Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
2624e8925c | ||
|
|
5798a9e9ae | ||
|
1a13b0102b | ||
|
|
c1af867a7c | ||
|
|
5a4e8a9b94 | ||
|
|
bf1163226c | ||
|
cf43545c07 | ||
|
daf7cc8b30 | ||
|
|
ce6ffb6d25 | ||
|
|
cf61ff994d | ||
|
8b0e75a650 | ||
|
|
969ac61dc4 | ||
|
|
ed0c328547 | ||
|
|
22068f006c | ||
|
|
78c7ec883d | ||
|
|
551d27db59 | ||
|
|
98161af28f |
@@ -1,6 +1,6 @@
|
||||
WordPress - Web publishing software
|
||||
|
||||
Copyright 2011-2017 by the contributors
|
||||
Copyright 2011-2018 by the contributors
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
||||
@@ -9,7 +9,6 @@
|
||||
<body>
|
||||
<h1 id="logo">
|
||||
<a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
|
||||
<br /> Version 4.6.7
|
||||
</h1>
|
||||
<p style="text-align: center">Semantic Personal Publishing Platform</p>
|
||||
|
||||
|
||||
@@ -60,6 +60,15 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
|
||||
|
||||
<div class="changelog point-releases">
|
||||
<h3><?php _e( 'Maintenance and Security Releases' ); ?></h3>
|
||||
<p><?php printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.6.11' ); ?>
|
||||
<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.6.11' ); ?>
|
||||
</p>
|
||||
<p><?php printf( __( '<strong>Version %s</strong> addressed one security issue.' ), '4.6.10' ); ?>
|
||||
<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.6.10' ); ?>
|
||||
</p>
|
||||
<p><?php printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.6.9' ); ?>
|
||||
<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.6.9' ); ?>
|
||||
</p>
|
||||
<p><?php printf( __( '<strong>Version %s</strong> addressed one security issue.' ), '4.6.8' ); ?>
|
||||
<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.6.8' ); ?>
|
||||
</p>
|
||||
|
||||
@@ -705,6 +705,9 @@ $_old_files = array(
|
||||
'wp-includes/theme-compat/comments-popup.php',
|
||||
// 4.6
|
||||
'wp-admin/includes/class-wp-automatic-upgrader.php', // Wrong file name, see #37628.
|
||||
// 4.9.2
|
||||
'wp-includes/js/mediaelement/flashmediaelement.swf',
|
||||
'wp-includes/js/mediaelement/silverlightmediaelement.xap',
|
||||
);
|
||||
|
||||
/**
|
||||
@@ -1081,7 +1084,11 @@ function update_core($from, $to) {
|
||||
$old_file = $to . $old_file;
|
||||
if ( !$wp_filesystem->exists($old_file) )
|
||||
continue;
|
||||
$wp_filesystem->delete($old_file, true);
|
||||
|
||||
// If the file isn't deleted, try writing an empty string to the file instead.
|
||||
if ( ! $wp_filesystem->delete( $old_file, true ) && $wp_filesystem->is_file( $old_file ) ) {
|
||||
$wp_filesystem->put_contents( $old_file, '' );
|
||||
}
|
||||
}
|
||||
|
||||
// Remove any Genericons example.html's from the filesystem
|
||||
|
||||
@@ -70,7 +70,7 @@ if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
|
||||
add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) );
|
||||
$redirect = add_query_arg( array( 'update' => 'addnoconfirmation' , 'user_id' => $user_id ), 'user-new.php' );
|
||||
} else {
|
||||
$newuser_key = substr( md5( $user_id ), 0, 5 );
|
||||
$newuser_key = wp_generate_password( 20, false );
|
||||
add_option( 'new_user_' . $newuser_key, array( 'user_id' => $user_id, 'email' => $user_details->user_email, 'role' => $_REQUEST[ 'role' ] ) );
|
||||
|
||||
$roles = get_editable_roles();
|
||||
|
||||
@@ -476,7 +476,7 @@ function rss_enclosure() {
|
||||
*
|
||||
* @param string $html_link_tag The HTML link tag with a URI and other attributes.
|
||||
*/
|
||||
echo apply_filters( 'rss_enclosure', '<enclosure url="' . trim( htmlspecialchars( $enclosure[0] ) ) . '" length="' . trim( $enclosure[1] ) . '" type="' . $type . '" />' . "\n" );
|
||||
echo apply_filters( 'rss_enclosure', '<enclosure url="' . esc_url( trim( $enclosure[0] ) ) . '" length="' . absint( trim( $enclosure[1] ) ) . '" type="' . esc_attr( $type ) . '" />' . "\n" );
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -510,7 +510,7 @@ function atom_enclosure() {
|
||||
*
|
||||
* @param string $html_link_tag The HTML link tag with a URI and other attributes.
|
||||
*/
|
||||
echo apply_filters( 'atom_enclosure', '<link href="' . trim( htmlspecialchars( $enclosure[0] ) ) . '" rel="enclosure" length="' . trim( $enclosure[1] ) . '" type="' . trim( $enclosure[2] ) . '" />' . "\n" );
|
||||
echo apply_filters( 'atom_enclosure', '<link href="' . esc_url( trim( $enclosure[0] ) ) . '" rel="enclosure" length="' . absint( trim( $enclosure[1] ) ) . '" type="' . esc_attr( trim( $enclosure[2] ) ) . '" />' . "\n" );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2530,8 +2530,9 @@ function get_allowed_mime_types( $user = null ) {
|
||||
if ( function_exists( 'current_user_can' ) )
|
||||
$unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
|
||||
|
||||
if ( empty( $unfiltered ) )
|
||||
unset( $t['htm|html'] );
|
||||
if ( empty( $unfiltered ) ) {
|
||||
unset( $t['htm|html'], $t['js'] );
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters list of allowed mime types and file extensions.
