Privacy Chat Agenda – August 8th

This is the agenda for the weekly Privacy component meeting on August 8, 2018 at 15:00 UTC.

  • Ticket discussions (#43994, #44133, #44621)
  • New component maintainers
  • Component marketing
  • V2 Roadmap Discussion
  • Open floor

Join us in the #core-privacy room in the WordPress Core Slack at 15:00 UTC!

Dev Chat Summary & Call for Release Lead Nominations: August 01, 2018 (4.9.8 week 5)

This post summarizes the weekly dev chat meeting held Wednesday, July 18, 2018 (agenda | Slack archive).

4.9.8 Release

4.9.9 Road Map

  • Rumors of a v. quick release (like next week) for 4.9.9 were squashed. 
  • There are currently 46 tickets assigned to this milestone.
  • See the “Call for Release Leads” section below.

Focus Lead and Component Maintainer Updates

Recap posts within a recap post. Woah.

General Announcements

Devchat Coordination Reminder

@jeffpaul returns next week, thus ending the mighty reign of temporary dev chat leads @joemcgill, @audrasjb, @antpb et moi. Please tell him how truly fantastic we were in his absence.

Next Meeting

The next meeting will take place on Wednesday, August 08, at 20:00 UTC in the #core Slack channel. Please drop in with any updates or questions. If you have items to discuss, drop a comment on next week’s agenda post, so we can take them into account. 

(You can add them as a comment here, too, but they might get lost in the flurry of release lead noms.)

Call for Release Lead Nominations

Here we go. It’s time to nominate leads for 4.9.9.

  • Post a comment on this recap to be considered. 
  • You do not have to be an engineer to be nominated.
  • Self-nominations are welcome.
  • Ready? GO!


WordPress 4.9.8

WordPress 4.9.8 is now available. This maintenance release fixes 46 bugs.

Download WordPress 4.9.8 or visit Dashboard → Updates and click “Update Now”. Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.8:

1naveengiri, Aaron D. Campbell, Aaron Jorbin, Abdullah Ramzan, alejandroxlopez, Allen Snook, Andrea Fercia, Andrew Ozz, Andrew Taylor, Arun, Ayesh Karunaratne, Birgir Erlendsson (birgire), Birgit Pauli-Haack, BjornW, Boone Gorges, Brandon Kraft, Burhan Nasir, Chetan Prajapati, Chris Lema, Corey McKrill, Daniel Bachhuber, Daniel James, David Herrera, Dion Hulse, Dominik Schilling (ocean90), dontstealmyfish, dyrer, Felipe Elia, Felix Arntz, Fernando Claussen, Gareth, Garrett Hyder, Gary Pendergast, Gennady Kovshenin, GM_Alex, Heather Burns, Ian Dunn, ibelanger, imath, Jb Audras, Jeremy Pry, JJJ, Joe McGill, Joen Asmussen, John Blackbourn, Jonathan Desrosiers, Jonny Harris, Josepha, JoshuaWold, Joy, jrf, K. Adam White, khaihong, kjellr, Konstantinos Xenos, laurelfulford, lbenicio, Leander Iversen, leemon, macbookandrew, Marius L. J., Matias Ventura, Mel Choyce, mensmaximus, mermel, metalandcoffee, michelleweber, Milan Dinić, Muhammad Kashif, Naoko Takano, Nathan Johnson, Ov3rfly, palmiak, Paul Biron, Prashant Baldha, PressTigers, programmin, Rafsun Chowdhury, redcastor, Robin Cornett, Sergey Biryukov, Simon Prosser, skoldin, spyderbytes, Subrata Sarkar, Sébastien SERRE, Tammie Lister, tharsheblows, Thomas Patrick Levy, timbowesohft, Timothy Jacobs, Tobias Zimpel, Tor-Bjorn Fjellner, Towhidul Islam, Usman Khalid, warmlaundry, William Earnhardt, Yui, and YuriV.

Primary Focuses

The primary focuses of 4.9.8 are:

  • Introduce “Try Gutenberg” callout
  • Privacy fixes/enhancements

Introduce “Try Gutenberg” callout

Most users will now be presented with a notice in their WordPress dashboard. This “Try Gutenberg” is an opportunity for users to use the Gutenberg block editor before it is released in WordPress 5.0.

You can learn more by reading the “Try Gutenberg” Callout in WordPress 4.9.8 post.  It contains information about the callout, including which users will, by default, be shown the callout and the hooks it provides for site administrators to modify that default behavior.

