Commit Graph

38084 Commits

Author SHA1 Message Date
Sergey Biryukov
1f1b7df292 Taxonomy: Ensure that invalid term objects are discarded in WP_Term_Query.
The `get_term()` mapping may result in term objects that are `null` or
`WP_Error` when plugins use `get_term` or a related filter. Since `null`
and error objects are not valid results for a term query, we discard
them.

Props GM_Alex.
Merges [43049] and [43491] to the 4.9 branch.
Fixes #42691.
Built from https://develop.svn.wordpress.org/branches/4.9@43492


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 16:28:25 +00:00
Sergey Biryukov
63779784f3 REST API: Fix some incorrect @since tags.
[43437] included some new methods, which were incorrectly tagged as being `@since 4.9.7`. This updates them to `4.9.8`.

Props danielbachhuber.
Merges [43463] to the 4.9 branch.
Fixes #44287.
Built from https://develop.svn.wordpress.org/branches/4.9@43490


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 16:16:26 +00:00
Sergey Biryukov
d413bb103d REST API: Attachments controller should respect upload limits.
When the REST API is in use on WordPress multisite, the `WP_REST_Attachments_Controller` should respect the "Max upload file size" and "Site upload space" site options.

Props flixos90, danielbachhuber.
Merges [43462] to the 4.9 branch.
Fixes #43751.
Built from https://develop.svn.wordpress.org/branches/4.9@43489


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 16:12:27 +00:00
Sergey Biryukov
c22ddf38ed Privacy: Add $request to $email_data to make it available to all filters.
Props desrosj.
Merges [43477] to the 4.9 branch.
Fixes #44379.
Built from https://develop.svn.wordpress.org/branches/4.9@43488


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 16:10:27 +00:00
Sergey Biryukov
d954d6213a Privacy: Enable pagination screen options for privacy requests list tables.
Props birgire, pbiron.
Merges [43486] to the 4.9 branch.
Fixes #44025.
Built from https://develop.svn.wordpress.org/branches/4.9@43487


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 16:08:26 +00:00
Sergey Biryukov
7aab30a907 Privacy: Remove some unnecessary code comments.
[42967] introduced some WPCS-related comments, probably accidentally saved by an IDE.

Props burhandodhy.
Merges [43465] to the 4.9 branch.
Fixes #44590.
Built from https://develop.svn.wordpress.org/branches/4.9@43485


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 15:25:24 +00:00
Sergey Biryukov
1fadf698a1 Streams: Return early from wp_is_stream() for paths that aren't streams.
Some versions of PHP appear to have a memory leak that is occasionally triggered by calling `stream_get_wrappers()`. In order to avoid calling this, we can return early from `wp_is_stream()` when `$path` doesn't contain `://`.

Props pbiron, JPry, dontstealmyfish.
Merges [43466] to the 4.9 branch.
Fixes #44532.
Built from https://develop.svn.wordpress.org/branches/4.9@43484


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 15:20:26 +00:00
Sergey Biryukov
227534fae8 Streams: When checking in wp_is_stream() escape the stream wrapper names for PCRE to avoid PHP warnings when invalid stream wrappers are registered.
Props dd32.
Merges [42432] to the 4.9 branch.
Fixes #43054.
Built from https://develop.svn.wordpress.org/branches/4.9@43483


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 15:19:24 +00:00
Sergey Biryukov
ec980c34e0 Editor: Use apply_filters_deprecated() for some deprecated filters.
The `htmledit_pre` and `richedit_pre` filters have been deprecated since 4.3.0, since before `apply_filters_deprecated()` existed. They're now correctly run using `apply_filters_deprecated()`.

Props sebastienthivinfocom, lbenicio, ianbelanger.
Merges [43464] to the 4.9 branch.
Fixes #44341.
Built from https://develop.svn.wordpress.org/branches/4.9@43482


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 15:05:25 +00:00
Andrew Ozz
dcb9622465 Customize: Do not attempt to count uncountable value.
Props dlh.
Merges [43480] to the 4.9 branch.
Fixes #44104.
Built from https://develop.svn.wordpress.org/branches/4.9@43481


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 14:40:23 +00:00
Sergey Biryukov
29dfd13361 Privacy: Rename username_or_email_to_export POST variable on Erase Personal Data screen to a more generic username_or_email_for_privacy_request.
Props ianbelanger, allendav.
Merges [43478] to the 4.9 branch.
Fixes #44181.
Built from https://develop.svn.wordpress.org/branches/4.9@43479


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 14:18:27 +00:00
Andrew Ozz
42a2dc2f7a Privacy: Add filter for the subject of the erasure complete notification emails.
Props desrosj.
Merges [43475] to the 4.9 branch.
Fixes #44265.


