Tag 4.2.1.

Built from https://develop.svn.wordpress.org/@32319

git-svn-id: http://core.svn.wordpress.org/tags/4.2.1@32290 1a063a9b-81f0-0310-95a4-ce76da25c4cd

readme.html

@@ -9,7 +9,7 @@
 <body>
 <h1 id="logo">
 	<a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
-	<br /> Version 4.2
+	<br /> Version 4.2.1
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 

wp-admin/about.php

@@ -40,6 +40,14 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 	</a>
 </h2>
 
+<div class="changelog point-releases">
+	<h3><?php echo _n( 'Security Release', 'Security Releases', 1 ); ?></h3>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 1 ), '4.2.1' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_4.2.1' ); ?>
+ 	</p>
+</div>
+
 <div class="headline-feature feature-video">
 	<embed type="application/x-shockwave-flash" src="https://v0.wordpress.com/player.swf?v=1.04" width="1000" height="560" wmode="direct" seamlesstabbing="true" allowfullscreen="true" allowscriptaccess="always" overstretch="true" flashvars="guid=e9kH4FzP&amp;isDynamicSeeking=true"></embed>
 </div>

wp-admin/includes/upgrade.php

@@ -527,6 +527,9 @@ function upgrade_all() {
 	if ( $wp_current_db_version < 31351 )
 		upgrade_420();
 
+	if ( $wp_current_db_version < 31533 )
+		upgrade_421();
+
 	maybe_disable_link_manager();
 
 	maybe_disable_automattic_widgets();
@@ -1435,6 +1438,33 @@ function upgrade_420() {
 	}
 }
 
+/**
+ * Execute changes made in WordPress 4.2.1.
+ *
+ * @since 4.2.1
+ */
+function upgrade_421() {
+	global $wp_current_db_version, $wpdb;
+
+	if ( $wp_current_db_version < 31533 ) {
+		$content_length = $wpdb->get_col_length( $wpdb->comments, 'comment_content' );
+		if ( ! $content_length ) {
+			$content_length = 65535;
+		}
+
+		$comments = $wpdb->get_results(
+			"SELECT comment_ID FROM $wpdb->comments
+			WHERE comment_date_gmt > '2015-04-26'
+			AND CHAR_LENGTH( comment_content ) >= $content_length
+			AND ( comment_content LIKE '%<%' OR comment_content LIKE '%>%' )"
+		);
+
+		foreach ( $comments as $comment ) {
+			wp_delete_comment( $comment->comment_ID, true );
+		}
+	}
+}
+
 /**
  * Executes network-level upgrade routines.
  *

