Tag 4.9.12

Built from https://develop.svn.wordpress.org/tags/4.9.12@46527


git-svn-id: http://core.svn.wordpress.org/tags/4.9.12@46324 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/about.php

@@ -33,6 +33,66 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 
 		<div class="changelog point-releases">
 			<h3><?php _e( 'Maintenance and Security Releases' ); ?></h3>
+			<p>
+				<?php
+				printf(
+				/* translators: %s: WordPress version number */
+					__( '<strong>Version %s</strong> addressed some security issues.' ),
+					'4.9.12'
+				);
+				?>
+				<?php
+				printf(
+				/* translators: %s: HelpHub URL */
+					__( 'For more information, see <a href="%s">the release notes</a>.' ),
+					sprintf(
+					/* translators: %s: WordPress version */
+						esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+						sanitize_title( '4.9.12' )
+					)
+				);
+				?>
+			</p>
+			<p>
+				<?php
+				printf(
+				/* translators: %s: WordPress version number */
+					__( '<strong>Version %s</strong> addressed some security issues.' ),
+					'4.9.11'
+				);
+				?>
+				<?php
+				printf(
+				/* translators: %s: HelpHub URL */
+					__( 'For more information, see <a href="%s">the release notes</a>.' ),
+					sprintf(
+					/* translators: %s: WordPress version */
+						esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+						sanitize_title( '4.9.11' )
+					)
+				);
+				?>
+			</p>
+			<p>
+				<?php
+				printf(
+					/* translators: %s: WordPress version number */
+					__( '<strong>Version %s</strong> addressed some security issues.' ),
+					'4.9.10'
+				);
+				?>
+				<?php
+				printf(
+					/* translators: %s: HelpHub URL */
+					__( 'For more information, see <a href="%s">the release notes</a>.' ),
+					sprintf(
+						/* translators: %s: WordPress version */
+						esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+						sanitize_title( '4.9.10' )
+					)
+				);
+				?>
+			</p>
 			<p>
 				<?php
 				/* translators: %s: WordPress version number */

wp-admin/admin-ajax.php

@@ -67,7 +67,6 @@ $core_actions_post = array(
 	'get-post-thumbnail-html', 'get-community-events', 'edit-theme-plugin-file',
 	'wp-privacy-export-personal-data',
 	'wp-privacy-erase-personal-data',
-	'update-try-gutenberg-panel',
 );
 
 // Deprecated

wp-admin/async-upload.php

@@ -22,7 +22,7 @@ if ( defined( 'ABSPATH' ) ) {
 
 require_once( ABSPATH . 'wp-admin/admin.php' );
 
-header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
+header( 'Content-Type: text/plain; charset=' . get_option( 'blog_charset' ) );
 
 if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
 	include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );

wp-admin/css/common-rtl.css

@@ -764,7 +764,6 @@ img.emoji {
 
 /* @todo can we combine these into a class or use an existing dashicon one? */
 .welcome-panel .welcome-panel-close:before,
-.try-gutenberg-panel .try-gutenberg-panel-close:before,
 .tagchecklist .ntdelbutton .remove-tag-icon:before,
 #bulk-titles div a:before,
 .notice-dismiss:before {

wp-admin/css/common.css

@@ -764,7 +764,6 @@ img.emoji {
 
 /* @todo can we combine these into a class or use an existing dashicon one? */
 .welcome-panel .welcome-panel-close:before,
-.try-gutenberg-panel .try-gutenberg-panel-close:before,
 .tagchecklist .ntdelbutton .remove-tag-icon:before,
 #bulk-titles div a:before,
 .notice-dismiss:before {

wp-admin/css/dashboard-rtl.css

@@ -98,8 +98,7 @@
 }
 
 /* Welcome Panel */
-.welcome-panel,
-.try-gutenberg-panel {
+.welcome-panel {
 	position: relative;
 	overflow: auto;
 	margin: 16px 0;
@@ -111,8 +110,7 @@
 	line-height: 2.1em;
 }
 
-.welcome-panel h2,
-.try-gutenberg-panel h2 {
+.welcome-panel h2 {
 	margin: 0;
 	font-size: 21px;
 	font-weight: 400;
@@ -124,41 +122,24 @@
 	font-size: 16px;
 }
 
-.try-gutenberg-panel h3 {
-	margin: 17px 0 0;
-	font-size: 16px;
-	line-height: 1.4;
-}
-
-.welcome-panel li,
-.try-gutenberg-panel li {
+.welcome-panel li {
 	font-size: 14px;
 }
 
-.welcome-panel p,
-.try-gutenberg-panel p {
+.welcome-panel p {
 	color: #72777c;
 }
 
-.welcome-panel a,
-.try-gutenberg-action a {
+.welcome-panel a {
 	text-decoration: none;
 }
 
-.welcome-panel .about-description,
-.try-gutenberg-panel .about-description {
+.welcome-panel .about-description {
 	font-size: 16px;
 	margin: 0;
 }
 