Built from https://develop.svn.wordpress.org/branches/4.9@43476


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43303 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 13:44:25 +00:00
Andrew Ozz
249407985c TinyMCE: do not force-load external plugins, not needed any more and may cause issues.
Merges [43337] to the 4.9 branch.
Fixes #44330.
Built from https://develop.svn.wordpress.org/branches/4.9@43474


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 10:09:24 +00:00
Andrew Ozz
fa393c7fdc Privacy: Fix tests after [43467].
Merges [43471] to the 4.9. branch.
See #44141.

Built from https://develop.svn.wordpress.org/branches/4.9@43473


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 10:07:25 +00:00
Andrew Ozz
6547731cfe TinyMCE: update to 4.8.0, changelog: https://www.tiny.cloud/docs/changelog/#version480july112018
Merges [43447] to the 4.9 branch.
Fixes #44134.
Built from https://develop.svn.wordpress.org/branches/4.9@43472


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43299 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 10:04:26 +00:00
Andrew Ozz
eeef639639 Privacy: Add a setting to disable comment cookie consent.
Merges [43469] to the 4.9 branch.
Fixes #44373.
Built from https://develop.svn.wordpress.org/branches/4.9@43470


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 09:30:25 +00:00
Andrew Ozz
672ccbbc3c Privacy: Don't replace comment author URL and email with anything.
Props TZ-Media, desrosj, birgire.
Merges [43467] to the 4.9 branch.
Fixes #44141.
Built from https://develop.svn.wordpress.org/branches/4.9@43468


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 09:04:28 +00:00
Sergey Biryukov
c0903e830b Posts, Post Types: Add a new add_inline_data action which allows extra fields to be added to the inline editing fields.
Props mensmaximus, NathanAtmoz.
Merges [42676] and [43460] to the 4.9 branch.
Fixes #36085.
Built from https://develop.svn.wordpress.org/branches/4.9@43461


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 15:34:25 +00:00
Sergey Biryukov
cb2625e260 Privacy: Use consistent values for the site name and URL used in notification emails.
The functions `send_confirmation_on_profile_email()`, `_wp_privacy_send_request_confirmation_notification()`, `_wp_privacy_send_erasure_fulfillment_notification()`, and `wp_send_user_request()` all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded.

Props subrataemfluence, desrosj.
Merges [43388], [43390], and [43435] to the 4.9 branch.
Fixes #44396.
Built from https://develop.svn.wordpress.org/branches/4.9@43459


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 14:24:26 +00:00
Sergey Biryukov
d2342e75d0 Login and Registration: Set a better default value for $wp_error parameter in login_header().
To prevent someone from passing a string (which would not be added to a new `WP_Error` instance), check for `is_wp_error()` explicitly.

Props desrosj, chetan200891, spyderbytes, lbenicio, sebastien@thivinfo.com, abdullahramzan.
Merges [43457] to the 4.9 branch.
Fixes #44052.
Built from https://develop.svn.wordpress.org/branches/4.9@43458


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 14:14:27 +00:00
Sergey Biryukov
665b28aad0 Privacy: use wp_login_url() for the link in the user confirmation email.
Props desrosj, usmankhalid.
Merges [43379] to the 4.9 branch.
Fixes #44353.
Built from https://develop.svn.wordpress.org/branches/4.9@43456


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:54:26 +00:00
Sergey Biryukov
30b402c24b Privacy: append (Draft) to draft page titles in the page drop-down on the Privacy Settings screen.
Props allendav, desrosj.
Merges [43376] and [43454] to the 4.9 branch.
Fixes #44100.
Built from https://develop.svn.wordpress.org/branches/4.9@43455


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:52:26 +00:00
Sergey Biryukov
8040b247a4 Privacy: on the Privacy Settings screen change view to preview when a draft page is selected for the privacy policy.
Props garrett-eclipse, desrosj.
Merges [43374] to the 4.9 branch.
Fixes #44131.
Built from https://develop.svn.wordpress.org/branches/4.9@43453


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:30:26 +00:00
Sergey Biryukov
14a11fc4db Privacy: Change @since entry for user_request_confirmed_email_subject filter added in [43373] to 4.9.8.
Merges [43451] to the 4.9 branch.
Fixes #44382.
Built from https://develop.svn.wordpress.org/branches/4.9@43452


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:24:27 +00:00
Sergey Biryukov
8f33283493 Privacy: add user request type to the admin notification email subject.
Merges [43375] to the 4.9 branch.
Props birgire, desrosj.
Fixes #44099.
Built from https://develop.svn.wordpress.org/branches/4.9@43450


