Tag 4.2.5

Built from https://develop.svn.wordpress.org/tags/4.2.5@34206


git-svn-id: http://core.svn.wordpress.org/tags/4.2.5@34170 1a063a9b-81f0-0310-95a4-ce76da25c4cd

readme.html

@@ -9,7 +9,7 @@
 <body>
 <h1 id="logo">
 	<a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
-	<br /> Version 4.2
+	<br /> Version 4.2.5
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 

wp-admin/about.php

@@ -40,6 +40,30 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 	</a>
 </h2>
 
+<div class="changelog point-releases">
+	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 5 ); ?></h3>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 2 ), '4.2.5', number_format_i18n( 2 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_4.2.5' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 4 ), '4.2.4', number_format_i18n( 4 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_4.2.4' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 20 ), '4.2.3', number_format_i18n( 20 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_4.2.3' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 13 ), '4.2.2', number_format_i18n( 13 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_4.2.2' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 1 ), '4.2.1' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_4.2.1' ); ?>
+ 	</p>
+</div>
+
 <div class="headline-feature feature-video">
 	<embed type="application/x-shockwave-flash" src="https://v0.wordpress.com/player.swf?v=1.04" width="1000" height="560" wmode="direct" seamlesstabbing="true" allowfullscreen="true" allowscriptaccess="always" overstretch="true" flashvars="guid=e9kH4FzP&amp;isDynamicSeeking=true"></embed>
 </div>

wp-admin/css/edit-rtl.css

@@ -545,6 +545,7 @@ span.wp-media-buttons-icon:before {
 .notification-dialog {
 	position: fixed;
 	top: 30%;
+	max-height: 70%;
 	right: 50%;
 	width: 450px;
 	margin-right: -225px;
@@ -553,6 +554,7 @@ span.wp-media-buttons-icon:before {
 	box-shadow: 0 3px 6px rgba( 0, 0, 0, 0.3 );
 	line-height: 1.5;
 	z-index: 1000005;
+	overflow-y: auto;
 }
 
 .notification-dialog-background {

wp-admin/css/edit.css

@@ -545,6 +545,7 @@ span.wp-media-buttons-icon:before {
 .notification-dialog {
 	position: fixed;
 	top: 30%;
+	max-height: 70%;
 	left: 50%;
 	width: 450px;
 	margin-left: -225px;
@@ -553,6 +554,7 @@ span.wp-media-buttons-icon:before {
 	box-shadow: 0 3px 6px rgba( 0, 0, 0, 0.3 );
 	line-height: 1.5;
 	z-index: 1000005;
+	overflow-y: auto;
 }
 
 .notification-dialog-background {

wp-admin/css/forms-rtl.css

@@ -862,6 +862,7 @@ table.form-table td .updated p {
 
 .request-filesystem-credentials-dialog .notification-dialog {
 	top: 15%;
+	max-height: 85%;
 }
 
 .request-filesystem-credentials-dialog-content {
@@ -1157,11 +1158,11 @@ table.form-table td .updated p {
 	.request-filesystem-credentials-dialog	.notification-dialog{
 		width: 100%;
 		height: 100%;
+		max-height: 100%;
 		position: fixed;
 		top: 0;
 		margin: 0;
 		right: 0;
-		overflow-y: auto;
 	}
 }
 

wp-admin/css/forms.css

@@ -862,6 +862,7 @@ table.form-table td .updated p {
 
 .request-filesystem-credentials-dialog .notification-dialog {
 	top: 15%;
+	max-height: 85%;
 }
 
 .request-filesystem-credentials-dialog-content {
@@ -1157,11 +1158,11 @@ table.form-table td .updated p {
 	.request-filesystem-credentials-dialog	.notification-dialog{
 		width: 100%;
 		height: 100%;
+		max-height: 100%;
 		position: fixed;
 		top: 0;
 		margin: 0;
 		left: 0;
-		overflow-y: auto;
 	}
 }
 

wp-admin/css/press-this-rtl.css

@@ -846,6 +846,7 @@ input[type="search"].categories-search,
 	border-bottom: 1px solid #e5e5e5;
 	font-size: 14px;
 	-webkit-appearance: none;
+	-moz-appearance: none;
 	appearance: none;
 }
 

wp-admin/css/press-this.css

@@ -846,6 +846,7 @@ input[type="search"].categories-search,
 	border-bottom: 1px solid #e5e5e5;
 	font-size: 14px;
 	-webkit-appearance: none;
+	-moz-appearance: none;
 	appearance: none;
 }
 

wp-admin/css/widgets-rtl.css

@@ -350,6 +350,10 @@ div#widgets-right .closed .widgets-sortables {
 	display: none;
 }
 
+.js .widgets-holder-wrap.closed .widget.ui-sortable-helper {
+	display: block;
+}
+
 /* Hide Widget Settings by Default */
 .widget-inside,
 .widget-description {
@@ -506,6 +510,10 @@ div#widgets-right .widget-top:hover,
 	cursor: pointer;
 }
 
+#available-widgets .widget.ui-draggable-dragging .widget-top {
+	cursor: move;
+}
+
 /* =Media Queries
 -------------------------------------------------------------- */
 

wp-admin/css/widgets.css

@@ -350,6 +350,10 @@ div#widgets-right .closed .widgets-sortables {
 	display: none;
 }
 
+.js .widgets-holder-wrap.closed .widget.ui-sortable-helper {
+	display: block;
+}
+
 /* Hide Widget Settings by Default */
 .widget-inside,
 .widget-description {
@@ -506,6 +510,10 @@ div#widgets-right .widget-top:hover,
 	cursor: pointer;
 }
 
+#available-widgets .widget.ui-draggable-dragging .widget-top {
+	cursor: move;
+}
+
 /* =Media Queries
 -------------------------------------------------------------- */
 

wp-admin/includes/ajax-actions.php

@@ -1540,10 +1540,12 @@ function wp_ajax_inline_save() {
 		$data['parent_id'] = $data['post_parent'];
 
 	// Status.
-	if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
+	if ( isset( $data['keep_private'] ) && 'private' == $data['keep_private'] ) {
+		$data['visibility']  = 'private';
 		$data['post_status'] = 'private';
-	else
+	} else {
 		$data['post_status'] = $data['_status'];
+	}
 
 	if ( empty($data['comment_status']) )
 		$data['comment_status'] = 'closed';
@@ -2883,6 +2885,8 @@ function wp_ajax_destroy_sessions() {
  * @see Plugin_Upgrader
  */
 function wp_ajax_update_plugin() {
+	global $wp_filesystem;
+
 	$plugin = urldecode( $_POST['plugin'] );
 
 	$status = array(
@@ -2892,6 +2896,7 @@ function wp_ajax_update_plugin() {
 		'oldVersion' => '',
 		'newVersion' => '',
 	);
+
 	$plugin_data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
 	if ( $plugin_data['Version'] ) {
 		$status['oldVersion'] = sprintf( __( 'Version %s' ), $plugin_data['Version'] );
@@ -2906,15 +2911,17 @@ function wp_ajax_update_plugin() {
 
 	include_once( ABSPATH . 'wp-admin/includes/class-wp-upgrader.php' );
 
-	$current = get_site_transient( 'update_plugins' );
-	if ( empty( $current ) ) {
-		wp_update_plugins();
-	}
+	wp_update_plugins();
 
-	$upgrader = new Plugin_Upgrader( new Automatic_Upgrader_Skin() );
+	$skin = new Automatic_Upgrader_Skin();
+	$upgrader = new Plugin_Upgrader( $skin );
 	$result = $upgrader->bulk_upgrade( array( $plugin ) );
 
-	if ( is_array( $result ) ) {
+	if ( is_array( $result ) && empty( $result[$plugin] ) && is_wp_error( $skin->result ) ) {
+		$result = $skin->result;
+	}
+
+	if ( is_array( $result ) && !empty( $result[ $plugin ] ) ) {
 		$plugin_update_data = current( $result );
 
 		/*
@@ -2929,7 +2936,8 @@ function wp_ajax_update_plugin() {
  			wp_send_json_error( $status );
 		}
 
-		$plugin_data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
+		$plugin_data = get_plugins( '/' . $result[ $plugin ]['destination_name'] );
+		$plugin_data = reset( $plugin_data );
 
 		if ( $plugin_data['Version'] ) {
 			$status['newVersion'] = sprintf( __( 'Version %s' ), $plugin_data['Version'] );
@@ -2939,10 +2947,18 @@ function wp_ajax_update_plugin() {
 	} else if ( is_wp_error( $result ) ) {
 		$status['error'] = $result->get_error_message();
  		wp_send_json_error( $status );
-	} else if ( is_bool( $result ) && ! $result ) {
+
+ 	} else if ( is_bool( $result ) && ! $result ) {
 		$status['errorCode'] = 'unable_to_connect_to_filesystem';
 		$status['error'] = __( 'Unable to connect to the filesystem. Please confirm your credentials.' );
+
+		// Pass through the error from WP_Filesystem if one was raised
+		if ( is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->get_error_code() ) {
+			$status['error'] = $wp_filesystem->errors->get_error_message();
+		}
+
 		wp_send_json_error( $status );
+
 	}
 }
 

wp-admin/includes/class-wp-ms-users-list-table.php

@@ -224,7 +224,7 @@ class WP_MS_Users_List_Table extends WP_List_Table {
 					break;
 
 					case 'email':
-						echo "<td $attributes><a href='mailto:$user->user_email'>$user->user_email</a></td>";
+						echo "<td $attributes><a href='" . esc_url( "mailto:$user->user_email" ) . "'>$user->user_email</a></td>";
 					break;
 
 					case 'registered':

wp-admin/includes/class-wp-upgrader.php

@@ -972,11 +972,14 @@ class Plugin_Upgrader extends WP_Upgrader {
 
 		// Check the folder contains at least 1 valid plugin.
 		$plugins_found = false;
-		foreach ( glob( $working_directory . '*.php' ) as $file ) {
-			$info = get_plugin_data($file, false, false);
-			if ( !empty( $info['Name'] ) ) {
-				$plugins_found = true;
-				break;
+		$files = glob( $working_directory . '*.php' );
+		if ( $files ) {
+			foreach ( $files as $file ) {
+				$info = get_plugin_data( $file, false, false );
+				if ( ! empty( $info['Name'] ) ) {
+					$plugins_found = true;
+					break;
+				}
 			}
 		}
 

wp-admin/includes/class-wp-users-list-table.php

@@ -420,7 +420,7 @@ class WP_Users_List_Table extends WP_List_Table {
 					$r .= "<td $attributes>$user_object->first_name $user_object->last_name</td>";
 					break;
 				case 'email':
-					$r .= "<td $attributes><a href='mailto:$email' title='" . esc_attr( sprintf( __( 'E-mail: %s' ), $email ) ) . "'>$email</a></td>";
+					$r .= "<td $attributes><a href='" . esc_url( "mailto:$email" ) . "' title='" . esc_attr( sprintf( __( 'E-mail: %s' ), $email ) ) . "'>$email</a></td>";
 					break;
 				case 'role':
 					$r .= "<td $attributes>$role_name</td>";

wp-admin/includes/dashboard.php

@@ -418,6 +418,10 @@ function wp_network_dashboard_right_now() {
 function wp_dashboard_quick_press( $error_msg = false ) {
 	global $post_ID;
 
+	if ( ! current_user_can( 'edit_posts' ) ) {
+		return;
+	}
+
 	/* Check if a new auto-draft (= no new post_ID) is needed or if the old can be used */
 	$last_post_id = (int) get_user_option( 'dashboard_quick_press_last_post_id' ); // Get the last post_ID
 	if ( $last_post_id ) {

wp-admin/includes/file.php

@@ -146,7 +146,7 @@ function wp_tempnam( $filename = '', $dir = '' ) {
 		$dir = get_temp_dir();
 	}
 
-	if ( empty( $filename ) || '.' == $filename ) {
+	if ( empty( $filename ) || '.' == $filename || '/' == $filename ) {
 		$filename = time();
 	}
 

wp-admin/includes/post.php

@@ -1542,7 +1542,7 @@ function _admin_notice_post_locked() {
 		// Allow plugins to prevent some users overriding the post lock
 		if ( $override ) {
 			?>
-			<a class="button button-primary wp-tab-last" href="<?php echo esc_url( add_query_arg( 'get-post-lock', '1', get_edit_post_link( $post->ID, 'url' ) ) ); ?>"><?php _e('Take over'); ?></a>
+			<a class="button button-primary wp-tab-last" href="<?php echo esc_url( add_query_arg( 'get-post-lock', '1', wp_nonce_url( get_edit_post_link( $post->ID, 'url' ), 'lock-post_' . $post->ID ) ) ); ?>"><?php _e('Take over'); ?></a>
 			<?php
 		}
 

wp-admin/includes/update-core.php

@@ -1050,6 +1050,9 @@ function update_core($from, $to) {
 		$wp_filesystem->delete($old_file, true);
 	}
 
+	// Remove any Genericons example.html's from the filesystem
+	_upgrade_422_remove_genericons();
+
 	// Upgrade DB with separate request
 	/** This filter is documented in wp-admin/includes/update-core.php */
 	apply_filters( 'update_feedback', __( 'Upgrading database…' ) );
@@ -1188,3 +1191,70 @@ window.location = 'about.php?updated';
 	exit();
 }
 add_action( '_core_updated_successfully', '_redirect_to_about_wordpress' );
+
+/**
+ * Cleans up Genericons example files.
+ *
+ * @since 4.2.2
+ */
+function _upgrade_422_remove_genericons() {
+	global $wp_theme_directories, $wp_filesystem;
+
+	// A list of the affected files using the filesystem absolute paths.
+	$affected_files = array();
+
+	// Themes
+	foreach ( $wp_theme_directories as $directory ) {
+		$affected_theme_files = _upgrade_422_find_genericons_files_in_folder( $directory );
+		$affected_files       = array_merge( $affected_files, $affected_theme_files );
+	}
+
+	// Plugins
+	$affected_plugin_files = _upgrade_422_find_genericons_files_in_folder( WP_PLUGIN_DIR );
+	$affected_files        = array_merge( $affected_files, $affected_plugin_files );
+
+	foreach ( $affected_files as $file ) {
+		$gen_dir = $wp_filesystem->find_folder( trailingslashit( dirname( $file ) ) );
+		if ( empty( $gen_dir ) ) {
+			continue;
+		}
+
+		// The path when the file is accessed via WP_Filesystem may differ in the case of FTP
+		$remote_file = $gen_dir . basename( $file );
+
+		if ( ! $wp_filesystem->exists( $remote_file ) ) {
+			continue;
+		}
+
+		if ( ! $wp_filesystem->delete( $remote_file, false, 'f' ) ) {
+			$wp_filesystem->put_contents( $remote_file, '' );
+		}
+	}
+}
+
+/**
+ * Recursively find Genericons example files in a given folder.
+ *
+ * @ignore
+ * @since 4.2.2
+ *
+ * @param string $directory Directory path. Expects trailingslashed.
+ * @return array
+ */
+function _upgrade_422_find_genericons_files_in_folder( $directory ) {
+	$directory = trailingslashit( $directory );
+	$files     = array();
+
+	if ( file_exists( "{$directory}example.html" ) && false !== strpos( file_get_contents( "{$directory}example.html" ), '<title>Genericons</title>' ) ) {
+		$files[] = "{$directory}example.html";
+	}
+
+	$dirs = glob( $directory . '*', GLOB_ONLYDIR );
+	if ( $dirs ) {
+		foreach ( $dirs as $dir ) {
+			$files = array_merge( $files, _upgrade_422_find_genericons_files_in_folder( $dir ) );
+		}
+	}
+
+	return $files;
+}

wp-admin/includes/upgrade.php

@@ -524,8 +524,11 @@ function upgrade_all() {
 	if ( $wp_current_db_version < 29630 )
 		upgrade_400();
 
-	if ( $wp_current_db_version < 31351 )
-		upgrade_420();
+	if ( $wp_current_db_version < 31534 )
+		upgrade_422();
+
+	if ( $wp_current_db_version < 31536 )
+		upgrade_423();
 
 	maybe_disable_link_manager();
 
@@ -1420,13 +1423,81 @@ function upgrade_400() {
  * @since 4.2.0
  */
 function upgrade_420() {
+}
+
+/**
+ * Execute changes made in WordPress 4.2.1.
+ *
+ * @since 4.2.1
+ */
+function upgrade_421() {
+}
+
+/**
+ * Execute changes made in WordPress 4.2.2.
+ *
+ * @since 4.2.2
+ */
+function upgrade_422() {
 	global $wp_current_db_version, $wpdb;
 
-	if ( $wp_current_db_version < 31351 && $wpdb->charset === 'utf8mb4' ) {
+	if ( $wp_current_db_version < 31534 ) {
+		$content_length = $wpdb->get_col_length( $wpdb->comments, 'comment_content' );
+
+		if ( is_wp_error( $content_length ) ) {
+			return;
+		}
+
+		if ( false === $content_length ) {
+			$content_length = array(
+				'type'   => 'byte',
+				'length' => 65535,
+			);
+		} elseif ( ! is_array( $content_length ) ) {
+			$length = (int) $content_length > 0 ? (int) $content_length : 65535;
+			$content_length = array(
+				'type'	 => 'byte',
+				'length' => $length
+			);
+		}
+
+		if ( 'byte' !== $content_length['type'] || 0 === $content_length['length'] ) {
+			// Sites with malformed DB schemas are on their own.
+			return;
+		}
+
+		$allowed_length = intval( $content_length['length'] ) - 10;
+
+		$comments = $wpdb->get_results(
+			"SELECT `comment_ID` FROM `{$wpdb->comments}`
+				WHERE `comment_date_gmt` > '2015-04-26'
+				AND LENGTH( `comment_content` ) >= {$allowed_length}
+				AND ( `comment_content` LIKE '%<%' OR `comment_content` LIKE '%>%' )"
+		);
+
+		foreach ( $comments as $comment ) {
+			wp_delete_comment( $comment->comment_ID, true );
+		}
+	}
+}
+
+/**
+ * Execute changes made in WordPress 4.2.0.
+ *
+ * @since 4.2.3
+ */
+function upgrade_423() {
+	global $wp_current_db_version, $wpdb;
+
+	if ( $wp_current_db_version < 31536 && $wpdb->charset === 'utf8mb4' ) {
 		if ( is_multisite() ) {
 			$tables = $wpdb->tables( 'blog' );
 		} else {
 			$tables = $wpdb->tables( 'all' );
+			if ( defined( 'DO_NOT_UPGRADE_GLOBAL_TABLES' ) ) {
+				$global_tables = $wpdb->tables( 'global' );
+				$tables = array_diff_assoc( $tables, $global_tables );
+			}
 		}
 
 		foreach ( $tables as $table ) {
@@ -1534,11 +1605,11 @@ function upgrade_network() {
 
 	// 4.2
 	if ( $wp_current_db_version < 31351 && $wpdb->charset === 'utf8mb4' ) {
-		if ( ! ( defined( 'DO_NOT_UPGRADE_GLOBAL_TABLES' ) && DO_NOT_UPGRADE_GLOBAL_TABLES ) ) {
+		if ( ! defined( 'DO_NOT_UPGRADE_GLOBAL_TABLES' ) ) {
 			$wpdb->query( "ALTER TABLE $wpdb->usermeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191))" );
 			$wpdb->query( "ALTER TABLE $wpdb->site DROP INDEX domain, ADD INDEX domain(domain(140),path(51))" );
 			$wpdb->query( "ALTER TABLE $wpdb->sitemeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191))" );
-			$wpdb->query( "ALTER TABLE $wpdb->signups DROP INDEX domain, ADD INDEX domain(domain(140),path(51))" );
+			$wpdb->query( "ALTER TABLE $wpdb->signups DROP INDEX domain_path, ADD INDEX domain_path(domain(140),path(51))" );
 
 			$tables = $wpdb->tables( 'global' );
 
@@ -1547,6 +1618,35 @@ function upgrade_network() {
 			}
 		}
 	}
+
+	// 4.2.2
+	if ( $wp_current_db_version < 31535 && 'utf8mb4' === $wpdb->charset ) {
+		if ( ! defined( 'DO_NOT_UPGRADE_GLOBAL_TABLES' ) ) {
+			$upgrade = false;
+			$indexes = $wpdb->get_results( "SHOW INDEXES FROM $wpdb->signups" );
+			foreach( $indexes as $index ) {
+				if ( 'domain_path' == $index->Key_name && 'domain' == $index->Column_name && 140 != $index->Sub_part ) {
+					$upgrade = true;
+					break;
+				}
+			}
+
+			if ( $upgrade ) {
+				$wpdb->query( "ALTER TABLE $wpdb->signups DROP INDEX domain_path, ADD INDEX domain_path(domain(140),path(51))" );
+			}
+		}
+	}
+
+	// 4.2.3
+	if ( $wp_current_db_version < 31536 && $wpdb->charset === 'utf8mb4' ) {
+		if ( ! defined( 'DO_NOT_UPGRADE_GLOBAL_TABLES' ) ) {
+			$tables = $wpdb->tables( 'global' );
+
+			foreach ( $tables as $table ) {
+				maybe_convert_table_to_utf8mb4( $table );
+			}
+		}
+	}
 }
 
 //
@@ -1679,6 +1779,17 @@ function maybe_convert_table_to_utf8mb4( $table ) {
 		}
 	}
 
+	$table_details = $wpdb->get_row( "SHOW TABLE STATUS LIKE '$table'" );
+	if ( ! $table_details ) {
+		return false;
+	}
+
+	list( $table_charset ) = explode( '_', $table_details->Collation );
+	$table_charset = strtolower( $table_charset );
+	if ( 'utf8mb4' === $table_charset ) {
+		return true;
+	}
+
 	return $wpdb->query( "ALTER TABLE $table CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci" );
 }
 
@@ -2366,14 +2477,9 @@ function pre_schema_upgrade() {
 		}
 	}
 
-	if ( $wp_current_db_version < 30133 ) {
-		// dbDelta() can recreate but can't drop the index.
-		$wpdb->query( "ALTER TABLE $wpdb->terms DROP INDEX slug" );
-	}
-
 	// Upgrade versions prior to 4.2.
 	if ( $wp_current_db_version < 31351 ) {
-		if ( ! is_multisite() ) {
+		if ( ! is_multisite() && ! defined( 'DO_NOT_UPGRADE_GLOBAL_TABLES' ) ) {
 			$wpdb->query( "ALTER TABLE $wpdb->usermeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191))" );
 		}
 		$wpdb->query( "ALTER TABLE $wpdb->terms DROP INDEX slug, ADD INDEX slug(slug(191))" );

wp-admin/js/common.js

@@ -860,7 +860,7 @@ $(document).ready( function() {
 	window.wpResponsive.init();
 	setPinMenu();
 
-	$document.on( 'wp-window-resized.pin-menu postboxes-columnchange.pin-menu postbox-toggled.pin-menu wp-collapse-menu.pin-menu wp-scroll-start.pin-menu', setPinMenu );
+	$document.on( 'wp-pin-menu wp-window-resized.pin-menu postboxes-columnchange.pin-menu postbox-toggled.pin-menu wp-collapse-menu.pin-menu wp-scroll-start.pin-menu', setPinMenu );
 });
 
 // Fire a custom jQuery event at the end of window resize

wp-admin/js/dashboard.js

@@ -124,7 +124,7 @@ jQuery(document).ready( function($) {
 	};
 	quickPressLoad();
 
