Commit Graph

267 Commits

Author SHA1 Message Date
Sergey Biryukov
e57fcaeeee Privacy: Escape Privacy Policy guide URL in in Privacy Policy edit page notice.
Props itowhid06, garrett-eclipse.
Fixes #44761.
Built from https://develop.svn.wordpress.org/trunk@44779


git-svn-id: http://core.svn.wordpress.org/trunk@44611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-02-28 12:08:49 +00:00
Peter Wilson
729c8e875f Admin: Improve logic of PHP version check on about page.
Props noisysocks, peterwilsoncc.
See #46161.


Built from https://develop.svn.wordpress.org/trunk@44735


git-svn-id: http://core.svn.wordpress.org/trunk@44567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-02-08 01:53:51 +00:00
Sergey Biryukov
f93ccded3f Docs: Correct type and description for the first parameter of set-screen-option filter.
Props pbiron, burhandodhy.
Fixes #44850.
Built from https://develop.svn.wordpress.org/trunk@44667


git-svn-id: http://core.svn.wordpress.org/trunk@44498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-21 16:08:51 +00:00
desrosj
67bec96f92 Privacy: Improve the ’Copy’ button verbiage to provide more clarity.
On the Privacy Policy Guide, there is currently a ‘Copy’ button below each section of suggested text. It is unclear what copy means without more context. It could be assumed, for instance, that the suggested text is copied to a new page.

This changes the button text to read `Copy this section to clipboard` to more clearly inform the user what is copied and how.

Props JoshuaWold, garrett-eclipse, birgire, vishaldodiya.
Fixes #44677.
Built from https://develop.svn.wordpress.org/trunk@44629


git-svn-id: http://core.svn.wordpress.org/trunk@44460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-16 22:45:50 +00:00
Gary Pendergast
8c702e04f3 Rewrite: Remove extra arguments being passed to WP_Rewrite::iis7_url_rewrite_rules().
Props rafsuntaskin.
Fixes #44185.


Built from https://develop.svn.wordpress.org/trunk@44619


git-svn-id: http://core.svn.wordpress.org/trunk@44450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-16 06:10:50 +00:00
desrosj
51155f3989 Docs: Specify missing global variables used in wp_print_theme_file_tree().
The `$relative_file` and `$stylesheet` variables are used in the `wp_print_theme_file_tree()` function but were not noted within the inline documentation.

Props mukesh27, desrosj,
Fixes #43682.
Built from https://develop.svn.wordpress.org/trunk@44477


git-svn-id: http://core.svn.wordpress.org/trunk@44308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-08 18:33:49 +00:00
desrosj
1f6da37438 Docs: Fix order of parameter type and variable name.
The order of the type and variable name in the `param` tags for the `wp_get_default_privacy_policy_content` filter is incorrectly reversed. This moves the two into the correct order.

Props ishitaka, mukesh27.
Fixes #45416.
Built from https://develop.svn.wordpress.org/trunk@44475


git-svn-id: http://core.svn.wordpress.org/trunk@44306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-08 17:03:48 +00:00
Gary Pendergast
fe837d19a7 Docs: Fix the @param type for wp_make_plugin_file_tree().
`$plugin_editable_files` is an `array`, not a `string`.

Props subrataemfluence.
Fixes #45593.


Built from https://develop.svn.wordpress.org/trunk@44464


git-svn-id: http://core.svn.wordpress.org/trunk@44295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-08 06:02:51 +00:00
desrosj
4818f7e3f7 Administration: Update default fallback color for SVG icons.
Currently, when an SVG is used as a menu icon, the color is inconsistent with the other, default dashicons and the contrast ratio does not meet the minimum requirement for accessibility.

This updates the base color for the default `fresh` color scheme to ensure consistency and proper contrast.

Props swift, dschalk.
Fixes #44209.
Built from https://develop.svn.wordpress.org/trunk@44353


git-svn-id: http://core.svn.wordpress.org/trunk@44183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-20 19:01:48 +00:00
desrosj
38d1e7233d Block Editor: Show privacy help notice on Privacy Policy page.
When editing a page set to be the Privacy Policy page, display a help notice
containing a link to the Privacy Policy guide.

Merges [43920] to trunk.

Fixes #45057.
Built from https://develop.svn.wordpress.org/trunk@44291


git-svn-id: http://core.svn.wordpress.org/trunk@44121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-18 16:14:49 +00:00
desrosj
03262a191f Block Editor: Refresh nonces used by wp.apiFetch.
Adds heartbeat nonces refreshing support to `wp.apiFetch` requests.

