Tag 4.0.32

Built from https://develop.svn.wordpress.org/tags/4.0.32@49442


git-svn-id: http://core.svn.wordpress.org/tags/4.0.32@49201 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-activate.php

@@ -18,6 +18,50 @@ if ( !is_multisite() ) {
 	die();
 }
 
+$valid_error_codes = array( 'already_active', 'blog_taken' );
+
+list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
+$activate_cookie = 'wp-activate-' . COOKIEHASH;
+
+$key    = '';
+$result = null;
+
+if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) {
+	wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 );
+} elseif ( ! empty( $_GET['key'] ) ) {
+	$key = $_GET['key'];
+} elseif ( ! empty( $_POST['key'] ) ) {
+	$key = $_POST['key'];
+}
+
+if ( $key ) {
+	$redirect_url = remove_query_arg( 'key' );
+
+	if ( $redirect_url !== remove_query_arg( false ) ) {
+		setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
+		wp_safe_redirect( $redirect_url );
+		exit;
+	} else {
+		$result = wpmu_activate_signup( $key );
+	}
+}
+
+if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) {
+	$key    = $_COOKIE[ $activate_cookie ];
+	$result = wpmu_activate_signup( $key );
+	setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
+}
+
+if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
+	status_header( 404 );
+} elseif ( is_wp_error( $result ) ) {
+	$error_code = $result->get_error_code();
+
+	if ( ! in_array( $error_code, $valid_error_codes ) ) {
+		status_header( 400 );
+	}
+}
+
 if ( is_object( $wp_object_cache ) )
 	$wp_object_cache->cache_enabled = false;
 
@@ -63,12 +107,13 @@ function wpmu_activate_stylesheet() {
 	<?php
 }
 add_action( 'wp_head', 'wpmu_activate_stylesheet' );
+add_action( 'wp_head', 'wp_sensitive_page_meta' );
 
 get_header();
 ?>
 
 <div id="content" class="widecolumn">
-	<?php if ( empty($_GET['key']) && empty($_POST['key']) ) { ?>
+	<?php if ( ! $key ) { ?>
 
 		<h2><?php _e('Activation Key Required') ?></h2>
 		<form name="activateform" id="activateform" method="post" action="<?php echo network_site_url('wp-activate.php'); ?>">
@@ -82,28 +127,25 @@ get_header();
 		</form>
 
 	<?php } else {
-
-		$key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
-		$result = wpmu_activate_signup( $key );
-		if ( is_wp_error($result) ) {
-			if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
-			    $signup = $result->get_error_data();
-				?>
-				<h2><?php _e('Your account is now active!'); ?></h2>
-				<?php
-				echo '<p class="lead-in">';
-				if ( $signup->domain . $signup->path == '' ) {
-					printf( __('Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.'), network_site_url( 'wp-login.php', 'login' ), $signup->user_login, $signup->user_email, wp_lostpassword_url() );
-				} else {
-					printf( __('Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.'), 'http://' . $signup->domain, $signup->domain, $signup->user_login, $signup->user_email, wp_lostpassword_url() );
-				}
-				echo '</p>';
+		if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) {
+			$signup = $result->get_error_data();
+			?>
+			<h2><?php _e('Your account is now active!'); ?></h2>
+			<?php
+			echo '<p class="lead-in">';
+			if ( $signup->domain . $signup->path == '' ) {
+				printf( __('Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.'), network_site_url( 'wp-login.php', 'login' ), $signup->user_login, $signup->user_email, wp_lostpassword_url() );
 			} else {
-				?>
-				<h2><?php _e('An error occurred during the activation'); ?></h2>
-				<?php
-			    echo '<p>'.$result->get_error_message().'</p>';
+				printf( __('Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.'), 'http://' . $signup->domain, $signup->domain, $signup->user_login, $signup->user_email, wp_lostpassword_url() );
 			}
+			echo '</p>';
+		} elseif ( $result === null || is_wp_error( $result ) ) {
+			?>
+			<h2><?php _e('An error occurred during the activation'); ?></h2>
+			<?php if ( is_wp_error( $result ) ) {
+				echo '<p>' . $result->get_error_message() . '</p>';
+			} ?>
+			<?php
 		} else {
 			$url = isset( $result['blog_id'] ) ? get_blogaddress_by_id( (int) $result['blog_id'] ) : '';
 			$user = get_userdata( (int) $result['user_id'] );

wp-admin/about.php

@@ -42,7 +42,161 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 </h2>
 
 <div class="changelog point-releases">
-	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 23 ); ?></h3>
+	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 32 ); ?></h3>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed some security issues.' ),
+			'4.0.32'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '4.0.32' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed some security issues.' ),
+			'4.0.31'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '4.0.31' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed some security issues.' ),
+			'4.0.30'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '4.0.30' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed one security issue.' ),
+			'4.0.29'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '4.0.29' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed some security issues.' ),
+			'4.0.28'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '4.0.28' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed some security issues.' ),
+			'4.0.27'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '4.0.27' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		printf(
+			/* translators: %s: WordPress version number */
+			__( '<strong>Version %s</strong> addressed a security issue.' ),
+			'4.0.26'
+		);
+		?>
+		<?php
+		printf(
+			/* translators: %s: HelpHub URL */
+			__( 'For more information, see <a href="%s">the release notes</a>.' ),
+			sprintf(
+				/* translators: %s: WordPress version */
+				esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+				sanitize_title( '4.0.26' )
+			)
+		);
+		?>
+	</p>
+	<p>
+		<?php
+		/* translators: %s: WordPress version number */
+		printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.0.25' );
+		?>
+		<?php
+		/* translators: %s: Codex URL */
+		printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.0.25' );
+		?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 1 ), '4.0.24' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.0.24' ); ?>
+	</p>
 	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
 			'<strong>Version %1$s</strong> addressed some security issues.', 2 ), '4.0.23' ); ?>
 		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.0.23' ); ?>

wp-admin/admin-ajax.php

@@ -34,7 +34,7 @@ require_once( ABSPATH . 'wp-admin/includes/admin.php' );
 /** Load Ajax Handlers for WordPress Core */
 require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
 
-@header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
+@header( 'Content-Type: text/plain; charset=' . get_option( 'blog_charset' ) );
 @header( 'X-Robots-Tag: noindex' );
 
 send_nosniff_header();

wp-admin/admin-header.php

@@ -58,13 +58,13 @@ wp_enqueue_script( 'svg-painter' );
 $admin_body_class = preg_replace('/[^a-z0-9_-]+/i', '-', $hook_suffix);
 ?>
 <script type="text/javascript">
-addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
-var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>',
-	pagenow = '<?php echo $current_screen->id; ?>',
-	typenow = '<?php echo $current_screen->post_type; ?>',
-	adminpage = '<?php echo $admin_body_class; ?>',
-	thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',
-	decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',
+addLoadEvent = function(func){if(typeof jQuery!=='undefined')jQuery(document).ready(func);else if(typeof wpOnload!=='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
+var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',
+	pagenow = '<?php echo esc_js( $current_screen->id ); ?>',
+	typenow = '<?php echo esc_js( $current_screen->post_type ); ?>',
+	adminpage = '<?php echo esc_js( $admin_body_class ); ?>',
+	thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>',
+	decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>',
 	isRtl = <?php echo (int) is_rtl(); ?>;
 </script>
 <meta name="viewport" content="width=device-width,initial-scale=1.0">

wp-admin/css/colors/blue/colors-rtl.css

@@ -48,7 +48,7 @@ input[type=radio]:checked:before {
             box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary[disabled], .wp-core-ui .button-primary:disabled, .wp-core-ui .button-primary.button-primary-disabled, .wp-core-ui .button-primary.disabled {
     color: #d1cdc7 !important;
-    background: #db9825 !important;
+    background: #db9925 !important;
     border-color: #bd831f !important;
     text-shadow: none !important; }
 .wp-core-ui .wp-ui-primary {
@@ -194,7 +194,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
   background: #4796b3; }
 
 #wpadminbar .quicklinks .menupop ul.ab-sub-secondary, #wpadminbar .quicklinks .menupop ul.ab-sub-secondary .ab-submenu {
-  background: #74b7ce; }
+  background: #74b6ce; }
 
 #wpadminbar .ab-submenu .ab-item, #wpadminbar .quicklinks .menupop ul li a, #wpadminbar .quicklinks .menupop.hover ul li a, #wpadminbar-nojs .quicklinks .menupop:hover ul li a {
   color: #e2ecf1; }
@@ -214,7 +214,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
   color: #fff;
-  background: #6ebad4; }
+  background: #6eb9d4; }
 
 #wpadminbar #adminbarsearch .adminbar-input::-webkit-input-placeholder {
   color: #fff;
@@ -234,8 +234,8 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 /* Admin Bar: my account */
 #wpadminbar .quicklinks li#wp-admin-bar-my-account.with-avatar > a img {
-  border-color: #6ebad4;
-  background-color: #6ebad4; }
+  border-color: #6eb9d4;
+  background-color: #6eb9d4; }
 
 #wpadminbar #wp-admin-bar-user-info .display-name {
   color: #fff; }
@@ -249,7 +249,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 /* Pointers */
 .wp-pointer .wp-pointer-content h3 {
   background-color: #096484;
-  border-color: #07536c; }
+  border-color: #07526c; }
 
 .wp-pointer .wp-pointer-content h3:before {
   color: #096484; }

wp-admin/css/colors/blue/colors.css

@@ -48,7 +48,7 @@ input[type=radio]:checked:before {
             box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary[disabled], .wp-core-ui .button-primary:disabled, .wp-core-ui .button-primary.button-primary-disabled, .wp-core-ui .button-primary.disabled {
     color: #d1cdc7 !important;
-    background: #db9825 !important;
+    background: #db9925 !important;
     border-color: #bd831f !important;
     text-shadow: none !important; }
 .wp-core-ui .wp-ui-primary {
@@ -194,7 +194,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
   background: #4796b3; }
 
 #wpadminbar .quicklinks .menupop ul.ab-sub-secondary, #wpadminbar .quicklinks .menupop ul.ab-sub-secondary .ab-submenu {
-  background: #74b7ce; }
+  background: #74b6ce; }
 
 #wpadminbar .ab-submenu .ab-item, #wpadminbar .quicklinks .menupop ul li a, #wpadminbar .quicklinks .menupop.hover ul li a, #wpadminbar-nojs .quicklinks .menupop:hover ul li a {
   color: #e2ecf1; }
@@ -214,7 +214,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
   color: #fff;
-  background: #6ebad4; }
+  background: #6eb9d4; }
 
 #wpadminbar #adminbarsearch .adminbar-input::-webkit-input-placeholder {
   color: #fff;
@@ -234,8 +234,8 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 /* Admin Bar: my account */
 #wpadminbar .quicklinks li#wp-admin-bar-my-account.with-avatar > a img {
-  border-color: #6ebad4;
-  background-color: #6ebad4; }
+  border-color: #6eb9d4;
+  background-color: #6eb9d4; }
 