-	$( '.meta-box-sortables' ).sortable( 'option', 'containment', 'document' );
+	$( '.meta-box-sortables' ).sortable( 'option', 'containment', '#wpwrap' );
 
 	function autoResizeTextarea() {
 		if ( document.documentMode && document.documentMode < 9 ) {

wp-admin/js/dashboard.min.js

@@ -1 +1 @@
-var ajaxWidgets,ajaxPopulateWidgets,quickPressLoad;jQuery(document).ready(function(a){function b(){if(!(document.documentMode&&document.documentMode<9)){a("body").append('<div class="quick-draft-textarea-clone" style="display: none;"></div>');var b=a(".quick-draft-textarea-clone"),c=a("#content"),d=c.height(),e=a(window).height()-100;b.css({"font-family":c.css("font-family"),"font-size":c.css("font-size"),"line-height":c.css("line-height"),"padding-bottom":c.css("paddingBottom"),"padding-left":c.css("paddingLeft"),"padding-right":c.css("paddingRight"),"padding-top":c.css("paddingTop"),"white-space":"pre-wrap","word-wrap":"break-word",display:"none"}),c.on("focus input propertychange",function(){var f=a(this),g=f.val()+"&nbsp;",h=b.css("width",f.css("width")).text(g).outerHeight()+2;c.css("overflow-y","auto"),h===d||h>=e&&d>=e||(d=h>e?e:h,c.css("overflow","hidden"),f.css("height",d+"px"))})}}var c,d=a("#welcome-panel"),e=a("#wp_welcome_panel-hide");c=function(b){a.post(ajaxurl,{action:"update-welcome-panel",visible:b,welcomepanelnonce:a("#welcomepanelnonce").val()})},d.hasClass("hidden")&&e.prop("checked")&&d.removeClass("hidden"),a(".welcome-panel-close, .welcome-panel-dismiss a",d).click(function(b){b.preventDefault(),d.addClass("hidden"),c(0),a("#wp_welcome_panel-hide").prop("checked",!1)}),e.click(function(){d.toggleClass("hidden",!this.checked),c(this.checked?1:0)}),ajaxWidgets=["dashboard_primary"],ajaxPopulateWidgets=function(b){function c(b,c){var d,e=a("#"+c+" div.inside:visible").find(".widget-loading");e.length&&(d=e.parent(),setTimeout(function(){d.load(ajaxurl+"?action=dashboard-widgets&widget="+c+"&pagenow="+pagenow,"",function(){d.hide().slideDown("normal",function(){a(this).css("display","")})})},500*b))}b?(b=b.toString(),-1!==a.inArray(b,ajaxWidgets)&&c(0,b)):a.each(ajaxWidgets,c)},ajaxPopulateWidgets(),postboxes.add_postbox_toggles(pagenow,{pbshow:ajaxPopulateWidgets}),quickPressLoad=function(){var c,d=a("#quickpost-action");a('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').prop("disabled",!1),c=a("#quick-press").submit(function(){function b(){var b=a(".drafts ul li").first();b.css("background","#fffbe5"),setTimeout(function(){b.css("background","none")},1e3)}return a("#dashboard_quick_press #publishing-action .spinner").show(),a('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').prop("disabled",!0),a.post(c.attr("action"),c.serializeArray(),function(c){a("#dashboard_quick_press .inside").html(c),a("#quick-press").removeClass("initial-form"),quickPressLoad(),b(),a("#title").focus()}),!1}),a("#publish").click(function(){d.val("post-quickpress-publish")}),a("#title, #tags-input, #content").each(function(){var b=a(this),c=a("#"+this.id+"-prompt-text");""===this.value&&c.removeClass("screen-reader-text"),c.click(function(){a(this).addClass("screen-reader-text"),b.focus()}),b.blur(function(){""===this.value&&c.removeClass("screen-reader-text")}),b.focus(function(){c.addClass("screen-reader-text")})}),a("#quick-press").on("click focusin",function(){wpActiveEditor="content"}),b()},quickPressLoad(),a(".meta-box-sortables").sortable("option","containment","document")});
+var ajaxWidgets,ajaxPopulateWidgets,quickPressLoad;jQuery(document).ready(function(a){function b(){if(!(document.documentMode&&document.documentMode<9)){a("body").append('<div class="quick-draft-textarea-clone" style="display: none;"></div>');var b=a(".quick-draft-textarea-clone"),c=a("#content"),d=c.height(),e=a(window).height()-100;b.css({"font-family":c.css("font-family"),"font-size":c.css("font-size"),"line-height":c.css("line-height"),"padding-bottom":c.css("paddingBottom"),"padding-left":c.css("paddingLeft"),"padding-right":c.css("paddingRight"),"padding-top":c.css("paddingTop"),"white-space":"pre-wrap","word-wrap":"break-word",display:"none"}),c.on("focus input propertychange",function(){var f=a(this),g=f.val()+"&nbsp;",h=b.css("width",f.css("width")).text(g).outerHeight()+2;c.css("overflow-y","auto"),h===d||h>=e&&d>=e||(d=h>e?e:h,c.css("overflow","hidden"),f.css("height",d+"px"))})}}var c,d=a("#welcome-panel"),e=a("#wp_welcome_panel-hide");c=function(b){a.post(ajaxurl,{action:"update-welcome-panel",visible:b,welcomepanelnonce:a("#welcomepanelnonce").val()})},d.hasClass("hidden")&&e.prop("checked")&&d.removeClass("hidden"),a(".welcome-panel-close, .welcome-panel-dismiss a",d).click(function(b){b.preventDefault(),d.addClass("hidden"),c(0),a("#wp_welcome_panel-hide").prop("checked",!1)}),e.click(function(){d.toggleClass("hidden",!this.checked),c(this.checked?1:0)}),ajaxWidgets=["dashboard_primary"],ajaxPopulateWidgets=function(b){function c(b,c){var d,e=a("#"+c+" div.inside:visible").find(".widget-loading");e.length&&(d=e.parent(),setTimeout(function(){d.load(ajaxurl+"?action=dashboard-widgets&widget="+c+"&pagenow="+pagenow,"",function(){d.hide().slideDown("normal",function(){a(this).css("display","")})})},500*b))}b?(b=b.toString(),-1!==a.inArray(b,ajaxWidgets)&&c(0,b)):a.each(ajaxWidgets,c)},ajaxPopulateWidgets(),postboxes.add_postbox_toggles(pagenow,{pbshow:ajaxPopulateWidgets}),quickPressLoad=function(){var c,d=a("#quickpost-action");a('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').prop("disabled",!1),c=a("#quick-press").submit(function(){function b(){var b=a(".drafts ul li").first();b.css("background","#fffbe5"),setTimeout(function(){b.css("background","none")},1e3)}return a("#dashboard_quick_press #publishing-action .spinner").show(),a('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').prop("disabled",!0),a.post(c.attr("action"),c.serializeArray(),function(c){a("#dashboard_quick_press .inside").html(c),a("#quick-press").removeClass("initial-form"),quickPressLoad(),b(),a("#title").focus()}),!1}),a("#publish").click(function(){d.val("post-quickpress-publish")}),a("#title, #tags-input, #content").each(function(){var b=a(this),c=a("#"+this.id+"-prompt-text");""===this.value&&c.removeClass("screen-reader-text"),c.click(function(){a(this).addClass("screen-reader-text"),b.focus()}),b.blur(function(){""===this.value&&c.removeClass("screen-reader-text")}),b.focus(function(){c.addClass("screen-reader-text")})}),a("#quick-press").on("click focusin",function(){wpActiveEditor="content"}),b()},quickPressLoad(),a(".meta-box-sortables").sortable("option","containment","#wpwrap")});

wp-admin/js/editor-expand.js

@@ -15,7 +15,7 @@
 			$visualEditor = $(),
 			$textTop = $( '#ed_toolbar' ),
 			$textEditor = $( '#content' ),
-			$textEditorClone = $( '<div id="content-textarea-clone"></div>' ),
+			$textEditorClone = $( '<div id="content-textarea-clone" class="wp-exclude-emoji"></div>' ),
 			$bottom = $( '#post-status-info' ),
 			$menuBar = $(),
 			$statusBar = $(),

wp-admin/js/nav-menu.js

@@ -492,7 +492,7 @@ var wpNavMenu;
 				title = menus.subMenuFocus.replace( '%1$s', itemName ).replace( '%2$d', itemPosition ).replace( '%3$s', parentItemName );
 			}
 
-			$this.prop('title', title).html( title );
+			$this.prop('title', title).text( title );
 
 			// Mark this item's accessibility as refreshed
 			$this.data( 'needs_accessibility_refresh', false );

wp-admin/js/updates.js

@@ -250,7 +250,7 @@ window.wp = window.wp || {};
 	wp.updates.updateError = function( response ) {
 		var $message, name;
 		wp.updates.updateDoneSuccessfully = false;
-		if ( response.errorCode && response.errorCode == 'unable_to_connect_to_filesystem' ) {
+		if ( response.errorCode && response.errorCode == 'unable_to_connect_to_filesystem' && wp.updates.shouldRequestFilesystemCredentials ) {
 			wp.updates.credentialError( response, 'update-plugin' );
 			return;
 		}
@@ -263,10 +263,18 @@ window.wp = window.wp || {};
 			$message.attr( 'aria-label', wp.updates.l10n.updateFailedLabel.replace( '%s', name ) );
 		}
 		$message.removeClass( 'updating-message' );
-		$message.text( wp.updates.l10n.updateFailed );
+		$message.html( wp.updates.l10n.updateFailed + ': ' + response.error );
 		wp.a11y.speak( wp.updates.l10n.updateFailed );
 
+		/*
+		 * The lock can be released since this failure was
+		 * after the credentials form.
+		 */
+		wp.updates.updateLock = false;
+
 		$(document).trigger( 'wp-plugin-update-error', response );
+
+		wp.updates.queueChecker();
 	};
 
 	/**
@@ -467,6 +475,11 @@ window.wp = window.wp || {};
 			wp.updates.requestForCredentialsModalCancel();
 		});
 
+		// Hide SSH fields when not selected
+		$( '#request-filesystem-credentials-dialog input[name="connection_type"]' ).on( 'change', function() {
+			$( this ).parents( 'form' ).find( '#private_key, #public_key' ).parents( 'label' ).toggle( ( 'ssh' == $( this ).val() ) );
+		}).change();
+
 		// Click handler for plugin updates in List Table view.
 		$( '.plugin-update-tr' ).on( 'click', '.update-link', function( e ) {
 			e.preventDefault();
@@ -490,7 +503,6 @@ window.wp = window.wp || {};
 			wp.updates.updatePlugin( $button.data( 'plugin' ), $button.data( 'slug' ) );
 		} );
 
-		//
 		$( '#plugin_update_from_iframe' ).on( 'click' , function( e ) {
 			var target,	data;
 

wp-admin/js/widgets.js

@@ -1,6 +1,7 @@
 /*global ajaxurl, isRtl */
 var wpWidgets;
 (function($) {
+	var $document = $( document );
 
 wpWidgets = {
 
@@ -22,10 +23,13 @@ wpWidgets = {
 			} else {
 				$wrap.addClass('closed');
 			}
+
+			$document.triggerHandler( 'wp-pin-menu' );
 		});
 
 		$('#widgets-left .sidebar-name').click( function() {
 			$(this).closest('.widgets-holder-wrap').toggleClass('closed');
+			$document.triggerHandler( 'wp-pin-menu' );
 		});
 
 		$(document.body).bind('click.widgets-toggle', function(e) {
@@ -89,7 +93,7 @@ wpWidgets = {
 			distance: 2,
 			helper: 'clone',
 			zIndex: 100,
-			containment: 'document',
+			containment: '#wpwrap',
 			start: function( event, ui ) {
 				var chooser = $(this).find('.widgets-chooser');
 
@@ -119,7 +123,7 @@ wpWidgets = {
 			handle: '> .widget-top > .widget-title',
 			cursor: 'move',
 			distance: 2,
-			containment: 'document',
+			containment: '#wpwrap',
 			start: function( event, ui ) {
 				var height, $this = $(this),
 					$wrap = $this.parent(),
@@ -174,7 +178,7 @@ wpWidgets = {
 
 					wpWidgets.save( $widget, 0, 0, 1 );
 					$widget.find('input.add_new').val('');
-					$( document ).trigger( 'widget-added', [ $widget ] );
+					$document.trigger( 'widget-added', [ $widget ] );
 				}
 
 				$sidebar = $widget.parent();
@@ -381,7 +385,7 @@ wpWidgets = {
 				if ( r && r.length > 2 ) {
 					$( 'div.widget-content', widget ).html( r );
 					wpWidgets.appendTitle( widget );
-					$( document ).trigger( 'widget-updated', [ widget ] );
+					$document.trigger( 'widget-updated', [ widget ] );
 				}
 			}
 			if ( order ) {
@@ -446,7 +450,7 @@ wpWidgets = {
 		// No longer "new" widget
 		widget.find( 'input.add_new' ).val('');
 
-		$( document ).trigger( 'widget-added', [ widget ] );
+		$document.trigger( 'widget-added', [ widget ] );
 
 		/*
 		 * Check if any part of the sidebar is visible in the viewport. If it is, don't scroll.
@@ -489,6 +493,6 @@ wpWidgets = {
 	}
 };
 
-$(document).ready( function(){ wpWidgets.init(); } );
+$document.ready( function(){ wpWidgets.init(); } );
 
 })(jQuery);

wp-admin/post.php

@@ -115,8 +115,9 @@ case 'post-quickdraft-save':
 	if ( ! wp_verify_nonce( $nonce, 'add-post' ) )
 		$error_msg = __( 'Unable to submit this form, please refresh and try again.' );
 
-	if ( ! current_user_can( 'edit_posts' ) )
-		$error_msg = __( 'Oops, you don’t have access to add new drafts.' );
+	if ( ! current_user_can( 'edit_posts' ) ) {
+		exit;
+	}
 
 	if ( $error_msg )
 		return wp_dashboard_quick_press( $error_msg );
@@ -159,6 +160,7 @@ case 'edit':
 		wp_die( __( 'You can’t edit this item because it is in the Trash. Please restore it and try again.' ) );
 
 	if ( ! empty( $_GET['get-post-lock'] ) ) {
+		check_admin_referer( 'lock-post_' . $post_id );
 		wp_set_post_lock( $post_id );
 		wp_redirect( get_edit_post_link( $post_id, 'url' ) );
 		exit();

