Commit Graph

38179 Commits

Author SHA1 Message Date
iandunn
9bb0e18c82 Privacy: Include wp-admin/includes/file.php to avoid fatal error.
`list_files()` is defined in `wp-admin/includes/file.php`, which is not included by `wp-cron.php`, so it needs to be included by the caller in order to avoid a fatal PHP error.

This bug was not detected during testing because the file _is_ included when executing jobs via `wp cron event run`.

Props mikejolley, iandunn.
See #43546.
See https://wordpress.slack.com/archives/C9695RJBW/p1525190405000860.

Built from https://develop.svn.wordpress.org/trunk@43059


git-svn-id: http://core.svn.wordpress.org/trunk@42888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 17:43:22 +00:00
Andrew Ozz
e0d2de94e7 Privacy: docs fixes and improvements for wp_comments_personal_data_exporter().
Props desrosj.
See #43440.
Built from https://develop.svn.wordpress.org/trunk@43058


git-svn-id: http://core.svn.wordpress.org/trunk@42887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 17:18:21 +00:00
Andrew Ozz
2aa8414d09 Privacy: make the emails in export and erasure list-tables clickable.
Props birgire.
See #43911.
Built from https://develop.svn.wordpress.org/trunk@43057


git-svn-id: http://core.svn.wordpress.org/trunk@42886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 17:12:22 +00:00
Andrew Ozz
3266b10d04 Privacy: add "Mine" filter for media similarly to posts and comments.
Props audrasjb.
See #43820.
Built from https://develop.svn.wordpress.org/trunk@43056


git-svn-id: http://core.svn.wordpress.org/trunk@42885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 15:43:22 +00:00
Andrew Ozz
f4e6b7a29c Privacy: add user information to the personal data export file.
Props TZ-Media, desrosj.
See #43547.

Built from https://develop.svn.wordpress.org/trunk@43055


git-svn-id: http://core.svn.wordpress.org/trunk@42884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 13:59:21 +00:00
Andrew Ozz
c77a8ed2fc Privacy: add attachments to the personal data export file.
Props allendav.
See #43883.
Built from https://develop.svn.wordpress.org/trunk@43054


git-svn-id: http://core.svn.wordpress.org/trunk@42883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 13:45:21 +00:00
Andrew Ozz
5133e5131b Privacy: fix and improve the help text about adding a privacy policy page.
Props idea15, xkon.
See #43435.
Built from https://develop.svn.wordpress.org/trunk@43053


git-svn-id: http://core.svn.wordpress.org/trunk@42882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 11:43:22 +00:00
Andrew Ozz
237df3367b Privacy: only fold the sections in the privacy policy poxtbox when more than one.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43052


git-svn-id: http://core.svn.wordpress.org/trunk@42881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 09:48:21 +00:00
iandunn
b4290211f4 Bundled Themes: Add link to privacy policy page in footer.
If a privacy policy has been set, then a link to it will automatically be shown in the footer.

The element containing the "Proudly powered by WordPress" link was chosen for the new policy link, in order to minimize visual conflicts with custom CSS that was written before the new link existed. Unfortunately, some minor conflicts are expected and unavoidable. Adding this link is required as part of GDPR compliance, and the benefits outweigh the downsides. 

To further mitigate the conflicts, a new `imprint` class was added to the "Proudly powered..." link, in order to facilitate targeting each link invididually with custom styles.

Props xkon, laurelfulford, birgire, azaozz, iandunn.
See #43715.

