Commit Graph

302 Commits

Author SHA1 Message Date
Sergey Biryukov e5935d0436 Bootstrap/Load: Introduce `is_*_admin_screen()` aliases for `is_*_admin()` function family.
Following the introduction of `is_login_screen()` in [53884], it is time to reconsider the `is_*_admin()` functions:

* `is_admin()`: Determines whether the current request is for an administrative interface page.
* `is_blog_admin()`: Whether the current request is for a site's administrative interface, e.g. `/wp-admin/`.
* `is_network_admin()`: Whether the current request is for the network administrative interface, e.g. `/wp-admin/network/`.
* `is_user_admin()`: Whether the current request is for a user admin screen, e.g. `/wp-admin/user/`.

For someone new to WordPress, these names can be quite confusing, especially the last one. When using these functions, one always needs to remember that they don't actually check if the current user is a site administrator.

To complicate things further, there is one more similarly named function that does exactly the latter:
* `is_super_admin()`: Determines whether user is a site admin.

With the above in mind, this commit introduces aliases that better match the functionality and allow for more descriptive code:

* `is_admin()` → `is_admin_screen()`
* `is_blog_admin()` → `is_site_admin_screen()`
* `is_network_admin()` → `is_network_admin_screen()`
* `is_user_admin()` → `is_user_admin_screen()`

Additionally, `is_super_admin_user()` is introduced as an alias for `is_super_admin()`:
* `is_super_admin()` → `is_super_admin_user()`

Plugins and themes are encouraged to start using the newer function names to make code self-descriptive and bring more clarity. The older names are not deprecated at this time, though it may be up for discussion in the future.

Follow-up to [2481], [6412], [12393], [12732], [15558], [15481], [15746], [53884].

Props jrf, tobifjellner, SergeyBiryukov.
See #56400.
Built from https://develop.svn.wordpress.org/trunk@54259


git-svn-id: http://core.svn.wordpress.org/trunk@53818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-20 15:45:49 +00:00
davidbaumwald 89213a3e4e Role/Capability: Add a new `update_role` function.
Until now, changing a user's role involved deleting a user's role then re-adding.  This change creates a new `update_role` function and associated method in `WP_Roles` to consolidate this process.

This commit also introduces new unit tests around `update_role` and adds additional "unhappy path" tests for roles and capabilities in general.

Props maksimkuzmin, peterwilsoncc, NomNom99, costdev, SergeyBiryukov.
Fixes #54572.
Built from https://develop.svn.wordpress.org/trunk@54213


git-svn-id: http://core.svn.wordpress.org/trunk@53772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-19 20:49:10 +00:00
Sergey Biryukov 6e15f7fc9a Docs: Use third-person singular verbs for method descriptions in `wp-includes/class-wp-roles.php`, per the documentation standards.
See #55646.
Built from https://develop.svn.wordpress.org/trunk@53436


git-svn-id: http://core.svn.wordpress.org/trunk@53025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-05-23 15:01:12 +00:00
Sergey Biryukov 2972db4ba5 Users: Fail gracefully when checking mapped capabilities without providing the required object ID.
This avoids an `Undefined array key 0` PHP warning for `current_user_can()` capability checks that require a specific object to check against but an object ID was not passed.

A `_doing_it_wrong()` notice is also added, so that developers and site administrators are aware that the capability mapping is failing in the absence of the required object ID.

The list of mapped capabilities that require an object ID:

* `delete_post` / `delete_page`
* `edit_post` / `edit_page`
* `read_post` / `read_page`
* `publish_post`
* `edit_(post|comment|term|user)_meta` / `delete_*_meta` / `add_*_meta`
* `edit_comment`
* `edit_term` / `delete_term` / `assign_term`

Follow-up to [34091], [34113], [47178].

