Tag 3.7.35

Built from https://develop.svn.wordpress.org/tags/3.7.35@49445


git-svn-id: http://core.svn.wordpress.org/tags/3.7.35@49204 1a063a9b-81f0-0310-95a4-ce76da25c4cd

license.txt

@@ -1,6 +1,6 @@
 WordPress - Web publishing software
 
-Copyright 2017 by the contributors
+Copyright 2018 by the contributors
 
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

readme.html

@@ -8,7 +8,6 @@
 <body>
 <h1 id="logo">
 	<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
-	<br /> Version 3.7.20
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 

wp-activate.php

@@ -18,6 +18,50 @@ if ( !is_multisite() ) {
 	die();
 }
 
+$valid_error_codes = array( 'already_active', 'blog_taken' );
+
+list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
+$activate_cookie = 'wp-activate-' . COOKIEHASH;
+
+$key    = '';
+$result = null;
+
+if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) {
+	wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 );
+} elseif ( ! empty( $_GET['key'] ) ) {
+	$key = $_GET['key'];
+} elseif ( ! empty( $_POST['key'] ) ) {
+	$key = $_POST['key'];
+}
+
+if ( $key ) {
+	$redirect_url = remove_query_arg( 'key' );
+
+	if ( $redirect_url !== remove_query_arg( false ) ) {
+		setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
+		wp_safe_redirect( $redirect_url );
+		exit;
+	} else {
+		$result = wpmu_activate_signup( $key );
+	}
+}
+
+if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) {
+	$key    = $_COOKIE[ $activate_cookie ];
+	$result = wpmu_activate_signup( $key );
+	setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
+}
+
+if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
+	status_header( 404 );
+} elseif ( is_wp_error( $result ) ) {
+	$error_code = $result->get_error_code();
+
+	if ( ! in_array( $error_code, $valid_error_codes ) ) {
+		status_header( 400 );
+	}
+}
+
 if ( is_object( $wp_object_cache ) )
 	$wp_object_cache->cache_enabled = false;
 
@@ -63,12 +107,13 @@ function wpmu_activate_stylesheet() {
 	<?php
 }
 add_action( 'wp_head', 'wpmu_activate_stylesheet' );
+add_action( 'wp_head', 'wp_sensitive_page_meta' );
 
 get_header();
 ?>
 
 <div id="content" class="widecolumn">
-	<?php if ( empty($_GET['key']) && empty($_POST['key']) ) { ?>
+	<?php if ( ! $key ) { ?>
 
 		<h2><?php _e('Activation Key Required') ?></h2>
 		<form name="activateform" id="activateform" method="post" action="<?php echo network_site_url('wp-activate.php'); ?>">
@@ -82,28 +127,25 @@ get_header();
 		</form>
 
 	<?php } else {
-
-		$key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
-		$result = wpmu_activate_signup($key);
-		if ( is_wp_error($result) ) {
-			if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
-			    $signup = $result->get_error_data();
-				?>
-				<h2><?php _e('Your account is now active!'); ?></h2>
-				<?php
-				echo '<p class="lead-in">';
-				if ( $signup->domain . $signup->path == '' ) {
-					printf( __('Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.'), network_site_url( 'wp-login.php', 'login' ), $signup->user_login, $signup->user_email, wp_lostpassword_url() );
-				} else {
-					printf( __('Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.'), 'http://' . $signup->domain, $signup->domain, $signup->user_login, $signup->user_email, wp_lostpassword_url() );
-				}
-				echo '</p>';
+		if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) {
+			$signup = $result->get_error_data();
+			?>
+			<h2><?php _e('Your account is now active!'); ?></h2>
+			<?php
+			echo '<p class="lead-in">';
+			if ( $signup->domain . $signup->path == '' ) {
+				printf( __('Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.'), network_site_url( 'wp-login.php', 'login' ), $signup->user_login, $signup->user_email, wp_lostpassword_url() );
 			} else {
-				?>
-				<h2><?php _e('An error occurred during the activation'); ?></h2>
-				<?php
-			    echo '<p>'.$result->get_error_message().'</p>';
+				printf( __('Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.'), 'http://' . $signup->domain, $signup->domain, $signup->user_login, $signup->user_email, wp_lostpassword_url() );
 			}
+			echo '</p>';
+		} elseif ( $result === null || is_wp_error( $result ) ) {
+			?>
+			<h2><?php _e('An error occurred during the activation'); ?></h2>
+			<?php if ( is_wp_error( $result ) ) {
+				echo '<p>' . $result->get_error_message() . '</p>';
+			} ?>
+			<?php
 		} else {
 			extract($result);
 			$url = get_blogaddress_by_id( (int) $blog_id);

wp-admin/about.php

@@ -36,7 +36,184 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 </h2>
 
 <div class="changelog point-releases">
-	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 20 ); ?></h3>
+	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 35 ); ?></h3>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed some security issues.' ),
+			'3.7.35'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '3.7.35' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed some security issues.' ),
+			'3.7.34'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '3.7.34' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed some security issues.' ),
+			'3.7.33'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '3.7.33' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed one security issue.' ),
+			'3.7.32'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '3.7.32' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed some security issues.' ),
+			'3.7.31'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '3.7.31' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed some security issues.' ),
+			'3.7.30'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '3.7.30' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed a security issue.' ),
+			'3.7.29'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '3.7.29' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		/* translators: %s: WordPress version number */
+		printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '3.7.28' );
+		?>
+		<?php
+		/* translators: %s: Codex URL */
+		printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.28' );
+		?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 1 ), '3.7.27' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.27' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 2 ), '3.7.26' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.26' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 1 ), '3.7.25' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.25' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 4 ), '3.7.24' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.24' ); ?>
+	</p>
+	<p><?php printf( __( '<strong>Version %s</strong> addressed one security issue.' ), '3.7.23' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.23' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 7 ), '3.7.22' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.22' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 5 ), '3.7.21' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.21' ); ?>
+	</p>
 	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
 			'<strong>Version %1$s</strong> addressed %2$s bugs.', 1 ), '3.7.20', number_format_i18n( 1 ) ); ?>
 		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.20' ); ?>

wp-admin/admin-ajax.php

@@ -32,7 +32,7 @@ require_once( ABSPATH . 'wp-admin/includes/admin.php' );
 /** Load Ajax Handlers for WordPress Core */
 require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
 
-@header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
+@header( 'Content-Type: text/plain; charset=' . get_option( 'blog_charset' ) );
 @header( 'X-Robots-Tag: noindex' );
 
 send_nosniff_header();

wp-admin/admin-header.php

@@ -57,13 +57,13 @@ wp_enqueue_script('utils');
 $admin_body_class = preg_replace('/[^a-z0-9_-]+/i', '-', $hook_suffix);
 ?>
 <script type="text/javascript">
-addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
-var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>',
-	pagenow = '<?php echo $current_screen->id; ?>',
-	typenow = '<?php echo $current_screen->post_type; ?>',
-	adminpage = '<?php echo $admin_body_class; ?>',
-	thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',
-	decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',
+addLoadEvent = function(func){if(typeof jQuery!=='undefined')jQuery(document).ready(func);else if(typeof wpOnload!=='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
+var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',
+	pagenow = '<?php echo esc_js( $current_screen->id ); ?>',
+	typenow = '<?php echo esc_js( $current_screen->post_type ); ?>',
+	adminpage = '<?php echo esc_js( $admin_body_class ); ?>',
+	thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>',
+	decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>',
 	isRtl = <?php echo (int) is_rtl(); ?>;
 </script>
 <?php

wp-admin/custom-background.php

@@ -410,6 +410,7 @@ if ( current_theme_supports( 'custom-background', 'default-color' ) )
 	}
 
 	public function wp_set_background_image() {
+		check_ajax_referer( 'custom-background' );
 		if ( ! current_user_can('edit_theme_options') || ! isset( $_POST['attachment_id'] ) ) exit;
 		$attachment_id = absint($_POST['attachment_id']);
 		/** This filter is documented in wp-admin/includes/media.php */

wp-admin/custom-header.php

@@ -320,7 +320,7 @@ class Custom_Image_Header {
 <script type="text/javascript">
 /* <![CDATA[ */
 (function($){
-	var default_color = '#<?php echo get_theme_support( 'custom-header', 'default-text-color' ); ?>',
+	var default_color = '#<?php echo esc_js( get_theme_support( 'custom-header', 'default-text-color' ) ); ?>',
 		header_text_fields;
 
 	function pickColor(color) {

wp-admin/includes/ajax-actions.php

@@ -794,6 +794,8 @@ function wp_ajax_replyto_comment( $action ) {
 			if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
 				kses_remove_filters(); // start with a clean slate
 				kses_init_filters(); // set up the filters
+				remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+				add_filter( 'pre_comment_content', 'wp_filter_kses' );
 			}
 		}
 	} else {
@@ -1659,7 +1661,11 @@ function wp_ajax_upload_attachment() {
 		$post_id = null;
 	}
 
-	$post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
+	$post_data = ! empty( $_REQUEST['post_data'] ) ? _wp_get_allowed_postdata( _wp_translate_postdata( false, (array) $_REQUEST['post_data'] ) ) : array();
+
+	if ( is_wp_error( $post_data ) ) {
+		wp_die( $post_data->get_error_message() );
+	}
 
 	// If the context is custom header or background, make sure the uploaded file is an image.
 	if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
@@ -1669,7 +1675,7 @@ function wp_ajax_upload_attachment() {
 				'success' => false,
 				'data'    => array(
 					'message'  => __( 'The uploaded file is not a valid image. Please try again.' ),
-					'filename' => $_FILES['async-upload']['name'],
+					'filename' => esc_html( $_FILES['async-upload']['name'] ),
 				)
 			) );
 
@@ -1684,7 +1690,7 @@ function wp_ajax_upload_attachment() {
 			'success' => false,
 			'data'    => array(
 				'message'  => $attachment_id->get_error_message(),
-				'filename' => $_FILES['async-upload']['name'],
+				'filename' => esc_html( $_FILES['async-upload']['name'] ),
 			)
 		) );
 

wp-admin/includes/class-wp-plugins-list-table.php

@@ -339,26 +339,26 @@ class WP_Plugins_List_Table extends WP_List_Table {
 			if ( $screen->in_admin( 'network' ) ) {
 				if ( $is_active ) {
 					if ( current_user_can( 'manage_network_plugins' ) )
-						$actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Network Deactivate') . '</a>';
+						$actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&amp;plugin=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Network Deactivate') . '</a>';
 				} else {
 					if ( current_user_can( 'manage_network_plugins' ) )
-						$actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin for all sites in this network') . '" class="edit">' . __('Network Activate') . '</a>';
+						$actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin for all sites in this network') . '" class="edit">' . __('Network Activate') . '</a>';
 					if ( current_user_can( 'delete_plugins' ) && ! is_plugin_active( $plugin_file ) )
-						$actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&amp;checked[]=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>';
+						$actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&amp;checked[]=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>';
 				}
 			} else {
 				if ( $is_active ) {
-					$actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Deactivate') . '</a>';
+					$actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&amp;plugin=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Deactivate') . '</a>';
 				} else {
-					$actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" class="edit">' . __('Activate') . '</a>';
+					$actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" class="edit">' . __('Activate') . '</a>';
 
 					if ( ! is_multisite() && current_user_can('delete_plugins') )
-						$actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&amp;checked[]=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>';
+						$actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&amp;checked[]=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>';
 				} // end if $is_active
 			 } // end if $screen->in_admin( 'network' )
 
 			if ( ( ! is_multisite() || $screen->in_admin( 'network' ) ) && current_user_can('edit_plugins') && is_writable(WP_PLUGIN_DIR . '/' . $plugin_file) )
-				$actions['edit'] = '<a href="plugin-editor.php?file=' . $plugin_file . '" title="' . esc_attr__('Open this file in the Plugin Editor') . '" class="edit">' . __('Edit') . '</a>';
+				$actions['edit'] = '<a href="plugin-editor.php?file=' . urlencode( $plugin_file ) . '" title="' . esc_attr__('Open this file in the Plugin Editor') . '" class="edit">' . __('Edit') . '</a>';
 		} // end if $context
 
 		$prefix = $screen->in_admin( 'network' ) ? 'network_admin_' : '';

wp-admin/includes/file.php

@@ -609,6 +609,10 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) {
 		if ( '__MACOSX/' === substr($info['name'], 0, 9) ) // Skip the OS X-created __MACOSX directory
 			continue;
 
+		if ( 0 !== validate_file( $info['name'] ) ) {
+			return new WP_Error( 'invalid_file_ziparchive', __( 'Could not extract file from archive.' ), $info['name'] );
+		}
+
 		$uncompressed_size += $info['size'];
 
 		if ( '/' == substr($info['name'], -1) ) // directory
@@ -762,6 +766,10 @@ function _unzip_file_pclzip($file, $to, $needed_dirs = array()) {
 		if ( '__MACOSX/' === substr($file['filename'], 0, 9) ) // Don't extract the OS X-created __MACOSX directory files
 			continue;
 
+		if ( 0 !== validate_file( $file['filename'] ) ) {
+			return new WP_Error( 'invalid_file_pclzip', __( 'Could not extract file from archive.' ), $file['filename'] );
+		}
+
 		if ( ! $wp_filesystem->put_contents( $to . $file['filename'], $file['content'], FS_CHMOD_FILE) )
 			return new WP_Error( 'copy_failed_pclzip', __( 'Could not copy file.' ), $file['filename'] );
 	}
@@ -950,14 +958,28 @@ function request_filesystem_credentials($form_post, $type = '', $error = false,
 
 	$credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => ''));
 
+	$submitted_form = wp_unslash( $_POST );
+
+	// Verify nonce, or unset submitted form field values on failure
+	if ( ! isset( $_POST['_fs_nonce'] ) || ! wp_verify_nonce( $_POST['_fs_nonce'], 'filesystem-credentials' ) ) {
+		unset(
+			$submitted_form['hostname'],
+			$submitted_form['username'],
+			$submitted_form['password'],
+			$submitted_form['public_key'],
+			$submitted_form['private_key'],
+			$submitted_form['connection_type']
+		);
+	}
+
 	// If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
-	$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']);
-	$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']);
-	$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : '');
+	$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($submitted_form['hostname']) ? $submitted_form['hostname'] : $credentials['hostname']);
+	$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($submitted_form['username']) ? $submitted_form['username'] : $credentials['username']);
+	$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($submitted_form['password']) ? $submitted_form['password'] : '');
 
 	// Check to see if we are setting the public/private keys for ssh
-	$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : '');
-	$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : '');
+	$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($submitted_form['public_key']) ? $submitted_form['public_key'] : '');
+	$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($submitted_form['private_key']) ? $submitted_form['private_key'] : '');
 
 	//sanitize the hostname, Some people might pass in odd-data:
 	$credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off
@@ -974,8 +996,8 @@ function request_filesystem_credentials($form_post, $type = '', $error = false,
 		$credentials['connection_type'] = 'ssh';
 	else if ( (defined('FTP_SSL') && FTP_SSL) && 'ftpext' == $type ) //Only the FTP Extension understands SSL
 		$credentials['connection_type'] = 'ftps';
-	else if ( !empty($_POST['connection_type']) )
-		$credentials['connection_type'] = wp_unslash( $_POST['connection_type'] );
+	else if ( !empty($submitted_form['connection_type']) )
+		$credentials['connection_type'] = $submitted_form['connection_type'];
 	else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP
 		$credentials['connection_type'] = 'ftp';
 
@@ -1099,11 +1121,14 @@ jQuery(function($){
 
 <?php
 foreach ( (array) $extra_fields as $field ) {
-	if ( isset( $_POST[ $field ] ) )
-		echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( wp_unslash( $_POST[ $field ] ) ) . '" />';
+	if ( isset( $submitted_form[ $field ] ) )
+		echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( $submitted_form[ $field ] ) . '" />';
 }
-submit_button( __( 'Proceed' ), 'button', 'upgrade' );
 ?>
+	<p class="request-filesystem-credentials-action-buttons">
+		<?php wp_nonce_field( 'filesystem-credentials', '_fs_nonce', false, true ); ?>
+		<?php submit_button( __( 'Proceed' ), 'button', 'upgrade', false ); ?>
+	</p>
 </div>
 </form>
 <?php

wp-admin/includes/media.php

@@ -392,7 +392,7 @@ wp_enqueue_style( 'ie' );
 <script type="text/javascript">
 //<![CDATA[
 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
-var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',
+var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',
 isRtl = <?php echo (int) is_rtl(); ?>;
 //]]>
 </script>
@@ -2407,7 +2407,7 @@ function edit_form_image_editor( $post ) {
 	?>
 
 	<label for="content"><strong><?php _e( 'Description' ); ?></strong></label>
-	<?php wp_editor( $post->post_content, 'attachment_content', $editor_args ); ?>
+	<?php wp_editor( format_to_edit( $post->post_content ), 'attachment_content', $editor_args ); ?>
 
 	</div>
 	<?php

wp-admin/includes/misc.php

@@ -390,7 +390,49 @@ function set_screen_options() {
 					return;
 				break;
 			default:
-				$value = apply_filters('set-screen-option', false, $option, $value);
+				$screen_option = false;
+
+				if ( '_page' === substr( $option, -5 ) || 'layout_columns' === $option ) {
+					/**
+					 * Filters a screen option value before it is set.
+					 *
+					 * The filter can also be used to modify non-standard [items]_per_page
+					 * settings. See the parent function for a full list of standard options.
+					 *
+					 * Returning false to the filter will skip saving the current option.
+					 *
+					 * @since 2.8.0
+					 * @since 5.4.2 Only applied to options ending with '_page',
+					 *              or the 'layout_columns' option.
+					 *
+					 * @see set_screen_options()
+					 *
+					 * @param mixed  $screen_option The value to save instead of the option value.
+					 *                              Default false (to skip saving the current option).
+					 * @param string $option        The option name.
+					 * @param int    $value         The option value.
+					 */
+					$screen_option = apply_filters( 'set-screen-option', $screen_option, $option, $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
+				}
+
+				/**
+				 * Filter a screen option value before it is set.
+				 *
+				 * The dynamic portion of the hook, `$option`, refers to the option name.
+				 *
+				 * Returning false to the filter will skip saving the current option.
+				 *
+				 * @since 5.4.2
+				 *
+				 * @see set_screen_options()
+				 *
+				 * @param mixed   $screen_option The value to save instead of the option value.
+				 *                               Default false (to skip saving the current option).
+				 * @param string  $option        The option name.
+				 * @param int     $value         The option value.
+				 */
+				$value = apply_filters( "set_screen_option_{$option}", $screen_option, $option, $value );
+
 				if ( false === $value )
 					return;
 				break;

wp-admin/includes/post.php

@@ -164,6 +164,27 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 	return $post_data;
 }
 
+/**
+ * Returns only allowed post data fields
+ *
+ * @since 4.9.9
+ *
+ * @param array $post_data Array of post data. Defaults to the contents of $_POST.
+ * @return object|bool WP_Error on failure, true on success.
+ */
+function _wp_get_allowed_postdata( $post_data = null ) {
+	if ( empty( $post_data ) ) {
+		$post_data = $_POST;
+	}
+
+	// Pass through errors
+	if ( is_wp_error( $post_data ) ) {
+		return $post_data;
+	}
+
+	return array_diff_key( $post_data, array_flip( array( 'meta_input', 'file', 'guid' ) ) );
+}
+
 /**
  * Update an existing post with values provided in $_POST.
  *
@@ -235,6 +256,8 @@ function edit_post( $post_data = null ) {
 		$post_data['post_status'] = 'draft';
 	}
 
+	$translated = _wp_get_allowed_postdata( $post_data );
+
 	// Post Formats
 	if ( isset( $post_data['post_format'] ) )
 		set_post_format( $post_ID, $post_data['post_format'] );
@@ -296,25 +319,25 @@ function edit_post( $post_data = null ) {
 
 		$attachment_data = isset( $post_data['attachments'][ $post_ID ] ) ? $post_data['attachments'][ $post_ID ] : array();
 		/** This filter is documented in wp-admin/includes/media.php */
-		$post_data = apply_filters( 'attachment_fields_to_save', $post_data, $attachment_data );
+		$translated = apply_filters( 'attachment_fields_to_save', $translated, $attachment_data );
 	}
 
 	add_meta( $post_ID );
 
 	update_post_meta( $post_ID, '_edit_last', get_current_user_id() );
 
-	$success = wp_update_post( $post_data );
+	$success = wp_update_post( $translated );
 	// If the save failed, see if we can sanity check the main fields and try again
 	if ( ! $success && is_callable( array( $wpdb, 'strip_invalid_text_for_column' ) ) ) {
 		$fields = array( 'post_title', 'post_content', 'post_excerpt' );
 
 		foreach( $fields as $field ) {
-			if ( isset( $post_data[ $field ] ) ) {
-				$post_data[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $post_data[ $field ] );
+			if ( isset( $translated[ $field ] ) ) {
+				$translated[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $translated[ $field ] );
 			}
 		}
 
-		wp_update_post( $post_data );
+		wp_update_post( $translated );
 	}
 
 	// Now that we have an ID we can fix any attachment anchor hrefs
@@ -472,9 +495,9 @@ function bulk_edit_posts( $post_data = null ) {
 			unset( $post_data['tax_input']['category'] );
 		}
 
+		$post_data['post_ID']        = $post_ID;
 		$post_data['post_type'] = $post->post_type;
 		$post_data['post_mime_type'] = $post->post_mime_type;
-		$post_data['guid'] = $post->guid;
 
 		foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) {
 			if ( ! isset( $post_data[ $field ] ) ) {
@@ -482,14 +505,12 @@ function bulk_edit_posts( $post_data = null ) {
 			}
 		}
 
-		$post_data['ID'] = $post_ID;
-		$post_data['post_ID'] = $post_ID;
-
 		$post_data = _wp_translate_postdata( true, $post_data );
 		if ( is_wp_error( $post_data ) ) {
 			$skipped[] = $post_ID;
 			continue;
 		}
+		$post_data = _wp_get_allowed_postdata( $post_data );
 
 		$updated[] = wp_update_post( $post_data );
 
@@ -500,8 +521,8 @@ function bulk_edit_posts( $post_data = null ) {
 				unstick_post( $post_ID );
 		}
 
-		if ( isset( $post_data['post_format'] ) )
-			set_post_format( $post_ID, $post_data['post_format'] );
+		if ( isset( $shared_post_data['post_format'] ) )
+			set_post_format( $post_ID, $shared_post_data['post_format'] );
 	}
 
 	return array( 'updated' => $updated, 'skipped' => $skipped, 'locked' => $locked );
@@ -653,9 +674,10 @@ function wp_write_post() {
 	$translated = _wp_translate_postdata( false );
 	if ( is_wp_error($translated) )
 		return $translated;
+	$translated = _wp_get_allowed_postdata( $translated );
 
 	// Create the post.
-	$post_ID = wp_insert_post( $_POST );
+	$post_ID = wp_insert_post( $translated );
 	if ( is_wp_error( $post_ID ) )
 		return $post_ID;
 
@@ -1406,12 +1428,13 @@ function wp_create_post_autosave( $post_id ) {
 	$translated = _wp_translate_postdata( true );
 	if ( is_wp_error( $translated ) )
 		return $translated;
+	$translated = _wp_get_allowed_postdata( $translated );
 
 	$post_author = get_current_user_id();
 
 	// Store one autosave per author. If there is already an autosave, overwrite it.
 	if ( $old_autosave = wp_get_post_autosave( $post_id, $post_author ) ) {
-		$new_autosave = _wp_post_revision_fields( $_POST, true );
+		$new_autosave = _wp_post_revision_fields( $translated, true );
 		$new_autosave['ID'] = $old_autosave->ID;
 		$new_autosave['post_author'] = $post_author;
 
@@ -1434,7 +1457,7 @@ function wp_create_post_autosave( $post_id ) {
 	}
 
 	// _wp_put_post_revision() expects unescaped.
-	$post_data = wp_unslash( $_POST );
+	$post_data = wp_unslash( $translated );
 
 	// Otherwise create the new autosave as a special post revision
 	return _wp_put_post_revision( $post_data, true );

wp-admin/includes/screen.php

@@ -463,7 +463,9 @@ final class WP_Screen {
 
 			switch ( $base ) {
 				case 'post' :
-					if ( isset( $_GET['post'] ) )
+					if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] )
+						wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
+					elseif ( isset( $_GET['post'] ) )
 						$post_id = (int) $_GET['post'];
 					elseif ( isset( $_POST['post_ID'] ) )
 						$post_id = (int) $_POST['post_ID'];

wp-admin/includes/template.php

@@ -706,7 +706,7 @@ function page_template_dropdown( $default = '' ) {
 			$selected = " selected='selected'";
 		else
 			$selected = '';
-	echo "\n\t<option value='".$templates[$template]."' $selected>$template</option>";
+	echo "\n\t<option value='" . esc_attr( $templates[$template] ) ."' $selected>" . esc_html( $template ) . "</option>";
 	endforeach;
 }
 
@@ -1416,12 +1416,12 @@ wp_enqueue_style( 'colors' );
 //<![CDATA[
 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
 function tb_close(){var win=window.dialogArguments||opener||parent||top;win.tb_remove();}
-var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>',
-	pagenow = '<?php echo $current_screen->id; ?>',
-	typenow = '<?php echo $current_screen->post_type; ?>',
-	adminpage = '<?php echo $admin_body_class; ?>',
-	thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',
-	decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',
+var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',
+	pagenow = '<?php echo esc_js( $current_screen->id ); ?>',
+	typenow = '<?php echo esc_js( $current_screen->post_type ); ?>',
+	adminpage = '<?php echo esc_js( $admin_body_class ); ?>',
+	thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>',
+	decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>',
 	isRtl = <?php echo (int) is_rtl(); ?>;
 //]]>
 </script>

wp-admin/includes/update-core.php

@@ -562,6 +562,9 @@ $_old_files = array(
 'wp-admin/js/cat.js',
 'wp-admin/js/cat.min.js',
 'wp-includes/js/tinymce/plugins/wpeditimage/js/editimage.min.js',
+// 4.9.2
+'wp-includes/js/mediaelement/flashmediaelement.swf',
+'wp-includes/js/mediaelement/silverlightmediaelement.xap',
 );
 
 /**
@@ -878,7 +881,11 @@ function update_core($from, $to) {
 		$old_file = $to . $old_file;
 		if ( !$wp_filesystem->exists($old_file) )
 			continue;
-		$wp_filesystem->delete($old_file, true);
+
+		// If the file isn't deleted, try writing an empty string to the file instead.
+		if ( ! $wp_filesystem->delete( $old_file, true ) && $wp_filesystem->is_file( $old_file ) ) {
+			$wp_filesystem->put_contents( $old_file, '' );
+		}
 	}
 
 	// Remove any Genericons example.html's from the filesystem

wp-admin/includes/upgrade.php

@@ -1644,9 +1644,9 @@ function dbDelta( $queries = '', $execute = true ) {
 			continue;
 
 		// Fetch the table column structure from the database
-		$wpdb->suppress_errors();
+		$suppress = $wpdb->suppress_errors();
 		$tablefields = $wpdb->get_results("DESCRIBE {$table};");
-		$wpdb->suppress_errors( false );
+		$wpdb->suppress_errors( $suppress );
 
 		if ( ! $tablefields )
 			continue;

wp-admin/js/color-picker.min.js

@@ -1 +1 @@
-!function(a,b){var c='<a tabindex="0" class="wp-color-result" />',d='<div class="wp-picker-holder" />',e='<div class="wp-picker-container" />',f='<input type="button" class="button button-small hidden" />',g={options:{defaultColor:!1,change:!1,clear:!1,hide:!0,palettes:!0},_create:function(){if(a.support.iris){var b=this,g=b.element;a.extend(b.options,g.data()),b.initialValue=g.val(),g.addClass("wp-color-picker").hide().wrap(e),b.wrap=g.parent(),b.toggler=a(c).insertBefore(g).css({backgroundColor:b.initialValue}).attr("title",wpColorPickerL10n.pick).attr("data-current",wpColorPickerL10n.current),b.pickerContainer=a(d).insertAfter(g),b.button=a(f),b.options.defaultColor?b.button.addClass("wp-picker-default").val(wpColorPickerL10n.defaultString):b.button.addClass("wp-picker-clear").val(wpColorPickerL10n.clear),g.wrap('<span class="wp-picker-input-wrap" />').after(b.button),g.iris({target:b.pickerContainer,hide:!0,width:255,mode:"hsv",palettes:b.options.palettes,change:function(c,d){b.toggler.css({backgroundColor:d.color.toString()}),a.isFunction(b.options.change)&&b.options.change.call(this,c,d)}}),g.val(b.initialValue),b._addListeners(),b.options.hide||b.toggler.click()}},_addListeners:function(){var b=this;b.toggler.click(function(c){c.stopPropagation(),b.element.toggle().iris("toggle"),b.button.toggleClass("hidden"),b.toggler.toggleClass("wp-picker-open"),b.toggler.hasClass("wp-picker-open")?a("body").on("click",{wrap:b.wrap,toggler:b.toggler},b._bodyListener):a("body").off("click",b._bodyListener)}),b.element.change(function(c){var d=a(this),e=d.val();(""===e||"#"===e)&&(b.toggler.css("backgroundColor",""),a.isFunction(b.options.clear)&&b.options.clear.call(this,c))}),b.toggler.on("keyup",function(a){(13===a.keyCode||32===a.keyCode)&&(a.preventDefault(),b.toggler.trigger("click").next().focus())}),b.button.click(function(c){var d=a(this);d.hasClass("wp-picker-clear")?(b.element.val(""),b.toggler.css("backgroundColor",""),a.isFunction(b.options.clear)&&b.options.clear.call(this,c)):d.hasClass("wp-picker-default")&&b.element.val(b.options.defaultColor).change()})},_bodyListener:function(a){a.data.wrap.find(a.target).length||a.data.toggler.click()},color:function(a){return a===b?this.element.iris("option","color"):(this.element.iris("option","color",a),void 0)},defaultColor:function(a){return a===b?this.options.defaultColor:(this.options.defaultColor=a,void 0)}};a.widget("wp.wpColorPicker",g)}(jQuery);
+!function(a,b){var c='<a tabindex="0" class="wp-color-result" />',d='<div class="wp-picker-holder" />',e='<div class="wp-picker-container" />',f='<input type="button" class="button button-small hidden" />',g={options:{defaultColor:!1,change:!1,clear:!1,hide:!0,palettes:!0},_create:function(){if(a.support.iris){var b=this,g=b.element;a.extend(b.options,g.data()),b.initialValue=g.val(),g.addClass("wp-color-picker").hide().wrap(e),b.wrap=g.parent(),b.toggler=a(c).insertBefore(g).css({backgroundColor:b.initialValue}).attr("title",wpColorPickerL10n.pick).attr("data-current",wpColorPickerL10n.current),b.pickerContainer=a(d).insertAfter(g),b.button=a(f),b.options.defaultColor?b.button.addClass("wp-picker-default").val(wpColorPickerL10n.defaultString):b.button.addClass("wp-picker-clear").val(wpColorPickerL10n.clear),g.wrap('<span class="wp-picker-input-wrap" />').after(b.button),g.iris({target:b.pickerContainer,hide:!0,width:255,mode:"hsv",palettes:b.options.palettes,change:function(c,d){b.toggler.css({backgroundColor:d.color.toString()}),a.isFunction(b.options.change)&&b.options.change.call(this,c,d)}}),g.val(b.initialValue),b._addListeners(),b.options.hide||b.toggler.click()}},_addListeners:function(){var b=this;b.toggler.click(function(c){c.stopPropagation(),b.element.toggle().iris("toggle"),b.button.toggleClass("hidden"),b.toggler.toggleClass("wp-picker-open"),b.toggler.hasClass("wp-picker-open")?a("body").on("click",{wrap:b.wrap,toggler:b.toggler},b._bodyListener):a("body").off("click",b._bodyListener)}),b.element.change(function(c){var d=a(this),e=d.val();(""===e||"#"===e)&&(b.toggler.css("backgroundColor",""),a.isFunction(b.options.clear)&&b.options.clear.call(this,c))}),b.toggler.on("keyup",function(a){(13===a.keyCode||32===a.keyCode)&&(a.preventDefault(),b.toggler.trigger("click").next().focus())}),b.button.click(function(c){var d=a(this);d.hasClass("wp-picker-clear")?(b.element.val(""),b.toggler.css("backgroundColor",""),a.isFunction(b.options.clear)&&b.options.clear.call(this,c)):d.hasClass("wp-picker-default")&&b.element.val(b.options.defaultColor).change()})},_bodyListener:function(a){a.data.wrap.find(a.target).length||a.data.toggler.click()},color:function(a){return a===b?this.element.iris("option","color"):void this.element.iris("option","color",a)},defaultColor:function(a){return a===b?this.options.defaultColor:void(this.options.defaultColor=a)}};a.widget("wp.wpColorPicker",g)}(jQuery);

wp-admin/js/custom-background.js

@@ -55,11 +55,13 @@
 			frame.on( 'select', function() {
 				// Grab the selected attachment.
 				var attachment = frame.state().get('selection').first();
+				var nonceValue = $( '#_wpnonce' ).val() || '';
 
