Add a `_doing_it_wrong()` message describing the correct usage of the function.
Props kraftbj, azaozz, SergeyBiryukov, YuriV.
Fixes#44142.
git-svn-id: https://develop.svn.wordpress.org/trunk@43361 602fd350-edb4-49c9-b593-d223f7449a82
The line was copied from the emails that get sent when an email address changes, without considering if it made sense in the new context.
Props iandunn, ianbelanger, desrosj.
Fixes#44030.
git-svn-id: https://develop.svn.wordpress.org/trunk@43353 602fd350-edb4-49c9-b593-d223f7449a82
These annotations make it clear to the reader of a JavaScript source
where the build process outputs to. These annotations can later be
integrated in a webpack configuration. This way there is one source of
truth.
The `build` folder is omitted from the paths, because a single JS file
shouldn't not be responsible of knowing where outputs in general will
end up at. A file only knows its output location relative to the
project.
Props adamsilverstein, herregroen, omarreiss, pento.
Fixes#44361.
git-svn-id: https://develop.svn.wordpress.org/trunk@43347 602fd350-edb4-49c9-b593-d223f7449a82
When a term query using `fields=all_with_object_id` hits the cache, the
cached `stdClass` objects must be converted to `WP_Term` objects. This
was overlooked when `WP_Term_Query` was refactored to support object
queries in [38667].
Props dlh.
Fixes#44221.
git-svn-id: https://develop.svn.wordpress.org/trunk@43313 602fd350-edb4-49c9-b593-d223f7449a82
In many a strange and curious file of forgotten lore—
While I pondered, blaming Nacin, my notifications suddenly awakened,
As of someone quietly DMing;—DMing me, I can’t ignore.
“’Tis some contributor,” I muttered, “DMing me an idea or four—
Only this and nothing more.”
Ah, distinctly I remember, at WordCamp US, last December;
A mad proposal nearly laid me—down out cold—upon the floor.
Curious, I listened closely;—to a plan I agreed with, mostly—
A way to make our JavaScript—JavaScript which was a chore—
Maintainable, extendable, for the future, is what I saw.
Guten-ready for evermore.
Open here I switch to Slack, when, with many a patch and hack,
In there stepped Omar, a JavaScript developer hardcore;
Pronouncing all the changes fit; ready now to be commit;
“There’s nothing else for us to do,” DMing me, “It’s done!” he swore—
“No longer random guessing at which file need next be explored—
Let’s move on, we’re all aboard.”
Moved all together, grouped and managed, in folders all is packaged,
The code had all been cleaned and tidied, important parts moved to the fore,
“Though this change be useful here,” I said, “it is too large, I fear,
We couldn’t manage such a patch, we’ve done nothing like this before—
Tell me where doth go this change, change to make our codebase soar!”
Quoth Omar, “In WordPress Core.”
Props omarreis for shepherding this significant change.
Props adamsilverstein, aduth, atimmer, dingo_bastard, frank-klein, gziolo, herregroen, jaswrks, jeremyfelt, jipmoors, jorbin, netweb, ocean90, pento, tjnowell, and youknowriad for testing, feedback, discussion, encouragement, commiserations, etc.
I make no apologies for this commit message.
Fixes#43055.
git-svn-id: https://develop.svn.wordpress.org/trunk@43309 602fd350-edb4-49c9-b593-d223f7449a82
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.
Props 1naveengiri, joyously.
Fixes#44115.
git-svn-id: https://develop.svn.wordpress.org/trunk@43290 602fd350-edb4-49c9-b593-d223f7449a82
A user is required to have the `manage_privacy_options` capability in order to determine which page is set as the privacy policy (the `wp_page_for_privacy_policy`). Given that, it doesn't make sense to allow users without that capability to edit or delete the page.
A similar situation exists with the `page_for_posts` and `page_on_front` options, but Editors are allowed to edit those pages. The reason that this situation is different is because it is more likely that an administrator will want to restrict modifications to the privacy policy, than it is that they will want to allow modifications. Modifications to the policy often require specialized knowledge of local laws, and can have implications for compliance with those laws.
Props dlh, desrosj.
Fixes#44079.
git-svn-id: https://develop.svn.wordpress.org/trunk@43286 602fd350-edb4-49c9-b593-d223f7449a82
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.
To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.
The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.
Props johnjamesjacoby, allendav.
Fixes#44091.
git-svn-id: https://develop.svn.wordpress.org/trunk@43284 602fd350-edb4-49c9-b593-d223f7449a82
The customizer has allowed HTML in sidebar descriptions since adding support for sidebars. This change ensures that basic HTML is also allowed for them in the widgets admin screen.
