id: http://core.svn.wordpress.org/trunk@42868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 04:51:22 +00:00
Sergey Biryukov
94cbb2a3f6 General: Introduce a polyfill for is_iterable() function added in PHP 7.1.
Props jrf, schlessera, desrosj.
See #43619.
Built from https://develop.svn.wordpress.org/trunk@43036


git-svn-id: http://core.svn.wordpress.org/trunk@42865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 04:15:21 +00:00
Sergey Biryukov
5813ccec07 General: Introduce a polyfill for is_countable() function added in PHP 7.3.
Props jrf, ayeshrajans, desrosj.
See #43583.
Built from https://develop.svn.wordpress.org/trunk@43034


git-svn-id: http://core.svn.wordpress.org/trunk@42863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 03:43:21 +00:00
Sergey Biryukov
70a214c186 Help/About: Move "Get involved" link on Credits screen to the top of the page for better visibility.
Props bridgetwillard, desrosj.
See #23348.
Built from https://develop.svn.wordpress.org/trunk@43032


git-svn-id: http://core.svn.wordpress.org/trunk@42861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 03:16:22 +00:00
Sergey Biryukov
bc5a539c4d Login and Registration: Send nocache_headers() on Multisite signup pages.
Props herregroen.
Fixes #43843.
Built from https://develop.svn.wordpress.org/trunk@43030


git-svn-id: http://core.svn.wordpress.org/trunk@42859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 23:05:21 +00:00
Sergey Biryukov
95071b2ea1 Docs: Update @since version for theme_templates filter added in [43025].
See #43872.
Built from https://develop.svn.wordpress.org/trunk@43027


git-svn-id: http://core.svn.wordpress.org/trunk@42856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 22:42:22 +00:00
Sergey Biryukov
0c071471d6 Themes: Introduce theme_templates filter for page templates of all post types.
This complements the `theme_{$post_type}_templates` dynamic filter added in [38951].

Props desrosj.
Fixes #43872.
Built from https://develop.svn.wordpress.org/trunk@43025


git-svn-id: http://core.svn.wordpress.org/trunk@42854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 22:18:22 +00:00
Sergey Biryukov
00ae0a1097 Docs: Remove backtick-escaping around a core function in the hook docs for the pre_prepare_themes_for_js filter.
This allows the function to be auto-linked in the Developer Reference. Added in [42877].

See #42505.
Built from https://develop.svn.wordpress.org/trunk@43024


git-svn-id: http://core.svn.wordpress.org/trunk@42853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 21:47:22 +00:00
Sergey Biryukov
f8177e3a73 Docs: Remove backtick-escaping around a core function in the hook docs for the comment_form_submit_button filter.
This allows the function to be auto-linked in the Developer Reference. See [32037] for `comment_form_submit_field`.

See #42505, #31888.
Built from https://develop.svn.wordpress.org/trunk@43023


git-svn-id: http://core.svn.wordpress.org/trunk@42852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 21:44:22 +00:00
Sergey Biryukov
9a8f48c9bc Docs: Add missing verb in is_admin(), is_blog_admin(), is_network_admin(), is_user_admin() descriptions.
See #42505.
Built from https://develop.svn.wordpress.org/trunk@43022


git-svn-id: http://core.svn.wordpress.org/trunk@42851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 21:14:22 +00:00
Andrea Fercia
e663af477a Coding standards: Change one occurrence of font weight 700 to 600.
Props chetan200891.
Amends [43018].
See #43897.

Built from https://develop.svn.wordpress.org/trunk@43021


git-svn-id: http://core.svn.wordpress.org/trunk@42850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 18:04:21 +00:00
Andrea Fercia
2e8149064e Accessibility: Improve the Themes Installer navigation buttons accessibility.
- really disables buttons when they look disabled (when navigation is at the first or last theme)
- when navigation is at the first or last theme, moves focus to the other navigation button, to avoid a focus loss
- improves the buttons visually hidden accessibility text

Props walbo, afercia.
Fixes #36627.