Privacy fixes/enhancements

This release includes 18 Privacy fixes focused on ensuring consistency and flexibility in the new personal data tools that were added in 4.9.6, including:

  • The type of request being confirmed is now included in the subject line for all privacy confirmation emails.
  • Improved consistency with site name being used for privacy emails in multisite.
  • Pagination for Privacy request admin screens can now be adjusted.
  • Increased the test coverage for several core privacy functions.

In addition to the primary focuses another notable change in 4.9.8 is that developers can now register meta keys for object subtypes:

With WordPress 4.9.8, the register_meta() function supports registration of metadata not only for an entire object type (posts, terms, comments, users), but also for a specific object subtype (such as a specific post type or taxonomy).

4.9.8 Changes

See the full list of closed tickets in Trac.


  • #44611 – try Gutenberg header wraps over text below on narrow screens
  • #44627 – minor tweaks to Try Gutenberg callout formatting

Bundled Theme

  • #44109 – TwentySeventeen backend editor: level 2 bulleted lists nested under numbered lists show numbers instead of bullets
  • #44646 – Bundled Themes: Bump version number and update changelog in Twenty Seventeen for 4.9.8 release


  • #44126 – Adding fields to comments_form args prevents checkbox displaying
  • #44141 – Privacy: Don’t replace comment author URL and email with anything
  • #44342 – Commenter cookie consent message should not be displayed if the cookie action isn’t hooked


  • #44627 – minor tweaks to Try Gutenberg callout formatting


  • #41316 – Introduce “Try Gutenberg” callout
  • #44341 – Replace _deprecated_function( ‘add_filter’ ) with apply_filters_deprecated()
  • #44680 – Restrict the Try Gutenberg callout audience


  • #44339 – minor tweaks to Try Gutenberg callout formatting

Filesystem API

  • #43054 – wp_is_stream fails with stream definition containing nonascii chars


  • #44139 – i18n: “About” disambiguation
  • #44574 – Saratov and other cities missing from translations

Login and Registration

  • #44052 – Missing parameter type for `login_header()`


  • #44532 – Extreme memory leak related to wp_is_stream in wp-includes/functions.php in WordPress 4.9.7
  • #43751 – REST API: Attachments controller should respect “Max upload file size” and “Site upload space” in multisite

Options, Meta APIs

  • #38323 – Reconsider $object_subtype handling in `register_meta()`

Posts, Post Types

  • #36085 – Add action hook to get_inline_data()


  • #44006 – Privacy Policy page should have suffix like other special pages
  • #44025 – Privacy: Pagination screen options for the requests list tables
  • #44099 – Add Request Type into Admin Email Subject for GDPR
  • #44100 – GDPR Privacy Page setting allows for Draft Pages
  • #44130 – Mixed Case of Privacy Policy on Privacy Settings page
  • #44131 – If draft page selected for Privacy Policy page should verbiage change from view to preview
  • #44181 – The input field id username_or_email_to_export should be something else on remove_personal_data page
  • #44192 – Title of Privacy Policy Page not used on login page
  • #44195 – “Silence is golden” index.html generates output
  • #44265 – Add filter for email subject for erasure complete notification
  • #44353 – Replace `site_url( ‘wp-login.php’ )` in `wp_send_user_request()`
  • #44373 – Add a privacy setting to disable comment cookie consent
  • #44379 – GDPR filters should provide either $request or $request_id
  • #44382 – Filter the subject within _wp_privacy_send_request_confirmation_notification
  • #44396 – Inconsistent use of blogname and sitename in Privacy emails
  • #44612 – Grammar – Missing ‘a’ in ‘select new Privacy Policy page’
  • #43967 – Admin emails after email confirmation don’t work for data privacy requests
  • #44590 – Remove “// WPCS:” comments


  • #40861 – REST API saves attachments with absolute path for `_wp_attached_file` on Windows platforms
  • #43874 – REST API: Only render fields specific to request when _fields= is used
  • #44321 – REST API: Expose revision count and last revision ID on Post response


  • #44287 – REST API: Declare user capability to perform actions using JSON Hyper Schema `targetSchema`


  • #42691 – WP_Term_Query get_terms generates invalid sql queries
  • #44096 – REST API: Taxonomy and term endpoints should use correct permission checks


  • #44134 – Update to TinyMCE 4.7.13
    • See the TinyMCE changelog.  WordPress 4.9.6 included TinyMCE 4.7.11, WordPress 4.9.8 updated to TinyMCE 4.8.0, despite the title of this ticket.
  • #44330 – TinyMCE: do not force-load external TinyMCE plugins

