Previously, only `a` and `br` tags were allowed in the `value` table cell for each field included in the HTML file generated when a user is exporting their personal data. Instead of relying on a hardcoded list of allowed tags, the `wp_kses()` call in `wp_privacy_generate_personal_data_export_group_html()` will now fallback to the default list of allowed tags (which includes `i`, `strong`, `em`, and other basic HTML formatting tags).
Also, a new context of `personal_data_export` will now be passed to the `wp_kses()` call. As a result, the list of HTML tags and attributes allowed in the export file can now be filtered using the `wp_kses_allowed_html` filter and checking for the `personal_data_export` context.
Fixes#44044.
Props tz-media, desrosj, pento, birgire, garrett-eclipse.
git-svn-id: https://develop.svn.wordpress.org/trunk@44824 602fd350-edb4-49c9-b593-d223f7449a82
This filter allows plugin developers to modify the markup for the links
in taxonomy columns on edit.php.
Props DaveFX.
Fixes#42669.
git-svn-id: https://develop.svn.wordpress.org/trunk@44822 602fd350-edb4-49c9-b593-d223f7449a82
In [34891], `WP_Screen` was updated with methods to store, retrieve, and render screen reader text used by screens with `WP_List_Table` instances. When the export/erase personal data list tables were introduced in [42967], these headings were missing.
Fixes#46041.
Props afercia, xkon, garrett-eclipse, desrosj.
git-svn-id: https://develop.svn.wordpress.org/trunk@44821 602fd350-edb4-49c9-b593-d223f7449a82
A direct URL to where a user can update PHP for their website can now be specified in one of two ways:
- Defining the `WP_DIRECT_UPDATE_PHP_URL` environment variable.
- Returning a URL to the `wp_direct_php_update_url` filter.
When a URL is specified, an additional “Update PHP” button will be displayed at the bottom of the Core dashboard widget informing administrators that their site is running an outdated version of PHP (see [42832]).
Fixes#46074.
Props afragen, desrosj, lukecarbis.
git-svn-id: https://develop.svn.wordpress.org/trunk@44814 602fd350-edb4-49c9-b593-d223f7449a82
Timestamps don't carry any timezone information, using the intended format directly simplifies the logic and makes the code less confusing.
Props Rarst, jdgrimes.
See #40657.
git-svn-id: https://develop.svn.wordpress.org/trunk@44809 602fd350-edb4-49c9-b593-d223f7449a82
The filter is only run if the wordpress.org API considers the PHP version acceptable. This ensures that other plugins or hosting providers can only make this check stricter, but not loosen it.
Props j-falk, mikeschroder.
Fixes#46065.
git-svn-id: https://develop.svn.wordpress.org/trunk@44788 602fd350-edb4-49c9-b593-d223f7449a82
In 4.9.6, several new privacy related features were introduced. Admin pointers were included to make administrators aware of these features. They have served their purpose and can now go silently into the night.
Props garrett-eclipse, desrosj, xkon.
Fixes#45999.
git-svn-id: https://develop.svn.wordpress.org/trunk@44787 602fd350-edb4-49c9-b593-d223f7449a82
`wp-includes/random_compat/random_bytes_openssl.php` was removed in [43130], this commit updates `$_old_files` to match.
Fixes#46284.
git-svn-id: https://develop.svn.wordpress.org/trunk@44760 602fd350-edb4-49c9-b593-d223f7449a82
With the exception of the "Edit" link, the "row actions" controls in the Comments table behave differently depending if JavaScript support is on or off.
When JavaScript support is off, they behave like links. When JavaScript support is on, they behave like buttons and they need to be buttons or have an ARIA `role="button"` added via JavaScript.
Lastly, the buttons in the Reply/Quick Edit form and the "Add Comment" in the edit post page meta box need to be buttons.
Fixes#43412.
git-svn-id: https://develop.svn.wordpress.org/trunk@44759 602fd350-edb4-49c9-b593-d223f7449a82
The custom date/time format previews in General Settings were updated only when blurring the related input fields. With this change, they're now updated when users finish typing a custom format, properly debouncing the `input` event callback.
Props dilipbheda, Girishpanchal.
Fixes#43364.
git-svn-id: https://develop.svn.wordpress.org/trunk@44758 602fd350-edb4-49c9-b593-d223f7449a82
Proximity of related information is an inclusive design principle that benefits everyone and it's particularly important for users with reduced visual field, low vision, or other vision or cognitive impairments. User interface controls that are logically grouped should be placed close to each other.
Also, this change makes the buttons visual order and the DOM order match.
Fixes#45972.
git-svn-id: https://develop.svn.wordpress.org/trunk@44757 602fd350-edb4-49c9-b593-d223f7449a82
The Gutenberg plugin will not be deactivated on sites upgrading to WordPress 5.1. This deprecates the `upgrade_500_was_gutenberg_active` option and the `upgrade_500()` function as they are no longer required.
Props peterwilsoncc.
Fixes#46029.
git-svn-id: https://develop.svn.wordpress.org/trunk@44732 602fd350-edb4-49c9-b593-d223f7449a82
Due to the high number of follow-up tickets and associated security concerns, it was decided to reschedule the fatal error recovery feature for WordPress 5.2, in order to address these issues properly. The feature will continue to be developed, with iterations being merged into trunk early in the 5.2 release cycle.