Props pento, adamsilverstein, dd32, desrosj, youknowriad.

Merges [43939] into trunk.

Fixes #45113. 
Built from https://develop.svn.wordpress.org/trunk@44275


git-svn-id: http://core.svn.wordpress.org/trunk@44105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-17 19:28:51 +00:00
Gary Pendergast
4739b8147b Upgrade/Install: Convert Sample Page, Hello World, and Privacy Policy to block content.
Merges [43820,43912] from the 5.0 branch to trunk.

Props desrosj, garrett-eclipse, danielbachhuber, dd32, ocean90.
Fixes #45151.


Built from https://develop.svn.wordpress.org/trunk@44168


git-svn-id: http://core.svn.wordpress.org/trunk@43998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-14 05:43:52 +00:00
Sergey Biryukov
f7ba175491 Docs: Correct @since value for _wp_privacy_statuses().
Fix typo in `@since` entry for `WP_Privacy_Policy_Content:add()`.

Props dimadin.
Fixes #44915.
Built from https://develop.svn.wordpress.org/trunk@43638


git-svn-id: http://core.svn.wordpress.org/trunk@43467 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-09-13 10:20:24 +00:00
Sergey Biryukov
c714ad082d Docs: Correct parameter type for WP_Privacy_Policy_Content::notice().
Props burhandodhy.
Fixes #44877.
Built from https://develop.svn.wordpress.org/trunk@43609


git-svn-id: http://core.svn.wordpress.org/trunk@43438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-09-03 14:15:25 +00:00
Gary Pendergast
56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Sergey Biryukov
172aa4aa3e Privacy: Enable pagination screen options for privacy requests list tables.
Props birgire, pbiron.
Fixes #44025.
Built from https://develop.svn.wordpress.org/trunk@43486


git-svn-id: http://core.svn.wordpress.org/trunk@43313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 16:04:24 +00:00
Sergey Biryukov
4faf05ca6a Privacy: Change @since entry for _wp_privacy_settings_filter_draft_page_titles() added in [43376] to 4.9.8.
See #44100.
Built from https://develop.svn.wordpress.org/trunk@43454


git-svn-id: http://core.svn.wordpress.org/trunk@43281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:48:25 +00:00
Andrew Ozz
7e9be993e6 Privacy: append (Draft) to draft page titles in the page drop-down on the Privacy Settings screen.
Props allendav, desrosj.
Fixes #44100.
Built from https://develop.svn.wordpress.org/trunk@43376


git-svn-id: http://core.svn.wordpress.org/trunk@43204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:42:29 +00:00
John Blackbourn
0aa2902436 Security: Harden the random aspect of the hash used for user profile and admin email address changes.
Props BjornW

Fixes #43771

Built from https://develop.svn.wordpress.org/trunk@43367


git-svn-id: http://core.svn.wordpress.org/trunk@43195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:38:43 +00:00
Sergey Biryukov
593848e9dc Docs: Correct inline comment added in [43361] for consistency with other comments.
See #44142.
Built from https://develop.svn.wordpress.org/trunk@43363


git-svn-id: http://core.svn.wordpress.org/trunk@43191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:37:00 +00:00
Sergey Biryukov
d35f9813f1 Docs: Add missing @return value for save_mod_rewrite_rules() and iis7_save_url_rewrite_rules().
See #44142.
Built from https://develop.svn.wordpress.org/trunk@43362


git-svn-id: http://core.svn.wordpress.org/trunk@43190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:36:35 +00:00
Sergey Biryukov
40cfcfc222 Privacy: Make sure wp_add_privacy_policy_content() does not cause a fatal error by unintentionally flushing rewrite rules outside of the admin context.
Add a `_doing_it_wrong()` message describing the correct usage of the function.

