Adjusts the packages registration after [43723]:
Combine the different registration functions into one `wp_default_packages` function. To reach this goal move the prefix logic into a function so it can be called from different locations. Use a static variable there to prevent duplicate inclusion of `version.php`.
Call this function from the `wp_default_scripts` action by registering it as a default filter.
Combine some of the logic in `_WP_Editors::print_tinymce_scripts` into `wp_register_tinymce_scripts`. The logic to force an uncompressed TinyMCE script file stays in `_WP_Editors::force_uncompressed_tinymce` because that logic is very specific to the classic editor.
The script handle `wp-tinymce` is now a dependency of the editor script handle. In combination with the previous item, this makes the classic editor work.
Adjust the syntax of the script paths to be more consistent with other WordPress code.
Always use "production" mode for the media files to prevent people from inadvertently committing development files.
Props pento, omarreiss, atimmer.
Merges [43738] into trunk.
Fixes#45065.
Built from https://develop.svn.wordpress.org/trunk@44115
git-svn-id: http://core.svn.wordpress.org/trunk@43945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows the packages to be consumed by plugins and core itself.
The code has been based on the work done in the Gutenberg plugin.
We've added an array with all the packages and the vendor packages to
loop through. This sets a convention so all packages will be
registered in the same way. This array can eventually be generated by
a webpack plugin.
We need to register TinyMCE explicitly. Previously TinyMCE was used
by inserting custom `<script>` tags into the relevant admin pages.
This is not suitable for the new editor, so we need to explicitly
register TinyMCE. We could, in the future, refactor the custom
`<script>` tags to use the registered TinyMCE script instead.
Polyfills are inserted into the page only when necessary using
`document.write`.
Props omarreiss, herregroen, youknowriad, gziolo, atimmer.
Merges [43723] to trunk.
Fixes#45065.
Built from https://develop.svn.wordpress.org/trunk@44114
git-svn-id: http://core.svn.wordpress.org/trunk@43944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When comparing the old and new values for a meta key being set, ensure both values are sanitized using the same logic so that equal values match.
props boonebgorges, dcavins, MattGeri, pilou69, TimothyBlynJacobs, kadamwhite.
Merges [43740] to trunk.
Fixes#42069.
Built from https://develop.svn.wordpress.org/trunk@44113
git-svn-id: http://core.svn.wordpress.org/trunk@43943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
We decided to split the media webpack config into it's own file. The
main webpack config then combines this file with the packages config.
Include vendor scripts by copying them. We copy the minified files if
they are available. If they aren't available we minify the original
files ourselves.
Props omarreiss, herregroen, gziolo, youknowriad, netweb, adamsilverstein.
Merges [43719] to trunk.
See #45065.
Built from https://develop.svn.wordpress.org/trunk@44112
git-svn-id: http://core.svn.wordpress.org/trunk@43942 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Minification is done by uglify, so disable that in the media build.
* The webpack boilerplate has changed, which explains the changes in the build files.
* ModuleConcatenationPlugin is enable by default for production builds so we don't have to specify that ourselves.
Merge notes: In `trunk` uglify isn't run on the media files after webpack, so webpack does need to do that. Newer webpack versions use `terser-webpack-plugin` as the default minification. Use the `uglifyjs-webpack-plugin` plugin to maintain the same behavior as before. We can look into terser as a minifier later.
Merges [43688] to trunk.
See #45065.
Built from https://develop.svn.wordpress.org/trunk@44111
git-svn-id: http://core.svn.wordpress.org/trunk@43941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because the existing `post_updated_messages` filter can be modified dynamically based on post state, it's unreliable to use with REST API clients. Instead, these new labels give clients stateless equivalents.
Merges [43744] from the 5.0 branch to trunk.
Props earnjam.
Fixes#45101.
Built from https://develop.svn.wordpress.org/trunk@44110
git-svn-id: http://core.svn.wordpress.org/trunk@43940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These are the foundational classes allowing blocks to be registered and used throughout WordPress.
This commit also includes the `has_block()` and `has_blocks()` functions, which are required for unit testing these classes.
Merges [43742] from the 5.0 branch to trunk.
Props adamsilverstein, danielbachhuber, desrosj.
Fixes#45097.
See #45109.
Built from https://develop.svn.wordpress.org/trunk@44108
git-svn-id: http://core.svn.wordpress.org/trunk@43938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a `WP_REST_Search_Controller` class which registers a `/wp/v2/search` endpoint. Search types are handled by extending `WP_REST_Search_Handler`. The default search type is `WP_REST_Post_Search_Handler` but can be filtered by plugins or a theme.
Merges [43739,43741] from the 5.0 branch to trunk.
Props danielbachhuber, flixos90, pento, rmccue, joehoyle.
Fixes#39965.
Built from https://develop.svn.wordpress.org/trunk@44107
git-svn-id: http://core.svn.wordpress.org/trunk@43937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The existing `rest_insert_*` actions are fired before meta and additional fields are updated. These new `rest_after_*` actions fire after all write operations have completed.
