Commit Graph

25575 Commits

Author SHA1 Message Date
Sergey Biryukov e0e564d84b Users: In `wp_validate_user_request_key()`, properly return the `WP_Error` object in case the confirmation email has expired.
Props itowhid06.
Fixes #44298.
Built from https://develop.svn.wordpress.org/trunk@43331


git-svn-id: http://core.svn.wordpress.org/trunk@43159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:23:27 +00:00
Sergey Biryukov 9ba957770e Docs: Remove obsolete `$wpdb` global references in `WP_User::__construct()` and `WP_User::for_blog()`.
Props mt8.biz.
Fixes #44295.
Built from https://develop.svn.wordpress.org/trunk@43330


git-svn-id: http://core.svn.wordpress.org/trunk@43158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:23:02 +00:00
Gary Pendergast fa5cf0a7d6 Build Tools: `grunt build` should only copy Core files.
Historically, `grunt build` has copied all files from the `src` directory to the `build` directory. This is usually fine, but can be super slow when there are lots of custom plugins or themes in the `src` directory.

To rectify this, we now only copy Core plugins and themes to `build`.

Props adamsilverstein, pento, johnbillion.
Fixes #44256.


Built from https://develop.svn.wordpress.org/trunk@43329


git-svn-id: http://core.svn.wordpress.org/trunk@43157 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:22:36 +00:00
Sergey Biryukov 9115444ee7 Build/Test Tools: Replace Codex home page link in "Read more about setting up your local development environment" with a more specific handbook link.
Props abdullahramzan, johnbillion.
Fixes #44228.
Built from https://develop.svn.wordpress.org/trunk@43328


git-svn-id: http://core.svn.wordpress.org/trunk@43156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:22:11 +00:00
Andrew Ozz ab65b61da9 Build tools: Grunt:
- Normalize `filepath` in the the `watch` event.
- Throw a warning when `watch` fails to process a file because the destination path cannot be determined.

Fixes #44262.
Built from https://develop.svn.wordpress.org/trunk@43327


git-svn-id: http://core.svn.wordpress.org/trunk@43155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:21:45 +00:00
Jeremy Felt 3ab90ab858 Docs: Document globals in validate_another_blog_signup().
Props mukesh27.
Fixes #43594.

Built from https://develop.svn.wordpress.org/trunk@43326


git-svn-id: http://core.svn.wordpress.org/trunk@43154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:21:21 +00:00
Sergey Biryukov dde7843f7e Docs: Fix typo in `Services_JSON` DocBlocks.
Props sagarnasit.
Fixes #44244.
Built from https://develop.svn.wordpress.org/trunk@43325


git-svn-id: http://core.svn.wordpress.org/trunk@43153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:20:54 +00:00
Jeremy Felt c3b788a205 Built/Test Tools: Increase grunt watch interval on all files.
Significantly reduces Grunt's CPU usage when `grunt watch` is in an idle/watching state.

Props netweb.
Fixes #44241.

Built from https://develop.svn.wordpress.org/trunk@43324


git-svn-id: http://core.svn.wordpress.org/trunk@43152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:20:23 +00:00
Andrew Ozz facf027fe7 Build tools: Update Grunt to version 1.0.2.
Props iandunn, netweb.
Fixes #42308.
Built from https://develop.svn.wordpress.org/trunk@43323


git-svn-id: http://core.svn.wordpress.org/trunk@43151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:19:59 +00:00
Andrew Ozz 87d1a3222b Build tools:
- Remove `check-node-version` from package.json for now. Throws errors.
- Minor fixes to package-lock.json, `http` => `https`.

See #44246.
Built from https://develop.svn.wordpress.org/trunk@43322


git-svn-id: http://core.svn.wordpress.org/trunk@43150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:19:33 +00:00
Andrew Ozz 6fd8080e7e Build tools: Use npm v6.1.0.
Props netweb.
Fixes #44245.
Built from https://develop.svn.wordpress.org/trunk@43320


git-svn-id: http://core.svn.wordpress.org/trunk@43149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-27 16:01:23 +00:00
Sergey Biryukov dd185824cd Docs: Fix typo in `_walk_bookmarks()` DocBlock.
Props abhijitrakas.
Fixes #44242.
Built from https://develop.svn.wordpress.org/trunk@43319


git-svn-id: http://core.svn.wordpress.org/trunk@43148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-27 08:36:23 +00:00
Sergey Biryukov 0ff5536bac Posts, Post Types: Use `COOKIEPATH` when clearing post password cookie, as that's the path it's created with.
See #44089.
Built from https://develop.svn.wordpress.org/trunk@43318


git-svn-id: http://core.svn.wordpress.org/trunk@43147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-27 01:33:22 +00:00
Sergey Biryukov a724d77a4e Posts, Post Types: Clear post password cookie when logging out.
Props skoldin, subrataemfluence, ianbelanger, johnbillion.
Fixes #44089.
Built from https://develop.svn.wordpress.org/trunk@43317


git-svn-id: http://core.svn.wordpress.org/trunk@43146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-26 12:43:23 +00:00
John Blackbourn e4b0a8d511 Build/Test Tools: Allow the unit test framework to be used without the data directory in place.
Fixes #43982
Built from https://develop.svn.wordpress.org/trunk@43315


git-svn-id: http://core.svn.wordpress.org/trunk@43144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-25 22:43:26 +00:00
Boone Gorges ecb4491670 Taxonomy: Improve cache handling when querying for terms using `all_with_object_id`.
When a term query using `fields=all_with_object_id` hits the cache, the
cached `stdClass` objects must be converted to `WP_Term` objects. This
was overlooked when `WP_Term_Query` was refactored to support object
queries in [38667].