wp-content/themes/twentyfifteen/genericons/example.html

@@ -1,719 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<title>Genericons</title>
-<link rel="stylesheet" href="genericons.css">
-<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
-<style type="text/css">
-/**
- * Example page CSS
- */
-
-body {
-	font-family: sans-serif;
-	line-height: 1.5;
-	margin: 0;
-	color: #2f2d2c;
-	background: #fff;
-	font-size: 11pt;
-}
-
-a {
-	color: #2f2d2c;
-}
-
-h4 {
-	margin-top: 40px;
-}
-
-#iconlist {
-	clear: both;
-	margin-bottom: 20px;
-}
-
-#iconlist div {
-	padding: 10px;
-	overflow: hidden;
-	white-space: nowrap;
-	font-size: 32px;
-	line-height: 1;
-	position: relative;
-	width: 32px;
-	height: 32px;
-}
-
-#iconlist div:before {
-	margin-right: 20px;
-}
-
-#iconlist div:hover {
-	cursor: pointer;
-	color: #e4c05c;
-}
-
-#primary {
-	background: #e4c05c;
-	overflow: hidden;
-}
-
-#content {
-	position: relative;
-	color: #fff;
-	max-width: 980px;
-	padding: 0 10px;
-	margin: 0 auto;
-}
-
-#icons {
-	background: #fbfbfb;
-}
-
-#icons #iconlist {
-	max-width: 980px;
-	box-sizing: border-box;
-	-moz-box-sizing:border-box;
-	-webkit-box-sizing:border-box;
-	padding: 20px 0;
-	margin: 0 auto;
-}
-
-#glyph {
-	float: left;
-	width: 50%;
-	box-sizing: border-box;
-	-moz-box-sizing:border-box;
-	-webkit-box-sizing:border-box;
-	-ms-box-sizing:border-box;
-	padding: 20px 0;
-}
-
-#glyph .info {
-	float: right;
-	width: 180px;
-	padding: 36px 0 0 0;
-}
-
-#glyph .info a {
-	color: #2f2d2c;
-	display: block;
-	padding: 8px 0 8px 15px;
-}
-
-#glyph .info strong {
-	font-weight: normal;
-	display: block;
-	padding: 8px 0;
-}
-
-#glyph .genericon {
-	font-size: 256px;
-	width: 256px;
-	height: 256px;
-	overflow: visible;
-	float: left;
-}
-
-.description {
-	margin-top: 50px;
-	width: 48%;
-	float: right;
-	padding-left: 40px;
-	margin-left: 2%;
-	box-sizing: border-box;
-	-moz-box-sizing:border-box;
-	-webkit-box-sizing:border-box;
-	-ms-box-sizing:border-box;
-	background-size: 4px 4px;
-}
-
-#primary h2 {
-	color: white;
-	margin: 0 auto;
-	padding: 22px 0 0 20px;
-	max-width: 980px;
-	font-size: 2em;
-}
-
-#primary h2 span {
-	display: block;
-	font-weight: normal;
-	font-size: 12pt;
-}
-
-#footer {
-	clear: both;
-	max-width: 980px;
-	margin: 80px auto;
-	text-align: center;
-	text-transform: uppercase;
-	letter-spacing: .1em;
-	font-size: 7pt;
-	color: #ddd;
-}
-
-#footer a {
-	color: #ccc;
-	display: inline-block;
-	width: 150px;
-	overflow: hidden;
-	text-indent: 100%;
-	position: relative;
-	top: 2px;
-	opacity: .3;
-	background-repeat: no-repeat;
-	background-position: center top;
-	background-image: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4NCjwhLS0gR2VuZXJhdG9yOiBBZG9iZSBJbGx1c3RyYXRvciAxNi4wLjQsIFNWRyBFeHBvcnQgUGx1Zy1JbiAuIFNWRyBWZXJzaW9uOiA2LjAwIEJ1aWxkIDApICAtLT4NCjwhRE9DVFlQRSBzdmcgUFVCTElDICItLy9XM0MvL0RURCBTVkcgMS4xLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL0dyYXBoaWNzL1NWRy8xLjEvRFREL3N2ZzExLmR0ZCI+DQo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4Ig0KCSB3aWR0aD0iMTUwcHgiIGhlaWdodD0iMTRweCIgdmlld0JveD0iMTAgMCAxNTAgMTQiIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMTAgMCAxNTAgMTQiIHhtbDpzcGFjZT0icHJlc2VydmUiPg0KPGc+DQoJPHBhdGggZmlsbD0iIzQ0NDQ0NCIgZD0iTTY1LjQzOCwxMi41Yy0zLjYyNiwwLTUuOTc2LTIuNjEyLTUuOTc2LTUuMzMxVjYuODMxYzAtMi43NjUsMi4zNTEtNS4zMyw1Ljk3Ni01LjMzDQoJCWMzLjY0MSwwLDUuOTksMi41NjUsNS45OSw1LjMzdjAuMzM5QzcxLjQyOCw5Ljg4OCw2OS4wNzksMTIuNSw2NS40MzgsMTIuNXogTTY5LjQ5Miw2Ljg2MWMwLTEuOTgtMS40NDQtMy43NDgtNC4wNTUtMy43NDgNCgkJcy00LjA0LDEuNzY4LTQuMDQsMy43NDh2MC4yNDZjMCwxLjk4MSwxLjQyOSwzLjc3OSw0LjA0LDMuNzc5czQuMDU1LTEuNzk4LDQuMDU1LTMuNzc5VjYuODYxeiIvPg0KCTxwYXRoIGZpbGw9IiM0NDQ0NDQiIGQ9Ik0yNC40OTgsMTIuMWwtMS4zNTItMi41MzVoLTYuMDA3TDE1LjgzNCwxMi4xaC0yLjAyOGw1LjUzMS0xMC4yM2gxLjU5N2w1LjYyMiwxMC4yM0gyNC40OThMMjQuNDk4LDEyLjF6DQoJCSBNMjAuMDksMy44NjZsLTIuMjI4LDQuMzAxaDQuNTMxTDIwLjA5LDMuODY2eiIvPg0KCTxwYXRoIGZpbGw9IiM0NDQ0NDQiIGQ9Ik0zNS4yODEsMTIuNWMtMy42NzEsMC01LjM3Ni0xLjk5Ni01LjM3Ni00LjY1NFYxLjg3aDEuOTA0djYuMDA2YzAsMS44OTEsMS4yNDUsMy4wMTMsMy42MSwzLjAxMw0KCQljMi40MjgsMCwzLjQyNi0xLjEyMiwzLjQyNi0zLjAxM1YxLjg3aDEuOTJ2NS45NzZDNDAuNzY3LDEwLjM4LDM5LjEzOCwxMi41LDM1LjI4MSwxMi41eiIvPg0KCTxwYXRoIGZpbGw9IiM0NDQ0NDQiIGQ9Ik01MS40NTgsMy40NjdWMTIuMWgtMS45MTlWMy40NjdoLTQuNDcxVjEuODdoMTAuODZ2MS41OThMNTEuNDU4LDMuNDY3TDUxLjQ1OCwzLjQ2N3oiLz4NCgk8cGF0aCBmaWxsPSIjNDQ0NDQ0IiBkPSJNODguNTQzLDEyLjFWNC4wMDRsLTAuNTA5LDAuODkxTDgzLjc0OSwxMi4xaC0wLjkzN2wtNC4yNC03LjIwNWwtMC41MDYtMC44OTFWMTIuMWgtMS44NzVWMS44N2gyLjY1OA0KCQlsNC4wNCw3LjAyMWwwLjQ3NiwwLjg2bDAuNDc3LTAuODZsMy45OTQtNy4wMjFoMi42MjdWMTIuMUg4OC41NDNMODguNTQzLDEyLjF6Ii8+DQoJPHBhdGggZmlsbD0iIzQ0NDQ0NCIgZD0iTTEwNC45NzgsMTIuMWwtMS4zNTItMi41MzVoLTYuMDA4TDk2LjMxMywxMi4xaC0yLjAyOGw1LjUzMS0xMC4yMzFoMS41OTlsNS42MjIsMTAuMjMxSDEwNC45Nzh6DQoJCSBNMTAwLjU3LDMuODY2bC0yLjIyOCw0LjMwMWg0LjUyOUwxMDAuNTcsMy44NjZ6Ii8+DQoJPHBhdGggZmlsbD0iIzQ0NDQ0NCIgZD0iTTExNC43NzgsMy40NjdWMTIuMWgtMS45MlYzLjQ2N2gtNC40N1YxLjg3aDEwLjg2djEuNTk4TDExNC43NzgsMy40NjdMMTE0Ljc3OCwzLjQ2N3oiLz4NCgk8cGF0aCBmaWxsPSIjNDQ0NDQ0IiBkPSJNMTI4Ljg2NiwzLjQ2N1YxMi4xaC0xLjkxOVYzLjQ2N2gtNC40NzJWMS44N2gxMC44NnYxLjU5OEwxMjguODY2LDMuNDY3TDEyOC44NjYsMy40Njd6Ii8+DQoJPHBhdGggZmlsbD0iIzQ0NDQ0NCIgZD0iTTEzOC4wNjcsMTIuMVYyLjgzN2MwLjc2OSwwLDEuMDc2LTAuNDE1LDEuMDc2LTAuOTY4aDAuODE0VjEyLjFIMTM4LjA2N0wxMzguMDY3LDEyLjF6Ii8+DQoJPHBhdGggZmlsbD0iIzQ0NDQ0NCIgZD0iTTE1NC45OTYsNC43NTdjLTAuOTIxLTAuODQ1LTIuMjc0LTEuNjQ0LTQuMTAyLTEuNjQ0Yy0yLjczMywwLTQuMjcsMS44NzUtNC4yNywzLjgyNXYwLjINCgkJYzAsMS45MzcsMS41NTEsMy43NDgsNC40MDgsMy43NDhjMS43MDUsMCwzLjExOC0wLjgxNCw0LjAwOS0xLjY0NGwxLjE1MiwxLjIxNWMtMS4xMjEsMS4xMDctMy4wMjYsMi4wNDMtNS4yODUsMi4wNDMNCgkJYy0zLjg3LDAtNi4yMjMtMi41MjEtNi4yMjMtNS4yODRWNi44NzdjMC0yLjc2NiwyLjU2Ni01LjM3Nyw2LjMxNC01LjM3N2MyLjE2NywwLDQuMTM2LDAuOTA2LDUuMTk0LDIuMDQzTDE1NC45OTYsNC43NTd6Ii8+DQoJPHBhdGggZmlsbD0iIzQ0NDQ0NCIgZD0iTTY2LjcwMiw1LjA2YzAuMzQ3LDAuMjI0LDAuNDQ0LDAuNjg3LDAuMjE5LDEuMDM3TDY1LjE2OSw4LjgxYy0wLjIyNSwwLjM0Ny0wLjY4OCwwLjQ0OC0xLjAzMywwLjIyOWwwLDANCgkJQzYzLjc5LDguODEyLDYzLjY5Miw4LjM1MSw2My45MTcsOGwxLjc1MS0yLjcxM0M2NS44OTMsNC45MzgsNjYuMzU1LDQuODM3LDY2LjcwMiw1LjA2TDY2LjcwMiw1LjA2eiIvPg0KPC9nPg0KPC9zdmc+DQo=');
-}
-
-#footer a:hover {
-	opacity: 1;
-}
-
-pre, code {
-	font: 14px/1.5 monospace;
-}
-
-.code {
-	display: block;
-	font: 14px/1.5 monospace;
-	width: 600px;
-	white-space: pre;
-	border: 1px solid #ccc;
-	padding: 10px;
-	overflow: auto;
-	min-height: 110px;
-}
-
-#iconlist .new, #iconlist .update {
-	position: relative;
-}
-
-#iconlist .new:after, #iconlist .update:after {
-	color: #e4c05c;
-	display: block;
-	content: "NEW";
-	font: bold 8px/1 sans-serif;
-	position: absolute;
-	top: 0px;
-	text-align: center;
-	z-index: 10;
-	width: 100%;
-}
-
-#iconlist .update:after {
-	content: "UPDATE";
-	left: -1px;
-}
-
-body.searching #iconlist span.update:after, body.searching #iconlist span.new:after {
-	display: none;
-}
-
-#search {
-	border: 0;
-	border-radius: 2px;
-	position: absolute;
-	right: 20px;
-	font: 11pt sans-serif;
-	padding: 10px;
-	top: 20px;
-	background: rgba(255,255,255,.8);
-}
-
-#search:focus {
-	background: #fff;
-	outline: none;
-}
-
-.genericon-404 {
-	display: none !important; /* This is an easter egg */
-}
-
-.genericon:after {
-	content: attr(alt);
-	display: block;
-	font-size: 9px;
-	color: #999;
-	text-align: center;
-}
-
-.hideUACs.genericon:after {
-	content: none;
-}
-
-
-@media only screen and ( max-width: 900px ) {
-
-	#glyph {
-		float: none;
-		width: 100%;
-	}
-
-	#glyph .info {
-		width: 30%;
-	}
-	#glyph .genericon {
-		width: 70%;
-	}
-
-	.description {
-		clear: both;
-		width: 100%;
-		background: none;
-		padding-left: 0;
-		float: none;
-	}
-
-}
-</style>
-<script type="text/javascript">
-/**
- * Example page JS
- */
-
-function copyToClipboard ( text, copyMode ) {
-	if ( copyMode == "css" ) {
-		window.prompt( "Copy this, then paste in your CSS :before selector.", text );
-	} else if ( copyMode == "html" ) {
-		window.prompt( "Copy this, then paste in your HTML.", text );
-	} else {
-		window.prompt( "Copy this, then paste in your Photoshop textfield.", text );
-	}
-}
-
-function pickRandomIcon() {
-	var divs = jQuery("#iconlist div").get().sort(function(){
-			return Math.round(Math.random())-0.5;
-		}).slice(0,1);
-
-	attr = jQuery(divs).attr('alt');
-	cssclass = jQuery(divs).attr('class');
-	displayGlyph( attr, cssclass );
-
-}
-
-function displayGlyph( attr, cssclass ) {
-
-	// set permalink
-	var permalink = cssclass.split(' genericon-')[1];
-	window.location.hash = permalink;
-
-	// css copy string
-	csstext = "content: \'\\" + attr + "';";
-
-	// html copy string
-	htmltext = '<span class="' + cssclass + '"></span>';
-
-	// glyph copy string
-	glyphtemp = "&#x" + attr + ";";
-	jQuery('#temp').html( glyphtemp );
-	glyphtext = jQuery('#temp').text();
-
-	// final output
-	output = '<div class="' + cssclass + '"></div>'
-	+ '<div class="info">'
-		+ '<strong>&larr; ' + cssclass.split( ' ' )[1] + '</strong>'
-		+ '<a href="javascript:copyToClipboard(csstext, \'css\')">Copy CSS</a>'
-		+ '<a href="javascript:copyToClipboard(htmltext, \'html\')">Copy HTML</a>'
-		+ '<a href="javascript:copyToClipboard(glyphtext)">Copy Glyph</a>'
-	+ '</div>';
-
-	jQuery( '#glyph' ).html( output );
-
-}
-
-function sortUnicode ( a, b ) {
-	var numberA = jQuery(a).attr('alt').replace('f', '');
-	var numberB = jQuery(b).attr('alt').replace('f', '');
-	var contentA =parseInt( numberA, 16 );
-	var contentB =parseInt( numberB, 16 );
-	return (contentA < contentB) ? -1 : (contentA > contentB) ? 1 : 0;
-}
-
-jQuery(document).ready(function() {
-
-	// pick random icon if no permalink, otherwise go to permalink
-	if ( window.location.hash ) {
-		permalink = "genericon-" + window.location.hash.split('#')[1];
-		attr = jQuery( '.' + permalink ).attr( 'alt' );
-		cssclass = jQuery( '.' + permalink ).attr('class');
-		displayGlyph( attr, cssclass );
-	} else {
-		pickRandomIcon();
-	}
-
-	jQuery( '#iconlist div' ).click(function() {
-
-		attr = jQuery( this ).attr( 'alt' );
-		cssclass = jQuery( this ).attr( 'class' );
-
-		displayGlyph( attr, cssclass );
-
-	});
-
-	var $rows = jQuery('#iconlist div');
-	jQuery('#search').keyup(function() {
-
-		// remove update text when using search
-		jQuery('body').addClass('searching');
-
-	    var val = jQuery.trim(jQuery(this).val()).replace(/ +/g, ' ').toLowerCase();
-
-	    $rows.show().filter(function() {
-	        var text = jQuery(this).text().replace(/\s+/g, ' ').toLowerCase();
-	        return !~text.indexOf(val);
-	    }).hide();
-	});
-
-	jQuery('input#search').focus();
-
-	// sort based on number
-	jQuery('#iconlist div').sort( sortUnicode ).appendTo('#iconlist');
-
-});
-
-function toggleUACs() {
-	jQuery('.genericon').toggleClass('hideUACs');
-}
-</script>
-</head>
-
-<body>
-
-<div id="main">
-
-	<div id="primary">
-		<div id="content">
-
-			<h2>Genericons <span>&mdash; A free, GPL, flexible icon font for blogs!</span></h2>
-
-			<input placeholder="Filter..." name="search" id="search" type="text" value="" maxlength="150" />
-
-			<div id="glyph">
-			</div>
-
-			<div class="description">
-				<p>Genericons are vector icons embedded in a webfont designed to be clean and simple keeping with a generic aesthetic. Use for instant HiDPI or to easily change colors on the fly.</p>
-			</div>
-
-		</div>
-	</div>
-
-	<div id="icons">
-		<div id="iconlist">
-
-			<!-- note, the text inside the HTML elements is purely for the seach -->
-
-			<div alt="f423" class="genericon genericon-404" title="genericon-404">404</div>
-
-			<div alt="f508" class="genericon genericon-activity" title="genericon-activity">activity</div>
-
-			<div alt="f509" class="genericon genericon-anchor" title="genericon-anchor">anchor</div>
-
-			<div alt="f101" class="genericon genericon-aside" title="genericon-aside">aside</div>
-
-			<div alt="f416" class="genericon genericon-attachment" title="genericon-attachment">attachment</div>
-
-			<div alt="f109" class="genericon genericon-audio" title="genericon-audio">audio</div>
-
-			<div alt="f471" class="genericon genericon-bold" title="genericon-bold">bold</div>
-
-			<div alt="f444" class="genericon genericon-book" title="genericon-book">book</div>
-
-			<div alt="f50a" class="genericon genericon-bug" title="genericon-bug">bug</div>
-
-			<div alt="f447" class="genericon genericon-cart" title="genericon-cart">cart</div>
-
-			<div alt="f301" class="genericon genericon-category" title="genericon-category">category</div>
-
-			<div alt="f108" class="genericon genericon-chat" title="genericon-chat">chat</div>
-
-			<div alt="f418" class="genericon genericon-checkmark" title="genericon-checkmark">checkmark</div>
-
-			<div alt="f405" class="genericon genericon-close" title="genericon-close">close</div>
-
-			<div alt="f406" class="genericon genericon-close-alt" title="genericon-close-alt">close-alt</div>
-
-			<div alt="f426" class="genericon genericon-cloud" title="genericon-cloud">cloud</div>
-
-			<div alt="f440" class="genericon genericon-cloud-download" title="genericon-cloud-download">cloud-download</div>
-
-			<div alt="f441" class="genericon genericon-cloud-upload" title="genericon-cloud-upload">cloud-upload</div>
-
-			<div alt="f462" class="genericon genericon-code" title="genericon-code">code</div>
-
-			<div alt="f216" class="genericon genericon-codepen" title="genericon-codepen">codepen</div>
-
-			<div alt="f445" class="genericon genericon-cog" title="genericon-cog">cog</div>
-
-			<div alt="f432" class="genericon genericon-collapse" title="genericon-collapse">collapse</div>
-
-			<div alt="f300" class="genericon genericon-comment" title="genericon-comment">comment</div>
-
-			<div alt="f305" class="genericon genericon-day" title="genericon-day">day</div>
-
-			<div alt="f221" class="genericon genericon-digg" title="genericon-digg">digg</div>
-
-			<div alt="f443" class="genericon genericon-document" title="genericon-document">document</div>
-
-			<div alt="f428" class="genericon genericon-dot" title="genericon-dot">dot</div>
-
-			<div alt="f502" class="genericon genericon-downarrow" title="genericon-downarrow">downarrow</div>
-
-			<div alt="f50b" class="genericon genericon-download" title="genericon-download">download</div>
-
-			<div alt="f436" class="genericon genericon-draggable" title="genericon-draggable">draggable</div>
-
-			<div alt="f201" class="genericon genericon-dribbble" title="genericon-dribbble">dribbble</div>
-
-			<div alt="f225" class="genericon genericon-dropbox" title="genericon-dropbox">dropbox</div>
-
-			<div alt="f433" class="genericon genericon-dropdown" title="genericon-dropdown">dropdown</div>
-
-			<div alt="f434" class="genericon genericon-dropdown-left" title="genericon-dropdown-left">dropdown-left</div>
-
-			<div alt="f411" class="genericon genericon-edit" title="genericon-edit">edit</div>
-
-			<div alt="f476" class="genericon genericon-ellipsis" title="genericon-ellipsis">ellipsis</div>
-
-			<div alt="f431" class="genericon genericon-expand" title="genericon-expand">expand</div>
-
-			<div alt="f442" class="genericon genericon-external" title="genericon-external">external</div>
-
-			<div alt="f203" class="genericon genericon-facebook" title="genericon-facebook">facebook</div>
-
-			<div alt="f204" class="genericon genericon-facebook-alt" title="genericon-facebook-alt">facebook-alt</div>
-
-			<div alt="f458" class="genericon genericon-fastforward" title="genericon-fastforward">fastforward</div>
-
-			<div alt="f413" class="genericon genericon-feed" title="genericon-feed">feed</div>
-
-			<div alt="f468" class="genericon genericon-flag" title="genericon-flag">flag</div>
-
-			<div alt="f211" class="genericon genericon-flickr" title="genericon-flickr">flickr</div>
-
-			<div alt="f226" class="genericon genericon-foursquare" title="genericon-foursquare">foursquare</div>
-
-			<div alt="f474" class="genericon genericon-fullscreen" title="genericon-fullscreen">fullscreen</div>
-
-			<div alt="f103" class="genericon genericon-gallery" title="genericon-gallery">gallery</div>
-
-			<div alt="f200" class="genericon genericon-github" title="genericon-github">github</div>
-
-			<div alt="f206" class="genericon genericon-googleplus" title="genericon-googleplus">googleplus</div>
-
-			<div alt="f218" class="genericon genericon-googleplus-alt" title="genericon-googleplus-alt">googleplus-alt</div>
-
-			<div alt="f50c" class="genericon genericon-handset" title="genericon-handset">handset</div>
-
-			<div alt="f461" class="genericon genericon-heart" title="genericon-heart">heart</div>
-
-			<div alt="f457" class="genericon genericon-help" title="genericon-help">help</div>
-
-			<div alt="f404" class="genericon genericon-hide" title="genericon-hide">hide</div>
-
-			<div alt="f505" class="genericon genericon-hierarchy" title="genericon-hierarchy">hierarchy</div>
-
-			<div alt="f409" class="genericon genericon-home" title="genericon-home">home</div>
-
-			<div alt="f102" class="genericon genericon-image" title="genericon-image">image</div>
-
-			<div alt="f455" class="genericon genericon-info" title="genericon-info">info</div>
-
-			<div alt="f215" class="genericon genericon-instagram" title="genericon-instagram">instagram</div>
-
-			<div alt="f472" class="genericon genericon-italic" title="genericon-italic">italic</div>
-
-			<div alt="f427" class="genericon genericon-key" title="genericon-key">key</div>
-
-			<div alt="f503" class="genericon genericon-leftarrow" title="genericon-leftarrow">leftarrow</div>
-
-			<div alt="f107" class="genericon genericon-link" title="genericon-link">link</div>
-
-			<div alt="f207" class="genericon genericon-linkedin" title="genericon-linkedin">linkedin</div>
-
-			<div alt="f208" class="genericon genericon-linkedin-alt" title="genericon-linkedin-alt">linkedin-alt</div>
-
-			<div alt="f417" class="genericon genericon-location" title="genericon-location">location</div>
-
-			<div alt="f470" class="genericon genericon-lock" title="genericon-lock">lock</div>
-
-			<div alt="f410" class="genericon genericon-mail" title="genericon-mail">mail</div>
-
-			<div alt="f422" class="genericon genericon-maximize" title="genericon-maximize">maximize</div>
-
-			<div alt="f419" class="genericon genericon-menu" title="genericon-menu">menu</div>
-
-			<div alt="f50d" class="genericon genericon-microphone" title="genericon-microphone">microphone</div>
-
-			<div alt="f421" class="genericon genericon-minimize" title="genericon-minimize">minimize</div>
-
-			<div alt="f50e" class="genericon genericon-minus" title="genericon-minus">minus</div>
-
-			<div alt="f307" class="genericon genericon-month" title="genericon-month">month</div>
-
-			<div alt="f50f" class="genericon genericon-move" title="genericon-move">move</div>
-
-			<div alt="f429" class="genericon genericon-next" title="genericon-next">next</div>
-
-			<div alt="f456" class="genericon genericon-notice" title="genericon-notice">notice</div>
-
-			<div alt="f506" class="genericon genericon-paintbrush" title="genericon-paintbrush">paintbrush</div>
-
-			<div alt="f219" class="genericon genericon-path" title="genericon-path">path</div>
-
-			<div alt="f448" class="genericon genericon-pause" title="genericon-pause">pause</div>
-
-			<div alt="f437" class="genericon genericon-phone" title="genericon-phone">phone</div>
-
-			<div alt="f473" class="genericon genericon-picture" title="genericon-picture">picture</div>
-
-			<div alt="f308" class="genericon genericon-pinned" title="genericon-pinned">pinned</div>
-
-			<div alt="f209" class="genericon genericon-pinterest" title="genericon-pinterest">pinterest</div>
-
-			<div alt="f210" class="genericon genericon-pinterest-alt" title="genericon-pinterest-alt">pinterest-alt</div>
-
-			<div alt="f452" class="genericon genericon-play" title="genericon-play">play</div>
-
-			<div alt="f439" class="genericon genericon-plugin" title="genericon-plugin">plugin</div>
-
-			<div alt="f510" class="genericon genericon-plus" title="genericon-plus">plus</div>
-
-			<div alt="f224" class="genericon genericon-pocket" title="genericon-pocket">pocket</div>
-
-			<div alt="f217" class="genericon genericon-polldaddy" title="genericon-polldaddy">polldaddy</div>
-
-			<div alt="f460" class="genericon genericon-portfolio" title="genericon-portfolio">portfolio</div>
-
-			<div alt="f430" class="genericon genericon-previous" title="genericon-previous">previous</div>
-
-			<div alt="f469" class="genericon genericon-print" title="genericon-print">print</div>
-
-			<div alt="f106" class="genericon genericon-quote" title="genericon-quote">quote</div>
-
-			<div alt="f511" class="genericon genericon-rating-empty" title="genericon-rating-empty">rating-empty</div>
-
-			<div alt="f512" class="genericon genericon-rating-full" title="genericon-rating-full">rating-full</div>
-
-			<div alt="f513" class="genericon genericon-rating-half" title="genericon-rating-half">rating-half</div>
-
-			<div alt="f222" class="genericon genericon-reddit" title="genericon-reddit">reddit</div>
-
-			<div alt="f420" class="genericon genericon-refresh" title="genericon-refresh">refresh</div>
-
-			<div alt="f412" class="genericon genericon-reply" title="genericon-reply">reply</div>
-
-			<div alt="f466" class="genericon genericon-reply-alt" title="genericon-reply-alt">reply-alt</div>
-
-			<div alt="f467" class="genericon genericon-reply-single" title="genericon-reply-single">reply-single</div>
-
-			<div alt="f459" class="genericon genericon-rewind" title="genericon-rewind">rewind</div>
-
-			<div alt="f501" class="genericon genericon-rightarrow" title="genericon-rightarrow">rightarrow</div>
-
-			<div alt="f400" class="genericon genericon-search" title="genericon-search">search</div>
-
-			<div alt="f438" class="genericon genericon-send-to-phone" title="genericon-send-to-phone">send-to-phone</div>
-
-			<div alt="f454" class="genericon genericon-send-to-tablet" title="genericon-send-to-tablet">send-to-tablet</div>
-
-			<div alt="f415" class="genericon genericon-share" title="genericon-share">share</div>
-
-			<div alt="f403" class="genericon genericon-show" title="genericon-show">show</div>
-
-			<div alt="f514" class="genericon genericon-shuffle" title="genericon-shuffle">shuffle</div>
-
-			<div alt="f507" class="genericon genericon-sitemap" title="genericon-sitemap">sitemap</div>
-
-			<div alt="f451" class="genericon genericon-skip-ahead" title="genericon-skip-ahead">skip-ahead</div>
-
-			<div alt="f450" class="genericon genericon-skip-back" title="genericon-skip-back">skip-back</div>
-
-			<div alt="f220" class="genericon genericon-skype" title="genericon-skype">skype</div>
-
-			<div alt="f424" class="genericon genericon-spam" title="genericon-spam">spam</div>
-
-			<div alt="f515" class="genericon genericon-spotify" title="genericon-spotify">spotify</div>
-
-			<div alt="f100" class="genericon genericon-standard" title="genericon-standard">standard</div>
-
-			<div alt="f408" class="genericon genericon-star" title="genericon-star">star</div>
-
-			<div alt="f105" class="genericon genericon-status" title="genericon-status">status</div>
-
-			<div alt="f449" class="genericon genericon-stop" title="genericon-stop">stop</div>
-
-			<div alt="f223" class="genericon genericon-stumbleupon" title="genericon-stumbleupon">stumbleupon</div>
-
-			<div alt="f463" class="genericon genericon-subscribe" title="genericon-subscribe">subscribe</div>
-
-			<div alt="f465" class="genericon genericon-subscribed" title="genericon-subscribed">subscribed</div>
-
-			<div alt="f425" class="genericon genericon-summary" title="genericon-summary">summary</div>
-
-			<div alt="f453" class="genericon genericon-tablet" title="genericon-tablet">tablet</div>
-
-			<div alt="f302" class="genericon genericon-tag" title="genericon-tag">tag</div>
-
-			<div alt="f303" class="genericon genericon-time" title="genericon-time">time</div>
-
-			<div alt="f435" class="genericon genericon-top" title="genericon-top">top</div>
-
-			<div alt="f407" class="genericon genericon-trash" title="genericon-trash">trash</div>
-
-			<div alt="f214" class="genericon genericon-tumblr" title="genericon-tumblr">tumblr</div>
-
-			<div alt="f516" class="genericon genericon-twitch" title="genericon-twitch">twitch</div>
-
-			<div alt="f202" class="genericon genericon-twitter" title="genericon-twitter">twitter</div>
-
-			<div alt="f446" class="genericon genericon-unapprove" title="genericon-unapprove">unapprove</div>
-
-			<div alt="f464" class="genericon genericon-unsubscribe" title="genericon-unsubscribe">unsubscribe</div>
-
-			<div alt="f401" class="genericon genericon-unzoom" title="genericon-unzoom">unzoom</div>
-
-			<div alt="f500" class="genericon genericon-uparrow" title="genericon-uparrow">uparrow</div>
-
-			<div alt="f304" class="genericon genericon-user" title="genericon-user">user</div>
-
-			<div alt="f104" class="genericon genericon-video" title="genericon-video">video</div>
-
-			<div alt="f517" class="genericon genericon-videocamera" title="genericon-videocamera">videocamera</div>
-
-			<div alt="f212" class="genericon genericon-vimeo" title="genericon-vimeo">vimeo</div>
-
-			<div alt="f414" class="genericon genericon-warning" title="genericon-warning">warning</div>
-
-			<div alt="f475" class="genericon genericon-website" title="genericon-website">website</div>
-
-			<div alt="f306" class="genericon genericon-week" title="genericon-week">week</div>
-
-			<div alt="f205" class="genericon genericon-wordpress" title="genericon-wordpress">wordpress</div>
-
-			<div alt="f504" class="genericon genericon-xpost" title="genericon-xpost">xpost</div>
-
-			<div alt="f213" class="genericon genericon-youtube" title="genericon-youtube">youtube</div>
-
-			<div alt="f402" class="genericon genericon-zoom" title="genericon-zoom">zoom</div>
-
-
-		</div>
-
-		<div id="temp" style="display: none;"></div>
-
-	</div>
-
-	<div id="footer">
-
-		<p>An <a href="http://automattic.com" rel="nofollow">Automattic</a> Portrayal</p>
-		<p>No designers were harmed in the making of this icon font.</p>
-
-
-	</div>
-
-</div>
-
-</body>
-</html>

wp-content/themes/twentyfifteen/style.css

@@ -4,7 +4,7 @@ Theme URI: https://wordpress.org/themes/twentyfifteen/
 Author: the WordPress team
 Author URI: https://wordpress.org/
 Description: Our 2015 default theme is clean, blog-focused, and designed for clarity. Twenty Fifteen's simple, straightforward typography is readable on a wide variety of screen sizes, and suitable for multiple languages. We designed it using a mobile-first approach, meaning your content takes center-stage, regardless of whether your visitors arrive by smartphone, tablet, laptop, or desktop computer.
-Version: 1.1
+Version: 1.2
 License: GNU General Public License v2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 Tags: black, blue, gray, pink, purple, white, yellow, dark, light, two-columns, left-sidebar, fixed-layout, responsive-layout, accessibility-ready, custom-background, custom-colors, custom-header, custom-menu, editor-style, featured-images, microformats, post-formats, rtl-language-support, sticky-post, threaded-comments, translation-ready

