Commit Graph

37874 Commits

Author SHA1 Message Date
Sergey Biryukov 318ebdf1eb Privacy: Change "Email Data" link text on "Export Personal Data" screen to "Send Export Link" for clarity.
Props birgire, ianbelanger.
Merges [43172] to the 4.9 branch.
Fixes #43964.
Built from https://develop.svn.wordpress.org/branches/4.9@43173


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-05 09:23:26 +00:00
Sergey Biryukov deeee40510 Privacy: Remove stray closing tag in `WP_Privacy_Policy_Content::get_default_content()`, fix typo in `@return` tag.
Props dlh, tobifjellner.
Merges [43170] to the 4.9 branch.
Fixes #43951.
Built from https://develop.svn.wordpress.org/branches/4.9@43171


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-04 01:57:26 +00:00
Sergey Biryukov a86c8727b6 Docs: Add missing duplicate hook comment for `user_request_key_expiration` filter.
Props birgire, desrosj.
Merges [43168] to the 4.9 branch.
Fixes #43934.
Built from https://develop.svn.wordpress.org/branches/4.9@43169


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-04 01:49:49 +00:00
Sergey Biryukov 45cee39420 Customize: Correct closing tag in `WP_Customize_Theme_Control::content_template()`.
Props itowhid06.
Merges [43166] to the 4.9 branch.
Fixes #43945.
Built from https://develop.svn.wordpress.org/branches/4.9@43167


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-04 01:05:26 +00:00
iandunn c85cf4f9bc Post WordPress 4.9.6 Beta 1 version bump.
Built from https://develop.svn.wordpress.org/branches/4.9@43165


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 21:59:25 +00:00
iandunn 2c263a2069 WordPress 4.9.6 Beta 1.
Built from https://develop.svn.wordpress.org/branches/4.9@43164


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 21:30:26 +00:00
Andrew Ozz 80159017d2 Privacy: Return before scheduling cron during install to avoid error.
r43046 introduced wp_schedule_delete_old_privacy_export_files() to schedule the wp_privacy_delete_old_export_files cron job, but it did not check to make sure it wasn't running in the context of the install process. When it did run in that context, it created a database error, because the necessary database tables don't exist at that point.

Checking the current context and returning early during the installation phase avoids that issue.

Props helen, timothyblynjacobs, iandunn.
Merges [43162] to the 4.9 branch.
Fixes #43952.
Built from https://develop.svn.wordpress.org/branches/4.9@43163


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 21:15:26 +00:00
Andrew Ozz d664ac9ea6 Privacy: Redirect to newly created Privacy Policy page to improve UX.
Previously the user was shown a message that the page was created, but might not understand that they still need to visit the page and publish it. Redirecting them to the page makes it more obvious that additional steps are involved.

Props Clorith, xkon, azaozz.
Merges [43160] to the 4.9 branch.
Fixes #43926.
Built from https://develop.svn.wordpress.org/branches/4.9@43161


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 20:10:24 +00:00
Andrew Ozz 3e36496be3 Privacy: Add an admin pointer for new privacy features in 4.9.6.
The new features are very important for some users, because of their GDPR obligations. They're also spread across multiple top-level menus, making them less discoverable. An admin pointer will help to ensure that users are aware of the new tools and how to find them.

Props desrosj, andreamiddleton, allendav, xkon.
Merges [43158] to the 4.9 branch.
Fixes #43942.
Built from https://develop.svn.wordpress.org/branches/4.9@43159


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 19:52:26 +00:00
Andrew Ozz 4eeea599bd Privacy: Store plugin callbacks in associative array for flexibility.
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.

Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.

Props desrosj, allendav, ocean90.
Merges [43154] to the 4.9 branch.
Fixes #43931.
Built from https://develop.svn.wordpress.org/branches/4.9@43157


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 19:38:27 +00:00
Andrew Ozz 8aa3f8aa17 Privacy: rename `manage_privacy_policy` to `manage_privacy_options`.
Props desrosj.
Merges [43155] to the 4.9 branch.
Fixes #43935.
Built from https://develop.svn.wordpress.org/branches/4.9@43156


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42985 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 19:35:26 +00:00
Andrew Ozz b5dd35f036 Privacy: Limit Privacy Settings screen to Super Admins in Multisite.
In many common Multisite use cases, the network administrator will want to set a network-wide privacy policy -- via the privacy_policy_url filter -- for consistency and convenience. When that's done, the Privacy Settings screen on individual sites becomes unnecessary, and may confuse administrators of those sites when they see that their changes don't have any effect on the policy link in the footer.

Since we can't programatically determine which behavior the network admins would like, the safest default setting is to restrict the ability to super admins, and let them delegate it to individual site owners via a plugin, if they'd like to.

