r42986 introduced the beginnings of an Ajax handler for processing requests to erase personal data. At the time, a method for marking requests as completed was planned, but had not yet been created. This commit introduces that mechanism, bringing the erasure process closer to completion.
Props coreymckrill, allendav.
Fixes#43922.
git-svn-id: https://develop.svn.wordpress.org/trunk@43185 602fd350-edb4-49c9-b593-d223f7449a82
r43008 refactored the request flow to make several improvements, but accidentally marked `completed` requests as `confirmed`. This commit restores the intended statuses, so that the data and corresponding UI reflect reality.
Props allendav, birgire.
Fixes#43913.
git-svn-id: https://develop.svn.wordpress.org/trunk@43183 602fd350-edb4-49c9-b593-d223f7449a82
Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.
That can be avoided by reusing the same filename when building fresh archives.
Props desrosj, tz-media, allendav.
Fixes#43905.
git-svn-id: https://develop.svn.wordpress.org/trunk@43180 602fd350-edb4-49c9-b593-d223f7449a82
Previously the user was shown a message that the page was created, but might not understand that they still need to visit the page and publish it. Redirecting them to the page makes it more obvious that additional steps are involved.
Props Clorith, xkon, azaozz.
Fixes#43926.
git-svn-id: https://develop.svn.wordpress.org/trunk@43160 602fd350-edb4-49c9-b593-d223f7449a82
The new features are very important for some users, because of their GDPR obligations. They're also spread across multiple top-level menus, making them less discoverable. An admin pointer will help to ensure that users are aware of the new tools and how to find them.
Props desrosj, andreamiddleton, allendav, xkon.
Fixes#43942.
git-svn-id: https://develop.svn.wordpress.org/trunk@43158 602fd350-edb4-49c9-b593-d223f7449a82
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.
Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.
Props desrosj, allendav, ocean90.
Fixes#43931.
git-svn-id: https://develop.svn.wordpress.org/trunk@43154 602fd350-edb4-49c9-b593-d223f7449a82
In many common Multisite use cases, the network administrator will want to set a network-wide privacy policy -- via the `privacy_policy_url` filter -- for consistency and convenience. When that's done, the Privacy Settings screen on individual sites becomes unnecessary, and may confuse administrators of those sites when they see that their changes don't have any effect on the policy link in the footer.
Since we can't programatically determine which behavior the network admins would like, the safest default setting is to restrict the ability to super admins, and let them delegate it to individual site owners via a plugin, if they'd like to.
Fixes#43935.
git-svn-id: https://develop.svn.wordpress.org/trunk@43147 602fd350-edb4-49c9-b593-d223f7449a82
- Insert both the text and tutorial in new policy pages and highlight is brightly in the editor.
- Show only the suggested text in the policy postbox.
Props melchoyce, azaozz.
See #43473.
git-svn-id: https://develop.svn.wordpress.org/trunk@43146 602fd350-edb4-49c9-b593-d223f7449a82
The page was originally placed under `Tools` so that it would be grouped with the pages to export and erase personal data, since they're all part of the effort to bring privacy management tools to Core ahead of GDPR's deadline. After more consideration, though, it makes sense to move this page to the `Settings` menu, since it's fundamental purpose is to configure an option, rather than to facilitate a recurring task. This keeps all of the configuration pages in a single place, making them consistent and easier to find.
Exporting and erasing personal data are recurring tasks, so they still make sense under the `Tools` menu.
Props xkon, helen, melchoyce, allendav, desrosj, ocean90, azaozz.
Fixes#43873.
git-svn-id: https://develop.svn.wordpress.org/trunk@43145 602fd350-edb4-49c9-b593-d223f7449a82
In these contexts, "privacy policy" is not a proper noun, and therefore should not be capitalized.
The remaining uses are page titles and section headers, where capitalization is appropriate.
Props idea15, garrett-eclipse, allendav.
Fixes#43435.
git-svn-id: https://develop.svn.wordpress.org/trunk@43132 602fd350-edb4-49c9-b593-d223f7449a82
The previous sentence was gramatically awkward, and using the term "compliance" could accidentally be mistaken by a site owner for a promise by WordPress that their site will be compliant after using the tool, which is not necessarily true.