wp-content/themes/twentyfourteen/genericons/example.html

@@ -1,464 +0,0 @@
-<!DOCTYPE html>
-<html dir="ltr" lang="en">
-<head>
-<title>Genericons</title>
-<link rel="stylesheet" href="genericons.css">
-<style type="text/css">
-body {
-	font-family: sans-serif;
-	line-height: 1.5;
-	width: 800px;
-	margin: 50px auto;
-	color: #777;
-	background: white;
-}
-.icons {
-	overflow: hidden;
-	padding: 10px 0;
-}
-.icons div {
-	cursor: pointer;
-	float: left;
-	margin: 0 30px 30px 0;
-}
-.icons:hover div {
-	background: #f7f7f7;
-}
-.code {
-        display: block;
-        font: 14px/1.5 monospace;
-        width: 740px;
-        white-space: pre;
-        border: 1px solid #ccc;
-        padding: 10px;
-        color: #777;
-        overflow: auto;
-}
-.my-icon:before {
-	content: '\f408';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/1 'Genericons';
-        vertical-align: middle;
-}
-/* For the Examples */
-.my-checklist {
-	list-style-type: none;
-	text-indent: -16px;
-}
-.my-checklist li:before {
-	padding-right: 16px;
-	content: '\f418';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: text-top;
-}
-.my-blockquote {
-	background: #eee;
-	border-left: 32px solid #ddd;
-	padding: 10px;
-}
-.my-blockquote:before {
-	margin-left: -42px;
-	padding-right: 10px;
-        content: '\f106';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/20px 'Genericons';
-        vertical-align: bottom;
-}
-.my-button {
-	font-family: Helvetica, sans-serif;
-	font-size: 14px;
-	background: #e05d22; /* Old browsers */
-	background: -webkit-linear-gradient(top, #e05d22 0%, #d94412 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #e05d22 0%, #d94412 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #e05d22 0%, #d94412 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #e05d22 0%, #d94412 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #e05d22 0%, #d94412 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#e05d22', endColorstr='#d94412', GradientType=0); /* IE6-9 */
-	display: inline-block;
-	padding: 10px 16px 4px 16px;
-	color: #fff;
-	text-decoration: none;
-	border: none;
-	border-bottom: 3px solid #b93207;
-	border-radius: 2px;
-}
-.my-button:hover,
-.my-button:focus {
-	background: #ed6a31; /* Old browsers */
-	background: -webkit-linear-gradient(top, #ed6a31 0%, #e55627 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #ed6a31 0%, #e55627 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #ed6a31 0%, #e55627 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #ed6a31 0%, #e55627 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #ed6a31 0%, #e55627 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ed6a31', endColorstr='#e55627', GradientType=0); /* IE6-9 */
-	outline: none;
-}
-.my-button:active {
-	background: #d94412; /* Old browsers */
-	background: -webkit-linear-gradient(top, #d94412 0%, #e05d22 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #d94412 0%, #e05d22 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #d94412 0%, #e05d22 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #d94412 0%, #e05d22 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #d94412 0%, #e05d22 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#d94412', endColorstr='#e05d22', GradientType=0); /* IE6-9 */
-	border: none;
-	border-top: 3px solid #b93207;
-	padding: 6px 16px 7px 16px;
-}
-</style>
-</head>
-<body>
-
-<div class="section">
-
-	<h1>Genericons Usage</h1>
-
-	<p>Copy the <strong>font</strong> folder and the <strong>genericons.css</strong> file together into your project. Link the CSS in your HTML:</p>
-
-	<p><code>&lt;link href="path/to/genericons.css" rel="stylesheet"&gt;</code></p>
-
-	<p>Drop in the following HTML with the name of the icon you want to display:</p>
-
-	<p><code>&lt;div class="genericon genericon-standard"&gt;&lt;/div&gt;</code></p>
-
-	<div class="icons">
-	
-		<!-- post formats -->
-		<div alt="f100" class="genericon genericon-standard"></div>
-		<div alt="f101" class="genericon genericon-aside"></div>
-		<div alt="f102" class="genericon genericon-image"></div>
-		<div alt="f103" class="genericon genericon-gallery"></div>
-		<div alt="f104" class="genericon genericon-video"></div>
-		<div alt="f105" class="genericon genericon-status"></div>
-		<div alt="f106" class="genericon genericon-quote"></div>
-		<div alt="f107" class="genericon genericon-link"></div>
-		<div alt="f108" class="genericon genericon-chat"></div>
-		<div alt="f109" class="genericon genericon-audio"></div>
-
-		<!-- social icons -->
-		<div alt="f200" class="genericon genericon-github"></div>
-		<div alt="f201" class="genericon genericon-dribbble"></div>
-		<div alt="f202" class="genericon genericon-twitter"></div>
-		<div alt="f203" class="genericon genericon-facebook"></div>
-		<div alt="f204" class="genericon genericon-facebook-alt"></div>
-		<div alt="f205" class="genericon genericon-wordpress"></div>
-		<div alt="f206" class="genericon genericon-googleplus"></div>
-		<div alt="f207" class="genericon genericon-linkedin"></div>
-		<div alt="f208" class="genericon genericon-linkedin-alt"></div>
-		<div alt="f209" class="genericon genericon-pinterest"></div>
-		<div alt="f210" class="genericon genericon-pinterest-alt"></div>
-		<div alt="f211" class="genericon genericon-flickr"></div>
-		<div alt="f212" class="genericon genericon-vimeo"></div>
-		<div alt="f213" class="genericon genericon-youtube"></div>
-		<div alt="f214" class="genericon genericon-tumblr"></div>
-		<div alt="f215" class="genericon genericon-instagram"></div>
-		<div alt="f216" class="genericon genericon-codepen"></div>
-		<div alt="f217" class="genericon genericon-polldaddy"></div>
-		<div alt="f218" class="genericon genericon-googleplus-alt"></div>
-		<div alt="f219" class="genericon genericon-path"></div>
-		<div alt="f220" class="genericon genericon-skype"></div>
-		<div alt="f221" class="genericon genericon-digg"></div>
-		<div alt="f222" class="genericon genericon-reddit"></div>
-		<div alt="f223" class="genericon genericon-stumbleupon"></div>
-		<div alt="f224" class="genericon genericon-pocket"></div>
-		<div alt="f225" class="genericon genericon-dropbox"></div>
-
-		<!-- meta icons -->
-		<div alt="f300" class="genericon genericon-comment"></div>
-		<div alt="f301" class="genericon genericon-category"></div>
-		<div alt="f302" class="genericon genericon-tag"></div>
-		<div alt="f303" class="genericon genericon-time"></div>
-		<div alt="f304" class="genericon genericon-user"></div>
-		<div alt="f305" class="genericon genericon-day"></div>
-		<div alt="f306" class="genericon genericon-week"></div>
-		<div alt="f307" class="genericon genericon-month"></div>
-		<div alt="f308" class="genericon genericon-pinned"></div>
-
-		<!-- other icons -->
-		<div alt="f400" class="genericon genericon-search"></div>
-		<div alt="f401" class="genericon genericon-unzoom"></div>
-		<div alt="f402" class="genericon genericon-zoom"></div>
-		<div alt="f403" class="genericon genericon-show"></div>
-		<div alt="f404" class="genericon genericon-hide"></div>
-		<div alt="f405" class="genericon genericon-close"></div>
-		<div alt="f406" class="genericon genericon-close-alt"></div>
-		<div alt="f407" class="genericon genericon-trash"></div>
-		<div alt="f408" class="genericon genericon-star"></div>
-		<div alt="f409" class="genericon genericon-home"></div>
-		<div alt="f410" class="genericon genericon-mail"></div>
-		<div alt="f411" class="genericon genericon-edit"></div>
-		<div alt="f412" class="genericon genericon-reply"></div>
-		<div alt="f413" class="genericon genericon-feed"></div>
-		<div alt="f414" class="genericon genericon-warning"></div>
-		<div alt="f415" class="genericon genericon-share"></div>
-		<div alt="f416" class="genericon genericon-attachment"></div>
-		<div alt="f417" class="genericon genericon-location"></div>
-		<div alt="f418" class="genericon genericon-checkmark"></div>
-		<div alt="f419" class="genericon genericon-menu"></div>
-		<div alt="f420" class="genericon genericon-refresh"></div>
-		<div alt="f421" class="genericon genericon-minimize"></div>
-		<div alt="f422" class="genericon genericon-maximize"></div>
-		<div alt="f423" class="genericon genericon-404"></div>
-		<div alt="f424" class="genericon genericon-spam"></div>
-		<div alt="f425" class="genericon genericon-summary"></div>
-		<div alt="f426" class="genericon genericon-cloud"></div>
-		<div alt="f427" class="genericon genericon-key"></div>
-		<div alt="f428" class="genericon genericon-dot"></div>
-		<div alt="f429" class="genericon genericon-next"></div>
-		<div alt="f430" class="genericon genericon-previous"></div>
-		<div alt="f431" class="genericon genericon-expand"></div>
-		<div alt="f432" class="genericon genericon-collapse"></div>
-		<div alt="f433" class="genericon genericon-dropdown"></div>
-		<div alt="f434" class="genericon genericon-dropdown-left"></div>
-		<div alt="f435" class="genericon genericon-top"></div>
-		<div alt="f436" class="genericon genericon-draggable"></div>
-		<div alt="f437" class="genericon genericon-phone"></div>
-		<div alt="f438" class="genericon genericon-send-to-phone"></div>
-		<div alt="f439" class="genericon genericon-plugin"></div>
-		<div alt="f440" class="genericon genericon-cloud-download"></div>
-		<div alt="f441" class="genericon genericon-cloud-upload"></div>
-		<div alt="f442" class="genericon genericon-external"></div>
-		<div alt="f443" class="genericon genericon-document"></div>
-		<div alt="f444" class="genericon genericon-book"></div>
-		<div alt="f445" class="genericon genericon-cog"></div>
-		<div alt="f446" class="genericon genericon-unapprove"></div>
-		<div alt="f447" class="genericon genericon-cart"></div>
-		<div alt="f448" class="genericon genericon-pause"></div>
-		<div alt="f449" class="genericon genericon-stop"></div>
-		<div alt="f450" class="genericon genericon-skip-back"></div>
-		<div alt="f451" class="genericon genericon-skip-ahead"></div>
-		<div alt="f452" class="genericon genericon-play"></div>
-		<div alt="f453" class="genericon genericon-tablet"></div>
-		<div alt="f454" class="genericon genericon-send-to-tablet"></div>
-		<div alt="f455" class="genericon genericon-info"></div>
-		<div alt="f456" class="genericon genericon-notice"></div>
-		<div alt="f457" class="genericon genericon-help"></div>
-		<div alt="f458" class="genericon genericon-fastforward"></div>
-		<div alt="f459" class="genericon genericon-rewind"></div>
-		<div alt="f460" class="genericon genericon-portfolio"></div>
-		<div alt="f461" class="genericon genericon-heart"></div>
-		<div alt="f462" class="genericon genericon-code"></div>
-		<div alt="f463" class="genericon genericon-subscribe"></div>
-		<div alt="f464" class="genericon genericon-unsubscribe"></div>
-		<div alt="f465" class="genericon genericon-subscribed"></div>
-		<div alt="f466" class="genericon genericon-reply-alt"></div>
-		<div alt="f467" class="genericon genericon-reply-single"></div>
-		<div alt="f468" class="genericon genericon-flag"></div>
-		<div alt="f469" class="genericon genericon-print"></div>
-		<div alt="f470" class="genericon genericon-lock"></div>
-		<div alt="f471" class="genericon genericon-bold"></div>
-		<div alt="f472" class="genericon genericon-italic"></div>
-		<div alt="f473" class="genericon genericon-picture"></div>
-		<div alt="f474" class="genericon genericon-fullscreen"></div>
-
-		<!-- generic shapes -->
-		<div alt="f500" class="genericon genericon-uparrow"></div>
-		<div alt="f501" class="genericon genericon-rightarrow"></div>
-		<div alt="f502" class="genericon genericon-downarrow"></div>
-		<div alt="f503" class="genericon genericon-leftarrow"></div>
-
-	</div>
-
-	<p>If you want to insert an icon manually using the <code>:before</code> selector, you can setup CSS rules like the following example. <strong>Make sure to set the size to a multiple of 16px</strong> or the icons could end up looking fuzzy:</p>
-
-<p><textarea class="code" style="min-height: 150px;" onclick="select();">.my-icon:before {
-	content: '\f408';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/1 'Genericons';
-        vertical-align: middle;
-}</textarea></p>
-
-	<p>Add a matching class to your HTML:</p>
-
-	<p><code>&lt;div class="my-icon"&gt;You're a Star!&lt;/div&gt;</code></p>
-
-	<p>Here's the result: <span class="my-icon">You're a Star!</span></p>
-
-	<h2>Examples</h2>
-
-	<p>Turn every icon a <span style="color: #fa8072;">Salmon</span> color:</p>
-
-<p><textarea class="code" style="min-height: 70px" onclick="select();">
-.genericon {
-	color: #fa8072;
-}</textarea></p>
-
-	<p>Or turn the stars <span style="color: #ffd700;">Gold</span>:</p>
-
-<p><textarea class="code" style="min-height: 70px" onclick="select();">
-.genericon-star {
-	color: #fa8072;
-}</textarea></p>
-
-	<p>Use icons for bulleted lists:</p>
-
-	<ul class="my-checklist">
-		<li>One</li>
-		<li>Two</li>
-		<li>Three</li>
-		<li>Four</li>
-	</ul>
-
-<p><textarea class="code" style="min-height: 130px" onclick="select();">
-<ul class="my-checklist">
-	<li>One</li>
-	<li>Two</li>
-	<li>Three</li>
-	<li>Four</li>
-</ul></textarea></p>
-
-<p><textarea class="code" style="min-height: 260px;" onclick="select();">
-.my-checklist {
-	list-style-type: none;
-	text-indent: -16px;
-}
-.my-checklist li:before {
-	padding-right: 16px;
-	content: '\f418';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: text-top;
-}</textarea></p>
-
-	<p>Use icons to style blockquotes:</p>
-
-	<blockquote class="my-blockquote">Sometimes I've believed as many as six impossible things before breakfast. &mdash;<em>Lewis Carroll</em></blockquote>
-	<blockquote class="my-blockquote">`Twas brillig, and the slithy toves Did gyre and gimble in the wabe: All mimsy were the borogoves, And the mome raths outgrabe. "Beware the Jabberwock, my son!  The jaws that bite, the claws that catch!  Beware the Jubjub bird, and shun The frumious Bandersnatch!"</blockquote>
-
-<p><textarea class="code" style="min-height: 40px;" onclick="select();"><blockquote class="my-blockquote">Sometimes I've believed as many as six impossible things before breakfast. &mdash;<em>Lewis Carroll</em></blockquote></textarea></p>
-
-<p><textarea class="code" style="min-height: 300px;" onclick="select();">
-.my-blockquote {
-	background: #eee;
-	border-left: 32px solid #ddd;
-	padding: 10px;
-}
-.my-blockquote:before {
-	margin-left: -42px;
-	padding-right: 10px;
-        content: '\f106';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/20px 'Genericons';
-        vertical-align: bottom;
-} </textarea></p>
-
-	<p>Use icons to style buttons:</p>
-
-	<a class="my-button" href="javascript:void()"><i class="genericon genericon-show"></i> View</a>
-	<a class="my-button" href="javascript:void()"><i class="genericon genericon-audio"></i> Listen</a>
-
-<p><textarea class="code" style="min-height: 40px;" onclick="select();"><a class="my-button" href="#"><i class="genericon genericon-show"></i> View</a>
-<a class="my-button" href="#"><i class="genericon genericon-audio"></i> Listen</a></textarea></p>
-
-<p><textarea class="code" style="min-height: 300px;" onclick="select();">
-.my-button {
-	font-family: Helvetica, sans-serif;
-	background: #e05d22; /* Old browsers */
-	background: -webkit-linear-gradient(top, #e05d22 0%, #d94412 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #e05d22 0%, #d94412 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #e05d22 0%, #d94412 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #e05d22 0%, #d94412 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #e05d22 0%, #d94412 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#e05d22', endColorstr='#d94412', GradientType=0); /* IE6-9 */
-	display: inline-block;
-	padding: 10px 16px 6px 16px;
-	color: #fff;
-	text-decoration: none;
-	border: none;
-	border-bottom: 3px solid #b93207;
-	border-radius: 2px;
-}
-
-.my-button:hover,
-.my-button:focus {
-	background: #ed6a31; /* Old browsers */
-	background: -webkit-linear-gradient(top, #ed6a31 0%, #e55627 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #ed6a31 0%, #e55627 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #ed6a31 0%, #e55627 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #ed6a31 0%, #e55627 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #ed6a31 0%, #e55627 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ed6a31', endColorstr='#e55627', GradientType=0); /* IE6-9 */
-	outline: none;
-}
-
-.my-button:active {
-	background: #d94412; /* Old browsers */
-	background: -webkit-linear-gradient(top, #d94412 0%, #e05d22 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #d94412 0%, #e05d22 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #d94412 0%, #e05d22 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #d94412 0%, #e05d22 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #d94412 0%, #e05d22 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#d94412', endColorstr='#e05d22', GradientType=0); /* IE6-9 */
-	border: none;
-	border-top: 3px solid #b93207;
-	padding: 6px 16px 10px 16px;
-}</textarea>/</p>
-
-	<h2>CSS Preprocessors</h2>
-
-	<p>Preprocessing extensions such as Sass (SCSS Syntax) or LESS</a> can make it easier to manage CSS for a lot of things at once using things like variables and mixins.</p>
-
-	<p>This example will seup the basic genericon rules and sets a color you can use for all icons using Sass:</p>
-
-<p><textarea class="code" style="min-height: 360px;" onclick="select();">$icon-color: "#fa8072";
-
-.genericon {
-        color: $icon-color;
-}
-
-@mixin genericon-rules {
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: middle;
-}
-
-.my-icon:before {
-	content: '\f408';
-        @include genericon-rules;
-}</textarea></p>
-
-	<p>Here is a similar example for LESS:</p>
-
-<p><textarea class="code" style="min-height: 360px;" onclick="select();">@icon-color: "#fa8072";
-
-.genericon {
-        color: @icon-color;
-}
-
-.genericon-rules {
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: middle;
-}
-
-.my-icon:before {
-	content: '\f408';
-        .genericon-rules;
-}</textarea></p>
-
-	<h2>Fallback images for IE7 and below</h2>
-
-	<p>Genericons <strong>does not come with fallback icons by default</strong> -- therefore you have to create them yourself. If you are using HTML similar to this example:
-
-	<p><code>&lt;span class="genericon genericon-warning"&gt;&lt;/span&gt;</code></p>
-
-	<p>You can use the asterisk hack to serve a different icon to IE7 once you have saved the fallback icons to your project:</p>
-
-<textarea class="code" style="min-height: 85px;" onclick="select();">.genericon-warning {
-        *background: url(fallback-icon.png) no-repeat center center;
-        *text-indent: 100%;
-}</textarea>
-
-</div>
-
-</body>
-</html>

wp-content/themes/twentythirteen/genericons/example.html

@@ -1,464 +0,0 @@
-<!DOCTYPE html>
-<html dir="ltr" lang="en">
-<head>
-<title>Genericons</title>
-<link rel="stylesheet" href="genericons.css">
-<style type="text/css">
-body {
-	font-family: sans-serif;
-	line-height: 1.5;
-	width: 800px;
-	margin: 50px auto;
-	color: #777;
-	background: white;
-}
-.icons {
-	overflow: hidden;
-	padding: 10px 0;
-}
-.icons div {
-	cursor: pointer;
-	float: left;
-	margin: 0 30px 30px 0;
-}
-.icons:hover div {
-	background: #f7f7f7;
-}
-.code {
-        display: block;
-        font: 14px/1.5 monospace;
-        width: 740px;
-        white-space: pre;
-        border: 1px solid #ccc;
-        padding: 10px;
-        color: #777;
-        overflow: auto;
-}
-.my-icon:before {
-	content: '\f408';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/1 'Genericons';
-        vertical-align: middle;
-}
-/* For the Examples */
-.my-checklist {
-	list-style-type: none;
-	text-indent: -16px;
-}
-.my-checklist li:before {
-	padding-right: 16px;
-	content: '\f418';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: text-top;
-}
-.my-blockquote {
-	background: #eee;
-	border-left: 32px solid #ddd;
-	padding: 10px;
-}
-.my-blockquote:before {
-	margin-left: -42px;
-	padding-right: 10px;
-        content: '\f106';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/20px 'Genericons';
-        vertical-align: bottom;
-}
-.my-button {
-	font-family: Helvetica, sans-serif;
-	font-size: 14px;
-	background: #e05d22; /* Old browsers */
-	background: -webkit-linear-gradient(top, #e05d22 0%, #d94412 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #e05d22 0%, #d94412 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #e05d22 0%, #d94412 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #e05d22 0%, #d94412 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #e05d22 0%, #d94412 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#e05d22', endColorstr='#d94412', GradientType=0); /* IE6-9 */
-	display: inline-block;
-	padding: 10px 16px 4px 16px;
-	color: #fff;
-	text-decoration: none;
-	border: none;
-	border-bottom: 3px solid #b93207;
-	border-radius: 2px;
-}
-.my-button:hover,
-.my-button:focus {
-	background: #ed6a31; /* Old browsers */
-	background: -webkit-linear-gradient(top, #ed6a31 0%, #e55627 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #ed6a31 0%, #e55627 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #ed6a31 0%, #e55627 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #ed6a31 0%, #e55627 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #ed6a31 0%, #e55627 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ed6a31', endColorstr='#e55627', GradientType=0); /* IE6-9 */
-	outline: none;
-}
-.my-button:active {
-	background: #d94412; /* Old browsers */
-	background: -webkit-linear-gradient(top, #d94412 0%, #e05d22 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #d94412 0%, #e05d22 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #d94412 0%, #e05d22 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #d94412 0%, #e05d22 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #d94412 0%, #e05d22 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#d94412', endColorstr='#e05d22', GradientType=0); /* IE6-9 */
-	border: none;
-	border-top: 3px solid #b93207;
-	padding: 6px 16px 7px 16px;
-}
-</style>
-</head>
-<body>
-
-<div class="section">
-
-	<h1>Genericons Usage</h1>
-
-	<p>Copy the <strong>font</strong> folder and the <strong>genericons.css</strong> file together into your project. Link the CSS in your HTML:</p>
-
-	<p><code>&lt;link href="path/to/genericons.css" rel="stylesheet"&gt;</code></p>
-
-	<p>Drop in the following HTML with the name of the icon you want to display:</p>
-
-	<p><code>&lt;div class="genericon genericon-standard"&gt;&lt;/div&gt;</code></p>
-
-	<div class="icons">
-	
-		<!-- post formats -->
-		<div alt="f100" class="genericon genericon-standard"></div>
-		<div alt="f101" class="genericon genericon-aside"></div>
-		<div alt="f102" class="genericon genericon-image"></div>
-		<div alt="f103" class="genericon genericon-gallery"></div>
-		<div alt="f104" class="genericon genericon-video"></div>
-		<div alt="f105" class="genericon genericon-status"></div>
-		<div alt="f106" class="genericon genericon-quote"></div>
-		<div alt="f107" class="genericon genericon-link"></div>
-		<div alt="f108" class="genericon genericon-chat"></div>
-		<div alt="f109" class="genericon genericon-audio"></div>
-
-		<!-- social icons -->
-		<div alt="f200" class="genericon genericon-github"></div>
-		<div alt="f201" class="genericon genericon-dribbble"></div>
-		<div alt="f202" class="genericon genericon-twitter"></div>
-		<div alt="f203" class="genericon genericon-facebook"></div>
-		<div alt="f204" class="genericon genericon-facebook-alt"></div>
-		<div alt="f205" class="genericon genericon-wordpress"></div>
-		<div alt="f206" class="genericon genericon-googleplus"></div>
-		<div alt="f207" class="genericon genericon-linkedin"></div>
-		<div alt="f208" class="genericon genericon-linkedin-alt"></div>
-		<div alt="f209" class="genericon genericon-pinterest"></div>
-		<div alt="f210" class="genericon genericon-pinterest-alt"></div>
-		<div alt="f211" class="genericon genericon-flickr"></div>
-		<div alt="f212" class="genericon genericon-vimeo"></div>
-		<div alt="f213" class="genericon genericon-youtube"></div>
-		<div alt="f214" class="genericon genericon-tumblr"></div>
-		<div alt="f215" class="genericon genericon-instagram"></div>
-		<div alt="f216" class="genericon genericon-codepen"></div>
-		<div alt="f217" class="genericon genericon-polldaddy"></div>
-		<div alt="f218" class="genericon genericon-googleplus-alt"></div>
-		<div alt="f219" class="genericon genericon-path"></div>
-		<div alt="f220" class="genericon genericon-skype"></div>
-		<div alt="f221" class="genericon genericon-digg"></div>
-		<div alt="f222" class="genericon genericon-reddit"></div>
-		<div alt="f223" class="genericon genericon-stumbleupon"></div>
-		<div alt="f224" class="genericon genericon-pocket"></div>
-		<div alt="f225" class="genericon genericon-dropbox"></div>
-
-		<!-- meta icons -->
-		<div alt="f300" class="genericon genericon-comment"></div>
-		<div alt="f301" class="genericon genericon-category"></div>
-		<div alt="f302" class="genericon genericon-tag"></div>
-		<div alt="f303" class="genericon genericon-time"></div>
-		<div alt="f304" class="genericon genericon-user"></div>
-		<div alt="f305" class="genericon genericon-day"></div>
-		<div alt="f306" class="genericon genericon-week"></div>
-		<div alt="f307" class="genericon genericon-month"></div>
-		<div alt="f308" class="genericon genericon-pinned"></div>
-
-		<!-- other icons -->
-		<div alt="f400" class="genericon genericon-search"></div>
-		<div alt="f401" class="genericon genericon-unzoom"></div>
-		<div alt="f402" class="genericon genericon-zoom"></div>
-		<div alt="f403" class="genericon genericon-show"></div>
-		<div alt="f404" class="genericon genericon-hide"></div>
-		<div alt="f405" class="genericon genericon-close"></div>
-		<div alt="f406" class="genericon genericon-close-alt"></div>
-		<div alt="f407" class="genericon genericon-trash"></div>
-		<div alt="f408" class="genericon genericon-star"></div>
-		<div alt="f409" class="genericon genericon-home"></div>
-		<div alt="f410" class="genericon genericon-mail"></div>
-		<div alt="f411" class="genericon genericon-edit"></div>
-		<div alt="f412" class="genericon genericon-reply"></div>
-		<div alt="f413" class="genericon genericon-feed"></div>
-		<div alt="f414" class="genericon genericon-warning"></div>
-		<div alt="f415" class="genericon genericon-share"></div>
-		<div alt="f416" class="genericon genericon-attachment"></div>
-		<div alt="f417" class="genericon genericon-location"></div>
-		<div alt="f418" class="genericon genericon-checkmark"></div>
-		<div alt="f419" class="genericon genericon-menu"></div>
-		<div alt="f420" class="genericon genericon-refresh"></div>
-		<div alt="f421" class="genericon genericon-minimize"></div>
-		<div alt="f422" class="genericon genericon-maximize"></div>
-		<div alt="f423" class="genericon genericon-404"></div>
-		<div alt="f424" class="genericon genericon-spam"></div>
-		<div alt="f425" class="genericon genericon-summary"></div>
-		<div alt="f426" class="genericon genericon-cloud"></div>
-		<div alt="f427" class="genericon genericon-key"></div>
-		<div alt="f428" class="genericon genericon-dot"></div>
-		<div alt="f429" class="genericon genericon-next"></div>
-		<div alt="f430" class="genericon genericon-previous"></div>
-		<div alt="f431" class="genericon genericon-expand"></div>
-		<div alt="f432" class="genericon genericon-collapse"></div>
-		<div alt="f433" class="genericon genericon-dropdown"></div>
-		<div alt="f434" class="genericon genericon-dropdown-left"></div>
-		<div alt="f435" class="genericon genericon-top"></div>
-		<div alt="f436" class="genericon genericon-draggable"></div>
-		<div alt="f437" class="genericon genericon-phone"></div>
-		<div alt="f438" class="genericon genericon-send-to-phone"></div>
-		<div alt="f439" class="genericon genericon-plugin"></div>
-		<div alt="f440" class="genericon genericon-cloud-download"></div>
-		<div alt="f441" class="genericon genericon-cloud-upload"></div>
-		<div alt="f442" class="genericon genericon-external"></div>
-		<div alt="f443" class="genericon genericon-document"></div>
-		<div alt="f444" class="genericon genericon-book"></div>
-		<div alt="f445" class="genericon genericon-cog"></div>
-		<div alt="f446" class="genericon genericon-unapprove"></div>
-		<div alt="f447" class="genericon genericon-cart"></div>
-		<div alt="f448" class="genericon genericon-pause"></div>
-		<div alt="f449" class="genericon genericon-stop"></div>
-		<div alt="f450" class="genericon genericon-skip-back"></div>
-		<div alt="f451" class="genericon genericon-skip-ahead"></div>
-		<div alt="f452" class="genericon genericon-play"></div>
-		<div alt="f453" class="genericon genericon-tablet"></div>
-		<div alt="f454" class="genericon genericon-send-to-tablet"></div>
-		<div alt="f455" class="genericon genericon-info"></div>
-		<div alt="f456" class="genericon genericon-notice"></div>
-		<div alt="f457" class="genericon genericon-help"></div>
-		<div alt="f458" class="genericon genericon-fastforward"></div>
-		<div alt="f459" class="genericon genericon-rewind"></div>
-		<div alt="f460" class="genericon genericon-portfolio"></div>
-		<div alt="f461" class="genericon genericon-heart"></div>
-		<div alt="f462" class="genericon genericon-code"></div>
-		<div alt="f463" class="genericon genericon-subscribe"></div>
-		<div alt="f464" class="genericon genericon-unsubscribe"></div>
-		<div alt="f465" class="genericon genericon-subscribed"></div>
-		<div alt="f466" class="genericon genericon-reply-alt"></div>
-		<div alt="f467" class="genericon genericon-reply-single"></div>
-		<div alt="f468" class="genericon genericon-flag"></div>
-		<div alt="f469" class="genericon genericon-print"></div>
-		<div alt="f470" class="genericon genericon-lock"></div>
-		<div alt="f471" class="genericon genericon-bold"></div>
-		<div alt="f472" class="genericon genericon-italic"></div>
-		<div alt="f473" class="genericon genericon-picture"></div>
-		<div alt="f474" class="genericon genericon-fullscreen"></div>
-
-		<!-- generic shapes -->
-		<div alt="f500" class="genericon genericon-uparrow"></div>
-		<div alt="f501" class="genericon genericon-rightarrow"></div>
-		<div alt="f502" class="genericon genericon-downarrow"></div>
-		<div alt="f503" class="genericon genericon-leftarrow"></div>
-
-	</div>
-
-	<p>If you want to insert an icon manually using the <code>:before</code> selector, you can setup CSS rules like the following example. <strong>Make sure to set the size to a multiple of 16px</strong> or the icons could end up looking fuzzy:</p>
-
-<p><textarea class="code" style="min-height: 150px;" onclick="select();">.my-icon:before {
-	content: '\f408';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/1 'Genericons';
-        vertical-align: middle;
-}</textarea></p>
-
-	<p>Add a matching class to your HTML:</p>
-
-	<p><code>&lt;div class="my-icon"&gt;You're a Star!&lt;/div&gt;</code></p>
-
-	<p>Here's the result: <span class="my-icon">You're a Star!</span></p>
-
-	<h2>Examples</h2>
-
-	<p>Turn every icon a <span style="color: #fa8072;">Salmon</span> color:</p>
-
-<p><textarea class="code" style="min-height: 70px" onclick="select();">
-.genericon {
-	color: #fa8072;
-}</textarea></p>
-
-	<p>Or turn the stars <span style="color: #ffd700;">Gold</span>:</p>
-
-<p><textarea class="code" style="min-height: 70px" onclick="select();">
-.genericon-star {
-	color: #fa8072;
-}</textarea></p>
-
-	<p>Use icons for bulleted lists:</p>
-
-	<ul class="my-checklist">
-		<li>One</li>
-		<li>Two</li>
-		<li>Three</li>
-		<li>Four</li>
-	</ul>
-
-<p><textarea class="code" style="min-height: 130px" onclick="select();">
-<ul class="my-checklist">
-	<li>One</li>
-	<li>Two</li>
-	<li>Three</li>
-	<li>Four</li>
-</ul></textarea></p>
-
-<p><textarea class="code" style="min-height: 260px;" onclick="select();">
-.my-checklist {
-	list-style-type: none;
-	text-indent: -16px;
-}
-.my-checklist li:before {
-	padding-right: 16px;
-	content: '\f418';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: text-top;
-}</textarea></p>
-
-	<p>Use icons to style blockquotes:</p>
-
-	<blockquote class="my-blockquote">Sometimes I've believed as many as six impossible things before breakfast. &mdash;<em>Lewis Carroll</em></blockquote>
-	<blockquote class="my-blockquote">`Twas brillig, and the slithy toves Did gyre and gimble in the wabe: All mimsy were the borogoves, And the mome raths outgrabe. "Beware the Jabberwock, my son!  The jaws that bite, the claws that catch!  Beware the Jubjub bird, and shun The frumious Bandersnatch!"</blockquote>
-
-<p><textarea class="code" style="min-height: 40px;" onclick="select();"><blockquote class="my-blockquote">Sometimes I've believed as many as six impossible things before breakfast. &mdash;<em>Lewis Carroll</em></blockquote></textarea></p>
-
-<p><textarea class="code" style="min-height: 300px;" onclick="select();">
-.my-blockquote {
-	background: #eee;
-	border-left: 32px solid #ddd;
-	padding: 10px;
-}
-.my-blockquote:before {
-	margin-left: -42px;
-	padding-right: 10px;
-        content: '\f106';
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 32px/20px 'Genericons';
-        vertical-align: bottom;
-} </textarea></p>
-
-	<p>Use icons to style buttons:</p>
-
-	<a class="my-button" href="javascript:void()"><i class="genericon genericon-show"></i> View</a>
-	<a class="my-button" href="javascript:void()"><i class="genericon genericon-audio"></i> Listen</a>
-
-<p><textarea class="code" style="min-height: 40px;" onclick="select();"><a class="my-button" href="#"><i class="genericon genericon-show"></i> View</a>
-<a class="my-button" href="#"><i class="genericon genericon-audio"></i> Listen</a></textarea></p>
-
-<p><textarea class="code" style="min-height: 300px;" onclick="select();">
-.my-button {
-	font-family: Helvetica, sans-serif;
-	background: #e05d22; /* Old browsers */
-	background: -webkit-linear-gradient(top, #e05d22 0%, #d94412 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #e05d22 0%, #d94412 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #e05d22 0%, #d94412 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #e05d22 0%, #d94412 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #e05d22 0%, #d94412 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#e05d22', endColorstr='#d94412', GradientType=0); /* IE6-9 */
-	display: inline-block;
-	padding: 10px 16px 6px 16px;
-	color: #fff;
-	text-decoration: none;
-	border: none;
-	border-bottom: 3px solid #b93207;
-	border-radius: 2px;
-}
-
-.my-button:hover,
-.my-button:focus {
-	background: #ed6a31; /* Old browsers */
-	background: -webkit-linear-gradient(top, #ed6a31 0%, #e55627 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #ed6a31 0%, #e55627 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #ed6a31 0%, #e55627 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #ed6a31 0%, #e55627 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #ed6a31 0%, #e55627 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ed6a31', endColorstr='#e55627', GradientType=0); /* IE6-9 */
-	outline: none;
-}
-
-.my-button:active {
-	background: #d94412; /* Old browsers */
-	background: -webkit-linear-gradient(top, #d94412 0%, #e05d22 100%); /* Chrome10+,Safari5.1+ */
-	background: -moz-linear-gradient(   top, #d94412 0%, #e05d22 100%); /* FF3.6+ */
-	background: -ms-linear-gradient(    top, #d94412 0%, #e05d22 100%); /* IE10+ */
-	background: -o-linear-gradient(     top, #d94412 0%, #e05d22 100%); /* Opera 11.10+ */
-	background: linear-gradient(  to bottom, #d94412 0%, #e05d22 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#d94412', endColorstr='#e05d22', GradientType=0); /* IE6-9 */
-	border: none;
-	border-top: 3px solid #b93207;
-	padding: 6px 16px 10px 16px;
-}</textarea>/</p>
-
-	<h2>CSS Preprocessors</h2>
-
-	<p>Preprocessing extensions such as Sass (SCSS Syntax) or LESS</a> can make it easier to manage CSS for a lot of things at once using things like variables and mixins.</p>
-
-	<p>This example will seup the basic genericon rules and sets a color you can use for all icons using Sass:</p>
-
-<p><textarea class="code" style="min-height: 360px;" onclick="select();">$icon-color: "#fa8072";
-
-.genericon {
-        color: $icon-color;
-}
-
-@mixin genericon-rules {
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: middle;
-}
-
-.my-icon:before {
-	content: '\f408';
-        @include genericon-rules;
-}</textarea></p>
-
-	<p>Here is a similar example for LESS:</p>
-
-<p><textarea class="code" style="min-height: 360px;" onclick="select();">@icon-color: "#fa8072";
-
-.genericon {
-        color: @icon-color;
-}
-
-.genericon-rules {
-        display: inline-block;
-        -webkit-font-smoothing: antialiased;
-        font: normal 16px/1 'Genericons';
-        vertical-align: middle;
-}
-
-.my-icon:before {
-	content: '\f408';
-        .genericon-rules;
-}</textarea></p>
-
-	<h2>Fallback images for IE7 and below</h2>
-
-	<p>Genericons <strong>does not come with fallback icons by default</strong> -- therefore you have to create them yourself. If you are using HTML similar to this example:
-
-	<p><code>&lt;span class="genericon genericon-warning"&gt;&lt;/span&gt;</code></p>
-
-	<p>You can use the asterisk hack to serve a different icon to IE7 once you have saved the fallback icons to your project:</p>
-
-<textarea class="code" style="min-height: 85px;" onclick="select();">.genericon-warning {
-        *background: url(fallback-icon.png) no-repeat center center;
-        *text-indent: 100%;
-}</textarea>
-
-</div>
-
-</body>
-</html>

