Commit Graph

338 Commits

Author SHA1 Message Date
Felix Arntz
c81db1f6e6 Security, Site Health: Detect HTTPS support and encourage switching.
This changeset modifies the Site Health panel for HTTPS to provide more accurate recommendations based on whether the environment is already set up for HTTPS.

* Introduces `wp_is_using_https()` to check whether the site is configured to use HTTPS (via its Site Address and WordPress Address).
* Introduces `wp_is_https_supported()` to check whether the environment supports HTTPS. This relies on a cron job which periodically checks support using a loopback request.

Props Clorith, flixos90, miinasikk, westonruter.
Fixes #47577.

Built from https://develop.svn.wordpress.org/trunk@49904


git-svn-id: http://core.svn.wordpress.org/trunk@49603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-23 19:13:04 +00:00
youknowriad
d6cff7965a Block Editor: Update the WordPress Packages to the latest version.
This includes the packages that match the Gutenberg 9.2 Release.
It is going to be the last block-editor features update for WordPress 5.6.
It also updates the block-supports code base to the latest APIs.

Props isabel_brison, noisysocks, desrosj.
Fixes #51570.

Built from https://develop.svn.wordpress.org/trunk@49226


git-svn-id: http://core.svn.wordpress.org/trunk@48988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 13:36:16 +00:00
Sergey Biryukov
1c1aadbe54 Pings/Trackbacks: Split do_all_pings() into several functions:
* `do_all_pingbacks()`
* `do_all_enclosures()`
* `do_all_trackbacks()`

This allows for the specific removal/replacement of one of more services.

Props dshanske, garrett-eclipse, Mista-Flo, azaozz, hellofromTonya.
Fixes #36576.
Built from https://develop.svn.wordpress.org/trunk@49211


git-svn-id: http://core.svn.wordpress.org/trunk@48973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-19 21:16:02 +00:00
TimothyBlynJacobs
d5ebe12f11 REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.

This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.

Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.

Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.

Built from https://develop.svn.wordpress.org/trunk@49109


git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 22:14:06 +00:00
John Blackbourn
526f0d01d4 Posts, Post Types: Don't output the adjacent posts rel link by default.
This has a considerable performance impact on sites which don't otherwise show previous and next post links, and has no SEO benefit.

Props joostdevalk, swissspidy, johnbillion

Fixes #39111
Built from https://develop.svn.wordpress.org/trunk@48966


git-svn-id: http://core.svn.wordpress.org/trunk@48728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-09 21:34:08 +00:00
desrosj
3dda74c337 Editor: Ensure the required assets for the block directory are enqueued.
This fixes an issue where the block directory appears unstyled due to the stylesheets not being enqueued.

Props ryelle, timothyblynjacobs, earnjam.
Fixes #50661.
Built from https://develop.svn.wordpress.org/trunk@48537


git-svn-id: http://core.svn.wordpress.org/trunk@48299 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-21 15:38:03 +00:00
Sergey Biryukov
3cd9474d68 Block Editor: Move the add_action() call for _register_core_block_patterns_and_categories() above check_theme_switched().
Follow-up to [48492], [48531].

See #50669.
Built from https://develop.svn.wordpress.org/trunk@48533


git-svn-id: http://core.svn.wordpress.org/trunk@48295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-21 14:37:07 +00:00
Sergey Biryukov
6d207771d3 Block Editor: Move the add_action() call for _register_core_block_patterns_and_categories() to wp-includes/default-filters.php.
Follow-up to [48492].