Merhes [43147] to the 4.9 branch.
Fixes #43935.
Built from https://develop.svn.wordpress.org/branches/4.9@43153


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 18:42:26 +00:00
Andrew Ozz 1dfbe95995 Privacy: Move privacy policy page to Settings menu for consistency.
The page was originally placed under Tools so that it would be grouped with the pages to export and erase personal data, since they're all part of the effort to bring privacy management tools to Core ahead of GDPR's deadline. After more consideration, though, it makes sense to move this page to the Settings menu, since it's fundamental purpose is to configure an option, rather than to facilitate a recurring task. This keeps all of the configuration pages in a single place, making them consistent and easier to find.

Exporting and erasing personal data are recurring tasks, so they still make sense under the Tools menu.

Props xkon, helen, melchoyce, allendav, desrosj, ocean90, azaozz.
Merges [43145] to the 4.9 branch.
Fixes #43873.
Built from https://develop.svn.wordpress.org/branches/4.9@43152


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 18:32:25 +00:00
Andrew Ozz 2b0b7ffa89 Privacy: use `sprintf()` in translations.
Props birgire.
Merges [43150] to the 4.9 branch.
See #43473.
Built from https://develop.svn.wordpress.org/branches/4.9@43151


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 18:28:26 +00:00
Andrew Ozz b78d21d9f0 Privacy: add default text for a privacy policy including a tutorial on now to create one.
Insert both the text and tutorial in new policy pages and highlight is brightly in the editor.
Show only the suggested text in the policy postbox.

Props melchoyce, idea15, allendav, xkon, macbookandrew, azaozz.
Merges [43044], [43048], [43052], [43126], [43146], and [43148] to the 4.9 branch.
Fixes #43473.
Built from https://develop.svn.wordpress.org/branches/4.9@43149


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 17:59:30 +00:00
Andrew Ozz 65e67aeaa5 Privacy: fix displaying of messages during personal data erasure.
Props allendav.
Merges [43139] to the 4.9 branch.
Fixes #43943.
Built from https://develop.svn.wordpress.org/branches/4.9@43140


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 09:26:27 +00:00
Sergey Biryukov 17c256df0b REST API: When handling `who=authors` query parameter for `GET wp/v2/users`, only check `edit_posts` for post types that support `author`.
Props danielbachhuber.
Merges [43137] to the 4.9 branch.
Fixes #42202.
Built from https://develop.svn.wordpress.org/branches/4.9@43138


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 06:54:25 +00:00
Sergey Biryukov 5247520fe2 Media: Add `aac` to the list of allowed file types.
Props desrosj.
Merges [42697] and [43135] to the 4.9 branch.
Fixes #42919.
Built from https://develop.svn.wordpress.org/branches/4.9@43136


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 06:42:25 +00:00
Sergey Biryukov 95c9ca4091 Privacy: Uncapitalize "privacy policy" when used in a sentence.
In these contexts, "privacy policy" is not a proper noun, and therefore should not be capitalized.

The remaining uses are page titles and section headers, where capitalization is appropriate.

Props idea15, garrett-eclipse, allendav.
Merges [43132] to the 4.9 branch.
Fixes #43435.
Built from https://develop.svn.wordpress.org/branches/4.9@43134


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 05:31:25 +00:00
Sergey Biryukov 9db1397f08 Privacy: Revise Privacy Policy page text to avoid misunderstanding.
The previous sentence was gramatically awkward, and using the term "compliance" could accidentally be mistaken by a site owner for a promise by WordPress that their site will be compliant after using the tool, which is not necessarily true.

Props idea15, allendav, azaozz, iandunn.
Merges [43131] to the 4.9 branch.
See #43435.
Built from https://develop.svn.wordpress.org/branches/4.9@43133


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 05:30:26 +00:00
Sergey Biryukov 2878ae6271 Comments: Move comment consent `input` outside the `label` for a11y.
Non-wrapping `label`s are more widely supported by assitive technologies. The CSS changes account for the element re-ordering, and tweak the formatting for improved readability.

Props afercia, xkon, laurelfulford, azaozz.
Merges [43125] to the 4.9 branch.
Fixes #43436.
Built from https://develop.svn.wordpress.org/branches/4.9@43130


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42959 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 22:15:25 +00:00
Sergey Biryukov f345a0b15e Privacy: Use "website" in comment cookie consent text for clarity.
The term "URL" is technical jargon which will not be familiar to all commenters. "Website" is more universal, and matches the label on the url input field.

