The customizer has allowed HTML in sidebar descriptions since adding support for sidebars. This change ensures that basic HTML is also allowed for them in the widgets admin screen.
Fixes#42608.
git-svn-id: https://develop.svn.wordpress.org/trunk@43275 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the link used absolute positioning, in order to stick it at the bottom of the page. That was done in order to create visual separation between it and the "action" links, like "Lost Your Password?"
The absolute positioning can cause conflicts in some situations, though. For example, if extra text or error notices are added above the form, then the login link would be positioned on top of other elements.
Switching to relative positioning with extra margins avoids those issues, while maintaining the visual separation between the "action" links and the privacy policy link.
Props imath, melchoyce, desrosj, xkon, iandunn.
Fixes#44046.
git-svn-id: https://develop.svn.wordpress.org/trunk@43274 602fd350-edb4-49c9-b593-d223f7449a82
r43158 introduced a new admin pointer for the privacy tools added in 4.9.6. With the previous positioning, though, sometimes the `Dismiss` link would be fixed off screen, making it impossible for the user to dismiss the pointer. This happened when there were enough extra menu items, or when the viewport height was short enough.
This commit repositions the pointer to work around that problem. One down side of this workaround is that the arrow will not always be positioned next to the `Tools` menu, where it should be. That's an acceptable compromise given the current time constraints, though. A long term solution would be to make `WP_Pointer` robust enough to handle this use case.
Props imath, audrasjb, desrosj.
Fixes#44045.
git-svn-id: https://develop.svn.wordpress.org/trunk@43246 602fd350-edb4-49c9-b593-d223f7449a82
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.
Props birgire.
Fixes#44054.
git-svn-id: https://develop.svn.wordpress.org/trunk@43245 602fd350-edb4-49c9-b593-d223f7449a82
The previous `user_email` value was redundant, because it always matched `$request_data->email`. That value might be different from where the message is sent, though, if the `user_erasure_fulfillment_email_to` filter is used. If they are different, then callbacks for the `user_confirmed_action_email_content` filter may want to distinguish between the email address of the user making the request, and the email address that the confirmation notification is being sent to.
Props desrosj, iandunn.
See #43973.
git-svn-id: https://develop.svn.wordpress.org/trunk@43236 602fd350-edb4-49c9-b593-d223f7449a82
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue.
An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.
The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.
Props azaozz, xkon, iandunn.
Fixes#43954. See #43953.
git-svn-id: https://develop.svn.wordpress.org/trunk@43223 602fd350-edb4-49c9-b593-d223f7449a82
Previously the admin didn't have any way to know if a pending request was ready to be processed, aside from manually checking the Export/Erase pages. Sending them an email is a much more convenient option.
Props garrett-eclipse, desrosj, iandunn.
See #43967.
git-svn-id: https://develop.svn.wordpress.org/trunk@43211 602fd350-edb4-49c9-b593-d223f7449a82
Previously the pointer overlapped the menu in order to draw attention to the fact that it applies to both the `Tools` and `Settings` menus. That caused a conflict if the menu was collapsed, though, because the icons were covered by the pointer and therefore inaccessible.
Additionally, minor tweaks were made to the text order and formatting. The order of the two sections was swapped in the title and paragraph, in order to match the order of the corresponding menu items. The spacing around headings and paragraphs was tweaked to remove extraneous whitespace.
Props littler.chicken, desrosj, ianbelanger, melchoyce.
Fixes#43961.
git-svn-id: https://develop.svn.wordpress.org/trunk@43210 602fd350-edb4-49c9-b593-d223f7449a82
- Separate the guide text form the suggested policy text.
- Add table of content for easier navigation.
- Move the content to tools.php (prevents the settings menu of being open).
- Add a link to the guide from the Privacy settings screen.
Props melchoyce, azaozz.
See #43980.
git-svn-id: https://develop.svn.wordpress.org/trunk@43203 602fd350-edb4-49c9-b593-d223f7449a82
r42986 introduced the beginnings of an Ajax handler for processing requests to erase personal data. At the time, a method for marking requests as completed was planned, but had not yet been created. This commit introduces that mechanism, bringing the erasure process closer to completion.
Props coreymckrill, allendav.
Fixes#43922.
git-svn-id: https://develop.svn.wordpress.org/trunk@43185 602fd350-edb4-49c9-b593-d223f7449a82
r43008 refactored the request flow to make several improvements, but accidentally marked `completed` requests as `confirmed`. This commit restores the intended statuses, so that the data and corresponding UI reflect reality.
Props allendav, birgire.
