While currently a recovery link is only made available via the admin email address, this will be expanded in the future. In order to accomplish that, the mechanisms to store and validate recovery keys must support multiple keys to be valid at the same time.
This changeset adds that support, adding an additional token parameter which is part of a recovery link in addition to the key. A key itself is always associated with a token, so the two are only valid in combination. These associations are stored in a new `recovery_keys` option, which is regularly cleared in a new Cron hook, to prevent potential cluttering from unused recovery keys.
This changeset does not have any user-facing implications otherwise.
Props pbearne, timothyblynjacobs.
Fixes#46595. See #46130.
git-svn-id: https://develop.svn.wordpress.org/trunk@45211 602fd350-edb4-49c9-b593-d223f7449a82
An admin may download an export to check that it's all correct, but this action shouldn't mark the request as complete.
Props garrett-eclipse, JoshuaWold, birgire.
Fixes#44644.
git-svn-id: https://develop.svn.wordpress.org/trunk@45148 602fd350-edb4-49c9-b593-d223f7449a82
This expands upon `rel="noopener"` being previously added to links in the content.
Props audrasjb, welcher.
Fixes#43290.
git-svn-id: https://develop.svn.wordpress.org/trunk@45141 602fd350-edb4-49c9-b593-d223f7449a82
When `do_blocks()` is run, it sets up some special handling of the `wpautop` filter, as we don't want `wpautop` to run on block content, but we do want it to be available for subsequent runs of `the_content`, which may be happening on non-block content.
As we set this up before rendering dynamic blocks, however, a dynamic block choosing to run `the_content` will cause unintentially structural deficiences in this particular recursive block tower.
Moving this handling to after dynamic blocks are rendered makes our tower lean a little less.
Props aldavigdis, pento.
Fixes#45495.
git-svn-id: https://develop.svn.wordpress.org/trunk@45139 602fd350-edb4-49c9-b593-d223f7449a82
Fix off-by-one error in pixel color checks for rotate and flip image tests.
Change to using PNG with single pixel to ensure that errors are caught in the future, rather than lost in JPEG noise.
Props Fuegas, mikeschroder.
Fixes#46073.
git-svn-id: https://develop.svn.wordpress.org/trunk@45067 602fd350-edb4-49c9-b593-d223f7449a82
Making incorrect assumptions about microdata used in a theme results in invalid markup.
The attribute can still be added using the `get_custom_logo` or `wp_get_attachment_image_attributes` filter, but it should not be added by default.
Props henry.wright, tfrommen, afercia, markcallen, zodiac1978.
Fixes#37305.
git-svn-id: https://develop.svn.wordpress.org/trunk@45028 602fd350-edb4-49c9-b593-d223f7449a82
Similar to the `posts_pre_query` filter for WP_Query added in #36687. These filters lets you short circuit the queries to return your own results.
Add a new filter `sites_pre_query` - which returns null by default. Return a non-null value to bypass WordPress's default `get_sites` queries.
Developers should note that filtering functions that require pagination information are encouraged to set the `found_sites` property of the `WP_Site_Query` object, passed to the filter by reference. If `WP_Site_Query` does not perform a database query, it will not have enough information to generate these values itself.
Add a new filter `networks_pre_query` - which returns null by default. Return a non-null value to bypass WordPress's default `get_networks` queries.
Developers should note that filtering functions that require pagination information are encouraged to set the `found_networks` property of the `WP_Network_Query` object, passed to the filter by reference. If `WP_Network_Query` does not perform a database query, it will not have enough information to generate these values itself.
Props spacedmonkey.
Fixes#45749.
git-svn-id: https://develop.svn.wordpress.org/trunk@44983 602fd350-edb4-49c9-b593-d223f7449a82
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.
When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.
A link in the admin bar allows the client to exit recovery mode.
Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes#46130, #44458.
git-svn-id: https://develop.svn.wordpress.org/trunk@44973 602fd350-edb4-49c9-b593-d223f7449a82
* `is_privacy_policy()` template tag
* `privacy-policy.php` template
* `.privacy-policy` body class
* `.menu-item-privacy-policy` menu item class
Props garrett-eclipse, birgire, xkon, Clorith.
Fixes#44005.
git-svn-id: https://develop.svn.wordpress.org/trunk@44966 602fd350-edb4-49c9-b593-d223f7449a82
Only try to access `term_id` once `$parent_term` is known to be a `WP_Term`.
Props dlh, earnjam.
Fixes#44983.
git-svn-id: https://develop.svn.wordpress.org/trunk@44965 602fd350-edb4-49c9-b593-d223f7449a82
This allows post exists checks scoped to a specific post type.
Props sgarza, birgire, swissspidy.
Fixes#37406.
git-svn-id: https://develop.svn.wordpress.org/trunk@44959 602fd350-edb4-49c9-b593-d223f7449a82
Displaying the correct build date in feeds is as important today as it was twelve years ago when this ticket was opened.