Change Log



source file: wp-admin/includes/user.php

source file: wp-admin/includes/misc.php

source file: wp-includes/meta.php

source file: wp-includes/post.php

source file: wp-includes/taxonomy.php

source file: wp-includes/post.php

source file: wp-includes/taxonomy.php

source file: wp-admin/includes/ajax-actions.php

source file: wp-admin/includes/dashboard.php


source file: wp-admin/includes/template.php

source file: wp-includes/capabilities.php

source file: wp-includes/meta.php

source file: wp-includes/meta.php

source file: wp-admin/includes/dashboard.php

source file: wp-admin/index.php

source file: wp-includes/user.php

source file: wp-includes/user.php


source file: wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php

source file: wp-includes/rest-api/fields/class-wp-rest-comment-meta-fields.php

source file: wp-includes/rest-api/fields/class-wp-rest-meta-fields.php

source file: wp-includes/rest-api/fields/class-wp-rest-post-meta-fields.php

source file: wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

source file: wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

source file: wp-includes/rest-api/fields/class-wp-rest-term-meta-fields.php

source file: wp-includes/rest-api/fields/class-wp-rest-user-meta-fields.php

source file: wp-includes/class-wp-term-query.php



modification: The $object_subtype parameter was added.
source file: wp-includes/meta.php

modification: The $object_subtype argument was added to the arguments array.
source file: wp-includes/meta.php

modification: The $object_subtype parameter was added.
source file: wp-includes/meta.php

modification: The $object_subtype parameter was added.
source file: wp-includes/meta.php

modification: The $object_subtype parameter was added.
source file: wp-includes/meta.php



alternative: Use auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype} instead.
source file: wp-includes/capabilities.php

#4-9-8, #release

“Try Gutenberg” Callout in WordPress 4.9.8

WordPress 4.9.8 will contain the “Try Gutenberg” callout, encouraging site owners to install the Gutenberg plugin, to test how their existing content and plugins works with the block editor. It also presents the option of installing the Classic Editor plugin, should they feel that they need more time to prepare for switching over to the block editor.

Screenshot of the “Try Gutenberg” callout in place on the Dashboard.

In WordPress 4.9.8, the callout will be shown to the following users:

  • If Gutenberg is not installed or activated, the callout will be shown to Admin users on single sites, and Super Admin users on multisites. (Based on the install_plugins capability.)
  • If Gutenberg is installed and activated, the callout will be shown to Contributor users and above. (Based on the edit_posts capability.)
  • If the Classic Editor plugin is installed and activated, the callout will be hidden for all users.

Actions and Filters

The callout is attached to the try_gutenberg_panel action. If you would like to remove it on sites that you administer, you can do so with this snippet:

remove_action( 'try_gutenberg_panel', 'wp_try_gutenberg_panel' );

The “Learn more about Gutenberg” link currently directs to (or your localised version). However, particularly for hosts, you may have special instructions for your customers to install Gutenberg. In that case, the try_gutenberg_learn_more_link filter allows you to change this link, like so:

function my_host_learn_more_link( $link ) {
    return '<a href="">Learn more about Gutenberg at My Host</a>';

add_filter( 'try_gutenberg_learn_more_link', 'my_host_learn_more_link' ); 

4.9.8 Schedule Changes

Due to late changes in who the "Try Gutenberg" callout should be shown to (see #44680), it was decided to release 4.9.8 third release candidate yesterday, the originally scheduled date for final release.

The feedback from many in the community about that aspect of the callout has been very much appreciated!

The 4.9.8 final release will now begin:

Please continue to test the 4.9.8 third release candidate.

#4-9-8, #release

Dev Chat Agenda: August 1st (4.9.8 week 5)

This is the agenda for the weekly devchat meeting on August 1, 2018 at 20:00 UTC.

  • 4.9.8 update from release leads:
  • 4.9.9 roadmap
  • Updates from focus leads and component maintainers.
  • General announcements.

If you have anything to propose to add to the agenda or specific items related to the above, please leave a comment below. See you there!

WordPress 4.9.8 Release Candidate 3

The third release candidate package for 4.9.8 has been released and is now available for testing. Please help test the release candidate version to ensure the version works as expected.

This package contains 1 enhancement since the second release candidate. This brings the total number of bug fixes in 4.9.8 to 28, enhancements to 14 and blessed tasks to 3.



  • #44680 – Restrict the Try Gutenberg callout audience

Change Log

The change log in this release is the same as that in release candidate 1.

#4-9-8, #release

Javascript Chat Summary – July 31th

Below is a summary of the discussion from this week’s JavaScript chat (agenda, Slack transcript).

Have a topic for discussion for the next meeting? Leave a suggested edit on next week’s agenda.

