Commit Graph

38475 Commits

Author SHA1 Message Date
Anton Timmermans
8c547ce521 Docs: Improve JSDoc for media/controllers/gallery-edit.js.
Props Xyfi, nataliashitova, igorsch, ireneyoast, manuelaugustin.
Fixes #43866.


git-svn-id: https://develop.svn.wordpress.org/trunk@43141 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-03 14:39:25 +00:00
Andrew Ozz
071cc142d3 Privacy: fix displaying of messages during personal data erasure.
Props allendav.
Fixes #43943.

git-svn-id: https://develop.svn.wordpress.org/trunk@43139 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-03 09:22:00 +00:00
Sergey Biryukov
3be9a7568d REST API: When handling who=authors query parameter for GET wp/v2/users, only check edit_posts for post types that support author.
Props danielbachhuber.
Fixes #42202.

git-svn-id: https://develop.svn.wordpress.org/trunk@43137 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-03 06:51:38 +00:00
Sergey Biryukov
09faa13278 Media: Remove media player support for .aac files due to only partial support in Firefox.
This still allows `.aac` files to be uploaded, but does not explicitly declare support for use in the editor and within embeds to prevent bad UX.

Props desrosj.
See #42919.

git-svn-id: https://develop.svn.wordpress.org/trunk@43135 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-03 06:37:23 +00:00
Ian Dunn
31efcda314 Privacy: Uncapitalize "privacy policy" when used in a sentence.
In these contexts, "privacy policy" is not a proper noun, and therefore should not be capitalized.

The remaining uses are page titles and section headers, where capitalization is appropriate.

Props idea15, garrett-eclipse, allendav.
Fixes #43435.


git-svn-id: https://develop.svn.wordpress.org/trunk@43132 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-03 00:17:13 +00:00
Ian Dunn
044926f568 Privacy: Revise Privacy Policy page text to avoid misunderstanding.
The previous sentence was gramatically awkward, and using the term "compliance" could accidentally be mistaken by a site owner for a promise by WordPress that their site will be compliant after using the tool, which is not necessarily true.

Props idea15, allendav, azaozz, iandunn.
See #43435.


git-svn-id: https://develop.svn.wordpress.org/trunk@43131 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-03 00:06:48 +00:00
Andrew Ozz
506a99ef30 Privacy: do not fold a single section in the privacy policy poxtbox.
See #43473.

git-svn-id: https://develop.svn.wordpress.org/trunk@43126 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 22:09:19 +00:00
Ian Dunn
a1e5ac685f Comments: Move comment consent input outside the label for a11y.
Non-wrapping `label`s are more widely supported by assitive technologies. The CSS changes account for the element re-ordering, and tweak the formatting for improved readability.

Props afercia, xkon, laurelfulford, azaozz.
Fixes #43436.


git-svn-id: https://develop.svn.wordpress.org/trunk@43125 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 21:59:59 +00:00
Ian Dunn
71e8d4ac2b Privacy: Use "website" in comment cookie consent text for clarity.
The term "URL" is technical jargon which will not be familiar to all commenters. "Website" is more universal, and matches the label on the `url` input field.

Props johnjamesjacoby, allendav, azaozz.
See #43436.


git-svn-id: https://develop.svn.wordpress.org/trunk@43123 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 21:30:55 +00:00
Andrew Ozz
233d273f49 Privacy: fix typo.
Props casiepa.
Fixes #43939.

git-svn-id: https://develop.svn.wordpress.org/trunk@43121 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 20:06:01 +00:00
Ian Dunn
6e5a2e295c Privacy: Add policy link to login screen.
Personal data collection is more likely for registered users than casual visitors, and the privacy policy might have been updated since a user last logged in. Those changes could impact the collection of personal data from registered users, so it makes sense to provide a link to the policy before users log in.

