Commit Graph

38065 Commits

Author SHA1 Message Date
Sergey Biryukov
d2342e75d0 Login and Registration: Set a better default value for $wp_error parameter in login_header().
To prevent someone from passing a string (which would not be added to a new `WP_Error` instance), check for `is_wp_error()` explicitly.

Props desrosj, chetan200891, spyderbytes, lbenicio, sebastien@thivinfo.com, abdullahramzan.
Merges [43457] to the 4.9 branch.
Fixes #44052.
Built from https://develop.svn.wordpress.org/branches/4.9@43458


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 14:14:27 +00:00
Sergey Biryukov
665b28aad0 Privacy: use wp_login_url() for the link in the user confirmation email.
Props desrosj, usmankhalid.
Merges [43379] to the 4.9 branch.
Fixes #44353.
Built from https://develop.svn.wordpress.org/branches/4.9@43456


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:54:26 +00:00
Sergey Biryukov
30b402c24b Privacy: append (Draft) to draft page titles in the page drop-down on the Privacy Settings screen.
Props allendav, desrosj.
Merges [43376] and [43454] to the 4.9 branch.
Fixes #44100.
Built from https://develop.svn.wordpress.org/branches/4.9@43455


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:52:26 +00:00
Sergey Biryukov
8040b247a4 Privacy: on the Privacy Settings screen change view to preview when a draft page is selected for the privacy policy.
Props garrett-eclipse, desrosj.
Merges [43374] to the 4.9 branch.
Fixes #44131.
Built from https://develop.svn.wordpress.org/branches/4.9@43453


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:30:26 +00:00
Sergey Biryukov
14a11fc4db Privacy: Change @since entry for user_request_confirmed_email_subject filter added in [43373] to 4.9.8.
Merges [43451] to the 4.9 branch.
Fixes #44382.
Built from https://develop.svn.wordpress.org/branches/4.9@43452


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:24:27 +00:00
Sergey Biryukov
8f33283493 Privacy: add user request type to the admin notification email subject.
Merges [43375] to the 4.9 branch.
Props birgire, desrosj.
Fixes #44099.
Built from https://develop.svn.wordpress.org/branches/4.9@43450


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 12:09:26 +00:00
Sergey Biryukov
9ad59101ab Privacy: do not show the comment cookies opt-in checkbox (on the front-end comments form) when comment cookies are disabled.
Props felipeelia, johnbillion.
Merges [43370] to the 4.9 branch.
Fixes #44342.
Built from https://develop.svn.wordpress.org/branches/4.9@43449


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 12:07:25 +00:00
Sergey Biryukov
b74a18dc8b Privacy: Silence is golden and invisible.
"Be more discrete." declared matt in [3155], and since then, "Silence is Golden" has been the calling card of placeholder index files. Historically, these have been php files, but [43012] changed that and added index.html files for privacy export generated folders.

The php silence files produce no visible content. This adds consistency with these new html files in that there will be no visible content. Silence will fall when the question is asked.

Merges [43446] to the 4.9 branch.
Fixes #44195.
Props audrasjb, rafsuntaskin, Ov3rfly, johnbillion, pento
Built from https://develop.svn.wordpress.org/branches/4.9@43448


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 12:02:29 +00:00
Gary Pendergast
595cd450eb REST API: Filter responses based on the _fields parameter, before data is processed.
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.

This change causes `_fields` to be applied earlier, so that only requested fields are processed.

Merges [43087] to the 4.9 branch.

Props danielbachhuber.
See #43874.


Built from https://develop.svn.wordpress.org/branches/4.9@43445


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 06:51:27 +00:00
Gary Pendergast
cb0ea9d291 Emoji: Update Twemoji to version 11.0.
🦹

Backport of [43377] to the 4.9 branch.

Props kraftbj,
Fixes #44339.


Built from https://develop.svn.wordpress.org/branches/4.9@43444


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 06:37:26 +00:00
Gary Pendergast
547a500699 REST API: Tweak permission checks for taxonomy and term endpoints
To match behaviour in the Classic Editor, we need to slightly loosen permissions on taxonomy and term endpoints. This allows users to create terms to assign to a post that they're editing.

Merges [43440] to the 4.9 branch.

Props danielbachhuber.
Fixes #44096.


Built from https://develop.svn.wordpress.org/branches/4.9@43443


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 06:29:25 +00:00
Gary Pendergast
d802d709c7 REST API: Expose revision count and last revision ID on Post response
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.

Merge of [43439] and [43441] to the 4.9 branch.

Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs, pento.
Fixes #44321.


Built from https://develop.svn.wordpress.org/branches/4.9@43442


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 06:14:25 +00:00
Gary Pendergast
26f6aeaeea REST API: Declare user capabilities using JSON Hyper Schema's "targetSchema".
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.

Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.

This change also includes flags on post objects for the following actions:

- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.

Merges [43437] to the 4.9 branch.

Props TimothyBlynJacobs, danielbachhuber.
Fixes #44287.


Built from https://develop.svn.wordpress.org/branches/4.9@43438


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-11 09:21:29 +00:00
Aaron Campbell
cf8c4fa0d8 Bump 4.9 branch to version 4.9.7
Built from https://develop.svn.wordpress.org/branches/4.9@43407


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 16:05:26 +00:00
John Blackbourn
b564da95fb Media: Limit thumbnail file deletions to the same directory as the original file.
Built from https://develop.svn.wordpress.org/branches/4.9@43393


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 14:45:31 +00:00
Andrew Ozz
b4aaf4a73c Privacy: add esc_html to assertion in test_wp_comments_personal_data_exporter.
Props mermel, 1naveengiri.
Merges [43371] to the 4.9 branch.
Fixes #44113.
Built from https://develop.svn.wordpress.org/branches/4.9@43372


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:40:47 +00:00
John Blackbourn
1f5f8129de Security: Harden the random aspect of the hash used for user profile and admin email address changes.
Props BjornW

Fixes #43771

Merges [43367] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@43368


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:39:07 +00:00
John Blackbourn
15054d8a94 Options, Meta APIs: Use the correct escaping function when outputting the meta box context.
Props khaihong, abdullahramzan, leanderiversen, aryamaaru, lbenicio, palmiak

Fixes #44274

Merges [43365] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@43366


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:38:18 +00:00
Sergey Biryukov
cd2f52dda1 Privacy: Make sure wp_add_privacy_policy_content() does not cause a fatal error by unintentionally flushing rewrite rules outside of the admin context.
Add a `_doing_it_wrong()` message describing the correct usage of the function.

Props kraftbj, azaozz, SergeyBiryukov, YuriV.
Merges [43361], [43362], [43363] to the 4.9 branch.
Fixes #44142.
Built from https://develop.svn.wordpress.org/branches/4.9@43364


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:37:26 +00:00
Sergey Biryukov
ea7c189825 Privacy: Only link to menus panel in Customizer if selected privacy page can be accessed there.
Props dlh.
Merges [43343] to the 4.9 branch.
Fixes #44117.
Built from https://develop.svn.wordpress.org/branches/4.9@43358


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:34:55 +00:00
Sergey Biryukov
567d4b0961 Community Events Dashboard: Always show a WordCamp if one is coming up.
WordCamps are celebrations of the local WordPress Community and once a local one is scheduled, people in that community should know it is coming. This adjusts the WordPress Events in the dashboard widgets to always display a WordCamp, even if there are multiple Meetups happening first.

Props iandunn, metalandcoffee, warmlaundry, alejandroxlopez, jorbin.
Merges [42726], [42728], and [43356] to the 4.9 branch.
Fixes #41112.
Built from https://develop.svn.wordpress.org/branches/4.9@43357


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:34:30 +00:00
Sergey Biryukov
e2bf0ae498 Privacy: Remove unnecessary This email has been sent to ###EMAIL### from privacy emails.
The line was copied from the emails that get sent when an email address changes, without considering if it made sense in the new context.

Props iandunn, ianbelanger, desrosj.
Merges [43353] to the 4.9 branch.
Fixes #44030.
Built from https://develop.svn.wordpress.org/branches/4.9@43354


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:33:14 +00:00
Sergey Biryukov
eaf96830ce Privacy: Fix typo in default privacy policy text.
Props garetharnold, abdullahramzan.
Merges [43350] to the 4.9 branch.
Fixes #44166.
Built from https://develop.svn.wordpress.org/branches/4.9@43351


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:31:57 +00:00
Sergey Biryukov
1bb5174584 Posts, Post Types: Clear post password cookie when logging out.
Props skoldin, subrataemfluence, ianbelanger, johnbillion.
Merges [43317] and [43318] to the 4.9 branch.
Fixes #44089.
Built from https://develop.svn.wordpress.org/branches/4.9@43349


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:31:05 +00:00
Sergey Biryukov
ddc8032efd Users: In wp_validate_user_request_key(), properly return the WP_Error object in case the confirmation email has expired.
Props itowhid06.
Merges [43331] to the 4.9 branch.
Fixes #44298.
Built from https://develop.svn.wordpress.org/branches/4.9@43342


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:28:08 +00:00
John Blackbourn
d668b72f5b Build/Test Tools: Allow the unit test framework to be used without the data directory in place.
Fixes #43982

Merges [43315] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@43316


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-25 22:48:28 +00:00
Boone Gorges
30b40c8f52 Taxonomy: Improve cache handling when querying for terms using all_with_object_id.
When a term query using `fields=all_with_object_id` hits the cache, the
cached `stdClass` objects must be converted to `WP_Term` objects. This
was overlooked when `WP_Term_Query` was refactored to support object
queries in [38667].

