3.5.2 - include [24498].

git-svn-id: http://core.svn.wordpress.org/tags/3.5.2@24499 1a063a9b-81f0-0310-95a4-ce76da25c4cd

readme.html

@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo">
 	<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
-	<br /> Version 3.5
+	<br /> Version 3.5.2
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 

wp-admin/about.php

@@ -33,6 +33,18 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 	</a>
 </h2>
 
+<div class="changelog point-releases">
+	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 2 ); ?></h3>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 12 ), '3.5.2', number_format_i18n( 12 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.5.2' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 37 ), '3.5.1', number_format_i18n( 37 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.5.1' ); ?>
+ 	</p>
+</div>
+
 <div class="changelog">
 	<h3><?php _e( 'New Media Manager' ); ?></h3>
 

wp-admin/css/wp-admin.css

@@ -3533,14 +3533,6 @@ div.tabs-panel-inactive {
 	display:none;
 }
 
-.customlinkdiv ul,
-.posttypediv ul,
-.taxonomydiv ul {
-	list-style: none;
-	padding: 0;
-	margin: 0;
-}
-
 #front-page-warning,
 #front-static-pages ul,
 ul.export-filters,
@@ -8455,7 +8447,7 @@ a.widget-control-edit {
 	}
 
 	.sorting-indicator {
-		background-image: url('../images/sort-2x.gif');
+		background-image: url('../images/sort-2x.gif?ver=20130102');
 		background-size: 14px 4px;
 	}
 

wp-admin/edit-form-advanced.php

@@ -144,7 +144,7 @@ if ( post_type_supports($post_type, 'trackbacks') )
 if ( post_type_supports($post_type, 'custom-fields') )
 	add_meta_box('postcustom', __('Custom Fields'), 'post_custom_meta_box', null, 'normal', 'core');
 
-do_action('dbx_post_advanced');
+do_action('dbx_post_advanced', $post);
 if ( post_type_supports($post_type, 'comments') )
 	add_meta_box('commentstatusdiv', __('Discussion'), 'post_comment_status_meta_box', null, 'normal', 'core');
 
@@ -296,7 +296,7 @@ if ( isset( $post_new_file ) && current_user_can( $post_type_object->cap->create
 <?php if ( $message ) : ?>
 <div id="message" class="updated"><p><?php echo $message; ?></p></div>
 <?php endif; ?>
-<form name="post" action="post.php" method="post" id="post"<?php do_action('post_edit_form_tag'); ?>>
+<form name="post" action="post.php" method="post" id="post"<?php do_action('post_edit_form_tag', $post); ?>>
 <?php wp_nonce_field($nonce_action); ?>
 <input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" id="hiddenaction" name="action" value="<?php echo esc_attr( $form_action ) ?>" />
@@ -354,7 +354,7 @@ wp_nonce_field( 'samplepermalink', 'samplepermalinknonce', false );
 <?php
 }
 
-do_action( 'edit_form_after_title' );
+do_action( 'edit_form_after_title', $post );
 
 if ( post_type_supports($post_type, 'editor') ) {
 ?>
@@ -383,16 +383,16 @@ if ( post_type_supports($post_type, 'editor') ) {
 </div>
 <?php } ?>
 
-<?php do_action( 'edit_form_after_editor' ); ?>
+<?php do_action( 'edit_form_after_editor', $post ); ?>
 </div><!-- /post-body-content -->
 
 <div id="postbox-container-1" class="postbox-container">
 <?php
 
 if ( 'page' == $post_type )
-	do_action('submitpage_box');
+	do_action('submitpage_box', $post);
 else
-	do_action('submitpost_box');
+	do_action('submitpost_box', $post);
 
 do_meta_boxes($post_type, 'side', $post);
 
@@ -404,9 +404,9 @@ do_meta_boxes($post_type, 'side', $post);
 do_meta_boxes(null, 'normal', $post);
 
 if ( 'page' == $post_type )
-	do_action('edit_page_form');
+	do_action('edit_page_form', $post);
 else
-	do_action('edit_form_advanced');
+	do_action('edit_form_advanced', $post);
 
 do_meta_boxes(null, 'advanced', $post);
 
@@ -414,7 +414,7 @@ do_meta_boxes(null, 'advanced', $post);
 </div>
 <?php
 
-do_action('dbx_post_sidebar');
+do_action('dbx_post_sidebar', $post);
 
 ?>
 </div><!-- /post-body -->

wp-admin/includes/class-wp-importer.php

@@ -183,6 +183,7 @@ class WP_Importer {
 
 		$headers = array();
 		$args = array();
+		$args['reject_unsafe_urls'] = true;
 		if ( true === $head )
 			$args['method'] = 'HEAD';
 		if ( !empty( $username ) && !empty( $password ) )

wp-admin/includes/class-wp-upgrader.php

@@ -98,7 +98,7 @@ class WP_Upgrader {
 					break;
 				default:
 					if ( ! $wp_filesystem->find_folder($dir) )
-						return new WP_Error('fs_no_folder', sprintf($this->strings['fs_no_folder'], $dir));
+						return new WP_Error( 'fs_no_folder', sprintf( $this->strings['fs_no_folder'], esc_html( basename( $dir ) ) ) );
 					break;
 			}
 		}
@@ -1133,7 +1133,7 @@ class WP_Upgrader_Skin {
 		} elseif ( is_wp_error($errors) && $errors->get_error_code() ) {
 			foreach ( $errors->get_error_messages() as $message ) {
 				if ( $errors->get_error_data() )
-					$this->feedback($message . ' ' . $errors->get_error_data() );
+					$this->feedback($message . ' ' . esc_html( $errors->get_error_data() ) );
 				else
 					$this->feedback($message);
 			}
@@ -1147,8 +1147,11 @@ class WP_Upgrader_Skin {
 		if ( strpos($string, '%') !== false ) {
 			$args = func_get_args();
 			$args = array_splice($args, 1);
-			if ( !empty($args) )
+			if ( $args ) {
+				$args = array_map( 'strip_tags', $args );
+				$args = array_map( 'esc_html', $args );
 				$string = vsprintf($string, $args);
+			}
 		}
 		if ( empty($string) )
 			return;
@@ -1188,11 +1191,11 @@ class Plugin_Upgrader_Skin extends WP_Upgrader_Skin {
 	function after() {
 		$this->plugin = $this->upgrader->plugin_info();
 		if ( !empty($this->plugin) && !is_wp_error($this->result) && $this->plugin_active ){
-			echo '<iframe style="border:0;overflow:hidden" width="100%" height="170px" src="' . wp_nonce_url('update.php?action=activate-plugin&networkwide=' . $this->plugin_network_active . '&plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) .'"></iframe>';
+			echo '<iframe style="border:0;overflow:hidden" width="100%" height="170px" src="' . wp_nonce_url('update.php?action=activate-plugin&networkwide=' . $this->plugin_network_active . '&plugin=' . urlencode( $this->plugin ), 'activate-plugin_' . $this->plugin) .'"></iframe>';
 		}
 
 		$update_actions =  array(
-			'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin') . '</a>',
+			'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . urlencode( $this->plugin ), 'activate-plugin_' . $this->plugin) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin') . '</a>',
 			'plugins_page' => '<a href="' . self_admin_url('plugins.php') . '" title="' . esc_attr__('Go to plugins page') . '" target="_parent">' . __('Return to Plugins page') . '</a>'
 		);
 		if ( $this->plugin_active || ! $this->result || is_wp_error( $this->result ) || ! current_user_can( 'activate_plugins' ) )
@@ -1244,8 +1247,11 @@ class Bulk_Upgrader_Skin extends WP_Upgrader_Skin {
 		if ( strpos($string, '%') !== false ) {
 			$args = func_get_args();
 			$args = array_splice($args, 1);
-			if ( !empty($args) )
+			if ( $args ) {
+				$args = array_map( 'strip_tags', $args );
+				$args = array_map( 'esc_html', $args );
 				$string = vsprintf($string, $args);
+			}
 		}
 		if ( empty($string) )
 			return;
@@ -1269,7 +1275,7 @@ class Bulk_Upgrader_Skin extends WP_Upgrader_Skin {
 		if ( is_wp_error($error) ) {
 			foreach ( $error->get_error_messages() as $emessage ) {
 				if ( $error->get_error_data() )
-					$messages[] = $emessage . ' ' . $error->get_error_data();
+					$messages[] = $emessage . ' ' . esc_html( $error->get_error_data() );
 				else
 					$messages[] = $emessage;
 			}
@@ -1430,12 +1436,12 @@ class Plugin_Installer_Skin extends WP_Upgrader_Skin {
 		$from = isset($_GET['from']) ? stripslashes($_GET['from']) : 'plugins';
 
 		if ( 'import' == $from )
-			$install_actions['activate_plugin'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;from=import&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin &amp; Run Importer') . '</a>';
+			$install_actions['activate_plugin'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;from=import&amp;plugin=' . urlencode( $plugin_file ), 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin &amp; Run Importer') . '</a>';
 		else
-			$install_actions['activate_plugin'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin') . '</a>';
+			$install_actions['activate_plugin'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . urlencode( $plugin_file ), 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin') . '</a>';
 
 		if ( is_multisite() && current_user_can( 'manage_network_plugins' ) ) {
-			$install_actions['network_activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;networkwide=1&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin for all sites in this network') . '" target="_parent">' . __('Network Activate') . '</a>';
+			$install_actions['network_activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;networkwide=1&amp;plugin=' . urlencode( $plugin_file ), 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin for all sites in this network') . '" target="_parent">' . __('Network Activate') . '</a>';
 			unset( $install_actions['activate_plugin'] );
 		}
 
@@ -1670,4 +1676,4 @@ class File_Upload_Upgrader {
 
 		return true;
 	}
-}
+}

wp-admin/includes/file.php

@@ -328,8 +328,14 @@ function wp_handle_upload( &$file, $overrides = false, $time = null ) {
 
 	// Move the file to the uploads dir
 	$new_file = $uploads['path'] . "/$filename";
-	if ( false === @ move_uploaded_file( $file['tmp_name'], $new_file ) )
-		return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ) );
+	if ( false === @ move_uploaded_file( $file['tmp_name'], $new_file ) ) {
+		if ( 0 === strpos( $uploads['basedir'], ABSPATH ) )
+			$error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir'];
+		else
+			$error_path = basename( $uploads['basedir'] ) . $uploads['subdir'];
+
+		return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) );
+	}
 
 	// Set correct file permissions
 	$stat = stat( dirname( $new_file ));
@@ -452,7 +458,11 @@ function wp_handle_sideload( &$file, $overrides = false, $time = null ) {
 	// Move the file to the uploads dir
 	$new_file = $uploads['path'] . "/$filename";
 	if ( false === @ rename( $file['tmp_name'], $new_file ) ) {
-		return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ) );
+		if ( 0 === strpos( $uploads['basedir'], ABSPATH ) )
+			$error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir'];
+		else
+			$error_path = basename( $uploads['basedir'] ) . $uploads['subdir'];
+		return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) );
 	}
 
 	// Set correct file permissions
@@ -487,7 +497,7 @@ function download_url( $url, $timeout = 300 ) {
 	if ( ! $tmpfname )
 		return new WP_Error('http_no_file', __('Could not create Temporary file.'));
 
-	$response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ) );
+	$response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname, 'reject_unsafe_urls' => true ) );
 
 	if ( is_wp_error( $response ) ) {
 		unlink( $tmpfname );

wp-admin/includes/image-edit.php

@@ -692,7 +692,7 @@ function wp_save_image( $post_id ) {
 			$_sizes[ $size ] = array( 'width' => get_option("{$size}_size_w"), 'height' => get_option("{$size}_size_h"), 'crop' => $crop );
 		}
 
-		$meta['sizes'] = $img->multi_resize( $_sizes );
+		$meta['sizes'] = array_merge( $meta['sizes'], $img->multi_resize( $_sizes ) );
 	}
 
 	unset( $img );

wp-admin/includes/media.php

@@ -1417,6 +1417,9 @@ function get_compat_media_markup( $attachment_id, $args = null ) {
 		$item .= '<input type="hidden" name="' . esc_attr( $hidden_field ) . '" value="' . esc_attr( $value ) . '" />' . "\n";
 	}
 
+	if ( $item )
+		$item = '<input type="hidden" name="attachments[' . $attachment_id . '][menu_order]" value="' . esc_attr( $post->menu_order ) . '" />' . $item;
+
 	return array(
 		'item'   => $item,
 		'meta'   => $media_meta,
@@ -2267,9 +2270,7 @@ function multisite_over_quota_message() {
  *
  * @since 3.5.0
  */
-function edit_form_image_editor() {
-	$post = get_post();
-
+function edit_form_image_editor( $post ) {
 	$open = isset( $_GET['image-editor'] );
 	if ( $open )
 		require_once ABSPATH . 'wp-admin/includes/image-edit.php';

wp-admin/includes/post.php

@@ -65,15 +65,24 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 		}
 	}
 
-	if ( ! $update && isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] )
+	if ( isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] )
 		 && ! current_user_can( $ptype->cap->edit_others_posts ) ) {
-
-		if ( 'page' == $post_data['post_type'] )
-			return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
-		else
-			return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
+		if ( $update ) {
+			if ( 'page' == $post_data['post_type'] )
+				return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
+			else
+				return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
+		} else {
+			if ( 'page' == $post_data['post_type'] )
+				return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
+			else
+				return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
+		}
 	}
 