Props idea15, allendav, azaozz, iandunn.
See #43435.
git-svn-id: https://develop.svn.wordpress.org/trunk@43131 602fd350-edb4-49c9-b593-d223f7449a82
Personal data collection is more likely for registered users than casual visitors, and the privacy policy might have been updated since a user last logged in. Those changes could impact the collection of personal data from registered users, so it makes sense to provide a link to the policy before users log in.
Props voneff, xkon, melchoyce, chetan200891, desrosj.
Fixes#43721.
git-svn-id: https://develop.svn.wordpress.org/trunk@43120 602fd350-edb4-49c9-b593-d223f7449a82
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.
Props allendav, jeremyfelt, iandunn.
Fixes#43919.
git-svn-id: https://develop.svn.wordpress.org/trunk@43085 602fd350-edb4-49c9-b593-d223f7449a82
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.
See #43546.
git-svn-id: https://develop.svn.wordpress.org/trunk@43047 602fd350-edb4-49c9-b593-d223f7449a82
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.
`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.
This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.
`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.
Props iandunn, desrosj.
See #43546.
git-svn-id: https://develop.svn.wordpress.org/trunk@43046 602fd350-edb4-49c9-b593-d223f7449a82
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.
See #43546.
git-svn-id: https://develop.svn.wordpress.org/trunk@43045 602fd350-edb4-49c9-b593-d223f7449a82
- really disables buttons when they look disabled (when navigation is at the first or last theme)
- when navigation is at the first or last theme, moves focus to the other navigation button, to avoid a focus loss
- improves the buttons visually hidden accessibility text
Props walbo, afercia.
Fixes#36627.
git-svn-id: https://develop.svn.wordpress.org/trunk@43020 602fd350-edb4-49c9-b593-d223f7449a82
By making the pagination links use the default style for buttons, color contrast
is improved and the CSS is simplified. Improves consistency with other UI controls.
Also, slightly increases the white space below the pagination links.
Props benoitchantre, afercia.
Fixes#41858.
git-svn-id: https://develop.svn.wordpress.org/trunk@43019 602fd350-edb4-49c9-b593-d223f7449a82
The updated version of the nag is shorter, more on point and less aggressive than the previous one. It integrates better with the other dashboard widgets and fixes several accessibility concerns. A yellow warning color is used when the current PHP version is outdated, a red error color is used when it is also insecure.
Props afercia, birgire, danieltj, flixos90, johnjamesjacoby, karmatosed, Luciano Croce, nerrad, pento, schlessera, SergeyBiryukov, sonjaleix.
Fixes#41191.
git-svn-id: https://develop.svn.wordpress.org/trunk@43006 602fd350-edb4-49c9-b593-d223f7449a82
This iterates on earlier versions of the code, in order to handle more edge cases. An arbitrary string like `or=\"` will now be stripped, as well as reachability scopes like `%eth0`.
Props eamax, soulseekah, iandunn.
Fixes#41083.
git-svn-id: https://develop.svn.wordpress.org/trunk@42968 602fd350-edb4-49c9-b593-d223f7449a82
* When show_split_view argument false, show title changes in a single column and only show title once if title is unchanged.
Props johnbillion, mbelchev.
Fixes#42402.
git-svn-id: https://develop.svn.wordpress.org/trunk@42966 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adjusts the tone of the message to fit the usual core voice better and addresses accessibility concerns.
Props schlessera.
See #41191.
git-svn-id: https://develop.svn.wordpress.org/trunk@42891 602fd350-edb4-49c9-b593-d223f7449a82
Make `<br />` tags on the screen behave as line breaks again after [41836]. Add a missing fieldset + legend for better accessibility.
Props afercia, RavanH, obenland, garrett-eclipse.
Fixes#42724. See #34539.
git-svn-id: https://develop.svn.wordpress.org/trunk@42864 602fd350-edb4-49c9-b593-d223f7449a82
`edit_user()` can also update user roles but was still using the `edit_users` capability instead of the newer `promote_users` capability introduced in [14176].
This makes the role handling consistent with the bulk dropdown menu for role changes.
Props flixos90, johnjamesjacoby, ocean90.
