Commit Graph

25399 Commits

Author SHA1 Message Date
iandunn 93a90a9aa4 Privacy: Limit export and erasure to super admins on Multisite.
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.

Props allendav, jeremyfelt, iandunn.
Fixes #43919.

Built from https://develop.svn.wordpress.org/trunk@43085


git-svn-id: http://core.svn.wordpress.org/trunk@42914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 01:07:22 +00:00
Sergey Biryukov ae8d70c06c Docs: Update `@since` version numbers for `wp_privacy_anonymize_ip()` and `wp_privacy_anonymize_data()`.
Props joemcgill.
See #43545.
Built from https://develop.svn.wordpress.org/trunk@43081


git-svn-id: http://core.svn.wordpress.org/trunk@42910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:41:21 +00:00
Sergey Biryukov ac0bf9d352 Login and Registration: Send `nocache_headers()` on Multisite account activation pages.
Props herregroen.
Fixes #43917.
Built from https://develop.svn.wordpress.org/trunk@43065


git-svn-id: http://core.svn.wordpress.org/trunk@42894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 22:08:20 +00:00
Sergey Biryukov 8e01f9f99b Privacy: Move "Mine" filter for media items above "Trash".
See #43820.
Built from https://develop.svn.wordpress.org/trunk@43063


git-svn-id: http://core.svn.wordpress.org/trunk@42892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 21:47:21 +00:00
Sergey Biryukov 6c2470a091 I18N: Add context for "Mine" string added in [43056].
See #43820.
Built from https://develop.svn.wordpress.org/trunk@43062


git-svn-id: http://core.svn.wordpress.org/trunk@42891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 21:37:23 +00:00
Andrew Ozz 2f321e234e Privacy: improve `wp_privacy_erase_personal_data()`, return boolean values.
Props ericdaams.
See #43602.
Built from https://develop.svn.wordpress.org/trunk@43061


git-svn-id: http://core.svn.wordpress.org/trunk@42890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 19:27:22 +00:00
Andrew Ozz f376b6b0c9 Privacy: translate error messages, some fixes and improvements for the AJAX actions for exporting and erasing user data.
Props desrosj, birgire.
See #43438.
Built from https://develop.svn.wordpress.org/trunk@43060


git-svn-id: http://core.svn.wordpress.org/trunk@42889 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 19:00:20 +00:00
iandunn 9bb0e18c82 Privacy: Include `wp-admin/includes/file.php` to avoid fatal error.
`list_files()` is defined in `wp-admin/includes/file.php`, which is not included by `wp-cron.php`, so it needs to be included by the caller in order to avoid a fatal PHP error.

This bug was not detected during testing because the file _is_ included when executing jobs via `wp cron event run`.

Props mikejolley, iandunn.
See #43546.
See https://wordpress.slack.com/archives/C9695RJBW/p1525190405000860.

Built from https://develop.svn.wordpress.org/trunk@43059


git-svn-id: http://core.svn.wordpress.org/trunk@42888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 17:43:22 +00:00
Andrew Ozz e0d2de94e7 Privacy: docs fixes and improvements for `wp_comments_personal_data_exporter()`.
Props desrosj.
See #43440.
Built from https://develop.svn.wordpress.org/trunk@43058


git-svn-id: http://core.svn.wordpress.org/trunk@42887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 17:18:21 +00:00
Andrew Ozz 2aa8414d09 Privacy: make the emails in export and erasure list-tables clickable.
Props birgire.
See #43911.
Built from https://develop.svn.wordpress.org/trunk@43057


git-svn-id: http://core.svn.wordpress.org/trunk@42886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 17:12:22 +00:00
Andrew Ozz 3266b10d04 Privacy: add "Mine" filter for media similarly to posts and comments.
Props audrasjb.
See #43820.
Built from https://develop.svn.wordpress.org/trunk@43056


git-svn-id: http://core.svn.wordpress.org/trunk@42885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 15:43:22 +00:00
Andrew Ozz f4e6b7a29c Privacy: add user information to the personal data export file.
Props TZ-Media, desrosj.
See #43547.