Props timothyblynjacobs, danielbachhuber.
Merges [43737] to trunk.
Fixes#42864.
Built from https://develop.svn.wordpress.org/trunk@43987
git-svn-id: http://core.svn.wordpress.org/trunk@43819 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [43087], we improved REST API performance by only rendering the fields specified in the request. Similarly, any fields registered with `register_rest_field()` should only be rendered when included in `?_fields=`.
Props dlh, danielbachhuber.
Merges [43736] to trunk.
Fixes#45099.
Built from https://develop.svn.wordpress.org/trunk@43986
git-svn-id: http://core.svn.wordpress.org/trunk@43818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order to correctly render parts of its UI, the new editor needs to be aware of the active theme's post-formats and post-thumbnails support. This data is exposed by querying for the active theme on a new /wp/v2/themes endpoint for sufficiently privileged users.
Merges [43734], [43735] to trunk.
props desrosj.
Fixes#45016.
Built from https://develop.svn.wordpress.org/trunk@43985
git-svn-id: http://core.svn.wordpress.org/trunk@43817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allow low-privileged users to use the ARIA attributes `aria-describedby`, `aria-details`, `aria-label`, `aria-labelledby` and `aria-hidden`.
Merges [43731] to trunk.
Props mattheu, swissspidy, rianrietveld, afercia, GaryJ.
See #30421.
Built from https://develop.svn.wordpress.org/trunk@43984
git-svn-id: http://core.svn.wordpress.org/trunk@43816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because WP REST API requests aren't identified until `parse_request`, it's impractical to reference the `REST_REQUEST` constant in `wp_debug_mode()`. Instead, it's more helpful to assume that a request wanting a JSON response probably doesn't want PHP errors breaking the response.
Merges [43730] to trunk.
Props chrisl27, duanestorey, earnjam.
Fixes#44534.
Built from https://develop.svn.wordpress.org/trunk@43983
git-svn-id: http://core.svn.wordpress.org/trunk@43815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Object type-specific actions that should happen before or after modification of metadata have so far been part of the respective wrapper functions. By using action and filter hooks, this changeset ensures they are always executed, even when calling the lower-level Meta API functions directly, which the REST API does as a prime example.
Merges [43729] to trunk.
Props flixos90, spacedmonkey.
Fixes#44467.
Built from https://develop.svn.wordpress.org/trunk@43982
git-svn-id: http://core.svn.wordpress.org/trunk@43814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order for clients to present permalink previews, the REST API must share the computed results of get_sample_permalink(). These two values are now exposed as permalink_template and generated_slug for public, viewable post types, but only for context=edit.
Merges [43720] to trunk.
Props danielbachhuber, rahulsprajapati.
Fixes#45017.
Built from https://develop.svn.wordpress.org/trunk@43980
git-svn-id: http://core.svn.wordpress.org/trunk@43812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An authorized request with the read_private_posts capability for a post type should be able to GET /wp/v2/posts for posts of status=private. This query is further sanity-checked by WP_REST_Posts_Controller->check_read_permission(), which is unchanged.
Props rachelbaker, soulseekah, twoelevenjay.
Moves [43694] from the 5.0 branch to trunk.
Fixes#43701.
Built from https://develop.svn.wordpress.org/trunk@43979
git-svn-id: http://core.svn.wordpress.org/trunk@43811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Updates package dependencies to more modern versions, also adds .nvmrc and package-lock.json as followups to [43683] and [43571].
Merge notes: trunk already had an identical .nvmrc. package-lock.json exists in trunk, but has some changes based on the dependency updates.
Props jorbin.
Merges [43684], [43685] and [43686] to trunk.
See #44600.
Fixes#45064.
Built from https://develop.svn.wordpress.org/trunk@43977
git-svn-id: http://core.svn.wordpress.org/trunk@43809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because user capabilities can be modified at runtime, the REST API needs to expose them in some evaluated but declarative manner for clients to interpret. JSON Hyper Schema targetSchema provides an appropriate paradigm for doing so.
Merges [43682] to trunk.
Props timothyblynjacobs.
Fixes#45014.
Built from https://develop.svn.wordpress.org/trunk@43974
git-svn-id: http://core.svn.wordpress.org/trunk@43806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [43437], the link definition implementation caused attachment links to be unexpectedly nested under an attributes key. This changeset restores the prior behavior.
Merges [43681] to trunk.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44750.
Built from https://develop.svn.wordpress.org/trunk@43973
git-svn-id: http://core.svn.wordpress.org/trunk@43805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On small screens, list table actions were cramped. This makes it easy to press the wrong action by mistake. The items are now arranged into a grid and given extra room to create a larger tap-target.
The plugins list table was excluded because it's current layout doesn't match the others, and we should add more space to this in a future commit.
Props jobthomas, ryelle.
Fixes#45024.
Built from https://develop.svn.wordpress.org/trunk@43670
git-svn-id: http://core.svn.wordpress.org/trunk@43499 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For screens wider than 2300px, show 4 colums of search results, as 3 columns looked quite stretched out.