Fixes#46141. See #44458, #45932, #45940, #46038, #46047, #46068.
git-svn-id: https://develop.svn.wordpress.org/trunk@44717 602fd350-edb4-49c9-b593-d223f7449a82
The taxonomy should be passed as part of `$args`, rather than as its own argument.
Props birgire.
Fixes#45297.
git-svn-id: https://develop.svn.wordpress.org/trunk@44686 602fd350-edb4-49c9-b593-d223f7449a82
This also updates the option label, to clarify that it needs to be enabled for comment cookies to work.
Props azaozz, pento, dhavalkasvala, desrosj, pputzer, mirkoschubert, ThemeZee.
Fixes#44736.
git-svn-id: https://develop.svn.wordpress.org/trunk@44683 602fd350-edb4-49c9-b593-d223f7449a82
Introduces `Language_Pack_Upgrader::clear_destination()` to clear existing translations before installing new translations. Ensures that unused translations in JSON format are cleaned up.
Props dd32, swissspidy, ocean90.
Fixes#45468.
git-svn-id: https://develop.svn.wordpress.org/trunk@44676 602fd350-edb4-49c9-b593-d223f7449a82
The `WP_Shutdown_Handler` name plus related function names were premature when originally committed, as there can be multiple shutdown handlers in PHP, and WordPress makes use of that feature. This changeset modifies the name to a more appropriate `WP_Fatal_Error_Handler`, and related to that changes the following names:
* The drop-in to override the handler is now called `fatal-error-handler.php`.
* The internal function `wp_register_premature_shutdown_handler` is now called `wp_register_fatal_error_handler()`.
In addition to these naming changes, a new constant `WP_DISABLE_FATAL_ERROR_HANDLER` is introduced that can be set in `wp-config.php` to entirely disable the fatal error handler. That constant's value is and should be accessed indirectly via a new `wp_is_fatal_error_handler_enabled()` function and is filterable via a new `wp_fatal_error_handler_enabled` hook. Note that disabling the fatal error handler will skip the new functionality entirely, including the potentially used `fatal-error-handler.php` drop-in.
The new set of constant, filter and function provide for an easier-to-use mechanism to disable the fatal error handler altogether, rather than requiring developers to implement a drop-in for purely that purpose.
Props afragen, flixos90, joyously, knutsp, markjaquith, ocean90, schlessera, spacedmonkey.
Fixes#46047. See #44458.
git-svn-id: https://develop.svn.wordpress.org/trunk@44674 602fd350-edb4-49c9-b593-d223f7449a82
When merging, [44244] and [44260] were committed to trunk the opposite way that they were committed to the 5.0 branch. They were originally committed in [43885] and [43861], respectively.
Due to this switch, a change in how the Custom Fields meta box was registered wasn't merged from the 5.0 branch, causing it to not be registered correctly in trunk.
Props dd32, pento.
Fixes#46028.
git-svn-id: https://develop.svn.wordpress.org/trunk@44648 602fd350-edb4-49c9-b593-d223f7449a82
For `wp_insert_attachment()` to do that, we need to be setting the `$wp_error` parameter to true.
Props subrataemfluence, jirihon.
Fixes#44303.
git-svn-id: https://develop.svn.wordpress.org/trunk@44634 602fd350-edb4-49c9-b593-d223f7449a82
The count should only be comments made on that post by the current user, not all comments by them.
Props chetan200891, garrett-eclipse.
Fixes#46014.
git-svn-id: https://develop.svn.wordpress.org/trunk@44631 602fd350-edb4-49c9-b593-d223f7449a82
On the Privacy Policy Guide, there is currently a ‘Copy’ button below each section of suggested text. It is unclear what copy means without more context. It could be assumed, for instance, that the suggested text is copied to a new page.
This changes the button text to read `Copy this section to clipboard` to more clearly inform the user what is copied and how.
Props JoshuaWold, garrett-eclipse, birgire, vishaldodiya.
Fixes#44677.
git-svn-id: https://develop.svn.wordpress.org/trunk@44629 602fd350-edb4-49c9-b593-d223f7449a82
This allows users to sort the export and erase personal data request tables by “Requester” (`post_title`, or user email) and “Requested” (`post_date`, or when the request was created), which can be helpful when sites have many requests present.
Props birgire, ianbelanger, pbiron, desrosj.
Fixes#43405.
git-svn-id: https://develop.svn.wordpress.org/trunk@44628 602fd350-edb4-49c9-b593-d223f7449a82
This changeset uses the API functions introduced in [44476] to link to the resource about updating PHP when highlighting a plugin's required PHP version is not met. It furthermore expands them, introducing a new `wp_update_php_annotation()` function that prints the markup to indicate that the default URL has been altered by the web host, allowing it to be reused universally.
Furthermore, this changeset adds missing `update_php` capability checks before displaying the information about updating PHP.
Props afragen.
Fixes#45986. See #43986, #45686.
git-svn-id: https://develop.svn.wordpress.org/trunk@44627 602fd350-edb4-49c9-b593-d223f7449a82
Throughout the core privacy functions, `WP_User_Request` instances were stored in variables named both `$request`, and `$request_data`. This changes all occurrences of `$request_data` to `$request` for better consistency.