Props dlh.
Fixes #44221.
Built from https://develop.svn.wordpress.org/trunk@43313


git-svn-id: http://core.svn.wordpress.org/trunk@43142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-25 01:23:23 +00:00
Gary Pendergast c5d5629471 Tools: Update `wp-cli.yml` to point to the `build` directory.
After [43309], WP-CLI should be running against the `build` directory, not the `src` directory.

Props jpry.
Fixes #44214.


Built from https://develop.svn.wordpress.org/trunk@43312


git-svn-id: http://core.svn.wordpress.org/trunk@43141 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-25 00:15:23 +00:00
John Blackbourn f57e182c87 Build/Test Tools: Roses are red, this fixes stuff.
Update the test infrastructure so that third party plugins, themes, and projects that use the core testing framework continue to operate from the `src` directory and do not require a build step.

Props mboynes, danielbachhuber, schlessera

See #43055

Built from https://develop.svn.wordpress.org/trunk@43311


git-svn-id: http://core.svn.wordpress.org/trunk@43140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-23 17:55:22 +00:00
Gary Pendergast 54f004e184 Following [43309], I need to change one little line,
And delete some left over cruft, only then shall we prevail.
There are some things easily missed, when using Git, which does not persist—
Empty directories, though that didn't derail—
Our Travis-based tests, which now must prevail.
            Quoth Travis CI, “Build did fail.”

See #43055.


Built from https://develop.svn.wordpress.org/trunk@43310


git-svn-id: http://core.svn.wordpress.org/trunk@43139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-23 11:03:24 +00:00
Gary Pendergast 922f83a69f Once upon a midnight dreary, while I coded, weak and weary,
In many a strange and curious file of forgotten lore—
While I pondered, blaming Nacin, my notifications suddenly awakened,
As of someone quietly DMing;—DMing me, I can’t ignore.
“’Tis some contributor,” I muttered, “DMing me an idea or four—
            Only this and nothing more.”

Ah, distinctly I remember, at WordCamp US, last December;
A mad proposal nearly laid me—down out cold—upon the floor.
Curious, I listened closely;—to a plan I agreed with, mostly—
A way to make our JavaScript—JavaScript which was a chore—
Maintainable, extendable, for the future, is what I saw.
            Guten-ready for evermore.

Open here I switch to Slack, when, with many a patch and hack,
In there stepped Omar, a JavaScript developer hardcore;
Pronouncing all the changes fit; ready now to be commit;
“There’s nothing else for us to do,” DMing me, “It’s done!” he swore—
“No longer random guessing at which file need next be explored—
            Let’s move on, we’re all aboard.”

Moved all together, grouped and managed, in folders all is packaged,
The code had all been cleaned and tidied, important parts moved to the fore,
“Though this change be useful here,” I said, “it is too large, I fear,
We couldn’t manage such a patch, we’ve done nothing like this before—
Tell me where doth go this change, change to make our codebase soar!”
            Quoth Omar, “In WordPress Core.”

Props omarreis for shepherding this significant change.
Props adamsilverstein, aduth, atimmer, dingo_bastard, frank-klein, gziolo, herregroen, jaswrks, jeremyfelt, jipmoors, jorbin, netweb, ocean90, pento, tjnowell, and youknowriad for testing, feedback, discussion, encouragement, commiserations, etc.
I make no apologies for this commit message.
Fixes #43055.


Built from https://develop.svn.wordpress.org/trunk@43309


git-svn-id: http://core.svn.wordpress.org/trunk@43138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-23 10:05:31 +00:00
Boone Gorges 2d62b67211 Taxonomy: Fix `$object_ids` reference in `WP_Term_Query` parameter documentation.
Props dlh.
Fixes #44200.
Built from https://develop.svn.wordpress.org/trunk@43308


git-svn-id: http://core.svn.wordpress.org/trunk@43137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-23 02:24:21 +00:00
Sergey Biryukov 0caf5278c6 Docs: Escape the `<!--nextpage-->` page tag in `wp_link_pages()` and `get_the_content()` description for proper display in Developer Reference.
Props grapplerulrich.
See #42505.
Built from https://develop.svn.wordpress.org/trunk@43307