Props kraftbj, azaozz, SergeyBiryukov, YuriV.
Fixes #44142.
Built from https://develop.svn.wordpress.org/trunk@43361


git-svn-id: http://core.svn.wordpress.org/trunk@43189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:36:09 +00:00
Sergey Biryukov
947a12f2b2 Privacy: Fix typo in default privacy policy text.
Props garetharnold, abdullahramzan.
Fixes #44166.
Built from https://develop.svn.wordpress.org/trunk@43350


git-svn-id: http://core.svn.wordpress.org/trunk@43178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:31:31 +00:00
Andrew Ozz
8c06c2c662 Privacy: only remove the "Suggested text has changed" bubble when an admin visits the Privacy Policy Guide screen.
Fixes #44063.
Built from https://develop.svn.wordpress.org/trunk@43269


git-svn-id: http://core.svn.wordpress.org/trunk@43098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 17:52:21 +00:00
Andrew Ozz
242e6eea46 Privacy: fix markup for the table of contents on privacy policy guide screen.
Props ocean90, azaozz.
Fixes #44056.
Built from https://develop.svn.wordpress.org/trunk@43265


git-svn-id: http://core.svn.wordpress.org/trunk@43094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 16:46:23 +00:00
Andrew Ozz
b5564c8646 Privacy: fix the "Privacy Policy Guide updated" message and add a link to the guide.
Props birgire, azaozz.
Fixes #44057.
Built from https://develop.svn.wordpress.org/trunk@43263


git-svn-id: http://core.svn.wordpress.org/trunk@43092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 16:21:21 +00:00
Dominik Schilling
2d4311e32e Privacy: Remove is-dismissible class from notice when privacy info has changed.
The notice isn't dismissible as it only gets removed once you visit the privacy guide, see #44057 and #44063.

Fixes #44065.

Built from https://develop.svn.wordpress.org/trunk@43261


git-svn-id: http://core.svn.wordpress.org/trunk@43090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 15:55:21 +00:00
Andrew Ozz
a75b113bed Privacy: fix two typos in WP_Privacy_Policy_Content::get_default_content().
Props dlh.
Fixes #44050.
Built from https://develop.svn.wordpress.org/trunk@43249


git-svn-id: http://core.svn.wordpress.org/trunk@43078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-13 11:15:21 +00:00
Andrew Ozz
b82fed1806 Privacy: require manage_privacy_options capability for showing WP_Privacy_Policy_Content::notice().
Props ocean90.
Fixes #44055.
Built from https://develop.svn.wordpress.org/trunk@43248


git-svn-id: http://core.svn.wordpress.org/trunk@43077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-13 11:04:21 +00:00
Andrew Ozz
5c5a527d96 Privacy: exclude the wrapper from the default policy content.
Fixes #44048.
Built from https://develop.svn.wordpress.org/trunk@43242


git-svn-id: http://core.svn.wordpress.org/trunk@43071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-11 15:07:21 +00:00
iandunn
8af721fff8 Privacy: Replace intrusive policy update notice with menu bubbles.
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue. 

An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.

The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.

Props azaozz, xkon, iandunn.
Fixes #43954. See #43953.

Built from https://develop.svn.wordpress.org/trunk@43223


git-svn-id: http://core.svn.wordpress.org/trunk@43052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 19:52:21 +00:00
Sergey Biryukov
47e6c2f9ec Privacy: Make the help hint for Privacy Policy page more translatable and accessible.
Props tobifjellner.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43206


git-svn-id: http://core.svn.wordpress.org/trunk@43035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 23:12:21 +00:00
Andrew Ozz
35d5911ae8 Privacy: fixes for the privacy policy guide and suggested content:
- Separate the guide text form the suggested policy text.
- Add table of content for easier navigation.
- Move the content to tools.php (prevents the settings menu of being open).
- Add a link to the guide from the Privacy settings screen.

Props melchoyce, azaozz.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43203


git-svn-id: http://core.svn.wordpress.org/trunk@43032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 20:51:23 +00:00
Andrew Ozz
3099f4d9ed Privacy: outputting the privacy policy guide and suggested content to a new page instead of a postbox.
Props melchoyce, azaozz.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43184


git-svn-id: http://core.svn.wordpress.org/trunk@43013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-08 23:45:21 +00:00
Sergey Biryukov
f055261a05 Privacy: Remove stray closing tag in WP_Privacy_Policy_Content::get_default_content(), fix typo in @return tag.
Props dlh, tobifjellner.
Fixes #43951.
Built from https://develop.svn.wordpress.org/trunk@43170


git-svn-id: http://core.svn.wordpress.org/trunk@42999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-04 01:56:22 +00:00
Andrew Ozz
58b2e6e143 Privacy: use sprintf() in translations.
Props birgire.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43150


git-svn-id: http://core.svn.wordpress.org/trunk@42979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 18:25:21 +00:00
Andrew Ozz
7d4429b2c8 Privacy: fix typos and inconsistencies in the default suggested text.
Props macbookandrew.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43148


git-svn-id: http://core.svn.wordpress.org/trunk@42977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 17:42:22 +00:00
Andrew Ozz
c5d13c5934 Privacy: change how the default text for privacy policy is added:
- Insert both the text and tutorial in new policy pages and highlight is brightly in the editor.
- Show only the suggested text in the policy postbox.

