Commit Graph

43299 Commits

Author SHA1 Message Date
John Blackbourn 523e292d8c Users: Allow the role of users to be bulk changed to no role from the Users listing screen.
This option is already available when editing an individual user, but it was previously missing from the bulk actions.

Props bonniebeeman, sabernhardt, ovidiul, jeroenrotty

Fixes #52238

Built from https://develop.svn.wordpress.org/trunk@50228


git-svn-id: http://core.svn.wordpress.org/trunk@49889 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-05 14:40:08 +00:00
desrosj d28712518c Build/Test Tools: Fix tests after [50185].
This removes a test assertion defending against version ranges in the `node` value in `package.json` files. This is now supported.

Props peterwilsoncc.
See #52341.
Built from https://develop.svn.wordpress.org/trunk@50192


git-svn-id: http://core.svn.wordpress.org/trunk@49870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-05 03:38:05 +00:00
desrosj a752adb3e6 Build/Test Tools: Specify a version range within `engines` for `node` and `npm`.
This makes it more clear what versions of `node` and `npm` will successfully build WordPress.

Props dd32, mkaz.
Fixes #52455. See #51749.
Built from https://develop.svn.wordpress.org/trunk@50185


git-svn-id: http://core.svn.wordpress.org/trunk@49863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-05 02:46:08 +00:00
Sergey Biryukov c8759b4a14 Privacy: Remove gray left border on the inline notices in Privacy Policy Guide.
Follow-up to [50161].

Props xkon.
See #52430.
Built from https://develop.svn.wordpress.org/trunk@50182


git-svn-id: http://core.svn.wordpress.org/trunk@49861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-04 12:48:05 +00:00
Sergey Biryukov 1e7305ed4b Privacy: Update URLs to the Privacy Policy Guide in help tabs.
Follow-up to [50147], [50161].

Props xkon.
See #52430.
Built from https://develop.svn.wordpress.org/trunk@50181


git-svn-id: http://core.svn.wordpress.org/trunk@49860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-04 12:06:07 +00:00
desrosj 2ca808a94c Build/Test Tools: Update NPM dependencies
This updates two dependencies to their latest versions:
- `uglify-js` from `3.12.5` to `3.12.6`.
- `sass` from `1.32.5` to `1.32.6`.

See #51801.
Built from https://develop.svn.wordpress.org/trunk@50176


git-svn-id: http://core.svn.wordpress.org/trunk@49855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-03 14:55:25 +00:00
Sergey Biryukov 21457d76d8 Docs: Consistently document the default value for `$args` parameter in various cron functions.
See #51800.
Built from https://develop.svn.wordpress.org/trunk@50175


git-svn-id: http://core.svn.wordpress.org/trunk@49854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-03 11:08:04 +00:00
Sergey Biryukov a47580b247 Docs: Add a `@since` note to `wp_clear_scheduled_hook()` for the `$wp_error` parameter.
Follow-up to [50143].

See #49961.
Built from https://develop.svn.wordpress.org/trunk@50174


git-svn-id: http://core.svn.wordpress.org/trunk@49853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-03 10:58:07 +00:00
Sergey Biryukov 286dd01212 Post WordPress 5.7 Beta 1 version bump.
Built from https://develop.svn.wordpress.org/trunk@50172


git-svn-id: http://core.svn.wordpress.org/trunk@49851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 22:23:03 +00:00
Sergey Biryukov 896e9d7974 WordPress 5.7 Beta 1.
Built from https://develop.svn.wordpress.org/trunk@50171


git-svn-id: http://core.svn.wordpress.org/trunk@49850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 22:06:06 +00:00
antpb b566631d5e Media: Consistency in logic to pass `wp_getimagesize()` tests.
Previously, we used `DIR_TESTDATA` to determine if a test should skip a newly silenced error in `wp_getimagesize()`.

We are now using `WP_RUN_CORE_TESTS` instead for consistency.

Props hellofromTonya, SergeyBiryukov.
See #49889.

