Merge branch 'release/19.2'

Yoast · Jun 28, 2022 · c611f49 · c611f49
2 parents 6cb372d + 8228ae8
commit c611f49
Show file tree

Hide file tree

Showing 279 changed files with 4,346 additions and 1,150 deletions.
diff --git a/admin/ajax/class-shortcode-filter.php b/admin/ajax/class-shortcode-filter.php
@@ -25,11 +25,21 @@ public function __construct() {
 	public function do_filter() {
 		check_ajax_referer( 'wpseo-filter-shortcodes', 'nonce' );
 
-		$shortcodes = filter_input( INPUT_POST, 'data', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY );
+		if ( ! isset( $_POST['data'] ) || ! is_array( $_POST['data'] ) ) {
+			// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: WPSEO_Utils::format_json_encode is considered safe.
+			wp_die( WPSEO_Utils::format_json_encode( [] ) );
+		}
 
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason: $shortcodes is getting sanitized later, before it's used.
+		$shortcodes        = wp_unslash( $_POST['data'] );
 		$parsed_shortcodes = [];
 
 		foreach ( $shortcodes as $shortcode ) {
+			if ( $shortcode !== sanitize_text_field( $shortcode ) ) {
+				// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: WPSEO_Utils::format_json_encode is considered safe.
+				wp_die( WPSEO_Utils::format_json_encode( [] ) );
+			}
+
 			$parsed_shortcodes[] = [
 				'shortcode' => $shortcode,
 				'output'    => do_shortcode( $shortcode ),

diff --git a/admin/capabilities/class-register-capabilities.php b/admin/capabilities/class-register-capabilities.php
@@ -21,6 +21,11 @@ public function register_hooks() {
 		if ( is_multisite() ) {
 			add_action( 'user_has_cap', [ $this, 'filter_user_has_wpseo_manage_options_cap' ], 10, 4 );
 		}
+
+		/**
+		 * Maybe add manage_privacy_options capability for wpseo_manager user role.
+		 */
+		add_filter( 'map_meta_cap', [ $this, 'map_meta_cap_for_seo_manager' ], 10, 2 );
 	}
 
 	/**
@@ -74,4 +79,33 @@ public function filter_user_has_wpseo_manage_options_cap( $allcaps, $caps, $args
 
 		return $allcaps;
 	}
+
+	/**
+	 * Maybe add manage_privacy_options capability for wpseo_manager user role.
+	 *
+	 * @param string[] $caps Primitive capabilities required of the user.
+	 * @param string[] $cap  Capability being checked.
+	 *
+	 * @return string[] Filtered primitive capabilities required of the user.
+	 */
+	public function map_meta_cap_for_seo_manager( $caps, $cap ) {
+		$user = wp_get_current_user();
+
+		// No multisite support.
+		if ( is_multisite() ) {
+			return $caps;
+		}
+
+		// User must be of role wpseo_manager.
+		if ( ! in_array( 'wpseo_manager', $user->roles, true ) ) {
+			return $caps;
+		}
+
+		// Remove manage_options cap requirement if requested cap is manage_privacy_options.
+		if ( $cap === 'manage_privacy_options' ) {
+			return array_diff( $caps, [ 'manage_options' ] );
+		}
+
+		return $caps;
+	}
 }
diff --git a/admin/class-gutenberg-compatibility.php b/admin/class-gutenberg-compatibility.php
@@ -15,14 +15,14 @@ class WPSEO_Gutenberg_Compatibility {
 	 *
 	 * @var string
 	 */
-	const CURRENT_RELEASE = '13.4.0';
+	const CURRENT_RELEASE = '13.5.0';
 
 	/**
 	 * The minimally supported version of Gutenberg by the plugin.
 	 *
 	 * @var string
 	 */
-	const MINIMUM_SUPPORTED = '13.4.0';
+	const MINIMUM_SUPPORTED = '13.5.0';
 
 	/**
 	 * Holds the current version.