Props melchoyce, azaozz.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43146


git-svn-id: http://core.svn.wordpress.org/trunk@42975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 17:13:21 +00:00
Andrew Ozz
0d2eb27a5d Privacy: do not fold a single section in the privacy policy poxtbox.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43126


git-svn-id: http://core.svn.wordpress.org/trunk@42955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 22:10:21 +00:00
Andrew Ozz
237df3367b Privacy: only fold the sections in the privacy policy poxtbox when more than one.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43052


git-svn-id: http://core.svn.wordpress.org/trunk@42881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 09:48:21 +00:00
Andrew Ozz
d1ab641d16 Privacy: edits and improvements for the default text for a privacy policy.
Props idea15, allendav.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43048


git-svn-id: http://core.svn.wordpress.org/trunk@42877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 21:06:21 +00:00
Andrew Ozz
c21c4e25b3 Privacy: add default text for a privacy policy. First run.
Props xkon, idea15, allendav, azaozz.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43044


git-svn-id: http://core.svn.wordpress.org/trunk@42873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 14:47:21 +00:00
Andrew Ozz
41a82d6078 Privacy: add better docs for wp_add_privacy_policy_content() and WP_Privacy_Policy_Content::add().
See #43620.
Built from https://develop.svn.wordpress.org/trunk@43003


git-svn-id: http://core.svn.wordpress.org/trunk@42832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 18:10:21 +00:00
Andrew Ozz
11e315ca23 Make the string WordPress translatable.
Props mnelson4.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42999


git-svn-id: http://core.svn.wordpress.org/trunk@42828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-24 21:23:21 +00:00
Andrew Ozz
891deab7c5 Privacy: make the sections in the suggested privacy policy text postbox foldable. Add Read More/Read Less buttons. Fix copying of the suggested text by pressing the button.
Props melchoyce, xkon, azaozz.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42992


git-svn-id: http://core.svn.wordpress.org/trunk@42821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-19 12:39:21 +00:00
Andrew Ozz
8d9e4937f8 Fix typo in 'wp_get_default_privacy_policy_content' filter.
Props claudiu.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42985


git-svn-id: http://core.svn.wordpress.org/trunk@42814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-17 21:09:20 +00:00
Andrew Ozz
3108d2ffb2 Privacy: add a postbox that is shown when editing the privacy policy page, and where plugins and core will output suggested content and additional privacy info. First run.
Props melchoyce, azaozz.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42980


git-svn-id: http://core.svn.wordpress.org/trunk@42809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-16 08:53:20 +00:00
John Blackbourn
b13e73d05c Docs: Document more parameters and properties using typed array notation.
See #41756

Built from https://develop.svn.wordpress.org/trunk@42875


git-svn-id: http://core.svn.wordpress.org/trunk@42705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-25 18:10:32 +00:00
John Blackbourn
d7025e7787 Security: Loosen the admin referrer policy header value to allow the referring host to be sent from the admin area in all cases.
This allows referrer-restricted content from third parties (such as images and fonts) to continue working in the admin area.

Props aranwer104, qcmiao

Fixes #43285

Built from https://develop.svn.wordpress.org/trunk@42830


git-svn-id: http://core.svn.wordpress.org/trunk@42660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-12 10:57:35 +00:00
Dominik Schilling
666e203f31 Administration: Remove unnecessary capitalization when referencing to plugin/theme editors.
Fixes #43072.
Built from https://develop.svn.wordpress.org/trunk@42757


git-svn-id: http://core.svn.wordpress.org/trunk@42587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-26 19:35:30 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Sergey Biryukov
1a5adcf722 Rewrite Rules: Correct the logic in extract_from_markers() after [41928].
Props stodorovic.
Fixes #42579. See #39920.
Built from https://develop.svn.wordpress.org/trunk@42199


git-svn-id: http://core.svn.wordpress.org/trunk@42029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-16 13:25:50 +00:00
Konstantin Obenland
65c1468ff5 File Editors: Account for network admin use
Fixes a bug where files couldn't be accessed in multisite installs.

