The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.
Props adamsilverstein, birgire, flixos90.
Merges [43584-43586], [43647] to the 5.0 branch.
Fixes#40510.
Built from https://develop.svn.wordpress.org/branches/5.0@43716
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An authorized request with the `read_private_posts` capability for a post type should be able to `GET /wp/v2/posts` for posts of `status=private`. This query is further sanity-checked by `WP_REST_Posts_Controller->check_read_permission()`, which is unchanged.
Props rachelbaker, soulseekah, twoelevenjay.
Fixes#43701.
Built from https://develop.svn.wordpress.org/branches/5.0@43694
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Minification is done by uglify, so disable that in the media build.
* The webpack boilerplate has changed, which explains the changes in the build files.
* `ModuleConcatenationPlugin` is enable by default for production builds so we don't have to specify that ourselves.
See #45065.
Built from https://develop.svn.wordpress.org/branches/5.0@43688
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Shrinkwraping is done to keep dependencies the same. Historically, WordPress Core has done it after a release. As the 5.0 branch was created from the 4.9.8 tag which was created from the 4.9 branch, it included it. The 5.0 branch will have some dependency updates so this shrinkwrap is not needed here.
See #45064.
Built from https://develop.svn.wordpress.org/branches/5.0@43683
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because user capabilities can be modified at runtime, the REST API needs to expose them in some evaluated but declarative manner for clients to interpret. JSON Hyper Schema `targetSchema` provides an appropriate paradigm for doing so.
Props timothyblynjacobs.
Fixes#45014.
Built from https://develop.svn.wordpress.org/branches/5.0@43682
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For Gutenberg and other admin-type interfaces, it's
useful to be able to see the visibility settings for
taxonomies.
The original changeset was partially included in [43445].
Merges [42729], [42730], [42973] to the 5.0 branch.
Props joehoyle, TimothyBlynJacobs, pento.
Fixes#42707
Built from https://develop.svn.wordpress.org/branches/5.0@43680
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43509 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When Gutenberg is either not installed, or not activated, only show the callout to users with the `install_plugins` capability.
When Gutenberg is activated, expand that to include all users with the `edit_posts` capability.
4.9 branch commit.
Props pento.
Fixes#44680.
Built from https://develop.svn.wordpress.org/branches/4.9@43544
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43373 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Introduce `try_gutenberg_learn_more_link` filter that allows hosts or site owners to change the link, to provide extra information about Gutenberg, specific to their service.
* Only display the "Install" buttons if we're able to directly write to disk to install the plugins.
* Make sure the "Dismiss" link works correctly.
Props pento, andrew.taylor, leemon.
Fixes#41316.
Built from https://develop.svn.wordpress.org/branches/4.9@43537
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduce an object_subtype argument to the args array for register_meta() which can be used to limit meta registration to a single subtype (e.g. a custom post type or taxonomy, vs all posts or taxonomies).
Introduce register_post_meta() and register_term_meta() wrapper methods for register_meta to provide a convenient interface for the common case of registering meta for a specific taxonomy or post type. These methods work the way plugin developers have often expected register_meta to function, and should be used in place of direct register_meta where possible.
Props flixos90, tharsheblows, spacedmonkey.
Merges [43378] to the 4.9 branch.
Fixes#38323.
Built from https://develop.svn.wordpress.org/branches/4.9@43510
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To encourage folks to prepare for Gutenberg, this new Dashboard box allows site users to easily install and try the Gutenberg plugin now, or to install the Classic Editor plugin before WordPress 5.0 is released.
Props pento, melchoyce, joen, karmatosed, joemcgill, SergeyBiryukov, jorbin, bph, Clorith, afercia, chanthaboune, chrislema, kjellr, matveb, michelleweber.
Fixes#41316.
Built from https://develop.svn.wordpress.org/branches/4.9@43502
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `get_term()` mapping may result in term objects that are `null` or
`WP_Error` when plugins use `get_term` or a related filter. Since `null`
and error objects are not valid results for a term query, we discard
them.
Props GM_Alex.
Merges [43049] and [43491] to the 4.9 branch.
Fixes#42691.
Built from https://develop.svn.wordpress.org/branches/4.9@43492
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some versions of PHP appear to have a memory leak that is occasionally triggered by calling `stream_get_wrappers()`. In order to avoid calling this, we can return early from `wp_is_stream()` when `$path` doesn't contain `://`.
Props pbiron, JPry, dontstealmyfish.
