The cover image block uses the `url()` function in its inline CSS, to show the cover image. KSES didn't allow this, causing the block to not save correctly for Author and Contributor users. As KSES does already check each attribute name against an allowed list, we're able to add an extra check for certain attributes to be able to use the `url()` function, too.
Props peterwilsoncc, azaozz, pento, dd32.
See #45067.
Built from https://develop.svn.wordpress.org/branches/5.0@43781
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When meta boxes are registered, they can use the `__back_compat_meta_box` and `__block_editor_compatible_meta_box` flags, to show whether this registration just exists for if the classic editor is loaded, and whether this meta box is compatible with the block editor.
When a meta box marks itself as incompatible with the block editor, and `WP_DEBUG` is enabled, a warning will show inside that meta box in the classic editor.
As all core meta boxes have been recreated in the block editor, they can be marked with the `__back_compat_meta_box` flag.
See #45112.
Built from https://develop.svn.wordpress.org/branches/5.0@43779
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces new `determine_locale()` function for deciding the proper locale to use for a response. Default value is `get_user_locale()` in the admin, and `get_locale()` on the frontend. Because REST API requests are considered frontend requests, `?_locale=user` can be used to render the response in the user's locale.
Also updates `wp-login.php?wp_lang` implementation to benefit from this abstraction.
Props flixos90, mnelson4, swissspidy, TimothyBlynJacobs.
Fixes#44758.
Built from https://develop.svn.wordpress.org/branches/5.0@43776
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`WP_Text_Diff_Renderer_Table` is used to generate the diff view in revisions, but there were some cases that could cause it to take excessive amounts of time to run.
Some noteable cases include:
- When a large number of new lines were inserted in the middle of the post from one revision to the next.
- When both revisions contain >100 lines.
- When either revision contains a lot of long lines.
In one extreme test case, the diff view took over a minute to generate. With this change, it now takes less than a second.
See #35667.
Built from https://develop.svn.wordpress.org/branches/5.0@43775
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43604 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Narrow the scope of the included wp-admin files loaded for `wp_generate_attachment_metadata()`, `wp_handle_upload()`, `wp_tempnam()`, and `wp_handle_sideload()`. Requires only `wp-admin/includes/file.php` and `wp-admin/includes/image.php` instead of `wp-admin/includes/admin.php`.
Props ocean90, lonelyvegan, soulseekah, pratikthink.
Merges [43589], [43604] to the 5.0 branch.
Fixes#43757.
Built from https://develop.svn.wordpress.org/branches/5.0@43773
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Adds `WP_REST_Autosaves_Controller` which extends `WP_REST_Revisions_Controller`.
* Autosaves endpoint is registered for all post types except `attachment` because even post types without revisions enabled are expected to autosave.
* Because setting the `DOING_AUTOSAVE` constant pollutes the test suite, autosaves tests are run last. We may want to improve upon this later.
Props adamsilverstein, aduth, azaozz, danielbachhuber, rmccue.
Fixes#43316.
Built from https://develop.svn.wordpress.org/branches/5.0@43768
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`rest_url()` inconsistent addes slashes to the passed path depending on whether the site has pretty permalinks enabled. Apart from being inconsistent, this also caused the unit tests to fail when pretty permalinks are enabled.
Props frank-klein.
Merges [42250] to the 5.0 branch.
Partially reverts [43720].
Fixes#42452. See #41451, #45017.
Built from https://develop.svn.wordpress.org/branches/5.0@43766
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- `grunt webpack:dev` now copies packages JS into `/src/wp-includes/js/dist`, and CSS into `/src/wp-includes/css/dist`.
- `grunt webpack:prod` does the same, but into `/build` instead of `/src`.
- `grunt build` now runs the `webpack:prod` task.
Props atimmer, pento.
Fixes#45119.
Built from https://develop.svn.wordpress.org/branches/5.0@43760
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The 409 error code is intended for situations where it is expected that the user will resolve the conflict and resubmit the same request. We use 400 error codes for other routes when a duplicate request is made. The 400 status code tells the user they need to modify their request for it to be successful.
Props shooper.