Props jeherve, peterwilsoncc, henry.wright, johnbillion, mattheweppelsheimer, hellofromTonya, JeffPaul, azouamauriac, Ninos Ego, TobiasBg, wpsmith, GaryJ, nacin, johnstonphilip, azaozz, SergeyBiryukov.
Fixes #44591.
Built from https://develop.svn.wordpress.org/trunk@53408


git-svn-id: http://core.svn.wordpress.org/trunk@52997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-05-17 19:01:20 +00:00
audrasjb 5d93f8d388 Docs: Use third-person singular verbs for function descriptions in `wp-includes/capabilities.php`, as per docs standards.
Props azouamauriac.
See #54729.


Built from https://develop.svn.wordpress.org/trunk@53249


git-svn-id: http://core.svn.wordpress.org/trunk@52838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-24 21:32:06 +00:00
TimothyBlynJacobs b2253ef74c Users: Prevent infinite loop when using capability checks during `determine_current_user` on multisite.
On multisite, when checking if a user has a certain capability WordPress makes an additional check to see if the user is a super admin. The `is_super_admin()` function contained a call to `wp_get_current_user()` so as the global current user object could be used if it matched the queried user id.

This would cause an infinite loop if a hook attached to the `determine_current_user` filter was itself making a permission check. For example when limiting who can use the Application Passwords feature based on their capabilities.

Since [50790] the `WP_User` instance for the current user is shared between `wp_get_current_user()` and `get_userdata()`. This means we can remove the `wp_get_current_user` call from `is_super_admin()` while still retaining the same behavior.

Props chrisvanpatten, peterwilsoncc.
Fixes #53386.

Built from https://develop.svn.wordpress.org/trunk@52157


git-svn-id: http://core.svn.wordpress.org/trunk@51749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-15 01:09:59 +00:00
Peter Wilson 4d2abda74a Roles/Caps: Return same result from `current_user_can` and `user_can()`.
Ensure `current_user_can()` and `user_can()` return the same results for logged out users. For core capabilities this changes `user_can( 0, 'exist' )` to return `true` rather than `false` in line with `current_user_can( 'exist' )` for logged out users.

Convert `current_user_can()` and `current_user_can_for_blog()` to wrapper functions ultimately calling `user_can()`.

Add anonymous user to primitive capability checks as appropriate. Convert `Tests_User_Capabilities::test_other_caps_for_all_roles()` to use a data provider and add tests to check whether user exists in the database (`WP_User::exists()`) as that intentionally differs from the `exist` capability.

Props jjj, johnbillion, peterwilsoncc, SergeyBiryukov, TimothyBlynJacobs.
Fixes #52076.


Built from https://develop.svn.wordpress.org/trunk@50490


git-svn-id: http://core.svn.wordpress.org/trunk@50103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-03-04 00:14:04 +00:00
Sergey Biryukov 9a64276184 Docs: Add a `@since` note to `map_meta_cap()` for the `update_https` capability.
Follow-up to [50122], [50131].

See #51800.
Built from https://develop.svn.wordpress.org/trunk@50138


git-svn-id: http://core.svn.wordpress.org/trunk@49817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 12:13:07 +00:00
Peter Wilson faa29f5716 Canonical: Prevent ID enumeration of private post slugs.
Add check to `redirect_canonical()` to ensure private posts only redirect for logged in users.

Modifies the `read_post` mata capability to user `get_post_status()` rather than the post's `post_status` property to allow attachments to redirect based on the inherited post status.

Introduces `wp_force_ugly_post_permalink()` to unify the check to determine if an ugly link should be displayed in each of the functions used for determining permalinks: `get_permalink()`, `get_post_permalink()`, `_get_page_link()` and `get_attachment_link()`.

Improves logic of `get_attachment_link()` to validate parent post and resolution of inherited post status. This is an incomplete fix of #52373 to prevent the function returning links resulting in a file not found error. Required to unblock this ticket.

Props peterwilsoncc, TimothyBlynJacobs.
See #52373.
Fixes #5272.