Built from https://develop.svn.wordpress.org/trunk@43020


git-svn-id: http://core.svn.wordpress.org/trunk@42849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 17:04:22 +00:00
Andrea Fercia
8d9f1ae0d5 Accessibility: Better color contrast for the tables pagination links.
By making the pagination links use the default style for buttons, color contrast
is improved and the CSS is simplified. Improves consistency with other UI controls.
Also, slightly increases the white space below the pagination links.

Props benoitchantre, afercia.
Fixes #41858.

Built from https://develop.svn.wordpress.org/trunk@43019


git-svn-id: http://core.svn.wordpress.org/trunk@42848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 16:25:21 +00:00
Andrea Fercia
26e91765eb Coding standards: Use numeric font weights instead of keywords.
Fixes #43897.

Built from https://develop.svn.wordpress.org/trunk@43018


git-svn-id: http://core.svn.wordpress.org/trunk@42847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 11:37:21 +00:00
John Blackbourn
e2719c4e90 Docs: Correct the possible return types for the wpdb::query() method.
Props isabel104

See #42505

Built from https://develop.svn.wordpress.org/trunk@43017


git-svn-id: http://core.svn.wordpress.org/trunk@42846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 14:44:23 +00:00
John Blackbourn
4ccca7a835 Formatting: Begin the process of improving the docs for KSES related functions.
See #33801

Built from https://develop.svn.wordpress.org/trunk@43016


git-svn-id: http://core.svn.wordpress.org/trunk@42845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 13:58:21 +00:00
Andrew Ozz
3677e99e4b Privacy: fix unit tests after [43012].
Props iandunn.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43015


git-svn-id: http://core.svn.wordpress.org/trunk@42844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 12:11:21 +00:00
Andrew Ozz
bfc9c2f469 Fix docs and white space.
Props desrosj.
See #43443.
Built from https://develop.svn.wordpress.org/trunk@43014


git-svn-id: http://core.svn.wordpress.org/trunk@42843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 12:04:21 +00:00
John Blackbourn
666887f974 Build/Test Tools: Don't trigger the global variable override PHPCS sniff for core.
Props jrf

Fixes #43776

Built from https://develop.svn.wordpress.org/trunk@43013


git-svn-id: http://core.svn.wordpress.org/trunk@42842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 00:45:20 +00:00
Andrew Ozz
b044b4053e Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run.
Props allendav.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43012


git-svn-id: http://core.svn.wordpress.org/trunk@42841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 19:54:21 +00:00
Andrew Ozz
e9eb7518c0 Privacy: update and enhance the method to confirm user requests by email. Introduce WP_User_Request to hold all request vars similarly to WP_Post.
Props mikejolley.
See #43443.

Built from https://develop.svn.wordpress.org/trunk@43011


git-svn-id: http://core.svn.wordpress.org/trunk@42840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 17:31:22 +00:00
Felix Arntz
af6704edad Multisite: Add meta query functionality to WP_Site_Query.
After the introduction of site metadata in [42836], it should be possible to query sites by that data.

Fixes #40229.

Built from https://develop.svn.wordpress.org/trunk@43010


git-svn-id: http://core.svn.wordpress.org/trunk@42839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 11:41:22 +00:00
Felix Arntz
a11d2f6a76 Bootstrap: Load class-wp-meta-query.php earlier in wp-settings.php.
This change is necessary to enable multisite-specific meta query functionality during the multisite bootstrap process.

Fixes #40948. See #40229.

Built from https://develop.svn.wordpress.org/trunk@43009


git-svn-id: http://core.svn.wordpress.org/trunk@42838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 11:37:21 +00:00
Andrew Ozz
f1703c0e70 Privacy: update the method to confirm user requests by email. Use a single CPT to store the requests and to allow logging/audit trail.
Props mikejolley.
See #43443.

Built from https://develop.svn.wordpress.org/trunk@43008


git-svn-id: http://core.svn.wordpress.org/trunk@42837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 10:12:22 +00:00
Gary Pendergast
52d0b2f982 REST API: Include viewable attribute on Post Type resource for edit context
For the block editor to be able to expose the Preview button correctly, it needs to know the `is_post_type_viewable()` setting, this change adds it to the Post Type response.

