As this can cause large, long running queries on sites with many posts, this filter allows the query to be modified, bypassing entirely if needed.
Fixes#51660.
Props geoffguillain, SergeyBiryukov, hareesh-pillai, hellofromTonya, TimothyBlynJacobs, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@50163 602fd350-edb4-49c9-b593-d223f7449a82
The Privacy settings pages now use the same design patterns as the Site Health screen. Additionally, each privacy policy guide is now contained in an accordion to make the page easier to navigate when multiple plugins are in use.
Props xkon, hedgefield, garrett-eclipse, hellofromTonya, paaljoachim, joedolson.
Fixes#49264.
git-svn-id: https://develop.svn.wordpress.org/trunk@50161 602fd350-edb4-49c9-b593-d223f7449a82
This adds a form option to skip the admin email alert when exporting personal data.
Props xkon, azaozz, TZ-Media, iandunn, desrosj, iprg, allendav, wesselvandenberg, karmatosed, birgire, davidbaumwald, estelaris, paaljoachim, hellofromTonya.
Fixes#43890.
git-svn-id: https://develop.svn.wordpress.org/trunk@50159 602fd350-edb4-49c9-b593-d223f7449a82
Previously, it was unclear that the displayed password is only being suggested and should be saved by clicking the Reset Password button.
This adds separate Generate Password and Save Password buttons, for clarity.
Props xkon, estelaris, jaymanpandya, hedgefield, audrasjb, erichmond, magicroundabout, lukecavanagh, knutsp, tinodidriksen, nico_martin, markhowellsmead, kara.mcnair, e_baker, pixelverbieger, souri_wpaustria, megabyterose, poena, whyisjake.
Fixes#39638.
git-svn-id: https://develop.svn.wordpress.org/trunk@50153 602fd350-edb4-49c9-b593-d223f7449a82
This allows for the capture and usage of error data from the method, to facilitate a potential plugin/theme rollback in the event of an update failure.
Props afragen, dd32.
Fixes#52381.
git-svn-id: https://develop.svn.wordpress.org/trunk@50151 602fd350-edb4-49c9-b593-d223f7449a82
Previously, all logic utilizing `getimagesize()` was supressing errors making it difficult to debug usage of the function.
A new `wp_getimagesize()` function has been added to allow the errors to no longer be suppressed when `WP_DEBUG` is enabled.
Props Howdy_McGee, SergeyBiryukov, mukesh27, davidbaumwald, noisysocks, hellofromTonya.
Fixes#49889.
git-svn-id: https://develop.svn.wordpress.org/trunk@50146 602fd350-edb4-49c9-b593-d223f7449a82
This brings some consistency with other list tables and allows for adding custom column data to columns registered with `manage_export-personal-data_columns` or `manage_erase-personal-data_columns` filters.
Props xkon, garrett-eclipse, birgire, pbiron, hellofromTonya, TimothyBlynJacobs, 7studio, mukesh27, Mista-Flo.
Fixes#44354.
git-svn-id: https://develop.svn.wordpress.org/trunk@50145 602fd350-edb4-49c9-b593-d223f7449a82
When no events are available in the Events Widget, people have always been shown a message encouraging them to help organize one (see `tmpl-community-events-no-upcoming-events`). Now that it's common for online WordCamps and Learn discussion groups to be pinned to the Events API, it's rare that there are no events in the widget, even if there are no _local_ events. Because of that, users are rarely encouraged to join their local community and help organize.
This commit adds an additional call-to-action message, which is shown when there are only 1 or 2 events available.
Props anyssa, sippis, AmethystAnswers.
Fixes#51664.
git-svn-id: https://develop.svn.wordpress.org/trunk@50133 602fd350-edb4-49c9-b593-d223f7449a82
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.
This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.
* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
* A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
* The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
* The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
* For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
* A new `wp_update_urls_to_https()` function takes care of the update routine.
* A new `update_https` meta capability is introduced to control access.
* If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
* A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
* A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.
Props flixos90, timothyblynjacobs.
Fixes#51437.
git-svn-id: https://develop.svn.wordpress.org/trunk@50131 602fd350-edb4-49c9-b593-d223f7449a82
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.
The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.
Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes#34281.
git-svn-id: https://develop.svn.wordpress.org/trunk@50129 602fd350-edb4-49c9-b593-d223f7449a82
Fix an issue where viewing an autosave created on a post without any previous revisions would throw a PHP notice. Also fixes the revision screen which was broken in these cases and showed a console error.
Props iseulde.