Built from https://develop.svn.wordpress.org/trunk@50132


git-svn-id: http://core.svn.wordpress.org/trunk@49811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:40:01 +00:00
Felix Arntz dbfbf5501a Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.

This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.

* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
    * A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
    * The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
    * The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
    * For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
    * A new `wp_update_urls_to_https()` function takes care of the update routine.
    * A new `update_https` meta capability is introduced to control access.
    * If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
    * A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
    * A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.

Props flixos90, timothyblynjacobs.
Fixes #51437.

Built from https://develop.svn.wordpress.org/trunk@50131


git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:10:01 +00:00
Sergey Biryukov 2024649ea9 Docs: Add `@since` notes for some of the recently introduced meta capabilities.
Follow-up to [42832], [43085], [43147], [43155], [43381], [44973], [50114].

See #51800.
Built from https://develop.svn.wordpress.org/trunk@50122


git-svn-id: http://core.svn.wordpress.org/trunk@49801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-01 17:24:02 +00:00
TimothyBlynJacobs c27098a3a3 App Passwords: Introduce fine grained capabilities.
Previously, all permission checks for using app passwords were implemented using `edit_user`. This commit introduces a series of more fine grained meta capabilities that should be used instead: `create_app_password`, `list_app_passwords`, `read_app_password`, `edit_app_password`, `delete_app_password` and `delete_app_passwords`. These capabilities all map to `edit_user` by default, but may now be customized by developers.

Props johnbillion, TimothyBlynJacobs.
Fixes #51703.

Built from https://develop.svn.wordpress.org/trunk@50114


git-svn-id: http://core.svn.wordpress.org/trunk@49793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-31 19:03:59 +00:00
John Blackbourn b59c0f307b Docs: Corrections and improvements to types used in various docblocks.
See #51800, #52217

Built from https://develop.svn.wordpress.org/trunk@49936


git-svn-id: http://core.svn.wordpress.org/trunk@49635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-05 17:16:11 +00:00
John Blackbourn ec900ebb43 Docs: Correct the documentation for the `map_meta_cap()` function and its filter.
See #51800

Built from https://develop.svn.wordpress.org/trunk@49802


git-svn-id: http://core.svn.wordpress.org/trunk@49525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-15 22:18:07 +00:00
Sergey Biryukov 3da046e1bc Taxonomy: Rename the `default_taxonomy_$taxonomy` option key to `default_term_$taxonomy`.
This better reflects the purpose of the option.

Follow-up to [48356], [48480].

See #43517.
Built from https://develop.svn.wordpress.org/trunk@48665


git-svn-id: http://core.svn.wordpress.org/trunk@48427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-28 15:42:07 +00:00
Sergey Biryukov 38e6367808 Coding Standards: Reformat a condifion for default taxonomy terms in `map_meta_cap()` for better readability.
Follow-up to [48356], [48480].

See #43517.
Built from https://develop.svn.wordpress.org/trunk@48664


git-svn-id: http://core.svn.wordpress.org/trunk@48426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-28 14:42:04 +00:00
whyisjake 49d23a2bbe Taxonomy: Add support for default terms for custom taxonomies.
The new default_term argument is added to `register_taxonomy()` allowing a user to define the default term `name` and optionally `slug` and `description`. 

Fixes #43517.

Props enrico.sorcinelli, SergeyBiryukov, desrosj, davidbaumwald, whyisjake.


Built from https://develop.svn.wordpress.org/trunk@48356


git-svn-id: http://core.svn.wordpress.org/trunk@48125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-07 00:55:03 +00:00
Sergey Biryukov d38a32bfac Coding Standards: Reformat some long `apply_filters_deprecated()` and `do_action_deprecated()` calls for better readability.
See #49542.
Built from https://develop.svn.wordpress.org/trunk@48167


git-svn-id: http://core.svn.wordpress.org/trunk@47936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-25 12:06:07 +00:00
desrosj 27485fd7aa General: Continuing to work towards a passing PHP Compatibility scan.
This is a final pass to fix PHP compatibiilty issues in the codebase with code changes or adding `phpcs:ignore` comments.