+	if ( ! empty( $post_data['post_status'] ) )
+		$post_data['post_status'] = sanitize_key( $post_data['post_status'] );
+
 	// What to do based on which button they pressed
 	if ( isset($post_data['saveasdraft']) && '' != $post_data['saveasdraft'] )
 		$post_data['post_status'] = 'draft';
@@ -92,10 +101,12 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 		$post_id = false;
 	$previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false;
 
+	$published_statuses = array( 'publish', 'future' );
+
 	// Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published.
 	// Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts.
-	if ( isset($post_data['post_status']) && ('publish' == $post_data['post_status'] && !current_user_can( $ptype->cap->publish_posts )) )
-		if ( $previous_status != 'publish' || !current_user_can( 'edit_post', $post_id ) )
+	if ( isset($post_data['post_status']) && (in_array( $post_data['post_status'], $published_statuses ) && !current_user_can( $ptype->cap->publish_posts )) )
+		if ( ! in_array( $previous_status, $published_statuses ) || !current_user_can( 'edit_post', $post_id ) )
 			$post_data['post_status'] = 'pending';
 
 	if ( ! isset($post_data['post_status']) )

wp-admin/includes/schema.php

@@ -536,7 +536,7 @@ function populate_options() {
 		'can_compress_scripts', 'page_uris', 'update_core', 'update_plugins', 'update_themes', 'doing_cron',
 		'random_seed', 'rss_excerpt_length', 'secret', 'use_linksupdate', 'default_comment_status_page',
 		'wporg_popular_tags', 'what_to_show', 'rss_language', 'language', 'enable_xmlrpc', 'enable_app',
-		'autoembed_urls', 'default_post_edit_rows',
+		'embed_autourls', 'default_post_edit_rows',
 	);
 	foreach ( $unusedoptions as $option )
 		delete_option($option);

wp-admin/includes/update-core.php

@@ -535,6 +535,9 @@ $_old_files = array(
 'wp-includes/js/jquery/ui/jquery.effects.pulsate.min.js',
 'wp-includes/js/jquery/ui/jquery.effects.transfer.min.js',
 'wp-includes/js/jquery/ui/jquery.effects.fold.min.js',
+'wp-admin/options-privacy.php',
+// 3.5.2
+'wp-includes/js/swfupload/swfupload-all.js',
 );
 
 /**
@@ -630,7 +633,8 @@ function update_core($from, $to) {
 	}
 
 	// Import $wp_version, $required_php_version, and $required_mysql_version from the new version
-	$versions_file = $wp_filesystem->wp_content_dir() . 'upgrade/version-current.php';
+	// $wp_filesystem->wp_content_dir() returned unslashed pre-2.8
+	$versions_file = trailingslashit( $wp_filesystem->wp_content_dir() ) . 'upgrade/version-current.php';
 	if ( ! $wp_filesystem->copy( $from . $distro . 'wp-includes/version.php', $versions_file ) ) {
 		 $wp_filesystem->delete( $from, true );
 		 return new WP_Error( 'copy_failed', __('Could not copy file.') );
@@ -691,6 +695,15 @@ function update_core($from, $to) {
 		}
 	}
 
+	// 3.5 -> 3.5+ - an empty twentytwelve directory was created upon upgrade to 3.5 for some users, preventing installation of Twenty Twelve.
+	if ( '3.5' == $old_wp_version ) {
+		if ( is_dir( WP_CONTENT_DIR . '/themes/twentytwelve' ) && ! file_exists( WP_CONTENT_DIR . '/themes/twentytwelve/style.css' )  ) {
+			// Bumping the introduced version to 3.5.1 for the affected users causes Twenty Twelve to be installed for the first time
+			if ( $wp_filesystem->delete( $wp_filesystem->wp_themes_dir() . 'twentytwelve/' ) )
+				$_new_bundled_files[ 'themes/twentytwelve/' ] = '3.5.1';
+		}
+	}
+
 	// Copy New bundled plugins & themes
 	// This gives us the ability to install new plugins & themes bundled with future versions of WordPress whilst avoiding the re-install upon upgrade issue.
 	// $development_build controls us overwriting bundled themes and plugins when a non-stable release is being updated
@@ -701,6 +714,10 @@ function update_core($from, $to) {
 				$directory = ('/' == $file[ strlen($file)-1 ]);
 				list($type, $filename) = explode('/', $file, 2);
 
+				// Check to see if the bundled items exist before attempting to copy them
+				if ( ! $wp_filesystem->exists( $from . $distro . 'wp-content/' . $file ) )
+					continue;
+
 				if ( 'plugins' == $type )
 					$dest = $wp_filesystem->wp_plugins_dir();
 				elseif ( 'themes' == $type )

wp-admin/includes/upgrade.php

@@ -1277,6 +1277,16 @@ function upgrade_network() {
 	// 3.5
 	if ( $wp_current_db_version < 21823 )
 		update_site_option( 'ms_files_rewriting', '1' );
+
+	// 3.5.2
+	if ( $wp_current_db_version < 22442 ) {
+		$illegal_names = get_site_option( 'illegal_names' );
+		if ( is_array( $illegal_names ) && count( $illegal_names ) === 1 ) {
+			$illegal_name = reset( $illegal_names );
+			$illegal_names = explode( ' ', $illegal_name );
+			update_site_option( 'illegal_names', $illegal_names );
+		}
+	}
 }
 
 // The functions we use to actually do stuff

wp-admin/js/post.js

@@ -165,9 +165,11 @@ tagBox = {
 
 		// tag cloud
 		$('a.tagcloud-link').click(function(){
-			if ( ! $('.the-tagcloud').length )
-				tagBox.get( $(this).attr('id') );
-			$(this).siblings('.the-tagcloud').toggle();
+			tagBox.get( $(this).attr('id') );
+			$(this).unbind().click(function(){
+				$(this).siblings('.the-tagcloud').toggle();
+				return false;
+			});
 			return false;
 		});
 	}
@@ -685,7 +687,7 @@ jQuery(document).ready( function($) {
 	(function() {
 		var textarea = $('textarea#content'), offset = null, el;
 		// No point for touch devices
-		if ( 'ontouchstart' in window )
+		if ( !textarea.length || 'ontouchstart' in window )
 			return;
 
 		function dragging(e) {
@@ -694,14 +696,15 @@ jQuery(document).ready( function($) {
 		}
 
 		function endDrag(e) {
-			var height = $('#wp-content-editor-container').height();
+			var height;
 
 			textarea.focus();
 			$(document).unbind('mousemove', dragging).unbind('mouseup', endDrag);
 
-			height -= 33; // compensate for toolbars, padding...
+			height = parseInt( textarea.css('height'), 10 );
+
 			// sanity check
-			if ( height > 50 && height < 5000 && height != getUserSetting( 'ed_size' ) )
+			if ( height && height > 50 && height < 5000 )
 				setUserSetting( 'ed_size', height );
 		}
 
@@ -722,44 +725,67 @@ jQuery(document).ready( function($) {
 			if ( ed.id != 'content' || tinymce.isIOS5 )
 				return;
 
-			// resize TinyMCE to match the textarea height when switching Text -> Visual
-			ed.onLoadContent.add( function(ed, o) {
-				var ifr_height, height = parseInt( $('#content').css('height'), 10 ),
+			function getHeight() {
+				var height, node = document.getElementById('content_ifr'),
+					ifr_height = node ? parseInt( node.style.height, 10 ) : 0,
 					tb_height = $('#content_tbl tr.mceFirst').height();
 
-				if ( height && !isNaN(height) && tb_height ) {
-					ifr_height = (height - tb_height) + 12; // compensate for padding in the textarea
-					// sanity check
-					if ( ifr_height > 50 && ifr_height < 5000 ) {
-						$('#content_tbl').css('height', '' );
-						$('#content_ifr').css('height', ifr_height + 'px' );
-					}
+				if ( !ifr_height || !tb_height )
+					return false;
+
+				// total height including toolbar and statusbar
+				height = ifr_height + tb_height + 21;
+				// textarea height = total height - 33px toolbar
+				height -= 33;
+
+				return height;
+			}
+
+			// resize TinyMCE to match the textarea height when switching Text -> Visual
+			ed.onLoadContent.add( function(ed, o) {
+				var ifr_height, node = document.getElementById('content'),
+					height = node ? parseInt( node.style.height, 10 ) : 0,
+					tb_height = $('#content_tbl tr.mceFirst').height() || 33;
+
+				// height cannot be under 50 or over 5000
+				if ( !height || height < 50 || height > 5000 )
+					height = 360; // default height for the main editor
+
+				if ( getUserSetting( 'ed_size' ) > 5000  )
+					setUserSetting( 'ed_size', 360 );
+
+				// compensate for padding and toolbars
+				ifr_height = ( height - tb_height ) + 12;
+
+				// sanity check
+				if ( ifr_height > 50 && ifr_height < 5000 ) {
+					$('#content_tbl').css('height', '' );
+					$('#content_ifr').css('height', ifr_height + 'px' );
 				}
 			});
 
 			// resize the textarea to match TinyMCE's height when switching Visual -> Text
 			ed.onSaveContent.add( function(ed, o) {
-				var height = $('#content_tbl').height();
+				var height = getHeight();
 
-				if ( height && height > 83 && height < 5000 ) {
-					height -= 33;
+				if ( !height || height < 50 || height > 5000 )
+					return;
 
-					$('#content').css( 'height', height + 'px' );
-				}
+				$('textarea#content').css( 'height', height + 'px' );
 			});
 
 			// save on resizing TinyMCE
 			ed.onPostRender.add(function() {
 				$('#content_resize').on('mousedown.wp-mce-resize', function(e){
 					$(document).on('mouseup.wp-mce-resize', function(e){
-						var height = $('#wp-content-editor-container').height();
-
-						height -= 33;
-						// sanity check
-						if ( height > 50 && height < 5000 && height != getUserSetting( 'ed_size' ) )
-							setUserSetting( 'ed_size', height );
+						var height;
 
 						$(document).off('mouseup.wp-mce-resize');
+
+						height = getHeight();
+						// sanity check
+						if ( height && height > 50 && height < 5000 )
+							setUserSetting( 'ed_size', height );
 					});
 				});
 			});

wp-admin/network.php

@@ -312,11 +312,12 @@ function network_step2( $errors = false ) {
 	$hostname          = get_clean_basedomain();
 	$slashed_home      = trailingslashit( get_option( 'home' ) );
 	$base              = parse_url( $slashed_home, PHP_URL_PATH );
-	$wp_dir_from_root  = preg_replace( '#^' . preg_quote( $_SERVER['DOCUMENT_ROOT'], '#' ) . '#', '', ABSPATH );
-	$wp_siteurl_subdir = trailingslashit( '/' . preg_replace( '#^' . preg_quote( $base, '#' ) . '#', '', $wp_dir_from_root ) );
+	$document_root_fix = str_replace( '\\', '/', realpath( $_SERVER['DOCUMENT_ROOT'] ) );
+	$abspath_fix       = str_replace( '\\', '/', ABSPATH );
+	$home_path         = 0 === strpos( $abspath_fix, $document_root_fix ) ? $document_root_fix . $base : str_replace( '\\', '/', get_home_path() );
+	$wp_siteurl_subdir = preg_replace( '#^' . preg_quote( $home_path, '#' ) . '#', '', $abspath_fix );
 	$rewrite_base      = ! empty( $wp_siteurl_subdir ) ? ltrim( trailingslashit( $wp_siteurl_subdir ), '/' ) : '';
 
-	$home_path         = get_home_path();
 
 	$location_of_wp_config = ABSPATH;
 	if ( ! file_exists( ABSPATH . 'wp-config.php' ) && file_exists( dirname( ABSPATH ) . '/wp-config.php' ) )
@@ -411,8 +412,7 @@ define('BLOG_ID_CURRENT_SITE', 1);
 		$iis_rewrite_base = ltrim( $base, '/' ) . $rewrite_base;
 		$iis_subdir_replacement = $subdomain_install ? '' : '{R:1}';
 
