Commit Graph

38116 Commits

Author SHA1 Message Date
Sergey Biryukov cb2625e260 Privacy: Use consistent values for the site name and URL used in notification emails.
The functions `send_confirmation_on_profile_email()`, `_wp_privacy_send_request_confirmation_notification()`, `_wp_privacy_send_erasure_fulfillment_notification()`, and `wp_send_user_request()` all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded.

Props subrataemfluence, desrosj.
Merges [43388], [43390], and [43435] to the 4.9 branch.
Fixes #44396.
Built from https://develop.svn.wordpress.org/branches/4.9@43459


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 14:24:26 +00:00
Sergey Biryukov d2342e75d0 Login and Registration: Set a better default value for `$wp_error` parameter in `login_header()`.
To prevent someone from passing a string (which would not be added to a new `WP_Error` instance), check for `is_wp_error()` explicitly.

Props desrosj, chetan200891, spyderbytes, lbenicio, sebastien@thivinfo.com, abdullahramzan.
Merges [43457] to the 4.9 branch.
Fixes #44052.
Built from https://develop.svn.wordpress.org/branches/4.9@43458


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 14:14:27 +00:00
Sergey Biryukov 665b28aad0 Privacy: use `wp_login_url()` for the link in the user confirmation email.
Props desrosj, usmankhalid.
Merges [43379] to the 4.9 branch.
Fixes #44353.
Built from https://develop.svn.wordpress.org/branches/4.9@43456


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:54:26 +00:00
Sergey Biryukov 30b402c24b Privacy: append `(Draft)` to draft page titles in the page drop-down on the Privacy Settings screen.
Props allendav, desrosj.
Merges [43376] and [43454] to the 4.9 branch.
Fixes #44100.
Built from https://develop.svn.wordpress.org/branches/4.9@43455


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:52:26 +00:00
Sergey Biryukov 8040b247a4 Privacy: on the Privacy Settings screen change `view` to `preview` when a draft page is selected for the privacy policy.
Props garrett-eclipse, desrosj.
Merges [43374] to the 4.9 branch.
Fixes #44131.
Built from https://develop.svn.wordpress.org/branches/4.9@43453


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:30:26 +00:00
Sergey Biryukov 14a11fc4db Privacy: Change `@since` entry for `user_request_confirmed_email_subject` filter added in [43373] to 4.9.8.
Merges [43451] to the 4.9 branch.
Fixes #44382.
Built from https://develop.svn.wordpress.org/branches/4.9@43452


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 13:24:27 +00:00
Sergey Biryukov 8f33283493 Privacy: add user request type to the admin notification email subject.
Merges [43375] to the 4.9 branch.
Props birgire, desrosj.
Fixes #44099.
Built from https://develop.svn.wordpress.org/branches/4.9@43450


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 12:09:26 +00:00
Sergey Biryukov 9ad59101ab Privacy: do not show the comment cookies opt-in checkbox (on the front-end comments form) when comment cookies are disabled.
Props felipeelia, johnbillion.
Merges [43370] to the 4.9 branch.
Fixes #44342.
Built from https://develop.svn.wordpress.org/branches/4.9@43449


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 12:07:25 +00:00
Sergey Biryukov b74a18dc8b Privacy: Silence is golden and invisible.
"Be more discrete." declared matt in [3155], and since then, "Silence is Golden" has been the calling card of placeholder index files. Historically, these have been php files, but [43012] changed that and added index.html files for privacy export generated folders.

The php silence files produce no visible content. This adds consistency with these new html files in that there will be no visible content. Silence will fall when the question is asked.

Merges [43446] to the 4.9 branch.
Fixes #44195.
Props audrasjb, rafsuntaskin, Ov3rfly, johnbillion, pento
Built from https://develop.svn.wordpress.org/branches/4.9@43448


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-16 12:02:29 +00:00
Gary Pendergast 595cd450eb REST API: Filter responses based on the `_fields` parameter, before data is processed.
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.

This change causes `_fields` to be applied earlier, so that only requested fields are processed.

Merges [43087] to the 4.9 branch.

Props danielbachhuber.
See #43874.


Built from https://develop.svn.wordpress.org/branches/4.9@43445


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 06:51:27 +00:00
Gary Pendergast cb0ea9d291 Emoji: Update Twemoji to version 11.0.
🦹

Backport of [43377] to the 4.9 branch.

Props kraftbj,
Fixes #44339.


Built from https://develop.svn.wordpress.org/branches/4.9@43444


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 06:37:26 +00:00
Gary Pendergast 547a500699 REST API: Tweak permission checks for taxonomy and term endpoints
To match behaviour in the Classic Editor, we need to slightly loosen permissions on taxonomy and term endpoints. This allows users to create terms to assign to a post that they're editing.

Merges [43440] to the 4.9 branch.