 				// Run an AJAX request to set the background image.
 				$.post( ajaxurl, {
 					action: 'set-background-image',
 					attachment_id: attachment.id,
+					_ajax_nonce: nonceValue,
 					size: 'full'
 				}).done( function() {
 					// When the request completes, reload the window.

wp-admin/js/custom-background.min.js

@@ -1 +1 @@
-!function(a){a(document).ready(function(){var b,c=a("#custom-background-image");a("#background-color").wpColorPicker({change:function(a,b){c.css("background-color",b.color.toString())},clear:function(){c.css("background-color","")}}),a('input[name="background-position-x"]').change(function(){c.css("background-position",a(this).val()+" top")}),a('input[name="background-repeat"]').change(function(){c.css("background-repeat",a(this).val())}),a("#choose-from-library-link").click(function(c){var d=a(this);return c.preventDefault(),b?(b.open(),void 0):(b=wp.media.frames.customBackground=wp.media({title:d.data("choose"),library:{type:"image"},button:{text:d.data("update"),close:!1}}),b.on("select",function(){var c=b.state().get("selection").first();a.post(ajaxurl,{action:"set-background-image",attachment_id:c.id,size:"full"}).done(function(){window.location.reload()})}),b.open(),void 0)})})}(jQuery);
+!function(a){a(document).ready(function(){var b,c=a("#custom-background-image");a("#background-color").wpColorPicker({change:function(a,b){c.css("background-color",b.color.toString())},clear:function(){c.css("background-color","")}}),a('input[name="background-position-x"]').change(function(){c.css("background-position",a(this).val()+" top")}),a('input[name="background-repeat"]').change(function(){c.css("background-repeat",a(this).val())}),a("#choose-from-library-link").click(function(c){var d=a(this);return c.preventDefault(),b?void b.open():(b=wp.media.frames.customBackground=wp.media({title:d.data("choose"),library:{type:"image"},button:{text:d.data("update"),close:!1}}),b.on("select",function(){var c=b.state().get("selection").first(),d=a("#_wpnonce").val()||"";a.post(ajaxurl,{action:"set-background-image",attachment_id:c.id,_ajax_nonce:d,size:"full"}).done(function(){window.location.reload()})}),void b.open())})})}(jQuery);

wp-admin/js/customize-controls.js

@@ -777,6 +777,16 @@
 			}
 		});
 
+		// Ensure preview nonce is included with every customized request, to allow post data to be read.
+		$.ajaxPrefilter( function injectPreviewNonce( options ) {
+			if ( ! /wp_customize=on/.test( options.data ) ) {
+				return;
+			}
+			options.data += '&' + $.param({
+				customize_preview_nonce: api.settings.nonce.preview
+			});
+		});
+
 		// Refresh the nonces if the preview sends updated nonces over.
  		previewer.bind( 'nonce', function( nonce ) {
  			$.extend( this.nonce, nonce );

wp-admin/js/dashboard.min.js

@@ -1 +1 @@
-var ajaxWidgets,ajaxPopulateWidgets,quickPressLoad;jQuery(document).ready(function(a){var b=a("#welcome-panel"),c=a("#wp_welcome_panel-hide"),d=function(b){a.post(ajaxurl,{action:"update-welcome-panel",visible:b,welcomepanelnonce:a("#welcomepanelnonce").val()})};b.hasClass("hidden")&&c.prop("checked")&&b.removeClass("hidden"),a(".welcome-panel-close, .welcome-panel-dismiss a",b).click(function(c){c.preventDefault(),b.addClass("hidden"),d(0),a("#wp_welcome_panel-hide").prop("checked",!1)}),c.click(function(){b.toggleClass("hidden",!this.checked),d(this.checked?1:0)}),ajaxWidgets=["dashboard_incoming_links","dashboard_primary","dashboard_secondary","dashboard_plugins"],ajaxPopulateWidgets=function(b){function c(b,c){var d,e=a("#"+c+" div.inside:visible").find(".widget-loading");e.length&&(d=e.parent(),setTimeout(function(){d.load(ajaxurl+"?action=dashboard-widgets&widget="+c,"",function(){d.hide().slideDown("normal",function(){a(this).css("display","")})})},500*b))}b?(b=b.toString(),-1!=a.inArray(b,ajaxWidgets)&&c(0,b)):a.each(ajaxWidgets,c)},ajaxPopulateWidgets(),postboxes.add_postbox_toggles(pagenow,{pbshow:ajaxPopulateWidgets}),quickPressLoad=function(){var b,c=a("#quickpost-action");b=a("#quick-press").submit(function(){return a("#dashboard_quick_press #publishing-action .spinner").show(),a('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').prop("disabled",!0),"post"==c.val()&&c.val("post-quickpress-publish"),a("#dashboard_quick_press div.inside").load(b.attr("action"),b.serializeArray(),function(){a("#dashboard_quick_press #publishing-action .spinner").hide(),a('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').prop("disabled",!1),a("#dashboard_quick_press ul").next("p").remove(),a("#dashboard_quick_press ul").find("li").each(function(){a("#dashboard_recent_drafts ul").prepend(this)}).end().remove(),quickPressLoad()}),!1}),a("#publish").click(function(){c.val("post-quickpress-publish")}),a("#title, #tags-input").each(function(){var b=a(this),c=a("#"+this.id+"-prompt-text");""===this.value&&c.removeClass("screen-reader-text"),c.click(function(){a(this).addClass("screen-reader-text"),b.focus()}),b.blur(function(){""===this.value&&c.removeClass("screen-reader-text")}),b.focus(function(){c.addClass("screen-reader-text")})}),a("#quick-press").on("click focusin",function(){wpActiveEditor="content"})},quickPressLoad()});
+var ajaxWidgets,ajaxPopulateWidgets,quickPressLoad;jQuery(document).ready(function(a){var b=a("#welcome-panel"),c=a("#wp_welcome_panel-hide"),d=function(b){a.post(ajaxurl,{action:"update-welcome-panel",visible:b,welcomepanelnonce:a("#welcomepanelnonce").val()})};b.hasClass("hidden")&&c.prop("checked")&&b.removeClass("hidden"),a(".welcome-panel-close, .welcome-panel-dismiss a",b).click(function(c){c.preventDefault(),b.addClass("hidden"),d(0),a("#wp_welcome_panel-hide").prop("checked",!1)}),c.click(function(){b.toggleClass("hidden",!this.checked),d(this.checked?1:0)}),ajaxWidgets=["dashboard_incoming_links","dashboard_primary","dashboard_secondary","dashboard_plugins"],ajaxPopulateWidgets=function(b){function c(b,c){var d,e=a("#"+c+" div.inside:visible").find(".widget-loading");e.length&&(d=e.parent(),setTimeout(function(){d.load(ajaxurl+"?action=dashboard-widgets&widget="+c,"",function(){d.hide().slideDown("normal",function(){a(this).css("display","")})})},500*b))}b?(b=b.toString(),-1!=a.inArray(b,ajaxWidgets)&&c(0,b)):a.each(ajaxWidgets,c)},ajaxPopulateWidgets(),postboxes.add_postbox_toggles(pagenow,{pbshow:ajaxPopulateWidgets}),(quickPressLoad=function(){var b,c=a("#quickpost-action");b=a("#quick-press").submit(function(){return a("#dashboard_quick_press #publishing-action .spinner").show(),a('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').prop("disabled",!0),"post"==c.val()&&c.val("post-quickpress-publish"),a("#dashboard_quick_press div.inside").load(b.attr("action"),b.serializeArray(),function(){a("#dashboard_quick_press #publishing-action .spinner").hide(),a('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').prop("disabled",!1),a("#dashboard_quick_press ul").next("p").remove(),a("#dashboard_quick_press ul").find("li").each(function(){a("#dashboard_recent_drafts ul").prepend(this)}).end().remove(),quickPressLoad()}),!1}),a("#publish").click(function(){c.val("post-quickpress-publish")}),a("#title, #tags-input").each(function(){var b=a(this),c=a("#"+this.id+"-prompt-text");""===this.value&&c.removeClass("screen-reader-text"),c.click(function(){a(this).addClass("screen-reader-text"),b.focus()}),b.blur(function(){""===this.value&&c.removeClass("screen-reader-text")}),b.focus(function(){c.addClass("screen-reader-text")})}),a("#quick-press").on("click focusin",function(){wpActiveEditor="content"})})()});

wp-admin/js/gallery.min.js

@@ -1 +1 @@
-jQuery(document).ready(function(a){var b,c,d,e=!1;c=function(){b=a("#media-items").sortable({items:"div.media-item",placeholder:"sorthelper",axis:"y",distance:2,handle:"div.filename",stop:function(){var b=a("#media-items").sortable("toArray"),c=b.length;a.each(b,function(b,d){var f=e?c-b:1+b;a("#"+d+" .menu_order input").val(f)})}})},sortIt=function(){var b=a(".menu_order_input"),c=b.length;b.each(function(b){var d=e?c-b:1+b;a(this).val(d)})},clearAll=function(b){b=b||0,a(".menu_order_input").each(function(){("0"==this.value||b)&&(this.value="")})},a("#asc").click(function(){return e=!1,sortIt(),!1}),a("#desc").click(function(){return e=!0,sortIt(),!1}),a("#clear").click(function(){return clearAll(1),!1}),a("#showall").click(function(){return a("#sort-buttons span a").toggle(),a("a.describe-toggle-on").hide(),a("a.describe-toggle-off, table.slidetoggle").show(),a("img.pinkynail").toggle(!1),!1}),a("#hideall").click(function(){return a("#sort-buttons span a").toggle(),a("a.describe-toggle-on").show(),a("a.describe-toggle-off, table.slidetoggle").hide(),a("img.pinkynail").toggle(!0),!1}),c(),clearAll(),a("#media-items>*").length>1&&(d=wpgallery.getWin(),a("#save-all, #gallery-settings").show(),"undefined"!=typeof d.tinyMCE&&d.tinyMCE.activeEditor&&!d.tinyMCE.activeEditor.isHidden()?(wpgallery.mcemode=!0,wpgallery.init()):a("#insert-gallery").show())}),jQuery(window).unload(function(){tinymce=tinyMCE=wpgallery=null});var tinymce=null,tinyMCE,wpgallery;wpgallery={mcemode:!1,editor:{},dom:{},is_update:!1,el:{},I:function(a){return document.getElementById(a)},init:function(){var a,b,c,d,e=this,f=e.getWin();if(e.mcemode){for(a=(""+document.location.search).replace(/^\?/,"").split("&"),b={},c=0;c<a.length;c++)d=a[c].split("="),b[unescape(d[0])]=unescape(d[1]);b.mce_rdomain&&(document.domain=b.mce_rdomain),tinymce=f.tinymce,tinyMCE=f.tinyMCE,e.editor=tinymce.EditorManager.activeEditor,e.setup()}},getWin:function(){return window.dialogArguments||opener||parent||top},setup:function(){var a,b,c,d,e,f,g=this,h=g.editor;if(g.mcemode){if(g.el=h.selection.getNode(),"IMG"!=g.el.nodeName||!h.dom.hasClass(g.el,"wpGallery")){if(!(b=h.dom.select("img.wpGallery"))||!b[0])return"1"==getUserSetting("galfile")&&(g.I("linkto-file").checked="checked"),"1"==getUserSetting("galdesc")&&(g.I("order-desc").checked="checked"),getUserSetting("galcols")&&(g.I("columns").value=getUserSetting("galcols")),getUserSetting("galord")&&(g.I("orderby").value=getUserSetting("galord")),jQuery("#insert-gallery").show(),void 0;g.el=b[0]}a=h.dom.getAttrib(g.el,"title"),a=h.dom.decode(a),a?(jQuery("#update-gallery").show(),g.is_update=!0,c=a.match(/columns=['"]([0-9]+)['"]/),d=a.match(/link=['"]([^'"]+)['"]/i),e=a.match(/order=['"]([^'"]+)['"]/i),f=a.match(/orderby=['"]([^'"]+)['"]/i),d&&d[1]&&(g.I("linkto-file").checked="checked"),e&&e[1]&&(g.I("order-desc").checked="checked"),c&&c[1]&&(g.I("columns").value=""+c[1]),f&&f[1]&&(g.I("orderby").value=f[1])):jQuery("#insert-gallery").show()}},update:function(){var a,b=this,c=b.editor,d="";return b.mcemode&&b.is_update?("IMG"==b.el.nodeName&&(d=c.dom.decode(c.dom.getAttrib(b.el,"title")),d=d.replace(/\s*(order|link|columns|orderby)=['"]([^'"]+)['"]/gi,""),d+=b.getSettings(),c.dom.setAttrib(b.el,"title",d),b.getWin().tb_remove()),void 0):(a="[gallery"+b.getSettings()+"]",b.getWin().send_to_editor(a),void 0)},getSettings:function(){var a=this.I,b="";return a("linkto-file").checked&&(b+=' link="file"',setUserSetting("galfile","1")),a("order-desc").checked&&(b+=' order="DESC"',setUserSetting("galdesc","1")),3!=a("columns").value&&(b+=' columns="'+a("columns").value+'"',setUserSetting("galcols",a("columns").value)),"menu_order"!=a("orderby").value&&(b+=' orderby="'+a("orderby").value+'"',setUserSetting("galord",a("orderby").value)),b}};
+jQuery(document).ready(function(a){var b,c,d,e=!1;c=function(){b=a("#media-items").sortable({items:"div.media-item",placeholder:"sorthelper",axis:"y",distance:2,handle:"div.filename",stop:function(b,c){var d=a("#media-items").sortable("toArray"),f=d.length;a.each(d,function(b,c){var d=e?f-b:1+b;a("#"+c+" .menu_order input").val(d)})}})},sortIt=function(){var b=a(".menu_order_input"),c=b.length;b.each(function(b){var d=e?c-b:1+b;a(this).val(d)})},clearAll=function(b){b=b||0,a(".menu_order_input").each(function(){("0"==this.value||b)&&(this.value="")})},a("#asc").click(function(){return e=!1,sortIt(),!1}),a("#desc").click(function(){return e=!0,sortIt(),!1}),a("#clear").click(function(){return clearAll(1),!1}),a("#showall").click(function(){return a("#sort-buttons span a").toggle(),a("a.describe-toggle-on").hide(),a("a.describe-toggle-off, table.slidetoggle").show(),a("img.pinkynail").toggle(!1),!1}),a("#hideall").click(function(){return a("#sort-buttons span a").toggle(),a("a.describe-toggle-on").show(),a("a.describe-toggle-off, table.slidetoggle").hide(),a("img.pinkynail").toggle(!0),!1}),c(),clearAll(),a("#media-items>*").length>1&&(d=wpgallery.getWin(),a("#save-all, #gallery-settings").show(),"undefined"!=typeof d.tinyMCE&&d.tinyMCE.activeEditor&&!d.tinyMCE.activeEditor.isHidden()?(wpgallery.mcemode=!0,wpgallery.init()):a("#insert-gallery").show())}),jQuery(window).unload(function(){tinymce=tinyMCE=wpgallery=null});var tinymce=null,tinyMCE,wpgallery;wpgallery={mcemode:!1,editor:{},dom:{},is_update:!1,el:{},I:function(a){return document.getElementById(a)},init:function(){var a,b,c,d,e=this,f=e.getWin();if(e.mcemode){for(a=(""+document.location.search).replace(/^\?/,"").split("&"),b={},c=0;c<a.length;c++)d=a[c].split("="),b[unescape(d[0])]=unescape(d[1]);b.mce_rdomain&&(document.domain=b.mce_rdomain),tinymce=f.tinymce,tinyMCE=f.tinyMCE,e.editor=tinymce.EditorManager.activeEditor,e.setup()}},getWin:function(){return window.dialogArguments||opener||parent||top},setup:function(){var a,b,c,d,e,f,g=this,h=g.editor;if(g.mcemode){if(g.el=h.selection.getNode(),"IMG"!=g.el.nodeName||!h.dom.hasClass(g.el,"wpGallery")){if(!(b=h.dom.select("img.wpGallery"))||!b[0])return"1"==getUserSetting("galfile")&&(g.I("linkto-file").checked="checked"),"1"==getUserSetting("galdesc")&&(g.I("order-desc").checked="checked"),getUserSetting("galcols")&&(g.I("columns").value=getUserSetting("galcols")),getUserSetting("galord")&&(g.I("orderby").value=getUserSetting("galord")),void jQuery("#insert-gallery").show();g.el=b[0]}a=h.dom.getAttrib(g.el,"title"),a=h.dom.decode(a),a?(jQuery("#update-gallery").show(),g.is_update=!0,c=a.match(/columns=['"]([0-9]+)['"]/),d=a.match(/link=['"]([^'"]+)['"]/i),e=a.match(/order=['"]([^'"]+)['"]/i),f=a.match(/orderby=['"]([^'"]+)['"]/i),d&&d[1]&&(g.I("linkto-file").checked="checked"),e&&e[1]&&(g.I("order-desc").checked="checked"),c&&c[1]&&(g.I("columns").value=""+c[1]),f&&f[1]&&(g.I("orderby").value=f[1])):jQuery("#insert-gallery").show()}},update:function(){var a,b=this,c=b.editor,d="";return b.mcemode&&b.is_update?void("IMG"==b.el.nodeName&&(d=c.dom.decode(c.dom.getAttrib(b.el,"title")),d=d.replace(/\s*(order|link|columns|orderby)=['"]([^'"]+)['"]/gi,""),d+=b.getSettings(),c.dom.setAttrib(b.el,"title",d),b.getWin().tb_remove())):(a="[gallery"+b.getSettings()+"]",void b.getWin().send_to_editor(a))},getSettings:function(){var a=this.I,b="";return a("linkto-file").checked&&(b+=' link="file"',setUserSetting("galfile","1")),a("order-desc").checked&&(b+=' order="DESC"',setUserSetting("galdesc","1")),3!=a("columns").value&&(b+=' columns="'+a("columns").value+'"',setUserSetting("galcols",a("columns").value)),"menu_order"!=a("orderby").value&&(b+=' orderby="'+a("orderby").value+'"',setUserSetting("galord",a("orderby").value)),b}};

wp-admin/js/inline-edit-tax.min.js

@@ -1 +1 @@
-!function(a){inlineEditTax={init:function(){var b=this,c=a("#inline-edit");b.type=a("#the-list").attr("data-wp-lists").substr(5),b.what="#"+b.type+"-",a("#the-list").on("click","a.editinline",function(){return inlineEditTax.edit(this),!1}),c.keyup(function(a){return 27==a.which?inlineEditTax.revert():void 0}),a("a.cancel",c).click(function(){return inlineEditTax.revert()}),a("a.save",c).click(function(){return inlineEditTax.save(this)}),a("input, select",c).keydown(function(a){return 13==a.which?inlineEditTax.save(this):void 0}),a('#posts-filter input[type="submit"]').mousedown(function(){b.revert()})},toggle:function(b){var c=this;"none"==a(c.what+c.getId(b)).css("display")?c.revert():c.edit(b)},edit:function(b){var c,d=this;return d.revert(),"object"==typeof b&&(b=d.getId(b)),c=a("#inline-edit").clone(!0),rowData=a("#inline_"+b),a("td",c).attr("colspan",a(".widefat:first thead th:visible").length),a(d.what+b).hasClass("alternate")&&a(c).addClass("alternate"),a(d.what+b).hide().after(c),a(':input[name="name"]',c).val(a(".name",rowData).text()),a(':input[name="slug"]',c).val(a(".slug",rowData).text()),a(c).attr("id","edit-"+b).addClass("inline-editor").show(),a(".ptitle",c).eq(0).focus(),!1},save:function(b){var c,d,e=a('input[name="taxonomy"]').val()||"";return"object"==typeof b&&(b=this.getId(b)),a("table.widefat .spinner").show(),c={action:"inline-save-tax",tax_type:this.type,tax_ID:b,taxonomy:e},d=a("#edit-"+b+" :input").serialize(),c=d+"&"+a.param(c),a.post(ajaxurl,c,function(c){var d,e;a("table.widefat .spinner").hide(),c?-1!=c.indexOf("<tr")?(a(inlineEditTax.what+b).remove(),e=a(c).attr("id"),a("#edit-"+b).before(c).remove(),d=e?a("#"+e):a(inlineEditTax.what+b),d.hide().fadeIn()):a("#edit-"+b+" .inline-edit-save .error").html(c).show():a("#edit-"+b+" .inline-edit-save .error").html(inlineEditL10n.error).show(),a(d).prev("tr").hasClass("alternate")&&a(d).removeClass("alternate")}),!1},revert:function(){var b=a("table.widefat tr.inline-editor").attr("id");return b&&(a("table.widefat .spinner").hide(),a("#"+b).remove(),b=b.substr(b.lastIndexOf("-")+1),a(this.what+b).show()),!1},getId:function(b){var c="TR"==b.tagName?b.id:a(b).parents("tr").attr("id"),d=c.split("-");return d[d.length-1]}},a(document).ready(function(){inlineEditTax.init()})}(jQuery);
+!function(a){inlineEditTax={init:function(){var b=this,c=a("#inline-edit");b.type=a("#the-list").attr("data-wp-lists").substr(5),b.what="#"+b.type+"-",a("#the-list").on("click","a.editinline",function(){return inlineEditTax.edit(this),!1}),c.keyup(function(a){return 27==a.which?inlineEditTax.revert():void 0}),a("a.cancel",c).click(function(){return inlineEditTax.revert()}),a("a.save",c).click(function(){return inlineEditTax.save(this)}),a("input, select",c).keydown(function(a){return 13==a.which?inlineEditTax.save(this):void 0}),a('#posts-filter input[type="submit"]').mousedown(function(a){b.revert()})},toggle:function(b){var c=this;"none"==a(c.what+c.getId(b)).css("display")?c.revert():c.edit(b)},edit:function(b){var c,d=this;return d.revert(),"object"==typeof b&&(b=d.getId(b)),c=a("#inline-edit").clone(!0),rowData=a("#inline_"+b),a("td",c).attr("colspan",a(".widefat:first thead th:visible").length),a(d.what+b).hasClass("alternate")&&a(c).addClass("alternate"),a(d.what+b).hide().after(c),a(':input[name="name"]',c).val(a(".name",rowData).text()),a(':input[name="slug"]',c).val(a(".slug",rowData).text()),a(c).attr("id","edit-"+b).addClass("inline-editor").show(),a(".ptitle",c).eq(0).focus(),!1},save:function(b){var c,d,e=a('input[name="taxonomy"]').val()||"";return"object"==typeof b&&(b=this.getId(b)),a("table.widefat .spinner").show(),c={action:"inline-save-tax",tax_type:this.type,tax_ID:b,taxonomy:e},d=a("#edit-"+b+" :input").serialize(),c=d+"&"+a.param(c),a.post(ajaxurl,c,function(c){var d,e;a("table.widefat .spinner").hide(),c?-1!=c.indexOf("<tr")?(a(inlineEditTax.what+b).remove(),e=a(c).attr("id"),a("#edit-"+b).before(c).remove(),d=a(e?"#"+e:inlineEditTax.what+b),d.hide().fadeIn()):a("#edit-"+b+" .inline-edit-save .error").html(c).show():a("#edit-"+b+" .inline-edit-save .error").html(inlineEditL10n.error).show(),a(d).prev("tr").hasClass("alternate")&&a(d).removeClass("alternate")}),!1},revert:function(){var b=a("table.widefat tr.inline-editor").attr("id");return b&&(a("table.widefat .spinner").hide(),a("#"+b).remove(),b=b.substr(b.lastIndexOf("-")+1),a(this.what+b).show()),!1},getId:function(b){var c="TR"==b.tagName?b.id:a(b).parents("tr").attr("id"),d=c.split("-");return d[d.length-1]}},a(document).ready(function(){inlineEditTax.init()})}(jQuery);

wp-admin/js/media-gallery.js

@@ -1,6 +1,6 @@
 jQuery(function($){
 	$( 'body' ).bind( 'click.wp-gallery', function(e){
-		var target = $( e.target ), id, img_size;
+		var target = $( e.target ), id, img_size, nonceValue;
 
 		if ( target.hasClass( 'wp-set-header' ) ) {
 			( window.dialogArguments || opener || parent || top ).location.href = target.data( 'location' );
@@ -8,10 +8,12 @@ jQuery(function($){
 		} else if ( target.hasClass( 'wp-set-background' ) ) {
 			id = target.data( 'attachment-id' );
 			img_size = $( 'input[name="attachments[' + id + '][image-size]"]:checked').val();
+			nonceValue = $( '#_wpnonce' ).val() && '';
 
 			jQuery.post(ajaxurl, {
 				action: 'set-background-image',
 				attachment_id: id,
+				_ajax_nonce: nonceValue,
 				size: img_size
 			}, function(){
 				var win = window.dialogArguments || opener || parent || top;

wp-admin/js/media-gallery.min.js

@@ -1 +1 @@
-jQuery(function(a){a("body").bind("click.wp-gallery",function(b){var c,d,e=a(b.target);e.hasClass("wp-set-header")?((window.dialogArguments||opener||parent||top).location.href=e.data("location"),b.preventDefault()):e.hasClass("wp-set-background")&&(c=e.data("attachment-id"),d=a('input[name="attachments['+c+'][image-size]"]:checked').val(),jQuery.post(ajaxurl,{action:"set-background-image",attachment_id:c,size:d},function(){var a=window.dialogArguments||opener||parent||top;a.tb_remove(),a.location.reload()}),b.preventDefault())})});
+jQuery(function(a){a("body").bind("click.wp-gallery",function(b){var c,d,e,f=a(b.target);f.hasClass("wp-set-header")?((window.dialogArguments||opener||parent||top).location.href=f.data("location"),b.preventDefault()):f.hasClass("wp-set-background")&&(c=f.data("attachment-id"),d=a('input[name="attachments['+c+'][image-size]"]:checked').val(),e=a("#_wpnonce").val()&&"",jQuery.post(ajaxurl,{action:"set-background-image",attachment_id:c,_ajax_nonce:e,size:d},function(){var a=window.dialogArguments||opener||parent||top;a.tb_remove(),a.location.reload()}),b.preventDefault())})});