Props flixos90, westonruter.
Fixes #42420.


Built from https://develop.svn.wordpress.org/trunk@42115


git-svn-id: http://core.svn.wordpress.org/trunk@41944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-03 18:51:49 +00:00
Sergey Biryukov
0f06f90341 Rewrite Rules: Remove redundant if condition in extract_from_markers().
Props Dency, yahil, appchecker.
Fixes #39920.
Built from https://develop.svn.wordpress.org/trunk@41928


git-svn-id: http://core.svn.wordpress.org/trunk@41762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 21:28:46 +00:00
Weston Ruter
0659de4e21 File Editors: Display list of theme/plugin files in scrollable directory tree.
Props WraithKenny, afercia, melchoyce, westonruter.
Amends [41721].
Fixes #24048.

Built from https://develop.svn.wordpress.org/trunk@41851


git-svn-id: http://core.svn.wordpress.org/trunk@41685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-13 02:39:47 +00:00
John Blackbourn
fbd44ee554 Security: Add a referrer policy header to the admin and login screens.
This sets a referrer policy of `same-origin` which adds hardening by preventing a referrer being sent from the admin area or login screens to other origins. This helps prevent unwanted exposure of potentially sensitive information that may be contained within URLs.

This change introduces a new filter, `admin_referrer_policy`, for filtering the referrer policy header value. The header can be disabled if necessary by removing the `wp_admin_headers` action from the `admin_init` and `login_init` hooks.

Props joostdevalk
Fixes #42036

Built from https://develop.svn.wordpress.org/trunk@41741


git-svn-id: http://core.svn.wordpress.org/trunk@41575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 18:25:46 +00:00
John Blackbourn
b52e37f9bf Options, Meta APIs: Require a confirmation link in an email to be clicked when an admin attempts to change the site admin email address.
This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their site.

Props MatheusGimenez, johnbillion

Fixes #39118

Built from https://develop.svn.wordpress.org/trunk@41254


git-svn-id: http://core.svn.wordpress.org/trunk@41094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-14 20:13:43 +00:00
Dion Hulse
e8211f783a Docs: Correct a number of typos/spelling mistakes in inline comments.
Props ottok.
Fixes #38464.

Built from https://develop.svn.wordpress.org/trunk@38893


git-svn-id: http://core.svn.wordpress.org/trunk@38836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-25 00:38:35 +00:00
Drew Jaynes
7eb6471461 Docs: Fix minor formatting and syntax for wp-admin/* elements introduced in 4.6.
See #37318.

Built from https://develop.svn.wordpress.org/trunk@38024


git-svn-id: http://core.svn.wordpress.org/trunk@37965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 14:00:31 +00:00
Peter Wilson
47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Andrew Ozz
82ee5ca020 Editor: ensure the page is refreshed when the users navigate to it with the Back or Forward buttons. In these cases the browsers usually load the page from (memory) cache and it contains the old editor content.
Fixes #35852.
Built from https://develop.svn.wordpress.org/trunk@37619


git-svn-id: http://core.svn.wordpress.org/trunk@37587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-02 01:30:27 +00:00
Drew Jaynes
1947f4d17c Docs: Apply inline @see tags to hooks referenced in DocBlocks for wp-admin/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37537


git-svn-id: http://core.svn.wordpress.org/trunk@37505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 17:28:27 +00:00
Drew Jaynes
c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Pascal Birchler
a47fa4f197 Rewrite Rules: After [36953], correctly replace existing rules on IIS when updating them.
Props WiZZarD_.
Fixes #36506 for trunk.
Built from https://develop.svn.wordpress.org/trunk@37273


git-svn-id: http://core.svn.wordpress.org/trunk@37239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-21 09:33:27 +00:00
Andrea Fercia
30866ceb5d Accessibility: Improve color contrast updating any #999 gray used for text or icons to a darker gray.
Fixes #35660.
Built from https://develop.svn.wordpress.org/trunk@36587


git-svn-id: http://core.svn.wordpress.org/trunk@36554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-19 18:44:27 +00:00
John Blackbourn
a5d44337b2 Docs: @param fixes for a variety of docblocks.
See #32246

Built from https://develop.svn.wordpress.org/trunk@36232


git-svn-id: http://core.svn.wordpress.org/trunk@36199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-09 01:45:26 +00:00
John Blackbourn
7718e07129 Docs: Correct the parameter docs for various Heartbeat filters and functions.
See #32246

Built from https://develop.svn.wordpress.org/trunk@36231


git-svn-id: http://core.svn.wordpress.org/trunk@36198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-09 01:37:26 +00:00
Drew Jaynes
e6578e7b4f Docs: Use 3-digit, x.x.x-style semantic versioning in the DocBlocks for post_form_autocomplete_off() and WP_Filesystem_SSH2::sftp_path().
Props aaronrutley.
Fixes #34518.