Props voneff, xkon, melchoyce, chetan200891, desrosj.
Fixes #43721.


git-svn-id: https://develop.svn.wordpress.org/trunk@43120 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 19:48:01 +00:00
Andrew Ozz
e678d4ea6d Privacy: fix inconsistencies in new strings.
Props audrasjb.
Fixes #43925.

git-svn-id: https://develop.svn.wordpress.org/trunk@43118 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 18:41:10 +00:00
Sergey Biryukov
65df92173a Privacy: Correct unit test for wp_user_personal_data_exporter() added in [43055].
`user_status` is not considered personal data, so the total number of exported user properties is 11.

See #43547.

git-svn-id: https://develop.svn.wordpress.org/trunk@43116 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 04:10:17 +00:00
Sergey Biryukov
095c047ced Docs: Correct DocBlock formatting for wp_privacy_personal_data_erasers filter.
See #43637.

git-svn-id: https://develop.svn.wordpress.org/trunk@43104 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 03:13:51 +00:00
Sergey Biryukov
489acfc57e I18N: Use consistent pattern for placeholder references in translator comments in wp-admin/privacy.php.
See #43435.

git-svn-id: https://develop.svn.wordpress.org/trunk@43091 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 01:57:44 +00:00
Sergey Biryukov
62856dd409 I18N: Use consistent pattern for placeholder references in a translator comment in wp-admin/update-core.php.
See #43523.

git-svn-id: https://develop.svn.wordpress.org/trunk@43090 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 01:54:48 +00:00
Sergey Biryukov
f908280af9 I18N: Correct translator comment in wp_privacy_generate_personal_data_export_file().
See #43546.

git-svn-id: https://develop.svn.wordpress.org/trunk@43089 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 01:51:13 +00:00
Sergey Biryukov
c14a248ba7 I18N: Use consistent pattern for placeholder references in translator comments in wp_ajax_wp_privacy_erase_personal_data().
See #43438.

git-svn-id: https://develop.svn.wordpress.org/trunk@43088 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 01:38:52 +00:00
Gary Pendergast
4ac3f4c13a REST API: Filter responses based on the _fields parameter, before data is processed.
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.

This change causes `_fields` to be applied earlier, so that only requested fields are processed.

Props danielbachhuber.
See #43874.



git-svn-id: https://develop.svn.wordpress.org/trunk@43087 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 01:24:30 +00:00
Ian Dunn
1a4e28818f Privacy: Limit export and erasure to super admins on Multisite.
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.

Props allendav, jeremyfelt, iandunn.
Fixes #43919.


git-svn-id: https://develop.svn.wordpress.org/trunk@43085 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 01:07:00 +00:00
Sergey Biryukov
3f92792cd2 Docs: Update @since version numbers for wp_privacy_anonymize_ip() and wp_privacy_anonymize_data().
Props joemcgill.
See #43545.

git-svn-id: https://develop.svn.wordpress.org/trunk@43081 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 00:40:50 +00:00
Sergey Biryukov
a7cdcb9725 Login and Registration: Send nocache_headers() on Multisite account activation pages.
Props herregroen.
Fixes #43917.

git-svn-id: https://develop.svn.wordpress.org/trunk@43065 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 22:07:21 +00:00
Sergey Biryukov
31ed6e771e Privacy: Move "Mine" filter for media items above "Trash".
See #43820.

git-svn-id: https://develop.svn.wordpress.org/trunk@43063 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 21:46:52 +00:00
Sergey Biryukov
0c848f5503 I18N: Add context for "Mine" string added in [43056].
See #43820.

git-svn-id: https://develop.svn.wordpress.org/trunk@43062 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 21:36:41 +00:00
Andrew Ozz
87b81f220c Privacy: improve wp_privacy_erase_personal_data(), return boolean values.
Props ericdaams.
See #43602.

git-svn-id: https://develop.svn.wordpress.org/trunk@43061 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 19:26:53 +00:00
Andrew Ozz
e7420e62a5 Privacy: translate error messages, some fixes and improvements for the AJAX actions for exporting and erasing user data.
Props desrosj, birgire.
See #43438.

git-svn-id: https://develop.svn.wordpress.org/trunk@43060 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 18:59:48 +00:00
Ian Dunn
cbfbadc99b Privacy: Include wp-admin/includes/file.php to avoid fatal error.
`list_files()` is defined in `wp-admin/includes/file.php`, which is not included by `wp-cron.php`, so it needs to be included by the caller in order to avoid a fatal PHP error.

