Tag 4.1.20

Built from https://develop.svn.wordpress.org/tags/4.1.20@42088


git-svn-id: http://core.svn.wordpress.org/tags/4.1.20@41917 1a063a9b-81f0-0310-95a4-ce76da25c4cd

license.txt

@@ -1,6 +1,6 @@
 WordPress - Web publishing software
 
-Copyright 2014 by the contributors
+Copyright 2017 by the contributors
 
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

readme.html

@@ -9,7 +9,7 @@
 <body>
 <h1 id="logo">
 	<a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
-	<br /> Version 4.1
+	<br /> Version 4.1.19
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 

wp-admin/about.php

@@ -41,6 +41,89 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 	</a>
 </h2>
 
+<div class="changelog point-releases">
+	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 20 ); ?></h3>
+	<p><?php printf( __( '<strong>Version %s</strong> addressed one security issue.' ), '4.1.20' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.20' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 8 ), '4.1.19' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.19' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 5 ), '4.1.18' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.18' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
+			'<strong>Version %1$s</strong> addressed %2$s bugs.', 1 ), '4.1.17', number_format_i18n( 1 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.17' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 5 ), '4.1.16' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.16' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 3 ), '4.1.15' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.15' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 8 ), '4.1.14' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.14' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 2 ), '4.1.13' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.13' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 9 ), '4.1.12' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.12' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 6 ), '4.1.11' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.11' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 2 ), '4.1.10' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.10' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 1 ), '4.1.9' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.9' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 2 ), '4.1.8', number_format_i18n( 2 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.8' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 4 ), '4.1.7', number_format_i18n( 4 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.7' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 2 ), '4.1.6' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.6' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 3 ), '4.1.5', number_format_i18n( 3 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.5' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 1 ), '4.1.4' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.4' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed %2$s bugs.', 1 ), '4.1.3', number_format_i18n( 1 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.3' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 8 ), '4.1.2' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.2' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed %2$s bugs.', 21 ), '4.1.1', number_format_i18n( 21 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.1.1' ); ?>
+ 	</p>
+</div>
+
 <div class="changelog headline-feature">
 	<h2><?php _e( 'Introducing Twenty&nbsp;Fifteen' ); ?></h2>
 	<div class="featured-image">

wp-admin/async-upload.php

@@ -32,6 +32,8 @@ if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['actio
 
 require_once( ABSPATH . 'wp-admin/admin.php' );
 
+header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
+
 if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
 	include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
 
@@ -46,8 +48,6 @@ if ( ! current_user_can( 'upload_files' ) ) {
 	wp_die( __( 'You do not have permission to upload files.' ) );
 }
 
-header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
-
 // just fetch the detail form for that attachment
 if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) {
 	$post = get_post( $id );

wp-admin/customize.php

@@ -18,9 +18,11 @@ if ( ! current_user_can( 'customize' ) ) {
 
 wp_reset_vars( array( 'url', 'return' ) );
 $url = wp_unslash( $url );
+$url = esc_url_raw( $url );
 $url = wp_validate_redirect( $url, home_url( '/' ) );
 if ( $return ) {
 	$return = wp_unslash( $return );
+	$return = esc_url_raw( $return );
 	$return = wp_validate_redirect( $return );
 }
 if ( ! $return ) {
@@ -147,7 +149,7 @@ do_action( 'customize_controls_print_scripts' );
 							echo sprintf( __( 'You are previewing %s' ), '<strong class="theme-name">' . $wp_customize->theme()->display('Name') . '</strong>' );
 						} else {
 							/* translators: %s is the site/panel title in the Customize pane */
-							echo sprintf( __( 'You are customizing %s' ), '<strong class="theme-name site-title">' . get_bloginfo( 'name' ) . '</strong>' );
+							echo sprintf( __( 'You are customizing %s' ), '<strong class="theme-name site-title">' . get_bloginfo( 'name', 'display' ) . '</strong>' );
 						}
 					?></span>
 				</div>

wp-admin/includes/ajax-actions.php

@@ -1538,10 +1538,12 @@ function wp_ajax_inline_save() {
 		$data['parent_id'] = $data['post_parent'];
 
 	// Status.
-	if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
+	if ( isset( $data['keep_private'] ) && 'private' == $data['keep_private'] ) {
+		$data['visibility']  = 'private';
 		$data['post_status'] = 'private';
-	else
+	} else {
 		$data['post_status'] = $data['_status'];
+	}
 
 	if ( empty($data['comment_status']) )
 		$data['comment_status'] = 'closed';
@@ -1832,21 +1834,36 @@ function wp_ajax_update_widget() {
  */
 function wp_ajax_upload_attachment() {
 	check_ajax_referer( 'media-form' );
+	/*
+	 * This function does not use wp_send_json_success() / wp_send_json_error()
+	 * as the html4 Plupload handler requires a text/html content-type for older IE.
+	 * See https://core.trac.wordpress.org/ticket/31037
+	 */
 
 	if ( ! current_user_can( 'upload_files' ) ) {
-		wp_send_json_error( array(
-			'message'  => __( "You don't have permission to upload files." ),
-			'filename' => $_FILES['async-upload']['name'],
+		echo wp_json_encode( array(
+			'success' => false,
+			'data'    => array(
+				'message'  => __( "You don't have permission to upload files." ),
+				'filename' => $_FILES['async-upload']['name'],
+			)
 		) );
+
+		wp_die();
 	}
 
 	if ( isset( $_REQUEST['post_id'] ) ) {
 		$post_id = $_REQUEST['post_id'];
 		if ( ! current_user_can( 'edit_post', $post_id ) ) {
-			wp_send_json_error( array(
-				'message'  => __( "You don't have permission to attach files to this post." ),
-				'filename' => $_FILES['async-upload']['name'],
+			echo wp_json_encode( array(
+				'success' => false,
+				'data'    => array(
+					'message'  => __( "You don't have permission to attach files to this post." ),
+					'filename' => $_FILES['async-upload']['name'],
+				)
 			) );
+
+			wp_die();
 		}
 	} else {
 		$post_id = null;
@@ -1858,20 +1875,30 @@ function wp_ajax_upload_attachment() {
 	if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
 		$wp_filetype = wp_check_filetype_and_ext( $_FILES['async-upload']['tmp_name'], $_FILES['async-upload']['name'], false );
 		if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) {
-			wp_send_json_error( array(
-				'message'  => __( 'The uploaded file is not a valid image. Please try again.' ),
-				'filename' => $_FILES['async-upload']['name'],
+			echo wp_json_encode( array(
+				'success' => false,
+				'data'    => array(
+					'message'  => __( 'The uploaded file is not a valid image. Please try again.' ),
+					'filename' => $_FILES['async-upload']['name'],
+				)
 			) );
+
+			wp_die();
 		}
 	}
 
 	$attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data );
 
 	if ( is_wp_error( $attachment_id ) ) {
-		wp_send_json_error( array(
-			'message'  => $attachment_id->get_error_message(),
-			'filename' => $_FILES['async-upload']['name'],
+		echo wp_json_encode( array(
+			'success' => false,
+			'data'    => array(
+				'message'  => $attachment_id->get_error_message(),
+				'filename' => $_FILES['async-upload']['name'],
+			)
 		) );
+
+		wp_die();
 	}
 
 	if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) {
@@ -1885,7 +1912,12 @@ function wp_ajax_upload_attachment() {
 	if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) )
 		wp_die();
 
-	wp_send_json_success( $attachment );
+	echo wp_json_encode( array(
+		'success' => true,
+		'data'    => $attachment,
+	) );
+
+	wp_die();
 }
 
 /**
@@ -2543,7 +2575,7 @@ function wp_ajax_get_revision_diffs() {
 	if ( ! $post = get_post( (int) $_REQUEST['post_id'] ) )
 		wp_send_json_error();
 
-	if ( ! current_user_can( 'read_post', $post->ID ) )
+	if ( ! current_user_can( 'edit_post', $post->ID ) )
 		wp_send_json_error();
 
 	// Really just pre-loading the cache here.

wp-admin/includes/class-wp-comments-list-table.php

@@ -554,9 +554,9 @@ class WP_Comments_List_Table extends WP_List_Table {
 
 		if ( current_user_can( 'edit_post', $post->ID ) ) {
 			$post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>";
-			$post_link .= get_the_title( $post->ID ) . '</a>';
+			$post_link .= esc_html( get_the_title( $post->ID ) ) . '</a>';
 		} else {
-			$post_link = get_the_title( $post->ID );
+			$post_link = esc_html( get_the_title( $post->ID ) );
 		}
 
 		echo '<div class="response-links"><span class="post-com-count-wrapper">';

wp-admin/includes/class-wp-ms-users-list-table.php

@@ -225,7 +225,7 @@ class WP_MS_Users_List_Table extends WP_List_Table {
 					break;
 
 					case 'email':
-						echo "<td $attributes><a href='mailto:$user->user_email'>$user->user_email</a></td>";
+						echo "<td $attributes><a href='" . esc_url( "mailto:$user->user_email" ) . "'>$user->user_email</a></td>";
 					break;
 
 					case 'registered':

wp-admin/includes/class-wp-plugins-list-table.php

@@ -425,27 +425,27 @@ class WP_Plugins_List_Table extends WP_List_Table {
 			if ( $screen->in_admin( 'network' ) ) {
 				if ( $is_active ) {
 					if ( current_user_can( 'manage_network_plugins' ) )
-						$actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Network Deactivate') . '</a>';
+						$actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&amp;plugin=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Network Deactivate') . '</a>';
 				} else {
 					if ( current_user_can( 'manage_network_plugins' ) )
-						$actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin for all sites in this network') . '" class="edit">' . __('Network Activate') . '</a>';
+						$actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin for all sites in this network') . '" class="edit">' . __('Network Activate') . '</a>';
 					if ( current_user_can( 'delete_plugins' ) && ! is_plugin_active( $plugin_file ) )
-						$actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&amp;checked[]=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>';
+						$actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&amp;checked[]=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>';
 				}
 			} else {
 				if ( $is_active ) {
-					$actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Deactivate') . '</a>';
+					$actions['deactivate'] = '<a href="' . wp_nonce_url('plugins.php?action=deactivate&amp;plugin=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Deactivate this plugin') . '">' . __('Deactivate') . '</a>';
 				} else {
-					$actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" class="edit">' . __('Activate') . '</a>';
+					$actions['activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" class="edit">' . __('Activate') . '</a>';
 
 					if ( ! is_multisite() && current_user_can('delete_plugins') )
-						$actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&amp;checked[]=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>';
+						$actions['delete'] = '<a href="' . wp_nonce_url('plugins.php?action=delete-selected&amp;checked[]=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-plugins') . '" title="' . esc_attr__('Delete this plugin') . '" class="delete">' . __('Delete') . '</a>';
 				} // end if $is_active
 
 			 } // end if $screen->in_admin( 'network' )
 
 			if ( ( ! is_multisite() || $screen->in_admin( 'network' ) ) && current_user_can('edit_plugins') && is_writable(WP_PLUGIN_DIR . '/' . $plugin_file) )
-				$actions['edit'] = '<a href="plugin-editor.php?file=' . $plugin_file . '" title="' . esc_attr__('Open this file in the Plugin Editor') . '" class="edit">' . __('Edit') . '</a>';
+				$actions['edit'] = '<a href="plugin-editor.php?file=' . urlencode( $plugin_file ) . '" title="' . esc_attr__('Open this file in the Plugin Editor') . '" class="edit">' . __('Edit') . '</a>';
 		} // end if $context
 
 		$prefix = $screen->in_admin( 'network' ) ? 'network_admin_' : '';

wp-admin/includes/class-wp-posts-list-table.php

@@ -691,8 +691,9 @@ class WP_Posts_List_Table extends WP_List_Table {
 					echo '<div class="locked-info"><span class="locked-avatar">' . $locked_avatar . '</span> <span class="locked-text">' . $locked_text . "</span></div>\n";
 				}
 
-				if ( ! $this->hierarchical_display && 'excerpt' == $mode && current_user_can( 'read_post', $post->ID ) )
-						the_excerpt();
+				if ( ! $this->hierarchical_display && 'excerpt' == $mode && current_user_can( 'read_post', $post->ID ) ) {
+						echo esc_html( get_the_excerpt() );
+				}
 
 				$actions = array();
 				if ( $can_edit_post && 'trash' != $post->post_status ) {

wp-admin/includes/class-wp-upgrader.php

@@ -2326,8 +2326,12 @@ class File_Upload_Upgrader {
 			if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) )
 				wp_die( $uploads['error'] );
 
-			$this->filename = $_GET[$urlholder];
+			$this->filename = sanitize_file_name( $_GET[ $urlholder ] );
 			$this->package = $uploads['basedir'] . '/' . $this->filename;
+
+			if ( 0 !== strpos( realpath( $this->package ), realpath( $uploads['basedir'] ) ) ) {
+				wp_die( __( 'Please select a file' ) );
+			}
 		}
 	}
 

wp-admin/includes/class-wp-users-list-table.php

@@ -419,7 +419,7 @@ class WP_Users_List_Table extends WP_List_Table {
 					$r .= "<td $attributes>$user_object->first_name $user_object->last_name</td>";
 					break;
 				case 'email':
-					$r .= "<td $attributes><a href='mailto:$email' title='" . esc_attr( sprintf( __( 'E-mail: %s' ), $email ) ) . "'>$email</a></td>";
+					$r .= "<td $attributes><a href='" . esc_url( "mailto:$email" ) . "' title='" . esc_attr( sprintf( __( 'E-mail: %s' ), $email ) ) . "'>$email</a></td>";
 					break;
 				case 'role':
 					$r .= "<td $attributes>$role_name</td>";

wp-admin/includes/dashboard.php

@@ -416,6 +416,10 @@ function wp_network_dashboard_right_now() {
 function wp_dashboard_quick_press( $error_msg = false ) {
 	global $post_ID;
 
+	if ( ! current_user_can( 'edit_posts' ) ) {
+		return;
+	}
+
 	/* Check if a new auto-draft (= no new post_ID) is needed or if the old can be used */
 	$last_post_id = (int) get_user_option( 'dashboard_quick_press_last_post_id' ); // Get the last post_ID
 	if ( $last_post_id ) {
@@ -518,7 +522,7 @@ function wp_dashboard_recent_drafts( $drafts = false ) {
 function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
 	$GLOBALS['comment'] =& $comment;
 
-	$comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
+	$comment_post_title = _draft_or_post_title( $comment->comment_post_ID );
 
 	if ( current_user_can( 'edit_post', $comment->comment_post_ID ) ) {
 		$comment_post_url = get_edit_post_link( $comment->comment_post_ID );

wp-admin/includes/file.php

@@ -591,6 +591,10 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) {
 		if ( '__MACOSX/' === substr($info['name'], 0, 9) ) // Skip the OS X-created __MACOSX directory
 			continue;
 
+		if ( 0 !== validate_file( $info['name'] ) ) {
+			return new WP_Error( 'invalid_file_ziparchive', __( 'Could not extract file from archive.' ), $info['name'] );
+		}
+
 		$uncompressed_size += $info['size'];
 
 		if ( '/' == substr($info['name'], -1) ) // directory
@@ -744,6 +748,10 @@ function _unzip_file_pclzip($file, $to, $needed_dirs = array()) {
 		if ( '__MACOSX/' === substr($file['filename'], 0, 9) ) // Don't extract the OS X-created __MACOSX directory files
 			continue;
 
+		if ( 0 !== validate_file( $file['filename'] ) ) {
+			return new WP_Error( 'invalid_file_pclzip', __( 'Could not extract file from archive.' ), $file['filename'] );
+		}
+
 		if ( ! $wp_filesystem->put_contents( $to . $file['filename'], $file['content'], FS_CHMOD_FILE) )
 			return new WP_Error( 'copy_failed_pclzip', __( 'Could not copy file.' ), $file['filename'] );
 	}
@@ -1018,14 +1026,28 @@ function request_filesystem_credentials($form_post, $type = '', $error = false,
 
 	$credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => ''));
 
+	$submitted_form = wp_unslash( $_POST );
+
+	// Verify nonce, or unset submitted form field values on failure
+	if ( ! isset( $_POST['_fs_nonce'] ) || ! wp_verify_nonce( $_POST['_fs_nonce'], 'filesystem-credentials' ) ) {
+		unset(
+			$submitted_form['hostname'],
+			$submitted_form['username'],
+			$submitted_form['password'],
+			$submitted_form['public_key'],
+			$submitted_form['private_key'],
+			$submitted_form['connection_type']
+		);
+	}
+
 	// If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
-	$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']);
-	$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']);
-	$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : '');
+	$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($submitted_form['hostname']) ? $submitted_form['hostname'] : $credentials['hostname']);
+	$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($submitted_form['username']) ? $submitted_form['username'] : $credentials['username']);
+	$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($submitted_form['password']) ? $submitted_form['password'] : '');
 
 	// Check to see if we are setting the public/private keys for ssh
-	$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : '');
-	$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : '');
+	$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($submitted_form['public_key']) ? $submitted_form['public_key'] : '');
+	$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($submitted_form['private_key']) ? $submitted_form['private_key'] : '');
 
 	// Sanitize the hostname, Some people might pass in odd-data:
 	$credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off
@@ -1042,8 +1064,8 @@ function request_filesystem_credentials($form_post, $type = '', $error = false,
 		$credentials['connection_type'] = 'ssh';
 	else if ( (defined('FTP_SSL') && FTP_SSL) && 'ftpext' == $type ) //Only the FTP Extension understands SSL
 		$credentials['connection_type'] = 'ftps';
-	else if ( !empty($_POST['connection_type']) )
-		$credentials['connection_type'] = wp_unslash( $_POST['connection_type'] );
+	else if ( !empty($submitted_form['connection_type']) )
+		$credentials['connection_type'] = $submitted_form['connection_type'];
 	else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP
 		$credentials['connection_type'] = 'ftp';
 
@@ -1183,11 +1205,14 @@ jQuery(function($){
 
 <?php
 foreach ( (array) $extra_fields as $field ) {
-	if ( isset( $_POST[ $field ] ) )
-		echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( wp_unslash( $_POST[ $field ] ) ) . '" />';
+	if ( isset( $submitted_form[ $field ] ) )
+		echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( $submitted_form[ $field ] ) . '" />';
 }
-submit_button( __( 'Proceed' ), 'button', 'upgrade' );
 ?>
+	<p class="request-filesystem-credentials-action-buttons">
+		<?php wp_nonce_field( 'filesystem-credentials', '_fs_nonce', false, true ); ?>
+		<?php submit_button( __( 'Proceed' ), 'button', 'upgrade', false ); ?>
+	</p>
 </div>
 </form>
 <?php

wp-admin/includes/media.php

@@ -279,7 +279,7 @@ function media_handle_upload($file_id, $post_id, $post_data = array(), $override
 	$url = $file['url'];
 	$type = $file['type'];
 	$file = $file['file'];
-	$title = $name;
+	$title = sanitize_text_field( $name );
 	$content = '';
 
 	if ( preg_match( '#^audio#', $type ) ) {
@@ -2893,7 +2893,7 @@ function wp_add_id3_tag_data( &$metadata, $data ) {
 		if ( ! empty( $data[$version]['comments'] ) ) {
 			foreach ( $data[$version]['comments'] as $key => $list ) {
 				if ( 'length' !== $key && ! empty( $list ) ) {
-					$metadata[$key] = reset( $list );
+					$metadata[$key] = wp_kses_post( reset( $list ) );
 					// Fix bug in byte stream analysis.
 					if ( 'terms_of_use' === $key && 0 === strpos( $metadata[$key], 'yright notice.' ) )
 						$metadata[$key] = 'Cop' . $metadata[$key];

wp-admin/includes/post.php

@@ -165,6 +165,13 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 		$post_data['post_date_gmt'] = get_gmt_from_date( $post_data['post_date'] );
 	}
 
+	if ( isset( $post_data['post_category'] ) ) {
+		$category_object = get_taxonomy( 'category' );
+		if ( ! current_user_can( $category_object->cap->assign_terms ) ) {
+			unset( $post_data['post_category'] );
+		}
+	}
+
 	return $post_data;
 }
 
@@ -1209,7 +1216,7 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
 	}
 
 	if ( false === strpos( $permalink, '%postname%' ) && false === strpos( $permalink, '%pagename%' ) ) {
-		$return = '<strong>' . __('Permalink:') . "</strong>\n" . '<span id="sample-permalink" tabindex="-1">' . $permalink . "</span>\n";
+		$return = '<strong>' . __('Permalink:') . "</strong>\n" . '<span id="sample-permalink" tabindex="-1">' . esc_html( $permalink ) . "</span>\n";
 		if ( '' == get_option( 'permalink_structure' ) && current_user_can( 'manage_options' ) && !( 'page' == get_option('show_on_front') && $id == get_option('page_on_front') ) ) {
 			$return .= '<span id="change-permalinks"><a href="options-permalink.php" class="button button-small" target="_blank">' . __('Change Permalinks') . "</a></span>\n";
 		}
@@ -1228,14 +1235,14 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
 			}
 		}
 
-		$post_name_html = '<span id="editable-post-name" title="' . $title . '">' . $post_name_abridged . '</span>';
-		$display_link = str_replace( array( '%pagename%', '%postname%' ), $post_name_html, urldecode( $permalink ) );
+		$post_name_html = '<span id="editable-post-name" title="' . $title . '">' . esc_html( $post_name_abridged ) . '</span>';
+		$display_link = str_replace( array( '%pagename%', '%postname%' ), $post_name_html, esc_html( urldecode( $permalink ) ) );
 
 		$return =  '<strong>' . __( 'Permalink:' ) . "</strong>\n";
 		$return .= '<span id="sample-permalink" tabindex="-1">' . $display_link . "</span>\n";
 		$return .= '&lrm;'; // Fix bi-directional text display defect in RTL languages.
 		$return .= '<span id="edit-slug-buttons"><a href="#post_name" class="edit-slug button button-small hide-if-no-js" onclick="editPermalink(' . $id . '); return false;">' . __( 'Edit' ) . "</a></span>\n";
-		$return .= '<span id="editable-post-name-full">' . $post_name . "</span>\n";
+		$return .= '<span id="editable-post-name-full">' . esc_html( $post_name ) . "</span>\n";
 	}
 
 	if ( isset( $view_post ) ) {
@@ -1245,7 +1252,7 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
 			$preview_link = apply_filters( 'preview_post_link', add_query_arg( 'preview', 'true', $preview_link ), $post );
 			$return .= "<span id='view-post-btn'><a href='" . esc_url( $preview_link ) . "' class='button button-small' target='wp-preview-{$post->ID}'>$view_post</a></span>\n";
 		} else {
-			$return .= "<span id='view-post-btn'><a href='" . get_permalink( $post ) . "' class='button button-small'>$view_post</a></span>\n";
+			$return .= "<span id='view-post-btn'><a href='" . esc_url( get_permalink( $post ) ) . "' class='button button-small'>$view_post</a></span>\n";
 		}
 	}
 
@@ -1473,7 +1480,7 @@ function _admin_notice_post_locked() {
 		// Allow plugins to prevent some users overriding the post lock
 		if ( $override ) {
 			?>
-			<a class="button button-primary wp-tab-last" href="<?php echo esc_url( add_query_arg( 'get-post-lock', '1', get_edit_post_link( $post->ID, 'url' ) ) ); ?>"><?php _e('Take over'); ?></a>
+			<a class="button button-primary wp-tab-last" href="<?php echo esc_url( add_query_arg( 'get-post-lock', '1', wp_nonce_url( get_edit_post_link( $post->ID, 'url' ), 'lock-post_' . $post->ID ) ) ); ?>"><?php _e('Take over'); ?></a>
 			<?php
 		}
 

wp-admin/includes/screen.php

@@ -970,7 +970,8 @@ final class WP_Screen {
 
 		switch ( $this->base ) {
 			case 'widgets':
-				$this->_screen_settings = '<p><a id="access-on" href="widgets.php?widgets-access=on">' . __('Enable accessibility mode') . '</a><a id="access-off" href="widgets.php?widgets-access=off">' . __('Disable accessibility mode') . "</a></p>\n";
+				$nonce = wp_create_nonce( 'widgets-access' );
+				$this->_screen_settings = '<p><a id="access-on" href="widgets.php?widgets-access=on&_wpnonce=' . urlencode( $nonce ) . '">' . __('Enable accessibility mode') . '</a><a id="access-off" href="widgets.php?widgets-access=off&_wpnonce=' . urlencode( $nonce ) . '">' . __('Disable accessibility mode') . "</a></p>\n";
 				break;
 			case 'post' :
 				$expand = '<div class="editor-expand hidden"><label for="editor-expand-toggle">';

wp-admin/includes/taxonomy.php

@@ -11,14 +11,17 @@
 //
 
 /**
- * {@internal Missing Short Description}}
+ * Check whether a category exists.
  *
  * @since 2.0.0
  *
- * @param int|string $cat_name
- * @return int
+ * @see term_exists()
+ *
+ * @param int|string $cat_name Category name.
+ * @param int        $parent   Optional. ID of parent term.
+ * @return mixed
  */
-function category_exists($cat_name, $parent = 0) {
+function category_exists( $cat_name, $parent = null ) {
 	$id = term_exists($cat_name, 'category', $parent);
 	if ( is_array($id) )
 		$id = $id['term_id'];

wp-admin/includes/template.php

@@ -800,7 +800,7 @@ function page_template_dropdown( $default = '' ) {
 	ksort( $templates );
 	foreach ( array_keys( $templates ) as $template ) {
 		$selected = selected( $default, $templates[ $template ], false );
-		echo "\n\t<option value='" . $templates[ $template ] . "' $selected>$template</option>";
+		echo "\n\t<option value='" . esc_attr( $templates[ $template ] ) . "' $selected>" . esc_html( $template ) . "</option>";
 	}
 }
 
@@ -1505,7 +1505,7 @@ function _draft_or_post_title( $post = 0 ) {
 	$title = get_the_title( $post );
 	if ( empty( $title ) )
 		$title = __( '(no title)' );
-	return $title;
+	return esc_html( $title );
 }
 
 /**

wp-admin/includes/update-core.php

@@ -694,6 +694,7 @@ $_old_files = array(
 'wp-includes/js/jquery/ui/jquery.ui.tabs.min.js',
 'wp-includes/js/jquery/ui/jquery.ui.tooltip.min.js',
 'wp-includes/js/jquery/ui/jquery.ui.widget.min.js',
+'wp-includes/js/tinymce/skins/wordpress/images/dashicon-no-alt.png',
 );
 
 /**
@@ -1047,6 +1048,9 @@ function update_core($from, $to) {
 		$wp_filesystem->delete($old_file, true);
 	}
 