Built from https://develop.svn.wordpress.org/trunk@35468


git-svn-id: http://core.svn.wordpress.org/trunk@35432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 13:16:24 +00:00
Helen Hou-Sandí
6ca92efe23 List tables: Move the view mode switcher into screen options for posts.
Having a view mode switcher nestled within table navigation makes no sense, especially now that it's a sticky user option. While less convenient for frequent switching, there is no evidence as of yet that there is a large userbase of frequent view mode switchers.

Introduces a filter for `view_mode_post_types`, which by default is all hierarchical post types with edit UI on.

props Oxymoron.
fixes #22222.

Built from https://develop.svn.wordpress.org/trunk@35357


git-svn-id: http://core.svn.wordpress.org/trunk@35323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-22 19:25:25 +00:00
Scott Taylor
8eb3de46c9 Formatting: move url_shorten() from wp-admin/includes/misc.php to wp-includes/formatting.php for more global access.
Adds unit tests.

Props mulvane, chriscct7.
Fixes #20166.

Built from https://develop.svn.wordpress.org/trunk@35314


git-svn-id: http://core.svn.wordpress.org/trunk@35280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 03:48:24 +00:00
Dion Hulse
85258bb914 In insert_with_markers() restore the 4.3 behaviour of creating the file if it doesn't exist.
This change also makes it bail early (without writing) if the markers content is the same as the existing, and uses `ftell()` rather than `$bytes` for the location to truncate the file to - based on the file pointer being at the end of the written stream.

Props willmot tigertech kevinatelement
See #31767

Built from https://develop.svn.wordpress.org/trunk@35267


git-svn-id: http://core.svn.wordpress.org/trunk@35233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-19 00:53:24 +00:00
Boone Gorges
0e7c1d3b14 Use wp_installing() instead of WP_INSTALLING constant.
The `WP_INSTALLING` constant is a flag that WordPress sets in a number of
places, telling the system that options should be fetched directly from the
database instead of from the cache, that WP should not ping wordpress.org for
updates, that the normal "not installed" checks should be bypassed, and so on.

A constant is generally necessary for this purpose, because the flag is
typically set before the WP bootstrap, meaning that WP functions are not yet
available.  However, it is possible - notably, during `wpmu_create_blog()` -
for the "installing" flag to be set after WP has already loaded. In these
cases, `WP_INSTALLING` would be set for the remainder of the process, since
there's no way to change a constant once it's defined. This, in turn, polluted
later function calls that ought to have been outside the scope of site
creation, particularly the non-caching of option data. The problem was
particularly evident in the case of the automated tests, where `WP_INSTALLING`
was set the first time a site was created, and remained set for the rest of the
suite.

The new `wp_installing()` function allows developers to fetch the current
installation status (when called without any arguments) or to set the
installation status (when called with a boolean `true` or `false`). Use of
the `WP_INSTALLING` constant is still supported; `wp_installing()` will default
to `true` if the constant is defined during the bootstrap.

Props boonebgorges, jeremyfelt.
See #31130.
Built from https://develop.svn.wordpress.org/trunk@34828


git-svn-id: http://core.svn.wordpress.org/trunk@34793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-05 15:06:28 +00:00
Drew Jaynes
4c2203b370 Docs: Add missing summaries for functions in wp-admin/includes/misc.php.
Also restructures the summary for `update_home_siteurl()`.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@34824


git-svn-id: http://core.svn.wordpress.org/trunk@34789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-05 02:52:24 +00:00
Dion Hulse
dc9203d753 Rewrite insert_with_markers() to use flock() when available, significant cleanup of the function too.
The call to `flock()` is an exclusive advisory lock, which in my testing only PHP respects (apache continues to read it).
Not all filesystems support locking (remote NFS mounts for example) so this offers minimal benefit to those platforms, but offers much better protection against file corruption on systems which do support it.
The call is blocking, so a second process will wait for the first to complete before writing if supported.