-.try-gutenberg-panel-content hr {
-	margin: 20px -23px 0 -23px;
-	border-top: 1px solid #f3f4f5;
-	border-bottom: none;
-}
-
-.welcome-panel .welcome-panel-close,
-.try-gutenberg-panel .try-gutenberg-panel-close {
+.welcome-panel .welcome-panel-close {
 	position: absolute;
 	z-index: 10;
 	top: 10px;
@@ -169,8 +150,7 @@
 	text-decoration: none;
 }
 
-.welcome-panel .welcome-panel-close:before,
-.try-gutenberg-panel .try-gutenberg-panel-close:before {
+.welcome-panel .welcome-panel-close:before {
 	position: absolute;
 	top: 8px;
 	right: 0;
@@ -185,23 +165,11 @@
 	white-space: normal;
 }
 
-.welcome-panel-content,
-.try-gutenberg-panel-content {
+.welcome-panel-content {
 	margin: 0 13px;
 	max-width: 1500px;
 }
 
-.try-gutenberg-panel img {
-	margin-top: 23px;
-	width: calc( 100% - 40px );
-	border: 1px solid #f3f4f5;
-}
-
-.try-gutenberg-panel .install-now.updating-message:before,
-.try-gutenberg-panel .install-now.updated-message:before {
-	margin-top: 11px;
-}
-
 .welcome-panel .welcome-panel-column-container {
 	clear: both;
 	position: relative;
@@ -213,10 +181,6 @@
 	float: right;
 }
 
-.try-gutenberg-panel .try-gutenberg-panel-column > * {
-	padding-left: 40px;
-}
-
 .ie8 .welcome-panel .welcome-panel-column {
 	min-width: 230px;
 }
@@ -225,63 +189,11 @@
 	width: 36%;
 }
 
-.try-gutenberg-panel .try-gutenberg-panel-column-container {
-	display: flex;
-	margin-bottom: 13px;
-}
-
-@supports (display: grid) {
-	.try-gutenberg-panel .try-gutenberg-panel-column-container {
-		display: -ms-grid;
-		display: grid;
-		-ms-grid-columns: 36% 32% 32%;
-		grid-template-columns: 36% 32% 32%;
-	}
-}
-
-.try-gutenberg-panel .try-gutenberg-panel-image-column {
-	width: 36%;
-}
-
-@supports (display: grid) {
-	.try-gutenberg-panel .try-gutenberg-panel-image-column {
-		width: auto;
-	}
-}
-
-.try-gutenberg-panel .try-gutenberg-panel-column:not(.try-gutenberg-panel-image-column) {
-	display: flex;
-	flex-direction: column;
-	justify-content: space-between;
-	width: 32%;
-}
-
-@supports (display: grid) {
-	.try-gutenberg-panel .try-gutenberg-panel-column:not(.try-gutenberg-panel-image-column) {
-		display: -ms-grid;
-		display: grid;
-		-ms-grid-rows: auto 100px;
-		grid-template-rows: auto 100px;
-		width: auto;
-	}
-}
-
-.try-gutenberg-panel .try-gutenberg-action {
-	height: 100px;
-}
-
-@supports (display: grid) {
-	.try-gutenberg-panel .try-gutenberg-action {
-		height: auto;
-	}
-}
-
 .welcome-panel-column p.hide-if-no-customize {
 	margin-top: 10px;
 }
 
-.welcome-panel-column p,
-.try-gutenberg-panel-column p {
+.welcome-panel-column p {
 	margin-top: 7px;
 	color: #444;
 }
@@ -1296,27 +1208,6 @@ a.rsswidget {
 	}
 }
 
-@media screen and (max-width: 1024px) {
-	.try-gutenberg-panel .try-gutenberg-panel-column-container {
-		-ms-grid-columns: 50% 50%;
-		grid-template-columns: 50% 50%;
-	}
-
-	.try-gutenberg-panel .try-gutenberg-panel-image-column {
-		display: none;
-	}
-
-	.try-gutenberg-panel .try-gutenberg-panel-column:not(.try-gutenberg-panel-image-column) {
-		width: 50%;
-	}
-
-	@supports (display: grid) {
-		.try-gutenberg-panel .try-gutenberg-panel-column:not(.try-gutenberg-panel-image-column) {
-			width: auto;
-		}
-	}
-}
-
 @media screen and (max-width: 870px) {
 	.welcome-panel .welcome-panel-column,
 	.welcome-panel .welcome-panel-column:first-child {
@@ -1325,21 +1216,6 @@ a.rsswidget {
 		width: 100%;
 	}
 