Merges [43466] to the 4.9 branch.
Fixes#44532.
Built from https://develop.svn.wordpress.org/branches/4.9@43484
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `htmledit_pre` and `richedit_pre` filters have been deprecated since 4.3.0, since before `apply_filters_deprecated()` existed. They're now correctly run using `apply_filters_deprecated()`.
Props sebastienthivinfocom, lbenicio, ianbelanger.
Merges [43464] to the 4.9 branch.
Fixes#44341.
Built from https://develop.svn.wordpress.org/branches/4.9@43482
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The functions `send_confirmation_on_profile_email()`, `_wp_privacy_send_request_confirmation_notification()`, `_wp_privacy_send_erasure_fulfillment_notification()`, and `wp_send_user_request()` all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded.
Props subrataemfluence, desrosj.
Merges [43388], [43390], and [43435] to the 4.9 branch.
Fixes#44396.
Built from https://develop.svn.wordpress.org/branches/4.9@43459
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
"Be more discrete." declared matt in [3155], and since then, "Silence is Golden" has been the calling card of placeholder index files. Historically, these have been php files, but [43012] changed that and added index.html files for privacy export generated folders.
The php silence files produce no visible content. This adds consistency with these new html files in that there will be no visible content. Silence will fall when the question is asked.
Merges [43446] to the 4.9 branch.
Fixes#44195.
Props audrasjb, rafsuntaskin, Ov3rfly, johnbillion, pento
Built from https://develop.svn.wordpress.org/branches/4.9@43448
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.
This change causes `_fields` to be applied earlier, so that only requested fields are processed.
Merges [43087] to the 4.9 branch.
Props danielbachhuber.
See #43874.
Built from https://develop.svn.wordpress.org/branches/4.9@43445
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.
Merge of [43439] and [43441] to the 4.9 branch.
Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs, pento.
Fixes#44321.
Built from https://develop.svn.wordpress.org/branches/4.9@43442
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.
Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.
This change also includes flags on post objects for the following actions:
- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.
Merges [43437] to the 4.9 branch.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44287.
Built from https://develop.svn.wordpress.org/branches/4.9@43438
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordCamps are celebrations of the local WordPress Community and once a local one is scheduled, people in that community should know it is coming. This adjusts the WordPress Events in the dashboard widgets to always display a WordCamp, even if there are multiple Meetups happening first.
Props iandunn, metalandcoffee, warmlaundry, alejandroxlopez, jorbin.
Merges [42726], [42728], and [43356] to the 4.9 branch.
Fixes#41112.
Built from https://develop.svn.wordpress.org/branches/4.9@43357
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a term query using `fields=all_with_object_id` hits the cache, the
cached `stdClass` objects must be converted to `WP_Term` objects. This
was overlooked when `WP_Term_Query` was refactored to support object
queries in [38667].
Merges [43313] to the 4.9 branch.
Props dlh.
Fixes#44221.
Built from https://develop.svn.wordpress.org/branches/4.9@43314
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a privacy policy has been set, then a link to it will automatically be shown in the footer.
The element containing the "Proudly powered by WordPress" link was chosen for the new policy link, in order to minimize visual conflicts with custom CSS that was written before the new link existed. Unfortunately, some minor conflicts are expected and unavoidable. Adding this link is required as part of GDPR compliance, and the benefits outweigh the downsides.
To further mitigate the conflicts, a new imprint class was added to the "Proudly powered..." link, in order to facilitate targeting each link invididually with custom styles.
This was accidentally not backported to the `4.9` branch before the beta/RC phase, but there was a consensus that it is safe to do that this late in the release cycle.
See https://wordpress.slack.com/archives/C02RQBWTW/p1526577643000132.
See https://wordpress.slack.com/archives/C02RQBWTW/p1526580781000240.
Props xkon, laurelfulford, birgire, azaozz, iandunn.
Merges [43051] to the 4.9 branch.
See #43715.
Built from https://develop.svn.wordpress.org/branches/4.9@43294
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43123 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A user is required to have the `manage_privacy_options` capability in order to determine which page is set as the privacy policy (the `wp_page_for_privacy_policy`). Given that, it doesn't make sense to allow users without that capability to edit or delete the page.
A similar situation exists with the `page_for_posts` and `page_on_front` options, but Editors are allowed to edit those pages. The reason that this situation is different is because it is more likely that an administrator will want to restrict modifications to the privacy policy, than it is that they will want to allow modifications. Modifications to the policy often require specialized knowledge of local laws, and can have implications for compliance with those laws.