Props nateallen, bruceallen, garrett-eclipse.
Fixes#44708.
git-svn-id: https://develop.svn.wordpress.org/trunk@44606 602fd350-edb4-49c9-b593-d223f7449a82
This function was introduced in 5.0.1, not 4.9.9 as currently indicated. Introduced in [44047].
git-svn-id: https://develop.svn.wordpress.org/trunk@44540 602fd350-edb4-49c9-b593-d223f7449a82
This solution does not work with custom taxonomies in the current state.
Reverts [42614,42619,42737].
Props danielbachhuber.
See #38922.
git-svn-id: https://develop.svn.wordpress.org/trunk@44537 602fd350-edb4-49c9-b593-d223f7449a82
In [41746], `wp_get_media_creation_timestamp()` was introduced to read the created timestamp for videos from `getID3` in meta whenever possible. This information is useful separately from the dates on the file itself.
This adds the same support audio files by utilizing `wp_get_media_creation_timestamp()` in `wp_read_audio_metadata()`.
Props blob folio, desrosj.
Fixes#42017.
git-svn-id: https://develop.svn.wordpress.org/trunk@44528 602fd350-edb4-49c9-b593-d223f7449a82
This changeset introduces a `WP_Shutdown_Handler` class that detects fatal errors and which extension (plugin or theme) causes them. Such an error is then recorded, and an error message is displayed. Subsequently, in certain protected areas, for example the admin, the broken extension will be paused, ensuring that the website is still usable in the respective area. The major benefit is that this mechanism allows site owners to still log in to their website, to fix the problem by either disabling the extension or solving the bug and then resuming the extension.
Extensions are only paused in certain designated areas. The frontend for example stays unaffected, as it is impossible to know what pausing the extension would cause to be missing, so it might be preferrable to clearly see that the website is temporarily not accessible instead.
The fatal error recovery is especially important in scope of encouraging the switch to a maintained PHP version, as not necessarily every WordPress extension is compatible with all PHP versions. If problems occur now, non-technical site owners that do not have immediate access to the codebase are not locked out of their site and can at least temporarily solve the problem quickly.
Websites that have custom requirements in that regard can implement their own shutdown handler by adding a `shutdown-handler.php` drop-in that returns the handler instance to use, which must be based on a class that inherits `WP_Shutdown_Handler`. That handler will then be used in place of the default one.
Websites that would like to modify specifically the error template displayed in the frontend can add a `php-error.php` drop-in that works similarly to the existing `db-error.php` drop-in.
Props afragen, bradleyt, flixos90, ocean90, schlessera, SergeyBiryukov, spacedmonkey.
Fixes#44458.
git-svn-id: https://develop.svn.wordpress.org/trunk@44524 602fd350-edb4-49c9-b593-d223f7449a82
As many WordPress sites use a static homepage rather than a blog, this link gives a natural next step for new sites owners wanting to configure their site in this manner.
Props professor44, joyously, nielslange, mukesh27, melchoyce.
Fixes#45019.
git-svn-id: https://develop.svn.wordpress.org/trunk@44485 602fd350-edb4-49c9-b593-d223f7449a82
The `$relative_file` and `$stylesheet` variables are used in the `wp_print_theme_file_tree()` function but were not noted within the inline documentation.
Props mukesh27, desrosj,
Fixes#43682.
git-svn-id: https://develop.svn.wordpress.org/trunk@44477 602fd350-edb4-49c9-b593-d223f7449a82
After [42832], [42891] and [43006], this changeset refines the core notice informing about an outdated PHP version:
* The link to the Update PHP information page can now be adjusted using either a `WP_UPDATE_PHP_URL` environment variable, or a new `wp_update_php_url` filter.
* If that URL is different from the default one that points to https://wordpress.org/support/update-php/ or its localized equivalent, a note indicates that the linked resource has not been provided by WordPress itself, and the default URL is still linked to as an additional resource.
* The URL for the default information page has been updated to use the slug `update-php` instead of `upgrade-php`.
* `@since` annotations have been updated.
Going forward, admin areas that display information related to the PHP version should use the new function `wp_get_update_php_url()`.
Props afragen, fierevere, flixos90, markjaquith, miss_jwo, nerrad, pento, schlessera, SergeyBiryukov, spacedmonkey.
Fixes#45686. See #41191.
git-svn-id: https://develop.svn.wordpress.org/trunk@44476 602fd350-edb4-49c9-b593-d223f7449a82
The order of the type and variable name in the `param` tags for the `wp_get_default_privacy_policy_content` filter is incorrectly reversed. This moves the two into the correct order.
Props ishitaka, mukesh27.
Fixes#45416.
git-svn-id: https://develop.svn.wordpress.org/trunk@44475 602fd350-edb4-49c9-b593-d223f7449a82
This complements the work in [43729] and prepares site metadata for future REST API support.
Props spacedmonkey.
Fixes#45091. See #44467.
git-svn-id: https://develop.svn.wordpress.org/trunk@44468 602fd350-edb4-49c9-b593-d223f7449a82
As of this commit, WordPress is no longer a simple blogging platform. It's now a comprehensive publishing solution.
This also replaces a couple of other "blog" references that were missed previously.
