r42986 introduced the beginnings of an Ajax handler for processing requests to erase personal data. At the time, a method for marking requests as completed was planned, but had not yet been created. This commit introduces that mechanism, bringing the erasure process closer to completion.
Props coreymckrill, allendav.
Merges [43185] to the 4.9 branch.
Fixes#43922.
Built from https://develop.svn.wordpress.org/branches/4.9@43188
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r43008 refactored the request flow to make several improvements, but accidentally marked `completed` requests as `confirmed`. This commit restores the intended statuses, so that the data and corresponding UI reflect reality.
Props allendav, birgire.
Merges [43183] to the 4.9 branch.
Fixes#43913.
Built from https://develop.svn.wordpress.org/branches/4.9@43187
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.
That can be avoided by reusing the same filename when building fresh archives.
Props desrosj, tz-media, allendav.
Merges [43180] to the 4.9 branch.
Fixes#43905.
Built from https://develop.svn.wordpress.org/branches/4.9@43186
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the user was shown a message that the page was created, but might not understand that they still need to visit the page and publish it. Redirecting them to the page makes it more obvious that additional steps are involved.
Props Clorith, xkon, azaozz.
Merges [43160] to the 4.9 branch.
Fixes#43926.
Built from https://develop.svn.wordpress.org/branches/4.9@43161
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new features are very important for some users, because of their GDPR obligations. They're also spread across multiple top-level menus, making them less discoverable. An admin pointer will help to ensure that users are aware of the new tools and how to find them.
Props desrosj, andreamiddleton, allendav, xkon.
Merges [43158] to the 4.9 branch.
Fixes#43942.
Built from https://develop.svn.wordpress.org/branches/4.9@43159
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.
Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.
Props desrosj, allendav, ocean90.
Merges [43154] to the 4.9 branch.
Fixes#43931.
Built from https://develop.svn.wordpress.org/branches/4.9@43157
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In many common Multisite use cases, the network administrator will want to set a network-wide privacy policy -- via the privacy_policy_url filter -- for consistency and convenience. When that's done, the Privacy Settings screen on individual sites becomes unnecessary, and may confuse administrators of those sites when they see that their changes don't have any effect on the policy link in the footer.
Since we can't programatically determine which behavior the network admins would like, the safest default setting is to restrict the ability to super admins, and let them delegate it to individual site owners via a plugin, if they'd like to.
Merhes [43147] to the 4.9 branch.
Fixes#43935.
Built from https://develop.svn.wordpress.org/branches/4.9@43153
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The page was originally placed under Tools so that it would be grouped with the pages to export and erase personal data, since they're all part of the effort to bring privacy management tools to Core ahead of GDPR's deadline. After more consideration, though, it makes sense to move this page to the Settings menu, since it's fundamental purpose is to configure an option, rather than to facilitate a recurring task. This keeps all of the configuration pages in a single place, making them consistent and easier to find.
Exporting and erasing personal data are recurring tasks, so they still make sense under the Tools menu.
Props xkon, helen, melchoyce, allendav, desrosj, ocean90, azaozz.
Merges [43145] to the 4.9 branch.
Fixes#43873.
Built from https://develop.svn.wordpress.org/branches/4.9@43152
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Insert both the text and tutorial in new policy pages and highlight is brightly in the editor.
Show only the suggested text in the policy postbox.
Props melchoyce, idea15, allendav, xkon, macbookandrew, azaozz.
Merges [43044], [43048], [43052], [43126], [43146], and [43148] to the 4.9 branch.
Fixes#43473.
Built from https://develop.svn.wordpress.org/branches/4.9@43149
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In these contexts, "privacy policy" is not a proper noun, and therefore should not be capitalized.
The remaining uses are page titles and section headers, where capitalization is appropriate.
Props idea15, garrett-eclipse, allendav.
Merges [43132] to the 4.9 branch.
Fixes#43435.
Built from https://develop.svn.wordpress.org/branches/4.9@43134
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The previous sentence was gramatically awkward, and using the term "compliance" could accidentally be mistaken by a site owner for a promise by WordPress that their site will be compliant after using the tool, which is not necessarily true.
Props idea15, allendav, azaozz, iandunn.
Merges [43131] to the 4.9 branch.
See #43435.
Built from https://develop.svn.wordpress.org/branches/4.9@43133
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Personal data collection is more likely for registered users than casual visitors, and the privacy policy might have been updated since a user last logged in. Those changes could impact the collection of personal data from registered users, so it makes sense to provide a link to the policy before users log in.