Built from https://develop.svn.wordpress.org/trunk@43051


git-svn-id: http://core.svn.wordpress.org/trunk@42880 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 06:28:21 +00:00
Peter Wilson
2e43234f3f Cron API: Return meaningful values from cron functions.
Return values added to Cron API functions to indicate outcome:

* `wp_schedule_single_event()`, `wp_schedule_event()`, `wp_reschedule_event()` and `wp_unschedule_event()`: boolean indicating success or failure,
* `wp_clear_scheduled_hook()`: integer indicating number of jobs cleared (zero or more), `false` if one or more jobs fail to clear,
* `wp_unschedule_hook()`: integer indicating number of jobs cleared (zero or more), `false` if the jobs fail to clear,
* `spawn_cron()`: boolean indicating whether job spawned,
* `wp_cron()`: integer indicating number of jobs spawned (zero or more), `false` if one or more jobs fail to spawned,
* `_set_cron_array()`: boolean outcome of `update_option()`.

Props evansolomon, jrf, peterwilsoncc, pento for code review.
Fixes #21072.


Built from https://develop.svn.wordpress.org/trunk@43050


git-svn-id: http://core.svn.wordpress.org/trunk@42879 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 02:05:23 +00:00
Boone Gorges
0dc6bd7c04 Taxonomy: Ensure that invalid term objects are discarded in WP_Term_Query.
The `get_term()` mapping may result in term objects that are `null` or
`WP_Error` when plugins use `get_term` or a related filter. Since `null`
and error objects are not valid results for a term query, we discard
them.

Props GM_Alex.
See #42691.
Built from https://develop.svn.wordpress.org/trunk@43049


git-svn-id: http://core.svn.wordpress.org/trunk@42878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 21:08:22 +00:00
Andrew Ozz
d1ab641d16 Privacy: edits and improvements for the default text for a privacy policy.
Props idea15, allendav.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43048


git-svn-id: http://core.svn.wordpress.org/trunk@42877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 21:06:21 +00:00
iandunn
9abc0fe73e Privacy: Add wp_privacy_personal_data_export_file_created filter.
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.

See #43546.

Built from https://develop.svn.wordpress.org/trunk@43047


git-svn-id: http://core.svn.wordpress.org/trunk@42876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 21:04:22 +00:00
iandunn
23bf0c7535 Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43046


git-svn-id: http://core.svn.wordpress.org/trunk@42875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 20:09:23 +00:00
iandunn
5b4aa26436 Privacy: Use a CSPRNG in export filenames for more security.
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.

See #43546.

Built from https://develop.svn.wordpress.org/trunk@43045


git-svn-id: http://core.svn.wordpress.org/trunk@42874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 18:53:25 +00:00
Andrew Ozz
c21c4e25b3 Privacy: add default text for a privacy policy. First run.
Props xkon, idea15, allendav, azaozz.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43044


git-svn-id: http://core.svn.wordpress.org/trunk@42873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 14:47:21 +00:00
John Blackbourn
d488e773b0 Docs: Update the inline docs for is_protected_meta().
See #42505

Built from https://develop.svn.wordpress.org/trunk@43043


git-svn-id: http://core.svn.wordpress.org/trunk@42872 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 14:39:21 +00:00
John Blackbourn
cf02373b39 Comments: Update the inline docs following [42772].
See #43436

Built from https://develop.svn.wordpress.org/trunk@43042


git-svn-id: http://core.svn.wordpress.org/trunk@42871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 13:10:20 +00:00
Andrea Fercia
eac393b6f1 Coding standards: Change a few occurrences of font weight 700 to 600 in multisite signup and activate.
Props chetan200891.
Amends [43018].
See #43897.

Built from https://develop.svn.wordpress.org/trunk@43041


git-svn-id: http://core.svn.wordpress.org/trunk@42870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 07:05:21 +00:00
Sergey Biryukov
4b6794ba57 Themes: Avoid a PHP 7.2 warning in get_theme_roots() when $wp_theme_directories is an uncountable value.
See [41174] for `wp_get_themes()` and `get_raw_theme_root()`.