Merges [42354] to the 5.0 branch.
Fixes#42781. See #41370.
Built from https://develop.svn.wordpress.org/branches/5.0@43756
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The permissions error message when a request tries to fetch post statuses unauthenticated is incorrect. It was a copy/paste from elsewhere, as indicated by the use of "in this post type" where this is no post type referenced.
Props schlessera.
Merges [42356] to the 5.0 branch.
Fixes#42303.
Built from https://develop.svn.wordpress.org/branches/5.0@43755
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After [43738], TinyMCE would be loaded earlier than before, which
makes filters run at a different time relative to the loading of
TinyMCE. Fix this by calling `wp_print_scripts` at the location where
TinyMCE would previously be inserted as a `<script>` tag in the page.
Props azaozz, omarreiss.
Fixes#45065.
Built from https://develop.svn.wordpress.org/branches/5.0@43753
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `WP_Block_Parser` class, and the accompanying `parse_blocks()` helper function, can be used to parse an array of blocks out of a content string.
`WP_Block_Parser` is copied from the `@wordpress/block-serialization-default-parser` package. To ensure it stays in sync with the JavaScript parser, changes should be implemented in the package first, then the package version should be upgraded to include the changes.
See #45109.
Built from https://develop.svn.wordpress.org/branches/5.0@43751
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These are the foundational classes allowing blocks to be registered and used throughout WordPress.
This commit also includes the `has_block()` and `has_blocks()` functions, which are required for unit testing these classes.
Props adamsilverstein, danielbachhuber, desrosj.
See #45097, #45109.
Built from https://develop.svn.wordpress.org/branches/5.0@43742
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a `WP_REST_Search_Controller` class which registers a `/wp/v2/search` endpoint. Search types are handled by extending `WP_REST_Search_Handler`. The default search type is `WP_REST_Post_Search_Handler` but can be filtered by plugins or a theme.
Props danielbachhuber, flixos90, pento, rmccue.
Fixes#39965.
Built from https://develop.svn.wordpress.org/branches/5.0@43739
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adjusts the packages registration after [43723]:
* Combine the different registration functions into one
`wp_default_packages` function. To reach this goal move the prefix
logic into a function so it can be called from different locations.
Use a `static` variable there to prevent duplicate inclusion of
`version.php`.
* Call this function from the `wp_default_scripts` action by
registering it as a default filter.
* Combine some of the logic in `_WP_Editors::print_tinymce_scripts`
into `wp_register_tinymce_scripts`. The logic to force an uncompressed
TinyMCE script file stays in `_WP_Editors::force_uncompressed_tinymce`
because that logic is very specific to the classic editor.
* The script handle `wp-tinymce` is now a dependency of the `editor`
script handle. In combination with the previous item, this makes the
classic editor work.
* Adjust the syntax of the script paths to be more consistent with
other WordPress code.
* Always use `"production"` mode for the media files to prevent people
from inadvertently committing development files.
Props pento, omarreiss.
Fixes#45065.
Built from https://develop.svn.wordpress.org/branches/5.0@43738
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order to correctly render parts of its UI, the new editor needs to be aware of the active theme's post-formats and post-thumbnails support. This data is exposed by querying for the active theme on a new /wp/v2/themes endpoint for sufficiently privileged users.
props desrosj.
Fixes#45016.
Built from https://develop.svn.wordpress.org/branches/5.0@43734
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because WP REST API requests aren't identified until `parse_request`, it's impractical to reference the `REST_REQUEST` constant in `wp_debug_mode()`. Instead, it's more helpful to assume that a request wanting a JSON response probably doesn't want PHP errors breaking the response.
Props chrisl27, duanestorey, earnjam.
Fixes#44534.
Built from https://develop.svn.wordpress.org/branches/5.0@43730
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Object type-specific actions that should happen before or after modification of metadata have so far been part of the respective wrapper functions. By using action and filter hooks, this changeset ensures they are always executed, even when calling the lower-level Meta API functions directly, which the REST API does as a prime example.
Props flixos90, spacedmonkey.
Fixes#44467.
