Commit Graph

38358 Commits

Author SHA1 Message Date
Sergey Biryukov
0e067ab91e Privacy: Correct the error check when creating an export folder in wp_privacy_generate_personal_data_export_file().
`wp_mkdir_p()` returns `false` on error, not a `WP_Error` object.

Props birgire.
Fixes #44158.

git-svn-id: https://develop.svn.wordpress.org/trunk@43299 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-21 11:58:19 +00:00
laurelfulford
186bb7c8a9 Bundled Themes: Bump version numbers and update changelogs for 4.9.6 release
* Also, updates POT files for Twenty Ten and Twenty Eleven.

Props earnjam, laurelfulford.

Fixes #43915.


git-svn-id: https://develop.svn.wordpress.org/trunk@43293 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-17 17:06:12 +00:00
iandunn
238504d36f Tests: Add case for wp_privacy_delete_old_export_files().
Props allendav.
See #43546.


git-svn-id: https://develop.svn.wordpress.org/trunk@43292 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-17 16:38:01 +00:00
Ian Dunn
84211ab4b6 Tests: Add case for wp_privacy_send_personal_data_export_email().
Props birgire.
See #43546.


git-svn-id: https://develop.svn.wordpress.org/trunk@43291 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-16 23:53:38 +00:00
Ian Dunn
ac4d875f94 Comments: Escape permalink values on edit screen to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props 1naveengiri, joyously.
Fixes #44115.


git-svn-id: https://develop.svn.wordpress.org/trunk@43290 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-16 22:38:20 +00:00
Ian Dunn
d488fc7dac Privacy: Require manage_privacy_options to edit policy page.
A user is required to have the `manage_privacy_options` capability in order to determine which page is set as the privacy policy (the `wp_page_for_privacy_policy`). Given that, it doesn't make sense to allow users without that capability to edit or delete the page. 

A similar situation exists with the `page_for_posts` and `page_on_front` options, but Editors are allowed to edit those pages. The reason that this situation is different is because it is more likely that an administrator will want to restrict modifications to the privacy policy, than it is that they will want to allow modifications. Modifications to the policy often require specialized knowledge of local laws, and can have implications for compliance with those laws.

Props dlh, desrosj.
Fixes #44079.


git-svn-id: https://develop.svn.wordpress.org/trunk@43286 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-15 20:43:59 +00:00
Ian Dunn
3e3db8af66 Privacy: Rename exports folder to avoid deleting other files.
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.

To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.

The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.

Props johnjamesjacoby, allendav.
Fixes #44091.


git-svn-id: https://develop.svn.wordpress.org/trunk@43284 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-15 20:21:37 +00:00
Andrew Ozz
ced82abf66 Privacy: use the more compatible word-break: break-all;, see [43278].
See #44092.

git-svn-id: https://develop.svn.wordpress.org/trunk@43282 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-15 20:06:39 +00:00
Andrew Ozz
6ab60cb0b6 Privacy: fix styling of the Privacy Settings buttons on mobile/small screens.
Props ianbelanger, azaozz.
Fixes #44093.

git-svn-id: https://develop.svn.wordpress.org/trunk@43279 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-15 19:26:04 +00:00
Andrew Ozz
b8810cc225 Privacy: fix styling of the "next steps" buttons on the Export/Erase tools screens when text is long.
Props audrasjb, ianbelanger.
Fixes #44092.

git-svn-id: https://develop.svn.wordpress.org/trunk@43278 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-15 18:58:29 +00:00
Felix Arntz
2c4326cff1 Widgets: Allow basic inline tags in wp_sidebar_description().
The customizer has allowed HTML in sidebar descriptions since adding support for sidebars. This change ensures that basic HTML is also allowed for them in the widgets admin screen.

Fixes #42608.


git-svn-id: https://develop.svn.wordpress.org/trunk@43275 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-15 16:54:12 +00:00
Ian Dunn
f822373476 Privacy: Reposition log in policy link to avoid overlapping elements.
Previously, the link used absolute positioning, in order to stick it at the bottom of the page. That was done in order to create visual separation between it and the "action" links, like "Lost Your Password?"

The absolute positioning can cause conflicts in some situations, though. For example, if extra text or error notices are added above the form, then the login link would be positioned on top of other elements.