Built from https://develop.svn.wordpress.org/trunk@50170


git-svn-id: http://core.svn.wordpress.org/trunk@49849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 21:36:03 +00:00
antpb a2fb85da68 Taxonomy: Add filter for post statuses when updating term count.
This adds a filter that allows `$post_statuses` to be modified in term count.

Props GunGeekATX, adamsilverstein, davecpage, nwjames, hellofromTonya, audrasjb, peterwilsoncc, TimothyBlynJacobs.
Fixes #38843.

Built from https://develop.svn.wordpress.org/trunk@50169


git-svn-id: http://core.svn.wordpress.org/trunk@49848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 21:06:05 +00:00
Sergey Biryukov 23b015ed48 General: Remove admin exception for `https` in `network_home_url()`.
Previously, `network_home_url()` would automatically switch to `https` if the current request is already `https`, but would only do so on the front end.

This mirrors the change made earlier for `get_home_url()`.

Follow-up to [12598], [21937], [24844], [50156].
See #52421.
Built from https://develop.svn.wordpress.org/trunk@50168


git-svn-id: http://core.svn.wordpress.org/trunk@49847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:59:05 +00:00
Adam Silverstein a506e02edd Security: add Content-Security-Policy script loaders.
Add new functions `wp_get_script_tag`, `wp_print_script_tag`, `wp_print_inline_script_tag` and `wp_get_inline_script_tag` that support script attributes. Enables passing attributes such as `async` or `nonce`, creating a path forward for enabling a Content-Security-Policy in core, plugins and themes.

Props tomdxw, johnbillion, jadeddragoon, jrchamp, mallorydxw, epicfaace, alinod, enricocarraro, ocean90.
Fixes #39941.



Built from https://develop.svn.wordpress.org/trunk@50167


git-svn-id: http://core.svn.wordpress.org/trunk@49846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:55:05 +00:00
whyisjake d9cb5af64e Coding Standards: Update links to be https in package-lock.json
See [50163].

Unprops whyisjake.

Props clorith, antpb, jorbin.

Built from https://develop.svn.wordpress.org/trunk@50166


git-svn-id: http://core.svn.wordpress.org/trunk@49845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:48:04 +00:00
Sergey Biryukov 8984e4ef8c Docs: Update documentation for `wp_create_user_request()` per the documentation standards.
Add a `@since` note for the `$send_confirmation_email` parameter.

Follow-up to [50159].

See #43890.
Built from https://develop.svn.wordpress.org/trunk@50165


git-svn-id: http://core.svn.wordpress.org/trunk@49844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:42:03 +00:00
Sergey Biryukov 4773bc5699 General: Restore the `$pagenow` global in `get_home_url()`.
This fixes test failures in `Tests_WP_Resource_Hints`.

Follow-up to [50156].

See #52421.
Built from https://develop.svn.wordpress.org/trunk@50164


git-svn-id: http://core.svn.wordpress.org/trunk@49843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:37:05 +00:00
whyisjake 8e8fe6d2c0 Administration: New filter ahead of the months drop-down.
As this can cause large, long running queries on sites with many posts, this filter allows the query to be modified, bypassing entirely if needed. 

Fixes #51660.

Props geoffguillain, SergeyBiryukov, hareesh-pillai, hellofromTonya, TimothyBlynJacobs, whyisjake. 


Built from https://develop.svn.wordpress.org/trunk@50163


git-svn-id: http://core.svn.wordpress.org/trunk@49842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:34:04 +00:00
Aaron Jorbin 56c9aa3cab Administration: use shorthand css properties to improve readability
Consolidating `border`, `padding`, and `margin` instances where the shorthand can be used to improve readability.

Props ankitmaru, audrasjb, sabernhardt, mukesh27, hellofromTonya.
Fixes #52148.


Built from https://develop.svn.wordpress.org/trunk@50162


git-svn-id: http://core.svn.wordpress.org/trunk@49841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:28:08 +00:00
TimothyBlynJacobs 9bab39685a Privacy: Redesign the Privacy settings pages.
The Privacy settings pages now use the same design patterns as the Site Health screen. Additionally, each privacy policy guide is now contained in an accordion to make the page easier to navigate when multiple plugins are in use.