-		$web_config_file = <<<EOF
-<?xml version="1.0" encoding="UTF-8"?>
+		$web_config_file = '<?xml version="1.0" encoding="UTF-8"?>
 <configuration>
     <system.webServer>
         <rewrite>
@@ -424,14 +424,14 @@ define('BLOG_ID_CURRENT_SITE', 1);
 				if ( is_multisite() && get_site_option( 'ms_files_rewriting' ) ) {
 					$web_config_file .= '
                 <rule name="WordPress Rule for Files" stopProcessing="true">
-                    <match url="^{$iis_subdir_match}files/(.+)" ignoreCase="false" />
-                    <action type="Rewrite" url="{$iis_rewrite_base}wp-includes/ms-files.php?file={R:1}" appendQueryString="false" />
+                    <match url="^' . $iis_subdir_match . 'files/(.+)" ignoreCase="false" />
+                    <action type="Rewrite" url="' . $iis_rewrite_base . 'wp-includes/ms-files.php?file={R:1}" appendQueryString="false" />
                 </rule>';
                 }
                 $web_config_file .= '
                 <rule name="WordPress Rule 2" stopProcessing="true">
-                    <match url="^{$iis_subdir_match}wp-admin$" ignoreCase="false" />
-                    <action type="Redirect" url="{$iis_subdir_replacement}wp-admin/" redirectType="Permanent" />
+                    <match url="^' . $iis_subdir_match . 'wp-admin$" ignoreCase="false" />
+                    <action type="Redirect" url="' . $iis_subdir_replacement . 'wp-admin/" redirectType="Permanent" />
                 </rule>
                 <rule name="WordPress Rule 3" stopProcessing="true">
                     <match url="^" ignoreCase="false" />
@@ -442,12 +442,12 @@ define('BLOG_ID_CURRENT_SITE', 1);
                     <action type="None" />
                 </rule>
                 <rule name="WordPress Rule 4" stopProcessing="true">
-                    <match url="^{$iis_subdir_match}(wp-(content|admin|includes).*)" ignoreCase="false" />
-                    <action type="Rewrite" url="{$iis_rewrite_base}{R:1}" />
+                    <match url="^' . $iis_subdir_match . '(wp-(content|admin|includes).*)" ignoreCase="false" />
+                    <action type="Rewrite" url="' . $iis_rewrite_base . '{R:1}" />
                 </rule>
                 <rule name="WordPress Rule 5" stopProcessing="true">
-                    <match url="^{$iis_subdir_match}([_0-9a-zA-Z-]+/)?(.*\.php)$" ignoreCase="false" />
-                    <action type="Rewrite" url="{$iis_rewrite_base}{R:2}" />
+                    <match url="^' . $iis_subdir_match . '([_0-9a-zA-Z-]+/)?(.*\.php)$" ignoreCase="false" />
+                    <action type="Rewrite" url="' . $iis_rewrite_base . '{R:2}" />
                 </rule>
                 <rule name="WordPress Rule 6" stopProcessing="true">
                     <match url="." ignoreCase="false" />
@@ -456,8 +456,7 @@ define('BLOG_ID_CURRENT_SITE', 1);
             </rules>
         </rewrite>
     </system.webServer>
-</configuration>
-EOF;
+</configuration>';
 
 	?>
 		<li><p><?php printf( __( 'Add the following to your <code>web.config</code> file in <code>%s</code>, replacing other WordPress rules:' ), $home_path ); ?></p>

wp-admin/update.php

@@ -57,7 +57,7 @@ if ( isset($_GET['action']) ) {
 		require_once(ABSPATH . 'wp-admin/admin-header.php');
 
 		$nonce = 'upgrade-plugin_' . $plugin;
-		$url = 'update.php?action=upgrade-plugin&plugin=' . $plugin;
+		$url = 'update.php?action=upgrade-plugin&plugin=' . urlencode( $plugin );
 
 		$upgrader = new Plugin_Upgrader( new Plugin_Upgrader_Skin( compact('title', 'nonce', 'url', 'plugin') ) );
 		$upgrader->upgrade($plugin);
@@ -70,9 +70,9 @@ if ( isset($_GET['action']) ) {
 
 		check_admin_referer('activate-plugin_' . $plugin);
 		if ( ! isset($_GET['failure']) && ! isset($_GET['success']) ) {
-			wp_redirect( admin_url('update.php?action=activate-plugin&failure=true&plugin=' . $plugin . '&_wpnonce=' . $_GET['_wpnonce']) );
+			wp_redirect( admin_url('update.php?action=activate-plugin&failure=true&plugin=' . urlencode( $plugin ) . '&_wpnonce=' . $_GET['_wpnonce']) );
 			activate_plugin( $plugin, '', ! empty( $_GET['networkwide'] ), true );
-			wp_redirect( admin_url('update.php?action=activate-plugin&success=true&plugin=' . $plugin . '&_wpnonce=' . $_GET['_wpnonce']) );
+			wp_redirect( admin_url('update.php?action=activate-plugin&success=true&plugin=' . urlencode( $plugin ) . '&_wpnonce=' . $_GET['_wpnonce']) );
 			die();
 		}
 		iframe_header( __('Plugin Reactivation'), true );
@@ -107,7 +107,7 @@ if ( isset($_GET['action']) ) {
 
 		$title = sprintf( __('Installing Plugin: %s'), $api->name . ' ' . $api->version );
 		$nonce = 'install-plugin_' . $plugin;
-		$url = 'update.php?action=install-plugin&plugin=' . $plugin;
+		$url = 'update.php?action=install-plugin&plugin=' . urlencode( $plugin );
 		if ( isset($_GET['from']) )
 			$url .= '&from=' . urlencode(stripslashes($_GET['from']));
 
@@ -132,7 +132,7 @@ if ( isset($_GET['action']) ) {
 		$submenu_file = 'plugin-install.php';
 		require_once(ABSPATH . 'wp-admin/admin-header.php');
 
-		$title = sprintf( __('Installing Plugin from uploaded file: %s'), basename( $file_upload->filename ) );
+		$title = sprintf( __('Installing Plugin from uploaded file: %s'), esc_html( basename( $file_upload->filename ) ) );
 		$nonce = 'plugin-upload';
 		$url = add_query_arg(array('package' => $file_upload->id), 'update.php?action=upload-plugin');
 		$type = 'upload'; //Install plugin type, From Web or an Upload.
@@ -160,7 +160,7 @@ if ( isset($_GET['action']) ) {
 		require_once(ABSPATH . 'wp-admin/admin-header.php');
 
 		$nonce = 'upgrade-theme_' . $theme;
-		$url = 'update.php?action=upgrade-theme&theme=' . $theme;
+		$url = 'update.php?action=upgrade-theme&theme=' . urlencode( $theme );
 
 		$upgrader = new Theme_Upgrader( new Theme_Upgrader_Skin( compact('title', 'nonce', 'url', 'theme') ) );
 		$upgrader->upgrade($theme);
@@ -213,7 +213,7 @@ if ( isset($_GET['action']) ) {
 
 		$title = sprintf( __('Installing Theme: %s'), $api->name . ' ' . $api->version );
 		$nonce = 'install-theme_' . $theme;
-		$url = 'update.php?action=install-theme&theme=' . $theme;
+		$url = 'update.php?action=install-theme&theme=' . urlencode( $theme );
 		$type = 'web'; //Install theme type, From Web or an Upload.
 
 		$upgrader = new Theme_Upgrader( new Theme_Installer_Skin( compact('title', 'url', 'nonce', 'plugin', 'api') ) );
@@ -238,7 +238,7 @@ if ( isset($_GET['action']) ) {
 
 		require_once(ABSPATH . 'wp-admin/admin-header.php');
 
-		$title = sprintf( __('Installing Theme from uploaded file: %s'), basename( $file_upload->filename ) );
+		$title = sprintf( __('Installing Theme from uploaded file: %s'), esc_html( basename( $file_upload->filename ) ) );
 		$nonce = 'theme-upload';
 		$url = add_query_arg(array('package' => $file_upload->id), 'update.php?action=upload-theme');
 		$type = 'upload'; //Install plugin type, From Web or an Upload.

wp-content/themes/twentyeleven/languages/twentyeleven.pot

@@ -1,14 +1,14 @@
-# Copyright (C) 2012 the WordPress team
+# Copyright (C) 2013 the WordPress team
 # This file is distributed under the GNU General Public License v2 or later.
 msgid ""
 msgstr ""
 "Project-Id-Version: Twenty Eleven 1.5\n"
 "Report-Msgid-Bugs-To: http://wordpress.org/tags/twentyeleven\n"
-"POT-Creation-Date: 2012-12-07 21:19:12+00:00\n"
+"POT-Creation-Date: 2013-04-26 13:58:43+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"PO-Revision-Date: 2012-MO-DA HO:MI+ZONE\n"
+"PO-Revision-Date: 2013-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 
@@ -253,8 +253,8 @@ msgstr ""
 
 #: content-single.php:39
 msgid ""
-"This entry was posted by <a href=\"%6$s\">%5$s</a>. Bookmark the <a href=\"%3"
-"$s\" title=\"Permalink to %4$s\" rel=\"bookmark\">permalink</a>."
+"This entry was posted by <a href=\"%6$s\">%5$s</a>. Bookmark the <a href="
+"\"%3$s\" title=\"Permalink to %4$s\" rel=\"bookmark\">permalink</a>."
 msgstr ""
 
 #: content-single.php:64

wp-content/themes/twentyten/languages/twentyten.pot

@@ -1,14 +1,14 @@
-# Copyright (C) 2012 the WordPress team
+# Copyright (C) 2013 the WordPress team
 # This file is distributed under the GNU General Public License v2 or later.
 msgid ""
 msgstr ""
 "Project-Id-Version: Twenty Ten 1.5\n"
 "Report-Msgid-Bugs-To: http://wordpress.org/tags/twentyten\n"
-"POT-Creation-Date: 2012-12-07 21:19:05+00:00\n"
+"POT-Creation-Date: 2013-01-01 00:19:29+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"PO-Revision-Date: 2012-MO-DA HO:MI+ZONE\n"
+"PO-Revision-Date: 2013-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 

wp-content/themes/twentytwelve/languages/twentytwelve.pot

@@ -1,14 +1,14 @@
-# Copyright (C) 2012 the WordPress team
+# Copyright (C) 2013 the WordPress team
 # This file is distributed under the GNU General Public License v2 or later.
 msgid ""
 msgstr ""
 "Project-Id-Version: Twenty Twelve 1.1\n"
 "Report-Msgid-Bugs-To: http://wordpress.org/tags/twentytwelve\n"
-"POT-Creation-Date: 2012-12-07 21:19:18+00:00\n"
+"POT-Creation-Date: 2013-04-26 13:58:46+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"PO-Revision-Date: 2012-MO-DA HO:MI+ZONE\n"
+"PO-Revision-Date: 2013-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 
@@ -240,6 +240,7 @@ msgstr ""
 msgid "Reply"
 msgstr ""
 
+#. Translators: used between list items, there is a space after the comma.
 #: functions.php:332 functions.php:335
 msgid ", "
 msgstr ""
@@ -248,6 +249,8 @@ msgstr ""
 msgid "View all posts by %s"
 msgstr ""
 
+#. Translators: 1 is category, 2 is tag, 3 is the date and 4 is the author's
+#. name.
 #: functions.php:352
 msgid ""
 "This entry was posted in %1$s and tagged %2$s on %3$s<span class=\"by-author"
@@ -276,8 +279,9 @@ msgstr ""
 msgid ""
 "<span class=\"meta-prep meta-prep-entry-date\">Published </span> <span class="
 "\"entry-date\"><time class=\"entry-date\" datetime=\"%1$s\">%2$s</time></"
-"span> at <a href=\"%3$s\" title=\"Link to full-size image\">%4$s &times; %5"
-"$s</a> in <a href=\"%6$s\" title=\"Return to %7$s\" rel=\"gallery\">%8$s</a>."
+"span> at <a href=\"%3$s\" title=\"Link to full-size image\">%4$s &times; "
+"%5$s</a> in <a href=\"%6$s\" title=\"Return to %7$s\" rel=\"gallery\">%8$s</"
+"a>."
 msgstr ""
 
 #: image.php:41

wp-includes/class-feed.php

@@ -66,7 +66,11 @@ class WP_SimplePie_File extends SimplePie_File {
 		$this->method = SIMPLEPIE_FILE_SOURCE_REMOTE;
 
 		if ( preg_match('/^http(s)?:\/\//i', $url) ) {
-			$args = array( 'timeout' => $this->timeout, 'redirection' => $this->redirects);
+			$args = array(
+				'timeout' => $this->timeout,
+				'redirection' => $this->redirects,
+				'reject_unsafe_urls' => true,
+			);
 
 			if ( !empty($this->headers) )
 				$args['headers'] = $this->headers;
@@ -85,10 +89,8 @@ class WP_SimplePie_File extends SimplePie_File {
 				$this->status_code = wp_remote_retrieve_response_code( $res );
 			}
 		} else {
-			if ( ! file_exists($url) || ( ! $this->body = file_get_contents($url) ) ) {
-				$this->error = 'file_get_contents could not read the file';
-				$this->success = false;
-			}
+			$this->error = '';
+			$this->success = false;
 		}
 	}
 }

wp-includes/class-http.php

@@ -86,7 +86,8 @@ class WP_Http {
 			'timeout' => apply_filters( 'http_request_timeout', 5),
 			'redirection' => apply_filters( 'http_request_redirection_count', 5),
 			'httpversion' => apply_filters( 'http_request_version', '1.0'),
-			'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' )  ),
+			'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ) ),
+			'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false ),
 			'blocking' => true,
 			'headers' => array(),
 			'cookies' => array(),
@@ -108,15 +109,21 @@ class WP_Http {
 		$r = wp_parse_args( $args, $defaults );
 		$r = apply_filters( 'http_request_args', $r, $url );
 
-		// Certain classes decrement this, store a copy of the original value for loop purposes.
-		$r['_redirection'] = $r['redirection'];
+		// The transports decrement this, store a copy of the original value for loop purposes.
+		if ( ! isset( $r['_redirection'] ) )
+			$r['_redirection'] = $r['redirection'];
 
