Commit Graph

12198 Commits

Author SHA1 Message Date
Andrew Ozz
b1330814e2 Privacy: Add $request to $email_data to make it available to all filters.
Props desrosj.
Fixes #44379.
Built from https://develop.svn.wordpress.org/trunk@43477


git-svn-id: http://core.svn.wordpress.org/trunk@43304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 13:53:25 +00:00
Andrew Ozz
04b8839454 Privacy: Add filter for the subject of the erasure complete notification emails.
Props desrosj.
Fixes #44265.
Built from https://develop.svn.wordpress.org/trunk@43475


git-svn-id: http://core.svn.wordpress.org/trunk@43302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 13:42:25 +00:00
Andrew Ozz
323a5a2dc8 Privacy: Fix tests after [43467].
See #44141.

Built from https://develop.svn.wordpress.org/trunk@43471


git-svn-id: http://core.svn.wordpress.org/trunk@43298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 09:58:24 +00:00
Andrew Ozz
3b3542fe15 Privacy: Add a setting to disable comment cookie consent.
Fixes #44373.
Built from https://develop.svn.wordpress.org/trunk@43469


git-svn-id: http://core.svn.wordpress.org/trunk@43296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 09:08:26 +00:00
Andrew Ozz
cc1bfb1e55 Privacy: Don't replace comment author URL and email with anything.
Props TZ-Media, desrosj, birgire.
Fixes #44141.
Built from https://develop.svn.wordpress.org/trunk@43467


git-svn-id: http://core.svn.wordpress.org/trunk@43294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 09:00:25 +00:00
Gary Pendergast
46fa15291f Streams: Return early from wp_is_stream() for paths that aren't streams.
Some versions of PHP appear to have a memory leak that is occasionally triggered by calling `stream_get_wrappers()`. In order to avoid calling this, we can return early from `wp_is_stream()` when `$path` doesn't contain `://`.

Props pbiron, JPry, dontstealmyfish.
Fixes #44532.


Built from https://develop.svn.wordpress.org/trunk@43466


git-svn-id: http://core.svn.wordpress.org/trunk@43293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 07:54:25 +00:00
Gary Pendergast
0e5e77a895 Privacy: Remove some unnecessary code comments.
[42967] introduced some WPCS-related comments, probably accidentally saved by an IDE.

Props burhandodhy.
Fixes #44590.


Built from https://develop.svn.wordpress.org/trunk@43465


git-svn-id: http://core.svn.wordpress.org/trunk@43292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 07:43:24 +00:00
Gary Pendergast
7c696fbed2 Editor: Use apply_filters_deprecated() for some deprecated filters.
The `htmledit_pre` and `richedit_pre` filters have been deprecated since 4.3.0, since before `apply_filters_deprecated()` existed. They're now correctly run using `apply_filters_deprecated()`.

Props sebastienthivinfocom, lbenicio, ianbelanger.
Fixes #44341.


Built from https://develop.svn.wordpress.org/trunk@43464


git-svn-id: http://core.svn.wordpress.org/trunk@43291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 07:38:24 +00:00
Gary Pendergast
c173331dc4 REST API: Fix some incorrect @since tags.
[43437] included some new methods, which were incorrectly tagged as being `@since 4.9.7`. This updates them to `4.9.8`.

Props danielbachhuber.
Fixes 44287.


Built from https://develop.svn.wordpress.org/trunk@43463


git-svn-id: http://core.svn.wordpress.org/trunk@43290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 07:27:25 +00:00
Gary Pendergast
17899c1932 REST API: Attachments controller should respect upload limits.
When the REST API is in use on WordPress multisite, the `WP_REST_Attachments_Controller` should respect the "Max upload file size" and "Site upload space" site options.

Props flixos90, danielbachhuber.
Fixes #43751.


Built from https://develop.svn.wordpress.org/trunk@43462


git-svn-id: http://core.svn.wordpress.org/trunk@43289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 07:22:29 +00:00
Sergey Biryukov
be92bbbbbb Docs: Change @since entry for add_inline_data action added in [42676] to 4.9.8.
See #36085.
Built from https://develop.svn.wordpress.org/trunk@43460


git-svn-id: http://core.svn.wordpress.org/trunk@43287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 15:27:25 +00:00
Sergey Biryukov
cf4f8d8737 Login and Registration: Set a better default value for $wp_error parameter in login_header().
To prevent someone from passing a string (which would not be added to a new `WP_Error` instance), check for `is_wp_error()` explicitly.

Props desrosj, chetan200891, spyderbytes, lbenicio, sebastien@thivinfo.com, abdullahramzan.
Fixes #44052.
Built from https://develop.svn.wordpress.org/trunk@43457


git-svn-id: http://core.svn.wordpress.org/trunk@43284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 14:10:26 +00:00
Sergey Biryukov
4faf05ca6a Privacy: Change @since entry for _wp_privacy_settings_filter_draft_page_titles() added in [43376] to 4.9.8.
See #44100.
Built from https://develop.svn.wordpress.org/trunk@43454


git-svn-id: http://core.svn.wordpress.org/trunk@43281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:48:25 +00:00
Sergey Biryukov
357a663899 Privacy: Change @since entry for user_request_confirmed_email_subject filter added in [43373] to 4.9.8.
See #44382.
Built from https://develop.svn.wordpress.org/trunk@43451


git-svn-id: http://core.svn.wordpress.org/trunk@43278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 12:12:25 +00:00
Andrew Ozz
26ca877782 TinyMCE: update to 4.8.0, changelog: https://www.tiny.cloud/docs/changelog/#version480july112018
Fixes #44134.
Built from https://develop.svn.wordpress.org/trunk@43447


git-svn-id: http://core.svn.wordpress.org/trunk@43274 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 08:07:26 +00:00
Aaron Jorbin
691dc59ad3 Privacy: Silence is golden and invisible.
"Be more discrete." declared matt in [3155], and since then, "Silence is Golden" has been the calling card of placeholder index files. Historically, these have been php files, but [43012] changed that and added index.html files for privacy export generated folders.

The php silence files produce no visible content. This adds consistency with these new html files in that there will be no visible content. Silence will fall when the question is asked.

Fixes #44195.
Props audrasjb, rafsuntaskin, Ov3rfly, johnbillion, pento


Built from https://develop.svn.wordpress.org/trunk@43446


git-svn-id: http://core.svn.wordpress.org/trunk@43273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-15 23:39:27 +00:00
Gary Pendergast
7216f9e623 REST API: Update the test fixture generator following [43439]
As [43439] added data that contains object IDs, it can cause `wp-api-generated.js` to be unnecessarily regenerated.

Regenerating our list of fixtures that need normalising rectifies this.

See #44321.


Built from https://develop.svn.wordpress.org/trunk@43441


git-svn-id: http://core.svn.wordpress.org/trunk@43268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 04:46:25 +00:00
Gary Pendergast
fd6f50e86f REST API: Tweak permission checks for taxonomy and term endpoints
To match behaviour in the Classic Editor, we need to slightly loosen permissions on taxonomy and term endpoints. This allows users to create terms to assign to a post that they're editing.

Props danielbachhuber.
Fixes #44096.


Built from https://develop.svn.wordpress.org/trunk@43440


git-svn-id: http://core.svn.wordpress.org/trunk@43267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 04:24:25 +00:00
Gary Pendergast
2f803422fa REST API: Expose revision count and last revision ID on Post response
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.

Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs.
Fixes #44321.


Built from https://develop.svn.wordpress.org/trunk@43439


git-svn-id: http://core.svn.wordpress.org/trunk@43266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 04:07:24 +00:00
Gary Pendergast
0ba364411d REST API: Declare user capabilities using JSON Hyper Schema's "targetSchema".
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.

Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.

This change also includes flags on post objects for the following actions:

- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.

Props TimothyBlynJacobs, danielbachhuber.
Fixes #44287.


Built from https://develop.svn.wordpress.org/trunk@43437


git-svn-id: http://core.svn.wordpress.org/trunk@43264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-11 06:23:27 +00:00
Sergey Biryukov
632d61cead Plugins: Disable "Install Now" button for plugins that require a higher version of PHP or WordPress.
Display a notice with an explanation and the steps required to resolve the issue.

Props afragen, schlessera, flixos90, nerrad, melchoyce, boemedia, hedgefield, joyously, johnalarcon, lakenh, afercia, acirujano, ibantxillo, SergeyBiryukov.
Fixes #43986.
Built from https://develop.svn.wordpress.org/trunk@43436


git-svn-id: http://core.svn.wordpress.org/trunk@43263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-09 13:45:25 +00:00
Felix Arntz
9768bde3c4 Privacy: Fix a further inconsistency of site name and URL usage in notification emails.
This is a follow-up to [43388].

Props desrosj.
Fixes #44396.

Built from https://develop.svn.wordpress.org/trunk@43435


git-svn-id: http://core.svn.wordpress.org/trunk@43262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-08 13:55:28 +00:00
John Blackbourn
60252611be Date/Time: Add support for the c and r shorthand formats in date_i18n().
Props Rarst, pbearne

Fixes #20973

Built from https://develop.svn.wordpress.org/trunk@43434


git-svn-id: http://core.svn.wordpress.org/trunk@43261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 23:10:25 +00:00
John Blackbourn
4c2fcf36a3 Media: Update the @since tag for wp_normalize_path() as this has been backported to th 3.9 (and all other) branches.
See #42837

Built from https://develop.svn.wordpress.org/trunk@43406


git-svn-id: http://core.svn.wordpress.org/trunk@43234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 15:21:25 +00:00
John Blackbourn
c9dce0606b Media: Limit thumbnail file deletions to the same directory as the original file.
Built from https://develop.svn.wordpress.org/trunk@43392


git-svn-id: http://core.svn.wordpress.org/trunk@43220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 14:32:25 +00:00
atimmer
44b8c2e36b Docs: Fix default values for customize/controls.js.
The old values cannot be parsed by JSDoc.

Props herregroen.
Fixes #44520.

Built from https://develop.svn.wordpress.org/trunk@43391


git-svn-id: http://core.svn.wordpress.org/trunk@43219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 14:07:24 +00:00
Felix Arntz
5f461574e8 Tests: Fix failing test after [43388].
Fixes #44396.

Built from https://develop.svn.wordpress.org/trunk@43390


git-svn-id: http://core.svn.wordpress.org/trunk@43218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 08:53:25 +00:00
Felix Arntz
46589d1578 Date/Time: Fix usage of $gmt parameter in date_i18n() and clarify its behavior.
The docs for `date_i18n()` and its filter now correctly state that the `$gmt` parameter is only taken into account if no timestamp is provided. Furthermore, a bug with that parameter is fixed, as it is now ensured that the timezone used with it is `UTC`.

Props Rarst.
Fixes #38771.

Built from https://develop.svn.wordpress.org/trunk@43389


git-svn-id: http://core.svn.wordpress.org/trunk@43217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-04 23:43:25 +00:00
Felix Arntz
057b221af7 Privacy: Use consistent values for the site name and URL used in notification emails.
The functions `send_confirmation_on_profile_email()`, `_wp_privacy_send_request_confirmation_notification()`, `_wp_privacy_send_erasure_fulfillment_notification()`, and `wp_send_user_request()` all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded.

Props subrataemfluence, desrosj.
Fixes #44396.

Built from https://develop.svn.wordpress.org/trunk@43388


git-svn-id: http://core.svn.wordpress.org/trunk@43216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-03 17:00:25 +00:00
Felix Arntz
dc036d5333 Date/Time: Add support for gmt_offset to date_i18n().
Prior to this change, `date_i18n()` only supported the `timezone_string` option, causing incorrect timezones to appear in formatted dates on sites that still rely on the `gmt_offset` option.

Props Rarst.
Fixes #34835.

Built from https://develop.svn.wordpress.org/trunk@43387


git-svn-id: http://core.svn.wordpress.org/trunk@43215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-03 15:59:25 +00:00
Felix Arntz
b76a714bba Taxonomy: Introduce is_taxonomy_viewable().
This utility function allows for easy detection whether terms for a taxonomy are considered publicly viewable.

Props andizer.
Fixes #44466.

Built from https://develop.svn.wordpress.org/trunk@43386


git-svn-id: http://core.svn.wordpress.org/trunk@43214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-03 10:29:28 +00:00
Sergey Biryukov
efafeed66c Docs: Add missing backtick in delete_metadata() DocBlock.
Props dilipbheda, cliffpaulick.
Fixes #44433.
Built from https://develop.svn.wordpress.org/trunk@43385


git-svn-id: http://core.svn.wordpress.org/trunk@43213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-02 17:58:27 +00:00
Sergey Biryukov
99e3bb9077 Date/Time: Simplify mysql_to_rfc3339().
Erasing timezone with a regular expression is redundant, the date could be just formatted in the respective format instead.

Props Rarst.
Fixes #42542.
Built from https://develop.svn.wordpress.org/trunk@43384


git-svn-id: http://core.svn.wordpress.org/trunk@43212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:45:53 +00:00
Sergey Biryukov
67716d1367 Docs: Correct description for mysql_to_rfc3339().
Despite historical function name, the output does not conform to RFC3339 format, which must contain timezone.

Props Rarst.
See #42542.
Built from https://develop.svn.wordpress.org/trunk@43383


git-svn-id: http://core.svn.wordpress.org/trunk@43211 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:45:29 +00:00
Felix Arntz
76c25aa14b Multisite: Count users in a more performant way when listing sites in the network admin.
Props spacedmonkey.
Fixes #44368.

Built from https://develop.svn.wordpress.org/trunk@43382


git-svn-id: http://core.svn.wordpress.org/trunk@43210 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:45:03 +00:00
Felix Arntz
e350e822f8 Role/Capability: Rename upgrade_php capability to more suitable update_php.
This brings the name in line with user-facing language and similar names of existing related capabilities. Since the capability has not been part of any WordPress release, it can be renamed without any backward-compatibility implications.

Also missing props benhuberman for [43006].

Fixes #44457.

Built from https://develop.svn.wordpress.org/trunk@43381


git-svn-id: http://core.svn.wordpress.org/trunk@43209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:44:38 +00:00
Sergey Biryukov
b98ef36c97 Docs: Improve documentation for date_i18n()'s second argument.
Despite previously being labeled as a Unix timestamp, in reality it's a sum of Unix timestamp and timezone offset in seconds.