Merges [43313] to the 4.9 branch.

Props dlh.
Fixes #44221.

Built from https://develop.svn.wordpress.org/branches/4.9@43314


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-25 01:26:29 +00:00
Sergey Biryukov
5129da3af5 Docs: Document the cookies default comment field added in [42772].
Props desrosj, chetan200891.
Merges [43304] to the 4.9 branch.
See #44125.
Built from https://develop.svn.wordpress.org/branches/4.9@43306


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 13:17:25 +00:00
Sergey Biryukov
98eb869d8b Docs: Add missing documentation and duplicate hook references for wp_privacy_personal_data_export_file, wp_privacy_personal_data_exporters, and wp_privacy_personal_data_erasers hooks.
Props birgire.
Merges [43303] to the 4.9 branch.
See #44125.
Built from https://develop.svn.wordpress.org/branches/4.9@43305


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 13:16:25 +00:00
Sergey Biryukov
f1773beb0c Widgets: Allow basic inline tags in wp_sidebar_description().
The customizer has allowed HTML in sidebar descriptions since adding support for sidebars. This change ensures that basic HTML is also allowed for them in the widgets admin screen.

Props flixos90.
Merges [43275] to the 4.9 branch.
Fixes #42608.
Built from https://develop.svn.wordpress.org/branches/4.9@43302


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 12:43:27 +00:00
Sergey Biryukov
e782caa1e7 Comments: Escape permalink values on edit screen to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props 1naveengiri, joyously.
Merges [43290] to the 4.9 branch.
Fixes #44115.
Built from https://develop.svn.wordpress.org/branches/4.9@43301


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 12:40:26 +00:00
Sergey Biryukov
4d9aadc80c Privacy: Correct the error check when creating an export folder in wp_privacy_generate_personal_data_export_file().
`wp_mkdir_p()` returns `false` on error, not a `WP_Error` object.

Props birgire.
Merges [43299] to the 4.9 branch.
Fixes #44158.
Built from https://develop.svn.wordpress.org/branches/4.9@43300


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 12:02:29 +00:00
Dominik Schilling
09734c5576 Branch 4.9 is now 4.9.7-alpha.
Built from https://develop.svn.wordpress.org/branches/4.9@43298


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-17 19:57:27 +00:00
iandunn
0afda3e678 Bump 4.9 branch to version 4.9.5.
Built from https://develop.svn.wordpress.org/branches/4.9@43296


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-17 18:56:26 +00:00
iandunn
05d3ae380d Bundled Themes: Bump version numbers and update changelogs for 4.9.6 release
Also, updates POT files for Twenty Ten and Twenty Eleven.

Props earnjam, laurelfulford.
Merges [43293] to the 4.9 branch.
Fixes #43915.

Built from https://develop.svn.wordpress.org/branches/4.9@43295


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-17 18:27:27 +00:00
iandunn
d097213a7b Bundled Themes: Add link to privacy policy page in footer.
If a privacy policy has been set, then a link to it will automatically be shown in the footer.

The element containing the "Proudly powered by WordPress" link was chosen for the new policy link, in order to minimize visual conflicts with custom CSS that was written before the new link existed. Unfortunately, some minor conflicts are expected and unavoidable. Adding this link is required as part of GDPR compliance, and the benefits outweigh the downsides. 

To further mitigate the conflicts, a new imprint class was added to the "Proudly powered..." link, in order to facilitate targeting each link invididually with custom styles.

This was accidentally not backported to the `4.9` branch before the beta/RC phase, but there was a consensus that it is safe to do that this late in the release cycle. 
See https://wordpress.slack.com/archives/C02RQBWTW/p1526577643000132.
See https://wordpress.slack.com/archives/C02RQBWTW/p1526580781000240.

Props xkon, laurelfulford, birgire, azaozz, iandunn.
Merges [43051] to the 4.9 branch.
See #43715.

Built from https://develop.svn.wordpress.org/branches/4.9@43294


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43123 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-17 18:21:26 +00:00
iandunn
bed757a726 Post WordPress 4.9.6 RC 2 version bump.
Built from https://develop.svn.wordpress.org/branches/4.9@43289


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 21:29:26 +00:00
iandunn
68c6632f86 WordPress 4.9.6 RC 2.
Built from https://develop.svn.wordpress.org/branches/4.9@43288


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 21:20:27 +00:00
iandunn
4bfee774d5 Privacy: Require manage_privacy_options to edit policy page.
A user is required to have the `manage_privacy_options` capability in order to determine which page is set as the privacy policy (the `wp_page_for_privacy_policy`). Given that, it doesn't make sense to allow users without that capability to edit or delete the page. 