 		// Allow plugins to short-circuit the request
 		$pre = apply_filters( 'pre_http_request', false, $r, $url );
 		if ( false !== $pre )
 			return $pre;
 
-		$arrURL = parse_url( $url );
+		if ( $r['reject_unsafe_urls'] )
+			$url = wp_http_validate_url( $url );
+		if ( function_exists( 'wp_kses_bad_protocol' ) )
+			$url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) );
+
+		$arrURL = @parse_url( $url );
 
 		if ( empty( $url ) || empty( $arrURL['scheme'] ) )
 			return new WP_Error('http_request_failed', __('A valid URL was not provided.'));
@@ -141,7 +148,7 @@ class WP_Http {
 		// Force some settings if we are streaming to a file and check for existence and perms of destination directory
 		if ( $r['stream'] ) {
 			$r['blocking'] = true;
-			if ( ! is_writable( dirname( $r['filename'] ) ) )
+			if ( ! call_user_func( 'WIN' === strtoupper( substr( PHP_OS, 0, 3 ) ) ? 'win_is_writable' : 'is_writable', dirname( $r['filename'] ) ) )
 				return new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) );
 		}
 
@@ -777,7 +784,7 @@ class WP_Http_Fsockopen {
 		// If location is found, then assume redirect and redirect to location.
 		if ( isset($arrHeaders['headers']['location']) && 0 !== $r['_redirection'] ) {
 			if ( $r['redirection']-- > 0 ) {
-				return $this->request( WP_HTTP::make_absolute_url( $arrHeaders['headers']['location'], $url ), $r);
+				return wp_remote_request( WP_HTTP::make_absolute_url( $arrHeaders['headers']['location'], $url ), $r);
 			} else {
 				return new WP_Error('http_request_failed', __('Too many redirects.'));
 			}
@@ -887,7 +894,8 @@ class WP_Http_Streams {
 			array(
 				'method' => strtoupper($r['method']),
 				'user_agent' => $r['user-agent'],
-				'max_redirects' => $r['redirection'] + 1, // See #11557
+				'max_redirects' => 0, // Follow no redirects
+				'follow_redirects' => false,
 				'protocol_version' => (float) $r['httpversion'],
 				'header' => $strHeaders,
 				'ignore_errors' => true, // Return non-200 requests.
@@ -960,10 +968,13 @@ class WP_Http_Streams {
 		else
 			$processedHeaders = WP_Http::processHeaders($meta['wrapper_data']);
 
-		// Streams does not provide an error code which we can use to see why the request stream stopped.
-		// We can however test to see if a location header is present and return based on that.
-		if ( isset($processedHeaders['headers']['location']) && 0 !== $args['_redirection'] )
-			return new WP_Error('http_request_failed', __('Too many redirects.'));
+		if ( ! empty( $processedHeaders['headers']['location'] ) && 0 !== $r['_redirection'] ) { // _redirection: The requested number of redirections
+			if ( $r['redirection']-- > 0 ) {
+				return wp_remote_request( WP_HTTP::make_absolute_url( $processedHeaders['headers']['location'], $url ), $r );
+			} else {
+				return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) );
+			}
+		}
 
 		if ( ! empty( $strResponse ) && isset( $processedHeaders['headers']['transfer-encoding'] ) && 'chunked' == $processedHeaders['headers']['transfer-encoding'] )
 			$strResponse = WP_Http::chunkTransferDecode($strResponse);
@@ -1088,6 +1099,8 @@ class WP_Http_Curl {
 		// The option doesn't work with safe mode or when open_basedir is set, and there's a
 		// bug #17490 with redirected POST requests, so handle redirections outside Curl.
 		curl_setopt( $handle, CURLOPT_FOLLOWLOCATION, false );
+		if ( defined( 'CURLOPT_PROTOCOLS' ) ) // PHP 5.2.10 / cURL 7.19.4
+			curl_setopt( $handle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS );
 
 		switch ( $r['method'] ) {
 			case 'HEAD':
@@ -1178,7 +1191,7 @@ class WP_Http_Curl {
 		// See #11305 - When running under safe mode, redirection is disabled above. Handle it manually.
 		if ( ! empty( $theHeaders['headers']['location'] ) && 0 !== $r['_redirection'] ) { // _redirection: The requested number of redirections
 			if ( $r['redirection']-- > 0 ) {
-				return $this->request( WP_HTTP::make_absolute_url( $theHeaders['headers']['location'], $url ), $r );
+				return wp_remote_request( WP_HTTP::make_absolute_url( $theHeaders['headers']['location'], $url ), $r );
 			} else {
 				return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) );
 			}

wp-includes/class-oembed.php

@@ -108,7 +108,7 @@ class WP_oEmbed {
 		$providers = array();
 
 		// Fetch URL content
-		if ( $html = wp_remote_retrieve_body( wp_remote_get( $url ) ) ) {
+		if ( $html = wp_remote_retrieve_body( wp_remote_get( $url, array( 'reject_unsafe_urls' => true ) ) ) ) {
 
 			// <link> types that contain oEmbed provider URLs
 			$linktypes = apply_filters( 'oembed_linktypes', array(
@@ -190,7 +190,7 @@ class WP_oEmbed {
 	 */
 	function _fetch_with_format( $provider_url_with_args, $format ) {
 		$provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args );
-		$response = wp_remote_get( $provider_url_with_args );
+		$response = wp_remote_get( $provider_url_with_args, array( 'reject_unsafe_urls' => true ) );
 		if ( 501 == wp_remote_retrieve_response_code( $response ) )
 			return new WP_Error( 'not-implemented' );
 		if ( ! $body = wp_remote_retrieve_body( $response ) )
@@ -216,20 +216,28 @@ class WP_oEmbed {
 	 * @access private
 	 */
 	function _parse_xml( $response_body ) {
-		if ( function_exists('simplexml_load_string') ) {
-			$errors = libxml_use_internal_errors( 'true' );
-			$data = simplexml_load_string( $response_body );
-			libxml_use_internal_errors( $errors );
-			if ( ! is_object( $data ) )
-				return false;
-
-			$return = new stdClass;
-			foreach ( $data as $key => $value )
-				$return->$key = (string) $value;
-
-			return $return;
+		if ( !function_exists('simplexml_load_string') ) {
+			return false;
 		}
-		return false;
+		if ( ! function_exists( 'libxml_disable_entity_loader' ) )
+			return false;
+
+		$loader = libxml_disable_entity_loader( true );
+
+		$errors = libxml_use_internal_errors( true );
+		$data = simplexml_load_string( $response_body );
+		libxml_use_internal_errors( $errors );
+
+		$return = false;
+		if ( is_object( $data ) ) {
+			$return = new stdClass;
+			foreach ( $data as $key => $value ) {
+				$return->$key = (string) $value;
+			}
+		}
+
+		libxml_disable_entity_loader( $loader );
+		return $return;
 	}
 
 	/**

wp-includes/class-phpass.php

@@ -253,7 +253,7 @@ class PasswordHash {
 		if ($hash[0] == '*')
 			$hash = crypt($password, $stored_hash);
 
-		return $hash == $stored_hash;
+		return $hash === $stored_hash;
 	}
 }
 

wp-includes/class-wp-admin-bar.php

@@ -354,7 +354,9 @@ class WP_Admin_Bar {
 					$this->_render_group( $group );
 				} ?>
 			</div>
+			<?php if ( is_user_logged_in() ) : ?>
 			<a class="screen-reader-shortcut" href="<?php echo esc_url( wp_logout_url() ); ?>"><?php _e('Log Out'); ?></a>
+			<?php endif; ?>
 		</div>
 
 		<?php

wp-includes/class-wp-embed.php

@@ -270,7 +270,7 @@ class WP_Embed {
 	 * @return string Linked URL or the original URL.
 	 */
 	function maybe_make_link( $url ) {
-		$output = ( $this->linkifunknown ) ? '<a href="' . esc_attr($url) . '">' . esc_html($url) . '</a>' : $url;
+		$output = ( $this->linkifunknown ) ? '<a href="' . esc_url($url) . '">' . esc_html($url) . '</a>' : $url;
 		return apply_filters( 'embed_maybe_make_link', $output, $url );
 	}
 }

wp-includes/class-wp-xmlrpc-server.php

@@ -5309,10 +5309,14 @@ class wp_xmlrpc_server extends IXR_Server {
 		$pagelinkedto = str_replace('&', '&', $pagelinkedto);
 		$pagelinkedto = str_replace('&', '&', $pagelinkedto);
 
+		$pagelinkedfrom = apply_filters( 'pingback_ping_source_uri', $pagelinkedfrom, $pagelinkedto );
+		if ( ! $pagelinkedfrom )
+			return $this->pingback_error( 0, __( 'A valid URL was not provided.' ) );
+
 		// Check if the page linked to is in our site
 		$pos1 = strpos($pagelinkedto, str_replace(array('http://www.','http://','https://www.','https://'), '', get_option('home')));
 		if ( !$pos1 )
-			return new IXR_Error(0, __('Is there no link to us?'));
+			return $this->pingback_error( 0, __( 'Is there no link to us?' ) );
 
 		// let's find which post is linked to
 		// FIXME: does url_to_postid() cover all these cases already?
@@ -5346,39 +5350,40 @@ class wp_xmlrpc_server extends IXR_Server {
 				$sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", like_escape( $title ) );
 				if (! ($post_ID = $wpdb->get_var($sql)) ) {
 					// returning unknown error '0' is better than die()ing
-			  		return new IXR_Error(0, '');
+			  		return $this->pingback_error( 0, '' );
 				}
 				$way = 'from the fragment (title)';
 			}
 		} else {
 			// TODO: Attempt to extract a post ID from the given URL
-	  		return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.'));
+	  		return $this->pingback_error( 33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.' ) );
 		}
 		$post_ID = (int) $post_ID;
 
 		$post = get_post($post_ID);
 
 		if ( !$post ) // Post_ID not found
-	  		return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.'));
+	  		return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.' ) );
 
 		if ( $post_ID == url_to_postid($pagelinkedfrom) )
-			return new IXR_Error(0, __('The source URL and the target URL cannot both point to the same resource.'));
+			return $this->pingback_error( 0, __( 'The source URL and the target URL cannot both point to the same resource.' ) );
 
 		// Check if pings are on
 		if ( !pings_open($post) )
-	  		return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.'));
+	  		return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.' ) );
 
 		// Let's check that the remote site didn't already pingback this entry
 		if ( $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) ) )
-			return new IXR_Error( 48, __( 'The pingback has already been registered.' ) );
+			return $this->pingback_error( 48, __( 'The pingback has already been registered.' ) );
 
 		// very stupid, but gives time to the 'from' server to publish !
 		sleep(1);
 
 		// Let's check the remote site
-		$linea = wp_remote_fopen( $pagelinkedfrom );
+		$linea = wp_remote_retrieve_body( wp_remote_get( $pagelinkedfrom, array( 'timeout' => 10, 'redirection' => 0, 'reject_unsafe_urls' => true ) ) );
+
 		if ( !$linea )
-	  		return new IXR_Error(16, __('The source URL does not exist.'));
+	  		return $this->pingback_error( 16, __( 'The source URL does not exist.' ) );
 
 		$linea = apply_filters('pre_remote_source', $linea, $pagelinkedto);
 
@@ -5390,7 +5395,7 @@ class wp_xmlrpc_server extends IXR_Server {
 		preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle);
 		$title = $matchtitle[1];
 		if ( empty( $title ) )
-			return new IXR_Error(32, __('We cannot find a title on that page.'));
+			return $this->pingback_error( 32, __('We cannot find a title on that page.' ) );
 
 		$linea = strip_tags( $linea, '<a>' ); // just keep the tag we need
 
@@ -5426,7 +5431,7 @@ class wp_xmlrpc_server extends IXR_Server {
 		}
 
 		if ( empty($context) ) // Link to target not found
-			return new IXR_Error(17, __('The source URL does not contain a link to the target URL, and so cannot be used as a source.'));
+			return $this->pingback_error( 17, __( 'The source URL does not contain a link to the target URL, and so cannot be used as a source.' ) );
 
 		$pagelinkedfrom = str_replace('&', '&amp;', $pagelinkedfrom);
 
@@ -5473,14 +5478,14 @@ class wp_xmlrpc_server extends IXR_Server {
 		$post_ID = url_to_postid($url);
 		if ( !$post_ID ) {
 			// We aren't sure that the resource is available and/or pingback enabled
-	  		return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn&#8217;t exist, or it is not a pingback-enabled resource.'));
+	  		return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either doesn&#8217;t exist, or it is not a pingback-enabled resource.' ) );
 		}
 
 		$actual_post = get_post($post_ID, ARRAY_A);
 
 		if ( !$actual_post ) {
 			// No such post = resource not found
-	  		return new IXR_Error(32, __('The specified target URL does not exist.'));
+	  		return $this->pingback_error( 32, __('The specified target URL does not exist.' ) );
 		}
 