Props Rarst.
See #38771.
Built from https://develop.svn.wordpress.org/trunk@43380


git-svn-id: http://core.svn.wordpress.org/trunk@43208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:44:12 +00:00
Andrew Ozz
be6aa715fe Privacy: use wp_login_url() for the link in the user confirmation email.
Props desrosj, usmankhalid.
Fixes #44353.
Built from https://develop.svn.wordpress.org/trunk@43379


git-svn-id: http://core.svn.wordpress.org/trunk@43207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:43:47 +00:00
K. Adam White
a89c86c711 REST API: Support meta registration for specific object subtypes.
Introduce an `object_subtype` argument to the args array for `register_meta()` which can be used to limit meta registration to a single subtype (e.g. a custom post type or taxonomy, vs all posts or taxonomies).

Introduce `register_post_meta()` and `register_term_meta()` wrapper methods for `register_meta` to provide a convenient interface for the common case of registering meta for a specific taxonomy or post type. These methods work the way plugin developers have often expected `register_meta` to function, and should be used in place of direct `register_meta` where possible.

Props flixos90, tharsheblows, spacedmonkey.
Fixes #38323.


Built from https://develop.svn.wordpress.org/trunk@43378


git-svn-id: http://core.svn.wordpress.org/trunk@43206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:43:21 +00:00
Gary Pendergast
0db068da94 Emoji: Update Twemoji to version 11.0.
{U+01F9B9}

Props kraftbj,
Fixes #44339.


Built from https://develop.svn.wordpress.org/trunk@43377


git-svn-id: http://core.svn.wordpress.org/trunk@43205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:42:55 +00:00
Andrew Ozz
7e9be993e6 Privacy: append (Draft) to draft page titles in the page drop-down on the Privacy Settings screen.
Props allendav, desrosj.
Fixes #44100.
Built from https://develop.svn.wordpress.org/trunk@43376


git-svn-id: http://core.svn.wordpress.org/trunk@43204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:42:29 +00:00
Andrew Ozz
3ce87b62f9 Privacy: add user request type to the admin notification email subject.
Props birgire, desrosj.
Fixes #44099.
Built from https://develop.svn.wordpress.org/trunk@43375


git-svn-id: http://core.svn.wordpress.org/trunk@43203 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:42:03 +00:00
Andrew Ozz
2afe7146c8 Privacy: on the Privacy Settings screen change view to preview when a draft page is selected for the privacy policy.
Props garrett-eclipse, desrosj.
Fixes #44131.
Built from https://develop.svn.wordpress.org/trunk@43374


git-svn-id: http://core.svn.wordpress.org/trunk@43202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:41:37 +00:00
Andrew Ozz
ac269e570e Privacy: filter the email subject in _wp_privacy_send_request_confirmation_notification().
Props garrett-eclipse, birgire, desrosj.
Fixes #44382.
Built from https://develop.svn.wordpress.org/trunk@43373


git-svn-id: http://core.svn.wordpress.org/trunk@43201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:41:13 +00:00
Andrew Ozz
cefaaa0b51 Privacy: add esc_html to assertion in test_wp_comments_personal_data_exporter.
Props mermel, 1naveengiri.
Fixes #44113.
Built from https://develop.svn.wordpress.org/trunk@43371


git-svn-id: http://core.svn.wordpress.org/trunk@43199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:40:21 +00:00
Andrew Ozz
b363ace996 Privacy: do not show the comment cookies opt-in checkbox (on the front-end comments form) when comment cookies are disabled.
Props felipeelia, johnbillion.
Fixes #44342.
Built from https://develop.svn.wordpress.org/trunk@43370


git-svn-id: http://core.svn.wordpress.org/trunk@43198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:39:57 +00:00
John Blackbourn
ef97b99f66 Build/Test Tools: Introduce support for a WP_TESTS_CONFIG_FILE_PATH constant to override the test suite config file location.
This can be used in phpunit.xml:

{{{
<php>
	<const name="WP_TESTS_CONFIG_FILE_PATH" value="/path/to/wp-tests-config.php" />
</php>
}}}

Props clarinetlord

Fixes #39734

Built from https://develop.svn.wordpress.org/trunk@43369


git-svn-id: http://core.svn.wordpress.org/trunk@43197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:39:31 +00:00
John Blackbourn
0aa2902436 Security: Harden the random aspect of the hash used for user profile and admin email address changes.
Props BjornW

Fixes #43771

Built from https://develop.svn.wordpress.org/trunk@43367


git-svn-id: http://core.svn.wordpress.org/trunk@43195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:38:43 +00:00
John Blackbourn
35ca5f61f8 Options, Meta APIs: Use the correct escaping function when outputting the meta box context.
Props khaihong, abdullahramzan, leanderiversen, aryamaaru, lbenicio, palmiak

Fixes #44274

Built from https://develop.svn.wordpress.org/trunk@43365


git-svn-id: http://core.svn.wordpress.org/trunk@43193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:37:51 +00:00
Sergey Biryukov
593848e9dc Docs: Correct inline comment added in [43361] for consistency with other comments.
See #44142.
Built from https://develop.svn.wordpress.org/trunk@43363


git-svn-id: http://core.svn.wordpress.org/trunk@43191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:37:00 +00:00
Sergey Biryukov
d35f9813f1 Docs: Add missing @return value for save_mod_rewrite_rules() and iis7_save_url_rewrite_rules().
See #44142.
Built from https://develop.svn.wordpress.org/trunk@43362


git-svn-id: http://core.svn.wordpress.org/trunk@43190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:36:35 +00:00
Sergey Biryukov
40cfcfc222 Privacy: Make sure wp_add_privacy_policy_content() does not cause a fatal error by unintentionally flushing rewrite rules outside of the admin context.
Add a `_doing_it_wrong()` message describing the correct usage of the function.

Props kraftbj, azaozz, SergeyBiryukov, YuriV.
Fixes #44142.
Built from https://develop.svn.wordpress.org/trunk@43361


git-svn-id: http://core.svn.wordpress.org/trunk@43189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:36:09 +00:00
atimmer
96bfb67e79 Docs: Improve JSDoc for emoji.js.
Props lisannekluitmans, hansjovisyoast, igorsch, nicollle.
Fixes #44367.

Built from https://develop.svn.wordpress.org/trunk@43360


git-svn-id: http://core.svn.wordpress.org/trunk@43188 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:35:44 +00:00
John Blackbourn
649a95f840 I18N: Introduce unit tests for the Japanese language in order to facilitate future improvements.
Props ryotsun

Fixes #43829

Built from https://develop.svn.wordpress.org/trunk@43359


git-svn-id: http://core.svn.wordpress.org/trunk@43187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:35:20 +00:00
Sergey Biryukov
66fa722850 Docs: Update @since versions in Community Events class added in [42726].
See #41112.
Built from https://develop.svn.wordpress.org/trunk@43356


git-svn-id: http://core.svn.wordpress.org/trunk@43184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:34:04 +00:00
atimmer
d9df5dec11 Docs: Improve JSDoc for auth-check.js.
Props pskli.
Fixes #44364.

Built from https://develop.svn.wordpress.org/trunk@43355


git-svn-id: http://core.svn.wordpress.org/trunk@43183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:33:38 +00:00
Sergey Biryukov
33c708feca Privacy: Remove unnecessary This email has been sent to ###EMAIL### from privacy emails.
The line was copied from the emails that get sent when an email address changes, without considering if it made sense in the new context.