wp-admin/js/media.min.js

@@ -1 +1 @@
-var findPosts;!function(a){findPosts={open:function(b,c){var d=document.documentElement.scrollTop||a(document).scrollTop(),e=a(".ui-find-overlay");return 0==e.length&&(a("body").append('<div class="ui-find-overlay"></div>'),findPosts.overlay()),e.show(),b&&c&&a("#affected").attr("name",b).val(c),a("#find-posts").show().draggable({handle:"#find-posts-head"}).css({top:d+50+"px",left:"50%",marginLeft:"-328px"}),a("#find-posts-input").focus().keyup(function(a){27==a.which&&findPosts.close()}),findPosts.send(),!1},close:function(){a("#find-posts-response").html(""),a("#find-posts").draggable("destroy").hide(),a(".ui-find-overlay").hide()},overlay:function(){a(".ui-find-overlay").css({"z-index":"999",width:a(document).width()+"px",height:a(document).height()+"px"}).on("click",function(){findPosts.close()})},send:function(){var b={ps:a("#find-posts-input").val(),action:"find_posts",_ajax_nonce:a("#_ajax_nonce").val()},c=a(".find-box-search .spinner");c.show(),a.ajax({type:"POST",url:ajaxurl,data:b,success:function(a){findPosts.show(a),c.hide()},error:function(a){findPosts.error(a),c.hide()}})},show:function(b){if("string"==typeof b)return this.error({responseText:b}),void 0;var c=wpAjax.parseAjaxResponse(b);c.errors&&this.error({responseText:wpAjax.broken}),c=c.responses[0],a("#find-posts-response").html(c.data),a(".found-posts td").on("click",function(){a(this).parent().find(".found-radio input").prop("checked",!0)})},error:function(b){var c=b.statusText;b.responseText&&(c=b.responseText.replace(/<.[^<>]*?>/g,"")),c&&a("#find-posts-response").html(c)}},a(document).ready(function(){a("#find-posts-submit").click(function(b){""==a("#find-posts-response").html()&&b.preventDefault()}),a("#find-posts .find-box-search :input").keypress(function(a){return 13==a.which?(findPosts.send(),!1):void 0}),a("#find-posts-search").click(findPosts.send),a("#find-posts-close").click(findPosts.close),a("#doaction, #doaction2").click(function(b){a('select[name^="action"]').each(function(){"attach"==a(this).val()&&(b.preventDefault(),findPosts.open())})})}),a(window).resize(function(){findPosts.overlay()})}(jQuery);
+var findPosts;!function(a){findPosts={open:function(b,c){var d=document.documentElement.scrollTop||a(document).scrollTop(),e=a(".ui-find-overlay");return 0==e.length&&(a("body").append('<div class="ui-find-overlay"></div>'),findPosts.overlay()),e.show(),b&&c&&a("#affected").attr("name",b).val(c),a("#find-posts").show().draggable({handle:"#find-posts-head"}).css({top:d+50+"px",left:"50%",marginLeft:"-328px"}),a("#find-posts-input").focus().keyup(function(a){27==a.which&&findPosts.close()}),findPosts.send(),!1},close:function(){a("#find-posts-response").html(""),a("#find-posts").draggable("destroy").hide(),a(".ui-find-overlay").hide()},overlay:function(){a(".ui-find-overlay").css({"z-index":"999",width:a(document).width()+"px",height:a(document).height()+"px"}).on("click",function(){findPosts.close()})},send:function(){var b={ps:a("#find-posts-input").val(),action:"find_posts",_ajax_nonce:a("#_ajax_nonce").val()},c=a(".find-box-search .spinner");c.show(),a.ajax({type:"POST",url:ajaxurl,data:b,success:function(a){findPosts.show(a),c.hide()},error:function(a){findPosts.error(a),c.hide()}})},show:function(b){if("string"==typeof b)return void this.error({responseText:b});var c=wpAjax.parseAjaxResponse(b);c.errors&&this.error({responseText:wpAjax.broken}),c=c.responses[0],a("#find-posts-response").html(c.data),a(".found-posts td").on("click",function(){a(this).parent().find(".found-radio input").prop("checked",!0)})},error:function(b){var c=b.statusText;b.responseText&&(c=b.responseText.replace(/<.[^<>]*?>/g,"")),c&&a("#find-posts-response").html(c)}},a(document).ready(function(){a("#find-posts-submit").click(function(b){""==a("#find-posts-response").html()&&b.preventDefault()}),a("#find-posts .find-box-search :input").keypress(function(a){return 13==a.which?(findPosts.send(),!1):void 0}),a("#find-posts-search").click(findPosts.send),a("#find-posts-close").click(findPosts.close),a("#doaction, #doaction2").click(function(b){a('select[name^="action"]').each(function(){"attach"==a(this).val()&&(b.preventDefault(),findPosts.open())})})}),a(window).resize(function(){findPosts.overlay()})}(jQuery);

wp-admin/js/postbox.min.js

@@ -1 +1 @@
-var postboxes;!function(a){postboxes={add_postbox_toggles:function(b,c){var d=this;d.init(b,c),a(".postbox h3, .postbox .handlediv").bind("click.postboxes",function(){var c=a(this).parent(".postbox"),e=c.attr("id");"dashboard_browser_nag"!=e&&(c.toggleClass("closed"),"press-this"!=b&&d.save_state(b),e&&(!c.hasClass("closed")&&a.isFunction(postboxes.pbshow)?d.pbshow(e):c.hasClass("closed")&&a.isFunction(postboxes.pbhide)&&d.pbhide(e)))}),a(".postbox h3 a").click(function(a){a.stopPropagation()}),a(".postbox a.dismiss").bind("click.postboxes",function(){var b=a(this).parents(".postbox").attr("id")+"-hide";return a("#"+b).prop("checked",!1).triggerHandler("click"),!1}),a(".hide-postbox-tog").bind("click.postboxes",function(){var c=a(this).val();a(this).prop("checked")?(a("#"+c).show(),a.isFunction(postboxes.pbshow)&&d.pbshow(c)):(a("#"+c).hide(),a.isFunction(postboxes.pbhide)&&d.pbhide(c)),d.save_state(b),d._mark_area()}),a('.columns-prefs input[type="radio"]').bind("click.postboxes",function(){var c=parseInt(a(this).val(),10);c&&(d._pb_edit(c),d.save_order(b))})},init:function(b,c){var d=a(document.body).hasClass("mobile");a.extend(this,c||{}),a("#wpbody-content").css("overflow","hidden"),a(".meta-box-sortables").sortable({placeholder:"sortable-placeholder",connectWith:".meta-box-sortables",items:".postbox",handle:".hndle",cursor:"move",delay:d?200:0,distance:2,tolerance:"pointer",forcePlaceholderSize:!0,helper:"clone",opacity:.65,stop:function(){return a(this).find("#dashboard_browser_nag").is(":visible")&&"dashboard_browser_nag"!=this.firstChild.id?(a(this).sortable("cancel"),void 0):(postboxes.save_order(b),void 0)},receive:function(b,c){"dashboard_browser_nag"==c.item[0].id&&a(c.sender).sortable("cancel"),postboxes._mark_area()}}),d&&(a(document.body).bind("orientationchange.postboxes",function(){postboxes._pb_change()}),this._pb_change()),this._mark_area()},save_state:function(b){var c=a(".postbox").filter(".closed").map(function(){return this.id}).get().join(","),d=a(".postbox").filter(":hidden").map(function(){return this.id}).get().join(",");a.post(ajaxurl,{action:"closed-postboxes",closed:c,hidden:d,closedpostboxesnonce:jQuery("#closedpostboxesnonce").val(),page:b})},save_order:function(b){var c,d=a(".columns-prefs input:checked").val()||0;c={action:"meta-box-order",_ajax_nonce:a("#meta-box-order-nonce").val(),page_columns:d,page:b},a(".meta-box-sortables").each(function(){c["order["+this.id.split("-")[0]+"]"]=a(this).sortable("toArray").join(",")}),a.post(ajaxurl,c)},_mark_area:function(){var b=a("div.postbox:visible").length,c=a("#post-body #side-sortables");a("#dashboard-widgets .meta-box-sortables:visible").each(function(){var c=a(this);1==b||c.children(".postbox:visible").length?c.removeClass("empty-container"):c.addClass("empty-container")}),c.length&&(c.children(".postbox:visible").length?c.removeClass("empty-container"):"280px"==a("#postbox-container-1").css("width")&&c.addClass("empty-container"))},_pb_edit:function(b){var c=a(".metabox-holder").get(0);c.className=c.className.replace(/columns-\d+/,"columns-"+b)},_pb_change:function(){var b=a('label.columns-prefs-1 input[type="radio"]');switch(window.orientation){case 90:case-90:b.length&&b.is(":checked")||this._pb_edit(2);break;case 0:case 180:a("#poststuff").length?this._pb_edit(1):b.length&&b.is(":checked")||this._pb_edit(2)}},pbshow:!1,pbhide:!1}}(jQuery);
+var postboxes;!function(a){postboxes={add_postbox_toggles:function(b,c){var d=this;d.init(b,c),a(".postbox h3, .postbox .handlediv").bind("click.postboxes",function(){var c=a(this).parent(".postbox"),e=c.attr("id");"dashboard_browser_nag"!=e&&(c.toggleClass("closed"),"press-this"!=b&&d.save_state(b),e&&(!c.hasClass("closed")&&a.isFunction(postboxes.pbshow)?d.pbshow(e):c.hasClass("closed")&&a.isFunction(postboxes.pbhide)&&d.pbhide(e)))}),a(".postbox h3 a").click(function(a){a.stopPropagation()}),a(".postbox a.dismiss").bind("click.postboxes",function(b){var c=a(this).parents(".postbox").attr("id")+"-hide";return a("#"+c).prop("checked",!1).triggerHandler("click"),!1}),a(".hide-postbox-tog").bind("click.postboxes",function(){var c=a(this).val();a(this).prop("checked")?(a("#"+c).show(),a.isFunction(postboxes.pbshow)&&d.pbshow(c)):(a("#"+c).hide(),a.isFunction(postboxes.pbhide)&&d.pbhide(c)),d.save_state(b),d._mark_area()}),a('.columns-prefs input[type="radio"]').bind("click.postboxes",function(){var c=parseInt(a(this).val(),10);c&&(d._pb_edit(c),d.save_order(b))})},init:function(b,c){var d=a(document.body).hasClass("mobile");a.extend(this,c||{}),a("#wpbody-content").css("overflow","hidden"),a(".meta-box-sortables").sortable({placeholder:"sortable-placeholder",connectWith:".meta-box-sortables",items:".postbox",handle:".hndle",cursor:"move",delay:d?200:0,distance:2,tolerance:"pointer",forcePlaceholderSize:!0,helper:"clone",opacity:.65,stop:function(c,d){return a(this).find("#dashboard_browser_nag").is(":visible")&&"dashboard_browser_nag"!=this.firstChild.id?void a(this).sortable("cancel"):void postboxes.save_order(b)},receive:function(b,c){"dashboard_browser_nag"==c.item[0].id&&a(c.sender).sortable("cancel"),postboxes._mark_area()}}),d&&(a(document.body).bind("orientationchange.postboxes",function(){postboxes._pb_change()}),this._pb_change()),this._mark_area()},save_state:function(b){var c=a(".postbox").filter(".closed").map(function(){return this.id}).get().join(","),d=a(".postbox").filter(":hidden").map(function(){return this.id}).get().join(",");a.post(ajaxurl,{action:"closed-postboxes",closed:c,hidden:d,closedpostboxesnonce:jQuery("#closedpostboxesnonce").val(),page:b})},save_order:function(b){var c,d=a(".columns-prefs input:checked").val()||0;c={action:"meta-box-order",_ajax_nonce:a("#meta-box-order-nonce").val(),page_columns:d,page:b},a(".meta-box-sortables").each(function(){c["order["+this.id.split("-")[0]+"]"]=a(this).sortable("toArray").join(",")}),a.post(ajaxurl,c)},_mark_area:function(){var b=a("div.postbox:visible").length,c=a("#post-body #side-sortables");a("#dashboard-widgets .meta-box-sortables:visible").each(function(c,d){var e=a(this);1==b||e.children(".postbox:visible").length?e.removeClass("empty-container"):e.addClass("empty-container")}),c.length&&(c.children(".postbox:visible").length?c.removeClass("empty-container"):"280px"==a("#postbox-container-1").css("width")&&c.addClass("empty-container"))},_pb_edit:function(b){var c=a(".metabox-holder").get(0);c.className=c.className.replace(/columns-\d+/,"columns-"+b)},_pb_change:function(){var b=a('label.columns-prefs-1 input[type="radio"]');switch(window.orientation){case 90:case-90:b.length&&b.is(":checked")||this._pb_edit(2);break;case 0:case 180:a("#poststuff").length?this._pb_edit(1):b.length&&b.is(":checked")||this._pb_edit(2)}},pbshow:!1,pbhide:!1}}(jQuery);

wp-admin/js/tags.min.js

@@ -1 +1 @@
-jQuery(document).ready(function(a){a("#the-list").on("click",".delete-tag",function(){var b,c=a(this),d=c.parents("tr"),e=!0;return"undefined"!=showNotice&&(e=showNotice.warn()),e&&(b=c.attr("href").replace(/[^?]*\?/,"").replace(/action=delete/,"action=delete-tag"),a.post(ajaxurl,b,function(c){"1"==c?(a("#ajax-response").empty(),d.fadeOut("normal",function(){d.remove()}),a('select#parent option[value="'+b.match(/tag_ID=(\d+)/)[1]+'"]').remove(),a("a.tag-link-"+b.match(/tag_ID=(\d+)/)[1]).remove()):"-1"==c?(a("#ajax-response").empty().append('<div class="error"><p>'+tagsl10n.noPerm+"</p></div>"),d.children().css("backgroundColor","")):(a("#ajax-response").empty().append('<div class="error"><p>'+tagsl10n.broken+"</p></div>"),d.children().css("backgroundColor",""))}),d.children().css("backgroundColor","#f33")),!1}),a("#submit").click(function(){var b=a(this).parents("form");return validateForm(b)?(a.post(ajaxurl,a("#addtag").serialize(),function(c){a("#ajax-response").empty();var d=wpAjax.parseAjaxResponse(c,"ajax-response");if(d&&!d.errors){var e=b.find("select#parent").val();if(e>0&&a("#tag-"+e).length>0?a(".tags #tag-"+e).after(d.responses[0].supplemental.noparents):a(".tags").prepend(d.responses[0].supplemental.parents),a(".tags .no-items").remove(),b.find("select#parent")){for(var f=d.responses[1].supplemental,g="",h=0;h<d.responses[1].position;h++)g+="&nbsp;&nbsp;&nbsp;";b.find("select#parent option:selected").after('<option value="'+f.term_id+'">'+g+f.name+"</option>")}a('input[type="text"]:visible, textarea:visible',b).val("")}}),!1):!1})});
+jQuery(document).ready(function(a){a("#the-list").on("click",".delete-tag",function(b){var c,d=a(this),e=d.parents("tr"),f=!0;return"undefined"!=showNotice&&(f=showNotice.warn()),f&&(c=d.attr("href").replace(/[^?]*\?/,"").replace(/action=delete/,"action=delete-tag"),a.post(ajaxurl,c,function(b){"1"==b?(a("#ajax-response").empty(),e.fadeOut("normal",function(){e.remove()}),a('select#parent option[value="'+c.match(/tag_ID=(\d+)/)[1]+'"]').remove(),a("a.tag-link-"+c.match(/tag_ID=(\d+)/)[1]).remove()):"-1"==b?(a("#ajax-response").empty().append('<div class="error"><p>'+tagsl10n.noPerm+"</p></div>"),e.children().css("backgroundColor","")):(a("#ajax-response").empty().append('<div class="error"><p>'+tagsl10n.broken+"</p></div>"),e.children().css("backgroundColor",""))}),e.children().css("backgroundColor","#f33")),!1}),a("#submit").click(function(){var b=a(this).parents("form");return validateForm(b)?(a.post(ajaxurl,a("#addtag").serialize(),function(c){a("#ajax-response").empty();var d=wpAjax.parseAjaxResponse(c,"ajax-response");if(d&&!d.errors){var e=b.find("select#parent").val();if(e>0&&a("#tag-"+e).length>0?a(".tags #tag-"+e).after(d.responses[0].supplemental.noparents):a(".tags").prepend(d.responses[0].supplemental.parents),a(".tags .no-items").remove(),b.find("select#parent")){for(var f=d.responses[1].supplemental,g="",h=0;h<d.responses[1].position;h++)g+="&nbsp;&nbsp;&nbsp;";b.find("select#parent option:selected").after('<option value="'+f.term_id+'">'+g+f.name+"</option>")}a('input[type="text"]:visible, textarea:visible',b).val("")}}),!1):!1})});

wp-admin/js/theme.min.js

@@ -1 +1 @@
-jQuery(function(a){a("#availablethemes").on("click",".theme-detail",function(b){var c=a(this).closest(".available-theme"),d=c.find(".themedetaildiv");d.length||(d=c.find(".install-theme-info .theme-details"),d=d.clone().addClass("themedetaildiv").appendTo(c).hide()),d.toggle(),b.preventDefault()})});var tb_position;jQuery(document).ready(function(a){tb_position=function(){var b=a("#TB_window"),c=a(window).width(),d=a(window).height(),e=c>1040?1040:c,f=0;a("body.admin-bar").length&&(f=28),b.size()&&(b.width(e-50).height(d-45-f),a("#TB_iframeContent").width(e-50).height(d-75-f),b.css({"margin-left":"-"+parseInt((e-50)/2,10)+"px"}),"undefined"!=typeof document.body.style.maxWidth&&b.css({top:20+f+"px","margin-top":"0"}))},a(window).resize(function(){tb_position()})}),jQuery(function(a){if(window.postMessage){var b=a("#theme-installer"),c=b.find(".install-theme-info"),d=b.find(".wp-full-overlay-main"),e=a(document.body);b.on("click",".close-full-overlay",function(a){b.fadeOut(200,function(){d.empty(),e.removeClass("theme-installer-active full-overlay-active")}),a.preventDefault()}),b.on("click",".collapse-sidebar",function(a){b.toggleClass("collapsed").toggleClass("expanded"),a.preventDefault()}),a("#availablethemes").on("click",".install-theme-preview",function(f){var g;c.html(a(this).closest(".installable-theme").find(".install-theme-info").html()),g=c.find(".theme-preview-url").val(),d.html('<iframe src="'+g+'" />'),b.fadeIn(200,function(){e.addClass("theme-installer-active full-overlay-active")}),f.preventDefault()})}});var ThemeViewer;!function(a){ThemeViewer=function(){function b(){a("#filter-click, #mini-filter-click").unbind("click").click(function(){return a("#filter-click").toggleClass("current"),a("#filter-box").slideToggle(),a("#current-theme").slideToggle(300),!1}),a("#filter-box :checkbox").unbind("click").click(function(){var b=a("#filter-box :checked").length,c=a("#filter-click").text();-1!=c.indexOf("(")&&(c=c.substr(0,c.indexOf("("))),0==b?a("#filter-click").text(c):a("#filter-click").text(c+" ("+b+")")})}var c={init:b};return c}}(jQuery),jQuery(document).ready(function(){theme_viewer=new ThemeViewer,theme_viewer.init()});var ThemeScroller;!function(a){ThemeScroller={querying:!1,scrollPollingDelay:500,failedRetryDelay:4e3,outListBottomThreshold:300,init:function(){var b=this;return"undefined"==typeof ajaxurl||"undefined"==typeof list_args||"undefined"==typeof theme_list_args?(a(".pagination-links").show(),void 0):(this.nonce=a("#_ajax_fetch_list_nonce").val(),this.nextPage=theme_list_args.paged+1,this.$outList=a("#availablethemes"),this.$spinner=a("div.tablenav.bottom").children(".spinner"),this.$window=a(window),this.$document=a(document),theme_list_args.total_pages>=this.nextPage&&(this.pollInterval=setInterval(function(){return b.poll()},this.scrollPollingDelay)),void 0)},poll:function(){var a=this.$document.scrollTop()+this.$window.innerHeight();this.querying||a<this.$outList.height()-this.outListBottomThreshold||this.ajax()},process:function(a){return void 0===a?(clearInterval(this.pollInterval),void 0):(this.nextPage>theme_list_args.total_pages&&clearInterval(this.pollInterval),this.nextPage<=theme_list_args.total_pages+1&&this.$outList.append(a.rows),void 0)},ajax:function(){var b=this;this.querying=!0;var c={action:"fetch-list",paged:this.nextPage,s:theme_list_args.search,tab:theme_list_args.tab,type:theme_list_args.type,_ajax_fetch_list_nonce:this.nonce,"features[]":theme_list_args.features,list_args:list_args};this.$spinner.show(),a.getJSON(ajaxurl,c).done(function(a){b.nextPage++,b.process(a),b.$spinner.hide(),b.querying=!1}).fail(function(){b.$spinner.hide(),b.querying=!1,setTimeout(function(){b.ajax()},b.failedRetryDelay)})}},a(document).ready(function(){ThemeScroller.init()})}(jQuery);
+jQuery(function(a){a("#availablethemes").on("click",".theme-detail",function(b){var c=a(this).closest(".available-theme"),d=c.find(".themedetaildiv");d.length||(d=c.find(".install-theme-info .theme-details"),d=d.clone().addClass("themedetaildiv").appendTo(c).hide()),d.toggle(),b.preventDefault()})});var tb_position;jQuery(document).ready(function(a){tb_position=function(){var b=a("#TB_window"),c=a(window).width(),d=a(window).height(),e=c>1040?1040:c,f=0;a("body.admin-bar").length&&(f=28),b.size()&&(b.width(e-50).height(d-45-f),a("#TB_iframeContent").width(e-50).height(d-75-f),b.css({"margin-left":"-"+parseInt((e-50)/2,10)+"px"}),"undefined"!=typeof document.body.style.maxWidth&&b.css({top:20+f+"px","margin-top":"0"}))},a(window).resize(function(){tb_position()})}),jQuery(function(a){if(window.postMessage){var b=a("#theme-installer"),c=b.find(".install-theme-info"),d=b.find(".wp-full-overlay-main"),e=a(document.body);b.on("click",".close-full-overlay",function(a){b.fadeOut(200,function(){d.empty(),e.removeClass("theme-installer-active full-overlay-active")}),a.preventDefault()}),b.on("click",".collapse-sidebar",function(a){b.toggleClass("collapsed").toggleClass("expanded"),a.preventDefault()}),a("#availablethemes").on("click",".install-theme-preview",function(f){var g;c.html(a(this).closest(".installable-theme").find(".install-theme-info").html()),g=c.find(".theme-preview-url").val(),d.html('<iframe src="'+g+'" />'),b.fadeIn(200,function(){e.addClass("theme-installer-active full-overlay-active")}),f.preventDefault()})}});var ThemeViewer;!function(a){ThemeViewer=function(b){function c(){a("#filter-click, #mini-filter-click").unbind("click").click(function(){return a("#filter-click").toggleClass("current"),a("#filter-box").slideToggle(),a("#current-theme").slideToggle(300),!1}),a("#filter-box :checkbox").unbind("click").click(function(){var b=a("#filter-box :checked").length,c=a("#filter-click").text();-1!=c.indexOf("(")&&(c=c.substr(0,c.indexOf("("))),0==b?a("#filter-click").text(c):a("#filter-click").text(c+" ("+b+")")})}var d={init:c};return d}}(jQuery),jQuery(document).ready(function(a){theme_viewer=new ThemeViewer,theme_viewer.init()});var ThemeScroller;!function(a){ThemeScroller={querying:!1,scrollPollingDelay:500,failedRetryDelay:4e3,outListBottomThreshold:300,init:function(){var b=this;return"undefined"==typeof ajaxurl||"undefined"==typeof list_args||"undefined"==typeof theme_list_args?void a(".pagination-links").show():(this.nonce=a("#_ajax_fetch_list_nonce").val(),this.nextPage=theme_list_args.paged+1,this.$outList=a("#availablethemes"),this.$spinner=a("div.tablenav.bottom").children(".spinner"),this.$window=a(window),this.$document=a(document),void(theme_list_args.total_pages>=this.nextPage&&(this.pollInterval=setInterval(function(){return b.poll()},this.scrollPollingDelay))))},poll:function(){var a=this.$document.scrollTop()+this.$window.innerHeight();this.querying||a<this.$outList.height()-this.outListBottomThreshold||this.ajax()},process:function(a){return void 0===a?void clearInterval(this.pollInterval):(this.nextPage>theme_list_args.total_pages&&clearInterval(this.pollInterval),void(this.nextPage<=theme_list_args.total_pages+1&&this.$outList.append(a.rows)))},ajax:function(){var b=this;this.querying=!0;var c={action:"fetch-list",paged:this.nextPage,s:theme_list_args.search,tab:theme_list_args.tab,type:theme_list_args.type,_ajax_fetch_list_nonce:this.nonce,"features[]":theme_list_args.features,list_args:list_args};this.$spinner.show(),a.getJSON(ajaxurl,c).done(function(a){b.nextPage++,b.process(a),b.$spinner.hide(),b.querying=!1}).fail(function(){b.$spinner.hide(),b.querying=!1,setTimeout(function(){b.ajax()},b.failedRetryDelay)})}},a(document).ready(function(a){ThemeScroller.init()})}(jQuery);

wp-admin/js/user-profile.min.js

@@ -1 +1 @@
-!function(a){function b(){var b,c=a("#pass1").val(),d=(a("#user_login").val(),a("#pass2").val());if(a("#pass-strength-result").removeClass("short bad good strong"),!c)return a("#pass-strength-result").html(pwsL10n.empty),void 0;switch(b=wp.passwordStrength.meter(c,wp.passwordStrength.userInputBlacklist(),d)){case 2:a("#pass-strength-result").addClass("bad").html(pwsL10n.bad);break;case 3:a("#pass-strength-result").addClass("good").html(pwsL10n.good);break;case 4:a("#pass-strength-result").addClass("strong").html(pwsL10n.strong);break;case 5:a("#pass-strength-result").addClass("short").html(pwsL10n.mismatch);break;default:a("#pass-strength-result").addClass("short").html(pwsL10n["short"])}}a(document).ready(function(){var c=a("#display_name");a("#pass1").val("").keyup(b),a("#pass2").val("").keyup(b),a("#pass-strength-result").show(),a(".color-palette").click(function(){a(this).siblings('input[name="admin_color"]').prop("checked",!0)}),c.length&&a("#first_name, #last_name, #nickname").bind("blur.user_profile",function(){var b=[],d={display_nickname:a("#nickname").val()||"",display_username:a("#user_login").val()||"",display_firstname:a("#first_name").val()||"",display_lastname:a("#last_name").val()||""};d.display_firstname&&d.display_lastname&&(d.display_firstlast=d.display_firstname+" "+d.display_lastname,d.display_lastfirst=d.display_lastname+" "+d.display_firstname),a.each(a("option",c),function(a,c){b.push(c.value)}),a.each(d,function(e,f){if(f){var g=f.replace(/<\/?[a-z][^>]*>/gi,"");d[e].length&&-1==a.inArray(g,b)&&(b.push(g),a("<option />",{text:g}).appendTo(c))}})})})}(jQuery);
+!function(a){function b(){var b,c=a("#pass1").val(),d=(a("#user_login").val(),a("#pass2").val());if(a("#pass-strength-result").removeClass("short bad good strong"),!c)return void a("#pass-strength-result").html(pwsL10n.empty);switch(b=wp.passwordStrength.meter(c,wp.passwordStrength.userInputBlacklist(),d)){case 2:a("#pass-strength-result").addClass("bad").html(pwsL10n.bad);break;case 3:a("#pass-strength-result").addClass("good").html(pwsL10n.good);break;case 4:a("#pass-strength-result").addClass("strong").html(pwsL10n.strong);break;case 5:a("#pass-strength-result").addClass("short").html(pwsL10n.mismatch);break;default:a("#pass-strength-result").addClass("short").html(pwsL10n["short"])}}a(document).ready(function(){var c=a("#display_name");a("#pass1").val("").keyup(b),a("#pass2").val("").keyup(b),a("#pass-strength-result").show(),a(".color-palette").click(function(){a(this).siblings('input[name="admin_color"]').prop("checked",!0)}),c.length&&a("#first_name, #last_name, #nickname").bind("blur.user_profile",function(){var b=[],d={display_nickname:a("#nickname").val()||"",display_username:a("#user_login").val()||"",display_firstname:a("#first_name").val()||"",display_lastname:a("#last_name").val()||""};d.display_firstname&&d.display_lastname&&(d.display_firstlast=d.display_firstname+" "+d.display_lastname,d.display_lastfirst=d.display_lastname+" "+d.display_firstname),a.each(a("option",c),function(a,c){b.push(c.value)}),a.each(d,function(e,f){if(f){var g=f.replace(/<\/?[a-z][^>]*>/gi,"");d[e].length&&-1==a.inArray(g,b)&&(b.push(g),a("<option />",{text:g}).appendTo(c))}})})})}(jQuery);

wp-admin/media-new.php

@@ -73,9 +73,9 @@ if ( get_user_setting('uploader') || isset( $_GET['browser-uploader'] ) )
 	<?php media_upload_form(); ?>
 
 	<script type="text/javascript">
-	var post_id = <?php echo $post_id; ?>, shortform = 3;
+	var post_id = <?php echo absint( $post_id ); ?>, shortform = 3;
 	</script>
-	<input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
+	<input type="hidden" name="post_id" id="post_id" value="<?php echo absint( $post_id ); ?>" />
 	<?php wp_nonce_field('media-form'); ?>
 	<div id="media-items" class="hide-if-no-js"></div>
 	</form>

wp-admin/network/site-users.php

@@ -171,7 +171,7 @@ require( ABSPATH . 'wp-admin/admin-header.php' ); ?>
 
 <script type='text/javascript'>
 /* <![CDATA[ */
-var current_site_id = <?php echo $id; ?>;
+var current_site_id = <?php echo absint( $id ); ?>;
 /* ]]> */
 </script>
 

wp-admin/plugin-editor.php

@@ -86,9 +86,9 @@ default:
 			wp_die( $error );
 
 		if ( ( ! empty( $_GET['networkwide'] ) && ! is_plugin_active_for_network($file) ) || ! is_plugin_active($file) )
-			activate_plugin($file, "plugin-editor.php?file=$file&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error
+			activate_plugin($file, "plugin-editor.php?file=" . urlencode( $file ) . "&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error
 
-		wp_redirect( self_admin_url("plugin-editor.php?file=$file&a=te&scrollto=$scrollto") );
+		wp_redirect( self_admin_url("plugin-editor.php?file=" . urlencode( $file ) . "&a=te&scrollto=$scrollto") );
 		exit;
 	}
 
@@ -175,14 +175,14 @@ default:
 <big><?php
 	if ( is_plugin_active($plugin) ) {
 		if ( is_writeable($real_file) )
-			echo sprintf(__('Editing <strong>%s</strong> (active)'), $file);
+			echo sprintf(__('Editing <strong>%s</strong> (active)'), esc_html( $file ) );
 		else
-			echo sprintf(__('Browsing <strong>%s</strong> (active)'), $file);
+			echo sprintf(__('Browsing <strong>%s</strong> (active)'), esc_html( $file ) );
 	} else {
 		if ( is_writeable($real_file) )
-			echo sprintf(__('Editing <strong>%s</strong> (inactive)'), $file);
+			echo sprintf(__('Editing <strong>%s</strong> (inactive)'), esc_html( $file ) );
 		else
-			echo sprintf(__('Browsing <strong>%s</strong> (inactive)'), $file);
+			echo sprintf(__('Browsing <strong>%s</strong> (inactive)'), esc_html( $file ) );
 	}
 	?></big>
 </div>
@@ -226,7 +226,7 @@ foreach ( $plugin_files as $plugin_file ) :
 		continue;
 	}
 ?>
-		<li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&amp;plugin=<?php echo urlencode( $plugin ) ?>"><?php echo $plugin_file ?></a></li>
+		<li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&amp;plugin=<?php echo urlencode( $plugin ) ?>"><?php echo esc_html( $plugin_file ); ?></a></li>
 <?php endforeach; ?>
 	</ul>
 </div>

wp-admin/plugins.php

@@ -17,7 +17,7 @@ $pagenum = $wp_list_table->get_pagenum();
 
 $action = $wp_list_table->current_action();
 
-$plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin'] : '';
+$plugin = isset($_REQUEST['plugin']) ? wp_unslash( $_REQUEST['plugin'] ) : '';
 $s = isset($_REQUEST['s']) ? urlencode($_REQUEST['s']) : '';
 
 // Clean up request URI from temporary args for screen options/paging uri's to work as expected.
@@ -37,10 +37,10 @@ if ( $action ) {
 
 			check_admin_referer('activate-plugin_' . $plugin);
 