Props danielbachhuber.
Fixes #44096.


Built from https://develop.svn.wordpress.org/branches/4.9@43443


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 06:29:25 +00:00
Gary Pendergast d802d709c7 REST API: Expose revision count and last revision ID on Post response
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.

Merge of [43439] and [43441] to the 4.9 branch.

Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs, pento.
Fixes #44321.


Built from https://develop.svn.wordpress.org/branches/4.9@43442


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 06:14:25 +00:00
Gary Pendergast 26f6aeaeea REST API: Declare user capabilities using JSON Hyper Schema's "targetSchema".
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.

Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.

This change also includes flags on post objects for the following actions:

- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.

Merges [43437] to the 4.9 branch.

Props TimothyBlynJacobs, danielbachhuber.
Fixes #44287.


Built from https://develop.svn.wordpress.org/branches/4.9@43438


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-11 09:21:29 +00:00
Aaron Campbell cf8c4fa0d8 Bump 4.9 branch to version 4.9.7
Built from https://develop.svn.wordpress.org/branches/4.9@43407


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 16:05:26 +00:00
John Blackbourn b564da95fb Media: Limit thumbnail file deletions to the same directory as the original file.
Built from https://develop.svn.wordpress.org/branches/4.9@43393


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-05 14:45:31 +00:00
Andrew Ozz b4aaf4a73c Privacy: add `esc_html` to assertion in test_wp_comments_personal_data_exporter.
Props mermel, 1naveengiri.
Merges [43371] to the 4.9 branch.
Fixes #44113.
Built from https://develop.svn.wordpress.org/branches/4.9@43372


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:40:47 +00:00
John Blackbourn 1f5f8129de Security: Harden the random aspect of the hash used for user profile and admin email address changes.
Props BjornW

Fixes #43771

Merges [43367] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@43368


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:39:07 +00:00
John Blackbourn 15054d8a94 Options, Meta APIs: Use the correct escaping function when outputting the meta box context.
Props khaihong, abdullahramzan, leanderiversen, aryamaaru, lbenicio, palmiak

Fixes #44274

Merges [43365] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@43366


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:38:18 +00:00
Sergey Biryukov cd2f52dda1 Privacy: Make sure `wp_add_privacy_policy_content()` does not cause a fatal error by unintentionally flushing rewrite rules outside of the admin context.
Add a `_doing_it_wrong()` message describing the correct usage of the function.

Props kraftbj, azaozz, SergeyBiryukov, YuriV.
Merges [43361], [43362], [43363] to the 4.9 branch.
Fixes #44142.
Built from https://develop.svn.wordpress.org/branches/4.9@43364


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:37:26 +00:00
Sergey Biryukov ea7c189825 Privacy: Only link to menus panel in Customizer if selected privacy page can be accessed there.
Props dlh.
Merges [43343] to the 4.9 branch.
Fixes #44117.
Built from https://develop.svn.wordpress.org/branches/4.9@43358


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:34:55 +00:00
Sergey Biryukov 567d4b0961 Community Events Dashboard: Always show a WordCamp if one is coming up.
WordCamps are celebrations of the local WordPress Community and once a local one is scheduled, people in that community should know it is coming. This adjusts the WordPress Events in the dashboard widgets to always display a WordCamp, even if there are multiple Meetups happening first.

Props iandunn, metalandcoffee, warmlaundry, alejandroxlopez, jorbin.
Merges [42726], [42728], and [43356] to the 4.9 branch.
Fixes #41112.
Built from https://develop.svn.wordpress.org/branches/4.9@43357


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:34:30 +00:00
Sergey Biryukov e2bf0ae498 Privacy: Remove unnecessary `This email has been sent to ###EMAIL###` from privacy emails.
The line was copied from the emails that get sent when an email address changes, without considering if it made sense in the new context.

Props iandunn, ianbelanger, desrosj.
Merges [43353] to the 4.9 branch.
Fixes #44030.
Built from https://develop.svn.wordpress.org/branches/4.9@43354


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:33:14 +00:00
Sergey Biryukov eaf96830ce Privacy: Fix typo in default privacy policy text.
Props garetharnold, abdullahramzan.
Merges [43350] to the 4.9 branch.
Fixes #44166.
Built from https://develop.svn.wordpress.org/branches/4.9@43351


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:31:57 +00:00
Sergey Biryukov 1bb5174584 Posts, Post Types: Clear post password cookie when logging out.
Props skoldin, subrataemfluence, ianbelanger, johnbillion.
Merges [43317] and [43318] to the 4.9 branch.
Fixes #44089.
Built from https://develop.svn.wordpress.org/branches/4.9@43349


