GDPR Compliance Chat Agenda – May 23

Agenda proposal:

  • 4.9.6 vs 4.9.7 and 4.9.8
  • Roadmap v2
  • Ticket prioritization 
  • Open discussion

Join us on slack at 15:00 UTC.
Open trac tickets
#gdpr-compliance, #agenda

Source: WordPress Development Updates

Dev Chat Agenda: May 23rd (4.9.7 week 1)

This is the agenda for the weekly dev meeting on May 23, 2018 at 20:00 UTC / May 23, 2018 at 20:00 UTC:

If you have anything to propose to add to the agenda or specific items related to the above, please leave a comment below. See you there!

#4-9-6, #4-9-7, #agenda, #core, #dev-chat

Source: WordPress Development Updates

PHP Meeting Recap – May 14th

This recap is a summary of our previous PHP meeting. It highlights the ideas and decisions which came up during that meeting, both as a means of documenting and to provide a quick overview for those who were unable to attend.

You can find this meeting’s chat log here.

Chat Summary

  • We couldn’t yet discuss the feedback from the design team, as they hadn’t yet processed the ticket in their meeting.
  • @sergey couldn’t make progress on enforcing the “Requires PHP” header, obviously, as he was busy helping to wrangle the 4.9.6 release.
  • @flixos90 has introduced a new tag on Trac to track the Servehappy tickets: (available at for the memory-challenged amongst us 😜).
  • We discussed whether the PHP version that is being sent to the .org API could be problematic (GDPR, security). The consensus seems to be that this is data that is usually already available through other API requests (and often is even being transferred by servers in the header information), so we should be good. It is meant to be used to give more contextual information to the user about what the version number actually entails.
  • @flixos90 mentioned that we should not only focus on plugins for enforcing the PHP requirements but also include themes as well. @schlessera will look at what the differences between plugins & themes entail and then create Trac tickets accordingly.

Post-Meeting Updates

  • @afragen built a first pass for #43986 – Disable “Install Plugin” button for PHP required version mismatch.
  • The design team has discussed the “Upgrade PHP” page and collected some feedback. @jaymanpandya is working on implementing this feedback and will get back to us once he has been able to complete something.

Next week’s meeting

  • Next meeting will take place on Monday, May 21st, 2018 at 15:00 UTC in #core-php.
  • Agenda: Check whether there’s updates on the “Upgrade PHP” design review and discuss “Requires PHP” enforcement details.
  • If you have suggestions about this but cannot make the meeting, please leave a comment on this post so that we can take them into account.

Source: WordPress Development Updates

What’s new in Gutenberg? (18th May)

This update is packed with improvements and fixes. It introduces the Plugin API that allows pinning items for quick access in the editor header. There are many refinements to the UI and consistency of various block tools. Toolbars now expose the keyboard shortcuts used to access most features. It also includes significant improvements around API support — lifting limits to various endpoints, capabilities, conditional UI, etc. Dive into the changes below to find all the details.

Showing how pinning a plugin item works.

2.9 🍂

Source: WordPress Development Updates

Dev Chat Summary: May 16th (4.9.6 week 7)

This post summarizes the dev chat meeting from May 16th (agenda, Slack archive).

4.9.6 planning

Updates from focus leads and component maintainers

  • The REST API team has an update on their progress on closing the gap in the Gutenberg merge proposal milestone as well as notes from their office hours last week. Join them Thursdays at 17:00 UTC if you’d like to chat through any questions you have, they especially want input from long-time contributors and leads on the register_meta changes (see #38323).
  • The JavaScript I18N team posted notes from their meeting last week and discussion around extracting strings from JavaScript and loading the actual translations in a way that makes sense. Join them on Tuesday, May 29th at 15:00 UTC to further discuss how to handle translation loading.
  • @omarreiss posted about adding JavaScript build step and folder reorganization as the first part on preparing for WordPress’ JavaScript future. Please give that a review and provide feedback or help as you have time/interest.
  • @rianrietveld posted about Pair programming on the contributors day to join accessibility experts and Gutenberg developers and work to close the 11 remaining issues in the accessibility merge proposal milestone for Gutenberg. If you are a developer that knows your way around the Gutenberg code and are going to WordCamp Europe in Belgrade, then please ping @rianrietveld… thanks!