This bug was not detected during testing because the file _is_ included when executing jobs via `wp cron event run`.

Props mikejolley, iandunn.
See #43546.
See https://wordpress.slack.com/archives/C9695RJBW/p1525190405000860.


git-svn-id: https://develop.svn.wordpress.org/trunk@43059 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 17:42:50 +00:00
Andrew Ozz
a7f1665396 Privacy: docs fixes and improvements for wp_comments_personal_data_exporter().
Props desrosj.
See #43440.

git-svn-id: https://develop.svn.wordpress.org/trunk@43058 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 17:17:49 +00:00
Andrew Ozz
429aaa4a57 Privacy: make the emails in export and erasure list-tables clickable.
Props birgire.
See #43911.

git-svn-id: https://develop.svn.wordpress.org/trunk@43057 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 17:11:43 +00:00
Andrew Ozz
7f6f84606f Privacy: add "Mine" filter for media similarly to posts and comments.
Props audrasjb.
See #43820.

git-svn-id: https://develop.svn.wordpress.org/trunk@43056 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 15:42:38 +00:00
Andrew Ozz
16bd4bede2 Privacy: add user information to the personal data export file.
Props TZ-Media, desrosj.
See #43547.


git-svn-id: https://develop.svn.wordpress.org/trunk@43055 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 13:58:02 +00:00
Andrew Ozz
ef14780ff0 Privacy: add attachments to the personal data export file.
Props allendav.
See #43883.

git-svn-id: https://develop.svn.wordpress.org/trunk@43054 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 13:44:50 +00:00
Andrew Ozz
3b98427140 Privacy: fix and improve the help text about adding a privacy policy page.
Props idea15, xkon.
See #43435.

git-svn-id: https://develop.svn.wordpress.org/trunk@43053 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 11:42:18 +00:00
Andrew Ozz
dfd77631ac Privacy: only fold the sections in the privacy policy poxtbox when more than one.
See #43473.

git-svn-id: https://develop.svn.wordpress.org/trunk@43052 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 09:47:53 +00:00
Ian Dunn
c07f5272f2 Bundled Themes: Add link to privacy policy page in footer.
If a privacy policy has been set, then a link to it will automatically be shown in the footer.

The element containing the "Proudly powered by WordPress" link was chosen for the new policy link, in order to minimize visual conflicts with custom CSS that was written before the new link existed. Unfortunately, some minor conflicts are expected and unavoidable. Adding this link is required as part of GDPR compliance, and the benefits outweigh the downsides. 

To further mitigate the conflicts, a new `imprint` class was added to the "Proudly powered..." link, in order to facilitate targeting each link invididually with custom styles.

Props xkon, laurelfulford, birgire, azaozz, iandunn.
See #43715.


git-svn-id: https://develop.svn.wordpress.org/trunk@43051 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 06:27:45 +00:00
Peter Wilson
e73af26e92 Cron API: Return meaningful values from cron functions.
Return values added to Cron API functions to indicate outcome:

* `wp_schedule_single_event()`, `wp_schedule_event()`, `wp_reschedule_event()` and `wp_unschedule_event()`: boolean indicating success or failure,
* `wp_clear_scheduled_hook()`: integer indicating number of jobs cleared (zero or more), `false` if one or more jobs fail to clear,
* `wp_unschedule_hook()`: integer indicating number of jobs cleared (zero or more), `false` if the jobs fail to clear,
* `spawn_cron()`: boolean indicating whether job spawned,
* `wp_cron()`: integer indicating number of jobs spawned (zero or more), `false` if one or more jobs fail to spawned,
* `_set_cron_array()`: boolean outcome of `update_option()`.

