The Site Health tool serves two purposes:
- Provide site owners with information to improve the performance, reliability, and security of their site.
- Collect comprehensive debug information about the site.
By encouraging site owners to maintain their site and adhere to modern best practices, we ultimately improve the software hygeine of both the WordPress ecosystem, and the open internet as a whole.
Props Clorith, hedgefield, melchoyce, xkon, karmatosed, jordesign, earnjam, ianbelanger, wpscholar, desrosj, pedromendonca, peterbooker, jcastaneda, garyj, soean, pento, timothyblynjacobs, zodiac1978, dgroddick, garrett-eclipse, netweb, tobifjellner, pixolin, afercia, joedolson, birgire.
See #46573.
Built from https://develop.svn.wordpress.org/trunk@44986
git-svn-id: http://core.svn.wordpress.org/trunk@44817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduce `validate_plugin_requirements()` for validating a plugin's WordPress and PHP version requirements.
Introduce `wp_is_wp_compatible()` and `wp_is_php_compatible()` for checking compatibility with the current WordPress or PHP version.
Props afragen, joyously, DrewAPicture, TimothyBlynJacobs, desrosj, flixos90, SergeyBiryukov.
See #43992.
Built from https://develop.svn.wordpress.org/trunk@44978
git-svn-id: http://core.svn.wordpress.org/trunk@44809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the network admin user table on multisite installs (`WP_MS_Users_List_Table`), this filter allows the classes for the `<span>` tag surrounding each site link to be modified.
Props kraftbj, flixos90, johnjamesjacoby.
Fixes#41146.
Built from https://develop.svn.wordpress.org/trunk@44977
git-svn-id: http://core.svn.wordpress.org/trunk@44808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.
When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.
A link in the admin bar allows the client to exit recovery mode.
Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes#46130, #44458.
Built from https://develop.svn.wordpress.org/trunk@44973
git-svn-id: http://core.svn.wordpress.org/trunk@44804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds code for soft verification of signatures for theme and plugin installs and updates, when provided by the update server. This experimental version does not reject unverified packages or failed signatures; it simply reports anonymous errors so we can evaluate its feasibility and detect incompatibilities.
This code relies on the new sodium_compat library for PHP versions prior to 7.2.
Props dd32, paragoninitiativeenterprises.
See #39309, #45806.
Built from https://develop.svn.wordpress.org/trunk@44954
git-svn-id: http://core.svn.wordpress.org/trunk@44785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of `@wordpress/api-fetch@3.0.0` (introduced in 44812), the `apiFetch` nonce middleware must have its nonce value assigned explicitly, and will no longer listen for heartbeat ticks automatically. This changeset adds an inline script for the default registration of the `api-fetch` script handle to assign the nonce value in response to the heartbeat action. In doing so, it removes the now-unused, misnamed `rest-nonce` property from the heartbeat response, whose original introduction served as temporary compatibility with earlier versions of `@wordpress/api-fetch`.
See https://github.com/WordPress/gutenberg/pull/13451
See #45113
Props adamsilverstein, nerrad .
Fixes#46107 .
Built from https://develop.svn.wordpress.org/trunk@44949
git-svn-id: http://core.svn.wordpress.org/trunk@44780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduced in [29630], this admin notice informs administrators (or network administrators on multisite installs) that the `WPLANG` constant is no longer needed when the locale returned by `get_locale()` does not match. After 5 years, the notice is being removed to avoid causing confusion for non-technical users.
The `_deprecated_argument()` call will persist to inform developers of the issue within log files.
Props flixos90, iworks, ocean90.
Fixes#39675.
Built from https://develop.svn.wordpress.org/trunk@44946
git-svn-id: http://core.svn.wordpress.org/trunk@44777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change ensures that the values of time and date fields for comments and posts (both Classic Editor and quick edit) are consistently aligned in the center of the input fields. The block editor already enforces this alignment separately.
Props birgire, jainnidhi, melchoyce.
Fixes#43675.
Built from https://develop.svn.wordpress.org/trunk@44945
git-svn-id: http://core.svn.wordpress.org/trunk@44776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings the changes in [44937] to the WordPress Updates page in the admin. Now, when a site does not meet the minimum PHP version requirements for a plugin update, the user will not be able to update. Instead, they will be presented with educational information to guide them through the process of updating PHP.
Props afragen, miyauchi, TimothyBlynJacobs, desrosj.
Fixes#44350.
Built from https://develop.svn.wordpress.org/trunk@44939
git-svn-id: http://core.svn.wordpress.org/trunk@44770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes a case where saving in the block editor fails if there are two `_wpnonce` arguments in the request, one overriding the other so that `use_block_editor_for_post()` wasn't able to check the nonce properly.
Props Chouby.
See #45253.
Built from https://develop.svn.wordpress.org/trunk@44938
git-svn-id: http://core.svn.wordpress.org/trunk@44769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a plugin states it requires a specific minimum PHP version (as defined in the `requires_php` field included in the plugin update API response), a user should not be allowed to update that plugin when the server does not satisfy the minimum PHP version.
When this scenario is encountered, the update buttons and links are disabled and links to educational resources about PHP are displayed to the user with a notice.
Props afragen, schlessera, desrosj.
Fixes#43987.
Built from https://develop.svn.wordpress.org/trunk@44937
git-svn-id: http://core.svn.wordpress.org/trunk@44768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- standardizes the Comment count string to `%s Comment in moderation', '%s Comments in moderation` so it can be bulk-updated
- adds the string as visually hidden text in the admin menu
- introduces an `updateInModerationText` JS simple function, responsible to correctly update all the related text using the data from the AJAX response
- adds a visually hidden text "1 Privacy Policy update" to the Privacy menu items count
- adds/improves translators comments
Changes that apply to all the count bubbles (Updates, plugins, etc.)
- makes the bubbles and their text slightly bigger
- improves the active menu item bubble contrast by changing the background color to red (option 2 in the screenshot attached in a previous comment)
Props adamsoucie, afercia.
Fixes#33030.
Built from https://develop.svn.wordpress.org/trunk@44924
git-svn-id: http://core.svn.wordpress.org/trunk@44755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `populate_site_meta` filter can be used to modify the site meta added during the creation of a new site. This filter mirrors the approach used for networks in `populate_network_meta`.
Props spacedmonkey, davidbaumwald.
Fixes#46437.
Built from https://develop.svn.wordpress.org/trunk@44912
git-svn-id: http://core.svn.wordpress.org/trunk@44743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some "visual tabs" in the WordPress admin used links wrapped in a `h2` heading. While these tabs look like ARIA tabs, they're just navigation menus and should be marked-up as such to be correctly exposed to assistive technologies.
- changes the wrapping `<h2>` to a `<nav>` element: worth reminding `<nav>` elements also define ARIA landmarks
- adds an `aria-label` to the `<nav>` elements so they can be distinguished from other `<nav>` elements in the page
- adjusts the headings level in the Credits page
Props audrasjb, afercia.
Fixes#43398.
Built from https://develop.svn.wordpress.org/trunk@44905
git-svn-id: http://core.svn.wordpress.org/trunk@44736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Old browsers didn't support the HTML placeholder attribute. For a number of years, `<label>` elements have been used in a few places in WordPress to emulate placeholders. It's time to improve semantics and interaction, use real placeholders when possible, and clean up some JavaScript.