-	.try-gutenberg-panel .try-gutenberg-panel-column-container {
-		flex-wrap: wrap;
-	}
-
-	@supports (display: grid) {
-		.try-gutenberg-panel .try-gutenberg-panel-column-container {
-			-ms-grid-columns: 100%;
-			grid-template-columns: 100%;
-		}
-	}
-
-	.try-gutenberg-panel .try-gutenberg-panel-column:not(.try-gutenberg-panel-image-column) {
-		width: 100%;
-	}
-
 	.welcome-panel .welcome-panel-column li {
 		display: inline-block;
 		margin-left: 13px;
@@ -1390,8 +1266,7 @@ a.rsswidget {
 /* Smartphone */
 @media screen and (max-width: 600px) {
 	/* Keep the close icon from overlapping the Welcome text. */
-	.welcome-panel .welcome-panel-close,
-	.try-gutenberg-panel .try-gutenberg-panel-close {
+	.welcome-panel .welcome-panel-close {
 		overflow: hidden;
 		text-indent: 40px;
 		white-space: nowrap;
@@ -1403,8 +1278,7 @@ a.rsswidget {
 	}
 
 	/* Make the close icon larger for tappability. */
-	.welcome-panel .welcome-panel-close:before,
-	.try-gutenberg-panel .try-gutenberg-panel-close:before {
+	.welcome-panel .welcome-panel-close:before {
 		font-size: 20px;
 		top: 5px;
 		right: -35px;

wp-admin/css/dashboard.css

@@ -98,8 +98,7 @@
 }
 
 /* Welcome Panel */
-.welcome-panel,
-.try-gutenberg-panel {
+.welcome-panel {
 	position: relative;
 	overflow: auto;
 	margin: 16px 0;
@@ -111,8 +110,7 @@
 	line-height: 2.1em;
 }
 
-.welcome-panel h2,
-.try-gutenberg-panel h2 {
+.welcome-panel h2 {
 	margin: 0;
 	font-size: 21px;
 	font-weight: 400;
@@ -124,41 +122,24 @@
 	font-size: 16px;
 }
 
-.try-gutenberg-panel h3 {
-	margin: 17px 0 0;
-	font-size: 16px;
-	line-height: 1.4;
-}
-
-.welcome-panel li,
-.try-gutenberg-panel li {
+.welcome-panel li {
 	font-size: 14px;
 }
 
-.welcome-panel p,
-.try-gutenberg-panel p {
+.welcome-panel p {
 	color: #72777c;
 }
 
-.welcome-panel a,
-.try-gutenberg-action a {
+.welcome-panel a {
 	text-decoration: none;
 }
 
-.welcome-panel .about-description,
-.try-gutenberg-panel .about-description {
+.welcome-panel .about-description {
 	font-size: 16px;
 	margin: 0;
 }
 
-.try-gutenberg-panel-content hr {
-	margin: 20px -23px 0 -23px;
-	border-top: 1px solid #f3f4f5;
-	border-bottom: none;
-}
-
-.welcome-panel .welcome-panel-close,
-.try-gutenberg-panel .try-gutenberg-panel-close {
+.welcome-panel .welcome-panel-close {
 	position: absolute;
 	z-index: 10;
 	top: 10px;
@@ -169,8 +150,7 @@
 	text-decoration: none;
 }
 
-.welcome-panel .welcome-panel-close:before,
-.try-gutenberg-panel .try-gutenberg-panel-close:before {
+.welcome-panel .welcome-panel-close:before {
 	position: absolute;
 	top: 8px;
 	left: 0;
@@ -185,23 +165,11 @@
 	white-space: normal;
 }
 
-.welcome-panel-content,
-.try-gutenberg-panel-content {
+.welcome-panel-content {
 	margin: 0 13px;
 	max-width: 1500px;
 }
 
-.try-gutenberg-panel img {
-	margin-top: 23px;
-	width: calc( 100% - 40px );
-	border: 1px solid #f3f4f5;
-}
-
-.try-gutenberg-panel .install-now.updating-message:before,
-.try-gutenberg-panel .install-now.updated-message:before {
-	margin-top: 11px;
-}
-
 .welcome-panel .welcome-panel-column-container {
 	clear: both;
 	position: relative;
@@ -213,10 +181,6 @@
 	float: left;
 }
 
-.try-gutenberg-panel .try-gutenberg-panel-column > * {
-	padding-right: 40px;
-}
-
 .ie8 .welcome-panel .welcome-panel-column {
 	min-width: 230px;
 }
@@ -225,63 +189,11 @@
 	width: 36%;
 }
 