With this change, all PHP compatibility warnings and errors without specific tickets have been addressed (see #49810 and #41750).

Props desrosj, johnbillion, jrf.
See #49922.
Built from https://develop.svn.wordpress.org/trunk@47902


git-svn-id: http://core.svn.wordpress.org/trunk@47676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-03 17:40:12 +00:00
Sergey Biryukov 7932193708 Coding Standards: Use strict comparison where static strings are involved.
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47808


git-svn-id: http://core.svn.wordpress.org/trunk@47584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-16 18:42:12 +00:00
Sergey Biryukov 38676936ba Coding Standards: Use strict type check for `in_array()` and `array_search()` where strings are involved.
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47550


git-svn-id: http://core.svn.wordpress.org/trunk@47325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-05 03:02:11 +00:00
Sergey Biryukov 63ed0401a0 Privacy: Revert [47269] for now to address side effects on Multisite installations.
See #44176.
Built from https://develop.svn.wordpress.org/trunk@47280


git-svn-id: http://core.svn.wordpress.org/trunk@47080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-11 21:48:06 +00:00
Sergey Biryukov 30c7bb621c Privacy: Un-map privacy capabilities to make them available to be assigned for custom roles:
* `erase_others_personal_data`
* `export_others_personal_data`
* `manage_privacy_options`

Previously mapped to `manage_options` or `manage_network` (on Multisite), these are now added to the Administrator role separately.

Additionally, `manage_privacy_options` is added to the Editor role.

Props garrett-eclipse, xkon, pbiron, desrosj, johnbillion, flixos90, juliobox, lakenh, Ov3rfly, ianatkins.
Fixes #44176.
Built from https://develop.svn.wordpress.org/trunk@47269


git-svn-id: http://core.svn.wordpress.org/trunk@47069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-11 18:36:06 +00:00
Sergey Biryukov 641c632b0c Coding Standards: Use Yoda conditions where appropriate.
See #49222.
Built from https://develop.svn.wordpress.org/trunk@47219


git-svn-id: http://core.svn.wordpress.org/trunk@47019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-09 16:55:09 +00:00
Sergey Biryukov 46951e0b17 Posts, Post Types: Fail gracefully when checking mapped cap against unregistered post status.
With `map_meta_cap` enabled for a post type, the `read_post` capability for posts with a public status is supposed to be mapped to the post type's `read` capability.

When a post is left in the database after the post status is no longer present, and WP does a `read_post` check against it, a PHP notice was thrown, and the cap check always failed.

As a more graceful fallback, the cap is now mapped onto `edit_others_posts`, which allows highly privileged users to be able to access orphaned content.

A `_doing_it_wrong()` notice is also added, so that developers and site administrators are aware that the cap mapping is failing in the absence of the registered post status.

Follow-up to [34091], which introduced a similar approach to checking mapped caps against an unregistered post type.

Props roytanck, SergeyBiryukov.
Fixes #48653.
Built from https://develop.svn.wordpress.org/trunk@47178


git-svn-id: http://core.svn.wordpress.org/trunk@46978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-04 22:15:08 +00:00
Sergey Biryukov 001ffe81fb Docs: Improve inline comments per the documentation standards.
Includes minor code layout fixes for better readability.