Switching to relative positioning with extra margins avoids those issues, while maintaining the visual separation between the "action" links and the privacy policy link.

Props imath, melchoyce, desrosj, xkon, iandunn.
Fixes #44046.


git-svn-id: https://develop.svn.wordpress.org/trunk@43274 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-15 16:26:12 +00:00
Andrew Ozz
e72d503702 Privacy: only remove the "Suggested text has changed" bubble when an admin visits the Privacy Policy Guide screen.
Fixes #44063.

git-svn-id: https://develop.svn.wordpress.org/trunk@43269 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-14 17:51:04 +00:00
Andrew Ozz
cc66df9b5c Privacy: add wp_page_for_privacy_policy to populate_options().
Props ocean90.
Fixes #44076.

git-svn-id: https://develop.svn.wordpress.org/trunk@43267 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-14 16:59:46 +00:00
Andrew Ozz
d9e0a41c20 Privacy: fix markup for the table of contents on privacy policy guide screen.
Props ocean90, azaozz.
Fixes #44056.

git-svn-id: https://develop.svn.wordpress.org/trunk@43265 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-14 16:45:57 +00:00
Andrew Ozz
3ef1d8a2c9 Privacy: fix the "Privacy Policy Guide updated" message and add a link to the guide.
Props birgire, azaozz.
Fixes #44057.

git-svn-id: https://develop.svn.wordpress.org/trunk@43263 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-14 16:20:53 +00:00
Dominik Schilling (ocean90)
8288241045 Privacy: Remove is-dismissible class from notice when privacy info has changed.
The notice isn't dismissible as it only gets removed once you visit the privacy guide, see #44057 and #44063.

Fixes #44065.


git-svn-id: https://develop.svn.wordpress.org/trunk@43261 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-14 15:54:22 +00:00
Dominik Schilling (ocean90)
2865e6f324 Privacy: Don't show privacy feature pointer to new users.
Fixes #44062.

git-svn-id: https://develop.svn.wordpress.org/trunk@43259 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-14 15:49:55 +00:00
John Blackbourn
6449cc7970 Docs: Add missing HTTP methods to the list of those supported.
See #42505


git-svn-id: https://develop.svn.wordpress.org/trunk@43258 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-14 15:22:45 +00:00
Andrew Ozz
b69237ecda Privacy: improve inline documentation.
Props desrosj.
Fixes #44075.

git-svn-id: https://develop.svn.wordpress.org/trunk@43256 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-14 14:52:49 +00:00
Andrew Ozz
76d97c7695 Privacy: fix Export and Erase Personal Data list-tables on small screens.
Props ianbelanger, subrataemfluence, desrosj.
Fixes #44026.

git-svn-id: https://develop.svn.wordpress.org/trunk@43251 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-14 09:20:37 +00:00
Andrew Ozz
ad88d64eb9 Privacy: define $title and $parent_file in privacy.php. Fixes showing the proper document title.
Props ocean90.
Fixes #44064.

git-svn-id: https://develop.svn.wordpress.org/trunk@43250 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-14 08:28:18 +00:00
Andrew Ozz
805b2761a9 Privacy: fix two typos in WP_Privacy_Policy_Content::get_default_content().
Props dlh.
Fixes #44050.

git-svn-id: https://develop.svn.wordpress.org/trunk@43249 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-13 11:14:19 +00:00
Andrew Ozz
155f8fd99a Privacy: require manage_privacy_options capability for showing WP_Privacy_Policy_Content::notice().
Props ocean90.
Fixes #44055.

git-svn-id: https://develop.svn.wordpress.org/trunk@43248 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-13 11:03:57 +00:00
Sergey Biryukov
b4a1fc692d Docs: Correct type for WP_Taxonomy::$cap.
Props dlh.
Fixes #44061.

git-svn-id: https://develop.svn.wordpress.org/trunk@43247 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-13 10:30:19 +00:00
Ian Dunn
4773a48012 Privacy: Reposition pointer to ensure dismiss link is always visible.
r43158 introduced a new admin pointer for the privacy tools added in 4.9.6. With the previous positioning, though, sometimes the `Dismiss` link would be fixed off screen, making it impossible for the user to dismiss the pointer. This happened when there were enough extra menu items, or when the viewport height was short enough.