-.try-gutenberg-panel .try-gutenberg-panel-column-container {
-	display: flex;
-	margin-bottom: 13px;
-}
-
-@supports (display: grid) {
-	.try-gutenberg-panel .try-gutenberg-panel-column-container {
-		display: -ms-grid;
-		display: grid;
-		-ms-grid-columns: 36% 32% 32%;
-		grid-template-columns: 36% 32% 32%;
-	}
-}
-
-.try-gutenberg-panel .try-gutenberg-panel-image-column {
-	width: 36%;
-}
-
-@supports (display: grid) {
-	.try-gutenberg-panel .try-gutenberg-panel-image-column {
-		width: auto;
-	}
-}
-
-.try-gutenberg-panel .try-gutenberg-panel-column:not(.try-gutenberg-panel-image-column) {
-	display: flex;
-	flex-direction: column;
-	justify-content: space-between;
-	width: 32%;
-}
-
-@supports (display: grid) {
-	.try-gutenberg-panel .try-gutenberg-panel-column:not(.try-gutenberg-panel-image-column) {
-		display: -ms-grid;
-		display: grid;
-		-ms-grid-rows: auto 100px;
-		grid-template-rows: auto 100px;
-		width: auto;
-	}
-}
-
-.try-gutenberg-panel .try-gutenberg-action {
-	height: 100px;
-}
-
-@supports (display: grid) {
-	.try-gutenberg-panel .try-gutenberg-action {
-		height: auto;
-	}
-}
-
 .welcome-panel-column p.hide-if-no-customize {
 	margin-top: 10px;
 }
 
-.welcome-panel-column p,
-.try-gutenberg-panel-column p {
+.welcome-panel-column p {
 	margin-top: 7px;
 	color: #444;
 }
@@ -1296,27 +1208,6 @@ a.rsswidget {
 	}
 }
 
-@media screen and (max-width: 1024px) {
-	.try-gutenberg-panel .try-gutenberg-panel-column-container {
-		-ms-grid-columns: 50% 50%;
-		grid-template-columns: 50% 50%;
-	}
-
-	.try-gutenberg-panel .try-gutenberg-panel-image-column {
-		display: none;
-	}
-
-	.try-gutenberg-panel .try-gutenberg-panel-column:not(.try-gutenberg-panel-image-column) {
-		width: 50%;
-	}
-
-	@supports (display: grid) {
-		.try-gutenberg-panel .try-gutenberg-panel-column:not(.try-gutenberg-panel-image-column) {
-			width: auto;
-		}
-	}
-}
-
 @media screen and (max-width: 870px) {
 	.welcome-panel .welcome-panel-column,
 	.welcome-panel .welcome-panel-column:first-child {
@@ -1325,21 +1216,6 @@ a.rsswidget {
 		width: 100%;
 	}
 
-	.try-gutenberg-panel .try-gutenberg-panel-column-container {
-		flex-wrap: wrap;
-	}
-
-	@supports (display: grid) {
-		.try-gutenberg-panel .try-gutenberg-panel-column-container {
-			-ms-grid-columns: 100%;
-			grid-template-columns: 100%;
-		}
-	}
-
-	.try-gutenberg-panel .try-gutenberg-panel-column:not(.try-gutenberg-panel-image-column) {
-		width: 100%;
-	}
-
 	.welcome-panel .welcome-panel-column li {
 		display: inline-block;
 		margin-right: 13px;
@@ -1390,8 +1266,7 @@ a.rsswidget {
 /* Smartphone */
 @media screen and (max-width: 600px) {
 	/* Keep the close icon from overlapping the Welcome text. */
-	.welcome-panel .welcome-panel-close,
-	.try-gutenberg-panel .try-gutenberg-panel-close {
+	.welcome-panel .welcome-panel-close {
 		overflow: hidden;
 		text-indent: 40px;
 		white-space: nowrap;
@@ -1403,8 +1278,7 @@ a.rsswidget {
 	}
 
 	/* Make the close icon larger for tappability. */
-	.welcome-panel .welcome-panel-close:before,
-	.try-gutenberg-panel .try-gutenberg-panel-close:before {
+	.welcome-panel .welcome-panel-close:before {
 		font-size: 20px;
 		top: 5px;
 		left: -35px;

wp-admin/includes/ajax-actions.php

@@ -1070,6 +1070,8 @@ function wp_ajax_replyto_comment( $action ) {
 			if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
 				kses_remove_filters(); // start with a clean slate
 				kses_init_filters(); // set up the filters
+				remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+				add_filter( 'pre_comment_content', 'wp_filter_kses' );
 			}
 		}
 	} else {
@@ -1484,19 +1486,6 @@ function wp_ajax_update_welcome_panel() {
 	wp_die( 1 );
 }
 
-/**
- * Ajax handler for updating whether to display the Try Gutenberg panel.
- *
- * @since 4.9.8
- */
-function wp_ajax_update_try_gutenberg_panel() {
-	check_ajax_referer( 'try-gutenberg-panel-nonce', 'trygutenbergpanelnonce' );
-
-	update_user_meta( get_current_user_id(), 'show_try_gutenberg_panel', empty( $_POST['visible'] ) ? 0 : 1 );
-
-	wp_die( 1 );
-}
-
 /**
  * Ajax handler for retrieving menu meta boxes.
  *
@@ -2081,7 +2070,7 @@ function wp_ajax_upload_attachment() {
 			'success' => false,
 			'data'    => array(
 				'message'  => __( 'Sorry, you are not allowed to upload files.' ),
-				'filename' => $_FILES['async-upload']['name'],
+				'filename' => esc_html( $_FILES['async-upload']['name'] ),
 			)
 		) );
 