 #wpadminbar #wp-admin-bar-user-info .display-name {
   color: #fff; }
@@ -249,7 +249,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 /* Pointers */
 .wp-pointer .wp-pointer-content h3 {
   background-color: #096484;
-  border-color: #07536c; }
+  border-color: #07526c; }
 
 .wp-pointer .wp-pointer-content h3:before {
   color: #096484; }

wp-admin/css/colors/coffee/colors-rtl.css

@@ -27,7 +27,7 @@ input[type=radio]:checked:before {
 /* Core UI */
 .wp-core-ui .button-primary {
   background: #c7a589;
-  border-color: #b78a66;
+  border-color: #b78b66;
   color: white;
   -webkit-box-shadow: inset 0 1px 0 #e0cdbd, 0 1px 0 rgba(0, 0, 0, 0.15);
           box-shadow: inset 0 1px 0 #e0cdbd, 0 1px 0 rgba(0, 0, 0, 0.15); }
@@ -41,13 +41,13 @@ input[type=radio]:checked:before {
     -webkit-box-shadow: inset 0 1px 0 #d7bfac, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
             box-shadow: inset 0 1px 0 #d7bfac, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary:active {
-    background: #b78a66;
+    background: #b78b66;
     border-color: #ae7d55;
     color: white;
     -webkit-box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
             box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary[disabled], .wp-core-ui .button-primary:disabled, .wp-core-ui .button-primary.button-primary-disabled, .wp-core-ui .button-primary.disabled {
-    color: #d1cbc7 !important;
+    color: #d1ccc7 !important;
     background: #ba906d !important;
     border-color: #ae7d55 !important;
     text-shadow: none !important; }
@@ -314,7 +314,7 @@ body.more-filters-opened .more-filters:hover:before, body.more-filters-opened .m
 /* jQuery UI Slider */
 .wp-slider .ui-slider-handle, .wp-slider .ui-slider-handle.ui-state-hover, .wp-slider .ui-slider-handle.focus {
   background: #c7a589;
-  border-color: #b78a66;
+  border-color: #b78b66;
   -webkit-box-shadow: inset 0 1px 0 #e0cdbd, 0 1px 0 rgba(0, 0, 0, 0.15);
           box-shadow: inset 0 1px 0 #e0cdbd, 0 1px 0 rgba(0, 0, 0, 0.15); }
 

wp-admin/css/colors/coffee/colors.css

@@ -27,7 +27,7 @@ input[type=radio]:checked:before {
 /* Core UI */
 .wp-core-ui .button-primary {
   background: #c7a589;
-  border-color: #b78a66;
+  border-color: #b78b66;
   color: white;
   -webkit-box-shadow: inset 0 1px 0 #e0cdbd, 0 1px 0 rgba(0, 0, 0, 0.15);
           box-shadow: inset 0 1px 0 #e0cdbd, 0 1px 0 rgba(0, 0, 0, 0.15); }
@@ -41,13 +41,13 @@ input[type=radio]:checked:before {
     -webkit-box-shadow: inset 0 1px 0 #d7bfac, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
             box-shadow: inset 0 1px 0 #d7bfac, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary:active {
-    background: #b78a66;
+    background: #b78b66;
     border-color: #ae7d55;
     color: white;
     -webkit-box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
             box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary[disabled], .wp-core-ui .button-primary:disabled, .wp-core-ui .button-primary.button-primary-disabled, .wp-core-ui .button-primary.disabled {
-    color: #d1cbc7 !important;
+    color: #d1ccc7 !important;
     background: #ba906d !important;
     border-color: #ae7d55 !important;
     text-shadow: none !important; }
@@ -314,7 +314,7 @@ body.more-filters-opened .more-filters:hover:before, body.more-filters-opened .m
 /* jQuery UI Slider */
 .wp-slider .ui-slider-handle, .wp-slider .ui-slider-handle.ui-state-hover, .wp-slider .ui-slider-handle.focus {
   background: #c7a589;
-  border-color: #b78a66;
+  border-color: #b78b66;
   -webkit-box-shadow: inset 0 1px 0 #e0cdbd, 0 1px 0 rgba(0, 0, 0, 0.15);
           box-shadow: inset 0 1px 0 #e0cdbd, 0 1px 0 rgba(0, 0, 0, 0.15); }
 

wp-admin/css/colors/ectoplasm/colors-rtl.css

@@ -27,21 +27,21 @@ input[type=radio]:checked:before {
 /* Core UI */
 .wp-core-ui .button-primary {
   background: #a3b745;
-  border-color: #839237;
+  border-color: #829237;
   color: white;
-  -webkit-box-shadow: inset 0 1px 0 #c0cd7b, 0 1px 0 rgba(0, 0, 0, 0.15);
-          box-shadow: inset 0 1px 0 #c0cd7b, 0 1px 0 rgba(0, 0, 0, 0.15); }
+  -webkit-box-shadow: inset 0 1px 0 #bfcd7b, 0 1px 0 rgba(0, 0, 0, 0.15);
+          box-shadow: inset 0 1px 0 #bfcd7b, 0 1px 0 rgba(0, 0, 0, 0.15); }
   .wp-core-ui .button-primary:hover, .wp-core-ui .button-primary:focus {
     background: #93a43e;
     border-color: #727f30;
     color: white;
-    -webkit-box-shadow: inset 0 1px 0 #b7c669;
-            box-shadow: inset 0 1px 0 #b7c669; }
+    -webkit-box-shadow: inset 0 1px 0 #b6c669;
+            box-shadow: inset 0 1px 0 #b6c669; }
   .wp-core-ui .button-primary:focus {
-    -webkit-box-shadow: inset 0 1px 0 #b7c669, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
-            box-shadow: inset 0 1px 0 #b7c669, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
+    -webkit-box-shadow: inset 0 1px 0 #b6c669, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
+            box-shadow: inset 0 1px 0 #b6c669, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary:active {
-    background: #839237;
+    background: #829237;
     border-color: #727f30;
     color: white;
     -webkit-box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
@@ -214,7 +214,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
   color: #fff;
-  background: #624c84; }
+  background: #634c84; }
 
 #wpadminbar #adminbarsearch .adminbar-input::-webkit-input-placeholder {
   color: #fff;
@@ -234,8 +234,8 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 /* Admin Bar: my account */
 #wpadminbar .quicklinks li#wp-admin-bar-my-account.with-avatar > a img {
-  border-color: #624c84;
-  background-color: #624c84; }
+  border-color: #634c84;
+  background-color: #634c84; }
 
 #wpadminbar #wp-admin-bar-user-info .display-name {
   color: #fff; }
@@ -314,9 +314,9 @@ body.more-filters-opened .more-filters:hover:before, body.more-filters-opened .m
 /* jQuery UI Slider */
 .wp-slider .ui-slider-handle, .wp-slider .ui-slider-handle.ui-state-hover, .wp-slider .ui-slider-handle.focus {
   background: #a3b745;
-  border-color: #839237;
-  -webkit-box-shadow: inset 0 1px 0 #c0cd7b, 0 1px 0 rgba(0, 0, 0, 0.15);
-          box-shadow: inset 0 1px 0 #c0cd7b, 0 1px 0 rgba(0, 0, 0, 0.15); }
+  border-color: #829237;
+  -webkit-box-shadow: inset 0 1px 0 #bfcd7b, 0 1px 0 rgba(0, 0, 0, 0.15);
+          box-shadow: inset 0 1px 0 #bfcd7b, 0 1px 0 rgba(0, 0, 0, 0.15); }
 
 /* Thickbox: Plugin information */
 #sidemenu a.current {

wp-admin/css/colors/ectoplasm/colors.css

@@ -27,21 +27,21 @@ input[type=radio]:checked:before {
 /* Core UI */
 .wp-core-ui .button-primary {
   background: #a3b745;
-  border-color: #839237;
+  border-color: #829237;
   color: white;
-  -webkit-box-shadow: inset 0 1px 0 #c0cd7b, 0 1px 0 rgba(0, 0, 0, 0.15);
-          box-shadow: inset 0 1px 0 #c0cd7b, 0 1px 0 rgba(0, 0, 0, 0.15); }
+  -webkit-box-shadow: inset 0 1px 0 #bfcd7b, 0 1px 0 rgba(0, 0, 0, 0.15);
+          box-shadow: inset 0 1px 0 #bfcd7b, 0 1px 0 rgba(0, 0, 0, 0.15); }
   .wp-core-ui .button-primary:hover, .wp-core-ui .button-primary:focus {
     background: #93a43e;
     border-color: #727f30;
     color: white;
-    -webkit-box-shadow: inset 0 1px 0 #b7c669;
-            box-shadow: inset 0 1px 0 #b7c669; }
+    -webkit-box-shadow: inset 0 1px 0 #b6c669;
+            box-shadow: inset 0 1px 0 #b6c669; }
   .wp-core-ui .button-primary:focus {
-    -webkit-box-shadow: inset 0 1px 0 #b7c669, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
-            box-shadow: inset 0 1px 0 #b7c669, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
+    -webkit-box-shadow: inset 0 1px 0 #b6c669, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
+            box-shadow: inset 0 1px 0 #b6c669, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary:active {
-    background: #839237;
+    background: #829237;
     border-color: #727f30;
     color: white;
     -webkit-box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
@@ -214,7 +214,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
   color: #fff;
-  background: #624c84; }
+  background: #634c84; }
 
 #wpadminbar #adminbarsearch .adminbar-input::-webkit-input-placeholder {
   color: #fff;
@@ -234,8 +234,8 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 /* Admin Bar: my account */
 #wpadminbar .quicklinks li#wp-admin-bar-my-account.with-avatar > a img {
-  border-color: #624c84;
-  background-color: #624c84; }
+  border-color: #634c84;
+  background-color: #634c84; }
 
 #wpadminbar #wp-admin-bar-user-info .display-name {
   color: #fff; }
@@ -314,9 +314,9 @@ body.more-filters-opened .more-filters:hover:before, body.more-filters-opened .m
 /* jQuery UI Slider */
 .wp-slider .ui-slider-handle, .wp-slider .ui-slider-handle.ui-state-hover, .wp-slider .ui-slider-handle.focus {
   background: #a3b745;
-  border-color: #839237;
-  -webkit-box-shadow: inset 0 1px 0 #c0cd7b, 0 1px 0 rgba(0, 0, 0, 0.15);
-          box-shadow: inset 0 1px 0 #c0cd7b, 0 1px 0 rgba(0, 0, 0, 0.15); }
+  border-color: #829237;
+  -webkit-box-shadow: inset 0 1px 0 #bfcd7b, 0 1px 0 rgba(0, 0, 0, 0.15);
+          box-shadow: inset 0 1px 0 #bfcd7b, 0 1px 0 rgba(0, 0, 0, 0.15); }
 