This commit repositions the pointer to work around that problem. One down side of this workaround is that the arrow will not always be positioned next to the `Tools` menu, where it should be. That's an acceptable compromise given the current time constraints, though. A long term solution would be to make `WP_Pointer` robust enough to handle this use case.

Props imath, audrasjb, desrosj.
Fixes #44045.


git-svn-id: https://develop.svn.wordpress.org/trunk@43246 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-12 17:28:30 +00:00
Ian Dunn
239471ade4 Privacy: Escape comment URLs in personal export file to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props birgire.
Fixes #44054.


git-svn-id: https://develop.svn.wordpress.org/trunk@43245 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-12 15:55:36 +00:00
Weston Ruter
5e9a39baa7 Customize: Hide expansion arrows in Customizer's available widgets list.
Fixes regression introduced by [42794].

Props dlh.
See #40677.
Fixes #43983.


git-svn-id: https://develop.svn.wordpress.org/trunk@43244 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-11 17:34:40 +00:00
Andrew Ozz
6508ab45cd Privacy: make creating a privacy policy page on install multisite compatible.
See #43491.

git-svn-id: https://develop.svn.wordpress.org/trunk@43243 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-11 15:43:36 +00:00
Andrew Ozz
d7e8ec62c5 Privacy: exclude the wrapper from the default policy content.
Fixes #44048.

git-svn-id: https://develop.svn.wordpress.org/trunk@43242 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-11 15:07:00 +00:00
Sergey Biryukov
2dbb76084d Privacy: On Privacy Settings screen, check if any pages exist before displaying the page selector.
Props abdullahramzan, desrosj, melchoyce.
Fixes #43940.

git-svn-id: https://develop.svn.wordpress.org/trunk@43238 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 21:38:45 +00:00
Ian Dunn
70fd932c25 Privacy: Expose erasure notification recipient to filter callbacks.
The previous `user_email` value was redundant, because it always matched `$request_data->email`. That value might be different from where the message is sent, though, if the `user_erasure_fulfillment_email_to` filter is used. If they are different, then callbacks for the `user_confirmed_action_email_content` filter may want to distinguish between the email address of the user making the request, and the email address that the confirmation notification is being sent to.

Props desrosj, iandunn.
See #43973.


git-svn-id: https://develop.svn.wordpress.org/trunk@43236 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 21:19:27 +00:00
Sergey Biryukov
33b742f7d1 Privacy: Normalize file paths in wp_privacy_generate_personal_data_export_file() to make sure Windows paths don't have their backslashes stripped.
Props xkon, pmbaldha.
Fixes #43908.

git-svn-id: https://develop.svn.wordpress.org/trunk@43234 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 21:11:00 +00:00
Sergey Biryukov
0a56b67b52 Privacy: Update request confirmation notice text for clarity.
Props desrosj, melchoyce, garrett-eclipse.
Fixes #43970.

git-svn-id: https://develop.svn.wordpress.org/trunk@43232 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 20:52:54 +00:00
Sergey Biryukov
bc5ecec3fc Privacy: Send an email notification to the user once their personal data erasure request is fulfilled.
Props desrosj, allendav, garrett-eclipse.
Fixes #43973.

git-svn-id: https://develop.svn.wordpress.org/trunk@43230 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 20:42:15 +00:00
Sergey Biryukov
8adbf40bc2 Privacy: Avoid a PHP notice in wp_ajax_wp_privacy_erase_personal_data(), make sure $eraser_key is always defined.
Props allendav.
Fixes #44040.

git-svn-id: https://develop.svn.wordpress.org/trunk@43228 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 20:23:33 +00:00
Sergey Biryukov
34931cf8c3 General: Skip test_is_countable_ResourceBundle() on PHP 5.3 and below.
`ResourceBundle` is only countable in PHP 5.4+, which can be considered an acceptable edge case for WordPress core purposes.

Props jrf, ayeshrajans.
Fixes #43583.

git-svn-id: https://develop.svn.wordpress.org/trunk@43226 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 20:15:18 +00:00
Ian Dunn
6d4c88a057 Privacy: Replace intrusive policy update notice with menu bubbles.
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue. 

An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.

The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.