Props xkon, hedgefield, garrett-eclipse, hellofromTonya, paaljoachim, joedolson.
Fixes #49264.

Built from https://develop.svn.wordpress.org/trunk@50161


git-svn-id: http://core.svn.wordpress.org/trunk@49840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:14:03 +00:00
antpb f1483599a2 Coding Standards: Fix spacing in `test_pending_status_with_false_send_confirmation_email` test.
Follow-up to [50159] adjusts alignment of the `$request_data` value.

See #43890.

Built from https://develop.svn.wordpress.org/trunk@50160


git-svn-id: http://core.svn.wordpress.org/trunk@49839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:01:06 +00:00
antpb 64bb29d087 Privacy: Allow Admin to Skip e-mail confirmation for Export.
This adds a form option to skip the admin email alert when exporting personal data.

Props xkon, azaozz, TZ-Media, iandunn, desrosj, iprg, allendav, wesselvandenberg, karmatosed, birgire, davidbaumwald, estelaris, paaljoachim, hellofromTonya.
Fixes #43890.

Built from https://develop.svn.wordpress.org/trunk@50159


git-svn-id: http://core.svn.wordpress.org/trunk@49838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 19:45:03 +00:00
desrosj 2896790d57 Twenty Twenty-One: Fix wrapping for long text within comments.
This ensures that word wrapping occurs within comment content. 

Props mayankmajeji, audrasjb.
Fixes #52380.
Built from https://develop.svn.wordpress.org/trunk@50158


git-svn-id: http://core.svn.wordpress.org/trunk@49837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 19:40:04 +00:00
TimothyBlynJacobs 44b83e84ec REST API: Allow for the posts endpoint include/exclude terms query to `include_children`.
For example the `categories` or `categories_exclude` parameters can now optionally accept an object with a `terms` property that accepts the list of term ids and a new `include_children` property which controls the Tax Query `include_children` field.

Props jason_the_adams, jnylen0, birgire, dlh.
Fixes #39494.

Built from https://develop.svn.wordpress.org/trunk@50157


git-svn-id: http://core.svn.wordpress.org/trunk@49836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 19:25:05 +00:00
Sergey Biryukov 640c03842e General: Remove admin and login exceptions for `https` in `get_home_url()`.
Previously, `get_home_url()` would automatically switch to `https` if the current request is already `https`, but would only do so on the front end.

This addresses the inconsistent behavior of returning different values in the admin and on the frontend.

Follow-up to [12598], [21937], [24844].

Props herregroen, mukesh27.
Fixes #52421.
Built from https://develop.svn.wordpress.org/trunk@50156


git-svn-id: http://core.svn.wordpress.org/trunk@49835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 19:03:04 +00:00
Sergey Biryukov 9dac2542aa Block Editor: Drop Noto Serif in favor of system fonts.
This aims to improve privacy and performance of the editor.

Follow-up to [37361].

Props Joen, hellofromTonya, garrett-eclipse, aristath, noisysocks, hedgefield, pento, sabernhardt, joyously, yannkozon.
Fixes #46169.
Built from https://develop.svn.wordpress.org/trunk@50155


git-svn-id: http://core.svn.wordpress.org/trunk@49834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 18:37:04 +00:00
antpb ea3a1d782a Twenty Twenty-One: Make transparent PNG logo visible on focus.
This ensures a transparent logo remains visible while focused.

Props bduclos, poena, paaljoachim, hellofromTonya.
Fixes #52257.

Built from https://develop.svn.wordpress.org/trunk@50154


git-svn-id: http://core.svn.wordpress.org/trunk@49833 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 18:29:05 +00:00
Sergey Biryukov 87f1e31871 Login and Registration: Improve the UX of the Reset Password screen.
Previously, it was unclear that the displayed password is only being suggested and should be saved by clicking the Reset Password button.

This adds separate Generate Password and Save Password buttons, for clarity.