 /* Thickbox: Plugin information */
 #sidemenu a.current {

wp-admin/css/colors/midnight/colors-rtl.css

@@ -27,29 +27,29 @@ input[type=radio]:checked:before {
 /* Core UI */
 .wp-core-ui .button-primary {
   background: #e14d43;
-  border-color: #d02a21;
+  border-color: #d02c21;
   color: white;
-  -webkit-box-shadow: inset 0 1px 0 #ec8a85, 0 1px 0 rgba(0, 0, 0, 0.15);
-          box-shadow: inset 0 1px 0 #ec8a85, 0 1px 0 rgba(0, 0, 0, 0.15); }
+  -webkit-box-shadow: inset 0 1px 0 #ec8b85, 0 1px 0 rgba(0, 0, 0, 0.15);
+          box-shadow: inset 0 1px 0 #ec8b85, 0 1px 0 rgba(0, 0, 0, 0.15); }
   .wp-core-ui .button-primary:hover, .wp-core-ui .button-primary:focus {
-    background: #dd362d;
-    border-color: #ba251e;
+    background: #dd382d;
+    border-color: #ba281e;
     color: white;
-    -webkit-box-shadow: inset 0 1px 0 #e8756f;
-            box-shadow: inset 0 1px 0 #e8756f; }
+    -webkit-box-shadow: inset 0 1px 0 #e8776f;
+            box-shadow: inset 0 1px 0 #e8776f; }
   .wp-core-ui .button-primary:focus {
-    -webkit-box-shadow: inset 0 1px 0 #e8756f, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
-            box-shadow: inset 0 1px 0 #e8756f, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
+    -webkit-box-shadow: inset 0 1px 0 #e8776f, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
+            box-shadow: inset 0 1px 0 #e8776f, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary:active {
-    background: #d02a21;
-    border-color: #ba251e;
+    background: #d02c21;
+    border-color: #ba281e;
     color: white;
     -webkit-box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
             box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary[disabled], .wp-core-ui .button-primary:disabled, .wp-core-ui .button-primary.button-primary-disabled, .wp-core-ui .button-primary.disabled {
-    color: #d1c7c7 !important;
-    background: #d92c23 !important;
-    border-color: #ba251e !important;
+    color: #d1c8c7 !important;
+    background: #d92e23 !important;
+    border-color: #ba281e !important;
     text-shadow: none !important; }
 .wp-core-ui .wp-ui-primary {
   color: #fff;
@@ -249,7 +249,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 /* Pointers */
 .wp-pointer .wp-pointer-content h3 {
   background-color: #e14d43;
-  border-color: #dd362d; }
+  border-color: #dd382d; }
 
 .wp-pointer .wp-pointer-content h3:before {
   color: #e14d43; }
@@ -314,9 +314,9 @@ body.more-filters-opened .more-filters:hover:before, body.more-filters-opened .m
 /* jQuery UI Slider */
 .wp-slider .ui-slider-handle, .wp-slider .ui-slider-handle.ui-state-hover, .wp-slider .ui-slider-handle.focus {
   background: #e14d43;
-  border-color: #d02a21;
-  -webkit-box-shadow: inset 0 1px 0 #ec8a85, 0 1px 0 rgba(0, 0, 0, 0.15);
-          box-shadow: inset 0 1px 0 #ec8a85, 0 1px 0 rgba(0, 0, 0, 0.15); }
+  border-color: #d02c21;
+  -webkit-box-shadow: inset 0 1px 0 #ec8b85, 0 1px 0 rgba(0, 0, 0, 0.15);
+          box-shadow: inset 0 1px 0 #ec8b85, 0 1px 0 rgba(0, 0, 0, 0.15); }
 
 /* Thickbox: Plugin information */
 #sidemenu a.current {

wp-admin/css/colors/midnight/colors.css

@@ -27,29 +27,29 @@ input[type=radio]:checked:before {
 /* Core UI */
 .wp-core-ui .button-primary {
   background: #e14d43;
-  border-color: #d02a21;
+  border-color: #d02c21;
   color: white;
-  -webkit-box-shadow: inset 0 1px 0 #ec8a85, 0 1px 0 rgba(0, 0, 0, 0.15);
-          box-shadow: inset 0 1px 0 #ec8a85, 0 1px 0 rgba(0, 0, 0, 0.15); }
+  -webkit-box-shadow: inset 0 1px 0 #ec8b85, 0 1px 0 rgba(0, 0, 0, 0.15);
+          box-shadow: inset 0 1px 0 #ec8b85, 0 1px 0 rgba(0, 0, 0, 0.15); }
   .wp-core-ui .button-primary:hover, .wp-core-ui .button-primary:focus {
-    background: #dd362d;
-    border-color: #ba251e;
+    background: #dd382d;
+    border-color: #ba281e;
     color: white;
-    -webkit-box-shadow: inset 0 1px 0 #e8756f;
-            box-shadow: inset 0 1px 0 #e8756f; }
+    -webkit-box-shadow: inset 0 1px 0 #e8776f;
+            box-shadow: inset 0 1px 0 #e8776f; }
   .wp-core-ui .button-primary:focus {
-    -webkit-box-shadow: inset 0 1px 0 #e8756f, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
-            box-shadow: inset 0 1px 0 #e8756f, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
+    -webkit-box-shadow: inset 0 1px 0 #e8776f, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
+            box-shadow: inset 0 1px 0 #e8776f, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary:active {
-    background: #d02a21;
-    border-color: #ba251e;
+    background: #d02c21;
+    border-color: #ba281e;
     color: white;
     -webkit-box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
             box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary[disabled], .wp-core-ui .button-primary:disabled, .wp-core-ui .button-primary.button-primary-disabled, .wp-core-ui .button-primary.disabled {
-    color: #d1c7c7 !important;
-    background: #d92c23 !important;
-    border-color: #ba251e !important;
+    color: #d1c8c7 !important;
+    background: #d92e23 !important;
+    border-color: #ba281e !important;
     text-shadow: none !important; }
 .wp-core-ui .wp-ui-primary {
   color: #fff;
@@ -249,7 +249,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 /* Pointers */
 .wp-pointer .wp-pointer-content h3 {
   background-color: #e14d43;
-  border-color: #dd362d; }
+  border-color: #dd382d; }
 
 .wp-pointer .wp-pointer-content h3:before {
   color: #e14d43; }
@@ -314,9 +314,9 @@ body.more-filters-opened .more-filters:hover:before, body.more-filters-opened .m
 /* jQuery UI Slider */
 .wp-slider .ui-slider-handle, .wp-slider .ui-slider-handle.ui-state-hover, .wp-slider .ui-slider-handle.focus {
   background: #e14d43;
-  border-color: #d02a21;
-  -webkit-box-shadow: inset 0 1px 0 #ec8a85, 0 1px 0 rgba(0, 0, 0, 0.15);
-          box-shadow: inset 0 1px 0 #ec8a85, 0 1px 0 rgba(0, 0, 0, 0.15); }
+  border-color: #d02c21;
+  -webkit-box-shadow: inset 0 1px 0 #ec8b85, 0 1px 0 rgba(0, 0, 0, 0.15);
+          box-shadow: inset 0 1px 0 #ec8b85, 0 1px 0 rgba(0, 0, 0, 0.15); }
 
 /* Thickbox: Plugin information */
 #sidemenu a.current {

wp-admin/css/colors/ocean/colors-rtl.css

@@ -48,7 +48,7 @@ input[type=radio]:checked:before {
             box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary[disabled], .wp-core-ui .button-primary:disabled, .wp-core-ui .button-primary.button-primary-disabled, .wp-core-ui .button-primary.disabled {
     color: #c7d1c8 !important;
-    background: #86a988 !important;
+    background: #86a989 !important;
     border-color: #719a74 !important;
     text-shadow: none !important; }
 .wp-core-ui .wp-ui-primary {
@@ -194,7 +194,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
   background: #627c83; }
 
 #wpadminbar .quicklinks .menupop ul.ab-sub-secondary, #wpadminbar .quicklinks .menupop ul.ab-sub-secondary .ab-submenu {
-  background: #8f9b9e; }
+  background: #8f9a9e; }
 
 #wpadminbar .ab-submenu .ab-item, #wpadminbar .quicklinks .menupop ul li a, #wpadminbar .quicklinks .menupop.hover ul li a, #wpadminbar-nojs .quicklinks .menupop:hover ul li a {
   color: #d5dddf; }
@@ -214,7 +214,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
   color: #fff;
-  background: #879fa5; }
+  background: #879ea5; }
 
 #wpadminbar #adminbarsearch .adminbar-input::-webkit-input-placeholder {
   color: #fff;
@@ -234,8 +234,8 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 /* Admin Bar: my account */
 #wpadminbar .quicklinks li#wp-admin-bar-my-account.with-avatar > a img {
-  border-color: #879fa5;
-  background-color: #879fa5; }
+  border-color: #879ea5;
+  background-color: #879ea5; }
 
 #wpadminbar #wp-admin-bar-user-info .display-name {
   color: #fff; }

wp-admin/css/colors/ocean/colors.css

@@ -48,7 +48,7 @@ input[type=radio]:checked:before {
             box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary[disabled], .wp-core-ui .button-primary:disabled, .wp-core-ui .button-primary.button-primary-disabled, .wp-core-ui .button-primary.disabled {
     color: #c7d1c8 !important;
-    background: #86a988 !important;
+    background: #86a989 !important;
     border-color: #719a74 !important;
     text-shadow: none !important; }
 .wp-core-ui .wp-ui-primary {
@@ -194,7 +194,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
   background: #627c83; }
 
 #wpadminbar .quicklinks .menupop ul.ab-sub-secondary, #wpadminbar .quicklinks .menupop ul.ab-sub-secondary .ab-submenu {
-  background: #8f9b9e; }
+  background: #8f9a9e; }
 
 #wpadminbar .ab-submenu .ab-item, #wpadminbar .quicklinks .menupop ul li a, #wpadminbar .quicklinks .menupop.hover ul li a, #wpadminbar-nojs .quicklinks .menupop:hover ul li a {
   color: #d5dddf; }
@@ -214,7 +214,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
   color: #fff;
-  background: #879fa5; }
+  background: #879ea5; }
 
 #wpadminbar #adminbarsearch .adminbar-input::-webkit-input-placeholder {
   color: #fff;
@@ -234,8 +234,8 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 /* Admin Bar: my account */
 #wpadminbar .quicklinks li#wp-admin-bar-my-account.with-avatar > a img {
-  border-color: #879fa5;
-  background-color: #879fa5; }
+  border-color: #879ea5;
+  background-color: #879ea5; }
 