diff --git a/admin/class-meta-columns.php b/admin/class-meta-columns.php
@@ -88,11 +88,11 @@ public function column_heading( $columns ) {
 		$added_columns = [];
 
 		if ( $this->analysis_seo->is_enabled() ) {
-			$added_columns['wpseo-score'] = '<span class="yoast-tooltip yoast-tooltip-n yoast-tooltip-alt" data-label="' . esc_attr__( 'SEO score', 'wordpress-seo' ) . '"><span class="yoast-column-seo-score yoast-column-header-has-tooltip"><span class="screen-reader-text">' . __( 'SEO score', 'wordpress-seo' ) . '</span></span></span>';
+			$added_columns['wpseo-score'] = '<span class="yoast-column-seo-score yoast-column-header-has-tooltip" data-tooltip-text="' . esc_attr__( 'SEO score', 'wordpress-seo' ) . '"><span class="screen-reader-text">' . __( 'SEO score', 'wordpress-seo' ) . '</span></span></span>';
 		}
 
 		if ( $this->analysis_readability->is_enabled() ) {
-			$added_columns['wpseo-score-readability'] = '<span class="yoast-tooltip yoast-tooltip-n yoast-tooltip-alt" data-label="' . esc_attr__( 'Readability score', 'wordpress-seo' ) . '"><span class="yoast-column-readability yoast-column-header-has-tooltip"><span class="screen-reader-text">' . __( 'Readability score', 'wordpress-seo' ) . '</span></span></span>';
+			$added_columns['wpseo-score-readability'] = '<span class="yoast-column-readability yoast-column-header-has-tooltip" data-tooltip-text="' . esc_attr__( 'Readability score', 'wordpress-seo' ) . '"><span class="screen-reader-text">' . __( 'Readability score', 'wordpress-seo' ) . '</span></span></span>';
 		}
 
 		$added_columns['wpseo-title']    = __( 'SEO Title', 'wordpress-seo' );
@@ -175,6 +175,11 @@ public function column_sort( $columns ) {
 
 		if ( $this->analysis_seo->is_enabled() ) {
 			$columns['wpseo-focuskw'] = 'wpseo-focuskw';
+			$columns['wpseo-score']   = 'wpseo-score';
+		}
+
+		if ( $this->analysis_readability->is_enabled() ) {
+			$columns['wpseo-score-readability'] = 'wpseo-score-readability';
 		}
 
 		return $columns;
@@ -609,15 +614,31 @@ private function filter_order_by( $order_by ) {
 		switch ( $order_by ) {
 			case 'wpseo-metadesc':
 				return [
+					// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_key -- Reason: Only used when user requests sorting.
 					'meta_key' => WPSEO_Meta::$meta_prefix . 'metadesc',
 					'orderby'  => 'meta_value',
 				];
 
 			case 'wpseo-focuskw':
 				return [
+					// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_key -- Reason: Only used when user requests sorting.
 					'meta_key' => WPSEO_Meta::$meta_prefix . 'focuskw',
 					'orderby'  => 'meta_value',
 				];
+
+			case 'wpseo-score':
+				return [
+					// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_key -- Reason: Only used when user requests sorting.
+					'meta_key' => WPSEO_Meta::$meta_prefix . 'linkdex',
+					'orderby'  => 'meta_value_num',
+				];
+
+			case 'wpseo-score-readability':
+				return [
+					// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_key -- Reason: Only used when user requests sorting.
+					'meta_key' => WPSEO_Meta::$meta_prefix . 'content_score',
+					'orderby'  => 'meta_value_num',
+				];
 		}
 
 		return [];

diff --git a/admin/class-yoast-form.php b/admin/class-yoast-form.php
@@ -99,7 +99,7 @@ public function admin_header( $form = true, $option = 'wpseo', $contains_files =
 			echo '<form action="' .
 				esc_url( $action_url ) .
 				'" method="post" id="wpseo-conf"' .
-				$enctype . ' accept-charset="' .
+				$enctype . ' accept-charset="' . // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- nothing to escape.
 				esc_attr( get_bloginfo( 'charset' ) ) .
 				'" novalidate="novalidate">';
 			call_user_func( $hidden_fields_cb, $option_long_name );
@@ -214,6 +214,7 @@ public function label( $text, $attr ) {
 			$aria_label = ' aria-label="' . esc_attr( $attr['aria_label'] ) . '"';
 		}
 
+		// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 		echo "<label class='" . esc_attr( $attr['class'] ) . "' for='" . esc_attr( $attr['for'] ) . "'$aria_label>$text";
 		if ( $attr['close'] ) {
 			echo '</label>';
@@ -236,6 +237,7 @@ public function legend( $text, $attr ) {
 		$attr     = wp_parse_args( $attr, $defaults );
 
