Commit Graph

38026 Commits

Author SHA1 Message Date
Sergey Biryukov
7a7e45a530 Privacy: Use a CSPRNG in export filenames for more security.
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.

Props iandunn.
Merges [43045] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43094


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:19:25 +00:00
Sergey Biryukov
c3c9eaf45e Privacy: fix unit tests after [43012].
Props iandunn.
Merges [43015] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43093


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:17:25 +00:00
Sergey Biryukov
e5c53b9bbd Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run.
Props allendav.
Merges [43012] and [43089] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43092


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:16:25 +00:00
Sergey Biryukov
d4be2db521 Privacy: make the emails in export and erasure list-tables clickable.
Props birgire.
Merges [43057] to the 4.9 branch.
See #43911.
Built from https://develop.svn.wordpress.org/branches/4.9@43086


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 01:08:25 +00:00
Sergey Biryukov
14d25f6094 Privacy: update and enhance the method to confirm user requests by email. Introduce WP_User_Request to hold all request vars similarly to WP_Post.
Props mikejolley, desrosj.
Merges [43011] and [43014] to the 4.9 branch.
See #43443.
Built from https://develop.svn.wordpress.org/branches/4.9@43084


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42913 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 01:04:26 +00:00
Sergey Biryukov
e5b5b15b88 Privacy: update the method to confirm user requests by email. Use a single CPT to store the requests and to allow logging/audit trail.
Props mikejolley.
Merges [43008] to the 4.9 branch.
See #43443.
Built from https://develop.svn.wordpress.org/branches/4.9@43083


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 01:01:25 +00:00
Sergey Biryukov
b433465f15 Privacy: add helper function for anonymizing data in a standardized way.
Props jesperher, allendav, iandunn, birgire, azaozz, joemcgill.
Merges [42971] and [43081] to the 4.9 branch.
Fixes #43545.
Built from https://develop.svn.wordpress.org/branches/4.9@43082


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:49:26 +00:00
Sergey Biryukov
bcb3a839d1 Privacy: add functionality to anonymize commenters.
Props xkon, fclaussen, allendav, birgire, azaozz.
Merges [42994] to the 4.9 branch.
See #43442.
Built from https://develop.svn.wordpress.org/branches/4.9@43080


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:21:25 +00:00
Sergey Biryukov
257be25506 Privacy: docs fixes and improvements for wp_comments_personal_data_exporter().
Props desrosj.
Merges [43058] to the 4.9 branch.
See #43440.
Built from https://develop.svn.wordpress.org/branches/4.9@43079


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:18:26 +00:00
Sergey Biryukov
59593950dc Privacy: Fix JSHint errors.
Introduced in [42986].

Props jorbin.
Merges [42989] to the 4.9 branch.
See #43440.
Built from https://develop.svn.wordpress.org/branches/4.9@43078


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:15:25 +00:00
Sergey Biryukov
6a3018a7c9 Privacy: fix docs, formatting, white space, add tests for the personal data from comments exporter.
Props birgire.
Merges [42987] to the 4.9 branch.
See #43440.
Built from https://develop.svn.wordpress.org/branches/4.9@43077


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:12:25 +00:00
Sergey Biryukov
2f6f41170a Privacy: add functionality for exporting personal data from comments.
Props allendav, xkon.
Merges [42888] to the 4.9 branch.
See #43440.
Built from https://develop.svn.wordpress.org/branches/4.9@43076


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:11:24 +00:00
Sergey Biryukov
82687eb7af Privacy: add means to erase personal data by username or email address. First run.
Props allendav, coreymckrill, ericdaams, azaozz.
Merges [42986] to the 4.9 branch.
See #43637, #43602.
Built from https://develop.svn.wordpress.org/branches/4.9@43075


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:03:27 +00:00
Sergey Biryukov
309984de5f Privacy: add support for exporting multiple pages of personal data.
Props allendav.
Merges [42889] to the 4.9 branch.
See #43438.
Built from https://develop.svn.wordpress.org/branches/4.9@43074


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 23:58:25 +00:00
Sergey Biryukov
b1c0bffa78 Privacy: fix error message and list table sorting errors on the Export Personal Data and Remove Personal Data screens.
Props azaozz.
Merges [42977] to the 4.9 branch.
See #43481.
Built from https://develop.svn.wordpress.org/branches/4.9@43073


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 23:49:26 +00:00
Sergey Biryukov
feb3e4caec Tests: Update the REST API fixtures.
[42967] included new post statii, but didn't add them to the REST API tests.