+	// Remove any Genericons example.html's from the filesystem
+	_upgrade_422_remove_genericons();
+
 	// Upgrade DB with separate request
 	/** This filter is documented in wp-admin/includes/update-core.php */
 	apply_filters( 'update_feedback', __( 'Upgrading database…' ) );
@@ -1185,3 +1189,67 @@ window.location = 'about.php?updated';
 	exit();
 }
 add_action( '_core_updated_successfully', '_redirect_to_about_wordpress' );
+
+/**
+ * Cleans up Genericons example files.
+ *
+ * @since 4.2.2
+ */
+function _upgrade_422_remove_genericons() {
+	global $wp_theme_directories, $wp_filesystem;
+
+	// A list of the affected files using the filesystem absolute paths.
+	$affected_files = array();
+
+	// Themes
+	foreach ( $wp_theme_directories as $directory ) {
+		$affected_theme_files = _upgrade_422_find_genericons_files_in_folder( $directory );
+		$affected_files       = array_merge( $affected_files, $affected_theme_files );
+	}
+
+	// Plugins
+	$affected_plugin_files = _upgrade_422_find_genericons_files_in_folder( WP_PLUGIN_DIR );
+	$affected_files        = array_merge( $affected_files, $affected_plugin_files );
+
+	foreach ( $affected_files as $file ) {
+		$gen_dir = $wp_filesystem->find_folder( trailingslashit( dirname( $file ) ) );
+		if ( empty( $gen_dir ) ) {
+			continue;
+		}
+
+		// The path when the file is accessed via WP_Filesystem may differ in the case of FTP
+		$remote_file = $gen_dir . basename( $file );
+
+		if ( ! $wp_filesystem->exists( $remote_file ) ) {
+			continue;
+		}
+
+		if ( ! $wp_filesystem->delete( $remote_file, false, 'f' ) ) {
+			$wp_filesystem->put_contents( $remote_file, '' );
+		}
+	}
+}
+
+/**
+ * Recursively find Genericons example files in a given folder.
+ *
+ * @ignore
+ * @since 4.2.2
+ *
+ * @param string $directory Directory path. Expects trailingslashed.
+ * @return array
+ */
+function _upgrade_422_find_genericons_files_in_folder( $directory ) {
+	$directory = trailingslashit( $directory );
+	$files     = array();
+
+	if ( file_exists( "{$directory}example.html" ) && false !== strpos( file_get_contents( "{$directory}example.html" ), '<title>Genericons</title>' ) ) {
+		$files[] = "{$directory}example.html";
+	}
+
+	foreach ( glob( $directory . '*', GLOB_ONLYDIR ) as $dir ) {
+		$files = array_merge( $files, _upgrade_422_find_genericons_files_in_folder( $dir ) );
+	}
+
+	return $files;
+}

wp-admin/includes/upgrade.php

@@ -442,6 +442,9 @@ function upgrade_all() {
 	if ( $wp_current_db_version < 29630 )
 		upgrade_400();
 
+	if ( $wp_current_db_version < 30135 )
+		upgrade_415();
+
 	maybe_disable_link_manager();
 
 	maybe_disable_automattic_widgets();
@@ -1328,6 +1331,62 @@ function upgrade_400() {
 	}
 }
 
+/**
+ * Execute changes made in WordPress 4.1.4.
+ *
+ * @since 4.1.4
+ */
+function upgrade_414() {
+}
+
+/**
+ * Execute changes made in WordPress 4.1.5.
+ *
+ * @since 4.1.5
+ */
+function upgrade_415() {
+	global $wp_current_db_version, $wpdb;
+
+	if ( $wp_current_db_version < 30135 ) {
+		$content_length = $wpdb->get_col_length( $wpdb->comments, 'comment_content' );
+
+		if ( is_wp_error( $content_length ) ) {
+			return;
+		}
+
+		if ( false === $content_length ) {
+			$content_length = array(
+				'type'   => 'byte',
+				'length' => 65535,
+			);
+		} elseif ( ! is_array( $content_length ) ) {
+			$length = (int) $content_length > 0 ? (int) $content_length : 65535;
+			$content_length = array(
+				'type'	 => 'byte',
+				'length' => $length
+			);
+		}
+
+		if ( 'byte' !== $content_length['type'] || 0 === $content_length['length'] ) {
+			// Sites with malformed DB schemas are on their own.
+			return;
+		}
+
+		$allowed_length = intval( $content_length['length'] ) - 10;
+
+		$comments = $wpdb->get_results(
+			"SELECT `comment_ID` FROM `{$wpdb->comments}`
+				WHERE `comment_date_gmt` > '2015-04-26'
+				AND LENGTH( `comment_content` ) >= {$allowed_length}
+				AND ( `comment_content` LIKE '%<%' OR `comment_content` LIKE '%>%' )"
+		);
+
+		foreach ( $comments as $comment ) {
+			wp_delete_comment( $comment->comment_ID, true );
+		}
+	}
+}
+
 /**
  * Execute network level changes
  *

wp-admin/js/common.js

@@ -171,7 +171,7 @@ $('.contextual-help-tabs').delegate('a', 'click', function(e) {
 });
 
 $(document).ready( function() {
-	var checks, first, last, checked, sliced, mobileEvent, transitionTimeout, focusedRowActions,
+	var checks, first, last, checked, sliced, mobileEvent, transitionTimeout, focusedRowActions, $firstHeading,
 		lastClicked = false,
 		pageInput = $('input.current-page'),
 		currentPage = pageInput.val(),
@@ -368,9 +368,10 @@ $(document).ready( function() {
 		});
 	}
 
-	// Move .updated and .error alert boxes. Don't move boxes designed to be inline.
-	$('div.wrap h2:first').nextAll('div.updated, div.error').addClass('below-h2');
-	$('div.updated, div.error').not('.below-h2, .inline').insertAfter( $('div.wrap h2:first') );
+	// Move .notice, .updated and .error alert boxes. Don't move boxes designed to be inline.
+	$firstHeading = $( 'div.wrap h2:first' );
+	$firstHeading.nextAll( 'div.updated, div.error, div.notice' ).addClass( 'below-h2' );
+	$( 'div.updated, div.error, div.notice' ).not( '.below-h2, .inline' ).insertAfter( $firstHeading );
 
 	// Init screen meta
 	screenMeta.init();

wp-admin/js/customize-controls.js

@@ -128,12 +128,12 @@
 	api.utils.areElementListsEqual = function ( listA, listB ) {
 		var equal = (
 			listA.length === listB.length && // if lists are different lengths, then naturally they are not equal
-			-1 === _.map( // are there any false values in the list returned by map?
+			-1 === _.indexOf( _.map( // are there any false values in the list returned by map?
 				_.zip( listA, listB ), // pair up each element between the two lists
 				function ( pair ) {
 					return $( pair[0] ).is( pair[1] ); // compare to see if each pair are equal
 				}
-			).indexOf( false ) // check for presence of false in map's return value
+			), false ) // check for presence of false in map's return value
 		);
 		return equal;
 	};
@@ -2003,6 +2003,16 @@
 			}
 		});
 
+		// Ensure preview nonce is included with every customized request, to allow post data to be read.
+		$.ajaxPrefilter( function injectPreviewNonce( options ) {
+			if ( ! /wp_customize=on/.test( options.data ) ) {
+				return;
+			}
+			options.data += '&' + $.param({
+				customize_preview_nonce: api.settings.nonce.preview
+			});
+		});
+
 		// Refresh the nonces if the preview sends updated nonces over.
 		api.previewer.bind( 'nonce', function( nonce ) {
 			$.extend( this.nonce, nonce );

wp-admin/js/nav-menu.js

@@ -453,14 +453,14 @@ var wpNavMenu;
 				if ( ! isPrimaryMenuItem ) {
 					thisLink = menuItem.find( '.menus-move-left' ),
 					thisLinkText = menus.outFrom.replace( '%s', prevItemNameLeft );
-					thisLink.prop( 'title', menus.moveOutFrom.replace( '%s', prevItemNameLeft ) ).html( thisLinkText ).css( 'display', 'inline' );
+					thisLink.prop( 'title', menus.moveOutFrom.replace( '%s', prevItemNameLeft ) ).text( thisLinkText ).css( 'display', 'inline' );
 				}
 
 				if ( 0 !== position ) {
 					if ( menuItem.find( '.menu-item-data-parent-id' ).val() !== menuItem.prev().find( '.menu-item-data-db-id' ).val() ) {
 						thisLink = menuItem.find( '.menus-move-right' ),
 						thisLinkText = menus.under.replace( '%s', prevItemNameRight );
-						thisLink.prop( 'title', menus.moveUnder.replace( '%s', prevItemNameRight ) ).html( thisLinkText ).css( 'display', 'inline' );
+						thisLink.prop( 'title', menus.moveUnder.replace( '%s', prevItemNameRight ) ).text( thisLinkText ).css( 'display', 'inline' );
 					}
 				}
 
@@ -482,7 +482,7 @@ var wpNavMenu;
 					title = menus.subMenuFocus.replace( '%1$s', itemName ).replace( '%2$d', itemPosition ).replace( '%3$s', parentItemName );
 				}
 
-				$this.prop('title', title).html( title );
+				$this.prop('title', title).text( title );
 			});
 		},
 

wp-admin/network/settings.php

@@ -272,7 +272,7 @@ if ( isset( $_GET['updated'] ) ) {
 			<tr>
 				<th scope="row"><label for="first_comment_author"><?php _e( 'First Comment Author' ) ?></label></th>
 				<td>
-					<input type="text" size="40" name="first_comment_author" id="first_comment_author" value="<?php echo get_site_option('first_comment_author') ?>" />
+					<input type="text" size="40" name="first_comment_author" id="first_comment_author" value="<?php echo esc_attr( get_site_option('first_comment_author') ); ?>" />
 					<p class="description">
 						<?php _e( 'The author of the first comment on a new site.' ) ?>
 					</p>

wp-admin/plugin-editor.php

@@ -93,9 +93,9 @@ default:
 			wp_die( $error );
 
 		if ( ( ! empty( $_GET['networkwide'] ) && ! is_plugin_active_for_network($file) ) || ! is_plugin_active($file) )
-			activate_plugin($file, "plugin-editor.php?file=$file&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error
+			activate_plugin($file, "plugin-editor.php?file=" . urlencode( $file ) . "&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error
 
-		wp_redirect( self_admin_url("plugin-editor.php?file=$file&a=te&scrollto=$scrollto") );
+		wp_redirect( self_admin_url("plugin-editor.php?file=" . urlencode( $file ) . "&a=te&scrollto=$scrollto") );
 		exit;
 	}
 
@@ -181,14 +181,14 @@ default:
 <big><?php
 	if ( is_plugin_active($plugin) ) {
 		if ( is_writeable($real_file) )
-			echo sprintf(__('Editing <strong>%s</strong> (active)'), $file);
+			echo sprintf(__('Editing <strong>%s</strong> (active)'), esc_html( $file ) );
 		else
-			echo sprintf(__('Browsing <strong>%s</strong> (active)'), $file);
+			echo sprintf(__('Browsing <strong>%s</strong> (active)'), esc_html( $file ) );
 	} else {
 		if ( is_writeable($real_file) )
-			echo sprintf(__('Editing <strong>%s</strong> (inactive)'), $file);
+			echo sprintf(__('Editing <strong>%s</strong> (inactive)'), esc_html( $file ) );
 		else
-			echo sprintf(__('Browsing <strong>%s</strong> (inactive)'), $file);
+			echo sprintf(__('Browsing <strong>%s</strong> (inactive)'), esc_html( $file ) );
 	}
 	?></big>
 </div>
@@ -232,7 +232,7 @@ foreach ( $plugin_files as $plugin_file ) :
 		continue;
 	}
 ?>
-		<li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&amp;plugin=<?php echo urlencode( $plugin ) ?>"><?php echo $plugin_file ?></a></li>
+		<li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&amp;plugin=<?php echo urlencode( $plugin ) ?>"><?php echo esc_html( $plugin_file ); ?></a></li>
 <?php endforeach; ?>
 	</ul>
 </div>

wp-admin/plugins.php

@@ -17,7 +17,7 @@ $pagenum = $wp_list_table->get_pagenum();
 
 $action = $wp_list_table->current_action();
 
-$plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin'] : '';
+$plugin = isset($_REQUEST['plugin']) ? wp_unslash( $_REQUEST['plugin'] ) : '';
 $s = isset($_REQUEST['s']) ? urlencode($_REQUEST['s']) : '';
 
 // Clean up request URI from temporary args for screen options/paging uri's to work as expected.
@@ -37,10 +37,10 @@ if ( $action ) {
 
 			check_admin_referer('activate-plugin_' . $plugin);
 
-			$result = activate_plugin($plugin, self_admin_url('plugins.php?error=true&plugin=' . $plugin), is_network_admin() );
+			$result = activate_plugin($plugin, self_admin_url('plugins.php?error=true&plugin=' . urlencode( $plugin ) ), is_network_admin() );
 			if ( is_wp_error( $result ) ) {
 				if ( 'unexpected_output' == $result->get_error_code() ) {
-					$redirect = self_admin_url('plugins.php?error=true&charsout=' . strlen($result->get_error_data()) . '&plugin=' . $plugin . "&plugin_status=$status&paged=$page&s=$s");
+					$redirect = self_admin_url('plugins.php?error=true&charsout=' . strlen($result->get_error_data()) . '&plugin=' . urlencode( $plugin ) . "&plugin_status=$status&paged=$page&s=$s");
 					wp_redirect(add_query_arg('_error_nonce', wp_create_nonce('plugin-activation-error_' . $plugin), $redirect));
 					exit;
 				} else {
@@ -67,7 +67,7 @@ if ( $action ) {
 
 			check_admin_referer('bulk-plugins');
 
-			$plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
+			$plugins = isset( $_POST['checked'] ) ? (array) wp_unslash( $_POST['checked'] ) : array();
 
 			if ( is_network_admin() ) {
 				foreach ( $plugins as $i => $plugin ) {
@@ -107,9 +107,9 @@ if ( $action ) {
 			check_admin_referer( 'bulk-plugins' );
 
 			if ( isset( $_GET['plugins'] ) )
-				$plugins = explode( ',', $_GET['plugins'] );
+				$plugins = explode( ',', wp_unslash( $_GET['plugins'] ) );
 			elseif ( isset( $_POST['checked'] ) )
-				$plugins = (array) $_POST['checked'];
+				$plugins = (array) wp_unslash( $_POST['checked'] );
 			else
 				$plugins = array();
 
@@ -181,7 +181,7 @@ if ( $action ) {
 
 			check_admin_referer('bulk-plugins');
 
-			$plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
+			$plugins = isset( $_POST['checked'] ) ? (array) wp_unslash( $_POST['checked'] ) : array();
 			// Do not deactivate plugins which are already deactivated.
 			if ( is_network_admin() ) {
 				$plugins = array_filter( $plugins, 'is_plugin_active_for_network' );
@@ -214,7 +214,7 @@ if ( $action ) {
 			check_admin_referer('bulk-plugins');
 
 			//$_POST = from the plugin form; $_GET = from the FTP details screen.
-			$plugins = isset( $_REQUEST['checked'] ) ? (array) $_REQUEST['checked'] : array();
+			$plugins = isset( $_REQUEST['checked'] ) ? (array) wp_unslash( $_REQUEST['checked'] ) : array();
 			if ( empty( $plugins ) ) {
 				wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") );
 				exit;
@@ -226,6 +226,14 @@ if ( $action ) {
 				exit;
 			}
 
+			// Bail on all if any paths are invalid.
+			// validate_file() returns truthy for invalid files
+			$invalid_plugin_files = array_filter( $plugins, 'validate_file' );
+			if ( $invalid_plugin_files ) {
+				wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") );
+				exit;
+			}
+
 			include(ABSPATH . 'wp-admin/update.php');
 
 			$parent_file = 'plugins.php';

wp-admin/post.php

@@ -113,8 +113,9 @@ case 'post-quickdraft-save':
 	if ( ! wp_verify_nonce( $nonce, 'add-post' ) )
 		$error_msg = __( 'Unable to submit this form, please refresh and try again.' );
 
-	if ( ! current_user_can( 'edit_posts' ) )
-		$error_msg = __( 'Oops, you don’t have access to add new drafts.' );
+	if ( ! current_user_can( 'edit_posts' ) ) {
+		exit;
+	}
 
 	if ( $error_msg )
 		return wp_dashboard_quick_press( $error_msg );
@@ -157,6 +158,7 @@ case 'edit':
 		wp_die( __( 'You can’t edit this item because it is in the Trash. Please restore it and try again.' ) );
 
 	if ( ! empty( $_GET['get-post-lock'] ) ) {
+		check_admin_referer( 'lock-post_' . $post_id );
 		wp_set_post_lock( $post_id );
 		wp_redirect( get_edit_post_link( $post_id, 'url' ) );
 		exit();

wp-admin/press-this.php

@@ -32,8 +32,25 @@ function press_it() {
 	if ( !current_user_can('edit_post', $post_ID) )
 		wp_die(__('You are not allowed to edit this post.'));
 
-	$post['post_category'] = isset($_POST['post_category']) ? $_POST['post_category'] : '';
-	$post['tax_input'] = isset($_POST['tax_input']) ? $_POST['tax_input'] : '';
+	// Only accept categories if the user actually can assign
+	$category_tax = get_taxonomy( 'category' );
+	if ( current_user_can( $category_tax->cap->assign_terms ) ) {
+		$post['post_category'] = ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array();
+	}
+
+	// Only accept taxonomies if the user can actually assign
+	if ( ! empty( $_POST['tax_input'] ) ) {
+		$tax_input = $_POST['tax_input'];
+		foreach ( $tax_input as $tax => $_ti ) {
+			$tax_object = get_taxonomy( $tax );
+			if ( ! $tax_object || ! current_user_can( $tax_object->cap->assign_terms ) ) {
+				unset( $tax_input[ $tax ] );
+			}
+		}
+
+		$post['tax_input'] = $tax_input;
+	}
+
 	$post['post_title'] = isset($_POST['title']) ? $_POST['title'] : '';
 	$content = isset($_POST['content']) ? $_POST['content'] : '';
 
@@ -523,75 +540,81 @@ $admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace(
 				</div>
 			</div>
 
-			<?php $tax = get_taxonomy( 'category' ); ?>
-			<div id="categorydiv" class="postbox">
-				<div class="handlediv" title="<?php esc_attr_e( 'Click to toggle' ); ?>"><br /></div>
-				<h3 class="hndle"><?php _e('Categories') ?></h3>
-				<div class="inside">
-				<div id="taxonomy-category" class="categorydiv">
+			<?php
 
-					<ul id="category-tabs" class="category-tabs">
-						<li class="tabs"><a href="#category-all"><?php echo $tax->labels->all_items; ?></a></li>
-						<li class="hide-if-no-js"><a href="#category-pop"><?php _e( 'Most Used' ); ?></a></li>
-					</ul>
+			$tax = get_taxonomy( 'category' );
+			if ( current_user_can( $tax->cap->assign_terms ) ) :
+				?>
+				<div id="categorydiv" class="postbox">
+					<div class="handlediv" title="<?php esc_attr_e( 'Click to toggle' ); ?>"><br /></div>
+					<h3 class="hndle"><?php _e('Categories') ?></h3>
+					<div class="inside">
+					<div id="taxonomy-category" class="categorydiv">
 
-					<div id="category-pop" class="tabs-panel" style="display: none;">
-						<ul id="categorychecklist-pop" class="categorychecklist form-no-clear" >
-							<?php $popular_ids = wp_popular_terms_checklist( 'category' ); ?>
+						<ul id="category-tabs" class="category-tabs">
+							<li class="tabs"><a href="#category-all"><?php echo $tax->labels->all_items; ?></a></li>
+							<li class="hide-if-no-js"><a href="#category-pop"><?php _e( 'Most Used' ); ?></a></li>
 						</ul>
-					</div>
 
-					<div id="category-all" class="tabs-panel">
-						<ul id="categorychecklist" data-wp-lists="list:category" class="categorychecklist form-no-clear">
-							<?php wp_terms_checklist($post_ID, array( 'taxonomy' => 'category', 'popular_cats' => $popular_ids ) ) ?>
-						</ul>
-					</div>
-
-					<?php if ( !current_user_can($tax->cap->assign_terms) ) : ?>
-					<p><em><?php _e('You cannot modify this Taxonomy.'); ?></em></p>
-					<?php endif; ?>
-					<?php if ( current_user_can($tax->cap->edit_terms) ) : ?>
-						<div id="category-adder" class="wp-hidden-children">
-							<h4>
-								<a id="category-add-toggle" href="#category-add" class="hide-if-no-js">
-									<?php printf( __( '+ %s' ), $tax->labels->add_new_item ); ?>
-								</a>
-							</h4>
-							<p id="category-add" class="category-add wp-hidden-child">
-								<label class="screen-reader-text" for="newcategory"><?php echo $tax->labels->add_new_item; ?></label>
-								<input type="text" name="newcategory" id="newcategory" class="form-required form-input-tip" value="<?php echo esc_attr( $tax->labels->new_item_name ); ?>" aria-required="true"/>
-								<label class="screen-reader-text" for="newcategory_parent">
-									<?php echo $tax->labels->parent_item_colon; ?>
-								</label>
-								<?php wp_dropdown_categories( array( 'taxonomy' => 'category', 'hide_empty' => 0, 'name' => 'newcategory_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '&mdash; ' . $tax->labels->parent_item . ' &mdash;' ) ); ?>
-								<input type="button" id="category-add-submit" data-wp-lists="add:categorychecklist:category-add" class="button category-add-submit" value="<?php echo esc_attr( $tax->labels->add_new_item ); ?>" />
-								<?php wp_nonce_field( 'add-category', '_ajax_nonce-add-category', false ); ?>
-								<span id="category-ajax-response"></span>
-							</p>
+						<div id="category-pop" class="tabs-panel" style="display: none;">
+							<ul id="categorychecklist-pop" class="categorychecklist form-no-clear" >
+								<?php $popular_ids = wp_popular_terms_checklist( 'category' ); ?>
+							</ul>
 						</div>
-					<?php endif; ?>
-				</div>
-				</div>
-			</div>
 
-			<div id="tagsdiv-post_tag" class="postbox">
-				<div class="handlediv" title="<?php esc_attr_e( 'Click to toggle' ); ?>"><br /></div>
-				<h3><span><?php _e('Tags'); ?></span></h3>
-				<div class="inside">
-					<div class="tagsdiv" id="post_tag">
-						<div class="jaxtag">
-							<label class="screen-reader-text" for="newtag"><?php _e('Tags'); ?></label>
-							<input type="hidden" name="tax_input[post_tag]" class="the-tags" id="tax-input[post_tag]" value="" />
-							<div class="ajaxtag">
-								<input type="text" name="newtag[post_tag]" class="newtag form-input-tip" size="16" autocomplete="off" value="" />
-								<input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" />
+						<div id="category-all" class="tabs-panel">
+							<ul id="categorychecklist" data-wp-lists="list:category" class="categorychecklist form-no-clear">
+								<?php wp_terms_checklist($post_ID, array( 'taxonomy' => 'category', 'popular_cats' => $popular_ids ) ) ?>
+							</ul>
+						</div>
+
+						<?php if ( current_user_can($tax->cap->edit_terms) ) : ?>
+							<div id="category-adder" class="wp-hidden-children">
+								<h4>
+									<a id="category-add-toggle" href="#category-add" class="hide-if-no-js">
+										<?php printf( __( '+ %s' ), $tax->labels->add_new_item ); ?>
+									</a>
+								</h4>
+								<p id="category-add" class="category-add wp-hidden-child">
+									<label class="screen-reader-text" for="newcategory"><?php echo $tax->labels->add_new_item; ?></label>
+									<input type="text" name="newcategory" id="newcategory" class="form-required form-input-tip" value="<?php echo esc_attr( $tax->labels->new_item_name ); ?>" aria-required="true"/>
+									<label class="screen-reader-text" for="newcategory_parent">
+										<?php echo $tax->labels->parent_item_colon; ?>
+									</label>
+									<?php wp_dropdown_categories( array( 'taxonomy' => 'category', 'hide_empty' => 0, 'name' => 'newcategory_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '&mdash; ' . $tax->labels->parent_item . ' &mdash;' ) ); ?>
+									<input type="button" id="category-add-submit" data-wp-lists="add:categorychecklist:category-add" class="button category-add-submit" value="<?php echo esc_attr( $tax->labels->add_new_item ); ?>" />
+									<?php wp_nonce_field( 'add-category', '_ajax_nonce-add-category', false ); ?>
+									<span id="category-ajax-response"></span>
+								</p>
 							</div>
-						</div>
-						<div class="tagchecklist"></div>
+						<?php endif; ?>
+					</div>
 					</div>
-					<p class="tagcloud-link"><a href="#titlediv" class="tagcloud-link" id="link-post_tag"><?php _e('Choose from the most used tags'); ?></a></p>
 				</div>
-			</div>
+			<?php endif;
+
+			$tax = get_taxonomy( 'post_tag' );
+			if ( current_user_can( $tax->cap->assign_terms ) ) :
+				?>
+				<div id="tagsdiv-post_tag" class="postbox">
+					<div class="handlediv" title="<?php esc_attr_e( 'Click to toggle' ); ?>"><br /></div>
+					<h3><span><?php _e('Tags'); ?></span></h3>
+					<div class="inside">
+						<div class="tagsdiv" id="post_tag">
+							<div class="jaxtag">
+								<label class="screen-reader-text" for="newtag"><?php _e('Tags'); ?></label>
+								<input type="hidden" name="tax_input[post_tag]" class="the-tags" id="tax-input[post_tag]" value="" />
+								<div class="ajaxtag">
+									<input type="text" name="newtag[post_tag]" class="newtag form-input-tip" size="16" autocomplete="off" value="" />
+									<input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" />
+								</div>
+							</div>
+							<div class="tagchecklist"></div>
+						</div>
+						<p class="tagcloud-link"><a href="#titlediv" class="tagcloud-link" id="link-post_tag"><?php _e('Choose from the most used tags'); ?></a></p>
+					</div>
+				</div>
+			<?php endif; ?>
 		</div>
 	</div>
 	<div class="posting">

wp-admin/revision.php

@@ -63,7 +63,7 @@ default :
 	if ( ! $post = get_post( $revision->post_parent ) )
 		break;
 
-	if ( ! current_user_can( 'read_post', $revision->ID ) || ! current_user_can( 'read_post', $post->ID ) )
+	if ( ! current_user_can( 'read_post', $revision->ID ) || ! current_user_can( 'edit_post', $revision->post_parent ) )
 		break;
 
 	// Revisions disabled and we're not looking at an autosave

wp-admin/theme-editor.php

@@ -68,7 +68,7 @@ if ( empty( $file ) ) {
 	$relative_file = 'style.css';
 	$file = $allowed_files['style.css'];
 } else {
-	$relative_file = $file;
+	$relative_file = wp_unslash( $file );
 	$file = $theme->get_stylesheet_directory() . '/' . $relative_file;
 }
 
@@ -125,10 +125,12 @@ default:
  <div id="message" class="updated"><p><?php _e( 'File edited successfully.' ) ?></p></div>
 <?php endif;
 
-$description = get_file_description( $file );
+$file_description = get_file_description( $relative_file );
 $file_show = array_search( $file, array_filter( $allowed_files ) );
-if ( $description != $file_show )
-	$description .= ' <span>(' . $file_show . ')</span>';
+$description = esc_html( $file_description );
+if ( $file_description != $file_show ) {
+	$description .= ' <span>(' . esc_html( $file_show ) . ')</span>';
+}
 ?>
 <div class="wrap">
 <h2><?php echo esc_html( $title ); ?></h2>
@@ -177,9 +179,9 @@ if ( $allowed_files ) :
 		if ( 'style.css' == $filename )
 			echo "\t</ul>\n\t<h3>" . _x( 'Styles', 'Theme stylesheets in theme editor' ) . "</h3>\n\t<ul>\n";
 
-		$file_description = get_file_description( $absolute_filename );
+		$file_description = esc_html( get_file_description( $filename ) );
 		if ( $file_description != basename( $filename ) )
-			$file_description .= '<br /><span class="nonessential">(' . $filename . ')</span>';
+			$file_description .= '<br /><span class="nonessential">(' . esc_html( $filename ) . ')</span>';
 
 		if ( $absolute_filename == $file )
 			$file_description = '<span class="highlight">' . $file_description . '</span>';

wp-admin/update-core.php

@@ -240,9 +240,11 @@ function list_plugin_updates() {
 	<tbody class="plugins">
 <?php
 	foreach ( (array) $plugins as $plugin_file => $plugin_data) {
+		$plugin_data = (object) _get_plugin_data_markup_translate( $plugin_file, (array) $plugin_data, false, true );
+
 		$info = plugins_api('plugin_information', array('slug' => $plugin_data->update->slug ));
 		if ( is_wp_error( $info ) ) {
-			continue;
+			$info = false;
 		}
 
 		// Get plugin compat for running version of WordPress.
@@ -390,14 +392,14 @@ function do_core_upgrade( $reinstall = false ) {
 	<h2><?php _e('Update WordPress'); ?></h2>
 <?php
 