This change also increases the default number of search results from 30 to 36, so that the columns have an even number of results, regardless of whether there are 2, 3, or 4 of them.
Props nielslange.
Fixes#43573.
Built from https://develop.svn.wordpress.org/trunk@43669
git-svn-id: http://core.svn.wordpress.org/trunk@43498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a plugin is activated, it can trigger a warning message if it outputs data at that time. This error message was being run through `__()`, instead of `_n()`, so it wasn't possible to correctly pluralise the message.
Props jamosova.
Fixes#42355.
Built from https://develop.svn.wordpress.org/trunk@43667
git-svn-id: http://core.svn.wordpress.org/trunk@43496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the full edit screen, CPTs that have disabled the `publicly_queryable` option will hide the slug field, as it doesn't need to be edited. This change brings the Quick Edit view into line with that behaviour.
Props bhargavmehta, krutidugade.
Fixes#43278.
Built from https://develop.svn.wordpress.org/trunk@43664
git-svn-id: http://core.svn.wordpress.org/trunk@43493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A static variable contains an integer that is incremented with each call. This number is returned with the optional prefix.
As such the returned value is not universally unique, but it is unique across the life of the PHP process.
Props westonruter, dlh.
See #44883.
Built from https://develop.svn.wordpress.org/trunk@43658
git-svn-id: http://core.svn.wordpress.org/trunk@43487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset makes the new CRUD API for sites introduced in [43548] usable for real-world sites. A new function `wp_initialize_site()`, which takes care of creating a site's database tables and populating them with initial values, is hooked into the site insertion process that is initiated when calling `wp_insert_site()`. Similarly, a new function `wp_uninitialize_site()`, which takes care of dropping a site's database tables, is hooked into the site deletion process that is initiated when calling `wp_delete_site()`.
A new function `wp_is_site_initialized()` completes the API, allowing to check whether a site is initialized. Since this function always makes a database request in its default behavior, it should be called with caution. Plugins that would like to use site initialization in special ways can leverage a `pre_wp_is_site_initialized` filter to alter that default behavior.
The separate handling of the site's row in the `wp_blogs` database table and the actual site setup allows for more flexibility in controlling whether or how a site's data is set up. For example, a unit test that only checks data from the site's database table row can unhook the site initialization process to improve performance. At the same time, developers consuming the new sites API only need to know about the CRUD functions, since the initialization and uninitialization processes happen internally.
With this changeset, the foundation for a sites REST API endpoint is fully available. The previously recommended functions `wpmu_create_blog()` and `wpmu_delete_blog()` now call the new respective function internally. Further follow-up work to this includes replacing calls to `wpmu_create_blog()` with `wp_insert_site()`, `update_blog_details()` with `wp_update_site()` and `wpmu_delete_blog()` with `wp_delete_blog()` throughout the codebase.
As a side-effect of this work, the `wpmu_new_blog`, `delete_blog`, and `deleted_blog` actions and the `install_blog()` function have been deprecated.
Fixes#41333. See #40364.
Built from https://develop.svn.wordpress.org/trunk@43654
git-svn-id: http://core.svn.wordpress.org/trunk@43483 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This functionality will cause the command to be retried up to three times in case of a non-zero return value. Implementing it on commands that perform network requests means that intermittent network failures are less likely to cause a build to fail, as they'll be retried up to three times.
See #44858
Built from https://develop.svn.wordpress.org/trunk@43645
git-svn-id: http://core.svn.wordpress.org/trunk@43474 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add a `human_readable_duration` function including tests.
* Add 'pixels' after image width/height.
* Add screen reader text for durations.
Props Presskopp, kiranpotphode, milindmore22, stormrockwell, afercia.
Fixes#39667.
Built from https://develop.svn.wordpress.org/trunk@43633
git-svn-id: http://core.svn.wordpress.org/trunk@43462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Expands documentation to indicate `wp_schedule_event()` ought to be used for rescheduling an upcoming event, while `wp_reschedule_event()` is used for internally rescheduling a recurring event after it runs.
Props Dharm1025, jrf.
Fixes#35968.
Built from https://develop.svn.wordpress.org/trunk@43608
git-svn-id: http://core.svn.wordpress.org/trunk@43437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translators comments.
* Fix placement of some translators comments.
Translators comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools.
The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translators comments.
Includes minor code layout fixes.
Patch `44360-wp-admin-includes-dir.patch` of the series.
Props flipkeijzer, alvarogois, michielatyoast
See #44360
Built from https://develop.svn.wordpress.org/trunk@43598
git-svn-id: http://core.svn.wordpress.org/trunk@43427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translators comments.
* Fix placement of some translators comments.
Translators comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools.
The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translators comments.
Patch `44360.wp-includes_customize.3.patch` of the series.
Props marcomartins, mihaiiceyro, michielatyoast
See #44360
Built from https://develop.svn.wordpress.org/trunk@43596
git-svn-id: http://core.svn.wordpress.org/trunk@43425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translators comments.
