Tag 4.2.20

Built from https://develop.svn.wordpress.org/tags/4.2.20@42953 git-svn-id: http://core.svn.wordpress.org/tags/4.2.20@42783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Bump 4.2 branch to version 4.2.20
2018-04-03 22:42:20 +00:00 · 2018-04-03 20:31:29 +00:00 · 2018-04-03 16:10:29 +00:00 · 2018-04-03 15:33:31 +00:00 · 2018-01-23 11:29:31 +00:00
5 changed files with 16 additions and 12 deletions
--- a/license.txt
+++ b/license.txt
@@ -1,6 +1,6 @@
 WordPress - Web publishing software

-Copyright 2017 by the contributors
+Copyright 2018 by the contributors

 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
--- a/wp-admin/about.php
+++ b/wp-admin/about.php
@@ -41,7 +41,11 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 </h2>

 <div class="changelog point-releases">
-	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 19 ); ?></h3>
+	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 20 ); ?></h3>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+			'<strong>Version %1$s</strong> addressed some security issues.', 2 ), '4.2.20' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.2.20' ); ?>
+	</p>
 	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
 			'<strong>Version %1$s</strong> addressed some security issues.', 1 ), '4.2.19' ); ?>
 		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.2.19' ); ?>
--- a/wp-includes/general-template.php
+++ b/wp-includes/general-template.php
@@ -3030,25 +3030,25 @@ function get_the_generator( $type = '' ) {

 	switch ( $type ) {
 		case 'html':
-			$gen = '<meta name="generator" content="WordPress ' . get_bloginfo( 'version' ) . '">';
+			$gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '">';
 			break;
 		case 'xhtml':
-			$gen = '<meta name="generator" content="WordPress ' . get_bloginfo( 'version' ) . '" />';
+			$gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '" />';
 			break;
 		case 'atom':
-			$gen = '<generator uri="http://wordpress.org/" version="' . get_bloginfo_rss( 'version' ) . '">WordPress</generator>';
+			$gen = '<generator uri="https://wordpress.org/" version="' . esc_attr( get_bloginfo_rss( 'version' ) ) . '">WordPress</generator>';
 			break;
 		case 'rss2':
-			$gen = '<generator>http://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) . '</generator>';
+			$gen = '<generator>' . esc_url_raw( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '</generator>';
 			break;
 		case 'rdf':
-			$gen = '<admin:generatorAgent rdf:resource="http://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) . '" />';
+			$gen = '<admin:generatorAgent rdf:resource="' . esc_url_raw( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '" />';
 			break;
 		case 'comment':
-			$gen = '<!-- generator="WordPress/' . get_bloginfo( 'version' ) . '" -->';
+			$gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo( 'version' ) ) . '" -->';
 			break;
 		case 'export':
-			$gen = '<!-- generator="WordPress/' . get_bloginfo_rss('version') . '" created="'. date('Y-m-d H:i') . '" -->';
+			$gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo_rss( 'version' ) ) . '" created="' . date( 'Y-m-d H:i' ) . '" -->';
 			break;
 	}

--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.2.19';
+$wp_version = '4.2.20';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
--- a/wp-login.php
+++ b/wp-login.php
@@ -14,10 +14,10 @@ require( dirname(__FILE__) . '/wp-load.php' );
 // Redirect to https login if forced to use SSL
 if ( force_ssl_admin() && ! is_ssl() ) {
 	if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
-		wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
+		wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
 		exit();
 	} else {
-		wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
+		wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
 		exit();
 	}
 }
Author	SHA1	Message	Date
Aaron Campbell	da9840d847	Tag 4.2.20 Built from https://develop.svn.wordpress.org/tags/4.2.20@42953 git-svn-id: http://core.svn.wordpress.org/tags/4.2.20@42783 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2018-04-03 22:42:20 +00:00
Aaron Campbell	dac39608a3	Bump 4.2 branch to version 4.2.20 Built from https://develop.svn.wordpress.org/branches/4.2@42940 git-svn-id: http://core.svn.wordpress.org/branches/4.2@42770 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2018-04-03 20:31:29 +00:00
Dominik Schilling	93cae5c2ab	Template: Make sure the version string is correctly escaped for use in attributes. Merge of [42893] to the 4.2 branch. Built from https://develop.svn.wordpress.org/branches/4.2@42924 git-svn-id: http://core.svn.wordpress.org/branches/4.2@42754 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2018-04-03 16:10:29 +00:00
Dominik Schilling	581a8a01c7	Login: Use `wp_safe_redirect()` when redirecting the login page if forced to use HTTPS. Merge of [42892] to the 4.2 branch. Built from https://develop.svn.wordpress.org/branches/4.2@42902 git-svn-id: http://core.svn.wordpress.org/branches/4.2@42732 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2018-04-03 15:33:31 +00:00
Sergey Biryukov	04d983d6c1	General: Update copyright year to 2018 in license.txt. Props rachelbaker. Merges [42424] to the 4.2 branch. Fixes #43007. Built from https://develop.svn.wordpress.org/branches/4.2@42559 git-svn-id: http://core.svn.wordpress.org/branches/4.2@42388 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2018-01-23 11:29:31 +00:00