Props danielbachhuber.
Fixes #43739.


Built from https://develop.svn.wordpress.org/trunk@43007


git-svn-id: http://core.svn.wordpress.org/trunk@42836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 03:06:21 +00:00
Felix Arntz
6b2e34f703 General: Implement editorial, design and accessibility feedback for the PHP version nag.
The updated version of the nag is shorter, more on point and less aggressive than the previous one. It integrates better with the other dashboard widgets and fixes several accessibility concerns. A yellow warning color is used when the current PHP version is outdated, a red error color is used when it is also insecure.

Props afercia, birgire, danieltj, flixos90, johnjamesjacoby, karmatosed, Luciano Croce, nerrad, pento, schlessera, SergeyBiryukov, sonjaleix.

Fixes #41191.

Built from https://develop.svn.wordpress.org/trunk@43006


git-svn-id: http://core.svn.wordpress.org/trunk@42835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-26 14:31:24 +00:00
Felix Arntz
603c91b3bc Tests: Skip multisite-only or single site-only tests correctly based on test doc annotations.
Without the `ms-required` and `ms-excluded` groups being marked as excluded in the PHPUnit configurations for the project, those groups were still executed, causing fatal errors. Checking against the groups in the correct structure of the array returned from PHPUnit's `Testcase::getAnnotations()` ensures that those tests are skipped properly.

Fixes #43863.

Built from https://develop.svn.wordpress.org/trunk@43005


git-svn-id: http://core.svn.wordpress.org/trunk@42834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 22:38:21 +00:00
Ella Iseulde Van Dorpe
6e215cae48 TinyMCE: Update to 4.7.11
Built from https://develop.svn.wordpress.org/trunk@43004


git-svn-id: http://core.svn.wordpress.org/trunk@42833 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 22:35:21 +00:00
Andrew Ozz
41a82d6078 Privacy: add better docs for wp_add_privacy_policy_content() and WP_Privacy_Policy_Content::add().
See #43620.
Built from https://develop.svn.wordpress.org/trunk@43003


git-svn-id: http://core.svn.wordpress.org/trunk@42832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 18:10:21 +00:00
iandunn
c9c3c61a53 Privacy: Add template tags for building link to privacy policy page.
This introduces the `get_the_privacy_policy_link()` and `the_privacy_policy_link()` functions, as well as the `privacy_policy_url` filter.

A new `tests/url/` folder was added to better organize tests related to `get_*_url()` functions. Previously, those tests were placed in `tests/url.php` and `tests/link/`, but neither of those locations are optimal. Placing tests in `tests/url.php` violates the guideline of creating separate files/classes for each function under test, and using `tests/link/` conflates two distinct -- albeit related -- groups of functions. Over time, URL-related tests can be migrated to the new folder.

Props birgire, xkon, azaozz, iandunn.
See #43850.

Built from https://develop.svn.wordpress.org/trunk@43002


git-svn-id: http://core.svn.wordpress.org/trunk@42831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 15:55:21 +00:00
Gary Pendergast
41968f7ea9 REST API: Add who=authors as a query parameter for GET wp/v2/users.
Any WordPress user who can `edit_posts` of a post type with `show_in_rest=true` can query for authors. This maps to current WordPress behavior where a WordPress user who can view the Manage Posts view for a post type can see any WordPress user assigned to a post (whether published or draft).

This implementation, over restricting `who=authors` to users with `list_users`, gives us future flexibility in displaying lists of posts. It still respects more restrictive permissions for `context=edit`.

Props danielbachhuber.
Fixes #42202.