Props iandunn, ianbelanger, desrosj.
Fixes #44030.
Built from https://develop.svn.wordpress.org/trunk@43353


git-svn-id: http://core.svn.wordpress.org/trunk@43181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:32:48 +00:00
atimmer
f74a52b0f2 Docs: Improve JSDoc for admin/link.js.
Props andg.
Fixes #44362.

Built from https://develop.svn.wordpress.org/trunk@43352


git-svn-id: http://core.svn.wordpress.org/trunk@43180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:32:22 +00:00
Sergey Biryukov
947a12f2b2 Privacy: Fix typo in default privacy policy text.
Props garetharnold, abdullahramzan.
Fixes #44166.
Built from https://develop.svn.wordpress.org/trunk@43350


git-svn-id: http://core.svn.wordpress.org/trunk@43178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:31:31 +00:00
jrf
a4f7f70c9d Build/Tools: Update PHPCS ruleset for WP Core and related Composer setup.
`.gitignore` + `svn:ignore`:
* Add the typical filenames of overloaded PHPCS configs to `.gitignore`.

Composer:
* Use the `develop` (Packagist `dev-master`) version of WPCS as it contains lots of bugfixes.
* Remove the PHPCS dependency. This is a dependency of WPCS, not of WP Core itself. This will also make sure that the PHPCS version used is always one which is supported by WPCS.
* Refreshed the `composer.lock` file.

PHPCS ruleset:
* Removed a reference to a sniff which doesn't exist in WPCS yet.
* Use the PHPCS 3.x `basepath` option to clean up the file paths PHPCS shows in the reports.
* Use the PHPCS 3.x `parallel` option to enable parallel scanning whenever possible to speed up the scans.
* Whitelist the `wp-includes/l10n.php` file from issues being reported by the `WordPress.WP.I18n` sniff.

Fixes #44366.
Built from https://develop.svn.wordpress.org/trunk@43348


git-svn-id: http://core.svn.wordpress.org/trunk@43176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:30:40 +00:00
atimmer
bde558be2f Docs: Add file doc @output annotations.
These annotations make it clear to the reader of a JavaScript source
where the build process outputs to. These annotations can later be
integrated in a webpack configuration. This way there is one source of
truth.

The `build` folder is omitted from the paths, because a single JS file
shouldn't not be responsible of knowing where outputs in general will
end up at. A file only knows its output location relative to the
project.

Props adamsilverstein, herregroen, omarreiss, pento.
Fixes #44361.

Built from https://develop.svn.wordpress.org/trunk@43347


git-svn-id: http://core.svn.wordpress.org/trunk@43175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:30:15 +00:00
atimmer
6a9a5e123c Docs: Improve JSDoc for pointer.js.
Props maartenleenders, dfangstrom.
Fixes #44325.

Built from https://develop.svn.wordpress.org/trunk@43346


git-svn-id: http://core.svn.wordpress.org/trunk@43174 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:29:48 +00:00
Sergey Biryukov
6172dab7c1 I18N: Remove unused MediaElement.js strings.
Props metodiew.
See #42139. Fixes #37453.
Built from https://develop.svn.wordpress.org/trunk@43345


git-svn-id: http://core.svn.wordpress.org/trunk@43173 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:29:24 +00:00
atimmer
dbf155d93b Build Tools: Fix JSDoc configuration include paths.
After [43309] the JSDoc configuration was broken, this fixes that.

Props herregroen.

Built from https://develop.svn.wordpress.org/trunk@43344


git-svn-id: http://core.svn.wordpress.org/trunk@43172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:28:58 +00:00
Weston Ruter
8f21b4c607 Privacy: Only link to menus panel in Customizer if selected privacy page can be accessed there.
Props dlh.
Fixes #44117.

Built from https://develop.svn.wordpress.org/trunk@43343


git-svn-id: http://core.svn.wordpress.org/trunk@43171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:28:33 +00:00
atimmer
ba9e0ac030 Docs: Improve JSDoc for admin-bar.js.
Change an incorrect type and description after [43332].

Props afercia.
See #43871.

Built from https://develop.svn.wordpress.org/trunk@43341


git-svn-id: http://core.svn.wordpress.org/trunk@43169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:27:38 +00:00
Felix Arntz
a449ac386e REST API: Improve test coverage by providing tests for term meta.
See #38323.

Built from https://develop.svn.wordpress.org/trunk@43340


git-svn-id: http://core.svn.wordpress.org/trunk@43168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:27:12 +00:00
Felix Arntz
07e121126d Tests: Improve performance of post meta tests.
See #38323.

Built from https://develop.svn.wordpress.org/trunk@43339


git-svn-id: http://core.svn.wordpress.org/trunk@43167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:26:48 +00:00
Andrew Ozz
06725cf28d Move scheduling of old auto-draft posts deletion to get_default_post_to_edit() (where auto-drafts are created).
Fixes #44337.
Built from https://develop.svn.wordpress.org/trunk@43338


git-svn-id: http://core.svn.wordpress.org/trunk@43166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:26:22 +00:00
Andrew Ozz
679f442285 TinyMCE: do not force-load external plugins, not needed any more and may cause issues.
Fixes #44330.
Built from https://develop.svn.wordpress.org/trunk@43337


git-svn-id: http://core.svn.wordpress.org/trunk@43165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:25:57 +00:00
Andrew Ozz
62bb0dcafd TinyMCE: prevent creation of paragraphs from multiple HTML comments when wpautop is disabled.
Fixes #44308.
Built from https://develop.svn.wordpress.org/trunk@43336


git-svn-id: http://core.svn.wordpress.org/trunk@43164 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:25:32 +00:00
Jeremy Felt
1b263de2d6 Build/Test Tools: Avoid running full PHPUnit test suite for every PHP file change.
Use `grunt watch --phpunit --group={testgroup}` to start `grunt watch` with a specific test group so that PHP file changes trigger a limited number of tests.

Props jeremyfelt, birgire for testing.
Fixes #44240.

Built from https://develop.svn.wordpress.org/trunk@43335


git-svn-id: http://core.svn.wordpress.org/trunk@43163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:25:08 +00:00
atimmer
8a9dc11590 Docs: Improve JSDoc for language-chooser.js.
Props ireneyoast, manuelaugustin.
Fixes #43950.

Built from https://develop.svn.wordpress.org/trunk@43334


git-svn-id: http://core.svn.wordpress.org/trunk@43162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:24:43 +00:00
atimmer
7c410b8d37 Docs: Improve JSDoc for zxcvbn-async.js.
Props manuelaugustin, igorsch, LisanneKluitmans.
Fixes 43948.

Built from https://develop.svn.wordpress.org/trunk@43333


git-svn-id: http://core.svn.wordpress.org/trunk@43161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:24:18 +00:00
atimmer
e6c02f874c Docs: Improve JSDoc for admin-bar.js.
Props manuelaugustin, terwdan, sjardo, LisanneKluitmans.
Fixes #43871.