* Fix placement of some translators comments.
Translators comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools.
The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translators comments.
Patch `44360-src.2.diff` of the series.
Props garyj, alvarogois, michielatyoast
See #44360
Built from https://develop.svn.wordpress.org/trunk@43595
git-svn-id: http://core.svn.wordpress.org/trunk@43424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Narrow the scope of the included wp-admin files loaded for `wp_generate_attachment_metadata()`, `wp_handle_upload()`, `wp_tempnam()`, and `wp_handle_sideload()`. Requires only wp-admin/includes/file.php and wp-admin/includes/image.php instead of wp-admin/includes/admin.php.
Props lonelyvegan, soulseekah, pratikthink.
Fixes#43757.
Built from https://develop.svn.wordpress.org/trunk@43589
git-svn-id: http://core.svn.wordpress.org/trunk@43418 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the Customizer a notice will show up if there is at least one registered sidebar with its section not being active. In order to achieve that, the count of registered sidebars is compared to the count of active sections in the Widgets panel. Prior to this change, the latter would incorrectly include any sections, even additional sections that do not correspond to a sidebar.
Fixes#43556.
Built from https://develop.svn.wordpress.org/trunk@43588
git-svn-id: http://core.svn.wordpress.org/trunk@43417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`$function`, `$message`, and `$version` have historically been passed to the `doing_it_wrong_run` action. It makes sense to pass those to the filter as well, so that one can conditionally determine the filter value to return.
Fixes#34183.
Built from https://develop.svn.wordpress.org/trunk@43587
git-svn-id: http://core.svn.wordpress.org/trunk@43416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.
Props adamsilverstein, birgire, flixos90.
Fixes#40510.
Built from https://develop.svn.wordpress.org/trunk@43584
git-svn-id: http://core.svn.wordpress.org/trunk@43413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While the filter is documented to only support a `WP_Error`, it has been a common practice to return true in a validation function if no errors have occurred. This was already caught when the same filter was executed in `WP_Customize_Setting`, it was however missing in `WP_Customize_Manager::validate_setting_values()`.
Fixes#44809.
Built from https://develop.svn.wordpress.org/trunk@43578
git-svn-id: http://core.svn.wordpress.org/trunk@43407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Many variables in the JavaScript were defined in the global scope without being explicitly assigned to the window. When built with Webpack, the code gets encapsulated in anonymous functions and those implicit globals get assigned to the wrong scope. This patch prevents that from happening.
Fixes#44371. See #43731.
Built from https://develop.svn.wordpress.org/trunk@43577
git-svn-id: http://core.svn.wordpress.org/trunk@43406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order to get the best result when running `phpcbf` across the codebase, there are some manual tweaks we need to make.
These fall into three categories:
- Fixing incorrectly indented code which has flow-on effects when auto-fixing.
- Tweaking the layout of inline PHP inside HTML tags.
- Moving more complex inline PHP inside HTML tags, to execute earlier.
See #44600.
Built from https://develop.svn.wordpress.org/trunk@43569
git-svn-id: http://core.svn.wordpress.org/trunk@43398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
New functions `wp_insert_site( $data )`, `wp_update_site( $id, $data )` and `wp_delete_site( $id )` are introduced to manage site rows in the `wp_blogs` table, forming the new CRUD API together with the existing `get_site()` / `get_sites()`. The new API provides various benefits over the previously existing API, fixing several cache invalidation issues and being hook-driven so that normalization and validation of the passed data can be fully customized.
New hooks introduced as part of this are the actions `wp_insert_site`, `wp_update_site`, `wp_delete_site`, `wp_validate_site_data` and the filter `wp_normalize_site_data`.
At this point, `wp_insert_site()` does not handle setting up the site's database tables, and `wp_delete_site()` does not handle dropping the site's database tables, so the two can not yet be used directly as full replacements of `wpmu_create_blog()` and `wpmu_delete_blog()`. Managing the site's database tables will be added via hooks as part of the follow-up ticket #41333.
The existing functions `wpmu_create_blog()`, `update_blog_details()`, and `wpmu_delete_blog()` make use of the respective new counterpart and will be obsolete once #41333 has been completed.
Props flixos90, jeremyfelt, spacedmonkey.
Fixes#40364.
Built from https://develop.svn.wordpress.org/trunk@43548
git-svn-id: http://core.svn.wordpress.org/trunk@43377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When Gutenberg is either not installed, or not activated, only show the callout to users with the install_plugins capability.
When Gutenberg is activated, expand that to include all users with the edit_posts capability.
Props pento.
Fixes#44680.
Built from https://develop.svn.wordpress.org/trunk@43543
git-svn-id: http://core.svn.wordpress.org/trunk@43372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This allows sites with a large cron option or a custom cron implementation to hijack the cron option to store cron data using custom functionality.
`wp_get_scheduled_event()` is new function to retrieve the event object for a given event based on the hook name, arguments and timestamp. If no timestamp is specified the next occurence is returned.
