Commit Graph

2886 Commits

Author SHA1 Message Date
Ian Dunn
e4ffde6193 Privacy: Limit Privacy Settings screen to Super Admins in Multisite.
In many common Multisite use cases, the network administrator will want to set a network-wide privacy policy -- via the `privacy_policy_url` filter -- for consistency and convenience. When that's done, the Privacy Settings screen on individual sites becomes unnecessary, and may confuse administrators of those sites when they see that their changes don't have any effect on the policy link in the footer.

Since we can't programatically determine which behavior the network admins would like, the safest default setting is to restrict the ability to super admins, and let them delegate it to individual site owners via a plugin, if they'd like to.

Fixes #43935.


git-svn-id: https://develop.svn.wordpress.org/trunk@43147 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-03 17:24:35 +00:00
Sergey Biryukov
65df92173a Privacy: Correct unit test for wp_user_personal_data_exporter() added in [43055].
`user_status` is not considered personal data, so the total number of exported user properties is 11.

See #43547.

git-svn-id: https://develop.svn.wordpress.org/trunk@43116 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 04:10:17 +00:00
Gary Pendergast
4ac3f4c13a REST API: Filter responses based on the _fields parameter, before data is processed.
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.

This change causes `_fields` to be applied earlier, so that only requested fields are processed.

Props danielbachhuber.
See #43874.



git-svn-id: https://develop.svn.wordpress.org/trunk@43087 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 01:24:30 +00:00
Ian Dunn
1a4e28818f Privacy: Limit export and erasure to super admins on Multisite.
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.

Props allendav, jeremyfelt, iandunn.
Fixes #43919.


git-svn-id: https://develop.svn.wordpress.org/trunk@43085 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-02 01:07:00 +00:00
Andrew Ozz
87b81f220c Privacy: improve wp_privacy_erase_personal_data(), return boolean values.
Props ericdaams.
See #43602.

git-svn-id: https://develop.svn.wordpress.org/trunk@43061 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 19:26:53 +00:00
Andrew Ozz
16bd4bede2 Privacy: add user information to the personal data export file.
Props TZ-Media, desrosj.
See #43547.


git-svn-id: https://develop.svn.wordpress.org/trunk@43055 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 13:58:02 +00:00
Peter Wilson
e73af26e92 Cron API: Return meaningful values from cron functions.
Return values added to Cron API functions to indicate outcome:

* `wp_schedule_single_event()`, `wp_schedule_event()`, `wp_reschedule_event()` and `wp_unschedule_event()`: boolean indicating success or failure,
* `wp_clear_scheduled_hook()`: integer indicating number of jobs cleared (zero or more), `false` if one or more jobs fail to clear,
* `wp_unschedule_hook()`: integer indicating number of jobs cleared (zero or more), `false` if the jobs fail to clear,
* `spawn_cron()`: boolean indicating whether job spawned,
* `wp_cron()`: integer indicating number of jobs spawned (zero or more), `false` if one or more jobs fail to spawned,
* `_set_cron_array()`: boolean outcome of `update_option()`.

Props evansolomon, jrf, peterwilsoncc, pento for code review.
Fixes #21072.



git-svn-id: https://develop.svn.wordpress.org/trunk@43050 602fd350-edb4-49c9-b593-d223f7449a82
2018-05-01 02:04:25 +00:00
Boone Gorges
4c36079299 Taxonomy: Ensure that invalid term objects are discarded in WP_Term_Query.
The `get_term()` mapping may result in term objects that are `null` or
`WP_Error` when plugins use `get_term` or a related filter. Since `null`
and error objects are not valid results for a term query, we discard
them.