wp-includes/capabilities.php

@@ -1143,8 +1143,10 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'edit_post':
 	case 'edit_page':
 		$post = get_post( $args[0] );
-		if ( empty( $post ) )
+		if ( empty( $post ) ) {
+			$caps[] = 'do_not_allow';
 			break;
+		}
 
 		if ( 'revision' == $post->post_type ) {
 			$post = get_post( $post->post_parent );
@@ -1258,7 +1260,16 @@ function map_meta_cap( $cap, $user_id ) {
 		if ( empty( $comment ) )
 			break;
 		$post = get_post( $comment->comment_post_ID );
-		$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
+
+		/*
+		 * If the post doesn't exist, we have an orphaned comment.
+		 * Fall back to the edit_posts capability, instead.
+		 */
+		if ( $post ) {
+			$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
+		} else {
+			$caps = map_meta_cap( 'edit_posts', $user_id );
+		}
 		break;
 	case 'unfiltered_upload':
 		if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  )

wp-includes/class-wp-customize-widgets.php

@@ -1124,7 +1124,7 @@ final class WP_Customize_Widgets {
 			return null;
 		}
 
-		if ( $this->get_instance_hash_key( $decoded ) !== $value['instance_hash_key'] ) {
+		if ( ! hash_equals( $this->get_instance_hash_key( $decoded ), $value['instance_hash_key'] ) ) {
 			return null;
 		}
 

wp-includes/class-wp-embed.php

@@ -57,7 +57,7 @@ class WP_Embed {
 		add_shortcode( 'embed', array( $this, 'shortcode' ) );
 
 		// Do the shortcode (only the [embed] one is registered)
-		$content = do_shortcode( $content );
+		$content = do_shortcode( $content, true );
 
 		// Put the original shortcodes back
 		$shortcode_tags = $orig_shortcode_tags;
@@ -312,7 +312,14 @@ class WP_Embed {
 	 * @return string Potentially modified $content.
 	 */
 	public function autoembed( $content ) {
-		return preg_replace_callback( '|^(\s*)(https?://[^\s"]+)(\s*)$|im', array( $this, 'autoembed_callback' ), $content );
+		// Replace line breaks from all HTML elements with placeholders.
+		$content = wp_replace_in_html_tags( $content, array( "\n" => '<!-- wp-line-break -->' ) );
+
+		// Find URLs that are on their own line.
+		$content = preg_replace_callback( '|^(\s*)(https?://[^\s"]+)(\s*)$|im', array( $this, 'autoembed_callback' ), $content );
+
+		// Put the line breaks back.
+		return str_replace( '<!-- wp-line-break -->', "\n", $content );
 	}
 
 	/**

wp-includes/class-wp-xmlrpc-server.php

@@ -1150,6 +1150,56 @@ class wp_xmlrpc_server extends IXR_Server {
 		return $count > 1;
 	}
 
+	private function _validate_boolean( $var ) {
+		if ( is_bool( $var ) ) {
+			return $var;
+		}
+
+		if ( is_string( $var ) && 'false' === strtolower( $var ) ) {
+			return false;
+		}
+
+		return (bool) $var;
+	}
+
+	/**
+	 * Encapsulate the logic for sticking a post
+	 * and determining if the user has permission to do so
+	 *
+	 * @since 4.3.0
+	 * @access private
+	 *
+	 * @param array $post_data
+	 * @param bool  $update
+	 * @return void|IXR_Error
+	 */
+	private function _toggle_sticky( $post_data, $update = false ) {
+		$post_type = get_post_type_object( $post_data['post_type'] );
+
+		// Private and password-protected posts cannot be stickied.
+		if ( 'private' === $post_data['post_status'] || ! empty( $post_data['post_password'] ) ) {
+			// Error if the client tried to stick the post, otherwise, silently unstick.
+			if ( ! empty( $post_data['sticky'] ) ) {
+				return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) );
+			}
+
+			if ( $update ) {
+				unstick_post( $post_data['ID'] );
+			}
+		} elseif ( isset( $post_data['sticky'] ) )  {
+			if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) {
+				return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) );
+			}
+
+			$sticky = $this->_validate_boolean( $post_data['sticky'] );
+			if ( $sticky ) {
+				stick_post( $post_data['ID'] );
+			} else {
+				unstick_post( $post_data['ID'] );
+			}
+		}
+	}
+
 	/**
 	 * Helper method for wp_newPost and wp_editPost, containing shared logic.
 	 *
@@ -1242,20 +1292,9 @@ class wp_xmlrpc_server extends IXR_Server {
 		$post_ID = $post_data['ID'];
 
 		if ( $post_data['post_type'] == 'post' ) {
-			// Private and password-protected posts cannot be stickied.
-			if ( $post_data['post_status'] == 'private' || ! empty( $post_data['post_password'] ) ) {
-				// Error if the client tried to stick the post, otherwise, silently unstick.
-				if ( ! empty( $post_data['sticky'] ) )
-					return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) );
-				if ( $update )
-					unstick_post( $post_ID );
-			} elseif ( isset( $post_data['sticky'] ) )  {
-				if ( ! current_user_can( $post_type->cap->edit_others_posts ) )
-					return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) );
-				if ( $post_data['sticky'] )
-					stick_post( $post_ID );
-				else
-					unstick_post( $post_ID );
+			$error = $this->_toggle_sticky( $post_data, $update );
+			if ( $error ) {
+				return $error;
 			}
 		}
 
@@ -4580,10 +4619,12 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		// Only posts can be sticky
 		if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) {
-			if ( $content_struct['sticky'] == true )
-				stick_post( $post_ID );
-			elseif ( $content_struct['sticky'] == false )
-				unstick_post( $post_ID );
+			$data = $postdata;
+			$data['sticky'] = $content_struct['sticky'];
+			$error = $this->_toggle_sticky( $data );
+			if ( $error ) {
+				return $error;
+			}
 		}
 
 		if ( isset($content_struct['custom_fields']) )
@@ -4873,8 +4914,8 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		$tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : null;
 
-		if ( ('publish' == $post_status) ) {
-			if ( ( 'page' == $post_type ) && ! current_user_can( 'publish_pages' ) ) {
+		if ( 'publish' == $post_status || 'private' == $post_status ) {
+			if ( 'page' == $post_type && ! current_user_can( 'publish_pages' ) ) {
 				return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this page.' ) );
 			} elseif ( ! current_user_can( 'publish_posts' ) ) {
 				return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this post.' ) );
@@ -4918,10 +4959,13 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		// Only posts can be sticky
 		if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) {
-			if ( $content_struct['sticky'] == true )
-				stick_post( $post_ID );
-			elseif ( $content_struct['sticky'] == false )
-				unstick_post( $post_ID );
+			$data = $newpost;
+			$data['sticky'] = $content_struct['sticky'];
+			$data['post_type'] = 'post';
+			$error = $this->_toggle_sticky( $data, true );
+			if ( $error ) {
+				return $error;
+			}
 		}
 
 		if ( isset($content_struct['custom_fields']) )

wp-includes/comment-template.php

@@ -2252,6 +2252,9 @@ function comment_form( $args = array(), $post_id = null ) {
 	 */
 	$args = wp_parse_args( $args, apply_filters( 'comment_form_defaults', $defaults ) );
 
+	// Ensure that the filtered args contain all required default values.
+	$args = array_merge( $defaults, $args );
+
 		if ( comments_open( $post_id ) ) : ?>
 			<?php
 			/**

wp-includes/comment.php

@@ -2118,17 +2118,7 @@ function wp_insert_comment( $commentdata ) {
 
 	$compacted = compact( 'comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_karma', 'comment_approved', 'comment_agent', 'comment_type', 'comment_parent', 'user_id' );
 	if ( ! $wpdb->insert( $wpdb->comments, $compacted ) ) {
-		$fields = array( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content' );
-
-		foreach( $fields as $field ) {
-			if ( isset( $compacted[ $field ] ) ) {
-				$compacted[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->comments, $field, $compacted[ $field ] );
-			}
-		}
-
-		if ( ! $wpdb->insert( $wpdb->comments, $compacted ) ) {
-			return false;
-		}
+		return false;
 	}
 
 	$id = (int) $wpdb->insert_id;
@@ -2252,6 +2242,8 @@ function wp_throttle_comment_flood($block, $time_lastcomment, $time_newcomment)
  * @return int|bool The ID of the comment on success, false on failure.
  */
 function wp_new_comment( $commentdata ) {
+	global $wpdb;
+
 	if ( isset( $commentdata['user_ID'] ) ) {
 		$commentdata['user_id'] = $commentdata['user_ID'] = (int) $commentdata['user_ID'];
 	}
@@ -2295,7 +2287,22 @@ function wp_new_comment( $commentdata ) {
 
 	$comment_ID = wp_insert_comment($commentdata);
 	if ( ! $comment_ID ) {
-		return false;
+		$fields = array( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content' );
+
+		foreach( $fields as $field ) {
+			if ( isset( $commentdata[ $field ] ) ) {
+				$commentdata[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->comments, $field, $commentdata[ $field ] );
+			}
+		}
+
+		$commentdata = wp_filter_comment( $commentdata );
+
+		$commentdata['comment_approved'] = wp_allow_comment( $commentdata );
+
+		$comment_ID = wp_insert_comment( $commentdata );
+		if ( ! $comment_ID ) {
+			return false;
+		}
 	}
 
 	/**

wp-includes/compat.php

@@ -13,23 +13,85 @@ if ( !function_exists('_') ) {
 	}
 }
 
+/**
+ * Returns whether PCRE/u (PCRE_UTF8 modifier) is available for use.
+ *
+ * @ignore
+ * @since 4.2.2
+ * @access private
+ *
+ * @param bool $set - Used for testing only
+ *             null   : default - get PCRE/u capability
+ *             false  : Used for testing - return false for future calls to this function
+ *             'reset': Used for testing - restore default behavior of this function
+ */
+function _wp_can_use_pcre_u( $set = null ) {
+	static $utf8_pcre = 'reset';
+
+	if ( null !== $set ) {
+		$utf8_pcre = $set;
+	}
+
+	if ( 'reset' === $utf8_pcre ) {
+		$utf8_pcre = @preg_match( '/^./u', 'a' );
+	}
+
+	return $utf8_pcre;
+}
+
 if ( ! function_exists( 'mb_substr' ) ) :
 	function mb_substr( $str, $start, $length = null, $encoding = null ) {
 		return _mb_substr( $str, $start, $length, $encoding );
 	}
 endif;
 
+/*
+ * Only understands UTF-8 and 8bit.  All other character sets will be treated as 8bit.
+ * For $encoding === UTF-8, the $str input is expected to be a valid UTF-8 byte sequence.
+ * The behavior of this function for invalid inputs is undefined.
+ */
 function _mb_substr( $str, $start, $length = null, $encoding = null ) {
+	if ( null === $encoding ) {
+		$encoding = get_option( 'blog_charset' );
+	}
+
 	// The solution below works only for UTF-8,
 	// so in case of a different charset just use built-in substr()
-	$charset = get_option( 'blog_charset' );
-	if ( ! in_array( $charset, array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) {
+	if ( ! in_array( $encoding, array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) {
 		return is_null( $length ) ? substr( $str, $start ) : substr( $str, $start, $length );
 	}
-	// Use the regex unicode support to separate the UTF-8 characters into an array
-	preg_match_all( '/./us', $str, $match );
-	$chars = is_null( $length ) ? array_slice( $match[0], $start ) : array_slice( $match[0], $start, $length );
-	return implode( '', $chars );
+
+	if ( _wp_can_use_pcre_u() ) {
+		// Use the regex unicode support to separate the UTF-8 characters into an array
+		preg_match_all( '/./us', $str, $match );
+		$chars = is_null( $length ) ? array_slice( $match[0], $start ) : array_slice( $match[0], $start, $length );
+		return implode( '', $chars );
+	}
+
+	$regex = '/(
+		  [\x00-\x7F]                  # single-byte sequences   0xxxxxxx
+		| [\xC2-\xDF][\x80-\xBF]       # double-byte sequences   110xxxxx 10xxxxxx
+		| \xE0[\xA0-\xBF][\x80-\xBF]   # triple-byte sequences   1110xxxx 10xxxxxx * 2
+		| [\xE1-\xEC][\x80-\xBF]{2}
+		| \xED[\x80-\x9F][\x80-\xBF]
+		| [\xEE-\xEF][\x80-\xBF]{2}
+		| \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
+		| [\xF1-\xF3][\x80-\xBF]{3}
+		| \xF4[\x80-\x8F][\x80-\xBF]{2}
+	)/x';
+
+	$chars = array( '' ); // Start with 1 element instead of 0 since the first thing we do is pop
+	do {
+		// We had some string left over from the last round, but we counted it in that last round.
+		array_pop( $chars );
+
+		// Split by UTF-8 character, limit to 1000 characters (last array element will contain the rest of the string)
+		$pieces = preg_split( $regex, $str, 1000, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY );
+
+		$chars = array_merge( $chars, $pieces );
+	} while ( count( $pieces ) > 1 && $str = array_pop( $pieces ) ); // If there's anything left over, repeat the loop.
+
+	return join( '', array_slice( $chars, $start, $length ) );
 }
 
 if ( ! function_exists( 'mb_strlen' ) ) :
@@ -38,16 +100,54 @@ if ( ! function_exists( 'mb_strlen' ) ) :
 	}
 endif;
 
+/*
+ * Only understands UTF-8 and 8bit.  All other character sets will be treated as 8bit.
+ * For $encoding === UTF-8, the $str input is expected to be a valid UTF-8 byte sequence.
+ * The behavior of this function for invalid inputs is undefined.
+ */
 function _mb_strlen( $str, $encoding = null ) {
+	if ( null === $encoding ) {
+		$encoding = get_option( 'blog_charset' );
+	}
+
 	// The solution below works only for UTF-8,
 	// so in case of a different charset just use built-in strlen()
-	$charset = get_option( 'blog_charset' );
-	if ( ! in_array( $charset, array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) {
+	if ( ! in_array( $encoding, array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) {
 		return strlen( $str );
 	}
-	// Use the regex unicode support to separate the UTF-8 characters into an array
-	preg_match_all( '/./us', $str, $match );
-	return count( $match[0] );
+
+	if ( _wp_can_use_pcre_u() ) {
+		// Use the regex unicode support to separate the UTF-8 characters into an array
+		preg_match_all( '/./us', $str, $match );
+		return count( $match[0] );
+	}
+
+	$regex = '/(?:
+		  [\x00-\x7F]                  # single-byte sequences   0xxxxxxx
+		| [\xC2-\xDF][\x80-\xBF]       # double-byte sequences   110xxxxx 10xxxxxx
+		| \xE0[\xA0-\xBF][\x80-\xBF]   # triple-byte sequences   1110xxxx 10xxxxxx * 2
+		| [\xE1-\xEC][\x80-\xBF]{2}
+		| \xED[\x80-\x9F][\x80-\xBF]
+		| [\xEE-\xEF][\x80-\xBF]{2}
+		| \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
+		| [\xF1-\xF3][\x80-\xBF]{3}
+		| \xF4[\x80-\x8F][\x80-\xBF]{2}
+	)/x';
+
+	$count = 1; // Start at 1 instead of 0 since the first thing we do is decrement
+	do {
+		// We had some string left over from the last round, but we counted it in that last round.
+		$count--;
+
+		// Split by UTF-8 character, limit to 1000 characters (last array element will contain the rest of the string)
+		$pieces = preg_split( $regex, $str, 1000 );
+
+		// Increment
+		$count += count( $pieces );
+	} while ( $str = array_pop( $pieces ) ); // If there's anything left over, repeat the loop.
+
+	// Fencepost: preg_split() always returns one extra item in the array
+	return --$count;
 }
 
 if ( !function_exists('hash_hmac') ):

wp-includes/css/wp-auth-check-rtl.min.css

@@ -1 +1 @@
-#wp-auth-check-wrap.hidden{display:none}#wp-auth-check-wrap #wp-auth-check-bg{position:fixed;top:0;bottom:0;right:0;left:0;background:#000;opacity:.7;filter:alpha(opacity=70);z-index:1000010}#wp-auth-check-wrap #wp-auth-check{position:fixed;right:50%;overflow:hidden;top:40px;bottom:20px;max-height:415px;width:380px;margin:0 -190px 0 0;padding:30px 0 0;background-color:#f1f1f1;z-index:1000011;-webkit-box-shadow:0 3px 6px rgba(0,0,0,.3);box-shadow:0 3px 6px rgba(0,0,0,.3)}@media screen and (max-width:380px){#wp-auth-check-wrap #wp-auth-check{right:0;width:100%;margin:0}}#wp-auth-check-wrap.fallback #wp-auth-check{max-height:180px;overflow:auto}#wp-auth-check-wrap #wp-auth-check-form{background:url(../images/spinner-2x.gif) no-repeat center center;-webkit-background-size:16px 16px;background-size:16px 16px;height:100%;overflow:auto;-webkit-overflow-scrolling:touch}#wp-auth-check-wrap #wp-auth-check-form iframe{height:98%;width:100%}#wp-auth-check-wrap .wp-auth-check-close{position:absolute;top:8px;left:8px;height:22px;width:22px;cursor:pointer}#wp-auth-check-wrap .wp-auth-check-close:before{content:'\f158';display:block!important;font:400 20px/1 dashicons;speak:none;height:22px;margin:2px 0;text-align:center;width:22px;color:#777;-webkit-font-smoothing:antialiased!important;-moz-osx-font-smoothing:grayscale}#wp-auth-check-wrap .wp-auth-check-close:hover:before{color:#0073aa}#wp-auth-check-wrap .wp-auth-check-close:focus{outline:#82878c dotted 1px}#wp-auth-check-wrap .wp-auth-fallback-expired{outline:0}#wp-auth-check-wrap .wp-auth-fallback{font-size:14px;line-height:21px;padding:0 25px;display:none}#wp-auth-check-wrap.fallback .wp-auth-check-close,#wp-auth-check-wrap.fallback .wp-auth-fallback{display:block}
+#wp-auth-check-wrap.hidden{display:none}#wp-auth-check-wrap #wp-auth-check-bg{position:fixed;top:0;bottom:0;right:0;left:0;background:#000;opacity:.7;filter:alpha(opacity=70);z-index:1000010}#wp-auth-check-wrap #wp-auth-check{position:fixed;right:50%;overflow:hidden;top:40px;bottom:20px;max-height:415px;width:380px;margin:0 -190px 0 0;padding:30px 0 0;background-color:#f1f1f1;z-index:1000011;-webkit-box-shadow:0 3px 6px rgba(0,0,0,.3);box-shadow:0 3px 6px rgba(0,0,0,.3)}@media screen and (max-width:380px){#wp-auth-check-wrap #wp-auth-check{right:0;width:100%;margin:0}}#wp-auth-check-wrap.fallback #wp-auth-check{max-height:180px;overflow:auto}#wp-auth-check-wrap #wp-auth-check-form{background:url(../images/spinner-2x.gif) center center/16px 16px no-repeat;-webkit-background-size:16px 16px;height:100%;overflow:auto;-webkit-overflow-scrolling:touch}#wp-auth-check-wrap #wp-auth-check-form iframe{height:98%;width:100%}#wp-auth-check-wrap .wp-auth-check-close{position:absolute;top:8px;left:8px;height:22px;width:22px;cursor:pointer}#wp-auth-check-wrap .wp-auth-check-close:before{content:'\f158';display:block!important;font:400 20px/1 dashicons;speak:none;height:22px;margin:2px 0;text-align:center;width:22px;color:#777;-webkit-font-smoothing:antialiased!important;-moz-osx-font-smoothing:grayscale}#wp-auth-check-wrap .wp-auth-check-close:hover:before{color:#0073aa}#wp-auth-check-wrap .wp-auth-check-close:focus{outline:#82878c dotted 1px}#wp-auth-check-wrap .wp-auth-fallback-expired{outline:0}#wp-auth-check-wrap .wp-auth-fallback{font-size:14px;line-height:21px;padding:0 25px;display:none}#wp-auth-check-wrap.fallback .wp-auth-check-close,#wp-auth-check-wrap.fallback .wp-auth-fallback{display:block}

wp-includes/css/wp-auth-check.min.css

@@ -1 +1 @@
-#wp-auth-check-wrap.hidden{display:none}#wp-auth-check-wrap #wp-auth-check-bg{position:fixed;top:0;bottom:0;left:0;right:0;background:#000;opacity:.7;filter:alpha(opacity=70);z-index:1000010}#wp-auth-check-wrap #wp-auth-check{position:fixed;left:50%;overflow:hidden;top:40px;bottom:20px;max-height:415px;width:380px;margin:0 0 0 -190px;padding:30px 0 0;background-color:#f1f1f1;z-index:1000011;-webkit-box-shadow:0 3px 6px rgba(0,0,0,.3);box-shadow:0 3px 6px rgba(0,0,0,.3)}@media screen and (max-width:380px){#wp-auth-check-wrap #wp-auth-check{left:0;width:100%;margin:0}}#wp-auth-check-wrap.fallback #wp-auth-check{max-height:180px;overflow:auto}#wp-auth-check-wrap #wp-auth-check-form{background:url(../images/spinner-2x.gif) no-repeat center center;-webkit-background-size:16px 16px;background-size:16px 16px;height:100%;overflow:auto;-webkit-overflow-scrolling:touch}#wp-auth-check-wrap #wp-auth-check-form iframe{height:98%;width:100%}#wp-auth-check-wrap .wp-auth-check-close{position:absolute;top:8px;right:8px;height:22px;width:22px;cursor:pointer}#wp-auth-check-wrap .wp-auth-check-close:before{content:'\f158';display:block!important;font:400 20px/1 dashicons;speak:none;height:22px;margin:2px 0;text-align:center;width:22px;color:#777;-webkit-font-smoothing:antialiased!important;-moz-osx-font-smoothing:grayscale}#wp-auth-check-wrap .wp-auth-check-close:hover:before{color:#0073aa}#wp-auth-check-wrap .wp-auth-check-close:focus{outline:#82878c dotted 1px}#wp-auth-check-wrap .wp-auth-fallback-expired{outline:0}#wp-auth-check-wrap .wp-auth-fallback{font-size:14px;line-height:21px;padding:0 25px;display:none}#wp-auth-check-wrap.fallback .wp-auth-check-close,#wp-auth-check-wrap.fallback .wp-auth-fallback{display:block}
+#wp-auth-check-wrap.hidden{display:none}#wp-auth-check-wrap #wp-auth-check-bg{position:fixed;top:0;bottom:0;left:0;right:0;background:#000;opacity:.7;filter:alpha(opacity=70);z-index:1000010}#wp-auth-check-wrap #wp-auth-check{position:fixed;left:50%;overflow:hidden;top:40px;bottom:20px;max-height:415px;width:380px;margin:0 0 0 -190px;padding:30px 0 0;background-color:#f1f1f1;z-index:1000011;-webkit-box-shadow:0 3px 6px rgba(0,0,0,.3);box-shadow:0 3px 6px rgba(0,0,0,.3)}@media screen and (max-width:380px){#wp-auth-check-wrap #wp-auth-check{left:0;width:100%;margin:0}}#wp-auth-check-wrap.fallback #wp-auth-check{max-height:180px;overflow:auto}#wp-auth-check-wrap #wp-auth-check-form{background:url(../images/spinner-2x.gif) center center/16px 16px no-repeat;-webkit-background-size:16px 16px;height:100%;overflow:auto;-webkit-overflow-scrolling:touch}#wp-auth-check-wrap #wp-auth-check-form iframe{height:98%;width:100%}#wp-auth-check-wrap .wp-auth-check-close{position:absolute;top:8px;right:8px;height:22px;width:22px;cursor:pointer}#wp-auth-check-wrap .wp-auth-check-close:before{content:'\f158';display:block!important;font:400 20px/1 dashicons;speak:none;height:22px;margin:2px 0;text-align:center;width:22px;color:#777;-webkit-font-smoothing:antialiased!important;-moz-osx-font-smoothing:grayscale}#wp-auth-check-wrap .wp-auth-check-close:hover:before{color:#0073aa}#wp-auth-check-wrap .wp-auth-check-close:focus{outline:#82878c dotted 1px}#wp-auth-check-wrap .wp-auth-fallback-expired{outline:0}#wp-auth-check-wrap .wp-auth-fallback{font-size:14px;line-height:21px;padding:0 25px;display:none}#wp-auth-check-wrap.fallback .wp-auth-check-close,#wp-auth-check-wrap.fallback .wp-auth-fallback{display:block}

wp-includes/default-widgets.php

@@ -1410,7 +1410,7 @@ class WP_Widget_Tag_Cloud extends WP_Widget {
 		?>
 		<p>
 			<label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:') ?></label>
-			<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo $title; ?>" />
+			<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo esc_attr( $title ); ?>" />
 		</p>
 		<p>
 			<label for="<?php echo $this->get_field_id('nav_menu'); ?>"><?php _e('Select Menu:'); ?></label>

wp-includes/formatting.php

@@ -419,7 +419,10 @@ function wpautop($pee, $br = true) {
 	$pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
 