Agenda Item: Coding standards

Slack Conversation

We recapitulated the modifications to the JavaScript coding standards we agreed on during the previous meeting:

  • Remove: Whitespace exceptions for object and array literal member access.
  • Remove: Enforcement of Yoda conditional.
  • Remove: Strict equality exception for “== null”.
  • Change: New standard for multi-line conditions
    • If the condition is short enough to fit in a line, just use a single line.
    • If not, one condition per line separated from the opening/closing parenthesis.
    • The operator position at the end.
  • New: ES2015: Prefer “const” variable assignment, then “let”, never “var”.
  • New: Adopt Gutenberg camel-case clarifications.
  • New: Adopt dangling comma enforcement.
  • No change: Multi-line comments.
  • Provide presets for ES5-only and ESnext code.

While we agreed last week on multiline/single line comments separation, it was argued that:

  • Converting comment styles is not easy (moving from single to multiline as we type).
  • // comments are easier to deal with when debugging.
  • All IDEs don’t allow configuring this rule (multi/single line comment difference).

We agreed on the following rules for comments: 

  • /** is to be used for JSDoc.
  • /* is to be used for intra-line comments.
  • // is to be used in all other instances.

Actionable items

  1. Compile a formal proposal for all the JavaScript Coding Standard changes into a Make/Core post. @aduth
  2. Update the ESlint Preset package Pull Request in Gutenberg: @aduth @gziolo

Agenda Item: Source Maps

Slack Conversation

While we splitted Gutenberg Code Base into reusable packages, we updated our build scripts to rely on “transpired” code in our application code which means it’s harder to debug because browsers don’t have the source maps correctly mapped to the original source files.

Potential solutions discussed

  • Use untranspiled code when building Gutenberg itself (cons: we should be the first consumers of our packages).
  • Source maps per package used by webpack to generate other source maps.

Actionable items

The best solution is not clear yet, we’re going to do some exploration to see what’s the best path forward. @youknowriad @gziolo

Open floor


Some new packages are ready to be released and should be published to npm soon. We still need to figure out the best option to support 2FA when publishing a big number of packages at the same time.


How to lazy-load WP scripts/styles given their handle names? /wp-admin/load-scripts.php  and /wp-admin/load-styles.php only work for WordPress default scripts/styles and don’t support dependencies discovery? There’s no alternative at the moment, work must be done to add these features or propose an alternative endpoint for that.

What’s new in Gutenberg? (30th July)

Today’s release is timed to coincide with the upcoming WordPress 4.9.8 release, and includes a multitude of improvements when converting existing content to blocks.

3.4 🎟

Deprecations removed with this version.

PHP Meeting Recap – July 30th

This recap is a summary of our previous PHP meeting. It highlights the ideas and decisions which came up during that meeting, both as a means of documenting and to provide a quick overview for those who were unable to attend.

You can find this meeting’s chat log here.

Chat Summary

  • It was discussed which types of errors and exceptions to handle in scope of the sandbox mode (see #44458).
  • @schlessera presented a document in which he had prepared comprehensive resources and his suggestions for what to handle.
  • The approach was mostly agreed on, with the addition that the E_USER_ERROR type should also be covered, since many plugins make use of it, some of which are among the most popular ones.
  • The following PHP errors should be treated:
    • E_PARSE
    • E_ERROR
  • Regarding exceptions, only the base Exception and the PHP7 Error exception classes need to be treated, basically as a catch-all.
  • It is not necessary to wrap the try-catch statement catching Error into a PHP7 version check clause, since catch statements do not trigger autoloading since PHP 5.1, so there won’t be an issue on PHP versions below 7.
  • The following exceptions should be caught:
    • Exception
    • Error
  • Something to consider and test with the implementation is whether the shutdown handler plays well with other shutdown handlers possibly registered by plugins.
  • In addition to implementing treatment of the above errors and exceptions, an important item is how to handle multiple broken plugins: In the latest patch, when an error is detected and the plugin is paused, the next request might simply do the same thing if another plugin causes a problem. In case many plugins are affected, this presents a significant UX issue.
  • Therefore a mechanism is needed that detects multiple issues in one go without requiring further user interaction. Redirects and/or AJAX requests are ideas that could be used to accomplish that. @schlessera is going to continue working on that.
  • Due to the project becoming increasingly big, it was decided to proceed work through a pull request against a WordPress fork, to have a better overview of the incremental code changes. GitHub should only be used for the implementation while discussion can stay on Trac. A pull request has been opened for that purpose to which the latest patch has been ported over. Note: In order to test the code, it is only necessary to append a .diff extension to the PR.

Next week’s meeting

  • Next meeting will take place on Monday, August 6th, 2018 at 15:00 UTC in #core-php.
  • Agenda: Continue discussion on avoiding WSODs in PHP.
  • If you have suggestions about this but cannot make the meeting, please leave a comment on this post so that we can take them into account.