 #wpadminbar #wp-admin-bar-user-info .display-name {
   color: #fff; }

wp-admin/css/colors/sunrise/colors-rtl.css

@@ -27,29 +27,29 @@ input[type=radio]:checked:before {
 /* Core UI */
 .wp-core-ui .button-primary {
   background: #dd823b;
-  border-color: #c36822;
+  border-color: #c36922;
   color: white;
-  -webkit-box-shadow: inset 0 1px 0 #e8ab7c, 0 1px 0 rgba(0, 0, 0, 0.15);
-          box-shadow: inset 0 1px 0 #e8ab7c, 0 1px 0 rgba(0, 0, 0, 0.15); }
+  -webkit-box-shadow: inset 0 1px 0 #e8ac7c, 0 1px 0 rgba(0, 0, 0, 0.15);
+          box-shadow: inset 0 1px 0 #e8ac7c, 0 1px 0 rgba(0, 0, 0, 0.15); }
   .wp-core-ui .button-primary:hover, .wp-core-ui .button-primary:focus {
-    background: #d97326;
-    border-color: #ad5c1e;
+    background: #d97426;
+    border-color: #ad5d1e;
     color: white;
-    -webkit-box-shadow: inset 0 1px 0 #e59d66;
-            box-shadow: inset 0 1px 0 #e59d66; }
+    -webkit-box-shadow: inset 0 1px 0 #e59e66;
+            box-shadow: inset 0 1px 0 #e59e66; }
   .wp-core-ui .button-primary:focus {
-    -webkit-box-shadow: inset 0 1px 0 #e59d66, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
-            box-shadow: inset 0 1px 0 #e59d66, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
+    -webkit-box-shadow: inset 0 1px 0 #e59e66, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
+            box-shadow: inset 0 1px 0 #e59e66, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary:active {
-    background: #c36822;
-    border-color: #ad5c1e;
+    background: #c36922;
+    border-color: #ad5d1e;
     color: white;
     -webkit-box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
             box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary[disabled], .wp-core-ui .button-primary:disabled, .wp-core-ui .button-primary.button-primary-disabled, .wp-core-ui .button-primary.disabled {
     color: #d1cbc7 !important;
-    background: #cc6c23 !important;
-    border-color: #ad5c1e !important;
+    background: #cc6d23 !important;
+    border-color: #ad5d1e !important;
     text-shadow: none !important; }
 .wp-core-ui .wp-ui-primary {
   color: #fff;
@@ -214,7 +214,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
   color: #fff;
-  background: #d66460; }
+  background: #d66560; }
 
 #wpadminbar #adminbarsearch .adminbar-input::-webkit-input-placeholder {
   color: #fff;
@@ -234,8 +234,8 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 /* Admin Bar: my account */
 #wpadminbar .quicklinks li#wp-admin-bar-my-account.with-avatar > a img {
-  border-color: #d66460;
-  background-color: #d66460; }
+  border-color: #d66560;
+  background-color: #d66560; }
 
 #wpadminbar #wp-admin-bar-user-info .display-name {
   color: #fff; }
@@ -249,7 +249,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 /* Pointers */
 .wp-pointer .wp-pointer-content h3 {
   background-color: #dd823b;
-  border-color: #d97326; }
+  border-color: #d97426; }
 
 .wp-pointer .wp-pointer-content h3:before {
   color: #dd823b; }
@@ -314,9 +314,9 @@ body.more-filters-opened .more-filters:hover:before, body.more-filters-opened .m
 /* jQuery UI Slider */
 .wp-slider .ui-slider-handle, .wp-slider .ui-slider-handle.ui-state-hover, .wp-slider .ui-slider-handle.focus {
   background: #dd823b;
-  border-color: #c36822;
-  -webkit-box-shadow: inset 0 1px 0 #e8ab7c, 0 1px 0 rgba(0, 0, 0, 0.15);
-          box-shadow: inset 0 1px 0 #e8ab7c, 0 1px 0 rgba(0, 0, 0, 0.15); }
+  border-color: #c36922;
+  -webkit-box-shadow: inset 0 1px 0 #e8ac7c, 0 1px 0 rgba(0, 0, 0, 0.15);
+          box-shadow: inset 0 1px 0 #e8ac7c, 0 1px 0 rgba(0, 0, 0, 0.15); }
 
 /* Thickbox: Plugin information */
 #sidemenu a.current {

wp-admin/css/colors/sunrise/colors.css

@@ -27,29 +27,29 @@ input[type=radio]:checked:before {
 /* Core UI */
 .wp-core-ui .button-primary {
   background: #dd823b;
-  border-color: #c36822;
+  border-color: #c36922;
   color: white;
-  -webkit-box-shadow: inset 0 1px 0 #e8ab7c, 0 1px 0 rgba(0, 0, 0, 0.15);
-          box-shadow: inset 0 1px 0 #e8ab7c, 0 1px 0 rgba(0, 0, 0, 0.15); }
+  -webkit-box-shadow: inset 0 1px 0 #e8ac7c, 0 1px 0 rgba(0, 0, 0, 0.15);
+          box-shadow: inset 0 1px 0 #e8ac7c, 0 1px 0 rgba(0, 0, 0, 0.15); }
   .wp-core-ui .button-primary:hover, .wp-core-ui .button-primary:focus {
-    background: #d97326;
-    border-color: #ad5c1e;
+    background: #d97426;
+    border-color: #ad5d1e;
     color: white;
-    -webkit-box-shadow: inset 0 1px 0 #e59d66;
-            box-shadow: inset 0 1px 0 #e59d66; }
+    -webkit-box-shadow: inset 0 1px 0 #e59e66;
+            box-shadow: inset 0 1px 0 #e59e66; }
   .wp-core-ui .button-primary:focus {
-    -webkit-box-shadow: inset 0 1px 0 #e59d66, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
-            box-shadow: inset 0 1px 0 #e59d66, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
+    -webkit-box-shadow: inset 0 1px 0 #e59e66, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
+            box-shadow: inset 0 1px 0 #e59e66, 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary:active {
-    background: #c36822;
-    border-color: #ad5c1e;
+    background: #c36922;
+    border-color: #ad5d1e;
     color: white;
     -webkit-box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8);
             box-shadow: inset 0 2px 5px -3px rgba(0, 0, 0, 0.5), 0 0 0 1px #5b9dd9, 0 0 2px 1px rgba(30, 140, 190, 0.8); }
   .wp-core-ui .button-primary[disabled], .wp-core-ui .button-primary:disabled, .wp-core-ui .button-primary.button-primary-disabled, .wp-core-ui .button-primary.disabled {
     color: #d1cbc7 !important;
-    background: #cc6c23 !important;
-    border-color: #ad5c1e !important;
+    background: #cc6d23 !important;
+    border-color: #ad5d1e !important;
     text-shadow: none !important; }
 .wp-core-ui .wp-ui-primary {
   color: #fff;
@@ -214,7 +214,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 #wpadminbar > #wp-toolbar > #wp-admin-bar-top-secondary > #wp-admin-bar-search #adminbarsearch input.adminbar-input:focus {
   color: #fff;
-  background: #d66460; }
+  background: #d66560; }
 
 #wpadminbar #adminbarsearch .adminbar-input::-webkit-input-placeholder {
   color: #fff;
@@ -234,8 +234,8 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 
 /* Admin Bar: my account */
 #wpadminbar .quicklinks li#wp-admin-bar-my-account.with-avatar > a img {
-  border-color: #d66460;
-  background-color: #d66460; }
+  border-color: #d66560;
+  background-color: #d66560; }
 
 #wpadminbar #wp-admin-bar-user-info .display-name {
   color: #fff; }
@@ -249,7 +249,7 @@ ul#adminmenu a.wp-has-current-submenu:after, ul#adminmenu > li.current > a.curre
 /* Pointers */
 .wp-pointer .wp-pointer-content h3 {
   background-color: #dd823b;
-  border-color: #d97326; }
+  border-color: #d97426; }
 
 .wp-pointer .wp-pointer-content h3:before {
   color: #dd823b; }
@@ -314,9 +314,9 @@ body.more-filters-opened .more-filters:hover:before, body.more-filters-opened .m
 /* jQuery UI Slider */
 .wp-slider .ui-slider-handle, .wp-slider .ui-slider-handle.ui-state-hover, .wp-slider .ui-slider-handle.focus {
   background: #dd823b;
-  border-color: #c36822;
-  -webkit-box-shadow: inset 0 1px 0 #e8ab7c, 0 1px 0 rgba(0, 0, 0, 0.15);
-          box-shadow: inset 0 1px 0 #e8ab7c, 0 1px 0 rgba(0, 0, 0, 0.15); }
+  border-color: #c36922;
+  -webkit-box-shadow: inset 0 1px 0 #e8ac7c, 0 1px 0 rgba(0, 0, 0, 0.15);
+          box-shadow: inset 0 1px 0 #e8ac7c, 0 1px 0 rgba(0, 0, 0, 0.15); }
 
 /* Thickbox: Plugin information */
 #sidemenu a.current {

wp-admin/custom-background.php

@@ -464,6 +464,7 @@ if ( current_theme_supports( 'custom-background', 'default-color' ) )
 	}
 
 	public function wp_set_background_image() {
+		check_ajax_referer( 'custom-background' );
 		if ( ! current_user_can('edit_theme_options') || ! isset( $_POST['attachment_id'] ) ) exit;
 		$attachment_id = absint($_POST['attachment_id']);
 		/** This filter is documented in wp-admin/includes/media.php */

wp-admin/custom-header.php

@@ -390,7 +390,7 @@ class Custom_Image_Header {
 <script type="text/javascript">
 /* <![CDATA[ */
 (function($){
-	var default_color = '<?php echo $default_color; ?>',
+	var default_color = '<?php echo esc_js( $default_color ); ?>',
 		header_text_fields;
 
 	function pickColor(color) {

wp-admin/includes/ajax-actions.php

@@ -943,6 +943,8 @@ function wp_ajax_replyto_comment( $action ) {
 			if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
 				kses_remove_filters(); // start with a clean slate
 				kses_init_filters(); // set up the filters
+				remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+				add_filter( 'pre_comment_content', 'wp_filter_kses' );
 			}
 		}
 	} else {
@@ -1835,7 +1837,11 @@ function wp_ajax_upload_attachment() {
 		$post_id = null;
 	}
 
-	$post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
+	$post_data = ! empty( $_REQUEST['post_data'] ) ? _wp_get_allowed_postdata( _wp_translate_postdata( false, (array) $_REQUEST['post_data'] ) ) : array();
+
+	if ( is_wp_error( $post_data ) ) {
+		wp_die( $post_data->get_error_message() );
+	}
 
 	// If the context is custom header or background, make sure the uploaded file is an image.
 	if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
@@ -1845,7 +1851,7 @@ function wp_ajax_upload_attachment() {
 				'success' => false,
 				'data'    => array(
 					'message'  => __( 'The uploaded file is not a valid image. Please try again.' ),
-					'filename' => $_FILES['async-upload']['name'],
+					'filename' => esc_html( $_FILES['async-upload']['name'] ),
 				)
 			) );
 
@@ -1860,7 +1866,7 @@ function wp_ajax_upload_attachment() {
 			'success' => false,
 			'data'    => array(
 				'message'  => $attachment_id->get_error_message(),
-				'filename' => $_FILES['async-upload']['name'],
+				'filename' => esc_html( $_FILES['async-upload']['name'] ),
 			)
 		) );
 

wp-admin/includes/media.php

@@ -434,7 +434,7 @@ wp_enqueue_style( 'ie' );
 <script type="text/javascript">
 //<![CDATA[
 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
-var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',
+var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',
 isRtl = <?php echo (int) is_rtl(); ?>;
 //]]>
 </script>
@@ -2689,8 +2689,11 @@ function edit_form_image_editor( $post ) {
 	<label for="content"><strong><?php _e( 'Description' ); ?></strong><?php
 	if ( preg_match( '#^(audio|video)/#', $post->post_mime_type ) ) {
 		echo ': ' . __( 'Displayed on attachment pages.' );
-	} ?></label>
-	<?php wp_editor( $post->post_content, 'attachment_content', $editor_args ); ?>
+	}
+
+	?>
+	</label>
+	<?php wp_editor( format_to_edit( $post->post_content ), 'attachment_content', $editor_args ); ?>
 