General announcements

  • @danieltj working on merge proposal for Dark Mode (see #41928), currently working on review for the WP Coding Standards and an a11y review
  • @presskopp looking for UI feedback on #35288, especially if “Search Engine Visibility” be reflected under Settings >> Privacy

Next meeting

The next meeting will take place on May 23, 2018 at 20:00 UTC / May 23, 2018 at 20:00 UTC in the #core Slack channel. Please feel free to drop in with any updates or questions. If you have items to discuss but cannot make the meeting, please leave a comment on this post so that we can take them into account.

#4-9-6, #core, #core-i18n, #core-js, #core-restapi, #dev-chat, #gdpr-compliance, #gutenberg, #summary

Source: WordPress Development Updates

WordPress 4.9.6 Privacy and Maintenance Release

WordPress 4.9.6 is now available. This is a privacy and maintenance release. We encourage you to update your sites to take advantage of the new privacy features.

A decorative header featuring the text "GDPR" and a lock inside of a blue shield, on multicolor green background.


The European Union’s General Data Protection Regulation (GDPR) takes effect on May 25. The GDPR requires companies and site owners to be transparent about how they collect, use, and share personal data. It also gives individuals more access and choice when it comes to how their own personal data is collected, used, and shared.

It’s important to understand that while the GDPR is a European regulation, its requirements apply to all sites and online businesses that collect, store, and process personal data about EU residents no matter where the business is located.

You can learn more about the GDPR from the European Commission’s Data Protection page.

We’re committed to supporting site owners around the world in their work to comply with this important law. As part of that effort, we’ve added a number of new privacy features in this release.


A screenshot of a comment form, where the new "Save my name, email, and website in this browser for the next time I comment" checkbox is featured.

Logged-out commenters will be given a choice on whether their name, email address, and website are saved in a cookie on their browser.

Privacy Policy Page

A screenshot of the new Privacy Settings page.

Site owners can now designate a privacy policy page. This page will be shown on your login and registration pages. You should manually add a link to your policy to every page on your website. If you have a footer menu, that’s a great place to include your privacy policy.

In addition, we’ve created a guide that includes insights from WordPress and participating plugins on how they handle personal data. These insights can be copied and pasted into your site’s privacy policy to help you get started.

If you maintain a plugin that collects data, we recommend including that information in WordPress’ privacy policy guide. Learn more in our Privacy section of the Plugin Handbook.

Data Handling

A screenshot of the new Export Personal Data tools page. Several export requests are listed on the page, to demonstrate how the new feature will work.

Data Export

Site owners can export a ZIP file containing a user’s personal data, using data gathered by WordPress and participating plugins.

Data Erasure

Site owners can erase a user’s personal data, including data collected by participating plugins.


A request has been made to perform the following action on your account:

Export Personal Data

To confirm this, please click on the following link:…

You can safely ignore and delete this email if you do not want to
take this action.

This email has been sent to

Your friends at WordPress

Site owners have a new email-based method that they can use to confirm personal data requests. This request confirmation tool works for both export and erasure requests, and for both registered users and commenters.


95 updates were made in WordPress 4.9.6. In addition to the above, particularly of note were:

  • “Mine” has been added as a filter in the media library.
  • When viewing a plugin in the admin, it will now tell you the minimum PHP version required.
  • We’ve added new PHP polyfills for forwards-compatibility and proper variable validation.
  • TinyMCE was updated to the latest version (4.7.11).

This post has more information about all of the issues fixed in 4.9.6 if you’d like to learn more.

Download WordPress 4.9.6 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates will start updating soon.

Please note that if you’re currently on WordPress 4.9.3, you should manually update your site immediately.

Thank you to everyone who contributed to WordPress 4.9.6:
Aaron D. Campbell, Aaron Jorbin, abdullahramzan, Adam Silverstein, Alain Schlesser, allendav, Andrea Fercia, Andrea Middleton, Andrew Ozz, Ayesh Karunaratne, Birgir Erlendsson (birgire), bridgetwillard, Burlington Bytes, Chetan Prajapati, claudiu, Corey McKrill, Daniel Bachhuber, David Herrera, Dominik Schilling (ocean90), Ella Van Dorpe, Eric Daams, Fernando Claussen, Garrett Hyder, Gary Pendergast, Heather Burns, Helen Hou-Sandi, herregroen, Ian Dunn, ibelanger, imath, Jb Audras, Jeffrey Paul, Jeremy Felt, Jesper V Nielsen, JJJ, Joe McGill, John Blackbourn, Jonathan Desrosiers, Josepha, jrf, Kåre Mulvad Steffensen, Laken Hafner, laurelfulford, lbenicio, macbookandrew, Marius L. J., Mel Choyce, Michael Nelson, Mike Jolley, Pascal Casier, pbrocks, postphotos, Prashant Baldha, PressTigers, programmin, Robin Cornett, Sergey Biryukov, Stefano Lissa, Stephane Daury (stephdau), Subrata Sarkar, Tammie Lister, teddytime, thomasplevy, Timothy Jacobs, Tobias Zimpel, Tom J Nowell, Tor-Bjorn Fjellner, Towhidul Islam, voneff, William Earnhardt, and Xenos (xkon) Konstantinos.

