The previous method for copying the debug report to the clipboard involved having a hidden `<textarea>`, but this shows up in screen readers and can't be reliably hidden.
To work around this, the button now uses the `clipboard.js` library, which automatically handles browser differences in the Clipboard API, and can load the text to copy from a `data-` attribute on the button.
Props pento, hedgefield, afercia.
Fixes#46647.
Built from https://develop.svn.wordpress.org/trunk@45044
git-svn-id: http://core.svn.wordpress.org/trunk@44853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Site Health tool serves two purposes:
- Provide site owners with information to improve the performance, reliability, and security of their site.
- Collect comprehensive debug information about the site.
By encouraging site owners to maintain their site and adhere to modern best practices, we ultimately improve the software hygeine of both the WordPress ecosystem, and the open internet as a whole.
Props Clorith, hedgefield, melchoyce, xkon, karmatosed, jordesign, earnjam, ianbelanger, wpscholar, desrosj, pedromendonca, peterbooker, jcastaneda, garyj, soean, pento, timothyblynjacobs, zodiac1978, dgroddick, garrett-eclipse, netweb, tobifjellner, pixolin, afercia, joedolson, birgire.
See #46573.
Built from https://develop.svn.wordpress.org/trunk@44986
git-svn-id: http://core.svn.wordpress.org/trunk@44817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduce `validate_plugin_requirements()` for validating a plugin's WordPress and PHP version requirements.
Introduce `wp_is_wp_compatible()` and `wp_is_php_compatible()` for checking compatibility with the current WordPress or PHP version.
Props afragen, joyously, DrewAPicture, TimothyBlynJacobs, desrosj, flixos90, SergeyBiryukov.
See #43992.
Built from https://develop.svn.wordpress.org/trunk@44978
git-svn-id: http://core.svn.wordpress.org/trunk@44809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the network admin user table on multisite installs (`WP_MS_Users_List_Table`), this filter allows the classes for the `<span>` tag surrounding each site link to be modified.
Props kraftbj, flixos90, johnjamesjacoby.
Fixes#41146.
Built from https://develop.svn.wordpress.org/trunk@44977
git-svn-id: http://core.svn.wordpress.org/trunk@44808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.
When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.
A link in the admin bar allows the client to exit recovery mode.
Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes#46130, #44458.
Built from https://develop.svn.wordpress.org/trunk@44973
git-svn-id: http://core.svn.wordpress.org/trunk@44804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds code for soft verification of signatures for theme and plugin installs and updates, when provided by the update server. This experimental version does not reject unverified packages or failed signatures; it simply reports anonymous errors so we can evaluate its feasibility and detect incompatibilities.
This code relies on the new sodium_compat library for PHP versions prior to 7.2.
Props dd32, paragoninitiativeenterprises.
See #39309, #45806.
Built from https://develop.svn.wordpress.org/trunk@44954
git-svn-id: http://core.svn.wordpress.org/trunk@44785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of `@wordpress/api-fetch@3.0.0` (introduced in 44812), the `apiFetch` nonce middleware must have its nonce value assigned explicitly, and will no longer listen for heartbeat ticks automatically. This changeset adds an inline script for the default registration of the `api-fetch` script handle to assign the nonce value in response to the heartbeat action. In doing so, it removes the now-unused, misnamed `rest-nonce` property from the heartbeat response, whose original introduction served as temporary compatibility with earlier versions of `@wordpress/api-fetch`.
See https://github.com/WordPress/gutenberg/pull/13451
See #45113
Props adamsilverstein, nerrad .
Fixes#46107 .
Built from https://develop.svn.wordpress.org/trunk@44949
git-svn-id: http://core.svn.wordpress.org/trunk@44780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes a case where saving in the block editor fails if there are two `_wpnonce` arguments in the request, one overriding the other so that `use_block_editor_for_post()` wasn't able to check the nonce properly.
Props Chouby.
See #45253.
Built from https://develop.svn.wordpress.org/trunk@44938
git-svn-id: http://core.svn.wordpress.org/trunk@44769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a plugin states it requires a specific minimum PHP version (as defined in the `requires_php` field included in the plugin update API response), a user should not be allowed to update that plugin when the server does not satisfy the minimum PHP version.
When this scenario is encountered, the update buttons and links are disabled and links to educational resources about PHP are displayed to the user with a notice.
Props afragen, schlessera, desrosj.
Fixes#43987.