Fixes#42564.
git-svn-id: https://develop.svn.wordpress.org/trunk@42855 602fd350-edb4-49c9-b593-d223f7449a82
A new global multisite table `wp_blogmeta` is added to the database schema, and a set of `*_site_meta()` API functions are introduced.
The implementation fails gracefully when the new table is not yet available, which may happen especially shortly after the core update, before the network has been upgraded to the new database schema. The presence of the table is detected once and stored as a global setting on the main network.
Core does not yet use site metadata, but there are several use-cases to be implemented or explored in the near future, and it allows plugins to extend sites with arbitrary data, which will come in particularly handy with the upcoming REST API endpoint for sites.
Props spacedmonkey, johnjamesjacoby, jeremyfelt, flixos90.
Fixes#37923.
git-svn-id: https://develop.svn.wordpress.org/trunk@42836 602fd350-edb4-49c9-b593-d223f7449a82
This new dashboard widget is shown on WordPress sites which are powered by a PHP version which WordPress considers outdated, in order to inform site owners about the resulting problems and to explain how to upgrade to a supported version. An education page for that purpose has been previously created that the widget links to. The link is translatable so that localized versions of the page can be referred to as they become available.
The nag follows the example of the Browse Happy dashboard widget and is only visible for administrators, or network administrators when using multisite. To determine whether it needs to be displayed, a new wordpress.org API introduced prior is called that handles the version logic in a centralized location.
Props flixos90, hedgefield, schlessera.
Fixes#41191.
git-svn-id: https://develop.svn.wordpress.org/trunk@42832 602fd350-edb4-49c9-b593-d223f7449a82
This allows referrer-restricted content from third parties (such as images and fonts) to continue working in the admin area.
Props aranwer104, qcmiao
Fixes#43285
git-svn-id: https://develop.svn.wordpress.org/trunk@42830 602fd350-edb4-49c9-b593-d223f7449a82
WordPress.org currently supports up to 5 million, and with the growth of WordPress, it's expected that that upper bound will increase in the future.
Fixes#43193.
git-svn-id: https://develop.svn.wordpress.org/trunk@42829 602fd350-edb4-49c9-b593-d223f7449a82
Add missing translator comments in `WP_Theme_Install_List_Table` and `wp_notify_postauthor()`.
Add missing commas in some translator comments.
Fixes#43523.
git-svn-id: https://develop.svn.wordpress.org/trunk@42827 602fd350-edb4-49c9-b593-d223f7449a82
* In initCrop, handle touch events in addition to mouse events.
* In imageSelect jQuery plugin, accept event.which of 0 as provided by touch events.
Props yahil, alexgso, joemcgill.
Fixes#41242.
git-svn-id: https://develop.svn.wordpress.org/trunk@42818 602fd350-edb4-49c9-b593-d223f7449a82
Fix an issue where the screen viewport resized to an oversized state on mobile devices after moving sub-menus.
Props kwonye.
Fixes#36884.
git-svn-id: https://develop.svn.wordpress.org/trunk@42817 602fd350-edb4-49c9-b593-d223f7449a82
Links within blocks and lines of text should always be underlined.
Props Travel_girl, chetan200891, Shital Patel.
Fixes#42647.
git-svn-id: https://develop.svn.wordpress.org/trunk@42810 602fd350-edb4-49c9-b593-d223f7449a82
For a number of years, the "Available Widgets" section has been off-limits for
keyboard users. Now it can be used also with the keyboard. This change introduces
also some improvements for assistive technologies.
- makes the widget toggles focusable and adds an `aria-expanded` attribute to indicate their state
- improves the toggles labelling to clarify context (add/edit)
- changes the controls to choose a sidebar from list items to buttons
- adds an `aria-label` attribute to the buttons to clarify their purpose
- adds an `aria-pressed` attribute to the buttons to indicate which one is selected
- improves color contrast of the selected button
- uses a `wp.a11y.speak()` message to announce to screen reader users when a widget has been added to a sidebar
- moves focus back to the toggle button when closing a widget
See #40677.
git-svn-id: https://develop.svn.wordpress.org/trunk@42794 602fd350-edb4-49c9-b593-d223f7449a82
Also, adds an `aria-describedby` attribute to associate the Admin Email field with its description.