Built from https://develop.svn.wordpress.org/trunk@43332


git-svn-id: http://core.svn.wordpress.org/trunk@43160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:23:53 +00:00
Sergey Biryukov
e0e564d84b Users: In wp_validate_user_request_key(), properly return the WP_Error object in case the confirmation email has expired.
Props itowhid06.
Fixes #44298.
Built from https://develop.svn.wordpress.org/trunk@43331


git-svn-id: http://core.svn.wordpress.org/trunk@43159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:23:27 +00:00
Sergey Biryukov
9ba957770e Docs: Remove obsolete $wpdb global references in WP_User::__construct() and WP_User::for_blog().
Props mt8.biz.
Fixes #44295.
Built from https://develop.svn.wordpress.org/trunk@43330


git-svn-id: http://core.svn.wordpress.org/trunk@43158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:23:02 +00:00
Gary Pendergast
fa5cf0a7d6 Build Tools: grunt build should only copy Core files.
Historically, `grunt build` has copied all files from the `src` directory to the `build` directory. This is usually fine, but can be super slow when there are lots of custom plugins or themes in the `src` directory.

To rectify this, we now only copy Core plugins and themes to `build`.

Props adamsilverstein, pento, johnbillion.
Fixes #44256.


Built from https://develop.svn.wordpress.org/trunk@43329


git-svn-id: http://core.svn.wordpress.org/trunk@43157 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:22:36 +00:00
Sergey Biryukov
9115444ee7 Build/Test Tools: Replace Codex home page link in "Read more about setting up your local development environment" with a more specific handbook link.
Props abdullahramzan, johnbillion.
Fixes #44228.
Built from https://develop.svn.wordpress.org/trunk@43328


git-svn-id: http://core.svn.wordpress.org/trunk@43156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:22:11 +00:00
Andrew Ozz
ab65b61da9 Build tools: Grunt:
- Normalize `filepath` in the the `watch` event.
- Throw a warning when `watch` fails to process a file because the destination path cannot be determined.

Fixes #44262.
Built from https://develop.svn.wordpress.org/trunk@43327


git-svn-id: http://core.svn.wordpress.org/trunk@43155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:21:45 +00:00
Jeremy Felt
3ab90ab858 Docs: Document globals in validate_another_blog_signup().
Props mukesh27.
Fixes #43594.

Built from https://develop.svn.wordpress.org/trunk@43326


git-svn-id: http://core.svn.wordpress.org/trunk@43154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:21:21 +00:00
Sergey Biryukov
dde7843f7e Docs: Fix typo in Services_JSON DocBlocks.
Props sagarnasit.
Fixes #44244.
Built from https://develop.svn.wordpress.org/trunk@43325


git-svn-id: http://core.svn.wordpress.org/trunk@43153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:20:54 +00:00
Jeremy Felt
c3b788a205 Built/Test Tools: Increase grunt watch interval on all files.
Significantly reduces Grunt's CPU usage when `grunt watch` is in an idle/watching state.

Props netweb.
Fixes #44241.

Built from https://develop.svn.wordpress.org/trunk@43324


git-svn-id: http://core.svn.wordpress.org/trunk@43152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:20:23 +00:00
Andrew Ozz
facf027fe7 Build tools: Update Grunt to version 1.0.2.
Props iandunn, netweb.
Fixes #42308.
Built from https://develop.svn.wordpress.org/trunk@43323


git-svn-id: http://core.svn.wordpress.org/trunk@43151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:19:59 +00:00
Andrew Ozz
87d1a3222b Build tools:
- Remove `check-node-version` from package.json for now. Throws errors.
- Minor fixes to package-lock.json, `http` => `https`.

See #44246.
Built from https://develop.svn.wordpress.org/trunk@43322


git-svn-id: http://core.svn.wordpress.org/trunk@43150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:19:33 +00:00
Andrew Ozz
6fd8080e7e Build tools: Use npm v6.1.0.
Props netweb.
Fixes #44245.
Built from https://develop.svn.wordpress.org/trunk@43320


git-svn-id: http://core.svn.wordpress.org/trunk@43149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-27 16:01:23 +00:00
Sergey Biryukov
dd185824cd Docs: Fix typo in _walk_bookmarks() DocBlock.
Props abhijitrakas.
Fixes #44242.
Built from https://develop.svn.wordpress.org/trunk@43319


git-svn-id: http://core.svn.wordpress.org/trunk@43148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-27 08:36:23 +00:00
Sergey Biryukov
0ff5536bac Posts, Post Types: Use COOKIEPATH when clearing post password cookie, as that's the path it's created with.
See #44089.
Built from https://develop.svn.wordpress.org/trunk@43318


git-svn-id: http://core.svn.wordpress.org/trunk@43147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-27 01:33:22 +00:00
Sergey Biryukov
a724d77a4e Posts, Post Types: Clear post password cookie when logging out.
Props skoldin, subrataemfluence, ianbelanger, johnbillion.
Fixes #44089.
Built from https://develop.svn.wordpress.org/trunk@43317


git-svn-id: http://core.svn.wordpress.org/trunk@43146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-26 12:43:23 +00:00
John Blackbourn
e4b0a8d511 Build/Test Tools: Allow the unit test framework to be used without the data directory in place.
Fixes #43982
Built from https://develop.svn.wordpress.org/trunk@43315


git-svn-id: http://core.svn.wordpress.org/trunk@43144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-25 22:43:26 +00:00
Boone Gorges
ecb4491670 Taxonomy: Improve cache handling when querying for terms using all_with_object_id.
When a term query using `fields=all_with_object_id` hits the cache, the
cached `stdClass` objects must be converted to `WP_Term` objects. This
was overlooked when `WP_Term_Query` was refactored to support object
queries in [38667].

Props dlh.
Fixes #44221.
Built from https://develop.svn.wordpress.org/trunk@43313


git-svn-id: http://core.svn.wordpress.org/trunk@43142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-25 01:23:23 +00:00
Gary Pendergast
c5d5629471 Tools: Update wp-cli.yml to point to the build directory.
After [43309], WP-CLI should be running against the `build` directory, not the `src` directory.

Props jpry.
Fixes #44214.


Built from https://develop.svn.wordpress.org/trunk@43312


git-svn-id: http://core.svn.wordpress.org/trunk@43141 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-25 00:15:23 +00:00
John Blackbourn
f57e182c87 Build/Test Tools: Roses are red, this fixes stuff.
Update the test infrastructure so that third party plugins, themes, and projects that use the core testing framework continue to operate from the `src` directory and do not require a build step.

Props mboynes, danielbachhuber, schlessera

See #43055

Built from https://develop.svn.wordpress.org/trunk@43311


git-svn-id: http://core.svn.wordpress.org/trunk@43140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-23 17:55:22 +00:00
Gary Pendergast
54f004e184 Following [43309], I need to change one little line,
And delete some left over cruft, only then shall we prevail.
There are some things easily missed, when using Git, which does not persist—
Empty directories, though that didn't derail—
Our Travis-based tests, which now must prevail.
            Quoth Travis CI, “Build did fail.”

See #43055.


Built from https://develop.svn.wordpress.org/trunk@43310


git-svn-id: http://core.svn.wordpress.org/trunk@43139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-23 11:03:24 +00:00
Gary Pendergast
922f83a69f Once upon a midnight dreary, while I coded, weak and weary,
In many a strange and curious file of forgotten lore—
While I pondered, blaming Nacin, my notifications suddenly awakened,
As of someone quietly DMing;—DMing me, I can’t ignore.
“’Tis some contributor,” I muttered, “DMing me an idea or four—
            Only this and nothing more.”

Ah, distinctly I remember, at WordCamp US, last December;
A mad proposal nearly laid me—down out cold—upon the floor.
Curious, I listened closely;—to a plan I agreed with, mostly—
A way to make our JavaScript—JavaScript which was a chore—
Maintainable, extendable, for the future, is what I saw.
            Guten-ready for evermore.