- Quick Draft widget: it now uses visible `<label>` elements and a real `placeholder` attribute
- removes the related JavaScript
- Post title:
- keeps the "prompt" label for backwards compatibility
- improves the JavaScript to make the "prompt" label stay visible on focus and disappear when typing, like real placeholder do
- changes the post "prompt" text from "Enter title here" to "Add title" for consistency with the Block Editor
- cleans-up some CSS
Props Cheffheid, afercia.
Fixes#42390.
Built from https://develop.svn.wordpress.org/trunk@44896
git-svn-id: http://core.svn.wordpress.org/trunk@44727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- makes the "Cancel" button always visible: this allows to generate a new password also on small screens
- moves focus back to the Generate Password button when closing the form
- changes the password reset show/hide button from a clickable `<span>` element to a real `<button>` element
- improves the CSS
Props janak007, afercia.
Fixes#42853.
Built from https://develop.svn.wordpress.org/trunk@44895
git-svn-id: http://core.svn.wordpress.org/trunk@44726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- debounces the widgets search to avoid multiple `speak()` audible messages while typing: search results and messages are now triggered when users stop typing
- clarifies the Remove button title attribute
- removes a couple unnecessary `preventDefault()`
Props davetgreen, afercia.
Fixes#28888.
Built from https://develop.svn.wordpress.org/trunk@44825
git-svn-id: http://core.svn.wordpress.org/trunk@44657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only `a` and `br` tags were allowed in the `value` table cell for each field included in the HTML file generated when a user is exporting their personal data. Instead of relying on a hardcoded list of allowed tags, the `wp_kses()` call in `wp_privacy_generate_personal_data_export_group_html()` will now fallback to the default list of allowed tags (which includes `i`, `strong`, `em`, and other basic HTML formatting tags).
Also, a new context of `personal_data_export` will now be passed to the `wp_kses()` call. As a result, the list of HTML tags and attributes allowed in the export file can now be filtered using the `wp_kses_allowed_html` filter and checking for the `personal_data_export` context.
Fixes#44044.
Props tz-media, desrosj, pento, birgire, garrett-eclipse.
Built from https://develop.svn.wordpress.org/trunk@44824
git-svn-id: http://core.svn.wordpress.org/trunk@44656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [34891], `WP_Screen` was updated with methods to store, retrieve, and render screen reader text used by screens with `WP_List_Table` instances. When the export/erase personal data list tables were introduced in [42967], these headings were missing.
Fixes#46041.
Props afercia, xkon, garrett-eclipse, desrosj.
Built from https://develop.svn.wordpress.org/trunk@44821
git-svn-id: http://core.svn.wordpress.org/trunk@44653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `change` event was previously required to ensure that the Customizer picked detected changes to the widget’s content and synced them to the preview. In the current state, though, the `trigger( ‘change’ )` is no longer required and is causing issues with the widget’s “Done” and “Save” buttons.
Fixes#45335.
Props audrasjb, afercia, westonruter.
Built from https://develop.svn.wordpress.org/trunk@44816
git-svn-id: http://core.svn.wordpress.org/trunk@44648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A direct URL to where a user can update PHP for their website can now be specified in one of two ways:
- Defining the `WP_DIRECT_UPDATE_PHP_URL` environment variable.
- Returning a URL to the `wp_direct_php_update_url` filter.
When a URL is specified, an additional “Update PHP” button will be displayed at the bottom of the Core dashboard widget informing administrators that their site is running an outdated version of PHP (see [42832]).
Fixes#46074.
Props afragen, desrosj, lukecarbis.
Built from https://develop.svn.wordpress.org/trunk@44814
git-svn-id: http://core.svn.wordpress.org/trunk@44646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`<button>` elements are natively interactive, supported by any assistive technology, and must be used instead of non-semantic, non-accessible `<div>` elements.
Also, this change aligns the Media Widgets and the Customizer site icon and site logo controls with the design pattern used in the new Block Editor for similar controls.
Props ramonopoly, welcher, afercia.
Fixes#43151.
Built from https://develop.svn.wordpress.org/trunk@44796
git-svn-id: http://core.svn.wordpress.org/trunk@44628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filter is only run if the wordpress.org API considers the PHP version acceptable. This ensures that other plugins or hosting providers can only make this check stricter, but not loosen it.
Props j-falk, mikeschroder.
Fixes#46065.
Built from https://develop.svn.wordpress.org/trunk@44788
git-svn-id: http://core.svn.wordpress.org/trunk@44620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In 4.9.6, several new privacy related features were introduced. Admin pointers were included to make administrators aware of these features. They have served their purpose and can now go silently into the night.
Props garrett-eclipse, desrosj, xkon.
Fixes#45999.
Built from https://develop.svn.wordpress.org/trunk@44787
git-svn-id: http://core.svn.wordpress.org/trunk@44619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Similar to `editor-color-palette`, a theme or plugin should be able to set the theme support for `editor-font-sizes` to an empty array, indicating that no additional font sizes should be available in the block’s ‘Text Settings’. The current conditional was using `empty()`, which was incorrectly causing the default font sizes to be used instead.
Props jorgefilipecosta, chrisvanpatten, SergeyBiryukov.
Fixes#46290.
Built from https://develop.svn.wordpress.org/trunk@44782
git-svn-id: http://core.svn.wordpress.org/trunk@44614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With the exception of the "Edit" link, the "row actions" controls in the Comments table behave differently depending if JavaScript support is on or off.
When JavaScript support is off, they behave like links. When JavaScript support is on, they behave like buttons and they need to be buttons or have an ARIA `role="button"` added via JavaScript.
Lastly, the buttons in the Reply/Quick Edit form and the "Add Comment" in the edit post page meta box need to be buttons.
Fixes#43412.
Built from https://develop.svn.wordpress.org/trunk@44759
git-svn-id: http://core.svn.wordpress.org/trunk@44591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The custom date/time format previews in General Settings were updated only when blurring the related input fields. With this change, they're now updated when users finish typing a custom format, properly debouncing the `input` event callback.
Props dilipbheda, Girishpanchal.
Fixes#43364.
Built from https://develop.svn.wordpress.org/trunk@44758
git-svn-id: http://core.svn.wordpress.org/trunk@44590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Proximity of related information is an inclusive design principle that benefits everyone and it's particularly important for users with reduced visual field, low vision, or other vision or cognitive impairments. User interface controls that are logically grouped should be placed close to each other.
Also, this change makes the buttons visual order and the DOM order match.
Fixes#45972.
Built from https://develop.svn.wordpress.org/trunk@44757
git-svn-id: http://core.svn.wordpress.org/trunk@44589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit also moves the images to s.w.org, removes the old "Gutenberg has been deactivated" warning, as well as removing some old JS from About pages of years gone past.
Props melchoyce, ryelle, paaljoachim, karmatosed, pento.
Fixes#46161.
Built from https://develop.svn.wordpress.org/trunk@44749
git-svn-id: http://core.svn.wordpress.org/trunk@44581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Gutenberg plugin will not be deactivated on sites upgrading to WordPress 5.1. This deprecates the `upgrade_500_was_gutenberg_active` option and the `upgrade_500()` function as they are no longer required.
Props peterwilsoncc.
Fixes#46029.
Built from https://develop.svn.wordpress.org/trunk@44732
git-svn-id: http://core.svn.wordpress.org/trunk@44563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Modifies the jQuery selector for determining hidden columns to ensure they are detected when the expanded columns details are closed.
Adds high-specificity selectors specifically for setting screen options in the comments and plugins lists.
Props afercia.
Fixes#46005.
