Commit Graph

1588 Commits

Author SHA1 Message Date
whyisjake
2fc33ef47d Backporting several bug fixes.
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 5.1 branch.


Built from https://develop.svn.wordpress.org/branches/5.1@46490


git-svn-id: http://core.svn.wordpress.org/branches/5.1@46288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 18:17:55 +00:00
Aaron Jorbin
08cb9e2f0c General: Add missing @since annotation for wp_get_direct_php_update_url().
Backports [44829] to 5.1 branch. Dev-reviewed by desrosj and SergeyBiryukov.

Missed in [44815].

Props birgire.
See #46074.


Built from https://develop.svn.wordpress.org/branches/5.1@44831


git-svn-id: http://core.svn.wordpress.org/branches/5.1@44663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-12 17:13:51 +00:00
desrosj
3705196721 General: Add a way to specify a direct link for a user to update PHP.
A direct URL to where a user can update PHP for their website can now be specified in one of two ways:

- Defining the `WP_DIRECT_UPDATE_PHP_URL` environment variable.
- Returning a URL to the `wp_direct_php_update_url` filter.

When a URL is specified, an additional “Update PHP” button will be displayed at the bottom of the Core dashboard widget informing administrators that their site is running an outdated version of PHP (see [42832]).

Merges [44814] to the 5.1 branch.

Fixes #46074.
Props afragen, desrosj, lukecarbis.
Built from https://develop.svn.wordpress.org/branches/5.1@44815


git-svn-id: http://core.svn.wordpress.org/branches/5.1@44647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-07 21:37:50 +00:00
Felix Arntz
c204ac4bc7 Bootstrap/Load: Fix fatal error when passing a WP_Error to wp_die().
This was introduced in [44466]. Also, this changeset adds tests for `_wp_die_process_input()` so that this never happens again.

Props dd32.
See #45933.

Built from https://develop.svn.wordpress.org/trunk@44690


git-svn-id: http://core.svn.wordpress.org/trunk@44521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-22 08:52:50 +00:00
John Blackbourn
63a2dc94c6 Bootstrap/Load: Update the @since entry for wp_die().
See #46038

Built from https://develop.svn.wordpress.org/trunk@44682


git-svn-id: http://core.svn.wordpress.org/trunk@44513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-21 22:52:51 +00:00
Gary Pendergast
d289b00dc6 Media: Add a $real_mime parameter to the wp_check_filetype_and_ext filter.
This allows more accurate filtering of the filename and extension given to uploaded files.

Props desrosj, Tkama.
Fixes #45707.


Built from https://develop.svn.wordpress.org/trunk@44677


git-svn-id: http://core.svn.wordpress.org/trunk@44508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-21 21:52:50 +00:00
Felix Arntz
3b7a01f1f2 Bootstrap/Load: Fix bug causing AJAX functions to return a 500 when passing a null response to wp_die().
This bug was introduced in [44497].

Props ocean90.
See #45933.

Built from https://develop.svn.wordpress.org/trunk@44673


git-svn-id: http://core.svn.wordpress.org/trunk@44504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-21 20:07:49 +00:00
Felix Arntz
6645578424 Bootstrap/Load: Ensure that the fatal error shutdown handler does not prevent other shutdown handlers from being called.
This changeset adds support for a new `wp_die()` argument `exit`, which defaults to true and determines whether `wp_die()` should actually terminate the request. The new fatal error handler then calls `wp_die()` with that argument set to false, as calling `die()` or `exit` from a PHP shutdown function prevents other shutdown functions from being called.

Props schlessera, johnbillion.
Fixes #46038. See #44458.

Built from https://develop.svn.wordpress.org/trunk@44671


git-svn-id: http://core.svn.wordpress.org/trunk@44502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-21 19:10:52 +00:00
Felix Arntz
1698c8adea Bootstrap/Load: Support WP_Error and $args passed to wp_die() consistently in all handlers.
Prior to this change, each `wp_die()` handler had their own logic for how to parse arguments, causing inconsistencies and even breakage because the arguments possible to pass to `wp_die()` depended on the request context. Passing a `WP_Error` as `$message` for example used to be only support by the default handler, but not the AJAX and XML-RPC handlers.

With the fatal error protection, plus the new `wp_die()` handlers related to that, improving this support and compatibility has become more significant. Therefore this changeset introduces a private `_wp_die_process_input()` function that handles all function parameters consistently.

Props spacedmonkey, flixos90, schlessera.
Fixes #45933. See #44458.