Props voneff, xkon, melchoyce, chetan200891, desrosj.
Merges [43120] to the 4.9 branch.
Fixes#43721.
Built from https://develop.svn.wordpress.org/branches/4.9@43124
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.
Props allendav, jeremyfelt, iandunn.
Merges [43085] to the 4.9 branch.
Fixes#43919.
Built from https://develop.svn.wordpress.org/branches/4.9@43111
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.
Props iandunn.
Merges [43047] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43096
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.
`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.
This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.
`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.
Props iandunn, desrosj.
Merges [43046] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43095
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.
Props iandunn.
Merges [43045] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43094
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Trigger a keyup event when clearing the search field in response to closing the add item panel. The keyup event triggers a search and resets the results. Previously, the search field was cleared while the potentially blank search results were left in place making it impossible to select new menu items.
Merge of [42744] to the 4.9 branch.
Props Blair jersyer, aranwer104, afercia.
See #43333.
Built from https://develop.svn.wordpress.org/branches/4.9@42846
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While intended as a playful error message, `Cheatin’ uh?` can be interpreted as insulting or accusatory in an already stressful situation. This replaces Cheatin’ with more meaningful error messages, depending on the error that occurs.
Props ElectricFeet, EricMeyer, karmatosed, dd32, BandonRandon, melchoyce, kristastevens for language; dmsnell for original patch; peterwilsoncc.
Merged [42648] and [42719] to the 4.9 branch.
Fixes#38332.
Built from https://develop.svn.wordpress.org/branches/4.9@42811
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While caching here seemed like a good idea in theory, in practice the cache would be often stale causing development issues.
We exclude common folders (such as `node_modules`) from the scanning to avoid directories which are not useful to the end-user, so as long as those exclusion lists are held up this shouldn't cause too much of a degredation in the future.
We may consider adding caching here again in the future if it's determined that it is really needed.
Props precies, ibenic, mariovalney, schlessera, and all the others who commented on the ticket(s).
This partually reverts [41806].
Merges [42242] to the 4.9 branch.
See #6531.
Fixes#42573 for 4.9.
Built from https://develop.svn.wordpress.org/branches/4.9@42243
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- When switching to the Text view, wait until after the Visual editor element has been hidden, before focussing the `<textarea>`.
- When switching to the Visual view, only scroll if the cursor is not visible on the current screen.
Merge of 52175 to the 4.9 branch.
Fixes#42530.
Built from https://develop.svn.wordpress.org/branches/4.9@42176
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Simplify regular expression for checking URL validity to just do basic checks to confirm the value looks like a URL. Leave the complete validation to the server-side logic in `WP_Customize_Nav_Menu_Item_Setting::sanitize()` to avoid having to maintain two separate codebases for validating URLs.
Props westonruter, SergeyBiryukov for testing.
Amends [41697].
See #32816.
Fixes#42506 for 4.9.
Built from https://develop.svn.wordpress.org/branches/4.9@42154
git-svn-id: http://core.svn.wordpress.org/branches/4.9@41985 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When just doing `wp_publish_post()` for the changeset from `customize.php`, any option-based settings will fail to get saved because `WP_Customize_Manager` would have already been loaded with `settings_previewed`, resulting in `update_option()` calls being short-circuited. So an admin-ajax request to `customize_save` is used to work around this.
Props westonruter, jeremyfelt, dlh for testing, LittleBigThing for testing.
Amends [41626].
See #28721, #39221.
Fixes#42457 for 4.9.
Built from https://develop.svn.wordpress.org/branches/4.9@42139
git-svn-id: http://core.svn.wordpress.org/branches/4.9@41970 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Consider both `selectedChangesetStatus` and `changesetStatus` states when deciding to disable.
* Factor out common logic into `canSwitchTheme` function on `ThemesPanel`.
* Keep Live Preview and Install buttons disabled in Themes controls and detail overlays when appropriate.
Props westonruter, dlh.
Amends [41788].
See #42126, #37661, #39896.
Fixes#42406.
Built from https://develop.svn.wordpress.org/trunk@42113
git-svn-id: http://core.svn.wordpress.org/trunk@41942 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent edits to 2-level deep theme files from returning a `disallowed_theme_file` error when attempting to save an edit. Aligns logic for gathering `$allowed_files` in `theme-editor.php` for listing files with the validation logic in `wp_edit_theme_plugin_file()`.
Amends [41806].
See #6531.
Fixes#42425.