 		$id = ( $attr['id'] === '' ) ? '' : ' id="' . esc_attr( $attr['id'] ) . '"';
+		// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 		echo '<legend class="yoast-form-legend ' . esc_attr( $attr['class'] ) . '"' . $id . '>' . $text . '</legend>';
 	}
 
@@ -302,6 +304,7 @@ public function checkbox_list( $variable, $labels, $attr = [] ) {
 			printf(
 				'<input class="checkbox double" id="%1$s" type="checkbox" name="%2$s" %3$s %5$s value="%4$s"/>',
 				esc_attr( $variable . '-' . $name ),
+				// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 				esc_attr( $this->option_name ) . '[' . esc_attr( $variable ) . '][' . $name . ']',
 				checked( ! empty( $values[ $name ] ), true, false ),
 				esc_attr( $name ),
@@ -400,7 +403,6 @@ public function textinput( $variable, $label, $attr = [] ) {
 			]
 		);
 
-		$has_input_error = Yoast_Input_Validation::yoast_form_control_has_error( $variable );
 		$aria_attributes = Yoast_Input_Validation::get_the_aria_invalid_attribute( $variable );
 
 		Yoast_Input_Validation::set_error_descriptions();
@@ -410,6 +412,47 @@ public function textinput( $variable, $label, $attr = [] ) {
 
 		// phpcs:ignore WordPress.Security.EscapeOutput -- Reason: $disabled_attribute output is hardcoded and all other output is properly escaped.
 		echo '<input' . $attributes . $aria_attributes . ' class="textinput ' . esc_attr( $attr['class'] ) . '" placeholder="' . esc_attr( $attr['placeholder'] ) . '" type="' . $type . '" id="', esc_attr( $variable ), '" name="', esc_attr( $this->option_name ), '[', esc_attr( $variable ), ']" value="', esc_attr( $val ), '"', $disabled_attribute, '/>', '<br class="clear" />';
+		// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Output escaped in getter.
+		echo Yoast_Input_Validation::get_the_error_description( $variable );
+	}
+
+	/**
+	 * Create a Number input field.
+	 *
+	 * @param string       $variable The variable within the option to create the text input field for.
+	 * @param string       $label    The label to show for the variable.
+	 * @param array|string $attr     Extra attributes to add to the input field. Can be class, disabled, autocomplete.
+	 */
+	public function number( $variable, $label, $attr = [] ) {
+		$type     = 'number';
+		$defaults = [
+			'placeholder' => '',
+			'class'       => 'number',
+			'disabled'    => false,
+			'min'         => 0,
+			'max'         => 100,
+		];
+		$attr     = wp_parse_args( $attr, $defaults );
+		$val      = $this->get_field_value( $variable, 0 );
+
+		$this->label(
+			$label,
+			[
+				'for'   => $variable,
+				'class' => 'textinput ' . $attr['class'],
+			]
+		);
+
+		$aria_attributes = Yoast_Input_Validation::get_the_aria_invalid_attribute( $variable );
+
+		Yoast_Input_Validation::set_error_descriptions();
+		$aria_attributes .= Yoast_Input_Validation::get_the_aria_describedby_attribute( $variable );
+
+		$disabled_attribute = $this->get_disabled_attribute( $variable, $attr );
+
+		// phpcs:ignore WordPress.Security.EscapeOutput -- Reason: $disabled_attribute output is hardcoded and all other output is properly escaped.
+		echo '<input' . $aria_attributes . ' class="' . esc_attr( $attr['class'] ) . '" type="' . $type . '" id="', esc_attr( $variable ), '" min="',esc_attr( $attr['min'] ),'" max="',esc_attr( $attr['max'] ),'" name="', esc_attr( $this->option_name ), '[', esc_attr( $variable ), ']" value="', esc_attr( $val ), '"', $disabled_attribute, '/>', '<br class="clear" />';
+		// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Output escaped in getter.
 		echo Yoast_Input_Validation::get_the_error_description( $variable );
 	}
 
@@ -597,8 +640,10 @@ public function select( $variable, $label, array $select_options, $styled = 'uns
 			$wrapper_end_tag   = '</span>';
 		}
 