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47122


git-svn-id: http://core.svn.wordpress.org/trunk@46922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 00:45:18 +00:00
Sergey Biryukov 1f816ad18d Docs: Use the `{@see ...}` tag for the replacement in `@deprecated` tags, so that Developer Reference could automatically link to the replacement.
Props jrf.
See #48255.
Built from https://develop.svn.wordpress.org/trunk@46685


git-svn-id: http://core.svn.wordpress.org/trunk@46485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-11-09 13:05:02 +00:00
John Blackbourn 9ac1d82f23 Docs: Further improve documentation of known return types, plus other docs fixes.
See #48303

Built from https://develop.svn.wordpress.org/trunk@46661


git-svn-id: http://core.svn.wordpress.org/trunk@46461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-11-05 21:27:02 +00:00
John Blackbourn 3caaa40fc6 Docs: Switch more docs over to typed array notation, plus some fixes.
See #48303, #41756

Built from https://develop.svn.wordpress.org/trunk@46596


git-svn-id: http://core.svn.wordpress.org/trunk@46393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-26 21:09:04 +00:00
Sergey Biryukov 8d1e51e9c7 Docs: Add a `@since` note about new parameters with the spread operator added to function signatures.
Props jrf.
See #47678.
Built from https://develop.svn.wordpress.org/trunk@46451


git-svn-id: http://core.svn.wordpress.org/trunk@46249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-09 04:28:02 +00:00
Sergey Biryukov d55f1f81c7 Code Modernisation: Replace `call_user_func_array()` in `wp-includes/capabilities.php` with a direct function call.
Props jrf.
See #47678.
Built from https://develop.svn.wordpress.org/trunk@46132


git-svn-id: http://core.svn.wordpress.org/trunk@45944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-15 11:23:56 +00:00
Sergey Biryukov e199663322 I18N: Capitalize translator comments consistently, add trailing punctuation.
Includes minor code layout fixes.

See #44360.
Built from https://develop.svn.wordpress.org/trunk@45932


git-svn-id: http://core.svn.wordpress.org/trunk@45743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-03 00:41:05 +00:00
K. Adam White 00cb4c7dbd REST API: Prevent deletion of post revisions.
Allowing the client to delete revisions breaks the "audit trail" functionality. This is not allowed in WordPress and shouldn't be allowed through the API.
While not recommended, a plugin may opt-in to the previous behavior by setting a custom 'delete_post' capability for the revisions post type.

Props dlh, danielbachhuber, TimothyBlynJacobs, azaozz, kadamwhite.
Fixes #43709.


Built from https://develop.svn.wordpress.org/trunk@45812


git-svn-id: http://core.svn.wordpress.org/trunk@45623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-15 22:01:55 +00:00
Sergey Biryukov 29b072e706 Docs: Add missing description for `$wpdb`, `$wp_db_version`, and `$wp_current_db_version` globals.
Props mukesh27, utsav72640, immeet94, SergeyBiryukov.
See #45604.
Built from https://develop.svn.wordpress.org/trunk@45734


git-svn-id: http://core.svn.wordpress.org/trunk@45545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-04 01:12:56 +00:00
Gary Pendergast 5d658427a8 Code Modernisation: Introduce the spread operator in `capabilities.php`.
Rather than relying `func_get_args()` to retrieve arbitrary function arguments, we can now use the spread operator to assign them directly to a variable.

Props jrf.
See #47678.

Built from https://develop.svn.wordpress.org/trunk@45622


git-svn-id: http://core.svn.wordpress.org/trunk@45433 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-11 23:46:56 +00:00
Gary Pendergast 4803fc405e Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in `wp-includes`.
See #47632.


Built from https://develop.svn.wordpress.org/trunk@45590


git-svn-id: http://core.svn.wordpress.org/trunk@45401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-02 23:42:58 +00:00
Peter Wilson a5e57d7245 Site health: Introduce `view_site_health_checks` capability.
Introduces the faux primitive capability `view_site_health_checks` available to single site admins and multisite super-admin to view the site health page within the admin.

The capability is mapped to the `install_plugins` capability without being dependent on the file system being writable. This fixes a bug where the feature couldn't be used by sites unable to write to the file system or managed through version control.

The capability is granted on the `user_has_cap` filter.

Props birgire, Clorith, palmiak, peterwilsoncc, spacedmonkey.
Fixes #46957.