Props GM_Alex.
See #42691.

git-svn-id: https://develop.svn.wordpress.org/trunk@43049 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 21:07:16 +00:00
Sergey Biryukov
451ba4c401 General: Introduce a polyfill for is_iterable() function added in PHP 7.1.
Props jrf, schlessera, desrosj.
See #43619.

git-svn-id: https://develop.svn.wordpress.org/trunk@43036 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 04:14:30 +00:00
Sergey Biryukov
8edb00171c General: Introduce a polyfill for is_countable() function added in PHP 7.3.
Props jrf, ayeshrajans, desrosj.
See #43583.

git-svn-id: https://develop.svn.wordpress.org/trunk@43034 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-30 03:42:46 +00:00
Andrew Ozz
6173287317 Privacy: fix unit tests after [43012].
Props iandunn.
See #43546.

git-svn-id: https://develop.svn.wordpress.org/trunk@43015 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-28 12:10:13 +00:00
Felix Arntz
f9d314aaf7 Multisite: Add meta query functionality to WP_Site_Query.
After the introduction of site metadata in [42836], it should be possible to query sites by that data.

Fixes #40229.


git-svn-id: https://develop.svn.wordpress.org/trunk@43010 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-27 11:40:35 +00:00
Gary Pendergast
0907ed4894 REST API: Include viewable attribute on Post Type resource for edit context
For the block editor to be able to expose the Preview button correctly, it needs to know the `is_post_type_viewable()` setting, this change adds it to the Post Type response.

Props danielbachhuber.
Fixes #43739.



git-svn-id: https://develop.svn.wordpress.org/trunk@43007 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-27 03:05:40 +00:00
Felix Arntz
79bf20d320 Tests: Skip multisite-only or single site-only tests correctly based on test doc annotations.
Without the `ms-required` and `ms-excluded` groups being marked as excluded in the PHPUnit configurations for the project, those groups were still executed, causing fatal errors. Checking against the groups in the correct structure of the array returned from PHPUnit's `Testcase::getAnnotations()` ensures that those tests are skipped properly.

Fixes #43863.


git-svn-id: https://develop.svn.wordpress.org/trunk@43005 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-25 22:37:08 +00:00
Ian Dunn
d336475bf5 Privacy: Add template tags for building link to privacy policy page.
This introduces the `get_the_privacy_policy_link()` and `the_privacy_policy_link()` functions, as well as the `privacy_policy_url` filter.

A new `tests/url/` folder was added to better organize tests related to `get_*_url()` functions. Previously, those tests were placed in `tests/url.php` and `tests/link/`, but neither of those locations are optimal. Placing tests in `tests/url.php` violates the guideline of creating separate files/classes for each function under test, and using `tests/link/` conflates two distinct -- albeit related -- groups of functions. Over time, URL-related tests can be migrated to the new folder.

Props birgire, xkon, azaozz, iandunn.
See #43850.


git-svn-id: https://develop.svn.wordpress.org/trunk@43002 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-25 15:54:29 +00:00
Gary Pendergast
50e9639f22 REST API: Add who=authors as a query parameter for GET wp/v2/users.
Any WordPress user who can `edit_posts` of a post type with `show_in_rest=true` can query for authors. This maps to current WordPress behavior where a WordPress user who can view the Manage Posts view for a post type can see any WordPress user assigned to a post (whether published or draft).

This implementation, over restricting `who=authors` to users with `list_users`, gives us future flexibility in displaying lists of posts. It still respects more restrictive permissions for `context=edit`.

Props danielbachhuber.
Fixes #42202.



git-svn-id: https://develop.svn.wordpress.org/trunk@43001 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-25 13:05:48 +00:00
Gary Pendergast
f9e4467b3d REST API: Remove permalink_structure from the index.
This was originally added to allow Gutenberg to do permalink editing, but is no longer required. It's also superceded by #41014.

Reverts [42142].
Fixes #42465.



git-svn-id: https://develop.svn.wordpress.org/trunk@42997 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-23 04:11:42 +00:00
Andrew Ozz
7e26130f12 Privacy: add functionality to anonymize commenters.
Props xkon, fclaussen, allendav, birgire, azaozz.
See #43442.

git-svn-id: https://develop.svn.wordpress.org/trunk@42994 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-20 12:18:35 +00:00
Andrew Ozz
cf7865a91f Privacy: fix docs, formatting, white space, add tests for the personal data from comments exporter.
Props birgire.
See #43440.

git-svn-id: https://develop.svn.wordpress.org/trunk@42987 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-18 22:54:23 +00:00
Felix Arntz
63eda3b3a4 Multisite: Verify the signup nonce using wp_verify_nonce() in signup_nonce_check().
Prior to this change, the nonce passed from `wp-signup.php` was verified with a simple comparison. Furthermore in case of failures, `wp_die()` would be called right during the HTML markup being already printed. Now the error message is returned properly, modifying the `WP_Error` object in the passed `$result`.