+		// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 		echo $wrapper_start_tag;
 		$select->output_html();
+		// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 		echo $wrapper_end_tag;
 		echo '<br class="clear"/>';
 	}
@@ -681,14 +726,14 @@ public function media_input( $variable, $label, $attr = [] ) {
 		echo '<span>';
 			echo '<input',
 				' class="textinput"',
-				' id="wpseo_', $var_esc, '"',
+				' id="wpseo_', $var_esc, '"', // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 				' type="text" size="36"',
-				' name="', esc_attr( $this->option_name ), '[', $var_esc, ']"',
+				' name="', esc_attr( $this->option_name ), '[', $var_esc, ']"', // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 				' value="', esc_attr( $val ), '"',
 				' readonly="readonly"',
 				' /> ';
 			echo '<input',
-				' id="wpseo_', $var_esc, '_button"',
+				' id="wpseo_', $var_esc, '_button"', // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 				' class="wpseo_image_upload_button button"',
 				' type="button"',
 				' value="', esc_attr__( 'Upload Image', 'wordpress-seo' ), '"',
@@ -706,6 +751,7 @@ public function media_input( $variable, $label, $attr = [] ) {
 			echo '<input',
 				' type="hidden"',
 				' id="', esc_attr( $id_field_id ), '"',
+				// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 				' name="', esc_attr( $this->option_name ), '[', $var_esc, '_id]"',
 				' value="', esc_attr( $id_value ), '"',
 				' />';
@@ -737,6 +783,7 @@ public function radio( $variable, $values, $legend = '', $legend_attr = [], $att
 		];
 		$attr     = wp_parse_args( $attr, $defaults );
 
+		// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 		echo '<fieldset class="yoast-form-fieldset wpseo_radio_block" id="' . $var_esc . '">';
 
 		if ( is_string( $legend ) && $legend !== '' ) {
@@ -814,10 +861,12 @@ public function toggle_switch( $variable, $values, $label, $help = '', $attr = [
 		$var_esc = esc_attr( $variable );
 
 		printf( '<div class="%s">', esc_attr( 'switch-container' . $help_class ) );
+		// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 		echo '<fieldset id="', $var_esc, '" class="fieldset-switch-toggle"><legend>', $label, '</legend>', $help;
 
 		// Show disabled note if attribute does not exists or does exist and is set to true.
 		if ( ! isset( $attr['show_disabled_note'] ) || ( $attr['show_disabled_note'] === true ) ) {
+			// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 			echo $this->get_disabled_note( $variable );
 		}
 
@@ -838,6 +887,7 @@ public function toggle_switch( $variable, $values, $label, $help = '', $attr = [
 
 			// phpcs:ignore WordPress.Security.EscapeOutput -- Reason: $disabled_attribute output is hardcoded and all other output is properly escaped.
 			echo '<input type="radio" id="' . $for . '" name="' . esc_attr( $this->option_name ) . '[' . $var_esc . ']" value="' . $key_esc . '" ' . checked( $val, $key_esc, false ) . $disabled_attribute . ' />',
+			// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- output escaped before.
 			'<label for="', $for, '">', esc_html( $value ), $screen_reader_text_html, '</label>';
 		}
 

diff --git a/admin/formatter/class-metabox-formatter.php b/admin/formatter/class-metabox-formatter.php
@@ -171,6 +171,7 @@ private function get_defaults() {
 			'wincherLoginStatus'          => ( $is_wincher_active ) ? YoastSEO()->helpers->wincher->login_status() : false,
 			'wincherWebsiteId'            => WPSEO_Options::get( 'wincher_website_id', '' ),
 			'wincherAutoAddKeyphrases'    => WPSEO_Options::get( 'wincher_automatically_add_keyphrases', false ),
+			'wordproofIntegrationActive'  => YoastSEO()->helpers->wordproof->is_active() ? 1 : 0,
 
 			/**
 			 * Filter to determine whether the PreviouslyUsedKeyword assessment should run.

diff --git a/admin/metabox/class-metabox.php b/admin/metabox/class-metabox.php
@@ -204,6 +204,12 @@ public static function translate_meta_boxes() {
 			'<a href="https://googlewebmastercentral.blogspot.com/2009/12/handling-legitimate-cross-domain.html" target="_blank" rel="noopener">',
 			WPSEO_Admin_Utils::get_new_tab_message() . '</a>'
 		);
+		/* translators: %s expands to the post type name. */
+		WPSEO_Meta::$meta_fields['advanced']['wordproof_timestamp']['title']        = __( 'Timestamp this %s', 'wordpress-seo' );
+		WPSEO_Meta::$meta_fields['advanced']['wordproof_timestamp']['description']  = __( 'Use WordProof to timestamp this page to comply with legal regulations and join the fight for a more transparant and accountable internet.', 'wordpress-seo' );
+		WPSEO_Meta::$meta_fields['advanced']['wordproof_timestamp']['options']['0'] = __( 'Off', 'wordpress-seo' );
+		WPSEO_Meta::$meta_fields['advanced']['wordproof_timestamp']['options']['1'] = __( 'On', 'wordpress-seo' );
+		WPSEO_Meta::$meta_fields['advanced']['wordproof_timestamp']['type']         = 'hidden';
 