Built from https://develop.svn.wordpress.org/trunk@44722
git-svn-id: http://core.svn.wordpress.org/trunk@44553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to the high number of follow-up tickets and associated security concerns, it was decided to reschedule the fatal error recovery feature for WordPress 5.2, in order to address these issues properly. The feature will continue to be developed, with iterations being merged into trunk early in the 5.2 release cycle.
Fixes#46141. See #44458, #45932, #45940, #46038, #46047, #46068.
Built from https://develop.svn.wordpress.org/trunk@44717
git-svn-id: http://core.svn.wordpress.org/trunk@44548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the Edit Comment page:
- moves the "Author" `h2` heading out of the form fieldset
- removes an unnecessary `<span>` element
- adds a visually hidden legend element to the fieldset
- uses an existing string "Comment Author"
Fixes#43586.
Built from https://develop.svn.wordpress.org/trunk@44712
git-svn-id: http://core.svn.wordpress.org/trunk@44543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `Language_Pack_Upgrader::clear_destination()` to clear existing translations before installing new translations. Ensures that unused translations in JSON format are cleaned up.
Props dd32, swissspidy, ocean90.
Fixes#45468.
Built from https://develop.svn.wordpress.org/trunk@44676
git-svn-id: http://core.svn.wordpress.org/trunk@44507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `WP_Shutdown_Handler` name plus related function names were premature when originally committed, as there can be multiple shutdown handlers in PHP, and WordPress makes use of that feature. This changeset modifies the name to a more appropriate `WP_Fatal_Error_Handler`, and related to that changes the following names:
* The drop-in to override the handler is now called `fatal-error-handler.php`.
* The internal function `wp_register_premature_shutdown_handler` is now called `wp_register_fatal_error_handler()`.
In addition to these naming changes, a new constant `WP_DISABLE_FATAL_ERROR_HANDLER` is introduced that can be set in `wp-config.php` to entirely disable the fatal error handler. That constant's value is and should be accessed indirectly via a new `wp_is_fatal_error_handler_enabled()` function and is filterable via a new `wp_fatal_error_handler_enabled` hook. Note that disabling the fatal error handler will skip the new functionality entirely, including the potentially used `fatal-error-handler.php` drop-in.
The new set of constant, filter and function provide for an easier-to-use mechanism to disable the fatal error handler altogether, rather than requiring developers to implement a drop-in for purely that purpose.
Props afragen, flixos90, joyously, knutsp, markjaquith, ocean90, schlessera, spacedmonkey.
Fixes#46047. See #44458.
Built from https://develop.svn.wordpress.org/trunk@44674
git-svn-id: http://core.svn.wordpress.org/trunk@44505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When merging, [44244] and [44260] were committed to trunk the opposite way that they were committed to the 5.0 branch. They were originally committed in [43885] and [43861], respectively.
Due to this switch, a change in how the Custom Fields meta box was registered wasn't merged from the 5.0 branch, causing it to not be registered correctly in trunk.
Props dd32, pento.
Fixes#46028.
Built from https://develop.svn.wordpress.org/trunk@44648
git-svn-id: http://core.svn.wordpress.org/trunk@44479 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When Internet Explorer encounters a non interactive element with a `tabindex`
attribute, it adds the element to the accessibility tree with a `role=group` and
an accessible name computed from the element. This prevents JAWS from announcing
any fieldset legend within the element.
- removes `tabindex="0"` from the content and the toolbar containers: these tabindex attributes are no longer needed
- removes `aria-label="Main content"` from the content container: not needed
- keeps the media modal focus fallback introduced in [38142] by making the `#wpbody-content` element focusable only when needed
Props stevefaulkner, aardrian.
Fixes#43154.
Built from https://develop.svn.wordpress.org/trunk@44639
git-svn-id: http://core.svn.wordpress.org/trunk@44470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- properties should be followed by a colon and a space
- media queries shouldn't use spaces within parenthesis
- indentation should use tabs instead of spaces or mixed spaces / tabs
- the content property should use double quotes
- no double spaces
Props nadim0988, afercia.
Fixes#45185.
Built from https://develop.svn.wordpress.org/trunk@44637
git-svn-id: http://core.svn.wordpress.org/trunk@44468 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the Privacy Policy Guide, there is currently a ‘Copy’ button below each section of suggested text. It is unclear what copy means without more context. It could be assumed, for instance, that the suggested text is copied to a new page.
This changes the button text to read `Copy this section to clipboard` to more clearly inform the user what is copied and how.
Props JoshuaWold, garrett-eclipse, birgire, vishaldodiya.
Fixes#44677.
Built from https://develop.svn.wordpress.org/trunk@44629
git-svn-id: http://core.svn.wordpress.org/trunk@44460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows users to sort the export and erase personal data request tables by “Requester” (`post_title`, or user email) and “Requested” (`post_date`, or when the request was created), which can be helpful when sites have many requests present.
Props birgire, ianbelanger, pbiron, desrosj.
Fixes#43405.
Built from https://develop.svn.wordpress.org/trunk@44628
git-svn-id: http://core.svn.wordpress.org/trunk@44459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset uses the API functions introduced in [44476] to link to the resource about updating PHP when highlighting a plugin's required PHP version is not met. It furthermore expands them, introducing a new `wp_update_php_annotation()` function that prints the markup to indicate that the default URL has been altered by the web host, allowing it to be reused universally.
Furthermore, this changeset adds missing `update_php` capability checks before displaying the information about updating PHP.
Props afragen.
Fixes#45986. See #43986, #45686.
Built from https://develop.svn.wordpress.org/trunk@44627
git-svn-id: http://core.svn.wordpress.org/trunk@44458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Throughout the core privacy functions, `WP_User_Request` instances were stored in variables named both `$request`, and `$request_data`. This changes all occurrences of `$request_data` to `$request` for better consistency.
Props nateallen, bruceallen, garrett-eclipse.
Fixes#44708.
Built from https://develop.svn.wordpress.org/trunk@44606
git-svn-id: http://core.svn.wordpress.org/trunk@44437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces in core new focus styles dedicated to Windows High Contrast mode. The
new styles use a transparent CSS outline as already explored in the Block Editor.
This first part covers some of the main user interface controls like buttons, links,
and media views elements. Other parts will be addressed in the next future.
Fixes#41286.
Built from https://develop.svn.wordpress.org/trunk@44544
git-svn-id: http://core.svn.wordpress.org/trunk@44375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sometimes, Safari and VoiceOver read out the text hidden with `screen-reader-text`
in a wrong order. While there's no known, full, solution, it is possible to make
them respect the correct order reliably at least within buttons.
Fixes#42006.
Built from https://develop.svn.wordpress.org/trunk@44543
git-svn-id: http://core.svn.wordpress.org/trunk@44374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `keyup` event was used to provide support for IE8, where which doesn't support the `input` event. As we dropped IE8 support some time ago, this was simply adding unnecessary complexity and double-event triggers.
Props dlh, afercia.
Fixes#32882.
Built from https://develop.svn.wordpress.org/trunk@44539
git-svn-id: http://core.svn.wordpress.org/trunk@44370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [41746], `wp_get_media_creation_timestamp()` was introduced to read the created timestamp for videos from `getID3` in meta whenever possible. This information is useful separately from the dates on the file itself.
This adds the same support audio files by utilizing `wp_get_media_creation_timestamp()` in `wp_read_audio_metadata()`.
Props blob folio, desrosj.
Fixes#42017.