@@ -2095,7 +2084,7 @@ function wp_ajax_upload_attachment() {
 				'success' => false,
 				'data'    => array(
 					'message'  => __( 'Sorry, you are not allowed to attach files to this post.' ),
-					'filename' => $_FILES['async-upload']['name'],
+					'filename' => esc_html( $_FILES['async-upload']['name'] ),
 				)
 			) );
 
@@ -2119,7 +2108,7 @@ function wp_ajax_upload_attachment() {
 				'success' => false,
 				'data'    => array(
 					'message'  => __( 'The uploaded file is not a valid image. Please try again.' ),
-					'filename' => $_FILES['async-upload']['name'],
+					'filename' => esc_html( $_FILES['async-upload']['name'] ),
 				)
 			) );
 
@@ -2134,7 +2123,7 @@ function wp_ajax_upload_attachment() {
 			'success' => false,
 			'data'    => array(
 				'message'  => $attachment_id->get_error_message(),
-				'filename' => $_FILES['async-upload']['name'],
+				'filename' => esc_html( $_FILES['async-upload']['name'] ),
 			)
 		) );
 

wp-admin/includes/class-wp-screen.php

@@ -1034,23 +1034,6 @@ final class WP_Screen {
 				echo _x( 'Welcome', 'Welcome panel' ) . "</label>\n";
 			}
 
-			if ( 'dashboard' === $this->id && has_action( 'try_gutenberg_panel' ) ) {
-				if ( isset( $_GET['try_gutenberg'] ) ) {
-					$try_gutenberg_checked = empty( $_GET['try_gutenberg'] ) ? 0 : 1;
-					update_user_meta( get_current_user_id(), 'show_try_gutenberg_panel', $try_gutenberg_checked );
-				} else {
-					$try_gutenberg_checked = get_user_meta( get_current_user_id(), 'show_try_gutenberg_panel', true );
-					if ( '' === $try_gutenberg_checked ) {
-						$try_gutenberg_checked = '1';
-					}
-					if ( '2' === $try_gutenberg_checked && wp_get_current_user()->user_email != get_option( 'admin_email' ) ) {
-						$try_gutenberg_checked = false;
-					}
-				}
-				echo '<label for="wp_try_gutenberg_panel-hide">';
-				echo '<input type="checkbox" id="wp_try_gutenberg_panel-hide"' . checked( (bool) $try_gutenberg_checked, true, false ) . ' />';
-				echo __( 'New Editor' ) . "</label>\n";
-			}
 		?>
 		</fieldset>
 		<?php

wp-admin/includes/dashboard.php

@@ -24,18 +24,6 @@ function wp_dashboard_setup() {
 
 	/* Register Widgets and Controls */
 
-	// Try Gutenberg
-
-	// If Gutenberg isn't activated, only show the panel to users who can install and activate it.
-	$plugins = get_plugins();
-	if ( is_plugin_inactive( 'gutenberg/gutenberg.php' ) && ! current_user_can( 'install_plugins' ) ) {
-		remove_action( 'try_gutenberg_panel', 'wp_try_gutenberg_panel' );
-	}
-	// If Gutenberg is activated, only show it to users who can use it.
-	if ( is_plugin_active( 'gutenberg/gutenberg.php' ) && ! current_user_can( 'edit_posts' ) ) {
-		remove_action( 'try_gutenberg_panel', 'wp_try_gutenberg_panel' );
-	}
-
 	$response = wp_check_browser_version();
 