Open here I switch to Slack, when, with many a patch and hack,
In there stepped Omar, a JavaScript developer hardcore;
Pronouncing all the changes fit; ready now to be commit;
“There’s nothing else for us to do,” DMing me, “It’s done!” he swore—
“No longer random guessing at which file need next be explored—
            Let’s move on, we’re all aboard.”

Moved all together, grouped and managed, in folders all is packaged,
The code had all been cleaned and tidied, important parts moved to the fore,
“Though this change be useful here,” I said, “it is too large, I fear,
We couldn’t manage such a patch, we’ve done nothing like this before—
Tell me where doth go this change, change to make our codebase soar!”
            Quoth Omar, “In WordPress Core.”

Props omarreis for shepherding this significant change.
Props adamsilverstein, aduth, atimmer, dingo_bastard, frank-klein, gziolo, herregroen, jaswrks, jeremyfelt, jipmoors, jorbin, netweb, ocean90, pento, tjnowell, and youknowriad for testing, feedback, discussion, encouragement, commiserations, etc.
I make no apologies for this commit message.
Fixes #43055.


Built from https://develop.svn.wordpress.org/trunk@43309


git-svn-id: http://core.svn.wordpress.org/trunk@43138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-23 10:05:31 +00:00
Boone Gorges
2d62b67211 Taxonomy: Fix $object_ids reference in WP_Term_Query parameter documentation.
Props dlh.
Fixes #44200.
Built from https://develop.svn.wordpress.org/trunk@43308


git-svn-id: http://core.svn.wordpress.org/trunk@43137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-23 02:24:21 +00:00
Sergey Biryukov
0caf5278c6 Docs: Escape the <!--nextpage--> page tag in wp_link_pages() and get_the_content() description for proper display in Developer Reference.
Props grapplerulrich.
See #42505.
Built from https://develop.svn.wordpress.org/trunk@43307


git-svn-id: http://core.svn.wordpress.org/trunk@43136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-22 18:57:25 +00:00
Sergey Biryukov
a30e75437a Docs: Document the cookies default comment field added in [42772].
Props desrosj, chetan200891.
See #44125.
Built from https://develop.svn.wordpress.org/trunk@43304


git-svn-id: http://core.svn.wordpress.org/trunk@43133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 13:13:21 +00:00
Sergey Biryukov
b4320bcd8f Docs: Add missing documentation and duplicate hook references for wp_privacy_personal_data_export_file, wp_privacy_personal_data_exporters, and wp_privacy_personal_data_erasers hooks.
Props birgire.
See #44125.
Built from https://develop.svn.wordpress.org/trunk@43303


git-svn-id: http://core.svn.wordpress.org/trunk@43132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 13:03:21 +00:00
Sergey Biryukov
35f94eb211 Privacy: Correct the error check when creating an export folder in wp_privacy_generate_personal_data_export_file().
`wp_mkdir_p()` returns `false` on error, not a `WP_Error` object.

Props birgire.
Fixes #44158.
Built from https://develop.svn.wordpress.org/trunk@43299


git-svn-id: http://core.svn.wordpress.org/trunk@43128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 11:59:24 +00:00
laurelfulford
12737b798b Bundled Themes: Bump version numbers and update changelogs for 4.9.6 release
* Also, updates POT files for Twenty Ten and Twenty Eleven.

Props earnjam, laurelfulford.

Fixes #43915.

Built from https://develop.svn.wordpress.org/trunk@43293


git-svn-id: http://core.svn.wordpress.org/trunk@43122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-17 17:07:22 +00:00
iandunn
00571b621c Tests: Add case for wp_privacy_delete_old_export_files().
Props allendav.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43292


git-svn-id: http://core.svn.wordpress.org/trunk@43121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-17 16:39:22 +00:00
iandunn
da2f23fa23 Tests: Add case for wp_privacy_send_personal_data_export_email().
Props birgire.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43291


git-svn-id: http://core.svn.wordpress.org/trunk@43120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-16 23:54:20 +00:00
iandunn
2754419731 Comments: Escape permalink values on edit screen to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props 1naveengiri, joyously.
Fixes #44115.

Built from https://develop.svn.wordpress.org/trunk@43290


git-svn-id: http://core.svn.wordpress.org/trunk@43119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-16 22:39:21 +00:00
iandunn
461d17576c Privacy: Require manage_privacy_options to edit policy page.
A user is required to have the `manage_privacy_options` capability in order to determine which page is set as the privacy policy (the `wp_page_for_privacy_policy`). Given that, it doesn't make sense to allow users without that capability to edit or delete the page. 

A similar situation exists with the `page_for_posts` and `page_on_front` options, but Editors are allowed to edit those pages. The reason that this situation is different is because it is more likely that an administrator will want to restrict modifications to the privacy policy, than it is that they will want to allow modifications. Modifications to the policy often require specialized knowledge of local laws, and can have implications for compliance with those laws.

Props dlh, desrosj.
Fixes #44079.

Built from https://develop.svn.wordpress.org/trunk@43286


git-svn-id: http://core.svn.wordpress.org/trunk@43115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:44:21 +00:00
iandunn
fdd5b8dacd Privacy: Rename exports folder to avoid deleting other files.
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.

To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.

The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.

Props johnjamesjacoby, allendav.
Fixes #44091.

Built from https://develop.svn.wordpress.org/trunk@43284


git-svn-id: http://core.svn.wordpress.org/trunk@43113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:22:20 +00:00
Andrew Ozz
534f732104 Privacy: use the more compatible word-break: break-all;, see [43278].
See #44092.
Built from https://develop.svn.wordpress.org/trunk@43282


git-svn-id: http://core.svn.wordpress.org/trunk@43111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:07:22 +00:00
Andrew Ozz
11ea5ebe0a Privacy: fix styling of the Privacy Settings buttons on mobile/small screens.
Props ianbelanger, azaozz.
Fixes #44093.
Built from https://develop.svn.wordpress.org/trunk@43279


git-svn-id: http://core.svn.wordpress.org/trunk@43108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 19:27:22 +00:00
Andrew Ozz
548f73cc7c Privacy: fix styling of the "next steps" buttons on the Export/Erase tools screens when text is long.
Props audrasjb, ianbelanger.
Fixes #44092.
Built from https://develop.svn.wordpress.org/trunk@43278


git-svn-id: http://core.svn.wordpress.org/trunk@43107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 18:59:21 +00:00
Felix Arntz
dac5651f23 Widgets: Allow basic inline tags in wp_sidebar_description().
The customizer has allowed HTML in sidebar descriptions since adding support for sidebars. This change ensures that basic HTML is also allowed for them in the widgets admin screen.

Fixes #42608.

Built from https://develop.svn.wordpress.org/trunk@43275


git-svn-id: http://core.svn.wordpress.org/trunk@43104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 16:55:21 +00:00
iandunn
3aaef96ff8 Privacy: Reposition log in policy link to avoid overlapping elements.
Previously, the link used absolute positioning, in order to stick it at the bottom of the page. That was done in order to create visual separation between it and the "action" links, like "Lost Your Password?"

The absolute positioning can cause conflicts in some situations, though. For example, if extra text or error notices are added above the form, then the login link would be positioned on top of other elements.

Switching to relative positioning with extra margins avoids those issues, while maintaining the visual separation between the "action" links and the privacy policy link.