Props xkon, estelaris, jaymanpandya, hedgefield, audrasjb, erichmond, magicroundabout, lukecavanagh, knutsp, tinodidriksen, nico_martin, markhowellsmead, kara.mcnair, e_baker, pixelverbieger, souri_wpaustria, megabyterose, poena, whyisjake.
Fixes #39638.
Built from https://develop.svn.wordpress.org/trunk@50153


git-svn-id: http://core.svn.wordpress.org/trunk@49832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 18:13:04 +00:00
desrosj 230c1c5c8a Coding Standards: Fix several minor coding standards issues.
These are made by running `composer format`.

Follow up to [50124], [50129], [50143].

See #49961, #52192, #34281.
Built from https://develop.svn.wordpress.org/trunk@50152


git-svn-id: http://core.svn.wordpress.org/trunk@49831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 18:04:03 +00:00
Sergey Biryukov 2cb2651c00 Upgrade/Install: Introduce a filter for the result of `WP_Upgrader::install_package()`.
This allows for the capture and usage of error data from the method, to facilitate a potential plugin/theme rollback in the event of an update failure.

Props afragen, dd32.
Fixes #52381.
Built from https://develop.svn.wordpress.org/trunk@50151


git-svn-id: http://core.svn.wordpress.org/trunk@49830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 17:31:05 +00:00
TimothyBlynJacobs 8a51ab57e0 REST API: Return detailed error information from request validation.
Previously, only the first error message for each parameter was made available. Now, all error messages for a parameter are concatenated. Additionally, the detailed error for each parameter is made available in a new `details` section of the validation error. Each error is formatted following the standard REST API error formatting.

The `WP_REST_Server::error_to_response` method has been abstracted out into a standalone function `rest_convert_error_to_response` to allow for reuse by `WP_REST_Request`. The formatted errors now also contain an `additional_data` property which contains the additional error data provided by `WP_Error::get_all_error_data`.

Props dlh, xkon, TimothyBlynJacobs.
Fixes #46191.

Built from https://develop.svn.wordpress.org/trunk@50150


git-svn-id: http://core.svn.wordpress.org/trunk@49829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 17:28:02 +00:00
Sergey Biryukov 90ca61ba07 Upgrade/Install: Return a `WP_Error` from `copy_dir()` and `_copy_dir()` if the directory listing failed.
Props afragen, dd32.
Fixes #52342.
Built from https://develop.svn.wordpress.org/trunk@50149


git-svn-id: http://core.svn.wordpress.org/trunk@49828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 17:23:06 +00:00
Sergey Biryukov aab7206ff8 Media: Move `wp_getimagesize()` to `wp-includes/media.php`, for consistency with other media functions.
Follow-up to [50146].

See #49889.
Built from https://develop.svn.wordpress.org/trunk@50148


git-svn-id: http://core.svn.wordpress.org/trunk@49827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 17:10:04 +00:00
Sergey Biryukov f5857c6a9f Privacy: Add help tabs for Export Personal Data and Erase Personal Data screens.
Props xkon, burtrw, netweblogic, desrosj, hellofromTonya, garrett-eclipse.
Fixes #43994.
Built from https://develop.svn.wordpress.org/trunk@50147


git-svn-id: http://core.svn.wordpress.org/trunk@49826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 16:55:03 +00:00
antpb f80e5d0919 Media: Avoid suppressing errors when using `getimagesize()`.
Previously, all logic utilizing `getimagesize()` was supressing errors making it difficult to debug usage of the function. 

A new `wp_getimagesize()` function has been added to allow the errors to no longer be suppressed when `WP_DEBUG` is enabled.

Props Howdy_McGee, SergeyBiryukov, mukesh27, davidbaumwald, noisysocks, hellofromTonya.
Fixes #49889.