 	if ( $response && $response['upgrade'] ) {
@@ -1631,140 +1619,3 @@ function wp_welcome_panel() {
 	</div>
 	<?php
 }
-
-/**
- * Displays a Try Gutenberg Panel, to introduce people to Gutenberg
- *
- * @since 4.9.8
- */
-function wp_try_gutenberg_panel() {
-	$plugins = get_plugins();
-	$action = $url = $classes = '';
-	$classic_action = $classic_url = $classic_classes = '';
-
-	if ( current_user_can( 'install_plugins' ) ) {
-		if ( empty( $plugins['gutenberg/gutenberg.php'] ) ) {
-			if ( get_filesystem_method( array(), WP_PLUGIN_DIR ) === 'direct' ) {
-				$action = __( 'Install Gutenberg' );
-				$url = wp_nonce_url( self_admin_url( 'update.php?action=install-plugin&plugin=gutenberg' ), 'install-plugin_gutenberg' );
-				$classes = ' install-now';
-			}
-		} else if ( is_plugin_inactive( 'gutenberg/gutenberg.php' ) ) {
-			$action = __( 'Activate Gutenberg' );
-			$url = wp_nonce_url( self_admin_url( 'plugins.php?action=activate&plugin=gutenberg/gutenberg.php&from=try-gutenberg' ), 'activate-plugin_gutenberg/gutenberg.php' );
-			$classes = ' activate-now';
-		}
-
-		if ( empty( $plugins['classic-editor/classic-editor.php'] ) ) {
-			if ( get_filesystem_method( array(), WP_PLUGIN_DIR ) === 'direct' ) {
-				$classic_action = __( 'Install the Classic Editor' );
-				$classic_url = wp_nonce_url( self_admin_url( 'update.php?action=install-plugin&plugin=classic-editor' ), 'install-plugin_classic-editor' );
-				$classic_classes = ' install-now';
-			}
-		} else if ( is_plugin_inactive( 'classic-editor/classic-editor.php' ) ) {
-			$classic_action = __( 'Activate the Classic Editor' );
-			$classic_url = wp_nonce_url( self_admin_url( 'plugins.php?action=activate&plugin=classic-editor/classic-editor.php&from=try-gutenberg' ), 'activate-plugin_classic-editor/classic-editor.php' );
-			$classic_classes = ' activate-now';
-		} else {
-			$classic_action = __( 'The Classic Editor is activated' );
-			$classic_url = wp_nonce_url( self_admin_url( 'plugins.php?action=activate&plugin=classic-editor/classic-editor.php&from=try-gutenberg' ), 'activate-plugin_classic-editor/classic-editor.php' );;
-			$classic_classes = ' button-disabled install-now updated-message';
-		}
-	}
-
-	if ( current_user_can( 'edit_posts' ) && is_plugin_active( 'gutenberg/gutenberg.php' ) ) {
-		$action = __( 'Try Gutenberg' );
-		$url = admin_url( 'admin.php?page=gutenberg' );
-	}
-
-	?>
-	<div class="try-gutenberg-panel-content">
-		<h2><?php _e( 'A new, modern publishing experience is coming soon.' ); ?></h2>
-
-		<p class="about-description"><?php _e( "Take your words, media, and layout in new directions with Gutenberg, the WordPress editor we're currently building." ); ?></p>
-
-		<hr />
-
-		<div class="try-gutenberg-panel-column-container">
-			<div class="try-gutenberg-panel-column try-gutenberg-panel-image-column">
-				<picture>
-					<source srcset="about:blank" media="(max-width: 1024px)">
-					<img src="https://s.w.org/images/core/gutenberg-screenshot.png?<?php echo date( 'Ymd' ); ?>" alt="<?php esc_attr_e( 'Screenshot from the Gutenberg interface' ); ?>" />
-				</picture>
-			</div>
-			<div class="try-gutenberg-panel-column plugin-card-gutenberg">
-
-				<div>
-					<h3><?php _e( 'Test the new editor today.' ); ?></h3>
-
-					<p>
-						<?php _e( "You can take Gutenberg for a spin (and share your feedback, if you’d like) before we officially release it, by installing it as a plugin." ); ?>
-						<?php
-							printf(
-								/* translators: 1: Gutenberg call for testing handbook link, 2: Gutenberg GitHub repository issues link, 3: Gutenberg GitHub repository CONTRIBUTING.md link */
-								__( 'You can help by <a href="%1$s">testing</a>, <a href="%2$s">filing bugs</a>, or contributing on the <a href="%3$s">GitHub repository</a>.' ),
-								'https://make.wordpress.org/test/handbook/call-for-testing/gutenberg-testing/',
-								'https://github.com/WordPress/gutenberg/issues',
-								'https://github.com/WordPress/gutenberg/blob/master/CONTRIBUTING.md'
-							);
-						?>
-					</p>
-				</div>
-
-				<div class="try-gutenberg-action">
-					<?php if ( $action ) { ?>
-						<p><a class="button button-primary button-hero<?php echo $classes; ?>" href="<?php echo esc_url( $url ); ?>" data-name="<?php esc_attr_e( 'Gutenberg' ); ?>" data-slug="gutenberg"><?php echo $action; ?></a></p>
-					<?php } ?>
-
-					<p>
-						<?php
-							$learnmore = sprintf(
-								/* translators: Link to https://wordpress.org/gutenberg/ */
-								__( '<a href="%s">Learn more about Gutenberg</a>' ),
-								__( 'https://wordpress.org/gutenberg/' )
-							);
-
-							/**
-							 * Filters the "Learn more" link in the Try Gutenberg panel.
-							 *
-							 * It allows hosts or site owners to change the link, to provide extra
-							 * information about Gutenberg, specific to their service.
-							 *
-							 * WARNING: This filter will only exist in the 4.9.x series, it will not be
-							 * added to WordPress 5.0 and later.
-							 *
-							 * @since 4.9.8
-							 */
-							echo apply_filters( 'try_gutenberg_learn_more_link', $learnmore );
-						?>
-					</p>
-				</div>
-			</div>
-
-			<div class="try-gutenberg-panel-column plugin-card-classic-editor">
-
-				<div>
-					<h3><?php _e( 'Not quite ready?' ); ?></h3>
-
-					<p>
-						<?php _e( 'The new editor will be enabled by default in the next major release of WordPress. If you’re not sure how compatible your current themes and plugins are, we’ve got you covered.' ); ?>
-						<?php
-							printf(
-								/* translators: Link to the Classic Editor plugin page */
-								__( 'Install the <a href="%s">Classic Editor plugin</a> to keep using the current editor until you’re ready to make the switch.' ),
-								__( 'https://wordpress.org/plugins/classic-editor' )
-							);
-						?>
-					</p>
-				</div>
-
-				<?php if ( $classic_action ) { ?>
-					<div class="try-gutenberg-action">
-						<p><a class="button button-secondary button-hero<?php echo $classic_classes; ?>" href="<?php echo esc_url( $classic_url ); ?>" data-name="<?php esc_attr_e( 'Classic Editor' ); ?>" data-slug="classic-editor"><?php echo $classic_action; ?></a></p>
-					</div>
-				<?php } ?>
-			</div>
-		</div>
-	</div>
-	<?php
-}