Props herregroen.
Fixes #43667.


git-svn-id: https://develop.svn.wordpress.org/trunk@42976 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-13 15:29:52 +00:00
Gary Pendergast
30354e5a9b Tests: Update the REST API fixtures.
[42967] included new post statii, but didn't add them to the REST API tests.

See #43481.



git-svn-id: https://develop.svn.wordpress.org/trunk@42972 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-13 00:53:31 +00:00
Andrew Ozz
43b5e9ac20 Privacy: add helper function for anonymizing data in a standardized way.
Props jesperher, allendav, iandunn, birgire, azaozz.
Fixes #43545.

git-svn-id: https://develop.svn.wordpress.org/trunk@42971 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-12 21:19:24 +00:00
Ian Dunn
ede824e3cd Dashboard: Strip more extraneous IP parts to prevent PHP warnings.
This iterates on earlier versions of the code, in order to handle more edge cases. An arbitrary string like `or=\"` will now be stripped, as well as reachability scopes like `%eth0`.

Props eamax, soulseekah, iandunn.
Fixes #41083.


git-svn-id: https://develop.svn.wordpress.org/trunk@42968 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-10 23:18:04 +00:00
Adam Silverstein
495ac15555 REST API: Handle api-request query parameters with plain permalinks.
When constructing the request URL, ensure that  `?` is replaced with `&` when the API root  already contains a `?`. Fixes an issue where requests were broken when sites had permalinks set to plain.

Props aduth.
Fixes #42382.



git-svn-id: https://develop.svn.wordpress.org/trunk@42965 602fd350-edb4-49c9-b593-d223f7449a82
2018-04-09 13:09:41 +00:00
Sergey Biryukov
c8fa6497aa Formatting: Permit use of text-transform in safecss_filter_attr().
Add unit tests for `safecss_filter_attr()`.

Props birgire, juiiee8487, danielbachhuber.
Fixes #42729.

git-svn-id: https://develop.svn.wordpress.org/trunk@42880 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-27 00:53:20 +00:00
John Blackbourn
3bb3d7a6c7 Build/Test Tools: Implement assertNotWPError() in appropriate places in the test suite.
Props birgire

Fixes #42065


git-svn-id: https://develop.svn.wordpress.org/trunk@42863 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-20 22:34:11 +00:00
Sergey Biryukov
db606c9bb2 Formatting: Avoid a PHP 7.2 warning in wp_kses_attr() when one of $allowedtags elements is an uncountable value.
Props andrei0x309, soulseekah, SergeyBiryukov.
Fixes #43312.

git-svn-id: https://develop.svn.wordpress.org/trunk@42860 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-20 21:34:15 +00:00
Jeremy Felt
4902da091c Multisite: Use case-insensitive check on email domain whitelist.
Props greatislander.
Fixes #43148.


git-svn-id: https://develop.svn.wordpress.org/trunk@42858 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-20 19:06:09 +00:00
Dominik Schilling (ocean90)
877a59a843 Users: Use promote_users for role updates in edit_user().
`edit_user()` can also update user roles but was still using the `edit_users` capability instead of the newer `promote_users` capability introduced in [14176].
This makes the role handling consistent with the bulk dropdown menu for role changes.

Props flixos90, johnjamesjacoby, ocean90.
Fixes #42564.

git-svn-id: https://develop.svn.wordpress.org/trunk@42855 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-19 20:28:28 +00:00
Dominik Schilling (ocean90)
8df8cf2df1 Pinking shears.
See #41057.

git-svn-id: https://develop.svn.wordpress.org/trunk@42843 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-18 14:22:09 +00:00
Joe McGill
9f9ff6afed Update unit test following r42839.
This updates the expected version number for Hello Dolly in `Tests_Ajax_Update_Plugin::test_update_plugin` following [42839].