Props dlh, desrosj.
Merges [43286] to the 4.9 branch.
Fixes#44079.
Built from https://develop.svn.wordpress.org/branches/4.9@43287
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.
To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.
The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.
Props johnjamesjacoby, allendav.
Merges [43284] to the 4.9 branch.
Fixes#44091.
Built from https://develop.svn.wordpress.org/branches/4.9@43285
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the link used absolute positioning, in order to stick it at the bottom of the page. That was done in order to create visual separation between it and the "action" links, like "Lost Your Password?"
The absolute positioning can cause conflicts in some situations, though. For example, if extra text or error notices are added above the form, then the login link would be positioned on top of other elements.
Switching to relative positioning with extra margins avoids those issues, while maintaining the visual separation between the "action" links and the privacy policy link.
Props imath, melchoyce, desrosj, xkon, iandunn.
Merges [43274] to the 4.9 branch.
Fixes#44046.
Built from https://develop.svn.wordpress.org/branches/4.9@43276
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r43158 introduced a new admin pointer for the privacy tools added in 4.9.6. With the previous positioning, though, sometimes the `Dismiss` link would be fixed off screen, making it impossible for the user to dismiss the pointer. This happened when there were enough extra menu items, or when the viewport height was short enough.
This commit repositions the pointer to work around that problem. One down side of this workaround is that the arrow will not always be positioned next to the `Tools` menu, where it should be. That's an acceptable compromise given the current time constraints, though. A long term solution would be to make `WP_Pointer` robust enough to handle this use case.
Props imath, audrasjb, desrosj.
Merges [43246] to the 4.9 branch.
Fixes#44045.
Built from https://develop.svn.wordpress.org/branches/4.9@43253
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The previous `user_email` value was redundant, because it always matched `$request_data->email`. That value might be different from where the message is sent, though, if `the user_erasure_fulfillment_email_to` filter is used. If they are different, then callbacks for the `user_confirmed_action_email_content` filter may want to distinguish between the email address of the user making the request, and the email address that the confirmation notification is being sent to.
Props desrosj, iandunn.
Merges [43236] to the 4.9 branch.
See #43973.
Built from https://develop.svn.wordpress.org/branches/4.9@43237
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue.
An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.
The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.
Props azaozz, xkon, iandunn.
Merges [43223] to the 4.9 branch.
Fixes#43954. See #43953.
Built from https://develop.svn.wordpress.org/branches/4.9@43225
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the admin didn't have any way to know if a pending request was ready to be processed, aside from manually checking the Export/Erase pages. Sending them an email is a much more convenient option.
Props garrett-eclipse, desrosj, iandunn.
Merges [43211] to the 4.9 branch.
See #43967.
Built from https://develop.svn.wordpress.org/branches/4.9@43215
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the pointer overlapped the menu in order to draw attention to the fact that it applies to both the `Tools` and `Settings` menus. That caused a conflict if the menu was collapsed, though, because the icons were covered by the pointer and therefore inaccessible.
Additionally, minor tweaks were made to the text order and formatting. The order of the two sections was swapped in the title and paragraph, in order to match the order of the corresponding menu items. The spacing around headings and paragraphs was tweaked to remove extraneous whitespace.
Props littler.chicken, desrosj, ianbelanger, melchoyce.
Merges [43210] to the 4.9 branch.
Fixes#43961.
Built from https://develop.svn.wordpress.org/branches/4.9@43214
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Separate the guide text form the suggested policy text.
- Add table of content for easier navigation.
- Move the content to tools.php (prevents the settings menu of being open).
- Add a link to the guide from the Privacy settings screen.
Props melchoyce, azaozz.
Merges [43184] and [43203] to the 4.9 branch.
Fixes#43980.
Built from https://develop.svn.wordpress.org/branches/4.9@43204
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r42986 introduced the beginnings of an Ajax handler for processing requests to erase personal data. At the time, a method for marking requests as completed was planned, but had not yet been created. This commit introduces that mechanism, bringing the erasure process closer to completion.
Props coreymckrill, allendav.
Merges [43185] to the 4.9 branch.
Fixes#43922.
Built from https://develop.svn.wordpress.org/branches/4.9@43188
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r43008 refactored the request flow to make several improvements, but accidentally marked `completed` requests as `confirmed`. This commit restores the intended statuses, so that the data and corresponding UI reflect reality.