Props imath, melchoyce, desrosj, xkon, iandunn.
Fixes #44046.

Built from https://develop.svn.wordpress.org/trunk@43274


git-svn-id: http://core.svn.wordpress.org/trunk@43103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 16:27:24 +00:00
Andrew Ozz
8c06c2c662 Privacy: only remove the "Suggested text has changed" bubble when an admin visits the Privacy Policy Guide screen.
Fixes #44063.
Built from https://develop.svn.wordpress.org/trunk@43269


git-svn-id: http://core.svn.wordpress.org/trunk@43098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 17:52:21 +00:00
Andrew Ozz
2e9b08b3a2 Privacy: add wp_page_for_privacy_policy to populate_options().
Props ocean90.
Fixes #44076.
Built from https://develop.svn.wordpress.org/trunk@43267


git-svn-id: http://core.svn.wordpress.org/trunk@43096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 17:00:22 +00:00
Andrew Ozz
242e6eea46 Privacy: fix markup for the table of contents on privacy policy guide screen.
Props ocean90, azaozz.
Fixes #44056.
Built from https://develop.svn.wordpress.org/trunk@43265


git-svn-id: http://core.svn.wordpress.org/trunk@43094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 16:46:23 +00:00
Andrew Ozz
b5564c8646 Privacy: fix the "Privacy Policy Guide updated" message and add a link to the guide.
Props birgire, azaozz.
Fixes #44057.
Built from https://develop.svn.wordpress.org/trunk@43263


git-svn-id: http://core.svn.wordpress.org/trunk@43092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 16:21:21 +00:00
Dominik Schilling
2d4311e32e Privacy: Remove is-dismissible class from notice when privacy info has changed.
The notice isn't dismissible as it only gets removed once you visit the privacy guide, see #44057 and #44063.

Fixes #44065.

Built from https://develop.svn.wordpress.org/trunk@43261


git-svn-id: http://core.svn.wordpress.org/trunk@43090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 15:55:21 +00:00
Dominik Schilling
d3b3cc3fa5 Privacy: Don't show privacy feature pointer to new users.
Fixes #44062.
Built from https://develop.svn.wordpress.org/trunk@43259


git-svn-id: http://core.svn.wordpress.org/trunk@43088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 15:50:22 +00:00
John Blackbourn
810cbb537b Docs: Add missing HTTP methods to the list of those supported.
See #42505

Built from https://develop.svn.wordpress.org/trunk@43258


git-svn-id: http://core.svn.wordpress.org/trunk@43087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 15:23:21 +00:00
Andrew Ozz
3ee58b55b1 Privacy: improve inline documentation.
Props desrosj.
Fixes #44075.
Built from https://develop.svn.wordpress.org/trunk@43256


git-svn-id: http://core.svn.wordpress.org/trunk@43085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 14:53:21 +00:00
Andrew Ozz
e765930982 Privacy: fix Export and Erase Personal Data list-tables on small screens.
Props ianbelanger, subrataemfluence, desrosj.
Fixes #44026.
Built from https://develop.svn.wordpress.org/trunk@43251


git-svn-id: http://core.svn.wordpress.org/trunk@43080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 09:21:21 +00:00
Andrew Ozz
cb084eefd8 Privacy: define $title and $parent_file in privacy.php. Fixes showing the proper document title.
Props ocean90.
Fixes #44064.
Built from https://develop.svn.wordpress.org/trunk@43250


git-svn-id: http://core.svn.wordpress.org/trunk@43079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 08:29:22 +00:00
Andrew Ozz
a75b113bed Privacy: fix two typos in WP_Privacy_Policy_Content::get_default_content().
Props dlh.
Fixes #44050.
Built from https://develop.svn.wordpress.org/trunk@43249


git-svn-id: http://core.svn.wordpress.org/trunk@43078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-13 11:15:21 +00:00
Andrew Ozz
b82fed1806 Privacy: require manage_privacy_options capability for showing WP_Privacy_Policy_Content::notice().
Props ocean90.
Fixes #44055.
Built from https://develop.svn.wordpress.org/trunk@43248


git-svn-id: http://core.svn.wordpress.org/trunk@43077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-13 11:04:21 +00:00
Sergey Biryukov
9a390ea6bd Docs: Correct type for WP_Taxonomy::$cap.
Props dlh.
Fixes #44061.
Built from https://develop.svn.wordpress.org/trunk@43247


git-svn-id: http://core.svn.wordpress.org/trunk@43076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-13 10:31:22 +00:00
iandunn
7f23a920d2 Privacy: Reposition pointer to ensure dismiss link is always visible.
r43158 introduced a new admin pointer for the privacy tools added in 4.9.6. With the previous positioning, though, sometimes the `Dismiss` link would be fixed off screen, making it impossible for the user to dismiss the pointer. This happened when there were enough extra menu items, or when the viewport height was short enough.

This commit repositions the pointer to work around that problem. One down side of this workaround is that the arrow will not always be positioned next to the `Tools` menu, where it should be. That's an acceptable compromise given the current time constraints, though. A long term solution would be to make `WP_Pointer` robust enough to handle this use case.

Props imath, audrasjb, desrosj.
Fixes #44045.

Built from https://develop.svn.wordpress.org/trunk@43246


git-svn-id: http://core.svn.wordpress.org/trunk@43075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-12 17:29:21 +00:00
iandunn
fc800115a7 Privacy: Escape comment URLs in personal export file to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props birgire.
Fixes #44054.

Built from https://develop.svn.wordpress.org/trunk@43245


git-svn-id: http://core.svn.wordpress.org/trunk@43074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-12 15:56:21 +00:00
Weston Ruter
89708c5cec Customize: Hide expansion arrows in Customizer's available widgets list.
Fixes regression introduced by [42794].

Props dlh.
See #40677.
Fixes #43983.

Built from https://develop.svn.wordpress.org/trunk@43244


git-svn-id: http://core.svn.wordpress.org/trunk@43073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-11 17:35:23 +00:00
Andrew Ozz
1b1cc0b371 Privacy: make creating a privacy policy page on install multisite compatible.
See #43491.
Built from https://develop.svn.wordpress.org/trunk@43243


git-svn-id: http://core.svn.wordpress.org/trunk@43072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-11 15:44:21 +00:00
Andrew Ozz
5c5a527d96 Privacy: exclude the wrapper from the default policy content.
Fixes #44048.
Built from https://develop.svn.wordpress.org/trunk@43242


git-svn-id: http://core.svn.wordpress.org/trunk@43071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-11 15:07:21 +00:00
Sergey Biryukov
b7ff8e4f9f Privacy: On Privacy Settings screen, check if any pages exist before displaying the page selector.
Props abdullahramzan, desrosj, melchoyce.
Fixes #43940.
Built from https://develop.svn.wordpress.org/trunk@43238


git-svn-id: http://core.svn.wordpress.org/trunk@43067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 21:39:22 +00:00
iandunn
b26ab11343 Privacy: Expose erasure notification recipient to filter callbacks.
The previous `user_email` value was redundant, because it always matched `$request_data->email`. That value might be different from where the message is sent, though, if the `user_erasure_fulfillment_email_to` filter is used. If they are different, then callbacks for the `user_confirmed_action_email_content` filter may want to distinguish between the email address of the user making the request, and the email address that the confirmation notification is being sent to.

Props desrosj, iandunn.
See #43973.