wp-includes/css/wp-auth-check-rtl.min.css

@@ -1 +1 @@
-#wp-auth-check-wrap.hidden{display:none}#wp-auth-check-wrap #wp-auth-check-bg{position:fixed;top:0;bottom:0;right:0;left:0;background:#000;opacity:.7;filter:alpha(opacity=70);z-index:1000010}#wp-auth-check-wrap #wp-auth-check{position:fixed;right:50%;overflow:hidden;top:40px;bottom:20px;max-height:415px;width:380px;margin:0 -190px 0 0;padding:30px 0 0;background-color:#f1f1f1;z-index:1000011;-webkit-box-shadow:0 3px 6px rgba(0,0,0,.3);box-shadow:0 3px 6px rgba(0,0,0,.3)}@media screen and (max-width:380px){#wp-auth-check-wrap #wp-auth-check{right:0;width:100%;margin:0}}#wp-auth-check-wrap.fallback #wp-auth-check{max-height:180px;overflow:auto}#wp-auth-check-wrap #wp-auth-check-form{background:url(../images/spinner-2x.gif) no-repeat center center;-webkit-background-size:16px 16px;background-size:16px 16px;height:100%;overflow:auto;-webkit-overflow-scrolling:touch}#wp-auth-check-wrap #wp-auth-check-form iframe{height:98%;width:100%}#wp-auth-check-wrap .wp-auth-check-close{position:absolute;top:8px;left:8px;height:22px;width:22px;cursor:pointer}#wp-auth-check-wrap .wp-auth-check-close:before{content:'\f158';display:block!important;font:400 20px/1 dashicons;speak:none;height:22px;margin:2px 0;text-align:center;width:22px;color:#777;-webkit-font-smoothing:antialiased!important;-moz-osx-font-smoothing:grayscale}#wp-auth-check-wrap .wp-auth-check-close:hover:before{color:#0073aa}#wp-auth-check-wrap .wp-auth-check-close:focus{outline:#82878c dotted 1px}#wp-auth-check-wrap .wp-auth-fallback-expired{outline:0}#wp-auth-check-wrap .wp-auth-fallback{font-size:14px;line-height:21px;padding:0 25px;display:none}#wp-auth-check-wrap.fallback .wp-auth-check-close,#wp-auth-check-wrap.fallback .wp-auth-fallback{display:block}
+#wp-auth-check-wrap.hidden{display:none}#wp-auth-check-wrap #wp-auth-check-bg{position:fixed;top:0;bottom:0;right:0;left:0;background:#000;opacity:.7;filter:alpha(opacity=70);z-index:1000010}#wp-auth-check-wrap #wp-auth-check{position:fixed;right:50%;overflow:hidden;top:40px;bottom:20px;max-height:415px;width:380px;margin:0 -190px 0 0;padding:30px 0 0;background-color:#f1f1f1;z-index:1000011;-webkit-box-shadow:0 3px 6px rgba(0,0,0,.3);box-shadow:0 3px 6px rgba(0,0,0,.3)}@media screen and (max-width:380px){#wp-auth-check-wrap #wp-auth-check{right:0;width:100%;margin:0}}#wp-auth-check-wrap.fallback #wp-auth-check{max-height:180px;overflow:auto}#wp-auth-check-wrap #wp-auth-check-form{background:url(../images/spinner-2x.gif) center center/16px 16px no-repeat;-webkit-background-size:16px 16px;height:100%;overflow:auto;-webkit-overflow-scrolling:touch}#wp-auth-check-wrap #wp-auth-check-form iframe{height:98%;width:100%}#wp-auth-check-wrap .wp-auth-check-close{position:absolute;top:8px;left:8px;height:22px;width:22px;cursor:pointer}#wp-auth-check-wrap .wp-auth-check-close:before{content:'\f158';display:block!important;font:400 20px/1 dashicons;speak:none;height:22px;margin:2px 0;text-align:center;width:22px;color:#777;-webkit-font-smoothing:antialiased!important;-moz-osx-font-smoothing:grayscale}#wp-auth-check-wrap .wp-auth-check-close:hover:before{color:#0073aa}#wp-auth-check-wrap .wp-auth-check-close:focus{outline:#82878c dotted 1px}#wp-auth-check-wrap .wp-auth-fallback-expired{outline:0}#wp-auth-check-wrap .wp-auth-fallback{font-size:14px;line-height:21px;padding:0 25px;display:none}#wp-auth-check-wrap.fallback .wp-auth-check-close,#wp-auth-check-wrap.fallback .wp-auth-fallback{display:block}