Built from https://develop.svn.wordpress.org/trunk@43001


git-svn-id: http://core.svn.wordpress.org/trunk@42830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 13:06:21 +00:00
Andrew Ozz
13875fbddb Privacy: fix styling of counts on the list tables for user requests.
Props allendav.
Fixes #43846.
Built from https://develop.svn.wordpress.org/trunk@43000


git-svn-id: http://core.svn.wordpress.org/trunk@42829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-24 21:35:21 +00:00
Andrew Ozz
11e315ca23 Make the string WordPress translatable.
Props mnelson4.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42999


git-svn-id: http://core.svn.wordpress.org/trunk@42828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-24 21:23:21 +00:00
Felix Arntz
c1efc2519b Plugins: Show the required PHP version in the plugin details view, if specified.
Props xkon.
Fixes #43650.

Built from https://develop.svn.wordpress.org/trunk@42998


git-svn-id: http://core.svn.wordpress.org/trunk@42827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-24 11:41:25 +00:00
Gary Pendergast
e22489f06c REST API: Remove permalink_structure from the index.
This was originally added to allow Gutenberg to do permalink editing, but is no longer required. It's also superceded by #41014.

Reverts [42142].
Fixes #42465.


Built from https://develop.svn.wordpress.org/trunk@42997


git-svn-id: http://core.svn.wordpress.org/trunk@42826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-23 04:12:20 +00:00
atimmer
c1754d9ac1 Docs: Improve JSDoc for wp-includes/js/wp-backbone.js.
Changes some additional docs after [42993].

Props birgire, adamsilverstein, netweb.
Fixes #35465.

Built from https://develop.svn.wordpress.org/trunk@42996


git-svn-id: http://core.svn.wordpress.org/trunk@42825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-22 14:37:21 +00:00
Andrew Ozz
cf0d00c602 Privacy: fix get_privacy_policy_url() to only return the URL when the page is published.
See #43435.
Built from https://develop.svn.wordpress.org/trunk@42995


git-svn-id: http://core.svn.wordpress.org/trunk@42824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-20 14:44:20 +00:00
Andrew Ozz
81668f8312 Privacy: add functionality to anonymize commenters.
Props xkon, fclaussen, allendav, birgire, azaozz.
See #43442.
Built from https://develop.svn.wordpress.org/trunk@42994


git-svn-id: http://core.svn.wordpress.org/trunk@42823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-20 12:19:21 +00:00
atimmer
bb8d67e6ea Docs: Improve JSDoc for wp-includes/js/wp-backbone.js.
Props ericlewis, gma992, adamsilverstein.
Fixes #35465.

Built from https://develop.svn.wordpress.org/trunk@42993


git-svn-id: http://core.svn.wordpress.org/trunk@42822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-19 14:02:22 +00:00
Andrew Ozz
891deab7c5 Privacy: make the sections in the suggested privacy policy text postbox foldable. Add Read More/Read Less buttons. Fix copying of the suggested text by pressing the button.
Props melchoyce, xkon, azaozz.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42992


git-svn-id: http://core.svn.wordpress.org/trunk@42821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-19 12:39:21 +00:00
Aaron Jorbin
0b0c754563 Wow. I really shouldn't try to fix the build.
Previous [42989] [42986].
See #43440.

Built from https://develop.svn.wordpress.org/trunk@42991


git-svn-id: http://core.svn.wordpress.org/trunk@42820 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-19 00:26:21 +00:00
Aaron Jorbin
010a12240f Remove accidental addition to package.json
Introduced in [42989].

See #43440.
Unprops jorbin.


Built from https://develop.svn.wordpress.org/trunk@42990


git-svn-id: http://core.svn.wordpress.org/trunk@42819 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-19 00:24:21 +00:00
Aaron Jorbin
1da2fdb891 Privacy: Fix JSHint errors
Introduced in [42986].

See #43440.

Built from https://develop.svn.wordpress.org/trunk@42989


git-svn-id: http://core.svn.wordpress.org/trunk@42818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-19 00:23:20 +00:00
John Blackbourn
ea8052df59 Upgrade/Install: Don't include wp-includes/formatting.php twice during installation.
This avoids a fatal error caused by function redeclaration.

Props ocean90, kkarpieszuk

Fixes #43609

Built from https://develop.svn.wordpress.org/trunk@42988


git-svn-id: http://core.svn.wordpress.org/trunk@42817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-18 23:54:20 +00:00