Props igmoweb, Valer1e, audrasjb, pento.
Fixes#41000.
git-svn-id: https://develop.svn.wordpress.org/trunk@44455 602fd350-edb4-49c9-b593-d223f7449a82
Currently, when an SVG is used as a menu icon, the color is inconsistent with the other, default dashicons and the contrast ratio does not meet the minimum requirement for accessibility.
This updates the base color for the default `fresh` color scheme to ensure consistency and proper contrast.
Props swift, dschalk.
Fixes#44209.
git-svn-id: https://develop.svn.wordpress.org/trunk@44353 602fd350-edb4-49c9-b593-d223f7449a82
In [44185], a bug was introduced where hierarchical post types would not display in the correct default order (hierarchically).
This was caused by a `! isset()` check, which returned `false` after [44185], causing the correct default value to not be applied. This switches that conditional to use an `empty()` check, ignoring the new empty string assignment that was added to prevent a PHP notice when `compact()` is called.
Props davidbinda.
Fixes#45711.
git-svn-id: https://develop.svn.wordpress.org/trunk@44338 602fd350-edb4-49c9-b593-d223f7449a82
In PHP 7.3, the `compact()` function has been changed to issue an `E_NOTICE` level error if a passed string refers to an unset variable. In previous versions of PHP, this notice was silently skipped. This fixes a few more instances of unset variables in the WordPress admin.
The full RFC can be viewed here: https://wiki.php.net/rfc/compact.
See #44416.
Merges [44185] into trunk.
Fixes#45483.
git-svn-id: https://develop.svn.wordpress.org/trunk@44297 602fd350-edb4-49c9-b593-d223f7449a82
The meta_input, file, and guid fields are not intended to be updated through user input.
Merges [44047] to trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@44295 602fd350-edb4-49c9-b593-d223f7449a82
When editing a page set to be the Privacy Policy page, display a help notice
containing a link to the Privacy Policy guide.
Merges [43920] to trunk.
Fixes#45057.
git-svn-id: https://develop.svn.wordpress.org/trunk@44291 602fd350-edb4-49c9-b593-d223f7449a82
If a meta box is registered with the `__block_editor_compatible_meta_box` set to `false`, it's indicating that it doesn't work in the block editor. If that's the case, we can add a place holder to inform the user that they'll need to use the classic interface to work with this meta box.
Props pento, jorgefilipecosta, peterwilsoncc, karmatosed, noisysocks, dd32, ocean90.
Merges [43941] and [43945] to trunk.
Fixes#45217.
git-svn-id: https://develop.svn.wordpress.org/trunk@44280 602fd350-edb4-49c9-b593-d223f7449a82
The About page describes all the great changes in WordPress 5.0.
Highlights:
- Warn users of Gutenberg plugin of its deactivation upon 5.0 upgrade.
- Added illustrations to the Four Freedoms page.
- Include a link to wporg user’s plugin favorites as a way to display only the classic plugin as a suggestion for install.
- Detail the Classic Editor plugin and the support timeline.
Props pixelverbieger, ocean90, karmatosed, pento, boemedia, lonelyvegan, sami.keijonen, TimothyBlynJacobs, xkon, afercia, laurelfulford, joostdevalk, ipstenu, matveb, joen, tinkerbelly, chanthaboune, kjellr, alexislloyd, melchoyce, mcsf, courtney0burton, Otto42, cathibosco, tobifjellner, helen, audrasjb, antpb, jjj, elrae, desrosj, azaozz, joemcgill, skithund, gziolo.
Merges [43913], [43921-43922], [43937-43938], [43946-43947], [43952-43953], [43967-43969] into trunk.
Fixes#45178.
git-svn-id: https://develop.svn.wordpress.org/trunk@44264 602fd350-edb4-49c9-b593-d223f7449a82
This brings support for the custom fields meta box into the new block editor.
The `webpack` and `copy-webpack-plugin` packages have also been updated.
This does not bump the `@wordpress` packages like in [43861] because of conflicts with package versions already installed in `trunk`. The packages will be brought up to date in a subsequent merge.
Merges [43861] and [43863] into trunk.
See #45145.
Fixes#45257.
git-svn-id: https://develop.svn.wordpress.org/trunk@44260 602fd350-edb4-49c9-b593-d223f7449a82
Some plugins remove the Custom Fields meta box, particularly when they provide functionality that replaces it. The block editor would correctly not display this meta box in these circumstances, but it still showed the option to display or hide it.
Props pento, noisysocks.
Merges [43885] to trunk.
See #45282.
git-svn-id: https://develop.svn.wordpress.org/trunk@44244 602fd350-edb4-49c9-b593-d223f7449a82
Lacking an appropriate action in the classic editor, plugins that add meta boxes have historically hooked into various actions in order to add hidden input fields.
This change also adds backwards compatibility for two of the most common: `edit_form_after_title`, and `edit_form_advanced`.
Props pento, danielbachhuber.
Merges [43882] to trunk.
Fixes#45283.
git-svn-id: https://develop.svn.wordpress.org/trunk@44241 602fd350-edb4-49c9-b593-d223f7449a82
Meta boxes are loaded inside a wrapper form, that the block editor submits as part of the saving process. It shouldn't be submitted manually.
Props pento.
Merges [43880] to trunk.