Props dipesh.kakadiya, jackreichert, rianrietveld.
Fixes#37331.
git-svn-id: https://develop.svn.wordpress.org/trunk@42793 602fd350-edb4-49c9-b593-d223f7449a82
For a number of years, the link to the Widgets screen "Accessibility mode" lived
in the Screen Options panel, hidden by default. Many users, including assistive
technologies users, weren't able to find it or even aware it existed. By bringing
the link in the main screen, visible by default, this change makes the
"Accessibility mode" easily discoverable for everyone.
Props chetan200891, antonioeatgoat.
Fixes#42778.
git-svn-id: https://develop.svn.wordpress.org/trunk@42790 602fd350-edb4-49c9-b593-d223f7449a82
For better accessibility and semantics, user interface controls that perform an
action should be buttons. Links should exclusively be used for navigation.
Also, adds an `aria-expanded` attribute to communicate the expandable panel state
and improves the buttons spacing.
Props Cheffheid, audrasjb, afercia.
Fixes#38674.
git-svn-id: https://develop.svn.wordpress.org/trunk@42785 602fd350-edb4-49c9-b593-d223f7449a82
For better accessibility and semantics, user interface controls that perform an
action should be buttons. Links should exclusively be used for navigation.
Props Cheffheid, audrasjb.
Fixes#38671.
git-svn-id: https://develop.svn.wordpress.org/trunk@42784 602fd350-edb4-49c9-b593-d223f7449a82
The error response body size is limited to 1 KB by default to avoid taking up too much memory. The size can be increased using `download_url_error_max_body_size` filter.
Props soulseekah, campusboy1987, mihdan, SergeyBiryukov.
Fixes#43329.
git-svn-id: https://develop.svn.wordpress.org/trunk@42773 602fd350-edb4-49c9-b593-d223f7449a82
For better accessibility and semantics, user interface controls that perform an
action should be buttons. Links should exclusively be used for navigation.
Props Cheffeid, audrasjb, afercia.
See #43382, #38677.
Fixes#43376.
git-svn-id: https://develop.svn.wordpress.org/trunk@42767 602fd350-edb4-49c9-b593-d223f7449a82
At the time, having both `required` and `aria-required` meant a wider range of support for browsers and assistive technology. Today, it's safe to use just `required`.
Props shital-patel, afercia, audrasjb.
Fixes#43415.
git-svn-id: https://develop.svn.wordpress.org/trunk@42759 602fd350-edb4-49c9-b593-d223f7449a82
This tag has been used in the past, but should no longer be used. Just using the `static` keyword in code is enough for PhpDocumentor on PHP5+ to recognize static variables and methods, and PhpDocumentor will mark them as static.
Props birgire.
See #42803.
git-svn-id: https://develop.svn.wordpress.org/trunk@42747 602fd350-edb4-49c9-b593-d223f7449a82
This tag has been used in the past, but should no longer be used. Just using the `static` keyword in code is enough for PhpDocumentor on PHP5+ to recognize static variables and methods, and PhpDocumentor will mark them as static.
Props birgire.
See #42803.
git-svn-id: https://develop.svn.wordpress.org/trunk@42745 602fd350-edb4-49c9-b593-d223f7449a82
Trigger a keyup event when clearing the search field in response to closing the add item panel. The keyup event triggers a search and resets the results. Previously, the search field was cleared while the potentially blank search results were left in place making it impossible to select new menu items.
Props Blair jersyer, aranwer104, afercia.
Fixes#43333.
git-svn-id: https://develop.svn.wordpress.org/trunk@42744 602fd350-edb4-49c9-b593-d223f7449a82
Reverts unit test removal, instead changing them to expect the function to be deprecated.
Correct the version the ajax callback was deprecated.
Amends [42614].
Props dlh, ocean90.
Fixes#38922.
git-svn-id: https://develop.svn.wordpress.org/trunk@42737 602fd350-edb4-49c9-b593-d223f7449a82
For better accessibility and semantics, user interface controls that perform an
action should be buttons. Links should exclusively be used for navigation.
See #38677 / [42725].