-	if ( false === ( $credentials = request_filesystem_credentials( $url, '', false, ABSPATH, array(), $allow_relaxed_file_ownership ) ) ) {
+	if ( false === ( $credentials = request_filesystem_credentials( $url, '', false, ABSPATH, array( 'version', 'locale' ), $allow_relaxed_file_ownership ) ) ) {
 		echo '</div>';
 		return;
 	}
 
 	if ( ! WP_Filesystem( $credentials, ABSPATH, $allow_relaxed_file_ownership ) ) {
 		// Failed to connect, Error and request again
-		request_filesystem_credentials( $url, '', true, ABSPATH, array(), $allow_relaxed_file_ownership );
+		request_filesystem_credentials( $url, '', true, ABSPATH, array( 'version', 'locale' ), $allow_relaxed_file_ownership );
 		echo '</div>';
 		return;
 	}

wp-admin/user-edit.php

@@ -99,7 +99,7 @@ if ( is_multisite()
 // Execute confirmed email change. See send_confirmation_on_profile_email().
 if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
 	$new_email = get_option( $current_user->ID . '_new_email' );
-	if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
+	if ( $new_email && hash_equals( $new_email[ 'hash' ], $_GET[ 'newuseremail' ] ) ) {
 		$user = new stdClass;
 		$user->ID = $current_user->ID;
 		$user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
@@ -110,7 +110,8 @@ if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $c
 		wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
 		die();
 	}
-} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
+} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) {
+	check_admin_referer( 'dismiss-' . $current_user->ID . '_new_email' );
 	delete_option( $current_user->ID . '_new_email' );
 	wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
 	die();
@@ -204,7 +205,7 @@ include(ABSPATH . 'wp-admin/admin-header.php');
 	<p><strong><?php _e('User updated.') ?></strong></p>
 	<?php endif; ?>
 	<?php if ( $wp_http_referer && !IS_PROFILE_PAGE ) : ?>
-	<p><a href="<?php echo esc_url( $wp_http_referer ); ?>"><?php _e('&larr; Back to Users'); ?></a></p>
+	<p><a href="<?php echo esc_url( wp_validate_redirect( esc_url_raw( $wp_http_referer ), self_admin_url( 'users.php' ) ) ); ?>"><?php _e('&larr; Back to Users'); ?></a></p>
 	<?php endif; ?>
 </div>
 <?php endif; ?>
@@ -413,7 +414,7 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c
 	$new_email = get_option( $current_user->ID . '_new_email' );
 	if ( $new_email && $new_email['newemail'] != $current_user->user_email && $profileuser->ID == $current_user->ID ) : ?>
 	<div class="updated inline">
-	<p><?php printf( __('There is a pending change of your e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_email['newemail'], esc_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ) ) ); ?></p>
+	<p><?php printf( __('There is a pending change of your e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), esc_html( $new_email['newemail'] ), esc_url( wp_nonce_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ), 'dismiss-' . $current_user->ID . '_new_email' ) ) ); ?></p>
 	</div>
 	<?php endif; ?>
 	</td>
@@ -489,7 +490,7 @@ if ( IS_PROFILE_PAGE && count( $sessions->get_all() ) === 1 ) : ?>
 	<tr class="user-sessions-wrap hide-if-no-js">
 		<th>&nbsp;</th>
 		<td aria-live="assertive">
-			<div class="destroy-sessions"><button disabled class="button button-secondary"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div>
+			<div class="destroy-sessions"><button type="button" disabled class="button button-secondary"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div>
 			<p class="description">
 				<?php _e( 'You are only logged in at this location.' ); ?>
 			</p>
@@ -499,7 +500,7 @@ if ( IS_PROFILE_PAGE && count( $sessions->get_all() ) === 1 ) : ?>
 	<tr class="user-sessions-wrap hide-if-no-js">
 		<th>&nbsp;</th>
 		<td aria-live="assertive">
-			<div class="destroy-sessions"><button class="button button-secondary" id="destroy-sessions"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div>
+			<div class="destroy-sessions"><button type="button" class="button button-secondary" id="destroy-sessions"><?php _e( 'Log Out of All Other Sessions' ); ?></button></div>
 			<p class="description">
 				<?php _e( 'Left your account logged in at a public computer? Lost your phone? This will log you out everywhere except your current browser.' ); ?>
 			</p>
@@ -509,7 +510,7 @@ if ( IS_PROFILE_PAGE && count( $sessions->get_all() ) === 1 ) : ?>
 	<tr class="user-sessions-wrap hide-if-no-js">
 		<th>&nbsp;</th>
 		<td>
-			<p><button class="button button-secondary" id="destroy-sessions"><?php _e( 'Log Out of All Sessions' ); ?></button></p>
+			<p><button type="button" class="button button-secondary" id="destroy-sessions"><?php _e( 'Log Out of All Sessions' ); ?></button></p>
 			<p class="description">
 				<?php
 				/* translators: 1: User's display name. */

wp-admin/widgets.php

@@ -17,6 +17,8 @@ if ( ! current_user_can('edit_theme_options') )
 
 $widgets_access = get_user_setting( 'widgets_access' );
 if ( isset($_GET['widgets-access']) ) {
+	check_admin_referer( 'widgets-access' );
+
 	$widgets_access = 'on' == $_GET['widgets-access'] ? 'on' : 'off';
 	set_user_setting( 'widgets_access', $widgets_access );
 }

wp-content/themes/twentyfifteen/genericons/example.html

@@ -1,719 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<title>Genericons</title>
-<link rel="stylesheet" href="genericons.css">
-<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
-<style type="text/css">
-/**
- * Example page CSS
- */
-
-body {
-	font-family: sans-serif;
-	line-height: 1.5;
-	margin: 0;
-	color: #2f2d2c;
-	background: #fff;
-	font-size: 11pt;
-}
-
-a {
-	color: #2f2d2c;
-}
-
-h4 {
-	margin-top: 40px;
-}
-
-#iconlist {
-	clear: both;
-	margin-bottom: 20px;
-}
-
-#iconlist div {
-	padding: 10px;
-	overflow: hidden;
-	white-space: nowrap;
-	font-size: 32px;
-	line-height: 1;
-	position: relative;
-	width: 32px;
-	height: 32px;
-}
-
-#iconlist div:before {
-	margin-right: 20px;
-}
-
-#iconlist div:hover {
-	cursor: pointer;
-	color: #e4c05c;
-}
-
-#primary {
-	background: #e4c05c;
-	overflow: hidden;
-}
-
-#content {
-	position: relative;
-	color: #fff;
-	max-width: 980px;
-	padding: 0 10px;
-	margin: 0 auto;
-}
-
-#icons {
-	background: #fbfbfb;
-}
-
-#icons #iconlist {
-	max-width: 980px;
-	box-sizing: border-box;
-	-moz-box-sizing:border-box;
-	-webkit-box-sizing:border-box;
-	padding: 20px 0;
-	margin: 0 auto;
-}
-
-#glyph {
-	float: left;
-	width: 50%;
-	box-sizing: border-box;
-	-moz-box-sizing:border-box;
-	-webkit-box-sizing:border-box;
-	-ms-box-sizing:border-box;
-	padding: 20px 0;
-}
-
-#glyph .info {
-	float: right;
-	width: 180px;
-	padding: 36px 0 0 0;
-}
-
-#glyph .info a {
-	color: #2f2d2c;
-	display: block;
-	padding: 8px 0 8px 15px;
-}
-
-#glyph .info strong {
-	font-weight: normal;
-	display: block;
-	padding: 8px 0;
-}
-
-#glyph .genericon {
-	font-size: 256px;
-	width: 256px;
-	height: 256px;
-	overflow: visible;
-	float: left;
-}
-
-.description {
-	margin-top: 50px;
-	width: 48%;
-	float: right;
-	padding-left: 40px;
-	margin-left: 2%;
-	box-sizing: border-box;
-	-moz-box-sizing:border-box;
-	-webkit-box-sizing:border-box;
-	-ms-box-sizing:border-box;
-	background-size: 4px 4px;
-}
-
-#primary h2 {
-	color: white;
-	margin: 0 auto;
-	padding: 22px 0 0 20px;
-	max-width: 980px;
-	font-size: 2em;
-}
-
-#primary h2 span {
-	display: block;
-	font-weight: normal;
-	font-size: 12pt;
-}
-
-#footer {
-	clear: both;
-	max-width: 980px;
-	margin: 80px auto;
-	text-align: center;
-	text-transform: uppercase;
-	letter-spacing: .1em;
-	font-size: 7pt;
-	color: #ddd;
-}
-
-#footer a {
-	color: #ccc;
-	display: inline-block;
-	width: 150px;
-	overflow: hidden;
-	text-indent: 100%;
-	position: relative;
-	top: 2px;
-	opacity: .3;
-	background-repeat: no-repeat;
-	background-position: center top;
-	background-image: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4NCjwhLS0gR2VuZXJhdG9yOiBBZG9iZSBJbGx1c3RyYXRvciAxNi4wLjQsIFNWRyBFeHBvcnQgUGx1Zy1JbiAuIFNWRyBWZXJzaW9uOiA2LjAwIEJ1aWxkIDApICAtLT4NCjwhRE9DVFlQRSBzdmcgUFVCTElDICItLy9XM0MvL0RURCBTVkcgMS4xLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL0dyYXBoaWNzL1NWRy8xLjEvRFREL3N2ZzExLmR0ZCI+DQo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4Ig0KCSB3aWR0aD0iMTUwcHgiIGhlaWdodD0iMTRweCIgdmlld0JveD0iMTAgMCAxNTAgMTQiIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMTAgMCAxNTAgMTQiIHhtbDpzcGFjZT0icHJlc2VydmUiPg0KPGc+DQoJPHBhdGggZmlsbD0iIzQ0NDQ0NCIgZD0iTTY1LjQzOCwxMi41Yy0zLjYyNiwwLTUuOTc2LTIuNjEyLTUuOTc2LTUuMzMxVjYuODMxYzAtMi43NjUsMi4zNTEtNS4zMyw1Ljk3Ni01LjMzDQoJCWMzLjY0MSwwLDUuOTksMi41NjUsNS45OSw1LjMzdjAuMzM5QzcxLjQyOCw5Ljg4OCw2OS4wNzksMTIuNSw2NS40MzgsMTIuNXogTTY5LjQ5Miw2Ljg2MWMwLTEuOTgtMS40NDQtMy43NDgtNC4wNTUtMy43NDgNCgkJcy00LjA0LDEuNzY4LTQuMDQsMy43NDh2MC4yNDZjMCwxLjk4MSwxLjQyOSwzLjc3OSw0LjA0LDMuNzc5czQuMDU1LTEuNzk4LDQuMDU1LTMuNzc5VjYuODYxeiIvPg0KCTxwYXRoIGZpbGw9IiM0NDQ0NDQiIGQ9Ik0yNC40OTgsMTIuMWwtMS4zNTItMi41MzVoLTYuMDA3TDE1LjgzNCwxMi4xaC0yLjAyOGw1LjUzMS0xMC4yM2gxLjU5N2w1LjYyMiwxMC4yM0gyNC40OThMMjQuNDk4LDEyLjF6DQoJCSBNMjAuMDksMy44NjZsLTIuMjI4LDQuMzAxaDQuNTMxTDIwLjA5LDMuODY2eiIvPg0KCTxwYXRoIGZpbGw9IiM0NDQ0NDQiIGQ9Ik0zNS4yODEsMTIuNWMtMy42NzEsMC01LjM3Ni0xLjk5Ni01LjM3Ni00LjY1NFYxLjg3aDEuOTA0djYuMDA2YzAsMS44OTEsMS4yNDUsMy4wMTMsMy42MSwzLjAxMw0KCQljMi40MjgsMCwzLjQyNi0xLjEyMiwzLjQyNi0zLjAxM1YxLjg3aDEuOTJ2NS45NzZDNDAuNzY3LDEwLjM4LDM5LjEzOCwxMi41LDM1LjI4MSwxMi41eiIvPg0KCTxwYXRoIGZpbGw9IiM0NDQ0NDQiIGQ9Ik01MS40NTgsMy40NjdWMTIuMWgtMS45MTlWMy40NjdoLTQuNDcxVjEuODdoMTAuODZ2MS41OThMNTEuNDU4LDMuNDY3TDUxLjQ1OCwzLjQ2N3oiLz4NCgk8cGF0aCBmaWxsPSIjNDQ0NDQ0IiBkPSJNODguNTQzLDEyLjFWNC4wMDRsLTAuNTA5LDAuODkxTDgzLjc0OSwxMi4xaC0wLjkzN2wtNC4yNC03LjIwNWwtMC41MDYtMC44OTFWMTIuMWgtMS44NzVWMS44N2gyLjY1OA0KCQlsNC4wNCw3LjAyMWwwLjQ3NiwwLjg2bDAuNDc3LTAuODZsMy45OTQtNy4wMjFoMi42MjdWMTIuMUg4OC41NDNMODguNTQzLDEyLjF6Ii8+DQoJPHBhdGggZmlsbD0iIzQ0NDQ0NCIgZD0iTTEwNC45NzgsMTIuMWwtMS4zNTItMi41MzVoLTYuMDA4TDk2LjMxMywxMi4xaC0yLjAyOGw1LjUzMS0xMC4yMzFoMS41OTlsNS42MjIsMTAuMjMxSDEwNC45Nzh6DQoJCSBNMTAwLjU3LDMuODY2bC0yLjIyOCw0LjMwMWg0LjUyOUwxMDAuNTcsMy44NjZ6Ii8+DQoJPHBhdGggZmlsbD0iIzQ0NDQ0NCIgZD0iTTExNC43NzgsMy40NjdWMTIuMWgtMS45MlYzLjQ2N2gtNC40N1YxLjg3aDEwLjg2djEuNTk4TDExNC43NzgsMy40NjdMMTE0Ljc3OCwzLjQ2N3oiLz4NCgk8cGF0aCBmaWxsPSIjNDQ0NDQ0IiBkPSJNMTI4Ljg2NiwzLjQ2N1YxMi4xaC0xLjkxOVYzLjQ2N2gtNC40NzJWMS44N2gxMC44NnYxLjU5OEwxMjguODY2LDMuNDY3TDEyOC44NjYsMy40Njd6Ii8+DQoJPHBhdGggZmlsbD0iIzQ0NDQ0NCIgZD0iTTEzOC4wNjcsMTIuMVYyLjgzN2MwLjc2OSwwLDEuMDc2LTAuNDE1LDEuMDc2LTAuOTY4aDAuODE0VjEyLjFIMTM4LjA2N0wxMzguMDY3LDEyLjF6Ii8+DQoJPHBhdGggZmlsbD0iIzQ0NDQ0NCIgZD0iTTE1NC45OTYsNC43NTdjLTAuOTIxLTAuODQ1LTIuMjc0LTEuNjQ0LTQuMTAyLTEuNjQ0Yy0yLjczMywwLTQuMjcsMS44NzUtNC4yNywzLjgyNXYwLjINCgkJYzAsMS45MzcsMS41NTEsMy43NDgsNC40MDgsMy43NDhjMS43MDUsMCwzLjExOC0wLjgxNCw0LjAwOS0xLjY0NGwxLjE1MiwxLjIxNWMtMS4xMjEsMS4xMDctMy4wMjYsMi4wNDMtNS4yODUsMi4wNDMNCgkJYy0zLjg3LDAtNi4yMjMtMi41MjEtNi4yMjMtNS4yODRWNi44NzdjMC0yLjc2NiwyLjU2Ni01LjM3Nyw2LjMxNC01LjM3N2MyLjE2NywwLDQuMTM2LDAuOTA2LDUuMTk0LDIuMDQzTDE1NC45OTYsNC43NTd6Ii8+DQoJPHBhdGggZmlsbD0iIzQ0NDQ0NCIgZD0iTTY2LjcwMiw1LjA2YzAuMzQ3LDAuMjI0LDAuNDQ0LDAuNjg3LDAuMjE5LDEuMDM3TDY1LjE2OSw4LjgxYy0wLjIyNSwwLjM0Ny0wLjY4OCwwLjQ0OC0xLjAzMywwLjIyOWwwLDANCgkJQzYzLjc5LDguODEyLDYzLjY5Miw4LjM1MSw2My45MTcsOGwxLjc1MS0yLjcxM0M2NS44OTMsNC45MzgsNjYuMzU1LDQuODM3LDY2LjcwMiw1LjA2TDY2LjcwMiw1LjA2eiIvPg0KPC9nPg0KPC9zdmc+DQo=');
-}
-
-#footer a:hover {
-	opacity: 1;
-}
-
-pre, code {
-	font: 14px/1.5 monospace;
-}
-
-.code {
-	display: block;
-	font: 14px/1.5 monospace;
-	width: 600px;
-	white-space: pre;
-	border: 1px solid #ccc;
-	padding: 10px;
-	overflow: auto;
-	min-height: 110px;
-}
-
-#iconlist .new, #iconlist .update {
-	position: relative;
-}
-
-#iconlist .new:after, #iconlist .update:after {
-	color: #e4c05c;
-	display: block;
-	content: "NEW";
-	font: bold 8px/1 sans-serif;
-	position: absolute;
-	top: 0px;
-	text-align: center;
-	z-index: 10;
-	width: 100%;
-}
-
-#iconlist .update:after {
-	content: "UPDATE";
-	left: -1px;
-}
-
-body.searching #iconlist span.update:after, body.searching #iconlist span.new:after {
-	display: none;
-}
-
-#search {
-	border: 0;
-	border-radius: 2px;
-	position: absolute;
-	right: 20px;
-	font: 11pt sans-serif;
-	padding: 10px;
-	top: 20px;
-	background: rgba(255,255,255,.8);
-}
-
-#search:focus {
-	background: #fff;
-	outline: none;
-}
-
-.genericon-404 {
-	display: none !important; /* This is an easter egg */
-}
-
-.genericon:after {
-	content: attr(alt);
-	display: block;
-	font-size: 9px;
-	color: #999;
-	text-align: center;
-}
-
-.hideUACs.genericon:after {
-	content: none;
-}
-
-
-@media only screen and ( max-width: 900px ) {
-
-	#glyph {
-		float: none;
-		width: 100%;
-	}
-
-	#glyph .info {
-		width: 30%;
-	}
-	#glyph .genericon {
-		width: 70%;
-	}
-
-	.description {
-		clear: both;
-		width: 100%;
-		background: none;
-		padding-left: 0;
-		float: none;
-	}
-
-}
-</style>
-<script type="text/javascript">
-/**
- * Example page JS
- */
-
-function copyToClipboard ( text, copyMode ) {
-	if ( copyMode == "css" ) {
-		window.prompt( "Copy this, then paste in your CSS :before selector.", text );
-	} else if ( copyMode == "html" ) {
-		window.prompt( "Copy this, then paste in your HTML.", text );
-	} else {
-		window.prompt( "Copy this, then paste in your Photoshop textfield.", text );
-	}
-}
-
-function pickRandomIcon() {
-	var divs = jQuery("#iconlist div").get().sort(function(){
-			return Math.round(Math.random())-0.5;
-		}).slice(0,1);
-
-	attr = jQuery(divs).attr('alt');
-	cssclass = jQuery(divs).attr('class');
-	displayGlyph( attr, cssclass );
-
-}
-
-function displayGlyph( attr, cssclass ) {
-
-	// set permalink
-	var permalink = cssclass.split(' genericon-')[1];
-	window.location.hash = permalink;
-
-	// css copy string
-	csstext = "content: \'\\" + attr + "';";
-
-	// html copy string
-	htmltext = '<span class="' + cssclass + '"></span>';
-
-	// glyph copy string
-	glyphtemp = "&#x" + attr + ";";
-	jQuery('#temp').html( glyphtemp );
-	glyphtext = jQuery('#temp').text();
-
-	// final output
-	output = '<div class="' + cssclass + '"></div>'
-	+ '<div class="info">'
-		+ '<strong>&larr; ' + cssclass.split( ' ' )[1] + '</strong>'
-		+ '<a href="javascript:copyToClipboard(csstext, \'css\')">Copy CSS</a>'
-		+ '<a href="javascript:copyToClipboard(htmltext, \'html\')">Copy HTML</a>'
-		+ '<a href="javascript:copyToClipboard(glyphtext)">Copy Glyph</a>'
-	+ '</div>';
-
-	jQuery( '#glyph' ).html( output );
-
-}
-
-function sortUnicode ( a, b ) {
-	var numberA = jQuery(a).attr('alt').replace('f', '');
-	var numberB = jQuery(b).attr('alt').replace('f', '');
-	var contentA =parseInt( numberA, 16 );
-	var contentB =parseInt( numberB, 16 );
-	return (contentA < contentB) ? -1 : (contentA > contentB) ? 1 : 0;
-}
-
-jQuery(document).ready(function() {
-
-	// pick random icon if no permalink, otherwise go to permalink
-	if ( window.location.hash ) {
-		permalink = "genericon-" + window.location.hash.split('#')[1];
-		attr = jQuery( '.' + permalink ).attr( 'alt' );
-		cssclass = jQuery( '.' + permalink ).attr('class');
-		displayGlyph( attr, cssclass );
-	} else {
-		pickRandomIcon();
-	}
-
-	jQuery( '#iconlist div' ).click(function() {
-
-		attr = jQuery( this ).attr( 'alt' );
-		cssclass = jQuery( this ).attr( 'class' );
-
-		displayGlyph( attr, cssclass );
-
-	});
-
-	var $rows = jQuery('#iconlist div');
-	jQuery('#search').keyup(function() {
-
-		// remove update text when using search
-		jQuery('body').addClass('searching');
-
-	    var val = jQuery.trim(jQuery(this).val()).replace(/ +/g, ' ').toLowerCase();
-
-	    $rows.show().filter(function() {
-	        var text = jQuery(this).text().replace(/\s+/g, ' ').toLowerCase();
-	        return !~text.indexOf(val);
-	    }).hide();
-	});
-
-	jQuery('input#search').focus();
-
-	// sort based on number
-	jQuery('#iconlist div').sort( sortUnicode ).appendTo('#iconlist');
-
-});
-
-function toggleUACs() {
-	jQuery('.genericon').toggleClass('hideUACs');
-}
-</script>
-</head>
-
-<body>
-
-<div id="main">
-
-	<div id="primary">
-		<div id="content">
-
-			<h2>Genericons <span>&mdash; A free, GPL, flexible icon font for blogs!</span></h2>
-
-			<input placeholder="Filter..." name="search" id="search" type="text" value="" maxlength="150" />
-
-			<div id="glyph">
-			</div>
-
-			<div class="description">
-				<p>Genericons are vector icons embedded in a webfont designed to be clean and simple keeping with a generic aesthetic. Use for instant HiDPI or to easily change colors on the fly.</p>
-			</div>
-
-		</div>
-	</div>
-
-	<div id="icons">
-		<div id="iconlist">
-
-			<!-- note, the text inside the HTML elements is purely for the seach -->
-
-			<div alt="f423" class="genericon genericon-404" title="genericon-404">404</div>
-
-			<div alt="f508" class="genericon genericon-activity" title="genericon-activity">activity</div>
-
-			<div alt="f509" class="genericon genericon-anchor" title="genericon-anchor">anchor</div>
-
-			<div alt="f101" class="genericon genericon-aside" title="genericon-aside">aside</div>
-
-			<div alt="f416" class="genericon genericon-attachment" title="genericon-attachment">attachment</div>
-
-			<div alt="f109" class="genericon genericon-audio" title="genericon-audio">audio</div>
-
-			<div alt="f471" class="genericon genericon-bold" title="genericon-bold">bold</div>
-
-			<div alt="f444" class="genericon genericon-book" title="genericon-book">book</div>
-
-			<div alt="f50a" class="genericon genericon-bug" title="genericon-bug">bug</div>
-
-			<div alt="f447" class="genericon genericon-cart" title="genericon-cart">cart</div>
-
-			<div alt="f301" class="genericon genericon-category" title="genericon-category">category</div>
-
-			<div alt="f108" class="genericon genericon-chat" title="genericon-chat">chat</div>
-
-			<div alt="f418" class="genericon genericon-checkmark" title="genericon-checkmark">checkmark</div>
-
-			<div alt="f405" class="genericon genericon-close" title="genericon-close">close</div>
-
-			<div alt="f406" class="genericon genericon-close-alt" title="genericon-close-alt">close-alt</div>
-
-			<div alt="f426" class="genericon genericon-cloud" title="genericon-cloud">cloud</div>
-
-			<div alt="f440" class="genericon genericon-cloud-download" title="genericon-cloud-download">cloud-download</div>
-
-			<div alt="f441" class="genericon genericon-cloud-upload" title="genericon-cloud-upload">cloud-upload</div>
-
-			<div alt="f462" class="genericon genericon-code" title="genericon-code">code</div>
-
-			<div alt="f216" class="genericon genericon-codepen" title="genericon-codepen">codepen</div>
-
-			<div alt="f445" class="genericon genericon-cog" title="genericon-cog">cog</div>
-
-			<div alt="f432" class="genericon genericon-collapse" title="genericon-collapse">collapse</div>
-
-			<div alt="f300" class="genericon genericon-comment" title="genericon-comment">comment</div>
-
-			<div alt="f305" class="genericon genericon-day" title="genericon-day">day</div>
-
-			<div alt="f221" class="genericon genericon-digg" title="genericon-digg">digg</div>
-
-			<div alt="f443" class="genericon genericon-document" title="genericon-document">document</div>
-
-			<div alt="f428" class="genericon genericon-dot" title="genericon-dot">dot</div>
-
-			<div alt="f502" class="genericon genericon-downarrow" title="genericon-downarrow">downarrow</div>
-
-			<div alt="f50b" class="genericon genericon-download" title="genericon-download">download</div>
-
-			<div alt="f436" class="genericon genericon-draggable" title="genericon-draggable">draggable</div>
-
-			<div alt="f201" class="genericon genericon-dribbble" title="genericon-dribbble">dribbble</div>
-
-			<div alt="f225" class="genericon genericon-dropbox" title="genericon-dropbox">dropbox</div>
-
-			<div alt="f433" class="genericon genericon-dropdown" title="genericon-dropdown">dropdown</div>
-
-			<div alt="f434" class="genericon genericon-dropdown-left" title="genericon-dropdown-left">dropdown-left</div>
-
-			<div alt="f411" class="genericon genericon-edit" title="genericon-edit">edit</div>
-
-			<div alt="f476" class="genericon genericon-ellipsis" title="genericon-ellipsis">ellipsis</div>
-
-			<div alt="f431" class="genericon genericon-expand" title="genericon-expand">expand</div>
-
-			<div alt="f442" class="genericon genericon-external" title="genericon-external">external</div>
-
-			<div alt="f203" class="genericon genericon-facebook" title="genericon-facebook">facebook</div>
-
-			<div alt="f204" class="genericon genericon-facebook-alt" title="genericon-facebook-alt">facebook-alt</div>
-
-			<div alt="f458" class="genericon genericon-fastforward" title="genericon-fastforward">fastforward</div>
-
-			<div alt="f413" class="genericon genericon-feed" title="genericon-feed">feed</div>
-
-			<div alt="f468" class="genericon genericon-flag" title="genericon-flag">flag</div>
-
-			<div alt="f211" class="genericon genericon-flickr" title="genericon-flickr">flickr</div>
-
-			<div alt="f226" class="genericon genericon-foursquare" title="genericon-foursquare">foursquare</div>
-
-			<div alt="f474" class="genericon genericon-fullscreen" title="genericon-fullscreen">fullscreen</div>
-
-			<div alt="f103" class="genericon genericon-gallery" title="genericon-gallery">gallery</div>
-
-			<div alt="f200" class="genericon genericon-github" title="genericon-github">github</div>
-
-			<div alt="f206" class="genericon genericon-googleplus" title="genericon-googleplus">googleplus</div>
-
-			<div alt="f218" class="genericon genericon-googleplus-alt" title="genericon-googleplus-alt">googleplus-alt</div>
-
-			<div alt="f50c" class="genericon genericon-handset" title="genericon-handset">handset</div>
-
-			<div alt="f461" class="genericon genericon-heart" title="genericon-heart">heart</div>
-
-			<div alt="f457" class="genericon genericon-help" title="genericon-help">help</div>
-
-			<div alt="f404" class="genericon genericon-hide" title="genericon-hide">hide</div>
-
-			<div alt="f505" class="genericon genericon-hierarchy" title="genericon-hierarchy">hierarchy</div>
-
-			<div alt="f409" class="genericon genericon-home" title="genericon-home">home</div>
-
-			<div alt="f102" class="genericon genericon-image" title="genericon-image">image</div>
-
-			<div alt="f455" class="genericon genericon-info" title="genericon-info">info</div>
-
-			<div alt="f215" class="genericon genericon-instagram" title="genericon-instagram">instagram</div>
-
-			<div alt="f472" class="genericon genericon-italic" title="genericon-italic">italic</div>
-
-			<div alt="f427" class="genericon genericon-key" title="genericon-key">key</div>
-
-			<div alt="f503" class="genericon genericon-leftarrow" title="genericon-leftarrow">leftarrow</div>
-
-			<div alt="f107" class="genericon genericon-link" title="genericon-link">link</div>
-
-			<div alt="f207" class="genericon genericon-linkedin" title="genericon-linkedin">linkedin</div>
-
-			<div alt="f208" class="genericon genericon-linkedin-alt" title="genericon-linkedin-alt">linkedin-alt</div>
-
-			<div alt="f417" class="genericon genericon-location" title="genericon-location">location</div>
-
-			<div alt="f470" class="genericon genericon-lock" title="genericon-lock">lock</div>
-
-			<div alt="f410" class="genericon genericon-mail" title="genericon-mail">mail</div>
-
-			<div alt="f422" class="genericon genericon-maximize" title="genericon-maximize">maximize</div>
-
-			<div alt="f419" class="genericon genericon-menu" title="genericon-menu">menu</div>
-
-			<div alt="f50d" class="genericon genericon-microphone" title="genericon-microphone">microphone</div>
-
-			<div alt="f421" class="genericon genericon-minimize" title="genericon-minimize">minimize</div>
-
-			<div alt="f50e" class="genericon genericon-minus" title="genericon-minus">minus</div>
-
-			<div alt="f307" class="genericon genericon-month" title="genericon-month">month</div>
-
-			<div alt="f50f" class="genericon genericon-move" title="genericon-move">move</div>
-
-			<div alt="f429" class="genericon genericon-next" title="genericon-next">next</div>
-
-			<div alt="f456" class="genericon genericon-notice" title="genericon-notice">notice</div>
-
-			<div alt="f506" class="genericon genericon-paintbrush" title="genericon-paintbrush">paintbrush</div>
-
-			<div alt="f219" class="genericon genericon-path" title="genericon-path">path</div>
-
-			<div alt="f448" class="genericon genericon-pause" title="genericon-pause">pause</div>
-
-			<div alt="f437" class="genericon genericon-phone" title="genericon-phone">phone</div>
-
-			<div alt="f473" class="genericon genericon-picture" title="genericon-picture">picture</div>
-
-			<div alt="f308" class="genericon genericon-pinned" title="genericon-pinned">pinned</div>
-
-			<div alt="f209" class="genericon genericon-pinterest" title="genericon-pinterest">pinterest</div>
-
-			<div alt="f210" class="genericon genericon-pinterest-alt" title="genericon-pinterest-alt">pinterest-alt</div>
-
-			<div alt="f452" class="genericon genericon-play" title="genericon-play">play</div>
-
-			<div alt="f439" class="genericon genericon-plugin" title="genericon-plugin">plugin</div>
-
-			<div alt="f510" class="genericon genericon-plus" title="genericon-plus">plus</div>
-
-			<div alt="f224" class="genericon genericon-pocket" title="genericon-pocket">pocket</div>
-
-			<div alt="f217" class="genericon genericon-polldaddy" title="genericon-polldaddy">polldaddy</div>
-
-			<div alt="f460" class="genericon genericon-portfolio" title="genericon-portfolio">portfolio</div>
-
-			<div alt="f430" class="genericon genericon-previous" title="genericon-previous">previous</div>
-
-			<div alt="f469" class="genericon genericon-print" title="genericon-print">print</div>
-
-			<div alt="f106" class="genericon genericon-quote" title="genericon-quote">quote</div>
-
-			<div alt="f511" class="genericon genericon-rating-empty" title="genericon-rating-empty">rating-empty</div>
-
-			<div alt="f512" class="genericon genericon-rating-full" title="genericon-rating-full">rating-full</div>
-
-			<div alt="f513" class="genericon genericon-rating-half" title="genericon-rating-half">rating-half</div>
-
-			<div alt="f222" class="genericon genericon-reddit" title="genericon-reddit">reddit</div>
-
-			<div alt="f420" class="genericon genericon-refresh" title="genericon-refresh">refresh</div>
-
-			<div alt="f412" class="genericon genericon-reply" title="genericon-reply">reply</div>
-
-			<div alt="f466" class="genericon genericon-reply-alt" title="genericon-reply-alt">reply-alt</div>
-
-			<div alt="f467" class="genericon genericon-reply-single" title="genericon-reply-single">reply-single</div>
-
-			<div alt="f459" class="genericon genericon-rewind" title="genericon-rewind">rewind</div>
-
-			<div alt="f501" class="genericon genericon-rightarrow" title="genericon-rightarrow">rightarrow</div>
-
-			<div alt="f400" class="genericon genericon-search" title="genericon-search">search</div>
-
-			<div alt="f438" class="genericon genericon-send-to-phone" title="genericon-send-to-phone">send-to-phone</div>
-
-			<div alt="f454" class="genericon genericon-send-to-tablet" title="genericon-send-to-tablet">send-to-tablet</div>
-
-			<div alt="f415" class="genericon genericon-share" title="genericon-share">share</div>
-
-			<div alt="f403" class="genericon genericon-show" title="genericon-show">show</div>
-
-			<div alt="f514" class="genericon genericon-shuffle" title="genericon-shuffle">shuffle</div>
-
-			<div alt="f507" class="genericon genericon-sitemap" title="genericon-sitemap">sitemap</div>
-
-			<div alt="f451" class="genericon genericon-skip-ahead" title="genericon-skip-ahead">skip-ahead</div>
-
-			<div alt="f450" class="genericon genericon-skip-back" title="genericon-skip-back">skip-back</div>
-
-			<div alt="f220" class="genericon genericon-skype" title="genericon-skype">skype</div>
-
-			<div alt="f424" class="genericon genericon-spam" title="genericon-spam">spam</div>
-
-			<div alt="f515" class="genericon genericon-spotify" title="genericon-spotify">spotify</div>
-
-			<div alt="f100" class="genericon genericon-standard" title="genericon-standard">standard</div>
-
-			<div alt="f408" class="genericon genericon-star" title="genericon-star">star</div>
-
-			<div alt="f105" class="genericon genericon-status" title="genericon-status">status</div>
-
-			<div alt="f449" class="genericon genericon-stop" title="genericon-stop">stop</div>
-
-			<div alt="f223" class="genericon genericon-stumbleupon" title="genericon-stumbleupon">stumbleupon</div>
-
-			<div alt="f463" class="genericon genericon-subscribe" title="genericon-subscribe">subscribe</div>
-
-			<div alt="f465" class="genericon genericon-subscribed" title="genericon-subscribed">subscribed</div>
-
-			<div alt="f425" class="genericon genericon-summary" title="genericon-summary">summary</div>
-
-			<div alt="f453" class="genericon genericon-tablet" title="genericon-tablet">tablet</div>
-
-			<div alt="f302" class="genericon genericon-tag" title="genericon-tag">tag</div>
-
-			<div alt="f303" class="genericon genericon-time" title="genericon-time">time</div>
-
-			<div alt="f435" class="genericon genericon-top" title="genericon-top">top</div>
-
-			<div alt="f407" class="genericon genericon-trash" title="genericon-trash">trash</div>
-
-			<div alt="f214" class="genericon genericon-tumblr" title="genericon-tumblr">tumblr</div>
-
-			<div alt="f516" class="genericon genericon-twitch" title="genericon-twitch">twitch</div>
-
-			<div alt="f202" class="genericon genericon-twitter" title="genericon-twitter">twitter</div>
-
-			<div alt="f446" class="genericon genericon-unapprove" title="genericon-unapprove">unapprove</div>
-
-			<div alt="f464" class="genericon genericon-unsubscribe" title="genericon-unsubscribe">unsubscribe</div>
-
-			<div alt="f401" class="genericon genericon-unzoom" title="genericon-unzoom">unzoom</div>
-
-			<div alt="f500" class="genericon genericon-uparrow" title="genericon-uparrow">uparrow</div>
-
-			<div alt="f304" class="genericon genericon-user" title="genericon-user">user</div>
-
-			<div alt="f104" class="genericon genericon-video" title="genericon-video">video</div>
-
-			<div alt="f517" class="genericon genericon-videocamera" title="genericon-videocamera">videocamera</div>
-
-			<div alt="f212" class="genericon genericon-vimeo" title="genericon-vimeo">vimeo</div>
-
-			<div alt="f414" class="genericon genericon-warning" title="genericon-warning">warning</div>
-
-			<div alt="f475" class="genericon genericon-website" title="genericon-website">website</div>
-
-			<div alt="f306" class="genericon genericon-week" title="genericon-week">week</div>
-
-			<div alt="f205" class="genericon genericon-wordpress" title="genericon-wordpress">wordpress</div>
-
-			<div alt="f504" class="genericon genericon-xpost" title="genericon-xpost">xpost</div>
-
-			<div alt="f213" class="genericon genericon-youtube" title="genericon-youtube">youtube</div>
-
-			<div alt="f402" class="genericon genericon-zoom" title="genericon-zoom">zoom</div>
-
-
-		</div>
-
-		<div id="temp" style="display: none;"></div>
-
-	</div>
-
-	<div id="footer">
-
-		<p>An <a href="http://automattic.com" rel="nofollow">Automattic</a> Portrayal</p>
-		<p>No designers were harmed in the making of this icon font.</p>
-
-
-	</div>
-
-</div>
-
-</body>
-</html>