Props burlingtonbytes, teddytime, lbenicio, desrosj.
Fixes #43374. See #40109.
Built from https://develop.svn.wordpress.org/trunk@43039


git-svn-id: http://core.svn.wordpress.org/trunk@42868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 04:51:22 +00:00
Sergey Biryukov
94cbb2a3f6 General: Introduce a polyfill for is_iterable() function added in PHP 7.1.
Props jrf, schlessera, desrosj.
See #43619.
Built from https://develop.svn.wordpress.org/trunk@43036


git-svn-id: http://core.svn.wordpress.org/trunk@42865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 04:15:21 +00:00
Sergey Biryukov
5813ccec07 General: Introduce a polyfill for is_countable() function added in PHP 7.3.
Props jrf, ayeshrajans, desrosj.
See #43583.
Built from https://develop.svn.wordpress.org/trunk@43034


git-svn-id: http://core.svn.wordpress.org/trunk@42863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 03:43:21 +00:00
Sergey Biryukov
70a214c186 Help/About: Move "Get involved" link on Credits screen to the top of the page for better visibility.
Props bridgetwillard, desrosj.
See #23348.
Built from https://develop.svn.wordpress.org/trunk@43032


git-svn-id: http://core.svn.wordpress.org/trunk@42861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 03:16:22 +00:00
Sergey Biryukov
bc5a539c4d Login and Registration: Send nocache_headers() on Multisite signup pages.
Props herregroen.
Fixes #43843.
Built from https://develop.svn.wordpress.org/trunk@43030


git-svn-id: http://core.svn.wordpress.org/trunk@42859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 23:05:21 +00:00
Sergey Biryukov
95071b2ea1 Docs: Update @since version for theme_templates filter added in [43025].
See #43872.
Built from https://develop.svn.wordpress.org/trunk@43027


git-svn-id: http://core.svn.wordpress.org/trunk@42856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 22:42:22 +00:00
Sergey Biryukov
0c071471d6 Themes: Introduce theme_templates filter for page templates of all post types.
This complements the `theme_{$post_type}_templates` dynamic filter added in [38951].

Props desrosj.
Fixes #43872.
Built from https://develop.svn.wordpress.org/trunk@43025


git-svn-id: http://core.svn.wordpress.org/trunk@42854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 22:18:22 +00:00
Sergey Biryukov
00ae0a1097 Docs: Remove backtick-escaping around a core function in the hook docs for the pre_prepare_themes_for_js filter.
This allows the function to be auto-linked in the Developer Reference. Added in [42877].

See #42505.
Built from https://develop.svn.wordpress.org/trunk@43024


git-svn-id: http://core.svn.wordpress.org/trunk@42853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 21:47:22 +00:00
Sergey Biryukov
f8177e3a73 Docs: Remove backtick-escaping around a core function in the hook docs for the comment_form_submit_button filter.
This allows the function to be auto-linked in the Developer Reference. See [32037] for `comment_form_submit_field`.

See #42505, #31888.
Built from https://develop.svn.wordpress.org/trunk@43023


git-svn-id: http://core.svn.wordpress.org/trunk@42852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 21:44:22 +00:00
Sergey Biryukov
9a8f48c9bc Docs: Add missing verb in is_admin(), is_blog_admin(), is_network_admin(), is_user_admin() descriptions.
See #42505.
Built from https://develop.svn.wordpress.org/trunk@43022


git-svn-id: http://core.svn.wordpress.org/trunk@42851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 21:14:22 +00:00
Andrea Fercia
e663af477a Coding standards: Change one occurrence of font weight 700 to 600.
Props chetan200891.
Amends [43018].
See #43897.

Built from https://develop.svn.wordpress.org/trunk@43021


git-svn-id: http://core.svn.wordpress.org/trunk@42850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 18:04:21 +00:00
Andrea Fercia
2e8149064e Accessibility: Improve the Themes Installer navigation buttons accessibility.
- really disables buttons when they look disabled (when navigation is at the first or last theme)
- when navigation is at the first or last theme, moves focus to the other navigation button, to avoid a focus loss
- improves the buttons visually hidden accessibility text

Props walbo, afercia.
Fixes #36627.