wp-admin/index.php

@@ -103,32 +103,6 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 <div class="wrap">
 	<h1><?php echo esc_html( $title ); ?></h1>
 
-<?php if ( has_action( 'try_gutenberg_panel' ) ) :
-	$classes = 'try-gutenberg-panel';
-
-	$option = get_user_meta( get_current_user_id(), 'show_try_gutenberg_panel', true );
-	// 0 = hide, 1 = toggled to show or single site creator, 2 = multisite site owner
-	$hide = '0' === $option || ( '2' === $option && wp_get_current_user()->user_email !== get_option( 'admin_email' ) );
-	if ( $hide )
-		$classes .= ' hidden'; ?>
-
-	<div id="try-gutenberg-panel" class="<?php echo esc_attr( $classes ); ?>">
-		<?php wp_nonce_field( 'try-gutenberg-panel-nonce', 'trygutenbergpanelnonce', false ); ?>
-		<a class="try-gutenberg-panel-close" href="<?php echo esc_url( admin_url( '?try_gutenberg=0' ) ); ?>" aria-label="<?php esc_attr_e( 'Dismiss the Try Gutenberg panel' ); ?>"><?php _e( 'Dismiss' ); ?></a>
-		<?php
-		/**
-		 * Add content to the Try Gutenberg panel on the admin dashboard.
-		 *
-		 * To remove the Try Gutenberg panel, use remove_action():
-		 *
-		 *     remove_action( 'try_gutenberg_panel', 'wp_try_gutenberg_panel' );
-		 *
-		 * @since 4.9.8
-		 */
-		do_action( 'try_gutenberg_panel' );
-		?>
-	</div>
-<?php endif; ?>
 <?php if ( has_action( 'welcome_panel' ) && current_user_can( 'edit_theme_options' ) ) :
 	$classes = 'welcome-panel';
 

wp-admin/js/dashboard.js

@@ -31,49 +31,6 @@ jQuery(document).ready( function($) {
 		updateWelcomePanel( this.checked ? 1 : 0 );
 	});
 
-	var tryGutenbergPanel = $( '#try-gutenberg-panel' ),
-		tryGutenbergPanelHide = $('#wp_try_gutenberg_panel-hide'),
-		updateTryGutenbergPanel, installGutenbergSuccess;
-
-	updateTryGutenbergPanel = function( visible ) {
-		$.post( ajaxurl, {
-			action: 'update-try-gutenberg-panel',
-			visible: visible,
-			trygutenbergpanelnonce: $( '#trygutenbergpanelnonce' ).val()
-		});
-	};
-
-	installGutenbergSuccess = function( response ) {
-		response.activateUrl += '&from=try-gutenberg';
-		response.activateLabel = wp.updates.l10n.activatePluginLabel.replace( '%s', response.pluginName );
-		wp.updates.installPluginSuccess( response );
-	};
-
-	if ( tryGutenbergPanel.hasClass( 'hidden' ) && tryGutenbergPanelHide.prop( 'checked' ) ) {
-		tryGutenbergPanel.removeClass( 'hidden' );
-	}
-
-	$( '.try-gutenberg-panel-close, .try-gutenberg-panel-dismiss a', tryGutenbergPanel ).click( function( e ) {
-		e.preventDefault();
-		tryGutenbergPanel.addClass( 'hidden' );
-		updateTryGutenbergPanel( 0 );
-		$('#wp_try_gutenberg_panel-hide').prop( 'checked', false );
-	});
-
-	tryGutenbergPanelHide.click( function() {
-		tryGutenbergPanel.toggleClass( 'hidden', ! this.checked );
-		updateTryGutenbergPanel( this.checked ? 1 : 0 );
-	});
-
-	tryGutenbergPanel.on( 'click', '.install-now', function( e ) {
-		e.preventDefault();
-		var args = {
-			slug: $( e.target ).data( 'slug' ),
-			success: installGutenbergSuccess
-		};
-		wp.updates.installPlugin( args );
-	} );
-
 	// These widgets are sometimes populated via ajax
 	ajaxWidgets = ['dashboard_primary'];
 