 	</div>
 	<?php

wp-admin/includes/misc.php

@@ -405,24 +405,48 @@ function set_screen_options() {
 					return;
 				break;
 			default:
+				$screen_option = false;
+
+				if ( '_page' === substr( $option, -5 ) || 'layout_columns' === $option ) {
+					/**
+					 * Filters a screen option value before it is set.
+					 *
+					 * The filter can also be used to modify non-standard [items]_per_page
+					 * settings. See the parent function for a full list of standard options.
+					 *
+					 * Returning false to the filter will skip saving the current option.
+					 *
+					 * @since 2.8.0
+					 * @since 5.4.2 Only applied to options ending with '_page',
+					 *              or the 'layout_columns' option.
+					 *
+					 * @see set_screen_options()
+					 *
+					 * @param mixed  $screen_option The value to save instead of the option value.
+					 *                              Default false (to skip saving the current option).
+					 * @param string $option        The option name.
+					 * @param int    $value         The option value.
+					 */
+					$screen_option = apply_filters( 'set-screen-option', $screen_option, $option, $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
+				}
 
 				/**
 				 * Filter a screen option value before it is set.
 				 *
-				 * The filter can also be used to modify non-standard [items]_per_page
-				 * settings. See the parent function for a full list of standard options.
+				 * The dynamic portion of the hook, `$option`, refers to the option name.
 				 *
 				 * Returning false to the filter will skip saving the current option.
 				 *
-				 * @since 2.8.0
+				 * @since 5.4.2
 				 *
 				 * @see set_screen_options()
 				 *
-				 * @param bool|int $value  Screen option value. Default false to skip.
-				 * @param string   $option The option name.
-				 * @param int      $value  The number of rows to use.
+				 * @param mixed   $screen_option The value to save instead of the option value.
+				 *                               Default false (to skip saving the current option).
+				 * @param string  $option        The option name.
+				 * @param int     $value         The option value.
 				 */
-				$value = apply_filters( 'set-screen-option', false, $option, $value );
+				$value = apply_filters( "set_screen_option_{$option}", $screen_option, $option, $value );
 
 				if ( false === $value )
 					return;

wp-admin/includes/post.php

@@ -175,6 +175,27 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 	return $post_data;
 }
 
+/**
+ * Returns only allowed post data fields
+ *
+ * @since 4.9.9
+ *
+ * @param array $post_data Array of post data. Defaults to the contents of $_POST.
+ * @return object|bool WP_Error on failure, true on success.
+ */
+function _wp_get_allowed_postdata( $post_data = null ) {
+	if ( empty( $post_data ) ) {
+		$post_data = $_POST;
+	}
+
+	// Pass through errors
+	if ( is_wp_error( $post_data ) ) {
+		return $post_data;
+	}
+
+	return array_diff_key( $post_data, array_flip( array( 'meta_input', 'file', 'guid' ) ) );
+}
+
 /**
  * Update an existing post with values provided in $_POST.
  *
@@ -241,6 +262,7 @@ function edit_post( $post_data = null ) {
 	$post_data = _wp_translate_postdata( true, $post_data );
 	if ( is_wp_error($post_data) )
 		wp_die( $post_data->get_error_message() );
+	$translated = _wp_get_allowed_postdata( $post_data );
 
 	// Post Formats
 	if ( isset( $post_data['post_format'] ) )
@@ -318,25 +340,25 @@ function edit_post( $post_data = null ) {
 		$attachment_data = isset( $post_data['attachments'][ $post_ID ] ) ? $post_data['attachments'][ $post_ID ] : array();
 
 		/** This filter is documented in wp-admin/includes/media.php */
-		$post_data = apply_filters( 'attachment_fields_to_save', $post_data, $attachment_data );
+		$translated = apply_filters( 'attachment_fields_to_save', $translated, $attachment_data );
 	}
 
 	add_meta( $post_ID );
 
 	update_post_meta( $post_ID, '_edit_last', get_current_user_id() );
 
-	$success = wp_update_post( $post_data );
+	$success = wp_update_post( $translated );
 	// If the save failed, see if we can sanity check the main fields and try again
 	if ( ! $success && is_callable( array( $wpdb, 'strip_invalid_text_for_column' ) ) ) {
 		$fields = array( 'post_title', 'post_content', 'post_excerpt' );
 
 		foreach( $fields as $field ) {
-			if ( isset( $post_data[ $field ] ) ) {
-				$post_data[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $post_data[ $field ] );
+			if ( isset( $translated[ $field ] ) ) {
+				$translated[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $translated[ $field ] );
 			}
 		}
 
-		wp_update_post( $post_data );
+		wp_update_post( $translated );
 	}
 
 	// Now that we have an ID we can fix any attachment anchor hrefs
@@ -494,9 +516,9 @@ function bulk_edit_posts( $post_data = null ) {
 			unset( $post_data['tax_input']['category'] );
 		}
 
+		$post_data['post_ID']        = $post_ID;
 		$post_data['post_type'] = $post->post_type;
 		$post_data['post_mime_type'] = $post->post_mime_type;
-		$post_data['guid'] = $post->guid;
 
 		foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) {
 			if ( ! isset( $post_data[ $field ] ) ) {
@@ -504,14 +526,12 @@ function bulk_edit_posts( $post_data = null ) {
 			}
 		}
 
-		$post_data['ID'] = $post_ID;
-		$post_data['post_ID'] = $post_ID;
-
 		$post_data = _wp_translate_postdata( true, $post_data );
 		if ( is_wp_error( $post_data ) ) {
 			$skipped[] = $post_ID;
 			continue;
 		}
+		$post_data = _wp_get_allowed_postdata( $post_data );
 
 		$updated[] = wp_update_post( $post_data );
 
@@ -522,8 +542,8 @@ function bulk_edit_posts( $post_data = null ) {
 				unstick_post( $post_ID );
 		}
 
-		if ( isset( $post_data['post_format'] ) )
-			set_post_format( $post_ID, $post_data['post_format'] );
+		if ( isset( $shared_post_data['post_format'] ) )
+			set_post_format( $post_ID, $shared_post_data['post_format'] );
 	}
 
 	return array( 'updated' => $updated, 'skipped' => $skipped, 'locked' => $locked );
@@ -699,9 +719,10 @@ function wp_write_post() {
 	$translated = _wp_translate_postdata( false );
 	if ( is_wp_error($translated) )
 		return $translated;
+	$translated = _wp_get_allowed_postdata( $translated );
 
 	// Create the post.
-	$post_ID = wp_insert_post( $_POST );
+	$post_ID = wp_insert_post( $translated );
 	if ( is_wp_error( $post_ID ) )
 		return $post_ID;
 
@@ -1546,6 +1567,7 @@ function wp_create_post_autosave( $post_data ) {
 	$post_data = _wp_translate_postdata( true, $post_data );
 	if ( is_wp_error( $post_data ) )
 		return $post_data;
+	$post_data = _wp_get_allowed_postdata( $post_data );
 
 	$post_author = get_current_user_id();
 

wp-admin/includes/screen.php

@@ -449,7 +449,9 @@ final class WP_Screen {
 
 			switch ( $base ) {
 				case 'post' :
-					if ( isset( $_GET['post'] ) )
+					if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] )
+						wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
+					elseif ( isset( $_GET['post'] ) )
 						$post_id = (int) $_GET['post'];
 					elseif ( isset( $_POST['post_ID'] ) )
 						$post_id = (int) $_POST['post_ID'];

wp-admin/includes/template.php

@@ -1535,12 +1535,12 @@ wp_enqueue_style( 'colors' );
 //<![CDATA[
 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
 function tb_close(){var win=window.dialogArguments||opener||parent||top;win.tb_remove();}
-var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>',
-	pagenow = '<?php echo $current_screen->id; ?>',
-	typenow = '<?php echo $current_screen->post_type; ?>',
-	adminpage = '<?php echo $admin_body_class; ?>',
-	thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',
-	decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',
+var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',
+	pagenow = '<?php echo esc_js( $current_screen->id ); ?>',
+	typenow = '<?php echo esc_js( $current_screen->post_type ); ?>',
+	adminpage = '<?php echo esc_js( $admin_body_class ); ?>',
+	thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>',
+	decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>',
 	isRtl = <?php echo (int) is_rtl(); ?>;
 //]]>
 </script>

wp-admin/js/custom-background.js

@@ -56,11 +56,13 @@
 			frame.on( 'select', function() {
 				// Grab the selected attachment.
 				var attachment = frame.state().get('selection').first();
+				var nonceValue = $( '#_wpnonce' ).val() || '';
 
 				// Run an AJAX request to set the background image.
 				$.post( ajaxurl, {
 					action: 'set-background-image',
 					attachment_id: attachment.id,
+					_ajax_nonce: nonceValue,
 					size: 'full'
 				}).done( function() {
 					// When the request completes, reload the window.

wp-admin/js/custom-background.min.js

@@ -1 +1 @@
-!function(a){a(document).ready(function(){var b,c=a("#custom-background-image");a("#background-color").wpColorPicker({change:function(a,b){c.css("background-color",b.color.toString())},clear:function(){c.css("background-color","")}}),a('input[name="background-position-x"]').change(function(){c.css("background-position",a(this).val()+" top")}),a('input[name="background-repeat"]').change(function(){c.css("background-repeat",a(this).val())}),a("#choose-from-library-link").click(function(c){var d=a(this);return c.preventDefault(),b?void b.open():(b=wp.media.frames.customBackground=wp.media({title:d.data("choose"),library:{type:"image"},button:{text:d.data("update"),close:!1}}),b.on("select",function(){var c=b.state().get("selection").first();a.post(ajaxurl,{action:"set-background-image",attachment_id:c.id,size:"full"}).done(function(){window.location.reload()})}),void b.open())})})}(jQuery);
+!function(a){a(document).ready(function(){var b,c=a("#custom-background-image");a("#background-color").wpColorPicker({change:function(a,b){c.css("background-color",b.color.toString())},clear:function(){c.css("background-color","")}}),a('input[name="background-position-x"]').change(function(){c.css("background-position",a(this).val()+" top")}),a('input[name="background-repeat"]').change(function(){c.css("background-repeat",a(this).val())}),a("#choose-from-library-link").click(function(c){var d=a(this);return c.preventDefault(),b?void b.open():(b=wp.media.frames.customBackground=wp.media({title:d.data("choose"),library:{type:"image"},button:{text:d.data("update"),close:!1}}),b.on("select",function(){var c=b.state().get("selection").first(),d=a("#_wpnonce").val()||"";a.post(ajaxurl,{action:"set-background-image",attachment_id:c.id,_ajax_nonce:d,size:"full"}).done(function(){window.location.reload()})}),void b.open())})})}(jQuery);