wp-includes/css/wp-auth-check.min.css

@@ -1 +1 @@
-#wp-auth-check-wrap.hidden{display:none}#wp-auth-check-wrap #wp-auth-check-bg{position:fixed;top:0;bottom:0;left:0;right:0;background:#000;opacity:.7;filter:alpha(opacity=70);z-index:1000010}#wp-auth-check-wrap #wp-auth-check{position:fixed;left:50%;overflow:hidden;top:40px;bottom:20px;max-height:415px;width:380px;margin:0 0 0 -190px;padding:30px 0 0;background-color:#f1f1f1;z-index:1000011;-webkit-box-shadow:0 3px 6px rgba(0,0,0,.3);box-shadow:0 3px 6px rgba(0,0,0,.3)}@media screen and (max-width:380px){#wp-auth-check-wrap #wp-auth-check{left:0;width:100%;margin:0}}#wp-auth-check-wrap.fallback #wp-auth-check{max-height:180px;overflow:auto}#wp-auth-check-wrap #wp-auth-check-form{background:url(../images/spinner-2x.gif) no-repeat center center;-webkit-background-size:16px 16px;background-size:16px 16px;height:100%;overflow:auto;-webkit-overflow-scrolling:touch}#wp-auth-check-wrap #wp-auth-check-form iframe{height:98%;width:100%}#wp-auth-check-wrap .wp-auth-check-close{position:absolute;top:8px;right:8px;height:22px;width:22px;cursor:pointer}#wp-auth-check-wrap .wp-auth-check-close:before{content:'\f158';display:block!important;font:400 20px/1 dashicons;speak:none;height:22px;margin:2px 0;text-align:center;width:22px;color:#777;-webkit-font-smoothing:antialiased!important;-moz-osx-font-smoothing:grayscale}#wp-auth-check-wrap .wp-auth-check-close:hover:before{color:#0073aa}#wp-auth-check-wrap .wp-auth-check-close:focus{outline:#82878c dotted 1px}#wp-auth-check-wrap .wp-auth-fallback-expired{outline:0}#wp-auth-check-wrap .wp-auth-fallback{font-size:14px;line-height:21px;padding:0 25px;display:none}#wp-auth-check-wrap.fallback .wp-auth-check-close,#wp-auth-check-wrap.fallback .wp-auth-fallback{display:block}
+#wp-auth-check-wrap.hidden{display:none}#wp-auth-check-wrap #wp-auth-check-bg{position:fixed;top:0;bottom:0;left:0;right:0;background:#000;opacity:.7;filter:alpha(opacity=70);z-index:1000010}#wp-auth-check-wrap #wp-auth-check{position:fixed;left:50%;overflow:hidden;top:40px;bottom:20px;max-height:415px;width:380px;margin:0 0 0 -190px;padding:30px 0 0;background-color:#f1f1f1;z-index:1000011;-webkit-box-shadow:0 3px 6px rgba(0,0,0,.3);box-shadow:0 3px 6px rgba(0,0,0,.3)}@media screen and (max-width:380px){#wp-auth-check-wrap #wp-auth-check{left:0;width:100%;margin:0}}#wp-auth-check-wrap.fallback #wp-auth-check{max-height:180px;overflow:auto}#wp-auth-check-wrap #wp-auth-check-form{background:url(../images/spinner-2x.gif) center center/16px 16px no-repeat;-webkit-background-size:16px 16px;height:100%;overflow:auto;-webkit-overflow-scrolling:touch}#wp-auth-check-wrap #wp-auth-check-form iframe{height:98%;width:100%}#wp-auth-check-wrap .wp-auth-check-close{position:absolute;top:8px;right:8px;height:22px;width:22px;cursor:pointer}#wp-auth-check-wrap .wp-auth-check-close:before{content:'\f158';display:block!important;font:400 20px/1 dashicons;speak:none;height:22px;margin:2px 0;text-align:center;width:22px;color:#777;-webkit-font-smoothing:antialiased!important;-moz-osx-font-smoothing:grayscale}#wp-auth-check-wrap .wp-auth-check-close:hover:before{color:#0073aa}#wp-auth-check-wrap .wp-auth-check-close:focus{outline:#82878c dotted 1px}#wp-auth-check-wrap .wp-auth-fallback-expired{outline:0}#wp-auth-check-wrap .wp-auth-fallback{font-size:14px;line-height:21px;padding:0 25px;display:none}#wp-auth-check-wrap.fallback .wp-auth-check-close,#wp-auth-check-wrap.fallback .wp-auth-fallback{display:block}

wp-includes/version.php

@@ -4,14 +4,14 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.2-RC4-32277';
+$wp_version = '4.2.1';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
  *
  * @global int $wp_db_version
  */
-$wp_db_version = 31532;
+$wp_db_version = 31533;
 