See #31767

Built from https://develop.svn.wordpress.org/trunk@34740


git-svn-id: http://core.svn.wordpress.org/trunk@34704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-01 07:46:27 +00:00
Jeremy Felt
5397416276 MS: Delete rewrite_rules when updating a switched site's URL.
Previously, rewrite rules could be flushed and regenerated in the context of another site. Deleting the rules when in a switched state allows for them to be generated properly on the next page view.

Fixes #33816.

Built from https://develop.svn.wordpress.org/trunk@34672


git-svn-id: http://core.svn.wordpress.org/trunk@34636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-28 23:24:27 +00:00
Scott Taylor
84da11d918 Pass false as the 2nd argument to class_exists() to disable autoloading and to not cause problems for those who define __autoload().
Fixes #20523.

Built from https://develop.svn.wordpress.org/trunk@34348


git-svn-id: http://core.svn.wordpress.org/trunk@34312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-20 03:52:25 +00:00
John Blackbourn
606b6d15f1 Introduce wp_removable_query_args(), which returns an array of single-use query variables which can be removed from a URL.
Also applies the function to the return URL when the Customizer is closed.

Fixes #32692
Props swissspidy, Mte90

Built from https://develop.svn.wordpress.org/trunk@33849


git-svn-id: http://core.svn.wordpress.org/trunk@33817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-02 11:29:23 +00:00
John Blackbourn
b9ec4136d9 Remove error from the query variables when cleaning up a URL in wp_admin_canonical_url().
Fixes #32847

Built from https://develop.svn.wordpress.org/trunk@33770


git-svn-id: http://core.svn.wordpress.org/trunk@33738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-27 17:26:21 +00:00
Andrew Ozz
fa25fe82ef Fix updating of nonces on the Edit Post screen after the log in expires and the user logs in again.
Props iseulde, azaozz. Fixes #33098.
Built from https://develop.svn.wordpress.org/trunk@33468


git-svn-id: http://core.svn.wordpress.org/trunk@33435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-28 22:07:25 +00:00
Scott Taylor
42d51a4f89 Add doc blocks to functions that are missing them.
If the function has no need for `@param` or `@return`, do an archeaological dig to find `@since`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32672


git-svn-id: http://core.svn.wordpress.org/trunk@32642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-31 03:18:25 +00:00
Scott Taylor
a51dfa3971 In the style of #30947 and default-filters.php, add 2 new files to wp-admin/includes:
`admin-filters.php`
`ms-admin-filters.php`

There are random actions and filters littered among files like `misc.php`. These files contain functions that won't work outside of admin context and are typically only loaded in files that have already loaded the admin bootstrap.

See #32529.

Built from https://develop.svn.wordpress.org/trunk@32653


git-svn-id: http://core.svn.wordpress.org/trunk@32623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 17:04:26 +00:00
Scott Taylor
b56b9b3e5c Add @global annotations for wp-admin/*.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32642


git-svn-id: http://core.svn.wordpress.org/trunk@32612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-28 21:41:30 +00:00
Helen Hou-Sandí
bfda508c18 Update more instances of default admin blues and grays.
props hugobaeta.
fixes #31234.

Built from https://develop.svn.wordpress.org/trunk@32051


git-svn-id: http://core.svn.wordpress.org/trunk@32030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-05 21:20:27 +00:00
Helen Hou-Sandí
d85f8fe326 Admin notices: Make (most) core notices dismissible.
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.

props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes #31233. see #23367.

Built from https://develop.svn.wordpress.org/trunk@31973


git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 22:06:28 +00:00
Dion Hulse
7b5ae90225 When altering the admin URL to reflect the canonical location, keep the existing hash (if present) in the URL.
Fixes #31758. See #23367

Built from https://develop.svn.wordpress.org/trunk@31882


git-svn-id: http://core.svn.wordpress.org/trunk@31861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-25 04:32:26 +00:00
Dominik Schilling
4cc85f4da2 Administration: Remove single-use URL parameters and create canonical link based on new URL.
The default removable query args are 'message', 'settings-updated', 'saved', 'update', 'updated','activated', 'activate', 'deactivate', 'locked', 'deleted', 'trashed', 'untrashed', 'enabled', 'disabled', and 'skipped'. 

props morganestes.
fixes #23367.
Built from https://develop.svn.wordpress.org/trunk@31736


git-svn-id: http://core.svn.wordpress.org/trunk@31717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-11 23:09:26 +00:00
Scott Taylor
196d85a9f6 Fill in the @param types for the args for functions missing them in wp-admin/includes/misc.php.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30200


git-svn-id: http://core.svn.wordpress.org/trunk@30200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 06:01:24 +00:00
Gary Pendergast
007ec52958 Add wp_json_encode(), a wrapper for json_encode() that ensures everything is converted to UTF-8.
Change all core calls from `json_encode()` to `wp_json_encode()`.