Props johnjamesjacoby, allendav, azaozz.
Merges [43123] to the 4.9 branch.
See #43436.
Built from https://develop.svn.wordpress.org/branches/4.9@43129


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 22:14:24 +00:00
Sergey Biryukov 103ca5c6cf Respect the commenter decision when they have checked the checkbox to consent to cookies, and keep it checked when they reload the page or post another comment.
Props azaozz.
Merges [42815] to the 4.9 branch.
See #43436.
Built from https://develop.svn.wordpress.org/branches/4.9@43128


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 22:13:27 +00:00
Sergey Biryukov 26fdba2c5b Add a checkbox to the comment form so logged out users can opt-out of commenter cookies.
Props lakenh, xkon, birgire, azaozz, johnbillion.
Merges [42772] and [43042] to the 4.9 branch.
See #43436.
Built from https://develop.svn.wordpress.org/branches/4.9@43127


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 22:11:25 +00:00
Sergey Biryukov dd3024e7c4 Privacy: Add policy link to login screen.
Personal data collection is more likely for registered users than casual visitors, and the privacy policy might have been updated since a user last logged in. Those changes could impact the collection of personal data from registered users, so it makes sense to provide a link to the policy before users log in.

Props voneff, xkon, melchoyce, chetan200891, desrosj.
Merges [43120] to the 4.9 branch.
Fixes #43721.
Built from https://develop.svn.wordpress.org/branches/4.9@43124


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 22:00:27 +00:00
Andrew Ozz 3b7d4b49c0 Privacy: fix typo.
Props casiepa.
Merges [43121] to the 4.9 branch.
Fixes #43939.
Built from https://develop.svn.wordpress.org/branches/4.9@43122


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42951 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 20:08:25 +00:00
Andrew Ozz 7cf7767298 Privacy: fix inconsistencies in new strings.
Props audrasjb.
Merges [43118] to the 4.9 branch.
Fixes #43925.
Built from https://develop.svn.wordpress.org/branches/4.9@43119


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 18:51:26 +00:00
Sergey Biryukov a2be0cd32b Privacy: add user information to the personal data export file.
Props TZ-Media, desrosj.
Merges [43055] and [43116] to the 4.9 branch.
See #43547.
Built from https://develop.svn.wordpress.org/branches/4.9@43117


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 04:21:25 +00:00
Sergey Biryukov e0d8b2663c Privacy: add better docs for `wp_add_privacy_policy_content()` and `WP_Privacy_Policy_Content::add()`.
Props azaozz.
Merges [43003] to the 4.9 branch.
See #43620.
Built from https://develop.svn.wordpress.org/branches/4.9@43115


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:57:24 +00:00
Sergey Biryukov eba98dc78d Make the string `WordPress` translatable.
Props mnelson4.
Merges [42999] to the 4.9 branch.
See #43620.
Built from https://develop.svn.wordpress.org/branches/4.9@43114


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:55:24 +00:00
Sergey Biryukov 0896655aea Privacy: make the sections in the suggested privacy policy text postbox foldable. Add Read More/Read Less buttons. Fix copying of the suggested text by pressing the button.
Props melchoyce, xkon, azaozz.
Merges [42992] to the 4.9 branch.
See #43620.
Built from https://develop.svn.wordpress.org/branches/4.9@43113


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42942 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:54:24 +00:00
Sergey Biryukov 7aab5bc693 Fix typo in 'wp_get_default_privacy_policy_content' filter.
Props claudiu.
Merges [42985] to the 4.9 branch.
See #43620.
Built from https://develop.svn.wordpress.org/branches/4.9@43112


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:52:26 +00:00
Sergey Biryukov c60aa91d76 Privacy: Limit export and erasure to super admins on Multisite.
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.

Props allendav, jeremyfelt, iandunn.
Merges [43085] to the 4.9 branch.
Fixes #43919.
Built from https://develop.svn.wordpress.org/branches/4.9@43111


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:49:26 +00:00
Sergey Biryukov a6284311e8 Privacy: improve `wp_privacy_erase_personal_data()`, return boolean values.
Props ericdaams.
Merges [43061] to the 4.9 branch.
See #43602.
Built from https://develop.svn.wordpress.org/branches/4.9@43110


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42939 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:44:24 +00:00
Sergey Biryukov 3095491428 Privacy: Add template tags for building link to privacy policy page.
This introduces the `get_the_privacy_policy_link()` and `the_privacy_policy_link()` functions, as well as the `privacy_policy_url` filter.

A new `tests/url/` folder was added to better organize tests related to `get_*_url()` functions. Previously, those tests were placed in `tests/url.php` and `tests/link/`, but neither of those locations are optimal. Placing tests in `tests/url.php` violates the guideline of creating separate files/classes for each function under test, and using `tests/link/` conflates two distinct -- albeit related -- groups of functions. Over time, URL-related tests can be migrated to the new folder.