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:31:05 +00:00
Sergey Biryukov ddc8032efd Users: In `wp_validate_user_request_key()`, properly return the `WP_Error` object in case the confirmation email has expired.
Props itowhid06.
Merges [43331] to the 4.9 branch.
Fixes #44298.
Built from https://develop.svn.wordpress.org/branches/4.9@43342


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:28:08 +00:00
John Blackbourn d668b72f5b Build/Test Tools: Allow the unit test framework to be used without the data directory in place.
Fixes #43982

Merges [43315] to the 4.9 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@43316


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-25 22:48:28 +00:00
Boone Gorges 30b40c8f52 Taxonomy: Improve cache handling when querying for terms using `all_with_object_id`.
When a term query using `fields=all_with_object_id` hits the cache, the
cached `stdClass` objects must be converted to `WP_Term` objects. This
was overlooked when `WP_Term_Query` was refactored to support object
queries in [38667].

Merges [43313] to the 4.9 branch.

Props dlh.
Fixes #44221.

Built from https://develop.svn.wordpress.org/branches/4.9@43314


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-25 01:26:29 +00:00
Sergey Biryukov 5129da3af5 Docs: Document the `cookies` default comment field added in [42772].
Props desrosj, chetan200891.
Merges [43304] to the 4.9 branch.
See #44125.
Built from https://develop.svn.wordpress.org/branches/4.9@43306


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 13:17:25 +00:00
Sergey Biryukov 98eb869d8b Docs: Add missing documentation and duplicate hook references for `wp_privacy_personal_data_export_file`, `wp_privacy_personal_data_exporters`, and `wp_privacy_personal_data_erasers` hooks.
Props birgire.
Merges [43303] to the 4.9 branch.
See #44125.
Built from https://develop.svn.wordpress.org/branches/4.9@43305


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 13:16:25 +00:00
Sergey Biryukov f1773beb0c Widgets: Allow basic inline tags in `wp_sidebar_description()`.
The customizer has allowed HTML in sidebar descriptions since adding support for sidebars. This change ensures that basic HTML is also allowed for them in the widgets admin screen.

Props flixos90.
Merges [43275] to the 4.9 branch.
Fixes #42608.
Built from https://develop.svn.wordpress.org/branches/4.9@43302


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 12:43:27 +00:00
Sergey Biryukov e782caa1e7 Comments: Escape permalink values on edit screen to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props 1naveengiri, joyously.
Merges [43290] to the 4.9 branch.
Fixes #44115.
Built from https://develop.svn.wordpress.org/branches/4.9@43301


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 12:40:26 +00:00
Sergey Biryukov 4d9aadc80c Privacy: Correct the error check when creating an export folder in `wp_privacy_generate_personal_data_export_file()`.
`wp_mkdir_p()` returns `false` on error, not a `WP_Error` object.

Props birgire.
Merges [43299] to the 4.9 branch.
Fixes #44158.
Built from https://develop.svn.wordpress.org/branches/4.9@43300


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 12:02:29 +00:00
Dominik Schilling 09734c5576 Branch 4.9 is now 4.9.7-alpha.
Built from https://develop.svn.wordpress.org/branches/4.9@43298


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-17 19:57:27 +00:00
iandunn 0afda3e678 Bump 4.9 branch to version 4.9.5.
Built from https://develop.svn.wordpress.org/branches/4.9@43296


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-17 18:56:26 +00:00
iandunn 05d3ae380d Bundled Themes: Bump version numbers and update changelogs for 4.9.6 release
Also, updates POT files for Twenty Ten and Twenty Eleven.

Props earnjam, laurelfulford.
Merges [43293] to the 4.9 branch.
Fixes #43915.

Built from https://develop.svn.wordpress.org/branches/4.9@43295


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-17 18:27:27 +00:00
iandunn d097213a7b Bundled Themes: Add link to privacy policy page in footer.
If a privacy policy has been set, then a link to it will automatically be shown in the footer.

The element containing the "Proudly powered by WordPress" link was chosen for the new policy link, in order to minimize visual conflicts with custom CSS that was written before the new link existed. Unfortunately, some minor conflicts are expected and unavoidable. Adding this link is required as part of GDPR compliance, and the benefits outweigh the downsides. 

To further mitigate the conflicts, a new imprint class was added to the "Proudly powered..." link, in order to facilitate targeting each link invididually with custom styles.

This was accidentally not backported to the `4.9` branch before the beta/RC phase, but there was a consensus that it is safe to do that this late in the release cycle. 
See https://wordpress.slack.com/archives/C02RQBWTW/p1526577643000132.
See https://wordpress.slack.com/archives/C02RQBWTW/p1526580781000240.

Props xkon, laurelfulford, birgire, azaozz, iandunn.
Merges [43051] to the 4.9 branch.
See #43715.