 	// Standardize newline characters to "\n".
-	$pee = str_replace(array("\r\n", "\r"), "\n", $pee); 
+	$pee = str_replace(array("\r\n", "\r"), "\n", $pee);
+
+	// Find newlines in all elements and add placeholders.
+	$pee = wp_replace_in_html_tags( $pee, array( "\n" => " <!-- wpnl --> " ) );
 
 	// Collapse line breaks before and after <option> elements so they don't get autop'd.
 	if ( strpos( $pee, '<option' ) !== false ) {
@@ -506,9 +509,109 @@ function wpautop($pee, $br = true) {
 	if ( !empty($pre_tags) )
 		$pee = str_replace(array_keys($pre_tags), array_values($pre_tags), $pee);
 
+	// Restore newlines in all elements.
+	$pee = str_replace( " <!-- wpnl --> ", "\n", $pee );
+
 	return $pee;
 }
 
+/**
+ * Separate HTML elements and comments from the text.
+ *
+ * @since 4.2.4
+ *
+ * @param string $input The text which has to be formatted.
+ * @return array The formatted text.
+ */
+function wp_html_split( $input ) {
+	static $regex;
+
+	if ( ! isset( $regex ) ) {
+		$comments =
+			  '!'           // Start of comment, after the <.
+			. '(?:'         // Unroll the loop: Consume everything until --> is found.
+			.     '-(?!->)' // Dash not followed by end of comment.
+			.     '[^\-]*+' // Consume non-dashes.
+			. ')*+'         // Loop possessively.
+			. '(?:-->)?';   // End of comment. If not found, match all input.
+
+		$cdata =
+			  '!\[CDATA\['  // Start of comment, after the <.
+			. '[^\]]*+'     // Consume non-].
+			. '(?:'         // Unroll the loop: Consume everything until ]]> is found.
+			.     '](?!]>)' // One ] not followed by end of comment.
+			.     '[^\]]*+' // Consume non-].
+			. ')*+'         // Loop possessively.
+			. '(?:]]>)?';   // End of comment. If not found, match all input.
+
+		$regex =
+			  '/('              // Capture the entire match.
+			.     '<'           // Find start of element.
+			.     '(?(?=!--)'   // Is this a comment?
+			.         $comments // Find end of comment.
+			.     '|'
+			.         '(?(?=!\[CDATA\[)' // Is this a comment?
+			.             $cdata // Find end of comment.
+			.         '|'
+			.             '[^>]*>?' // Find end of element. If not found, match all input.
+			.         ')'
+			.     ')'
+			. ')/s';
+	}
+
+	return preg_split( $regex, $input, -1, PREG_SPLIT_DELIM_CAPTURE );
+}
+
+/**
+ * Replace characters or phrases within HTML elements only.
+ *
+ * @since 4.2.3
+ *
+ * @param string $haystack The text which has to be formatted.
+ * @param array $replace_pairs In the form array('from' => 'to', ...).
+ * @return string The formatted text.
+ */
+function wp_replace_in_html_tags( $haystack, $replace_pairs ) {
+	// Find all elements.
+	$textarr = wp_html_split( $haystack );
+	$changed = false;
+
+	// Optimize when searching for one item.
+	if ( 1 === count( $replace_pairs ) ) {
+		// Extract $needle and $replace.
+		foreach ( $replace_pairs as $needle => $replace );
+
+		// Loop through delimeters (elements) only.
+		for ( $i = 1, $c = count( $textarr ); $i < $c; $i += 2 ) { 
+			if ( false !== strpos( $textarr[$i], $needle ) ) {
+				$textarr[$i] = str_replace( $needle, $replace, $textarr[$i] );
+				$changed = true;
+			}
+		}
+	} else {
+		// Extract all $needles.
+		$needles = array_keys( $replace_pairs );
+
+		// Loop through delimeters (elements) only.
+		for ( $i = 1, $c = count( $textarr ); $i < $c; $i += 2 ) { 
+			foreach ( $needles as $needle ) {
+				if ( false !== strpos( $textarr[$i], $needle ) ) {
+					$textarr[$i] = strtr( $textarr[$i], $replace_pairs );
+					$changed = true;
+					// After one strtr() break out of the foreach loop and look at next element.
+					break;
+				}
+			}
+		}
+	}
+
+	if ( $changed ) {
+		$haystack = implode( $textarr );
+	}
+
+	return $haystack;
+}
+
 /**
  * Newline preservation help function for wpautop
  *
@@ -3327,16 +3430,19 @@ function wp_make_link_relative( $link ) {
  */
 function sanitize_option($option, $value) {
 	global $wpdb;
+	$error = '';
 
 	switch ( $option ) {
 		case 'admin_email' :
 		case 'new_admin_email' :
 			$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
-			$value = sanitize_email( $value );
-			if ( ! is_email( $value ) ) {
-				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
-				if ( function_exists( 'add_settings_error' ) )
-					add_settings_error( $option, 'invalid_admin_email', __( 'The email address entered did not appear to be a valid email address. Please enter a valid email address.' ) );
+			if ( is_wp_error( $value ) ) {
+				$error = $value->get_error_message();
+			} else {
+				$value = sanitize_email( $value );
+				if ( ! is_email( $value ) ) {
+					$error = __( 'The email address entered did not appear to be a valid email address. Please enter a valid email address.' );
+				}
 			}
 			break;
 
@@ -3381,8 +3487,12 @@ function sanitize_option($option, $value) {
 		case 'blogdescription':
 		case 'blogname':
 			$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
-			$value = wp_kses_post( $value );
-			$value = esc_html( $value );
+			if ( is_wp_error( $value ) ) {
+				$error = $value->get_error_message();
+			} else {
+				$value = wp_kses_post( $value );
+				$value = esc_html( $value );
+			}
 			break;
 
 		case 'blog_charset':
@@ -3404,8 +3514,12 @@ function sanitize_option($option, $value) {
 		case 'mailserver_pass':
 		case 'upload_path':
 			$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
-			$value = strip_tags( $value );
-			$value = wp_kses_data( $value );
+			if ( is_wp_error( $value ) ) {
+				$error = $value->get_error_message();
+			} else {
+				$value = strip_tags( $value );
+				$value = wp_kses_data( $value );
+			}
 			break;
 
 		case 'ping_sites':
@@ -3421,23 +3535,27 @@ function sanitize_option($option, $value) {
 
 		case 'siteurl':
 			$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
-			if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {
-				$value = esc_url_raw($value);
+			if ( is_wp_error( $value ) ) {
+				$error = $value->get_error_message();
 			} else {
-				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
-				if ( function_exists('add_settings_error') )
-					add_settings_error('siteurl', 'invalid_siteurl', __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.'));
+				if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {
+					$value = esc_url_raw( $value );
+				} else {
+					$error = __( 'The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.' );
+				}
 			}
 			break;
 
 		case 'home':
 			$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
-			if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {
-				$value = esc_url_raw($value);
+			if ( is_wp_error( $value ) ) {
+				$error = $value->get_error_message();
 			} else {
-				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
-				if ( function_exists('add_settings_error') )
-					add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.'));
+				if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {
+					$value = esc_url_raw( $value );
+				} else {
+					$error = __( 'The Site address you entered did not appear to be a valid URL. Please enter a valid URL.' );
+				}
 			}
 			break;
 
@@ -3453,38 +3571,45 @@ function sanitize_option($option, $value) {
 
 		case 'illegal_names':
 			$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
-			if ( ! is_array( $value ) )
-				$value = explode( ' ', $value );
+			if ( is_wp_error( $value ) ) {
+				$error = $value->get_error_message();
+			} else {
+				if ( ! is_array( $value ) )
+					$value = explode( ' ', $value );
 
-			$value = array_values( array_filter( array_map( 'trim', $value ) ) );
+				$value = array_values( array_filter( array_map( 'trim', $value ) ) );
 
-			if ( ! $value )
-				$value = '';
+				if ( ! $value )
+					$value = '';
+			}
 			break;
 
 		case 'limited_email_domains':
 		case 'banned_email_domains':
 			$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
-			if ( ! is_array( $value ) )
-				$value = explode( "\n", $value );
+			if ( is_wp_error( $value ) ) {
+				$error = $value->get_error_message();
+			} else {
+				if ( ! is_array( $value ) )
+					$value = explode( "\n", $value );
 
-			$domains = array_values( array_filter( array_map( 'trim', $value ) ) );
-			$value = array();
+				$domains = array_values( array_filter( array_map( 'trim', $value ) ) );
+				$value = array();
 
-			foreach ( $domains as $domain ) {
-				if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) )
-					$value[] = $domain;
+				foreach ( $domains as $domain ) {
+					if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) {
+						$value[] = $domain;
+					}
+				}
+				if ( ! $value )
+					$value = '';
 			}
-			if ( ! $value )
-				$value = '';
 			break;
 
 		case 'timezone_string':
 			$allowed_zones = timezone_identifiers_list();
 			if ( ! in_array( $value, $allowed_zones ) && ! empty( $value ) ) {
-				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
-				if ( function_exists('add_settings_error') )
-					add_settings_error('timezone_string', 'invalid_timezone_string', __('The timezone you have entered is not valid. Please select a valid timezone.') );
+				$error = __( 'The timezone you have entered is not valid. Please select a valid timezone.' );
 			}
 			break;
 
@@ -3492,8 +3617,12 @@ function sanitize_option($option, $value) {
 		case 'category_base':
 		case 'tag_base':
 			$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
-			$value = esc_url_raw( $value );
-			$value = str_replace( 'http://', '', $value );
+			if ( is_wp_error( $value ) ) {
+				$error = $value->get_error_message();
+			} else {
+				$value = esc_url_raw( $value );
+				$value = str_replace( 'http://', '', $value );
+			}
 			break;
 
 		case 'default_role' :
@@ -3504,13 +3633,24 @@ function sanitize_option($option, $value) {
 		case 'moderation_keys':
 		case 'blacklist_keys':
 			$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
-			$value = explode( "\n", $value );
-			$value = array_filter( array_map( 'trim', $value ) );
-			$value = array_unique( $value );
-			$value = implode( "\n", $value );
+			if ( is_wp_error( $value ) ) {
+				$error = $value->get_error_message();
+			} else {
+				$value = explode( "\n", $value );
+				$value = array_filter( array_map( 'trim', $value ) );
+				$value = array_unique( $value );
+				$value = implode( "\n", $value );
+			}
 			break;
 	}
 
+	if ( ! empty( $error ) ) {
+		$value = get_option( $option );
+		if ( function_exists( 'add_settings_error' ) ) {
+			add_settings_error( $option, "invalid_{$option}", $error );
+		}
+	}
+
 	/**
 	 * Filter an option value following sanitization.
 	 *
@@ -4140,8 +4280,9 @@ function print_emoji_detection_script() {
 	);
 
 	$version = 'ver=' . $wp_version;
+	$develop_src = false !== strpos( $wp_version, '-src' );
 
-	if ( SCRIPT_DEBUG ) {
+	if ( $develop_src || ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ) {
 		$settings['source'] = array(
 			/** This filter is documented in wp-includes/class.wp-scripts.php */
 			'wpemoji' => apply_filters( 'script_loader_src', includes_url( "js/wp-emoji.js?$version" ), 'wpemoji' ),
@@ -4174,7 +4315,7 @@ function print_emoji_detection_script() {
 		?>
 		<script type="text/javascript">
 			window._wpemojiSettings = <?php echo wp_json_encode( $settings ); ?>;
-			!function(a,b,c){function d(a){var c=b.createElement("canvas"),d=c.getContext&&c.getContext("2d");return d&&d.fillText?(d.textBaseline="top",d.font="600 32px Arial","flag"===a?(d.fillText(String.fromCharCode(55356,56812,55356,56807),0,0),c.toDataURL().length>3e3):(d.fillText(String.fromCharCode(55357,56835),0,0),0!==d.getImageData(16,16,1,1).data[0])):!1}function e(a){var c=b.createElement("script");c.src=a,c.type="text/javascript",b.getElementsByTagName("head")[0].appendChild(c)}var f;c.supports={simple:d("simple"),flag:d("flag")},c.supports.simple&&c.supports.flag||(f=c.source||{},f.concatemoji?e(f.concatemoji):f.wpemoji&&f.twemoji&&(e(f.twemoji),e(f.wpemoji)))}(window,document,window._wpemojiSettings);
+			!function(a,b,c){function d(a){var c=b.createElement("canvas"),d=c.getContext&&c.getContext("2d");return d&&d.fillText?(d.textBaseline="top",d.font="600 32px Arial","flag"===a?(d.fillText(String.fromCharCode(55356,56812,55356,56807),0,0),c.toDataURL().length>3e3):(d.fillText(String.fromCharCode(55357,56835),0,0),0!==d.getImageData(16,16,1,1).data[0])):!1}function e(a){var c=b.createElement("script");c.src=a,c.type="text/javascript",b.getElementsByTagName("head")[0].appendChild(c)}var f,g;c.supports={simple:d("simple"),flag:d("flag")},c.DOMReady=!1,c.readyCallback=function(){c.DOMReady=!0},c.supports.simple&&c.supports.flag||(g=function(){c.readyCallback()},b.addEventListener?(b.addEventListener("DOMContentLoaded",g,!1),a.addEventListener("load",g,!1)):(a.attachEvent("onload",g),b.attachEvent("onreadystatechange",function(){"complete"===b.readyState&&c.readyCallback()})),f=c.source||{},f.concatemoji?e(f.concatemoji):f.wpemoji&&f.twemoji&&(e(f.twemoji),e(f.wpemoji)))}(window,document,window._wpemojiSettings);
 		</script>
 		<?php
 	}

wp-includes/js/mce-view.js

@@ -93,8 +93,7 @@ window.wp = window.wp || {};
 		setMarkers: function( content ) {
 			var pieces = [ { content: content } ],
 				self = this,
-				instance,
-				current;
+				instance, current;
 
 			_.each( views, function( view, type ) {
 				current = pieces.slice();
@@ -102,7 +101,7 @@ window.wp = window.wp || {};
 
 				_.each( current, function( piece ) {
 					var remaining = piece.content,
-						result;
+						result, text;
 
 					// Ignore processed pieces, but retain their location.
 					if ( piece.processed ) {
@@ -119,10 +118,11 @@ window.wp = window.wp || {};
 						}
 
 						instance = self.createInstance( type, result.content, result.options );
+						text = instance.loader ? '.' : instance.text;
 
 						// Add the processed piece for the match.
 						pieces.push( {
-							content: '<p data-wpview-marker="' + instance.encodedText + '">' + instance.text + '</p>',
+							content: '<p data-wpview-marker="' + instance.encodedText + '">' + text + '</p>',
 							processed: true
 						} );
 
@@ -138,7 +138,8 @@ window.wp = window.wp || {};
 				} );
 			} );
 
-			return _.pluck( pieces, 'content' ).join( '' );
+			content = _.pluck( pieces, 'content' ).join( '' );
+			return content.replace( /<p>\s*<p data-wpview-marker=/g, '<p data-wpview-marker=' ).replace( /<\/p>\s*<\/p>/g, '</p>' );
 		},
 
 		/**
@@ -155,14 +156,15 @@ window.wp = window.wp || {};
 				encodedText,
 				instance;
 
-			text = tinymce.DOM.decode( text ),
-			encodedText = encodeURIComponent( text ),
-			instance = this.getInstance( encodedText );
+			text = tinymce.DOM.decode( text );
+			instance = this.getInstance( text );
 
 			if ( instance ) {
 				return instance;
 			}
 
+			encodedText = encodeURIComponent( text );
+
 			options = _.extend( options || {}, {
 				text: text,
 				encodedText: encodedText
@@ -416,7 +418,7 @@ window.wp = window.wp || {};
 		 */
 		replaceMarkers: function() {
 			this.getMarkers( function( editor, node ) {
-				if ( $( node ).text() !== this.text ) {
+				if ( ! this.loader && $( node ).text() !== this.text ) {
 					editor.dom.setAttrib( node, 'data-wpview-marker', null );
 					return;
 				}

wp-includes/js/media-audiovideo.js

@@ -704,7 +704,7 @@ VideoDetails = MediaDetails.extend({
 
 			if ( -1 === content.indexOf( attachment.get( 'url' ) ) ) {
 				content += [
-					'<track srclang="en" label="English"kind="subtitles" src="',
+					'<track srclang="en" label="English" kind="subtitles" src="',
 					attachment.get( 'url' ),
 					'" />'
 				].join('');

wp-includes/js/tinymce/plugins/wordpress/plugin.js

@@ -432,7 +432,7 @@ tinymce.PluginManager.add( 'wordpress', function( editor ) {
 			editor.shortcuts.add( 'access+' + key, '', command );
 		} );
 
-		editor.addShortcut( 'ctrl+s', '', function() {
+		editor.addShortcut( 'meta+s', '', function() {
 			if ( typeof wp !== 'undefined' && wp.autosave ) {
 				wp.autosave.server.triggerSave();
 			}

wp-includes/js/tinymce/plugins/wpview/plugin.js

@@ -152,19 +152,20 @@ tinymce.PluginManager.add( 'wpview', function( editor ) {
 		};
 	}
 
-	// Remove the content of view wrappers from HTML string
-	function emptyViews( content ) {
-		content = content.replace( /<div[^>]+data-wpview-text="([^"]+)"[^>]*>[\s\S]+?wpview-selection-after[^>]+>[^<>]*<\/p>\s*<\/div>/g, function( all, match ) {
-			return '<p>' + window.decodeURIComponent( match ) + '</p>';
-		});
+	function resetViewsCallback( match, viewText ) {
+		return '<p>' + window.decodeURIComponent( viewText ) + '</p>';
+	}
 
-		return content.replace( / data-wpview-marker="[^"]+"/g, '' );
+	// Replace the view tags with the view string
+	function resetViews( content ) {
+		return content.replace( /<div[^>]+data-wpview-text="([^"]+)"[^>]*>(?:[\s\S]+?wpview-selection-after[^>]+>[^<>]*<\/p>\s*|\.)<\/div>/g, resetViewsCallback )
+			.replace( /<p [^>]*?data-wpview-marker="([^"]+)"[^>]*>[\s\S]*?<\/p>/g, resetViewsCallback );
 	}
 
 	// Prevent adding undo levels on changes inside a view wrapper
 	editor.on( 'BeforeAddUndo', function( event ) {
 		if ( event.level.content ) {
-			event.level.content = emptyViews( event.level.content );
+			event.level.content = resetViews( event.level.content );
 		}
 	});
 
@@ -348,31 +349,29 @@ tinymce.PluginManager.add( 'wpview', function( editor ) {
 		}
 	});
 
-	function resetViews( rootNode ) {
-		// Replace view nodes
-		$( 'div[data-wpview-text]', rootNode ).each( function( i, node ) {
-			var $node = $( node ),
-				text = window.decodeURIComponent( $node.attr( 'data-wpview-text' ) || '' );
-
-			if ( text && node.parentNode ) {
-				$node.replaceWith( $( editor.dom.create('p') ).text( text ) );
-			}
+	// Empty the wpview wrap and marker nodes
+	function emptyViewNodes( rootNode ) {
+		$( 'div[data-wpview-text], p[data-wpview-marker]', rootNode ).each( function( i, node ) {
+			node.innerHTML = '.';
 		});
-
-		// Remove marker attributes
-		$( 'p[data-wpview-marker]', rootNode ).attr( 'data-wpview-marker', null );
 	}
 
+	// Run that before the DOM cleanup
 	editor.on( 'PreProcess', function( event ) {
-		// Replace the view nodes with their text in the DOM clone.
-		resetViews( event.node );
+		emptyViewNodes( event.node );
 	}, true );
 
 	editor.on( 'hide', function() {
-		// Replace the view nodes with their text directly in the editor body.
 		wp.mce.views.unbind();
 		deselect();
-		resetViews( editor.getBody() );
+		emptyViewNodes();
+	});
+
+	editor.on( 'PostProcess', function( event ) {
+		if ( event.content ) {
+			event.content = event.content.replace( /<div [^>]*?data-wpview-text="([^"]+)"[^>]*>[\s\S]*?<\/div>/g, resetViewsCallback )
+				.replace( /<p [^>]*?data-wpview-marker="([^"]+)"[^>]*>[\s\S]*?<\/p>/g, resetViewsCallback );
+		}
 	});
 
 	// Excludes arrow keys, delete, backspace, enter, space bar.

wp-includes/js/tinymce/tiny_mce_popup.js

@@ -78,7 +78,7 @@ var tinyMCEPopup = {
 		 * tinyMCEPopup.onInit.add(function(ed) {
 		 *     alert(ed.selection.getContent());
 		 * });
-		 * 
+		 *
 		 * // Executes the init method on page load in some object using the SomeObject scope
 		 * tinyMCEPopup.onInit.add(SomeObject.init, SomeObject);
 		 */
@@ -327,7 +327,7 @@ var tinyMCEPopup = {
 		}
 	},
 
-	// Internal functions	
+	// Internal functions
 
 	_restoreSelection : function() {
 		var e = window.event.srcElement;
@@ -359,7 +359,7 @@ var tinyMCEPopup = {
 				"browse": "Browse"
 			};
 
-			var langCode = tinymce.settings.language || 'en';
+			var langCode = (tinymce.settings ? tinymce.settings : t.editor.settings).language || 'en';
 			for (var key in map) {
 				tinymce.i18n.data[langCode + "." + key] = tinymce.i18n.translate(map[key]);
 			}
@@ -523,7 +523,7 @@ tinymce.util.Dispatcher = function(scope) {
 		var self = this, returnValue, args = arguments, i, listeners = self.listeners, listener;
 
 		self.inDispatch = true;
-		
+
 		// Needs to be a real loop since the listener count might change while looping
 		// And this is also more efficient
 		for (i = 0; i < listeners.length; i++) {

wp-includes/js/wp-emoji-loader.js

@@ -1,5 +1,5 @@
 ( function( window, document, settings ) {
-	var src;
+	var src, ready;
 
 	/**
 	 * Detect if the browser supports rendering emoji or flag emoji. Flag emoji are a single glyph
@@ -62,7 +62,28 @@
 		flag:   browserSupportsEmoji( 'flag' )
 	};
 
+	settings.DOMReady = false;
+	settings.readyCallback = function() {
+		settings.DOMReady = true;
+	};
+
 	if ( ! settings.supports.simple || ! settings.supports.flag ) {
+		ready = function() {
+			settings.readyCallback();
+		};
+
+		if ( document.addEventListener ) {
+			document.addEventListener( 'DOMContentLoaded', ready, false );
+			window.addEventListener( 'load', ready, false );
+		} else {
+			window.attachEvent( 'onload', ready );
+			document.attachEvent( 'onreadystatechange', function() {
+				if ( 'complete' === document.readyState ) {
+					settings.readyCallback();
+				}
+			} );
+		}
+
 		src = settings.source || {};
 
 		if ( src.concatemoji ) {

wp-includes/js/wp-emoji-loader.min.js

@@ -1 +1 @@
-!function(a,b,c){function d(a){var c=b.createElement("canvas"),d=c.getContext&&c.getContext("2d");return d&&d.fillText?(d.textBaseline="top",d.font="600 32px Arial","flag"===a?(d.fillText(String.fromCharCode(55356,56812,55356,56807),0,0),c.toDataURL().length>3e3):(d.fillText(String.fromCharCode(55357,56835),0,0),0!==d.getImageData(16,16,1,1).data[0])):!1}function e(a){var c=b.createElement("script");c.src=a,c.type="text/javascript",b.getElementsByTagName("head")[0].appendChild(c)}var f;c.supports={simple:d("simple"),flag:d("flag")},c.supports.simple&&c.supports.flag||(f=c.source||{},f.concatemoji?e(f.concatemoji):f.wpemoji&&f.twemoji&&(e(f.twemoji),e(f.wpemoji)))}(window,document,window._wpemojiSettings);
+!function(a,b,c){function d(a){var c=b.createElement("canvas"),d=c.getContext&&c.getContext("2d");return d&&d.fillText?(d.textBaseline="top",d.font="600 32px Arial","flag"===a?(d.fillText(String.fromCharCode(55356,56812,55356,56807),0,0),c.toDataURL().length>3e3):(d.fillText(String.fromCharCode(55357,56835),0,0),0!==d.getImageData(16,16,1,1).data[0])):!1}function e(a){var c=b.createElement("script");c.src=a,c.type="text/javascript",b.getElementsByTagName("head")[0].appendChild(c)}var f,g;c.supports={simple:d("simple"),flag:d("flag")},c.DOMReady=!1,c.readyCallback=function(){c.DOMReady=!0},c.supports.simple&&c.supports.flag||(g=function(){c.readyCallback()},b.addEventListener?(b.addEventListener("DOMContentLoaded",g,!1),a.addEventListener("load",g,!1)):(a.attachEvent("onload",g),b.attachEvent("onreadystatechange",function(){"complete"===b.readyState&&c.readyCallback()})),f=c.source||{},f.concatemoji?e(f.concatemoji):f.wpemoji&&f.twemoji&&(e(f.twemoji),e(f.wpemoji)))}(window,document,window._wpemojiSettings);

wp-includes/js/wp-emoji.js

@@ -3,24 +3,6 @@
 	function wpEmoji() {
 		var MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver,
 