Built from https://develop.svn.wordpress.org/trunk@44528
git-svn-id: http://core.svn.wordpress.org/trunk@44359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces a `WP_Shutdown_Handler` class that detects fatal errors and which extension (plugin or theme) causes them. Such an error is then recorded, and an error message is displayed. Subsequently, in certain protected areas, for example the admin, the broken extension will be paused, ensuring that the website is still usable in the respective area. The major benefit is that this mechanism allows site owners to still log in to their website, to fix the problem by either disabling the extension or solving the bug and then resuming the extension.
Extensions are only paused in certain designated areas. The frontend for example stays unaffected, as it is impossible to know what pausing the extension would cause to be missing, so it might be preferrable to clearly see that the website is temporarily not accessible instead.
The fatal error recovery is especially important in scope of encouraging the switch to a maintained PHP version, as not necessarily every WordPress extension is compatible with all PHP versions. If problems occur now, non-technical site owners that do not have immediate access to the codebase are not locked out of their site and can at least temporarily solve the problem quickly.
Websites that have custom requirements in that regard can implement their own shutdown handler by adding a `shutdown-handler.php` drop-in that returns the handler instance to use, which must be based on a class that inherits `WP_Shutdown_Handler`. That handler will then be used in place of the default one.
Websites that would like to modify specifically the error template displayed in the frontend can add a `php-error.php` drop-in that works similarly to the existing `db-error.php` drop-in.
Props afragen, bradleyt, flixos90, ocean90, schlessera, SergeyBiryukov, spacedmonkey.
Fixes#44458.
Built from https://develop.svn.wordpress.org/trunk@44524
git-svn-id: http://core.svn.wordpress.org/trunk@44355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As many WordPress sites use a static homepage rather than a blog, this link gives a natural next step for new sites owners wanting to configure their site in this manner.
Props professor44, joyously, nielslange, mukesh27, melchoyce.
Fixes#45019.
Built from https://develop.svn.wordpress.org/trunk@44485
git-svn-id: http://core.svn.wordpress.org/trunk@44316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [42832], [42891] and [43006], this changeset refines the core notice informing about an outdated PHP version:
* The link to the Update PHP information page can now be adjusted using either a `WP_UPDATE_PHP_URL` environment variable, or a new `wp_update_php_url` filter.
* If that URL is different from the default one that points to https://wordpress.org/support/update-php/ or its localized equivalent, a note indicates that the linked resource has not been provided by WordPress itself, and the default URL is still linked to as an additional resource.
* The URL for the default information page has been updated to use the slug `update-php` instead of `upgrade-php`.
* `@since` annotations have been updated.
Going forward, admin areas that display information related to the PHP version should use the new function `wp_get_update_php_url()`.
Props afragen, fierevere, flixos90, markjaquith, miss_jwo, nerrad, pento, schlessera, SergeyBiryukov, spacedmonkey.
Fixes#45686. See #41191.
Built from https://develop.svn.wordpress.org/trunk@44476
git-svn-id: http://core.svn.wordpress.org/trunk@44307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The order of the type and variable name in the `param` tags for the `wp_get_default_privacy_policy_content` filter is incorrectly reversed. This moves the two into the correct order.
Props ishitaka, mukesh27.
Fixes#45416.
Built from https://develop.svn.wordpress.org/trunk@44475
git-svn-id: http://core.svn.wordpress.org/trunk@44306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An integer comparison is performed against `control.currentErrorAnnotations`, but `control.currentErrorAnnotations` is actually an array. This fixes that comparison so the content saves correctly.
Props barryceelen.
Fixes#43657.
Built from https://develop.svn.wordpress.org/trunk@44474
git-svn-id: http://core.svn.wordpress.org/trunk@44305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of this commit, WordPress is no longer a simple blogging platform. It's now a comprehensive publishing solution.
This also replaces a couple of other "blog" references that were missed previously.
Props igmoweb, Valer1e, audrasjb, pento.
Fixes#41000.
Built from https://develop.svn.wordpress.org/trunk@44455
git-svn-id: http://core.svn.wordpress.org/trunk@44286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Currently, when viewing the block editor with JavaScript disabled, the user sees a blank admin page with the admin menu sidebar. This adds an admin notice informing the user that JavaScript is required for the new block editor.
Props mkaz, pento, azaozz, ocean90, desrosj.
Fixes#45453.
Built from https://develop.svn.wordpress.org/trunk@44437
git-svn-id: http://core.svn.wordpress.org/trunk@44268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Currently, when an SVG is used as a menu icon, the color is inconsistent with the other, default dashicons and the contrast ratio does not meet the minimum requirement for accessibility.
This updates the base color for the default `fresh` color scheme to ensure consistency and proper contrast.
Props swift, dschalk.
Fixes#44209.
Built from https://develop.svn.wordpress.org/trunk@44353
git-svn-id: http://core.svn.wordpress.org/trunk@44183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [44185], a bug was introduced where hierarchical post types would not display in the correct default order (hierarchically).
This was caused by a `! isset()` check, which returned `false` after [44185], causing the correct default value to not be applied. This switches that conditional to use an `empty()` check, ignoring the new empty string assignment that was added to prevent a PHP notice when `compact()` is called.
Props davidbinda.
Fixes#45711.
Built from https://develop.svn.wordpress.org/trunk@44338
git-svn-id: http://core.svn.wordpress.org/trunk@44168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In PHP 7.3, the `compact()` function has been changed to issue an `E_NOTICE` level error if a passed string refers to an unset variable. In previous versions of PHP, this notice was silently skipped. This fixes a few more instances of unset variables in the WordPress admin.
The full RFC can be viewed here: https://wiki.php.net/rfc/compact.
See #44416.
Merges [44185] into trunk.
Fixes#45483.
Built from https://develop.svn.wordpress.org/trunk@44297
git-svn-id: http://core.svn.wordpress.org/trunk@44127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a meta box is registered with the `__block_editor_compatible_meta_box` set to `false`, it's indicating that it doesn't work in the block editor. If that's the case, we can add a place holder to inform the user that they'll need to use the classic interface to work with this meta box.
Props pento, jorgefilipecosta, peterwilsoncc, karmatosed, noisysocks, dd32, ocean90.
Merges [43941] and [43945] to trunk.
Fixes#45217.
Built from https://develop.svn.wordpress.org/trunk@44280
git-svn-id: http://core.svn.wordpress.org/trunk@44110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The version is set properly and the scripts are automatically loaded in the footer.
This patch also includes a revert for the reusable blocks enqueue script.
Props pento, swissspidy, youknowriad.
Merges [43942] into trunk.
Fixes#45402.
See #45396.
Built from https://develop.svn.wordpress.org/trunk@44277
git-svn-id: http://core.svn.wordpress.org/trunk@44107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures the "import from JSON" and "export JSON" buttons are shown properly. The script is loaded in the footer because it relies on the DOM being already there.
Props noisysocks, mukesh27.
Merges [43936] into trunk.
Fixes#45396.
Built from https://develop.svn.wordpress.org/trunk@44274
git-svn-id: http://core.svn.wordpress.org/trunk@44104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In RTL languages, WordPress adds `style-editor-rtl.css` editor styles to the global `$editor_styles`.
This patch ignores handling these styles if the file is not preset.
Also, clarify the docs for the return value of the `block_version` function.
Props mostafa.s1990, desrosj, mukesh27.
Merges [43923] and [43924] to trunk.
Fixes#45288, #45342.
Built from https://develop.svn.wordpress.org/trunk@44270
git-svn-id: http://core.svn.wordpress.org/trunk@44100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The About page describes all the great changes in WordPress 5.0.