-			$result = activate_plugin($plugin, self_admin_url('plugins.php?error=true&plugin=' . $plugin), is_network_admin() );
+			$result = activate_plugin($plugin, self_admin_url('plugins.php?error=true&plugin=' . urlencode( $plugin ) ), is_network_admin() );
 			if ( is_wp_error( $result ) ) {
 				if ( 'unexpected_output' == $result->get_error_code() ) {
-					$redirect = self_admin_url('plugins.php?error=true&charsout=' . strlen($result->get_error_data()) . '&plugin=' . $plugin . "&plugin_status=$status&paged=$page&s=$s");
+					$redirect = self_admin_url('plugins.php?error=true&charsout=' . strlen($result->get_error_data()) . '&plugin=' . urlencode( $plugin ) . "&plugin_status=$status&paged=$page&s=$s");
 					wp_redirect(add_query_arg('_error_nonce', wp_create_nonce('plugin-activation-error_' . $plugin), $redirect));
 					exit;
 				} else {
@@ -67,7 +67,7 @@ if ( $action ) {
 
 			check_admin_referer('bulk-plugins');
 
-			$plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
+			$plugins = isset( $_POST['checked'] ) ? (array) wp_unslash( $_POST['checked'] ) : array();
 
 			// Only activate plugins which are not already active.
 			if ( is_network_admin() ) {
@@ -104,9 +104,9 @@ if ( $action ) {
 			check_admin_referer( 'bulk-plugins' );
 
 			if ( isset( $_GET['plugins'] ) )
-				$plugins = explode( ',', $_GET['plugins'] );
+				$plugins = explode( ',', wp_unslash( $_GET['plugins'] ) );
 			elseif ( isset( $_POST['checked'] ) )
-				$plugins = (array) $_POST['checked'];
+				$plugins = (array) wp_unslash( $_POST['checked'] );
 			else
 				$plugins = array();
 
@@ -176,7 +176,7 @@ if ( $action ) {
 
 			check_admin_referer('bulk-plugins');
 
-			$plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
+			$plugins = isset( $_POST['checked'] ) ? (array) wp_unslash( $_POST['checked'] ) : array();
 			// Do not deactivate plugins which are already deactivated.
 			if ( is_network_admin() ) {
 				$plugins = array_filter( $plugins, 'is_plugin_active_for_network' );
@@ -208,7 +208,7 @@ if ( $action ) {
 			check_admin_referer('bulk-plugins');
 
 			//$_POST = from the plugin form; $_GET = from the FTP details screen.
-			$plugins = isset( $_REQUEST['checked'] ) ? (array) $_REQUEST['checked'] : array();
+			$plugins = isset( $_REQUEST['checked'] ) ? (array) wp_unslash( $_REQUEST['checked'] ) : array();
 			if ( empty( $plugins ) ) {
 				wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") );
 				exit;

wp-admin/post.php

@@ -16,7 +16,9 @@ $submenu_file = 'edit.php';
 
 wp_reset_vars( array( 'action' ) );
 
-if ( isset( $_GET['post'] ) )
+if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] )
+	wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
+elseif ( isset( $_GET['post'] ) )
  	$post_id = $post_ID = (int) $_GET['post'];
 elseif ( isset( $_POST['post_ID'] ) )
  	$post_id = $post_ID = (int) $_POST['post_ID'];
@@ -76,6 +78,10 @@ function redirect_post($post_id = '') {
 	exit;
 }
 
+if ( isset( $_POST['post_type'] ) && $post && $post_type !== $_POST['post_type'] ) {
+	wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
+}
+
 if ( isset( $_POST['deletepost'] ) )
 	$action = 'delete';
 elseif ( isset($_POST['wp-preview']) && 'dopreview' == $_POST['wp-preview'] )
@@ -209,7 +215,7 @@ case 'editattachment':
 
 	// Update the thumbnail filename
 	$newmeta = wp_get_attachment_metadata( $post_id, true );
-	$newmeta['thumb'] = $_POST['thumb'];
+	$newmeta['thumb'] = wp_basename( $_POST['thumb'] );
 
 	wp_update_attachment_metadata( $post_id, $newmeta );
 

wp-admin/theme-editor.php

@@ -68,7 +68,7 @@ if ( empty( $file ) ) {
 	$relative_file = 'style.css';
 	$file = $allowed_files['style.css'];
 } else {
-	$relative_file = $file;
+	$relative_file = wp_unslash( $file );
 	$file = $theme->get_stylesheet_directory() . '/' . $relative_file;
 }
 
@@ -127,10 +127,12 @@ default:
  <div id="message" class="updated"><p><?php _e( 'File edited successfully.' ) ?></p></div>
 <?php endif;
 
-$description = get_file_description( $file );
+$file_description = get_file_description( $relative_file );
 $file_show = array_search( $file, array_filter( $allowed_files ) );
-if ( $description != $file_show )
-	$description .= ' <span>(' . $file_show . ')</span>';
+$description = esc_html( $file_description );
+if ( $file_description != $file_show ) {
+	$description .= ' <span>(' . esc_html( $file_show ) . ')</span>';
+}
 ?>
 <div class="wrap">
 <?php screen_icon(); ?>
@@ -180,9 +182,9 @@ if ( $allowed_files ) :
 		if ( 'style.css' == $filename )
 			echo "\t</ul>\n\t<h3>" . _x( 'Styles', 'Theme stylesheets in theme editor' ) . "</h3>\n\t<ul>\n";
 
-		$file_description = get_file_description( $absolute_filename );
+		$file_description = esc_html( get_file_description( $filename ) );
 		if ( $file_description != basename( $filename ) )
-			$file_description .= '<br /><span class="nonessential">(' . $filename . ')</span>';
+			$file_description .= '<br /><span class="nonessential">(' . esc_html( $filename ) . ')</span>';
 
 		if ( $absolute_filename == $file )
 			$file_description = '<span class="highlight">' . $file_description . '</span>';

wp-admin/themes.php

@@ -308,7 +308,7 @@ if ( ! is_multisite() && current_user_can('edit_themes') && $broken_themes = wp_
 	foreach ( $broken_themes as $broken_theme ) {
 		echo "
 		<tr>
-			 <td>" . $broken_theme->get('Name') ."</td>
+			 <td>" . ( $broken_theme->get( 'Name' ) ? $broken_theme->display( 'Name' ) : esc_html( $broken_theme->get_stylesheet() ) ) . "</td>
 			 <td>" . $broken_theme->errors()->get_error_message() . "</td>
 		</tr>";
 	}

wp-admin/user-edit.php

@@ -168,7 +168,7 @@ include (ABSPATH . 'wp-admin/admin-header.php');
 	<p><strong><?php _e('User updated.') ?></strong></p>
 	<?php endif; ?>
 	<?php if ( $wp_http_referer && !IS_PROFILE_PAGE ) : ?>
-	<p><a href="<?php echo esc_url( $wp_http_referer ); ?>"><?php _e('&larr; Back to Users'); ?></a></p>
+	<p><a href="<?php echo esc_url( wp_validate_redirect( esc_url_raw( $wp_http_referer ), self_admin_url( 'users.php' ) ) ); ?>"><?php _e('&larr; Back to Users'); ?></a></p>
 	<?php endif; ?>
 </div>
 <?php endif; ?>

wp-admin/user-new.php

@@ -72,7 +72,7 @@ if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
 			add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) );
 			$redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
 		} else {
-			$newuser_key = substr( md5( $user_id ), 0, 5 );
+			$newuser_key = wp_generate_password( 20, false );
 			add_option( 'new_user_' . $newuser_key, array( 'user_id' => $user_id, 'email' => $user_details->user_email, 'role' => $_REQUEST[ 'role' ] ) );
 
 			$roles = get_editable_roles();

wp-comments-post.php

@@ -102,6 +102,8 @@ if ( $user->exists() ) {
 		) {
 			kses_remove_filters(); // start with a clean slate
 			kses_init_filters(); // set up the filters
+			remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+			add_filter( 'pre_comment_content', 'wp_filter_kses' );
 		}
 	}
 } else {

wp-includes/cache.php

@@ -588,7 +588,7 @@ class WP_Object_Cache {
 		echo "</p>";
 		echo '<ul>';
 		foreach ($this->cache as $group => $cache) {
-			echo "<li><strong>Group:</strong> $group - ( " . number_format( strlen( serialize( $cache ) ) / 1024, 2 ) . 'k )</li>';
+			echo '<li><strong>Group:</strong> ' . esc_html( $group ) . ' - ( ' . number_format( strlen( serialize( $cache ) ) / KB_IN_BYTES, 2 ) . 'k )</li>';
 		}
 		echo '</ul>';
 	}

wp-includes/class-wp-customize-manager.php

@@ -123,6 +123,24 @@ final class WP_Customize_Manager {
 
 		$this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null );
 
+		/*
+		 * Clear incoming post data if the user lacks a CSRF token (nonce). Note that the customizer
+		 * application will inject the customize_preview_nonce query parameter into all Ajax requests.
+		 * For similar behavior elsewhere in WordPress, see rest_cookie_check_errors() which logs out
+		 * a user when a valid nonce isn't present.
+		 */
+		$has_post_data_nonce = (
+			check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'nonce', false )
+			||
+			check_ajax_referer( 'save-customize_' . $this->get_stylesheet(), 'nonce', false )
+			||
+			check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'customize_preview_nonce', false )
+		);
+		if ( ! $has_post_data_nonce ) {
+			unset( $_POST['customized'] );
+			unset( $_REQUEST['customized'] );
+		}
+
 		if ( $this->is_theme_active() ) {
 			// Once the theme is loaded, we'll validate it.
 			add_action( 'after_setup_theme', array( $this, 'after_setup_theme' ) );

wp-includes/class-wp-xmlrpc-server.php

@@ -273,6 +273,11 @@ class wp_xmlrpc_server extends IXR_Server {
 			if ( isset($meta['id']) ) {
 				$meta['id'] = (int) $meta['id'];
 				$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
+
+				if ( ! $pmeta || $pmeta->post_id != $post_id ) {
+					continue;
+				}
+
 				if ( isset($meta['key']) ) {
 					$meta['key'] = wp_unslash( $meta['key'] );
 					if ( $meta['key'] !== $pmeta->meta_key )
@@ -1050,10 +1055,31 @@ class wp_xmlrpc_server extends IXR_Server {
 	 * @param array $content_struct Post data to insert.
 	 */
 	protected function _insert_post( $user, $content_struct ) {
-		$defaults = array( 'post_status' => 'draft', 'post_type' => 'post', 'post_author' => 0,
-			'post_password' => '', 'post_excerpt' => '', 'post_content' => '', 'post_title' => '' );
+		$defaults = array(
+			'post_status'    => 'draft',
+			'post_type'      => 'post',
+			'post_author'    => null,
+			'post_password'  => null,
+			'post_excerpt'   => null,
+			'post_content'   => null,
+			'post_title'     => null,
+			'post_date'      => null,
+			'post_date_gmt'  => null,
+			'post_format'    => null,
+			'post_name'      => null,
+			'post_thumbnail' => null,
+			'post_parent'    => null,
+			'ping_status'    => null,
+			'comment_status' => null,
+			'custom_fields'  => null,
+			'terms_names'    => null,
+			'terms'          => null,
+			'sticky'         => null,
+			'enclosure'      => null,
+			'ID'             => null,
+		);
 
-		$post_data = wp_parse_args( $content_struct, $defaults );
+		$post_data = wp_parse_args( array_intersect_key( $content_struct, $defaults ), $defaults );
 
 		$post_type = get_post_type_object( $post_data['post_type'] );
 		if ( ! $post_type )
@@ -1233,9 +1259,6 @@ class wp_xmlrpc_server extends IXR_Server {
 
 			$post_data['tax_input'] = $terms;
 			unset( $post_data['terms'], $post_data['terms_names'] );
-		} else {
-			// do not allow direct submission of 'tax_input', clients must use 'terms' and/or 'terms_names'
-			unset( $post_data['tax_input'], $post_data['post_category'], $post_data['tags_input'] );
 		}
 
 		if ( isset( $post_data['post_format'] ) ) {
@@ -3018,6 +3041,22 @@ class wp_xmlrpc_server extends IXR_Server {
 		if ( ! get_post($post_id) )
 			return new IXR_Error( 404, __( 'Invalid post ID.' ) );
 
+		if (
+			'publish' === get_post_status( $post_id ) &&
+			! current_user_can( 'edit_post', $post_id ) &&
+			post_password_required( $post_id )
+		) {
+			return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
+		}
+
+		if (
+			'private' === get_post_status( $post_id ) &&
+			! current_user_can( 'read_post', $post_id )
+		) {
+			return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
+		}
+
+		$comment = array();
 		$comment['comment_post_ID'] = $post_id;
 
 		if ( $logged_in ) {
@@ -3326,8 +3365,10 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		do_action('xmlrpc_call', 'wp.getMediaItem');
 
-		if ( ! $attachment = get_post($attachment_id) )
+		$attachment = get_post( $attachment_id );
+		if ( ! $attachment || 'attachment' !== $attachment->post_type ) {
 			return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
+		}
 
 		return $this->_prepare_media_item( $attachment );
 	}

wp-includes/class-wp.php

@@ -15,7 +15,7 @@ class WP {
 	 * @access public
 	 * @var array
 	 */
-	var $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type');
+	public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
 
 	/**
 	 * Private query variables.
@@ -245,6 +245,8 @@ class WP {
 		foreach ( $this->public_query_vars as $wpvar ) {
 			if ( isset( $this->extra_query_vars[$wpvar] ) )
 				$this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar];
+			elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] ) && $_GET[ $wpvar ] !== $_POST[ $wpvar ] )
+				wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
 			elseif ( isset( $_POST[$wpvar] ) )
 				$this->query_vars[$wpvar] = $_POST[$wpvar];
 			elseif ( isset( $_GET[$wpvar] ) )

wp-includes/feed.php

@@ -395,7 +395,7 @@ function rss_enclosure() {
 				$t = preg_split('/[ \t]/', trim($enclosure[2]) );
 				$type = $t[0];
 
-				echo apply_filters('rss_enclosure', '<enclosure url="' . trim(htmlspecialchars($enclosure[0])) . '" length="' . trim($enclosure[1]) . '" type="' . $type . '" />' . "\n");
+				echo apply_filters( 'rss_enclosure', '<enclosure url="' . esc_url( trim( $enclosure[0] ) ) . '" length="' . absint( trim( $enclosure[1] ) ) . '" type="' . esc_attr( $type ) . '" />' . "\n" );
 			}
 		}
 	}
@@ -426,7 +426,7 @@ function atom_enclosure() {
 		if ($key == 'enclosure') {
 			foreach ( (array) $val as $enc ) {
 				$enclosure = explode("\n", $enc);
-				echo apply_filters('atom_enclosure', '<link href="' . trim(htmlspecialchars($enclosure[0])) . '" rel="enclosure" length="' . trim($enclosure[1]) . '" type="' . trim($enclosure[2]) . '" />' . "\n");
+				echo apply_filters( 'atom_enclosure', '<link href="' . esc_url( trim( $enclosure[0] ) ) . '" rel="enclosure" length="' . absint( trim( $enclosure[1] ) ) . '" type="' . esc_attr( trim( $enclosure[2] ) ) . '" />' . "\n" );
 			}
 		}
 	}

wp-includes/formatting.php

@@ -957,6 +957,24 @@ function sanitize_file_name( $filename ) {
 	$filename_raw = $filename;
 	$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
 	$special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
+
+	// Check for support for utf8 in the installed PCRE library once and store the result in a static.
+	static $utf8_pcre = null;
+	if ( ! isset( $utf8_pcre ) ) {
+		// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
+		$utf8_pcre = @preg_match( '/^./u', 'a' );
+	}
+
+	if ( ! seems_utf8( $filename ) ) {
+		$_ext     = pathinfo( $filename, PATHINFO_EXTENSION );
+		$_name    = pathinfo( $filename, PATHINFO_FILENAME );
+		$filename = sanitize_title_with_dashes( $_name ) . '.' . $_ext;
+	}
+
+	if ( $utf8_pcre ) {
+		$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
+	}
+
 	$filename = str_replace($special_chars, '', $filename);
 	$filename = preg_replace('/[\s-]+/', '-', $filename);
 	$filename = trim($filename, '.-_');

wp-includes/functions.php

@@ -1365,6 +1365,11 @@ function wp_mkdir_p( $target ) {
 	if ( file_exists( $target ) )
 		return @is_dir( $target );
 
+	// Do not allow path traversals.
+	if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
+		return false;
+	}
+
 	// We need to find the permissions of the parent folder that exists and inherit that.
 	$target_parent = dirname( $target );
 	while ( '.' != $target_parent && ! is_dir( $target_parent ) ) {
@@ -1437,6 +1442,43 @@ function path_join( $base, $path ) {
 	return rtrim($base, '/') . '/' . ltrim($path, '/');
 }
 
+/**
+ * Normalize a filesystem path.
+ *
+ * On windows systems, replaces backslashes with forward slashes
+ * and forces upper-case drive letters.
+ * Allows for two leading slashes for Windows network shares, but
+ * ensures that all other duplicate slashes are reduced to a single.
+ *
+ * @since 3.9.0
+ * @since 4.4.0 Ensures upper-case drive letters on Windows systems.
+ * @since 4.5.0 Allows for Windows network shares.
+ * @since 4.9.7 Allows for PHP file wrappers.
+ *
+ * @param string $path Path to normalize.
+ * @return string Normalized path.
+ */
+function wp_normalize_path( $path ) {
+	$wrapper = '';
+	if ( wp_is_stream( $path ) ) {
+		list( $wrapper, $path ) = explode( '://', $path, 2 );
+		$wrapper .= '://';
+	}
+
+	// Standardise all paths to use /
+	$path = str_replace( '\\', '/', $path );
+
+	// Replace multiple slashes down to a singular, allowing for network shares having two slashes.
+	$path = preg_replace( '|(?<=.)/+|', '/', $path );
+
+	// Windows paths should uppercase the drive letter
+	if ( ':' === substr( $path, 1, 1 ) ) {
+		$path = ucfirst( $path );
+	}
+
+	return $wrapper . $path;
+}
+
 /**
  * Determines a writable directory for temporary files.
  * Function's preference is the return value of <code>sys_get_temp_dir()</code>,
@@ -1935,14 +1977,59 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
 				$type = $ext = false;
 			}
 		}
-	} elseif ( function_exists( 'finfo_file' ) ) {
-		// Use finfo_file if available to validate non-image files.
+	}
+
+	// Validate files that didn't get validated during previous checks.
+	if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) {
 		$finfo = finfo_open( FILEINFO_MIME_TYPE );
 		$real_mime = finfo_file( $finfo, $file );
 		finfo_close( $finfo );
 
-		// If the extension does not match the file's real type, return false.
-		if ( $real_mime !== $type ) {
+		// fileinfo often misidentifies obscure files as one of these types
+		$nonspecific_types = array(
+			'application/octet-stream',
+			'application/encrypted',
+			'application/CDFV2-encrypted',
+			'application/zip',
+		);
+
+		/*
+		 * If $real_mime doesn't match the content type we're expecting from the file's extension,
+		 * we need to do some additional vetting. Media types and those listed in $nonspecific_types are
+		 * allowed some leeway, but anything else must exactly match the real content type.
+		 */
+		if ( in_array( $real_mime, $nonspecific_types, true ) ) {
+			// File is a non-specific binary type. That's ok if it's a type that generally tends to be binary.
+			if ( !in_array( substr( $type, 0, strcspn( $type, '/' ) ), array( 'application', 'video', 'audio' ) ) ) {
+				$type = $ext = false;
+			}
+		} elseif ( 0 === strpos( $real_mime, 'video/' ) || 0 === strpos( $real_mime, 'audio/' ) ) {
+			/*
+			 * For these types, only the major type must match the real value.
+			 * This means that common mismatches are forgiven: application/vnd.apple.numbers is often misidentified as application/zip,
+			 * and some media files are commonly named with the wrong extension (.mov instead of .mp4)
+			 */
+
+			if ( substr( $real_mime, 0, strcspn( $real_mime, '/' ) ) !== substr( $type, 0, strcspn( $type, '/' ) ) ) {
+				$type = $ext = false;
+			}
+		} else {
+			if ( $type !== $real_mime ) {
+				/*
+				 * Everything else including image/* and application/*: 
+				 * If the real content type doesn't match the file extension, assume it's dangerous.
+				 */
+				$type = $ext = false;
+			}
+
+		}
+	}
+
+	// The mime type must be allowed 
+	if ( $type ) {
+		$allowed = get_allowed_mime_types();
+
+		if ( ! in_array( $type, $allowed ) ) {
 			$type = $ext = false;
 		}
 	}
@@ -2108,8 +2195,9 @@ function get_allowed_mime_types( $user = null ) {
 	if ( function_exists( 'current_user_can' ) )
 		$unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
 
-	if ( empty( $unfiltered ) )
-		unset( $t['htm|html'] );
+	if ( empty( $unfiltered ) ) {
+		unset( $t['htm|html'], $t['js'] );
+	}
 
 	return apply_filters( 'upload_mimes', $t, $user );
 }
@@ -4258,3 +4346,29 @@ function mbstring_binary_safe_encoding( $reset = false ) {
 function reset_mbstring_encoding() {
 	mbstring_binary_safe_encoding( true );
 }
+
+/**
+ * Deletes a file if its path is within the given directory.
+ *
+ * @since 4.9.7
+ *
+ * @param string $file      Absolute path to the file to delete.
+ * @param string $directory Absolute path to a directory.
+ * @return bool True on success, false on failure.
+ */
+function wp_delete_file_from_directory( $file, $directory ) {
+	$real_file = realpath( wp_normalize_path( $file ) );
+	$real_directory = realpath( wp_normalize_path( $directory ) );
+
+	if ( false === $real_file || false === $real_directory || strpos( wp_normalize_path( $real_file ), trailingslashit( wp_normalize_path( $real_directory ) ) ) !== 0 ) {
+		return false;
+	}
+
+	/** This filter is documented in wp-admin/custom-header.php */
+	$delete = apply_filters( 'wp_delete_file', $file );
+	if ( ! empty( $delete ) ) {
+		@unlink( $delete );
+	}
+
+	return true;
+}

wp-includes/general-template.php

@@ -1788,6 +1788,24 @@ function wp_no_robots() {
 	echo "<meta name='robots' content='noindex,nofollow' />\n";
 }
 
+/**
+ * Display a noindex,noarchive meta tag and referrer origin-when-cross-origin meta tag.
+ *
+ * Outputs a noindex,noarchive meta tag that tells web robots not to index or cache the page content.
+ * Outputs a referrer origin-when-cross-origin meta tag that tells the browser not to send the full
+ * url as a referrer to other sites when cross-origin assets are loaded.
+ *
+ * Typical usage is as a wp_head callback. add_action( 'wp_head', 'wp_sensitive_page_meta' );
+ *
+ * @since 5.0.0
+ */
+function wp_sensitive_page_meta() {
+	?>
+	<meta name='robots' content='noindex,noarchive' />
+	<meta name='referrer' content='strict-origin-when-cross-origin' />
+	<?php
+}
+
 /**
  * Determine if TinyMCE is available.
  *
@@ -1927,12 +1945,14 @@ function language_attributes($doctype = 'html') {
 	if ( function_exists( 'is_rtl' ) && is_rtl() )
 		$attributes[] = 'dir="rtl"';
 
-	if ( $lang = get_bloginfo('language') ) {
-		if ( get_option('html_type') == 'text/html' || $doctype == 'html' )
-			$attributes[] = "lang=\"$lang\"";
+	if ( $lang = get_bloginfo( 'language' ) ) {
+		if ( get_option( 'html_type' ) == 'text/html' || $doctype == 'html' ) {
+			$attributes[] = 'lang="' . esc_attr( $lang ) . '"';
+		}
 
-		if ( get_option('html_type') != 'text/html' || $doctype == 'xhtml' )
-			$attributes[] = "xml:lang=\"$lang\"";
+		if ( get_option( 'html_type' ) != 'text/html' || $doctype == 'xhtml' ) {
+			$attributes[] = 'xml:lang="' . esc_attr( $lang ) . '"';
+		}
 	}
 
 	$output = implode(' ', $attributes);
@@ -2253,25 +2273,25 @@ function get_the_generator( $type = '' ) {
 
 	switch ( $type ) {
 		case 'html':
-			$gen = '<meta name="generator" content="WordPress ' . get_bloginfo( 'version' ) . '">';
+			$gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '">';
 			break;
 		case 'xhtml':
-			$gen = '<meta name="generator" content="WordPress ' . get_bloginfo( 'version' ) . '" />';
+			$gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '" />';
 			break;
 		case 'atom':
-			$gen = '<generator uri="http://wordpress.org/" version="' . get_bloginfo_rss( 'version' ) . '">WordPress</generator>';
+			$gen = '<generator uri="https://wordpress.org/" version="' . esc_attr( get_bloginfo_rss( 'version' ) ) . '">WordPress</generator>';
 			break;
 		case 'rss2':
-			$gen = '<generator>http://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) . '</generator>';
+			$gen = '<generator>' . esc_url_raw( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '</generator>';
 			break;
 		case 'rdf':
-			$gen = '<admin:generatorAgent rdf:resource="http://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) . '" />';
+			$gen = '<admin:generatorAgent rdf:resource="' . esc_url_raw( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '" />';
 			break;
 		case 'comment':
-			$gen = '<!-- generator="WordPress/' . get_bloginfo( 'version' ) . '" -->';
+			$gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo( 'version' ) ) . '" -->';
 			break;
 		case 'export':
-			$gen = '<!-- generator="WordPress/' . get_bloginfo_rss('version') . '" created="'. date('Y-m-d H:i') . '" -->';
+			$gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo_rss( 'version' ) ) . '" created="' . date( 'Y-m-d H:i' ) . '" -->';
 			break;
 	}
 	return apply_filters( "get_the_generator_{$type}", $gen, $type );

wp-includes/http.php

@@ -476,8 +476,9 @@ function wp_http_validate_url( $url ) {
 			$ip = $host;
 		} else {
 			$ip = gethostbyname( $host );
-			if ( $ip === $host ) // Error condition for gethostbyname()
-				$ip = false;
+			if ( $ip === $host ) { // Error condition for gethostbyname()
+				return false;
+			}
 		}
 		if ( $ip ) {
 			$parts = array_map( 'intval', explode( '.', $ip ) );

wp-includes/js/customize-loader.min.js

@@ -1 +1 @@
-window.wp=window.wp||{},function(a,b){var c,d=wp.customize;b.extend(b.support,{history:!(!window.history||!history.pushState),hashchange:"onhashchange"in window&&(void 0===document.documentMode||document.documentMode>7)}),c=b.extend({},d.Events,{initialize:function(){this.body=b(document.body),c.settings&&b.support.postMessage&&(b.support.cors||!c.settings.isCrossDomain)&&(this.window=b(window),this.element=b('<div id="customize-container" />').appendTo(this.body),this.bind("open",this.overlay.show),this.bind("close",this.overlay.hide),b("#wpbody").on("click",".load-customize",function(a){a.preventDefault(),c.link=b(this),c.open(c.link.attr("href"))}),b.support.history&&this.window.on("popstate",c.popstate),b.support.hashchange&&(this.window.on("hashchange",c.hashchange),this.window.triggerHandler("hashchange")))},popstate:function(a){var b=a.originalEvent.state;b&&b.customize?c.open(b.customize):c.active&&c.close()},hashchange:function(){var a=window.location.toString().split("#")[1];a&&0===a.indexOf("wp_customize=on")&&c.open(c.settings.url+"?"+a),a||b.support.history||c.close()},open:function(a){var e;if(!this.active){if(c.settings.browser.mobile)return window.location=a;this.active=!0,this.body.addClass("customize-loading"),this.iframe=b("<iframe />",{src:a}).appendTo(this.element),this.iframe.one("load",this.loaded),this.messenger=new d.Messenger({url:a,channel:"loader",targetWindow:this.iframe[0].contentWindow}),this.messenger.bind("ready",function(){c.messenger.send("back")}),this.messenger.bind("close",function(){b.support.history?history.back():b.support.hashchange?window.location.hash="":c.close()}),this.messenger.bind("activated",function(a){a&&(window.location=a)}),e=a.split("?")[1],b.support.history&&window.location.href!==a?history.pushState({customize:a},"",a):!b.support.history&&b.support.hashchange&&e&&(window.location.hash="wp_customize=on&"+e),this.trigger("open")}},opened:function(){c.body.addClass("customize-active full-overlay-active")},close:function(){this.active&&(this.active=!1,this.trigger("close"),this.link&&this.link.focus())},closed:function(){c.iframe.remove(),c.messenger.destroy(),c.iframe=null,c.messenger=null,c.body.removeClass("customize-active full-overlay-active").removeClass("customize-loading")},loaded:function(){c.body.removeClass("customize-loading")},overlay:{show:function(){this.element.fadeIn(200,c.opened)},hide:function(){this.element.fadeOut(200,c.closed)}}}),b(function(){c.settings=_wpCustomizeLoaderSettings,c.initialize()}),d.Loader=c}(wp,jQuery);
+window.wp=window.wp||{},function(a,b){var c,d=wp.customize;b.extend(b.support,{history:!(!window.history||!history.pushState),hashchange:"onhashchange"in window&&(void 0===document.documentMode||document.documentMode>7)}),c=b.extend({},d.Events,{initialize:function(){this.body=b(document.body),c.settings&&b.support.postMessage&&(b.support.cors||!c.settings.isCrossDomain)&&(this.window=b(window),this.element=b('<div id="customize-container" />').appendTo(this.body),this.bind("open",this.overlay.show),this.bind("close",this.overlay.hide),b("#wpbody").on("click",".load-customize",function(a){a.preventDefault(),c.link=b(this),c.open(c.link.attr("href"))}),b.support.history&&this.window.on("popstate",c.popstate),b.support.hashchange&&(this.window.on("hashchange",c.hashchange),this.window.triggerHandler("hashchange")))},popstate:function(a){var b=a.originalEvent.state;b&&b.customize?c.open(b.customize):c.active&&c.close()},hashchange:function(a){var d=window.location.toString().split("#")[1];d&&0===d.indexOf("wp_customize=on")&&c.open(c.settings.url+"?"+d),d||b.support.history||c.close()},open:function(a){var e;if(!this.active){if(c.settings.browser.mobile)return window.location=a;this.active=!0,this.body.addClass("customize-loading"),this.iframe=b("<iframe />",{src:a}).appendTo(this.element),this.iframe.one("load",this.loaded),this.messenger=new d.Messenger({url:a,channel:"loader",targetWindow:this.iframe[0].contentWindow}),this.messenger.bind("ready",function(){c.messenger.send("back")}),this.messenger.bind("close",function(){b.support.history?history.back():b.support.hashchange?window.location.hash="":c.close()}),this.messenger.bind("activated",function(a){a&&(window.location=a)}),e=a.split("?")[1],b.support.history&&window.location.href!==a?history.pushState({customize:a},"",a):!b.support.history&&b.support.hashchange&&e&&(window.location.hash="wp_customize=on&"+e),this.trigger("open")}},opened:function(){c.body.addClass("customize-active full-overlay-active")},close:function(){this.active&&(this.active=!1,this.trigger("close"),this.link&&this.link.focus())},closed:function(){c.iframe.remove(),c.messenger.destroy(),c.iframe=null,c.messenger=null,c.body.removeClass("customize-active full-overlay-active").removeClass("customize-loading")},loaded:function(){c.body.removeClass("customize-loading")},overlay:{show:function(){this.element.fadeIn(200,c.opened)},hide:function(){this.element.fadeOut(200,c.closed)}}}),b(function(){c.settings=_wpCustomizeLoaderSettings,c.initialize()}),d.Loader=c}(wp,jQuery);

