Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
ebe83073ff | ||
|
84318ad4e5 | ||
|
|
fd5fab4e36 | ||
|
ef104bfdae | ||
|
|
fa2982ec5c | ||
|
|
6f2686ba36 | ||
|
|
22450a0f8b | ||
|
|
102f8be630 | ||
|
|
c50dcb41b6 |
@@ -45,7 +45,7 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
|
||||
printf(
|
||||
/* translators: %s: WordPress version number */
|
||||
__( '<strong>Version %s</strong> addressed some security issues.' ),
|
||||
'4.5.18'
|
||||
'4.5.21'
|
||||
);
|
||||
?>
|
||||
<?php
|
||||
@@ -54,6 +54,66 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
|
||||
__( 'For more information, see <a href="%s">the release notes</a>.' ),
|
||||
sprintf(
|
||||
/* translators: %s: WordPress version */
|
||||
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
||||
sanitize_title( '4.5.21' )
|
||||
)
|
||||
);
|
||||
?>
|
||||
</p>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: WordPress version number */
|
||||
__( '<strong>Version %s</strong> addressed one security issue.' ),
|
||||
'4.5.20'
|
||||
);
|
||||
?>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: HelpHub URL */
|
||||
__( 'For more information, see <a href="%s">the release notes</a>.' ),
|
||||
sprintf(
|
||||
/* translators: %s: WordPress version */
|
||||
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
||||
sanitize_title( '4.5.20' )
|
||||
)
|
||||
);
|
||||
?>
|
||||
</p>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: WordPress version number */
|
||||
__( '<strong>Version %s</strong> addressed some security issues.' ),
|
||||
'4.5.19'
|
||||
);
|
||||
?>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: HelpHub URL */
|
||||
__( 'For more information, see <a href="%s">the release notes</a>.' ),
|
||||
sprintf(
|
||||
/* translators: %s: WordPress version */
|
||||
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
||||
sanitize_title( '4.5.19' )
|
||||
)
|
||||
);
|
||||
?>
|
||||
</p>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: WordPress version number */
|
||||
__( '<strong>Version %s</strong> addressed some security issues.' ),
|
||||
'4.5.18'
|
||||
);
|
||||
?>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: HelpHub URL */
|
||||
__( 'For more information, see <a href="%s">the release notes</a>.' ),
|
||||
sprintf(
|
||||
/* translators: %s: WordPress version */
|
||||
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
||||
sanitize_title( '4.5.18' )
|
||||
)
|
||||
|
||||
@@ -691,7 +691,7 @@ class WP_Object_Cache {
|
||||
echo "</p>";
|
||||
echo '<ul>';
|
||||
foreach ($this->cache as $group => $cache) {
|
||||
echo "<li><strong>Group:</strong> $group - ( " . number_format( strlen( serialize( $cache ) ) / KB_IN_BYTES, 2 ) . 'k )</li>';
|
||||
echo '<li><strong>Group:</strong> ' . esc_html( $group ) . ' - ( ' . number_format( strlen( serialize( $cache ) ) / KB_IN_BYTES, 2 ) . 'k )</li>';
|
||||
}
|
||||
echo '</ul>';
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ class WP {
|
||||
* @access public
|
||||
* @var array
|
||||
*/
|
||||
public $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
|
||||
public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
|
||||
|
||||
/**
|
||||
* Private query variables.
|
||||
|
||||
@@ -1375,6 +1375,24 @@ function remove_accents( $string ) {
|
||||
function sanitize_file_name( $filename ) {
|
||||
$filename_raw = $filename;
|
||||
$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", "%", "+", chr(0));
|
||||
|
||||
// Check for support for utf8 in the installed PCRE library once and store the result in a static.
|
||||
static $utf8_pcre = null;
|
||||
if ( ! isset( $utf8_pcre ) ) {
|
||||
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
|
||||
$utf8_pcre = @preg_match( '/^./u', 'a' );
|
||||
}
|
||||
|
||||
if ( ! seems_utf8( $filename ) ) {
|
||||
$_ext = pathinfo( $filename, PATHINFO_EXTENSION );
|
||||
$_name = pathinfo( $filename, PATHINFO_FILENAME );
|
||||
$filename = sanitize_title_with_dashes( $_name ) . '.' . $_ext;
|
||||
}
|
||||
|
||||
if ( $utf8_pcre ) {
|
||||
$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
|
||||
}
|
||||
|
||||
/**
|
||||
* Filter the list of characters to remove from a filename.
|
||||
*
|
||||
@@ -1384,7 +1402,6 @@ function sanitize_file_name( $filename ) {
|
||||
* @param string $filename_raw Filename as it was passed into sanitize_file_name().