Props birgire, xkon, azaozz, iandunn.
Merges [43002] to the 4.9 branch.
See #43850.
Built from https://develop.svn.wordpress.org/branches/4.9@43109


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:39:27 +00:00
Sergey Biryukov 8114ac92ef Privacy: add attachments to the personal data export file.
Props allendav.
Merges [43054] to the 4.9 branch.
See #43883.
Built from https://develop.svn.wordpress.org/branches/4.9@43108


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:34:25 +00:00
Sergey Biryukov 2083557ea9 I18N: Use consistent pattern for placeholder references in translator comments in `wp_ajax_wp_privacy_erase_personal_data()`.
Merges [43088] to the 4.9 branch.
See #43438.
Built from https://develop.svn.wordpress.org/branches/4.9@43107


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:24:25 +00:00
Sergey Biryukov fdb8a97664 Docs: Correct DocBlock formatting for `wp_privacy_personal_data_erasers` filter.
Merges [43104] to the 4.9 branch.
See #43637.
Built from https://develop.svn.wordpress.org/branches/4.9@43106


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42935 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:20:25 +00:00
Sergey Biryukov 050ea51bcb Privacy: translate error messages, some fixes and improvements for the AJAX actions for exporting and erasing user data.
Props desrosj, birgire.
Merges [43060] to the 4.9 branch.
See #43438.
Built from https://develop.svn.wordpress.org/branches/4.9@43105


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:19:26 +00:00
Sergey Biryukov 38e4408131 Privacy: fix and improve the help text about adding a privacy policy page.
Props idea15, xkon.
Merges [43053] to the 4.9 branch.
See #43435.
Built from https://develop.svn.wordpress.org/branches/4.9@43103


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42932 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:02:25 +00:00
Sergey Biryukov 0b40d2f9cf Privacy: fix `get_privacy_policy_url()` to only return the URL when the page is published.
Props azaozz.
Merges [42995] to the 4.9 branch.
See #43435.
Built from https://develop.svn.wordpress.org/branches/4.9@43102


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42931 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:00:25 +00:00
Sergey Biryukov c7ac8db6e4 Privacy: add a postbox that is shown when editing the privacy policy page, and where plugins and core will output suggested content and additional privacy info. First run.
Props melchoyce, azaozz.
Merges [42980] to the 4.9 branch.
See #43620.
Built from https://develop.svn.wordpress.org/branches/4.9@43101


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:59:25 +00:00
Sergey Biryukov 6703bb7c72 Privacy: improve the screen for setting a privacy policy page.
Props melchoyce, xkon, azaozz.
Merges [42978] and [43091] to the 4.9 branch.
See #43435.
Built from https://develop.svn.wordpress.org/branches/4.9@43100


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:50:26 +00:00
Sergey Biryukov 1b0bd1ff7a Accessibility improvements for the Privacy Tools screen.
Props afercia.
Merges [42823] to the 4.9 branch.
See #43435.
Built from https://develop.svn.wordpress.org/branches/4.9@43099


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:48:26 +00:00
Sergey Biryukov 9af2f7cd35 Add Privacy Tools admin page under the Tools menu.
Props allendav, xkon, azaozz.
Merges [42814] to the 4.9 branch.
See #43435.
Built from https://develop.svn.wordpress.org/branches/4.9@43098


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:46:25 +00:00
Sergey Biryukov df15be7cf9 Privacy: Include `wp-admin/includes/file.php` to avoid fatal error.
`list_files()` is defined in `wp-admin/includes/file.php`, which is not included by `wp-cron.php`, so it needs to be included by the caller in order to avoid a fatal PHP error.

This bug was not detected during testing because the file _is_ included when executing jobs via `wp cron event run`.

Props mikejolley, iandunn.
Merges [43059] to the 4.9 branch.
See #43546.
See https://wordpress.slack.com/archives/C9695RJBW/p1525190405000860.
Built from https://develop.svn.wordpress.org/branches/4.9@43097


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:38:25 +00:00
Sergey Biryukov 894cec5697 Privacy: Add `wp_privacy_personal_data_export_file_created` filter.
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.

Props iandunn.
Merges [43047] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43096


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:35:27 +00:00
Sergey Biryukov 06dd3449e9 Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
Merges [43046] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43095


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:33:26 +00:00
Sergey Biryukov 7a7e45a530 Privacy: Use a CSPRNG in export filenames for more security.
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.

Props iandunn.
Merges [43045] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43094


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:19:25 +00:00
Sergey Biryukov c3c9eaf45e Privacy: fix unit tests after [43012].
Props iandunn.
Merges [43015] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43093


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:17:25 +00:00