Highlights:
- Warn users of Gutenberg plugin of its deactivation upon 5.0 upgrade.
- Added illustrations to the Four Freedoms page.
- Include a link to wporg user’s plugin favorites as a way to display only the classic plugin as a suggestion for install.
- Detail the Classic Editor plugin and the support timeline.
Props pixelverbieger, ocean90, karmatosed, pento, boemedia, lonelyvegan, sami.keijonen, TimothyBlynJacobs, xkon, afercia, laurelfulford, joostdevalk, ipstenu, matveb, joen, tinkerbelly, chanthaboune, kjellr, alexislloyd, melchoyce, mcsf, courtney0burton, Otto42, cathibosco, tobifjellner, helen, audrasjb, antpb, jjj, elrae, desrosj, azaozz, joemcgill, skithund, gziolo.
Merges [43913], [43921-43922], [43937-43938], [43946-43947], [43952-43953], [43967-43969] into trunk.
Fixes#45178.
Built from https://develop.svn.wordpress.org/trunk@44264
git-svn-id: http://core.svn.wordpress.org/trunk@44094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Changes of note:
- Includes the new Annotations API package.
- `wp-polyfill-ecmascript.js` is renamed to `wp-polyfill.js`.
- `strip_dynamic_blocks()` has been removed in favor of `excerpt_remove_blocks()`.
- The PHP block parser is now syncing from the `block-serialization-default-parser` package.
- `do_blocks()` uses the new parser.
- The `do_block` filter has been removed from `do_blocks()`, in favor of a `render_block` filter in `render_block()`.
Also, a little cleanup to `render_block()`. Always normalize `$block['attrs’]` to array in `’render_block’` filter.
Props pento, azaozz.
Merges [43884] and [43888] to trunk.
See #45145, #45190, #45264, #45282.
Built from https://develop.svn.wordpress.org/trunk@44261
git-svn-id: http://core.svn.wordpress.org/trunk@44091 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings support for the custom fields meta box into the new block editor.
The `webpack` and `copy-webpack-plugin` packages have also been updated.
This does not bump the `@wordpress` packages like in [43861] because of conflicts with package versions already installed in `trunk`. The packages will be brought up to date in a subsequent merge.
Merges [43861] and [43863] into trunk.
See #45145.
Fixes#45257.
Built from https://develop.svn.wordpress.org/trunk@44260
git-svn-id: http://core.svn.wordpress.org/trunk@44090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the TinyMCE inline scripts were added on the `init` action in the block editor. In the classic editor, however, these scripts are loaded when the TinyMCE window is printed, and some plugins rely on them being loaded later, so they can attach to the appropriate filters.
Props pento.
Merges [43901] to trunk.
Fixes#45338.
Built from https://develop.svn.wordpress.org/trunk@44251
git-svn-id: http://core.svn.wordpress.org/trunk@44081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some plugins remove the Custom Fields meta box, particularly when they provide functionality that replaces it. The block editor would correctly not display this meta box in these circumstances, but it still showed the option to display or hide it.
Props pento, noisysocks.
Merges [43885] to trunk.
See #45282.
Built from https://develop.svn.wordpress.org/trunk@44244
git-svn-id: http://core.svn.wordpress.org/trunk@44074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Lacking an appropriate action in the classic editor, plugins that add meta boxes have historically hooked into various actions in order to add hidden input fields.
This change also adds backwards compatibility for two of the most common: `edit_form_after_title`, and `edit_form_advanced`.
Props pento, danielbachhuber.
Merges [43882] to trunk.
Fixes#45283.
Built from https://develop.svn.wordpress.org/trunk@44241
git-svn-id: http://core.svn.wordpress.org/trunk@44071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a plugin returns a non-string value (or returns `null`) on these filters, it can cause errors in the block editor. Casting them as a string prevents these errors.
Merges [43858] from the 5.0 branch to trunk.
Props dd32.
See #45236.
Built from https://develop.svn.wordpress.org/trunk@44224
git-svn-id: http://core.svn.wordpress.org/trunk@44054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Meta boxes that exist for back compat, or that are incompatible with the block editor aren't displayed, so they don't need an option to display or hide them in the Options dialog.
Merges [43856] from the 5.0 branch to trunk.
Props noisysocks.
Fixes#45249.
Built from https://develop.svn.wordpress.org/trunk@44222
git-svn-id: http://core.svn.wordpress.org/trunk@44052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a followup to [43728], which added the same check, but using the `publicly_queryable` option. This behaviour is incorrect for `_builtin` post types, which go by the logic in `is_post_type_viewable()`, instead.
Merges [43855] from the 5.0 branch to trunk.
Props pento.
See #43278.
Built from https://develop.svn.wordpress.org/trunk@44221
git-svn-id: http://core.svn.wordpress.org/trunk@44051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The block editor needs to duplicate the classic meta box behaviour, so it can extract the registered meta boxes, and import them into the block editor.
To match the classic editor behaviour as closely as possible, this moves the relevant code from the classic editor, into a new function, so it can be called by both.
Merges [43837] from the 5.0 branch to trunk.
Props pento, peterwilsoncc.
Fixes#45172.
Built from https://develop.svn.wordpress.org/trunk@44214
git-svn-id: http://core.svn.wordpress.org/trunk@44044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While the documentation for add_meta_box() specifices that $callback_args should be an array, this has never been enforced, and we have workarounds in place for when it's passed as something other than an array.
Rather than break sites that are passing unexpected data, we can quietly just allow for it, instead.
Props johnjamesjacoby, birgire, pento.
Merges [43838] to trunk.
Fixes#45206.
Built from https://develop.svn.wordpress.org/trunk@44174
git-svn-id: http://core.svn.wordpress.org/trunk@44004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [44149], we can now make twentynineteen the default theme. Twentyseventeen has been a great default, but 5.0 and twentynineteen is guten.
Merges [43809,43954] from the 5.0 branch to trunk.
Fixes#45152.
Props jorbin, SergeyBiryukov, pento, mcsf.
Built from https://develop.svn.wordpress.org/trunk@44151
git-svn-id: http://core.svn.wordpress.org/trunk@43981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When meta boxes are registered, they can use the `__back_compat_meta_box` and `__block_editor_compatible_meta_box` flags, to show whether this registration just exists for if the classic editor is loaded, and whether this meta box is compatible with the block editor.
When a meta box marks itself as incompatible with the block editor, and `WP_DEBUG` is enabled, a warning will show inside that meta box in the classic editor.
As all core meta boxes have been recreated in the block editor, they can be marked with the `__back_compat_meta_box` flag.
Merges [43779] from the 5.0 branch to trunk.
See #45112.
Built from https://develop.svn.wordpress.org/trunk@44132
git-svn-id: http://core.svn.wordpress.org/trunk@43962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To allow the block editor to render meta boxes, it needs to collect information about how those meta boxes are registered, and format it for the block editor to make use of.
Merges [43778] from the 5.0 branch to trunk.
See #45112.
Built from https://develop.svn.wordpress.org/trunk@44131
git-svn-id: http://core.svn.wordpress.org/trunk@43961 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`use_block_editor_for_post()` and `use_block_editor_for_post_type()` determine if the block editor should be loaded.
`get_block_categories()` and `get_block_editor_server_block_settings()` provide data be included while the block editor is loading.
Props pento.
Merges [43762] to trunk.
See #45110.
Built from https://develop.svn.wordpress.org/trunk@44122
git-svn-id: http://core.svn.wordpress.org/trunk@43952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Updates package dependencies to more modern versions, also adds .nvmrc and package-lock.json as followups to [43683] and [43571].