|
||||
|
||||
@@ -3048,12 +3048,14 @@ function get_language_attributes( $doctype = 'html' ) {
|
||||
if ( function_exists( 'is_rtl' ) && is_rtl() )
|
||||
$attributes[] = 'dir="rtl"';
|
||||
|
||||
if ( $lang = get_bloginfo('language') ) {
|
||||
if ( get_option('html_type') == 'text/html' || $doctype == 'html' )
|
||||
$attributes[] = "lang=\"$lang\"";
|
||||
if ( $lang = get_bloginfo( 'language' ) ) {
|
||||
if ( get_option( 'html_type' ) == 'text/html' || $doctype == 'html' ) {
|
||||
$attributes[] = 'lang="' . esc_attr( $lang ) . '"';
|
||||
}
|
||||
|
||||
if ( get_option('html_type') != 'text/html' || $doctype == 'xhtml' )
|
||||
$attributes[] = "xml:lang=\"$lang\"";
|
||||
if ( get_option( 'html_type' ) != 'text/html' || $doctype == 'xhtml' ) {
|
||||
$attributes[] = 'xml:lang="' . esc_attr( $lang ) . '"';
|
||||
}
|
||||
}
|
||||
|
||||
$output = implode(' ', $attributes);
|
||||
@@ -3587,25 +3589,25 @@ function get_the_generator( $type = '' ) {
|
||||
|
||||
switch ( $type ) {
|
||||
case 'html':
|
||||
$gen = '<meta name="generator" content="WordPress ' . get_bloginfo( 'version' ) . '">';
|
||||
$gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '">';
|
||||
break;
|
||||
case 'xhtml':
|
||||
$gen = '<meta name="generator" content="WordPress ' . get_bloginfo( 'version' ) . '" />';
|
||||
$gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '" />';
|
||||
break;
|
||||
case 'atom':
|
||||
$gen = '<generator uri="https://wordpress.org/" version="' . get_bloginfo_rss( 'version' ) . '">WordPress</generator>';
|
||||
$gen = '<generator uri="https://wordpress.org/" version="' . esc_attr( get_bloginfo_rss( 'version' ) ) . '">WordPress</generator>';
|
||||
break;
|
||||
case 'rss2':
|
||||
$gen = '<generator>https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) . '</generator>';
|
||||
$gen = '<generator>' . esc_url_raw( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '</generator>';
|
||||
break;
|
||||
case 'rdf':
|
||||
$gen = '<admin:generatorAgent rdf:resource="https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) . '" />';
|
||||
$gen = '<admin:generatorAgent rdf:resource="' . esc_url_raw( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '" />';
|
||||
break;
|
||||
case 'comment':
|
||||
$gen = '<!-- generator="WordPress/' . get_bloginfo( 'version' ) . '" -->';
|
||||
$gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo( 'version' ) ) . '" -->';
|
||||
break;
|
||||
case 'export':
|
||||
$gen = '<!-- generator="WordPress/' . get_bloginfo_rss('version') . '" created="'. date('Y-m-d H:i') . '" -->';
|
||||
$gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo_rss( 'version' ) ) . '" created="' . date( 'Y-m-d H:i' ) . '" -->';
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
@@ -527,7 +527,7 @@ function wp_http_validate_url( $url ) {
|
||||
$parsed_home = @parse_url( get_option( 'home' ) );
|
||||
|
||||
if ( isset( $parsed_home['host'] ) ) {
|
||||
$same_host = ( strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ) || 'localhost' === strtolower( $parsed_url['host'] ) );
|
||||
$same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] );
|
||||
} else {
|
||||
$same_host = false;
|
||||
}
|
||||
|
||||
Binary file not shown.
Binary file not shown.
@@ -364,12 +364,11 @@ function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $d
|
||||
return false;
|
||||
|
||||
if ( $delete_all ) {
|
||||
$value_clause = '';
|
||||
if ( '' !== $meta_value && null !== $meta_value && false !== $meta_value ) {
|
||||
$value_clause = $wpdb->prepare( " AND meta_value = %s", $meta_value );
|
||||
$object_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $type_column FROM $table WHERE meta_key = %s AND meta_value = %s", $meta_key, $meta_value ) );
|
||||
} else {
|
||||
$object_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $type_column FROM $table WHERE meta_key = %s", $meta_key ) );
|
||||
}
|
||||
|
||||
$object_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $type_column FROM $table WHERE meta_key = %s $value_clause", $meta_key ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '4.6.8';
|
||||
$wp_version = '4.6.11';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
||||
@@ -1960,7 +1960,7 @@ class wpdb {
|
||||
// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
|
||||
$algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
|
||||
// Old WP installs may not have AUTH_SALT defined.
|
||||
$salt = defined( 'AUTH_SALT' ) ? AUTH_SALT : rand();
|
||||
$salt = defined( 'AUTH_SALT' ) && AUTH_SALT ? AUTH_SALT : (string) rand();
|
||||
|
||||
$placeholder = '{' . hash_hmac( $algo, uniqid( $salt, true ), $salt ) . '}';
|
||||
}
|
||||
|
||||
@@ -14,10 +14,10 @@ require( dirname(__FILE__) . '/wp-load.php' );
|
||||
// Redirect to https login if forced to use SSL
|
||||
if ( force_ssl_admin() && ! is_ssl() ) {
|
||||
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
|
||||
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
|
||||
wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
|
||||
exit();
|
||||
} else {
|
||||
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
|
||||
wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user