Props desrosj.
Fixes #50669.
Built from https://develop.svn.wordpress.org/trunk@48531


git-svn-id: http://core.svn.wordpress.org/trunk@48293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-21 13:15:05 +00:00
Andrew Ozz
86317e3e85 Media: Show an error message when a .heic file is uploaded that this type of files cannot be displayed in a web browser and suggesting to convert to JPEG. The message is shown by using filters, plugins that want to handle uploading of .heic files can remove it.
Props mattheweppelsheimer, mikeschroder, jeffr0, andraganescu, desrosj, azaozz.
Fixes #42775.
Built from https://develop.svn.wordpress.org/trunk@48288


git-svn-id: http://core.svn.wordpress.org/trunk@48057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-03 23:15:03 +00:00
Sergey Biryukov
5aa7f46a4f Docs: Improve DocBlocks in wp-includes/theme.php per the documentation standards.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48189


git-svn-id: http://core.svn.wordpress.org/trunk@47958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-27 12:02:03 +00:00
TimothyBlynJacobs
9dc7058be9 Themes: Introduce register_theme_feature API.
Currently themes can declare support for a given feature by using add_theme_support(). This commit adds a register_theme_feature() API that allows plugins and WordPress Core to declare a list of available features that themes can support.

The REST API uses this to expose a theme's supported features if the feature has been registered with "show_in_rest" set to true.

Props kadamwhite, spacedmonkey, williampatton, desrosj, TimothyBlynJacobs.
Fixes #49406.

Built from https://develop.svn.wordpress.org/trunk@48171


git-svn-id: http://core.svn.wordpress.org/trunk@47940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-25 22:13:10 +00:00
desrosj
4b60af1a6a General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121


git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00
Pascal Birchler
609dd1d14f Sitemaps: Add XML sitemaps functionality to WordPress.
While web crawlers are able to discover pages from links within the site and from other sites, XML sitemaps supplement this approach by allowing crawlers to quickly and comprehensively identify all URLs included in the sitemap and learn other signals about those URLs using the associated metadata.

See https://make.wordpress.org/core/2020/06/10/merge-announcement-extensible-core-sitemaps/ for more details.

This feature exposes the sitemap index via `/wp-sitemap.xml` and exposes a variety of new filters and hooks for developers to modify the behavior. Users can disable sitemaps completely by turning off search engine visibility in WordPress admin.

This change also introduces a new `esc_xml()` function to escape strings for output in XML, as well as XML support to `wp_kses_normalize_entities()`.

Props Adrian McShane, afragen, adamsilverstein, casiepa, flixos90, garrett-eclipse, joemcgill, kburgoine, kraftbj, milana_cap, pacifika, pbiron, pfefferle, Ruxandra Gradina, swissspidy, szepeviktor, tangrufus, tweetythierry.
Fixes #50117.
See #3670. See #19998.

Built from https://develop.svn.wordpress.org/trunk@48072


git-svn-id: http://core.svn.wordpress.org/trunk@47839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-17 15:24:07 +00:00
whyisjake
2ae3b3b801 Embeds: Ensure that the title attribute is set correctly on embeds.
Props xknown.

Built from https://develop.svn.wordpress.org/trunk@47947


git-svn-id: http://core.svn.wordpress.org/trunk@47719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 17:20:10 +00:00
Sergey Biryukov
61a2f62ffd Comments: Use comment instead of an empty string for the comment_type DB field value in comments table.
This is the first step to bring support for custom comment types into WordPress.

Add a scheduled upgrade routine to update the type value for existing comments, in batches of 100 at a time.

Props imath, aaroncampbell, jeremyfelt, dshanske.
Fixes #49236.
Built from https://develop.svn.wordpress.org/trunk@47597


git-svn-id: http://core.svn.wordpress.org/trunk@47372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-17 19:35:06 +00:00
Andrew Ozz
0e38f8ed26 Media: Enable lazy-loading of images by automatically adding the new loading="lazy" attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.

Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.

Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554


git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 00:55:07 +00:00
Sergey Biryukov
dacd7a55ea Toolbar: Move the logic for rendering the admin bar on wp_footer to wp_admin_bar_render().
Clarify in the function documentation that it is now called on `wp_body_open` action first, with `wp_footer` as a fallback.

Follow-up to [47221].

Fixes #47053.
Built from https://develop.svn.wordpress.org/trunk@47455


git-svn-id: http://core.svn.wordpress.org/trunk@47242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-03-14 16:01:08 +00:00
joedolson
1dbe25bc0a Toolbar: Load toolbar in wp_body_open when available.
For accessibility, the visual appearance and source order should match. Moving the toolbar to load in the new hook `wp_body_open` (5.2) fixes a long-standing source order problem.