Merge notes: trunk already had an identical .nvmrc. package-lock.json exists in trunk, but has some changes based on the dependency updates.
Props jorbin.
Merges [43684], [43685] and [43686] to trunk.
See #44600.
Fixes#45064.
Built from https://develop.svn.wordpress.org/trunk@43977
git-svn-id: http://core.svn.wordpress.org/trunk@43809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [43437], the link definition implementation caused attachment links to be unexpectedly nested under an attributes key. This changeset restores the prior behavior.
Merges [43681] to trunk.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44750.
Built from https://develop.svn.wordpress.org/trunk@43973
git-svn-id: http://core.svn.wordpress.org/trunk@43805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On small screens, list table actions were cramped. This makes it easy to press the wrong action by mistake. The items are now arranged into a grid and given extra room to create a larger tap-target.
The plugins list table was excluded because it's current layout doesn't match the others, and we should add more space to this in a future commit.
Props jobthomas, ryelle.
Fixes#45024.
Built from https://develop.svn.wordpress.org/trunk@43670
git-svn-id: http://core.svn.wordpress.org/trunk@43499 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For screens wider than 2300px, show 4 colums of search results, as 3 columns looked quite stretched out.
This change also increases the default number of search results from 30 to 36, so that the columns have an even number of results, regardless of whether there are 2, 3, or 4 of them.
Props nielslange.
Fixes#43573.
Built from https://develop.svn.wordpress.org/trunk@43669
git-svn-id: http://core.svn.wordpress.org/trunk@43498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a plugin is activated, it can trigger a warning message if it outputs data at that time. This error message was being run through `__()`, instead of `_n()`, so it wasn't possible to correctly pluralise the message.
Props jamosova.
Fixes#42355.
Built from https://develop.svn.wordpress.org/trunk@43667
git-svn-id: http://core.svn.wordpress.org/trunk@43496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the full edit screen, CPTs that have disabled the `publicly_queryable` option will hide the slug field, as it doesn't need to be edited. This change brings the Quick Edit view into line with that behaviour.
Props bhargavmehta, krutidugade.
Fixes#43278.
Built from https://develop.svn.wordpress.org/trunk@43664
git-svn-id: http://core.svn.wordpress.org/trunk@43493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset makes the new CRUD API for sites introduced in [43548] usable for real-world sites. A new function `wp_initialize_site()`, which takes care of creating a site's database tables and populating them with initial values, is hooked into the site insertion process that is initiated when calling `wp_insert_site()`. Similarly, a new function `wp_uninitialize_site()`, which takes care of dropping a site's database tables, is hooked into the site deletion process that is initiated when calling `wp_delete_site()`.
A new function `wp_is_site_initialized()` completes the API, allowing to check whether a site is initialized. Since this function always makes a database request in its default behavior, it should be called with caution. Plugins that would like to use site initialization in special ways can leverage a `pre_wp_is_site_initialized` filter to alter that default behavior.
The separate handling of the site's row in the `wp_blogs` database table and the actual site setup allows for more flexibility in controlling whether or how a site's data is set up. For example, a unit test that only checks data from the site's database table row can unhook the site initialization process to improve performance. At the same time, developers consuming the new sites API only need to know about the CRUD functions, since the initialization and uninitialization processes happen internally.
With this changeset, the foundation for a sites REST API endpoint is fully available. The previously recommended functions `wpmu_create_blog()` and `wpmu_delete_blog()` now call the new respective function internally. Further follow-up work to this includes replacing calls to `wpmu_create_blog()` with `wp_insert_site()`, `update_blog_details()` with `wp_update_site()` and `wpmu_delete_blog()` with `wp_delete_blog()` throughout the codebase.
As a side-effect of this work, the `wpmu_new_blog`, `delete_blog`, and `deleted_blog` actions and the `install_blog()` function have been deprecated.
Fixes#41333. See #40364.
Built from https://develop.svn.wordpress.org/trunk@43654
git-svn-id: http://core.svn.wordpress.org/trunk@43483 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translators comments.
* Fix placement of some translators comments.
Translators comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools.
The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translators comments.
Includes minor code layout fixes.
Patch `44360-wp-admin-includes-dir.patch` of the series.
Props flipkeijzer, alvarogois, michielatyoast
See #44360
Built from https://develop.svn.wordpress.org/trunk@43598
git-svn-id: http://core.svn.wordpress.org/trunk@43427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the Customizer a notice will show up if there is at least one registered sidebar with its section not being active. In order to achieve that, the count of registered sidebars is compared to the count of active sections in the Widgets panel. Prior to this change, the latter would incorrectly include any sections, even additional sections that do not correspond to a sidebar.
Fixes#43556.
Built from https://develop.svn.wordpress.org/trunk@43588
git-svn-id: http://core.svn.wordpress.org/trunk@43417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Many variables in the JavaScript were defined in the global scope without being explicitly assigned to the window. When built with Webpack, the code gets encapsulated in anonymous functions and those implicit globals get assigned to the wrong scope. This patch prevents that from happening.
Fixes#44371. See #43731.
Built from https://develop.svn.wordpress.org/trunk@43577
git-svn-id: http://core.svn.wordpress.org/trunk@43406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order to get the best result when running `phpcbf` across the codebase, there are some manual tweaks we need to make.
These fall into three categories:
- Fixing incorrectly indented code which has flow-on effects when auto-fixing.
- Tweaking the layout of inline PHP inside HTML tags.
- Moving more complex inline PHP inside HTML tags, to execute earlier.
See #44600.
Built from https://develop.svn.wordpress.org/trunk@43569
git-svn-id: http://core.svn.wordpress.org/trunk@43398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
New functions `wp_insert_site( $data )`, `wp_update_site( $id, $data )` and `wp_delete_site( $id )` are introduced to manage site rows in the `wp_blogs` table, forming the new CRUD API together with the existing `get_site()` / `get_sites()`. The new API provides various benefits over the previously existing API, fixing several cache invalidation issues and being hook-driven so that normalization and validation of the passed data can be fully customized.
New hooks introduced as part of this are the actions `wp_insert_site`, `wp_update_site`, `wp_delete_site`, `wp_validate_site_data` and the filter `wp_normalize_site_data`.
At this point, `wp_insert_site()` does not handle setting up the site's database tables, and `wp_delete_site()` does not handle dropping the site's database tables, so the two can not yet be used directly as full replacements of `wpmu_create_blog()` and `wpmu_delete_blog()`. Managing the site's database tables will be added via hooks as part of the follow-up ticket #41333.
The existing functions `wpmu_create_blog()`, `update_blog_details()`, and `wpmu_delete_blog()` make use of the respective new counterpart and will be obsolete once #41333 has been completed.
Props flixos90, jeremyfelt, spacedmonkey.
Fixes#40364.
Built from https://develop.svn.wordpress.org/trunk@43548
git-svn-id: http://core.svn.wordpress.org/trunk@43377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When Gutenberg is either not installed, or not activated, only show the callout to users with the install_plugins capability.
When Gutenberg is activated, expand that to include all users with the edit_posts capability.
Props pento.
Fixes#44680.
Built from https://develop.svn.wordpress.org/trunk@43543
git-svn-id: http://core.svn.wordpress.org/trunk@43372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
"Be more discrete." declared matt in [3155], and since then, "Silence is Golden" has been the calling card of placeholder index files. Historically, these have been php files, but [43012] changed that and added index.html files for privacy export generated folders.