wp-content/themes/twentyfourteen/genericons/example.html

@@ -1,464 +0,0 @@
-<!DOCTYPE html>
-<html dir="ltr" lang="en">
-<head>
-<title>Genericons</title>
-<link rel="stylesheet" href="genericons.css">
-<style type="text/css">
-body {
-	font-family: sans-serif;
-	line-height: 1.5;
-	width: 800px;
-	margin: 50px auto;
-	color: #777;
-	background: white;
-}
-.icons {
-	overflow: hidden;
-	padding: 10px 0;
-}
-.icons div {
-	cursor: pointer;
-	float: left;
-	margin: 0 30px 30px 0;
-}
-.icons:hover div {
-	background: #f7f7f7;
-}
-.code {
-        display: block;
-        font: 14px/1.5 monospace;
-        width: 740px;
-        white-space: pre;
-        border: 1px solid #ccc;
-        padding: 10px;
-        color: #777;
-        overflow: auto;
-}
-.my-icon:before {
-	content: '\f408';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/1 'Genericons';
-        vertical-align: middle;
-}
-/* For the Examples */
-.my-checklist {
-	list-style-type: none;
-	text-indent: -16px;
-}
-.my-checklist li:before {
-	padding-right: 16px;
-	content: '\f418';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: text-top;
-}
-.my-blockquote {
-	background: #eee;
-	border-left: 32px solid #ddd;
-	padding: 10px;
-}
-.my-blockquote:before {
-	margin-left: -42px;
-	padding-right: 10px;
-        content: '\f106';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/20px 'Genericons';
-        vertical-align: bottom;
-}
-.my-button {
-	font-family: Helvetica, sans-serif;
-	font-size: 14px;
-	background: #e05d22; /* Old browsers */
-	background: -webkit-linear-gradient(top, #e05d22 0%, #d94412 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #e05d22 0%, #d94412 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #e05d22 0%, #d94412 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #e05d22 0%, #d94412 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #e05d22 0%, #d94412 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#e05d22', endColorstr='#d94412', GradientType=0); /* IE6-9 */
-	display: inline-block;
-	padding: 10px 16px 4px 16px;
-	color: #fff;
-	text-decoration: none;
-	border: none;
-	border-bottom: 3px solid #b93207;
-	border-radius: 2px;
-}
-.my-button:hover,
-.my-button:focus {
-	background: #ed6a31; /* Old browsers */
-	background: -webkit-linear-gradient(top, #ed6a31 0%, #e55627 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #ed6a31 0%, #e55627 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #ed6a31 0%, #e55627 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #ed6a31 0%, #e55627 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #ed6a31 0%, #e55627 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ed6a31', endColorstr='#e55627', GradientType=0); /* IE6-9 */
-	outline: none;
-}
-.my-button:active {
-	background: #d94412; /* Old browsers */
-	background: -webkit-linear-gradient(top, #d94412 0%, #e05d22 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #d94412 0%, #e05d22 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #d94412 0%, #e05d22 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #d94412 0%, #e05d22 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #d94412 0%, #e05d22 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#d94412', endColorstr='#e05d22', GradientType=0); /* IE6-9 */
-	border: none;
-	border-top: 3px solid #b93207;
-	padding: 6px 16px 7px 16px;
-}
-</style>
-</head>
-<body>
-
-<div class="section">
-
-	<h1>Genericons Usage</h1>
-
-	<p>Copy the <strong>font</strong> folder and the <strong>genericons.css</strong> file together into your project. Link the CSS in your HTML:</p>
-
-	<p><code>&lt;link href="path/to/genericons.css" rel="stylesheet"&gt;</code></p>
-
-	<p>Drop in the following HTML with the name of the icon you want to display:</p>
-
-	<p><code>&lt;div class="genericon genericon-standard"&gt;&lt;/div&gt;</code></p>
-
-	<div class="icons">
-	
-		<!-- post formats -->
-		<div alt="f100" class="genericon genericon-standard"></div>
-		<div alt="f101" class="genericon genericon-aside"></div>
-		<div alt="f102" class="genericon genericon-image"></div>
-		<div alt="f103" class="genericon genericon-gallery"></div>
-		<div alt="f104" class="genericon genericon-video"></div>
-		<div alt="f105" class="genericon genericon-status"></div>
-		<div alt="f106" class="genericon genericon-quote"></div>
-		<div alt="f107" class="genericon genericon-link"></div>
-		<div alt="f108" class="genericon genericon-chat"></div>
-		<div alt="f109" class="genericon genericon-audio"></div>
-
-		<!-- social icons -->
-		<div alt="f200" class="genericon genericon-github"></div>
-		<div alt="f201" class="genericon genericon-dribbble"></div>
-		<div alt="f202" class="genericon genericon-twitter"></div>
-		<div alt="f203" class="genericon genericon-facebook"></div>
-		<div alt="f204" class="genericon genericon-facebook-alt"></div>
-		<div alt="f205" class="genericon genericon-wordpress"></div>
-		<div alt="f206" class="genericon genericon-googleplus"></div>
-		<div alt="f207" class="genericon genericon-linkedin"></div>
-		<div alt="f208" class="genericon genericon-linkedin-alt"></div>
-		<div alt="f209" class="genericon genericon-pinterest"></div>
-		<div alt="f210" class="genericon genericon-pinterest-alt"></div>
-		<div alt="f211" class="genericon genericon-flickr"></div>
-		<div alt="f212" class="genericon genericon-vimeo"></div>
-		<div alt="f213" class="genericon genericon-youtube"></div>
-		<div alt="f214" class="genericon genericon-tumblr"></div>
-		<div alt="f215" class="genericon genericon-instagram"></div>
-		<div alt="f216" class="genericon genericon-codepen"></div>
-		<div alt="f217" class="genericon genericon-polldaddy"></div>
-		<div alt="f218" class="genericon genericon-googleplus-alt"></div>
-		<div alt="f219" class="genericon genericon-path"></div>
-		<div alt="f220" class="genericon genericon-skype"></div>
-		<div alt="f221" class="genericon genericon-digg"></div>
-		<div alt="f222" class="genericon genericon-reddit"></div>
-		<div alt="f223" class="genericon genericon-stumbleupon"></div>
-		<div alt="f224" class="genericon genericon-pocket"></div>
-		<div alt="f225" class="genericon genericon-dropbox"></div>
-
-		<!-- meta icons -->
-		<div alt="f300" class="genericon genericon-comment"></div>
-		<div alt="f301" class="genericon genericon-category"></div>
-		<div alt="f302" class="genericon genericon-tag"></div>
-		<div alt="f303" class="genericon genericon-time"></div>
-		<div alt="f304" class="genericon genericon-user"></div>
-		<div alt="f305" class="genericon genericon-day"></div>
-		<div alt="f306" class="genericon genericon-week"></div>
-		<div alt="f307" class="genericon genericon-month"></div>
-		<div alt="f308" class="genericon genericon-pinned"></div>
-
-		<!-- other icons -->
-		<div alt="f400" class="genericon genericon-search"></div>
-		<div alt="f401" class="genericon genericon-unzoom"></div>
-		<div alt="f402" class="genericon genericon-zoom"></div>
-		<div alt="f403" class="genericon genericon-show"></div>
-		<div alt="f404" class="genericon genericon-hide"></div>
-		<div alt="f405" class="genericon genericon-close"></div>
-		<div alt="f406" class="genericon genericon-close-alt"></div>
-		<div alt="f407" class="genericon genericon-trash"></div>
-		<div alt="f408" class="genericon genericon-star"></div>
-		<div alt="f409" class="genericon genericon-home"></div>
-		<div alt="f410" class="genericon genericon-mail"></div>
-		<div alt="f411" class="genericon genericon-edit"></div>
-		<div alt="f412" class="genericon genericon-reply"></div>
-		<div alt="f413" class="genericon genericon-feed"></div>
-		<div alt="f414" class="genericon genericon-warning"></div>
-		<div alt="f415" class="genericon genericon-share"></div>
-		<div alt="f416" class="genericon genericon-attachment"></div>
-		<div alt="f417" class="genericon genericon-location"></div>
-		<div alt="f418" class="genericon genericon-checkmark"></div>
-		<div alt="f419" class="genericon genericon-menu"></div>
-		<div alt="f420" class="genericon genericon-refresh"></div>
-		<div alt="f421" class="genericon genericon-minimize"></div>
-		<div alt="f422" class="genericon genericon-maximize"></div>
-		<div alt="f423" class="genericon genericon-404"></div>
-		<div alt="f424" class="genericon genericon-spam"></div>
-		<div alt="f425" class="genericon genericon-summary"></div>
-		<div alt="f426" class="genericon genericon-cloud"></div>
-		<div alt="f427" class="genericon genericon-key"></div>
-		<div alt="f428" class="genericon genericon-dot"></div>
-		<div alt="f429" class="genericon genericon-next"></div>
-		<div alt="f430" class="genericon genericon-previous"></div>
-		<div alt="f431" class="genericon genericon-expand"></div>
-		<div alt="f432" class="genericon genericon-collapse"></div>
-		<div alt="f433" class="genericon genericon-dropdown"></div>
-		<div alt="f434" class="genericon genericon-dropdown-left"></div>
-		<div alt="f435" class="genericon genericon-top"></div>
-		<div alt="f436" class="genericon genericon-draggable"></div>
-		<div alt="f437" class="genericon genericon-phone"></div>
-		<div alt="f438" class="genericon genericon-send-to-phone"></div>
-		<div alt="f439" class="genericon genericon-plugin"></div>
-		<div alt="f440" class="genericon genericon-cloud-download"></div>
-		<div alt="f441" class="genericon genericon-cloud-upload"></div>
-		<div alt="f442" class="genericon genericon-external"></div>
-		<div alt="f443" class="genericon genericon-document"></div>
-		<div alt="f444" class="genericon genericon-book"></div>
-		<div alt="f445" class="genericon genericon-cog"></div>
-		<div alt="f446" class="genericon genericon-unapprove"></div>
-		<div alt="f447" class="genericon genericon-cart"></div>
-		<div alt="f448" class="genericon genericon-pause"></div>
-		<div alt="f449" class="genericon genericon-stop"></div>
-		<div alt="f450" class="genericon genericon-skip-back"></div>
-		<div alt="f451" class="genericon genericon-skip-ahead"></div>
-		<div alt="f452" class="genericon genericon-play"></div>
-		<div alt="f453" class="genericon genericon-tablet"></div>
-		<div alt="f454" class="genericon genericon-send-to-tablet"></div>
-		<div alt="f455" class="genericon genericon-info"></div>
-		<div alt="f456" class="genericon genericon-notice"></div>
-		<div alt="f457" class="genericon genericon-help"></div>
-		<div alt="f458" class="genericon genericon-fastforward"></div>
-		<div alt="f459" class="genericon genericon-rewind"></div>
-		<div alt="f460" class="genericon genericon-portfolio"></div>
-		<div alt="f461" class="genericon genericon-heart"></div>
-		<div alt="f462" class="genericon genericon-code"></div>
-		<div alt="f463" class="genericon genericon-subscribe"></div>
-		<div alt="f464" class="genericon genericon-unsubscribe"></div>
-		<div alt="f465" class="genericon genericon-subscribed"></div>
-		<div alt="f466" class="genericon genericon-reply-alt"></div>
-		<div alt="f467" class="genericon genericon-reply-single"></div>
-		<div alt="f468" class="genericon genericon-flag"></div>
-		<div alt="f469" class="genericon genericon-print"></div>
-		<div alt="f470" class="genericon genericon-lock"></div>
-		<div alt="f471" class="genericon genericon-bold"></div>
-		<div alt="f472" class="genericon genericon-italic"></div>
-		<div alt="f473" class="genericon genericon-picture"></div>
-		<div alt="f474" class="genericon genericon-fullscreen"></div>
-
-		<!-- generic shapes -->
-		<div alt="f500" class="genericon genericon-uparrow"></div>
-		<div alt="f501" class="genericon genericon-rightarrow"></div>
-		<div alt="f502" class="genericon genericon-downarrow"></div>
-		<div alt="f503" class="genericon genericon-leftarrow"></div>
-
-	</div>
-
-	<p>If you want to insert an icon manually using the <code>:before</code> selector, you can setup CSS rules like the following example. <strong>Make sure to set the size to a multiple of 16px</strong> or the icons could end up looking fuzzy:</p>
-
-<p><textarea class="code" style="min-height: 150px;" onclick="select();">.my-icon:before {
-	content: '\f408';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/1 'Genericons';
-        vertical-align: middle;
-}</textarea></p>
-
-	<p>Add a matching class to your HTML:</p>
-
-	<p><code>&lt;div class="my-icon"&gt;You're a Star!&lt;/div&gt;</code></p>
-
-	<p>Here's the result: <span class="my-icon">You're a Star!</span></p>
-
-	<h2>Examples</h2>
-
-	<p>Turn every icon a <span style="color: #fa8072;">Salmon</span> color:</p>
-
-<p><textarea class="code" style="min-height: 70px" onclick="select();">
-.genericon {
-	color: #fa8072;
-}</textarea></p>
-
-	<p>Or turn the stars <span style="color: #ffd700;">Gold</span>:</p>
-
-<p><textarea class="code" style="min-height: 70px" onclick="select();">
-.genericon-star {
-	color: #fa8072;
-}</textarea></p>
-
-	<p>Use icons for bulleted lists:</p>
-
-	<ul class="my-checklist">
-		<li>One</li>
-		<li>Two</li>
-		<li>Three</li>
-		<li>Four</li>
-	</ul>
-
-<p><textarea class="code" style="min-height: 130px" onclick="select();">
-<ul class="my-checklist">
-	<li>One</li>
-	<li>Two</li>
-	<li>Three</li>
-	<li>Four</li>
-</ul></textarea></p>
-
-<p><textarea class="code" style="min-height: 260px;" onclick="select();">
-.my-checklist {
-	list-style-type: none;
-	text-indent: -16px;
-}
-.my-checklist li:before {
-	padding-right: 16px;
-	content: '\f418';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: text-top;
-}</textarea></p>
-
-	<p>Use icons to style blockquotes:</p>
-
-	<blockquote class="my-blockquote">Sometimes I've believed as many as six impossible things before breakfast. &mdash;<em>Lewis Carroll</em></blockquote>
-	<blockquote class="my-blockquote">`Twas brillig, and the slithy toves Did gyre and gimble in the wabe: All mimsy were the borogoves, And the mome raths outgrabe. "Beware the Jabberwock, my son!  The jaws that bite, the claws that catch!  Beware the Jubjub bird, and shun The frumious Bandersnatch!"</blockquote>
-
-<p><textarea class="code" style="min-height: 40px;" onclick="select();"><blockquote class="my-blockquote">Sometimes I've believed as many as six impossible things before breakfast. &mdash;<em>Lewis Carroll</em></blockquote></textarea></p>
-
-<p><textarea class="code" style="min-height: 300px;" onclick="select();">
-.my-blockquote {
-	background: #eee;
-	border-left: 32px solid #ddd;
-	padding: 10px;
-}
-.my-blockquote:before {
-	margin-left: -42px;
-	padding-right: 10px;
-        content: '\f106';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/20px 'Genericons';
-        vertical-align: bottom;
-} </textarea></p>
-
-	<p>Use icons to style buttons:</p>
-
-	<a class="my-button" href="javascript:void()"><i class="genericon genericon-show"></i> View</a>
-	<a class="my-button" href="javascript:void()"><i class="genericon genericon-audio"></i> Listen</a>
-
-<p><textarea class="code" style="min-height: 40px;" onclick="select();"><a class="my-button" href="#"><i class="genericon genericon-show"></i> View</a>
-<a class="my-button" href="#"><i class="genericon genericon-audio"></i> Listen</a></textarea></p>
-
-<p><textarea class="code" style="min-height: 300px;" onclick="select();">
-.my-button {
-	font-family: Helvetica, sans-serif;
-	background: #e05d22; /* Old browsers */
-	background: -webkit-linear-gradient(top, #e05d22 0%, #d94412 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #e05d22 0%, #d94412 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #e05d22 0%, #d94412 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #e05d22 0%, #d94412 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #e05d22 0%, #d94412 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#e05d22', endColorstr='#d94412', GradientType=0); /* IE6-9 */
-	display: inline-block;
-	padding: 10px 16px 6px 16px;
-	color: #fff;
-	text-decoration: none;
-	border: none;
-	border-bottom: 3px solid #b93207;
-	border-radius: 2px;
-}
-
-.my-button:hover,
-.my-button:focus {
-	background: #ed6a31; /* Old browsers */
-	background: -webkit-linear-gradient(top, #ed6a31 0%, #e55627 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #ed6a31 0%, #e55627 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #ed6a31 0%, #e55627 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #ed6a31 0%, #e55627 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #ed6a31 0%, #e55627 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ed6a31', endColorstr='#e55627', GradientType=0); /* IE6-9 */
-	outline: none;
-}
-
-.my-button:active {
-	background: #d94412; /* Old browsers */
-	background: -webkit-linear-gradient(top, #d94412 0%, #e05d22 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #d94412 0%, #e05d22 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #d94412 0%, #e05d22 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #d94412 0%, #e05d22 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #d94412 0%, #e05d22 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#d94412', endColorstr='#e05d22', GradientType=0); /* IE6-9 */
-	border: none;
-	border-top: 3px solid #b93207;
-	padding: 6px 16px 10px 16px;
-}</textarea>/</p>
-
-	<h2>CSS Preprocessors</h2>
-
-	<p>Preprocessing extensions such as Sass (SCSS Syntax) or LESS</a> can make it easier to manage CSS for a lot of things at once using things like variables and mixins.</p>
-
-	<p>This example will seup the basic genericon rules and sets a color you can use for all icons using Sass:</p>
-
-<p><textarea class="code" style="min-height: 360px;" onclick="select();">$icon-color: "#fa8072";
-
-.genericon {
-        color: $icon-color;
-}
-
-@mixin genericon-rules {
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: middle;
-}
-
-.my-icon:before {
-	content: '\f408';
-        @include genericon-rules;
-}</textarea></p>
-
-	<p>Here is a similar example for LESS:</p>
-
-<p><textarea class="code" style="min-height: 360px;" onclick="select();">@icon-color: "#fa8072";
-
-.genericon {
-        color: @icon-color;
-}
-
-.genericon-rules {
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: middle;
-}
-
-.my-icon:before {
-	content: '\f408';
-        .genericon-rules;
-}</textarea></p>
-
-	<h2>Fallback images for IE7 and below</h2>
-
-	<p>Genericons <strong>does not come with fallback icons by default</strong> -- therefore you have to create them yourself. If you are using HTML similar to this example:
-
-	<p><code>&lt;span class="genericon genericon-warning"&gt;&lt;/span&gt;</code></p>
-
-	<p>You can use the asterisk hack to serve a different icon to IE7 once you have saved the fallback icons to your project:</p>
-
-<textarea class="code" style="min-height: 85px;" onclick="select();">.genericon-warning {
-        *background: url(fallback-icon.png) no-repeat center center;
-        *text-indent: 100%;
-}</textarea>
-
-</div>
-
-</body>
-</html>