Built from https://develop.svn.wordpress.org/trunk@44666


git-svn-id: http://core.svn.wordpress.org/trunk@44497 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-21 16:02:50 +00:00
Felix Arntz
94fb16f03f Plugins: Use centralized API to display information about updating PHP when a plugin requires a higher version.
This changeset uses the API functions introduced in [44476] to link to the resource about updating PHP when highlighting a plugin's required PHP version is not met. It furthermore expands them, introducing a new `wp_update_php_annotation()` function that prints the markup to indicate that the default URL has been altered by the web host, allowing it to be reused universally.

Furthermore, this changeset adds missing `update_php` capability checks before displaying the information about updating PHP.

Props afragen.
Fixes #45986. See #43986, #45686.

Built from https://develop.svn.wordpress.org/trunk@44627


git-svn-id: http://core.svn.wordpress.org/trunk@44458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-16 17:07:00 +00:00
Felix Arntz
2e7e09d869 Bootstrap/Load: Add support for JSON requests to wp_die().
In addition to AJAX and XML-RPC requests, `wp_die()` now handles JSON requests correctly, returning information in the expected content type.

Props spacedmonkey.
See #45933, #44458.

Built from https://develop.svn.wordpress.org/trunk@44625


git-svn-id: http://core.svn.wordpress.org/trunk@44456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-16 15:22:56 +00:00
Felix Arntz
30d5ca9172 Bootstrap/Load: Fix workaround to display admin link in PHP error template by introducing $link_url and $link_text arguments to wp_die().
This changeset removes the hack that was used before to display more complex HTML markup than a simple message in the default PHP error template via `wp_die()`. By removing HTML markup from the arguments passed to `wp_die()` it furthermore paves the way for supporting other content types than the default.

The message and arguments can be modified with new `wp_php_error_message` and `wp_php_error_args` filters respectively.

Furthermore this changeset fixes a few issues of functions not existing which could potentially have caused fatal errors when executed early in the WordPress bootstrap process.

Props flixos90, spacedmonkey.
See #45933, #44458.

Built from https://develop.svn.wordpress.org/trunk@44624


git-svn-id: http://core.svn.wordpress.org/trunk@44455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-16 15:21:50 +00:00
Gary Pendergast
6073c6e209 Docs: Update the @since version for the doing_it_wrong_trigger_error filter.
Fixes #34183.


Built from https://develop.svn.wordpress.org/trunk@44590


git-svn-id: http://core.svn.wordpress.org/trunk@44421 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-15 00:52:50 +00:00
Gary Pendergast
c008959e9e Coding Standards: Fix the minor WordPress.WP.I18n violations.
`WordPress.WP.I18n.MissingTranslatorsComment` is in progress in #44360.

See #45934.


Built from https://develop.svn.wordpress.org/trunk@44562


git-svn-id: http://core.svn.wordpress.org/trunk@44393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-11 06:04:49 +00:00
Felix Arntz
a71d208785 General: Fix problematic string to array parsing.
WordPress has historically often used code like `preg_split( '/[\s,]+/', $var )` to parse a string of comma-separated values into an array. However, this approach was causing an empty string to not be parsed into an empty array as expected, but rather into an array with the empty string as its sole element.

This was among other areas causing problems in the REST API where passing an empty request parameter could cause that request to fail because, instead of it being ignored, that parameter would be compared against the valid values for it, which typically do not include an empty string.

Props david.binda, sstoqnov.
Fixes #43977.

Built from https://develop.svn.wordpress.org/trunk@44546


git-svn-id: http://core.svn.wordpress.org/trunk@44377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-10 21:06:49 +00:00
Gary Pendergast
9f25ea37c7 Filesystem: Improve wp_is_stream() performance.
Instead of turning the return value of `stream_get_wrappers()` into a regex to match the scheme, we can instead extract the scheme and search the return value of `stream_get_wrappers()`.

Props schlessera, swissspidy.
Fixes #45553.


Built from https://develop.svn.wordpress.org/trunk@44506


git-svn-id: http://core.svn.wordpress.org/trunk@44337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-09 09:51:54 +00:00
Adam Silverstein
f510ab9e94 Media: improve the human_readable_duration function and tests.
Improve the `human_readable_duration` added in #39667:
* Remove upper limit.
* More resilient handling: remove negative prefix, trim.
* Correct @since to 5.1.0.
* Adds more test cases and improve inline docs.

Props birgire.
Fixes #39667.