Built from https://develop.svn.wordpress.org/branches/5.0@43729
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43558 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the full edit screen, CPTs that have disabled the `publicly_queryable` option will hide the slug field, as it doesn't need to be edited. This change brings the Quick Edit view into line with that behaviour.
Merges [43664] to the 5.0 branch.
Props bhargavmehta, krutidugade.
Fixes#43278.
Built from https://develop.svn.wordpress.org/branches/5.0@43728
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43557 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This functionality will cause the command to be retried up to three times in case of a non-zero return value. Implementing it on commands that perform network requests means that intermittent network failures are less likely to cause a build to fail, as they'll be retried up to three times.
Merges [43645] to the 5.0 branch.
Props johnbillion.
Fixes#44858.
Built from https://develop.svn.wordpress.org/branches/5.0@43724
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows the packages to be consumed by plugins and core itself.
The code has been based on the work done in the Gutenberg plugin.
We've added an array with all the packages and the vendor packages to
loop through. This sets a convention so all packages will be
registered in the same way. This array can eventually be generated by
a webpack plugin.
We need to register TinyMCE explicitly. Previously TinyMCE was used
by inserting custom `<script>` tags into the relevant admin pages.
This is not suitable for the new editor, so we need to explicitly
register TinyMCE. We could, in the future, refactor the custom
`<script>` tags to use the registered TinyMCE script instead.
Polyfills are inserted into the page only when necessary using
`document.write`.
Props omarreiss, herregroen, youknowriad, gziolo.
Fixes#45065.
Built from https://develop.svn.wordpress.org/branches/5.0@43723
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43552 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order for clients to present permalink previews, the REST API must share the computed results of `get_sample_permalink()`. These two values are now exposed as `permalink_template` and `generated_slug` for public, viewable post types, but only for `context=edit`.
Props danielbachhuber, rahulsprajapati.
Fixes#45017.
Built from https://develop.svn.wordpress.org/branches/5.0@43720
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
We decided to split the media webpack config into it's own file. The
main webpack config then combines this file with the packages config.
Include vendor scripts by copying them. We copy the minified files if
they are available. If they aren't available we minify the original
files ourselves.
Props omarreiss, herregroen, gziolo, youknowriad, netweb, adamsilverstein.
See #45065.
Built from https://develop.svn.wordpress.org/branches/5.0@43719
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.
Props adamsilverstein, birgire, flixos90.
Merges [43584-43586], [43647] to the 5.0 branch.
Fixes#40510.
Built from https://develop.svn.wordpress.org/branches/5.0@43716
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An authorized request with the `read_private_posts` capability for a post type should be able to `GET /wp/v2/posts` for posts of `status=private`. This query is further sanity-checked by `WP_REST_Posts_Controller->check_read_permission()`, which is unchanged.
Props rachelbaker, soulseekah, twoelevenjay.
Fixes#43701.
Built from https://develop.svn.wordpress.org/branches/5.0@43694
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Minification is done by uglify, so disable that in the media build.
* The webpack boilerplate has changed, which explains the changes in the build files.
* `ModuleConcatenationPlugin` is enable by default for production builds so we don't have to specify that ourselves.
See #45065.
Built from https://develop.svn.wordpress.org/branches/5.0@43688
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Shrinkwraping is done to keep dependencies the same. Historically, WordPress Core has done it after a release. As the 5.0 branch was created from the 4.9.8 tag which was created from the 4.9 branch, it included it. The 5.0 branch will have some dependency updates so this shrinkwrap is not needed here.
See #45064.
Built from https://develop.svn.wordpress.org/branches/5.0@43683
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because user capabilities can be modified at runtime, the REST API needs to expose them in some evaluated but declarative manner for clients to interpret. JSON Hyper Schema `targetSchema` provides an appropriate paradigm for doing so.
Props timothyblynjacobs.
Fixes#45014.
Built from https://develop.svn.wordpress.org/branches/5.0@43682
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For Gutenberg and other admin-type interfaces, it's
useful to be able to see the visibility settings for
taxonomies.
The original changeset was partially included in [43445].
Merges [42729], [42730], [42973] to the 5.0 branch.