Built from https://develop.svn.wordpress.org/trunk@44937
git-svn-id: http://core.svn.wordpress.org/trunk@44768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- standardizes the Comment count string to `%s Comment in moderation', '%s Comments in moderation` so it can be bulk-updated
- adds the string as visually hidden text in the admin menu
- introduces an `updateInModerationText` JS simple function, responsible to correctly update all the related text using the data from the AJAX response
- adds a visually hidden text "1 Privacy Policy update" to the Privacy menu items count
- adds/improves translators comments
Changes that apply to all the count bubbles (Updates, plugins, etc.)
- makes the bubbles and their text slightly bigger
- improves the active menu item bubble contrast by changing the background color to red (option 2 in the screenshot attached in a previous comment)
Props adamsoucie, afercia.
Fixes#33030.
Built from https://develop.svn.wordpress.org/trunk@44924
git-svn-id: http://core.svn.wordpress.org/trunk@44755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `populate_site_meta` filter can be used to modify the site meta added during the creation of a new site. This filter mirrors the approach used for networks in `populate_network_meta`.
Props spacedmonkey, davidbaumwald.
Fixes#46437.
Built from https://develop.svn.wordpress.org/trunk@44912
git-svn-id: http://core.svn.wordpress.org/trunk@44743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some "visual tabs" in the WordPress admin used links wrapped in a `h2` heading. While these tabs look like ARIA tabs, they're just navigation menus and should be marked-up as such to be correctly exposed to assistive technologies.
- changes the wrapping `<h2>` to a `<nav>` element: worth reminding `<nav>` elements also define ARIA landmarks
- adds an `aria-label` to the `<nav>` elements so they can be distinguished from other `<nav>` elements in the page
- adjusts the headings level in the Credits page
Props audrasjb, afercia.
Fixes#43398.
Built from https://develop.svn.wordpress.org/trunk@44905
git-svn-id: http://core.svn.wordpress.org/trunk@44736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Old browsers didn't support the HTML placeholder attribute. For a number of years, `<label>` elements have been used in a few places in WordPress to emulate placeholders. It's time to improve semantics and interaction, use real placeholders when possible, and clean up some JavaScript.
- Quick Draft widget: it now uses visible `<label>` elements and a real `placeholder` attribute
- removes the related JavaScript
- Post title:
- keeps the "prompt" label for backwards compatibility
- improves the JavaScript to make the "prompt" label stay visible on focus and disappear when typing, like real placeholder do
- changes the post "prompt" text from "Enter title here" to "Add title" for consistency with the Block Editor
- cleans-up some CSS
Props Cheffheid, afercia.
Fixes#42390.
Built from https://develop.svn.wordpress.org/trunk@44896
git-svn-id: http://core.svn.wordpress.org/trunk@44727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only `a` and `br` tags were allowed in the `value` table cell for each field included in the HTML file generated when a user is exporting their personal data. Instead of relying on a hardcoded list of allowed tags, the `wp_kses()` call in `wp_privacy_generate_personal_data_export_group_html()` will now fallback to the default list of allowed tags (which includes `i`, `strong`, `em`, and other basic HTML formatting tags).
Also, a new context of `personal_data_export` will now be passed to the `wp_kses()` call. As a result, the list of HTML tags and attributes allowed in the export file can now be filtered using the `wp_kses_allowed_html` filter and checking for the `personal_data_export` context.
Fixes#44044.
Props tz-media, desrosj, pento, birgire, garrett-eclipse.
Built from https://develop.svn.wordpress.org/trunk@44824
git-svn-id: http://core.svn.wordpress.org/trunk@44656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [34891], `WP_Screen` was updated with methods to store, retrieve, and render screen reader text used by screens with `WP_List_Table` instances. When the export/erase personal data list tables were introduced in [42967], these headings were missing.
Fixes#46041.
Props afercia, xkon, garrett-eclipse, desrosj.
Built from https://develop.svn.wordpress.org/trunk@44821
git-svn-id: http://core.svn.wordpress.org/trunk@44653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A direct URL to where a user can update PHP for their website can now be specified in one of two ways:
- Defining the `WP_DIRECT_UPDATE_PHP_URL` environment variable.
- Returning a URL to the `wp_direct_php_update_url` filter.
When a URL is specified, an additional “Update PHP” button will be displayed at the bottom of the Core dashboard widget informing administrators that their site is running an outdated version of PHP (see [42832]).
Fixes#46074.
Props afragen, desrosj, lukecarbis.