Built from https://develop.svn.wordpress.org/trunk@50146


git-svn-id: http://core.svn.wordpress.org/trunk@49825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 16:53:04 +00:00
Sergey Biryukov ce816eeda1 Privacy: Introduce `manage_{$this->screen->id}_custom_column` action in `WP_Privacy_Requests_Table::column_default()`.
This brings some consistency with other list tables and allows for adding custom column data to columns registered with `manage_export-personal-data_columns` or `manage_erase-personal-data_columns` filters.

Props xkon, garrett-eclipse, birgire, pbiron, hellofromTonya, TimothyBlynJacobs, 7studio, mukesh27, Mista-Flo.
Fixes #44354.
Built from https://develop.svn.wordpress.org/trunk@50145


git-svn-id: http://core.svn.wordpress.org/trunk@49824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 16:44:04 +00:00
Joe McGill 373ee89c83 Media: Make filename checks less strict in 'wp_image_src_get_dimensions'.
This modifies the check for full size files so that only the basename is compared with the image `src` to avoid misses whenever the `src` path has been modified.

Props ianmjones.
Fixes: #52417.

Built from https://develop.svn.wordpress.org/trunk@50144


git-svn-id: http://core.svn.wordpress.org/trunk@49823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 15:28:04 +00:00
John Blackbourn 06c4b334fa Cron API: Introduce a `$wp_error` parameter to functions that write to the cron array.
This allows the functions to return a `WP_Error` object containing more information in case of a problem, instead of just boolean false.

The various `pre_` filters in these functions are also updated so they can return or be passed a `WP_Error` object.

Fixes #49961

Built from https://develop.svn.wordpress.org/trunk@50143


git-svn-id: http://core.svn.wordpress.org/trunk@49822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 13:49:03 +00:00
Sergey Biryukov c504140c32 Block Editor: Remove the `.is-dark-theme` body class from the admin header.
With the changes to dark theme support in https://github.com/WordPress/gutenberg/pull/28233 to check the real background color of the theme, this no longer serves any purpose.

Follow-up to [44133].

Props scruffian, sabernhardt.
Fixes #52385.
Built from https://develop.svn.wordpress.org/trunk@50142


git-svn-id: http://core.svn.wordpress.org/trunk@49821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 13:05:02 +00:00
Sergey Biryukov c5482c9b82 Docs: Update documentation for `retrieve_password()` per the documentation standards.
Follow-up to [50129], [50140].

See #34281.
Built from https://develop.svn.wordpress.org/trunk@50141


git-svn-id: http://core.svn.wordpress.org/trunk@49820 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 12:43:04 +00:00
Sergey Biryukov 22188b3e85 Users: Move `retrieve_password()` to `wp-includes/user.php`, for consistency with other user functions.
Follow-up to [25231], [50129].

Props jfarthing84, dimadin.
See #34281, #31039.
Built from https://develop.svn.wordpress.org/trunk@50140


git-svn-id: http://core.svn.wordpress.org/trunk@49819 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 12:37:03 +00:00
Sergey Biryukov e0bda3a704 Users: Use consistent strings for error messages in `wp-admin/users.php`.
Use `_n()` for a string with plural forms.

Follow-up to [50129].

See #34281.
Built from https://develop.svn.wordpress.org/trunk@50139


git-svn-id: http://core.svn.wordpress.org/trunk@49818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 12:17:04 +00:00
Sergey Biryukov 9a64276184 Docs: Add a `@since` note to `map_meta_cap()` for the `update_https` capability.
Follow-up to [50122], [50131].

See #51800.
Built from https://develop.svn.wordpress.org/trunk@50138


git-svn-id: http://core.svn.wordpress.org/trunk@49817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 12:13:07 +00:00
noisysocks 351400af80 Editor: Update @wordpress npm packages
Update @wordpress npm packages to the latest published versions. This means that
the block editor includes functionality that exists in Gutenberg 9.9.

Fixes #52334.

Built from https://develop.svn.wordpress.org/trunk@50137


git-svn-id: http://core.svn.wordpress.org/trunk@49816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 05:17:13 +00:00
Joe McGill 2642a446b3 Media: Sanity check image meta in 'wp_image_src_get_dimensions'.
This fixes a potential illegal offset error introduced in [50134] if the `$image_meta` doesn't include a `file` key.
    