Fixes#43913.
git-svn-id: https://develop.svn.wordpress.org/trunk@43183 602fd350-edb4-49c9-b593-d223f7449a82
Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.
That can be avoided by reusing the same filename when building fresh archives.
Props desrosj, tz-media, allendav.
Fixes#43905.
git-svn-id: https://develop.svn.wordpress.org/trunk@43180 602fd350-edb4-49c9-b593-d223f7449a82
r43046 introduced `wp_schedule_delete_old_privacy_export_files()` to schedule the `wp_privacy_delete_old_export_files` cron job, but it did not check to make sure it wasn't running in the context of the install process. When it did run in that context, it created a database error, because the necessary database tables don't exist at that point.
Checking the current context and returning early during the installation phase avoids that issue.
Props helen, timothyblynjacobs, iandunn.
Fixes#43952.
git-svn-id: https://develop.svn.wordpress.org/trunk@43162 602fd350-edb4-49c9-b593-d223f7449a82
Previously the user was shown a message that the page was created, but might not understand that they still need to visit the page and publish it. Redirecting them to the page makes it more obvious that additional steps are involved.
Props Clorith, xkon, azaozz.
Fixes#43926.
git-svn-id: https://develop.svn.wordpress.org/trunk@43160 602fd350-edb4-49c9-b593-d223f7449a82
The new features are very important for some users, because of their GDPR obligations. They're also spread across multiple top-level menus, making them less discoverable. An admin pointer will help to ensure that users are aware of the new tools and how to find them.
Props desrosj, andreamiddleton, allendav, xkon.
Fixes#43942.
git-svn-id: https://develop.svn.wordpress.org/trunk@43158 602fd350-edb4-49c9-b593-d223f7449a82
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.
Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.
Props desrosj, allendav, ocean90.
Fixes#43931.
git-svn-id: https://develop.svn.wordpress.org/trunk@43154 602fd350-edb4-49c9-b593-d223f7449a82
In many common Multisite use cases, the network administrator will want to set a network-wide privacy policy -- via the `privacy_policy_url` filter -- for consistency and convenience. When that's done, the Privacy Settings screen on individual sites becomes unnecessary, and may confuse administrators of those sites when they see that their changes don't have any effect on the policy link in the footer.
Since we can't programatically determine which behavior the network admins would like, the safest default setting is to restrict the ability to super admins, and let them delegate it to individual site owners via a plugin, if they'd like to.
Fixes#43935.
git-svn-id: https://develop.svn.wordpress.org/trunk@43147 602fd350-edb4-49c9-b593-d223f7449a82
- Insert both the text and tutorial in new policy pages and highlight is brightly in the editor.
- Show only the suggested text in the policy postbox.
Props melchoyce, azaozz.
See #43473.
git-svn-id: https://develop.svn.wordpress.org/trunk@43146 602fd350-edb4-49c9-b593-d223f7449a82
The page was originally placed under `Tools` so that it would be grouped with the pages to export and erase personal data, since they're all part of the effort to bring privacy management tools to Core ahead of GDPR's deadline. After more consideration, though, it makes sense to move this page to the `Settings` menu, since it's fundamental purpose is to configure an option, rather than to facilitate a recurring task. This keeps all of the configuration pages in a single place, making them consistent and easier to find.
Exporting and erasing personal data are recurring tasks, so they still make sense under the `Tools` menu.
Props xkon, helen, melchoyce, allendav, desrosj, ocean90, azaozz.
Fixes#43873.
git-svn-id: https://develop.svn.wordpress.org/trunk@43145 602fd350-edb4-49c9-b593-d223f7449a82
This still allows `.aac` files to be uploaded, but does not explicitly declare support for use in the editor and within embeds to prevent bad UX.
Props desrosj.
See #42919.
git-svn-id: https://develop.svn.wordpress.org/trunk@43135 602fd350-edb4-49c9-b593-d223f7449a82
In these contexts, "privacy policy" is not a proper noun, and therefore should not be capitalized.
The remaining uses are page titles and section headers, where capitalization is appropriate.
Props idea15, garrett-eclipse, allendav.
Fixes#43435.
git-svn-id: https://develop.svn.wordpress.org/trunk@43132 602fd350-edb4-49c9-b593-d223f7449a82
The previous sentence was gramatically awkward, and using the term "compliance" could accidentally be mistaken by a site owner for a promise by WordPress that their site will be compliant after using the tool, which is not necessarily true.
Props idea15, allendav, azaozz, iandunn.
See #43435.
git-svn-id: https://develop.svn.wordpress.org/trunk@43131 602fd350-edb4-49c9-b593-d223f7449a82
Non-wrapping `label`s are more widely supported by assitive technologies. The CSS changes account for the element re-ordering, and tweak the formatting for improved readability.