Fixes#45284.
git-svn-id: https://develop.svn.wordpress.org/trunk@44240 602fd350-edb4-49c9-b593-d223f7449a82
If a plugin returns a non-string value (or returns `null`) on these filters, it can cause errors in the block editor. Casting them as a string prevents these errors.
Merges [43858] from the 5.0 branch to trunk.
Props dd32.
See #45236.
git-svn-id: https://develop.svn.wordpress.org/trunk@44224 602fd350-edb4-49c9-b593-d223f7449a82
Meta boxes that exist for back compat, or that are incompatible with the block editor aren't displayed, so they don't need an option to display or hide them in the Options dialog.
Merges [43856] from the 5.0 branch to trunk.
Props noisysocks.
Fixes#45249.
git-svn-id: https://develop.svn.wordpress.org/trunk@44222 602fd350-edb4-49c9-b593-d223f7449a82
This is a followup to [43728], which added the same check, but using the `publicly_queryable` option. This behaviour is incorrect for `_builtin` post types, which go by the logic in `is_post_type_viewable()`, instead.
Merges [43855] from the 5.0 branch to trunk.
Props pento.
See #43278.
git-svn-id: https://develop.svn.wordpress.org/trunk@44221 602fd350-edb4-49c9-b593-d223f7449a82
Remove the "Quick Edit" for `wp_block`s, too, as they don't need any of that functionality.
Merges [43854] from the 5.0 branch to trunk.
Props noisysocks.
Fixes#45247.
git-svn-id: https://develop.svn.wordpress.org/trunk@44220 602fd350-edb4-49c9-b593-d223f7449a82
The block editor needs to duplicate the classic meta box behaviour, so it can extract the registered meta boxes, and import them into the block editor.
To match the classic editor behaviour as closely as possible, this moves the relevant code from the classic editor, into a new function, so it can be called by both.
Merges [43837] from the 5.0 branch to trunk.
Props pento, peterwilsoncc.
Fixes#45172.
git-svn-id: https://develop.svn.wordpress.org/trunk@44214 602fd350-edb4-49c9-b593-d223f7449a82
ftp_base::glob() used each(), which is deprecated as of PHP 7.2.
ftp_base::fget() was missing the decleration of its third parameter, $rest.
Props itowhid06, pento.
Merges [43848] to trunk.
Fixes#44489.
git-svn-id: https://develop.svn.wordpress.org/trunk@44184 602fd350-edb4-49c9-b593-d223f7449a82
This also includes the new @wordpress/format-library and @wordpress/notices packages.
package-lock.json has been completely regenerated in this commit.
Props pento.
Merges [43840] to trunk.
See #45145.
git-svn-id: https://develop.svn.wordpress.org/trunk@44177 602fd350-edb4-49c9-b593-d223f7449a82
We should only be showing this message in the classic editor interface, for meta boxes that are marked as being incompatible with the block editor.
Props pento.
Merges [43839] to trunk.
Fixes#45207.
git-svn-id: https://develop.svn.wordpress.org/trunk@44175 602fd350-edb4-49c9-b593-d223f7449a82
While the documentation for add_meta_box() specifices that $callback_args should be an array, this has never been enforced, and we have workarounds in place for when it's passed as something other than an array.
Rather than break sites that are passing unexpected data, we can quietly just allow for it, instead.
Props johnjamesjacoby, birgire, pento.
Merges [43838] to trunk.
Fixes#45206.
git-svn-id: https://develop.svn.wordpress.org/trunk@44174 602fd350-edb4-49c9-b593-d223f7449a82
When `WP_DEBUG` is set, ensure that a static method callback is passed to `ReflectionMethod`, instead of `ReflectionFunction`.
Merges [43830] from the 5.0 branch to trunk.
Props DrewAPicture.
Fixes#45192.
git-svn-id: https://develop.svn.wordpress.org/trunk@44170 602fd350-edb4-49c9-b593-d223f7449a82
Because the REST API allows meta keys to have empty values, the Custom Fields meta box should permit the same behavior.
Props charlestonsw, soulseekah, danielbachhuber.
Merges [43811] to trunk.
Fixes#43559.
git-svn-id: https://develop.svn.wordpress.org/trunk@44153 602fd350-edb4-49c9-b593-d223f7449a82
After [44149], we can now make twentynineteen the default theme. Twentyseventeen has been a great default, but 5.0 and twentynineteen is guten.
Merges [43809,43954] from the 5.0 branch to trunk.
Fixes#45152.
Props jorbin, SergeyBiryukov, pento, mcsf.
git-svn-id: https://develop.svn.wordpress.org/trunk@44151 602fd350-edb4-49c9-b593-d223f7449a82
When meta boxes are registered, they can use the `__back_compat_meta_box` and `__block_editor_compatible_meta_box` flags, to show whether this registration just exists for if the classic editor is loaded, and whether this meta box is compatible with the block editor.
When a meta box marks itself as incompatible with the block editor, and `WP_DEBUG` is enabled, a warning will show inside that meta box in the classic editor.
As all core meta boxes have been recreated in the block editor, they can be marked with the `__back_compat_meta_box` flag.
Merges [43779] from the 5.0 branch to trunk.