|
||||
*/
|
||||
$special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw );
|
||||
$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
|
||||
$filename = str_replace( $special_chars, '', $filename );
|
||||
$filename = str_replace( array( '%20', '+' ), '-', $filename );
|
||||
$filename = preg_replace( '/[\r\n\t -]+/', '-', $filename );
|
||||
|
||||
@@ -1602,6 +1602,11 @@ function wp_mkdir_p( $target ) {
|
||||
if ( file_exists( $target ) )
|
||||
return @is_dir( $target );
|
||||
|
||||
// Do not allow path traversals.
|
||||
if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// We need to find the permissions of the parent folder that exists and inherit that.
|
||||
$target_parent = dirname( $target );
|
||||
while ( '.' != $target_parent && ! is_dir( $target_parent ) ) {
|
||||
|
||||
@@ -535,8 +535,9 @@ function wp_http_validate_url( $url ) {
|
||||
$ip = $host;
|
||||
} else {
|
||||
$ip = gethostbyname( $host );
|
||||
if ( $ip === $host ) // Error condition for gethostbyname()
|
||||
$ip = false;
|
||||
if ( $ip === $host ) { // Error condition for gethostbyname()
|
||||
return false;
|
||||
}
|
||||
}
|
||||
if ( $ip ) {
|
||||
$parts = array_map( 'intval', explode( '.', $ip ) );
|
||||
|
||||
@@ -1397,7 +1397,7 @@ function wp_kses_html_error($string) {
|
||||
*/
|
||||
function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) {
|
||||
$string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string );
|
||||
$string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 );
|
||||
$string2 = preg_split( '/:|�*58;|�*3a;|:/i', $string, 2 );
|
||||
if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) {
|
||||
$string = trim( $string2[1] );
|
||||
$protocol = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols );
|
||||
|
||||
@@ -1044,8 +1044,8 @@ if ( !function_exists('check_admin_referer') ) :
|
||||
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
|
||||
*/
|
||||
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
|
||||
if ( -1 == $action )
|
||||
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );
|
||||
if ( -1 === $action )
|
||||
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
|
||||
|
||||
$adminurl = strtolower(admin_url());
|
||||
$referer = strtolower(wp_get_referer());
|
||||
@@ -1062,7 +1062,7 @@ function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
|
||||
*/
|
||||
do_action( 'check_admin_referer', $action, $result );
|
||||
|
||||
if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
|
||||
if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
|
||||
wp_nonce_ays( $action );
|
||||
die();
|
||||
}
|
||||
@@ -1087,6 +1087,9 @@ if ( !function_exists('check_ajax_referer') ) :
|
||||
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
|
||||
*/
|
||||
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
|
||||
if ( -1 === $action )
|
||||
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
|
||||
|
||||
$nonce = '';
|
||||
|
||||
if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
|
||||
@@ -2447,4 +2450,3 @@ function wp_text_diff( $left_string, $right_string, $args = null ) {
|
||||
return $r;
|
||||
}
|
||||
endif;
|
||||
|
||||
|
||||
@@ -1411,7 +1411,6 @@ class WP_Query {
|
||||
, 'attachment'
|
||||
, 'attachment_id'
|
||||
, 'name'
|
||||
, 'static'
|
||||
, 'pagename'
|
||||
, 'page_id'
|
||||
, 'second'
|
||||
@@ -1623,11 +1622,7 @@ class WP_Query {
|
||||
$this->is_single = true;
|
||||
} elseif ( $qv['p'] ) {
|
||||
$this->is_single = true;
|
||||
} elseif ( ('' !== $qv['hour']) && ('' !== $qv['minute']) &&('' !== $qv['second']) && ('' != $qv['year']) && ('' != $qv['monthnum']) && ('' != $qv['day']) ) {
|
||||
// If year, month, day, hour, minute, and second are set, a single
|
||||
// post is being queried.
|
||||
$this->is_single = true;
|
||||
} elseif ( '' != $qv['static'] || '' != $qv['pagename'] || !empty($qv['page_id']) ) {
|
||||
} elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) {
|
||||
$this->is_page = true;
|
||||
$this->is_single = false;
|
||||
} else {
|
||||
|
||||
@@ -395,6 +395,9 @@ function rest_send_cors_headers( $value ) {
|
||||
header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) );
|
||||
header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
|
||||
header( 'Access-Control-Allow-Credentials: true' );
|
||||
header( 'Vary: Origin', false );
|
||||
} elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
|
||||
header( 'Vary: Origin', false );
|
||||
}
|
||||
|
||||
return $value;
|
||||
|
||||
@@ -1593,7 +1593,7 @@ function wp_insert_user( $userdata ) {
|
||||
$data = wp_unslash( $compacted );
|
||||
|
||||
if ( $update ) {
|
||||
if ( $user_email !== $old_user_data->user_email ) {
|
||||
if ( $user_email !== $old_user_data->user_email || $user_pass !== $old_user_data->user_pass ) {
|
||||
$data['user_activation_key'] = '';
|
||||
}
|
||||
$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '4.5.18';
|
||||
$wp_version = '4.5.21';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
||||
Reference in New Issue
Block a user