git-svn-id: http://core.svn.wordpress.org/trunk@43136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-22 18:57:25 +00:00
Sergey Biryukov a30e75437a Docs: Document the `cookies` default comment field added in [42772].
Props desrosj, chetan200891.
See #44125.
Built from https://develop.svn.wordpress.org/trunk@43304


git-svn-id: http://core.svn.wordpress.org/trunk@43133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 13:13:21 +00:00
Sergey Biryukov b4320bcd8f Docs: Add missing documentation and duplicate hook references for `wp_privacy_personal_data_export_file`, `wp_privacy_personal_data_exporters`, and `wp_privacy_personal_data_erasers` hooks.
Props birgire.
See #44125.
Built from https://develop.svn.wordpress.org/trunk@43303


git-svn-id: http://core.svn.wordpress.org/trunk@43132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 13:03:21 +00:00
Sergey Biryukov 35f94eb211 Privacy: Correct the error check when creating an export folder in `wp_privacy_generate_personal_data_export_file()`.
`wp_mkdir_p()` returns `false` on error, not a `WP_Error` object.

Props birgire.
Fixes #44158.
Built from https://develop.svn.wordpress.org/trunk@43299


git-svn-id: http://core.svn.wordpress.org/trunk@43128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 11:59:24 +00:00
laurelfulford 12737b798b Bundled Themes: Bump version numbers and update changelogs for 4.9.6 release
* Also, updates POT files for Twenty Ten and Twenty Eleven.

Props earnjam, laurelfulford.

Fixes #43915.

Built from https://develop.svn.wordpress.org/trunk@43293


git-svn-id: http://core.svn.wordpress.org/trunk@43122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-17 17:07:22 +00:00
iandunn 00571b621c Tests: Add case for `wp_privacy_delete_old_export_files()`.
Props allendav.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43292


git-svn-id: http://core.svn.wordpress.org/trunk@43121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-17 16:39:22 +00:00
iandunn da2f23fa23 Tests: Add case for `wp_privacy_send_personal_data_export_email()`.
Props birgire.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43291


git-svn-id: http://core.svn.wordpress.org/trunk@43120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-16 23:54:20 +00:00
iandunn 2754419731 Comments: Escape permalink values on edit screen to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props 1naveengiri, joyously.
Fixes #44115.

Built from https://develop.svn.wordpress.org/trunk@43290


git-svn-id: http://core.svn.wordpress.org/trunk@43119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-16 22:39:21 +00:00
iandunn 461d17576c Privacy: Require `manage_privacy_options` to edit policy page.
A user is required to have the `manage_privacy_options` capability in order to determine which page is set as the privacy policy (the `wp_page_for_privacy_policy`). Given that, it doesn't make sense to allow users without that capability to edit or delete the page. 

A similar situation exists with the `page_for_posts` and `page_on_front` options, but Editors are allowed to edit those pages. The reason that this situation is different is because it is more likely that an administrator will want to restrict modifications to the privacy policy, than it is that they will want to allow modifications. Modifications to the policy often require specialized knowledge of local laws, and can have implications for compliance with those laws.

Props dlh, desrosj.
Fixes #44079.

Built from https://develop.svn.wordpress.org/trunk@43286


git-svn-id: http://core.svn.wordpress.org/trunk@43115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:44:21 +00:00
iandunn fdd5b8dacd Privacy: Rename exports folder to avoid deleting other files.
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.

To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.

The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.

Props johnjamesjacoby, allendav.
Fixes #44091.

Built from https://develop.svn.wordpress.org/trunk@43284


git-svn-id: http://core.svn.wordpress.org/trunk@43113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:22:20 +00:00
Andrew Ozz 534f732104 Privacy: use the more compatible `word-break: break-all;`, see [43278].
See #44092.
Built from https://develop.svn.wordpress.org/trunk@43282


git-svn-id: http://core.svn.wordpress.org/trunk@43111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:07:22 +00:00
Andrew Ozz 11ea5ebe0a Privacy: fix styling of the Privacy Settings buttons on mobile/small screens.
Props ianbelanger, azaozz.
Fixes #44093.
Built from https://develop.svn.wordpress.org/trunk@43279


git-svn-id: http://core.svn.wordpress.org/trunk@43108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 19:27:22 +00:00
Andrew Ozz 548f73cc7c Privacy: fix styling of the "next steps" buttons on the Export/Erase tools screens when text is long.
Props audrasjb, ianbelanger.
Fixes #44092.
Built from https://develop.svn.wordpress.org/trunk@43278


git-svn-id: http://core.svn.wordpress.org/trunk@43107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 18:59:21 +00:00
Felix Arntz dac5651f23 Widgets: Allow basic inline tags in `wp_sidebar_description()`.
The customizer has allowed HTML in sidebar descriptions since adding support for sidebars. This change ensures that basic HTML is also allowed for them in the widgets admin screen.

Fixes #42608.