 		$comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
@@ -5496,4 +5501,8 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		return $pingbacks;
 	}
+
+	protected function pingback_error( $code, $message ) {
+		return apply_filters( 'xmlrpc_pingback_error', new IXR_Error( $code, $message ) );
+	}
 }

wp-includes/class-wp.php

@@ -378,12 +378,29 @@ class WP {
 
 		if ( ! empty( $status ) )
 			status_header( $status );
+
+		// If Last-Modified is set to false, it should not be sent (no-cache situation).
+		if ( isset( $headers['Last-Modified'] ) && false === $headers['Last-Modified'] ) {
+			unset( $headers['Last-Modified'] );
+
+			// In PHP 5.3+, make sure we are not sending a Last-Modified header.
+			if ( function_exists( 'header_remove' ) ) {
+				@header_remove( 'Last-Modified' );
+			} else {
+				// In PHP 5.2, send an empty Last-Modified header, but only as a
+				// last resort to override a header already sent. #WP23021
+				foreach ( headers_list() as $header ) {
+					if ( 0 === stripos( $header, 'Last-Modified' ) ) {
+						$headers['Last-Modified'] = '';
+						break;
+					}
+				}
+			}
+		}
+
 		foreach( (array) $headers as $name => $field_value )
 			@header("{$name}: {$field_value}");
 
-		if ( isset( $headers['Last-Modified'] ) && empty( $headers['Last-Modified'] ) && function_exists( 'header_remove' ) )
-			@header_remove( 'Last-Modified' );
-
 		if ( $exit_required )
 			exit();
 

wp-includes/comment.php

@@ -290,13 +290,13 @@ class WP_Comment_Query {
 				'user_id',
 			);
 			if ( ! empty( $this->query_vars['meta_key'] ) ) {
-				$allowed_keys[] = $q['meta_key'];
+				$allowed_keys[] = $this->query_vars['meta_key'];
 				$allowed_keys[] = 'meta_value';
 				$allowed_keys[] = 'meta_value_num';
 			}
 			$ordersby = array_intersect( $ordersby, $allowed_keys );
 			foreach ( $ordersby as $key => $value ) {
-				if ( $value == $q['meta_key'] || $value == 'meta_value' ) {
+				if ( $value == $this->query_vars['meta_key'] || $value == 'meta_value' ) {
 					$ordersby[ $key ] = "$wpdb->commentmeta.meta_value";
 				} elseif ( $value == 'meta_value_num' ) {
 					$ordersby[ $key ] = "$wpdb->commentmeta.meta_value+0";
@@ -1661,7 +1661,7 @@ function discover_pingback_server_uri( $url, $deprecated = '' ) {
 	if ( 0 === strpos($url, $uploads_dir['baseurl']) )
 		return false;
 
-	$response = wp_remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0' ) );
+	$response = wp_remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0', 'reject_unsafe_urls' => true ) );
 
 	if ( is_wp_error( $response ) )
 		return false;
@@ -1674,7 +1674,7 @@ function discover_pingback_server_uri( $url, $deprecated = '' ) {
 		return false;
 
 	// Now do a GET since we're going to look in the html headers (and we're sure its not a binary file)
-	$response = wp_remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0' ) );
+	$response = wp_remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0', 'reject_unsafe_urls' => true ) );
 
 	if ( is_wp_error( $response ) )
 		return false;
@@ -1908,6 +1908,7 @@ function trackback($trackback_url, $title, $excerpt, $ID) {
 
 	$options = array();
 	$options['timeout'] = 4;
+	$options['reject_unsafe_urls'] = true;
 	$options['body'] = array(
 		'title' => $title,
 		'url' => get_permalink($ID),
@@ -1951,6 +1952,37 @@ function weblog_ping($server = '', $path = '') {
 		$client->query('weblogUpdates.ping', get_option('blogname'), $home);
 }
 
+/**
+ * Default filter attached to pingback_ping_source_uri to validate the pingback's Source URI
+ *
+ * @since 3.5.1
+ * @see wp_http_validate_url()
+ *
+ * @param string $source_uri
+ * @return string
+ */
+function pingback_ping_source_uri( $source_uri ) {
+	return (string) wp_http_validate_url( $source_uri );
+}
+
+/**
+ * Default filter attached to xmlrpc_pingback_error.
+ *
+ * Returns a generic pingback error code unless the error code is 48,
+ * which reports that the pingback is already registered.
+ *
+ * @since 3.5.1
+ * @link http://www.hixie.ch/specs/pingback/pingback#TOC3
+ *
+ * @param IXR_Error $ixr_error
+ * @return IXR_Error
+ */
+function xmlrpc_pingback_error( $ixr_error ) {
+	if ( $ixr_error->code === 48 )
+		return $ixr_error;
+	return new IXR_Error( 0, '' );
+}
+
 //
 // Cache
 //

wp-includes/css/editor.css

@@ -1246,7 +1246,7 @@ html[dir="rtl"] .wp-switch-editor {
 
 #wp-link .link-search-field {
 	float: left;
-	margin-right: 5px;
+	width: 220px;
 }
 
 #wp-link .link-search-wrapper {
@@ -1260,13 +1260,7 @@ html[dir="rtl"] .wp-switch-editor {
 	margin-top: 4px;
 }
 
-#wp-link .link-search-wrapper input[type="text"] {
-	float: left;
-	width: 220px;
-}
-
 #wp-link .link-search-wrapper .spinner {
-	margin: 4px 2px 0 0;
 	display: none;
 	vertical-align: text-bottom;
 }
@@ -1341,7 +1335,7 @@ html[dir="rtl"] .wp-switch-editor {
 	display: none;
 }
 
-#wp-link  #search-panel {
+#wp-link #search-panel {
 	float: left;
 	width: 100%;
 }
@@ -1500,6 +1494,11 @@ html[dir="rtl"] .wp-switch-editor {
 	padding: 0;
 }
 
+.rtl .wp-dialog .ui-dialog-titlebar-close {
+	right: auto;
+	left: 6px;
+}
+
 .wp-dialog .ui-dialog-titlebar-close:hover,
 .wp-dialog .ui-dialog-titlebar-close:focus {
 	background-position: -87px -32px;
@@ -1519,22 +1518,25 @@ RTL
 	padding-left: 0;
 }
 
-.rtl #wp-link label span {
+.rtl #wp-link #link-options label span,
+.rtl #wp-link #search-panel label span.search-label {
 	text-align: left;
-	padding-left: 5px;
 	padding-right: 0;
+	padding-left: 5px;
 }
 
+.rtl #wp-link #link-options label #url-field {
+	direction: ltr;
+}
+
+.rtl #wp-link .link-search-field,
 .rtl #wp-link .link-search-wrapper span {
 	float: right;
 }
 
-.rtl #wp-link .link-search-wrapper input[type="text"] {
-	float: right;
-}
-
 .rtl #wp-link .link-target {
-	margin: 0 87px 0 0;
+	margin-right: 87px;
+	margin-left: 0;
 }
 
 .rtl #wp-link .item-info {
@@ -1574,7 +1576,7 @@ RTL
 }
 
 .rtl .mceListBoxMenu.mceNoIcons {
-	margin-left: -14px;
+	direction: rtl;
 }
 
 .clearlooks2 .mceFocus .mceTop .mceLeft {

wp-includes/default-filters.php

@@ -192,6 +192,8 @@ add_filter( 'pings_open',               '_close_comments_for_old_post', 10, 2 );
 add_filter( 'editable_slug',            'urldecode'                           );
 add_filter( 'editable_slug',            'esc_textarea'                        );
 add_filter( 'nav_menu_meta_box_object', '_wp_nav_menu_meta_box_object'        );
+add_filter( 'pingback_ping_source_uri', 'pingback_ping_source_uri'            );
+add_filter( 'xmlrpc_pingback_error',    'xmlrpc_pingback_error'               );
 
 // Actions
 add_action( 'wp_head',             'wp_enqueue_scripts',              1     );

wp-includes/deprecated.php

@@ -3298,7 +3298,7 @@ function image_resize( $file, $max_w, $max_h, $crop = false, $suffix = null, $de
  */
 function wp_get_single_post( $postid = 0, $mode = OBJECT ) {
 	_deprecated_function( __FUNCTION__, '3.5', 'get_post()' );
-	return get_post( $postid, $mode, 'edit' );
+	return get_post( $postid, $mode );
 }
 
 /**

wp-includes/formatting.php

@@ -2601,10 +2601,11 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
 
 	if ( ! is_array( $protocols ) )
 		$protocols = wp_allowed_protocols();
-	if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
+	$good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
+	if ( strtolower( $good_protocol_url ) != strtolower( $url ) )
 		return '';
 
-	return apply_filters('clean_url', $url, $original_url, $_context);
+	return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
 }
 
 /**
@@ -2869,7 +2870,7 @@ function sanitize_option($option, $value) {
 
 		case 'illegal_names':
 			if ( ! is_array( $value ) )
-				$value = explode( "\n", $value );
+				$value = explode( ' ', $value );
 
 			$value = array_values( array_filter( array_map( 'trim', $value ) ) );
 

wp-includes/functions.php

@@ -496,6 +496,7 @@ function wp_get_http( $url, $file_path = false, $red = 1 ) {
 
 	$options = array();
 	$options['redirection'] = 5;
+	$options['reject_unsafe_urls'] = true;
 
 	if ( false == $file_path )
 		$options['method'] = 'HEAD';
@@ -543,7 +544,7 @@ function wp_get_http_headers( $url, $deprecated = false ) {
 	if ( !empty( $deprecated ) )
 		_deprecated_argument( __FUNCTION__, '2.7' );
 
-	$response = wp_remote_head( $url );
+	$response = wp_remote_head( $url, array( 'reject_unsafe_urls' => true ) );
 
 	if ( is_wp_error( $response ) )
 		return false;
@@ -655,10 +656,10 @@ function add_query_arg() {
 	else
 		$frag = '';
 
-	if ( 0 === stripos( 'http://', $uri ) ) {
+	if ( 0 === stripos( $uri, 'http://' ) ) {
 		$protocol = 'http://';
 		$uri = substr( $uri, 7 );
-	} elseif ( 0 === stripos( 'https://', $uri ) ) {
+	} elseif ( 0 === stripos( $uri, 'https://' ) ) {
 		$protocol = 'https://';
 		$uri = substr( $uri, 8 );
 	} else {
@@ -758,6 +759,7 @@ function wp_remote_fopen( $uri ) {
 
 	$options = array();
 	$options['timeout'] = 10;
+	$options['reject_unsafe_urls'] = true;
 
 	$response = wp_remote_get( $uri, $options );
 
@@ -902,7 +904,6 @@ function status_header( $header ) {
 function wp_get_nocache_headers() {
 	$headers = array(
 		'Expires' => 'Wed, 11 Jan 1984 05:00:00 GMT',
-		'Last-Modified' => '',
 		'Cache-Control' => 'no-cache, must-revalidate, max-age=0',
 		'Pragma' => 'no-cache',
 	);
@@ -910,6 +911,7 @@ function wp_get_nocache_headers() {
 	if ( function_exists('apply_filters') ) {
 		$headers = (array) apply_filters('nocache_headers', $headers);
 	}
+	$headers['Last-Modified'] = false;
 	return $headers;
 }
 
@@ -924,10 +926,25 @@ function wp_get_nocache_headers() {
  */
 function nocache_headers() {
 	$headers = wp_get_nocache_headers();
+
+	unset( $headers['Last-Modified'] );
+
+	// In PHP 5.3+, make sure we are not sending a Last-Modified header.
+	if ( function_exists( 'header_remove' ) ) {
+		@header_remove( 'Last-Modified' );
+	} else {
+		// In PHP 5.2, send an empty Last-Modified header, but only as a
+		// last resort to override a header already sent. #WP23021
+		foreach ( headers_list() as $header ) {
+			if ( 0 === stripos( $header, 'Last-Modified' ) ) {
+				$headers['Last-Modified'] = '';
+				break;
+			}
+		}
+	}
+
 	foreach( $headers as $name => $field_value )
 		@header("{$name}: {$field_value}");
-	if ( empty( $headers['Last-Modified'] ) && function_exists( 'header_remove' ) )
-		@header_remove( 'Last-Modified' );
 }
 
 /**
@@ -2939,9 +2956,15 @@ function _doing_it_wrong( $function, $message, $version ) {
 