Built from https://develop.svn.wordpress.org/branches/4.9@43294


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43123 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-17 18:21:26 +00:00
iandunn bed757a726 Post WordPress 4.9.6 RC 2 version bump.
Built from https://develop.svn.wordpress.org/branches/4.9@43289


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 21:29:26 +00:00
iandunn 68c6632f86 WordPress 4.9.6 RC 2.
Built from https://develop.svn.wordpress.org/branches/4.9@43288


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 21:20:27 +00:00
iandunn 4bfee774d5 Privacy: Require `manage_privacy_options` to edit policy page.
A user is required to have the `manage_privacy_options` capability in order to determine which page is set as the privacy policy (the `wp_page_for_privacy_policy`). Given that, it doesn't make sense to allow users without that capability to edit or delete the page. 

A similar situation exists with the `page_for_posts` and `page_on_front` options, but Editors are allowed to edit those pages. The reason that this situation is different is because it is more likely that an administrator will want to restrict modifications to the privacy policy, than it is that they will want to allow modifications. Modifications to the policy often require specialized knowledge of local laws, and can have implications for compliance with those laws.

Props dlh, desrosj.
Merges [43286] to the 4.9 branch.
Fixes #44079.

Built from https://develop.svn.wordpress.org/branches/4.9@43287


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:59:25 +00:00
Andrew Ozz f4a436c522 Privacy: Rename exports folder to avoid deleting other files.
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.

To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.

The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.

Props johnjamesjacoby, allendav.
Merges [43284] to the 4.9 branch.
Fixes #44091.
Built from https://develop.svn.wordpress.org/branches/4.9@43285


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:32:26 +00:00
Andrew Ozz 2062f3f891 Privacy: use the more compatible `word-break: break-all;`, see [43278].
Merges [43282] to the 4.9 branch.
See #44092.
Built from https://develop.svn.wordpress.org/branches/4.9@43283


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:09:26 +00:00
Andrew Ozz d78a4944a2 Privacy: fix styling of the "next steps" buttons on the Export/Erase tools screens when text is long.
Props audrasjb, ianbelanger.
Merges [43278] to the 4.9 branch.
Fixes #44092.
Built from https://develop.svn.wordpress.org/branches/4.9@43281


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 19:45:27 +00:00
Andrew Ozz 3e4f800ee3 Privacy: fix styling of the Privacy Settings buttons on mobile/small screens.
Props ianbelanger, azaozz.
Merges [43279] to the 4.9 branch.
Fixes #44093.
Built from https://develop.svn.wordpress.org/branches/4.9@43280


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 19:43:28 +00:00
iandunn d1007dd45c Privacy: require `manage_privacy_options` capability for showing `WP_Privacy_Policy_Content::notice()`.
Props ocean90.
Merges [43248] to the 4.9 branch.
Fixes #44055.

Built from https://develop.svn.wordpress.org/branches/4.9@43277


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 18:04:25 +00:00
Andrew Ozz 61322a844a Privacy: Reposition log in policy link to avoid overlapping elements.
Previously, the link used absolute positioning, in order to stick it at the bottom of the page. That was done in order to create visual separation between it and the "action" links, like "Lost Your Password?"

The absolute positioning can cause conflicts in some situations, though. For example, if extra text or error notices are added above the form, then the login link would be positioned on top of other elements.

Switching to relative positioning with extra margins avoids those issues, while maintaining the visual separation between the "action" links and the privacy policy link.

Props imath, melchoyce, desrosj, xkon, iandunn.
Merges [43274] to the 4.9 branch.
Fixes #44046.
Built from https://develop.svn.wordpress.org/branches/4.9@43276


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 16:55:46 +00:00
Sergey Biryukov 09fe564f4e Privacy: only remove the "Suggested text has changed" bubble when an admin visits the Privacy Policy Guide screen.
Props azaozz.
Merges [43269] to the 4.9 branch.
Fixes #44063.
Built from https://develop.svn.wordpress.org/branches/4.9@43273


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 15:52:25 +00:00
Sergey Biryukov 9438733d24 Privacy: automatically create a Privacy Policy page when installing WordPress.
Props fclaussen, azaozz.
Merges [42981], [42982], [43243] to the 4.9 branch.
Fixes #43491.
Built from https://develop.svn.wordpress.org/branches/4.9@43272


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 15:30:26 +00:00
Sergey Biryukov 10c9d391a8 Privacy: fix Export and Erase Personal Data list-tables on small screens.
Props ianbelanger, subrataemfluence, desrosj.
Merges [43251] to the 4.9 branch.
Fixes #44026.
Built from https://develop.svn.wordpress.org/branches/4.9@43271


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 15:10:25 +00:00
Andrew Ozz 9b3e2b76b4 Privacy: Escape comment URLs in personal export file to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props birgire.
Merges [43245] to the 4.9 branch.
Fixes #44054.
Built from https://develop.svn.wordpress.org/branches/4.9@43270


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 14:08:29 +00:00