Preflight filters are added to all functions that read from or modify the cron option: `pre_schedule_event`, `pre_reschedule_event`, `pre_unschedule_event`, `pre_clear_scheduled_hook`, `pre_unschedule_hook`, `pre_get_scheduled_event` and `pre_next_scheduled`.
Additionally, the post scheduling hooks `next_scheduled` and `get_schedule` to allow plugins to modify an event after retrieving it from WordPress.
Props rmccue, DavidAnderson, ethitter, peterwilsoncc.
Fixes#32656.
Built from https://develop.svn.wordpress.org/trunk@43540
git-svn-id: http://core.svn.wordpress.org/trunk@43369 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some versions of PHP appear to have a memory leak that is occasionally triggered by calling `stream_get_wrappers()`. In order to avoid calling this, we can return early from `wp_is_stream()` when `$path` doesn't contain `://`.
Props pbiron, JPry, dontstealmyfish.
Fixes#44532.
Built from https://develop.svn.wordpress.org/trunk@43466
git-svn-id: http://core.svn.wordpress.org/trunk@43293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `htmledit_pre` and `richedit_pre` filters have been deprecated since 4.3.0, since before `apply_filters_deprecated()` existed. They're now correctly run using `apply_filters_deprecated()`.
Props sebastienthivinfocom, lbenicio, ianbelanger.
Fixes#44341.
Built from https://develop.svn.wordpress.org/trunk@43464
git-svn-id: http://core.svn.wordpress.org/trunk@43291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
"Be more discrete." declared matt in [3155], and since then, "Silence is Golden" has been the calling card of placeholder index files. Historically, these have been php files, but [43012] changed that and added index.html files for privacy export generated folders.
The php silence files produce no visible content. This adds consistency with these new html files in that there will be no visible content. Silence will fall when the question is asked.
Fixes#44195.
Props audrasjb, rafsuntaskin, Ov3rfly, johnbillion, pento
Built from https://develop.svn.wordpress.org/trunk@43446
git-svn-id: http://core.svn.wordpress.org/trunk@43273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To match behaviour in the Classic Editor, we need to slightly loosen permissions on taxonomy and term endpoints. This allows users to create terms to assign to a post that they're editing.
Props danielbachhuber.
Fixes#44096.
Built from https://develop.svn.wordpress.org/trunk@43440
git-svn-id: http://core.svn.wordpress.org/trunk@43267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.
Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs.
Fixes#44321.
Built from https://develop.svn.wordpress.org/trunk@43439
git-svn-id: http://core.svn.wordpress.org/trunk@43266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.
Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.
This change also includes flags on post objects for the following actions:
- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44287.
Built from https://develop.svn.wordpress.org/trunk@43437
git-svn-id: http://core.svn.wordpress.org/trunk@43264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Display a notice with an explanation and the steps required to resolve the issue.
Props afragen, schlessera, flixos90, nerrad, melchoyce, boemedia, hedgefield, joyously, johnalarcon, lakenh, afercia, acirujano, ibantxillo, SergeyBiryukov.
Fixes#43986.
Built from https://develop.svn.wordpress.org/trunk@43436
git-svn-id: http://core.svn.wordpress.org/trunk@43263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The docs for `date_i18n()` and its filter now correctly state that the `$gmt` parameter is only taken into account if no timestamp is provided. Furthermore, a bug with that parameter is fixed, as it is now ensured that the timezone used with it is `UTC`.
Props Rarst.
Fixes#38771.
Built from https://develop.svn.wordpress.org/trunk@43389
git-svn-id: http://core.svn.wordpress.org/trunk@43217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The functions `send_confirmation_on_profile_email()`, `_wp_privacy_send_request_confirmation_notification()`, `_wp_privacy_send_erasure_fulfillment_notification()`, and `wp_send_user_request()` all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded.
Props subrataemfluence, desrosj.
Fixes#44396.
Built from https://develop.svn.wordpress.org/trunk@43388
git-svn-id: http://core.svn.wordpress.org/trunk@43216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings the name in line with user-facing language and similar names of existing related capabilities. Since the capability has not been part of any WordPress release, it can be renamed without any backward-compatibility implications.
Also missing props benhuberman for [43006].
Fixes#44457.
Built from https://develop.svn.wordpress.org/trunk@43381
git-svn-id: http://core.svn.wordpress.org/trunk@43209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduce an `object_subtype` argument to the args array for `register_meta()` which can be used to limit meta registration to a single subtype (e.g. a custom post type or taxonomy, vs all posts or taxonomies).
Introduce `register_post_meta()` and `register_term_meta()` wrapper methods for `register_meta` to provide a convenient interface for the common case of registering meta for a specific taxonomy or post type. These methods work the way plugin developers have often expected `register_meta` to function, and should be used in place of direct `register_meta` where possible.
Props flixos90, tharsheblows, spacedmonkey.
Fixes#38323.