Built from https://develop.svn.wordpress.org/trunk@43275


git-svn-id: http://core.svn.wordpress.org/trunk@43104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 16:55:21 +00:00
iandunn 3aaef96ff8 Privacy: Reposition log in policy link to avoid overlapping elements.
Previously, the link used absolute positioning, in order to stick it at the bottom of the page. That was done in order to create visual separation between it and the "action" links, like "Lost Your Password?"

The absolute positioning can cause conflicts in some situations, though. For example, if extra text or error notices are added above the form, then the login link would be positioned on top of other elements.

Switching to relative positioning with extra margins avoids those issues, while maintaining the visual separation between the "action" links and the privacy policy link.

Props imath, melchoyce, desrosj, xkon, iandunn.
Fixes #44046.

Built from https://develop.svn.wordpress.org/trunk@43274


git-svn-id: http://core.svn.wordpress.org/trunk@43103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 16:27:24 +00:00
Andrew Ozz 8c06c2c662 Privacy: only remove the "Suggested text has changed" bubble when an admin visits the Privacy Policy Guide screen.
Fixes #44063.
Built from https://develop.svn.wordpress.org/trunk@43269


git-svn-id: http://core.svn.wordpress.org/trunk@43098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 17:52:21 +00:00
Andrew Ozz 2e9b08b3a2 Privacy: add `wp_page_for_privacy_policy` to `populate_options()`.
Props ocean90.
Fixes #44076.
Built from https://develop.svn.wordpress.org/trunk@43267


git-svn-id: http://core.svn.wordpress.org/trunk@43096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 17:00:22 +00:00
Andrew Ozz 242e6eea46 Privacy: fix markup for the table of contents on privacy policy guide screen.
Props ocean90, azaozz.
Fixes #44056.
Built from https://develop.svn.wordpress.org/trunk@43265


git-svn-id: http://core.svn.wordpress.org/trunk@43094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 16:46:23 +00:00
Andrew Ozz b5564c8646 Privacy: fix the "Privacy Policy Guide updated" message and add a link to the guide.
Props birgire, azaozz.
Fixes #44057.
Built from https://develop.svn.wordpress.org/trunk@43263


git-svn-id: http://core.svn.wordpress.org/trunk@43092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 16:21:21 +00:00
Dominik Schilling 2d4311e32e Privacy: Remove `is-dismissible` class from notice when privacy info has changed.
The notice isn't dismissible as it only gets removed once you visit the privacy guide, see #44057 and #44063.

Fixes #44065.

Built from https://develop.svn.wordpress.org/trunk@43261


git-svn-id: http://core.svn.wordpress.org/trunk@43090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 15:55:21 +00:00
Dominik Schilling d3b3cc3fa5 Privacy: Don't show privacy feature pointer to new users.
Fixes #44062.
Built from https://develop.svn.wordpress.org/trunk@43259


git-svn-id: http://core.svn.wordpress.org/trunk@43088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 15:50:22 +00:00
John Blackbourn 810cbb537b Docs: Add missing HTTP methods to the list of those supported.
See #42505

Built from https://develop.svn.wordpress.org/trunk@43258


git-svn-id: http://core.svn.wordpress.org/trunk@43087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 15:23:21 +00:00
Andrew Ozz 3ee58b55b1 Privacy: improve inline documentation.
Props desrosj.
Fixes #44075.
Built from https://develop.svn.wordpress.org/trunk@43256


git-svn-id: http://core.svn.wordpress.org/trunk@43085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 14:53:21 +00:00
Andrew Ozz e765930982 Privacy: fix Export and Erase Personal Data list-tables on small screens.
Props ianbelanger, subrataemfluence, desrosj.
Fixes #44026.
Built from https://develop.svn.wordpress.org/trunk@43251


git-svn-id: http://core.svn.wordpress.org/trunk@43080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 09:21:21 +00:00
Andrew Ozz cb084eefd8 Privacy: define `$title` and `$parent_file` in privacy.php. Fixes showing the proper document title.
Props ocean90.
Fixes #44064.
Built from https://develop.svn.wordpress.org/trunk@43250


git-svn-id: http://core.svn.wordpress.org/trunk@43079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 08:29:22 +00:00
Andrew Ozz a75b113bed Privacy: fix two typos in `WP_Privacy_Policy_Content::get_default_content()`.
Props dlh.
Fixes #44050.
Built from https://develop.svn.wordpress.org/trunk@43249


git-svn-id: http://core.svn.wordpress.org/trunk@43078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-13 11:15:21 +00:00
Andrew Ozz b82fed1806 Privacy: require `manage_privacy_options` capability for showing `WP_Privacy_Policy_Content::notice()`.
Props ocean90.
Fixes #44055.
Built from https://develop.svn.wordpress.org/trunk@43248


git-svn-id: http://core.svn.wordpress.org/trunk@43077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-13 11:04:21 +00:00
Sergey Biryukov 9a390ea6bd Docs: Correct type for `WP_Taxonomy::$cap`.
Props dlh.
Fixes #44061.
Built from https://develop.svn.wordpress.org/trunk@43247


git-svn-id: http://core.svn.wordpress.org/trunk@43076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-13 10:31:22 +00:00
iandunn 7f23a920d2 Privacy: Reposition pointer to ensure dismiss link is always visible.
r43158 introduced a new admin pointer for the privacy tools added in 4.9.6. With the previous positioning, though, sometimes the `Dismiss` link would be fixed off screen, making it impossible for the user to dismiss the pointer. This happened when there were enough extra menu items, or when the viewport height was short enough.