The php silence files produce no visible content. This adds consistency with these new html files in that there will be no visible content. Silence will fall when the question is asked.
Fixes#44195.
Props audrasjb, rafsuntaskin, Ov3rfly, johnbillion, pento
Built from https://develop.svn.wordpress.org/trunk@43446
git-svn-id: http://core.svn.wordpress.org/trunk@43273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Display a notice with an explanation and the steps required to resolve the issue.
Props afragen, schlessera, flixos90, nerrad, melchoyce, boemedia, hedgefield, joyously, johnalarcon, lakenh, afercia, acirujano, ibantxillo, SergeyBiryukov.
Fixes#43986.
Built from https://develop.svn.wordpress.org/trunk@43436
git-svn-id: http://core.svn.wordpress.org/trunk@43263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings the name in line with user-facing language and similar names of existing related capabilities. Since the capability has not been part of any WordPress release, it can be renamed without any backward-compatibility implications.
Also missing props benhuberman for [43006].
Fixes#44457.
Built from https://develop.svn.wordpress.org/trunk@43381
git-svn-id: http://core.svn.wordpress.org/trunk@43209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These annotations make it clear to the reader of a JavaScript source
where the build process outputs to. These annotations can later be
integrated in a webpack configuration. This way there is one source of
truth.
The `build` folder is omitted from the paths, because a single JS file
shouldn't not be responsible of knowing where outputs in general will
end up at. A file only knows its output location relative to the
project.
Props adamsilverstein, herregroen, omarreiss, pento.
Fixes#44361.
Built from https://develop.svn.wordpress.org/trunk@43347
git-svn-id: http://core.svn.wordpress.org/trunk@43175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In many a strange and curious file of forgotten lore—
While I pondered, blaming Nacin, my notifications suddenly awakened,
As of someone quietly DMing;—DMing me, I can’t ignore.
“’Tis some contributor,” I muttered, “DMing me an idea or four—
Only this and nothing more.”
Ah, distinctly I remember, at WordCamp US, last December;
A mad proposal nearly laid me—down out cold—upon the floor.
Curious, I listened closely;—to a plan I agreed with, mostly—
A way to make our JavaScript—JavaScript which was a chore—
Maintainable, extendable, for the future, is what I saw.
Guten-ready for evermore.
Open here I switch to Slack, when, with many a patch and hack,
In there stepped Omar, a JavaScript developer hardcore;
Pronouncing all the changes fit; ready now to be commit;
“There’s nothing else for us to do,” DMing me, “It’s done!” he swore—
“No longer random guessing at which file need next be explored—
Let’s move on, we’re all aboard.”
Moved all together, grouped and managed, in folders all is packaged,
The code had all been cleaned and tidied, important parts moved to the fore,
“Though this change be useful here,” I said, “it is too large, I fear,
We couldn’t manage such a patch, we’ve done nothing like this before—
Tell me where doth go this change, change to make our codebase soar!”
Quoth Omar, “In WordPress Core.”
Props omarreis for shepherding this significant change.
Props adamsilverstein, aduth, atimmer, dingo_bastard, frank-klein, gziolo, herregroen, jaswrks, jeremyfelt, jipmoors, jorbin, netweb, ocean90, pento, tjnowell, and youknowriad for testing, feedback, discussion, encouragement, commiserations, etc.
I make no apologies for this commit message.
Fixes#43055.
Built from https://develop.svn.wordpress.org/trunk@43309
git-svn-id: http://core.svn.wordpress.org/trunk@43138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.
Props 1naveengiri, joyously.
Fixes#44115.
Built from https://develop.svn.wordpress.org/trunk@43290
git-svn-id: http://core.svn.wordpress.org/trunk@43119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.
To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.
The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.
Props johnjamesjacoby, allendav.
Fixes#44091.
Built from https://develop.svn.wordpress.org/trunk@43284
git-svn-id: http://core.svn.wordpress.org/trunk@43113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the link used absolute positioning, in order to stick it at the bottom of the page. That was done in order to create visual separation between it and the "action" links, like "Lost Your Password?"
The absolute positioning can cause conflicts in some situations, though. For example, if extra text or error notices are added above the form, then the login link would be positioned on top of other elements.
Switching to relative positioning with extra margins avoids those issues, while maintaining the visual separation between the "action" links and the privacy policy link.
Props imath, melchoyce, desrosj, xkon, iandunn.
Fixes#44046.
Built from https://develop.svn.wordpress.org/trunk@43274
git-svn-id: http://core.svn.wordpress.org/trunk@43103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r43158 introduced a new admin pointer for the privacy tools added in 4.9.6. With the previous positioning, though, sometimes the `Dismiss` link would be fixed off screen, making it impossible for the user to dismiss the pointer. This happened when there were enough extra menu items, or when the viewport height was short enough.
This commit repositions the pointer to work around that problem. One down side of this workaround is that the arrow will not always be positioned next to the `Tools` menu, where it should be. That's an acceptable compromise given the current time constraints, though. A long term solution would be to make `WP_Pointer` robust enough to handle this use case.
Props imath, audrasjb, desrosj.
Fixes#44045.
Built from https://develop.svn.wordpress.org/trunk@43246
git-svn-id: http://core.svn.wordpress.org/trunk@43075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue.
An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.
The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.
Props azaozz, xkon, iandunn.
Fixes#43954. See #43953.
Built from https://develop.svn.wordpress.org/trunk@43223
git-svn-id: http://core.svn.wordpress.org/trunk@43052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the pointer overlapped the menu in order to draw attention to the fact that it applies to both the `Tools` and `Settings` menus. That caused a conflict if the menu was collapsed, though, because the icons were covered by the pointer and therefore inaccessible.
Additionally, minor tweaks were made to the text order and formatting. The order of the two sections was swapped in the title and paragraph, in order to match the order of the corresponding menu items. The spacing around headings and paragraphs was tweaked to remove extraneous whitespace.
Props littler.chicken, desrosj, ianbelanger, melchoyce.
Fixes#43961.
Built from https://develop.svn.wordpress.org/trunk@43210
git-svn-id: http://core.svn.wordpress.org/trunk@43039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Separate the guide text form the suggested policy text.
- Add table of content for easier navigation.
- Move the content to tools.php (prevents the settings menu of being open).
- Add a link to the guide from the Privacy settings screen.
Props melchoyce, azaozz.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43203
git-svn-id: http://core.svn.wordpress.org/trunk@43032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r42986 introduced the beginnings of an Ajax handler for processing requests to erase personal data. At the time, a method for marking requests as completed was planned, but had not yet been created. This commit introduces that mechanism, bringing the erasure process closer to completion.
Props coreymckrill, allendav.
Fixes#43922.
Built from https://develop.svn.wordpress.org/trunk@43185
git-svn-id: http://core.svn.wordpress.org/trunk@43014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r43008 refactored the request flow to make several improvements, but accidentally marked `completed` requests as `confirmed`. This commit restores the intended statuses, so that the data and corresponding UI reflect reality.
Props allendav, birgire.
Fixes#43913.
Built from https://develop.svn.wordpress.org/trunk@43183
git-svn-id: http://core.svn.wordpress.org/trunk@43012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.
That can be avoided by reusing the same filename when building fresh archives.
Props desrosj, tz-media, allendav.
Fixes#43905.
Built from https://develop.svn.wordpress.org/trunk@43180
git-svn-id: http://core.svn.wordpress.org/trunk@43009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the user was shown a message that the page was created, but might not understand that they still need to visit the page and publish it. Redirecting them to the page makes it more obvious that additional steps are involved.