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 12:09:26 +00:00
Sergey Biryukov
9ad59101ab Privacy: do not show the comment cookies opt-in checkbox (on the front-end comments form) when comment cookies are disabled.
Props felipeelia, johnbillion.
Merges [43370] to the 4.9 branch.
Fixes #44342.
Built from https://develop.svn.wordpress.org/branches/4.9@43449


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 12:07:25 +00:00
Sergey Biryukov
b74a18dc8b Privacy: Silence is golden and invisible.
"Be more discrete." declared matt in [3155], and since then, "Silence is Golden" has been the calling card of placeholder index files. Historically, these have been php files, but [43012] changed that and added index.html files for privacy export generated folders.

The php silence files produce no visible content. This adds consistency with these new html files in that there will be no visible content. Silence will fall when the question is asked.

Merges [43446] to the 4.9 branch.
Fixes #44195.
Props audrasjb, rafsuntaskin, Ov3rfly, johnbillion, pento
Built from https://develop.svn.wordpress.org/branches/4.9@43448


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 12:02:29 +00:00
Gary Pendergast
595cd450eb REST API: Filter responses based on the _fields parameter, before data is processed.
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.

This change causes `_fields` to be applied earlier, so that only requested fields are processed.

Merges [43087] to the 4.9 branch.

Props danielbachhuber.
See #43874.


Built from https://develop.svn.wordpress.org/branches/4.9@43445


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 06:51:27 +00:00
Gary Pendergast
cb0ea9d291 Emoji: Update Twemoji to version 11.0.
🦹

Backport of [43377] to the 4.9 branch.

Props kraftbj,
Fixes #44339.


Built from https://develop.svn.wordpress.org/branches/4.9@43444


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 06:37:26 +00:00
Gary Pendergast
547a500699 REST API: Tweak permission checks for taxonomy and term endpoints
To match behaviour in the Classic Editor, we need to slightly loosen permissions on taxonomy and term endpoints. This allows users to create terms to assign to a post that they're editing.

Merges [43440] to the 4.9 branch.

Props danielbachhuber.
Fixes #44096.


Built from https://develop.svn.wordpress.org/branches/4.9@43443


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 06:29:25 +00:00
Gary Pendergast
d802d709c7 REST API: Expose revision count and last revision ID on Post response
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.

Merge of [43439] and [43441] to the 4.9 branch.

Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs, pento.
Fixes #44321.


Built from https://develop.svn.wordpress.org/branches/4.9@43442


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 06:14:25 +00:00
Gary Pendergast
26f6aeaeea REST API: Declare user capabilities using JSON Hyper Schema's "targetSchema".
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.

Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.

This change also includes flags on post objects for the following actions:

- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.

Merges [43437] to the 4.9 branch.

Props TimothyBlynJacobs, danielbachhuber.
Fixes #44287.


Built from https://develop.svn.wordpress.org/branches/4.9@43438


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-11 09:21:29 +00:00
Aaron Campbell
cf8c4fa0d8 Bump 4.9 branch to version 4.9.7
Built from https://develop.svn.wordpress.org/branches/4.9@43407


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 16:05:26 +00:00
John Blackbourn
b564da95fb Media: Limit thumbnail file deletions to the same directory as the original file.
Built from https://develop.svn.wordpress.org/branches/4.9@43393


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 14:45:31 +00:00
Andrew Ozz
b4aaf4a73c Privacy: add esc_html to assertion in test_wp_comments_personal_data_exporter.
Props mermel, 1naveengiri.
Merges [43371] to the 4.9 branch.
Fixes #44113.
Built from https://develop.svn.wordpress.org/branches/4.9@43372


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:40:47 +00:00
John Blackbourn
1f5f8129de Security: Harden the random aspect of the hash used for user profile and admin email address changes.
Props BjornW

Fixes #43771

Merges [43367] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@43368


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:39:07 +00:00
John Blackbourn
15054d8a94 Options, Meta APIs: Use the correct escaping function when outputting the meta box context.
Props khaihong, abdullahramzan, leanderiversen, aryamaaru, lbenicio, palmiak

Fixes #44274

Merges [43365] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@43366


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:38:18 +00:00
Sergey Biryukov
cd2f52dda1 Privacy: Make sure wp_add_privacy_policy_content() does not cause a fatal error by unintentionally flushing rewrite rules outside of the admin context.
Add a `_doing_it_wrong()` message describing the correct usage of the function.