Props jankimoradiya, afercia, SergeyBiryukov, audrasjb, ocean90, xkon, dinhtungdu.
Fixes #47053.

Built from https://develop.svn.wordpress.org/trunk@47221


git-svn-id: http://core.svn.wordpress.org/trunk@47021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-09 18:26:08 +00:00
Sergey Biryukov
001ffe81fb Docs: Improve inline comments per the documentation standards.
Includes minor code layout fixes for better readability.

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47122


git-svn-id: http://core.svn.wordpress.org/trunk@46922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 00:45:18 +00:00
Sergey Biryukov
d858656023 Bootstrap/Load: Make handling the /favicon.ico requests more flexible.
Previously, `wp_favicon_request()` was introduced in [13205] to avoid a performance hit of serving a full 404 page on every favicon request.

While working as intended, that implementation did not provide a way for theme or plugin authors to manage the behavior of favicon requests.

This changeset implements the following logic (only applied if WordPress is installed in the root directory):

* If there is a Site Icon set in Customizer, redirect `/favicon.ico` requests to that icon.
* Otherwise, use the WordPress logo as a default icon.
* If a physical `/favicon.ico` file exists, do nothing, let the server handle the request.

Handling `/favicon.ico` is now more consistent with handling `/robots.txt` requests.

New functions and hooks:

* Introduce `is_favicon()` conditional tag to complement `is_robots()`.
* Introduce `do_favicon` action to complement `do_robots` and use it in template loader.
* Introduce `do_favicon()` function, hooked to the above action by default, to complement `do_robots()`.
* Introduce `do_faviconico` action to complement `do_robotstxt`, for plugins to override the default behavior.
* Mark `wp_favicon_request()` as deprecated in favor of `do_favicon()`.

Props jonoaldersonwp, birgire, joostdevalk, mukesh27, SergeyBiryukov.
Fixes #47398.
Built from https://develop.svn.wordpress.org/trunk@47018


git-svn-id: http://core.svn.wordpress.org/trunk@46818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-28 21:20:04 +00:00
whyisjake
317465e2fe Prevent stored XSS in the block editor.
Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.

Props: aduth, epiqueras, 

Built from https://develop.svn.wordpress.org/trunk@46896


git-svn-id: http://core.svn.wordpress.org/trunk@46696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:02:03 +00:00
Sergey Biryukov
bcd399918f Coding Standards: Correct the number of accepted arguments in add_action() calls in wp-includes/default-filters.php for functions that don't accept any arguments.
Props itowhid06, johnbillion, jrf.
Fixes #48123.
Built from https://develop.svn.wordpress.org/trunk@46432


git-svn-id: http://core.svn.wordpress.org/trunk@46230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-08 03:20:02 +00:00
Sergey Biryukov
2afdc64723 Comments: Add rel="nofollow ugc" attribute to links in comments.
UGC stands for User Generated Content, and the `ugc` attribute value is recommended for links within user generated content, such as comments and forum posts.

See https://webmasters.googleblog.com/2019/09/evolving-nofollow-new-ways-to-identify.html.

Props audrasjb, joostdevalk, dkarfa, SergeyBiryukov.
Fixes #48022.
Built from https://develop.svn.wordpress.org/trunk@46349


git-svn-id: http://core.svn.wordpress.org/trunk@46148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-30 01:30:58 +00:00
jorgefilipecosta
b7fbf7d373 Block Editor: Backport block styles server functions from block editor.
This commit backports the block styles functionality added to the block editor in https://github.com/WordPress/gutenberg/pull/16356.