Props pento.
Merges [42972] to the 4.9 branch.
See #43481.
Built from https://develop.svn.wordpress.org/branches/4.9@43072


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 23:46:25 +00:00
Sergey Biryukov
88bc6a609e Privacy: add new wp-admin screens for exporting and removing of personal data.
Props melchoyce, mikejolley, allendav, xkon.
Merges [42967] to the 4.9 branch.
See #43481.
Built from https://develop.svn.wordpress.org/branches/4.9@43071


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 23:42:25 +00:00
Sergey Biryukov
e08597f8fa Privacy: fixes and updates for the method to confirm user requests by email.
- Improve function and variable names.
- Allow extra data to be passed with the request.
- Make the option/user meta names more consistent.
- Adds an inline comment explaining use of hash.

Props mikejolley.
Merges [42964] to the 4.9 branch.
See #43443.
Built from https://develop.svn.wordpress.org/branches/4.9@43070


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 23:37:27 +00:00
Sergey Biryukov
01e3c640fe Add a method to confirm user requests by email. First run.
Props mikejolley.
Merges [42791] to the 4.9 branch.
See #43443.
Built from https://develop.svn.wordpress.org/branches/4.9@43069


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 23:34:26 +00:00
Sergey Biryukov
85d1ba9726 TinyMCE: Update to 4.7.11.
Props iseulde.
Merges [43004] to the 4.9 branch.
Fixes #43862.
Built from https://develop.svn.wordpress.org/branches/4.9@43068


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 22:31:24 +00:00
Sergey Biryukov
59a7fbddde REST API: Add who=authors as a query parameter for GET wp/v2/users.
Any WordPress user who can `edit_posts` of a post type with `show_in_rest=true` can query for authors. This maps to current WordPress behavior where a WordPress user who can view the Manage Posts view for a post type can see any WordPress user assigned to a post (whether published or draft).

This implementation, over restricting `who=authors` to users with `list_users`, gives us future flexibility in displaying lists of posts. It still respects more restrictive permissions for `context=edit`.

Props danielbachhuber.
Merges [43001] to the 4.9 branch.
Fixes #42202.
Built from https://develop.svn.wordpress.org/branches/4.9@43067


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 22:18:26 +00:00
Sergey Biryukov
dc3d22edd9 Login and Registration: Send nocache_headers() on Multisite account activation pages.
Props herregroen.
Merges [43065] to the 4.9 branch.
Fixes #43917.
Built from https://develop.svn.wordpress.org/branches/4.9@43066


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 22:10:26 +00:00
Sergey Biryukov
ee43146223 Privacy: add "Mine" filter for media similarly to posts and comments.
Props audrasjb.
Merged [43056], [43062], [43063] to the 4.9 branch.
Fixes #43820.
Built from https://develop.svn.wordpress.org/branches/4.9@43064


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 22:04:28 +00:00
Sergey Biryukov
cf7288a673 Themes: Avoid a PHP 7.2 warning in get_theme_roots() when $wp_theme_directories is an uncountable value.
See [41174] for `wp_get_themes()` and `get_raw_theme_root()`.

Props burlingtonbytes, teddytime, lbenicio, desrosj.
Merges [43039] to the 4.9 branch.
Fixes #43374. See #40109.
Built from https://develop.svn.wordpress.org/branches/4.9@43040


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42869 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 04:55:26 +00:00
Sergey Biryukov
f04d84149f REST API: Include viewable attribute on Post Type resource for edit context.
For the block editor to be able to expose the Preview button correctly, it needs to know the `is_post_type_viewable()` setting, this change adds it to the Post Type response.