Props Clorith, xkon, azaozz.
Fixes#43926.
Built from https://develop.svn.wordpress.org/trunk@43160
git-svn-id: http://core.svn.wordpress.org/trunk@42989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new features are very important for some users, because of their GDPR obligations. They're also spread across multiple top-level menus, making them less discoverable. An admin pointer will help to ensure that users are aware of the new tools and how to find them.
Props desrosj, andreamiddleton, allendav, xkon.
Fixes#43942.
Built from https://develop.svn.wordpress.org/trunk@43158
git-svn-id: http://core.svn.wordpress.org/trunk@42987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.
Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.
Props desrosj, allendav, ocean90.
Fixes#43931.
Built from https://develop.svn.wordpress.org/trunk@43154
git-svn-id: http://core.svn.wordpress.org/trunk@42983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In many common Multisite use cases, the network administrator will want to set a network-wide privacy policy -- via the `privacy_policy_url` filter -- for consistency and convenience. When that's done, the Privacy Settings screen on individual sites becomes unnecessary, and may confuse administrators of those sites when they see that their changes don't have any effect on the policy link in the footer.
Since we can't programatically determine which behavior the network admins would like, the safest default setting is to restrict the ability to super admins, and let them delegate it to individual site owners via a plugin, if they'd like to.
Fixes#43935.
Built from https://develop.svn.wordpress.org/trunk@43147
git-svn-id: http://core.svn.wordpress.org/trunk@42976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The page was originally placed under `Tools` so that it would be grouped with the pages to export and erase personal data, since they're all part of the effort to bring privacy management tools to Core ahead of GDPR's deadline. After more consideration, though, it makes sense to move this page to the `Settings` menu, since it's fundamental purpose is to configure an option, rather than to facilitate a recurring task. This keeps all of the configuration pages in a single place, making them consistent and easier to find.
Exporting and erasing personal data are recurring tasks, so they still make sense under the `Tools` menu.
Props xkon, helen, melchoyce, allendav, desrosj, ocean90, azaozz.
Fixes#43873.
Built from https://develop.svn.wordpress.org/trunk@43145
git-svn-id: http://core.svn.wordpress.org/trunk@42974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In these contexts, "privacy policy" is not a proper noun, and therefore should not be capitalized.
The remaining uses are page titles and section headers, where capitalization is appropriate.
Props idea15, garrett-eclipse, allendav.
Fixes#43435.
Built from https://develop.svn.wordpress.org/trunk@43132
git-svn-id: http://core.svn.wordpress.org/trunk@42961 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The previous sentence was gramatically awkward, and using the term "compliance" could accidentally be mistaken by a site owner for a promise by WordPress that their site will be compliant after using the tool, which is not necessarily true.
Props idea15, allendav, azaozz, iandunn.
See #43435.
Built from https://develop.svn.wordpress.org/trunk@43131
git-svn-id: http://core.svn.wordpress.org/trunk@42960 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Personal data collection is more likely for registered users than casual visitors, and the privacy policy might have been updated since a user last logged in. Those changes could impact the collection of personal data from registered users, so it makes sense to provide a link to the policy before users log in.
Props voneff, xkon, melchoyce, chetan200891, desrosj.
Fixes#43721.
Built from https://develop.svn.wordpress.org/trunk@43120
git-svn-id: http://core.svn.wordpress.org/trunk@42949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.
Props allendav, jeremyfelt, iandunn.
Fixes#43919.
Built from https://develop.svn.wordpress.org/trunk@43085
git-svn-id: http://core.svn.wordpress.org/trunk@42914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43047
git-svn-id: http://core.svn.wordpress.org/trunk@42876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.
`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.
This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.
`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.
Props iandunn, desrosj.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43046
git-svn-id: http://core.svn.wordpress.org/trunk@42875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43045
git-svn-id: http://core.svn.wordpress.org/trunk@42874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- really disables buttons when they look disabled (when navigation is at the first or last theme)
- when navigation is at the first or last theme, moves focus to the other navigation button, to avoid a focus loss
- improves the buttons visually hidden accessibility text
Props walbo, afercia.
Fixes#36627.
Built from https://develop.svn.wordpress.org/trunk@43020
git-svn-id: http://core.svn.wordpress.org/trunk@42849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By making the pagination links use the default style for buttons, color contrast
is improved and the CSS is simplified. Improves consistency with other UI controls.
Also, slightly increases the white space below the pagination links.
Props benoitchantre, afercia.
Fixes#41858.
Built from https://develop.svn.wordpress.org/trunk@43019
git-svn-id: http://core.svn.wordpress.org/trunk@42848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The updated version of the nag is shorter, more on point and less aggressive than the previous one. It integrates better with the other dashboard widgets and fixes several accessibility concerns. A yellow warning color is used when the current PHP version is outdated, a red error color is used when it is also insecure.
Props afercia, birgire, danieltj, flixos90, johnjamesjacoby, karmatosed, Luciano Croce, nerrad, pento, schlessera, SergeyBiryukov, sonjaleix.
Fixes#41191.
Built from https://develop.svn.wordpress.org/trunk@43006
git-svn-id: http://core.svn.wordpress.org/trunk@42835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This iterates on earlier versions of the code, in order to handle more edge cases. An arbitrary string like `or=\"` will now be stripped, as well as reachability scopes like `%eth0`.
Props eamax, soulseekah, iandunn.
Fixes#41083.
Built from https://develop.svn.wordpress.org/trunk@42968
git-svn-id: http://core.svn.wordpress.org/trunk@42797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`edit_user()` can also update user roles but was still using the `edit_users` capability instead of the newer `promote_users` capability introduced in [14176].
This makes the role handling consistent with the bulk dropdown menu for role changes.
Props flixos90, johnjamesjacoby, ocean90.
Fixes#42564.
Built from https://develop.svn.wordpress.org/trunk@42855
git-svn-id: http://core.svn.wordpress.org/trunk@42685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A new global multisite table `wp_blogmeta` is added to the database schema, and a set of `*_site_meta()` API functions are introduced.
The implementation fails gracefully when the new table is not yet available, which may happen especially shortly after the core update, before the network has been upgraded to the new database schema. The presence of the table is detected once and stored as a global setting on the main network.
Core does not yet use site metadata, but there are several use-cases to be implemented or explored in the near future, and it allows plugins to extend sites with arbitrary data, which will come in particularly handy with the upcoming REST API endpoint for sites.
Props spacedmonkey, johnjamesjacoby, jeremyfelt, flixos90.
Fixes#37923.
Built from https://develop.svn.wordpress.org/trunk@42836
git-svn-id: http://core.svn.wordpress.org/trunk@42666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This new dashboard widget is shown on WordPress sites which are powered by a PHP version which WordPress considers outdated, in order to inform site owners about the resulting problems and to explain how to upgrade to a supported version. An education page for that purpose has been previously created that the widget links to. The link is translatable so that localized versions of the page can be referred to as they become available.
The nag follows the example of the Browse Happy dashboard widget and is only visible for administrators, or network administrators when using multisite. To determine whether it needs to be displayed, a new wordpress.org API introduced prior is called that handles the version logic in a centralized location.
Props flixos90, hedgefield, schlessera.
Fixes#41191.
Built from https://develop.svn.wordpress.org/trunk@42832
git-svn-id: http://core.svn.wordpress.org/trunk@42662 1a063a9b-81f0-0310-95a4-ce76da25c4cd