 	// Allow plugin to filter the output error trigger
 	if ( WP_DEBUG && apply_filters( 'doing_it_wrong_trigger_error', true ) ) {
-		$version = is_null( $version ) ? '' : sprintf( __( '(This message was added in version %s.)' ), $version );
-		$message .= ' ' . __( 'Please see <a href="http://codex.wordpress.org/Debugging_in_WordPress">Debugging in WordPress</a> for more information.' );
-		trigger_error( sprintf( __( '%1$s was called <strong>incorrectly</strong>. %2$s %3$s' ), $function, $message, $version ) );
+		if ( function_exists( '__' ) ) {
+			$version = is_null( $version ) ? '' : sprintf( __( '(This message was added in version %s.)' ), $version );
+			$message .= ' ' . __( 'Please see <a href="http://codex.wordpress.org/Debugging_in_WordPress">Debugging in WordPress</a> for more information.' );
+			trigger_error( sprintf( __( '%1$s was called <strong>incorrectly</strong>. %2$s %3$s' ), $function, $message, $version ) );
+		} else {
+			$version = is_null( $version ) ? '' : sprintf( '(This message was added in version %s.)', $version );
+			$message .= ' Please see <a href="http://codex.wordpress.org/Debugging_in_WordPress">Debugging in WordPress</a> for more information.';
+			trigger_error( sprintf( '%1$s was called <strong>incorrectly</strong>. %2$s %3$s', $function, $message, $version ) );
+		}
 	}
 }
 

wp-includes/http.php

@@ -311,3 +311,64 @@ function send_origin_headers() {
 
 	return false;
 }
+
+/**
+ * Validate a URL for safe use in the HTTP API.
+ *
+ * @since 3.5.2
+ *
+ * @return mixed URL or false on failure.
+ */
+function wp_http_validate_url( $url ) {
+	$url = esc_url_raw( $url, array( 'http', 'https' ) );
+	if ( ! $url )
+		return false;
+
+	$parsed_url = @parse_url( $url );
+	if ( ! $parsed_url )
+		return false;
+
+	if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) )
+		return false;
+
+	if ( false !== strpos( $parsed_url['host'], ':' ) )
+		return false;
+
+	$parsed_home = @parse_url( get_option( 'home' ) );
+
+	$same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] );
+
+	if ( ! $same_host ) {
+		$host = trim( $parsed_url['host'], '.' );
+		if ( preg_match( '#^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $host ) ) {
+			$ip = $host;
+		} else {
+			$ip = gethostbyname( $host );
+			if ( $ip === $host ) // Error condition for gethostbyname()
+				$ip = false;
+		}
+		if ( $ip ) {
+			if ( '127.0.0.1' === $ip )
+				return false;
+			$parts = array_map( 'intval', explode( '.', $ip ) );
+			if ( 10 === $parts[0] )
+				return false;
+			if ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
+				return false;
+			if ( 192 === $parts[0] && 168 === $parts[1] )
+				return false;
+		}
+	}
+
+	if ( empty( $parsed_url['port'] ) )
+		return $url;
+
+	$port = $parsed_url['port'];
+	if ( 80 === $port || 443 === $port || 8080 === $port )
+		return $url;
+
+	if ( $parsed_home && $same_host && $parsed_home['port'] === $port )
+		return $url;
+
+	return false;
+}

wp-includes/js/media-editor.js

@@ -9,7 +9,8 @@
 		// outputting the proper object format based on the
 		// attachment's type.
 		props: function( props, attachment ) {
-			var link, linkUrl, size, sizes, fallbacks;
+			var link, linkUrl, size, sizes, fallbacks,
+				defaultProps = wp.media.view.settings.defaultProps;
 
 			// Final fallbacks run after all processing has been completed.
 			fallbacks = function( props ) {
@@ -17,6 +18,7 @@
 				if ( 'image' === props.type && ! props.alt ) {
 					props.alt = props.caption || props.title || '';
 					props.alt = props.alt.replace( /<\/?[^>]+>/g, '' );
+					props.alt = props.alt.replace( /[\r\n]+/g, ' ' );
 				}
 
 				return props;
@@ -29,8 +31,8 @@
 
 			if ( 'image' === props.type ) {
 				props = _.defaults( props || {}, {
-					align:   getUserSetting( 'align', 'none' ),
-					size:    getUserSetting( 'imgsize', 'medium' ),
+					align:   defaultProps.align || getUserSetting( 'align', 'none' ),
+					size:    defaultProps.size  || getUserSetting( 'imgsize', 'medium' ),
 					url:     '',
 					classes: []
 				});
@@ -42,7 +44,7 @@
 
 			props.title = props.title || attachment.title;
 
-			link = props.link || getUserSetting( 'urlbutton', 'post' );
+			link = props.link || defaultProps.link || getUserSetting( 'urlbutton', 'file' );
 			if ( 'file' === link )
 				linkUrl = attachment.url;
 			else if ( 'post' === link )
@@ -167,7 +169,8 @@
 				itemtag:    'dl',
 				icontag:    'dt',
 				captiontag: 'dd',
-				columns:    3,
+				columns:    '3',
+				link:       'post',
 				size:       'thumbnail',
 				orderby:    'menu_order ID'
 			},

wp-includes/js/media-views.js

@@ -413,8 +413,6 @@
 
 			this.get('selection').on( 'add remove reset', this.refreshContent, this );
 
-			this.on( 'insert', this._insertDisplaySettings, this );
-
 			if ( this.get('contentUserSetting') ) {
 				this.frame.on( 'content:activate', this.saveContentMode, this );
 				this.set( 'content', getUserSetting( 'libraryContent', this.get('content') ) );
@@ -440,11 +438,12 @@
 		},
 
 		resetDisplays: function() {
+			var defaultProps = media.view.settings.defaultProps;
 			this._displays = [];
 			this._defaultDisplaySettings = {
-				align: getUserSetting( 'align', 'none' ),
-				size:  getUserSetting( 'imgsize', 'medium' ),
-				link:  getUserSetting( 'urlbutton', 'post' )
+				align: defaultProps.align || getUserSetting( 'align', 'none' ),
+				size:  defaultProps.size  || getUserSetting( 'imgsize', 'medium' ),
+				link:  defaultProps.link  || getUserSetting( 'urlbutton', 'file' )
 			};
 		},
 
@@ -457,22 +456,6 @@
 			return displays[ attachment.cid ];
 		},
 
-		_insertDisplaySettings: function() {
-			var selection = this.get('selection'),
-				display;
-
-			// If inserting one image, set those display properties as the
-			// default user setting.
-			if ( selection.length !== 1 )
-				return;
-
-			display = this.display( selection.first() ).toJSON();
-
-			setUserSetting( 'align', display.align );
-			setUserSetting( 'imgsize', display.size );
-			setUserSetting( 'urlbutton', display.link );
-		},
-
 		syncSelection: function() {
 			var selection = this.get('selection'),
 				manager = this.frame._selection;
@@ -522,7 +505,10 @@
 				router = frame.router.get(),
 				mode = frame.content.mode();
 
-			if ( this.active && ! selection.length && ! router.get( mode ) )
+			// If the state is active, no items are selected, and the current
+			// content mode is not an option in the state's router (provided
+			// the state has a router), reset the content mode to the default.
+			if ( this.active && ! selection.length && router && ! router.get( mode ) )
 				this.frame.content.render( this.get('content') );
 		},
 
@@ -533,10 +519,12 @@
 			if ( 'upload' === content.mode() )
 				this.frame.content.mode('browse');
 
-			// If we're in a workflow that supports multiple attachments,
-			// automatically select any uploading attachments.
-			if ( this.get('multiple') )
-				this.get('selection').add( attachment );
+			// Automatically select any uploading attachments.
+			//
+			// Selections that don't support multiple attachments automatically
+			// limit themselves to one attachment (in this case, the last
+			// attachment in the upload queue).
+			this.get('selection').add( attachment );
 		},
 
 		saveContentMode: function() {
@@ -673,6 +661,10 @@
 				return !! this.mirroring.getByCid( attachment.cid ) && ! edit.getByCid( attachment.cid ) && media.model.Selection.prototype.validator.apply( this, arguments );
 			};
 
+			// Reset the library to ensure that all attachments are re-added
+			// to the collection. Do so silently, as calling `observe` will
+			// trigger the `reset` event.
+			library.reset( library.mirroring.models, { silent: true });
 			library.observe( edit );
 			this.editLibrary = edit;
 
@@ -2854,7 +2846,9 @@
 		initialize: function() {
 			var selection = this.options.selection;
 
-			this.model.on( 'change:sizes change:uploading change:caption change:title', this.render, this );
+			this.model.on( 'change:sizes change:uploading', this.render, this );
+			this.model.on( 'change:title', this._syncTitle, this );
+			this.model.on( 'change:caption', this._syncCaption, this );
 			this.model.on( 'change:percent', this.progress, this );
 
 			// Update the selection.
@@ -3172,6 +3166,28 @@
 		}
 	});
 
+	// Ensure settings remain in sync between attachment views.
+	_.each({
+		caption: '_syncCaption',
+		title:   '_syncTitle'
+	}, function( method, setting ) {
+		media.view.Attachment.prototype[ method ] = function( model, value ) {
+			var $setting = this.$('[data-setting="' + setting + '"]');
+
+			if ( ! $setting.length )
+				return this;
+
+			// If the updated value is in sync with the value in the DOM, there
+			// is no need to re-render. If we're currently editing the value,
+			// it will automatically be in sync, suppressing the re-render for
+			// the view we're editing, while updating any others.
+			if ( value === $setting.find('input, textarea, select, [value]').val() )
+				return this;
+
+			return this.render();
+		};
+	});
+
 	/**
 	 * wp.media.view.Attachment.Library
 	 */
@@ -3900,10 +3916,11 @@
 				$value = $setting.find('[value="' + value + '"]');
 
 				if ( $value.length ) {
+					$setting.find('option').prop( 'selected', false );
 					$value.prop( 'selected', true );
 				} else {
 					// If we can't find the desired value, record what *is* selected.
-					this.model.set( $setting.data('setting'), $setting.find(':selected').val() );
+					this.model.set( key, $setting.find(':selected').val() );
 				}
 
 

wp-includes/js/plupload/changelog.txt

@@ -1,3 +1,12 @@
+Version 1.5.5 (2013-01-23)
+	UI Widget: Fix sortable feature, broken in jQuery UI 1.9.
+	Queue: Replace live() with delegate(), as live() was removed from jQuery 1.9.
+	HTML5: window.getComputedStyle in Firefox doesn't support dashed rulenames - use zIndex instead of z-index.
+	HTML5/Flash/Silverlight/Gears: Process JPEGs, if quality parameter is present, whatever the scale factor.
+	Flash: Survive invalid EXIF tag offsets.
+	Flash: Allow only letters, digits and underscore in runtime id to avoid script injection.
+	SilverLight: Prepend ampersand to the query string, for non multipart cases (as in Flash and HTML5).
+	Add mime types for m2v,3gp,3g2 extensions.
 Version 1.5.4 (2012-04-12)
 	Flash: Disable scripting if swf was loaded from another domain.
 Version 1.5.3 (2012-04-05)

wp-includes/js/plupload/handlers.js

@@ -16,7 +16,12 @@ function fileQueued(fileObj) {
 		items.removeClass('open').find('.slidetoggle').slideUp(200);
 	}
 	// Create a progress bar containing the filename
-	jQuery('#media-items').append('<div id="media-item-' + fileObj.id + '" class="media-item child-of-' + postid + '"><div class="progress"><div class="percent">0%</div><div class="bar"></div></div><div class="filename original"> ' + fileObj.name + '</div></div>');
+	jQuery('<div class="media-item">')
+		.attr( 'id', 'media-item-' + fileObj.id )
+		.addClass('child-of-' + postid)
+		.append('<div class="progress"><div class="percent">0%</div><div class="bar"></div></div>',
+			jQuery('<div class="filename original">').text( ' ' + fileObj.name ))
+		.appendTo( jQuery('#media-items' ) );
 
 	// Disable submit
 	jQuery('#insert-gallery').prop('disabled', true);

wp-includes/js/plupload/wp-plupload.js

@@ -150,6 +150,10 @@ window.wp = window.wp || {};
 			_.each( files, function( file ) {
 				var attributes, image;
 
+				// Ignore failed uploads.
+				if ( plupload.FAILED === file.status )
+					return;
+
 				// Generate attributes for a new `Attachment` model.
 				attributes = _.extend({
 					file:      file,