Built from https://develop.svn.wordpress.org/trunk@45507


git-svn-id: http://core.svn.wordpress.org/trunk@45318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-06-10 07:42:52 +00:00
John Blackbourn 26d5e05b75 Docs: Standardise documentation for capability-related variadic functions.
See #37402

Built from https://develop.svn.wordpress.org/trunk@45419


git-svn-id: http://core.svn.wordpress.org/trunk@45230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-05-25 22:27:51 +00:00
Sergey Biryukov 8dcd3a09a8 I18N: Move the strings for default user roles to `wp-includes/capabilities.php`, to make the translations available on the front end as well.
Props keraweb, ocean90.
Fixes #37539.
Built from https://develop.svn.wordpress.org/trunk@44976


git-svn-id: http://core.svn.wordpress.org/trunk@44807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-21 22:23:52 +00:00
Felix Arntz 3a77265148 Bootstrap/Load: Introduce a recovery mode for fixing fatal errors.
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.

When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.

A link in the admin bar allows the client to exit recovery mode.

Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes #46130, #44458.

Built from https://develop.svn.wordpress.org/trunk@44973


git-svn-id: http://core.svn.wordpress.org/trunk@44804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-21 21:53:51 +00:00
Felix Arntz 92c3c46abe Bootstrap/Load: Revert fatal error recovery mechanism from 5.1 to polish for 5.2.
Due to the high number of follow-up tickets and associated security concerns, it was decided to reschedule the fatal error recovery feature for WordPress 5.2, in order to address these issues properly. The feature will continue to be developed, with iterations being merged into trunk early in the 5.2 release cycle.

Fixes #46141. See #44458, #45932, #45940, #46038, #46047, #46068.

Built from https://develop.svn.wordpress.org/trunk@44717


git-svn-id: http://core.svn.wordpress.org/trunk@44548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-30 11:01:52 +00:00
Felix Arntz 1e4088fc98 Bootstrap/Load: Introduce fatal error recovery mechanism allowing users to still log in to their admin dashboard.
This changeset introduces a `WP_Shutdown_Handler` class that detects fatal errors and which extension (plugin or theme) causes them. Such an error is then recorded, and an error message is displayed. Subsequently, in certain protected areas, for example the admin, the broken extension will be paused, ensuring that the website is still usable in the respective area. The major benefit is that this mechanism allows site owners to still log in to their website, to fix the problem by either disabling the extension or solving the bug and then resuming the extension.

Extensions are only paused in certain designated areas. The frontend for example stays unaffected, as it is impossible to know what pausing the extension would cause to be missing, so it might be preferrable to clearly see that the website is temporarily not accessible instead.

The fatal error recovery is especially important in scope of encouraging the switch to a maintained PHP version, as not necessarily every WordPress extension is compatible with all PHP versions. If problems occur now, non-technical site owners that do not have immediate access to the codebase are not locked out of their site and can at least temporarily solve the problem quickly.

Websites that have custom requirements in that regard can implement their own shutdown handler by adding a `shutdown-handler.php` drop-in that returns the handler instance to use, which must be based on a class that inherits `WP_Shutdown_Handler`. That handler will then be used in place of the default one.

Websites that would like to modify specifically the error template displayed in the frontend can add a `php-error.php` drop-in that works similarly to the existing `db-error.php` drop-in.

Props afragen, bradleyt, flixos90, ocean90, schlessera, SergeyBiryukov, spacedmonkey.
Fixes #44458.

Built from https://develop.svn.wordpress.org/trunk@44524


git-svn-id: http://core.svn.wordpress.org/trunk@44355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-09 20:05:49 +00:00
Jeremy Felt 3af9743b81 Blocks: Add the reusable block post type, `wp_block`.
Merges [43804] from the 5.0 branch to trunk.

See #45098.

Built from https://develop.svn.wordpress.org/trunk@44146


git-svn-id: http://core.svn.wordpress.org/trunk@43976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-14 02:15:37 +00:00
K. Adam White a7735117b6 Docs: Update @since version to 4.9.8 for meta registration subtype handling.
This feature has been backported to 4.9.8 so 5.0.0 is inaccurate.