Props danielbachhuber.
Merges [43007] to the 4.9 branch.
Fixes #43739.
Built from https://develop.svn.wordpress.org/branches/4.9@43038


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 04:31:25 +00:00
Sergey Biryukov
9bee0589fb General: Introduce a polyfill for is_iterable() function added in PHP 7.1.
Props jrf, schlessera, desrosj.
Merges [43036] to the 4.9 branch.
See #43619.
Built from https://develop.svn.wordpress.org/branches/4.9@43037


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42866 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 04:17:25 +00:00
Sergey Biryukov
408d8c63be General: Introduce a polyfill for is_countable() function added in PHP 7.3.
Props jrf, ayeshrajans, desrosj.
Merges [43034] to the 4.9 branch.
See #43583.
Built from https://develop.svn.wordpress.org/branches/4.9@43035


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42864 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 03:47:24 +00:00
Sergey Biryukov
3408441e15 Help/About: Move "Get involved" link on Credits screen to the top of the page for better visibility.
Props bridgetwillard, desrosj.
Merges [43032] to the 4.9 branch.
See #23348.
Built from https://develop.svn.wordpress.org/branches/4.9@43033


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42862 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 03:19:24 +00:00
Sergey Biryukov
57e36f1ed2 Login and Registration: Send nocache_headers() on Multisite signup pages.
Props herregroen.
Merges [43030] to the 4.9 branch.
Fixes #43843.
Built from https://develop.svn.wordpress.org/branches/4.9@43031


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 23:10:26 +00:00
Sergey Biryukov
e40df25f76 Plugins: Show the required PHP version in the plugin details view, if specified.
Props xkon.
Merges [42998] to the 4.9 branch.
Fixes #43650.
Built from https://develop.svn.wordpress.org/branches/4.9@43029


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42858 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 22:51:25 +00:00
Sergey Biryukov
40bd08b50f Themes: Introduce theme_templates filter for page templates of all post types.
This complements the `theme_{$post_type}_templates` dynamic filter added in [38951].

Props desrosj.
Merges [43025] and [43027] to the 4.9 branch.
Fixes #43872.
Built from https://develop.svn.wordpress.org/branches/4.9@43028


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42857 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 22:45:24 +00:00
Sergey Biryukov
13b6280373 Docs: Correct $id parameter type for old_slug_redirect_post_id filter.
Props dlh.
Merges [42722] to the 4.9 branch.
Fixes #43375.
Built from https://develop.svn.wordpress.org/branches/4.9@43026


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 22:37:28 +00:00
Aaron Campbell
65a757621d Bump 4.9 branch to version 4.9.5
Built from https://develop.svn.wordpress.org/branches/4.9@42933


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 20:17:40 +00:00
Dominik Schilling
760aa16ab8 Media: Update minified version of imgAreaSelect after [42874].
Adds imgAreaSelect to the uglify grunt process.

Merge of [42930] to the 4.9 branch.

Props adamsilverstein.
See #41242.
Built from https://develop.svn.wordpress.org/branches/4.9@42932


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 19:51:37 +00:00
Dominik Schilling
7f5c437803 Template: Make sure the version string is correctly escaped for use in attributes.
Merge of [42893] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@42917


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42747 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 16:05:39 +00:00
Dominik Schilling
8cd1a27463 HTTP: Don't treat localhost as same host by default.
Merge of [42894] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@42908


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 15:35:41 +00:00
Dominik Schilling
076fb0ff4d Login: Use wp_safe_redirect() when redirecting the login page if forced to use HTTPS.
Merge of [42892] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@42895


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 15:22:42 +00:00
Sergey Biryukov
4c34006070 Post WordPress 4.9.5 RC 1 version bump.
Built from https://develop.svn.wordpress.org/branches/4.9@42885


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42715 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-28 01:39:38 +00:00
Sergey Biryukov
8d99bb5288 WordPress 4.9.5 RC 1.
Built from https://develop.svn.wordpress.org/branches/4.9@42884


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-28 01:08:38 +00:00
Gary Pendergast
bac5694e88 Dashboard: Remove the "Try Gutenberg" callout.
As eager as we all are to see Gutenberg put before a wider audience, there are still a handful of issues that need to be fixed, which won't be done before the 4.9.5 release.