Fixes#31249.
git-svn-id: https://develop.svn.wordpress.org/trunk@50128 602fd350-edb4-49c9-b593-d223f7449a82
Previously, "You are using a development version" message could be displayed if the user has configured core updates to receive Beta or RC versions, but the update has not happened yet.
This brings some consistency with displaying a similar message in `core_upgrade_preamble()` on WordPress Updates screen.
Follow-up to [49708], [49736].
Props afragen, pbiron, azaozz, audrasjb, SergeyBiryukov.
Fixes#51976.
git-svn-id: https://develop.svn.wordpress.org/trunk@50121 602fd350-edb4-49c9-b593-d223f7449a82
This provides a more consistent location for these strings and allows for reusing them in other places without hardcoding them in the markup.
Props nicolalaserra, audrasjb, johnjamesjacoby, SergeyBiryukov.
Fixes#42421.
git-svn-id: https://develop.svn.wordpress.org/trunk@50120 602fd350-edb4-49c9-b593-d223f7449a82
The `WP_AUTO_UPDATE_CORE` constant now supports `development` and `branch-development` values.
This makes it possible for sites to opt-in to updating to nightly builds without having to install a plugin.
Follow-up to [49245], [49292].
Props xkon, knutsp, afragen, audrasjb, dd32.
Fixes#51978.
git-svn-id: https://develop.svn.wordpress.org/trunk@50082 602fd350-edb4-49c9-b593-d223f7449a82
Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.
* Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
* Link to the respective input fields via anchor links rather than to the overall General Settings screen.
* Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
* Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
* Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the `https_status` test to become asynchronous.
* Rename the new private `wp_is_owned_html_output()` function to a more appropriate `wp_is_local_html_output()`.
Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.
git-svn-id: https://develop.svn.wordpress.org/trunk@50072 602fd350-edb4-49c9-b593-d223f7449a82
By moving from `.html` to `.php` files, we can prevent directory listings, and ensure that WordPress can load.
Fixes#52299.
Props lucasbustamante, xkon, freewebmentor, SergeyBiryukov, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@50037 602fd350-edb4-49c9-b593-d223f7449a82
The version checks that are setup in `wp-includes/update.php` do set up the action, but only for the main site.
Fixes#52135.
Props audrasjb, SergeyBiryukov, maxpertici, aaribaud.
git-svn-id: https://develop.svn.wordpress.org/trunk@50035 602fd350-edb4-49c9-b593-d223f7449a82
The function `wp_text_diff` generated an invalid table structure if the $args parameter contained any values. This patch corrects the structure generated by `wp_text_diff` and related usages so that the column count matches the data generated. Additionally, this patch passes arguments to the Revisions screen so that the screen has column headings that reflect the content in each column. Improves the accessibility and usability of the Revisions table.
Props joedolson, mehulkaklotar, afercia, adamsilverstein, zodiac1978, jeremyfelt
Fixes#25473
git-svn-id: https://develop.svn.wordpress.org/trunk@50034 602fd350-edb4-49c9-b593-d223f7449a82
Italicized text can be difficult to read for some people with dyslexia or related forms of reading disorders. This removes italics on a number of larger blocks onpm run grunt rpf text in the admin. This has been a task 5.3; this commit closes the task. Further instances of italicized text should be addressed individually.
Props afercia, xkon, audrasjb
Fixes#47327
git-svn-id: https://develop.svn.wordpress.org/trunk@50032 602fd350-edb4-49c9-b593-d223f7449a82
This is part of a larger project in cleaning up core's admin CSS. This collapses all colors used in the CSS to one of 12 blues, greens, reds, and yellows, 13 grays, pure black, and pure white. The colors are perceptually uniform from light to dark, half of each range has a 4.5 or higher contrast against white, the other half has a 4.5 or higher contrast against black.
Standardizing on this set of colors will help contributors make consistent, accessible design decisions. The full color palette can be seen here: https://codepen.io/ryelle/full/WNGVEjw
Props notlaura, danfarrow, kburgoine, drw158, audrasjb, Joen, hedgefield, ibdz, melchoyce.
See #49999.
git-svn-id: https://develop.svn.wordpress.org/trunk@50025 602fd350-edb4-49c9-b593-d223f7449a82
Since WordPress 2.5 and 2.6, `post_content` and `post_excerpt` have both had export-specific filters: `the_content_export`, and `the_excerpt_export`, respectively. `post_title`, however, has used `the_title_rss`, which behaves differently in two important ways:
- It strips HTML tags from the string.
- It HTML-encodes the title string.
These behaviours are not ideal for exports, since it changes the post title, resulting in data loss in export files, and incorrect post duplicate matching on import. This changes replaces the usage of `the_title_rss` with a new filter, `the_title_export`. The new filter is intended to be used in the same as `the_content_export` and `the_excerpt_export`.
