Previously, only `a` and `br` tags were allowed in the `value` table cell for each field included in the HTML file generated when a user is exporting their personal data. Instead of relying on a hardcoded list of allowed tags, the `wp_kses()` call in `wp_privacy_generate_personal_data_export_group_html()` will now fallback to the default list of allowed tags (which includes `i`, `strong`, `em`, and other basic HTML formatting tags).
Also, a new context of `personal_data_export` will now be passed to the `wp_kses()` call. As a result, the list of HTML tags and attributes allowed in the export file can now be filtered using the `wp_kses_allowed_html` filter and checking for the `personal_data_export` context.
Fixes#44044.
Props tz-media, desrosj, pento, birgire, garrett-eclipse.
git-svn-id: https://develop.svn.wordpress.org/trunk@44824 602fd350-edb4-49c9-b593-d223f7449a82
Restores `public`, `archived`, `mature`, `spam`, `deleted`, `lang_id`, and `WPLANG` to the `$meta` data passed to `wpmu_new_blog`. This hook was deprecated in 5.1.0, but code using it still relies on this data.
Props david.binda, pbiron.
Fixes#46351.
git-svn-id: https://develop.svn.wordpress.org/trunk@44805 602fd350-edb4-49c9-b593-d223f7449a82
The `test_detects_cannot_create_index()` and `tests_detects_cannot_write_html()` test methods are prone to failure under certain configurations, as discovered by the hosts reporting back the test suite results. This removes those two methods until a better approach to testing those scenarios can be created.
Partial revert of [44786].
See #44233.
git-svn-id: https://develop.svn.wordpress.org/trunk@44792 602fd350-edb4-49c9-b593-d223f7449a82
A PHPUnit configuration file with more than one `<php>` tag causes a validation error in PHPUnit versions 7.x. There are currently 2 in the `tests/phpunit/multisite.xml` file, which appears to be accidentally introduced in [29954].
Fixes#46414.
git-svn-id: https://develop.svn.wordpress.org/trunk@44790 602fd350-edb4-49c9-b593-d223f7449a82
Minimize jquery.form.js as part of build process to remove the source map reference.
Modify source map tests to include all JavaScript files rather than testing Backbone and jQuery only.
Props pento.
Fixes#46218.
git-svn-id: https://develop.svn.wordpress.org/trunk@44740 602fd350-edb4-49c9-b593-d223f7449a82
[44618] added strict type checking to `_sanitize_text_fields()`, which has caused some compat issues with plugins.
We can loosen the type checking to only reject objects and arrays, and cast other types to string.
Props Nick_theGeek, pento.
Fixes#41450.
git-svn-id: https://develop.svn.wordpress.org/trunk@44731 602fd350-edb4-49c9-b593-d223f7449a82
Due to the high number of follow-up tickets and associated security concerns, it was decided to reschedule the fatal error recovery feature for WordPress 5.2, in order to address these issues properly. The feature will continue to be developed, with iterations being merged into trunk early in the 5.2 release cycle.
Fixes#46141. See #44458, #45932, #45940, #46038, #46047, #46068.
git-svn-id: https://develop.svn.wordpress.org/trunk@44717 602fd350-edb4-49c9-b593-d223f7449a82
Introduced in [918/tests] and updated in [26871], the class is there to make sure that known bugs are not skipped when `phpunit` is called with a `--group` that corresponds to an `@ticket` annotation (such as `phpunit --group 12345`).
Enforcing recognized arguments or correctly formed arguments is not the concern here, so reusing `PHPUnit_Util_Getopt::parseLongOption()` was superfluous.
See #43218.
git-svn-id: https://develop.svn.wordpress.org/trunk@44715 602fd350-edb4-49c9-b593-d223f7449a82
The pre-save filters added to links in [43732] could invalidate JSON data when saving Customizer change-sets.
This removes the filters when saving and publishing change-sets.
Props peterwilsoncc, nikeo for testing.
See #45292.
git-svn-id: https://develop.svn.wordpress.org/trunk@44714 602fd350-edb4-49c9-b593-d223f7449a82
To test the `date_i18n()` output correctly, the tests added in [43434] need to set a non-UTC timezone.
Props Rarst.
Fixes#20973.
git-svn-id: https://develop.svn.wordpress.org/trunk@44710 602fd350-edb4-49c9-b593-d223f7449a82
The method is only used for two known options: `group` and `exclude-group`, others should be passed to PHPUnit.
Props johnbillion.
See #43218.
git-svn-id: https://develop.svn.wordpress.org/trunk@44707 602fd350-edb4-49c9-b593-d223f7449a82
* Create an abstract `WP_UnitTestCase_Base` class to share between PHPUnit 7.x and older versions.
* Add a speed-trap loader to determine which `SpeedTrapListener` class needs to be loaded for the current PHPUnit version.
* Remove unnecessary `PHPUnit\Util\Test` and `PHPUnit_Util_Getopt` inheritances.