wp-admin/js/media-gallery.js

@@ -1,7 +1,7 @@
 /* global ajaxurl */
 jQuery(function($){
 	$( 'body' ).bind( 'click.wp-gallery', function(e){
-		var target = $( e.target ), id, img_size;
+		var target = $( e.target ), id, img_size, nonceValue;
 
 		if ( target.hasClass( 'wp-set-header' ) ) {
 			( window.dialogArguments || opener || parent || top ).location.href = target.data( 'location' );
@@ -9,10 +9,12 @@ jQuery(function($){
 		} else if ( target.hasClass( 'wp-set-background' ) ) {
 			id = target.data( 'attachment-id' );
 			img_size = $( 'input[name="attachments[' + id + '][image-size]"]:checked').val();
+			nonceValue = $( '#_wpnonce' ).val() && '';
 
 			jQuery.post(ajaxurl, {
 				action: 'set-background-image',
 				attachment_id: id,
+				_ajax_nonce: nonceValue,
 				size: img_size
 			}, function(){
 				var win = window.dialogArguments || opener || parent || top;

wp-admin/js/media-gallery.min.js

@@ -1 +1 @@
-jQuery(function(a){a("body").bind("click.wp-gallery",function(b){var c,d,e=a(b.target);e.hasClass("wp-set-header")?((window.dialogArguments||opener||parent||top).location.href=e.data("location"),b.preventDefault()):e.hasClass("wp-set-background")&&(c=e.data("attachment-id"),d=a('input[name="attachments['+c+'][image-size]"]:checked').val(),jQuery.post(ajaxurl,{action:"set-background-image",attachment_id:c,size:d},function(){var a=window.dialogArguments||opener||parent||top;a.tb_remove(),a.location.reload()}),b.preventDefault())})});
+jQuery(function(a){a("body").bind("click.wp-gallery",function(b){var c,d,e,f=a(b.target);f.hasClass("wp-set-header")?((window.dialogArguments||opener||parent||top).location.href=f.data("location"),b.preventDefault()):f.hasClass("wp-set-background")&&(c=f.data("attachment-id"),d=a('input[name="attachments['+c+'][image-size]"]:checked').val(),e=a("#_wpnonce").val()&&"",jQuery.post(ajaxurl,{action:"set-background-image",attachment_id:c,_ajax_nonce:e,size:d},function(){var a=window.dialogArguments||opener||parent||top;a.tb_remove(),a.location.reload()}),b.preventDefault())})});

wp-admin/media-new.php

@@ -72,9 +72,9 @@ if ( get_user_setting('uploader') || isset( $_GET['browser-uploader'] ) )
 	<?php media_upload_form(); ?>
 
 	<script type="text/javascript">
-	var post_id = <?php echo $post_id; ?>, shortform = 3;
+	var post_id = <?php echo absint( $post_id ); ?>, shortform = 3;
 	</script>
-	<input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
+	<input type="hidden" name="post_id" id="post_id" value="<?php echo absint( $post_id ); ?>" />
 	<?php wp_nonce_field('media-form'); ?>
 	<div id="media-items" class="hide-if-no-js"></div>
 	</form>

wp-admin/network/site-users.php

@@ -178,7 +178,7 @@ require( ABSPATH . 'wp-admin/admin-header.php' ); ?>
 
 <script type="text/javascript">
 /* <![CDATA[ */
-var current_site_id = <?php echo $id; ?>;
+var current_site_id = <?php echo absint( $id ); ?>;
 /* ]]> */
 </script>
 

wp-admin/post.php

@@ -16,7 +16,9 @@ $submenu_file = 'edit.php';
 
 wp_reset_vars( array( 'action' ) );
 
-if ( isset( $_GET['post'] ) )
+if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] )
+	wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
+elseif ( isset( $_GET['post'] ) )
  	$post_id = $post_ID = (int) $_GET['post'];
 elseif ( isset( $_POST['post_ID'] ) )
  	$post_id = $post_ID = (int) $_POST['post_ID'];
@@ -82,6 +84,10 @@ function redirect_post($post_id = '') {
 	exit;
 }
 
+if ( isset( $_POST['post_type'] ) && $post && $post_type !== $_POST['post_type'] ) {
+	wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
+}
+
 if ( isset( $_POST['deletepost'] ) )
 	$action = 'delete';
 elseif ( isset($_POST['wp-preview']) && 'dopreview' == $_POST['wp-preview'] )
@@ -221,7 +227,7 @@ case 'editattachment':
 
 	// Update the thumbnail filename
 	$newmeta = wp_get_attachment_metadata( $post_id, true );
-	$newmeta['thumb'] = $_POST['thumb'];
+	$newmeta['thumb'] = wp_basename( $_POST['thumb'] );
 
 	wp_update_attachment_metadata( $post_id, $newmeta );
 

wp-admin/themes.php

@@ -255,7 +255,7 @@ if ( ! is_multisite() && current_user_can('edit_themes') && $broken_themes = wp_
 	foreach ( $broken_themes as $broken_theme ) {
 		echo "
 		<tr>
-			 <td>" . ( $broken_theme->get( 'Name' ) ? $broken_theme->get( 'Name' ) : $broken_theme->get_stylesheet() ) . "</td>
+			 <td>" . ( $broken_theme->get( 'Name' ) ? $broken_theme->display( 'Name' ) : esc_html( $broken_theme->get_stylesheet() ) ) . "</td>
 			 <td>" . $broken_theme->errors()->get_error_message() . "</td>
 		</tr>";
 	}

wp-comments-post.php

@@ -108,6 +108,8 @@ if ( $user->exists() ) {
 		) {
 			kses_remove_filters(); // start with a clean slate
 			kses_init_filters(); // set up the filters
+			remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+			add_filter( 'pre_comment_content', 'wp_filter_kses' );
 		}
 	}
 } else {

wp-includes/cache.php

@@ -639,7 +639,7 @@ class WP_Object_Cache {
 		echo "</p>";
 		echo '<ul>';
 		foreach ($this->cache as $group => $cache) {
-			echo "<li><strong>Group:</strong> $group - ( " . number_format( strlen( serialize( $cache ) ) / 1024, 2 ) . 'k )</li>';
+			echo '<li><strong>Group:</strong> ' . esc_html( $group ) . ' - ( ' . number_format( strlen( serialize( $cache ) ) / KB_IN_BYTES, 2 ) . 'k )</li>';
 		}
 		echo '</ul>';
 	}

wp-includes/class-wp-xmlrpc-server.php

@@ -3311,6 +3311,22 @@ class wp_xmlrpc_server extends IXR_Server {
 		if ( ! get_post($post_id) )
 			return new IXR_Error( 404, __( 'Invalid post ID.' ) );
 
+		if (
+			'publish' === get_post_status( $post_id ) &&
+			! current_user_can( 'edit_post', $post_id ) &&
+			post_password_required( $post_id )
+		) {
+			return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
+		}
+
+		if (
+			'private' === get_post_status( $post_id ) &&
+			! current_user_can( 'read_post', $post_id )
+		) {
+			return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
+		}
+
+		$comment = array();
 		$comment['comment_post_ID'] = $post_id;
 
 		if ( $logged_in ) {
@@ -3633,8 +3649,10 @@ class wp_xmlrpc_server extends IXR_Server {
 		/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
 		do_action( 'xmlrpc_call', 'wp.getMediaItem' );
 
-		if ( ! $attachment = get_post($attachment_id) )
+		$attachment = get_post( $attachment_id );
+		if ( ! $attachment || 'attachment' !== $attachment->post_type ) {
 			return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
+		}
 
 		return $this->_prepare_media_item( $attachment );
 	}

wp-includes/class-wp.php

@@ -15,7 +15,7 @@ class WP {
 	 * @access public
 	 * @var array
 	 */
-	public $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type');
+	public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
 
 	/**
 	 * Private query variables.
@@ -265,6 +265,8 @@ class WP {
 		foreach ( $this->public_query_vars as $wpvar ) {
 			if ( isset( $this->extra_query_vars[$wpvar] ) )
 				$this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar];
+			elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] ) && $_GET[ $wpvar ] !== $_POST[ $wpvar ] )
+				wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
 			elseif ( isset( $_POST[$wpvar] ) )
 				$this->query_vars[$wpvar] = $_POST[$wpvar];
 			elseif ( isset( $_GET[$wpvar] ) )

wp-includes/formatting.php

@@ -1161,6 +1161,24 @@ function remove_accents($string) {
 function sanitize_file_name( $filename ) {
 	$filename_raw = $filename;
 	$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
+
+	// Check for support for utf8 in the installed PCRE library once and store the result in a static.
+	static $utf8_pcre = null;
+	if ( ! isset( $utf8_pcre ) ) {
+		// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
+		$utf8_pcre = @preg_match( '/^./u', 'a' );
+	}
+
+	if ( ! seems_utf8( $filename ) ) {
+		$_ext     = pathinfo( $filename, PATHINFO_EXTENSION );
+		$_name    = pathinfo( $filename, PATHINFO_FILENAME );
+		$filename = sanitize_title_with_dashes( $_name ) . '.' . $_ext;
+	}
+
+	if ( $utf8_pcre ) {
+		$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
+	}
+
 	/**
 	 * Filter the list of characters to remove from a filename.
 	 *
@@ -1170,7 +1188,6 @@ function sanitize_file_name( $filename ) {
 	 * @param string $filename_raw  Filename as it was passed into sanitize_file_name().
 	 */
 	$special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw );
-	$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
 	$filename = str_replace($special_chars, '', $filename);
 	$filename = str_replace( array( '%20', '+' ), '-', $filename );
 	$filename = preg_replace('/[\s-]+/', '-', $filename);

wp-includes/functions.php

@@ -1492,6 +1492,11 @@ function wp_mkdir_p( $target ) {
 	if ( file_exists( $target ) )
 		return @is_dir( $target );
 
+	// Do not allow path traversals.
+	if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
+		return false;
+	}
+
 	// We need to find the permissions of the parent folder that exists and inherit that.
 	$target_parent = dirname( $target );
 	while ( '.' != $target_parent && ! is_dir( $target_parent ) ) {
@@ -1575,18 +1580,38 @@ function path_join( $base, $path ) {
 /**
  * Normalize a filesystem path.
  *
- * Replaces backslashes with forward slashes for Windows systems, and ensures
- * no duplicate slashes exist.
+ * On windows systems, replaces backslashes with forward slashes
+ * and forces upper-case drive letters.
+ * Allows for two leading slashes for Windows network shares, but
+ * ensures that all other duplicate slashes are reduced to a single.
  *
  * @since 3.9.0
+ * @since 4.4.0 Ensures upper-case drive letters on Windows systems.
+ * @since 4.5.0 Allows for Windows network shares.
+ * @since 4.9.7 Allows for PHP file wrappers.
  *
  * @param string $path Path to normalize.
  * @return string Normalized path.
  */
 function wp_normalize_path( $path ) {
+	$wrapper = '';
+	if ( wp_is_stream( $path ) ) {
+		list( $wrapper, $path ) = explode( '://', $path, 2 );
+		$wrapper .= '://';
+	}
+
+	// Standardise all paths to use /
 	$path = str_replace( '\\', '/', $path );
-	$path = preg_replace( '|/+|','/', $path );
-	return $path;
+
+	// Replace multiple slashes down to a singular, allowing for network shares having two slashes.
+	$path = preg_replace( '|(?<=.)/+|', '/', $path );
+
+	// Windows paths should uppercase the drive letter
+	if ( ':' === substr( $path, 1, 1 ) ) {
+		$path = ucfirst( $path );
+	}
+
+	return $wrapper . $path;
 }
 