Built from https://develop.svn.wordpress.org/trunk@44814
git-svn-id: http://core.svn.wordpress.org/trunk@44646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filter is only run if the wordpress.org API considers the PHP version acceptable. This ensures that other plugins or hosting providers can only make this check stricter, but not loosen it.
Props j-falk, mikeschroder.
Fixes#46065.
Built from https://develop.svn.wordpress.org/trunk@44788
git-svn-id: http://core.svn.wordpress.org/trunk@44620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In 4.9.6, several new privacy related features were introduced. Admin pointers were included to make administrators aware of these features. They have served their purpose and can now go silently into the night.
Props garrett-eclipse, desrosj, xkon.
Fixes#45999.
Built from https://develop.svn.wordpress.org/trunk@44787
git-svn-id: http://core.svn.wordpress.org/trunk@44619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With the exception of the "Edit" link, the "row actions" controls in the Comments table behave differently depending if JavaScript support is on or off.
When JavaScript support is off, they behave like links. When JavaScript support is on, they behave like buttons and they need to be buttons or have an ARIA `role="button"` added via JavaScript.
Lastly, the buttons in the Reply/Quick Edit form and the "Add Comment" in the edit post page meta box need to be buttons.
Fixes#43412.
Built from https://develop.svn.wordpress.org/trunk@44759
git-svn-id: http://core.svn.wordpress.org/trunk@44591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The custom date/time format previews in General Settings were updated only when blurring the related input fields. With this change, they're now updated when users finish typing a custom format, properly debouncing the `input` event callback.
Props dilipbheda, Girishpanchal.
Fixes#43364.
Built from https://develop.svn.wordpress.org/trunk@44758
git-svn-id: http://core.svn.wordpress.org/trunk@44590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Proximity of related information is an inclusive design principle that benefits everyone and it's particularly important for users with reduced visual field, low vision, or other vision or cognitive impairments. User interface controls that are logically grouped should be placed close to each other.
Also, this change makes the buttons visual order and the DOM order match.
Fixes#45972.
Built from https://develop.svn.wordpress.org/trunk@44757
git-svn-id: http://core.svn.wordpress.org/trunk@44589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Gutenberg plugin will not be deactivated on sites upgrading to WordPress 5.1. This deprecates the `upgrade_500_was_gutenberg_active` option and the `upgrade_500()` function as they are no longer required.
Props peterwilsoncc.
Fixes#46029.
Built from https://develop.svn.wordpress.org/trunk@44732
git-svn-id: http://core.svn.wordpress.org/trunk@44563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to the high number of follow-up tickets and associated security concerns, it was decided to reschedule the fatal error recovery feature for WordPress 5.2, in order to address these issues properly. The feature will continue to be developed, with iterations being merged into trunk early in the 5.2 release cycle.
Fixes#46141. See #44458, #45932, #45940, #46038, #46047, #46068.
Built from https://develop.svn.wordpress.org/trunk@44717
git-svn-id: http://core.svn.wordpress.org/trunk@44548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `Language_Pack_Upgrader::clear_destination()` to clear existing translations before installing new translations. Ensures that unused translations in JSON format are cleaned up.
Props dd32, swissspidy, ocean90.
Fixes#45468.
Built from https://develop.svn.wordpress.org/trunk@44676
git-svn-id: http://core.svn.wordpress.org/trunk@44507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `WP_Shutdown_Handler` name plus related function names were premature when originally committed, as there can be multiple shutdown handlers in PHP, and WordPress makes use of that feature. This changeset modifies the name to a more appropriate `WP_Fatal_Error_Handler`, and related to that changes the following names:
* The drop-in to override the handler is now called `fatal-error-handler.php`.
* The internal function `wp_register_premature_shutdown_handler` is now called `wp_register_fatal_error_handler()`.
In addition to these naming changes, a new constant `WP_DISABLE_FATAL_ERROR_HANDLER` is introduced that can be set in `wp-config.php` to entirely disable the fatal error handler. That constant's value is and should be accessed indirectly via a new `wp_is_fatal_error_handler_enabled()` function and is filterable via a new `wp_fatal_error_handler_enabled` hook. Note that disabling the fatal error handler will skip the new functionality entirely, including the potentially used `fatal-error-handler.php` drop-in.
The new set of constant, filter and function provide for an easier-to-use mechanism to disable the fatal error handler altogether, rather than requiring developers to implement a drop-in for purely that purpose.
Props afragen, flixos90, joyously, knutsp, markjaquith, ocean90, schlessera, spacedmonkey.
Fixes#46047. See #44458.