wp-includes/js/heartbeat.min.js

@@ -1 +1 @@
-window.wp=window.wp||{},function(a){var b=function(){function b(a){return a?parseInt((new Date).getTime()/1e3):(new Date).getTime()}function c(a){var b,c=a.src;if(c&&/^https?:\/\//.test(c)&&(b=window.location.origin?window.location.origin:window.location.protocol+"//"+window.location.host,0!==c.indexOf(b)))return!1;try{if(a.contentWindow.document)return!0}catch(d){}return!1}function d(b,c){var d;if(b){switch(b){case"abort":break;case"timeout":d=!0;break;case"parsererror":case"error":case"empty":case"unknown":A++,A>2&&(d=!0)}503==c&&!1===D&&(d=!0),d&&!u.hasConnectionError()&&(D=!0,a(document).trigger("heartbeat-connection-lost",[b,c]))}else u.hasConnectionError()?(A=0,D=!1,a(document).trigger("heartbeat-connection-restored")):null===D&&(D=!1)}function e(){var c,e,g={},h=!0,i="object"==typeof window.heartbeatSettings?window.heartbeatSettings.nonce:"";x=b(),c=a.extend({},y),y={},a(document).trigger("heartbeat-send",[c]);for(e in c)if(c.hasOwnProperty(e)){h=!1;break}return h&&!u.hasConnectionError()?(p=!1,f(),void 0):(g.data=c,g.interval=o/1e3,g._nonce=i,g.action="heartbeat",g.screen_id=v,g.has_focus=B,p=!0,u.xhr=a.ajax({url:w,type:"post",timeout:3e4,data:g,dataType:"json"}).done(function(b,c,e){var f;return b?(u.hasConnectionError()&&d(),b.nonces_expired?(a(document).trigger("heartbeat-nonces-expired"),void 0):(b.heartbeat_interval&&(f=b.heartbeat_interval,delete b.heartbeat_interval),u.tick(b,c,e),f&&u.interval.call(u,f),void 0)):d("empty")}).always(function(){p=!1,f()}).fail(function(a,b,c){d(b||"unknown",a.status),u.error(a,b,c)}),void 0)}function f(){var a=b()-x,c=o;l&&(B?z>0&&q&&(c=q,z--):c=1e5,window.clearTimeout(m),c>a?m=window.setTimeout(function(){l&&e()},c-a):e())}function g(){window.clearTimeout(t),window.clearTimeout(C),t=C=0,B=!1}function h(){window.clearTimeout(t),window.clearTimeout(C),t=C=0,r=b(),B||(B=!0,window.clearTimeout(m),p||f())}function i(){a("iframe").each(function(b,d){c(d)&&(a.data(d,"wp-heartbeat-focus")||(a.data(d,"wp-heartbeat-focus",1),a(d.contentWindow).on("focus.wp-heartbeat-focus",function(){h()}).on("blur.wp-heartbeat-focus",function(){i(),C=window.setTimeout(function(){g()},500)})))})}function j(){s=!1,a(document).off(".wp-heartbeat-active"),a("iframe").each(function(b,d){c(d)&&a(d.contentWindow).off(".wp-heartbeat-active")}),h()}function k(){var d=r?b()-r:0;d>3e5&&B&&g(),s||(a(document).on("mouseover.wp-heartbeat-active keyup.wp-heartbeat-active",function(){j()}),a("iframe").each(function(b,d){c(d)&&a(d.contentWindow).on("mouseover.wp-heartbeat-active keyup.wp-heartbeat-active",function(){j()})}),s=!0)}var l,m,n,o,p,q,r,s,t,u=this,v="undefined"!=typeof pagenow?pagenow:"",w="undefined"!=typeof ajaxurl?ajaxurl:"",x=0,y={},z=0,A=0,B=!0,C=-1,D=null;this.hasConnectionError=function(){return!!D},"object"==typeof window.heartbeatSettings&&(n=a.extend({},window.heartbeatSettings),w=n.ajaxurl||w,delete n.ajaxurl,delete n.nonce,o=n.interval||15,delete n.interval,15>o?o=15:o>60&&(o=60),o=1e3*o,v=v||n.screenId||"front",delete n.screenId,a.extend(this,n)),a(window).on("blur.wp-heartbeat-focus",function(){i(),t=window.setTimeout(function(){g()},500)}).on("focus.wp-heartbeat-focus",function(){a("iframe").each(function(b,d){c(d)&&(a.removeData(d,"wp-heartbeat-focus"),a(d.contentWindow).off(".wp-heartbeat-focus"))}),h()}),window.setInterval(function(){k()},3e4),a(document).ready(function(){l=!0,x=b(),f()}),this.hasFocus=function(){return B},this.interval=function(a,b){var c,d;if(b=parseInt(b,10)||30,b=1>b||b>30?30:b,a){switch(a){case"fast":d=5,z=b;break;case"slow":d=60,z=0;break;case"long-polling":return o=0,0;default:d=15,z=0}c=o>1e3*d,z>0?q=1e3*d:(o=1e3*d,q=0),c&&f()}return B?q?q/1e3:o/1e3:120},this.enqueue=function(a,b,c){return a?c&&this.isQueued(a)?!1:(y[a]=b,!0):!1},this.isQueued=function(a){return a?y.hasOwnProperty(a):void 0},this.dequeue=function(a){a&&delete y[a]},this.getQueuedItem=function(a){return a?this.isQueued(a)?y[a]:void 0:void 0}};a.extend(b.prototype,{tick:function(b,c,d){a(document).trigger("heartbeat-tick",[b,c,d])},error:function(b,c,d){a(document).trigger("heartbeat-error",[b,c,d])}}),wp.heartbeat=new b}(jQuery);
+window.wp=window.wp||{},function(a){var b=function(){function b(a){return a?parseInt((new Date).getTime()/1e3):(new Date).getTime()}function c(a){var b,c=a.src;if(c&&/^https?:\/\//.test(c)&&(b=window.location.origin?window.location.origin:window.location.protocol+"//"+window.location.host,0!==c.indexOf(b)))return!1;try{if(a.contentWindow.document)return!0}catch(d){}return!1}function d(b,c){var d;if(b){switch(b){case"abort":break;case"timeout":d=!0;break;case"parsererror":case"error":case"empty":case"unknown":A++,A>2&&(d=!0)}503==c&&!1===D&&(d=!0),d&&!u.hasConnectionError()&&(D=!0,a(document).trigger("heartbeat-connection-lost",[b,c]))}else u.hasConnectionError()?(A=0,D=!1,a(document).trigger("heartbeat-connection-restored")):null===D&&(D=!1)}function e(){var c,e,g={},h=!0,i="object"==typeof window.heartbeatSettings?window.heartbeatSettings.nonce:"";x=b(),c=a.extend({},y),y={},a(document).trigger("heartbeat-send",[c]);for(e in c)if(c.hasOwnProperty(e)){h=!1;break}return h&&!u.hasConnectionError()?(p=!1,void f()):(g.data=c,g.interval=o/1e3,g._nonce=i,g.action="heartbeat",g.screen_id=v,g.has_focus=B,p=!0,void(u.xhr=a.ajax({url:w,type:"post",timeout:3e4,data:g,dataType:"json"}).done(function(b,c,e){var f;return b?(u.hasConnectionError()&&d(),b.nonces_expired?void a(document).trigger("heartbeat-nonces-expired"):(b.heartbeat_interval&&(f=b.heartbeat_interval,delete b.heartbeat_interval),u.tick(b,c,e),void(f&&u.interval.call(u,f)))):d("empty")}).always(function(){p=!1,f()}).fail(function(a,b,c){d(b||"unknown",a.status),u.error(a,b,c)})))}function f(){var a=b()-x,c=o;l&&(B?z>0&&q&&(c=q,z--):c=1e5,window.clearTimeout(m),c>a?m=window.setTimeout(function(){l&&e()},c-a):e())}function g(){window.clearTimeout(t),window.clearTimeout(C),t=C=0,B=!1}function h(){window.clearTimeout(t),window.clearTimeout(C),t=C=0,r=b(),B||(B=!0,window.clearTimeout(m),p||f())}function i(){a("iframe").each(function(b,d){c(d)&&(a.data(d,"wp-heartbeat-focus")||(a.data(d,"wp-heartbeat-focus",1),a(d.contentWindow).on("focus.wp-heartbeat-focus",function(a){h()}).on("blur.wp-heartbeat-focus",function(a){i(),C=window.setTimeout(function(){g()},500)})))})}function j(){s=!1,a(document).off(".wp-heartbeat-active"),a("iframe").each(function(b,d){c(d)&&a(d.contentWindow).off(".wp-heartbeat-active")}),h()}function k(){var d=r?b()-r:0;d>3e5&&B&&g(),s||(a(document).on("mouseover.wp-heartbeat-active keyup.wp-heartbeat-active",function(){j()}),a("iframe").each(function(b,d){c(d)&&a(d.contentWindow).on("mouseover.wp-heartbeat-active keyup.wp-heartbeat-active",function(){j()})}),s=!0)}var l,m,n,o,p,q,r,s,t,u=this,v="undefined"!=typeof pagenow?pagenow:"",w="undefined"!=typeof ajaxurl?ajaxurl:"",x=0,y={},z=0,A=0,B=!0,C=-1,D=null;this.hasConnectionError=function(){return!!D},"object"==typeof window.heartbeatSettings&&(n=a.extend({},window.heartbeatSettings),w=n.ajaxurl||w,delete n.ajaxurl,delete n.nonce,o=n.interval||15,delete n.interval,15>o?o=15:o>60&&(o=60),o=1e3*o,v=v||n.screenId||"front",delete n.screenId,a.extend(this,n)),a(window).on("blur.wp-heartbeat-focus",function(a){i(),t=window.setTimeout(function(){g()},500)}).on("focus.wp-heartbeat-focus",function(){a("iframe").each(function(b,d){c(d)&&(a.removeData(d,"wp-heartbeat-focus"),a(d.contentWindow).off(".wp-heartbeat-focus"))}),h()}),window.setInterval(function(){k()},3e4),a(document).ready(function(){l=!0,x=b(),f()}),this.hasFocus=function(){return B},this.interval=function(a,b){var c,d;if(b=parseInt(b,10)||30,b=1>b||b>30?30:b,a){switch(a){case"fast":d=5,z=b;break;case"slow":d=60,z=0;break;case"long-polling":return o=0,0;default:d=15,z=0}c=o>1e3*d,z>0?q=1e3*d:(o=1e3*d,q=0),c&&f()}return B?q?q/1e3:o/1e3:120},this.enqueue=function(a,b,c){return a?c&&this.isQueued(a)?!1:(y[a]=b,!0):!1},this.isQueued=function(a){return a?y.hasOwnProperty(a):void 0},this.dequeue=function(a){a&&delete y[a]},this.getQueuedItem=function(a){return a&&this.isQueued(a)?y[a]:void 0}};a.extend(b.prototype,{tick:function(b,c,d){a(document).trigger("heartbeat-tick",[b,c,d])},error:function(b,c,d){a(document).trigger("heartbeat-error",[b,c,d])}}),wp.heartbeat=new b}(jQuery);

wp-includes/js/json2.min.js

@@ -1 +1 @@
-var JSON;JSON||(JSON={}),function(){"use strict";function f(a){return 10>a?"0"+a:a}function quote(a){return escapable.lastIndex=0,escapable.test(a)?'"'+a.replace(escapable,function(a){var b=meta[a];return"string"==typeof b?b:"\\u"+("0000"+a.charCodeAt(0).toString(16)).slice(-4)})+'"':'"'+a+'"'}function str(a,b){var c,d,e,f,g,h=gap,i=b[a];switch(i&&"object"==typeof i&&"function"==typeof i.toJSON&&(i=i.toJSON(a)),"function"==typeof rep&&(i=rep.call(b,a,i)),typeof i){case"string":return quote(i);case"number":return isFinite(i)?String(i):"null";case"boolean":case"null":return String(i);case"object":if(!i)return"null";if(gap+=indent,g=[],"[object Array]"===Object.prototype.toString.apply(i)){for(f=i.length,c=0;f>c;c+=1)g[c]=str(c,i)||"null";return e=0===g.length?"[]":gap?"[\n"+gap+g.join(",\n"+gap)+"\n"+h+"]":"["+g.join(",")+"]",gap=h,e}if(rep&&"object"==typeof rep)for(f=rep.length,c=0;f>c;c+=1)"string"==typeof rep[c]&&(d=rep[c],e=str(d,i),e&&g.push(quote(d)+(gap?": ":":")+e));else for(d in i)Object.prototype.hasOwnProperty.call(i,d)&&(e=str(d,i),e&&g.push(quote(d)+(gap?": ":":")+e));return e=0===g.length?"{}":gap?"{\n"+gap+g.join(",\n"+gap)+"\n"+h+"}":"{"+g.join(",")+"}",gap=h,e}}"function"!=typeof Date.prototype.toJSON&&(Date.prototype.toJSON=function(){return isFinite(this.valueOf())?this.getUTCFullYear()+"-"+f(this.getUTCMonth()+1)+"-"+f(this.getUTCDate())+"T"+f(this.getUTCHours())+":"+f(this.getUTCMinutes())+":"+f(this.getUTCSeconds())+"Z":null},String.prototype.toJSON=Number.prototype.toJSON=Boolean.prototype.toJSON=function(){return this.valueOf()});var cx=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,escapable=/[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,gap,indent,meta={"\b":"\\b","	":"\\t","\n":"\\n","\f":"\\f","\r":"\\r",'"':'\\"',"\\":"\\\\"},rep;"function"!=typeof JSON.stringify&&(JSON.stringify=function(a,b,c){var d;if(gap="",indent="","number"==typeof c)for(d=0;c>d;d+=1)indent+=" ";else"string"==typeof c&&(indent=c);if(rep=b,b&&"function"!=typeof b&&("object"!=typeof b||"number"!=typeof b.length))throw new Error("JSON.stringify");return str("",{"":a})}),"function"!=typeof JSON.parse&&(JSON.parse=function(text,reviver){function walk(a,b){var c,d,e=a[b];if(e&&"object"==typeof e)for(c in e)Object.prototype.hasOwnProperty.call(e,c)&&(d=walk(e,c),void 0!==d?e[c]=d:delete e[c]);return reviver.call(a,b,e)}var j;if(text=String(text),cx.lastIndex=0,cx.test(text)&&(text=text.replace(cx,function(a){return"\\u"+("0000"+a.charCodeAt(0).toString(16)).slice(-4)})),/^[\],:{}\s]*$/.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,"@").replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,"]").replace(/(?:^|:|,)(?:\s*\[)+/g,"")))return j=eval("("+text+")"),"function"==typeof reviver?walk({"":j},""):j;throw new SyntaxError("JSON.parse")})}();
+var JSON;JSON||(JSON={}),function(){"use strict";function f(a){return 10>a?"0"+a:a}function quote(a){return escapable.lastIndex=0,escapable.test(a)?'"'+a.replace(escapable,function(a){var b=meta[a];return"string"==typeof b?b:"\\u"+("0000"+a.charCodeAt(0).toString(16)).slice(-4)})+'"':'"'+a+'"'}function str(a,b){var c,d,e,f,g,h=gap,i=b[a];switch(i&&"object"==typeof i&&"function"==typeof i.toJSON&&(i=i.toJSON(a)),"function"==typeof rep&&(i=rep.call(b,a,i)),typeof i){case"string":return quote(i);case"number":return isFinite(i)?String(i):"null";case"boolean":case"null":return String(i);case"object":if(!i)return"null";if(gap+=indent,g=[],"[object Array]"===Object.prototype.toString.apply(i)){for(f=i.length,c=0;f>c;c+=1)g[c]=str(c,i)||"null";return e=0===g.length?"[]":gap?"[\n"+gap+g.join(",\n"+gap)+"\n"+h+"]":"["+g.join(",")+"]",gap=h,e}if(rep&&"object"==typeof rep)for(f=rep.length,c=0;f>c;c+=1)"string"==typeof rep[c]&&(d=rep[c],e=str(d,i),e&&g.push(quote(d)+(gap?": ":":")+e));else for(d in i)Object.prototype.hasOwnProperty.call(i,d)&&(e=str(d,i),e&&g.push(quote(d)+(gap?": ":":")+e));return e=0===g.length?"{}":gap?"{\n"+gap+g.join(",\n"+gap)+"\n"+h+"}":"{"+g.join(",")+"}",gap=h,e}}"function"!=typeof Date.prototype.toJSON&&(Date.prototype.toJSON=function(a){return isFinite(this.valueOf())?this.getUTCFullYear()+"-"+f(this.getUTCMonth()+1)+"-"+f(this.getUTCDate())+"T"+f(this.getUTCHours())+":"+f(this.getUTCMinutes())+":"+f(this.getUTCSeconds())+"Z":null},String.prototype.toJSON=Number.prototype.toJSON=Boolean.prototype.toJSON=function(a){return this.valueOf()});var cx=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,escapable=/[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,gap,indent,meta={"\b":"\\b","	":"\\t","\n":"\\n","\f":"\\f","\r":"\\r",'"':'\\"',"\\":"\\\\"},rep;"function"!=typeof JSON.stringify&&(JSON.stringify=function(a,b,c){var d;if(gap="",indent="","number"==typeof c)for(d=0;c>d;d+=1)indent+=" ";else"string"==typeof c&&(indent=c);if(rep=b,b&&"function"!=typeof b&&("object"!=typeof b||"number"!=typeof b.length))throw new Error("JSON.stringify");return str("",{"":a})}),"function"!=typeof JSON.parse&&(JSON.parse=function(text,reviver){function walk(a,b){var c,d,e=a[b];if(e&&"object"==typeof e)for(c in e)Object.prototype.hasOwnProperty.call(e,c)&&(d=walk(e,c),void 0!==d?e[c]=d:delete e[c]);return reviver.call(a,b,e)}var j;if(text=String(text),cx.lastIndex=0,cx.test(text)&&(text=text.replace(cx,function(a){return"\\u"+("0000"+a.charCodeAt(0).toString(16)).slice(-4)})),/^[\],:{}\s]*$/.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,"@").replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,"]").replace(/(?:^|:|,)(?:\s*\[)+/g,"")))return j=eval("("+text+")"),"function"==typeof reviver?walk({"":j},""):j;throw new SyntaxError("JSON.parse")})}();

wp-includes/js/mce-view.min.js

@@ -1 +1 @@
-window.wp=window.wp||{},function(a){var b={},c={};wp.mce=wp.mce||{},wp.mce.view={defaults:{pattern:{view:Backbone.View,text:function(a){return a.options.original},toView:function(a){if(this.pattern){this.pattern.lastIndex=0;var b=this.pattern.exec(a);if(b)return{index:b.index,content:b[0],options:{original:b[0],results:b}}}}},shortcode:{view:Backbone.View,text:function(a){return a.options.shortcode.string()},toView:function(a){var b=wp.shortcode.next(this.shortcode,a);if(b)return{index:b.index,content:b.content,options:{shortcode:b.shortcode}}}}},add:function(a,d){var e,f,g,h;e=d.extend?wp.mce.view.get(d.extend):d.shortcode?wp.mce.view.defaults.shortcode:wp.mce.view.defaults.pattern,_.defaults(d,e),d.id=a,h={remove:function(){return delete c[this.el.id],this.$el.parent().remove(),f&&f.apply(this,arguments),this}},_.isFunction(d.view)?g=d.view:(g=e.view,f=d.view.remove,_.defaults(h,d.view)),f||g._mceview||(f=g.prototype.remove),d.view=g.extend(h,{_mceview:!0}),b[a]=d},get:function(a){return b[a]},remove:function(a){delete b[a]},toViews:function(a){var c,d=[{content:a}];return _.each(b,function(a,b){c=d.slice(),d=[],_.each(c,function(c){var e,f=c.content;if(c.processed)return d.push(c),void 0;for(;f&&(e=a.toView(f));)e.index&&d.push({content:f.substring(0,e.index)}),d.push({content:wp.mce.view.toView(b,e.options),processed:!0}),f=f.slice(e.index+e.content.length);f&&d.push({content:f})})}),_.pluck(d,"content").join("")},toView:function(b,d){var e,f,g=wp.mce.view.get(b);return g?(e=new g.view(_.extend(d||{},{viewType:b})),f=e.el.id=e.el.id||_.uniqueId("__wpmce-"),c[f]=e,e.$wrapper=a(),wp.html.string({tag:"span"===e.tagName?"span":"div",attrs:{"class":"wp-view-wrap wp-view-type-"+b,"data-wp-view":f,contenteditable:!1}})):""},render:function(b){a(".wp-view-wrap",b).each(function(){var b=a(this),c=wp.mce.view.instance(this);c&&(c.$wrapper=b,c.render(),c.$el.detach(),b.empty().append(c.el).append('<span data-wp-view-end class="wp-view-end"></span>'))})},toText:function(a){return a.replace(/<(?:div|span)[^>]+data-wp-view="([^"]+)"[^>]*>.*?<span[^>]+data-wp-view-end[^>]*><\/span><\/(?:div|span)>/g,function(a,b){var d,e=c[b];return e&&(d=wp.mce.view.get(e.options.viewType)),e&&d?d.text(e):""})},removeInternalAttrs:function(a){var b={};return _.each(a,function(a,c){-1===c.indexOf("data-mce")&&(b[c]=a)}),b},attrs:function(a){return wp.mce.view.removeInternalAttrs(wp.html.attrs(a))},instance:function(b){var d=a(b).data("wp-view");return d?c[d]:void 0},select:function(b){var c=a(b);c.hasClass("selected")||(c.addClass("selected"),a(b.firstChild).trigger("select"))},deselect:function(b){var c=a(b);c.hasClass("selected")&&(c.removeClass("selected"),a(b.firstChild).trigger("deselect"))}}}(jQuery);
+window.wp=window.wp||{},function(a){var b={},c={};wp.mce=wp.mce||{},wp.mce.view={defaults:{pattern:{view:Backbone.View,text:function(a){return a.options.original},toView:function(a){if(this.pattern){this.pattern.lastIndex=0;var b=this.pattern.exec(a);if(b)return{index:b.index,content:b[0],options:{original:b[0],results:b}}}}},shortcode:{view:Backbone.View,text:function(a){return a.options.shortcode.string()},toView:function(a){var b=wp.shortcode.next(this.shortcode,a);if(b)return{index:b.index,content:b.content,options:{shortcode:b.shortcode}}}}},add:function(a,d){var e,f,g,h;e=d.extend?wp.mce.view.get(d.extend):d.shortcode?wp.mce.view.defaults.shortcode:wp.mce.view.defaults.pattern,_.defaults(d,e),d.id=a,h={remove:function(){return delete c[this.el.id],this.$el.parent().remove(),f&&f.apply(this,arguments),this}},_.isFunction(d.view)?g=d.view:(g=e.view,f=d.view.remove,_.defaults(h,d.view)),f||g._mceview||(f=g.prototype.remove),d.view=g.extend(h,{_mceview:!0}),b[a]=d},get:function(a){return b[a]},remove:function(a){delete b[a]},toViews:function(a){var c,d=[{content:a}];return _.each(b,function(a,b){c=d.slice(),d=[],_.each(c,function(c){var e,f=c.content;if(c.processed)return void d.push(c);for(;f&&(e=a.toView(f));)e.index&&d.push({content:f.substring(0,e.index)}),d.push({content:wp.mce.view.toView(b,e.options),processed:!0}),f=f.slice(e.index+e.content.length);f&&d.push({content:f})})}),_.pluck(d,"content").join("")},toView:function(b,d){var e,f,g=wp.mce.view.get(b);return g?(e=new g.view(_.extend(d||{},{viewType:b})),f=e.el.id=e.el.id||_.uniqueId("__wpmce-"),c[f]=e,e.$wrapper=a(),wp.html.string({tag:"span"===e.tagName?"span":"div",attrs:{"class":"wp-view-wrap wp-view-type-"+b,"data-wp-view":f,contenteditable:!1}})):""},render:function(b){a(".wp-view-wrap",b).each(function(){var b=a(this),c=wp.mce.view.instance(this);c&&(c.$wrapper=b,c.render(),c.$el.detach(),b.empty().append(c.el).append('<span data-wp-view-end class="wp-view-end"></span>'))})},toText:function(a){return a.replace(/<(?:div|span)[^>]+data-wp-view="([^"]+)"[^>]*>.*?<span[^>]+data-wp-view-end[^>]*><\/span><\/(?:div|span)>/g,function(a,b){var d,e=c[b];return e&&(d=wp.mce.view.get(e.options.viewType)),e&&d?d.text(e):""})},removeInternalAttrs:function(a){var b={};return _.each(a,function(a,c){-1===c.indexOf("data-mce")&&(b[c]=a)}),b},attrs:function(a){return wp.mce.view.removeInternalAttrs(wp.html.attrs(a))},instance:function(b){var d=a(b).data("wp-view");return d?c[d]:void 0},select:function(b){var c=a(b);c.hasClass("selected")||(c.addClass("selected"),a(b.firstChild).trigger("select"))},deselect:function(b){var c=a(b);c.hasClass("selected")&&(c.removeClass("selected"),a(b.firstChild).trigger("deselect"))}}}(jQuery);

wp-includes/js/plupload/handlers.js

@@ -334,15 +334,24 @@ function uploadError(fileObj, errorCode, message, uploader) {
 	}
 }
 
-function uploadSizeError( up, file, over100mb ) {
-	var message;
+function uploadSizeError( up, file ) {
+	var message, errorDiv;
 
-	if ( over100mb )
-		message = pluploadL10n.big_upload_queued.replace('%s', file.name) + ' ' + pluploadL10n.big_upload_failed.replace('%1$s', '<a class="uploader-html" href="#">').replace('%2$s', '</a>');
-	else
-		message = pluploadL10n.file_exceeds_size_limit.replace('%s', file.name);
+	message = pluploadL10n.file_exceeds_size_limit.replace('%s', file.name);
 