Props allendav, birgire.
Merges [43183] to the 4.9 branch.
Fixes#43913.
Built from https://develop.svn.wordpress.org/branches/4.9@43187
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.
That can be avoided by reusing the same filename when building fresh archives.
Props desrosj, tz-media, allendav.
Merges [43180] to the 4.9 branch.
Fixes#43905.
Built from https://develop.svn.wordpress.org/branches/4.9@43186
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r43046 introduced wp_schedule_delete_old_privacy_export_files() to schedule the wp_privacy_delete_old_export_files cron job, but it did not check to make sure it wasn't running in the context of the install process. When it did run in that context, it created a database error, because the necessary database tables don't exist at that point.
Checking the current context and returning early during the installation phase avoids that issue.
Props helen, timothyblynjacobs, iandunn.
Merges [43162] to the 4.9 branch.
Fixes#43952.
Built from https://develop.svn.wordpress.org/branches/4.9@43163
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the user was shown a message that the page was created, but might not understand that they still need to visit the page and publish it. Redirecting them to the page makes it more obvious that additional steps are involved.
Props Clorith, xkon, azaozz.
Merges [43160] to the 4.9 branch.
Fixes#43926.
Built from https://develop.svn.wordpress.org/branches/4.9@43161
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new features are very important for some users, because of their GDPR obligations. They're also spread across multiple top-level menus, making them less discoverable. An admin pointer will help to ensure that users are aware of the new tools and how to find them.
Props desrosj, andreamiddleton, allendav, xkon.
Merges [43158] to the 4.9 branch.
Fixes#43942.
Built from https://develop.svn.wordpress.org/branches/4.9@43159
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.
Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.
Props desrosj, allendav, ocean90.
Merges [43154] to the 4.9 branch.
Fixes#43931.
Built from https://develop.svn.wordpress.org/branches/4.9@43157
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In many common Multisite use cases, the network administrator will want to set a network-wide privacy policy -- via the privacy_policy_url filter -- for consistency and convenience. When that's done, the Privacy Settings screen on individual sites becomes unnecessary, and may confuse administrators of those sites when they see that their changes don't have any effect on the policy link in the footer.
Since we can't programatically determine which behavior the network admins would like, the safest default setting is to restrict the ability to super admins, and let them delegate it to individual site owners via a plugin, if they'd like to.
Merhes [43147] to the 4.9 branch.
Fixes#43935.
Built from https://develop.svn.wordpress.org/branches/4.9@43153
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The page was originally placed under Tools so that it would be grouped with the pages to export and erase personal data, since they're all part of the effort to bring privacy management tools to Core ahead of GDPR's deadline. After more consideration, though, it makes sense to move this page to the Settings menu, since it's fundamental purpose is to configure an option, rather than to facilitate a recurring task. This keeps all of the configuration pages in a single place, making them consistent and easier to find.
Exporting and erasing personal data are recurring tasks, so they still make sense under the Tools menu.
Props xkon, helen, melchoyce, allendav, desrosj, ocean90, azaozz.
Merges [43145] to the 4.9 branch.
Fixes#43873.
Built from https://develop.svn.wordpress.org/branches/4.9@43152
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Insert both the text and tutorial in new policy pages and highlight is brightly in the editor.
Show only the suggested text in the policy postbox.
Props melchoyce, idea15, allendav, xkon, macbookandrew, azaozz.
Merges [43044], [43048], [43052], [43126], [43146], and [43148] to the 4.9 branch.
Fixes#43473.
Built from https://develop.svn.wordpress.org/branches/4.9@43149
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In these contexts, "privacy policy" is not a proper noun, and therefore should not be capitalized.
The remaining uses are page titles and section headers, where capitalization is appropriate.
Props idea15, garrett-eclipse, allendav.
Merges [43132] to the 4.9 branch.
Fixes#43435.
Built from https://develop.svn.wordpress.org/branches/4.9@43134
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The previous sentence was gramatically awkward, and using the term "compliance" could accidentally be mistaken by a site owner for a promise by WordPress that their site will be compliant after using the tool, which is not necessarily true.
Props idea15, allendav, azaozz, iandunn.
Merges [43131] to the 4.9 branch.
See #43435.
Built from https://develop.svn.wordpress.org/branches/4.9@43133
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Non-wrapping `label`s are more widely supported by assitive technologies. The CSS changes account for the element re-ordering, and tweak the formatting for improved readability.