Props: youknowriad, aduth, swissspidy.
Fixes #48039.
Built from https://develop.svn.wordpress.org/trunk@46111


git-svn-id: http://core.svn.wordpress.org/trunk@45923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-14 18:21:54 +00:00
Andrew Ozz
3b976836a8 Media: Add two new intermediate image sizes, 1536px and 2048px. They are meant to enhance the way WordPress displays images on the front-end on larger, high-density devices. They make it possible to generate more suitable srcset and sizes attributes, and not use the original, often non-optimized image.
Also change the default `max_srcset_image_width` value to match the new max size.

Props pierlo, azaozz.
See #43524.
Built from https://develop.svn.wordpress.org/trunk@46066


git-svn-id: http://core.svn.wordpress.org/trunk@45878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-05 22:27:58 +00:00
Sergey Biryukov
12aa694ee5 Date/Time: Introduce wp_date() to retrieve the date in localized format.
Convert `date_i18n()` into a wrapper for `wp_date()`.

`wp_date()` is intended as a replacement for `date_i18n()` without legacy quirks in it. It accepts a true Unix timestamp (not summed with timezone offset) and an arbitrary timezone.

Props Rarst, mboynes, MikeHansenMe, rmccue, nacin.
Fixes #28636.
Built from https://develop.svn.wordpress.org/trunk@45901


git-svn-id: http://core.svn.wordpress.org/trunk@45712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-28 00:52:56 +00:00
Peter Wilson
a5e57d7245 Site health: Introduce view_site_health_checks capability.
Introduces the faux primitive capability `view_site_health_checks` available to single site admins and multisite super-admin to view the site health page within the admin.

The capability is mapped to the `install_plugins` capability without being dependent on the file system being writable. This fixes a bug where the feature couldn't be used by sites unable to write to the file system or managed through version control.

The capability is granted on the `user_has_cap` filter.

Props birgire, Clorith, palmiak, peterwilsoncc, spacedmonkey.
Fixes #46957.


Built from https://develop.svn.wordpress.org/trunk@45507


git-svn-id: http://core.svn.wordpress.org/trunk@45318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-06-10 07:42:52 +00:00
Felix Arntz
3a77265148 Bootstrap/Load: Introduce a recovery mode for fixing fatal errors.
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.

When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.

A link in the admin bar allows the client to exit recovery mode.

Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes #46130, #44458.

Built from https://develop.svn.wordpress.org/trunk@44973


git-svn-id: http://core.svn.wordpress.org/trunk@44804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-21 21:53:51 +00:00
Andrea Fercia
b2ae00cd21 Accessibility: Ensure embed iframes have a title attribute.
Screen reader users rely on the iframe title attribute to describe the contents of iframes. A meaningful title attribute allows to quickly identify the iframe content, so users can determine which iframe to enter and explore in detail or skip if desired.
Note: this is the only case where a title attribute is required for compliance with the W3C Web Content Accessibility Guidelines (WCAG).

- checks for oEmbed response of type `video` or `rich`
- checks if they use an iframe
- fetches the title (if any) from the oEmbed response
- adds the title to the embed iframe

Props bamadesigner, TomHarrigan, swissspidy, jrf, afercia.
Fixes #40245.

Built from https://develop.svn.wordpress.org/trunk@44942


git-svn-id: http://core.svn.wordpress.org/trunk@44773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-20 17:22:51 +00:00
Boone Gorges
05fa2363ab Posts: Avoid the use of globals in get_the_content() and related functions.
This changeset introduces `$post` parameters to `get_the_content()` and
`wp_trim_excerpt()`. When a `$post` object is passed to one of these functions,
the functions will operate on the data from that object, rather than from the
post globals (`$authordata`, `$page`, etc). This ensures that the functions work
in a predictable manner when used outside of the regular post loop.

The global-mismatch problem is surfaced in cases where `get_the_excerpt()` is
called outside of the post loop, on posts that don't have a defined excerpt. In
these cases, the post globals - used to generate a fallback excerpt - may refer
to the incorrect object, resulting in PHP notices or other unpredictable
behavior. See #36934 for a related issue.