-	jQuery('#media-items').append('<div id="media-item-' + file.id + '" class="media-item error"><p>' + message + '</p></div>');
+	// Construct the error div.
+	errorDiv = jQuery( '<div />' )
+		.attr( {
+			'id':    'media-item-' + file.id,
+			'class': 'media-item error'
+		} )
+		.append(
+			jQuery( '<p />' )
+				.text( message )
+		);
+
+	// Append the error.
+	jQuery('#media-items').append( errorDiv );
 	up.removeFile(file);
 }
 

wp-includes/js/plupload/wp-plupload.min.js

@@ -1 +1 @@
-window.wp=window.wp||{},function(a,b){var c;"undefined"!=typeof _wpPluploadSettings&&(c=function(a){var d,e,f=this,g={container:"container",browser:"browse_button",dropzone:"drop_element"};if(this.supports={upload:c.browser.supported},this.supported=this.supports.upload,this.supported){this.plupload=b.extend(!0,{multipart_params:{}},c.defaults),this.container=document.body,b.extend(!0,this,a);for(d in this)b.isFunction(this[d])&&(this[d]=b.proxy(this[d],this));for(d in g)this[d]&&(this[d]=b(this[d]).first(),this[d].length?(this[d].prop("id")||this[d].prop("id","__wp-uploader-id-"+c.uuid++),this.plupload[g[d]]=this[d].prop("id")):delete this[d]);(this.browser&&this.browser.length||this.dropzone&&this.dropzone.length)&&(this.uploader=new plupload.Uploader(this.plupload),delete this.plupload,this.param(this.params||{}),delete this.params,e=function(a,b,d){d.attachment&&d.attachment.destroy(),c.errors.unshift({message:a||pluploadL10n.default_error,data:b,file:d}),f.error(a,b,d)},this.uploader.init(),this.supports.dragdrop=this.uploader.features.dragdrop&&!c.browser.mobile,function(a,b){var c,d;if(a){if(a.toggleClass("supports-drag-drop",!!b),!b)return a.unbind(".wp-uploader");a.bind("dragover.wp-uploader",function(){c&&clearTimeout(c),d||(a.trigger("dropzone:enter").addClass("drag-over"),d=!0)}),a.bind("dragleave.wp-uploader, drop.wp-uploader",function(){c=setTimeout(function(){d=!1,a.trigger("dropzone:leave").removeClass("drag-over")},0)})}}(this.dropzone,this.supports.dragdrop),this.browser?this.browser.on("mouseenter",this.refresh):(this.uploader.disableBrowse(!0),b("#"+this.uploader.id+"_html5_container").hide()),this.uploader.bind("FilesAdded",function(a,b){_.each(b,function(a){var b,d;plupload.FAILED!==a.status&&(b=_.extend({file:a,uploading:!0,date:new Date,filename:a.name,menuOrder:0,uploadedTo:wp.media.model.settings.post.id},_.pick(a,"loaded","size","percent")),d=/(?:jpe?g|png|gif)$/i.exec(a.name),d&&(b.type="image",b.subtype="jpg"===d[0]?"jpeg":d[0]),a.attachment=wp.media.model.Attachment.create(b),c.queue.add(a.attachment),f.added(a.attachment))}),a.refresh(),a.start()}),this.uploader.bind("UploadProgress",function(a,b){b.attachment.set(_.pick(b,"loaded","percent")),f.progress(b.attachment)}),this.uploader.bind("FileUploaded",function(a,b,d){var g;try{d=JSON.parse(d.response)}catch(h){return e(pluploadL10n.default_error,h,b)}return!_.isObject(d)||_.isUndefined(d.success)?e(pluploadL10n.default_error,null,b):d.success?(_.each(["file","loaded","size","percent"],function(a){b.attachment.unset(a)}),b.attachment.set(_.extend(d.data,{uploading:!1})),wp.media.model.Attachment.get(d.data.id,b.attachment),g=c.queue.all(function(a){return!a.get("uploading")}),g&&c.queue.reset(),f.success(b.attachment),void 0):e(d.data&&d.data.message,d.data,b)}),this.uploader.bind("Error",function(a,b){var d,f=pluploadL10n.default_error;for(d in c.errorMap)if(b.code===plupload[d]){f=c.errorMap[d],_.isFunction(f)&&(f=f(b.file,b));break}e(f,b,b.file),a.refresh()}),this.init())}},b.extend(c,_wpPluploadSettings),c.uuid=0,c.errorMap={FAILED:pluploadL10n.upload_failed,FILE_EXTENSION_ERROR:pluploadL10n.invalid_filetype,IMAGE_FORMAT_ERROR:pluploadL10n.not_an_image,IMAGE_MEMORY_ERROR:pluploadL10n.image_memory_exceeded,IMAGE_DIMENSIONS_ERROR:pluploadL10n.image_dimensions_exceeded,GENERIC_ERROR:pluploadL10n.upload_failed,IO_ERROR:pluploadL10n.io_error,HTTP_ERROR:pluploadL10n.http_error,SECURITY_ERROR:pluploadL10n.security_error,FILE_SIZE_ERROR:function(a){return pluploadL10n.file_exceeds_size_limit.replace("%s",a.name)}},b.extend(c.prototype,{param:function(a,c){return 1===arguments.length&&"string"==typeof a?this.uploader.settings.multipart_params[a]:(arguments.length>1?this.uploader.settings.multipart_params[a]=c:b.extend(this.uploader.settings.multipart_params,a),void 0)},init:function(){},error:function(){},success:function(){},added:function(){},progress:function(){},complete:function(){},refresh:function(){var a,c,d,e;if(this.browser){for(a=this.browser[0];a;){if(a===document.body){c=!0;break}a=a.parentNode}c||(e="wp-uploader-browser-"+this.uploader.id,d=b("#"+e),d.length||(d=b('<div class="wp-uploader-browser" />').css({position:"fixed",top:"-1000px",left:"-1000px",height:0,width:0}).attr("id","wp-uploader-browser-"+this.uploader.id).appendTo("body")),d.append(this.browser))}this.uploader.refresh()}}),c.queue=new wp.media.model.Attachments([],{query:!1}),c.errors=new Backbone.Collection,a.Uploader=c)}(wp,jQuery);
+window.wp=window.wp||{},function(a,b){var c;"undefined"!=typeof _wpPluploadSettings&&(c=function(a){var d,e,f=this,g={container:"container",browser:"browse_button",dropzone:"drop_element"};if(this.supports={upload:c.browser.supported},this.supported=this.supports.upload,this.supported){this.plupload=b.extend(!0,{multipart_params:{}},c.defaults),this.container=document.body,b.extend(!0,this,a);for(d in this)b.isFunction(this[d])&&(this[d]=b.proxy(this[d],this));for(d in g)this[d]&&(this[d]=b(this[d]).first(),this[d].length?(this[d].prop("id")||this[d].prop("id","__wp-uploader-id-"+c.uuid++),this.plupload[g[d]]=this[d].prop("id")):delete this[d]);(this.browser&&this.browser.length||this.dropzone&&this.dropzone.length)&&(this.uploader=new plupload.Uploader(this.plupload),delete this.plupload,this.param(this.params||{}),delete this.params,e=function(a,b,d){d.attachment&&d.attachment.destroy(),c.errors.unshift({message:a||pluploadL10n.default_error,data:b,file:d}),f.error(a,b,d)},this.uploader.init(),this.supports.dragdrop=this.uploader.features.dragdrop&&!c.browser.mobile,function(a,b){var c,d;if(a){if(a.toggleClass("supports-drag-drop",!!b),!b)return a.unbind(".wp-uploader");a.bind("dragover.wp-uploader",function(){c&&clearTimeout(c),d||(a.trigger("dropzone:enter").addClass("drag-over"),d=!0)}),a.bind("dragleave.wp-uploader, drop.wp-uploader",function(){c=setTimeout(function(){d=!1,a.trigger("dropzone:leave").removeClass("drag-over")},0)})}}(this.dropzone,this.supports.dragdrop),this.browser?this.browser.on("mouseenter",this.refresh):(this.uploader.disableBrowse(!0),b("#"+this.uploader.id+"_html5_container").hide()),this.uploader.bind("FilesAdded",function(a,b){_.each(b,function(a){var b,d;plupload.FAILED!==a.status&&(b=_.extend({file:a,uploading:!0,date:new Date,filename:a.name,menuOrder:0,uploadedTo:wp.media.model.settings.post.id},_.pick(a,"loaded","size","percent")),d=/(?:jpe?g|png|gif)$/i.exec(a.name),d&&(b.type="image",b.subtype="jpg"===d[0]?"jpeg":d[0]),a.attachment=wp.media.model.Attachment.create(b),c.queue.add(a.attachment),f.added(a.attachment))}),a.refresh(),a.start()}),this.uploader.bind("UploadProgress",function(a,b){b.attachment.set(_.pick(b,"loaded","percent")),f.progress(b.attachment)}),this.uploader.bind("FileUploaded",function(a,b,d){var g;try{d=JSON.parse(d.response)}catch(h){return e(pluploadL10n.default_error,h,b)}return!_.isObject(d)||_.isUndefined(d.success)?e(pluploadL10n.default_error,null,b):d.success?(_.each(["file","loaded","size","percent"],function(a){b.attachment.unset(a)}),b.attachment.set(_.extend(d.data,{uploading:!1})),wp.media.model.Attachment.get(d.data.id,b.attachment),g=c.queue.all(function(a){return!a.get("uploading")}),g&&c.queue.reset(),void f.success(b.attachment)):e(d.data&&d.data.message,d.data,b)}),this.uploader.bind("Error",function(a,b){var d,f=pluploadL10n.default_error;for(d in c.errorMap)if(b.code===plupload[d]){f=c.errorMap[d],_.isFunction(f)&&(f=f(b.file,b));break}e(f,b,b.file),a.refresh()}),this.init())}},b.extend(c,_wpPluploadSettings),c.uuid=0,c.errorMap={FAILED:pluploadL10n.upload_failed,FILE_EXTENSION_ERROR:pluploadL10n.invalid_filetype,IMAGE_FORMAT_ERROR:pluploadL10n.not_an_image,IMAGE_MEMORY_ERROR:pluploadL10n.image_memory_exceeded,IMAGE_DIMENSIONS_ERROR:pluploadL10n.image_dimensions_exceeded,GENERIC_ERROR:pluploadL10n.upload_failed,IO_ERROR:pluploadL10n.io_error,HTTP_ERROR:pluploadL10n.http_error,SECURITY_ERROR:pluploadL10n.security_error,FILE_SIZE_ERROR:function(a){return pluploadL10n.file_exceeds_size_limit.replace("%s",a.name)}},b.extend(c.prototype,{param:function(a,c){return 1===arguments.length&&"string"==typeof a?this.uploader.settings.multipart_params[a]:void(arguments.length>1?this.uploader.settings.multipart_params[a]=c:b.extend(this.uploader.settings.multipart_params,a))},init:function(){},error:function(){},success:function(){},added:function(){},progress:function(){},complete:function(){},refresh:function(){var a,c,d,e;if(this.browser){for(a=this.browser[0];a;){if(a===document.body){c=!0;break}a=a.parentNode}c||(e="wp-uploader-browser-"+this.uploader.id,d=b("#"+e),d.length||(d=b('<div class="wp-uploader-browser" />').css({position:"fixed",top:"-1000px",left:"-1000px",height:0,width:0}).attr("id","wp-uploader-browser-"+this.uploader.id).appendTo("body")),d.append(this.browser))}this.uploader.refresh()}}),c.queue=new wp.media.model.Attachments([],{query:!1}),c.errors=new Backbone.Collection,a.Uploader=c)}(wp,jQuery);

wp-includes/js/shortcode.min.js

@@ -1 +1 @@
-window.wp=window.wp||{},function(){wp.shortcode={next:function(a,b,c){var d,e,f=wp.shortcode.regexp(a);return f.lastIndex=c||0,(d=f.exec(b))?"["===d[1]&&"]"===d[7]?wp.shortcode.next(a,b,f.lastIndex):(e={index:d.index,content:d[0],shortcode:wp.shortcode.fromMatch(d)},d[1]&&(e.match=e.match.slice(1),e.index++),d[7]&&(e.match=e.match.slice(0,-1)),e):void 0},replace:function(a,b,c){return b.replace(wp.shortcode.regexp(a),function(a,b,d,e,f,g,h,i){if("["===b&&"]"===i)return a;var j=c(wp.shortcode.fromMatch(arguments));return j?b+j+i:a})},string:function(a){return new wp.shortcode(a).string()},regexp:_.memoize(function(a){return new RegExp("\\[(\\[?)("+a+")(?![\\w-])([^\\]\\/]*(?:\\/(?!\\])[^\\]\\/]*)*?)(?:(\\/)\\]|\\](?:([^\\[]*(?:\\[(?!\\/\\2\\])[^\\[]*)*)(\\[\\/\\2\\]))?)(\\]?)","g")}),attrs:_.memoize(function(a){var b,c,d={},e=[];for(b=/(\w+)\s*=\s*"([^"]*)"(?:\s|$)|(\w+)\s*=\s*\'([^\']*)\'(?:\s|$)|(\w+)\s*=\s*([^\s\'"]+)(?:\s|$)|"([^"]*)"(?:\s|$)|(\S+)(?:\s|$)/g,a=a.replace(/[\u00a0\u200b]/g," ");c=b.exec(a);)c[1]?d[c[1].toLowerCase()]=c[2]:c[3]?d[c[3].toLowerCase()]=c[4]:c[5]?d[c[5].toLowerCase()]=c[6]:c[7]?e.push(c[7]):c[8]&&e.push(c[8]);return{named:d,numeric:e}}),fromMatch:function(a){var b;return b=a[4]?"self-closing":a[6]?"closed":"single",new wp.shortcode({tag:a[2],attrs:a[3],type:b,content:a[5]})}},wp.shortcode=_.extend(function(a){_.extend(this,_.pick(a||{},"tag","attrs","type","content"));var b=this.attrs;this.attrs={named:{},numeric:[]},b&&(_.isString(b)?this.attrs=wp.shortcode.attrs(b):_.isEqual(_.keys(b),["named","numeric"])?this.attrs=b:_.each(a.attrs,function(a,b){this.set(b,a)},this))},wp.shortcode),_.extend(wp.shortcode.prototype,{get:function(a){return this.attrs[_.isNumber(a)?"numeric":"named"][a]},set:function(a,b){return this.attrs[_.isNumber(a)?"numeric":"named"][a]=b,this},string:function(){var a="["+this.tag;return _.each(this.attrs.numeric,function(b){a+=/\s/.test(b)?' "'+b+'"':" "+b}),_.each(this.attrs.named,function(b,c){a+=" "+c+'="'+b+'"'}),"single"===this.type?a+"]":"self-closing"===this.type?a+" /]":(a+="]",this.content&&(a+=this.content),a+"[/"+this.tag+"]")}})}(),function(){wp.html=_.extend(wp.html||{},{attrs:function(a){var b,c;return"/"===a[a.length-1]&&(a=a.slice(0,-1)),b=wp.shortcode.attrs(a),c=b.named,_.each(b.numeric,function(a){/\s/.test(a)||(c[a]="")}),c},string:function(a){var b="<"+a.tag,c=a.content||"";return _.each(a.attrs,function(a,c){b+=" "+c,""!==a&&(_.isBoolean(a)&&(a=a?"true":"false"),b+='="'+a+'"')}),a.single?b+" />":(b+=">",b+=_.isObject(c)?wp.html.string(c):c,b+"</"+a.tag+">")}})}();
+window.wp=window.wp||{},function(){wp.shortcode={next:function(a,b,c){var d,e,f=wp.shortcode.regexp(a);return f.lastIndex=c||0,(d=f.exec(b))?"["===d[1]&&"]"===d[7]?wp.shortcode.next(a,b,f.lastIndex):(e={index:d.index,content:d[0],shortcode:wp.shortcode.fromMatch(d)},d[1]&&(e.match=e.match.slice(1),e.index++),d[7]&&(e.match=e.match.slice(0,-1)),e):void 0},replace:function(a,b,c){return b.replace(wp.shortcode.regexp(a),function(a,b,d,e,f,g,h,i,j){if("["===b&&"]"===i)return a;var k=c(wp.shortcode.fromMatch(arguments));return k?b+k+i:a})},string:function(a){return new wp.shortcode(a).string()},regexp:_.memoize(function(a){return new RegExp("\\[(\\[?)("+a+")(?![\\w-])([^\\]\\/]*(?:\\/(?!\\])[^\\]\\/]*)*?)(?:(\\/)\\]|\\](?:([^\\[]*(?:\\[(?!\\/\\2\\])[^\\[]*)*)(\\[\\/\\2\\]))?)(\\]?)","g")}),attrs:_.memoize(function(a){var b,c,d={},e=[];for(b=/(\w+)\s*=\s*"([^"]*)"(?:\s|$)|(\w+)\s*=\s*\'([^\']*)\'(?:\s|$)|(\w+)\s*=\s*([^\s\'"]+)(?:\s|$)|"([^"]*)"(?:\s|$)|(\S+)(?:\s|$)/g,a=a.replace(/[\u00a0\u200b]/g," ");c=b.exec(a);)c[1]?d[c[1].toLowerCase()]=c[2]:c[3]?d[c[3].toLowerCase()]=c[4]:c[5]?d[c[5].toLowerCase()]=c[6]:c[7]?e.push(c[7]):c[8]&&e.push(c[8]);return{named:d,numeric:e}}),fromMatch:function(a){var b;return b=a[4]?"self-closing":a[6]?"closed":"single",new wp.shortcode({tag:a[2],attrs:a[3],type:b,content:a[5]})}},wp.shortcode=_.extend(function(a){_.extend(this,_.pick(a||{},"tag","attrs","type","content"));var b=this.attrs;this.attrs={named:{},numeric:[]},b&&(_.isString(b)?this.attrs=wp.shortcode.attrs(b):_.isEqual(_.keys(b),["named","numeric"])?this.attrs=b:_.each(a.attrs,function(a,b){this.set(b,a)},this))},wp.shortcode),_.extend(wp.shortcode.prototype,{get:function(a){return this.attrs[_.isNumber(a)?"numeric":"named"][a]},set:function(a,b){return this.attrs[_.isNumber(a)?"numeric":"named"][a]=b,this},string:function(){var a="["+this.tag;return _.each(this.attrs.numeric,function(b){a+=/\s/.test(b)?' "'+b+'"':" "+b}),_.each(this.attrs.named,function(b,c){a+=" "+c+'="'+b+'"'}),"single"===this.type?a+"]":"self-closing"===this.type?a+" /]":(a+="]",this.content&&(a+=this.content),a+"[/"+this.tag+"]")}})}(),function(){wp.html=_.extend(wp.html||{},{attrs:function(a){var b,c;return"/"===a[a.length-1]&&(a=a.slice(0,-1)),b=wp.shortcode.attrs(a),c=b.named,_.each(b.numeric,function(a){/\s/.test(a)||(c[a]="")}),c},string:function(a){var b="<"+a.tag,c=a.content||"";return _.each(a.attrs,function(a,c){b+=" "+c,""!==a&&(_.isBoolean(a)&&(a=a?"true":"false"),b+='="'+a+'"')}),a.single?b+" />":(b+=">",b+=_.isObject(c)?wp.html.string(c):c,b+"</"+a.tag+">")}})}();

wp-includes/js/tinymce/plugins/wpdialogs/editor_plugin.js

@@ -1 +1 @@
-!function(){tinymce.create("tinymce.plugins.WPDialogs",{init:function(a){tinymce.create("tinymce.WPWindowManager:tinymce.InlineWindowManager",{WPWindowManager:function(a){this.parent(a)},open:function(a,b){var c,d=this;return a.wpDialog?(a.id&&(c=jQuery("#"+a.id),c.length&&(d.features=a,d.params=b,d.onOpen.dispatch(d,a,b),d.element=d.windows[a.id]=c,d.bookmark=d.editor.selection.getBookmark(1),c.data("wpdialog")||c.wpdialog({title:a.title,width:a.width,height:a.height,modal:!0,dialogClass:"wp-dialog",zIndex:3e5}),c.wpdialog("open"))),void 0):this.parent(a,b)},close:function(){return this.features.wpDialog?(this.element.wpdialog("close"),void 0):this.parent.apply(this,arguments)}}),a.onBeforeRenderUI.add(function(){a.windowManager=new tinymce.WPWindowManager(a)})},getInfo:function(){return{longname:"WPDialogs",author:"WordPress",authorurl:"http://wordpress.org",infourl:"http://wordpress.org",version:"0.1"}}}),tinymce.PluginManager.add("wpdialogs",tinymce.plugins.WPDialogs)}();
+!function(){tinymce.create("tinymce.plugins.WPDialogs",{init:function(a,b){tinymce.create("tinymce.WPWindowManager:tinymce.InlineWindowManager",{WPWindowManager:function(a){this.parent(a)},open:function(a,b){var c,d=this;return a.wpDialog?void(a.id&&(c=jQuery("#"+a.id),c.length&&(d.features=a,d.params=b,d.onOpen.dispatch(d,a,b),d.element=d.windows[a.id]=c,d.bookmark=d.editor.selection.getBookmark(1),c.data("wpdialog")||c.wpdialog({title:a.title,width:a.width,height:a.height,modal:!0,dialogClass:"wp-dialog",zIndex:3e5}),c.wpdialog("open")))):this.parent(a,b)},close:function(){return this.features.wpDialog?void this.element.wpdialog("close"):this.parent.apply(this,arguments)}}),a.onBeforeRenderUI.add(function(){a.windowManager=new tinymce.WPWindowManager(a)})},getInfo:function(){return{longname:"WPDialogs",author:"WordPress",authorurl:"http://wordpress.org",infourl:"http://wordpress.org",version:"0.1"}}}),tinymce.PluginManager.add("wpdialogs",tinymce.plugins.WPDialogs)}();

wp-includes/js/tinymce/plugins/wpdialogs/js/popup.min.js

@@ -1 +1 @@
-var tinyMCEPopup={init:function(){var a,b=this;a=b.getWin(),tinymce=a.tinymce,tinyMCE=a.tinyMCE,b.editor=tinymce.EditorManager.activeEditor,b.params=b.editor.windowManager.params,b.features=b.editor.windowManager.features,b.dom=tinymce.dom,b.listeners=[],b.onInit={add:function(a,c){b.listeners.push({func:a,scope:c})}},b.isWindow=!1,b.id=b.features.id,b.editor.windowManager.onOpen.dispatch(b.editor.windowManager,window)},getWin:function(){return window},getWindowArg:function(a,b){var c=this.params[a];return tinymce.is(c)?c:b},getParam:function(a,b){return this.editor.getParam(a,b)},getLang:function(a,b){return this.editor.getLang(a,b)},execCommand:function(a,b,c,d){return d=d||{},d.skip_focus=1,this.restoreSelection(),this.editor.execCommand(a,b,c,d)},resizeToInnerSize:function(){var a=this;setTimeout(function(){var b=a.dom.getViewPort(window);a.editor.windowManager.resizeBy(a.getWindowArg("mce_width")-b.w,a.getWindowArg("mce_height")-b.h,a.id||window)},0)},executeOnLoad:function(s){this.onInit.add(function(){eval(s)})},storeSelection:function(){this.editor.windowManager.bookmark=tinyMCEPopup.editor.selection.getBookmark(1)},restoreSelection:function(){var a=tinyMCEPopup;!a.isWindow&&tinymce.isIE&&a.editor.selection.moveToBookmark(a.editor.windowManager.bookmark)},requireLangPack:function(){var a=this,b=a.getWindowArg("plugin_url")||a.getWindowArg("theme_url");b&&a.editor.settings.language&&a.features.translate_i18n!==!1&&(b+="/langs/"+a.editor.settings.language+"_dlg.js",tinymce.ScriptLoader.isDone(b)||(document.write('<script type="text/javascript" src="'+tinymce._addVer(b)+'"></script>'),tinymce.ScriptLoader.markDone(b)))},pickColor:function(a,b){this.execCommand("mceColorPicker",!0,{color:document.getElementById(b).value,func:function(a){document.getElementById(b).value=a;try{document.getElementById(b).onchange()}catch(c){}}})},openBrowser:function(a,b){tinyMCEPopup.restoreSelection(),this.editor.execCallback("file_browser_callback",a,document.getElementById(a).value,b,window)},confirm:function(a,b,c){this.editor.windowManager.confirm(a,b,c,window)},alert:function(a,b,c){this.editor.windowManager.alert(a,b,c,window)},close:function(){function a(){b.editor.windowManager.close(window),b.editor=null}var b=this;tinymce.isOpera?b.getWin().setTimeout(a,0):a()},_restoreSelection:function(a){var b=a&&a.target?a.target:window.event.srcElement;"INPUT"!=b.nodeName||"submit"!=b.type&&"button"!=b.type||tinyMCEPopup.restoreSelection()},_onDOMLoaded:function(){var a,b,c=tinyMCEPopup,d=document.title;c.domLoaded||(c.domLoaded=1,tinyMCEPopup.init(),c.features.translate_i18n!==!1&&(a=document.body.innerHTML,tinymce.isIE&&(a=a.replace(/ (value|title|alt)=([^"][^\s>]+)/gi,' $1="$2"')),document.dir=c.editor.getParam("directionality",""),(b=c.editor.translate(a))&&b!=a&&(document.body.innerHTML=b),(b=c.editor.translate(d))&&b!=d&&(document.title=d=b)),document.body.style.display="",tinymce.isIE&&!tinymce.isIE11?(document.attachEvent("onmouseup",tinyMCEPopup._restoreSelection),c.dom.add(c.dom.select("head")[0],"base",{target:"_self"})):tinymce.isIE11&&document.addEventListener("mouseup",tinyMCEPopup._restoreSelection,!1),c.restoreSelection(),c.isWindow?window.focus():c.editor.windowManager.setTitle(window,d),tinymce.isIE||c.isWindow||tinymce.dom.Event._add(document,"focus",function(){c.editor.windowManager.focus(c.id)}),tinymce.each(c.dom.select("select"),function(a){a.onkeydown=tinyMCEPopup._accessHandler}),tinymce.each(c.listeners,function(a){a.func.call(a.scope,c.editor)}),c.getWindowArg("mce_auto_focus",!0)&&(window.focus(),tinymce.each(document.forms,function(a){tinymce.each(a.elements,function(a){return c.dom.hasClass(a,"mceFocus")&&!a.disabled?(a.focus(),!1):void 0})})),document.onkeyup=tinyMCEPopup._closeWinKeyHandler)},_accessHandler:function(a){return a=a||window.event,13==a.keyCode||32==a.keyCode?(a=a.target||a.srcElement,a.onchange&&a.onchange(),tinymce.dom.Event.cancel(a)):void 0},_closeWinKeyHandler:function(a){a=a||window.event,27==a.keyCode&&tinyMCEPopup.close()},_wait:function(){document.attachEvent?(document.attachEvent("onreadystatechange",function(){"complete"===document.readyState&&(document.detachEvent("onreadystatechange",arguments.callee),tinyMCEPopup._onDOMLoaded())}),document.documentElement.doScroll&&window==window.top&&!function(){if(!tinyMCEPopup.domLoaded){try{document.documentElement.doScroll("left")}catch(a){return setTimeout(arguments.callee,0),void 0}tinyMCEPopup._onDOMLoaded()}}(),document.attachEvent("onload",tinyMCEPopup._onDOMLoaded)):document.addEventListener&&(window.addEventListener("DOMContentLoaded",tinyMCEPopup._onDOMLoaded,!1),window.addEventListener("load",tinyMCEPopup._onDOMLoaded,!1))}};
+var tinyMCEPopup={init:function(){var a,b=this;a=b.getWin(),tinymce=a.tinymce,tinyMCE=a.tinyMCE,b.editor=tinymce.EditorManager.activeEditor,b.params=b.editor.windowManager.params,b.features=b.editor.windowManager.features,b.dom=tinymce.dom,b.listeners=[],b.onInit={add:function(a,c){b.listeners.push({func:a,scope:c})}},b.isWindow=!1,b.id=b.features.id,b.editor.windowManager.onOpen.dispatch(b.editor.windowManager,window)},getWin:function(){return window},getWindowArg:function(a,b){var c=this.params[a];return tinymce.is(c)?c:b},getParam:function(a,b){return this.editor.getParam(a,b)},getLang:function(a,b){return this.editor.getLang(a,b)},execCommand:function(a,b,c,d){return d=d||{},d.skip_focus=1,this.restoreSelection(),this.editor.execCommand(a,b,c,d)},resizeToInnerSize:function(){var a=this;setTimeout(function(){var b=a.dom.getViewPort(window);a.editor.windowManager.resizeBy(a.getWindowArg("mce_width")-b.w,a.getWindowArg("mce_height")-b.h,a.id||window)},0)},executeOnLoad:function(s){this.onInit.add(function(){eval(s)})},storeSelection:function(){this.editor.windowManager.bookmark=tinyMCEPopup.editor.selection.getBookmark(1)},restoreSelection:function(){var a=tinyMCEPopup;!a.isWindow&&tinymce.isIE&&a.editor.selection.moveToBookmark(a.editor.windowManager.bookmark)},requireLangPack:function(){var a=this,b=a.getWindowArg("plugin_url")||a.getWindowArg("theme_url");b&&a.editor.settings.language&&a.features.translate_i18n!==!1&&(b+="/langs/"+a.editor.settings.language+"_dlg.js",tinymce.ScriptLoader.isDone(b)||(document.write('<script type="text/javascript" src="'+tinymce._addVer(b)+'"></script>'),tinymce.ScriptLoader.markDone(b)))},pickColor:function(a,b){this.execCommand("mceColorPicker",!0,{color:document.getElementById(b).value,func:function(a){document.getElementById(b).value=a;try{document.getElementById(b).onchange()}catch(c){}}})},openBrowser:function(a,b,c){tinyMCEPopup.restoreSelection(),this.editor.execCallback("file_browser_callback",a,document.getElementById(a).value,b,window)},confirm:function(a,b,c){this.editor.windowManager.confirm(a,b,c,window)},alert:function(a,b,c){this.editor.windowManager.alert(a,b,c,window)},close:function(){function a(){b.editor.windowManager.close(window),b.editor=null}var b=this;tinymce.isOpera?b.getWin().setTimeout(a,0):a()},_restoreSelection:function(a){var b=a&&a.target?a.target:window.event.srcElement;"INPUT"!=b.nodeName||"submit"!=b.type&&"button"!=b.type||tinyMCEPopup.restoreSelection()},_onDOMLoaded:function(){var a,b,c=tinyMCEPopup,d=document.title;c.domLoaded||(c.domLoaded=1,tinyMCEPopup.init(),c.features.translate_i18n!==!1&&(a=document.body.innerHTML,tinymce.isIE&&(a=a.replace(/ (value|title|alt)=([^"][^\s>]+)/gi,' $1="$2"')),document.dir=c.editor.getParam("directionality",""),(b=c.editor.translate(a))&&b!=a&&(document.body.innerHTML=b),(b=c.editor.translate(d))&&b!=d&&(document.title=d=b)),document.body.style.display="",tinymce.isIE&&!tinymce.isIE11?(document.attachEvent("onmouseup",tinyMCEPopup._restoreSelection),c.dom.add(c.dom.select("head")[0],"base",{target:"_self"})):tinymce.isIE11&&document.addEventListener("mouseup",tinyMCEPopup._restoreSelection,!1),c.restoreSelection(),c.isWindow?window.focus():c.editor.windowManager.setTitle(window,d),tinymce.isIE||c.isWindow||tinymce.dom.Event._add(document,"focus",function(){c.editor.windowManager.focus(c.id)}),tinymce.each(c.dom.select("select"),function(a){a.onkeydown=tinyMCEPopup._accessHandler}),tinymce.each(c.listeners,function(a){a.func.call(a.scope,c.editor)}),c.getWindowArg("mce_auto_focus",!0)&&(window.focus(),tinymce.each(document.forms,function(a){tinymce.each(a.elements,function(a){return c.dom.hasClass(a,"mceFocus")&&!a.disabled?(a.focus(),!1):void 0})})),document.onkeyup=tinyMCEPopup._closeWinKeyHandler)},_accessHandler:function(a){return a=a||window.event,13==a.keyCode||32==a.keyCode?(a=a.target||a.srcElement,a.onchange&&a.onchange(),tinymce.dom.Event.cancel(a)):void 0},_closeWinKeyHandler:function(a){a=a||window.event,27==a.keyCode&&tinyMCEPopup.close()},_wait:function(){document.attachEvent?(document.attachEvent("onreadystatechange",function(){"complete"===document.readyState&&(document.detachEvent("onreadystatechange",arguments.callee),tinyMCEPopup._onDOMLoaded())}),document.documentElement.doScroll&&window==window.top&&!function(){if(!tinyMCEPopup.domLoaded){try{document.documentElement.doScroll("left")}catch(a){return void setTimeout(arguments.callee,0)}tinyMCEPopup._onDOMLoaded()}}(),document.attachEvent("onload",tinyMCEPopup._onDOMLoaded)):document.addEventListener&&(window.addEventListener("DOMContentLoaded",tinyMCEPopup._onDOMLoaded,!1),window.addEventListener("load",tinyMCEPopup._onDOMLoaded,!1))}};