See #43555.


git-svn-id: https://develop.svn.wordpress.org/trunk@42841 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-17 20:57:00 +00:00
Joe McGill
860b45216e Revert max-width styles on caption shortcodes.
This is a partial revert of [41724], so image captions include an
inline `width` style instead of `max-width`.

This returns the caption shortcode to the pre-4.9.0 behavior, while
retaining the extra unit test coverage added in [41724].

Fixes #43123. See #33981.


git-svn-id: https://develop.svn.wordpress.org/trunk@42837 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-16 20:06:41 +00:00
Felix Arntz
8e4bd924d2 Multisite: Introduce metadata for sites.
A new global multisite table `wp_blogmeta` is added to the database schema, and a set of `*_site_meta()` API functions are introduced.

The implementation fails gracefully when the new table is not yet available, which may happen especially shortly after the core update, before the network has been upgraded to the new database schema. The presence of the table is detected once and stored as a global setting on the main network.

Core does not yet use site metadata, but there are several use-cases to be implemented or explored in the near future, and it allows plugins to extend sites with arbitrary data, which will come in particularly handy with the upcoming REST API endpoint for sites.

Props spacedmonkey, johnjamesjacoby, jeremyfelt, flixos90.
Fixes #37923.


git-svn-id: https://develop.svn.wordpress.org/trunk@42836 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-16 02:14:04 +00:00
Felix Arntz
a7b3f5f759 Multisite: Add missing group annotations to tests included in [42833].
This ensures tests are skipped correctly when not using multisite.

See #43506.


git-svn-id: https://develop.svn.wordpress.org/trunk@42834 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-13 17:56:05 +00:00
Felix Arntz
52a77e5254 Multisite: Ensure the {$network_id}:notoptions array is set in cache in get_network_option().
Prior to this change, the `{$network_id}:notoptions` cache would only be fetched, but not set, unless the actual database lookup would be unsuccessful. This enhancement slightly improves performance by preventing unnecessary external object cache lookups if one is used.

Fixes #43506.


git-svn-id: https://develop.svn.wordpress.org/trunk@42833 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-13 15:36:14 +00:00
Felix Arntz
5f56921131 General: Introduce dashboard widget to inform administrators about outdated PHP versions.
This new dashboard widget is shown on WordPress sites which are powered by a PHP version which WordPress considers outdated, in order to inform site owners about the resulting problems and to explain how to upgrade to a supported version. An education page for that purpose has been previously created that the widget links to. The link is translatable so that localized versions of the page can be referred to as they become available.

The nag follows the example of the Browse Happy dashboard widget and is only visible for administrators, or network administrators when using multisite. To determine whether it needs to be displayed, a new wordpress.org API introduced prior is called that handles the version logic in a centralized location.

Props flixos90, hedgefield, schlessera.
Fixes #41191.


git-svn-id: https://develop.svn.wordpress.org/trunk@42832 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-12 16:42:11 +00:00
Sergey Biryukov
1e54b5a2ae Link Template: Apply get_{$adjacent}_post_excluded_terms filter to an empty excluded_terms parameter as well.
Props soulseekah, zottto.
Fixes #43521.

git-svn-id: https://develop.svn.wordpress.org/trunk@42828 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-11 17:31:04 +00:00
Sergey Biryukov
9b713c6d12 Tests: Skip symlinked theme file tests if symlink() is not available, e.g. in PHP 5.2.x on Windows.
See #43508.

git-svn-id: https://develop.svn.wordpress.org/trunk@42819 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-09 17:47:39 +00:00
John Blackbourn
5816caddcf Themes: Revert [42788] as it breaks a lot of things.
See #43228


git-svn-id: https://develop.svn.wordpress.org/trunk@42816 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-09 16:59:57 +00:00
Sergey Biryukov
94e44cd9ed Tests: Skip symlinked theme file tests if the links could not be created.
Fixes #43508.

git-svn-id: https://develop.svn.wordpress.org/trunk@42812 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-09 01:09:17 +00:00
Sergey Biryukov
257048ac71 Tests: Correct assertion in Tests_WP_Customize_Setting::test_constructor_with_args().
Props jipmoors.
See #30988, #43218.

git-svn-id: https://develop.svn.wordpress.org/trunk@42799 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-08 16:37:59 +00:00
Mike Schroder
3a46cba430 Media: Correctly allow changing PDF thumbnail crop value.
Corrects logic that keeping plugins from setting crop value of intermediate image sizes for rendered PDFs.