wp-includes/js/plupload/wp-plupload.min.js

@@ -1 +1 @@
-window.wp=window.wp||{};(function(a,b){var c;if(typeof _wpPluploadSettings==="undefined"){return}c=function(f){var d=this,h={container:"container",browser:"browse_button",dropzone:"drop_element"},g,e;this.supports={upload:c.browser.supported};this.supported=this.supports.upload;if(!this.supported){return}this.plupload=b.extend(true,{multipart_params:{}},c.defaults);this.container=document.body;b.extend(true,this,f);for(g in this){if(b.isFunction(this[g])){this[g]=b.proxy(this[g],this)}}for(g in h){if(!this[g]){continue}this[g]=b(this[g]).first();if(!this[g].length){delete this[g];continue}if(!this[g].prop("id")){this[g].prop("id","__wp-uploader-id-"+c.uuid++)}this.plupload[h[g]]=this[g].prop("id")}if(!(this.browser&&this.browser.length)&&!(this.dropzone&&this.dropzone.length)){return}this.uploader=new plupload.Uploader(this.plupload);delete this.plupload;this.param(this.params||{});delete this.params;e=function(j,k,i){if(i.attachment){i.attachment.destroy()}c.errors.unshift({message:j||pluploadL10n.default_error,data:k,file:i});d.error(j,k,i)};this.uploader.init();this.supports.dragdrop=this.uploader.features.dragdrop&&!c.browser.mobile;(function(j,i){var l,k;if(!j){return}j.toggleClass("supports-drag-drop",!!i);if(!i){return j.unbind(".wp-uploader")}j.bind("dragover.wp-uploader",function(){if(l){clearTimeout(l)}if(k){return}j.trigger("dropzone:enter").addClass("drag-over");k=true});j.bind("dragleave.wp-uploader, drop.wp-uploader",function(){l=setTimeout(function(){k=false;j.trigger("dropzone:leave").removeClass("drag-over")},0)})}(this.dropzone,this.supports.dragdrop));if(this.browser){this.browser.on("mouseenter",this.refresh)}else{this.uploader.disableBrowse(true);b("#"+this.uploader.id+"_html5_container").hide()}this.uploader.bind("FilesAdded",function(i,j){_.each(j,function(l){var k,m;k=_.extend({file:l,uploading:true,date:new Date(),filename:l.name,menuOrder:0,uploadedTo:wp.media.model.settings.post.id},_.pick(l,"loaded","size","percent"));m=/(?:jpe?g|png|gif)$/i.exec(l.name);if(m){k.type="image";k.subtype=("jpg"===m[0])?"jpeg":m[0]}l.attachment=wp.media.model.Attachment.create(k);c.queue.add(l.attachment);d.added(l.attachment)});i.refresh();i.start()});this.uploader.bind("UploadProgress",function(i,j){j.attachment.set(_.pick(j,"loaded","percent"));d.progress(j.attachment)});this.uploader.bind("FileUploaded",function(i,l,k){var j;try{k=JSON.parse(k.response)}catch(m){return e(pluploadL10n.default_error,m,l)}if(!_.isObject(k)||_.isUndefined(k.success)){return e(pluploadL10n.default_error,null,l)}else{if(!k.success){return e(k.data&&k.data.message,k.data,l)}}_.each(["file","loaded","size","percent"],function(n){l.attachment.unset(n)});l.attachment.set(_.extend(k.data,{uploading:false}));wp.media.model.Attachment.get(k.data.id,l.attachment);j=c.queue.all(function(n){return !n.get("uploading")});if(j){c.queue.reset()}d.success(l.attachment)});this.uploader.bind("Error",function(i,l){var k=pluploadL10n.default_error,j;for(j in c.errorMap){if(l.code===plupload[j]){k=c.errorMap[j];if(_.isFunction(k)){k=k(l.file,l)}break}}e(k,l,l.file);i.refresh()});this.init()};b.extend(c,_wpPluploadSettings);c.uuid=0;c.errorMap={FAILED:pluploadL10n.upload_failed,FILE_EXTENSION_ERROR:pluploadL10n.invalid_filetype,IMAGE_FORMAT_ERROR:pluploadL10n.not_an_image,IMAGE_MEMORY_ERROR:pluploadL10n.image_memory_exceeded,IMAGE_DIMENSIONS_ERROR:pluploadL10n.image_dimensions_exceeded,GENERIC_ERROR:pluploadL10n.upload_failed,IO_ERROR:pluploadL10n.io_error,HTTP_ERROR:pluploadL10n.http_error,SECURITY_ERROR:pluploadL10n.security_error,FILE_SIZE_ERROR:function(d){return pluploadL10n.file_exceeds_size_limit.replace("%s",d.name)}};b.extend(c.prototype,{param:function(d,e){if(arguments.length===1&&typeof d==="string"){return this.uploader.settings.multipart_params[d]}if(arguments.length>1){this.uploader.settings.multipart_params[d]=e}else{b.extend(this.uploader.settings.multipart_params,d)}},init:function(){},error:function(){},success:function(){},added:function(){},progress:function(){},complete:function(){},refresh:function(){var f,e,d,g;if(this.browser){f=this.browser[0];while(f){if(f===document.body){e=true;break}f=f.parentNode}if(!e){g="wp-uploader-browser-"+this.uploader.id;d=b("#"+g);if(!d.length){d=b('<div class="wp-uploader-browser" />').css({position:"fixed",top:"-1000px",left:"-1000px",height:0,width:0}).attr("id","wp-uploader-browser-"+this.uploader.id).appendTo("body")}d.append(this.browser)}}this.uploader.refresh()}});c.queue=new wp.media.model.Attachments([],{query:false});c.errors=new Backbone.Collection();a.Uploader=c})(wp,jQuery);
+window.wp=window.wp||{};(function(a,b){var c;if(typeof _wpPluploadSettings==="undefined"){return}c=function(f){var d=this,h={container:"container",browser:"browse_button",dropzone:"drop_element"},g,e;this.supports={upload:c.browser.supported};this.supported=this.supports.upload;if(!this.supported){return}this.plupload=b.extend(true,{multipart_params:{}},c.defaults);this.container=document.body;b.extend(true,this,f);for(g in this){if(b.isFunction(this[g])){this[g]=b.proxy(this[g],this)}}for(g in h){if(!this[g]){continue}this[g]=b(this[g]).first();if(!this[g].length){delete this[g];continue}if(!this[g].prop("id")){this[g].prop("id","__wp-uploader-id-"+c.uuid++)}this.plupload[h[g]]=this[g].prop("id")}if(!(this.browser&&this.browser.length)&&!(this.dropzone&&this.dropzone.length)){return}this.uploader=new plupload.Uploader(this.plupload);delete this.plupload;this.param(this.params||{});delete this.params;e=function(j,k,i){if(i.attachment){i.attachment.destroy()}c.errors.unshift({message:j||pluploadL10n.default_error,data:k,file:i});d.error(j,k,i)};this.uploader.init();this.supports.dragdrop=this.uploader.features.dragdrop&&!c.browser.mobile;(function(j,i){var l,k;if(!j){return}j.toggleClass("supports-drag-drop",!!i);if(!i){return j.unbind(".wp-uploader")}j.bind("dragover.wp-uploader",function(){if(l){clearTimeout(l)}if(k){return}j.trigger("dropzone:enter").addClass("drag-over");k=true});j.bind("dragleave.wp-uploader, drop.wp-uploader",function(){l=setTimeout(function(){k=false;j.trigger("dropzone:leave").removeClass("drag-over")},0)})}(this.dropzone,this.supports.dragdrop));if(this.browser){this.browser.on("mouseenter",this.refresh)}else{this.uploader.disableBrowse(true);b("#"+this.uploader.id+"_html5_container").hide()}this.uploader.bind("FilesAdded",function(i,j){_.each(j,function(l){var k,m;if(plupload.FAILED===l.status){return}k=_.extend({file:l,uploading:true,date:new Date(),filename:l.name,menuOrder:0,uploadedTo:wp.media.model.settings.post.id},_.pick(l,"loaded","size","percent"));m=/(?:jpe?g|png|gif)$/i.exec(l.name);if(m){k.type="image";k.subtype=("jpg"===m[0])?"jpeg":m[0]}l.attachment=wp.media.model.Attachment.create(k);c.queue.add(l.attachment);d.added(l.attachment)});i.refresh();i.start()});this.uploader.bind("UploadProgress",function(i,j){j.attachment.set(_.pick(j,"loaded","percent"));d.progress(j.attachment)});this.uploader.bind("FileUploaded",function(i,l,k){var j;try{k=JSON.parse(k.response)}catch(m){return e(pluploadL10n.default_error,m,l)}if(!_.isObject(k)||_.isUndefined(k.success)){return e(pluploadL10n.default_error,null,l)}else{if(!k.success){return e(k.data&&k.data.message,k.data,l)}}_.each(["file","loaded","size","percent"],function(n){l.attachment.unset(n)});l.attachment.set(_.extend(k.data,{uploading:false}));wp.media.model.Attachment.get(k.data.id,l.attachment);j=c.queue.all(function(n){return !n.get("uploading")});if(j){c.queue.reset()}d.success(l.attachment)});this.uploader.bind("Error",function(i,l){var k=pluploadL10n.default_error,j;for(j in c.errorMap){if(l.code===plupload[j]){k=c.errorMap[j];if(_.isFunction(k)){k=k(l.file,l)}break}}e(k,l,l.file);i.refresh()});this.init()};b.extend(c,_wpPluploadSettings);c.uuid=0;c.errorMap={FAILED:pluploadL10n.upload_failed,FILE_EXTENSION_ERROR:pluploadL10n.invalid_filetype,IMAGE_FORMAT_ERROR:pluploadL10n.not_an_image,IMAGE_MEMORY_ERROR:pluploadL10n.image_memory_exceeded,IMAGE_DIMENSIONS_ERROR:pluploadL10n.image_dimensions_exceeded,GENERIC_ERROR:pluploadL10n.upload_failed,IO_ERROR:pluploadL10n.io_error,HTTP_ERROR:pluploadL10n.http_error,SECURITY_ERROR:pluploadL10n.security_error,FILE_SIZE_ERROR:function(d){return pluploadL10n.file_exceeds_size_limit.replace("%s",d.name)}};b.extend(c.prototype,{param:function(d,e){if(arguments.length===1&&typeof d==="string"){return this.uploader.settings.multipart_params[d]}if(arguments.length>1){this.uploader.settings.multipart_params[d]=e}else{b.extend(this.uploader.settings.multipart_params,d)}},init:function(){},error:function(){},success:function(){},added:function(){},progress:function(){},complete:function(){},refresh:function(){var f,e,d,g;if(this.browser){f=this.browser[0];while(f){if(f===document.body){e=true;break}f=f.parentNode}if(!e){g="wp-uploader-browser-"+this.uploader.id;d=b("#"+g);if(!d.length){d=b('<div class="wp-uploader-browser" />').css({position:"fixed",top:"-1000px",left:"-1000px",height:0,width:0}).attr("id","wp-uploader-browser-"+this.uploader.id).appendTo("body")}d.append(this.browser)}}this.uploader.refresh()}});c.queue=new wp.media.model.Attachments([],{query:false});c.errors=new Backbone.Collection();a.Uploader=c})(wp,jQuery);

wp-includes/js/swfupload/handlers.js

@@ -15,7 +15,12 @@ function fileQueued(fileObj) {
 		jQuery('.slidetoggle').slideUp(200).siblings().removeClass('hidden');
 	}
 	// Create a progress bar containing the filename
-	jQuery('#media-items').append('<div id="media-item-' + fileObj.id + '" class="media-item child-of-' + post_id + '"><div class="progress"><div class="bar"></div></div><div class="filename original"><span class="percent"></span> ' + fileObj.name + '</div></div>');
+	jQuery('<div class="media-item">')
+		.attr( 'id', 'media-item-' + fileObj.id )
+		.addClass('child-of-' + post_id)
+		.append('<div class="progress"><div class="bar"></div></div>',
+			jQuery('<div class="filename original"><span class="percent"></span>').text( ' ' + fileObj.name ))
+		.appendTo( jQuery('#media-items' ) );
 	// Display the progress div
 	jQuery('.progress', '#media-item-' + fileObj.id).show();
 

wp-includes/js/tinymce/plugins/wordpress/editor_plugin_src.js

@@ -135,12 +135,6 @@
 				}
 			});
 
-			// Extend <object> and <embed> (#WP22790)
-			ed.onPreInit.add(function(ed) {
-				ed.schema.addValidElements('object[*],param[id|name|value|valuetype|type],embed[*]');
-				ed.schema.addValidChildren('object[*]');
-			});
-
 			ed.onInit.add(function(ed) {
 				var bodyClass = ed.getParam('body_class', ''), body = ed.getBody();
 

wp-includes/media-template.php

@@ -291,12 +291,12 @@ function wp_print_media_templates() {
 					<option value="custom">
 						<?php esc_attr_e('Custom URL'); ?>
 					</option>
-					<option value="post" selected>
-						<?php esc_attr_e('Attachment Page'); ?>
-					</option>
-					<option value="file">
+					<option value="file" selected>
 						<?php esc_attr_e('Media File'); ?>
 					</option>
+					<option value="post">
+						<?php esc_attr_e('Attachment Page'); ?>
+					</option>
 					<option value="none">
 						<?php esc_attr_e('None'); ?>
 					</option>

wp-includes/media.php

@@ -735,6 +735,15 @@ function gallery_shortcode($attr) {
 
 	$itemtag = tag_escape($itemtag);
 	$captiontag = tag_escape($captiontag);
+	$icontag = tag_escape($icontag);
+	$valid_tags = wp_kses_allowed_html( 'post' );
+	if ( ! isset( $valid_tags[ $itemtag ] ) )
+		$itemtag = 'dl';
+	if ( ! isset( $valid_tags[ $captiontag ] ) )
+		$captiontag = 'dd';
+	if ( ! isset( $valid_tags[ $icontag ] ) )
+		$icontag = 'dt';
+
 	$columns = intval($columns);
 	$itemwidth = $columns > 0 ? floor(100/$columns) : 100;
 	$float = is_rtl() ? 'right' : 'left';
@@ -1391,13 +1400,8 @@ function wp_prepare_attachment_for_js( $attachment ) {
 				$size_meta = $meta['sizes'][ $size ];
 
 				// We have the actual image size, but might need to further constrain it if content_width is narrower.
-				// This is not necessary for thumbnails and medium size.
-				if ( 'thumbnail' == $size || 'medium' == $size ) {
-					$width = $size_meta['width'];
-					$height = $size_meta['height'];
-				} else {
-					list( $width, $height ) = image_constrain_size_for_editor( $size_meta['width'], $size_meta['height'], $size, 'edit' );
-				}
+				// Thumbnail, medium, and full sizes are also checked against the site's height/width options.
+				list( $width, $height ) = image_constrain_size_for_editor( $size_meta['width'], $size_meta['height'], $size, 'edit' );
 