 /**
  * Holds the TinyMCE version

wp-includes/wp-db.php

@@ -1946,11 +1946,20 @@ class wpdb {
 	 */
 	protected function process_fields( $table, $data, $format ) {
 		$data = $this->process_field_formats( $data, $format );
+		if ( false === $data ) {
+			return false;
+		}
+
 		$data = $this->process_field_charsets( $data, $table );
 		if ( false === $data ) {
 			return false;
 		}
 
+		$data = $this->process_field_lengths( $data, $table );
+		if ( false === $data ) {
+			return false;
+		}
+
 		$converted_data = $this->strip_invalid_text( $data );
 
 		if ( $data !== $converted_data ) {
@@ -2031,6 +2040,40 @@ class wpdb {
 		return $data;
 	}
 
+	/**
+	 * For string fields, record the maximum string length that field can safely save.
+	 *
+	 * @since 4.2.1
+	 * @access protected
+	 *
+	 * @param array  $data  As it comes from the wpdb::process_field_charsets() method.
+	 * @param string $table Table name.
+	 * @return array|False The same array as $data with additional 'length' keys, or false if
+	 *                     any of the values were too long for their corresponding field.
+	 */
+	protected function process_field_lengths( $data, $table ) {
+		foreach ( $data as $field => $value ) {
+			if ( '%d' === $value['format'] || '%f' === $value['format'] ) {
+				// We can skip this field if we know it isn't a string.
+				// This checks %d/%f versus ! %s because it's sprintf() could take more.
+				$value['length'] = false;
+			} else {
+				$value['length'] = $this->get_col_length( $table, $field );
+				if ( is_wp_error( $value['length'] ) ) {
+					return false;
+				}
+			}
+
+			if ( false !== $value['length'] && mb_strlen( $value['value'] ) > $value['length'] ) {
+				return false;
+			}
+
+			$data[ $field ] = $value;
+		}
+
+		return $data;
+	}
+
 	/**
 	 * Retrieve one variable from the database.
 	 *
@@ -2361,6 +2404,77 @@ class wpdb {
 		return $charset;
 	}
 
+	/**
+	 * Retrieve the maximum string length allowed in a given column.
+	 *
+	 * @since 4.2.1
+	 * @access public
+	 *
+	 * @param string $table  Table name.
+	 * @param string $column Column name.
+	 * @return mixed Max column length as an int. False if the column has no
+	 *               length. WP_Error object if there was an error.
+	 */
+	public function get_col_length( $table, $column ) {
+		$tablekey = strtolower( $table );
+		$columnkey = strtolower( $column );
+
+		// Skip this entirely if this isn't a MySQL database.
+		if ( false === $this->is_mysql ) {
+			return false;
+		}
+
+		if ( empty( $this->col_meta[ $tablekey ] ) ) {
+			// This primes column information for us.
+			$table_charset = $this->get_table_charset( $table );
+			if ( is_wp_error( $table_charset ) ) {
+				return $table_charset;
+			}
+		}
+
+		if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) {
+			return false;
+		}
+
+		$typeinfo = explode( '(', $this->col_meta[ $tablekey ][ $columnkey ]->Type );
+
+		$type = strtolower( $typeinfo[0] );
+		if ( ! empty( $typeinfo[1] ) ) {
+			$length = trim( $typeinfo[1], ')' );
+		} else {
+			$length = false;
+		}
+
+		switch( $type ) {
+			case 'binary':
+			case 'char':
+			case 'varbinary':
+			case 'varchar':
+				return $length;
+				break;
+			case 'tinyblob':
+			case 'tinytext':
+				return 255; // 2^8 - 1
+				break;
+			case 'blob':
+			case 'text':
+				return 65535; // 2^16 - 1
+				break;
+			case 'mediumblob':
+			case 'mediumtext':
+				return 16777215; // 2^24 - 1
+				break;
+			case 'longblob':
+			case 'longtext':
+				return 4294967295; // 2^32 - 1
+				break;
+			default:
+				return false;
+		}
+
+		return false;
+	}
+
 	/**
 	 * Check if a string is ASCII.
 	 *