-		/**
-		 * Flag to determine if the browser and the OS support emoji.
-		 *
-		 * @since 4.2.0
-		 *
-		 * @var Boolean
-		 */
-		supportsEmoji = false,
-
-		/**
-		 * Flag to determine if the browser and the OS support flag (two character) emoji.
-		 *
-		 * @since 4.2.0
-		 *
-		 * @var Boolean
-		 */
-		supportsFlagEmoji = false,
-
 		/**
 		 * Flag to determine if we should replace emoji characters with images.
 		 *
@@ -30,10 +12,9 @@
 		 */
 		replaceEmoji = false,
 
-		isIE8 = window.navigator.userAgent.indexOf( 'IE 8' ) !== -1,
-
 		// Private
 		twemoji, timer,
+		loaded = false,
 		count = 0;
 
 		/**
@@ -42,6 +23,10 @@
 		 * @since 4.2.0
 		 */
 		function load() {
+			if ( loaded ) {
+				return;
+			}
+
 			if ( typeof window.twemoji === 'undefined' ) {
 				// Break if waiting for longer than 30 sec.
 				if ( count > 600 ) {
@@ -57,25 +42,41 @@
 			}
 
 			twemoji = window.twemoji;
+			loaded = true;
 
 			if ( MutationObserver ) {
 				new MutationObserver( function( mutationRecords ) {
 					var i = mutationRecords.length,
-						ii, node;
+						addedNodes, removedNodes, ii, node;
 
 					while ( i-- ) {
-						ii = mutationRecords[ i ].addedNodes.length;
+						addedNodes = mutationRecords[ i ].addedNodes;
+						removedNodes = mutationRecords[ i ].removedNodes;
+						ii = addedNodes.length;
+
+						if (
+							ii === 1 && removedNodes.length === 1 &&
+							addedNodes[0].nodeType === 3 &&
+							removedNodes[0].nodeName === 'IMG' &&
+							addedNodes[0].data === removedNodes[0].alt
+						) {
+							return;
+						}
 
 						while ( ii-- ) {
-							node = mutationRecords[ i ].addedNodes[ ii ];
+							node = addedNodes[ ii ];
 
 							if ( node.nodeType === 3 ) {
 								node = node.parentNode;
 							}
 
-							if ( node && node.nodeType === 1 ) {
-								parse( node );
-							}
+							if ( ! node || node.nodeType !== 1 || ( 'ownerSVGElement' in node ) ||
+								( node.className && typeof node.className === 'string' && node.className.indexOf( 'wp-exclude-emoji' ) !== -1 ) ) {
+
+ 								continue;
+ 							}
+
+							parse( node );
 						}
 					}
 				} ).observe( document.body, {
@@ -96,7 +97,7 @@
 		 * @param {Object} args Additional options for Twemoji.
 		 */
 		function parse( object, args ) {
-			if ( ! replaceEmoji ) {
+			if ( ! replaceEmoji || ! twemoji ) {
 				return object;
 			}
 
@@ -121,7 +122,7 @@
 							return false;
 					}
 
-					if ( ! supportsFlagEmoji && supportsEmoji &&
+					if ( ! settings.supports.flag && settings.supports.simple &&
 						! /^1f1(?:e[6-9a-f]|f[0-9a-f])-1f1(?:e[6-9a-f]|f[0-9a-f])$/.test( icon ) ) {
 
 						return false;
@@ -132,29 +133,16 @@
 			} );
 		}
 
-		// Load when the readyState changes to 'interactive', not 'complete'.
-		function onLoad() {
-			if ( ( ! isIE8 && 'interactive' === document.readyState ) || ( isIE8 && 'complete' === document.readyState ) ) {
-				load();
-			}
-		}
-
 		/**
 		 * Initialize our emoji support, and set up listeners.
 		 */
 		if ( settings ) {
-			supportsEmoji = window._wpemojiSettings.supports.simple;
-			supportsFlagEmoji = window._wpemojiSettings.supports.flag;
-			replaceEmoji = ! supportsEmoji || ! supportsFlagEmoji;
+			replaceEmoji = ! settings.supports.simple || ! settings.supports.flag;
 
-			if ( ( ! isIE8 && 'loading' === document.readyState ) || ( isIE8 && 'complete' !== document.readyState ) ) {
-				if ( document.addEventListener ) {
-					document.addEventListener( 'readystatechange', onLoad, false );
-				} else if ( document.attachEvent ) {
-					document.attachEvent( 'onreadystatechange', onLoad );
-				}
-			} else {
+			if ( settings.DOMReady ) {
 				load();
+			} else {
+				settings.readyCallback = load;
 			}
 		}
 

wp-includes/js/wp-emoji.min.js

@@ -1 +1 @@
-!function(a,b){function c(){function c(){if("undefined"==typeof a.twemoji){if(m>600)return;return a.clearTimeout(g),g=a.setTimeout(c,50),void m++}f=a.twemoji,h&&new h(function(a){for(var b,c,e=a.length;e--;)for(b=a[e].addedNodes.length;b--;)c=a[e].addedNodes[b],3===c.nodeType&&(c=c.parentNode),c&&1===c.nodeType&&d(c)}).observe(document.body,{childList:!0,subtree:!0}),d(document.body)}function d(a,c){return k?(c=c||{},f.parse(a,{base:b.baseUrl,ext:b.ext,className:c.className||"emoji",imgAttr:c.imgAttr,callback:function(a,b){switch(a){case"a9":case"ae":case"2122":case"2194":case"2660":case"2663":case"2665":case"2666":return!1}return j||!i||/^1f1(?:e[6-9a-f]|f[0-9a-f])-1f1(?:e[6-9a-f]|f[0-9a-f])$/.test(a)?"".concat(b.base,a,b.ext):!1}})):a}function e(){(!l&&"interactive"===document.readyState||l&&"complete"===document.readyState)&&c()}var f,g,h=a.MutationObserver||a.WebKitMutationObserver||a.MozMutationObserver,i=!1,j=!1,k=!1,l=-1!==a.navigator.userAgent.indexOf("IE 8"),m=0;return b&&(i=a._wpemojiSettings.supports.simple,j=a._wpemojiSettings.supports.flag,k=!i||!j,!l&&"loading"===document.readyState||l&&"complete"!==document.readyState?document.addEventListener?document.addEventListener("readystatechange",e,!1):document.attachEvent&&document.attachEvent("onreadystatechange",e):c()),{replaceEmoji:k,parse:d}}a.wp=a.wp||{},a.wp.emoji=new c}(window,window._wpemojiSettings);
+!function(a,b){function c(){function c(){if(!i){if("undefined"==typeof a.twemoji){if(j>600)return;return a.clearTimeout(f),f=a.setTimeout(c,50),void j++}e=a.twemoji,i=!0,g&&new g(function(a){for(var b,c,e,f,g=a.length;g--;){if(b=a[g].addedNodes,c=a[g].removedNodes,e=b.length,1===e&&1===c.length&&3===b[0].nodeType&&"IMG"===c[0].nodeName&&b[0].data===c[0].alt)return;for(;e--;)f=b[e],3===f.nodeType&&(f=f.parentNode),!f||1!==f.nodeType||"ownerSVGElement"in f||f.className&&"string"==typeof f.className&&-1!==f.className.indexOf("wp-exclude-emoji")||d(f)}}).observe(document.body,{childList:!0,subtree:!0}),d(document.body)}}function d(a,c){return h&&e?(c=c||{},e.parse(a,{base:b.baseUrl,ext:b.ext,className:c.className||"emoji",imgAttr:c.imgAttr,callback:function(a,c){switch(a){case"a9":case"ae":case"2122":case"2194":case"2660":case"2663":case"2665":case"2666":return!1}return b.supports.flag||!b.supports.simple||/^1f1(?:e[6-9a-f]|f[0-9a-f])-1f1(?:e[6-9a-f]|f[0-9a-f])$/.test(a)?"".concat(c.base,a,c.ext):!1}})):a}var e,f,g=a.MutationObserver||a.WebKitMutationObserver||a.MozMutationObserver,h=!1,i=!1,j=0;return b&&(h=!b.supports.simple||!b.supports.flag,b.DOMReady?c():b.readyCallback=c),{replaceEmoji:h,parse:d}}a.wp=a.wp||{},a.wp.emoji=new c}(window,window._wpemojiSettings);

wp-includes/kses.php

@@ -528,6 +528,82 @@ function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
 	return wp_kses_split($string, $allowed_html, $allowed_protocols);
 }
 
+/**
+ * Filters one attribute only and ensures its value is allowed.
+ *
+ * This function has the advantage of being more secure than esc_attr() and can
+ * escape data in some situations where wp_kses() must strip the whole attribute.
+ *
+ * @since 4.2.3
+ *
+ * @param string $string The 'whole' attribute, including name and value.
+ * @param string $element The element name to which the attribute belongs.
+ * @return string Filtered attribute.
+ */
+function wp_kses_one_attr( $string, $element ) {
+	$uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
+	$allowed_html = wp_kses_allowed_html( 'post' );
+	$allowed_protocols = wp_allowed_protocols();
+	$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
+	$string = wp_kses_js_entities( $string );
+	$string = wp_kses_normalize_entities( $string );
+
+	// Preserve leading and trailing whitespace.
+	$matches = array();
+	preg_match('/^\s*/', $string, $matches);
+	$lead = $matches[0];
+	preg_match('/\s*$/', $string, $matches);
+	$trail = $matches[0];
+	if ( empty( $trail ) ) {
+		$string = substr( $string, strlen( $lead ) );
+	} else {
+		$string = substr( $string, strlen( $lead ), -strlen( $trail ) );
+	}
+	
+	// Parse attribute name and value from input.
+	$split = preg_split( '/\s*=\s*/', $string, 2 );
+	$name = $split[0];
+	if ( count( $split ) == 2 ) {
+		$value = $split[1];
+
+		// Remove quotes surrounding $value.
+		// Also guarantee correct quoting in $string for this one attribute.
+		if ( '' == $value ) {
+			$quote = '';
+		} else {
+			$quote = $value[0];
+		}
+		if ( '"' == $quote || "'" == $quote ) {
+			if ( substr( $value, -1 ) != $quote ) {
+				return '';
+			}
+			$value = substr( $value, 1, -1 );
+		} else {
+			$quote = '"';
+		}
+
+		// Sanitize quotes and angle braces.
+		$value = htmlspecialchars( $value, ENT_QUOTES, null, false );
+
+		// Sanitize URI values.
+		if ( in_array( strtolower( $name ), $uris ) ) {
+			$value = wp_kses_bad_protocol( $value, $allowed_protocols );
+		}
+
+		$string = "$name=$quote$value$quote";
+		$vless = 'n';
+	} else {
+		$value = '';
+		$vless = 'y';
+	}
+	
+	// Sanitize attribute by name.
+	wp_kses_attr_check( $name, $value, $string, $vless, $element, $allowed_html );
+
+	// Restore whitespace.
+	return $lead . $string . $trail;
+}
+
 /**
  * Return a list of allowed tags and attributes for a given context.
  *
@@ -748,45 +824,11 @@ function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
 	// Go through $attrarr, and save the allowed attributes for this element
 	// in $attr2
 	$attr2 = '';
-
-	$allowed_attr = $allowed_html[strtolower($element)];
-	foreach ($attrarr as $arreach) {
-		if ( ! isset( $allowed_attr[strtolower($arreach['name'])] ) )
-			continue; // the attribute is not allowed
-
-		$current = $allowed_attr[strtolower($arreach['name'])];
-		if ( $current == '' )
-			continue; // the attribute is not allowed
-
-		if ( strtolower( $arreach['name'] ) == 'style' ) {
-			$orig_value = $arreach['value'];
-			$value = safecss_filter_attr( $orig_value );
-
-			if ( empty( $value ) )
-				continue;
-
-			$arreach['value'] = $value;
-			$arreach['whole'] = str_replace( $orig_value, $value, $arreach['whole'] );
-		}
-
-		if ( ! is_array($current) ) {
+	foreach ( $attrarr as $arreach ) {
+		if ( wp_kses_attr_check( $arreach['name'], $arreach['value'], $arreach['whole'], $arreach['vless'], $element, $allowed_html ) ) {
 			$attr2 .= ' '.$arreach['whole'];
-		// there are no checks
-
-		} else {
-			// there are some checks
-			$ok = true;
-			foreach ($current as $currkey => $currval) {
-				if ( ! wp_kses_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval) ) {
-					$ok = false;
-					break;
-				}
-			}
-
-			if ( $ok )
-				$attr2 .= ' '.$arreach['whole']; // it passed them
-		} // if !is_array($current)
-	} // foreach
+		}
+	}
 
 	// Remove any "<" or ">" characters
 	$attr2 = preg_replace('/[<>]/', '', $attr2);
@@ -794,6 +836,53 @@ function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
 	return "<$element$attr2$xhtml_slash>";
 }
 
+/**
+ * Determine whether an attribute is allowed.
+ *
+ * @since 4.2.3
+ *
+ * @param string $name The attribute name. Returns empty string when not allowed.
+ * @param string $value The attribute value. Returns a filtered value.
+ * @param string $whole The name=value input. Returns filtered input.
+ * @param string $vless 'y' when attribute like "enabled", otherwise 'n'.
+ * @param string $element The name of the element to which this attribute belongs.
+ * @param array $allowed_html The full list of allowed elements and attributes.
+ * @return bool Is the attribute allowed?
+ */
+function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) {
+	$allowed_attr = $allowed_html[strtolower( $element )];
+
+	$name_low = strtolower( $name );
+	if ( ! isset( $allowed_attr[$name_low] ) || '' == $allowed_attr[$name_low] ) {
+		$name = $value = $whole = '';
+		return false;
+	}
+
+	if ( 'style' == $name_low ) {
+		$new_value = safecss_filter_attr( $value );
+
+		if ( empty( $new_value ) ) {
+			$name = $value = $whole = '';
+			return false;
+		}
+
+		$whole = str_replace( $value, $new_value, $whole );
+		$value = $new_value;
+	}
+
+	if ( is_array( $allowed_attr[$name_low] ) ) {
+		// there are some checks
+		foreach ( $allowed_attr[$name_low] as $currkey => $currval ) {
+			if ( ! wp_kses_check_attr_val( $value, $vless, $currkey, $currval ) ) {
+				$name = $value = $whole = '';
+				return false;
+			}
+		}
+	}
+
+	return true;
+}
+
 /**
  * Builds an attribute list from string containing attributes.
  *
@@ -923,6 +1012,109 @@ function wp_kses_hair($attr, $allowed_protocols) {
 	return $attrarr;
 }
 
+/**
+ * Finds all attributes of an HTML element.
+ *
+ * Does not modify input.  May return "evil" output.
+ *
+ * Based on wp_kses_split2() and wp_kses_attr()
+ *
+ * @since 4.2.3
+ *
+ * @param string $element HTML element/tag
+ * @return array|bool List of attributes found in $element. Returns false on failure.
+ */
+function wp_kses_attr_parse( $element ) {
+	$valid = preg_match('%^(<\s*)(/\s*)?([a-zA-Z0-9]+\s*)([^>]*)(>?)$%', $element, $matches);
+	if ( 1 !== $valid ) {
+		return false;
+	}
+
+	$begin =  $matches[1];
+	$slash =  $matches[2];
+	$elname = $matches[3];
+	$attr =   $matches[4];
+	$end =    $matches[5];
+
+	if ( '' !== $slash ) {
+		// Closing elements do not get parsed.
+		return false;
+	}
+
+	// Is there a closing XHTML slash at the end of the attributes?
+	if ( 1 === preg_match( '%\s*/\s*$%', $attr, $matches ) ) {
+		$xhtml_slash = $matches[0];
+		$attr = substr( $attr, 0, -strlen( $xhtml_slash ) );
+	} else {
+		$xhtml_slash = '';
+	}
+	
+	// Split it
+	$attrarr = wp_kses_hair_parse( $attr );
+	if ( false === $attrarr ) {
+		return false;
+	}
+
+	// Make sure all input is returned by adding front and back matter.
+	array_unshift( $attrarr, $begin . $slash . $elname );
+	array_push( $attrarr, $xhtml_slash . $end );
+	
+	return $attrarr;
+}
+
+/**
+ * Builds an attribute list from string containing attributes.
+ *
+ * Does not modify input.  May return "evil" output.
+ * In case of unexpected input, returns false instead of stripping things.
+ *
+ * Based on wp_kses_hair() but does not return a multi-dimensional array.
+ *
+ * @since 4.2.3
+ *
+ * @param string $attr Attribute list from HTML element to closing HTML element tag
+ * @return array|bool List of attributes found in $attr. Returns false on failure.
+ */
+function wp_kses_hair_parse( $attr ) {
+	if ( '' === $attr ) {
+		return array();
+	}
+
+	$regex =
+	  '(?:'
+	.     '[-a-zA-Z:]+'   // Attribute name.
+	. '|'
+	.     '\[\[?[^\[\]]+\]\]?' // Shortcode in the name position implies unfiltered_html.
+	. ')'
+	. '(?:'               // Attribute value.
+	.     '\s*=\s*'       // All values begin with '='
+	.     '(?:'
+	.         '"[^"]*"'   // Double-quoted
+	.     '|'
+	.         "'[^']*'"   // Single-quoted
+	.     '|'
+	.         '[^\s"\']+' // Non-quoted
+	.         '(?:\s|$)'  // Must have a space
+	.     ')'
+	. '|'
+	.     '(?:\s|$)'      // If attribute has no value, space is required.
+	. ')'
+	. '\s*';              // Trailing space is optional except as mentioned above.
+
+	// Although it is possible to reduce this procedure to a single regexp,
+	// we must run that regexp twice to get exactly the expected result.
+
+	$validation = "%^($regex)+$%";
+	$extraction = "%$regex%";
+
+	if ( 1 === preg_match( $validation, $attr ) ) {
+		preg_match_all( $extraction, $attr, $attrarr );
+		return $attrarr[0];
+	} else {
+		return false;
+	}
+}
+
 /**
  * Performs different checks for attribute values.
  *

wp-includes/l10n.php

@@ -763,11 +763,15 @@ function translate_user_role( $name ) {
 function get_available_languages( $dir = null ) {
 	$languages = array();
 
-	foreach( (array)glob( ( is_null( $dir) ? WP_LANG_DIR : $dir ) . '/*.mo' ) as $lang_file ) {
-		$lang_file = basename($lang_file, '.mo');
-		if ( 0 !== strpos( $lang_file, 'continents-cities' ) && 0 !== strpos( $lang_file, 'ms-' ) &&
-			0 !== strpos( $lang_file, 'admin-' ))
-			$languages[] = $lang_file;
+	$lang_files = glob( ( is_null( $dir) ? WP_LANG_DIR : $dir ) . '/*.mo' );
+	if ( $lang_files ) {
+		foreach( $lang_files as $lang_file ) {
+			$lang_file = basename( $lang_file, '.mo' );
+			if ( 0 !== strpos( $lang_file, 'continents-cities' ) && 0 !== strpos( $lang_file, 'ms-' ) &&
+				0 !== strpos( $lang_file, 'admin-' ) ) {
+				$languages[] = $lang_file;
+			}
+		}
 	}
 
 	return $languages;

wp-includes/media.php

@@ -847,6 +847,8 @@ function img_caption_shortcode( $attr, $content = null ) {
 			$content = $matches[1];
 			$attr['caption'] = trim( $matches[2] );
 		}
+	} elseif ( strpos( $attr['caption'], '<' ) !== false ) {
+		$attr['caption'] = wp_kses( $attr['caption'], 'post' );
 	}
 
 	/**

wp-includes/pluggable.php

@@ -1218,7 +1218,7 @@ function wp_sanitize_redirect($location) {
 			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
 			|   [\xF1-\xF3][\x80-\xBF]{3}
 			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
-		){1,50}                              # ...one or more times
+		){1,40}                              # ...one or more times
 		)/x';
 	$location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location );
 	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);

wp-includes/post.php

@@ -2905,10 +2905,11 @@ function wp_untrash_post_comments( $post = null ) {
 
 	foreach ( $group_by_status as $status => $comments ) {
 		// Sanity check. This shouldn't happen.
-		if ( 'post-trashed' == $status )
+		if ( 'post-trashed' == $status ) {
 			$status = '0';
-		$comments_in = implode( "', '", $comments );
-		$wpdb->query( "UPDATE $wpdb->comments SET comment_approved = '$status' WHERE comment_ID IN ('" . $comments_in . "')" );
+		}
+		$comments_in = implode( ', ', array_map( 'intval', $comments ) );
+		$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->comments SET comment_approved = %s WHERE comment_ID IN ($comments_in)", $status ) );
 	}
 
 	clean_comment_cache( array_keys($statuses) );
@@ -4992,12 +4993,9 @@ function wp_get_attachment_url( $post_id = 0 ) {
 		$url = get_the_guid( $post->ID );
 	}
 
-	/*
-	 * If currently on SSL, prefer HTTPS URLs when we know they're supported by the domain
-	 * (which is to say, when they share the domain name of the current SSL page).
-	 */
-	if ( is_ssl() && 'https' !== substr( $url, 0, 5 ) && parse_url( $url, PHP_URL_HOST ) === $_SERVER['HTTP_HOST'] ) {
-		$url = set_url_scheme( $url, 'https' );
+	// On SSL front-end, URLs should be HTTPS.
+	if ( is_ssl() && ! is_admin() && 'wp-login.php' !== $GLOBALS['pagenow'] ) {
+		$url = set_url_scheme( $url );
 	}
 
 	/**

wp-includes/shortcodes.php

@@ -184,9 +184,10 @@ function has_shortcode( $content, $tag ) {
  * @global array $shortcode_tags List of shortcode tags and their callback hooks.
  *
  * @param string $content Content to search for shortcodes.
+ * @param bool $ignore_html When true, shortcodes inside HTML elements will be skipped.
  * @return string Content with shortcodes filtered out.
  */
-function do_shortcode($content) {
+function do_shortcode( $content, $ignore_html = false ) {
 	global $shortcode_tags;
 
 	if ( false === strpos( $content, '[' ) ) {
@@ -196,8 +197,24 @@ function do_shortcode($content) {
 	if (empty($shortcode_tags) || !is_array($shortcode_tags))
 		return $content;
 
+	$tagnames = array_keys($shortcode_tags);
+	$tagregexp = join( '|', array_map('preg_quote', $tagnames) );
+	$pattern = "/\\[($tagregexp)/s";
+
+	if ( 1 !== preg_match( $pattern, $content ) ) {
+		// Avoids parsing HTML when there are no shortcodes or embeds anyway.
+		return $content;
+	}
+
+	$content = do_shortcodes_in_html_tags( $content, $ignore_html );
+
 	$pattern = get_shortcode_regex();
-	return preg_replace_callback( "/$pattern/s", 'do_shortcode_tag', $content );
+	$content = preg_replace_callback( "/$pattern/s", 'do_shortcode_tag', $content );
+	
+	// Always restore square braces so we don't break things like <!--[if IE ]>
+	$content = unescape_invalid_shortcodes( $content );
+	
+	return $content;
 }
 
 /**
@@ -290,6 +307,127 @@ function do_shortcode_tag( $m ) {
 	}
 }
 
+/**
+ * Search only inside HTML elements for shortcodes and process them.
+ *
+ * Any [ or ] characters remaining inside elements will be HTML encoded
+ * to prevent interference with shortcodes that are outside the elements.
+ * Assumes $content processed by KSES already.  Users with unfiltered_html
+ * capability may get unexpected output if angle braces are nested in tags.
+ *
+ * @since 4.2.3
+ *
+ * @param string $content Content to search for shortcodes
+ * @param bool $ignore_html When true, all square braces inside elements will be encoded.
+ * @return string Content with shortcodes filtered out.
+ */
+function do_shortcodes_in_html_tags( $content, $ignore_html ) {
+	// Normalize entities in unfiltered HTML before adding placeholders.
+	$trans = array( '&#91;' => '&#091;', '&#93;' => '&#093;' );
+	$content = strtr( $content, $trans );
+	$trans = array( '[' => '&#91;', ']' => '&#93;' );
+	
+	$pattern = get_shortcode_regex();
+	$textarr = wp_html_split( $content );
+
+	foreach ( $textarr as &$element ) {
+		if ( '' == $element || '<' !== $element[0] ) {
+			continue;
+		}
+
+		$noopen = false === strpos( $element, '[' );
+		$noclose = false === strpos( $element, ']' );
+		if ( $noopen || $noclose ) {
+			// This element does not contain shortcodes.
+			if ( $noopen xor $noclose ) {
+				// Need to encode stray [ or ] chars.
+				$element = strtr( $element, $trans );
+			}
+			continue;
+		}
+
+		if ( $ignore_html || '<!--' === substr( $element, 0, 4 ) || '<![CDATA[' === substr( $element, 0, 9 ) ) {
+			// Encode all [ and ] chars.
+			$element = strtr( $element, $trans );
+			continue;
+		}
+
+		$attributes = wp_kses_attr_parse( $element );
+		if ( false === $attributes ) {
+			// Some plugins are doing things like [name] <[email]>.
+			if ( 1 === preg_match( '%^<\s*\[\[?[^\[\]]+\]%', $element ) ) {
+				$element = preg_replace_callback( "/$pattern/s", 'do_shortcode_tag', $element );
+			}
+
+			// Looks like we found some crazy unfiltered HTML.  Skipping it for sanity.
+			$element = strtr( $element, $trans );
+			continue;
+		}
+		
+		// Get element name
+		$front = array_shift( $attributes );
+		$back = array_pop( $attributes );
+		$matches = array();
+		preg_match('%[a-zA-Z0-9]+%', $front, $matches);
+		$elname = $matches[0];
+		
+		// Look for shortcodes in each attribute separately.
+		foreach ( $attributes as &$attr ) {
+			$open = strpos( $attr, '[' );
+			$close = strpos( $attr, ']' );
+			if ( false === $open || false === $close ) {
+				continue; // Go to next attribute.  Square braces will be escaped at end of loop.
+			}
+			$double = strpos( $attr, '"' );
+			$single = strpos( $attr, "'" );
+			if ( ( false === $single || $open < $single ) && ( false === $double || $open < $double ) ) {
+				// $attr like '[shortcode]' or 'name = [shortcode]' implies unfiltered_html.
+				// In this specific situation we assume KSES did not run because the input
+				// was written by an administrator, so we should avoid changing the output
+				// and we do not need to run KSES here.
+				$attr = preg_replace_callback( "/$pattern/s", 'do_shortcode_tag', $attr );
+			} else {
+				// $attr like 'name = "[shortcode]"' or "name = '[shortcode]'"
+				// We do not know if $content was unfiltered. Assume KSES ran before shortcodes.
+				$count = 0;
+				$new_attr = preg_replace_callback( "/$pattern/s", 'do_shortcode_tag', $attr, -1, $count );
+				if ( $count > 0 ) {
+					// Sanitize the shortcode output using KSES.
+					$new_attr = wp_kses_one_attr( $new_attr, $elname );
+					if ( '' !== $new_attr ) {
+						// The shortcode is safe to use now.
+						$attr = $new_attr;
+					}
+				}
+			}
+		}
+		$element = $front . implode( '', $attributes ) . $back;
+		
+		// Now encode any remaining [ or ] chars.
+		$element = strtr( $element, $trans );
+	}
+	
+	$content = implode( '', $textarr );
+	
+	return $content;
+}
+
+/**
+ * Remove placeholders added by do_shortcodes_in_html_tags().
+ *
+ * @since 4.2.3
+ *
+ * @param string $content Content to search for placeholders.
+ * @return string Content with placeholders removed.
+ */
+function unescape_invalid_shortcodes( $content ) {
+        // Clean up entire string, avoids re-parsing HTML.
+        $trans = array( '&#91;' => '[', '&#93;' => ']' );
+        $content = strtr( $content, $trans );
+        
+        return $content;
+}
+
 /**
  * Retrieve all attributes from the shortcodes tag.
  *
@@ -319,6 +457,15 @@ function shortcode_parse_atts($text) {
 			elseif (isset($m[8]))
 				$atts[] = stripcslashes($m[8]);
 		}
+
+		// Reject any unclosed HTML elements
+		foreach( $atts as &$value ) {
+			if ( false !== strpos( $value, '<' ) ) {
+				if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) {
+					$value = '';
+				}
+			}
+		}
 	} else {
 		$atts = ltrim($text);
 	}
@@ -389,9 +536,15 @@ function strip_shortcodes( $content ) {
 	if (empty($shortcode_tags) || !is_array($shortcode_tags))
 		return $content;
 