 /**
@@ -2135,14 +2160,59 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
 				$type = $ext = false;
 			}
 		}
-	} elseif ( function_exists( 'finfo_file' ) ) {
-		// Use finfo_file if available to validate non-image files.
+	}
+
+	// Validate files that didn't get validated during previous checks.
+	if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) {
 		$finfo = finfo_open( FILEINFO_MIME_TYPE );
 		$real_mime = finfo_file( $finfo, $file );
 		finfo_close( $finfo );
 
-		// If the extension does not match the file's real type, return false.
-		if ( $real_mime !== $type ) {
+		// fileinfo often misidentifies obscure files as one of these types
+		$nonspecific_types = array(
+			'application/octet-stream',
+			'application/encrypted',
+			'application/CDFV2-encrypted',
+			'application/zip',
+		);
+
+		/*
+		 * If $real_mime doesn't match the content type we're expecting from the file's extension,
+		 * we need to do some additional vetting. Media types and those listed in $nonspecific_types are
+		 * allowed some leeway, but anything else must exactly match the real content type.
+		 */
+		if ( in_array( $real_mime, $nonspecific_types, true ) ) {
+			// File is a non-specific binary type. That's ok if it's a type that generally tends to be binary.
+			if ( !in_array( substr( $type, 0, strcspn( $type, '/' ) ), array( 'application', 'video', 'audio' ) ) ) {
+				$type = $ext = false;
+			}
+		} elseif ( 0 === strpos( $real_mime, 'video/' ) || 0 === strpos( $real_mime, 'audio/' ) ) {
+			/*
+			 * For these types, only the major type must match the real value.
+			 * This means that common mismatches are forgiven: application/vnd.apple.numbers is often misidentified as application/zip,
+			 * and some media files are commonly named with the wrong extension (.mov instead of .mp4)
+			 */
+
+			if ( substr( $real_mime, 0, strcspn( $real_mime, '/' ) ) !== substr( $type, 0, strcspn( $type, '/' ) ) ) {
+				$type = $ext = false;
+			}
+		} else {
+			if ( $type !== $real_mime ) {
+				/*
+				 * Everything else including image/* and application/*: 
+				 * If the real content type doesn't match the file extension, assume it's dangerous.
+				 */
+				$type = $ext = false;
+			}
+
+		}
+	}
+
+	// The mime type must be allowed 
+	if ( $type ) {
+		$allowed = get_allowed_mime_types();
+
+		if ( ! in_array( $type, $allowed ) ) {
 			$type = $ext = false;
 		}
 	}
@@ -4674,3 +4744,29 @@ function wp_validate_boolean( $var ) {
 
 	return (bool) $var;
 }
+
+/**
+ * Deletes a file if its path is within the given directory.
+ *
+ * @since 4.9.7
+ *
+ * @param string $file      Absolute path to the file to delete.
+ * @param string $directory Absolute path to a directory.
+ * @return bool True on success, false on failure.
+ */
+function wp_delete_file_from_directory( $file, $directory ) {
+	$real_file = realpath( wp_normalize_path( $file ) );
+	$real_directory = realpath( wp_normalize_path( $directory ) );
+
+	if ( false === $real_file || false === $real_directory || strpos( wp_normalize_path( $real_file ), trailingslashit( wp_normalize_path( $real_directory ) ) ) !== 0 ) {
+		return false;
+	}
+
+	/** This filter is documented in wp-admin/custom-header.php */
+	$delete = apply_filters( 'wp_delete_file', $file );
+	if ( ! empty( $delete ) ) {
+		@unlink( $delete );
+	}
+
+	return true;
+}

wp-includes/general-template.php

@@ -2231,6 +2231,24 @@ function wp_no_robots() {
 	echo "<meta name='robots' content='noindex,follow' />\n";
 }
 
+/**
+ * Display a noindex,noarchive meta tag and referrer origin-when-cross-origin meta tag.
+ *
+ * Outputs a noindex,noarchive meta tag that tells web robots not to index or cache the page content.
+ * Outputs a referrer origin-when-cross-origin meta tag that tells the browser not to send the full
+ * url as a referrer to other sites when cross-origin assets are loaded.
+ *
+ * Typical usage is as a wp_head callback. add_action( 'wp_head', 'wp_sensitive_page_meta' );
+ *
+ * @since 5.0.0
+ */
+function wp_sensitive_page_meta() {
+	?>
+	<meta name='robots' content='noindex,noarchive' />
+	<meta name='referrer' content='strict-origin-when-cross-origin' />
+	<?php
+}
+
 /**
  * Whether the user should have a WYSIWIG editor.
  *

wp-includes/http.php

@@ -469,8 +469,9 @@ function wp_http_validate_url( $url ) {
 			$ip = $host;
 		} else {
 			$ip = gethostbyname( $host );
-			if ( $ip === $host ) // Error condition for gethostbyname()
-				$ip = false;
+			if ( $ip === $host ) { // Error condition for gethostbyname()
+				return false;
+			}
 		}
 		if ( $ip ) {
 			$parts = array_map( 'intval', explode( '.', $ip ) );

wp-includes/kses.php

@@ -164,15 +164,6 @@ if ( ! CUSTOM_TAGS ) {
 			'lang' => true,
 			'xml:lang' => true,
 		),
-		'form' => array(
-			'action' => true,
-			'accept' => true,
-			'accept-charset' => true,
-			'enctype' => true,
-			'method' => true,
-			'name' => true,
-			'target' => true,
-		),
 		'h1' => array(
 			'align' => true,
 		),
@@ -506,7 +497,7 @@ function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
  * @return string Filtered attribute.
  */
 function wp_kses_one_attr( $string, $element ) {
-	$uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
+	$uris = wp_kses_uri_attributes();
 	$allowed_html = wp_kses_allowed_html( 'post' );
 	$allowed_protocols = wp_allowed_protocols();
 	$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
@@ -573,6 +564,7 @@ function wp_kses_one_attr( $string, $element ) {
  * Return a list of allowed tags and attributes for a given context.
  *
  * @since 3.5.0
+ * @since 5.0.1 `form` removed as allowable HTML tag.
  *
  * @param string $context The context for which to retrieve tags. Allowed values are
  *  post | strip | data | entities or the name of a field filter such as pre_user_description.
@@ -597,8 +589,27 @@ function wp_kses_allowed_html( $context = '' ) {
 	switch ( $context ) {
 		case 'post':
 			/** This filter is documented in wp-includes/kses.php */
-			return apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context );
-			break;
+			$tags = apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context );
+
+			// 5.0.1 removed the `<form>` tag, allow it if a filter is allowing it's sub-elements `<input>` or `<select>`.
+			if ( ! CUSTOM_TAGS && ! isset( $tags['form'] ) && ( isset( $tags['input'] ) || isset( $tags['select'] ) ) ) {
+				$tags = $allowedposttags;
+
+				$tags['form'] = array(
+					'action' => true,
+					'accept' => true,
+					'accept-charset' => true,
+					'enctype' => true,
+					'method' => true,
+					'name' => true,
+					'target' => true,
+				);
+
+				/** This filter is documented in wp-includes/kses.php */
+				$tags = apply_filters( 'wp_kses_allowed_html', $tags, $context );
+			}
+
+			return $tags;
 		case 'user_description':
 		case 'pre_user_description':
 			$tags = $allowedtags;
@@ -678,6 +689,56 @@ function wp_kses_split( $string, $allowed_html, $allowed_protocols ) {
 	return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', '_wp_kses_split_callback', $string );
 }
 
+/**
+ * Helper function listing HTML attributes containing a URL.
+ *
+ * This function returns a list of all HTML attributes that must contain
+ * a URL according to the HTML specification.
+ *
+ * This list includes URI attributes both allowed and disallowed by KSES.
+ *
+ * @link https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes
+ *
+ * @since 5.0.1
+ *
+ * @return array HTML attributes that must include a URL.
+ */
+function wp_kses_uri_attributes() {
+	$uri_attributes = array(
+		'action',
+		'archive',
+		'background',
+		'cite',
+		'classid',
+		'codebase',
+		'data',
+		'formaction',
+		'href',
+		'icon',
+		'longdesc',
+		'manifest',
+		'poster',
+		'profile',
+		'src',
+		'usemap',
+		'xmlns',
+	);
+
+	/**
+	 * Filters the list of attributes that are required to contain a URL.
+	 *
+	 * Use this filter to add any `data-` attributes that are required to be
+	 * validated as a URL.
+	 *
+	 * @since 5.0.1
+	 *
+	 * @param array $uri_attributes HTML attributes requiring validation as a URL.
+	 */
+	$uri_attributes = apply_filters( 'wp_kses_uri_attributes', $uri_attributes );
+
+	return $uri_attributes;
+}
+
 /**
  * Callback for wp_kses_split.
  *
@@ -870,7 +931,7 @@ function wp_kses_hair($attr, $allowed_protocols) {
 	$attrarr = array();
 	$mode = 0;
 	$attrname = '';
-	$uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
+	$uris = wp_kses_uri_attributes();
 
 	# Loop through the whole attribute list
 
@@ -1279,7 +1340,8 @@ function wp_kses_html_error($string) {
  * @return string Sanitized content
  */
 function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) {
-	$string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 );
+	$string  = preg_replace( '/(&#0*58(?![;0-9])|&#x0*3a(?![;a-f0-9]))/i', '$1;', $string );
+	$string2 = preg_split( '/:|&#0*58;|&#x0*3a;|&colon;/i', $string, 2 );
 	if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) {
 		$string = trim( $string2[1] );
 		$protocol = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols );

wp-includes/meta.php

@@ -1151,8 +1151,9 @@ function _get_meta_table($type) {
  * @param string $meta_key Meta key
  * @return bool True if the key is protected, false otherwise.
  */
-function is_protected_meta( $meta_key, $meta_type = null ) {
-	$protected = ( '_' == $meta_key[0] );
+function is_protected_meta( $meta_key, $meta_type = '' ) {
+	$sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key );
+	$protected     = strlen( $sanitized_key ) > 0 && ( '_' === $sanitized_key[0] );
 
 	/**
 	 * Filter whether a meta key is protected.

wp-includes/ms-deprecated.php

@@ -240,10 +240,13 @@ function wpmu_admin_do_redirect( $url = '' ) {
 	_deprecated_function( __FUNCTION__, '3.3' );
 