Fix an issue where all feeds in WordPress showed the same date for their last build date (the datapoint is `lastBuildDate`, `updated` or `dc:date` depending on the feed type).
Introduce a new `get_last_build_date` filter to adjust the date used for `lastBuildDate`. Developers who previously filtered `get_lastcommentmodified` to alter feed dates should use this filter instead.
* `get_last_build_date` extracts the latest post (or comment) in the current WP_Query object.
* In all feed templates, use `get_last_build_date` vs `get_lastpostmodified( 'GMT' );`.
Props stevenkword, spacedmonkey, ryanshoover, mauteri, nacin, jorbin, MikeNGarrett, Denis-de-Bernardy, peaceablewhale.
Fixes#4575.
git-svn-id: https://develop.svn.wordpress.org/trunk@44948 602fd350-edb4-49c9-b593-d223f7449a82
In the media library gird view, properly limit the media attachment filter to available mime types, matching the list view.
Props itzmekhokan.
Fixes#43658.
git-svn-id: https://develop.svn.wordpress.org/trunk@44947 602fd350-edb4-49c9-b593-d223f7449a82
Screen reader users rely on the iframe title attribute to describe the contents of iframes. A meaningful title attribute allows to quickly identify the iframe content, so users can determine which iframe to enter and explore in detail or skip if desired.
Note: this is the only case where a title attribute is required for compliance with the W3C Web Content Accessibility Guidelines (WCAG).
- checks for oEmbed response of type `video` or `rich`
- checks if they use an iframe
- fetches the title (if any) from the oEmbed response
- adds the title to the embed iframe
Props bamadesigner, TomHarrigan, swissspidy, jrf, afercia.
Fixes#40245.
git-svn-id: https://develop.svn.wordpress.org/trunk@44942 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces `$post` parameters to `get_the_content()` and
`wp_trim_excerpt()`. When a `$post` object is passed to one of these functions,
the functions will operate on the data from that object, rather than from the
post globals (`$authordata`, `$page`, etc). This ensures that the functions work
in a predictable manner when used outside of the regular post loop.
The global-mismatch problem is surfaced in cases where `get_the_excerpt()` is
called outside of the post loop, on posts that don't have a defined excerpt. In
these cases, the post globals - used to generate a fallback excerpt - may refer
to the incorrect object, resulting in PHP notices or other unpredictable
behavior. See #36934 for a related issue.
Props spacedmonkey, kraftbj, Shital Patel.
Fixes#42814.
git-svn-id: https://develop.svn.wordpress.org/trunk@44941 602fd350-edb4-49c9-b593-d223f7449a82
This changeset ensures `$request->set_url_params()` is called while fulfilling OPTIONS requests, where previously it was skipped because OPTIONS requests short-circuit the logic in `dispatch` which handles this setup for other request methods. Omitting the URL parameters prevented the Allow header from being set.
Props killua99, noisysocks.
Fixes#45753.
git-svn-id: https://develop.svn.wordpress.org/trunk@44933 602fd350-edb4-49c9-b593-d223f7449a82
- adds a visually hidden text to give context to the lyrics
- the text is `Quote from Hello Dolly song, by Jerry Herman:`
- adds a `lang` HTML attribute (when the admin language is not English) to better support assistive technologies
- adds a `dir` HTML attribute to better support the LTR English lyrics with RTL languages
- CSS adjustments
Props audrasjb, SergeyBiryukov, danieltj, birgire, karmatosed, desrosj, afercia.
Fixes#43632.
git-svn-id: https://develop.svn.wordpress.org/trunk@44929 602fd350-edb4-49c9-b593-d223f7449a82
Improves the logic in `wp_schedule_single_event()` to ensure an identical event is not scheduled within ten minutes.
This moves the logic for checking for identical events to be self contained rather than relying on `wp_next_scheduled()` as this fails to account for events with a past timestamp when wp-cron fails to trigger or for multiple identical events being scheduled already.
Props bodohugobarwich.
Fixes#44818.
git-svn-id: https://develop.svn.wordpress.org/trunk@44917 602fd350-edb4-49c9-b593-d223f7449a82
When dealing with personal data exports and erasure requests, it is important to have a log of all the requests for a specific person. This is often required to confirm when and how many times requests were completed and fulfilled properly.
This change allows a new request to be created after a previous data request has reached completed status (`request-completed`) instead of requiring admins to delete or re-initiate the existing request. The latter approach removes the historical log of requests for that user when creating a new request.
Full unit tests for the `wp_create_user_request()` function are also included.
Props garrett-eclipse, cc0a, birgire, desrosj.
Fixes#44707.
git-svn-id: https://develop.svn.wordpress.org/trunk@44906 602fd350-edb4-49c9-b593-d223f7449a82
Felix Arntz
Sergey Biryukov
John Blackbourn
Gary Pendergast
Mike Schroder
Andrea Fercia
Adam Silverstein
K. Adam White
Jonathan Desrosiers
adamsilverstein
Boone Gorges
Peter Wilson