This commit repositions the pointer to work around that problem. One down side of this workaround is that the arrow will not always be positioned next to the `Tools` menu, where it should be. That's an acceptable compromise given the current time constraints, though. A long term solution would be to make `WP_Pointer` robust enough to handle this use case.

Props imath, audrasjb, desrosj.
Fixes #44045.

Built from https://develop.svn.wordpress.org/trunk@43246


git-svn-id: http://core.svn.wordpress.org/trunk@43075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-12 17:29:21 +00:00
iandunn fc800115a7 Privacy: Escape comment URLs in personal export file to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props birgire.
Fixes #44054.

Built from https://develop.svn.wordpress.org/trunk@43245


git-svn-id: http://core.svn.wordpress.org/trunk@43074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-12 15:56:21 +00:00
Weston Ruter 89708c5cec Customize: Hide expansion arrows in Customizer's available widgets list.
Fixes regression introduced by [42794].

Props dlh.
See #40677.
Fixes #43983.

Built from https://develop.svn.wordpress.org/trunk@43244


git-svn-id: http://core.svn.wordpress.org/trunk@43073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-11 17:35:23 +00:00
Andrew Ozz 1b1cc0b371 Privacy: make creating a privacy policy page on install multisite compatible.
See #43491.
Built from https://develop.svn.wordpress.org/trunk@43243


git-svn-id: http://core.svn.wordpress.org/trunk@43072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-11 15:44:21 +00:00
Andrew Ozz 5c5a527d96 Privacy: exclude the wrapper from the default policy content.
Fixes #44048.
Built from https://develop.svn.wordpress.org/trunk@43242


git-svn-id: http://core.svn.wordpress.org/trunk@43071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-11 15:07:21 +00:00
Sergey Biryukov b7ff8e4f9f Privacy: On Privacy Settings screen, check if any pages exist before displaying the page selector.
Props abdullahramzan, desrosj, melchoyce.
Fixes #43940.
Built from https://develop.svn.wordpress.org/trunk@43238


git-svn-id: http://core.svn.wordpress.org/trunk@43067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 21:39:22 +00:00
iandunn b26ab11343 Privacy: Expose erasure notification recipient to filter callbacks.
The previous `user_email` value was redundant, because it always matched `$request_data->email`. That value might be different from where the message is sent, though, if the `user_erasure_fulfillment_email_to` filter is used. If they are different, then callbacks for the `user_confirmed_action_email_content` filter may want to distinguish between the email address of the user making the request, and the email address that the confirmation notification is being sent to.

Props desrosj, iandunn.
See #43973.

Built from https://develop.svn.wordpress.org/trunk@43236


git-svn-id: http://core.svn.wordpress.org/trunk@43065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 21:20:22 +00:00
Sergey Biryukov 0a9de1ef2e Privacy: Normalize file paths in `wp_privacy_generate_personal_data_export_file()` to make sure Windows paths don't have their backslashes stripped.
Props xkon, pmbaldha.
Fixes #43908.
Built from https://develop.svn.wordpress.org/trunk@43234


git-svn-id: http://core.svn.wordpress.org/trunk@43063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 21:11:23 +00:00
Sergey Biryukov ae2b929294 Privacy: Update request confirmation notice text for clarity.
Props desrosj, melchoyce, garrett-eclipse.
Fixes #43970.
Built from https://develop.svn.wordpress.org/trunk@43232


git-svn-id: http://core.svn.wordpress.org/trunk@43061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 20:53:21 +00:00
Sergey Biryukov bed52dda40 Privacy: Send an email notification to the user once their personal data erasure request is fulfilled.
Props desrosj, allendav, garrett-eclipse.
Fixes #43973.
Built from https://develop.svn.wordpress.org/trunk@43230


git-svn-id: http://core.svn.wordpress.org/trunk@43059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 20:43:22 +00:00
Sergey Biryukov 699cccd86e Privacy: Avoid a PHP notice in `wp_ajax_wp_privacy_erase_personal_data()`, make sure `$eraser_key` is always defined.
Props allendav.
Fixes #44040.
Built from https://develop.svn.wordpress.org/trunk@43228


git-svn-id: http://core.svn.wordpress.org/trunk@43057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 20:24:23 +00:00
Sergey Biryukov 5028eb01fd General: Skip `test_is_countable_ResourceBundle()` on PHP 5.3 and below.
`ResourceBundle` is only countable in PHP 5.4+, which can be considered an acceptable edge case for WordPress core purposes.