See #38323.

Built from https://develop.svn.wordpress.org/trunk@43520


git-svn-id: http://core.svn.wordpress.org/trunk@43349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-23 17:02:25 +00:00
Felix Arntz e350e822f8 Role/Capability: Rename `upgrade_php` capability to more suitable `update_php`.
This brings the name in line with user-facing language and similar names of existing related capabilities. Since the capability has not been part of any WordPress release, it can be renamed without any backward-compatibility implications.

Also missing props benhuberman for [43006].

Fixes #44457.

Built from https://develop.svn.wordpress.org/trunk@43381


git-svn-id: http://core.svn.wordpress.org/trunk@43209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:44:38 +00:00
K. Adam White a89c86c711 REST API: Support meta registration for specific object subtypes.
Introduce an `object_subtype` argument to the args array for `register_meta()` which can be used to limit meta registration to a single subtype (e.g. a custom post type or taxonomy, vs all posts or taxonomies).

Introduce `register_post_meta()` and `register_term_meta()` wrapper methods for `register_meta` to provide a convenient interface for the common case of registering meta for a specific taxonomy or post type. These methods work the way plugin developers have often expected `register_meta` to function, and should be used in place of direct `register_meta` where possible.

Props flixos90, tharsheblows, spacedmonkey.
Fixes #38323.


Built from https://develop.svn.wordpress.org/trunk@43378


git-svn-id: http://core.svn.wordpress.org/trunk@43206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:43:21 +00:00
iandunn 461d17576c Privacy: Require `manage_privacy_options` to edit policy page.
A user is required to have the `manage_privacy_options` capability in order to determine which page is set as the privacy policy (the `wp_page_for_privacy_policy`). Given that, it doesn't make sense to allow users without that capability to edit or delete the page. 

A similar situation exists with the `page_for_posts` and `page_on_front` options, but Editors are allowed to edit those pages. The reason that this situation is different is because it is more likely that an administrator will want to restrict modifications to the privacy policy, than it is that they will want to allow modifications. Modifications to the policy often require specialized knowledge of local laws, and can have implications for compliance with those laws.

Props dlh, desrosj.
Fixes #44079.

Built from https://develop.svn.wordpress.org/trunk@43286


git-svn-id: http://core.svn.wordpress.org/trunk@43115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:44:21 +00:00
Andrew Ozz fbc98b8e75 Privacy: rename `manage_privacy_policy` to `manage_privacy_options`.
Props desrosj.
FIxes #43935.
Built from https://develop.svn.wordpress.org/trunk@43155


git-svn-id: http://core.svn.wordpress.org/trunk@42984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 19:31:21 +00:00
iandunn 9faae413dc Privacy: Limit Privacy Settings screen to Super Admins in Multisite.
In many common Multisite use cases, the network administrator will want to set a network-wide privacy policy -- via the `privacy_policy_url` filter -- for consistency and convenience. When that's done, the Privacy Settings screen on individual sites becomes unnecessary, and may confuse administrators of those sites when they see that their changes don't have any effect on the policy link in the footer.

Since we can't programatically determine which behavior the network admins would like, the safest default setting is to restrict the ability to super admins, and let them delegate it to individual site owners via a plugin, if they'd like to.

Fixes #43935.

Built from https://develop.svn.wordpress.org/trunk@43147


git-svn-id: http://core.svn.wordpress.org/trunk@42976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 17:25:21 +00:00
iandunn 93a90a9aa4 Privacy: Limit export and erasure to super admins on Multisite.
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.

Props allendav, jeremyfelt, iandunn.
Fixes #43919.

Built from https://develop.svn.wordpress.org/trunk@43085


git-svn-id: http://core.svn.wordpress.org/trunk@42914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 01:07:22 +00:00