Built from https://develop.svn.wordpress.org/trunk@43378
git-svn-id: http://core.svn.wordpress.org/trunk@43206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`.gitignore` + `svn:ignore`:
* Add the typical filenames of overloaded PHPCS configs to `.gitignore`.
Composer:
* Use the `develop` (Packagist `dev-master`) version of WPCS as it contains lots of bugfixes.
* Remove the PHPCS dependency. This is a dependency of WPCS, not of WP Core itself. This will also make sure that the PHPCS version used is always one which is supported by WPCS.
* Refreshed the `composer.lock` file.
PHPCS ruleset:
* Removed a reference to a sniff which doesn't exist in WPCS yet.
* Use the PHPCS 3.x `basepath` option to clean up the file paths PHPCS shows in the reports.
* Use the PHPCS 3.x `parallel` option to enable parallel scanning whenever possible to speed up the scans.
* Whitelist the `wp-includes/l10n.php` file from issues being reported by the `WordPress.WP.I18n` sniff.
Fixes#44366.
Built from https://develop.svn.wordpress.org/trunk@43348
git-svn-id: http://core.svn.wordpress.org/trunk@43176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These annotations make it clear to the reader of a JavaScript source
where the build process outputs to. These annotations can later be
integrated in a webpack configuration. This way there is one source of
truth.
The `build` folder is omitted from the paths, because a single JS file
shouldn't not be responsible of knowing where outputs in general will
end up at. A file only knows its output location relative to the
project.
Props adamsilverstein, herregroen, omarreiss, pento.
Fixes#44361.
Built from https://develop.svn.wordpress.org/trunk@43347
git-svn-id: http://core.svn.wordpress.org/trunk@43175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Historically, `grunt build` has copied all files from the `src` directory to the `build` directory. This is usually fine, but can be super slow when there are lots of custom plugins or themes in the `src` directory.
To rectify this, we now only copy Core plugins and themes to `build`.
Props adamsilverstein, pento, johnbillion.
Fixes#44256.
Built from https://develop.svn.wordpress.org/trunk@43329
git-svn-id: http://core.svn.wordpress.org/trunk@43157 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a term query using `fields=all_with_object_id` hits the cache, the
cached `stdClass` objects must be converted to `WP_Term` objects. This
was overlooked when `WP_Term_Query` was refactored to support object
queries in [38667].
Props dlh.
Fixes#44221.
Built from https://develop.svn.wordpress.org/trunk@43313
git-svn-id: http://core.svn.wordpress.org/trunk@43142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update the test infrastructure so that third party plugins, themes, and projects that use the core testing framework continue to operate from the `src` directory and do not require a build step.
Props mboynes, danielbachhuber, schlessera
See #43055
Built from https://develop.svn.wordpress.org/trunk@43311
git-svn-id: http://core.svn.wordpress.org/trunk@43140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
And delete some left over cruft, only then shall we prevail.
There are some things easily missed, when using Git, which does not persist—
Empty directories, though that didn't derail—
Our Travis-based tests, which now must prevail.
Quoth Travis CI, “Build did fail.”
See #43055.
Built from https://develop.svn.wordpress.org/trunk@43310
git-svn-id: http://core.svn.wordpress.org/trunk@43139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In many a strange and curious file of forgotten lore—
While I pondered, blaming Nacin, my notifications suddenly awakened,
As of someone quietly DMing;—DMing me, I can’t ignore.
“’Tis some contributor,” I muttered, “DMing me an idea or four—
Only this and nothing more.”
Ah, distinctly I remember, at WordCamp US, last December;
A mad proposal nearly laid me—down out cold—upon the floor.
Curious, I listened closely;—to a plan I agreed with, mostly—
A way to make our JavaScript—JavaScript which was a chore—
Maintainable, extendable, for the future, is what I saw.
Guten-ready for evermore.
Open here I switch to Slack, when, with many a patch and hack,
In there stepped Omar, a JavaScript developer hardcore;
Pronouncing all the changes fit; ready now to be commit;
“There’s nothing else for us to do,” DMing me, “It’s done!” he swore—
“No longer random guessing at which file need next be explored—
Let’s move on, we’re all aboard.”
Moved all together, grouped and managed, in folders all is packaged,
The code had all been cleaned and tidied, important parts moved to the fore,
“Though this change be useful here,” I said, “it is too large, I fear,
We couldn’t manage such a patch, we’ve done nothing like this before—
Tell me where doth go this change, change to make our codebase soar!”
Quoth Omar, “In WordPress Core.”
Props omarreis for shepherding this significant change.
Props adamsilverstein, aduth, atimmer, dingo_bastard, frank-klein, gziolo, herregroen, jaswrks, jeremyfelt, jipmoors, jorbin, netweb, ocean90, pento, tjnowell, and youknowriad for testing, feedback, discussion, encouragement, commiserations, etc.
I make no apologies for this commit message.
Fixes#43055.
Built from https://develop.svn.wordpress.org/trunk@43309
git-svn-id: http://core.svn.wordpress.org/trunk@43138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.