wp-content/themes/twentythirteen/genericons/example.html

@@ -1,464 +0,0 @@
-<!DOCTYPE html>
-<html dir="ltr" lang="en">
-<head>
-<title>Genericons</title>
-<link rel="stylesheet" href="genericons.css">
-<style type="text/css">
-body {
-	font-family: sans-serif;
-	line-height: 1.5;
-	width: 800px;
-	margin: 50px auto;
-	color: #777;
-	background: white;
-}
-.icons {
-	overflow: hidden;
-	padding: 10px 0;
-}
-.icons div {
-	cursor: pointer;
-	float: left;
-	margin: 0 30px 30px 0;
-}
-.icons:hover div {
-	background: #f7f7f7;
-}
-.code {
-        display: block;
-        font: 14px/1.5 monospace;
-        width: 740px;
-        white-space: pre;
-        border: 1px solid #ccc;
-        padding: 10px;
-        color: #777;
-        overflow: auto;
-}
-.my-icon:before {
-	content: '\f408';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/1 'Genericons';
-        vertical-align: middle;
-}
-/* For the Examples */
-.my-checklist {
-	list-style-type: none;
-	text-indent: -16px;
-}
-.my-checklist li:before {
-	padding-right: 16px;
-	content: '\f418';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: text-top;
-}
-.my-blockquote {
-	background: #eee;
-	border-left: 32px solid #ddd;
-	padding: 10px;
-}
-.my-blockquote:before {
-	margin-left: -42px;
-	padding-right: 10px;
-        content: '\f106';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/20px 'Genericons';
-        vertical-align: bottom;
-}
-.my-button {
-	font-family: Helvetica, sans-serif;
-	font-size: 14px;
-	background: #e05d22; /* Old browsers */
-	background: -webkit-linear-gradient(top, #e05d22 0%, #d94412 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #e05d22 0%, #d94412 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #e05d22 0%, #d94412 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #e05d22 0%, #d94412 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #e05d22 0%, #d94412 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#e05d22', endColorstr='#d94412', GradientType=0); /* IE6-9 */
-	display: inline-block;
-	padding: 10px 16px 4px 16px;
-	color: #fff;
-	text-decoration: none;
-	border: none;
-	border-bottom: 3px solid #b93207;
-	border-radius: 2px;
-}
-.my-button:hover,
-.my-button:focus {
-	background: #ed6a31; /* Old browsers */
-	background: -webkit-linear-gradient(top, #ed6a31 0%, #e55627 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #ed6a31 0%, #e55627 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #ed6a31 0%, #e55627 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #ed6a31 0%, #e55627 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #ed6a31 0%, #e55627 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ed6a31', endColorstr='#e55627', GradientType=0); /* IE6-9 */
-	outline: none;
-}
-.my-button:active {
-	background: #d94412; /* Old browsers */
-	background: -webkit-linear-gradient(top, #d94412 0%, #e05d22 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #d94412 0%, #e05d22 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #d94412 0%, #e05d22 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #d94412 0%, #e05d22 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #d94412 0%, #e05d22 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#d94412', endColorstr='#e05d22', GradientType=0); /* IE6-9 */
-	border: none;
-	border-top: 3px solid #b93207;
-	padding: 6px 16px 7px 16px;
-}
-</style>
-</head>
-<body>
-
-<div class="section">
-
-	<h1>Genericons Usage</h1>
-
-	<p>Copy the <strong>font</strong> folder and the <strong>genericons.css</strong> file together into your project. Link the CSS in your HTML:</p>
-
-	<p><code>&lt;link href="path/to/genericons.css" rel="stylesheet"&gt;</code></p>
-
-	<p>Drop in the following HTML with the name of the icon you want to display:</p>
-
-	<p><code>&lt;div class="genericon genericon-standard"&gt;&lt;/div&gt;</code></p>
-
-	<div class="icons">
-	
-		<!-- post formats -->
-		<div alt="f100" class="genericon genericon-standard"></div>
-		<div alt="f101" class="genericon genericon-aside"></div>
-		<div alt="f102" class="genericon genericon-image"></div>
-		<div alt="f103" class="genericon genericon-gallery"></div>
-		<div alt="f104" class="genericon genericon-video"></div>
-		<div alt="f105" class="genericon genericon-status"></div>
-		<div alt="f106" class="genericon genericon-quote"></div>
-		<div alt="f107" class="genericon genericon-link"></div>
-		<div alt="f108" class="genericon genericon-chat"></div>
-		<div alt="f109" class="genericon genericon-audio"></div>
-
-		<!-- social icons -->
-		<div alt="f200" class="genericon genericon-github"></div>
-		<div alt="f201" class="genericon genericon-dribbble"></div>
-		<div alt="f202" class="genericon genericon-twitter"></div>
-		<div alt="f203" class="genericon genericon-facebook"></div>
-		<div alt="f204" class="genericon genericon-facebook-alt"></div>
-		<div alt="f205" class="genericon genericon-wordpress"></div>
-		<div alt="f206" class="genericon genericon-googleplus"></div>
-		<div alt="f207" class="genericon genericon-linkedin"></div>
-		<div alt="f208" class="genericon genericon-linkedin-alt"></div>
-		<div alt="f209" class="genericon genericon-pinterest"></div>
-		<div alt="f210" class="genericon genericon-pinterest-alt"></div>
-		<div alt="f211" class="genericon genericon-flickr"></div>
-		<div alt="f212" class="genericon genericon-vimeo"></div>
-		<div alt="f213" class="genericon genericon-youtube"></div>
-		<div alt="f214" class="genericon genericon-tumblr"></div>
-		<div alt="f215" class="genericon genericon-instagram"></div>
-		<div alt="f216" class="genericon genericon-codepen"></div>
-		<div alt="f217" class="genericon genericon-polldaddy"></div>
-		<div alt="f218" class="genericon genericon-googleplus-alt"></div>
-		<div alt="f219" class="genericon genericon-path"></div>
-		<div alt="f220" class="genericon genericon-skype"></div>
-		<div alt="f221" class="genericon genericon-digg"></div>
-		<div alt="f222" class="genericon genericon-reddit"></div>
-		<div alt="f223" class="genericon genericon-stumbleupon"></div>
-		<div alt="f224" class="genericon genericon-pocket"></div>
-		<div alt="f225" class="genericon genericon-dropbox"></div>
-
-		<!-- meta icons -->
-		<div alt="f300" class="genericon genericon-comment"></div>
-		<div alt="f301" class="genericon genericon-category"></div>
-		<div alt="f302" class="genericon genericon-tag"></div>
-		<div alt="f303" class="genericon genericon-time"></div>
-		<div alt="f304" class="genericon genericon-user"></div>
-		<div alt="f305" class="genericon genericon-day"></div>
-		<div alt="f306" class="genericon genericon-week"></div>
-		<div alt="f307" class="genericon genericon-month"></div>
-		<div alt="f308" class="genericon genericon-pinned"></div>
-
-		<!-- other icons -->
-		<div alt="f400" class="genericon genericon-search"></div>
-		<div alt="f401" class="genericon genericon-unzoom"></div>
-		<div alt="f402" class="genericon genericon-zoom"></div>
-		<div alt="f403" class="genericon genericon-show"></div>
-		<div alt="f404" class="genericon genericon-hide"></div>
-		<div alt="f405" class="genericon genericon-close"></div>
-		<div alt="f406" class="genericon genericon-close-alt"></div>
-		<div alt="f407" class="genericon genericon-trash"></div>
-		<div alt="f408" class="genericon genericon-star"></div>
-		<div alt="f409" class="genericon genericon-home"></div>
-		<div alt="f410" class="genericon genericon-mail"></div>
-		<div alt="f411" class="genericon genericon-edit"></div>
-		<div alt="f412" class="genericon genericon-reply"></div>
-		<div alt="f413" class="genericon genericon-feed"></div>
-		<div alt="f414" class="genericon genericon-warning"></div>
-		<div alt="f415" class="genericon genericon-share"></div>
-		<div alt="f416" class="genericon genericon-attachment"></div>
-		<div alt="f417" class="genericon genericon-location"></div>
-		<div alt="f418" class="genericon genericon-checkmark"></div>
-		<div alt="f419" class="genericon genericon-menu"></div>
-		<div alt="f420" class="genericon genericon-refresh"></div>
-		<div alt="f421" class="genericon genericon-minimize"></div>
-		<div alt="f422" class="genericon genericon-maximize"></div>
-		<div alt="f423" class="genericon genericon-404"></div>
-		<div alt="f424" class="genericon genericon-spam"></div>
-		<div alt="f425" class="genericon genericon-summary"></div>
-		<div alt="f426" class="genericon genericon-cloud"></div>
-		<div alt="f427" class="genericon genericon-key"></div>
-		<div alt="f428" class="genericon genericon-dot"></div>
-		<div alt="f429" class="genericon genericon-next"></div>
-		<div alt="f430" class="genericon genericon-previous"></div>
-		<div alt="f431" class="genericon genericon-expand"></div>
-		<div alt="f432" class="genericon genericon-collapse"></div>
-		<div alt="f433" class="genericon genericon-dropdown"></div>
-		<div alt="f434" class="genericon genericon-dropdown-left"></div>
-		<div alt="f435" class="genericon genericon-top"></div>
-		<div alt="f436" class="genericon genericon-draggable"></div>
-		<div alt="f437" class="genericon genericon-phone"></div>
-		<div alt="f438" class="genericon genericon-send-to-phone"></div>
-		<div alt="f439" class="genericon genericon-plugin"></div>
-		<div alt="f440" class="genericon genericon-cloud-download"></div>
-		<div alt="f441" class="genericon genericon-cloud-upload"></div>
-		<div alt="f442" class="genericon genericon-external"></div>
-		<div alt="f443" class="genericon genericon-document"></div>
-		<div alt="f444" class="genericon genericon-book"></div>
-		<div alt="f445" class="genericon genericon-cog"></div>
-		<div alt="f446" class="genericon genericon-unapprove"></div>
-		<div alt="f447" class="genericon genericon-cart"></div>
-		<div alt="f448" class="genericon genericon-pause"></div>
-		<div alt="f449" class="genericon genericon-stop"></div>
-		<div alt="f450" class="genericon genericon-skip-back"></div>
-		<div alt="f451" class="genericon genericon-skip-ahead"></div>
-		<div alt="f452" class="genericon genericon-play"></div>
-		<div alt="f453" class="genericon genericon-tablet"></div>
-		<div alt="f454" class="genericon genericon-send-to-tablet"></div>
-		<div alt="f455" class="genericon genericon-info"></div>
-		<div alt="f456" class="genericon genericon-notice"></div>
-		<div alt="f457" class="genericon genericon-help"></div>
-		<div alt="f458" class="genericon genericon-fastforward"></div>
-		<div alt="f459" class="genericon genericon-rewind"></div>
-		<div alt="f460" class="genericon genericon-portfolio"></div>
-		<div alt="f461" class="genericon genericon-heart"></div>
-		<div alt="f462" class="genericon genericon-code"></div>
-		<div alt="f463" class="genericon genericon-subscribe"></div>
-		<div alt="f464" class="genericon genericon-unsubscribe"></div>
-		<div alt="f465" class="genericon genericon-subscribed"></div>
-		<div alt="f466" class="genericon genericon-reply-alt"></div>
-		<div alt="f467" class="genericon genericon-reply-single"></div>
-		<div alt="f468" class="genericon genericon-flag"></div>
-		<div alt="f469" class="genericon genericon-print"></div>
-		<div alt="f470" class="genericon genericon-lock"></div>
-		<div alt="f471" class="genericon genericon-bold"></div>
-		<div alt="f472" class="genericon genericon-italic"></div>
-		<div alt="f473" class="genericon genericon-picture"></div>
-		<div alt="f474" class="genericon genericon-fullscreen"></div>
-
-		<!-- generic shapes -->
-		<div alt="f500" class="genericon genericon-uparrow"></div>
-		<div alt="f501" class="genericon genericon-rightarrow"></div>
-		<div alt="f502" class="genericon genericon-downarrow"></div>
-		<div alt="f503" class="genericon genericon-leftarrow"></div>
-
-	</div>
-
-	<p>If you want to insert an icon manually using the <code>:before</code> selector, you can setup CSS rules like the following example. <strong>Make sure to set the size to a multiple of 16px</strong> or the icons could end up looking fuzzy:</p>
-
-<p><textarea class="code" style="min-height: 150px;" onclick="select();">.my-icon:before {
-	content: '\f408';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/1 'Genericons';
-        vertical-align: middle;
-}</textarea></p>
-
-	<p>Add a matching class to your HTML:</p>
-
-	<p><code>&lt;div class="my-icon"&gt;You're a Star!&lt;/div&gt;</code></p>
-
-	<p>Here's the result: <span class="my-icon">You're a Star!</span></p>
-
-	<h2>Examples</h2>
-
-	<p>Turn every icon a <span style="color: #fa8072;">Salmon</span> color:</p>
-
-<p><textarea class="code" style="min-height: 70px" onclick="select();">
-.genericon {
-	color: #fa8072;
-}</textarea></p>
-
-	<p>Or turn the stars <span style="color: #ffd700;">Gold</span>:</p>
-
-<p><textarea class="code" style="min-height: 70px" onclick="select();">
-.genericon-star {
-	color: #fa8072;
-}</textarea></p>
-
-	<p>Use icons for bulleted lists:</p>
-
-	<ul class="my-checklist">
-		<li>One</li>
-		<li>Two</li>
-		<li>Three</li>
-		<li>Four</li>
-	</ul>
-
-<p><textarea class="code" style="min-height: 130px" onclick="select();">
-<ul class="my-checklist">
-	<li>One</li>
-	<li>Two</li>
-	<li>Three</li>
-	<li>Four</li>
-</ul></textarea></p>
-
-<p><textarea class="code" style="min-height: 260px;" onclick="select();">
-.my-checklist {
-	list-style-type: none;
-	text-indent: -16px;
-}
-.my-checklist li:before {
-	padding-right: 16px;
-	content: '\f418';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: text-top;
-}</textarea></p>
-
-	<p>Use icons to style blockquotes:</p>
-
-	<blockquote class="my-blockquote">Sometimes I've believed as many as six impossible things before breakfast. &mdash;<em>Lewis Carroll</em></blockquote>
-	<blockquote class="my-blockquote">`Twas brillig, and the slithy toves Did gyre and gimble in the wabe: All mimsy were the borogoves, And the mome raths outgrabe. "Beware the Jabberwock, my son!  The jaws that bite, the claws that catch!  Beware the Jubjub bird, and shun The frumious Bandersnatch!"</blockquote>
-
-<p><textarea class="code" style="min-height: 40px;" onclick="select();"><blockquote class="my-blockquote">Sometimes I've believed as many as six impossible things before breakfast. &mdash;<em>Lewis Carroll</em></blockquote></textarea></p>
-
-<p><textarea class="code" style="min-height: 300px;" onclick="select();">
-.my-blockquote {
-	background: #eee;
-	border-left: 32px solid #ddd;
-	padding: 10px;
-}
-.my-blockquote:before {
-	margin-left: -42px;
-	padding-right: 10px;
-        content: '\f106';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/20px 'Genericons';
-        vertical-align: bottom;
-} </textarea></p>
-
-	<p>Use icons to style buttons:</p>
-
-	<a class="my-button" href="javascript:void()"><i class="genericon genericon-show"></i> View</a>
-	<a class="my-button" href="javascript:void()"><i class="genericon genericon-audio"></i> Listen</a>
-
-<p><textarea class="code" style="min-height: 40px;" onclick="select();"><a class="my-button" href="#"><i class="genericon genericon-show"></i> View</a>
-<a class="my-button" href="#"><i class="genericon genericon-audio"></i> Listen</a></textarea></p>
-
-<p><textarea class="code" style="min-height: 300px;" onclick="select();">
-.my-button {
-	font-family: Helvetica, sans-serif;
-	background: #e05d22; /* Old browsers */
-	background: -webkit-linear-gradient(top, #e05d22 0%, #d94412 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #e05d22 0%, #d94412 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #e05d22 0%, #d94412 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #e05d22 0%, #d94412 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #e05d22 0%, #d94412 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#e05d22', endColorstr='#d94412', GradientType=0); /* IE6-9 */
-	display: inline-block;
-	padding: 10px 16px 6px 16px;
-	color: #fff;
-	text-decoration: none;
-	border: none;
-	border-bottom: 3px solid #b93207;
-	border-radius: 2px;
-}
-
-.my-button:hover,
-.my-button:focus {
-	background: #ed6a31; /* Old browsers */
-	background: -webkit-linear-gradient(top, #ed6a31 0%, #e55627 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #ed6a31 0%, #e55627 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #ed6a31 0%, #e55627 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #ed6a31 0%, #e55627 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #ed6a31 0%, #e55627 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ed6a31', endColorstr='#e55627', GradientType=0); /* IE6-9 */
-	outline: none;
-}
-
-.my-button:active {
-	background: #d94412; /* Old browsers */
-	background: -webkit-linear-gradient(top, #d94412 0%, #e05d22 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #d94412 0%, #e05d22 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #d94412 0%, #e05d22 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #d94412 0%, #e05d22 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #d94412 0%, #e05d22 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#d94412', endColorstr='#e05d22', GradientType=0); /* IE6-9 */
-	border: none;
-	border-top: 3px solid #b93207;
-	padding: 6px 16px 10px 16px;
-}</textarea>/</p>
-
-	<h2>CSS Preprocessors</h2>
-
-	<p>Preprocessing extensions such as Sass (SCSS Syntax) or LESS</a> can make it easier to manage CSS for a lot of things at once using things like variables and mixins.</p>
-
-	<p>This example will seup the basic genericon rules and sets a color you can use for all icons using Sass:</p>
-
-<p><textarea class="code" style="min-height: 360px;" onclick="select();">$icon-color: "#fa8072";
-
-.genericon {
-        color: $icon-color;
-}
-
-@mixin genericon-rules {
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: middle;
-}
-
-.my-icon:before {
-	content: '\f408';
-        @include genericon-rules;
-}</textarea></p>
-
-	<p>Here is a similar example for LESS:</p>
-
-<p><textarea class="code" style="min-height: 360px;" onclick="select();">@icon-color: "#fa8072";
-
-.genericon {
-        color: @icon-color;
-}
-
-.genericon-rules {
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: middle;
-}
-
-.my-icon:before {
-	content: '\f408';
-        .genericon-rules;
-}</textarea></p>
-
-	<h2>Fallback images for IE7 and below</h2>
-
-	<p>Genericons <strong>does not come with fallback icons by default</strong> -- therefore you have to create them yourself. If you are using HTML similar to this example:
-
-	<p><code>&lt;span class="genericon genericon-warning"&gt;&lt;/span&gt;</code></p>
-
-	<p>You can use the asterisk hack to serve a different icon to IE7 once you have saved the fallback icons to your project:</p>
-
-<textarea class="code" style="min-height: 85px;" onclick="select();">.genericon-warning {
-        *background: url(fallback-icon.png) no-repeat center center;
-        *text-indent: 100%;
-}</textarea>
-
-</div>
-
-</body>
-</html>

wp-includes/capabilities.php

@@ -1117,8 +1117,10 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'edit_post':
 	case 'edit_page':
 		$post = get_post( $args[0] );
-		if ( empty( $post ) )
+		if ( empty( $post ) ) {
+			$caps[] = 'do_not_allow';
 			break;
+		}
 
 		if ( 'revision' == $post->post_type ) {
 			$post = get_post( $post->post_parent );
@@ -1232,7 +1234,16 @@ function map_meta_cap( $cap, $user_id ) {
 		if ( empty( $comment ) )
 			break;
 		$post = get_post( $comment->comment_post_ID );
-		$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
+
+		/*
+		 * If the post doesn't exist, we have an orphaned comment.
+		 * Fall back to the edit_posts capability, instead.
+		 */
+		if ( $post ) {
+			$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
+		} else {
+			$caps = map_meta_cap( 'edit_posts', $user_id );
+		}
 		break;
 	case 'unfiltered_upload':
 		if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  )
@@ -1374,21 +1385,25 @@ function current_user_can( $capability ) {
  * @return bool
  */
 function current_user_can_for_blog( $blog_id, $capability ) {
-	if ( is_multisite() )
-		switch_to_blog( $blog_id );
+	$switched = is_multisite() ? switch_to_blog( $blog_id ) : false;
 
 	$current_user = wp_get_current_user();
 
-	if ( empty( $current_user ) )
+	if ( empty( $current_user ) ) {
+		if ( $switched ) {
+			restore_current_blog();
+		}
 		return false;
+	}
 
 	$args = array_slice( func_get_args(), 2 );
 	$args = array_merge( array( $capability ), $args );
 
 	$can = call_user_func_array( array( $current_user, 'has_cap' ), $args );
 
-	if ( is_multisite() )
+	if ( $switched ) {
 		restore_current_blog();
+	}
 
 	return $can;
 }

wp-includes/class-snoopy.php

@@ -999,20 +999,23 @@ class Snoopy
 		if(!empty($this->user) || !empty($this->pass))
 			$headers[] = "Authorization: BASIC ".base64_encode($this->user.":".$this->pass);
 
-		for($curr_header = 0; $curr_header < count($headers); $curr_header++) {
-			$safer_header = strtr( $headers[$curr_header], "\"", " " );
-			$cmdline_params .= " -H \"".$safer_header."\"";
+		$headerfile = tempnam( $this->temp_dir, "sno" );
+		$cmdline_params = '-k -D ' . escapeshellarg( $headerfile );
+
+		foreach ( $headers as $header ) {
+			$cmdline_params .= ' -H ' . escapeshellarg( $header );
 		}
 
-		if(!empty($body))
-			$cmdline_params .= " -d \"$body\"";
+		if ( ! empty( $body ) ) {
+			$cmdline_params .= ' -d ' . escapeshellarg( $body );
+		}
 
-		if($this->read_timeout > 0)
-			$cmdline_params .= " -m ".$this->read_timeout;
+		if ( $this->read_timeout > 0 ) {
+			$cmdline_params .= ' -m ' . escapeshellarg( $this->read_timeout );
+		}
 
-		$headerfile = tempnam($this->temp_dir, "sno");
 
-		exec($this->curl_path." -k -D \"$headerfile\"".$cmdline_params." \"".escapeshellcmd($URI)."\"",$results,$return);
+		exec( $this->curl_path . ' ' . $cmdline_params . ' ' . escapeshellarg( $URI ), $results, $return );
 
 		if($return)
 		{

wp-includes/class-wp-customize-control.php

@@ -738,7 +738,7 @@ class WP_Customize_Upload_Control extends WP_Customize_Control {
 	 */
 	public function content_template() {
 		?>
-		<label for="{{ data.settings.default }}-button">
+		<label for="{{ data.settings['default'] }}-button">
 			<# if ( data.label ) { #>
 				<span class="customize-control-title">{{ data.label }}</span>
 			<# } #>
@@ -775,7 +775,7 @@ class WP_Customize_Upload_Control extends WP_Customize_Control {
 			</div>
 			<div class="actions">
 				<button type="button" class="button remove-button"><?php echo $this->button_labels['remove']; ?></button>
-				<button type="button" class="button upload-button" id="{{ data.settings.default }}-button"><?php echo $this->button_labels['change']; ?></button>
+				<button type="button" class="button upload-button" id="{{ data.settings['default'] }}-button"><?php echo $this->button_labels['change']; ?></button>
 				<div style="clear:both"></div>
 			</div>
 		<# } else { #>
@@ -794,7 +794,7 @@ class WP_Customize_Upload_Control extends WP_Customize_Control {
 				<# if ( data.defaultAttachment ) { #>
 					<button type="button" class="button default-button"><?php echo $this->button_labels['default']; ?></button>
 				<# } #>
-				<button type="button" class="button upload-button" id="{{ data.settings.default }}-button"><?php echo $this->button_labels['select']; ?></button>
+				<button type="button" class="button upload-button" id="{{ data.settings['default'] }}-button"><?php echo $this->button_labels['select']; ?></button>
 				<div style="clear:both"></div>
 			</div>
 		<# } #>

wp-includes/class-wp-customize-manager.php

@@ -63,9 +63,9 @@ final class WP_Customize_Manager {
 	protected $registered_control_types = array();
 
 	/**
-	 * $_POST values for Customize Settings.
+	 * Unsanitized values for Customize Settings parsed from $_POST['customized'].
 	 *
-	 * @var array
+	 * @var array|false
 	 */
 	private $_post_values;
 
@@ -75,11 +75,11 @@ final class WP_Customize_Manager {
 	 * @since 3.4.0
 	 */
 	public function __construct() {
-		require( ABSPATH . WPINC . '/class-wp-customize-setting.php' );
-		require( ABSPATH . WPINC . '/class-wp-customize-panel.php' );
-		require( ABSPATH . WPINC . '/class-wp-customize-section.php' );
-		require( ABSPATH . WPINC . '/class-wp-customize-control.php' );
-		require( ABSPATH . WPINC . '/class-wp-customize-widgets.php' );
+		require_once( ABSPATH . WPINC . '/class-wp-customize-setting.php' );
+		require_once( ABSPATH . WPINC . '/class-wp-customize-panel.php' );
+		require_once( ABSPATH . WPINC . '/class-wp-customize-section.php' );
+		require_once( ABSPATH . WPINC . '/class-wp-customize-control.php' );
+		require_once( ABSPATH . WPINC . '/class-wp-customize-widgets.php' );
 
 		$this->widgets = new WP_Customize_Widgets( $this );
 
@@ -175,6 +175,24 @@ final class WP_Customize_Manager {
 
 		$this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null );
 
+		/*
+		 * Clear incoming post data if the user lacks a CSRF token (nonce). Note that the customizer
+		 * application will inject the customize_preview_nonce query parameter into all Ajax requests.
+		 * For similar behavior elsewhere in WordPress, see rest_cookie_check_errors() which logs out
+		 * a user when a valid nonce isn't present.
+		 */
+		$has_post_data_nonce = (
+			check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'nonce', false )
+			||
+			check_ajax_referer( 'save-customize_' . $this->get_stylesheet(), 'nonce', false )
+			||
+			check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'customize_preview_nonce', false )
+		);
+		if ( ! $has_post_data_nonce ) {
+			unset( $_POST['customized'] );
+			unset( $_REQUEST['customized'] );
+		}
+
 		if ( $this->is_theme_active() ) {
 			// Once the theme is loaded, we'll validate it.
 			add_action( 'after_setup_theme', array( $this, 'after_setup_theme' ) );
@@ -399,23 +417,46 @@ final class WP_Customize_Manager {
 	}
 