Props kraftbj, azaozz, SergeyBiryukov, YuriV.
Merges [43361], [43362], [43363] to the 4.9 branch.
Fixes #44142.
Built from https://develop.svn.wordpress.org/branches/4.9@43364


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:37:26 +00:00
Sergey Biryukov
ea7c189825 Privacy: Only link to menus panel in Customizer if selected privacy page can be accessed there.
Props dlh.
Merges [43343] to the 4.9 branch.
Fixes #44117.
Built from https://develop.svn.wordpress.org/branches/4.9@43358


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:34:55 +00:00
Sergey Biryukov
567d4b0961 Community Events Dashboard: Always show a WordCamp if one is coming up.
WordCamps are celebrations of the local WordPress Community and once a local one is scheduled, people in that community should know it is coming. This adjusts the WordPress Events in the dashboard widgets to always display a WordCamp, even if there are multiple Meetups happening first.

Props iandunn, metalandcoffee, warmlaundry, alejandroxlopez, jorbin.
Merges [42726], [42728], and [43356] to the 4.9 branch.
Fixes #41112.
Built from https://develop.svn.wordpress.org/branches/4.9@43357


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:34:30 +00:00
Sergey Biryukov
e2bf0ae498 Privacy: Remove unnecessary This email has been sent to ###EMAIL### from privacy emails.
The line was copied from the emails that get sent when an email address changes, without considering if it made sense in the new context.

Props iandunn, ianbelanger, desrosj.
Merges [43353] to the 4.9 branch.
Fixes #44030.
Built from https://develop.svn.wordpress.org/branches/4.9@43354


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:33:14 +00:00
Sergey Biryukov
eaf96830ce Privacy: Fix typo in default privacy policy text.
Props garetharnold, abdullahramzan.
Merges [43350] to the 4.9 branch.
Fixes #44166.
Built from https://develop.svn.wordpress.org/branches/4.9@43351


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:31:57 +00:00
Sergey Biryukov
1bb5174584 Posts, Post Types: Clear post password cookie when logging out.
Props skoldin, subrataemfluence, ianbelanger, johnbillion.
Merges [43317] and [43318] to the 4.9 branch.
Fixes #44089.
Built from https://develop.svn.wordpress.org/branches/4.9@43349


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:31:05 +00:00
Sergey Biryukov
ddc8032efd Users: In wp_validate_user_request_key(), properly return the WP_Error object in case the confirmation email has expired.
Props itowhid06.
Merges [43331] to the 4.9 branch.
Fixes #44298.
Built from https://develop.svn.wordpress.org/branches/4.9@43342


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:28:08 +00:00
John Blackbourn
d668b72f5b Build/Test Tools: Allow the unit test framework to be used without the data directory in place.
Fixes #43982

Merges [43315] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@43316


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-25 22:48:28 +00:00
Boone Gorges
30b40c8f52 Taxonomy: Improve cache handling when querying for terms using all_with_object_id.
When a term query using `fields=all_with_object_id` hits the cache, the
cached `stdClass` objects must be converted to `WP_Term` objects. This
was overlooked when `WP_Term_Query` was refactored to support object
queries in [38667].

Merges [43313] to the 4.9 branch.

Props dlh.
Fixes #44221.

Built from https://develop.svn.wordpress.org/branches/4.9@43314


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-25 01:26:29 +00:00
Sergey Biryukov
5129da3af5 Docs: Document the cookies default comment field added in [42772].
Props desrosj, chetan200891.
Merges [43304] to the 4.9 branch.
See #44125.
Built from https://develop.svn.wordpress.org/branches/4.9@43306


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 13:17:25 +00:00
Sergey Biryukov
98eb869d8b Docs: Add missing documentation and duplicate hook references for wp_privacy_personal_data_export_file, wp_privacy_personal_data_exporters, and wp_privacy_personal_data_erasers hooks.
Props birgire.
Merges [43303] to the 4.9 branch.
See #44125.
Built from https://develop.svn.wordpress.org/branches/4.9@43305


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 13:16:25 +00:00
Sergey Biryukov
f1773beb0c Widgets: Allow basic inline tags in wp_sidebar_description().
The customizer has allowed HTML in sidebar descriptions since adding support for sidebars. This change ensures that basic HTML is also allowed for them in the widgets admin screen.

Props flixos90.
Merges [43275] to the 4.9 branch.
Fixes #42608.
Built from https://develop.svn.wordpress.org/branches/4.9@43302


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 12:43:27 +00:00
Sergey Biryukov
e782caa1e7 Comments: Escape permalink values on edit screen to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props 1naveengiri, joyously.
Merges [43290] to the 4.9 branch.
Fixes #44115.
Built from https://develop.svn.wordpress.org/branches/4.9@43301


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 12:40:26 +00:00