Source: WordPress

4.9.6 Update Guide

Included in WordPress 4.9.6 are several new functions and tools that you should be aware of. Here is a brief breakdown of resources to help you become acquainted with WordPress 4.9.6.

Attention: Theme Authors

4.9.6 adds several new privacy related features, one of which may require a small styling adjustment. These are detailed in the following dev note.

Changes that Affect Theme Authors in WordPress 4.9.6


WordPress 4.9.6 introduces some new tools related to data privacy. This includes a tool for users to request an export of all the stored data associated with them on the site. It also includes a tool for users to request erasure of that same data. Both tools include admin workflows to fulfill those requests.

To help plugin and theme authors integrate with these new tools, several new pages in the Handbook have been created.

Suggesting text for the site privacy policy
Adding the Personal Data Exporter to Your Plugin
Adding the Personal Data Eraser to Your Plugin
Privacy Related Options, Hooks and Capabilities

New PHP Polyfills

To help WordPress Core, plugins, and themes with forward compatibility, a polyfill for each of these functions has been added in 4.9.6. When a site is not running a version of PHP that includes these functions, WordPress will automatically load these polyfills.

New PHP Polyfills in 4.9.6

TinyMCE Update

TinyMCE has been updated from version 4.6.7 to version 4.7.11. This update provides a large number of bug fixes. For more information, see #43862.

A full list of bugs and enhancements in 4.9.6 can be found on Trac.

#4-9-6, #field-guide

Source: WordPress Development Updates

Changes that Affect Theme Authors in WordPress 4.9.6

Update 5/18: Added note about privacy policy management on multisite installs.
Update 5/17: Added details about themes passing the fields argument to comment_form().

In WordPress 4.9.6, several tools were introduced to help sites meet the requirements of the new European Union’s new GDPR (General Data Protection Regulation) laws. This post will detail what theme authors need to know about compatibility with the new features.

Theme authors should test their themes to confirm that there are no design conflicts between the new features and their themes detailed below.

Privacy Policy Pages

WordPress 4.9.6 introduced the ability to easily select a page as a privacy policy for a site in the Settings > Privacy section of the admin area (#43435). For new sites, a privacy policy template page will automatically be created in draft status (#43491).

To easily link to the selected page in plugins and themes, three template tags have been added (#43850):

  • get_privacy_policy_url() – Retrieves the URL to the privacy policy page.
  • the_privacy_policy_link() – Displays the privacy policy link with formatting, when applicable.
  • get_the_privacy_policy_link() – Returns the privacy policy link with formatting, when applicable.

Note: On multisite installs, only super admins are allowed to manage privacy policies. If one policy is desired for the entire multisite, the `privacy_policy_url` filter can be used to accomplish this. See #43919.


The following example will display the privacy policy link surrounded by a <div>.

if ( function_exists( 'the_privacy_policy_link' ) ) {
        the_privacy_policy_link( '<div>', '</div>');

Commenter Cookie Opt-Ins

When a logged out user comments on a post, they are asked for their name, email, and website. This information is stored locally in the commenter’s browser for two purposes:

  1. When they leave another comment on the site, their name, email, and website will be pre-populated into the respective fields.
  2. If their comment is held for moderation, they can return to that post and remove the comment before it is approved.

The information stored in this cookie is for convenience and is not essential. Therefore, the user needs to be given the choice to opt in or opt out of the storage of this data.

For this reason, a checkbox has been added to the comment form that allows commenters to opt-in to storing this data in the cookie. This checkbox will be unchecked by default, as opt-in is an action the user must explicitly approve.

The new checkbox field is automatically added to comment forms displayed using the comment_form() function inside a p.comment-form-cookies-consent element.

While most themes will not require any action, it is recommended that you double check that the new input and label does not require CSS adjustments in custom themes.