Props jmdodd, audrasjb.
Fixes#52250.
git-svn-id: https://develop.svn.wordpress.org/trunk@50011 602fd350-edb4-49c9-b593-d223f7449a82
To be able to disable jQuery Migrate as step 3 of updating the jQuery version shipped with WordPress, all `JQMIGRATE` warnings in the browser console will have to be addressed.
This includes many minor adjustments to a wide array of core files.
Follow-up to:
* Step 1: Disabling jQuery Migrate 1.4.1 in WordPress 5.5: [48323], [48324]
* Step 2: Updating jQuery to 3.5.1 and adding jQuery Migrate 3.3.x in WordPress 5.6: [49101], [49338], [49615], [49649]
Props Clorith, azaozz.
See #51812.
git-svn-id: https://develop.svn.wordpress.org/trunk@50001 602fd350-edb4-49c9-b593-d223f7449a82
This makes the button label more clear and allows for removing unnecessary description.
Props afragen, audrasjb.
Fixes#51774.
git-svn-id: https://develop.svn.wordpress.org/trunk@49984 602fd350-edb4-49c9-b593-d223f7449a82
Previously, attachments without an author could cause a PHP fatal error due to calling the `::exists()` method on a `false` value.
Props antpb, carloscastilloadhoc, hellofromTonya, garrett-eclipse.
Fixes#52030.
git-svn-id: https://develop.svn.wordpress.org/trunk@49979 602fd350-edb4-49c9-b593-d223f7449a82
This allows for better readability and easier understanding of where each section opens and closes.
Props laxman-prajapati, hansjovisyoast, audrasjb.
Fixes#51014.
git-svn-id: https://develop.svn.wordpress.org/trunk@49975 602fd350-edb4-49c9-b593-d223f7449a82
This replaces "user privacy" in various error messages with "personal data", for consistency with other existing strings.
Follow-up to [49090].
Props xkon, transl8or.
Fixes#51849.
git-svn-id: https://develop.svn.wordpress.org/trunk@49970 602fd350-edb4-49c9-b593-d223f7449a82
The section is intended to tell how to contact the website owners, and is not about the visitor's contact information.
Props shital-patel, TylerTork, audrasjb.
Fixes#52272.
git-svn-id: https://develop.svn.wordpress.org/trunk@49956 602fd350-edb4-49c9-b593-d223f7449a82
This joyous marriage means that users will no longer find a selected top bulk action on a list table unexpectedly being applied instead of their selected bottom bulk action. The top and bottom controls for changing user roles are equally wedded forever too.
Props clayray, subrataemfluence, garrett-eclipse, pbiron, hareesh-pillai
Fixes#46872
git-svn-id: https://develop.svn.wordpress.org/trunk@49944 602fd350-edb4-49c9-b593-d223f7449a82
In [49154] the async Site Health tests were changed to use the REST API instead of admin-ajax. An unintended side effect of this change was that the loopback tests which tried to ping the site's `admin_url()` were no longer authenticated because admin-cookies aren't provided to the REST API.
This commit adjusts the loopback test to use the front-end `site_url` which checks that cron will function properly. A follow-up ticket will focus on tests that will cover the file editor checks.
Props Clorith.
Fixes#52097.
See #48105.
git-svn-id: https://develop.svn.wordpress.org/trunk@49917 602fd350-edb4-49c9-b593-d223f7449a82
This allows for more flexibility when determining which version of a post is the latest one, and makes it possible to implement import logic involving updating and adding revisions to existing posts or pages.
Props jmdodd.
Fixes#52180.
git-svn-id: https://develop.svn.wordpress.org/trunk@49910 602fd350-edb4-49c9-b593-d223f7449a82
This changeset modifies the Site Health panel for HTTPS to provide more accurate recommendations based on whether the environment is already set up for HTTPS.
* Introduces `wp_is_using_https()` to check whether the site is configured to use HTTPS (via its Site Address and WordPress Address).
* Introduces `wp_is_https_supported()` to check whether the environment supports HTTPS. This relies on a cron job which periodically checks support using a loopback request.
Props Clorith, flixos90, miinasikk, westonruter.
Fixes#47577.
git-svn-id: https://develop.svn.wordpress.org/trunk@49904 602fd350-edb4-49c9-b593-d223f7449a82
The dynamic portion of the hook name, `$action`, refers to the post action.
Props iandunn, jakub.tyrcha, nacin, wonderboymusic, Mte90, johnbillion
Fixes#16849
git-svn-id: https://develop.svn.wordpress.org/trunk@49845 602fd350-edb4-49c9-b593-d223f7449a82