Props evansolomon, jrf, peterwilsoncc, pento for code review.
Fixes #21072.



git-svn-id: https://develop.svn.wordpress.org/trunk@43050 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 02:04:25 +00:00
Boone Gorges
4c36079299 Taxonomy: Ensure that invalid term objects are discarded in WP_Term_Query.
The `get_term()` mapping may result in term objects that are `null` or
`WP_Error` when plugins use `get_term` or a related filter. Since `null`
and error objects are not valid results for a term query, we discard
them.

Props GM_Alex.
See #42691.

git-svn-id: https://develop.svn.wordpress.org/trunk@43049 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 21:07:16 +00:00
Andrew Ozz
360d8701aa Privacy: edits and improvements for the default text for a privacy policy.
Props idea15, allendav.
See #43473.

git-svn-id: https://develop.svn.wordpress.org/trunk@43048 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 21:05:34 +00:00
Ian Dunn
a159bf4e16 Privacy: Add wp_privacy_personal_data_export_file_created filter.
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.

See #43546.


git-svn-id: https://develop.svn.wordpress.org/trunk@43047 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 21:03:31 +00:00
Ian Dunn
a1fe96576f Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
See #43546.


git-svn-id: https://develop.svn.wordpress.org/trunk@43046 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 20:08:37 +00:00
Ian Dunn
953e094719 Privacy: Use a CSPRNG in export filenames for more security.
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.

See #43546.


git-svn-id: https://develop.svn.wordpress.org/trunk@43045 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 18:52:59 +00:00
Andrew Ozz
75000c03b7 Privacy: add default text for a privacy policy. First run.
Props xkon, idea15, allendav, azaozz.
See #43473.

git-svn-id: https://develop.svn.wordpress.org/trunk@43044 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 14:46:25 +00:00
John Blackbourn
a3c31fcebc Docs: Update the inline docs for is_protected_meta().
See #42505


git-svn-id: https://develop.svn.wordpress.org/trunk@43043 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 14:38:56 +00:00
John Blackbourn
37916c2a5f Comments: Update the inline docs following [42772].
See #43436


git-svn-id: https://develop.svn.wordpress.org/trunk@43042 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 13:09:21 +00:00
Andrea Fercia
2e08b275a6 Coding standards: Change a few occurrences of font weight 700 to 600 in multisite signup and activate.
Props chetan200891.
Amends [43018].
See #43897.


git-svn-id: https://develop.svn.wordpress.org/trunk@43041 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 07:04:12 +00:00
Sergey Biryukov
a2b95a643f Themes: Avoid a PHP 7.2 warning in get_theme_roots() when $wp_theme_directories is an uncountable value.
See [41174] for `wp_get_themes()` and `get_raw_theme_root()`.

Props burlingtonbytes, teddytime, lbenicio, desrosj.
Fixes #43374. See #40109.

git-svn-id: https://develop.svn.wordpress.org/trunk@43039 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 04:50:52 +00:00
Sergey Biryukov
451ba4c401 General: Introduce a polyfill for is_iterable() function added in PHP 7.1.
Props jrf, schlessera, desrosj.
See #43619.

git-svn-id: https://develop.svn.wordpress.org/trunk@43036 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 04:14:30 +00:00
Sergey Biryukov
8edb00171c General: Introduce a polyfill for is_countable() function added in PHP 7.3.
Props jrf, ayeshrajans, desrosj.
See #43583.

git-svn-id: https://develop.svn.wordpress.org/trunk@43034 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 03:42:46 +00:00
Sergey Biryukov
a1327b5eb6 Help/About: Move "Get involved" link on Credits screen to the top of the page for better visibility.
Props bridgetwillard, desrosj.
See #23348.

git-svn-id: https://develop.svn.wordpress.org/trunk@43032 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 03:15:23 +00:00
Sergey Biryukov
0041e393c1 Login and Registration: Send nocache_headers() on Multisite signup pages.
Props herregroen.
Fixes #43843.

git-svn-id: https://develop.svn.wordpress.org/trunk@43030 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-29 23:04:28 +00:00