See #45112.
git-svn-id: https://develop.svn.wordpress.org/trunk@44132 602fd350-edb4-49c9-b593-d223f7449a82
To allow the block editor to render meta boxes, it needs to collect information about how those meta boxes are registered, and format it for the block editor to make use of.
Merges [43778] from the 5.0 branch to trunk.
See #45112.
git-svn-id: https://develop.svn.wordpress.org/trunk@44131 602fd350-edb4-49c9-b593-d223f7449a82
This method allows checking (or setting) whether the block editor is loading on the current screen.
Merges [43777] from the 5.0 branch to trunk.
See #45037.
git-svn-id: https://develop.svn.wordpress.org/trunk@44130 602fd350-edb4-49c9-b593-d223f7449a82
`use_block_editor_for_post()` and `use_block_editor_for_post_type()` determine if the block editor should be loaded.
`get_block_categories()` and `get_block_editor_server_block_settings()` provide data be included while the block editor is loading.
Props pento.
Merges [43762] to trunk.
See #45110.
git-svn-id: https://develop.svn.wordpress.org/trunk@44122 602fd350-edb4-49c9-b593-d223f7449a82
Fix errors introduced in [43973] due to Jorbin not running the correct tag of wpcs.
Unprops jorbin.
git-svn-id: https://develop.svn.wordpress.org/trunk@43976 602fd350-edb4-49c9-b593-d223f7449a82
In [43437], the link definition implementation caused attachment links to be unexpectedly nested under an attributes key. This changeset restores the prior behavior.
Merges [43681] to trunk.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44750.
git-svn-id: https://develop.svn.wordpress.org/trunk@43973 602fd350-edb4-49c9-b593-d223f7449a82
This fixes the display of Bulk Actions where there exists only a single page of results.
Props shaneeckert, jobthomas, dd32.
Fixes#45028.
git-svn-id: https://develop.svn.wordpress.org/trunk@43671 602fd350-edb4-49c9-b593-d223f7449a82
For screens wider than 2300px, show 4 colums of search results, as 3 columns looked quite stretched out.
This change also increases the default number of search results from 30 to 36, so that the columns have an even number of results, regardless of whether there are 2, 3, or 4 of them.
Props nielslange.
Fixes#43573.
git-svn-id: https://develop.svn.wordpress.org/trunk@43669 602fd350-edb4-49c9-b593-d223f7449a82
Whom can say who's "whose" is who's? Is it a Who that Horton heard? Maybe it's The Who whose "who" knowledge will hook whomever hoots "who's" instead of "whose".
Hoot. Hoot.
Props Hafiz.
Fixes#45026.
git-svn-id: https://develop.svn.wordpress.org/trunk@43665 602fd350-edb4-49c9-b593-d223f7449a82
In the full edit screen, CPTs that have disabled the `publicly_queryable` option will hide the slug field, as it doesn't need to be edited. This change brings the Quick Edit view into line with that behaviour.
Props bhargavmehta, krutidugade.
Fixes#43278.
git-svn-id: https://develop.svn.wordpress.org/trunk@43664 602fd350-edb4-49c9-b593-d223f7449a82
This changeset makes the new CRUD API for sites introduced in [43548] usable for real-world sites. A new function `wp_initialize_site()`, which takes care of creating a site's database tables and populating them with initial values, is hooked into the site insertion process that is initiated when calling `wp_insert_site()`. Similarly, a new function `wp_uninitialize_site()`, which takes care of dropping a site's database tables, is hooked into the site deletion process that is initiated when calling `wp_delete_site()`.
A new function `wp_is_site_initialized()` completes the API, allowing to check whether a site is initialized. Since this function always makes a database request in its default behavior, it should be called with caution. Plugins that would like to use site initialization in special ways can leverage a `pre_wp_is_site_initialized` filter to alter that default behavior.
The separate handling of the site's row in the `wp_blogs` database table and the actual site setup allows for more flexibility in controlling whether or how a site's data is set up. For example, a unit test that only checks data from the site's database table row can unhook the site initialization process to improve performance. At the same time, developers consuming the new sites API only need to know about the CRUD functions, since the initialization and uninitialization processes happen internally.
With this changeset, the foundation for a sites REST API endpoint is fully available. The previously recommended functions `wpmu_create_blog()` and `wpmu_delete_blog()` now call the new respective function internally. Further follow-up work to this includes replacing calls to `wpmu_create_blog()` with `wp_insert_site()`, `update_blog_details()` with `wp_update_site()` and `wpmu_delete_blog()` with `wp_delete_blog()` throughout the codebase.
As a side-effect of this work, the `wpmu_new_blog`, `delete_blog`, and `deleted_blog` actions and the `install_blog()` function have been deprecated.
Fixes#41333. See #40364.
git-svn-id: https://develop.svn.wordpress.org/trunk@43654 602fd350-edb4-49c9-b593-d223f7449a82
* Add missing translators comments.
* Fix placement of some translators comments.
Translators comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools.
The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translators comments.
Includes minor code layout fixes.
Patch `44360-wp-admin-includes-dir.patch` of the series.
Props flipkeijzer, alvarogois, michielatyoast
See #44360
git-svn-id: https://develop.svn.wordpress.org/trunk@43598 602fd350-edb4-49c9-b593-d223f7449a82
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
git-svn-id: https://develop.svn.wordpress.org/trunk@43571 602fd350-edb4-49c9-b593-d223f7449a82
In order to get the best result when running `phpcbf` across the codebase, there are some manual tweaks we need to make.