Props spacedmonkey, kraftbj, Shital Patel.
Fixes #42814.
Built from https://develop.svn.wordpress.org/trunk@44941


git-svn-id: http://core.svn.wordpress.org/trunk@44772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-20 15:49:49 +00:00
Peter Wilson
d9a1f99d9c Customize: Remove wp_targeted_link_rel pre-save filter from change-sets.
The pre-save filters added to links in [43732] could invalidate JSON data when saving Customizer change-sets.

This removes the filters when saving and publishing change-sets.

Props peterwilsoncc, nikeo for testing.
See #45292.


Built from https://develop.svn.wordpress.org/trunk@44714


git-svn-id: http://core.svn.wordpress.org/trunk@44545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-29 21:29:50 +00:00
desrosj
102b13cdb9 Styles: Add helper functions for loading block styles.
Blocks are able to register styles that used in the editor and the frontend, or only in the editor. These functions ensure the correct styles are loaded in the correct place.

Props pento.

Merges [43812] to trunk.

See #45065.
Built from https://develop.svn.wordpress.org/trunk@44157


git-svn-id: http://core.svn.wordpress.org/trunk@43987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-14 03:36:38 +00:00
desrosj
c2f3636e4a Blocks: Parse blocks when displaying posts.
Posts containing blocks are now correctly handled when displaying on the front end, including dynamic blocks and nested blocks.

Props pento.

Merges [43752] to trunk.

See #45109.
Built from https://develop.svn.wordpress.org/trunk@44118


git-svn-id: http://core.svn.wordpress.org/trunk@43948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 22:22:38 +00:00
desrosj
5db34748e6 Script loader: Adjust JS packages registration.
Adjusts the packages registration after [43723]:

    Combine the different registration functions into one `wp_default_packages` function. To reach this goal move the prefix logic into a function so it can be called from different locations. Use a static variable there to prevent duplicate inclusion of `version.php`.

    Call this function from the `wp_default_scripts` action by registering it as a default filter.

    Combine some of the logic in `_WP_Editors::print_tinymce_scripts` into `wp_register_tinymce_scripts`. The logic to force an uncompressed TinyMCE script file stays in `_WP_Editors::force_uncompressed_tinymce` because that logic is very specific to the classic editor.

    The script handle `wp-tinymce` is now a dependency of the editor script handle. In combination with the previous item, this makes the classic editor work.

    Adjust the syntax of the script paths to be more consistent with other WordPress code.

    Always use "production" mode for the media files to prevent people from inadvertently committing development files.

Props pento, omarreiss, atimmer.

Merges [43738] into trunk.

Fixes #45065.
Built from https://develop.svn.wordpress.org/trunk@44115


git-svn-id: http://core.svn.wordpress.org/trunk@43945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-13 17:27:38 +00:00
Jeremy Felt
2dce718157 REST API: Move object type-specific metadata integrations from the wrapper functions to the low-level Meta API functions.
Object type-specific actions that should happen before or after modification of metadata have so far been part of the respective wrapper functions. By using action and filter hooks, this changeset ensures they are always executed, even when calling the lower-level Meta API functions directly, which the REST API does as a prime example.

Merges [43729] to trunk.

Props flixos90, spacedmonkey.
Fixes #44467.

Built from https://develop.svn.wordpress.org/trunk@43982


git-svn-id: http://core.svn.wordpress.org/trunk@43814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-12 03:02:24 +00:00
Gary Pendergast
56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Sergey Biryukov
ae2b929294 Privacy: Update request confirmation notice text for clarity.
Props desrosj, melchoyce, garrett-eclipse.
Fixes #43970.
Built from https://develop.svn.wordpress.org/trunk@43232


git-svn-id: http://core.svn.wordpress.org/trunk@43061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 20:53:21 +00:00
iandunn
8af721fff8 Privacy: Replace intrusive policy update notice with menu bubbles.
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue. 

An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.

The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.

Props azaozz, xkon, iandunn.
Fixes #43954. See #43953.