Props afercia, xkon, laurelfulford, azaozz.
Merges [43125] to the 4.9 branch.
Fixes#43436.
Built from https://develop.svn.wordpress.org/branches/4.9@43130
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42959 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Personal data collection is more likely for registered users than casual visitors, and the privacy policy might have been updated since a user last logged in. Those changes could impact the collection of personal data from registered users, so it makes sense to provide a link to the policy before users log in.
Props voneff, xkon, melchoyce, chetan200891, desrosj.
Merges [43120] to the 4.9 branch.
Fixes#43721.
Built from https://develop.svn.wordpress.org/branches/4.9@43124
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.
Props allendav, jeremyfelt, iandunn.
Merges [43085] to the 4.9 branch.
Fixes#43919.
Built from https://develop.svn.wordpress.org/branches/4.9@43111
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces the `get_the_privacy_policy_link()` and `the_privacy_policy_link()` functions, as well as the `privacy_policy_url` filter.
A new `tests/url/` folder was added to better organize tests related to `get_*_url()` functions. Previously, those tests were placed in `tests/url.php` and `tests/link/`, but neither of those locations are optimal. Placing tests in `tests/url.php` violates the guideline of creating separate files/classes for each function under test, and using `tests/link/` conflates two distinct -- albeit related -- groups of functions. Over time, URL-related tests can be migrated to the new folder.
Props birgire, xkon, azaozz, iandunn.
Merges [43002] to the 4.9 branch.
See #43850.
Built from https://develop.svn.wordpress.org/branches/4.9@43109
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.
Props iandunn.
Merges [43047] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43096
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.
`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.
This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.
`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.
Props iandunn, desrosj.
Merges [43046] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43095
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.
Props iandunn.
Merges [43045] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43094
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Any WordPress user who can `edit_posts` of a post type with `show_in_rest=true` can query for authors. This maps to current WordPress behavior where a WordPress user who can view the Manage Posts view for a post type can see any WordPress user assigned to a post (whether published or draft).
This implementation, over restricting `who=authors` to users with `list_users`, gives us future flexibility in displaying lists of posts. It still respects more restrictive permissions for `context=edit`.
Props danielbachhuber.
Merges [43001] to the 4.9 branch.
Fixes#42202.
Built from https://develop.svn.wordpress.org/branches/4.9@43067
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Passing a `nonce` argument with an empty string to `wp.api.init()` now does no longer fall back to `wpApiSettings.nonce`. This makes it possible to stop sending nonce headers, for example to a read-only endpoint on another site in a multisite install.
Merge of [42852] to the 4.9 branch.
Props adamsilverstein, FPCSJames, ocean90, swissspidy.
See #42948, #43266.
Built from https://develop.svn.wordpress.org/branches/4.9@42854
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
At the time, having both `required` and `aria-required` meant a wider range of support for browsers and assistive technology. Today, it's safe to use just `required`.
Merge of [42758] to the 4.9 branch.
Props lakenh, afercia, davidakennedy, henry.wright.
Fixes#39045.
Built from https://develop.svn.wordpress.org/branches/4.9@42849
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Preventing contextually created attachments from being added to the grid collection in Attachments.validator. Remove the previous filtering introduced in [41937] which caused the placement issue.
Merge of [42739-42740] to the 4.9 branch.
Props lancewillett, Junaidkbr, designsimply, joemcgill.
Fixes#42968.
Built from https://develop.svn.wordpress.org/branches/4.9@42848
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Trigger a keyup event when clearing the search field in response to closing the add item panel. The keyup event triggers a search and resets the results. Previously, the search field was cleared while the potentially blank search results were left in place making it impossible to select new menu items.
Merge of [42744] to the 4.9 branch.
Props Blair jersyer, aranwer104, afercia.
See #43333.
Built from https://develop.svn.wordpress.org/branches/4.9@42846
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the Hello Dolly plugin to remove lines which could be objectionable when shown in the admin out of context, and brings the lyrics more in line with Louis Armstrong's recording.
Props sebastienthivinfocom, birgire, audrasjb, joemcgill.
Fixes#43555.
Merges [42839] to the 4.9 branch.
Built from https://develop.svn.wordpress.org/branches/4.9@42840
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is a partial revert of [41724], so image captions include an
inline `width` style instead of `max-width`.
This returns the caption shortcode to the pre-4.9.0 behavior, while
retaining the extra unit test coverage added in [41724].