 	/**
-	 * Decode the $_POST['customized'] values for a specific Customize Setting.
+	 * Parse the incoming $_POST['customized'] JSON data and store the unsanitized
+	 * settings for subsequent post_value() lookups.
+	 *
+	 * @since 4.1.1
+	 *
+	 * @return array
+	 */
+	public function unsanitized_post_values() {
+		if ( ! isset( $this->_post_values ) ) {
+			if ( isset( $_POST['customized'] ) ) {
+				$this->_post_values = json_decode( wp_unslash( $_POST['customized'] ), true );
+			}
+			if ( empty( $this->_post_values ) ) { // if not isset or of JSON error
+				$this->_post_values = false;
+			}
+		}
+		if ( empty( $this->_post_values ) ) {
+			return array();
+		} else {
+			return $this->_post_values;
+		}
+	}
+
+	/**
+	 * Return the sanitized value for a given setting from the request's POST data.
 	 *
 	 * @since 3.4.0
+	 * @since 4.1.1 Introduced 'default' parameter.
 	 *
 	 * @param WP_Customize_Setting $setting A WP_Customize_Setting derived object
-	 * @return string $post_value Sanitized value
+	 * @param mixed $default value returned $setting has no post value (added in 4.2.0).
+	 * @return string|mixed $post_value Sanitized value or the $default provided
 	 */
-	public function post_value( $setting ) {
-		if ( ! isset( $this->_post_values ) ) {
-			if ( isset( $_POST['customized'] ) )
-				$this->_post_values = json_decode( wp_unslash( $_POST['customized'] ), true );
-			else
-				$this->_post_values = false;
+	public function post_value( $setting, $default = null ) {
+		$post_values = $this->unsanitized_post_values();
+		if ( array_key_exists( $setting->id, $post_values ) ) {
+			return $setting->sanitize( $post_values[ $setting->id ] );
+		} else {
+			return $default;
 		}
-
-		if ( isset( $this->_post_values[ $setting->id ] ) )
-			return $setting->sanitize( $this->_post_values[ $setting->id ] );
 	}
 
 	/**

wp-includes/class-wp-customize-setting.php

@@ -103,12 +103,18 @@ class WP_Customize_Setting {
 		return $this;
 	}
 
+	protected $_original_value;
+
 	/**
 	 * Handle previewing the setting.
 	 *
 	 * @since 3.4.0
 	 */
 	public function preview() {
+		if ( ! isset( $this->_original_value ) ) {
+			$this->_original_value = $this->value();
+		}
+
 		switch( $this->type ) {
 			case 'theme_mod' :
 				add_filter( 'theme_mod_' . $this->id_data[ 'base' ], array( $this, '_preview_filter' ) );
@@ -159,7 +165,15 @@ class WP_Customize_Setting {
 	 * @return mixed New or old value.
 	 */
 	public function _preview_filter( $original ) {
-		return $this->multidimensional_replace( $original, $this->id_data[ 'keys' ], $this->post_value() );
+		$undefined = new stdClass(); // symbol hack
+		$post_value = $this->manager->post_value( $this, $undefined );
+		if ( $undefined === $post_value ) {
+			$value = $this->_original_value;
+		} else {
+			$value = $post_value;
+		}
+
+		return $this->multidimensional_replace( $original, $this->id_data['keys'], $value );
 	}
 
 	/**
@@ -425,8 +439,15 @@ class WP_Customize_Setting {
 			$node = &$node[ $key ];
 		}
 
-		if ( $create && ! isset( $node[ $last ] ) )
-			$node[ $last ] = array();
+		if ( $create ) {
+			if ( ! is_array( $node ) ) {
+				// account for an array overriding a string or object value
+				$node = array();
+			}
+			if ( ! isset( $node[ $last ] ) ) {
+				$node[ $last ] = array();
+			}
+		}
 
 		if ( ! isset( $node[ $last ] ) )
 			return;

wp-includes/class-wp-customize-widgets.php

@@ -1199,7 +1199,7 @@ final class WP_Customize_Widgets {
 			return null;
 		}
 
-		if ( $this->get_instance_hash_key( $decoded ) !== $value['instance_hash_key'] ) {
+		if ( ! hash_equals( $this->get_instance_hash_key( $decoded ), $value['instance_hash_key'] ) ) {
 			return null;
 		}
 

wp-includes/class-wp-editor.php

@@ -117,12 +117,6 @@ final class _WP_Editors {
 			// A cookie (set when a user resizes the editor) overrides the height.
 			$cookie = (int) get_user_setting( 'ed_size' );
 
-			// Upgrade an old TinyMCE cookie if it is still around, and the new one isn't.
-			if ( ! $cookie && isset( $_COOKIE['TinyMCE_content_size'] ) ) {
-				parse_str( $_COOKIE['TinyMCE_content_size'], $cookie );
- 				$cookie = $cookie['ch'];
-			}
-
 			if ( $cookie )
 				$set['editor_height'] = $cookie;
 		}

wp-includes/class-wp-embed.php

@@ -57,7 +57,7 @@ class WP_Embed {
 		add_shortcode( 'embed', array( $this, 'shortcode' ) );
 
 		// Do the shortcode (only the [embed] one is registered)
-		$content = do_shortcode( $content );
+		$content = do_shortcode( $content, true );
 
 		// Put the original shortcodes back
 		$shortcode_tags = $orig_shortcode_tags;
@@ -312,7 +312,14 @@ class WP_Embed {
 	 * @return string Potentially modified $content.
 	 */
 	public function autoembed( $content ) {
-		return preg_replace_callback( '|^\s*(https?://[^\s"]+)\s*$|im', array( $this, 'autoembed_callback' ), $content );
+		// Replace line breaks from all HTML elements with placeholders.
+		$content = wp_replace_in_html_tags( $content, array( "\n" => '<!-- wp-line-break -->' ) );
+
+		// Find URLs that are on their own line.
+		$content = preg_replace_callback( '|^\s*(https?://[^\s"]+)\s*$|im', array( $this, 'autoembed_callback' ), $content );
+
+		// Put the line breaks back.
+		return str_replace( '<!-- wp-line-break -->', "\n", $content );
 	}
 
 	/**

wp-includes/class-wp-theme.php

@@ -217,7 +217,7 @@ final class WP_Theme implements ArrayAccess {
 		} elseif ( ! file_exists( $this->theme_root . '/' . $theme_file ) ) {
 			$this->headers['Name'] = $this->stylesheet;
 			if ( ! file_exists( $this->theme_root . '/' . $this->stylesheet ) )
-				$this->errors = new WP_Error( 'theme_not_found', sprintf( __( 'The theme directory "%s" does not exist.' ), $this->stylesheet ) );
+				$this->errors = new WP_Error( 'theme_not_found', sprintf( __( 'The theme directory "%s" does not exist.' ), esc_html( $this->stylesheet ) ) );
 			else
 				$this->errors = new WP_Error( 'theme_no_stylesheet', __( 'Stylesheet is missing.' ) );
 			$this->template = $this->stylesheet;
@@ -264,7 +264,7 @@ final class WP_Theme implements ArrayAccess {
 				$theme_root_template = $directories[ $this->template ]['theme_root'];
 			} else {
 				// Parent theme is missing.
-				$this->errors = new WP_Error( 'theme_no_parent', sprintf( __( 'The parent theme is missing. Please install the "%s" parent theme.' ), $this->template ) );
+				$this->errors = new WP_Error( 'theme_no_parent', sprintf( __( 'The parent theme is missing. Please install the "%s" parent theme.' ), esc_html( $this->template ) ) );
 				$this->cache_add( 'theme', array( 'headers' => $this->headers, 'errors' => $this->errors, 'stylesheet' => $this->stylesheet, 'template' => $this->template ) );
 				$this->parent = new WP_Theme( $this->template, $this->theme_root, $this );
 				return;
@@ -276,11 +276,11 @@ final class WP_Theme implements ArrayAccess {
 			// If we are a parent, then there is a problem. Only two generations allowed! Cancel things out.
 			if ( is_a( $_child, 'WP_Theme' ) && $_child->template == $this->stylesheet ) {
 				$_child->parent = null;
-				$_child->errors = new WP_Error( 'theme_parent_invalid', sprintf( __( 'The "%s" theme is not a valid parent theme.' ), $_child->template ) );
+				$_child->errors = new WP_Error( 'theme_parent_invalid', sprintf( __( 'The "%s" theme is not a valid parent theme.' ), esc_html( $_child->template ) ) );
 				$_child->cache_add( 'theme', array( 'headers' => $_child->headers, 'errors' => $_child->errors, 'stylesheet' => $_child->stylesheet, 'template' => $_child->template ) );
 				// The two themes actually reference each other with the Template header.
 				if ( $_child->stylesheet == $this->template ) {
-					$this->errors = new WP_Error( 'theme_parent_invalid', sprintf( __( 'The "%s" theme is not a valid parent theme.' ), $this->template ) );
+					$this->errors = new WP_Error( 'theme_parent_invalid', sprintf( __( 'The "%s" theme is not a valid parent theme.' ), esc_html( $this->template ) ) );
 					$this->cache_add( 'theme', array( 'headers' => $this->headers, 'errors' => $this->errors, 'stylesheet' => $this->stylesheet, 'template' => $this->template ) );
 				}
 				return;
@@ -655,8 +655,9 @@ final class WP_Theme implements ArrayAccess {
 	private function markup_header( $header, $value, $translate ) {
 		switch ( $header ) {
 			case 'Name' :
-				if ( empty( $value ) )
-					$value = $this->get_stylesheet();
+				if ( empty( $value ) ) {
+					$value = esc_html( $this->get_stylesheet() );
+				}
 				break;
 			case 'Description' :
 				$value = wptexturize( $value );

wp-includes/class-wp-xmlrpc-server.php

@@ -331,6 +331,11 @@ class wp_xmlrpc_server extends IXR_Server {
 			if ( isset($meta['id']) ) {
 				$meta['id'] = (int) $meta['id'];
 				$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
+
+				if ( ! $pmeta || $pmeta->post_id != $post_id ) {
+					continue;
+				}
+
 				if ( isset($meta['key']) ) {
 					$meta['key'] = wp_unslash( $meta['key'] );
 					if ( $meta['key'] !== $pmeta->meta_key )
@@ -1149,6 +1154,56 @@ class wp_xmlrpc_server extends IXR_Server {
 		return $count > 1;
 	}
 
+	private function _validate_boolean( $var ) {
+		if ( is_bool( $var ) ) {
+			return $var;
+		}
+
+		if ( is_string( $var ) && 'false' === strtolower( $var ) ) {
+			return false;
+		}
+
+		return (bool) $var;
+	}
+
+	/**
+	 * Encapsulate the logic for sticking a post
+	 * and determining if the user has permission to do so
+	 *
+	 * @since 4.3.0
+	 * @access private
+	 *
+	 * @param array $post_data
+	 * @param bool  $update
+	 * @return void|IXR_Error
+	 */
+	private function _toggle_sticky( $post_data, $update = false ) {
+		$post_type = get_post_type_object( $post_data['post_type'] );
+
+		// Private and password-protected posts cannot be stickied.
+		if ( 'private' === $post_data['post_status'] || ! empty( $post_data['post_password'] ) ) {
+			// Error if the client tried to stick the post, otherwise, silently unstick.
+			if ( ! empty( $post_data['sticky'] ) ) {
+				return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) );
+			}
+
+			if ( $update ) {
+				unstick_post( $post_data['ID'] );
+			}
+		} elseif ( isset( $post_data['sticky'] ) )  {
+			if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) {
+				return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) );
+			}
+
+			$sticky = $this->_validate_boolean( $post_data['sticky'] );
+			if ( $sticky ) {
+				stick_post( $post_data['ID'] );
+			} else {
+				unstick_post( $post_data['ID'] );
+			}
+		}
+	}
+
 	/**
 	 * Helper method for wp_newPost and wp_editPost, containing shared logic.
 	 *
@@ -1159,10 +1214,31 @@ class wp_xmlrpc_server extends IXR_Server {
 	 * @param array|IXR_Error $content_struct Post data to insert.
 	 */
 	protected function _insert_post( $user, $content_struct ) {
-		$defaults = array( 'post_status' => 'draft', 'post_type' => 'post', 'post_author' => 0,
-			'post_password' => '', 'post_excerpt' => '', 'post_content' => '', 'post_title' => '' );
+		$defaults = array(
+			'post_status'    => 'draft',
+			'post_type'      => 'post',
+			'post_author'    => null,
+			'post_password'  => null,
+			'post_excerpt'   => null,
+			'post_content'   => null,
+			'post_title'     => null,
+			'post_date'      => null,
+			'post_date_gmt'  => null,
+			'post_format'    => null,
+			'post_name'      => null,
+			'post_thumbnail' => null,
+			'post_parent'    => null,
+			'ping_status'    => null,
+			'comment_status' => null,
+			'custom_fields'  => null,
+			'terms_names'    => null,
+			'terms'          => null,
+			'sticky'         => null,
+			'enclosure'      => null,
+			'ID'             => null,
+		);
 
-		$post_data = wp_parse_args( $content_struct, $defaults );
+		$post_data = wp_parse_args( array_intersect_key( $content_struct, $defaults ), $defaults );
 
 		$post_type = get_post_type_object( $post_data['post_type'] );
 		if ( ! $post_type )
@@ -1241,20 +1317,9 @@ class wp_xmlrpc_server extends IXR_Server {
 		$post_ID = $post_data['ID'];
 
 		if ( $post_data['post_type'] == 'post' ) {
-			// Private and password-protected posts cannot be stickied.
-			if ( $post_data['post_status'] == 'private' || ! empty( $post_data['post_password'] ) ) {
-				// Error if the client tried to stick the post, otherwise, silently unstick.
-				if ( ! empty( $post_data['sticky'] ) )
-					return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) );
-				if ( $update )
-					unstick_post( $post_ID );
-			} elseif ( isset( $post_data['sticky'] ) )  {
-				if ( ! current_user_can( $post_type->cap->edit_others_posts ) )
-					return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) );
-				if ( $post_data['sticky'] )
-					stick_post( $post_ID );
-				else
-					unstick_post( $post_ID );
+			$error = $this->_toggle_sticky( $post_data, $update );
+			if ( $error ) {
+				return $error;
 			}
 		}
 
@@ -1354,9 +1419,6 @@ class wp_xmlrpc_server extends IXR_Server {
 
 			$post_data['tax_input'] = $terms;
 			unset( $post_data['terms'], $post_data['terms_names'] );
-		} else {
-			// do not allow direct submission of 'tax_input', clients must use 'terms' and/or 'terms_names'
-			unset( $post_data['tax_input'], $post_data['post_category'], $post_data['tags_input'] );
 		}
 
 		if ( isset( $post_data['post_format'] ) ) {
@@ -4583,10 +4645,12 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		// Only posts can be sticky
 		if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) {
-			if ( $content_struct['sticky'] == true )
-				stick_post( $post_ID );
-			elseif ( $content_struct['sticky'] == false )
-				unstick_post( $post_ID );
+			$data = $postdata;
+			$data['sticky'] = $content_struct['sticky'];
+			$error = $this->_toggle_sticky( $data );
+			if ( $error ) {
+				return $error;
+			}
 		}
 
 		if ( isset($content_struct['custom_fields']) )
@@ -4872,11 +4936,12 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		$tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : null;
 
-		if ( ('publish' == $post_status) ) {
-			if ( ( 'page' == $post_type ) && !current_user_can('publish_pages') )
-				return new IXR_Error(401, __('Sorry, you do not have the right to publish this page.'));
-			else if ( !current_user_can('publish_posts') )
-				return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.'));
+		if ( 'publish' == $post_status || 'private' == $post_status ) {
+			if ( 'page' == $post_type && ! current_user_can( 'publish_pages' ) ) {
+				return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this page.' ) );
+			} elseif ( ! current_user_can( 'publish_posts' ) ) {
+				return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this post.' ) );
+			}
 		}
 
 		if ( $post_more )
@@ -4916,10 +4981,13 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		// Only posts can be sticky
 		if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) {
-			if ( $content_struct['sticky'] == true )
-				stick_post( $post_ID );
-			elseif ( $content_struct['sticky'] == false )
-				unstick_post( $post_ID );
+			$data = $newpost;
+			$data['sticky'] = $content_struct['sticky'];
+			$data['post_type'] = 'post';
+			$error = $this->_toggle_sticky( $data, true );
+			if ( $error ) {
+				return $error;
+			}
 		}
 
 		if ( isset($content_struct['custom_fields']) )

wp-includes/compat.php

@@ -13,23 +13,141 @@ if ( !function_exists('_') ) {
 	}
 }
 
-if ( !function_exists('mb_substr') ):
-	function mb_substr( $str, $start, $length=null, $encoding=null ) {
-		return _mb_substr($str, $start, $length, $encoding);
+/**
+ * Returns whether PCRE/u (PCRE_UTF8 modifier) is available for use.
+ *
+ * @ignore
+ * @since 4.2.2
+ * @access private
+ *
+ * @param bool $set - Used for testing only
+ *             null   : default - get PCRE/u capability
+ *             false  : Used for testing - return false for future calls to this function
+ *             'reset': Used for testing - restore default behavior of this function
+ */
+function _wp_can_use_pcre_u( $set = null ) {
+	static $utf8_pcre = 'reset';
+
+	if ( null !== $set ) {
+		$utf8_pcre = $set;
+	}
+
+	if ( 'reset' === $utf8_pcre ) {
+		$utf8_pcre = @preg_match( '/^./u', 'a' );
+	}
+
+	return $utf8_pcre;
+}
+
+if ( ! function_exists( 'mb_substr' ) ) :
+	function mb_substr( $str, $start, $length = null, $encoding = null ) {
+		return _mb_substr( $str, $start, $length, $encoding );
 	}
 endif;
 
-function _mb_substr( $str, $start, $length=null, $encoding=null ) {
-	// the solution below, works only for utf-8, so in case of a different
-	// charset, just use built-in substr
-	$charset = get_option( 'blog_charset' );
-	if ( !in_array( $charset, array('utf8', 'utf-8', 'UTF8', 'UTF-8') ) ) {
-		return is_null( $length )? substr( $str, $start ) : substr( $str, $start, $length);
+/*
+ * Only understands UTF-8 and 8bit.  All other character sets will be treated as 8bit.
+ * For $encoding === UTF-8, the $str input is expected to be a valid UTF-8 byte sequence.
+ * The behavior of this function for invalid inputs is undefined.
+ */
+function _mb_substr( $str, $start, $length = null, $encoding = null ) {
+	if ( null === $encoding ) {
+		$encoding = get_option( 'blog_charset' );
 	}
-	// use the regex unicode support to separate the UTF-8 characters into an array
-	preg_match_all( '/./us', $str, $match );
-	$chars = is_null( $length )? array_slice( $match[0], $start ) : array_slice( $match[0], $start, $length );
-	return implode( '', $chars );
+
+	// The solution below works only for UTF-8,
+	// so in case of a different charset just use built-in substr()
+	if ( ! in_array( $encoding, array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) {
+		return is_null( $length ) ? substr( $str, $start ) : substr( $str, $start, $length );
+	}
+
+	if ( _wp_can_use_pcre_u() ) {
+		// Use the regex unicode support to separate the UTF-8 characters into an array
+		preg_match_all( '/./us', $str, $match );
+		$chars = is_null( $length ) ? array_slice( $match[0], $start ) : array_slice( $match[0], $start, $length );
+		return implode( '', $chars );
+	}
+
+	$regex = '/(
+		  [\x00-\x7F]                  # single-byte sequences   0xxxxxxx
+		| [\xC2-\xDF][\x80-\xBF]       # double-byte sequences   110xxxxx 10xxxxxx
+		| \xE0[\xA0-\xBF][\x80-\xBF]   # triple-byte sequences   1110xxxx 10xxxxxx * 2
+		| [\xE1-\xEC][\x80-\xBF]{2}
+		| \xED[\x80-\x9F][\x80-\xBF]
+		| [\xEE-\xEF][\x80-\xBF]{2}
+		| \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
+		| [\xF1-\xF3][\x80-\xBF]{3}
+		| \xF4[\x80-\x8F][\x80-\xBF]{2}
+	)/x';
+
+	$chars = array( '' ); // Start with 1 element instead of 0 since the first thing we do is pop
+	do {
+		// We had some string left over from the last round, but we counted it in that last round.
+		array_pop( $chars );
+
+		// Split by UTF-8 character, limit to 1000 characters (last array element will contain the rest of the string)
+		$pieces = preg_split( $regex, $str, 1000, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY );
+
+		$chars = array_merge( $chars, $pieces );
+	} while ( count( $pieces ) > 1 && $str = array_pop( $pieces ) ); // If there's anything left over, repeat the loop.
+
+	return join( '', array_slice( $chars, $start, $length ) );
+}
+
+if ( ! function_exists( 'mb_strlen' ) ) :
+	function mb_strlen( $str, $encoding = null ) {
+		return _mb_strlen( $str, $encoding );
+	}
+endif;
+
+/*
+ * Only understands UTF-8 and 8bit.  All other character sets will be treated as 8bit.
+ * For $encoding === UTF-8, the $str input is expected to be a valid UTF-8 byte sequence.
+ * The behavior of this function for invalid inputs is undefined.
+ */
+function _mb_strlen( $str, $encoding = null ) {
+	if ( null === $encoding ) {
+		$encoding = get_option( 'blog_charset' );
+	}
+
+	// The solution below works only for UTF-8,
+	// so in case of a different charset just use built-in strlen()
+	if ( ! in_array( $encoding, array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) {
+		return strlen( $str );
+	}
+
+	if ( _wp_can_use_pcre_u() ) {
+		// Use the regex unicode support to separate the UTF-8 characters into an array
+		preg_match_all( '/./us', $str, $match );
+		return count( $match[0] );
+	}
+
+	$regex = '/(?:
+		  [\x00-\x7F]                  # single-byte sequences   0xxxxxxx
+		| [\xC2-\xDF][\x80-\xBF]       # double-byte sequences   110xxxxx 10xxxxxx
+		| \xE0[\xA0-\xBF][\x80-\xBF]   # triple-byte sequences   1110xxxx 10xxxxxx * 2
+		| [\xE1-\xEC][\x80-\xBF]{2}
+		| \xED[\x80-\x9F][\x80-\xBF]
+		| [\xEE-\xEF][\x80-\xBF]{2}
+		| \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
+		| [\xF1-\xF3][\x80-\xBF]{3}
+		| \xF4[\x80-\x8F][\x80-\xBF]{2}
+	)/x';
+
+	$count = 1; // Start at 1 instead of 0 since the first thing we do is decrement
+	do {
+		// We had some string left over from the last round, but we counted it in that last round.
+		$count--;
+
+		// Split by UTF-8 character, limit to 1000 characters (last array element will contain the rest of the string)
+		$pieces = preg_split( $regex, $str, 1000 );
+
+		// Increment
+		$count += count( $pieces );
+	} while ( $str = array_pop( $pieces ) ); // If there's anything left over, repeat the loop.
+
+	// Fencepost: preg_split() always returns one extra item in the array
+	return --$count;
 }
 
 if ( !function_exists('hash_hmac') ):

wp-includes/date.php

@@ -305,8 +305,17 @@ class WP_Date_Query {
 
 		// Days per year.
 		if ( array_key_exists( 'year', $date_query ) ) {
-			// If a year exists in the date query, we can use it to get the days.
-			$max_days_of_year = date( 'z', mktime( 0, 0, 0, 12, 31, $date_query['year'] ) ) + 1;
+			/*
+			 * If a year exists in the date query, we can use it to get the days.
+			 * If multiple years are provided (as in a BETWEEN), use the first one.
+			 */
+			if ( is_array( $date_query['year'] ) ) {
+				$_year = reset( $date_query['year'] );
+			} else {
+				$_year = $date_query['year'];
+			}
+
+			$max_days_of_year = date( 'z', mktime( 0, 0, 0, 12, 31, $_year ) ) + 1;
 		} else {
 			// otherwise we use the max of 366 (leap-year)
 			$max_days_of_year = 366;
@@ -336,10 +345,10 @@ class WP_Date_Query {
 		);
 
 		// Weeks per year.
-		if ( array_key_exists( 'year', $date_query ) ) {
+		if ( isset( $_year ) ) {
 			// If we have a specific year, use it to calculate number of weeks.
 			$date = new DateTime();
-			$date->setISODate( $date_query['year'], 53 );
+			$date->setISODate( $_year, 53 );
 			$week_count = $date->format( "W" ) === "53" ? 53 : 52;
 
 		} else {
@@ -360,7 +369,7 @@ class WP_Date_Query {
 
 		// Hours per day.
 		$min_max_checks['hour'] = array(
-			'min' => 1,
+			'min' => 0,
 			'max' => 23
 		);
 
@@ -382,22 +391,25 @@ class WP_Date_Query {
 				continue;
 			}
 
-			$is_between = $date_query[ $key ] >= $check['min'] && $date_query[ $key ] <= $check['max'];
+			// Throw a notice for each failing value.
+			$is_between = true;
+			foreach ( (array) $date_query[ $key ] as $_value ) {
+				$is_between = $_value >= $check['min'] && $_value <= $check['max'];
 
-			if ( ! $is_between ) {
+				if ( ! is_numeric( $_value ) || ! $is_between ) {
+					$error = sprintf(
+						/* translators: Date query invalid date message: 1: invalid value, 2: type of value, 3: minimum valid value, 4: maximum valid value */
+						__( 'Invalid value %1$s for %2$s. Expected value should be between %3$s and %4$s.' ),
+						'<code>' . esc_html( $_value ) . '</code>',
+						'<code>' . esc_html( $key ) . '</code>',
+						'<code>' . esc_html( $check['min'] ) . '</code>',
+						'<code>' . esc_html( $check['max'] ) . '</code>'
+					);
 
-				$error = sprintf(
-					/* translators: Date query invalid date message: 1: invalid value, 2: type of value, 3: minimum valid value, 4: maximum valid value */
-					__( 'Invalid value %1$s for %2$s. Expected value should be between %3$s and %4$s.' ),
-					'<code>' . esc_html( $date_query[ $key ] ) . '</code>',
-					'<code>' . esc_html( $key ) . '</code>',
-					'<code>' . esc_html( $check['min'] ) . '</code>',
-					'<code>' . esc_html( $check['max'] ) . '</code>'
-				);
+					_doing_it_wrong( __CLASS__, $error, '4.1.0' );
 
-				_doing_it_wrong( __CLASS__, $error, '4.1.0' );
-
-				$valid = false;
+					$valid = false;
+				}
 			}
 		}
 

wp-includes/default-widgets.php

@@ -1354,7 +1354,7 @@ class WP_Widget_Tag_Cloud extends WP_Widget {
 		?>
 		<p>
 			<label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:') ?></label>
-			<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo $title; ?>" />
+			<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo esc_attr( $title ); ?>" />
 		</p>
 		<p>
 			<label for="<?php echo $this->get_field_id('nav_menu'); ?>"><?php _e('Select Menu:'); ?></label>

wp-includes/formatting.php

@@ -410,6 +410,9 @@ function wpautop($pee, $br = true) {
 	$pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
 	$pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
 
+	// Find newlines in all elements and add placeholders.
+	$pee = wp_replace_in_html_tags( $pee, array( "\n" => " <!-- wpnl --> " ) );
+
 	if ( strpos( $pee, '<option' ) !== false ) {
 		// no P/BR around option
 		$pee = preg_replace( '|\s*<option|', '<option', $pee );
@@ -461,9 +464,109 @@ function wpautop($pee, $br = true) {
 	if ( !empty($pre_tags) )
 		$pee = str_replace(array_keys($pre_tags), array_values($pre_tags), $pee);
 
+	// Restore newlines in all elements.
+	$pee = str_replace( " <!-- wpnl --> ", "\n", $pee );
+
 	return $pee;
 }
 