Props 1naveengiri, joyously.
Fixes#44115.
Built from https://develop.svn.wordpress.org/trunk@43290
git-svn-id: http://core.svn.wordpress.org/trunk@43119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A user is required to have the `manage_privacy_options` capability in order to determine which page is set as the privacy policy (the `wp_page_for_privacy_policy`). Given that, it doesn't make sense to allow users without that capability to edit or delete the page.
A similar situation exists with the `page_for_posts` and `page_on_front` options, but Editors are allowed to edit those pages. The reason that this situation is different is because it is more likely that an administrator will want to restrict modifications to the privacy policy, than it is that they will want to allow modifications. Modifications to the policy often require specialized knowledge of local laws, and can have implications for compliance with those laws.
Props dlh, desrosj.
Fixes#44079.
Built from https://develop.svn.wordpress.org/trunk@43286
git-svn-id: http://core.svn.wordpress.org/trunk@43115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.
To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.
The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.
Props johnjamesjacoby, allendav.
Fixes#44091.
Built from https://develop.svn.wordpress.org/trunk@43284
git-svn-id: http://core.svn.wordpress.org/trunk@43113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the link used absolute positioning, in order to stick it at the bottom of the page. That was done in order to create visual separation between it and the "action" links, like "Lost Your Password?"
The absolute positioning can cause conflicts in some situations, though. For example, if extra text or error notices are added above the form, then the login link would be positioned on top of other elements.
Switching to relative positioning with extra margins avoids those issues, while maintaining the visual separation between the "action" links and the privacy policy link.
Props imath, melchoyce, desrosj, xkon, iandunn.
Fixes#44046.
Built from https://develop.svn.wordpress.org/trunk@43274
git-svn-id: http://core.svn.wordpress.org/trunk@43103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r43158 introduced a new admin pointer for the privacy tools added in 4.9.6. With the previous positioning, though, sometimes the `Dismiss` link would be fixed off screen, making it impossible for the user to dismiss the pointer. This happened when there were enough extra menu items, or when the viewport height was short enough.
This commit repositions the pointer to work around that problem. One down side of this workaround is that the arrow will not always be positioned next to the `Tools` menu, where it should be. That's an acceptable compromise given the current time constraints, though. A long term solution would be to make `WP_Pointer` robust enough to handle this use case.
Props imath, audrasjb, desrosj.
Fixes#44045.
Built from https://develop.svn.wordpress.org/trunk@43246
git-svn-id: http://core.svn.wordpress.org/trunk@43075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The previous `user_email` value was redundant, because it always matched `$request_data->email`. That value might be different from where the message is sent, though, if the `user_erasure_fulfillment_email_to` filter is used. If they are different, then callbacks for the `user_confirmed_action_email_content` filter may want to distinguish between the email address of the user making the request, and the email address that the confirmation notification is being sent to.
Props desrosj, iandunn.
See #43973.
Built from https://develop.svn.wordpress.org/trunk@43236
git-svn-id: http://core.svn.wordpress.org/trunk@43065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue.
An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.
The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.
Props azaozz, xkon, iandunn.
Fixes#43954. See #43953.
Built from https://develop.svn.wordpress.org/trunk@43223
git-svn-id: http://core.svn.wordpress.org/trunk@43052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the admin didn't have any way to know if a pending request was ready to be processed, aside from manually checking the Export/Erase pages. Sending them an email is a much more convenient option.
Props garrett-eclipse, desrosj, iandunn.
See #43967.
Built from https://develop.svn.wordpress.org/trunk@43211
git-svn-id: http://core.svn.wordpress.org/trunk@43040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the pointer overlapped the menu in order to draw attention to the fact that it applies to both the `Tools` and `Settings` menus. That caused a conflict if the menu was collapsed, though, because the icons were covered by the pointer and therefore inaccessible.
Additionally, minor tweaks were made to the text order and formatting. The order of the two sections was swapped in the title and paragraph, in order to match the order of the corresponding menu items. The spacing around headings and paragraphs was tweaked to remove extraneous whitespace.
Props littler.chicken, desrosj, ianbelanger, melchoyce.
Fixes#43961.
Built from https://develop.svn.wordpress.org/trunk@43210
git-svn-id: http://core.svn.wordpress.org/trunk@43039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Separate the guide text form the suggested policy text.
- Add table of content for easier navigation.
- Move the content to tools.php (prevents the settings menu of being open).
- Add a link to the guide from the Privacy settings screen.
Props melchoyce, azaozz.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43203
git-svn-id: http://core.svn.wordpress.org/trunk@43032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r42986 introduced the beginnings of an Ajax handler for processing requests to erase personal data. At the time, a method for marking requests as completed was planned, but had not yet been created. This commit introduces that mechanism, bringing the erasure process closer to completion.
Props coreymckrill, allendav.
Fixes#43922.