Built from https://develop.svn.wordpress.org/trunk@43055


git-svn-id: http://core.svn.wordpress.org/trunk@42884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 13:59:21 +00:00
Andrew Ozz c77a8ed2fc Privacy: add attachments to the personal data export file.
Props allendav.
See #43883.
Built from https://develop.svn.wordpress.org/trunk@43054


git-svn-id: http://core.svn.wordpress.org/trunk@42883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 13:45:21 +00:00
Andrew Ozz 5133e5131b Privacy: fix and improve the help text about adding a privacy policy page.
Props idea15, xkon.
See #43435.
Built from https://develop.svn.wordpress.org/trunk@43053


git-svn-id: http://core.svn.wordpress.org/trunk@42882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 11:43:22 +00:00
Andrew Ozz 237df3367b Privacy: only fold the sections in the privacy policy poxtbox when more than one.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43052


git-svn-id: http://core.svn.wordpress.org/trunk@42881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 09:48:21 +00:00
iandunn b4290211f4 Bundled Themes: Add link to privacy policy page in footer.
If a privacy policy has been set, then a link to it will automatically be shown in the footer.

The element containing the "Proudly powered by WordPress" link was chosen for the new policy link, in order to minimize visual conflicts with custom CSS that was written before the new link existed. Unfortunately, some minor conflicts are expected and unavoidable. Adding this link is required as part of GDPR compliance, and the benefits outweigh the downsides. 

To further mitigate the conflicts, a new `imprint` class was added to the "Proudly powered..." link, in order to facilitate targeting each link invididually with custom styles.

Props xkon, laurelfulford, birgire, azaozz, iandunn.
See #43715.

Built from https://develop.svn.wordpress.org/trunk@43051


git-svn-id: http://core.svn.wordpress.org/trunk@42880 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 06:28:21 +00:00
Peter Wilson 2e43234f3f Cron API: Return meaningful values from cron functions.
Return values added to Cron API functions to indicate outcome:

* `wp_schedule_single_event()`, `wp_schedule_event()`, `wp_reschedule_event()` and `wp_unschedule_event()`: boolean indicating success or failure,
* `wp_clear_scheduled_hook()`: integer indicating number of jobs cleared (zero or more), `false` if one or more jobs fail to clear,
* `wp_unschedule_hook()`: integer indicating number of jobs cleared (zero or more), `false` if the jobs fail to clear,
* `spawn_cron()`: boolean indicating whether job spawned,
* `wp_cron()`: integer indicating number of jobs spawned (zero or more), `false` if one or more jobs fail to spawned,
* `_set_cron_array()`: boolean outcome of `update_option()`.

Props evansolomon, jrf, peterwilsoncc, pento for code review.
Fixes #21072.


Built from https://develop.svn.wordpress.org/trunk@43050


git-svn-id: http://core.svn.wordpress.org/trunk@42879 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 02:05:23 +00:00
Boone Gorges 0dc6bd7c04 Taxonomy: Ensure that invalid term objects are discarded in `WP_Term_Query`.
The `get_term()` mapping may result in term objects that are `null` or
`WP_Error` when plugins use `get_term` or a related filter. Since `null`
and error objects are not valid results for a term query, we discard
them.

Props GM_Alex.
See #42691.
Built from https://develop.svn.wordpress.org/trunk@43049


git-svn-id: http://core.svn.wordpress.org/trunk@42878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 21:08:22 +00:00
Andrew Ozz d1ab641d16 Privacy: edits and improvements for the default text for a privacy policy.
Props idea15, allendav.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43048


git-svn-id: http://core.svn.wordpress.org/trunk@42877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 21:06:21 +00:00
iandunn 9abc0fe73e Privacy: Add `wp_privacy_personal_data_export_file_created` filter.
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.

See #43546.

Built from https://develop.svn.wordpress.org/trunk@43047


git-svn-id: http://core.svn.wordpress.org/trunk@42876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 21:04:22 +00:00
iandunn 23bf0c7535 Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43046


git-svn-id: http://core.svn.wordpress.org/trunk@42875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 20:09:23 +00:00
iandunn 5b4aa26436 Privacy: Use a CSPRNG in export filenames for more security.
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.

See #43546.

Built from https://develop.svn.wordpress.org/trunk@43045


git-svn-id: http://core.svn.wordpress.org/trunk@42874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 18:53:25 +00:00
Andrew Ozz c21c4e25b3 Privacy: add default text for a privacy policy. First run.
Props xkon, idea15, allendav, azaozz.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43044


git-svn-id: http://core.svn.wordpress.org/trunk@42873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 14:47:21 +00:00
John Blackbourn d488e773b0 Docs: Update the inline docs for `is_protected_meta()`.
See #42505

Built from https://develop.svn.wordpress.org/trunk@43043


git-svn-id: http://core.svn.wordpress.org/trunk@42872 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 14:39:21 +00:00
John Blackbourn cf02373b39 Comments: Update the inline docs following [42772].
See #43436

Built from https://develop.svn.wordpress.org/trunk@43042


git-svn-id: http://core.svn.wordpress.org/trunk@42871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 13:10:20 +00:00
Andrea Fercia eac393b6f1 Coding standards: Change a few occurrences of font weight 700 to 600 in multisite signup and activate.
Props chetan200891.
Amends [43018].
See #43897.