Props joehoyle, TimothyBlynJacobs, pento.
Fixes#42707
Built from https://develop.svn.wordpress.org/branches/5.0@43680
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43509 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When Gutenberg is either not installed, or not activated, only show the callout to users with the `install_plugins` capability.
When Gutenberg is activated, expand that to include all users with the `edit_posts` capability.
4.9 branch commit.
Props pento.
Fixes#44680.
Built from https://develop.svn.wordpress.org/branches/4.9@43544
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43373 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Introduce `try_gutenberg_learn_more_link` filter that allows hosts or site owners to change the link, to provide extra information about Gutenberg, specific to their service.
* Only display the "Install" buttons if we're able to directly write to disk to install the plugins.
* Make sure the "Dismiss" link works correctly.
Props pento, andrew.taylor, leemon.
Fixes#41316.
Built from https://develop.svn.wordpress.org/branches/4.9@43537
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduce an object_subtype argument to the args array for register_meta() which can be used to limit meta registration to a single subtype (e.g. a custom post type or taxonomy, vs all posts or taxonomies).
Introduce register_post_meta() and register_term_meta() wrapper methods for register_meta to provide a convenient interface for the common case of registering meta for a specific taxonomy or post type. These methods work the way plugin developers have often expected register_meta to function, and should be used in place of direct register_meta where possible.
Props flixos90, tharsheblows, spacedmonkey.
Merges [43378] to the 4.9 branch.
Fixes#38323.
Built from https://develop.svn.wordpress.org/branches/4.9@43510
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To encourage folks to prepare for Gutenberg, this new Dashboard box allows site users to easily install and try the Gutenberg plugin now, or to install the Classic Editor plugin before WordPress 5.0 is released.
Props pento, melchoyce, joen, karmatosed, joemcgill, SergeyBiryukov, jorbin, bph, Clorith, afercia, chanthaboune, chrislema, kjellr, matveb, michelleweber.
Fixes#41316.
Built from https://develop.svn.wordpress.org/branches/4.9@43502
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `get_term()` mapping may result in term objects that are `null` or
`WP_Error` when plugins use `get_term` or a related filter. Since `null`
and error objects are not valid results for a term query, we discard
them.
Props GM_Alex.
Merges [43049] and [43491] to the 4.9 branch.
Fixes#42691.
Built from https://develop.svn.wordpress.org/branches/4.9@43492
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some versions of PHP appear to have a memory leak that is occasionally triggered by calling `stream_get_wrappers()`. In order to avoid calling this, we can return early from `wp_is_stream()` when `$path` doesn't contain `://`.
Props pbiron, JPry, dontstealmyfish.
Merges [43466] to the 4.9 branch.
Fixes#44532.
Built from https://develop.svn.wordpress.org/branches/4.9@43484
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `htmledit_pre` and `richedit_pre` filters have been deprecated since 4.3.0, since before `apply_filters_deprecated()` existed. They're now correctly run using `apply_filters_deprecated()`.
Props sebastienthivinfocom, lbenicio, ianbelanger.
Merges [43464] to the 4.9 branch.
Fixes#44341.
Built from https://develop.svn.wordpress.org/branches/4.9@43482
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The functions `send_confirmation_on_profile_email()`, `_wp_privacy_send_request_confirmation_notification()`, `_wp_privacy_send_erasure_fulfillment_notification()`, and `wp_send_user_request()` all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded.
Props subrataemfluence, desrosj.
Merges [43388], [43390], and [43435] to the 4.9 branch.
Fixes#44396.
Built from https://develop.svn.wordpress.org/branches/4.9@43459
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
"Be more discrete." declared matt in [3155], and since then, "Silence is Golden" has been the calling card of placeholder index files. Historically, these have been php files, but [43012] changed that and added index.html files for privacy export generated folders.
The php silence files produce no visible content. This adds consistency with these new html files in that there will be no visible content. Silence will fall when the question is asked.
Merges [43446] to the 4.9 branch.
Fixes#44195.
Props audrasjb, rafsuntaskin, Ov3rfly, johnbillion, pento
Built from https://develop.svn.wordpress.org/branches/4.9@43448
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.