Built from https://develop.svn.wordpress.org/trunk@44481


git-svn-id: http://core.svn.wordpress.org/trunk@44312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-08 19:56:48 +00:00
desrosj
bdaf864ec9 Docs: Improve accuracy of wp_list_sort()’s $list parameter description.
Props manikmist09.
Fixes #45766.
Built from https://develop.svn.wordpress.org/trunk@44480


git-svn-id: http://core.svn.wordpress.org/trunk@44311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-08 19:54:50 +00:00
Felix Arntz
e08a12d020 General: Make Update PHP notice link customizable.
After [42832], [42891] and [43006], this changeset refines the core notice informing about an outdated PHP version:

* The link to the Update PHP information page can now be adjusted using either a `WP_UPDATE_PHP_URL` environment variable, or a new `wp_update_php_url` filter.
* If that URL is different from the default one that points to https://wordpress.org/support/update-php/ or its localized equivalent, a note indicates that the linked resource has not been provided by WordPress itself, and the default URL is still linked to as an additional resource.
* The URL for the default information page has been updated to use the slug `update-php` instead of `upgrade-php`.
* `@since` annotations have been updated.

Going forward, admin areas that display information related to the PHP version should use the new function `wp_get_update_php_url()`.

Props afragen, fierevere, flixos90, markjaquith, miss_jwo, nerrad, pento, schlessera, SergeyBiryukov, spacedmonkey.
Fixes #45686. See #41191.

Built from https://develop.svn.wordpress.org/trunk@44476


git-svn-id: http://core.svn.wordpress.org/trunk@44307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-08 17:27:50 +00:00
Felix Arntz
035877708d Multisite: Update @since tags for site meta introduction.
Fixes #37923. Fixes #40229.

Built from https://develop.svn.wordpress.org/trunk@44467


git-svn-id: http://core.svn.wordpress.org/trunk@44298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-08 08:18:50 +00:00
Joe McGill
4a80373bdf PHPCS: Fix formatting issues.
Fixes formatting issues introduced in [44438].

See #45615.

Built from https://develop.svn.wordpress.org/trunk@44441


git-svn-id: http://core.svn.wordpress.org/trunk@44272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-07 21:09:49 +00:00
Joe McGill
ac1ff02815 Upload: Fix upload failures of common text file types.
This adds some special case handling in 'wp_check_filetype_and_ext()' that prevents some common file types from being blocked based on mismatched MIME checks, which were made more strict in WordPress 5.0.1.

Props Kloon, birgire, tellyworth, joemcgill.
See #45615.

Built from https://develop.svn.wordpress.org/trunk@44438


git-svn-id: http://core.svn.wordpress.org/trunk@44269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-07 20:48:51 +00:00
desrosj
33a71f04e2 General: Update since annotation for wp_unique_id().
In [43658], `wp_unique_id()` was introduced. This updates the `since` annotation to be accurate.

See #44883.
Built from https://develop.svn.wordpress.org/trunk@44406


git-svn-id: http://core.svn.wordpress.org/trunk@44236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-06 19:52:51 +00:00
desrosj
035b9deffb Docs: Update since tag for HTTP status code 103 support.
Originally added in [42207].

Fixes #42490.
Built from https://develop.svn.wordpress.org/trunk@44383


git-svn-id: http://core.svn.wordpress.org/trunk@44213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-03 15:21:52 +00:00
desrosj
3af00578e4 Media: Improve verification of MIME file types.
Merges [43988] to trunk.
Built from https://develop.svn.wordpress.org/trunk@44292


git-svn-id: http://core.svn.wordpress.org/trunk@44122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-18 16:35:49 +00:00
Sergey Biryukov
357a4957ec General: Introduce wp_unique_id(), a PHP implementation of Underscore's uniqueId method.
A static variable contains an integer that is incremented with each call. This number is returned with the optional prefix.
As such the returned value is not universally unique, but it is unique across the life of the PHP process.

Props westonruter, dlh.
See #44883.
Built from https://develop.svn.wordpress.org/trunk@43658


git-svn-id: http://core.svn.wordpress.org/trunk@43487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-09-24 20:57:23 +00:00
Sergey Biryukov
eb6be7eee1 Docs: Add a line break to wp_is_uuid() DocBlock for better readability.
See #42505.
Built from https://develop.svn.wordpress.org/trunk@43657


git-svn-id: http://core.svn.wordpress.org/trunk@43486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-09-24 20:46:26 +00:00
Adam Silverstein
e71a3d6193 Media: Improve display and accessibility of meta data in detail view.
* Add a `human_readable_duration` function including tests.
* Add 'pixels' after image width/height.
* Add screen reader text for durations.