Props dd32.
Fixes #51865.

Built from https://develop.svn.wordpress.org/trunk@50136


git-svn-id: http://core.svn.wordpress.org/trunk@49815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 04:27:06 +00:00
Peter Wilson 7a8a7fdcd4 Cron API: Run alternative wp-cron later, do not run on archived blogs.
Runs cron jobs later on sites using alternative cron, ie the `ALTERNATE_WP_CRON` constant is true, to more closely match when standard cron jobs are run. Jobs now run on the `wp_loaded` hook at priority `20`. Prior to this change they would run on the `init` hook. This ensures custom post types and taxonomies are registered prior to the jobs running.

This change also prevents alternative wp-cron from running on archived or suspended multisite blogs as these are shut down prior to the `wp_loaded` hook from running.

Moves the existing functionality of `wp_cron()` in to a new private function `_wp_cron()`.

Props flixos90, jeremyfelt, johnbillion, jrf, kurtpayne, nacin, peterwilsoncc, prettyboymp, r-a-y, ryan, stevenkword, swissspidy.
Fixes #20537, #24160.


Built from https://develop.svn.wordpress.org/trunk@50135


git-svn-id: http://core.svn.wordpress.org/trunk@49814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 03:10:08 +00:00
Joe McGill 5ca780edb1 Media: Add filter to wp_image_src_get_dimensions.
This adds a new filter, `wp_image_src_get_dimensions` to the `wp_image_src_get_dimensions()` function to correct the dimensions returned for a file whenever WordPress isn't able to correctly get the dimensions from attachment metadata.

Fixes #51865.

Built from https://develop.svn.wordpress.org/trunk@50134


git-svn-id: http://core.svn.wordpress.org/trunk@49813 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 02:59:05 +00:00
iandunn 683e767517 Community Events: Show organizer CTA when less than 3 events.
When no events are available in the Events Widget, people have always been shown a message encouraging them to help organize one (see `tmpl-community-events-no-upcoming-events`). Now that it's common for online WordCamps and Learn discussion groups to be pinned to the Events API, it's rare that there are no events in the widget, even if there are no _local_ events. Because of that, users are rarely encouraged to join their local community and help organize.

This commit adds an additional call-to-action message, which is shown when there are only 1 or 2 events available.

Props anyssa, sippis, AmethystAnswers.
Fixes #51664.

Built from https://develop.svn.wordpress.org/trunk@50133


git-svn-id: http://core.svn.wordpress.org/trunk@49812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:43:06 +00:00
Peter Wilson faa29f5716 Canonical: Prevent ID enumeration of private post slugs.
Add check to `redirect_canonical()` to ensure private posts only redirect for logged in users.

Modifies the `read_post` mata capability to user `get_post_status()` rather than the post's `post_status` property to allow attachments to redirect based on the inherited post status.

Introduces `wp_force_ugly_post_permalink()` to unify the check to determine if an ugly link should be displayed in each of the functions used for determining permalinks: `get_permalink()`, `get_post_permalink()`, `_get_page_link()` and `get_attachment_link()`.

Improves logic of `get_attachment_link()` to validate parent post and resolution of inherited post status. This is an incomplete fix of #52373 to prevent the function returning links resulting in a file not found error. Required to unblock this ticket.

Props peterwilsoncc, TimothyBlynJacobs.
See #52373.
Fixes #5272.

Built from https://develop.svn.wordpress.org/trunk@50132


git-svn-id: http://core.svn.wordpress.org/trunk@49811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:40:01 +00:00
Felix Arntz dbfbf5501a Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.

This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.

* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
    * A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
    * The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
    * The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
    * For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
    * A new `wp_update_urls_to_https()` function takes care of the update routine.
    * A new `update_https` meta capability is introduced to control access.
    * If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
    * A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
    * A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.

Props flixos90, timothyblynjacobs.
Fixes #51437.

Built from https://develop.svn.wordpress.org/trunk@50131


git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:10:01 +00:00