Built from https://develop.svn.wordpress.org/trunk@43020


git-svn-id: http://core.svn.wordpress.org/trunk@42849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 17:04:22 +00:00
Andrea Fercia
8d9f1ae0d5 Accessibility: Better color contrast for the tables pagination links.
By making the pagination links use the default style for buttons, color contrast
is improved and the CSS is simplified. Improves consistency with other UI controls.
Also, slightly increases the white space below the pagination links.

Props benoitchantre, afercia.
Fixes #41858.

Built from https://develop.svn.wordpress.org/trunk@43019


git-svn-id: http://core.svn.wordpress.org/trunk@42848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 16:25:21 +00:00
Andrea Fercia
26e91765eb Coding standards: Use numeric font weights instead of keywords.
Fixes #43897.

Built from https://develop.svn.wordpress.org/trunk@43018


git-svn-id: http://core.svn.wordpress.org/trunk@42847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 11:37:21 +00:00
John Blackbourn
e2719c4e90 Docs: Correct the possible return types for the wpdb::query() method.
Props isabel104

See #42505

Built from https://develop.svn.wordpress.org/trunk@43017


git-svn-id: http://core.svn.wordpress.org/trunk@42846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 14:44:23 +00:00
John Blackbourn
4ccca7a835 Formatting: Begin the process of improving the docs for KSES related functions.
See #33801

Built from https://develop.svn.wordpress.org/trunk@43016


git-svn-id: http://core.svn.wordpress.org/trunk@42845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 13:58:21 +00:00
Andrew Ozz
3677e99e4b Privacy: fix unit tests after [43012].
Props iandunn.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43015


git-svn-id: http://core.svn.wordpress.org/trunk@42844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 12:11:21 +00:00
Andrew Ozz
bfc9c2f469 Fix docs and white space.
Props desrosj.
See #43443.
Built from https://develop.svn.wordpress.org/trunk@43014


git-svn-id: http://core.svn.wordpress.org/trunk@42843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 12:04:21 +00:00
John Blackbourn
666887f974 Build/Test Tools: Don't trigger the global variable override PHPCS sniff for core.
Props jrf

Fixes #43776

Built from https://develop.svn.wordpress.org/trunk@43013


git-svn-id: http://core.svn.wordpress.org/trunk@42842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 00:45:20 +00:00
Andrew Ozz
b044b4053e Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run.
Props allendav.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43012


git-svn-id: http://core.svn.wordpress.org/trunk@42841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 19:54:21 +00:00
Andrew Ozz
e9eb7518c0 Privacy: update and enhance the method to confirm user requests by email. Introduce WP_User_Request to hold all request vars similarly to WP_Post.
Props mikejolley.
See #43443.

Built from https://develop.svn.wordpress.org/trunk@43011


git-svn-id: http://core.svn.wordpress.org/trunk@42840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 17:31:22 +00:00
Felix Arntz
af6704edad Multisite: Add meta query functionality to WP_Site_Query.
After the introduction of site metadata in [42836], it should be possible to query sites by that data.

Fixes #40229.

Built from https://develop.svn.wordpress.org/trunk@43010


git-svn-id: http://core.svn.wordpress.org/trunk@42839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 11:41:22 +00:00
Felix Arntz
a11d2f6a76 Bootstrap: Load class-wp-meta-query.php earlier in wp-settings.php.
This change is necessary to enable multisite-specific meta query functionality during the multisite bootstrap process.

Fixes #40948. See #40229.

Built from https://develop.svn.wordpress.org/trunk@43009


git-svn-id: http://core.svn.wordpress.org/trunk@42838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 11:37:21 +00:00
Andrew Ozz
f1703c0e70 Privacy: update the method to confirm user requests by email. Use a single CPT to store the requests and to allow logging/audit trail.
Props mikejolley.
See #43443.