-	$pattern = get_shortcode_regex();
+	$content = do_shortcodes_in_html_tags( $content, true );
 
-	return preg_replace_callback( "/$pattern/s", 'strip_shortcode_tag', $content );
+	$pattern = get_shortcode_regex();
+	$content = preg_replace_callback( "/$pattern/s", 'strip_shortcode_tag', $content );
+
+	// Always restore square braces so we don't break things like <!--[if IE ]>
+	$content = unescape_invalid_shortcodes( $content );
+	
+	return $content;
 }
 
 function strip_shortcode_tag( $m ) {

wp-includes/taxonomy.php

@@ -3926,7 +3926,7 @@ function _get_term_hierarchy($taxonomy) {
  * @param string $taxonomy  The taxonomy which determines the hierarchy of the terms.
  * @param array  $ancestors Term ancestors that have already been identified. Passed by reference, to keep track of
  *                          found terms when recursing the hierarchy. The array of located ancestors is used to prevent
- *                          infinite recursion loops.
+ *                          infinite recursion loops. For performance, term_ids are used as array keys, with 1 as value.
  * @return array The subset of $terms that are descendants of $term_id.
  */
 function _get_term_children( $term_id, $terms, $taxonomy, &$ancestors = array() ) {
@@ -3942,7 +3942,7 @@ function _get_term_children( $term_id, $terms, $taxonomy, &$ancestors = array()
 
 	// Include the term itself in the ancestors array, so we can properly detect when a loop has occurred.
 	if ( empty( $ancestors ) ) {
-		$ancestors[] = $term_id;
+		$ancestors[ $term_id ] = 1;
 	}
 
 	foreach ( (array) $terms as $term ) {
@@ -3955,7 +3955,7 @@ function _get_term_children( $term_id, $terms, $taxonomy, &$ancestors = array()
 		}
 
 		// Don't recurse if we've already identified the term as a child - this indicates a loop.
-		if ( in_array( $term->term_id, $ancestors ) ) {
+		if ( isset( $ancestors[ $term->term_id ] ) ) {
 			continue;
 		}
 
@@ -3968,11 +3968,7 @@ function _get_term_children( $term_id, $terms, $taxonomy, &$ancestors = array()
 			if ( !isset($has_children[$term->term_id]) )
 				continue;
 
-			if ( $use_id ) {
-				$ancestors = array_merge( $ancestors, $term_list );
-			} else {
-				$ancestors = array_merge( $ancestors, wp_list_pluck( $term_list, 'term_id' ) );
-			}
+			$ancestors[ $term->term_id ] = 1;
 
 			if ( $children = _get_term_children( $term->term_id, $terms, $taxonomy, $ancestors) )
 				$term_list = array_merge($term_list, $children);

wp-includes/theme.php

@@ -673,8 +673,6 @@ function preview_theme() {
 
 	// Prevent theme mods to current theme being used on theme being previewed
 	add_filter( 'pre_option_theme_mods_' . get_option( 'stylesheet' ), '__return_empty_array' );
-
-	ob_start( 'preview_theme_ob_filter' );
 }
 
 /**
@@ -711,7 +709,7 @@ function _preview_theme_stylesheet_filter() {
  * @return string
  */
 function preview_theme_ob_filter( $content ) {
-	return preg_replace_callback( "|(<a.*?href=([\"']))(.*?)([\"'].*?>)|", 'preview_theme_ob_filter_callback', $content );
+	return $content;
 }
 
 /**
@@ -726,26 +724,7 @@ function preview_theme_ob_filter( $content ) {
  * @return string
  */
 function preview_theme_ob_filter_callback( $matches ) {
-	if ( strpos($matches[4], 'onclick') !== false )
-		$matches[4] = preg_replace('#onclick=([\'"]).*?(?<!\\\)\\1#i', '', $matches[4]); //Strip out any onclicks from rest of <a>. (?<!\\\) means to ignore the '" if it's escaped by \  to prevent breaking mid-attribute.
-	if (
-		( false !== strpos($matches[3], '/wp-admin/') )
-	||
-		( false !== strpos( $matches[3], '://' ) && 0 !== strpos( $matches[3], home_url() ) )
-	||
-		( false !== strpos($matches[3], '/feed/') )
-	||
-		( false !== strpos($matches[3], '/trackback/') )
-	)
-		return $matches[1] . "#$matches[2] onclick=$matches[2]return false;" . $matches[4];
-
-	$stylesheet = isset( $_GET['stylesheet'] ) ? $_GET['stylesheet'] : '';
-	$template   = isset( $_GET['template'] )   ? $_GET['template']   : '';
-
-	$link = add_query_arg( array( 'preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'preview_iframe' => 1 ), $matches[3] );
-	if ( 0 === strpos($link, 'preview=1') )
-		$link = "?$link";
-	return $matches[1] . esc_attr( $link ) . $matches[4];
+	return $matches[0];
 }
 
 /**

wp-includes/version.php

@@ -4,21 +4,21 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.2-RC4-32277';
+$wp_version = '4.2.5';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
  *
  * @global int $wp_db_version
  */
-$wp_db_version = 31532;
+$wp_db_version = 31536;
 
 /**
  * Holds the TinyMCE version
  *
  * @global string $tinymce_version
  */
-$tinymce_version = '4109-20150406';
+$tinymce_version = '4109-20150505';
 
 /**
  * Holds the required PHP version

wp-includes/wp-db.php

@@ -738,8 +738,7 @@ class wpdb {
 			$this->charset = DB_CHARSET;
 		}
 
-		if ( ( $this->use_mysqli && ! ( $this->dbh instanceof mysqli ) )
-		  || ( empty( $this->dbh ) || ! ( $this->dbh instanceof mysqli ) ) ) {
+		if ( ( $this->use_mysqli && ! ( $this->dbh instanceof mysqli ) ) || empty( $this->dbh ) ) {
 			return;
 		}
 
@@ -1809,6 +1808,8 @@ class wpdb {
 	 * @return int|false The number of rows affected, or false on error.
 	 */
 	function _insert_replace_helper( $table, $data, $format = null, $type = 'INSERT' ) {
+		$this->insert_id = 0;
+
 		if ( ! in_array( strtoupper( $type ), array( 'REPLACE', 'INSERT' ) ) ) {
 			return false;
 		}
@@ -1829,7 +1830,6 @@ class wpdb {
 
 		$sql = "$type INTO `$table` ($fields) VALUES ($formats)";
 
-		$this->insert_id = 0;
 		$this->check_current_query = false;
 		return $this->query( $this->prepare( $sql, $values ) );
 	}
@@ -1946,11 +1946,20 @@ class wpdb {
 	 */
 	protected function process_fields( $table, $data, $format ) {
 		$data = $this->process_field_formats( $data, $format );
+		if ( false === $data ) {
+			return false;
+		}
+
 		$data = $this->process_field_charsets( $data, $table );
 		if ( false === $data ) {
 			return false;
 		}
 
+		$data = $this->process_field_lengths( $data, $table );
+		if ( false === $data ) {
+			return false;
+		}
+
 		$converted_data = $this->strip_invalid_text( $data );
 
 		if ( $data !== $converted_data ) {
@@ -2012,17 +2021,41 @@ class wpdb {
 				// We can skip this field if we know it isn't a string.
 				// This checks %d/%f versus ! %s because it's sprintf() could take more.
 				$value['charset'] = false;
-			} elseif ( $this->check_ascii( $value['value'] ) ) {
-				// If it's ASCII, then we don't need the charset. We can skip this field.
-				$value['charset'] = false;
 			} else {
 				$value['charset'] = $this->get_col_charset( $table, $field );
 				if ( is_wp_error( $value['charset'] ) ) {
 					return false;
 				}
+			}
 
-				// This isn't ASCII. Don't have strip_invalid_text() re-check.
-				$value['ascii'] = false;
+			$data[ $field ] = $value;
+		}
+
+		return $data;
+	}
+
+	/**
+	 * For string fields, record the maximum string length that field can safely save.
+	 *
+	 * @since 4.2.1
+	 * @access protected
+	 *
+	 * @param array  $data  As it comes from the wpdb::process_field_charsets() method.
+	 * @param string $table Table name.
+	 * @return array|False The same array as $data with additional 'length' keys, or false if
+	 *                     any of the values were too long for their corresponding field.
+	 */
+	protected function process_field_lengths( $data, $table ) {
+		foreach ( $data as $field => $value ) {
+			if ( '%d' === $value['format'] || '%f' === $value['format'] ) {
+				// We can skip this field if we know it isn't a string.
+				// This checks %d/%f versus ! %s because it's sprintf() could take more.
+				$value['length'] = false;
+			} else {
+				$value['length'] = $this->get_col_length( $table, $field );
+				if ( is_wp_error( $value['length'] ) ) {
+					return false;
+				}
 			}
 
 			$data[ $field ] = $value;
@@ -2048,7 +2081,7 @@ class wpdb {
 	public function get_var( $query = null, $x = 0, $y = 0 ) {
 		$this->func_call = "\$db->get_var(\"$query\", $x, $y)";
 
-		if ( $this->check_safe_collation( $query ) ) {
+		if ( $this->check_current_query && $this->check_safe_collation( $query ) ) {
 			$this->check_current_query = false;
 		}
 
@@ -2081,7 +2114,7 @@ class wpdb {
 	public function get_row( $query = null, $output = OBJECT, $y = 0 ) {
 		$this->func_call = "\$db->get_row(\"$query\",$output,$y)";
 
-		if ( $this->check_safe_collation( $query ) ) {
+		if ( $this->check_current_query && $this->check_safe_collation( $query ) ) {
 			$this->check_current_query = false;
 		}
 
@@ -2122,7 +2155,7 @@ class wpdb {
 	 * @return array Database query result. Array indexed from 0 by SQL result row number.
 	 */
 	public function get_col( $query = null , $x = 0 ) {
-		if ( $this->check_safe_collation( $query ) ) {
+		if ( $this->check_current_query && $this->check_safe_collation( $query ) ) {
 			$this->check_current_query = false;
 		}
 
@@ -2154,7 +2187,7 @@ class wpdb {
 	public function get_results( $query = null, $output = OBJECT ) {
 		$this->func_call = "\$db->get_results(\"$query\", $output)";
 
-		if ( $this->check_safe_collation( $query ) ) {
+		if ( $this->check_current_query && $this->check_safe_collation( $query ) ) {
 			$this->check_current_query = false;
 		}
 
@@ -2232,7 +2265,10 @@ class wpdb {
 		}
 
 		$charsets = $columns = array();
-		$results = $this->get_results( "SHOW FULL COLUMNS FROM `$table`" );
+
+		$table_parts = explode( '.', $table );
+		$table = '`' . implode( '`.`', $table_parts ) . '`';
+		$results = $this->get_results( "SHOW FULL COLUMNS FROM $table" );
 		if ( ! $results ) {
 			return new WP_Error( 'wpdb_get_table_charset_failure' );
 		}
@@ -2361,6 +2397,99 @@ class wpdb {
 		return $charset;
 	}
 
+	/**
+	 * Retrieve the maximum string length allowed in a given column.
+	 * The length may either be specified as a byte length or a character length.
+	 *
+	 * @since 4.2.1
+	 * @access public
+	 *
+	 * @param string $table  Table name.
+	 * @param string $column Column name.
+	 * @return mixed array( 'length' => (int), 'type' => 'byte' | 'char' )
+	 *               false if the column has no length (for example, numeric column)
+	 *               WP_Error object if there was an error.
+	 */
+	public function get_col_length( $table, $column ) {
+		$tablekey = strtolower( $table );
+		$columnkey = strtolower( $column );
+
+		// Skip this entirely if this isn't a MySQL database.
+		if ( false === $this->is_mysql ) {
+			return false;
+		}
+
+		if ( empty( $this->col_meta[ $tablekey ] ) ) {
+			// This primes column information for us.
+			$table_charset = $this->get_table_charset( $table );
+			if ( is_wp_error( $table_charset ) ) {
+				return $table_charset;
+			}
+		}
+
+		if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) {
+			return false;
+		}
+
+		$typeinfo = explode( '(', $this->col_meta[ $tablekey ][ $columnkey ]->Type );
+
+		$type = strtolower( $typeinfo[0] );
+		if ( ! empty( $typeinfo[1] ) ) {
+			$length = trim( $typeinfo[1], ')' );
+		} else {
+			$length = false;
+		}
+
+		switch( $type ) {
+			case 'char':
+			case 'varchar':
+				return array(
+					'type'   => 'char',
+					'length' => (int) $length,
+				);
+				break;
+			case 'binary':
+			case 'varbinary':
+				return array(
+					'type'   => 'byte',
+					'length' => (int) $length,
+				);
+				break;
+			case 'tinyblob':
+			case 'tinytext':
+				return array(
+					'type'   => 'byte',
+					'length' => 255,        // 2^8 - 1
+				);
+				break;
+			case 'blob':
+			case 'text':
+				return array(
+					'type'   => 'byte',
+					'length' => 65535,      // 2^16 - 1
+				);
+				break;
+			case 'mediumblob':
+			case 'mediumtext':
+				return array(
+					'type'   => 'byte',
+					'length' => 16777215,   // 2^24 - 1
+				);
+				break;
+			case 'longblob':
+			case 'longtext':
+				return array(
+					'type'   => 'byte',
+					'length' => 4294967295, // 2^32 - 1
+				);
+				break;
+			default:
+				return false;
+		}
+
+		return false;
+	}
+
 	/**
 	 * Check if a string is ASCII.
 	 *
@@ -2401,7 +2530,7 @@ class wpdb {
 
 		// We don't need to check the collation for queries that don't read data.
 		$query = ltrim( $query, "\r\n\t (" );
-		if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN)\s/i', $query ) ) {
+		if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $query ) ) {
 			return true;
 		}
 
@@ -2458,50 +2587,58 @@ class wpdb {
 	 *                        remove invalid characters, a WP_Error object is returned.
 	 */
 	protected function strip_invalid_text( $data ) {
-		// Some multibyte character sets that we can check in PHP.
-		$mb_charsets = array(
-			'ascii'   => 'ASCII',
-			'big5'    => 'BIG-5',
-			'eucjpms' => 'eucJP-win',
-			'gb2312'  => 'EUC-CN',
-			'ujis'    => 'EUC-JP',
-			'utf32'   => 'UTF-32',
-		);
-
-		$supported_charsets = array();
-		if ( function_exists( 'mb_list_encodings' ) ) {
-			$supported_charsets = mb_list_encodings();
-		}
-
 		$db_check_string = false;
 
 		foreach ( $data as &$value ) {
 			$charset = $value['charset'];
 
-			// Column isn't a string, or is latin1, which will will happily store anything.
-			if ( false === $charset || 'latin1' === $charset ) {
+			if ( is_array( $value['length'] ) ) {
+				$length = $value['length']['length'];
+				$truncate_by_byte_length = 'byte' === $value['length']['type'];
+			} else {
+				$length = false;
+				// Since we have no length, we'll never truncate.
+				// Initialize the variable to false. true would take us
+				// through an unnecessary (for this case) codepath below.
+				$truncate_by_byte_length = false;
+			}
+
+			// There's no charset to work with.
+			if ( false === $charset ) {
 				continue;
 			}
 
+			// Column isn't a string.
 			if ( ! is_string( $value['value'] ) ) {
 				continue;
 			}
 
-			// ASCII is always OK.
-			if ( ! isset( $value['ascii'] ) && $this->check_ascii( $value['value'] ) ) {
-				continue;
+			$needs_validation = true;
+			if (
+				// latin1 can store any byte sequence
+				'latin1' === $charset
+			||
+				// ASCII is always OK.
+				( ! isset( $value['ascii'] ) && $this->check_ascii( $value['value'] ) )
+			) {
+				$truncate_by_byte_length = true;
+				$needs_validation = false;
 			}
 
-			// Convert the text locally.
-			if ( $supported_charsets ) {
-				if ( isset( $mb_charsets[ $charset ] ) && in_array( $mb_charsets[ $charset ], $supported_charsets ) ) {
-					$value['value'] = mb_convert_encoding( $value['value'], $mb_charsets[ $charset ], $mb_charsets[ $charset ] );
+			if ( $truncate_by_byte_length ) {
+				mbstring_binary_safe_encoding();
+				if ( false !== $length && strlen( $value['value'] ) > $length ) {
+					$value['value'] = substr( $value['value'], 0, $length );
+				}
+				reset_mbstring_encoding();
+
+				if ( ! $needs_validation ) {
 					continue;
 				}
 			}
 
 			// utf8 can be handled by regex, which is a bunch faster than a DB lookup.
-			if ( 'utf8' === $charset || 'utf8mb3' === $charset || 'utf8mb4' === $charset ) {
+			if ( ( 'utf8' === $charset || 'utf8mb3' === $charset || 'utf8mb4' === $charset ) && function_exists( 'mb_strlen' ) ) {
 				$regex = '/
 					(
 						(?: [\x00-\x7F]                  # single-byte sequences   0xxxxxxx
@@ -2511,7 +2648,7 @@ class wpdb {
 						|   \xED[\x80-\x9F][\x80-\xBF]
 						|   [\xEE-\xEF][\x80-\xBF]{2}';
 
-				if ( 'utf8mb4' === $charset) {
+				if ( 'utf8mb4' === $charset ) {
 					$regex .= '
 						|    \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
 						|    [\xF1-\xF3][\x80-\xBF]{3}
@@ -2519,11 +2656,16 @@ class wpdb {
 					';
 				}
 
-				$regex .= '){1,50}                          # ...one or more times
+				$regex .= '){1,40}                          # ...one or more times
 					)
 					| .                                  # anything else
 					/x';
 				$value['value'] = preg_replace( $regex, '$1', $value['value'] );
+
+
+				if ( false !== $length && mb_strlen( $value['value'], 'UTF-8' ) > $length ) {
+					$value['value'] = mb_substr( $value['value'], 0, $length, 'UTF-8' );
+				}
 				continue;
 			}
 
@@ -2536,46 +2678,44 @@ class wpdb {
 			$queries = array();
 			foreach ( $data as $col => $value ) {
 				if ( ! empty( $value['db'] ) ) {
-					if ( ! isset( $queries[ $value['charset'] ] ) ) {
-						$queries[ $value['charset'] ] = array();
+					// We're going to need to truncate by characters or bytes, depending on the length value we have.
+					if ( 'byte' === $value['length']['type'] ) {
+						// Using binary causes LEFT() to truncate by bytes.
+						$charset = 'binary';
+					} else {
+						$charset = $value['charset'];
+					}
+
+					if ( is_array( $value['length'] ) ) {
+						$queries[ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING $charset ), %.0f ) USING {$this->charset} )", $value['value'], $value['length']['length'] );
+					} else if ( 'binary' !== $charset ) {
+						// If we don't have a length, there's no need to convert binary - it will always return the same result.
+						$queries[ $col ] = $this->prepare( "CONVERT( CONVERT( %s USING $charset ) USING {$this->charset} )", $value['value'] );
 					}
 
-					// Split the CONVERT() calls by charset, so we can make sure the connection is right
-					$queries[ $value['charset'] ][ $col ] = $this->prepare( "CONVERT( %s USING {$value['charset']} )", $value['value'] );
 					unset( $data[ $col ]['db'] );
 				}
 			}
 
-			$connection_charset = $this->charset;
-			foreach ( $queries as $charset => $query ) {
+			$sql = array();
+			foreach ( $queries as $column => $query ) {
 				if ( ! $query ) {
 					continue;
 				}
 
-				// Change the charset to match the string(s) we're converting
-				if ( $charset !== $connection_charset ) {
-					$connection_charset = $charset;
-					$this->set_charset( $this->dbh, $charset );
-				}
-
-				$this->check_current_query = false;
-
-				$row = $this->get_row( "SELECT " . implode( ', ', $query ), ARRAY_N );
-				if ( ! $row ) {
-					$this->set_charset( $this->dbh, $connection_charset );
-					return new WP_Error( 'wpdb_strip_invalid_text_failure' );
-				}
-
-				$cols = array_keys( $query );
-				$col_count = count( $cols );
-				for ( $ii = 0; $ii < $col_count; $ii++ ) {
-					$data[ $cols[ $ii ] ]['value'] = $row[ $ii ];
-				}
+				$sql[] = $query . " AS x_$column";
 			}
 
-			// Don't forget to change the charset back!
-			if ( $connection_charset !== $this->charset ) {
-				$this->set_charset( $this->dbh );
+			$this->check_current_query = false;
+			$row = $this->get_row( "SELECT " . implode( ', ', $sql ), ARRAY_A );
+			if ( ! $row ) {
+				return new WP_Error( 'wpdb_strip_invalid_text_failure' );
+			}
+
+			foreach ( array_keys( $data ) as $column ) {
+				if ( isset( $row["x_$column"] ) ) {
+					$data[ $column ]['value'] = $row["x_$column"];
+				}
 			}
 		}
 
@@ -2592,6 +2732,12 @@ class wpdb {
 	 * @return string|WP_Error The converted query, or a WP_Error object if the conversion fails.
 	 */
 	protected function strip_invalid_text_from_query( $query ) {
+		// We don't need to check the collation for queries that don't read data.
+		$trimmed_query = ltrim( $query, "\r\n\t (" );
+		if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $trimmed_query ) ) {
+			return $query;
+		}
+
 		$table = $this->get_table_from_query( $query );
 		if ( $table ) {
 			$charset = $this->get_table_charset( $table );
@@ -2611,6 +2757,7 @@ class wpdb {
 			'value'   => $query,
 			'charset' => $charset,
 			'ascii'   => false,
+			'length'  => false,
 		);
 
 		$data = $this->strip_invalid_text( array( $data ) );
@@ -2633,7 +2780,7 @@ class wpdb {
 	 * @return string|WP_Error The converted string, or a WP_Error object if the conversion fails.
 	 */
 	public function strip_invalid_text_for_column( $table, $column, $value ) {
-		if ( ! is_string( $value ) || $this->check_ascii( $value ) ) {
+		if ( ! is_string( $value ) ) {
 			return $value;
 		}
 
@@ -2650,7 +2797,7 @@ class wpdb {
 			$column => array(
 				'value'   => $value,
 				'charset' => $charset,
-				'ascii'   => false,
+				'length'  => $this->get_col_length( $table, $column ),
 			)
 		);
 
@@ -2678,11 +2825,8 @@ class wpdb {
 		// Allow (select...) union [...] style queries. Use the first query's table name.
 		$query = ltrim( $query, "\r\n\t (" );
 
-		/*
-		 * Strip everything between parentheses except nested selects and use only 1,000
-		 * chars of the query.
-		 */
-		$query = preg_replace( '/\((?!\s*select)[^(]*?\)/is', '()', substr( $query, 0, 1000 ) );
+		// Strip everything between parentheses except nested selects.
+		$query = preg_replace( '/\((?!\s*select)[^(]*?\)/is', '()', $query );
 
 		// Quickly match most common queries.
 		if ( preg_match( '/^\s*(?:'
@@ -2691,16 +2835,16 @@ class wpdb {
 				. '|REPLACE(?:\s+LOW_PRIORITY|\s+DELAYED)?(?:\s+INTO)?'
 				. '|UPDATE(?:\s+LOW_PRIORITY)?(?:\s+IGNORE)?'
 				. '|DELETE(?:\s+LOW_PRIORITY|\s+QUICK|\s+IGNORE)*(?:\s+FROM)?'
-				. ')\s+`?([\w-]+)`?/is', $query, $maybe ) ) {
-			return $maybe[1];
+				. ')\s+((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)/is', $query, $maybe ) ) {
+			return str_replace( '`', '', $maybe[1] );
 		}
 
 		// SHOW TABLE STATUS and SHOW TABLES
 		if ( preg_match( '/^\s*(?:'
 				. 'SHOW\s+TABLE\s+STATUS.+(?:LIKE\s+|WHERE\s+Name\s*=\s*)'
 				. '|SHOW\s+(?:FULL\s+)?TABLES.+(?:LIKE\s+|WHERE\s+Name\s*=\s*)'
-				. ')\W([\w-]+)\W/is', $query, $maybe ) ) {
-			return $maybe[1];
+				. ')\W((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)\W/is', $query, $maybe ) ) {
+			return str_replace( '`', '', $maybe[1] );
 		}
 
 		// Big pattern for the rest of the table-related queries.
@@ -2718,8 +2862,8 @@ class wpdb {
 				. '|LOAD\s+DATA.*INFILE.*INTO\s+TABLE'
 				. '|(?:GRANT|REVOKE).*ON\s+TABLE'
 				. '|SHOW\s+(?:.*FROM|.*TABLE)'
-				. ')\s+\(*\s*`?([\w-]+)`?\s*\)*/is', $query, $maybe ) ) {
-			return $maybe[1];
+				. ')\s+\(*\s*((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)\s*\)*/is', $query, $maybe ) ) {
+			return str_replace( '`', '', $maybe[1] );
 		}
 
 		return false;