wp-includes/js/tinymce/plugins/wpfullscreen/editor_plugin.js

@@ -1 +1 @@
-!function(){tinymce.create("tinymce.plugins.wpFullscreenPlugin",{resize_timeout:!1,init:function(a){function b(b,d){var e,f=tinymce.DOM,g=a.getBody(),h=f.get(a.id+"_ifr"),i=a.dom.win.scrollY;c.resize_timeout||(c.resize_timeout=!0,setTimeout(function(){c.resize_timeout=!1},500),e=g.scrollHeight>300?g.scrollHeight:300,e!=h.scrollHeight&&(f.setStyle(h,"height",e+"px"),a.getWin().scrollTo(0,0)),d&&"paste"==d.type&&tinymce.isWebKit&&setTimeout(function(){a.dom.win.scrollTo(0,i)},40))}var c=this,d={},e=tinymce.DOM;a.addCommand("wpFullScreenClose",function(){a.getParam("wp_fullscreen_is_enabled")&&e.win.setTimeout(function(){tinyMCE.remove(a),e.remove("wp_mce_fullscreen_parent"),tinyMCE.settings=tinyMCE.oldSettings},10)}),a.addCommand("wpFullScreenSave",function(){var a,b=tinyMCE.get("wp_mce_fullscreen");b.focus(),a=tinyMCE.get(b.getParam("wp_fullscreen_editor_id")),a.setContent(b.getContent({format:"raw"}),{format:"raw"})}),a.addCommand("wpFullScreenInit",function(){var b,c,e;a=tinyMCE.activeEditor,b=a.getDoc(),c=b.body,tinyMCE.oldSettings=tinyMCE.settings,tinymce.each(a.settings,function(a,b){d[b]=a}),d.id="wp_mce_fullscreen",d.wp_fullscreen_is_enabled=!0,d.wp_fullscreen_editor_id=a.id,d.theme_advanced_resizing=!1,d.theme_advanced_statusbar_location="none",d.content_css=d.content_css?d.content_css+","+d.wp_fullscreen_content_css:d.wp_fullscreen_content_css,d.height=tinymce.isIE?c.scrollHeight:c.offsetHeight,tinymce.each(a.getParam("wp_fullscreen_settings"),function(a,b){d[b]=a}),e=new tinymce.Editor("wp_mce_fullscreen",d),e.onInit.add(function(b){var c=tinymce.DOM,d=c.select("a.mceButton",c.get("wp-fullscreen-buttons"));a.isHidden()?b.setContent(switchEditors.wpautop(b.getElement().value)):b.setContent(a.getContent()),setTimeout(function(){b.onNodeChange.add(function(){tinymce.each(d,function(a){var b,d;(b=c.get("wp_mce_fullscreen_"+a.id.substr(6)))&&(d=b.className,d&&(a.className=d))})})},1e3),b.dom.addClass(b.getBody(),"wp-fullscreen-editor"),b.focus()}),e.render(),"undefined"!=fullscreen&&e.dom.bind(e.dom.doc,"mousemove",function(a){fullscreen.bounder("showToolbar","hideToolbar",2e3,a)})}),a.addCommand("wpFullScreen",function(){"undefined"!=typeof fullscreen&&("wp_mce_fullscreen"==a.id?fullscreen.off():fullscreen.on())}),a.addButton("wp_fullscreen",{title:"wordpress.wp_fullscreen_desc",cmd:"wpFullScreen"}),!a.getParam("fullscreen_is_enabled")&&a.getParam("wp_fullscreen_is_enabled")&&(a.onInit.add(function(a){a.onChange.add(b),a.onSetContent.add(b),a.onPaste.add(b),a.onKeyUp.add(b),a.onPostRender.add(b),a.getBody().style.overflowY="hidden"}),a.getParam("autoresize_on_init",!0)&&a.onLoadContent.add(function(){setTimeout(function(){b()},1200)}),a.addCommand("wpAutoResize",b))},getInfo:function(){return{longname:"WP Fullscreen",author:"WordPress",authorurl:"http://wordpress.org",infourl:"",version:"1.0"}}}),tinymce.PluginManager.add("wpfullscreen",tinymce.plugins.wpFullscreenPlugin)}();
+!function(){tinymce.create("tinymce.plugins.wpFullscreenPlugin",{resize_timeout:!1,init:function(a,b){function c(b,c){var e,f=tinymce.DOM,g=a.getBody(),h=f.get(a.id+"_ifr"),i=a.dom.win.scrollY;d.resize_timeout||(d.resize_timeout=!0,setTimeout(function(){d.resize_timeout=!1},500),e=g.scrollHeight>300?g.scrollHeight:300,e!=h.scrollHeight&&(f.setStyle(h,"height",e+"px"),a.getWin().scrollTo(0,0)),c&&"paste"==c.type&&tinymce.isWebKit&&setTimeout(function(){a.dom.win.scrollTo(0,i)},40))}var d=this,e={},f=tinymce.DOM;a.addCommand("wpFullScreenClose",function(){a.getParam("wp_fullscreen_is_enabled")&&f.win.setTimeout(function(){tinyMCE.remove(a),f.remove("wp_mce_fullscreen_parent"),tinyMCE.settings=tinyMCE.oldSettings},10)}),a.addCommand("wpFullScreenSave",function(){var a,b=tinyMCE.get("wp_mce_fullscreen");b.focus(),a=tinyMCE.get(b.getParam("wp_fullscreen_editor_id")),a.setContent(b.getContent({format:"raw"}),{format:"raw"})}),a.addCommand("wpFullScreenInit",function(){var b,c,d;a=tinyMCE.activeEditor,b=a.getDoc(),c=b.body,tinyMCE.oldSettings=tinyMCE.settings,tinymce.each(a.settings,function(a,b){e[b]=a}),e.id="wp_mce_fullscreen",e.wp_fullscreen_is_enabled=!0,e.wp_fullscreen_editor_id=a.id,e.theme_advanced_resizing=!1,e.theme_advanced_statusbar_location="none",e.content_css=e.content_css?e.content_css+","+e.wp_fullscreen_content_css:e.wp_fullscreen_content_css,e.height=tinymce.isIE?c.scrollHeight:c.offsetHeight,tinymce.each(a.getParam("wp_fullscreen_settings"),function(a,b){e[b]=a}),d=new tinymce.Editor("wp_mce_fullscreen",e),d.onInit.add(function(b){var c=tinymce.DOM,d=c.select("a.mceButton",c.get("wp-fullscreen-buttons"));a.isHidden()?b.setContent(switchEditors.wpautop(b.getElement().value)):b.setContent(a.getContent()),setTimeout(function(){b.onNodeChange.add(function(a,b,e){tinymce.each(d,function(a){var b,d;(b=c.get("wp_mce_fullscreen_"+a.id.substr(6)))&&(d=b.className,d&&(a.className=d))})})},1e3),b.dom.addClass(b.getBody(),"wp-fullscreen-editor"),b.focus()}),d.render(),"undefined"!=fullscreen&&d.dom.bind(d.dom.doc,"mousemove",function(a){fullscreen.bounder("showToolbar","hideToolbar",2e3,a)})}),a.addCommand("wpFullScreen",function(){"undefined"!=typeof fullscreen&&("wp_mce_fullscreen"==a.id?fullscreen.off():fullscreen.on())}),a.addButton("wp_fullscreen",{title:"wordpress.wp_fullscreen_desc",cmd:"wpFullScreen"}),!a.getParam("fullscreen_is_enabled")&&a.getParam("wp_fullscreen_is_enabled")&&(a.onInit.add(function(a,b){a.onChange.add(c),a.onSetContent.add(c),a.onPaste.add(c),a.onKeyUp.add(c),a.onPostRender.add(c),a.getBody().style.overflowY="hidden"}),a.getParam("autoresize_on_init",!0)&&a.onLoadContent.add(function(a,b){setTimeout(function(){c()},1200)}),a.addCommand("wpAutoResize",c))},getInfo:function(){return{longname:"WP Fullscreen",author:"WordPress",authorurl:"http://wordpress.org",infourl:"",version:"1.0"}}}),tinymce.PluginManager.add("wpfullscreen",tinymce.plugins.wpFullscreenPlugin)}();

wp-includes/js/tinymce/plugins/wpgallery/editor_plugin.js

@@ -1 +1 @@
-!function(){tinymce.create("tinymce.plugins.wpGallery",{init:function(a,b){var c=this;c.url=b,c.editor=a,c._createButtons(),a.addCommand("WP_Gallery",function(){tinymce.isIE&&a.selection.moveToBookmark(a.wpGalleryBookmark);var b,c=a.selection.getNode(),d=wp.media.gallery;"undefined"!=typeof wp&&wp.media&&wp.media.gallery&&"IMG"==c.nodeName&&-1!=a.dom.getAttrib(c,"class").indexOf("wp-gallery")&&(b=d.edit("["+a.dom.getAttrib(c,"title")+"]"),b.state("gallery-edit").on("update",function(b){var e=d.shortcode(b).string().slice(1,-1);a.dom.setAttrib(c,"title",e)}))}),a.onInit.add(function(a){"ontouchstart"in window&&a.dom.events.add(a.getBody(),"touchstart",function(b){var c=b.target;"IMG"==c.nodeName&&a.dom.hasClass(c,"wp-gallery")&&(a.selection.select(c),a.dom.events.cancel(b),a.plugins.wordpress._hideButtons(),a.plugins.wordpress._showButtons(c,"wp_gallerybtns"))})}),a.onMouseDown.add(function(a,b){"IMG"==b.target.nodeName&&a.dom.hasClass(b.target,"wp-gallery")&&(a.plugins.wordpress._hideButtons(),a.plugins.wordpress._showButtons(b.target,"wp_gallerybtns"))}),a.onBeforeSetContent.add(function(a,b){b.content=c._do_gallery(b.content)}),a.onPostProcess.add(function(a,b){b.get&&(b.content=c._get_gallery(b.content))})},_do_gallery:function(a){return a.replace(/\[gallery([^\]]*)\]/g,function(a,b){return'<img src="'+tinymce.baseURL+'/plugins/wpgallery/img/t.gif" class="wp-gallery mceItem" title="gallery'+tinymce.DOM.encode(b)+'" />'})},_get_gallery:function(a){function b(a,b){return b=new RegExp(b+'="([^"]+)"',"g").exec(a),b?tinymce.DOM.decode(b[1]):""}return a.replace(/(?:<p[^>]*>)*(<img[^>]+>)(?:<\/p>)*/g,function(a,c){var d=b(c,"class");return-1!=d.indexOf("wp-gallery")?"<p>["+tinymce.trim(b(c,"title"))+"]</p>":a})},_createButtons:function(){var a,b,c,d=this,e=tinymce.activeEditor,f=tinymce.DOM;f.get("wp_gallerybtns")||(c=window.devicePixelRatio&&window.devicePixelRatio>1||window.matchMedia&&window.matchMedia("(min-resolution:130dpi)").matches,f.add(document.body,"div",{id:"wp_gallerybtns",style:"display:none;"}),a=f.add("wp_gallerybtns","img",{src:c?d.url+"/img/edit-2x.png":d.url+"/img/edit.png",id:"wp_editgallery",width:"24",height:"24",title:e.getLang("wordpress.editgallery")}),tinymce.dom.Event.add(a,"mousedown",function(){var a=tinymce.activeEditor;a.wpGalleryBookmark=a.selection.getBookmark("simple"),a.execCommand("WP_Gallery"),a.plugins.wordpress._hideButtons()}),b=f.add("wp_gallerybtns","img",{src:c?d.url+"/img/delete-2x.png":d.url+"/img/delete.png",id:"wp_delgallery",width:"24",height:"24",title:e.getLang("wordpress.delgallery")}),tinymce.dom.Event.add(b,"mousedown",function(a){var b=tinymce.activeEditor,c=b.selection.getNode();"IMG"==c.nodeName&&b.dom.hasClass(c,"wp-gallery")&&(b.dom.remove(c),b.execCommand("mceRepaint"),b.dom.events.cancel(a)),b.plugins.wordpress._hideButtons()}))},getInfo:function(){return{longname:"Gallery Settings",author:"WordPress",authorurl:"http://wordpress.org",infourl:"",version:"1.0"}}}),tinymce.PluginManager.add("wpgallery",tinymce.plugins.wpGallery)}();
+!function(){tinymce.create("tinymce.plugins.wpGallery",{init:function(a,b){var c=this;c.url=b,c.editor=a,c._createButtons(),a.addCommand("WP_Gallery",function(){tinymce.isIE&&a.selection.moveToBookmark(a.wpGalleryBookmark);var b,c=a.selection.getNode(),d=wp.media.gallery;"undefined"!=typeof wp&&wp.media&&wp.media.gallery&&"IMG"==c.nodeName&&-1!=a.dom.getAttrib(c,"class").indexOf("wp-gallery")&&(b=d.edit("["+a.dom.getAttrib(c,"title")+"]"),b.state("gallery-edit").on("update",function(b){var e=d.shortcode(b).string().slice(1,-1);a.dom.setAttrib(c,"title",e)}))}),a.onInit.add(function(a){"ontouchstart"in window&&a.dom.events.add(a.getBody(),"touchstart",function(b){var c=b.target;"IMG"==c.nodeName&&a.dom.hasClass(c,"wp-gallery")&&(a.selection.select(c),a.dom.events.cancel(b),a.plugins.wordpress._hideButtons(),a.plugins.wordpress._showButtons(c,"wp_gallerybtns"))})}),a.onMouseDown.add(function(a,b){"IMG"==b.target.nodeName&&a.dom.hasClass(b.target,"wp-gallery")&&(a.plugins.wordpress._hideButtons(),a.plugins.wordpress._showButtons(b.target,"wp_gallerybtns"))}),a.onBeforeSetContent.add(function(a,b){b.content=c._do_gallery(b.content)}),a.onPostProcess.add(function(a,b){b.get&&(b.content=c._get_gallery(b.content))})},_do_gallery:function(a){return a.replace(/\[gallery([^\]]*)\]/g,function(a,b){return'<img src="'+tinymce.baseURL+'/plugins/wpgallery/img/t.gif" class="wp-gallery mceItem" title="gallery'+tinymce.DOM.encode(b)+'" />'})},_get_gallery:function(a){function b(a,b){return b=new RegExp(b+'="([^"]+)"',"g").exec(a),b?tinymce.DOM.decode(b[1]):""}return a.replace(/(?:<p[^>]*>)*(<img[^>]+>)(?:<\/p>)*/g,function(a,c){var d=b(c,"class");return-1!=d.indexOf("wp-gallery")?"<p>["+tinymce.trim(b(c,"title"))+"]</p>":a})},_createButtons:function(){var a,b,c,d=this,e=tinymce.activeEditor,f=tinymce.DOM;f.get("wp_gallerybtns")||(c=window.devicePixelRatio&&window.devicePixelRatio>1||window.matchMedia&&window.matchMedia("(min-resolution:130dpi)").matches,f.add(document.body,"div",{id:"wp_gallerybtns",style:"display:none;"}),a=f.add("wp_gallerybtns","img",{src:c?d.url+"/img/edit-2x.png":d.url+"/img/edit.png",id:"wp_editgallery",width:"24",height:"24",title:e.getLang("wordpress.editgallery")}),tinymce.dom.Event.add(a,"mousedown",function(a){var b=tinymce.activeEditor;b.wpGalleryBookmark=b.selection.getBookmark("simple"),b.execCommand("WP_Gallery"),b.plugins.wordpress._hideButtons()}),b=f.add("wp_gallerybtns","img",{src:c?d.url+"/img/delete-2x.png":d.url+"/img/delete.png",id:"wp_delgallery",width:"24",height:"24",title:e.getLang("wordpress.delgallery")}),tinymce.dom.Event.add(b,"mousedown",function(a){var b=tinymce.activeEditor,c=b.selection.getNode();"IMG"==c.nodeName&&b.dom.hasClass(c,"wp-gallery")&&(b.dom.remove(c),b.execCommand("mceRepaint"),b.dom.events.cancel(a)),b.plugins.wordpress._hideButtons()}))},getInfo:function(){return{longname:"Gallery Settings",author:"WordPress",authorurl:"http://wordpress.org",infourl:"",version:"1.0"}}}),tinymce.PluginManager.add("wpgallery",tinymce.plugins.wpGallery)}();

wp-includes/js/tinymce/plugins/wpview/editor_plugin.js

@@ -1 +1 @@
-!function(){var a,b=tinymce.VK,c=tinymce.dom.TreeWalker;tinymce.create("tinymce.plugins.wpView",{init:function(d){var e=this;"undefined"!=typeof wp&&wp.mce&&(d.onPreInit.add(function(a){a.schema.addValidElements("div[*],span[*]")}),d.onBeforeSetContent.add(function(a,b){b.content&&(b.content=wp.mce.view.toViews(b.content))}),d.onSetContent.add(function(a){wp.mce.view.render(a.getDoc())}),d.onInit.add(function(a){a.selection.onBeforeSetContent.add(function(b){var d,f,g=e.getParentView(b.getNode());g&&(!g.nextSibling||e.isView(g.nextSibling)?(f=a.getDoc().createTextNode(""),a.dom.insertAfter(f,g)):(d=new c(g.nextSibling,g.nextSibling),f=d.next()),b.select(f),b.collapse(!0))}),a.selection.onSetContent.add(function(a,b){if(b.context){var c=a.getNode();c.innerHTML&&(c.innerHTML=wp.mce.view.toViews(c.innerHTML),wp.mce.view.render(c))}})}),d.onPostProcess.add(function(a,b){(b.get||b.save)&&b.content&&(b.content=wp.mce.view.toText(b.content))}),d.onNodeChange.addToTop(function(a,b,c){var d=e.getParentView(c);return d?(e.select(d),!1):(e.deselect(),void 0)}),d.onKeyDown.addToTop(function(c,d){var f,g,h=d.keyCode;if(a){if(f=e.getParentView(c.selection.getNode()),f!==a)return e.deselect(),void 0;(h===b.DELETE||h===b.BACKSPACE)&&(g=wp.mce.view.instance(a))&&(g.remove(),e.deselect()),d.metaKey||d.ctrlKey||h>=112&&123>=h||d.preventDefault()}}))},getParentView:function(a){for(;a;){if(this.isView(a))return a;a=a.parentNode}},isView:function(a){return/(?:^|\s)wp-view-wrap(?:\s|$)/.test(a.className)},select:function(b){b!==a&&(this.deselect(),a=b,wp.mce.view.select(a))},deselect:function(){a&&wp.mce.view.deselect(a),a=null},getInfo:function(){return{longname:"WordPress Views",author:"WordPress",authorurl:"http://wordpress.org",infourl:"http://wordpress.org",version:"1.0"}}}),tinymce.PluginManager.add("wpview",tinymce.plugins.wpView)}();
+!function(){var a,b=tinymce.VK,c=tinymce.dom.TreeWalker;tinymce.create("tinymce.plugins.wpView",{init:function(d,e){var f=this;"undefined"!=typeof wp&&wp.mce&&(d.onPreInit.add(function(a){a.schema.addValidElements("div[*],span[*]")}),d.onBeforeSetContent.add(function(a,b){b.content&&(b.content=wp.mce.view.toViews(b.content))}),d.onSetContent.add(function(a,b){wp.mce.view.render(a.getDoc())}),d.onInit.add(function(a){a.selection.onBeforeSetContent.add(function(b,d){var e,g,h=f.getParentView(b.getNode());h&&(!h.nextSibling||f.isView(h.nextSibling)?(g=a.getDoc().createTextNode(""),a.dom.insertAfter(g,h)):(e=new c(h.nextSibling,h.nextSibling),g=e.next()),b.select(g),b.collapse(!0))}),a.selection.onSetContent.add(function(a,b){if(b.context){var c=a.getNode();c.innerHTML&&(c.innerHTML=wp.mce.view.toViews(c.innerHTML),wp.mce.view.render(c))}})}),d.onPostProcess.add(function(a,b){(b.get||b.save)&&b.content&&(b.content=wp.mce.view.toText(b.content))}),d.onNodeChange.addToTop(function(a,b,c,d,e){var g=f.getParentView(c);return g?(f.select(g),!1):void f.deselect()}),d.onKeyDown.addToTop(function(c,d){var e,g,h=d.keyCode;if(a){if(e=f.getParentView(c.selection.getNode()),e!==a)return void f.deselect();(h===b.DELETE||h===b.BACKSPACE)&&(g=wp.mce.view.instance(a))&&(g.remove(),f.deselect()),d.metaKey||d.ctrlKey||h>=112&&123>=h||d.preventDefault()}}))},getParentView:function(a){for(;a;){if(this.isView(a))return a;a=a.parentNode}},isView:function(a){return/(?:^|\s)wp-view-wrap(?:\s|$)/.test(a.className)},select:function(b){b!==a&&(this.deselect(),a=b,wp.mce.view.select(a))},deselect:function(){a&&wp.mce.view.deselect(a),a=null},getInfo:function(){return{longname:"WordPress Views",author:"WordPress",authorurl:"http://wordpress.org",infourl:"http://wordpress.org",version:"1.0"}}}),tinymce.PluginManager.add("wpview",tinymce.plugins.wpView)}();

wp-includes/js/tw-sack.min.js

@@ -1 +1 @@
-function sack(file){this.xmlhttp=null,this.resetData=function(){this.method="POST",this.queryStringSeparator="?",this.argumentSeparator="&",this.URLString="",this.encodeURIString=!0,this.execute=!1,this.element=null,this.elementObj=null,this.requestFile=file,this.vars=new Object,this.responseStatus=new Array(2)},this.resetFunctions=function(){this.onLoading=function(){},this.onLoaded=function(){},this.onInteractive=function(){},this.onCompletion=function(){},this.onError=function(){},this.onFail=function(){}},this.reset=function(){this.resetFunctions(),this.resetData()},this.createAJAX=function(){try{this.xmlhttp=new ActiveXObject("Msxml2.XMLHTTP")}catch(a){try{this.xmlhttp=new ActiveXObject("Microsoft.XMLHTTP")}catch(b){this.xmlhttp=null}}this.xmlhttp||("undefined"!=typeof XMLHttpRequest?this.xmlhttp=new XMLHttpRequest:this.failed=!0)},this.setVar=function(a,b){this.vars[a]=Array(b,!1)},this.encVar=function(a,b,c){return 1==c?Array(encodeURIComponent(a),encodeURIComponent(b)):(this.vars[encodeURIComponent(a)]=Array(encodeURIComponent(b),!0),void 0)},this.processURLString=function(a,b){for(encoded=encodeURIComponent(this.argumentSeparator),regexp=new RegExp(this.argumentSeparator+"|"+encoded),varArray=a.split(regexp),i=0;i<varArray.length;i++)urlVars=varArray[i].split("="),1==b?this.encVar(urlVars[0],urlVars[1]):this.setVar(urlVars[0],urlVars[1])},this.createURLString=function(a){this.encodeURIString&&this.URLString.length&&this.processURLString(this.URLString,!0),a&&(this.URLString.length?this.URLString+=this.argumentSeparator+a:this.URLString=a),this.setVar("rndval",(new Date).getTime()),urlstringtemp=new Array;for(key in this.vars)0==this.vars[key][1]&&1==this.encodeURIString&&(encoded=this.encVar(key,this.vars[key][0],!0),delete this.vars[key],this.vars[encoded[0]]=Array(encoded[1],!0),key=encoded[0]),urlstringtemp[urlstringtemp.length]=key+"="+this.vars[key][0];this.URLString+=a?this.argumentSeparator+urlstringtemp.join(this.argumentSeparator):urlstringtemp.join(this.argumentSeparator)},this.runResponse=function(){eval(this.response)},this.runAJAX=function(a){if(this.failed)this.onFail();else if(this.createURLString(a),this.element&&(this.elementObj=document.getElementById(this.element)),this.xmlhttp){var b=this;if("GET"==this.method)totalurlstring=this.requestFile+this.queryStringSeparator+this.URLString,this.xmlhttp.open(this.method,totalurlstring,!0);else{this.xmlhttp.open(this.method,this.requestFile,!0);try{this.xmlhttp.setRequestHeader("Content-Type","application/x-www-form-urlencoded")}catch(c){}}this.xmlhttp.onreadystatechange=function(){switch(b.xmlhttp.readyState){case 1:b.onLoading();break;case 2:b.onLoaded();break;case 3:b.onInteractive();break;case 4:b.response=b.xmlhttp.responseText,b.responseXML=b.xmlhttp.responseXML,b.responseStatus[0]=b.xmlhttp.status,b.responseStatus[1]=b.xmlhttp.statusText,b.execute&&b.runResponse(),b.elementObj&&(elemNodeName=b.elementObj.nodeName,elemNodeName.toLowerCase(),"input"==elemNodeName||"select"==elemNodeName||"option"==elemNodeName||"textarea"==elemNodeName?b.elementObj.value=b.response:b.elementObj.innerHTML=b.response),"200"==b.responseStatus[0]?b.onCompletion():b.onError(),b.URLString=""}},this.xmlhttp.send(this.URLString)}},this.reset(),this.createAJAX()}
+function sack(file){this.xmlhttp=null,this.resetData=function(){this.method="POST",this.queryStringSeparator="?",this.argumentSeparator="&",this.URLString="",this.encodeURIString=!0,this.execute=!1,this.element=null,this.elementObj=null,this.requestFile=file,this.vars=new Object,this.responseStatus=new Array(2)},this.resetFunctions=function(){this.onLoading=function(){},this.onLoaded=function(){},this.onInteractive=function(){},this.onCompletion=function(){},this.onError=function(){},this.onFail=function(){}},this.reset=function(){this.resetFunctions(),this.resetData()},this.createAJAX=function(){try{this.xmlhttp=new ActiveXObject("Msxml2.XMLHTTP")}catch(a){try{this.xmlhttp=new ActiveXObject("Microsoft.XMLHTTP")}catch(b){this.xmlhttp=null}}this.xmlhttp||("undefined"!=typeof XMLHttpRequest?this.xmlhttp=new XMLHttpRequest:this.failed=!0)},this.setVar=function(a,b){this.vars[a]=Array(b,!1)},this.encVar=function(a,b,c){return 1==c?Array(encodeURIComponent(a),encodeURIComponent(b)):void(this.vars[encodeURIComponent(a)]=Array(encodeURIComponent(b),!0))},this.processURLString=function(a,b){for(encoded=encodeURIComponent(this.argumentSeparator),regexp=new RegExp(this.argumentSeparator+"|"+encoded),varArray=a.split(regexp),i=0;i<varArray.length;i++)urlVars=varArray[i].split("="),1==b?this.encVar(urlVars[0],urlVars[1]):this.setVar(urlVars[0],urlVars[1])},this.createURLString=function(a){this.encodeURIString&&this.URLString.length&&this.processURLString(this.URLString,!0),a&&(this.URLString.length?this.URLString+=this.argumentSeparator+a:this.URLString=a),this.setVar("rndval",(new Date).getTime()),urlstringtemp=new Array;for(key in this.vars)0==this.vars[key][1]&&1==this.encodeURIString&&(encoded=this.encVar(key,this.vars[key][0],!0),delete this.vars[key],this.vars[encoded[0]]=Array(encoded[1],!0),key=encoded[0]),urlstringtemp[urlstringtemp.length]=key+"="+this.vars[key][0];a?this.URLString+=this.argumentSeparator+urlstringtemp.join(this.argumentSeparator):this.URLString+=urlstringtemp.join(this.argumentSeparator)},this.runResponse=function(){eval(this.response)},this.runAJAX=function(a){if(this.failed)this.onFail();else if(this.createURLString(a),this.element&&(this.elementObj=document.getElementById(this.element)),this.xmlhttp){var b=this;if("GET"==this.method)totalurlstring=this.requestFile+this.queryStringSeparator+this.URLString,this.xmlhttp.open(this.method,totalurlstring,!0);else{this.xmlhttp.open(this.method,this.requestFile,!0);try{this.xmlhttp.setRequestHeader("Content-Type","application/x-www-form-urlencoded")}catch(c){}}this.xmlhttp.onreadystatechange=function(){switch(b.xmlhttp.readyState){case 1:b.onLoading();break;case 2:b.onLoaded();break;case 3:b.onInteractive();break;case 4:b.response=b.xmlhttp.responseText,b.responseXML=b.xmlhttp.responseXML,b.responseStatus[0]=b.xmlhttp.status,b.responseStatus[1]=b.xmlhttp.statusText,b.execute&&b.runResponse(),b.elementObj&&(elemNodeName=b.elementObj.nodeName,elemNodeName.toLowerCase(),"input"==elemNodeName||"select"==elemNodeName||"option"==elemNodeName||"textarea"==elemNodeName?b.elementObj.value=b.response:b.elementObj.innerHTML=b.response),"200"==b.responseStatus[0]?b.onCompletion():b.onError(),b.URLString=""}},this.xmlhttp.send(this.URLString)}},this.reset(),this.createAJAX()}

wp-includes/js/wp-auth-check.min.js

@@ -1 +1 @@
-!function(a){function b(){var b,d=a("#wp-auth-check"),f=a("#wp-auth-check-form"),g=e.find(".wp-auth-fallback-expired"),h=!1;f.length&&(a(window).on("beforeunload.wp-auth-check",function(a){a.originalEvent.returnValue=window.authcheckL10n.beforeunload}),b=a('<iframe id="wp-auth-check-frame" frameborder="0">').attr("title",g.text()),b.load(function(){var b,i;h=!0;try{i=a(this).contents().find("body"),b=i.height()}catch(j){return e.addClass("fallback"),d.css("max-height",""),f.remove(),g.focus(),void 0}b?i&&i.hasClass("interim-login-success")?c():d.css("max-height",b+40+"px"):i&&i.length||(e.addClass("fallback"),d.css("max-height",""),f.remove(),g.focus())}).attr("src",f.data("src")),a("#wp-auth-check-form").append(b)),e.removeClass("hidden"),b?(b.focus(),setTimeout(function(){h||(e.addClass("fallback"),f.remove(),g.focus())},1e4)):g.focus()}function c(){a(window).off("beforeunload.wp-auth-check"),"undefined"==typeof adminpage||"post-php"!=adminpage&&"post-new-php"!=adminpage||"undefined"==typeof wp||!wp.heartbeat||wp.heartbeat.interval("fast",1),e.fadeOut(200,function(){e.addClass("hidden").css("display",""),a("#wp-auth-check-frame").remove()})}function d(){var a=parseInt(window.authcheckL10n.interval,10)||180;f=(new Date).getTime()+1e3*a}var e,f;a(document).on("heartbeat-tick.wp-auth-check",function(a,f){"wp-auth-check"in f&&(d(),!f["wp-auth-check"]&&e.hasClass("hidden")?b():f["wp-auth-check"]&&!e.hasClass("hidden")&&c())}).on("heartbeat-send.wp-auth-check",function(a,b){(new Date).getTime()>f&&(b["wp-auth-check"]=!0)}).ready(function(){d(),e=a("#wp-auth-check-wrap"),e.find(".wp-auth-check-close").on("click",function(){c()})})}(jQuery);
+!function(a){function b(){var b,d=a("#wp-auth-check"),f=a("#wp-auth-check-form"),g=e.find(".wp-auth-fallback-expired"),h=!1;f.length&&(a(window).on("beforeunload.wp-auth-check",function(a){a.originalEvent.returnValue=window.authcheckL10n.beforeunload}),b=a('<iframe id="wp-auth-check-frame" frameborder="0">').attr("title",g.text()),b.load(function(b){var i,j;h=!0;try{j=a(this).contents().find("body"),i=j.height()}catch(b){return e.addClass("fallback"),d.css("max-height",""),f.remove(),void g.focus()}i?j&&j.hasClass("interim-login-success")?c():d.css("max-height",i+40+"px"):j&&j.length||(e.addClass("fallback"),d.css("max-height",""),f.remove(),g.focus())}).attr("src",f.data("src")),a("#wp-auth-check-form").append(b)),e.removeClass("hidden"),b?(b.focus(),setTimeout(function(){h||(e.addClass("fallback"),f.remove(),g.focus())},1e4)):g.focus()}function c(){a(window).off("beforeunload.wp-auth-check"),"undefined"==typeof adminpage||"post-php"!=adminpage&&"post-new-php"!=adminpage||"undefined"==typeof wp||!wp.heartbeat||wp.heartbeat.interval("fast",1),e.fadeOut(200,function(){e.addClass("hidden").css("display",""),a("#wp-auth-check-frame").remove()})}function d(){var a=parseInt(window.authcheckL10n.interval,10)||180;f=(new Date).getTime()+1e3*a}var e,f;a(document).on("heartbeat-tick.wp-auth-check",function(a,f){"wp-auth-check"in f&&(d(),!f["wp-auth-check"]&&e.hasClass("hidden")?b():f["wp-auth-check"]&&!e.hasClass("hidden")&&c())}).on("heartbeat-send.wp-auth-check",function(a,b){(new Date).getTime()>f&&(b["wp-auth-check"]=!0)}).ready(function(){d(),e=a("#wp-auth-check-wrap"),e.find(".wp-auth-check-close").on("click",function(a){c()})})}(jQuery);