Fixes#42608.
git-svn-id: https://develop.svn.wordpress.org/trunk@43275 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the link used absolute positioning, in order to stick it at the bottom of the page. That was done in order to create visual separation between it and the "action" links, like "Lost Your Password?"
The absolute positioning can cause conflicts in some situations, though. For example, if extra text or error notices are added above the form, then the login link would be positioned on top of other elements.
Switching to relative positioning with extra margins avoids those issues, while maintaining the visual separation between the "action" links and the privacy policy link.
Props imath, melchoyce, desrosj, xkon, iandunn.
Fixes#44046.
git-svn-id: https://develop.svn.wordpress.org/trunk@43274 602fd350-edb4-49c9-b593-d223f7449a82
r43158 introduced a new admin pointer for the privacy tools added in 4.9.6. With the previous positioning, though, sometimes the `Dismiss` link would be fixed off screen, making it impossible for the user to dismiss the pointer. This happened when there were enough extra menu items, or when the viewport height was short enough.
This commit repositions the pointer to work around that problem. One down side of this workaround is that the arrow will not always be positioned next to the `Tools` menu, where it should be. That's an acceptable compromise given the current time constraints, though. A long term solution would be to make `WP_Pointer` robust enough to handle this use case.
Props imath, audrasjb, desrosj.
Fixes#44045.
git-svn-id: https://develop.svn.wordpress.org/trunk@43246 602fd350-edb4-49c9-b593-d223f7449a82
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.
Props birgire.
Fixes#44054.
git-svn-id: https://develop.svn.wordpress.org/trunk@43245 602fd350-edb4-49c9-b593-d223f7449a82
The previous `user_email` value was redundant, because it always matched `$request_data->email`. That value might be different from where the message is sent, though, if the `user_erasure_fulfillment_email_to` filter is used. If they are different, then callbacks for the `user_confirmed_action_email_content` filter may want to distinguish between the email address of the user making the request, and the email address that the confirmation notification is being sent to.
Props desrosj, iandunn.
See #43973.
git-svn-id: https://develop.svn.wordpress.org/trunk@43236 602fd350-edb4-49c9-b593-d223f7449a82
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue.
An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.
The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.
Props azaozz, xkon, iandunn.
Fixes#43954. See #43953.
git-svn-id: https://develop.svn.wordpress.org/trunk@43223 602fd350-edb4-49c9-b593-d223f7449a82
Previously the admin didn't have any way to know if a pending request was ready to be processed, aside from manually checking the Export/Erase pages. Sending them an email is a much more convenient option.
Props garrett-eclipse, desrosj, iandunn.
See #43967.
git-svn-id: https://develop.svn.wordpress.org/trunk@43211 602fd350-edb4-49c9-b593-d223f7449a82
Previously the pointer overlapped the menu in order to draw attention to the fact that it applies to both the `Tools` and `Settings` menus. That caused a conflict if the menu was collapsed, though, because the icons were covered by the pointer and therefore inaccessible.
Additionally, minor tweaks were made to the text order and formatting. The order of the two sections was swapped in the title and paragraph, in order to match the order of the corresponding menu items. The spacing around headings and paragraphs was tweaked to remove extraneous whitespace.
Props littler.chicken, desrosj, ianbelanger, melchoyce.
Fixes#43961.
git-svn-id: https://develop.svn.wordpress.org/trunk@43210 602fd350-edb4-49c9-b593-d223f7449a82
- Separate the guide text form the suggested policy text.
- Add table of content for easier navigation.
- Move the content to tools.php (prevents the settings menu of being open).
- Add a link to the guide from the Privacy settings screen.
Props melchoyce, azaozz.
See #43980.
git-svn-id: https://develop.svn.wordpress.org/trunk@43203 602fd350-edb4-49c9-b593-d223f7449a82
r42986 introduced the beginnings of an Ajax handler for processing requests to erase personal data. At the time, a method for marking requests as completed was planned, but had not yet been created. This commit introduces that mechanism, bringing the erasure process closer to completion.
Props coreymckrill, allendav.
Fixes#43922.
git-svn-id: https://develop.svn.wordpress.org/trunk@43185 602fd350-edb4-49c9-b593-d223f7449a82
r43008 refactored the request flow to make several improvements, but accidentally marked `completed` requests as `confirmed`. This commit restores the intended statuses, so that the data and corresponding UI reflect reality.
Props allendav, birgire.
Fixes#43913.
git-svn-id: https://develop.svn.wordpress.org/trunk@43183 602fd350-edb4-49c9-b593-d223f7449a82
Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.
That can be avoided by reusing the same filename when building fresh archives.
Props desrosj, tz-media, allendav.
Fixes#43905.
git-svn-id: https://develop.svn.wordpress.org/trunk@43180 602fd350-edb4-49c9-b593-d223f7449a82