Built from https://develop.svn.wordpress.org/trunk@44674
git-svn-id: http://core.svn.wordpress.org/trunk@44505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When merging, [44244] and [44260] were committed to trunk the opposite way that they were committed to the 5.0 branch. They were originally committed in [43885] and [43861], respectively.
Due to this switch, a change in how the Custom Fields meta box was registered wasn't merged from the 5.0 branch, causing it to not be registered correctly in trunk.
Props dd32, pento.
Fixes#46028.
Built from https://develop.svn.wordpress.org/trunk@44648
git-svn-id: http://core.svn.wordpress.org/trunk@44479 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the Privacy Policy Guide, there is currently a ‘Copy’ button below each section of suggested text. It is unclear what copy means without more context. It could be assumed, for instance, that the suggested text is copied to a new page.
This changes the button text to read `Copy this section to clipboard` to more clearly inform the user what is copied and how.
Props JoshuaWold, garrett-eclipse, birgire, vishaldodiya.
Fixes#44677.
Built from https://develop.svn.wordpress.org/trunk@44629
git-svn-id: http://core.svn.wordpress.org/trunk@44460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows users to sort the export and erase personal data request tables by “Requester” (`post_title`, or user email) and “Requested” (`post_date`, or when the request was created), which can be helpful when sites have many requests present.
Props birgire, ianbelanger, pbiron, desrosj.
Fixes#43405.
Built from https://develop.svn.wordpress.org/trunk@44628
git-svn-id: http://core.svn.wordpress.org/trunk@44459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset uses the API functions introduced in [44476] to link to the resource about updating PHP when highlighting a plugin's required PHP version is not met. It furthermore expands them, introducing a new `wp_update_php_annotation()` function that prints the markup to indicate that the default URL has been altered by the web host, allowing it to be reused universally.
Furthermore, this changeset adds missing `update_php` capability checks before displaying the information about updating PHP.
Props afragen.
Fixes#45986. See #43986, #45686.
Built from https://develop.svn.wordpress.org/trunk@44627
git-svn-id: http://core.svn.wordpress.org/trunk@44458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Throughout the core privacy functions, `WP_User_Request` instances were stored in variables named both `$request`, and `$request_data`. This changes all occurrences of `$request_data` to `$request` for better consistency.
Props nateallen, bruceallen, garrett-eclipse.
Fixes#44708.
Built from https://develop.svn.wordpress.org/trunk@44606
git-svn-id: http://core.svn.wordpress.org/trunk@44437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [41746], `wp_get_media_creation_timestamp()` was introduced to read the created timestamp for videos from `getID3` in meta whenever possible. This information is useful separately from the dates on the file itself.
This adds the same support audio files by utilizing `wp_get_media_creation_timestamp()` in `wp_read_audio_metadata()`.
Props blob folio, desrosj.
Fixes#42017.
Built from https://develop.svn.wordpress.org/trunk@44528
git-svn-id: http://core.svn.wordpress.org/trunk@44359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces a `WP_Shutdown_Handler` class that detects fatal errors and which extension (plugin or theme) causes them. Such an error is then recorded, and an error message is displayed. Subsequently, in certain protected areas, for example the admin, the broken extension will be paused, ensuring that the website is still usable in the respective area. The major benefit is that this mechanism allows site owners to still log in to their website, to fix the problem by either disabling the extension or solving the bug and then resuming the extension.
Extensions are only paused in certain designated areas. The frontend for example stays unaffected, as it is impossible to know what pausing the extension would cause to be missing, so it might be preferrable to clearly see that the website is temporarily not accessible instead.
The fatal error recovery is especially important in scope of encouraging the switch to a maintained PHP version, as not necessarily every WordPress extension is compatible with all PHP versions. If problems occur now, non-technical site owners that do not have immediate access to the codebase are not locked out of their site and can at least temporarily solve the problem quickly.
Websites that have custom requirements in that regard can implement their own shutdown handler by adding a `shutdown-handler.php` drop-in that returns the handler instance to use, which must be based on a class that inherits `WP_Shutdown_Handler`. That handler will then be used in place of the default one.
Websites that would like to modify specifically the error template displayed in the frontend can add a `php-error.php` drop-in that works similarly to the existing `db-error.php` drop-in.
Props afragen, bradleyt, flixos90, ocean90, schlessera, SergeyBiryukov, spacedmonkey.
Fixes#44458.
Built from https://develop.svn.wordpress.org/trunk@44524
git-svn-id: http://core.svn.wordpress.org/trunk@44355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