Built from https://develop.svn.wordpress.org/trunk@43236


git-svn-id: http://core.svn.wordpress.org/trunk@43065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 21:20:22 +00:00
Sergey Biryukov
0a9de1ef2e Privacy: Normalize file paths in wp_privacy_generate_personal_data_export_file() to make sure Windows paths don't have their backslashes stripped.
Props xkon, pmbaldha.
Fixes #43908.
Built from https://develop.svn.wordpress.org/trunk@43234


git-svn-id: http://core.svn.wordpress.org/trunk@43063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 21:11:23 +00:00
Sergey Biryukov
ae2b929294 Privacy: Update request confirmation notice text for clarity.
Props desrosj, melchoyce, garrett-eclipse.
Fixes #43970.
Built from https://develop.svn.wordpress.org/trunk@43232


git-svn-id: http://core.svn.wordpress.org/trunk@43061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 20:53:21 +00:00
Sergey Biryukov
bed52dda40 Privacy: Send an email notification to the user once their personal data erasure request is fulfilled.
Props desrosj, allendav, garrett-eclipse.
Fixes #43973.
Built from https://develop.svn.wordpress.org/trunk@43230


git-svn-id: http://core.svn.wordpress.org/trunk@43059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 20:43:22 +00:00
Sergey Biryukov
699cccd86e Privacy: Avoid a PHP notice in wp_ajax_wp_privacy_erase_personal_data(), make sure $eraser_key is always defined.
Props allendav.
Fixes #44040.
Built from https://develop.svn.wordpress.org/trunk@43228


git-svn-id: http://core.svn.wordpress.org/trunk@43057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 20:24:23 +00:00
Sergey Biryukov
5028eb01fd General: Skip test_is_countable_ResourceBundle() on PHP 5.3 and below.
`ResourceBundle` is only countable in PHP 5.4+, which can be considered an acceptable edge case for WordPress core purposes.

Props jrf, ayeshrajans.
Fixes #43583.
Built from https://develop.svn.wordpress.org/trunk@43226


git-svn-id: http://core.svn.wordpress.org/trunk@43055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 20:16:21 +00:00
iandunn
8af721fff8 Privacy: Replace intrusive policy update notice with menu bubbles.
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue. 

An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.

The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.

Props azaozz, xkon, iandunn.
Fixes #43954. See #43953.

Built from https://develop.svn.wordpress.org/trunk@43223


git-svn-id: http://core.svn.wordpress.org/trunk@43052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 19:52:21 +00:00
Andrew Ozz
7b5f40133a TinyMCE: switch off concatenation when a custom TinyMCE theme is used. Prevents conflict with the default theme as it loads first.
Props programmin, azaozz.
Fixes #43969.
Built from https://develop.svn.wordpress.org/trunk@43222


git-svn-id: http://core.svn.wordpress.org/trunk@43051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 19:50:21 +00:00
Sergey Biryukov
29d5e980cc General: In the is_countable() polyfill, if the provided object implements SimpleXMLElement or ResourceBundle, consider it countable.
Props ayeshrajans, jrf, desrosj.
Fixes #43583.
Built from https://develop.svn.wordpress.org/trunk@43220


git-svn-id: http://core.svn.wordpress.org/trunk@43049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 17:58:22 +00:00
Sergey Biryukov
f766c46904 Privacy: Tweak Privacy Policy page intro text for clarity.
Props macbookandrew, allendav.
See #43933.
Built from https://develop.svn.wordpress.org/trunk@43218


git-svn-id: http://core.svn.wordpress.org/trunk@43047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 16:12:21 +00:00
Andrew Ozz
12d7f2be78 Privacy: fix styling on personal data tables.
Props melchoyce, allendav.
Fixes #43909.
Built from https://develop.svn.wordpress.org/trunk@43216


git-svn-id: http://core.svn.wordpress.org/trunk@43045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 16:02:21 +00:00
Andrew Ozz
7d9265e5c5 Privacy: cleanup of the "Export Personal Data" and "Erase Personal Data" screens.
Props desrosj, xkon.
See #43929.
Built from https://develop.svn.wordpress.org/trunk@43212


git-svn-id: http://core.svn.wordpress.org/trunk@43041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 10:01:21 +00:00
iandunn
06fd54dab6 Privacy: Notify admin via email when a request is confirmed.
Previously the admin didn't have any way to know if a pending request was ready to be processed, aside from manually checking the Export/Erase pages. Sending them an email is a much more convenient option.

Props garrett-eclipse, desrosj, iandunn.
See #43967.

Built from https://develop.svn.wordpress.org/trunk@43211


git-svn-id: http://core.svn.wordpress.org/trunk@43040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 05:00:20 +00:00
iandunn
107b52191b Privacy: Reposition admin pointer to avoid covering collapsed menu.
Previously the pointer overlapped the menu in order to draw attention to the fact that it applies to both the `Tools` and `Settings` menus. That caused a conflict if the menu was collapsed, though, because the icons were covered by the pointer and therefore inaccessible.

Additionally, minor tweaks were made to the text order and formatting. The order of the two sections was swapped in the title and paragraph, in order to match the order of the corresponding menu items. The spacing around headings and paragraphs was tweaked to remove extraneous whitespace.

Props littler.chicken, desrosj, ianbelanger, melchoyce.
Fixes #43961.

Built from https://develop.svn.wordpress.org/trunk@43210


git-svn-id: http://core.svn.wordpress.org/trunk@43039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 03:03:20 +00:00
Sergey Biryukov
760ab78ff9 Privacy: Pass export request ID to wp_privacy_personal_data_export_file_created filter.
Props thomasplevy.
Fixes #44031.
Built from https://develop.svn.wordpress.org/trunk@43208


git-svn-id: http://core.svn.wordpress.org/trunk@43037 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 23:18:22 +00:00
Sergey Biryukov
47e6c2f9ec Privacy: Make the help hint for Privacy Policy page more translatable and accessible.
Props tobifjellner.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43206


git-svn-id: http://core.svn.wordpress.org/trunk@43035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 23:12:21 +00:00
John Blackbourn
bd9b25afbb Upgrade/Install: Correctly internationalise error messages during config setup.
Fixes #43997

Built from https://develop.svn.wordpress.org/trunk@43205


git-svn-id: http://core.svn.wordpress.org/trunk@43034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 22:52:21 +00:00
Andrew Ozz
35d5911ae8 Privacy: fixes for the privacy policy guide and suggested content:
- Separate the guide text form the suggested policy text.
- Add table of content for easier navigation.
- Move the content to tools.php (prevents the settings menu of being open).
- Add a link to the guide from the Privacy settings screen.

Props melchoyce, azaozz.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43203


git-svn-id: http://core.svn.wordpress.org/trunk@43032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 20:51:23 +00:00
Andrew Ozz
ae3e9188ce Privacy: remove the help tab from Settings => Privacy until we have something helpful to say :)
Props allendav.
See #44023.
Built from https://develop.svn.wordpress.org/trunk@43201


git-svn-id: http://core.svn.wordpress.org/trunk@43030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 18:12:22 +00:00
Andrew Ozz
89a11a8c42 Privacy: remove leftover comment after [43197].
See #43968.
Built from https://develop.svn.wordpress.org/trunk@43199


git-svn-id: http://core.svn.wordpress.org/trunk@43028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 17:57:20 +00:00