Built from https://develop.svn.wordpress.org/trunk@42112
git-svn-id: http://core.svn.wordpress.org/trunk@41941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Let min hour be 0 and max be 23 in 24-hour time; let min hour be 1 and max be 12 in 12-hour time.
* Show error notification when an invalid date value is provided, not just when not a future date.
* Fix translation of custom validity message.
* Start checking for validity after all inputs have been initially populated.
* Remove support for being able to enter 24:00.
* Cease forcing date input elements from being casted to integers, to allow for invalid inputs to be detected.
Props westonruter, Presskopp, peterwilsoncc, atachibana for testing.
See #39896, #28721.
Fixes#42373.
Built from https://develop.svn.wordpress.org/trunk@42042
git-svn-id: http://core.svn.wordpress.org/trunk@41876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Passing `options.params` when constructing `Partial` is now deprecated in favor of just passing `options`.
* Improve usage of jsdoc in JS `Partial` class.
* Also add `defaults` property to `wp.customize.selectiveRefresh.Partial` class for parity with `Control`.
See #42083.
Built from https://develop.svn.wordpress.org/trunk@42037
git-svn-id: http://core.svn.wordpress.org/trunk@41871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Deprecate PHP classes `WP_Customize_New_Menu_Section` and `WP_Customize_New_Menu_Control`.
* Deprecate JS class `wp.customize.Menus.NewMenuControl`.
* Also introduce `wp.customize.Menus.createNavMenu()` for logic to create nav menus separately from the logic for handling UI interactions.
Amends [41768].
See #40104, #42364.
Fixes#42357.
Built from https://develop.svn.wordpress.org/trunk@42034
git-svn-id: http://core.svn.wordpress.org/trunk@41868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Expand containing panel when expanding themes section.
* Consolidate UI changes related to a section's expanded state change.
* Prevent collapsing current section when expanding.
* Auto-expand first themes section when expanding panel if one is not expanded already.
See #37661, #42354.
Fixes#42360.
Built from https://develop.svn.wordpress.org/trunk@42033
git-svn-id: http://core.svn.wordpress.org/trunk@41867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Eliminate Media control template from having dependency on `params.settings.default` for element ID, to fix compat with `params.settings` array or single `params.setting`. See #36167.
* Move description out of label and add `aria-describedby` to Media control's Select button. See #30738, #33085.
* Obtain notification container whenever content is (re-)rendered (such as for Media control). See #38794.
* Re-render notifications after control content is re-rendered, if control is in expanded section. See #38794.
Amends [41390].
See #36167, #38794, #33085, #30738.
Built from https://develop.svn.wordpress.org/trunk@42031
git-svn-id: http://core.svn.wordpress.org/trunk@41865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `publish_settings` section is a fundamental dependency for Customizer, so it must be guaranteed to be registered.
Also unconditionally register core types for panels, sections, and controls in case plugin unhooks all `customize_register` actions.
See #39896.
Fixes#42337.
Built from https://develop.svn.wordpress.org/trunk@42025
git-svn-id: http://core.svn.wordpress.org/trunk@41859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes issue specifically with attempting to access an orphaned control's `elements` immediately after it has been added. Normally this would not happen because a control would not be registered without a section, and also a control should only be interacted with once its `embedded` deferred has been resolved.
Also harden logic for gathering list of deferred setting IDs.
See #37964.
Fixes#42330.
Built from https://develop.svn.wordpress.org/trunk@42024
git-svn-id: http://core.svn.wordpress.org/trunk@41858 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This now treats files containing `./` as valid, and also treats files containing a trailing `../` as valid due to widespread use of this pattern in theme and plugin zip files.
Adds tests.
Props Ipstenu, borgesbruno, DavidAnderson, philipjohn, birgire
Fixes#42016, #36170
Built from https://develop.svn.wordpress.org/trunk@42011
git-svn-id: http://core.svn.wordpress.org/trunk@41845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Allow updating oEmbed cache during `parse-embed` requests for non-post editors (such as widgets).
* Update any existing `oembed_cache` post when `usecache` and TTL has passed.
* Do not overwrite a previously valid cache with `{{unknown}}`.
Props dlh.
See #34115.
Fixes#42310.
Built from https://develop.svn.wordpress.org/trunk@42009
git-svn-id: http://core.svn.wordpress.org/trunk@41843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds checks throughout to allow for `wp_new_comment()` returning a `WP_Error` instance.
Updates the docs for the `pre_comment_approved` filter to include that it can be passed an error.
Props enrico.sorcinelli, ryotsun.
Fixes#39730.