Reverts [42869].
See #41316.


Built from https://develop.svn.wordpress.org/branches/4.9@42883


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-28 00:18:43 +00:00
Sergey Biryukov
2aed23cc97 Twenty Seventeen: Bump version and update the changelog.
Props audrasjb.
Merges [42881] to the 4.9 branch.
Fixes #43572.
Built from https://develop.svn.wordpress.org/branches/4.9@42882


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-27 21:12:42 +00:00
Adam Silverstein
4650753c6b Media: Fix image cropping on touch screen devices.
* In initCrop, handle touch events in addition to mouse events.
* In imageSelect jQuery plugin, accept event.which of 0 as provided by touch events.

Props yahil, alexgso, joemcgill.
Merges [42818] to the 4.9 branch.
Fixes #41242.


Built from https://develop.svn.wordpress.org/branches/4.9@42874


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-24 20:26:42 +00:00
Gary Pendergast
61be857c95 Dashboard: Introduce a "Try Gutenberg" callout.
To encourage more people to try Gutenberg, this new Dashboard box allows site users to easily install and try out Gutenberg.

Props pento, melchoyce, joen, karmatosed, joemcgill, SergeyBiryukov, jorbin.

Fixes #41316.


Built from https://develop.svn.wordpress.org/branches/4.9@42869


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-22 00:59:44 +00:00
Sergey Biryukov
c12c3a96b3 Post WordPress 4.9.5 Beta 1 version bump.
Built from https://develop.svn.wordpress.org/branches/4.9@42868


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-21 02:16:37 +00:00
Sergey Biryukov
ce8c932138 WordPress 4.9.5 Beta 1
Built from https://develop.svn.wordpress.org/branches/4.9@42867


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-21 02:08:40 +00:00
Sergey Biryukov
9d75986391 Media: On Media Settings screen, make the pairs of labels and inputs always stacked vertically, on both mobile and desktop screens.
Make `<br />` tags on the screen behave as line breaks again after [41836]. Add a missing fieldset + legend for better accessibility.

Props afercia, RavanH, obenland, garrett-eclipse.
Merges [42864] to the 4.9 branch.
Fixes #42724. See #34539.
Built from https://develop.svn.wordpress.org/branches/4.9@42865


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-20 22:49:39 +00:00
Sergey Biryukov
8fae65141a Formatting: Avoid a PHP 7.2 warning in wp_kses_attr() when one of $allowedtags elements is an uncountable value.
Props andrei0x309, soulseekah, SergeyBiryukov.
Merges [42860] to the 4.9 branch.
Fixes #43312.
Built from https://develop.svn.wordpress.org/branches/4.9@42861


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-20 21:37:41 +00:00
Sergey Biryukov
6d16a905b8 Twenty Seventeen: Underline links in comments.
Props jainnidhi, larrach, audrasjb.
Merges [42713] to the 4.9 branch.
Fixes #43317.
Built from https://develop.svn.wordpress.org/branches/4.9@42859


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-20 21:19:41 +00:00
Dominik Schilling
04d41666dc REST API JavaScript Client: Support an empty string for nonce to disable sending the X-WP-Nonce header.
Passing a `nonce` argument with an empty string to `wp.api.init()` now does no longer fall back to `wpApiSettings.nonce`. This makes it possible to stop sending nonce headers, for example to a read-only endpoint on another site in a multisite install.

Merge of [42852] to the 4.9 branch.

Props adamsilverstein, FPCSJames, ocean90, swissspidy.
See #42948, #43266.
Built from https://develop.svn.wordpress.org/branches/4.9@42854


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-18 20:04:42 +00:00
Dominik Schilling
7faddf9e50 REST API JS Client: Extend custom nonce functionality to collections.
This brings the improved nonce handling from [41553] to collections to remove the direct `wpApiSettings.nonce` dependency.

Merge of [42851] to the 4.9 branch.

Props adamsilverstein, ocean90, swissspidy.
See #43265.
Built from https://develop.svn.wordpress.org/branches/4.9@42853


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-18 20:00:40 +00:00