These fall into three categories:
- Fixing incorrectly indented code which has flow-on effects when auto-fixing.
- Tweaking the layout of inline PHP inside HTML tags.
- Moving more complex inline PHP inside HTML tags, to execute earlier.
See #44600.
git-svn-id: https://develop.svn.wordpress.org/trunk@43569 602fd350-edb4-49c9-b593-d223f7449a82
New functions `wp_insert_site( $data )`, `wp_update_site( $id, $data )` and `wp_delete_site( $id )` are introduced to manage site rows in the `wp_blogs` table, forming the new CRUD API together with the existing `get_site()` / `get_sites()`. The new API provides various benefits over the previously existing API, fixing several cache invalidation issues and being hook-driven so that normalization and validation of the passed data can be fully customized.
New hooks introduced as part of this are the actions `wp_insert_site`, `wp_update_site`, `wp_delete_site`, `wp_validate_site_data` and the filter `wp_normalize_site_data`.
At this point, `wp_insert_site()` does not handle setting up the site's database tables, and `wp_delete_site()` does not handle dropping the site's database tables, so the two can not yet be used directly as full replacements of `wpmu_create_blog()` and `wpmu_delete_blog()`. Managing the site's database tables will be added via hooks as part of the follow-up ticket #41333.
The existing functions `wpmu_create_blog()`, `update_blog_details()`, and `wpmu_delete_blog()` make use of the respective new counterpart and will be obsolete once #41333 has been completed.
Props flixos90, jeremyfelt, spacedmonkey.
Fixes#40364.
git-svn-id: https://develop.svn.wordpress.org/trunk@43548 602fd350-edb4-49c9-b593-d223f7449a82
This commit should have just gone into the 4.9 branch. It did in [43544].
See: #44680
Unprops jorbin
props ocean90
git-svn-id: https://develop.svn.wordpress.org/trunk@43545 602fd350-edb4-49c9-b593-d223f7449a82
When Gutenberg is either not installed, or not activated, only show the callout to users with the install_plugins capability.
When Gutenberg is activated, expand that to include all users with the edit_posts capability.
Props pento.
Fixes#44680.
git-svn-id: https://develop.svn.wordpress.org/trunk@43543 602fd350-edb4-49c9-b593-d223f7449a82
"Be more discrete." declared matt in [3155], and since then, "Silence is Golden" has been the calling card of placeholder index files. Historically, these have been php files, but [43012] changed that and added index.html files for privacy export generated folders.
The php silence files produce no visible content. This adds consistency with these new html files in that there will be no visible content. Silence will fall when the question is asked.
Fixes#44195.
Props audrasjb, rafsuntaskin, Ov3rfly, johnbillion, pento
git-svn-id: https://develop.svn.wordpress.org/trunk@43446 602fd350-edb4-49c9-b593-d223f7449a82
Display a notice with an explanation and the steps required to resolve the issue.
Props afragen, schlessera, flixos90, nerrad, melchoyce, boemedia, hedgefield, joyously, johnalarcon, lakenh, afercia, acirujano, ibantxillo, SergeyBiryukov.
Fixes#43986.
git-svn-id: https://develop.svn.wordpress.org/trunk@43436 602fd350-edb4-49c9-b593-d223f7449a82
This utility function allows for easy detection whether terms for a taxonomy are considered publicly viewable.
Props andizer.
Fixes#44466.
git-svn-id: https://develop.svn.wordpress.org/trunk@43386 602fd350-edb4-49c9-b593-d223f7449a82
This brings the name in line with user-facing language and similar names of existing related capabilities. Since the capability has not been part of any WordPress release, it can be renamed without any backward-compatibility implications.
Also missing props benhuberman for [43006].
Fixes#44457.
git-svn-id: https://develop.svn.wordpress.org/trunk@43381 602fd350-edb4-49c9-b593-d223f7449a82
Add a `_doing_it_wrong()` message describing the correct usage of the function.
Props kraftbj, azaozz, SergeyBiryukov, YuriV.
Fixes#44142.
git-svn-id: https://develop.svn.wordpress.org/trunk@43361 602fd350-edb4-49c9-b593-d223f7449a82
The line was copied from the emails that get sent when an email address changes, without considering if it made sense in the new context.
Props iandunn, ianbelanger, desrosj.
Fixes#44030.
git-svn-id: https://develop.svn.wordpress.org/trunk@43353 602fd350-edb4-49c9-b593-d223f7449a82
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.
To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.
The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.
Props johnjamesjacoby, allendav.
Fixes#44091.
git-svn-id: https://develop.svn.wordpress.org/trunk@43284 602fd350-edb4-49c9-b593-d223f7449a82
r43158 introduced a new admin pointer for the privacy tools added in 4.9.6. With the previous positioning, though, sometimes the `Dismiss` link would be fixed off screen, making it impossible for the user to dismiss the pointer. This happened when there were enough extra menu items, or when the viewport height was short enough.