+/**
+ * Separate HTML elements and comments from the text.
+ *
+ * @since 4.2.4
+ *
+ * @param string $input The text which has to be formatted.
+ * @return array The formatted text.
+ */
+function wp_html_split( $input ) {
+	static $regex;
+
+	if ( ! isset( $regex ) ) {
+		$comments =
+			  '!'           // Start of comment, after the <.
+			. '(?:'         // Unroll the loop: Consume everything until --> is found.
+			.     '-(?!->)' // Dash not followed by end of comment.
+			.     '[^\-]*+' // Consume non-dashes.
+			. ')*+'         // Loop possessively.
+			. '(?:-->)?';   // End of comment. If not found, match all input.
+
+		$cdata =
+			  '!\[CDATA\['  // Start of comment, after the <.
+			. '[^\]]*+'     // Consume non-].
+			. '(?:'         // Unroll the loop: Consume everything until ]]> is found.
+			.     '](?!]>)' // One ] not followed by end of comment.
+			.     '[^\]]*+' // Consume non-].
+			. ')*+'         // Loop possessively.
+			. '(?:]]>)?';   // End of comment. If not found, match all input.
+
+		$regex =
+			  '/('              // Capture the entire match.
+			.     '<'           // Find start of element.
+			.     '(?(?=!--)'   // Is this a comment?
+			.         $comments // Find end of comment.
+			.     '|'
+			.         '(?(?=!\[CDATA\[)' // Is this a comment?
+			.             $cdata // Find end of comment.
+			.         '|'
+			.             '[^>]*>?' // Find end of element. If not found, match all input.
+			.         ')'
+			.     ')'
+			. ')/s';
+	}
+
+	return preg_split( $regex, $input, -1, PREG_SPLIT_DELIM_CAPTURE );
+}
+
+/**
+ * Replace characters or phrases within HTML elements only.
+ *
+ * @since 4.2.3
+ *
+ * @param string $haystack The text which has to be formatted.
+ * @param array $replace_pairs In the form array('from' => 'to', ...).
+ * @return string The formatted text.
+ */
+function wp_replace_in_html_tags( $haystack, $replace_pairs ) {
+	// Find all elements.
+	$textarr = wp_html_split( $haystack );
+	$changed = false;
+
+	// Optimize when searching for one item.
+	if ( 1 === count( $replace_pairs ) ) {
+		// Extract $needle and $replace.
+		foreach ( $replace_pairs as $needle => $replace );
+
+		// Loop through delimeters (elements) only.
+		for ( $i = 1, $c = count( $textarr ); $i < $c; $i += 2 ) { 
+			if ( false !== strpos( $textarr[$i], $needle ) ) {
+				$textarr[$i] = str_replace( $needle, $replace, $textarr[$i] );
+				$changed = true;
+			}
+		}
+	} else {
+		// Extract all $needles.
+		$needles = array_keys( $replace_pairs );
+
+		// Loop through delimeters (elements) only.
+		for ( $i = 1, $c = count( $textarr ); $i < $c; $i += 2 ) { 
+			foreach ( $needles as $needle ) {
+				if ( false !== strpos( $textarr[$i], $needle ) ) {
+					$textarr[$i] = strtr( $textarr[$i], $replace_pairs );
+					$changed = true;
+					// After one strtr() break out of the foreach loop and look at next element.
+					break;
+				}
+			}
+		}
+	}
+
+	if ( $changed ) {
+		$haystack = implode( $textarr );
+	}
+
+	return $haystack;
+}
+
 /**
  * Newline preservation help function for wpautop
  *
@@ -1052,7 +1155,8 @@ function remove_accents($string) {
  * operating systems and special characters requiring special escaping
  * to manipulate at the command line. Replaces spaces and consecutive
  * dashes with a single dash. Trims period, dash and underscore from beginning
- * and end of filename.
+ * and end of filename. It is not guaranteed that this function will return a
+ * filename that is allowed to be uploaded.
  *
  * @since 2.1.0
  *
@@ -1077,6 +1181,14 @@ function sanitize_file_name( $filename ) {
 	$filename = preg_replace( '/[\r\n\t -]+/', '-', $filename );
 	$filename = trim( $filename, '.-_' );
 
+	if ( false === strpos( $filename, '.' ) ) {
+		$mime_types = wp_get_mime_types();
+		$filetype = wp_check_filetype( 'test.' . $filename, $mime_types );
+		if ( $filetype['ext'] === $filename ) {
+			$filename = 'unnamed-file.' . $filetype['ext'];
+		}
+	}
+
 	// Split the filename into a base and extension[s]
 	$parts = explode('.', $filename);
 
@@ -1309,21 +1421,23 @@ function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'displa
 }
 
 /**
- * Ensures a string is a valid SQL order by clause.
+ * Ensures a string is a valid SQL 'order by' clause.
  *
- * Accepts one or more columns, with or without ASC/DESC, and also accepts
- * RAND().
+ * Accepts one or more columns, with or without a sort order (ASC / DESC).
+ * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
+ *
+ * Also accepts 'RAND()'.
  *
  * @since 2.5.1
  *
- * @param string $orderby Order by string to be checked.
- * @return false|string Returns the order by clause if it is a match, false otherwise.
+ * @param string $orderby Order by clause to be validated.
+ * @return string|bool Returns $orderby if valid, false otherwise.
  */
-function sanitize_sql_orderby( $orderby ){
-	preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
-	if ( !$obmatches )
-		return false;
-	return $orderby;
+function sanitize_sql_orderby( $orderby ) {
+	if ( preg_match( '/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby ) || preg_match( '/^\s*RAND\(\s*\)\s*$/i', $orderby ) ) {
+		return $orderby;
+	}
+	return false;
 }
 
 /**

wp-includes/functions.php

@@ -2049,7 +2049,7 @@ function wp_check_filetype( $filename, $mimes = null ) {
 	$ext = false;
 
 	foreach ( $mimes as $ext_preg => $mime_match ) {
-		$ext_preg = '!\.(' . $ext_preg . ')(\?.*)?$!i';
+		$ext_preg = '!\.(' . $ext_preg . ')$!i';
 		if ( preg_match( $ext_preg, $filename, $ext_matches ) ) {
 			$type = $mime_match;
 			$ext = $ext_matches[1];
@@ -2068,7 +2068,7 @@ function wp_check_filetype( $filename, $mimes = null ) {
  * If it's determined that the extension does not match the file's real type,
  * then the "proper_filename" value will be set with a proper filename and extension.
  *
- * Currently this function only supports validating images known to getimagesize().
+ * Currently this function only supports renaming images validated via wp_get_image_mime().
  *
  * @since 3.0.0
  *
@@ -2093,14 +2093,15 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
 		return compact( 'ext', 'type', 'proper_filename' );
 	}
 
-	// We're able to validate images using GD
-	if ( $type && 0 === strpos( $type, 'image/' ) && function_exists('getimagesize') ) {
+	// Validate image types.
+	if ( $type && 0 === strpos( $type, 'image/' ) ) {
 
 		// Attempt to figure out what type of image it actually is
-		$imgstats = @getimagesize( $file );
+		$real_mime = wp_get_image_mime( $file );
 
-		// If getimagesize() knows what kind of image it really is and if the real MIME doesn't match the claimed MIME
-		if ( !empty($imgstats['mime']) && $imgstats['mime'] != $type ) {
+		if ( ! $real_mime ) {
+			$type = $ext = false;
+		} elseif ( $real_mime != $type ) {
 			/**
 			 * Filter the list mapping image mime types to their respective extensions.
 			 *
@@ -2117,10 +2118,10 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
 			) );
 
 			// Replace whatever is after the last period in the filename with the correct extension
-			if ( ! empty( $mime_to_ext[ $imgstats['mime'] ] ) ) {
+			if ( ! empty( $mime_to_ext[ $real_mime ] ) ) {
 				$filename_parts = explode( '.', $filename );
 				array_pop( $filename_parts );
-				$filename_parts[] = $mime_to_ext[ $imgstats['mime'] ];
+				$filename_parts[] = $mime_to_ext[ $real_mime ];
 				$new_filename = implode( '.', $filename_parts );
 
 				if ( $new_filename != $filename ) {
@@ -2130,8 +2131,20 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
 				$wp_filetype = wp_check_filetype( $new_filename, $mimes );
 				$ext = $wp_filetype['ext'];
 				$type = $wp_filetype['type'];
+			} else {
+				$type = $ext = false;
 			}
 		}
+	} elseif ( function_exists( 'finfo_file' ) ) {
+		// Use finfo_file if available to validate non-image files.
+		$finfo = finfo_open( FILEINFO_MIME_TYPE );
+		$real_mime = finfo_file( $finfo, $file );
+		finfo_close( $finfo );
+
+		// If the extension does not match the file's real type, return false.
+		if ( $real_mime !== $type ) {
+			$type = $ext = false;
+		}
 	}
 
 	/**
@@ -2149,6 +2162,38 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
 	return apply_filters( 'wp_check_filetype_and_ext', compact( 'ext', 'type', 'proper_filename' ), $file, $filename, $mimes );
 }
 
+/**
+ * Returns the real mime type of an image file.
+ *
+ * This depends on exif_imagetype() or getimagesize() to determine real mime types.
+ *
+ * @since 4.7.1
+ *
+ * @param string $file Full path to the file.
+ * @return string|false The actual mime type or false if the type cannot be determined.
+ */
+function wp_get_image_mime( $file ) {
+	/*
+	 * Use exif_imagetype() to check the mimetype if available or fall back to
+	 * getimagesize() if exif isn't avaialbe. If either function throws an Exception
+	 * we assume the file could not be validated.
+	 */
+	try {
+		if ( is_callable( 'exif_imagetype' ) ) {
+			$mime = image_type_to_mime_type( exif_imagetype( $file ) );
+		} elseif ( function_exists( 'getimagesize' ) ) {
+			$imagesize = getimagesize( $file );
+			$mime = ( isset( $imagesize['mime'] ) ) ? $imagesize['mime'] : false;
+		} else {
+			$mime = false;
+		}
+	} catch ( Exception $e ) {
+		$mime = false;
+	}
+
+	return $mime;
+}
+
 /**
  * Retrieve list of mime types and file extensions.
  *

wp-includes/general-template.php

@@ -2587,20 +2587,18 @@ function language_attributes($doctype = 'html') {
 function paginate_links( $args = '' ) {
 	global $wp_query, $wp_rewrite;
 
-	$total        = ( isset( $wp_query->max_num_pages ) ) ? $wp_query->max_num_pages : 1;
-	$current      = ( get_query_var( 'paged' ) ) ? intval( get_query_var( 'paged' ) ) : 1;
+	// Setting up default values based on the current URL.
 	$pagenum_link = html_entity_decode( get_pagenum_link() );
-	$query_args   = array();
 	$url_parts    = explode( '?', $pagenum_link );
 
-	if ( isset( $url_parts[1] ) ) {
-		wp_parse_str( $url_parts[1], $query_args );
-		$query_args = urlencode_deep( $query_args );
-	}
+	// Get max pages and current page out of the current query, if available.
+	$total   = isset( $wp_query->max_num_pages ) ? $wp_query->max_num_pages : 1;
+	$current = get_query_var( 'paged' ) ? intval( get_query_var( 'paged' ) ) : 1;
 
-	$pagenum_link = remove_query_arg( array_keys( $query_args ), $pagenum_link );
-	$pagenum_link = trailingslashit( $pagenum_link ) . '%_%';
+	// Append the format placeholder to the base URL.
+	$pagenum_link = trailingslashit( $url_parts[0] ) . '%_%';
 
+	// URL base depends on permalink settings.
 	$format  = $wp_rewrite->using_index_permalinks() && ! strpos( $pagenum_link, 'index.php' ) ? 'index.php/' : '';
 	$format .= $wp_rewrite->using_permalinks() ? user_trailingslashit( $wp_rewrite->pagination_base . '/%#%', 'paged' ) : '?paged=%#%';
 
@@ -2616,7 +2614,7 @@ function paginate_links( $args = '' ) {
 		'end_size' => 1,
 		'mid_size' => 2,
 		'type' => 'plain',
-		'add_args' => $query_args, // array of query args to add
+		'add_args' => array(), // array of query args to add
 		'add_fragment' => '',
 		'before_page_number' => '',
 		'after_page_number' => ''
@@ -2624,6 +2622,21 @@ function paginate_links( $args = '' ) {
 
 	$args = wp_parse_args( $args, $defaults );
 
+	if ( ! is_array( $args['add_args'] ) ) {
+		$args['add_args'] = array();
+	}
+
+	// Merge additional query vars found in the original URL into 'add_args' array.
+	if ( isset( $url_parts[1] ) ) {
+		// Find the format argument.
+		$format_query = parse_url( str_replace( '%_%', $args['format'], $args['base'] ), PHP_URL_QUERY );
+		wp_parse_str( $format_query, $format_arg );
+
+		// Remove the format argument from the array of query arguments, to avoid overwriting custom format.
+		wp_parse_str( remove_query_arg( array_keys( $format_arg ), $url_parts[1] ), $query_args );
+		$args['add_args'] = array_merge( $args['add_args'], urlencode_deep( $query_args ) );
+	}
+
 	// Who knows what else people pass in $args
 	$total = (int) $args['total'];
 	if ( $total < 2 ) {
@@ -2638,7 +2651,7 @@ function paginate_links( $args = '' ) {
 	if ( $mid_size < 0 ) {
 		$mid_size = 2;
 	}
-	$add_args = is_array( $args['add_args'] ) ? $args['add_args'] : false;
+	$add_args = $args['add_args'];
 	$r = '';
 	$page_links = array();
 	$dots = false;
@@ -3113,3 +3126,18 @@ function wp_heartbeat_settings( $settings ) {
 
 	return $settings;
 }
+
+/**
+ * Temporary function to add a missing style rule to the themes page.
+ * This avoids the need to ship an entirely rebuilt wp-admin.css in partial builds.
+ *
+ * @since 4.1.1
+ * @ignore
+ */
+function _wp_add_themesphp_notice_styling() {
+	global $pagenow;
+	if ( 'themes.php' == $pagenow ) {
+		echo "<style type='text/css'>.themes-php div.notice { margin: 0 0 20px 0; clear: both; }</style>\n";
+	}
+}
+add_action( 'admin_head', '_wp_add_themesphp_notice_styling' );

wp-includes/http.php

@@ -466,7 +466,7 @@ function wp_http_validate_url( $url ) {
 
 	if ( ! $same_host ) {
 		$host = trim( $parsed_url['host'], '.' );
-		if ( preg_match( '#^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $host ) ) {
+		if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) {
 			$ip = $host;
 		} else {
 			$ip = gethostbyname( $host );
@@ -475,7 +475,7 @@ function wp_http_validate_url( $url ) {
 		}
 		if ( $ip ) {
 			$parts = array_map( 'intval', explode( '.', $ip ) );
-			if ( 127 === $parts[0] || 10 === $parts[0]
+			if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0]
 				|| ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
 				|| ( 192 === $parts[0] && 168 === $parts[1] )
 			) {

wp-includes/js/mce-view.js

@@ -131,6 +131,14 @@ window.wp = window.wp || {};
 				importStyles = this.type === 'video' || this.type === 'audio' || this.type === 'playlist';
 
 			if ( head || body.indexOf( '<script' ) !== -1 ) {
+				if ( body.indexOf( '[' ) !== -1 && body.indexOf( ']' ) !== -1 ) {
+					var shortcodesRegExp = new RegExp( '\\[\\/?(?:' + window.mceViewL10n.shortcodes.join( '|' ) + ')[^\\]]*?\\]', 'g' );
+					// Escape tags inside shortcode previews.
+					body = body.replace( shortcodesRegExp, function( match ) {
+						return match.replace( /</g, '&lt;' ).replace( />/g, '&gt;' );
+					} );
+				}
+
 				this.getNodes( function ( editor, node, content ) {
 					var dom = editor.dom,
 						styles = '',

wp-includes/js/media-audiovideo.js

@@ -53,7 +53,7 @@
 			}
 
 			if ( 'native' !== t.media.pluginType ) {
-				t.media.remove();
+				t.$media.remove();
 			}
 
 			delete window.mejs.players[t.id];

wp-includes/js/media-grid.js

@@ -298,7 +298,9 @@
 			media.mixin.removeAllPlayers();
 			this.$( 'audio, video' ).each( function (i, elem) {
 				var el = media.view.MediaDetails.prepareSrc( elem );
-				new MediaElementPlayer( el, media.mixin.mejsSettings );
+				setTimeout( function() {
+					new MediaElementPlayer( el, media.mixin.mejsSettings );
+				}, 0 );
 			} );
 		}
 	});

wp-includes/js/plupload/handlers.js

@@ -328,15 +328,24 @@ function uploadError(fileObj, errorCode, message, uploader) {
 	}
 }
 
-function uploadSizeError( up, file, over100mb ) {
-	var message;
+function uploadSizeError( up, file ) {
+	var message, errorDiv;
 
-	if ( over100mb )
-		message = pluploadL10n.big_upload_queued.replace('%s', file.name) + ' ' + pluploadL10n.big_upload_failed.replace('%1$s', '<a class="uploader-html" href="#">').replace('%2$s', '</a>');
-	else
-		message = pluploadL10n.file_exceeds_size_limit.replace('%s', file.name);
+	message = pluploadL10n.file_exceeds_size_limit.replace('%s', file.name);
 
-	jQuery('#media-items').append('<div id="media-item-' + file.id + '" class="media-item error"><p>' + message + '</p></div>');
+	// Construct the error div.
+	errorDiv = jQuery( '<div />' )
+		.attr( {
+			'id':    'media-item-' + file.id,
+			'class': 'media-item error'
+		} )
+		.append(
+			jQuery( '<p />' )
+				.text( message )
+		);
+
+	// Append the error.
+	jQuery('#media-items').append( errorDiv );
 	up.removeFile(file);
 }
 

wp-includes/js/tinymce/plugins/wordpress/plugin.js

@@ -106,6 +106,10 @@ tinymce.PluginManager.add( 'wordpress', function( editor ) {
 					'<img src="' + tinymce.Env.transparentSrc + '" data-wp-more="nextpage" class="wp-more-tag mce-wp-nextpage" ' +
 						'title="' + title + '" data-mce-resize="false" data-mce-placeholder="1" />' );
 			}
+
+			if ( e.content.indexOf( '<?"' ) !== -1 ) {
+				e.content = e.content.replace( /<\?"/g, '' );
+			}
 		}
 	});
 

wp-includes/js/tinymce/plugins/wpeditimage/plugin.js

@@ -185,7 +185,7 @@ tinymce.PluginManager.add( 'wpeditimage', function( editor ) {
 		windowWidth = window.innerWidth;
 		toolbarWidth = toolbarNode.offsetWidth;
 		toolbarHalf = toolbarWidth / 2;
-		iframe = editor.getContentAreaContainer().firstChild;
+		iframe = document.getElementById( editor.id + '_ifr' );
 		iframePos = DOM.getPos( iframe );
 		iframeWidth = iframe.offsetWidth;
 		iframeHeigth = iframe.offsetHeight;
@@ -238,7 +238,9 @@ tinymce.PluginManager.add( 'wpeditimage', function( editor ) {
 		left = boundaryMiddle - toolbarHalf;
 		left += iframePos.x;
 
-		if ( toolbarWidth >= windowWidth ) {
+		if ( boundary.left < 0 || boundary.right > iframeWidth ) {
+			left = iframePos.x + ( iframeWidth - toolbarWidth ) / 2;
+		} else if ( toolbarWidth >= windowWidth ) {
 			className += ' mce-arrow-full';
 			left = 0;
 		} else if ( ( left < 0 && boundary.left + toolbarWidth > windowWidth ) ||

wp-includes/js/wplink.js

@@ -210,6 +210,13 @@ var wpLink;
 
 			attrs = wpLink.getAttrs();
 
+			var parser = document.createElement( 'a' );
+			parser.href = attrs.href;
+
+			if ( 'javascript:' === parser.protocol || 'data:' === parser.protocol ) { // jshint ignore:line
+				attrs.href = '';
+			}
+
 			// If there's no href, return.
 			if ( ! attrs.href || attrs.href == 'http://' )
 				return;
@@ -223,7 +230,7 @@ var wpLink;
 			}
 
 			if ( attrs.target ) {
-				html += ' target="' + attrs.target + '"';
+				html += ' rel="noopener" target="' + attrs.target + '"';
 			}
 
 			html += '>';
@@ -275,6 +282,13 @@ var wpLink;
 
 			link = editor.dom.getParent( editor.selection.getNode(), 'a[href]' );
 
+			var parser = document.createElement( 'a' );
+			parser.href = attrs.href;
+
+			if ( 'javascript:' === parser.protocol || 'data:' === parser.protocol ) { // jshint ignore:line
+				attrs.href = '';
+			}
+
 			// If the values are empty, unlink and return
 			if ( ! attrs.href || attrs.href == 'http://' ) {
 				editor.execCommand( 'unlink' );

wp-includes/kses.php

@@ -527,6 +527,82 @@ function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
 	return wp_kses_split($string, $allowed_html, $allowed_protocols);
 }
 
+/**
+ * Filters one attribute only and ensures its value is allowed.
+ *
+ * This function has the advantage of being more secure than esc_attr() and can
+ * escape data in some situations where wp_kses() must strip the whole attribute.
+ *
+ * @since 4.2.3
+ *
+ * @param string $string The 'whole' attribute, including name and value.
+ * @param string $element The element name to which the attribute belongs.
+ * @return string Filtered attribute.
+ */
+function wp_kses_one_attr( $string, $element ) {
+	$uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
+	$allowed_html = wp_kses_allowed_html( 'post' );
+	$allowed_protocols = wp_allowed_protocols();
+	$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
+	$string = wp_kses_js_entities( $string );
+	$string = wp_kses_normalize_entities( $string );
+
+	// Preserve leading and trailing whitespace.
+	$matches = array();
+	preg_match('/^\s*/', $string, $matches);
+	$lead = $matches[0];
+	preg_match('/\s*$/', $string, $matches);
+	$trail = $matches[0];
+	if ( empty( $trail ) ) {
+		$string = substr( $string, strlen( $lead ) );
+	} else {
+		$string = substr( $string, strlen( $lead ), -strlen( $trail ) );
+	}
+	
+	// Parse attribute name and value from input.
+	$split = preg_split( '/\s*=\s*/', $string, 2 );
+	$name = $split[0];
+	if ( count( $split ) == 2 ) {
+		$value = $split[1];
+
+		// Remove quotes surrounding $value.
+		// Also guarantee correct quoting in $string for this one attribute.
+		if ( '' == $value ) {
+			$quote = '';
+		} else {
+			$quote = $value[0];
+		}
+		if ( '"' == $quote || "'" == $quote ) {
+			if ( substr( $value, -1 ) != $quote ) {
+				return '';
+			}
+			$value = substr( $value, 1, -1 );
+		} else {
+			$quote = '"';
+		}
+
+		// Sanitize quotes and angle braces.
+		$value = htmlspecialchars( $value, ENT_QUOTES, null, false );
+
+		// Sanitize URI values.
+		if ( in_array( strtolower( $name ), $uris ) ) {
+			$value = wp_kses_bad_protocol( $value, $allowed_protocols );
+		}
+
+		$string = "$name=$quote$value$quote";
+		$vless = 'n';
+	} else {
+		$value = '';
+		$vless = 'y';
+	}
+	
+	// Sanitize attribute by name.
+	wp_kses_attr_check( $name, $value, $string, $vless, $element, $allowed_html );
+
+	// Restore whitespace.
+	return $lead . $string . $trail;
+}
+
 /**
  * Return a list of allowed tags and attributes for a given context.
  *
@@ -747,45 +823,11 @@ function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
 	# Go through $attrarr, and save the allowed attributes for this element
 	# in $attr2
 	$attr2 = '';
-
-	$allowed_attr = $allowed_html[strtolower($element)];
-	foreach ($attrarr as $arreach) {
-		if ( ! isset( $allowed_attr[strtolower($arreach['name'])] ) )
-			continue; # the attribute is not allowed
-
-		$current = $allowed_attr[strtolower($arreach['name'])];
-		if ( $current == '' )
-			continue; # the attribute is not allowed
-
-		if ( strtolower( $arreach['name'] ) == 'style' ) {
-			$orig_value = $arreach['value'];
-			$value = safecss_filter_attr( $orig_value );
-
-			if ( empty( $value ) )
-				continue;
-
-			$arreach['value'] = $value;
-			$arreach['whole'] = str_replace( $orig_value, $value, $arreach['whole'] );
-		}
-
-		if ( ! is_array($current) ) {
+	foreach ( $attrarr as $arreach ) {
+		if ( wp_kses_attr_check( $arreach['name'], $arreach['value'], $arreach['whole'], $arreach['vless'], $element, $allowed_html ) ) {
 			$attr2 .= ' '.$arreach['whole'];
-		# there are no checks
-
-		} else {
-			# there are some checks
-			$ok = true;
-			foreach ($current as $currkey => $currval) {
-				if ( ! wp_kses_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval) ) {
-					$ok = false;
-					break;
-				}
-			}
-
-			if ( $ok )
-				$attr2 .= ' '.$arreach['whole']; # it passed them
-		} # if !is_array($current)
-	} # foreach
+		}
+	}
 
 	# Remove any "<" or ">" characters
 	$attr2 = preg_replace('/[<>]/', '', $attr2);
@@ -793,6 +835,53 @@ function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
 	return "<$element$attr2$xhtml_slash>";
 }
 
+/**
+ * Determine whether an attribute is allowed.
+ *
+ * @since 4.2.3
+ *
+ * @param string $name The attribute name. Returns empty string when not allowed.
+ * @param string $value The attribute value. Returns a filtered value.
+ * @param string $whole The name=value input. Returns filtered input.
+ * @param string $vless 'y' when attribute like "enabled", otherwise 'n'.
+ * @param string $element The name of the element to which this attribute belongs.
+ * @param array $allowed_html The full list of allowed elements and attributes.
+ * @return bool Is the attribute allowed?
+ */
+function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) {
+	$allowed_attr = $allowed_html[strtolower( $element )];
+
+	$name_low = strtolower( $name );
+	if ( ! isset( $allowed_attr[$name_low] ) || '' == $allowed_attr[$name_low] ) {
+		$name = $value = $whole = '';
+		return false;
+	}
+
+	if ( 'style' == $name_low ) {
+		$new_value = safecss_filter_attr( $value );
+
+		if ( empty( $new_value ) ) {
+			$name = $value = $whole = '';
+			return false;
+		}
+
+		$whole = str_replace( $value, $new_value, $whole );
+		$value = $new_value;
+	}
+
+	if ( is_array( $allowed_attr[$name_low] ) ) {
+		// there are some checks
+		foreach ( $allowed_attr[$name_low] as $currkey => $currval ) {
+			if ( ! wp_kses_check_attr_val( $value, $vless, $currkey, $currval ) ) {
+				$name = $value = $whole = '';
+				return false;
+			}
+		}
+	}
+
+	return true;
+}
+
 /**
  * Builds an attribute list from string containing attributes.
  *
@@ -922,6 +1011,109 @@ function wp_kses_hair($attr, $allowed_protocols) {
 	return $attrarr;
 }
 