wp-includes/js/wp-pointer.min.js

@@ -1 +1 @@
-!function(a){var b=0,c=9999;a.widget("wp.pointer",{options:{pointerClass:"wp-pointer",pointerWidth:320,content:function(){return a(this).text()},buttons:function(b,c){var d=wpPointerL10n?wpPointerL10n.dismiss:"Dismiss",e=a('<a class="close" href="#">'+d+"</a>");return e.bind("click.pointer",function(a){a.preventDefault(),c.element.pointer("close")})},position:"top",show:function(a,b){b.pointer.show(),b.opened()},hide:function(a,b){b.pointer.hide(),b.closed()},document:document},_create:function(){var c,d;this.content=a('<div class="wp-pointer-content"></div>'),this.arrow=a('<div class="wp-pointer-arrow"><div class="wp-pointer-arrow-inner"></div></div>'),d=this.element.parents().add(this.element),c="absolute",d.filter(function(){return"fixed"===a(this).css("position")}).length&&(c="fixed"),this.pointer=a("<div />").append(this.content).append(this.arrow).attr("id","wp-pointer-"+b++).addClass(this.options.pointerClass).css({position:c,width:this.options.pointerWidth+"px",display:"none"}).appendTo(this.options.document.body)},_setOption:function(b,c){var d=this.options,e=this.pointer;"document"===b&&c!==d.document?e.detach().appendTo(c.body):"pointerClass"===b&&e.removeClass(d.pointerClass).addClass(c),a.Widget.prototype._setOption.apply(this,arguments),"position"===b?this.reposition():"content"===b&&this.active&&this.update()},destroy:function(){this.pointer.remove(),a.Widget.prototype.destroy.call(this)},widget:function(){return this.pointer},update:function(b){var c,d=this,e=this.options,f=a.Deferred();if(!e.disabled)return f.done(function(a){d._update(b,a)}),c="string"==typeof e.content?e.content:e.content.call(this.element[0],f.resolve,b,this._handoff()),c&&f.resolve(c),f.promise()},_update:function(a,b){var c,d=this.options;b&&(this.pointer.stop(),this.content.html(b),c=d.buttons.call(this.element[0],a,this._handoff()),c&&c.wrap('<div class="wp-pointer-buttons" />').parent().appendTo(this.content),this.reposition())},reposition:function(){var b;this.options.disabled||(b=this._processPosition(this.options.position),this.pointer.css({top:0,left:0,zIndex:c++}).show().position(a.extend({of:this.element,collision:"fit none"},b)),this.repoint())},repoint:function(){var a,b=this.options;b.disabled||(a="string"==typeof b.position?b.position:b.position.edge,this.pointer[0].className=this.pointer[0].className.replace(/wp-pointer-[^\s'"]*/,""),this.pointer.addClass("wp-pointer-"+a))},_processPosition:function(b){var c,d={top:"bottom",bottom:"top",left:"right",right:"left"};return c="string"==typeof b?{edge:b+""}:a.extend({},b),c.edge?("top"==c.edge||"bottom"==c.edge?(c.align=c.align||"left",c.at=c.at||c.align+" "+d[c.edge],c.my=c.my||c.align+" "+c.edge):(c.align=c.align||"top",c.at=c.at||d[c.edge]+" "+c.align,c.my=c.my||c.edge+" "+c.align),c):c},open:function(a){var b=this,c=this.options;this.active||c.disabled||this.element.is(":hidden")||this.update().done(function(){b._open(a)})},_open:function(a){var b=this,c=this.options;this.active||c.disabled||this.element.is(":hidden")||(this.active=!0,this._trigger("open",a,this._handoff()),this._trigger("show",a,this._handoff({opened:function(){b._trigger("opened",a,b._handoff())}})))},close:function(a){if(this.active&&!this.options.disabled){var b=this;this.active=!1,this._trigger("close",a,this._handoff()),this._trigger("hide",a,this._handoff({closed:function(){b._trigger("closed",a,b._handoff())}}))}},sendToTop:function(){this.active&&this.pointer.css("z-index",c++)},toggle:function(a){this.pointer.is(":hidden")?this.open(a):this.close(a)},_handoff:function(b){return a.extend({pointer:this.pointer,element:this.element},b)}})}(jQuery);
+!function(a){var b=0,c=9999;a.widget("wp.pointer",{options:{pointerClass:"wp-pointer",pointerWidth:320,content:function(b,c,d){return a(this).text()},buttons:function(b,c){var d=wpPointerL10n?wpPointerL10n.dismiss:"Dismiss",e=a('<a class="close" href="#">'+d+"</a>");return e.bind("click.pointer",function(a){a.preventDefault(),c.element.pointer("close")})},position:"top",show:function(a,b){b.pointer.show(),b.opened()},hide:function(a,b){b.pointer.hide(),b.closed()},document:document},_create:function(){var c,d;this.content=a('<div class="wp-pointer-content"></div>'),this.arrow=a('<div class="wp-pointer-arrow"><div class="wp-pointer-arrow-inner"></div></div>'),d=this.element.parents().add(this.element),c="absolute",d.filter(function(){return"fixed"===a(this).css("position")}).length&&(c="fixed"),this.pointer=a("<div />").append(this.content).append(this.arrow).attr("id","wp-pointer-"+b++).addClass(this.options.pointerClass).css({position:c,width:this.options.pointerWidth+"px",display:"none"}).appendTo(this.options.document.body)},_setOption:function(b,c){var d=this.options,e=this.pointer;"document"===b&&c!==d.document?e.detach().appendTo(c.body):"pointerClass"===b&&e.removeClass(d.pointerClass).addClass(c),a.Widget.prototype._setOption.apply(this,arguments),"position"===b?this.reposition():"content"===b&&this.active&&this.update()},destroy:function(){this.pointer.remove(),a.Widget.prototype.destroy.call(this)},widget:function(){return this.pointer},update:function(b){var c,d=this,e=this.options,f=a.Deferred();if(!e.disabled)return f.done(function(a){d._update(b,a)}),c="string"==typeof e.content?e.content:e.content.call(this.element[0],f.resolve,b,this._handoff()),c&&f.resolve(c),f.promise()},_update:function(a,b){var c,d=this.options;b&&(this.pointer.stop(),this.content.html(b),c=d.buttons.call(this.element[0],a,this._handoff()),c&&c.wrap('<div class="wp-pointer-buttons" />').parent().appendTo(this.content),this.reposition())},reposition:function(){var b;this.options.disabled||(b=this._processPosition(this.options.position),this.pointer.css({top:0,left:0,zIndex:c++}).show().position(a.extend({of:this.element,collision:"fit none"},b)),this.repoint())},repoint:function(){var a,b=this.options;b.disabled||(a="string"==typeof b.position?b.position:b.position.edge,this.pointer[0].className=this.pointer[0].className.replace(/wp-pointer-[^\s'"]*/,""),this.pointer.addClass("wp-pointer-"+a))},_processPosition:function(b){var c,d={top:"bottom",bottom:"top",left:"right",right:"left"};return c="string"==typeof b?{edge:b+""}:a.extend({},b),c.edge?("top"==c.edge||"bottom"==c.edge?(c.align=c.align||"left",c.at=c.at||c.align+" "+d[c.edge],c.my=c.my||c.align+" "+c.edge):(c.align=c.align||"top",c.at=c.at||d[c.edge]+" "+c.align,c.my=c.my||c.edge+" "+c.align),c):c},open:function(a){var b=this,c=this.options;this.active||c.disabled||this.element.is(":hidden")||this.update().done(function(){b._open(a)})},_open:function(a){var b=this,c=this.options;this.active||c.disabled||this.element.is(":hidden")||(this.active=!0,this._trigger("open",a,this._handoff()),this._trigger("show",a,this._handoff({opened:function(){b._trigger("opened",a,b._handoff())}})))},close:function(a){if(this.active&&!this.options.disabled){var b=this;this.active=!1,this._trigger("close",a,this._handoff()),this._trigger("hide",a,this._handoff({closed:function(){b._trigger("closed",a,b._handoff())}}))}},sendToTop:function(a){this.active&&this.pointer.css("z-index",c++)},toggle:function(a){this.pointer.is(":hidden")?this.open(a):this.close(a)},_handoff:function(b){return a.extend({pointer:this.pointer,element:this.element},b)}})}(jQuery);

wp-includes/js/wp-util.min.js

@@ -1 +1 @@
-window.wp=window.wp||{},function(a){var b="undefined"==typeof _wpUtilSettings?{}:_wpUtilSettings;wp.template=_.memoize(function(b){var c,d={evaluate:/<#([\s\S]+?)#>/g,interpolate:/\{\{\{([\s\S]+?)\}\}\}/g,escape:/\{\{([^\}]+?)\}\}(?!\})/g,variable:"data"};return function(e){return c=c||_.template(a("#tmpl-"+b).html(),null,d),c(e)}}),wp.ajax={settings:b.ajax||{},post:function(a,b){return wp.ajax.send({data:_.isObject(a)?a:_.extend(b||{},{action:a})})},send:function(b,c){return _.isObject(b)?c=b:(c=c||{},c.data=_.extend(c.data||{},{action:b})),c=_.defaults(c||{},{type:"POST",url:wp.ajax.settings.url,context:this}),a.Deferred(function(b){c.success&&b.done(c.success),c.error&&b.fail(c.error),delete c.success,delete c.error,a.ajax(c).done(function(a){("1"===a||1===a)&&(a={success:!0}),_.isObject(a)&&!_.isUndefined(a.success)?b[a.success?"resolveWith":"rejectWith"](this,[a.data]):b.rejectWith(this,[a])}).fail(function(){b.rejectWith(this,arguments)})}).promise()}}}(jQuery);
+window.wp=window.wp||{},function(a){var b="undefined"==typeof _wpUtilSettings?{}:_wpUtilSettings;wp.template=_.memoize(function(b){var c,d={evaluate:/<#([\s\S]+?)#>/g,interpolate:/\{\{\{([\s\S]+?)\}\}\}/g,escape:/\{\{([^\}]+?)\}\}(?!\})/g,variable:"data"};return function(e){return(c=c||_.template(a("#tmpl-"+b).html(),null,d))(e)}}),wp.ajax={settings:b.ajax||{},post:function(a,b){return wp.ajax.send({data:_.isObject(a)?a:_.extend(b||{},{action:a})})},send:function(b,c){return _.isObject(b)?c=b:(c=c||{},c.data=_.extend(c.data||{},{action:b})),c=_.defaults(c||{},{type:"POST",url:wp.ajax.settings.url,context:this}),a.Deferred(function(b){c.success&&b.done(c.success),c.error&&b.fail(c.error),delete c.success,delete c.error,a.ajax(c).done(function(a){("1"===a||1===a)&&(a={success:!0}),_.isObject(a)&&!_.isUndefined(a.success)?b[a.success?"resolveWith":"rejectWith"](this,[a.data]):b.rejectWith(this,[a])}).fail(function(){b.rejectWith(this,arguments)})}).promise()}}}(jQuery);

wp-includes/js/wplink.js

@@ -164,6 +164,13 @@ var wpLink;
 
 			attrs = wpLink.getAttrs();
 
+			var parser = document.createElement( 'a' );
+			parser.href = attrs.href;
+
+			if ( 'javascript:' === parser.protocol || 'data:' === parser.protocol ) { // jshint ignore:line
+				attrs.href = '';
+			}
+
 			// If there's no href, return.
 			if ( ! attrs.href || attrs.href == 'http://' )
 				return;
@@ -174,7 +181,7 @@ var wpLink;
 			if ( attrs.title )
 				html += ' title="' + attrs.title + '"';
 			if ( attrs.target )
-				html += ' target="' + attrs.target + '"';
+				html += ' rel="noopener" target="' + attrs.target + '"';
 
 			html += '>';
 
@@ -221,6 +228,13 @@ var wpLink;
 			tinyMCEPopup.restoreSelection();
 			e = ed.dom.getParent(ed.selection.getNode(), 'A');
 
+			var parser = document.createElement( 'a' );
+			parser.href = attrs.href;
+
+			if ( 'javascript:' === parser.protocol || 'data:' === parser.protocol ) { // jshint ignore:line
+				attrs.href = '';
+			}
+
 			// If the values are empty, unlink and return
 			if ( ! attrs.href || attrs.href == 'http://' ) {
 				if ( e ) {

wp-includes/kses.php

@@ -159,15 +159,6 @@ if ( ! CUSTOM_TAGS ) {
 			'lang' => true,
 			'xml:lang' => true,
 		),
-		'form' => array(
-			'action' => true,
-			'accept' => true,
-			'accept-charset' => true,
-			'enctype' => true,
-			'method' => true,
-			'name' => true,
-			'target' => true,
-		),
 		'h1' => array(
 			'align' => true,
 		),
@@ -497,7 +488,7 @@ function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
  * @return string Filtered attribute.
  */
 function wp_kses_one_attr( $string, $element ) {
-	$uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
+	$uris = wp_kses_uri_attributes();
 	$allowed_html = wp_kses_allowed_html( 'post' );
 	$allowed_protocols = wp_allowed_protocols();
 	$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
@@ -564,6 +555,7 @@ function wp_kses_one_attr( $string, $element ) {
  * Return a list of allowed tags and attributes for a given context.
  *
  * @since 3.5.0
+ * @since 5.0.1 `form` removed as allowable HTML tag.
  *
  * @param string $context The context for which to retrieve tags. Allowed values are
  *  post | strip | data | entities or the name of a field filter such as pre_user_description.
@@ -577,7 +569,27 @@ function wp_kses_allowed_html( $context = '' ) {
 
 	switch ( $context ) {
 		case 'post':
-			return apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context );
+			$tags = apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context );
+
+			// 5.0.1 removed the `<form>` tag, allow it if a filter is allowing it's sub-elements `<input>` or `<select>`.
+			if ( ! CUSTOM_TAGS && ! isset( $tags['form'] ) && ( isset( $tags['input'] ) || isset( $tags['select'] ) ) ) {
+				$tags = $allowedposttags;
+
+				$tags['form'] = array(
+					'action' => true,
+					'accept' => true,
+					'accept-charset' => true,
+					'enctype' => true,
+					'method' => true,
+					'name' => true,
+					'target' => true,
+				);
+
+				/** This filter is documented in wp-includes/kses.php */
+				$tags = apply_filters( 'wp_kses_allowed_html', $tags, $context );
+			}
+
+			return $tags;
 			break;
 		case 'user_description':
 		case 'pre_user_description':
@@ -645,6 +657,56 @@ function wp_kses_split( $string, $allowed_html, $allowed_protocols ) {
 	return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', '_wp_kses_split_callback', $string );
 }
 
+/**
+ * Helper function listing HTML attributes containing a URL.
+ *
+ * This function returns a list of all HTML attributes that must contain
+ * a URL according to the HTML specification.
+ *
+ * This list includes URI attributes both allowed and disallowed by KSES.
+ *
+ * @link https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes
+ *
+ * @since 5.0.1
+ *
+ * @return array HTML attributes that must include a URL.
+ */
+function wp_kses_uri_attributes() {
+	$uri_attributes = array(
+		'action',
+		'archive',
+		'background',
+		'cite',
+		'classid',
+		'codebase',
+		'data',
+		'formaction',
+		'href',
+		'icon',
+		'longdesc',
+		'manifest',
+		'poster',
+		'profile',
+		'src',
+		'usemap',
+		'xmlns',
+	);
+
+	/**
+	 * Filters the list of attributes that are required to contain a URL.
+	 *
+	 * Use this filter to add any `data-` attributes that are required to be
+	 * validated as a URL.
+	 *
+	 * @since 5.0.1
+	 *
+	 * @param array $uri_attributes HTML attributes requiring validation as a URL.
+	 */
+	$uri_attributes = apply_filters( 'wp_kses_uri_attributes', $uri_attributes );
+
+	return $uri_attributes;
+}
+
 /**
  * Callback for wp_kses_split.
  *
@@ -837,7 +899,7 @@ function wp_kses_hair($attr, $allowed_protocols) {
 	$attrarr = array();
 	$mode = 0;
 	$attrname = '';
-	$uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
+	$uris = wp_kses_uri_attributes();
 
 	# Loop through the whole attribute list
 
@@ -1244,7 +1306,8 @@ function wp_kses_html_error($string) {
  * @return string Sanitized content
  */
 function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) {
-	$string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 );
+	$string  = preg_replace( '/(&#0*58(?![;0-9])|&#x0*3a(?![;a-f0-9]))/i', '$1;', $string );
+	$string2 = preg_split( '/:|&#0*58;|&#x0*3a;|&colon;/i', $string, 2 );
 	if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) {
 		$string = trim( $string2[1] );
 		$protocol = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols );

wp-includes/meta.php

@@ -558,9 +558,9 @@ function update_meta_cache($meta_type, $object_ids) {
 		return $cache;
 
 	// Get meta info
-	$id_list = join(',', $ids);
-	$meta_list = $wpdb->get_results( $wpdb->prepare("SELECT $column, meta_key, meta_value FROM $table WHERE $column IN ($id_list)",
-		$meta_type), ARRAY_A );
+	$id_list = join( ',', $ids );
+	$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
+	$meta_list = $wpdb->get_results( "SELECT $column, meta_key, meta_value FROM $table WHERE $column IN ($id_list) ORDER BY $id_column ASC", ARRAY_A );
 
 	if ( !empty($meta_list) ) {
 		foreach ( $meta_list as $metarow) {
@@ -891,8 +891,9 @@ function _get_meta_table($type) {
  * @param string $meta_key Meta key
  * @return bool True if the key is protected, false otherwise.
  */
-function is_protected_meta( $meta_key, $meta_type = null ) {
-	$protected = ( '_' == $meta_key[0] );
+function is_protected_meta( $meta_key, $meta_type = '' ) {
+	$sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key );
+	$protected     = strlen( $sanitized_key ) > 0 && ( '_' === $sanitized_key[0] );
 
 	return apply_filters( 'is_protected_meta', $protected, $meta_key, $meta_type );
 }

wp-includes/ms-deprecated.php

@@ -240,10 +240,13 @@ function wpmu_admin_do_redirect( $url = '' ) {
 	_deprecated_function( __FUNCTION__, '3.3' );
 
 	$ref = '';
-	if ( isset( $_GET['ref'] ) )
-		$ref = $_GET['ref'];
-	if ( isset( $_POST['ref'] ) )
-		$ref = $_POST['ref'];
+	if ( isset( $_GET['ref'] ) && isset( $_POST['ref'] ) && $_GET['ref'] !== $_POST['ref'] ) {
+		wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
+	} elseif ( isset( $_POST['ref'] ) ) {
+		$ref = $_POST[ 'ref' ];
+	} elseif ( isset( $_GET['ref'] ) ) {
+		$ref = $_GET[ 'ref' ];
+	}
 
 	if ( $ref ) {
 		$ref = wpmu_admin_redirect_add_updated_param( $ref );
@@ -256,7 +259,9 @@ function wpmu_admin_do_redirect( $url = '' ) {
 	}
 
 	$url = wpmu_admin_redirect_add_updated_param( $url );
-	if ( isset( $_GET['redirect'] ) ) {
+	if ( isset( $_GET['redirect'] ) && isset( $_POST['redirect'] ) && $_GET['redirect'] !== $_POST['redirect'] ) {
+		wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
+	} elseif ( isset( $_GET['redirect'] ) ) {
 		if ( substr( $_GET['redirect'], 0, 2 ) == 's_' )
 			$url .= '&action=blogs&s='. esc_html( substr( $_GET['redirect'], 2 ) );
 	} elseif ( isset( $_POST['redirect'] ) ) {

wp-includes/ms-functions.php

@@ -1130,10 +1130,10 @@ function install_blog($blog_id, $blog_title = '') {
 
 	require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
 
-	$wpdb->suppress_errors();
+	$suppress = $wpdb->suppress_errors();
 	if ( $wpdb->get_results( "DESCRIBE {$wpdb->posts}" ) )
 		die( '<h1>' . __( 'Already Installed' ) . '</h1><p>' . __( 'You appear to have already installed WordPress. To reinstall please clear your old database tables first.' ) . '</p></body></html>' );
-	$wpdb->suppress_errors( false );
+	$wpdb->suppress_errors( $suppress );
 
 	$url = get_blogaddress_by_id( $blog_id );
 
@@ -1180,11 +1180,11 @@ function install_blog_defaults($blog_id, $user_id) {
 
 	require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
 
-	$wpdb->suppress_errors();
+	$suppress = $wpdb->suppress_errors();
 
 	wp_install_defaults($user_id);
 
-	$wpdb->suppress_errors( false );
+	$wpdb->suppress_errors( $suppress );
 }
 
 /**

wp-includes/pluggable.php

@@ -808,18 +808,29 @@ if ( !function_exists('check_admin_referer') ) :
  * @param string $action Action nonce
  * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
  */
-function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
-	if ( -1 == $action )
-		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );
+function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
+	if ( -1 === $action )
+		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
 
 	$adminurl = strtolower(admin_url());
 	$referer = strtolower(wp_get_referer());
 	$result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
-	if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) {
-		wp_nonce_ays($action);
+
+	/**
+	 * Fires once the admin request has been validated or not.
+	 *
+	 * @since 1.5.1
+	 *
+	 * @param string $action The nonce action.
+	 * @param bool   $result Whether the admin request nonce was validated.
+	 */
+	do_action( 'check_admin_referer', $action, $result );
+
+	if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
+		wp_nonce_ays( $action );
 		die();
 	}
-	do_action('check_admin_referer', $action, $result);
+
 	return $result;
 }
 endif;
@@ -834,6 +845,9 @@ if ( !function_exists('check_ajax_referer') ) :
  * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
  */
 function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
+	if ( -1 === $action )
+		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
+
 	$nonce = '';
 
 	if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
@@ -915,7 +929,7 @@ if ( !function_exists('wp_sanitize_redirect') ) :
  * @return string redirect-sanitized URL
  **/
 function wp_sanitize_redirect($location) {
-	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
+	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!@]|i', '', $location);
 	$location = wp_kses_no_null($location);
 
 	// remove %0d and %0a from location
@@ -972,7 +986,7 @@ if ( !function_exists('wp_validate_redirect') ) :
  * @return string redirect-sanitized URL
  **/
 function wp_validate_redirect($location, $default = '') {
-	$location = trim( $location, " \t\n\r\0\x08\x0B" );
+	$location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) );
 	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
 	if ( substr($location, 0, 2) == '//' )
 		$location = 'http:' . $location;
@@ -991,6 +1005,14 @@ function wp_validate_redirect($location, $default = '') {
 	if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )
 		return $default;
 
+	if ( ! isset( $lp['host'] ) && ! empty( $lp['path'] ) && '/' !== $lp['path'][0] ) {
+		$path = '';
+		if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
+			$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );
+		}
+		$location = '/' . ltrim( $path . '/', '/' ) . $location;
+	}
+
 	// Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
 	if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
 		return $default;
@@ -1803,36 +1825,3 @@ function wp_text_diff( $left_string, $right_string, $args = null ) {
 	return $r;
 }
 endif;
-
-if ( ! function_exists( 'hash_equals' ) ) :
-/**
- * Compare two strings in constant time.
- *
- * This function is NOT pluggable. It is in this file (in addition to
- * compat.php) to prevent errors if, during an update, pluggable.php
- * copies over but compat.php does not.
- *
- * This function was added in PHP 5.6.
- * It can leak the length of a string.
- *
- * @since 3.9.2
- *
- * @param string $a Expected string.
- * @param string $b Actual string.
- * @return bool Whether strings are equal.
- */
-function hash_equals( $a, $b ) {
-	$a_length = strlen( $a );
-	if ( $a_length !== strlen( $b ) ) {
-		return false;
-	}
-	$result = 0;
-
-	// Do not attempt to "optimize" this.
-	for ( $i = 0; $i < $a_length; $i++ ) {
-		$result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
-	}
-
-	return $result === 0;
-}
-endif;

wp-includes/post-template.php

@@ -226,24 +226,9 @@ function get_the_content( $more_link_text = null, $strip_teaser = false ) {
 		}
 	}
 
-	if ( $preview ) // preview fix for javascript bug with foreign languages
-		$output =	preg_replace_callback( '/\%u([0-9A-F]{4})/', '_convert_urlencoded_to_entities', $output );
-
 	return $output;
 }
 
-/**
- * Preview fix for javascript bug with foreign languages
- *
- * @since 3.1.0
- * @access private
- * @param array $match Match array from preg_replace_callback
- * @return string
- */
-function _convert_urlencoded_to_entities( $match ) {
-	return '&#' . base_convert( $match[1], 16, 10 ) . ';';
-}
-
 /**
  * Display the post excerpt.
  *

wp-includes/post.php

@@ -3494,10 +3494,10 @@ function get_page_by_path($page_path, $output = OBJECT, $post_type = 'page') {
 	$page_path = str_replace('%2F', '/', $page_path);
 	$page_path = str_replace('%20', ' ', $page_path);
 	$parts = explode( '/', trim( $page_path, '/' ) );
-	$parts = esc_sql( $parts );
 	$parts = array_map( 'sanitize_title_for_query', $parts );
+	$escaped_parts = esc_sql( $parts );
 
-	$in_string = "'". implode( "','", $parts ) . "'";
+	$in_string = "'". implode( "','", $escaped_parts ) . "'";
 	$post_type_sql = esc_sql( $post_type );
 	$pages = $wpdb->get_results( "SELECT ID, post_name, post_parent, post_type FROM $wpdb->posts WHERE post_name IN ($in_string) AND (post_type = '$post_type_sql' OR post_type = 'attachment')", OBJECT_K );
 
@@ -4157,12 +4157,6 @@ function wp_delete_attachment( $post_id, $force_delete = false ) {
 	$backup_sizes = get_post_meta( $post->ID, '_wp_attachment_backup_sizes', true );
 	$file = get_attached_file( $post_id );
 
-	$intermediate_sizes = array();
-	foreach ( get_intermediate_image_sizes() as $size ) {
-		if ( $intermediate = image_get_intermediate_size( $post_id, $size ) )
-			$intermediate_sizes[] = $intermediate;
-	}
-
 	if ( is_multisite() )
 		delete_transient( 'dirsize_cache' );
 
@@ -4185,43 +4179,79 @@ function wp_delete_attachment( $post_id, $force_delete = false ) {
 	$wpdb->delete( $wpdb->posts, array( 'ID' => $post_id ) );
 	do_action( 'deleted_post', $post_id );
 
+	wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file );
+
+	clean_post_cache( $post );
+
+	return $post;
+}
+
+/**
+ * Deletes all files that belong to the given attachment.
+ *
+ * @since 4.9.7
+ *
+ * @param int    $post_id      Attachment ID.
+ * @param array  $meta         The attachment's meta data.
+ * @param array  $backup_sizes The meta data for the attachment's backup images.
+ * @param string $file         Absolute path to the attachment's file.
+ * @return bool True on success, false on failure.
+ */
+function wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file ) {
+	global $wpdb;
+
 	$uploadpath = wp_upload_dir();
+	$deleted    = true;
 
 	if ( ! empty($meta['thumb']) ) {
 		// Don't delete the thumb if another attachment uses it
 		if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%' . $meta['thumb'] . '%', $post_id)) ) {
 			$thumbfile = str_replace(basename($file), $meta['thumb'], $file);
-			/** This filter is documented in wp-admin/custom-header.php */
-			$thumbfile = apply_filters('wp_delete_file', $thumbfile);
-			@ unlink( path_join($uploadpath['basedir'], $thumbfile) );
+			if ( ! empty( $thumbfile ) ) {
+				$thumbfile = path_join( $uploadpath['basedir'], $thumbfile );
+				$thumbdir  = path_join( $uploadpath['basedir'], dirname( $file ) );
+
+				if ( ! wp_delete_file_from_directory( $thumbfile, $thumbdir ) ) {
+					$deleted = false;
+				}
+			}
 		}
 	}
 
 	// remove intermediate and backup images if there are any
-	foreach ( $intermediate_sizes as $intermediate ) {
-		/** This filter is documented in wp-admin/custom-header.php */
-		$intermediate_file = apply_filters( 'wp_delete_file', $intermediate['path'] );
-		@ unlink( path_join($uploadpath['basedir'], $intermediate_file) );
-	}
+	if ( isset( $meta['sizes'] ) && is_array( $meta['sizes'] ) ) {
+		$intermediate_dir = path_join( $uploadpath['basedir'], dirname( $file ) );
+		foreach ( $meta['sizes'] as $size => $sizeinfo ) {
+			$intermediate_file = str_replace( basename( $file ), $sizeinfo['file'], $file );
+			if ( ! empty( $intermediate_file ) ) {
+				$intermediate_file = path_join( $uploadpath['basedir'], $intermediate_file );
 
-	if ( is_array($backup_sizes) ) {
-		foreach ( $backup_sizes as $size ) {
-			$del_file = path_join( dirname($meta['file']), $size['file'] );
-			/** This filter is documented in wp-admin/custom-header.php */
-			$del_file = apply_filters('wp_delete_file', $del_file);
-			@ unlink( path_join($uploadpath['basedir'], $del_file) );
+				if ( ! wp_delete_file_from_directory( $intermediate_file, $intermediate_dir ) ) {
+					$deleted = false;
+				}
+			}
 		}
 	}
 
-	/** This filter is documented in wp-admin/custom-header.php */
-	$file = apply_filters('wp_delete_file', $file);
+	if ( is_array($backup_sizes) ) {
+		$del_dir = path_join( $uploadpath['basedir'], dirname( $meta['file'] ) );
+		foreach ( $backup_sizes as $size ) {
+			$del_file = path_join( dirname( $meta['file'] ), $size['file'] );
+			if ( ! empty( $del_file ) ) {
+				$del_file = path_join( $uploadpath['basedir'], $del_file );
 
-	if ( ! empty($file) )
-		@ unlink($file);
+				if ( ! wp_delete_file_from_directory( $del_file, $del_dir ) ) {
+					$deleted = false;
+				}
+			}
+		}
+	}
 
-	clean_post_cache( $post );
+	if ( ! wp_delete_file_from_directory( $file, $uploadpath['basedir'] ) ) {
+		$deleted = false;
+	}
 
-	return $post;
+	return $deleted;
 }
 
 /**