Fixes#43382.
git-svn-id: https://develop.svn.wordpress.org/trunk@42727 602fd350-edb4-49c9-b593-d223f7449a82
WordCamps are celebrations of the local WordPress Community and once a local one is scheduled, people in that community should know it is coming. This adjusts the WordPress Events in the dashboard widgets to always display a WordCamp, even if there are multiple Meetups happening first.
Props iandunn, metalandcoffee, warmlaundry, alejandroxlopez, jorbin.
Fixes#41112.
git-svn-id: https://develop.svn.wordpress.org/trunk@42726 602fd350-edb4-49c9-b593-d223f7449a82
For better accessibility and semantics, user interface controls that perform an
action should be buttons. Links should exclusively be used for navigation. Also,
adds an `aria-expanded` attribute to the button to communicate to assistive
technologies the expanded / collapsed status of the Quick Edit form.
Props Cheffheid, audrasjb, afercia.
Fixes#38677.
git-svn-id: https://develop.svn.wordpress.org/trunk@42725 602fd350-edb4-49c9-b593-d223f7449a82
Although unitless zero is allowed for `<length>` CSS data type, it's invalid for `<time>` data type.
Props chetan200891, manuel_84, GaryJ.
Fixes#43195.
git-svn-id: https://develop.svn.wordpress.org/trunk@42689 602fd350-edb4-49c9-b593-d223f7449a82
This filter shows comments made by the current user, and copies the same filter functionality that's available on the post listing screens.
Props Iceable
Fixes#42379
git-svn-id: https://develop.svn.wordpress.org/trunk@42684 602fd350-edb4-49c9-b593-d223f7449a82
While intended as a playful error message, `Cheatin’ uh?` can be interpreted as insulting or accusatory in an already stressful situation. This replaces Cheatin’ with more meaningful error messages, depending on the error that occurs.
Props ElectricFeet, EricMeyer, karmatosed, dd32, BandonRandon, melchoyce for language; dmsnell for original patch; peterwilsoncc.
Fixes#38332.
git-svn-id: https://develop.svn.wordpress.org/trunk@42648 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the Screen Options toggle and the related panel content
were hidden on small screens, preventing access to important settings,
including the ability to toggle the meta boxes visibility.
Props chetan200891.
Fixes#40985.
git-svn-id: https://develop.svn.wordpress.org/trunk@42644 602fd350-edb4-49c9-b593-d223f7449a82
As per the WordPress CSS coding standards, CSS properties with values that require quotes must use double quotes.
Also fixes some indentation and spacing.
Fixes#43220.
git-svn-id: https://develop.svn.wordpress.org/trunk@42641 602fd350-edb4-49c9-b593-d223f7449a82
Deprecate wp_ajax_ajax_tag_search and switch to using the REST API when searching tags in the tags meta box.
Props nacin, chriscct7, afercia, swissspidy, jnylen0, rmccue, ryelle.
Fixes#38922.
git-svn-id: https://develop.svn.wordpress.org/trunk@42614 602fd350-edb4-49c9-b593-d223f7449a82
A user should still be able to have the capability, even when language packs cannot be automatically installed. The automatic installation part is separate from that now.
Props flixos90.
Fixes#42697.
git-svn-id: https://develop.svn.wordpress.org/trunk@42606 602fd350-edb4-49c9-b593-d223f7449a82
JSHint inherits a license from JSLint that includes the clause "The Software shall be used for Good, not Evil." WordPress's license specifically allows grants the freedom to run the program, for any purpose. Please note, this is not an encouragement of evil. Rather than doing something evil, how about learning to love those around you. Instead of tweeting lies and saying people are "Not Good!", help your neighbor. In the words of Lin Manual Miranda, "Love is love is love is love is love is love is love is love, cannot be killed or swept aside."
This replaces JSHint with esprima, a part of the larger jQuery project, and a custom wrapper for some basic error checking within codemirror.
The existing JSHint configuration is kept in place in case someone wants to use that, but they can only do so for Good.
Fixes#42850
Props netweb for a spelling fix on a comment.
git-svn-id: https://develop.svn.wordpress.org/trunk@42547 602fd350-edb4-49c9-b593-d223f7449a82