Built from https://develop.svn.wordpress.org/trunk@43223


git-svn-id: http://core.svn.wordpress.org/trunk@43052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 19:52:21 +00:00
iandunn
06fd54dab6 Privacy: Notify admin via email when a request is confirmed.
Previously the admin didn't have any way to know if a pending request was ready to be processed, aside from manually checking the Export/Erase pages. Sending them an email is a much more convenient option.

Props garrett-eclipse, desrosj, iandunn.
See #43967.

Built from https://develop.svn.wordpress.org/trunk@43211


git-svn-id: http://core.svn.wordpress.org/trunk@43040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 05:00:20 +00:00
Andrew Ozz
362e9754f3 Privacy: increase filter priority of the User group in Personal Data Exports.
Props allendav desrosj.
See #43966.
Built from https://develop.svn.wordpress.org/trunk@43195


git-svn-id: http://core.svn.wordpress.org/trunk@43024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 17:12:21 +00:00
Andrew Ozz
f4e6b7a29c Privacy: add user information to the personal data export file.
Props TZ-Media, desrosj.
See #43547.

Built from https://develop.svn.wordpress.org/trunk@43055


git-svn-id: http://core.svn.wordpress.org/trunk@42884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 13:59:21 +00:00
Andrew Ozz
c77a8ed2fc Privacy: add attachments to the personal data export file.
Props allendav.
See #43883.
Built from https://develop.svn.wordpress.org/trunk@43054


git-svn-id: http://core.svn.wordpress.org/trunk@42883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 13:45:21 +00:00
iandunn
23bf0c7535 Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43046


git-svn-id: http://core.svn.wordpress.org/trunk@42875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 20:09:23 +00:00
Andrew Ozz
f1703c0e70 Privacy: update the method to confirm user requests by email. Use a single CPT to store the requests and to allow logging/audit trail.
Props mikejolley.
See #43443.

Built from https://develop.svn.wordpress.org/trunk@43008


git-svn-id: http://core.svn.wordpress.org/trunk@42837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 10:12:22 +00:00
Andrew Ozz
81668f8312 Privacy: add functionality to anonymize commenters.
Props xkon, fclaussen, allendav, birgire, azaozz.
See #43442.
Built from https://develop.svn.wordpress.org/trunk@42994


git-svn-id: http://core.svn.wordpress.org/trunk@42823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-20 12:19:21 +00:00
Andrew Ozz
3108d2ffb2 Privacy: add a postbox that is shown when editing the privacy policy page, and where plugins and core will output suggested content and additional privacy info. First run.
Props melchoyce, azaozz.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42980


git-svn-id: http://core.svn.wordpress.org/trunk@42809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-16 08:53:20 +00:00
Andrew Ozz
4fed9aa6bd Privacy: add functionality for exporting personal data from comments.
Props allendav, xkon.
Fixes #43440.
Built from https://develop.svn.wordpress.org/trunk@42888


git-svn-id: http://core.svn.wordpress.org/trunk@42718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-28 17:25:31 +00:00
Andrew Ozz
8ae59374f3 Add a checkbox to the comment form so logged out users can opt-out of commenter cookies.
Props lakenh, xkon, birgire, azaozz.
See #43436.
Built from https://develop.svn.wordpress.org/trunk@42772


git-svn-id: http://core.svn.wordpress.org/trunk@42602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 16:41:33 +00:00
Andrew Ozz
de8936588c Add pre-save content filter to make target=_blank always secure.
Props notnownikki, iseulde, azaozz
Fixes #43187
Built from https://develop.svn.wordpress.org/trunk@42770


git-svn-id: http://core.svn.wordpress.org/trunk@42600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-02 14:42:31 +00:00
Peter Wilson
a492541c35 Formatting: Do not run formatting and texturization on author bios.
Removes the formatting and texturization added to author bios in #40040 due to back-compatibility concerns.

Reverts [41172], [41173].

Props 0x6f0, rabmalin for review.
Fixes #42578.


Built from https://develop.svn.wordpress.org/trunk@42441


git-svn-id: http://core.svn.wordpress.org/trunk@42271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-13 01:11:49 +00:00