Props afercia, xkon, laurelfulford, azaozz.
Fixes#43436.
git-svn-id: https://develop.svn.wordpress.org/trunk@43125 602fd350-edb4-49c9-b593-d223f7449a82
The term "URL" is technical jargon which will not be familiar to all commenters. "Website" is more universal, and matches the label on the `url` input field.
Props johnjamesjacoby, allendav, azaozz.
See #43436.
git-svn-id: https://develop.svn.wordpress.org/trunk@43123 602fd350-edb4-49c9-b593-d223f7449a82
Personal data collection is more likely for registered users than casual visitors, and the privacy policy might have been updated since a user last logged in. Those changes could impact the collection of personal data from registered users, so it makes sense to provide a link to the policy before users log in.
Props voneff, xkon, melchoyce, chetan200891, desrosj.
Fixes#43721.
git-svn-id: https://develop.svn.wordpress.org/trunk@43120 602fd350-edb4-49c9-b593-d223f7449a82
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.
This change causes `_fields` to be applied earlier, so that only requested fields are processed.
Props danielbachhuber.
See #43874.
git-svn-id: https://develop.svn.wordpress.org/trunk@43087 602fd350-edb4-49c9-b593-d223f7449a82
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.
Props allendav, jeremyfelt, iandunn.
Fixes#43919.
git-svn-id: https://develop.svn.wordpress.org/trunk@43085 602fd350-edb4-49c9-b593-d223f7449a82
`list_files()` is defined in `wp-admin/includes/file.php`, which is not included by `wp-cron.php`, so it needs to be included by the caller in order to avoid a fatal PHP error.
This bug was not detected during testing because the file _is_ included when executing jobs via `wp cron event run`.
Props mikejolley, iandunn.
See #43546.
See https://wordpress.slack.com/archives/C9695RJBW/p1525190405000860.
git-svn-id: https://develop.svn.wordpress.org/trunk@43059 602fd350-edb4-49c9-b593-d223f7449a82
If a privacy policy has been set, then a link to it will automatically be shown in the footer.
The element containing the "Proudly powered by WordPress" link was chosen for the new policy link, in order to minimize visual conflicts with custom CSS that was written before the new link existed. Unfortunately, some minor conflicts are expected and unavoidable. Adding this link is required as part of GDPR compliance, and the benefits outweigh the downsides.
To further mitigate the conflicts, a new `imprint` class was added to the "Proudly powered..." link, in order to facilitate targeting each link invididually with custom styles.
Props xkon, laurelfulford, birgire, azaozz, iandunn.
See #43715.
git-svn-id: https://develop.svn.wordpress.org/trunk@43051 602fd350-edb4-49c9-b593-d223f7449a82
Return values added to Cron API functions to indicate outcome:
* `wp_schedule_single_event()`, `wp_schedule_event()`, `wp_reschedule_event()` and `wp_unschedule_event()`: boolean indicating success or failure,
* `wp_clear_scheduled_hook()`: integer indicating number of jobs cleared (zero or more), `false` if one or more jobs fail to clear,
* `wp_unschedule_hook()`: integer indicating number of jobs cleared (zero or more), `false` if the jobs fail to clear,
* `spawn_cron()`: boolean indicating whether job spawned,
* `wp_cron()`: integer indicating number of jobs spawned (zero or more), `false` if one or more jobs fail to spawned,
* `_set_cron_array()`: boolean outcome of `update_option()`.
Props evansolomon, jrf, peterwilsoncc, pento for code review.
Fixes#21072.
git-svn-id: https://develop.svn.wordpress.org/trunk@43050 602fd350-edb4-49c9-b593-d223f7449a82
The `get_term()` mapping may result in term objects that are `null` or
`WP_Error` when plugins use `get_term` or a related filter. Since `null`
and error objects are not valid results for a term query, we discard
them.
Props GM_Alex.
See #42691.
git-svn-id: https://develop.svn.wordpress.org/trunk@43049 602fd350-edb4-49c9-b593-d223f7449a82
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.
See #43546.
git-svn-id: https://develop.svn.wordpress.org/trunk@43047 602fd350-edb4-49c9-b593-d223f7449a82
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.
`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.
This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.
`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.
Props iandunn, desrosj.
See #43546.
git-svn-id: https://develop.svn.wordpress.org/trunk@43046 602fd350-edb4-49c9-b593-d223f7449a82
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.