 		WPSEO_Meta::$meta_fields['advanced']['redirect']['title']       = __( '301 Redirect', 'wordpress-seo' );
 		WPSEO_Meta::$meta_fields['advanced']['redirect']['description'] = __( 'The URL that this page should redirect to.', 'wordpress-seo' );

diff --git a/admin/tracking/class-tracking-settings-data.php b/admin/tracking/class-tracking-settings-data.php
@@ -175,6 +175,7 @@ class WPSEO_Tracking_Settings_Data implements WPSEO_Collection {
 		'zapier_api_key',
 		'enable_metabox_insights',
 		'enable_link_suggestions',
+		'enable_index_now',
 		'workouts',
 		'wincher_integration_active',
 		'wincher_tokens',
@@ -200,6 +201,14 @@ class WPSEO_Tracking_Settings_Data implements WPSEO_Collection {
 		'remove_emoji_scripts',
 		'remove_powered_by_header',
 		'remove_pingback_header',
+		'clean_campaign_tracking_urls',
+		'clean_permalinks',
+		'clean_permalinks_extra_variables',
+		'search_cleanup',
+		'search_cleanup_emoji',
+		'search_cleanup_patterns',
+		'search_character_limit',
+		'wordproof_integration_active',
 	];
 
 	/**

diff --git a/admin/views/class-yoast-feature-toggles.php b/admin/views/class-yoast-feature-toggles.php
@@ -181,6 +181,16 @@ protected function load_toggles() {
 				'read_more_url'   => 'https://yoa.st/help-slack-share',
 				'order'           => 105,
 			],
+			(object) [
+				'name'            => __( 'IndexNow', 'wordpress-seo' ),
+				'premium'         => true,
+				'setting'         => 'enable_index_now',
+				'label'           => __( 'Automatically ping search engines like Bing and Yandex whenever you publish, update or delete a post.', 'wordpress-seo' ),
+				'read_more_label' => __( 'Find out how IndexNow can help your site.', 'wordpress-seo' ),
+				'read_more_url'   => 'https://yoa.st/index-now-read-more',
+				'premium_url'     => 'https://yoa.st/index-now-feature',
+				'order'           => 110,
+			],
 		];
 
 		/**

diff --git a/apps/content-analysis/src/utils/runKeyphraseAnalysis.js b/apps/content-analysis/src/utils/runKeyphraseAnalysis.js
@@ -9,7 +9,7 @@ import metaDescriptionKeyword from "../../../../packages/yoastseo/src/languagePr
 import matchKeywordInSubheadings from "../../../../packages/yoastseo/src/languageProcessing/researches/matchKeywordInSubheadings.js";
 import imageCount from "../../../../packages/yoastseo/src/languageProcessing/researches/imageCount.js";
 import altTagCount from "../../../../packages/yoastseo/src/languageProcessing/researches/altTagCount.js";
-import findKeywordInPageTitle from "../../../../packages/yoastseo/src/languageProcessing/researches/findKeywordInPageTitle.js";
+import findKeyphraseInSEOTitle from "../../../../packages/yoastseo/src/languageProcessing/researches/findKeyphraseInSEOTitle.js";
 import keywordCountInSlug from "yoastseo/src/languageProcessing/researches/keywordCountInUrl";
 import keyphraseDistribution from "../../../../packages/yoastseo/src/languageProcessing/researches/keyphraseDistribution";
 
@@ -35,7 +35,7 @@ export default function( testPaper, morphologyData ) {
 	matchKeywordInSubheadings( paper, researcher );
 	imageCount( paper );
 	altTagCount( paper, researcher );
-	findKeywordInPageTitle( paper, researcher );
+	findKeyphraseInSEOTitle( paper, researcher );
 	keywordCountInSlug( paper, researcher );
 	keyphraseDistribution( paper, researcher );
 }