Built from https://develop.svn.wordpress.org/trunk@43185
git-svn-id: http://core.svn.wordpress.org/trunk@43014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r43008 refactored the request flow to make several improvements, but accidentally marked `completed` requests as `confirmed`. This commit restores the intended statuses, so that the data and corresponding UI reflect reality.
Props allendav, birgire.
Fixes#43913.
Built from https://develop.svn.wordpress.org/trunk@43183
git-svn-id: http://core.svn.wordpress.org/trunk@43012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.
That can be avoided by reusing the same filename when building fresh archives.
Props desrosj, tz-media, allendav.
Fixes#43905.
Built from https://develop.svn.wordpress.org/trunk@43180
git-svn-id: http://core.svn.wordpress.org/trunk@43009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r43046 introduced `wp_schedule_delete_old_privacy_export_files()` to schedule the `wp_privacy_delete_old_export_files` cron job, but it did not check to make sure it wasn't running in the context of the install process. When it did run in that context, it created a database error, because the necessary database tables don't exist at that point.
Checking the current context and returning early during the installation phase avoids that issue.
Props helen, timothyblynjacobs, iandunn.
Fixes#43952.
Built from https://develop.svn.wordpress.org/trunk@43162
git-svn-id: http://core.svn.wordpress.org/trunk@42991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the user was shown a message that the page was created, but might not understand that they still need to visit the page and publish it. Redirecting them to the page makes it more obvious that additional steps are involved.
Props Clorith, xkon, azaozz.
Fixes#43926.
Built from https://develop.svn.wordpress.org/trunk@43160
git-svn-id: http://core.svn.wordpress.org/trunk@42989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new features are very important for some users, because of their GDPR obligations. They're also spread across multiple top-level menus, making them less discoverable. An admin pointer will help to ensure that users are aware of the new tools and how to find them.
Props desrosj, andreamiddleton, allendav, xkon.
Fixes#43942.
Built from https://develop.svn.wordpress.org/trunk@43158
git-svn-id: http://core.svn.wordpress.org/trunk@42987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.
Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.
Props desrosj, allendav, ocean90.
Fixes#43931.
Built from https://develop.svn.wordpress.org/trunk@43154
git-svn-id: http://core.svn.wordpress.org/trunk@42983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In many common Multisite use cases, the network administrator will want to set a network-wide privacy policy -- via the `privacy_policy_url` filter -- for consistency and convenience. When that's done, the Privacy Settings screen on individual sites becomes unnecessary, and may confuse administrators of those sites when they see that their changes don't have any effect on the policy link in the footer.
Since we can't programatically determine which behavior the network admins would like, the safest default setting is to restrict the ability to super admins, and let them delegate it to individual site owners via a plugin, if they'd like to.
Fixes#43935.
Built from https://develop.svn.wordpress.org/trunk@43147
git-svn-id: http://core.svn.wordpress.org/trunk@42976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The page was originally placed under `Tools` so that it would be grouped with the pages to export and erase personal data, since they're all part of the effort to bring privacy management tools to Core ahead of GDPR's deadline. After more consideration, though, it makes sense to move this page to the `Settings` menu, since it's fundamental purpose is to configure an option, rather than to facilitate a recurring task. This keeps all of the configuration pages in a single place, making them consistent and easier to find.
Exporting and erasing personal data are recurring tasks, so they still make sense under the `Tools` menu.
Props xkon, helen, melchoyce, allendav, desrosj, ocean90, azaozz.
Fixes#43873.
Built from https://develop.svn.wordpress.org/trunk@43145
git-svn-id: http://core.svn.wordpress.org/trunk@42974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In these contexts, "privacy policy" is not a proper noun, and therefore should not be capitalized.
The remaining uses are page titles and section headers, where capitalization is appropriate.
Props idea15, garrett-eclipse, allendav.
Fixes#43435.
Built from https://develop.svn.wordpress.org/trunk@43132
git-svn-id: http://core.svn.wordpress.org/trunk@42961 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The previous sentence was gramatically awkward, and using the term "compliance" could accidentally be mistaken by a site owner for a promise by WordPress that their site will be compliant after using the tool, which is not necessarily true.
Props idea15, allendav, azaozz, iandunn.
See #43435.
Built from https://develop.svn.wordpress.org/trunk@43131
git-svn-id: http://core.svn.wordpress.org/trunk@42960 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Non-wrapping `label`s are more widely supported by assitive technologies. The CSS changes account for the element re-ordering, and tweak the formatting for improved readability.
Props afercia, xkon, laurelfulford, azaozz.
Fixes#43436.
Built from https://develop.svn.wordpress.org/trunk@43125
git-svn-id: http://core.svn.wordpress.org/trunk@42954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Personal data collection is more likely for registered users than casual visitors, and the privacy policy might have been updated since a user last logged in. Those changes could impact the collection of personal data from registered users, so it makes sense to provide a link to the policy before users log in.
Props voneff, xkon, melchoyce, chetan200891, desrosj.
Fixes#43721.
Built from https://develop.svn.wordpress.org/trunk@43120
git-svn-id: http://core.svn.wordpress.org/trunk@42949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