Props azaozz, xkon, iandunn.
Fixes #43954. See #43953.


git-svn-id: https://develop.svn.wordpress.org/trunk@43223 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 19:51:58 +00:00
Andrew Ozz
29a63fe774 TinyMCE: switch off concatenation when a custom TinyMCE theme is used. Prevents conflict with the default theme as it loads first.
Props programmin, azaozz.
Fixes #43969.

git-svn-id: https://develop.svn.wordpress.org/trunk@43222 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 19:49:32 +00:00
Sergey Biryukov
07feb01a80 General: In the is_countable() polyfill, if the provided object implements SimpleXMLElement or ResourceBundle, consider it countable.
Props ayeshrajans, jrf, desrosj.
Fixes #43583.

git-svn-id: https://develop.svn.wordpress.org/trunk@43220 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 17:57:38 +00:00
Sergey Biryukov
a322b9479d Privacy: Tweak Privacy Policy page intro text for clarity.
Props macbookandrew, allendav.
See #43933.

git-svn-id: https://develop.svn.wordpress.org/trunk@43218 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 16:11:38 +00:00
Andrew Ozz
512fe2b90f Privacy: fix styling on personal data tables.
Props melchoyce, allendav.
Fixes #43909.

git-svn-id: https://develop.svn.wordpress.org/trunk@43216 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 16:01:50 +00:00
Andrew Ozz
56079a45fd Privacy: cleanup of the "Export Personal Data" and "Erase Personal Data" screens.
Props desrosj, xkon.
See #43929.

git-svn-id: https://develop.svn.wordpress.org/trunk@43212 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 10:00:19 +00:00
Ian Dunn
dd4322535b Privacy: Notify admin via email when a request is confirmed.
Previously the admin didn't have any way to know if a pending request was ready to be processed, aside from manually checking the Export/Erase pages. Sending them an email is a much more convenient option.

Props garrett-eclipse, desrosj, iandunn.
See #43967.


git-svn-id: https://develop.svn.wordpress.org/trunk@43211 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 04:59:48 +00:00
Ian Dunn
59e58199e5 Privacy: Reposition admin pointer to avoid covering collapsed menu.
Previously the pointer overlapped the menu in order to draw attention to the fact that it applies to both the `Tools` and `Settings` menus. That caused a conflict if the menu was collapsed, though, because the icons were covered by the pointer and therefore inaccessible.

Additionally, minor tweaks were made to the text order and formatting. The order of the two sections was swapped in the title and paragraph, in order to match the order of the corresponding menu items. The spacing around headings and paragraphs was tweaked to remove extraneous whitespace.

Props littler.chicken, desrosj, ianbelanger, melchoyce.
Fixes #43961.


git-svn-id: https://develop.svn.wordpress.org/trunk@43210 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-10 03:02:03 +00:00
Sergey Biryukov
6d4bb2c508 Privacy: Pass export request ID to wp_privacy_personal_data_export_file_created filter.
Props thomasplevy.
Fixes #44031.

git-svn-id: https://develop.svn.wordpress.org/trunk@43208 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-09 23:17:03 +00:00
Sergey Biryukov
de1fbae529 Privacy: Make the help hint for Privacy Policy page more translatable and accessible.
Props tobifjellner.
See #43980.

git-svn-id: https://develop.svn.wordpress.org/trunk@43206 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-09 23:11:29 +00:00
John Blackbourn
2fd58a997f Upgrade/Install: Correctly internationalise error messages during config setup.
Fixes #43997


git-svn-id: https://develop.svn.wordpress.org/trunk@43205 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-09 22:51:37 +00:00
Andrew Ozz
80333a91e2 Privacy: fixes for the privacy policy guide and suggested content:
- Separate the guide text form the suggested policy text.
- Add table of content for easier navigation.
- Move the content to tools.php (prevents the settings menu of being open).
- Add a link to the guide from the Privacy settings screen.

Props melchoyce, azaozz.
See #43980.

git-svn-id: https://develop.svn.wordpress.org/trunk@43203 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-09 20:50:54 +00:00
Andrew Ozz
da40024f7f Privacy: remove the help tab from Settings => Privacy until we have something helpful to say :)
Props allendav.
See #44023.

git-svn-id: https://develop.svn.wordpress.org/trunk@43201 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-09 18:11:56 +00:00