For more information on this change, check out #43436 on Trac,

Themes Overriding Comment Forms

By default, WordPress automatically displays the new checkbox field discussed above. However, if a theme is passing the fields argument to the comment_form() function, the field will not display and needs to be added to the list of fields.


The following example will only display the email field above the comment message field in the comments form.

		'fields' => array(
			'email' => 'field markup',

After updating, the new comment opt-in field will need to be added.

		'fields' => array(
			'email' => 'field markup',
			'cookies' => 'opt-in field markup',

The default markup for the field can be found in wp-includes/comment-template.php.

A second option for fixing this would be to utilize the comment_form_default_fields filter instead. Using this filter, default comment fields can be added or removed without having to pass the fields argument to the function.

Bundled Themes

All 8 currently supported bundled themes (Twenty Ten-Twenty Seventeen) have been updated to support these changes. Site footers will display a link to the site’s privacy policy when one has been selected (#43715), and the commenter cookie opt-in field has been styled.

Child themes built on top of bundled themes should be checked to see if any adjustments are necessary for the privacy policy link in the footer.

Source: WordPress Development Updates

New PHP Polyfills in 4.9.6

It is considered good practice to validate variables before using them. As using type declarations is still very rare in the WordPress world, parameters passed in to functions may not be of the variable type expected. Similarly, the type of variable returned by a filter may have changed due to incorrect usage of the filter by plugins or themes.

One particular situation which causes bugs often is counting something which isn’t countable. Proper variable validation can prevent those bugs.

In PHP 7.2, a warning was introduced when count() is used on an uncountable value. PHP 7.3 will introduce the  function is_countable(), which will help prevent this warning by checking that the passed variable is actually countable (the RFC has passed the vote and the function has already been implemented and merged into PHP Core).

Using count() to detect if a value is iterable (able to be passed to a foreach() loop, for example), is also a common practice. However, this will also result in warnings when upgrading to PHP 7.2. In PHP 7.1, the is_iterable() function was introduced to help prevent these warnings.

To help WordPress Core, plugins, and themes be forwards compatible, a polyfill for each of these functions has been added in 4.9.6. When a site is not running a version of PHP that includes these functions, WordPress will automatically load these polyfills.

Checking A Value Is Countable

is_countable() was introduced in #43583.

Old Way

if ( count( $var ) > 0 ) {
        // Do something.

New Way

if ( is_countable( $var ) && count( $var ) > 0 ) {
        // Do something.

Checking A Value Is Iterable

is_iterable() was introduced in #43619.

Old Way

if ( count( $var ) > 0 ) {
        foreach( $var as $key => $value) {
                // Do something.

New Way

if ( is_iterable( $var ) ) {
        foreach( $var as $key => $value) {
                // Do something.

Updating Core

New tickets should be opened on Trac for instances in Core that would benefit from these new functions on a case by case basis. Since all instances of count() and foreach() should be verified, a meta ticket has been opened to keep track of which files have been checked (#44123).

Want to learn how to write better conditions?

To better understand how variables behave in various PHP versions, how to write better conditions, and to improve variable validation, you may like the PHP Cheat Sheets website.

#4-9-6, #dev-notes

Source: WordPress Development Updates

REST API Meeting Summary: May 10

This post summarizes the REST API component team meeting from May 10 in the #core-restapi channel.

Gutenberg Priorities

Following up on this blog post outlining priority REST API issues affecting Gutenberg, we discussed ongoing work to address these questions. If you’re interested in helping with these projects, review the linked blog post and tickets in the Gutenberg “Merge Proposal: REST API” milestone; all assistance is welcome!

register_meta improvements

The remainder of the meeting was focused on ongoing discussion about upcoming changes to register_meta. Per the summary posted last week, we are introducing the ability to limit meta registration to a specific “object subtype” (e.g. specify meta for a single post type, rather than forcing registration for all post types equally). We will also be introducing wrapper functions such as register_post_meta() to encourage use of the new subtype argument. See ticket #38323 for the latest patch.

The REST API team requests review from committers and any developers with prior history around meta. There’s some great discussion going on but these changes will have a strong impact on how we do data-modeling in the REST API, so we want to make sure that all interested parties are involved. See in particular this comment on trac for a summary of the latest patch, and some remaining open questions:

  • Meta-registration wrapper functions are being introduced for term and post object subtypes; should we introduce wrapper functions for comment and user meta objects, which do not currently support the concept of object subtypes?
  • Are “object type” and “object subtype” the best names for these parameters? Are they good enough?

Please check out the ticket (#38323) for further discussion.

Source: WordPress Development Updates