Props Presskopp, kiranpotphode, milindmore22, stormrockwell, afercia.
Fixes #39667. 


Built from https://develop.svn.wordpress.org/trunk@43633


git-svn-id: http://core.svn.wordpress.org/trunk@43462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-09-08 04:20:24 +00:00
Sergey Biryukov
773e45e34e Docs: Convert @see reference in wp_checkdate() DocBlock to @link.
Props WiZZarD_.
Fixes #44866.
Built from https://develop.svn.wordpress.org/trunk@43599


git-svn-id: http://core.svn.wordpress.org/trunk@43428 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-30 13:49:25 +00:00
Sergey Biryukov
998d381fa0 Date/Time: Make sure current_time() always calculates the offset from GMT/UTC.
Previously, UTC context was implied, but could be unreliable due to being affected by plugins.

Props Rarst, rahulsprajapati, marco.marsala.
Fixes #37440.
Built from https://develop.svn.wordpress.org/trunk@43594


git-svn-id: http://core.svn.wordpress.org/trunk@43423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-30 12:13:24 +00:00
Felix Arntz
17f435b5aa General: Provide context parameters to doing_it_wrong_trigger_error filter.
`$function`, `$message`, and `$version` have historically been passed to the `doing_it_wrong_run` action. It makes sense to pass those to the filter as well, so that one can conditionally determine the filter value to return.

Fixes #34183.

Built from https://develop.svn.wordpress.org/trunk@43587


git-svn-id: http://core.svn.wordpress.org/trunk@43416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-28 13:38:24 +00:00
Gary Pendergast
56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Gary Pendergast
46fa15291f Streams: Return early from wp_is_stream() for paths that aren't streams.
Some versions of PHP appear to have a memory leak that is occasionally triggered by calling `stream_get_wrappers()`. In order to avoid calling this, we can return early from `wp_is_stream()` when `$path` doesn't contain `://`.

Props pbiron, JPry, dontstealmyfish.
Fixes #44532.


Built from https://develop.svn.wordpress.org/trunk@43466


git-svn-id: http://core.svn.wordpress.org/trunk@43293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 07:54:25 +00:00
John Blackbourn
60252611be Date/Time: Add support for the c and r shorthand formats in date_i18n().
Props Rarst, pbearne

Fixes #20973

Built from https://develop.svn.wordpress.org/trunk@43434


git-svn-id: http://core.svn.wordpress.org/trunk@43261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 23:10:25 +00:00
John Blackbourn
4c2fcf36a3 Media: Update the @since tag for wp_normalize_path() as this has been backported to th 3.9 (and all other) branches.
See #42837

Built from https://develop.svn.wordpress.org/trunk@43406


git-svn-id: http://core.svn.wordpress.org/trunk@43234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 15:21:25 +00:00
John Blackbourn
c9dce0606b Media: Limit thumbnail file deletions to the same directory as the original file.
Built from https://develop.svn.wordpress.org/trunk@43392


git-svn-id: http://core.svn.wordpress.org/trunk@43220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 14:32:25 +00:00
Felix Arntz
46589d1578 Date/Time: Fix usage of $gmt parameter in date_i18n() and clarify its behavior.
The docs for `date_i18n()` and its filter now correctly state that the `$gmt` parameter is only taken into account if no timestamp is provided. Furthermore, a bug with that parameter is fixed, as it is now ensured that the timezone used with it is `UTC`.

Props Rarst.
Fixes #38771.

Built from https://develop.svn.wordpress.org/trunk@43389


git-svn-id: http://core.svn.wordpress.org/trunk@43217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-04 23:43:25 +00:00
Felix Arntz
dc036d5333 Date/Time: Add support for gmt_offset to date_i18n().
Prior to this change, `date_i18n()` only supported the `timezone_string` option, causing incorrect timezones to appear in formatted dates on sites that still rely on the `gmt_offset` option.

Props Rarst.
Fixes #34835.

Built from https://develop.svn.wordpress.org/trunk@43387


git-svn-id: http://core.svn.wordpress.org/trunk@43215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-03 15:59:25 +00:00
Sergey Biryukov
99e3bb9077 Date/Time: Simplify mysql_to_rfc3339().
Erasing timezone with a regular expression is redundant, the date could be just formatted in the respective format instead.