Built from https://develop.svn.wordpress.org/trunk@43041


git-svn-id: http://core.svn.wordpress.org/trunk@42870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 07:05:21 +00:00
Sergey Biryukov 4b6794ba57 Themes: Avoid a PHP 7.2 warning in `get_theme_roots()` when `$wp_theme_directories` is an uncountable value.
See [41174] for `wp_get_themes()` and `get_raw_theme_root()`.

Props burlingtonbytes, teddytime, lbenicio, desrosj.
Fixes #43374. See #40109.
Built from https://develop.svn.wordpress.org/trunk@43039


git-svn-id: http://core.svn.wordpress.org/trunk@42868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 04:51:22 +00:00
Sergey Biryukov 94cbb2a3f6 General: Introduce a polyfill for `is_iterable()` function added in PHP 7.1.
Props jrf, schlessera, desrosj.
See #43619.
Built from https://develop.svn.wordpress.org/trunk@43036


git-svn-id: http://core.svn.wordpress.org/trunk@42865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 04:15:21 +00:00
Sergey Biryukov 5813ccec07 General: Introduce a polyfill for `is_countable()` function added in PHP 7.3.
Props jrf, ayeshrajans, desrosj.
See #43583.
Built from https://develop.svn.wordpress.org/trunk@43034


git-svn-id: http://core.svn.wordpress.org/trunk@42863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 03:43:21 +00:00
Sergey Biryukov 70a214c186 Help/About: Move "Get involved" link on Credits screen to the top of the page for better visibility.
Props bridgetwillard, desrosj.
See #23348.
Built from https://develop.svn.wordpress.org/trunk@43032


git-svn-id: http://core.svn.wordpress.org/trunk@42861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 03:16:22 +00:00
Sergey Biryukov bc5a539c4d Login and Registration: Send `nocache_headers()` on Multisite signup pages.
Props herregroen.
Fixes #43843.
Built from https://develop.svn.wordpress.org/trunk@43030


git-svn-id: http://core.svn.wordpress.org/trunk@42859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 23:05:21 +00:00
Sergey Biryukov 95071b2ea1 Docs: Update `@since` version for `theme_templates` filter added in [43025].
See #43872.
Built from https://develop.svn.wordpress.org/trunk@43027


git-svn-id: http://core.svn.wordpress.org/trunk@42856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 22:42:22 +00:00
Sergey Biryukov 0c071471d6 Themes: Introduce `theme_templates` filter for page templates of all post types.
This complements the `theme_{$post_type}_templates` dynamic filter added in [38951].

Props desrosj.
Fixes #43872.
Built from https://develop.svn.wordpress.org/trunk@43025


git-svn-id: http://core.svn.wordpress.org/trunk@42854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 22:18:22 +00:00
Sergey Biryukov 00ae0a1097 Docs: Remove backtick-escaping around a core function in the hook docs for the `pre_prepare_themes_for_js` filter.
This allows the function to be auto-linked in the Developer Reference. Added in [42877].

See #42505.
Built from https://develop.svn.wordpress.org/trunk@43024


git-svn-id: http://core.svn.wordpress.org/trunk@42853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 21:47:22 +00:00
Sergey Biryukov f8177e3a73 Docs: Remove backtick-escaping around a core function in the hook docs for the `comment_form_submit_button` filter.
This allows the function to be auto-linked in the Developer Reference. See [32037] for `comment_form_submit_field`.

See #42505, #31888.
Built from https://develop.svn.wordpress.org/trunk@43023


git-svn-id: http://core.svn.wordpress.org/trunk@42852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 21:44:22 +00:00
Sergey Biryukov 9a8f48c9bc Docs: Add missing verb in `is_admin()`, `is_blog_admin()`, `is_network_admin()`, `is_user_admin()` descriptions.
See #42505.
Built from https://develop.svn.wordpress.org/trunk@43022


git-svn-id: http://core.svn.wordpress.org/trunk@42851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 21:14:22 +00:00
Andrea Fercia e663af477a Coding standards: Change one occurrence of font weight 700 to 600.
Props chetan200891.
Amends [43018].
See #43897.