A similar situation exists with the `page_for_posts` and `page_on_front` options, but Editors are allowed to edit those pages. The reason that this situation is different is because it is more likely that an administrator will want to restrict modifications to the privacy policy, than it is that they will want to allow modifications. Modifications to the policy often require specialized knowledge of local laws, and can have implications for compliance with those laws.

Props dlh, desrosj.
Merges [43286] to the 4.9 branch.
Fixes #44079.

Built from https://develop.svn.wordpress.org/branches/4.9@43287


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:59:25 +00:00
Andrew Ozz
f4a436c522 Privacy: Rename exports folder to avoid deleting other files.
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.

To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.

The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.

Props johnjamesjacoby, allendav.
Merges [43284] to the 4.9 branch.
Fixes #44091.
Built from https://develop.svn.wordpress.org/branches/4.9@43285


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:32:26 +00:00
Andrew Ozz
2062f3f891 Privacy: use the more compatible word-break: break-all;, see [43278].
Merges [43282] to the 4.9 branch.
See #44092.
Built from https://develop.svn.wordpress.org/branches/4.9@43283


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:09:26 +00:00
Andrew Ozz
d78a4944a2 Privacy: fix styling of the "next steps" buttons on the Export/Erase tools screens when text is long.
Props audrasjb, ianbelanger.
Merges [43278] to the 4.9 branch.
Fixes #44092.
Built from https://develop.svn.wordpress.org/branches/4.9@43281


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 19:45:27 +00:00
Andrew Ozz
3e4f800ee3 Privacy: fix styling of the Privacy Settings buttons on mobile/small screens.
Props ianbelanger, azaozz.
Merges [43279] to the 4.9 branch.
Fixes #44093.
Built from https://develop.svn.wordpress.org/branches/4.9@43280


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 19:43:28 +00:00
iandunn
d1007dd45c Privacy: require manage_privacy_options capability for showing WP_Privacy_Policy_Content::notice().
Props ocean90.
Merges [43248] to the 4.9 branch.
Fixes #44055.

Built from https://develop.svn.wordpress.org/branches/4.9@43277


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 18:04:25 +00:00
Andrew Ozz
61322a844a Privacy: Reposition log in policy link to avoid overlapping elements.
Previously, the link used absolute positioning, in order to stick it at the bottom of the page. That was done in order to create visual separation between it and the "action" links, like "Lost Your Password?"

The absolute positioning can cause conflicts in some situations, though. For example, if extra text or error notices are added above the form, then the login link would be positioned on top of other elements.

Switching to relative positioning with extra margins avoids those issues, while maintaining the visual separation between the "action" links and the privacy policy link.

Props imath, melchoyce, desrosj, xkon, iandunn.
Merges [43274] to the 4.9 branch.
Fixes #44046.
Built from https://develop.svn.wordpress.org/branches/4.9@43276


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 16:55:46 +00:00
Sergey Biryukov
09fe564f4e Privacy: only remove the "Suggested text has changed" bubble when an admin visits the Privacy Policy Guide screen.
Props azaozz.
Merges [43269] to the 4.9 branch.
Fixes #44063.
Built from https://develop.svn.wordpress.org/branches/4.9@43273


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 15:52:25 +00:00
Sergey Biryukov
9438733d24 Privacy: automatically create a Privacy Policy page when installing WordPress.
Props fclaussen, azaozz.
Merges [42981], [42982], [43243] to the 4.9 branch.
Fixes #43491.
Built from https://develop.svn.wordpress.org/branches/4.9@43272


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 15:30:26 +00:00
Sergey Biryukov
10c9d391a8 Privacy: fix Export and Erase Personal Data list-tables on small screens.
Props ianbelanger, subrataemfluence, desrosj.
Merges [43251] to the 4.9 branch.
Fixes #44026.
Built from https://develop.svn.wordpress.org/branches/4.9@43271


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 15:10:25 +00:00
Andrew Ozz
9b3e2b76b4 Privacy: Escape comment URLs in personal export file to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props birgire.
Merges [43245] to the 4.9 branch.
Fixes #44054.
Built from https://develop.svn.wordpress.org/branches/4.9@43270


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 14:08:29 +00:00
Andrew Ozz
0ffa2fc49b Privacy: add wp_page_for_privacy_policy to populate_options().
Props ocean90.
Merges [43267] to the 4.9 branch.
Fixes #44076.
Built from https://develop.svn.wordpress.org/branches/4.9@43268


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 17:02:26 +00:00