This commit repositions the pointer to work around that problem. One down side of this workaround is that the arrow will not always be positioned next to the `Tools` menu, where it should be. That's an acceptable compromise given the current time constraints, though. A long term solution would be to make `WP_Pointer` robust enough to handle this use case.
Props imath, audrasjb, desrosj.
Fixes#44045.
git-svn-id: https://develop.svn.wordpress.org/trunk@43246 602fd350-edb4-49c9-b593-d223f7449a82
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue.
An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.
The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.
Props azaozz, xkon, iandunn.
Fixes#43954. See #43953.
git-svn-id: https://develop.svn.wordpress.org/trunk@43223 602fd350-edb4-49c9-b593-d223f7449a82
Previously the pointer overlapped the menu in order to draw attention to the fact that it applies to both the `Tools` and `Settings` menus. That caused a conflict if the menu was collapsed, though, because the icons were covered by the pointer and therefore inaccessible.
Additionally, minor tweaks were made to the text order and formatting. The order of the two sections was swapped in the title and paragraph, in order to match the order of the corresponding menu items. The spacing around headings and paragraphs was tweaked to remove extraneous whitespace.
Props littler.chicken, desrosj, ianbelanger, melchoyce.
Fixes#43961.
git-svn-id: https://develop.svn.wordpress.org/trunk@43210 602fd350-edb4-49c9-b593-d223f7449a82
- Separate the guide text form the suggested policy text.
- Add table of content for easier navigation.
- Move the content to tools.php (prevents the settings menu of being open).
- Add a link to the guide from the Privacy settings screen.
Props melchoyce, azaozz.
See #43980.
git-svn-id: https://develop.svn.wordpress.org/trunk@43203 602fd350-edb4-49c9-b593-d223f7449a82
r42986 introduced the beginnings of an Ajax handler for processing requests to erase personal data. At the time, a method for marking requests as completed was planned, but had not yet been created. This commit introduces that mechanism, bringing the erasure process closer to completion.
Props coreymckrill, allendav.
Fixes#43922.
git-svn-id: https://develop.svn.wordpress.org/trunk@43185 602fd350-edb4-49c9-b593-d223f7449a82
r43008 refactored the request flow to make several improvements, but accidentally marked `completed` requests as `confirmed`. This commit restores the intended statuses, so that the data and corresponding UI reflect reality.
Props allendav, birgire.
Fixes#43913.
git-svn-id: https://develop.svn.wordpress.org/trunk@43183 602fd350-edb4-49c9-b593-d223f7449a82
Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.
That can be avoided by reusing the same filename when building fresh archives.
Props desrosj, tz-media, allendav.
Fixes#43905.
git-svn-id: https://develop.svn.wordpress.org/trunk@43180 602fd350-edb4-49c9-b593-d223f7449a82
The new features are very important for some users, because of their GDPR obligations. They're also spread across multiple top-level menus, making them less discoverable. An admin pointer will help to ensure that users are aware of the new tools and how to find them.
Props desrosj, andreamiddleton, allendav, xkon.
Fixes#43942.
git-svn-id: https://develop.svn.wordpress.org/trunk@43158 602fd350-edb4-49c9-b593-d223f7449a82
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.
Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.
Props desrosj, allendav, ocean90.
Fixes#43931.
git-svn-id: https://develop.svn.wordpress.org/trunk@43154 602fd350-edb4-49c9-b593-d223f7449a82
- Insert both the text and tutorial in new policy pages and highlight is brightly in the editor.
- Show only the suggested text in the policy postbox.
Props melchoyce, azaozz.
See #43473.
git-svn-id: https://develop.svn.wordpress.org/trunk@43146 602fd350-edb4-49c9-b593-d223f7449a82
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.
Props allendav, jeremyfelt, iandunn.
Fixes#43919.
git-svn-id: https://develop.svn.wordpress.org/trunk@43085 602fd350-edb4-49c9-b593-d223f7449a82
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.
See #43546.
git-svn-id: https://develop.svn.wordpress.org/trunk@43047 602fd350-edb4-49c9-b593-d223f7449a82
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.
`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.
This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.
`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.
Props iandunn, desrosj.
See #43546.
git-svn-id: https://develop.svn.wordpress.org/trunk@43046 602fd350-edb4-49c9-b593-d223f7449a82
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.
See #43546.
git-svn-id: https://develop.svn.wordpress.org/trunk@43045 602fd350-edb4-49c9-b593-d223f7449a82
By making the pagination links use the default style for buttons, color contrast
is improved and the CSS is simplified. Improves consistency with other UI controls.
Also, slightly increases the white space below the pagination links.
Props benoitchantre, afercia.
Fixes#41858.
git-svn-id: https://develop.svn.wordpress.org/trunk@43019 602fd350-edb4-49c9-b593-d223f7449a82
The updated version of the nag is shorter, more on point and less aggressive than the previous one. It integrates better with the other dashboard widgets and fixes several accessibility concerns. A yellow warning color is used when the current PHP version is outdated, a red error color is used when it is also insecure.
Props afercia, birgire, danieltj, flixos90, johnjamesjacoby, karmatosed, Luciano Croce, nerrad, pento, schlessera, SergeyBiryukov, sonjaleix.
Fixes#41191.
git-svn-id: https://develop.svn.wordpress.org/trunk@43006 602fd350-edb4-49c9-b593-d223f7449a82