Adds test.

Props leemon, SergeyBiryukov, chetan200891, birgire.
Fixes #43226.

git-svn-id: https://develop.svn.wordpress.org/trunk@42792 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-07 01:18:08 +00:00
John Blackbourn
d83f786d3c Themes: Ensure the theme roots cache is cleared when registering a theme directory.
Props soulseekah, johnbillion

Fixes #43228


git-svn-id: https://develop.svn.wordpress.org/trunk@42788 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-05 22:13:36 +00:00
Sergey Biryukov
007a7caad4 Media: Recognize .ico files as displayable images on PHP 5.3+ and allow attachment meta data to be generated for them.
Props remyvv, Guido07111975.
Fixes #43458.

git-svn-id: https://develop.svn.wordpress.org/trunk@42780 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-05 01:02:20 +00:00
Sergey Biryukov
4edda96383 Filesystem API: Allow download_url() to return the response code and body on error as an additional WP_Error object data.
The error response body size is limited to 1 KB by default to avoid taking up too much memory. The size can be increased using `download_url_error_max_body_size` filter.

Props soulseekah, campusboy1987, mihdan, SergeyBiryukov.
Fixes #43329.

git-svn-id: https://develop.svn.wordpress.org/trunk@42773 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-04 17:13:35 +00:00
Andrew Ozz
6d094f61bb Add pre-save content filter to make target=_blank always secure.
Props notnownikki, iseulde, azaozz
Fixes #43187

git-svn-id: https://develop.svn.wordpress.org/trunk@42770 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-02 14:41:04 +00:00
Boone Gorges
e840759df5 Allow LIKE queries against the 'key' value in meta queries.
The new `compare_key=LIKE` parameter works in conjunction with `key` in a
similar way to the `compare=LIKE` and `value`: by doing a "compares" `LIKE`
query. This allows developers to do partial matches against keys when
doing meta queries.

Props mariovalney, chasewg.
Fixes #42409.

git-svn-id: https://develop.svn.wordpress.org/trunk@42768 602fd350-edb4-49c9-b593-d223f7449a82
2018-03-01 04:02:41 +00:00
Ian Dunn
c896326c55 External Libraries: Test for MEjs files in src instead of build.
The `build` task doesn't get run during TravisCI jobs, so the `build` folder doesn't exist in that context. Because of that, the test added in r42762 was failling.

Checking for the files in `src` instead achieves the same goal as that commit, but should pass in Travis.

See #43101
See https://wordpress.slack.com/archives/C02RQBWTW/p1519742993000615


git-svn-id: https://develop.svn.wordpress.org/trunk@42763 602fd350-edb4-49c9-b593-d223f7449a82
2018-02-28 00:25:08 +00:00
Ian Dunn
fde455a89f External Libraries: Test that MediaElement SWF files remain deleted.
The files were removed from Core in r42462 because they're no longer necessary, and have a history of security issues. They remain upstream, though, so this test makes it explicitly clear that they should not be added back in the future without careful consideration and discussion with the Security team.

`Tests_Admin_IncludesUpdateCore::test_new_files_are_not_in_old_files_array_compiled()` would already catch files with the exact same name, but this test will also catch files with new names, just to be extra cautious.

Props iandunn, ocean90, SergeyBiryukov
Fixes 43101


git-svn-id: https://develop.svn.wordpress.org/trunk@42762 602fd350-edb4-49c9-b593-d223f7449a82
2018-02-27 14:37:15 +00:00
Sergey Biryukov
1cc516f2e8 General: Introduce WP_Error::has_errors() method and use it where appropriate.
Props robdxw, DrewAPicture, SergeyBiryukov.
Fixes #42742.

git-svn-id: https://develop.svn.wordpress.org/trunk@42761 602fd350-edb4-49c9-b593-d223f7449a82
2018-02-27 02:30:46 +00:00