See #43546.
git-svn-id: https://develop.svn.wordpress.org/trunk@43045 602fd350-edb4-49c9-b593-d223f7449a82
See [41174] for `wp_get_themes()` and `get_raw_theme_root()`.
Props burlingtonbytes, teddytime, lbenicio, desrosj.
Fixes#43374. See #40109.
git-svn-id: https://develop.svn.wordpress.org/trunk@43039 602fd350-edb4-49c9-b593-d223f7449a82
This complements the `theme_{$post_type}_templates` dynamic filter added in [38951].
Props desrosj.
Fixes#43872.
git-svn-id: https://develop.svn.wordpress.org/trunk@43025 602fd350-edb4-49c9-b593-d223f7449a82
This allows the function to be auto-linked in the Developer Reference. See [32037] for `comment_form_submit_field`.
See #42505, #31888.
git-svn-id: https://develop.svn.wordpress.org/trunk@43023 602fd350-edb4-49c9-b593-d223f7449a82
- really disables buttons when they look disabled (when navigation is at the first or last theme)
- when navigation is at the first or last theme, moves focus to the other navigation button, to avoid a focus loss
- improves the buttons visually hidden accessibility text
Props walbo, afercia.
Fixes#36627.
git-svn-id: https://develop.svn.wordpress.org/trunk@43020 602fd350-edb4-49c9-b593-d223f7449a82
By making the pagination links use the default style for buttons, color contrast
is improved and the CSS is simplified. Improves consistency with other UI controls.
Also, slightly increases the white space below the pagination links.
Props benoitchantre, afercia.
Fixes#41858.
git-svn-id: https://develop.svn.wordpress.org/trunk@43019 602fd350-edb4-49c9-b593-d223f7449a82
After the introduction of site metadata in [42836], it should be possible to query sites by that data.
Fixes#40229.
git-svn-id: https://develop.svn.wordpress.org/trunk@43010 602fd350-edb4-49c9-b593-d223f7449a82
This change is necessary to enable multisite-specific meta query functionality during the multisite bootstrap process.
Fixes#40948. See #40229.
git-svn-id: https://develop.svn.wordpress.org/trunk@43009 602fd350-edb4-49c9-b593-d223f7449a82
For the block editor to be able to expose the Preview button correctly, it needs to know the `is_post_type_viewable()` setting, this change adds it to the Post Type response.
Props danielbachhuber.
Fixes#43739.
git-svn-id: https://develop.svn.wordpress.org/trunk@43007 602fd350-edb4-49c9-b593-d223f7449a82
The updated version of the nag is shorter, more on point and less aggressive than the previous one. It integrates better with the other dashboard widgets and fixes several accessibility concerns. A yellow warning color is used when the current PHP version is outdated, a red error color is used when it is also insecure.
Props afercia, birgire, danieltj, flixos90, johnjamesjacoby, karmatosed, Luciano Croce, nerrad, pento, schlessera, SergeyBiryukov, sonjaleix.
Fixes#41191.
git-svn-id: https://develop.svn.wordpress.org/trunk@43006 602fd350-edb4-49c9-b593-d223f7449a82
This introduces the `get_the_privacy_policy_link()` and `the_privacy_policy_link()` functions, as well as the `privacy_policy_url` filter.
A new `tests/url/` folder was added to better organize tests related to `get_*_url()` functions. Previously, those tests were placed in `tests/url.php` and `tests/link/`, but neither of those locations are optimal. Placing tests in `tests/url.php` violates the guideline of creating separate files/classes for each function under test, and using `tests/link/` conflates two distinct -- albeit related -- groups of functions. Over time, URL-related tests can be migrated to the new folder.
Props birgire, xkon, azaozz, iandunn.
See #43850.
git-svn-id: https://develop.svn.wordpress.org/trunk@43002 602fd350-edb4-49c9-b593-d223f7449a82
Any WordPress user who can `edit_posts` of a post type with `show_in_rest=true` can query for authors. This maps to current WordPress behavior where a WordPress user who can view the Manage Posts view for a post type can see any WordPress user assigned to a post (whether published or draft).
This implementation, over restricting `who=authors` to users with `list_users`, gives us future flexibility in displaying lists of posts. It still respects more restrictive permissions for `context=edit`.
Props danielbachhuber.
Fixes#42202.
git-svn-id: https://develop.svn.wordpress.org/trunk@43001 602fd350-edb4-49c9-b593-d223f7449a82
This was originally added to allow Gutenberg to do permalink editing, but is no longer required. It's also superceded by #41014.
Reverts [42142].
Fixes#42465.
git-svn-id: https://develop.svn.wordpress.org/trunk@42997 602fd350-edb4-49c9-b593-d223f7449a82