Props jrf, ayeshrajans.
Fixes #43583.
Built from https://develop.svn.wordpress.org/trunk@43226


git-svn-id: http://core.svn.wordpress.org/trunk@43055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 20:16:21 +00:00
iandunn 8af721fff8 Privacy: Replace intrusive policy update notice with menu bubbles.
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue. 

An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.

The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.

Props azaozz, xkon, iandunn.
Fixes #43954. See #43953.

Built from https://develop.svn.wordpress.org/trunk@43223


git-svn-id: http://core.svn.wordpress.org/trunk@43052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 19:52:21 +00:00
Andrew Ozz 7b5f40133a TinyMCE: switch off concatenation when a custom TinyMCE theme is used. Prevents conflict with the default theme as it loads first.
Props programmin, azaozz.
Fixes #43969.
Built from https://develop.svn.wordpress.org/trunk@43222


git-svn-id: http://core.svn.wordpress.org/trunk@43051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 19:50:21 +00:00
Sergey Biryukov 29d5e980cc General: In the `is_countable()` polyfill, if the provided object implements `SimpleXMLElement` or `ResourceBundle`, consider it countable.
Props ayeshrajans, jrf, desrosj.
Fixes #43583.
Built from https://develop.svn.wordpress.org/trunk@43220


git-svn-id: http://core.svn.wordpress.org/trunk@43049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 17:58:22 +00:00
Sergey Biryukov f766c46904 Privacy: Tweak Privacy Policy page intro text for clarity.
Props macbookandrew, allendav.
See #43933.
Built from https://develop.svn.wordpress.org/trunk@43218


git-svn-id: http://core.svn.wordpress.org/trunk@43047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 16:12:21 +00:00
Andrew Ozz 12d7f2be78 Privacy: fix styling on personal data tables.
Props melchoyce, allendav.
Fixes #43909.
Built from https://develop.svn.wordpress.org/trunk@43216


git-svn-id: http://core.svn.wordpress.org/trunk@43045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 16:02:21 +00:00
Andrew Ozz 7d9265e5c5 Privacy: cleanup of the "Export Personal Data" and "Erase Personal Data" screens.
Props desrosj, xkon.
See #43929.
Built from https://develop.svn.wordpress.org/trunk@43212


git-svn-id: http://core.svn.wordpress.org/trunk@43041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 10:01:21 +00:00
iandunn 06fd54dab6 Privacy: Notify admin via email when a request is confirmed.
Previously the admin didn't have any way to know if a pending request was ready to be processed, aside from manually checking the Export/Erase pages. Sending them an email is a much more convenient option.

Props garrett-eclipse, desrosj, iandunn.
See #43967.

Built from https://develop.svn.wordpress.org/trunk@43211


git-svn-id: http://core.svn.wordpress.org/trunk@43040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 05:00:20 +00:00
iandunn 107b52191b Privacy: Reposition admin pointer to avoid covering collapsed menu.
Previously the pointer overlapped the menu in order to draw attention to the fact that it applies to both the `Tools` and `Settings` menus. That caused a conflict if the menu was collapsed, though, because the icons were covered by the pointer and therefore inaccessible.

Additionally, minor tweaks were made to the text order and formatting. The order of the two sections was swapped in the title and paragraph, in order to match the order of the corresponding menu items. The spacing around headings and paragraphs was tweaked to remove extraneous whitespace.

Props littler.chicken, desrosj, ianbelanger, melchoyce.
Fixes #43961.

Built from https://develop.svn.wordpress.org/trunk@43210


git-svn-id: http://core.svn.wordpress.org/trunk@43039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 03:03:20 +00:00
Sergey Biryukov 760ab78ff9 Privacy: Pass export request ID to `wp_privacy_personal_data_export_file_created` filter.
Props thomasplevy.
Fixes #44031.
Built from https://develop.svn.wordpress.org/trunk@43208


git-svn-id: http://core.svn.wordpress.org/trunk@43037 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 23:18:22 +00:00
Sergey Biryukov 47e6c2f9ec Privacy: Make the help hint for Privacy Policy page more translatable and accessible.
Props tobifjellner.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43206


git-svn-id: http://core.svn.wordpress.org/trunk@43035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 23:12:21 +00:00
John Blackbourn bd9b25afbb Upgrade/Install: Correctly internationalise error messages during config setup.
Fixes #43997

Built from https://develop.svn.wordpress.org/trunk@43205


git-svn-id: http://core.svn.wordpress.org/trunk@43034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 22:52:21 +00:00
Andrew Ozz 35d5911ae8 Privacy: fixes for the privacy policy guide and suggested content:
- Separate the guide text form the suggested policy text.
- Add table of content for easier navigation.
- Move the content to tools.php (prevents the settings menu of being open).
- Add a link to the guide from the Privacy settings screen.