 				$sizes[ $size ] = array(
 					'height'      => $height,
@@ -1431,6 +1435,11 @@ function wp_prepare_attachment_for_js( $attachment ) {
  * @since 3.5.0
  */
 function wp_enqueue_media( $args = array() ) {
+
+	// Enqueue me just once per page, please.
+	if ( did_action( 'wp_enqueue_media' ) )
+		return;
+
 	$defaults = array(
 		'post' => null,
 	);
@@ -1449,6 +1458,12 @@ function wp_enqueue_media( $args = array() ) {
 	$tabs = apply_filters( 'media_upload_tabs', $tabs );
 	unset( $tabs['type'], $tabs['type_url'], $tabs['gallery'], $tabs['library'] );
 
+	$props = array(
+		'link'  => get_option( 'image_default_link_type' ), // db default is 'file'
+		'align' => get_option( 'image_default_align' ), // empty default
+		'size'  => get_option( 'image_default_size' ),  // empty default
+	);
+
 	$settings = array(
 		'tabs'      => $tabs,
 		'tabUrl'    => add_query_arg( array( 'chromeless' => true ), admin_url('media-upload.php') ),
@@ -1460,6 +1475,7 @@ function wp_enqueue_media( $args = array() ) {
 		'post'    => array(
 			'id' => 0,
 		),
+		'defaultProps' => $props,
 	);
 
 	$post = null;

wp-includes/pluggable.php

@@ -1257,10 +1257,10 @@ function wp_verify_nonce($nonce, $action = -1) {
 	$i = wp_nonce_tick();
 
 	// Nonce generated 0-12 hours ago
-	if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce )
+	if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) === $nonce )
 		return 1;
 	// Nonce generated 12-24 hours ago
-	if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce )
+	if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) === $nonce )
 		return 2;
 	// Invalid nonce
 	return false;

wp-includes/post-template.php

@@ -567,8 +567,6 @@ function get_body_class( $class = '' ) {
  * @return bool false if a password is not required or the correct password cookie is present, true otherwise.
  */
 function post_password_required( $post = null ) {
-	global $wp_hasher;
-
 	$post = get_post($post);
 
 	if ( empty( $post->post_password ) )
@@ -577,15 +575,14 @@ function post_password_required( $post = null ) {
 	if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
 		return true;
 
-	if ( empty( $wp_hasher ) ) {
-		require_once( ABSPATH . 'wp-includes/class-phpass.php');
-		// By default, use the portable hash from phpass
-		$wp_hasher = new PasswordHash(8, true);
-	}
+	require_once ABSPATH . 'wp-includes/class-phpass.php';
+	$hasher = new PasswordHash( 8, true );
 
 	$hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
+	if ( 0 !== strpos( $hash, '$P$B' ) )
+		return true;
 
-	return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
+	return ! $hasher->CheckPassword( $post->post_password, $hash );
 }
 
 /**

wp-includes/post.php

@@ -681,12 +681,9 @@ final class WP_Post {
  * @return array Ancestor IDs or empty array if none are found.
  */
 function get_post_ancestors( $post ) {
-	if ( ! $post )
-		return false;
-
 	$post = get_post( $post );
 
-	if ( empty( $post->post_parent ) || $post->post_parent == $post->ID )
+	if ( ! $post || empty( $post->post_parent ) || $post->post_parent == $post->ID )
 		return array();
 
 	$ancestors = array();
@@ -3010,18 +3007,31 @@ function wp_update_post( $postarr = array(), $wp_error = false ) {
  * Publish a post by transitioning the post status.
  *
  * @since 2.1.0
- * @uses wp_update_post()
+ * @uses $wpdb
+ * @uses do_action() Calls 'edit_post', 'save_post', and 'wp_insert_post' on post_id and post data.
  *
  * @param mixed $post Post ID or object.
  */
 function wp_publish_post( $post ) {
+	global $wpdb;
+
 	if ( ! $post = get_post( $post ) )
 		return;
+
 	if ( 'publish' == $post->post_status )
 		return;
 
+	$wpdb->update( $wpdb->posts, array( 'post_status' => 'publish' ), array( 'ID' => $post->ID ) );
+
+	clean_post_cache( $post->ID );
+
+	$old_status = $post->post_status;
 	$post->post_status = 'publish';
-	wp_update_post( $post );
+	wp_transition_post_status( 'publish', $old_status, $post );
+
+	do_action( 'edit_post', $post->ID, $post );
+	do_action( 'save_post', $post->ID, $post );
+	do_action( 'wp_insert_post', $post->ID, $post );
 }
 
 /**
@@ -3581,8 +3591,8 @@ function _page_traverse_name( $page_id, &$children, &$result ){
  * @return string Page URI.
  */
 function get_page_uri($page) {
-	if ( ! is_object($page) )
-		$page = get_post( $page );
+	$page = get_post( $page );
+
 	$uri = $page->post_name;
 
 	foreach ( $page->ancestors as $parent ) {

wp-includes/rss.php

@@ -536,7 +536,7 @@ endif;
  * @return Snoopy style response
  */
 function _fetch_remote_file($url, $headers = "" ) {
-	$resp = wp_remote_request($url, array('headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT));
+	$resp = wp_remote_request($url, array('headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT, 'reject_unsafe_urls' => true ));
 	if ( is_wp_error($resp) ) {
 		$error = array_shift($resp->errors);
 

wp-includes/script-loader.php

@@ -226,14 +226,14 @@ function wp_default_scripts( &$scripts ) {
 		'error_uploading' => __('“%s” has failed to upload.')
 	);
 
-	$scripts->add( 'plupload', '/wp-includes/js/plupload/plupload.js', array(), '1.5.4' );
-	$scripts->add( 'plupload-html5', '/wp-includes/js/plupload/plupload.html5.js', array('plupload'), '1.5.4' );
-	$scripts->add( 'plupload-flash', '/wp-includes/js/plupload/plupload.flash.js', array('plupload'), '1.5.4' );
-	$scripts->add( 'plupload-silverlight', '/wp-includes/js/plupload/plupload.silverlight.js', array('plupload'), '1.5.4' );
-	$scripts->add( 'plupload-html4', '/wp-includes/js/plupload/plupload.html4.js', array('plupload'), '1.5.4' );
+	$scripts->add( 'plupload', '/wp-includes/js/plupload/plupload.js', array(), '1.5.5' );
+	$scripts->add( 'plupload-html5', '/wp-includes/js/plupload/plupload.html5.js', array('plupload'), '1.5.5' );
+	$scripts->add( 'plupload-flash', '/wp-includes/js/plupload/plupload.flash.js', array('plupload'), '1.5.5' );
+	$scripts->add( 'plupload-silverlight', '/wp-includes/js/plupload/plupload.silverlight.js', array('plupload'), '1.5.5' );
+	$scripts->add( 'plupload-html4', '/wp-includes/js/plupload/plupload.html4.js', array('plupload'), '1.5.5' );
 
 	// cannot use the plupload.full.js, as it loads browserplus init JS from Yahoo
-	$scripts->add( 'plupload-all', false, array('plupload', 'plupload-html5', 'plupload-flash', 'plupload-silverlight', 'plupload-html4'), '1.5.4' );
+	$scripts->add( 'plupload-all', false, array('plupload', 'plupload-html5', 'plupload-flash', 'plupload-silverlight', 'plupload-html4'), '1.5.5' );
 
 	$scripts->add( 'plupload-handlers', "/wp-includes/js/plupload/handlers$suffix.js", array('plupload-all', 'jquery') );
 	did_action( 'init' ) && $scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n );
@@ -246,14 +246,7 @@ function wp_default_scripts( &$scripts ) {
 	$scripts->add( 'swfupload-swfobject', '/wp-includes/js/swfupload/plugins/swfupload.swfobject.js', array('swfupload', 'swfobject'), '2201a');
 	$scripts->add( 'swfupload-queue', '/wp-includes/js/swfupload/plugins/swfupload.queue.js', array('swfupload'), '2201');
 	$scripts->add( 'swfupload-speed', '/wp-includes/js/swfupload/plugins/swfupload.speed.js', array('swfupload'), '2201');
-
-	if ( defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ) {
-		// queue all SWFUpload scripts that are used by default
-		$scripts->add( 'swfupload-all', false, array('swfupload', 'swfupload-swfobject', 'swfupload-queue'), '2201');
-	} else {
-		$scripts->add( 'swfupload-all', '/wp-includes/js/swfupload/swfupload-all.js', array(), '2201a');
-	}
-
+	$scripts->add( 'swfupload-all', false, array('swfupload', 'swfupload-swfobject', 'swfupload-queue'), '2201');
 	$scripts->add( 'swfupload-handlers', "/wp-includes/js/swfupload/handlers$suffix.js", array('swfupload-all', 'jquery'), '2201-20110524');
 	did_action( 'init' ) && $scripts->localize( 'swfupload-handlers', 'swfuploadL10n', $uploader_l10n );
 
@@ -700,7 +693,7 @@ function _print_scripts() {
 		}
 
 		$concat = str_split( $concat, 128 );
-		$concat = 'load[]=' . implode( '&load[]=', $concat );
+		$concat = 'load%5B%5D=' . implode( '&load%5B%5D=', $concat );
 
 		$src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}&" . $concat . '&ver=' . $wp_scripts->default_version;
 		echo "<script type='text/javascript' src='" . esc_attr($src) . "'></script>\n";

wp-includes/template.php

@@ -59,12 +59,14 @@ function get_404_template() {
  * @return string
  */
 function get_archive_template() {
-	$post_types = get_query_var( 'post_type' );
+	$post_types = array_filter( (array) get_query_var( 'post_type' ) );
 
 	$templates = array();
 
-	foreach ( (array) $post_types as $post_type )
+	if ( count( $post_types ) == 1 ) {
+		$post_type = reset( $post_types );
 		$templates[] = "archive-{$post_type}.php";
+	}
 	$templates[] = 'archive.php';
 
 	return get_query_template( 'archive', $templates );

wp-includes/user.php

@@ -474,7 +474,7 @@ class WP_User_Query {
 					$search_columns = array('user_email');
 				elseif ( is_numeric($search) )
 					$search_columns = array('user_login', 'ID');
-				elseif ( preg_match('|^https?://|', $search) && ! wp_is_large_network( 'users' ) )
+				elseif ( preg_match('|^https?://|', $search) && ! ( is_multisite() && function_exists( 'wp_is_large_network' ) && wp_is_large_network( 'users' ) ) )
 					$search_columns = array('user_url');
 				else
 					$search_columns = array('user_login', 'user_nicename');
@@ -1452,6 +1452,8 @@ function wp_update_user($userdata) {
 
 	// First, get all of the original fields
 	$user_obj = get_userdata( $ID );
+	if ( ! $user_obj )
+		return new WP_Error( 'invalid_user_id', __( 'Invalid user ID' ) );
 
 	$user = $user_obj->to_array();
 

wp-includes/version.php

@@ -4,21 +4,21 @@
  *
  * @global string $wp_version
  */
-$wp_version = '3.5-RC5';
+$wp_version = '3.5.2';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
  *
  * @global int $wp_db_version
  */
-$wp_db_version = 22441;
+$wp_db_version = 22442;
 
 /**
  * Holds the TinyMCE version
  *
  * @global string $tinymce_version
  */
-$tinymce_version = '358-23121';
+$tinymce_version = '358-24486';
 
 /**
  * Holds the required PHP version

wp-includes/wp-db.php

@@ -987,10 +987,13 @@ class wpdb {
 	 * @return null|false|string Sanitized query string, null if there is no query, false if there is an error and string
 	 * 	if there was something to prepare
 	 */
-	function prepare( $query, $args ) {
+	function prepare( $query, $args = null ) {
 		if ( is_null( $query ) )
 			return;
 
+		if ( func_num_args() < 2 )
+			_doing_it_wrong( 'wpdb::prepare', 'wpdb::prepare() requires at least two arguments.', '3.5' );
+
 		$args = func_get_args();
 		array_shift( $args );
 		// If args were passed as an array (as in vsprintf), move them up
@@ -1117,6 +1120,8 @@ class wpdb {
 		$this->last_result = array();
 		$this->col_info    = null;
 		$this->last_query  = null;
+		$this->rows_affected = $this->num_rows = 0;
+		$this->last_error  = '';
 
 		if ( is_resource( $this->result ) )
 			mysql_free_result( $this->result );
@@ -1297,6 +1302,7 @@ class wpdb {
 	function _insert_replace_helper( $table, $data, $format = null, $type = 'INSERT' ) {
 		if ( ! in_array( strtoupper( $type ), array( 'REPLACE', 'INSERT' ) ) )
 			return false;
+		$this->insert_id = 0;
 		$formats = $format = (array) $format;
 		$fields = array_keys( $data );
 		$formatted_fields = array();

wp-login.php

@@ -389,14 +389,11 @@ $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
 switch ($action) {
 
 case 'postpass' :
-	if ( empty( $wp_hasher ) ) {
-		require_once( ABSPATH . 'wp-includes/class-phpass.php' );
-		// By default, use the portable hash from phpass
-		$wp_hasher = new PasswordHash(8, true);
-	}
+	require_once ABSPATH . 'wp-includes/class-phpass.php';
+	$hasher = new PasswordHash( 8, true );
 
 	// 10 days
-	setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
+	setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
 
 	wp_safe_redirect( wp_get_referer() );
 	exit();