+/**
+ * Finds all attributes of an HTML element.
+ *
+ * Does not modify input.  May return "evil" output.
+ *
+ * Based on wp_kses_split2() and wp_kses_attr()
+ *
+ * @since 4.2.3
+ *
+ * @param string $element HTML element/tag
+ * @return array|bool List of attributes found in $element. Returns false on failure.
+ */
+function wp_kses_attr_parse( $element ) {
+	$valid = preg_match('%^(<\s*)(/\s*)?([a-zA-Z0-9]+\s*)([^>]*)(>?)$%', $element, $matches);
+	if ( 1 !== $valid ) {
+		return false;
+	}
+
+	$begin =  $matches[1];
+	$slash =  $matches[2];
+	$elname = $matches[3];
+	$attr =   $matches[4];
+	$end =    $matches[5];
+
+	if ( '' !== $slash ) {
+		// Closing elements do not get parsed.
+		return false;
+	}
+
+	// Is there a closing XHTML slash at the end of the attributes?
+	if ( 1 === preg_match( '%\s*/\s*$%', $attr, $matches ) ) {
+		$xhtml_slash = $matches[0];
+		$attr = substr( $attr, 0, -strlen( $xhtml_slash ) );
+	} else {
+		$xhtml_slash = '';
+	}
+	
+	// Split it
+	$attrarr = wp_kses_hair_parse( $attr );
+	if ( false === $attrarr ) {
+		return false;
+	}
+
+	// Make sure all input is returned by adding front and back matter.
+	array_unshift( $attrarr, $begin . $slash . $elname );
+	array_push( $attrarr, $xhtml_slash . $end );
+	
+	return $attrarr;
+}
+
+/**
+ * Builds an attribute list from string containing attributes.
+ *
+ * Does not modify input.  May return "evil" output.
+ * In case of unexpected input, returns false instead of stripping things.
+ *
+ * Based on wp_kses_hair() but does not return a multi-dimensional array.
+ *
+ * @since 4.2.3
+ *
+ * @param string $attr Attribute list from HTML element to closing HTML element tag
+ * @return array|bool List of attributes found in $attr. Returns false on failure.
+ */
+function wp_kses_hair_parse( $attr ) {
+	if ( '' === $attr ) {
+		return array();
+	}
+
+	$regex =
+	  '(?:'
+	.     '[-a-zA-Z:]+'   // Attribute name.
+	. '|'
+	.     '\[\[?[^\[\]]+\]\]?' // Shortcode in the name position implies unfiltered_html.
+	. ')'
+	. '(?:'               // Attribute value.
+	.     '\s*=\s*'       // All values begin with '='
+	.     '(?:'
+	.         '"[^"]*"'   // Double-quoted
+	.     '|'
+	.         "'[^']*'"   // Single-quoted
+	.     '|'
+	.         '[^\s"\']+' // Non-quoted
+	.         '(?:\s|$)'  // Must have a space
+	.     ')'
+	. '|'
+	.     '(?:\s|$)'      // If attribute has no value, space is required.
+	. ')'
+	. '\s*';              // Trailing space is optional except as mentioned above.
+
+	// Although it is possible to reduce this procedure to a single regexp,
+	// we must run that regexp twice to get exactly the expected result.
+
+	$validation = "%^($regex)+$%";
+	$extraction = "%$regex%";
+
+	if ( 1 === preg_match( $validation, $attr ) ) {
+		preg_match_all( $extraction, $attr, $attrarr );
+		return $attrarr[0];
+	} else {
+		return false;
+	}
+}
+
 /**
  * Performs different checks for attribute values.
  *

wp-includes/link-template.php

@@ -2310,8 +2310,8 @@ function get_the_posts_pagination( $args = array() ) {
 	if ( $GLOBALS['wp_query']->max_num_pages > 1 ) {
 		$args = wp_parse_args( $args, array(
 			'mid_size'           => 1,
-			'prev_text'          => __( 'Previous' ),
-			'next_text'          => __( 'Next' ),
+			'prev_text'          => _x( 'Previous', 'previous post' ),
+			'next_text'          => _x( 'Next', 'next post' ),
 			'screen_reader_text' => __( 'Posts navigation' ),
 		) );
 

wp-includes/media.php

@@ -813,6 +813,8 @@ function img_caption_shortcode( $attr, $content = null ) {
 			$content = $matches[1];
 			$attr['caption'] = trim( $matches[2] );
 		}
+	} elseif ( strpos( $attr['caption'], '<' ) !== false ) {
+		$attr['caption'] = wp_kses( $attr['caption'], 'post' );
 	}
 
 	/**
@@ -2295,7 +2297,7 @@ function wp_embed_handler_googlevideo( $matches, $attr, $url, $rawattr ) {
  */
 function wp_embed_handler_youtube( $matches, $attr, $url, $rawattr ) {
 	global $wp_embed;
-	$embed = $wp_embed->autoembed( "https://youtube.com/watch?v={$matches[2]}" );
+	$embed = $wp_embed->autoembed( sprintf( "https://youtube.com/watch?v=%s", urlencode( $matches[2] ) ) );
 	/**
 	 * Filter the YoutTube embed output.
 	 *

wp-includes/ms-functions.php

@@ -713,7 +713,7 @@ function wpmu_validate_blog_signup( $blogname, $blog_title, $user = '' ) {
 function wpmu_signup_blog( $domain, $path, $title, $user, $user_email, $meta = array() )  {
 	global $wpdb;
 
-	$key = substr( md5( time() . rand() . $domain ), 0, 16 );
+	$key = substr( md5( time() . wp_rand() . $domain ), 0, 16 );
 	$meta = serialize($meta);
 
 	$wpdb->insert( $wpdb->signups, array(
@@ -748,7 +748,7 @@ function wpmu_signup_user( $user, $user_email, $meta = array() ) {
 	// Format data
 	$user = preg_replace( '/\s+/', '', sanitize_user( $user, true ) );
 	$user_email = sanitize_email( $user_email );
-	$key = substr( md5( time() . rand() . $user_email ), 0, 16 );
+	$key = substr( md5( time() . wp_rand() . $user_email ), 0, 16 );
 	$meta = serialize($meta);
 
 	$wpdb->insert( $wpdb->signups, array(

wp-includes/pluggable.php

@@ -1007,18 +1007,14 @@ function auth_redirect() {
 		}
 	}
 
-	if ( is_user_admin() ) {
-		$scheme = 'logged_in';
-	} else {
-		/**
-		 * Filter the authentication redirect scheme.
-		 *
-		 * @since 2.9.0
-		 *
-		 * @param string $scheme Authentication redirect scheme. Default empty.
-		 */
-		$scheme = apply_filters( 'auth_redirect_scheme', '' );
-	}
+	/**
+	 * Filters the authentication redirect scheme.
+	 *
+	 * @since 2.9.0
+	 *
+	 * @param string $scheme Authentication redirect scheme. Default empty.
+	 */
+	$scheme = apply_filters( 'auth_redirect_scheme', '' );
 
 	if ( $user_id = wp_validate_auth_cookie( '',  $scheme) ) {
 		/**
@@ -1244,7 +1240,7 @@ if ( !function_exists('wp_validate_redirect') ) :
  * @return string redirect-sanitized URL
  **/
 function wp_validate_redirect($location, $default = '') {
-	$location = trim( $location );
+	$location = trim( $location, " \t\n\r\0\x08\x0B" );
 	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
 	if ( substr($location, 0, 2) == '//' )
 		$location = 'http:' . $location;
@@ -1252,7 +1248,8 @@ function wp_validate_redirect($location, $default = '') {
 	// In php 5 parse_url may fail if the URL query part contains http://, bug #38143
 	$test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location;
 
-	$lp  = parse_url($test);
+	// @-operator is used to prevent possible warnings in PHP < 5.3.3.
+	$lp = @parse_url($test);
 
 	// Give up if malformed URL
 	if ( false === $lp )
@@ -1262,9 +1259,17 @@ function wp_validate_redirect($location, $default = '') {
 	if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )
 		return $default;
 
-	// Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
-	if ( isset($lp['scheme'])  && !isset($lp['host']) )
+	// Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
+	if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
 		return $default;
+	}
+
+	// Reject malformed components parse_url() can return on odd inputs.
+	foreach ( array( 'user', 'pass', 'host' ) as $component ) {
+		if ( isset( $lp[ $component ] ) && strpbrk( $lp[ $component ], ':/?#@' ) ) {
+			return $default;
+		}
+	}
 
 	$wpp = parse_url(home_url());
 

wp-includes/post-template.php

@@ -1506,7 +1506,7 @@ function wp_get_attachment_link( $id = 0, $size = 'thumbnail', $permalink = fals
 	 * @param bool        $icon      Whether to include an icon. Default false.
 	 * @param string|bool $text      If string, will be link text. Default false.
 	 */
-	return apply_filters( 'wp_get_attachment_link', "<a href='$url'>$link_text</a>", $id, $size, $permalink, $icon, $text );
+	return apply_filters( 'wp_get_attachment_link', "<a href='" . esc_url( $url ) . "'>$link_text</a>", $id, $size, $permalink, $icon, $text );
 }
 
 /**

wp-includes/post.php

@@ -2888,10 +2888,11 @@ function wp_untrash_post_comments( $post = null ) {
 
 	foreach ( $group_by_status as $status => $comments ) {
 		// Sanity check. This shouldn't happen.
-		if ( 'post-trashed' == $status )
+		if ( 'post-trashed' == $status ) {
 			$status = '0';
-		$comments_in = implode( "', '", $comments );
-		$wpdb->query( "UPDATE $wpdb->comments SET comment_approved = '$status' WHERE comment_ID IN ('" . $comments_in . "')" );
+		}
+		$comments_in = implode( ', ', array_map( 'intval', $comments ) );
+		$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->comments SET comment_approved = %s WHERE comment_ID IN ($comments_in)", $status ) );
 	}
 
 	clean_comment_cache( array_keys($statuses) );
@@ -4175,10 +4176,10 @@ function get_page_by_path( $page_path, $output = OBJECT, $post_type = 'page' ) {
 	$page_path = str_replace('%2F', '/', $page_path);
 	$page_path = str_replace('%20', ' ', $page_path);
 	$parts = explode( '/', trim( $page_path, '/' ) );
-	$parts = esc_sql( $parts );
 	$parts = array_map( 'sanitize_title_for_query', $parts );
+	$escaped_parts = esc_sql( $parts );
 
-	$in_string = "'" . implode( "','", $parts ) . "'";
+	$in_string = "'" . implode( "','", $escaped_parts ) . "'";
 
 	if ( is_array( $post_type ) ) {
 		$post_types = $post_type;

wp-includes/query.php

@@ -2910,14 +2910,15 @@ class WP_Query {
 
 		if ( 'any' == $post_type ) {
 			$in_search_post_types = get_post_types( array('exclude_from_search' => false) );
-			if ( empty( $in_search_post_types ) )
+			if ( empty( $in_search_post_types ) ) {
 				$where .= ' AND 1=0 ';
-			else
-				$where .= " AND $wpdb->posts.post_type IN ('" . join("', '", $in_search_post_types ) . "')";
+			} else {
+				$where .= " AND {$wpdb->posts}.post_type IN ('" . join( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')";
+			}
 		} elseif ( !empty( $post_type ) && is_array( $post_type ) ) {
-			$where .= " AND $wpdb->posts.post_type IN ('" . join("', '", $post_type) . "')";
+			$where .= " AND {$wpdb->posts}.post_type IN ('" . join("', '", esc_sql( $post_type ) ) . "')";
 		} elseif ( ! empty( $post_type ) ) {
-			$where .= " AND $wpdb->posts.post_type = '$post_type'";
+			$where .= $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type );
 			$post_type_object = get_post_type_object ( $post_type );
 		} elseif ( $this->is_attachment ) {
 			$where .= " AND $wpdb->posts.post_type = 'attachment'";

wp-includes/script-loader.php

@@ -177,9 +177,9 @@ function wp_default_scripts( &$scripts ) {
 	$scripts->add( 'jquery-effects-fade', "/wp-includes/js/jquery/ui/effect-fade$dev_suffix.js", array('jquery-effects-core'), '1.11.2', 1 );
 	$scripts->add( 'jquery-effects-fold', "/wp-includes/js/jquery/ui/effect-fold$dev_suffix.js", array('jquery-effects-core'), '1.11.2', 1 );
 	$scripts->add( 'jquery-effects-highlight', "/wp-includes/js/jquery/ui/effect-highlight$dev_suffix.js", array('jquery-effects-core'), '1.11.2', 1 );
-	$scripts->add( 'jquery-effects-puff', "/wp-includes/js/jquery/ui/effect-puff$dev_suffix.js", array('jquery-effects-core'), '1.11.2', 1 );
+	$scripts->add( 'jquery-effects-puff', "/wp-includes/js/jquery/ui/effect-puff$dev_suffix.js", array('jquery-effects-core', 'jquery-effects-scale'), '1.11.2', 1 );
 	$scripts->add( 'jquery-effects-pulsate', "/wp-includes/js/jquery/ui/effect-pulsate$dev_suffix.js", array('jquery-effects-core'), '1.11.2', 1 );
-	$scripts->add( 'jquery-effects-scale', "/wp-includes/js/jquery/ui/effect-scale$dev_suffix.js", array('jquery-effects-core'), '1.11.2', 1 );
+	$scripts->add( 'jquery-effects-scale', "/wp-includes/js/jquery/ui/effect-scale$dev_suffix.js", array('jquery-effects-core', 'jquery-effects-size'), '1.11.2', 1 );
 	$scripts->add( 'jquery-effects-shake', "/wp-includes/js/jquery/ui/effect-shake$dev_suffix.js", array('jquery-effects-core'), '1.11.2', 1 );
 	$scripts->add( 'jquery-effects-size', "/wp-includes/js/jquery/ui/effect-size$dev_suffix.js", array('jquery-effects-core'), '1.11.2', 1 );
 	$scripts->add( 'jquery-effects-slide', "/wp-includes/js/jquery/ui/effect-slide$dev_suffix.js", array('jquery-effects-core'), '1.11.2', 1 );
@@ -706,6 +706,9 @@ function wp_just_in_time_script_localization() {
 		'blog_id' => get_current_blog_id(),
 	) );
 
+	wp_localize_script( 'mce-view', 'mceViewL10n', array(
+		'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array()
+	) );
 }
 
 /**

wp-includes/shortcodes.php

@@ -181,9 +181,10 @@ function has_shortcode( $content, $tag ) {
  * @uses $shortcode_tags
  *
  * @param string $content Content to search for shortcodes
+ * @param bool $ignore_html When true, shortcodes inside HTML elements will be skipped.
  * @return string Content with shortcodes filtered out.
  */
-function do_shortcode($content) {
+function do_shortcode( $content, $ignore_html = false ) {
 	global $shortcode_tags;
 
 	if ( false === strpos( $content, '[' ) ) {
@@ -193,8 +194,24 @@ function do_shortcode($content) {
 	if (empty($shortcode_tags) || !is_array($shortcode_tags))
 		return $content;
 
+	$tagnames = array_keys($shortcode_tags);
+	$tagregexp = join( '|', array_map('preg_quote', $tagnames) );
+	$pattern = "/\\[($tagregexp)/s";
+
+	if ( 1 !== preg_match( $pattern, $content ) ) {
+		// Avoids parsing HTML when there are no shortcodes or embeds anyway.
+		return $content;
+	}
+
+	$content = do_shortcodes_in_html_tags( $content, $ignore_html );
+
 	$pattern = get_shortcode_regex();
-	return preg_replace_callback( "/$pattern/s", 'do_shortcode_tag', $content );
+	$content = preg_replace_callback( "/$pattern/s", 'do_shortcode_tag', $content );
+	
+	// Always restore square braces so we don't break things like <!--[if IE ]>
+	$content = unescape_invalid_shortcodes( $content );
+	
+	return $content;
 }
 
 /**
@@ -287,6 +304,127 @@ function do_shortcode_tag( $m ) {
 	}
 }
 
+/**
+ * Search only inside HTML elements for shortcodes and process them.
+ *
+ * Any [ or ] characters remaining inside elements will be HTML encoded
+ * to prevent interference with shortcodes that are outside the elements.
+ * Assumes $content processed by KSES already.  Users with unfiltered_html
+ * capability may get unexpected output if angle braces are nested in tags.
+ *
+ * @since 4.2.3
+ *
+ * @param string $content Content to search for shortcodes
+ * @param bool $ignore_html When true, all square braces inside elements will be encoded.
+ * @return string Content with shortcodes filtered out.
+ */
+function do_shortcodes_in_html_tags( $content, $ignore_html ) {
+	// Normalize entities in unfiltered HTML before adding placeholders.
+	$trans = array( '&#91;' => '&#091;', '&#93;' => '&#093;' );
+	$content = strtr( $content, $trans );
+	$trans = array( '[' => '&#91;', ']' => '&#93;' );
+	
+	$pattern = get_shortcode_regex();
+	$textarr = wp_html_split( $content );
+
+	foreach ( $textarr as &$element ) {
+		if ( '' == $element || '<' !== $element[0] ) {
+			continue;
+		}
+
+		$noopen = false === strpos( $element, '[' );
+		$noclose = false === strpos( $element, ']' );
+		if ( $noopen || $noclose ) {
+			// This element does not contain shortcodes.
+			if ( $noopen xor $noclose ) {
+				// Need to encode stray [ or ] chars.
+				$element = strtr( $element, $trans );
+			}
+			continue;
+		}
+
+		if ( $ignore_html || '<!--' === substr( $element, 0, 4 ) || '<![CDATA[' === substr( $element, 0, 9 ) ) {
+			// Encode all [ and ] chars.
+			$element = strtr( $element, $trans );
+			continue;
+		}
+
+		$attributes = wp_kses_attr_parse( $element );
+		if ( false === $attributes ) {
+			// Some plugins are doing things like [name] <[email]>.
+			if ( 1 === preg_match( '%^<\s*\[\[?[^\[\]]+\]%', $element ) ) {
+				$element = preg_replace_callback( "/$pattern/s", 'do_shortcode_tag', $element );
+			}
+
+			// Looks like we found some crazy unfiltered HTML.  Skipping it for sanity.
+			$element = strtr( $element, $trans );
+			continue;
+		}
+		
+		// Get element name
+		$front = array_shift( $attributes );
+		$back = array_pop( $attributes );
+		$matches = array();
+		preg_match('%[a-zA-Z0-9]+%', $front, $matches);
+		$elname = $matches[0];
+		
+		// Look for shortcodes in each attribute separately.
+		foreach ( $attributes as &$attr ) {
+			$open = strpos( $attr, '[' );
+			$close = strpos( $attr, ']' );
+			if ( false === $open || false === $close ) {
+				continue; // Go to next attribute.  Square braces will be escaped at end of loop.
+			}
+			$double = strpos( $attr, '"' );
+			$single = strpos( $attr, "'" );
+			if ( ( false === $single || $open < $single ) && ( false === $double || $open < $double ) ) {
+				// $attr like '[shortcode]' or 'name = [shortcode]' implies unfiltered_html.
+				// In this specific situation we assume KSES did not run because the input
+				// was written by an administrator, so we should avoid changing the output
+				// and we do not need to run KSES here.
+				$attr = preg_replace_callback( "/$pattern/s", 'do_shortcode_tag', $attr );
+			} else {
+				// $attr like 'name = "[shortcode]"' or "name = '[shortcode]'"
+				// We do not know if $content was unfiltered. Assume KSES ran before shortcodes.
+				$count = 0;
+				$new_attr = preg_replace_callback( "/$pattern/s", 'do_shortcode_tag', $attr, -1, $count );
+				if ( $count > 0 ) {
+					// Sanitize the shortcode output using KSES.
+					$new_attr = wp_kses_one_attr( $new_attr, $elname );
+					if ( '' !== $new_attr ) {
+						// The shortcode is safe to use now.
+						$attr = $new_attr;
+					}
+				}
+			}
+		}
+		$element = $front . implode( '', $attributes ) . $back;
+		
+		// Now encode any remaining [ or ] chars.
+		$element = strtr( $element, $trans );
+	}
+	
+	$content = implode( '', $textarr );
+	
+	return $content;
+}
+
+/**
+ * Remove placeholders added by do_shortcodes_in_html_tags().
+ *
+ * @since 4.2.3
+ *
+ * @param string $content Content to search for placeholders.
+ * @return string Content with placeholders removed.
+ */
+function unescape_invalid_shortcodes( $content ) {
+        // Clean up entire string, avoids re-parsing HTML.
+        $trans = array( '&#91;' => '[', '&#93;' => ']' );
+        $content = strtr( $content, $trans );
+        
+        return $content;
+}
+
 /**
  * Retrieve all attributes from the shortcodes tag.
  *
@@ -316,6 +454,15 @@ function shortcode_parse_atts($text) {
 			elseif (isset($m[8]))
 				$atts[] = stripcslashes($m[8]);
 		}
+
+		// Reject any unclosed HTML elements
+		foreach( $atts as &$value ) {
+			if ( false !== strpos( $value, '<' ) ) {
+				if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) {
+					$value = '';
+				}
+			}
+		}
 	} else {
 		$atts = ltrim($text);
 	}
@@ -386,9 +533,15 @@ function strip_shortcodes( $content ) {
 	if (empty($shortcode_tags) || !is_array($shortcode_tags))
 		return $content;
 
-	$pattern = get_shortcode_regex();
+	$content = do_shortcodes_in_html_tags( $content, true );
 
-	return preg_replace_callback( "/$pattern/s", 'strip_shortcode_tag', $content );
+	$pattern = get_shortcode_regex();
+	$content = preg_replace_callback( "/$pattern/s", 'strip_shortcode_tag', $content );
+
+	// Always restore square braces so we don't break things like <!--[if IE ]>
+	$content = unescape_invalid_shortcodes( $content );
+	
+	return $content;
 }
 
 function strip_shortcode_tag( $m ) {

wp-includes/taxonomy.php

@@ -593,7 +593,7 @@ function get_objects_in_term( $term_ids, $taxonomies, $args = array() ) {
 
 	$term_ids = array_map('intval', $term_ids );
 
-	$taxonomies = "'" . implode( "', '", $taxonomies ) . "'";
+	$taxonomies = "'" . implode( "', '", array_map( 'esc_sql', $taxonomies ) ) . "'";
 	$term_ids = "'" . implode( "', '", $term_ids ) . "'";
 
 	$object_ids = $wpdb->get_col("SELECT tr.object_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ($taxonomies) AND tt.term_id IN ($term_ids) ORDER BY tr.object_id $order");
@@ -1735,7 +1735,7 @@ function get_terms( $taxonomies, $args = '' ) {
 		$order = 'ASC';
 	}
 
-	$where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";
+	$where = "tt.taxonomy IN ('" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "')";
 
 	$exclude = $args['exclude'];
 	$exclude_tree = $args['exclude_tree'];
@@ -2638,7 +2638,7 @@ function wp_get_object_terms($object_ids, $taxonomies, $args = array()) {
 	if ( '' !== $order && ! in_array( $order, array( 'ASC', 'DESC' ) ) )
 		$order = 'ASC';
 
-	$taxonomies = "'" . implode("', '", $taxonomies) . "'";
+	$taxonomies = "'" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "'";
 	$object_ids = implode(', ', $object_ids);
 
 	$select_this = '';
@@ -3353,8 +3353,8 @@ function wp_update_term( $term_id, $taxonomy, $args = array() ) {
 	$parent = apply_filters( 'wp_update_term_parent', $args['parent'], $term_id, $taxonomy, $parsed_args, $args );
 
 	// Check for duplicate slug
-	$id = $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms WHERE slug = %s", $slug ) );
-	if ( $id && ($id != $term_id) ) {
+	$duplicate = get_term_by( 'slug', $slug, $taxonomy );
+	if ( $duplicate && $duplicate->term_id != $term_id ) {
 		// If an empty slug was passed or the parent changed, reset the slug to something unique.
 		// Otherwise, bail.
 		if ( $empty_slug || ( $parent != $term['parent']) )
@@ -4336,13 +4336,14 @@ function get_ancestors( $object_id = 0, $object_type = '', $resource_type = '' )
 	 * Filter a given object's ancestors.
 	 *
 	 * @since 3.1.0
+	 * @since 4.1.1 Introduced the `$resource_type` parameter.
 	 *
 	 * @param array  $ancestors     An array of object ancestors.
 	 * @param int    $object_id     Object ID.
 	 * @param string $object_type   Type of object.
 	 * @param string $resource_type Type of resource $object_type is.
 	 */
-	return apply_filters( 'get_ancestors', $ancestors, $object_id, $object_type );
+	return apply_filters( 'get_ancestors', $ancestors, $object_id, $object_type, $resource_type );
 }
 
 /**

wp-includes/theme.php

@@ -672,8 +672,6 @@ function preview_theme() {
 
 	// Prevent theme mods to current theme being used on theme being previewed
 	add_filter( 'pre_option_theme_mods_' . get_option( 'stylesheet' ), '__return_empty_array' );
-
-	ob_start( 'preview_theme_ob_filter' );
 }
 add_action('setup_theme', 'preview_theme');
 
@@ -711,7 +709,7 @@ function _preview_theme_stylesheet_filter() {
  * @return string
  */
 function preview_theme_ob_filter( $content ) {
-	return preg_replace_callback( "|(<a.*?href=([\"']))(.*?)([\"'].*?>)|", 'preview_theme_ob_filter_callback', $content );
+	return $content;
 }
 
 /**
@@ -726,26 +724,7 @@ function preview_theme_ob_filter( $content ) {
  * @return string
  */
 function preview_theme_ob_filter_callback( $matches ) {
-	if ( strpos($matches[4], 'onclick') !== false )
-		$matches[4] = preg_replace('#onclick=([\'"]).*?(?<!\\\)\\1#i', '', $matches[4]); //Strip out any onclicks from rest of <a>. (?<!\\\) means to ignore the '" if it's escaped by \  to prevent breaking mid-attribute.
-	if (
-		( false !== strpos($matches[3], '/wp-admin/') )
-	||
-		( false !== strpos( $matches[3], '://' ) && 0 !== strpos( $matches[3], home_url() ) )
-	||
-		( false !== strpos($matches[3], '/feed/') )
-	||
-		( false !== strpos($matches[3], '/trackback/') )
-	)
-		return $matches[1] . "#$matches[2] onclick=$matches[2]return false;" . $matches[4];
-
-	$stylesheet = isset( $_GET['stylesheet'] ) ? $_GET['stylesheet'] : '';
-	$template   = isset( $_GET['template'] )   ? $_GET['template']   : '';
-
-	$link = add_query_arg( array( 'preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'preview_iframe' => 1 ), $matches[3] );
-	if ( 0 === strpos($link, 'preview=1') )
-		$link = "?$link";
-	return $matches[1] . esc_attr( $link ) . $matches[4];
+	return $matches[0];
 }
 
 /**

wp-includes/update.php

@@ -521,14 +521,12 @@ function wp_get_update_data() {
 	$counts = array( 'plugins' => 0, 'themes' => 0, 'wordpress' => 0, 'translations' => 0 );
 
 	if ( $plugins = current_user_can( 'update_plugins' ) ) {
-		wp_update_plugins(); // Check for Plugin updates
 		$update_plugins = get_site_transient( 'update_plugins' );
 		if ( ! empty( $update_plugins->response ) )
 			$counts['plugins'] = count( $update_plugins->response );
 	}
 
 	if ( $themes = current_user_can( 'update_themes' ) ) {
-		wp_update_themes(); // Check for Theme updates
 		$update_themes = get_site_transient( 'update_themes' );
 		if ( ! empty( $update_themes->response ) )
 			$counts['themes'] = count( $update_themes->response );
@@ -635,19 +633,8 @@ function wp_schedule_update_checks() {
 	if ( !wp_next_scheduled('wp_update_themes') && !defined('WP_INSTALLING') )
 		wp_schedule_event(time(), 'twicedaily', 'wp_update_themes');
 
-	if ( ! wp_next_scheduled( 'wp_maybe_auto_update' ) && ! defined( 'WP_INSTALLING' ) ) {
-		// Schedule auto updates for 7 a.m. and 7 p.m. in the timezone of the site.
-		$next = strtotime( 'today 7am' );
-		$now = time();
-		// Find the next instance of 7 a.m. or 7 p.m., but skip it if it is within 3 hours from now.
-		while ( ( $now + 3 * HOUR_IN_SECONDS ) > $next ) {
-			$next += 12 * HOUR_IN_SECONDS;
-		}
-		$next = $next - get_option( 'gmt_offset' ) * HOUR_IN_SECONDS;
-		// Add a random number of minutes, so we don't have all sites trying to update exactly on the hour
-		$next = $next + rand( 0, 59 ) * MINUTE_IN_SECONDS;
-		wp_schedule_event( $next, 'twicedaily', 'wp_maybe_auto_update' );
-	}
+	if ( ( wp_next_scheduled( 'wp_maybe_auto_update' ) > ( time() + HOUR_IN_SECONDS ) ) && ! defined('WP_INSTALLING') )
+		wp_clear_scheduled_hook( 'wp_maybe_auto_update' );
 }
 
 /**

wp-includes/version.php

@@ -4,21 +4,21 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.1';
+$wp_version = '4.1.20';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
  *
  * @global int $wp_db_version
  */
-$wp_db_version = 30133;
+$wp_db_version = 30135;
 
 /**
  * Holds the TinyMCE version
  *
  * @global string $tinymce_version
  */
-$tinymce_version = '4107-20141130';
+$tinymce_version = '4107-20150505';
 
 /**
  * Holds the required PHP version

wp-mail.php

@@ -14,6 +14,12 @@ require(dirname(__FILE__) . '/wp-load.php');
 if ( ! apply_filters( 'enable_post_by_email_configuration', true ) )
 	wp_die( __( 'This action has been disabled by the administrator.' ) );
 
+$mailserver_url = get_option( 'mailserver_url' );
+
+if ( 'mail.example.com' === $mailserver_url || empty( $mailserver_url ) ) {
+	wp_die( __( 'This action has been disabled by the administrator.' ), 403 );
+}
+
 /**
  * Fires to allow a plugin to do a complete takeover of Post by Email.
  *