Props melchoyce, azaozz.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43203


git-svn-id: http://core.svn.wordpress.org/trunk@43032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 20:51:23 +00:00
Andrew Ozz ae3e9188ce Privacy: remove the help tab from Settings => Privacy until we have something helpful to say :)
Props allendav.
See #44023.
Built from https://develop.svn.wordpress.org/trunk@43201


git-svn-id: http://core.svn.wordpress.org/trunk@43030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 18:12:22 +00:00
Andrew Ozz 89a11a8c42 Privacy: remove leftover comment after [43197].
See #43968.
Built from https://develop.svn.wordpress.org/trunk@43199


git-svn-id: http://core.svn.wordpress.org/trunk@43028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 17:57:20 +00:00
Andrew Ozz f665d16945 Privacy: add request type and filter to the subject of request confirmation emails for GDPR.
Props desrosj, azaozz.
See #43968.
Built from https://develop.svn.wordpress.org/trunk@43197


git-svn-id: http://core.svn.wordpress.org/trunk@43026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 17:51:21 +00:00
Andrew Ozz 362e9754f3 Privacy: increase filter priority of the User group in Personal Data Exports.
Props allendav desrosj.
See #43966.
Built from https://develop.svn.wordpress.org/trunk@43195


git-svn-id: http://core.svn.wordpress.org/trunk@43024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 17:12:21 +00:00
Andrew Ozz 83c07f7a50 Privacy: fix spacing on small screens for the Use This Page button in Privacy Tools.
Props PressTigers, desrosj.
Fixes #43852.
Built from https://develop.svn.wordpress.org/trunk@43193


git-svn-id: http://core.svn.wordpress.org/trunk@43022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 16:13:21 +00:00
Sergey Biryukov 367c2e945a Privacy: Add `id` attribute to `WP_Privacy_Requests_Table` and `WP_Privacy_Data_Export_Requests_Table` rows, for consistency with other post list tables.
Props desrosj.
Fixes #44015.
Built from https://develop.svn.wordpress.org/trunk@43191


git-svn-id: http://core.svn.wordpress.org/trunk@43020 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 15:06:22 +00:00
Sergey Biryukov db66ae1123 Docs: Remove unused `###USERNAME###` placeholder reference from `user_request_action_email_content` filter documentation.
Props desrosj.
Fixes #44016.
Built from https://develop.svn.wordpress.org/trunk@43189


git-svn-id: http://core.svn.wordpress.org/trunk@43018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 14:38:21 +00:00
iandunn 4467a9226c Privacy: Mark erasure requests as completed after processing.
r42986 introduced the beginnings of an Ajax handler for processing requests to erase personal data. At the time, a method for marking requests as completed was planned, but had not yet been created. This commit introduces that mechanism, bringing the erasure process closer to completion.

Props coreymckrill, allendav.
Fixes #43922.

Built from https://develop.svn.wordpress.org/trunk@43185


git-svn-id: http://core.svn.wordpress.org/trunk@43014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 01:02:22 +00:00
Andrew Ozz 3099f4d9ed Privacy: outputting the privacy policy guide and suggested content to a new page instead of a postbox.
Props melchoyce, azaozz.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43184


git-svn-id: http://core.svn.wordpress.org/trunk@43013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-08 23:45:21 +00:00
iandunn 76efbf47da Privacy: Mark processed requests as completed instead of confirmed.
r43008 refactored the request flow to make several improvements, but accidentally marked `completed` requests as `confirmed`. This commit restores the intended statuses, so that the data and corresponding UI reflect reality.

Props allendav, birgire.
Fixes #43913.

Built from https://develop.svn.wordpress.org/trunk@43183


git-svn-id: http://core.svn.wordpress.org/trunk@43012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-08 23:29:20 +00:00
Andrew Ozz 4a3b42a09e TinyMCE: fix setting of zIndex on the dialogs.
Props subrataemfluence, azaozz.
See #43984.
Built from https://develop.svn.wordpress.org/trunk@43181


git-svn-id: http://core.svn.wordpress.org/trunk@43010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-08 20:54:22 +00:00
iandunn 798e3dc84d Privacy: Reuse existing archive filenames to maintain URLs.
Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.

That can be avoided by reusing the same filename when building fresh archives.

Props desrosj, tz-media, allendav.
Fixes #43905.

Built from https://develop.svn.wordpress.org/trunk@43180


git-svn-id: http://core.svn.wordpress.org/trunk@43009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-08 00:52:21 +00:00
John Blackbourn bfba73995c Plugins: Correct another instance of incorrect parameter ordering when displaying plugins with more than one million active installations.
See #43193

Built from https://develop.svn.wordpress.org/trunk@43179


git-svn-id: http://core.svn.wordpress.org/trunk@43008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-07 21:43:20 +00:00
John Blackbourn 930c98b7d8 Plugins: Correct the parameters used when displaying plugins with more than one million active installations.
Fixes #43193

Built from https://develop.svn.wordpress.org/trunk@43178


git-svn-id: http://core.svn.wordpress.org/trunk@43007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-07 21:30:23 +00:00
John Blackbourn 8b34c79cec Docs: Update and correct various inline documentation.
See #42505, #41756

