Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
e39418f195 | ||
|
|
5e48e39d47 | ||
|
|
473123ae0b | ||
|
143bfc02d6 | ||
|
8a02054f7e |
@@ -42,7 +42,47 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
|
||||
</h2>
|
||||
|
||||
<div class="changelog point-releases">
|
||||
<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 27 ); ?></h3>
|
||||
<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 28 ); ?></h3>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: WordPress version number */
|
||||
__( '<strong>Version %s</strong> addressed one security issue.' ),
|
||||
'4.0.29'
|
||||
);
|
||||
?>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: HelpHub URL */
|
||||
__( 'For more information, see <a href="%s">the release notes</a>.' ),
|
||||
sprintf(
|
||||
/* translators: %s: WordPress version */
|
||||
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
||||
sanitize_title( '4.0.29' )
|
||||
)
|
||||
);
|
||||
?>
|
||||
</p>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: WordPress version number */
|
||||
__( '<strong>Version %s</strong> addressed some security issues.' ),
|
||||
'4.0.28'
|
||||
);
|
||||
?>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: HelpHub URL */
|
||||
__( 'For more information, see <a href="%s">the release notes</a>.' ),
|
||||
sprintf(
|
||||
/* translators: %s: WordPress version */
|
||||
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
||||
sanitize_title( '4.0.28' )
|
||||
)
|
||||
);
|
||||
?>
|
||||
</p>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
|
||||
@@ -15,7 +15,7 @@ class WP {
|
||||
* @access public
|
||||
* @var array
|
||||
*/
|
||||
public $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type');
|
||||
public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
|
||||
|
||||
/**
|
||||
* Private query variables.
|
||||
|
||||
@@ -1492,6 +1492,11 @@ function wp_mkdir_p( $target ) {
|
||||
if ( file_exists( $target ) )
|
||||
return @is_dir( $target );
|
||||
|
||||
// Do not allow path traversals.
|
||||
if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// We need to find the permissions of the parent folder that exists and inherit that.
|
||||
$target_parent = dirname( $target );
|
||||
while ( '.' != $target_parent && ! is_dir( $target_parent ) ) {
|
||||
|
||||
@@ -469,8 +469,9 @@ function wp_http_validate_url( $url ) {
|
||||
$ip = $host;
|
||||
} else {
|
||||
$ip = gethostbyname( $host );
|
||||
if ( $ip === $host ) // Error condition for gethostbyname()
|
||||
$ip = false;
|
||||
if ( $ip === $host ) { // Error condition for gethostbyname()
|
||||
return false;
|
||||
}
|
||||
}
|
||||
if ( $ip ) {
|
||||
$parts = array_map( 'intval', explode( '.', $ip ) );
|
||||
|
||||
@@ -1341,7 +1341,7 @@ function wp_kses_html_error($string) {
|
||||
*/
|
||||
function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) {
|
||||
$string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string );
|
||||
$string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 );
|
||||
$string2 = preg_split( '/:|�*58;|�*3a;|:/i', $string, 2 );
|
||||
if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) {
|
||||
$string = trim( $string2[1] );
|
||||
$protocol = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols );
|
||||
|
||||
@@ -1064,9 +1064,9 @@ if ( !function_exists('check_admin_referer') ) :
|
||||
* @param string $action Action nonce
|
||||
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
|
||||
*/
|
||||
function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
|
||||
if ( -1 == $action )
|
||||
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );
|
||||
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
|
||||
if ( -1 === $action )
|
||||
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
|
||||
|
||||
$adminurl = strtolower(admin_url());
|
||||
$referer = strtolower(wp_get_referer());
|
||||
@@ -1085,6 +1085,12 @@ function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
|
||||
* @param bool $result Whether the admin request nonce was validated.
|
||||
*/
|
||||
do_action( 'check_admin_referer', $action, $result );
|
||||
|
||||
if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
|
||||
wp_nonce_ays( $action );
|
||||
die();
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
endif;
|
||||
@@ -1099,6 +1105,9 @@ if ( !function_exists('check_ajax_referer') ) :
|
||||
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
|
||||
*/
|
||||
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
|
||||
if ( -1 === $action )
|
||||
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
|
||||
|
||||
$nonce = '';
|
||||
|
||||
if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
|
||||
@@ -2293,4 +2302,3 @@ function wp_text_diff( $left_string, $right_string, $args = null ) {
|
||||
return $r;
|
||||
}
|
||||
endif;
|
||||
|
||||
|
||||
@@ -1398,7 +1398,6 @@ class WP_Query {
|
||||
, 'attachment'
|
||||
, 'attachment_id'
|
||||
, 'name'
|
||||
, 'static'
|
||||
, 'pagename'
|
||||
, 'page_id'
|
||||
, 'second'
|
||||
@@ -1596,7 +1595,7 @@ class WP_Query {
|
||||
// If year, month, day, hour, minute, and second are set, a single
|
||||
// post is being queried.
|
||||
$this->is_single = true;
|
||||
} elseif ( '' != $qv['static'] || '' != $qv['pagename'] || !empty($qv['page_id']) ) {
|
||||
} elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) {
|
||||
$this->is_page = true;
|
||||
$this->is_single = false;
|
||||
} else {
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '4.0.27';
|
||||
$wp_version = '4.0.29';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
||||
Reference in New Issue
Block a user