* Update Travis CI config to use PHPUnit 7.x for PHP 7.1, 7.2, and nightly PHP versions.
Props jipmoors, netweb, desrosj, ayeshrajans, soulseekah, SergeyBiryukov.
See #43218.
git-svn-id: https://develop.svn.wordpress.org/trunk@44701 602fd350-edb4-49c9-b593-d223f7449a82
Moves the logic for determining when an event will next run from `wp_next_scheduled()` to `wp_get_scheduled_event()`.
This improves the performance of `wp_get_scheduled_event()` by avoiding duplicate function calls and object cache hits.
Props peterwilsoncc.
Fixes#45976.
git-svn-id: https://develop.svn.wordpress.org/trunk@44693 602fd350-edb4-49c9-b593-d223f7449a82
Bypass adding a `rel` attribute when the `wp_targeted_link_rel` filter returns an empty string or other falsy result.
Props mcmwebsol, spartank, meatman89fs.
Fixes#45352.
git-svn-id: https://develop.svn.wordpress.org/trunk@44691 602fd350-edb4-49c9-b593-d223f7449a82
This was introduced in [44466]. Also, this changeset adds tests for `_wp_die_process_input()` so that this never happens again.
Props dd32.
See #45933.
git-svn-id: https://develop.svn.wordpress.org/trunk@44690 602fd350-edb4-49c9-b593-d223f7449a82
Adds a `maybe_serialize()` comparison for the old and new values in `update_network_option()` to avoid unnecessary database writes when options contain identical objects.
Props bor0.
Fixes#44956.
git-svn-id: https://develop.svn.wordpress.org/trunk@44662 602fd350-edb4-49c9-b593-d223f7449a82
The "Your comment is awaiting moderation." message relied upon the comment author cookie being set. However, since it's now possible to opt-out of that cookie, submitting a comment won't show the comment preview when the comment is placed in moderation.
To avoid this issue, we now include a hash in the redirect URL, allowing the site to identify that a preview of the moderated comment should be displayed.
Props imath, tomdxw, birgire, lakenh, azaozz, pento.
Fixes#43857.
git-svn-id: https://develop.svn.wordpress.org/trunk@44659 602fd350-edb4-49c9-b593-d223f7449a82
A few sniffs have been renamed, this change includes the relevant `phpcs:ignore` comment updates.
Fixes#46002.
git-svn-id: https://develop.svn.wordpress.org/trunk@44645 602fd350-edb4-49c9-b593-d223f7449a82
When a `PUT` request is performed to update a user, a `rest_user_invalid_email` error is incorrectly being returned when the email exists with different letter casing, even if it belongs to the user being updated. `email_exists()` performs a case insensitive lookup, but the conditional statement following that lookup was performing a strict comparison between the new email and the user’s current email.
This changes that comparison to instead compare the user ID returned by `email_exists()` with the user ID being updated. This more closely matches the logic used in `edit_user()` and allows a user to change the letter casing of their email.
Props fuchsws, rachelbaker, desrosj.
Fixes#44672.
git-svn-id: https://develop.svn.wordpress.org/trunk@44641 602fd350-edb4-49c9-b593-d223f7449a82
This allows users to sort the export and erase personal data request tables by “Requester” (`post_title`, or user email) and “Requested” (`post_date`, or when the request was created), which can be helpful when sites have many requests present.
Props birgire, ianbelanger, pbiron, desrosj.
Fixes#43405.
git-svn-id: https://develop.svn.wordpress.org/trunk@44628 602fd350-edb4-49c9-b593-d223f7449a82
Prevent a notification from being sent when an unrecognised value is passed in the `$notify` parameter.
Props cthreelabs, 360zen.
Fixes#44293.
git-svn-id: https://develop.svn.wordpress.org/trunk@44611 602fd350-edb4-49c9-b593-d223f7449a82
This is a followup to [42828], ensuring that the `get_{$adjacent}_post_excluded_terms` filter is always passed an array, as expected.
Props soulseekah, zottto.
Fixes#43521.
git-svn-id: https://develop.svn.wordpress.org/trunk@44591 602fd350-edb4-49c9-b593-d223f7449a82
When `home` and `siteurl` are different, the customizer preview iframe will be blank in Chrome and Safari, due to their `X-Frame-Options` implementation quirks.
Changing this to `SAMEORIGIN` and adding the `frame-ancestors` Content Security Policy gives the correct behaviour.
Props fullyint.
Fixes#40020.
git-svn-id: https://develop.svn.wordpress.org/trunk@44580 602fd350-edb4-49c9-b593-d223f7449a82
[41215] supresses these irrelevant error messages from the front end, this removes them from the error log, too.
Props jeherve.
Fixes#43815.
git-svn-id: https://develop.svn.wordpress.org/trunk@44578 602fd350-edb4-49c9-b593-d223f7449a82