Built from https://develop.svn.wordpress.org/trunk@43177


git-svn-id: http://core.svn.wordpress.org/trunk@43006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-07 17:20:22 +00:00
Sergey Biryukov 8bc4e6d94f Privacy: Use the terms "erase"/"erasure" instead of "remove"/"removal" for personal data.
Props allendav.
Fixes #43920.
Built from https://develop.svn.wordpress.org/trunk@43175


git-svn-id: http://core.svn.wordpress.org/trunk@43004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-07 16:45:22 +00:00
Sergey Biryukov cd4c960a6c Administration: Change all the occurrences of "(opens in a new window)" to "(opens in a new tab)".
Props chetan200891, ianbelanger, afercia.
Fixes #43803.
Built from https://develop.svn.wordpress.org/trunk@43174


git-svn-id: http://core.svn.wordpress.org/trunk@43003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-05 09:45:22 +00:00
Sergey Biryukov daacd57fd4 Privacy: Change "Email Data" link text on "Export Personal Data" screen to "Send Export Link" for clarity.
Props birgire, ianbelanger.
Fixes #43964.
Built from https://develop.svn.wordpress.org/trunk@43172


git-svn-id: http://core.svn.wordpress.org/trunk@43001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-05 09:17:21 +00:00
Sergey Biryukov f055261a05 Privacy: Remove stray closing tag in `WP_Privacy_Policy_Content::get_default_content()`, fix typo in `@return` tag.
Props dlh, tobifjellner.
Fixes #43951.
Built from https://develop.svn.wordpress.org/trunk@43170


git-svn-id: http://core.svn.wordpress.org/trunk@42999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-04 01:56:22 +00:00
Sergey Biryukov abb666a812 Docs: Add missing duplicate hook comment for `user_request_key_expiration` filter.
Props birgire, desrosj.
Fixes #43934.
Built from https://develop.svn.wordpress.org/trunk@43168


git-svn-id: http://core.svn.wordpress.org/trunk@42997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-04 01:49:22 +00:00
Sergey Biryukov 3e232e8f1e Customize: Correct closing tag in `WP_Customize_Theme_Control::content_template()`.
Props itowhid06.
Fixes #43945.
Built from https://develop.svn.wordpress.org/trunk@43166


git-svn-id: http://core.svn.wordpress.org/trunk@42995 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-04 01:03:22 +00:00
iandunn 0e0473c9ff Privacy: Return before scheduling cron during install to avoid error.
r43046 introduced `wp_schedule_delete_old_privacy_export_files()` to schedule the `wp_privacy_delete_old_export_files` cron job, but it did not check to make sure it wasn't running in the context of the install process. When it did run in that context, it created a database error, because the necessary database tables don't exist at that point.

Checking the current context and returning early during the installation phase avoids that issue.

Props helen, timothyblynjacobs, iandunn.
Fixes #43952.

Built from https://develop.svn.wordpress.org/trunk@43162


git-svn-id: http://core.svn.wordpress.org/trunk@42991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 21:11:21 +00:00
iandunn 870e1a27f2 Privacy: Redirect to newly created Privacy Policy page to improve UX.
Previously the user was shown a message that the page was created, but might not understand that they still need to visit the page and publish it. Redirecting them to the page makes it more obvious that additional steps are involved.

Props Clorith, xkon, azaozz.
Fixes #43926.

Built from https://develop.svn.wordpress.org/trunk@43160


git-svn-id: http://core.svn.wordpress.org/trunk@42989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 20:06:21 +00:00
iandunn 30b5cad03d Privacy: Add an admin pointer for new privacy features in 4.9.6.
The new features are very important for some users, because of their GDPR obligations. They're also spread across multiple top-level menus, making them less discoverable. An admin pointer will help to ensure that users are aware of the new tools and how to find them.

Props desrosj, andreamiddleton, allendav, xkon. 
Fixes #43942.

Built from https://develop.svn.wordpress.org/trunk@43158


git-svn-id: http://core.svn.wordpress.org/trunk@42987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 19:45:21 +00:00
Andrew Ozz fbc98b8e75 Privacy: rename `manage_privacy_policy` to `manage_privacy_options`.
Props desrosj.
FIxes #43935.
Built from https://develop.svn.wordpress.org/trunk@43155


git-svn-id: http://core.svn.wordpress.org/trunk@42984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 19:31:21 +00:00
iandunn 3d4c461e50 Privacy: Store plugin callbacks in associative array for flexibility.
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.

Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.

Props desrosj, allendav, ocean90.
Fixes #43931.

Built from https://develop.svn.wordpress.org/trunk@43154


git-svn-id: http://core.svn.wordpress.org/trunk@42983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 19:28:21 +00:00
Andrew Ozz 58b2e6e143 Privacy: use `sprintf()` in translations.
Props birgire.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43150


git-svn-id: http://core.svn.wordpress.org/trunk@42979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 18:25:21 +00:00