This change causes `_fields` to be applied earlier, so that only requested fields are processed.
Merges [43087] to the 4.9 branch.
Props danielbachhuber.
See #43874.
Built from https://develop.svn.wordpress.org/branches/4.9@43445
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.
Merge of [43439] and [43441] to the 4.9 branch.
Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs, pento.
Fixes#44321.
Built from https://develop.svn.wordpress.org/branches/4.9@43442
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.
Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.
This change also includes flags on post objects for the following actions:
- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.
Merges [43437] to the 4.9 branch.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44287.
Built from https://develop.svn.wordpress.org/branches/4.9@43438
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordCamps are celebrations of the local WordPress Community and once a local one is scheduled, people in that community should know it is coming. This adjusts the WordPress Events in the dashboard widgets to always display a WordCamp, even if there are multiple Meetups happening first.
Props iandunn, metalandcoffee, warmlaundry, alejandroxlopez, jorbin.
Merges [42726], [42728], and [43356] to the 4.9 branch.
Fixes#41112.
Built from https://develop.svn.wordpress.org/branches/4.9@43357
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a term query using `fields=all_with_object_id` hits the cache, the
cached `stdClass` objects must be converted to `WP_Term` objects. This
was overlooked when `WP_Term_Query` was refactored to support object
queries in [38667].
Merges [43313] to the 4.9 branch.
Props dlh.
Fixes#44221.
Built from https://develop.svn.wordpress.org/branches/4.9@43314
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a privacy policy has been set, then a link to it will automatically be shown in the footer.
The element containing the "Proudly powered by WordPress" link was chosen for the new policy link, in order to minimize visual conflicts with custom CSS that was written before the new link existed. Unfortunately, some minor conflicts are expected and unavoidable. Adding this link is required as part of GDPR compliance, and the benefits outweigh the downsides.
To further mitigate the conflicts, a new imprint class was added to the "Proudly powered..." link, in order to facilitate targeting each link invididually with custom styles.
This was accidentally not backported to the `4.9` branch before the beta/RC phase, but there was a consensus that it is safe to do that this late in the release cycle.
See https://wordpress.slack.com/archives/C02RQBWTW/p1526577643000132.
See https://wordpress.slack.com/archives/C02RQBWTW/p1526580781000240.
Props xkon, laurelfulford, birgire, azaozz, iandunn.
Merges [43051] to the 4.9 branch.
See #43715.
Built from https://develop.svn.wordpress.org/branches/4.9@43294
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43123 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A user is required to have the `manage_privacy_options` capability in order to determine which page is set as the privacy policy (the `wp_page_for_privacy_policy`). Given that, it doesn't make sense to allow users without that capability to edit or delete the page.
A similar situation exists with the `page_for_posts` and `page_on_front` options, but Editors are allowed to edit those pages. The reason that this situation is different is because it is more likely that an administrator will want to restrict modifications to the privacy policy, than it is that they will want to allow modifications. Modifications to the policy often require specialized knowledge of local laws, and can have implications for compliance with those laws.
Props dlh, desrosj.
Merges [43286] to the 4.9 branch.
Fixes#44079.
Built from https://develop.svn.wordpress.org/branches/4.9@43287
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.
To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.
The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.
Props johnjamesjacoby, allendav.
Merges [43284] to the 4.9 branch.
Fixes#44091.
Built from https://develop.svn.wordpress.org/branches/4.9@43285
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the link used absolute positioning, in order to stick it at the bottom of the page. That was done in order to create visual separation between it and the "action" links, like "Lost Your Password?"
The absolute positioning can cause conflicts in some situations, though. For example, if extra text or error notices are added above the form, then the login link would be positioned on top of other elements.
Switching to relative positioning with extra margins avoids those issues, while maintaining the visual separation between the "action" links and the privacy policy link.
Props imath, melchoyce, desrosj, xkon, iandunn.
Merges [43274] to the 4.9 branch.
Fixes#44046.
Built from https://develop.svn.wordpress.org/branches/4.9@43276
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43105 1a063a9b-81f0-0310-95a4-ce76da25c4cd