Built from https://develop.svn.wordpress.org/trunk@43008


git-svn-id: http://core.svn.wordpress.org/trunk@42837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 10:12:22 +00:00
Gary Pendergast
52d0b2f982 REST API: Include viewable attribute on Post Type resource for edit context
For the block editor to be able to expose the Preview button correctly, it needs to know the `is_post_type_viewable()` setting, this change adds it to the Post Type response.

Props danielbachhuber.
Fixes #43739.


Built from https://develop.svn.wordpress.org/trunk@43007


git-svn-id: http://core.svn.wordpress.org/trunk@42836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 03:06:21 +00:00
Felix Arntz
6b2e34f703 General: Implement editorial, design and accessibility feedback for the PHP version nag.
The updated version of the nag is shorter, more on point and less aggressive than the previous one. It integrates better with the other dashboard widgets and fixes several accessibility concerns. A yellow warning color is used when the current PHP version is outdated, a red error color is used when it is also insecure.

Props afercia, birgire, danieltj, flixos90, johnjamesjacoby, karmatosed, Luciano Croce, nerrad, pento, schlessera, SergeyBiryukov, sonjaleix.

Fixes #41191.

Built from https://develop.svn.wordpress.org/trunk@43006


git-svn-id: http://core.svn.wordpress.org/trunk@42835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-26 14:31:24 +00:00
Felix Arntz
603c91b3bc Tests: Skip multisite-only or single site-only tests correctly based on test doc annotations.
Without the `ms-required` and `ms-excluded` groups being marked as excluded in the PHPUnit configurations for the project, those groups were still executed, causing fatal errors. Checking against the groups in the correct structure of the array returned from PHPUnit's `Testcase::getAnnotations()` ensures that those tests are skipped properly.

Fixes #43863.

Built from https://develop.svn.wordpress.org/trunk@43005


git-svn-id: http://core.svn.wordpress.org/trunk@42834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 22:38:21 +00:00
Ella Iseulde Van Dorpe
6e215cae48 TinyMCE: Update to 4.7.11
Built from https://develop.svn.wordpress.org/trunk@43004


git-svn-id: http://core.svn.wordpress.org/trunk@42833 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 22:35:21 +00:00
Andrew Ozz
41a82d6078 Privacy: add better docs for wp_add_privacy_policy_content() and WP_Privacy_Policy_Content::add().
See #43620.
Built from https://develop.svn.wordpress.org/trunk@43003


git-svn-id: http://core.svn.wordpress.org/trunk@42832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 18:10:21 +00:00
iandunn
c9c3c61a53 Privacy: Add template tags for building link to privacy policy page.
This introduces the `get_the_privacy_policy_link()` and `the_privacy_policy_link()` functions, as well as the `privacy_policy_url` filter.

A new `tests/url/` folder was added to better organize tests related to `get_*_url()` functions. Previously, those tests were placed in `tests/url.php` and `tests/link/`, but neither of those locations are optimal. Placing tests in `tests/url.php` violates the guideline of creating separate files/classes for each function under test, and using `tests/link/` conflates two distinct -- albeit related -- groups of functions. Over time, URL-related tests can be migrated to the new folder.

Props birgire, xkon, azaozz, iandunn.
See #43850.

Built from https://develop.svn.wordpress.org/trunk@43002


git-svn-id: http://core.svn.wordpress.org/trunk@42831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 15:55:21 +00:00
Gary Pendergast
41968f7ea9 REST API: Add who=authors as a query parameter for GET wp/v2/users.
Any WordPress user who can `edit_posts` of a post type with `show_in_rest=true` can query for authors. This maps to current WordPress behavior where a WordPress user who can view the Manage Posts view for a post type can see any WordPress user assigned to a post (whether published or draft).

This implementation, over restricting `who=authors` to users with `list_users`, gives us future flexibility in displaying lists of posts. It still respects more restrictive permissions for `context=edit`.

Props danielbachhuber.
Fixes #42202.


Built from https://develop.svn.wordpress.org/trunk@43001


git-svn-id: http://core.svn.wordpress.org/trunk@42830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 13:06:21 +00:00