Built from https://develop.svn.wordpress.org/trunk@41980
git-svn-id: http://core.svn.wordpress.org/trunk@41814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Reverting this for 4.9. It will be added back in a future version of WordPress. This doesn't mean that you shouldn't be trying Gutenberg, just that it isn't ready for a call out to a larger audience. But if you are the type to read commit messages, https://github.com/WordPress/gutenberg could use your pull requests and comments on issues.
Reverts [41931] [41900] [41896] [41895]
See #41316
Built from https://develop.svn.wordpress.org/trunk@41978
git-svn-id: http://core.svn.wordpress.org/trunk@41812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The customizer and the theme installer use `visibility: hidden` on the body when
they open full-overlays screens. The FTP credentials modal needs a visibility
property set back to `visible` to be visible over those overlays.
Props purnendu.
Fixes#42205.
Built from https://develop.svn.wordpress.org/trunk@41972
git-svn-id: http://core.svn.wordpress.org/trunk@41806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When media is uploaded to a post, the upload directory is set according to the date of the post, so that the media URLs in the post match when the post was published.
A page is a slightly different beast, pages often live for years, and are regularly updated to stay relevant. This change causes media uploaded to pages to use the upload date to determine the upload directory.
Fixes#10752.
Built from https://develop.svn.wordpress.org/trunk@41964
git-svn-id: http://core.svn.wordpress.org/trunk@41798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update the `CodeEditorControl`'s `codemirror` deferred to be set before calling the parent class's `initialize` method. Since the `ready` method may be called directly by `initialize` it may be too late to add a new `Deferred` to the control's `deferred` property after calling the base control class's `initialize`.
Amends [41958].
See #41897.
Built from https://develop.svn.wordpress.org/trunk@41960
git-svn-id: http://core.svn.wordpress.org/trunk@41794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
CodeMirror gets initialized once the control's containing section is expanded. The deferred will be rejected if user preference for syntax highlighting is disabled.
Also move jsdoc from `wp.customize.Control` to intended `wp.customize.Control#initialize()`.
See #41897, #12423.
Built from https://develop.svn.wordpress.org/trunk@41958
git-svn-id: http://core.svn.wordpress.org/trunk@41792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allow `CodeEditorControl` to be instantiated with a `editor_settings` param which is merged with `wp.codeEditor.defaultSettings`.
Also:
* Turn redundant "CSS Code" control label into screen reader text for Additional CSS.
* Remove `code-editor` as script dependency for `custom-html-widgets` since enqueueing is determined by `wp_enqueue_code_editor()`.
* Remove useless exporting of `code_type` param to JS in `WP_Customize_Code_Editor_Control`.
* Add `disabled` class to Custom HTML widget's Save button when linting errors are present.
* Remove redundant `span` inside CodeEditorControl's `label`.
See #41897, #12423, #41872.
Built from https://develop.svn.wordpress.org/trunk@41957
git-svn-id: http://core.svn.wordpress.org/trunk@41791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Introduce a `widget_{$id_base}_instance_schema` filter for plugins to add new properties to a media widget's instance schema.
* Pass all of a gallery widget's instance props to the gallery media frame, not just the ones that core supports.
See #32417, #41914.
Fixes#42285.
Built from https://develop.svn.wordpress.org/trunk@41951
git-svn-id: http://core.svn.wordpress.org/trunk@41785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a follow up on r41732, implementing the following improvements:
* Attachment parent info is now stored in attachment meta rather than a
separate post meta key.
* Attachments created from contextual crops (e.g. header, logos, etc.) are
filtered out of the media library using a new `_filterContext` method in
`wp.media.controller.Library`.
Props joemcgill, westonruter.
See #21819.
Built from https://develop.svn.wordpress.org/trunk@41937
git-svn-id: http://core.svn.wordpress.org/trunk@41771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Only use default control content template when a more specific template doesn't exist.
* Remove extraneous whitespace from being output in `WP_Customize_Control::render()` method.
* Move Custom Header template printing to `customize_controls_print_footer_scripts` action.
See #30738.
Built from https://develop.svn.wordpress.org/trunk@41935
git-svn-id: http://core.svn.wordpress.org/trunk@41769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sergey Biryukov
Andrew Ozz
Aaron Campbell
Gary Pendergast
Adam Silverstein
Dominik Schilling
John Blackbourn
Mike Schroder
Dion Hulse
Weston Ruter
Konstantin Obenland
Mel Choyce
iandunn
Helen Hou-Sandí
Peter Wilson
Aaron Jorbin
Andrea Fercia
Joe McGill