 	$ref = '';
-	if ( isset( $_GET['ref'] ) )
-		$ref = $_GET['ref'];
-	if ( isset( $_POST['ref'] ) )
-		$ref = $_POST['ref'];
+	if ( isset( $_GET['ref'] ) && isset( $_POST['ref'] ) && $_GET['ref'] !== $_POST['ref'] ) {
+		wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
+	} elseif ( isset( $_POST['ref'] ) ) {
+		$ref = $_POST[ 'ref' ];
+	} elseif ( isset( $_GET['ref'] ) ) {
+		$ref = $_GET[ 'ref' ];
+	}
 
 	if ( $ref ) {
 		$ref = wpmu_admin_redirect_add_updated_param( $ref );
@@ -256,7 +259,9 @@ function wpmu_admin_do_redirect( $url = '' ) {
 	}
 
 	$url = wpmu_admin_redirect_add_updated_param( $url );
-	if ( isset( $_GET['redirect'] ) ) {
+	if ( isset( $_GET['redirect'] ) && isset( $_POST['redirect'] ) && $_GET['redirect'] !== $_POST['redirect'] ) {
+		wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
+	} elseif ( isset( $_GET['redirect'] ) ) {
 		if ( substr( $_GET['redirect'], 0, 2 ) == 's_' )
 			$url .= '&action=blogs&s='. esc_html( substr( $_GET['redirect'], 2 ) );
 	} elseif ( isset( $_POST['redirect'] ) ) {

wp-includes/pluggable.php

@@ -1064,9 +1064,9 @@ if ( !function_exists('check_admin_referer') ) :
  * @param string $action Action nonce
  * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
  */
-function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
-	if ( -1 == $action )
-		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );
+function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
+	if ( -1 === $action )
+		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
 
 	$adminurl = strtolower(admin_url());
 	$referer = strtolower(wp_get_referer());
@@ -1085,6 +1085,12 @@ function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
 	 * @param bool   $result Whether the admin request nonce was validated.
 	 */
 	do_action( 'check_admin_referer', $action, $result );
+
+	if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
+		wp_nonce_ays( $action );
+		die();
+	}
+
 	return $result;
 }
 endif;
@@ -1099,6 +1105,9 @@ if ( !function_exists('check_ajax_referer') ) :
  * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
  */
 function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
+	if ( -1 === $action )
+		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
+
 	$nonce = '';
 
 	if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
@@ -1187,7 +1196,7 @@ if ( !function_exists('wp_sanitize_redirect') ) :
  * @return string redirect-sanitized URL
  **/
 function wp_sanitize_redirect($location) {
-	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);
+	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*@]|i', '', $location);
 	$location = wp_kses_no_null($location);
 
 	// remove %0d and %0a from location
@@ -1243,7 +1252,7 @@ if ( !function_exists('wp_validate_redirect') ) :
  * @return string redirect-sanitized URL
  **/
 function wp_validate_redirect($location, $default = '') {
-	$location = trim( $location, " \t\n\r\0\x08\x0B" );
+	$location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) );
 	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
 	if ( substr($location, 0, 2) == '//' )
 		$location = 'http:' . $location;
@@ -1262,6 +1271,14 @@ function wp_validate_redirect($location, $default = '') {
 	if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )
 		return $default;
 
+	if ( ! isset( $lp['host'] ) && ! empty( $lp['path'] ) && '/' !== $lp['path'][0] ) {
+		$path = '';
+		if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
+			$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );
+		}
+		$location = '/' . ltrim( $path . '/', '/' ) . $location;
+	}
+
 	// Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
 	if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
 		return $default;
@@ -2285,4 +2302,3 @@ function wp_text_diff( $left_string, $right_string, $args = null ) {
 	return $r;
 }
 endif;
-

wp-includes/post-template.php

@@ -291,24 +291,9 @@ function get_the_content( $more_link_text = null, $strip_teaser = false ) {
 		}
 	}
 
-	if ( $preview ) // preview fix for javascript bug with foreign languages
-		$output =	preg_replace_callback( '/\%u([0-9A-F]{4})/', '_convert_urlencoded_to_entities', $output );
-
 	return $output;
 }
 
-/**
- * Preview fix for javascript bug with foreign languages
- *
- * @since 3.1.0
- * @access private
- * @param array $match Match array from preg_replace_callback
- * @return string
- */
-function _convert_urlencoded_to_entities( $match ) {
-	return '&#' . base_convert( $match[1], 16, 10 ) . ';';
-}
-
 /**
  * Display the post excerpt.
  *

wp-includes/post.php

@@ -4772,12 +4772,6 @@ function wp_delete_attachment( $post_id, $force_delete = false ) {
 	$backup_sizes = get_post_meta( $post->ID, '_wp_attachment_backup_sizes', true );
 	$file = get_attached_file( $post_id );
 
-	$intermediate_sizes = array();
-	foreach ( get_intermediate_image_sizes() as $size ) {
-		if ( $intermediate = image_get_intermediate_size( $post_id, $size ) )
-			$intermediate_sizes[] = $intermediate;
-	}
-
 	if ( is_multisite() )
 		delete_transient( 'dirsize_cache' );
 
@@ -4813,43 +4807,79 @@ function wp_delete_attachment( $post_id, $force_delete = false ) {
 	/** This action is documented in wp-includes/post.php */
 	do_action( 'deleted_post', $post_id );
 
+	wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file );
+
+	clean_post_cache( $post );
+
+	return $post;
+}
+
+/**
+ * Deletes all files that belong to the given attachment.
+ *
+ * @since 4.9.7
+ *
+ * @param int    $post_id      Attachment ID.
+ * @param array  $meta         The attachment's meta data.
+ * @param array  $backup_sizes The meta data for the attachment's backup images.
+ * @param string $file         Absolute path to the attachment's file.
+ * @return bool True on success, false on failure.
+ */
+function wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file ) {
+	global $wpdb;
+
 	$uploadpath = wp_upload_dir();
+	$deleted    = true;
 
 	if ( ! empty($meta['thumb']) ) {
 		// Don't delete the thumb if another attachment uses it.
 		if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%' . $wpdb->esc_like( $meta['thumb'] ) . '%', $post_id)) ) {
 			$thumbfile = str_replace(basename($file), $meta['thumb'], $file);
-			/** This filter is documented in wp-admin/custom-header.php */
-			$thumbfile = apply_filters( 'wp_delete_file', $thumbfile );
-			@ unlink( path_join($uploadpath['basedir'], $thumbfile) );
+			if ( ! empty( $thumbfile ) ) {
+				$thumbfile = path_join( $uploadpath['basedir'], $thumbfile );
+				$thumbdir  = path_join( $uploadpath['basedir'], dirname( $file ) );
+
+				if ( ! wp_delete_file_from_directory( $thumbfile, $thumbdir ) ) {
+					$deleted = false;
+				}
+			}
 		}
 	}
 
 	// Remove intermediate and backup images if there are any.
-	foreach ( $intermediate_sizes as $intermediate ) {
-		/** This filter is documented in wp-admin/custom-header.php */
-		$intermediate_file = apply_filters( 'wp_delete_file', $intermediate['path'] );
-		@ unlink( path_join($uploadpath['basedir'], $intermediate_file) );
-	}
+	if ( isset( $meta['sizes'] ) && is_array( $meta['sizes'] ) ) {
+		$intermediate_dir = path_join( $uploadpath['basedir'], dirname( $file ) );
+		foreach ( $meta['sizes'] as $size => $sizeinfo ) {
+			$intermediate_file = str_replace( basename( $file ), $sizeinfo['file'], $file );
+			if ( ! empty( $intermediate_file ) ) {
+				$intermediate_file = path_join( $uploadpath['basedir'], $intermediate_file );
 
-	if ( is_array($backup_sizes) ) {
-		foreach ( $backup_sizes as $size ) {
-			$del_file = path_join( dirname($meta['file']), $size['file'] );
-			/** This filter is documented in wp-admin/custom-header.php */
-			$del_file = apply_filters( 'wp_delete_file', $del_file );
-			@ unlink( path_join($uploadpath['basedir'], $del_file) );
+				if ( ! wp_delete_file_from_directory( $intermediate_file, $intermediate_dir ) ) {
+					$deleted = false;
+				}
+			}
 		}
 	}
 
-	/** This filter is documented in wp-admin/custom-header.php */
-	$file = apply_filters( 'wp_delete_file', $file );
+	if ( is_array($backup_sizes) ) {
+		$del_dir = path_join( $uploadpath['basedir'], dirname( $meta['file'] ) );
+		foreach ( $backup_sizes as $size ) {
+			$del_file = path_join( dirname($meta['file']), $size['file'] );
+			if ( ! empty( $del_file ) ) {
+				$del_file = path_join( $uploadpath['basedir'], $del_file );
 
-	if ( ! empty($file) )
-		@ unlink($file);
+				if ( ! wp_delete_file_from_directory( $del_file, $del_dir ) ) {
+					$deleted = false;
+				}
+			}
+		}
+	}
 
-	clean_post_cache( $post );
+	if ( ! wp_delete_file_from_directory( $file, $uploadpath['basedir'] ) ) {
+		$deleted = false;
+	}
 
-	return $post;
+	return $deleted;
 }
 
 /**

wp-includes/query.php

@@ -1398,7 +1398,6 @@ class WP_Query {
 			, 'attachment'
 			, 'attachment_id'
 			, 'name'
-			, 'static'
 			, 'pagename'
 			, 'page_id'
 			, 'second'
@@ -1592,11 +1591,7 @@ class WP_Query {
 			$this->is_single = true;
 		} elseif ( $qv['p'] ) {
 			$this->is_single = true;
-		} elseif ( ('' !== $qv['hour']) && ('' !== $qv['minute']) &&('' !== $qv['second']) && ('' != $qv['year']) && ('' != $qv['monthnum']) && ('' != $qv['day']) ) {
-			// If year, month, day, hour, minute, and second are set, a single
-			// post is being queried.
-			$this->is_single = true;
-		} elseif ( '' != $qv['static'] || '' != $qv['pagename'] || !empty($qv['page_id']) ) {
+		} elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) {
 			$this->is_page = true;
 			$this->is_single = false;
 		} else {

wp-includes/user.php

@@ -1818,7 +1818,7 @@ function wp_insert_user( $userdata ) {
 	$data = wp_unslash( $compacted );
 
 	if ( $update ) {
-		if ( $user_email !== $old_user_data->user_email ) {
+		if ( $user_email !== $old_user_data->user_email || $user_pass !== $old_user_data->user_pass ) {
 			$data['user_activation_key'] = '';
 		}
 		$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.0.23';
+$wp_version = '4.0.32';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

wp-login.php

@@ -33,7 +33,7 @@ function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
 	global $error, $interim_login, $action;
 
 	// Don't index any of these forms
-	add_action( 'login_head', 'wp_no_robots' );
+	add_action( 'login_head', 'wp_sensitive_page_meta' );
 
 	if ( wp_is_mobile() )
 		add_action( 'login_head', 'wp_login_viewport_meta' );