Fixes #28786.


Built from https://develop.svn.wordpress.org/trunk@30055


git-svn-id: http://core.svn.wordpress.org/trunk@30055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-28 18:35:19 +00:00
Andrew Nacin
f7392ef917 Pinking shears.
Built from https://develop.svn.wordpress.org/trunk@29707


git-svn-id: http://core.svn.wordpress.org/trunk@29481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-04 15:23:16 +00:00
Andrew Ozz
4deee321e3 Editor: use the post_edit_form_tag action to add autocomplete="off" to the whole form on the Add/Edit Post screen in WebKit. Prevents editor problems when the browser's Back button is used. Fixes #28037.
Built from https://develop.svn.wordpress.org/trunk@29448


git-svn-id: http://core.svn.wordpress.org/trunk@29226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-08 20:54:15 +00:00
Drew Jaynes
097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Andrew Ozz
5168f9c7c6 Secure embeds in the editor (first run):
- When the user pastes an embeddable http URL, try to get the https embed.
- If an embed provider doesn't support ssl embeds, show a placeholder/error message.
- Revise the way we return error messages.
See #28195, #28507.
Built from https://develop.svn.wordpress.org/trunk@28919


git-svn-id: http://core.svn.wordpress.org/trunk@28718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-30 05:49:16 +00:00
Andrew Ozz
84f3e30f7b wpView: improve handling of embed errors/error messages, see #28195
Built from https://develop.svn.wordpress.org/trunk@28754


git-svn-id: http://core.svn.wordpress.org/trunk@28568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-15 22:53:16 +00:00
Scott Taylor
69fbe27f48 Don't use variable variables in wp_reset_vars(). Test by searching in list tables, etc.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28746


git-svn-id: http://core.svn.wordpress.org/trunk@28560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 20:00:15 +00:00
Drew Jaynes
a6e536fba6 Make sure to use 3-digit x.x.x style for two 3.9.0 @since versions.
Props netweb.
Fixes #28446.

Built from https://develop.svn.wordpress.org/trunk@28658


git-svn-id: http://core.svn.wordpress.org/trunk@28476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-04 05:35:16 +00:00
Drew Jaynes
f609524261 Minor phpDoc fixes for the got_rewrite, got_url_rewrite, and documentation_ignore_functions hooks.
Props GaryJ.
See #26869.

Built from https://develop.svn.wordpress.org/trunk@28352


git-svn-id: http://core.svn.wordpress.org/trunk@28180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-08 11:13:14 +00:00
Drew Jaynes
690481f8e8 Generalize the hook documentation for the set-screen-option filter.
The filter covers more than [items]_per_page screen options.

Fixes #26186.

Built from https://develop.svn.wordpress.org/trunk@27379


git-svn-id: http://core.svn.wordpress.org/trunk@27228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-03 17:51:14 +00:00
Drew Jaynes
849ce35cb9 Inline documentation for hooks in wp-admin/includes/misc.php.
Props JoshuaAbenazer.
Fixes #26186

Built from https://develop.svn.wordpress.org/trunk@27375


git-svn-id: http://core.svn.wordpress.org/trunk@27224 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-03 17:20:16 +00:00
Sergey Biryukov
f291730aec Avoid an undefined index notice in wp_doc_link_parse().
props pross for initial patch.
fixes #27214.
Built from https://develop.svn.wordpress.org/trunk@27323


git-svn-id: http://core.svn.wordpress.org/trunk@27175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-27 23:16:13 +00:00
Andrew Ozz
335add2573 Autosave: refactor autosave.js, use heartbeat for transport and move all "Add/Edit Post" related functionality to post.js. See #25272.
Built from https://develop.svn.wordpress.org/trunk@26995


git-svn-id: http://core.svn.wordpress.org/trunk@26872 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-22 04:56:16 +00:00