Fixes#43123. See #33981.
Merges [42837] to the 4.9 branch.
Built from https://develop.svn.wordpress.org/branches/4.9@42838
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42668 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While intended as a playful error message, `Cheatin’ uh?` can be interpreted as insulting or accusatory in an already stressful situation. This replaces Cheatin’ with more meaningful error messages, depending on the error that occurs.
Props ElectricFeet, EricMeyer, karmatosed, dd32, BandonRandon, melchoyce, kristastevens for language; dmsnell for original patch; peterwilsoncc.
Merged [42648] and [42719] to the 4.9 branch.
Fixes#38332.
Built from https://develop.svn.wordpress.org/branches/4.9@42811
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This code branch is responsible for running all autoupdates, including plugins and themes - which should run regardless of if there's a core autoupdate available.
This revert does not revert the `$timeout` changes, as these should still use cached data if it's available.
Ideally this should be decoupled from the core update check to allow background updates to operate even when the core update check is disabled or running more often than twice daily.
Merges [42653] to the 4.9 branch.
Fixes#43103, #43235.
Built from https://develop.svn.wordpress.org/branches/4.9@42654
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42483 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replaces the fairy (male) browser support test with a woman in business suit levitating. While the things that make people different sometimes become less obvious this isn't always a problem, because the things that make you strange are the things that make you powerful.
Props peterwilsoncc.
Merges [42598] to the 4.9 branch.
Fixes#42862.
Built from https://develop.svn.wordpress.org/branches/4.9@42601
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a post slug is changed, we store a copy of the old slug, so that we can redirect visitors visiting the old URL to the new URL.
In the same way, this stores a copy of the old date, when the post date changes, so we can redirect visitors to the new URL.
Merge of [42401,42587,42588] to the 4.9 branch.
Props nickmomrik, frank-klein.
Fixes#15397.
Built from https://develop.svn.wordpress.org/branches/4.9@42589
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42418 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change reduces the number of API calls which WordPress makes to api.wordpress.org during release windows.
Previously the background updates would run upon every core update transient refresh, however now they'll only run if there's an update available.
The change also increases the cache period for plugin & theme checks when running via the cron, from never-cache to 2 hours, which should hopefully reduce the number of needless API calls.
Merges [42584] to the 4.9 branch.
Fixes#43103 for 4.9.
Built from https://develop.svn.wordpress.org/branches/4.9@42586
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42415 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Backports [42547] without adding new files due to how minor updates work.
JSHint inherits a license from JSLint that includes the clause "The Software shall be used for Good, not Evil." WordPress's license specifically allows grants the freedom to run the program, for any purpose. Please note, this is not an encouragement of evil. Rather than doing something evil, how about learning to love those around you. Instead of tweeting lies and saying people are "Not Good!", help your neighbor. In the words of Lin Manual Miranda, "Love is love is love is love is love is love is love is love, cannot be killed or swept aside."
This replaces JSHint with esprima, a part of the larger jQuery project, and a custom wrapper for some basic error checking within codemirror.
The existing JSHint configuration is kept in place in case someone wants to use that, but they can only do so for Good.
Fixes#42850
Props netweb for a spelling fix on a comment.
Built from https://develop.svn.wordpress.org/branches/4.9@42548
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change makes WordPress use `mysqli` on PHP <5.5 when available, instead of only in PHP 5.5+ and development installs.
WPDB includes a fallback to `mysql` in the event that the database connection fails with `mysqli` so incompatibilities should be few and far between.
Props dd32.
Merges [42388] to the 4.9 branch.
Fixes#42812.
Built from https://develop.svn.wordpress.org/branches/4.9@42455
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For code-historic reasons, restoring widget assignments would not be attempted if there were no sidebars to map.
Restoring previous assignments is something unrelated to sidebar mappings however, so now it will be attempted on every theme switch.
Fixes#42719.
Merges [42374] to the 4.9 branch.
Built from https://develop.svn.wordpress.org/branches/4.9@42375
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change reinstates the previous de facto behavior of `category_description()`.
See [40979], [42364]. Because `term_description()` no longer passes `$taxonomy` to
`get_term_field()`, the parameter is no longer needed and has been deprecated.
Merges [42368] to the 4.9 branch.
Fixes#42605. See #42771.
Built from https://develop.svn.wordpress.org/branches/4.9@42372
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42201 1a063a9b-81f0-0310-95a4-ce76da25c4cd