Props Rarst.
Fixes #42542.
Built from https://develop.svn.wordpress.org/trunk@43384


git-svn-id: http://core.svn.wordpress.org/trunk@43212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:45:53 +00:00
Sergey Biryukov
67716d1367 Docs: Correct description for mysql_to_rfc3339().
Despite historical function name, the output does not conform to RFC3339 format, which must contain timezone.

Props Rarst.
See #42542.
Built from https://develop.svn.wordpress.org/trunk@43383


git-svn-id: http://core.svn.wordpress.org/trunk@43211 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:45:29 +00:00
Sergey Biryukov
b98ef36c97 Docs: Improve documentation for date_i18n()'s second argument.
Despite previously being labeled as a Unix timestamp, in reality it's a sum of Unix timestamp and timezone offset in seconds.

Props Rarst.
See #38771.
Built from https://develop.svn.wordpress.org/trunk@43380


git-svn-id: http://core.svn.wordpress.org/trunk@43208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:44:12 +00:00
iandunn
fdd5b8dacd Privacy: Rename exports folder to avoid deleting other files.
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.

To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.

The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.

Props johnjamesjacoby, allendav.
Fixes #44091.

Built from https://develop.svn.wordpress.org/trunk@43284


git-svn-id: http://core.svn.wordpress.org/trunk@43113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:22:20 +00:00
iandunn
8af721fff8 Privacy: Replace intrusive policy update notice with menu bubbles.
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue. 

An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.

The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.

Props azaozz, xkon, iandunn.
Fixes #43954. See #43953.

Built from https://develop.svn.wordpress.org/trunk@43223


git-svn-id: http://core.svn.wordpress.org/trunk@43052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 19:52:21 +00:00
Sergey Biryukov
cd4c960a6c Administration: Change all the occurrences of "(opens in a new window)" to "(opens in a new tab)".
Props chetan200891, ianbelanger, afercia.
Fixes #43803.
Built from https://develop.svn.wordpress.org/trunk@43174


git-svn-id: http://core.svn.wordpress.org/trunk@43003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-05 09:45:22 +00:00
iandunn
0e0473c9ff Privacy: Return before scheduling cron during install to avoid error.
r43046 introduced `wp_schedule_delete_old_privacy_export_files()` to schedule the `wp_privacy_delete_old_export_files` cron job, but it did not check to make sure it wasn't running in the context of the install process. When it did run in that context, it created a database error, because the necessary database tables don't exist at that point.

Checking the current context and returning early during the installation phase avoids that issue.

Props helen, timothyblynjacobs, iandunn.
Fixes #43952.

Built from https://develop.svn.wordpress.org/trunk@43162


git-svn-id: http://core.svn.wordpress.org/trunk@42991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 21:11:21 +00:00
Sergey Biryukov
ae8d70c06c Docs: Update @since version numbers for wp_privacy_anonymize_ip() and wp_privacy_anonymize_data().
Props joemcgill.
See #43545.
Built from https://develop.svn.wordpress.org/trunk@43081


git-svn-id: http://core.svn.wordpress.org/trunk@42910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:41:21 +00:00
iandunn
9bb0e18c82 Privacy: Include wp-admin/includes/file.php to avoid fatal error.
`list_files()` is defined in `wp-admin/includes/file.php`, which is not included by `wp-cron.php`, so it needs to be included by the caller in order to avoid a fatal PHP error.

This bug was not detected during testing because the file _is_ included when executing jobs via `wp cron event run`.

Props mikejolley, iandunn.
See #43546.
See https://wordpress.slack.com/archives/C9695RJBW/p1525190405000860.

Built from https://develop.svn.wordpress.org/trunk@43059


git-svn-id: http://core.svn.wordpress.org/trunk@42888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 17:43:22 +00:00
iandunn
23bf0c7535 Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43046


git-svn-id: http://core.svn.wordpress.org/trunk@42875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 20:09:23 +00:00
John Blackbourn
4ccca7a835 Formatting: Begin the process of improving the docs for KSES related functions.
See #33801

Built from https://develop.svn.wordpress.org/trunk@43016


git-svn-id: http://core.svn.wordpress.org/trunk@42845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 13:58:21 +00:00
Andrew Ozz
3108d2ffb2 Privacy: add a postbox that is shown when editing the privacy policy page, and where plugins and core will output suggested content and additional privacy info. First run.
Props melchoyce, azaozz.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42980


git-svn-id: http://core.svn.wordpress.org/trunk@42809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-16 08:53:20 +00:00