Built from https://develop.svn.wordpress.org/trunk@43021


git-svn-id: http://core.svn.wordpress.org/trunk@42850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 18:04:21 +00:00
Andrea Fercia 2e8149064e Accessibility: Improve the Themes Installer navigation buttons accessibility.
- really disables buttons when they look disabled (when navigation is at the first or last theme)
- when navigation is at the first or last theme, moves focus to the other navigation button, to avoid a focus loss
- improves the buttons visually hidden accessibility text

Props walbo, afercia.
Fixes #36627.

Built from https://develop.svn.wordpress.org/trunk@43020


git-svn-id: http://core.svn.wordpress.org/trunk@42849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 17:04:22 +00:00
Andrea Fercia 8d9f1ae0d5 Accessibility: Better color contrast for the tables pagination links.
By making the pagination links use the default style for buttons, color contrast
is improved and the CSS is simplified. Improves consistency with other UI controls.
Also, slightly increases the white space below the pagination links.

Props benoitchantre, afercia.
Fixes #41858.

Built from https://develop.svn.wordpress.org/trunk@43019


git-svn-id: http://core.svn.wordpress.org/trunk@42848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 16:25:21 +00:00
Andrea Fercia 26e91765eb Coding standards: Use numeric font weights instead of keywords.
Fixes #43897.

Built from https://develop.svn.wordpress.org/trunk@43018


git-svn-id: http://core.svn.wordpress.org/trunk@42847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-29 11:37:21 +00:00
John Blackbourn e2719c4e90 Docs: Correct the possible return types for the `wpdb::query()` method.
Props isabel104

See #42505

Built from https://develop.svn.wordpress.org/trunk@43017


git-svn-id: http://core.svn.wordpress.org/trunk@42846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 14:44:23 +00:00
John Blackbourn 4ccca7a835 Formatting: Begin the process of improving the docs for KSES related functions.
See #33801

Built from https://develop.svn.wordpress.org/trunk@43016


git-svn-id: http://core.svn.wordpress.org/trunk@42845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 13:58:21 +00:00
Andrew Ozz 3677e99e4b Privacy: fix unit tests after [43012].
Props iandunn.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43015


git-svn-id: http://core.svn.wordpress.org/trunk@42844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 12:11:21 +00:00
Andrew Ozz bfc9c2f469 Fix docs and white space.
Props desrosj.
See #43443.
Built from https://develop.svn.wordpress.org/trunk@43014


git-svn-id: http://core.svn.wordpress.org/trunk@42843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 12:04:21 +00:00
John Blackbourn 666887f974 Build/Test Tools: Don't trigger the global variable override PHPCS sniff for core.
Props jrf

Fixes #43776

Built from https://develop.svn.wordpress.org/trunk@43013


git-svn-id: http://core.svn.wordpress.org/trunk@42842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 00:45:20 +00:00
Andrew Ozz b044b4053e Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run.
Props allendav.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43012


git-svn-id: http://core.svn.wordpress.org/trunk@42841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 19:54:21 +00:00
Andrew Ozz e9eb7518c0 Privacy: update and enhance the method to confirm user requests by email. Introduce WP_User_Request to hold all request vars similarly to WP_Post.
Props mikejolley.
See #43443.

Built from https://develop.svn.wordpress.org/trunk@43011


git-svn-id: http://core.svn.wordpress.org/trunk@42840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 17:31:22 +00:00
Felix Arntz af6704edad Multisite: Add meta query functionality to `WP_Site_Query`.
After the introduction of site metadata in [42836], it should be possible to query sites by that data.

Fixes #40229.

Built from https://develop.svn.wordpress.org/trunk@43010


git-svn-id: http://core.svn.wordpress.org/trunk@42839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 11:41:22 +00:00
Felix Arntz a11d2f6a76 Bootstrap: Load `class-wp-meta-query.php` earlier in `wp-settings.php`.
This change is necessary to enable multisite-specific meta query functionality during the multisite bootstrap process.

Fixes #40948. See #40229.

Built from https://develop.svn.wordpress.org/trunk@43009


git-svn-id: http://core.svn.wordpress.org/trunk@42838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 11:37:21 +00:00
Andrew Ozz f1703c0e70 Privacy: update the method to confirm user requests by email. Use a single CPT to store the requests and to allow logging/audit trail.
Props mikejolley.
See #43443.

Built from https://develop.svn.wordpress.org/trunk@43008


git-svn-id: http://core.svn.wordpress.org/trunk@42837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 10:12:22 +00:00