wp-admin/plugins.php

@@ -65,12 +65,6 @@ if ( $action ) {
 				wp_redirect( self_admin_url("import.php?import=" . str_replace('-importer', '', dirname($plugin))) ); // overrides the ?error=true one above and redirects to the Imports page, stripping the -importer suffix
 			} else if ( isset($_GET['from']) && 'press-this' == $_GET['from'] ) {
 				wp_redirect( self_admin_url( "press-this.php") );
-			} else if ( isset( $_GET['from'] ) && 'try-gutenberg' == $_GET['from'] ) {
-				if ( 'gutenberg/gutenberg.php' === $plugin ) {
-					wp_redirect( self_admin_url( "admin.php?page=gutenberg" ) );
-				} else {
-					wp_redirect( self_admin_url() );
-				}
 			} else {
 				wp_redirect( self_admin_url("plugins.php?activate=true&plugin_status=$status&paged=$page&s=$s") ); // overrides the ?error=true one above
 			}

wp-includes/class-wp-query.php

@@ -529,7 +529,6 @@ class WP_Query {
 			, 'attachment'
 			, 'attachment_id'
 			, 'name'
-			, 'static'
 			, 'pagename'
 			, 'page_id'
 			, 'second'
@@ -764,7 +763,7 @@ class WP_Query {
 			// If year, month, day, hour, minute, and second are set, a single
 			// post is being queried.
 			$this->is_single = true;
-		} elseif ( '' != $qv['static'] || '' != $qv['pagename'] || !empty($qv['page_id']) ) {
+		} elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) {
 			$this->is_page = true;
 			$this->is_single = false;
 		} else {

wp-includes/class-wp.php

@@ -14,7 +14,7 @@ class WP {
 	 * @since 2.0.0
 	 * @var array
 	 */
-	public $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
+	public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
 
 	/**
 	 * Private query variables.

wp-includes/comment.php

@@ -3110,6 +3110,8 @@ function wp_handle_comment_submission( $comment_data ) {
 			) {
 				kses_remove_filters(); // start with a clean slate
 				kses_init_filters(); // set up the filters
+				remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+				add_filter( 'pre_comment_content', 'wp_filter_kses' );
 			}
 		}
 	} else {

wp-includes/default-filters.php

@@ -318,7 +318,6 @@ add_action( 'transition_post_status',     '_transition_post_status',
 add_action( 'transition_post_status',     '_update_term_count_on_transition_post_status', 10, 3 );
 add_action( 'comment_form',               'wp_comment_form_unfiltered_html_nonce'          );
 add_action( 'admin_init',                 'send_frame_options_header',               10, 0 );
-add_action( 'try_gutenberg_panel',        'wp_try_gutenberg_panel'                         );
 add_action( 'welcome_panel',              'wp_welcome_panel'                               );
 
 // Privacy

wp-includes/formatting.php

@@ -2747,17 +2747,19 @@ function wp_rel_nofollow( $text ) {
  */
 function wp_rel_nofollow_callback( $matches ) {
 	$text = $matches[1];
-	$atts = shortcode_parse_atts( $matches[1] );
+	$atts = wp_kses_hair( $matches[1], wp_allowed_protocols() );
 	$rel  = 'nofollow';
 
-	if ( preg_match( '%href=["\'](' . preg_quote( set_url_scheme( home_url(), 'http' ) ) . ')%i', $text ) ||
-	     preg_match( '%href=["\'](' . preg_quote( set_url_scheme( home_url(), 'https' ) ) . ')%i', $text )
-	) {
-		return "<a $text>";
+	if ( ! empty( $atts['href'] ) ) {
+		if ( in_array( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) {
+			if ( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_HOST ) ) === strtolower( wp_parse_url( home_url(), PHP_URL_HOST ) ) ) {
+				return "<a $text>";
+			}
+		}
 	}
 
 	if ( ! empty( $atts['rel'] ) ) {
-		$parts = array_map( 'trim', explode( ' ', $atts['rel'] ) );
+		$parts = array_map( 'trim', explode( ' ', $atts['rel']['value'] ) );
 		if ( false === array_search( 'nofollow', $parts ) ) {
 			$parts[] = 'nofollow';
 		}
@@ -2766,11 +2768,15 @@ function wp_rel_nofollow_callback( $matches ) {
 
 		$html = '';
 		foreach ( $atts as $name => $value ) {
-			$html .= "{$name}=\"$value\" ";
+			if ( isset( $value['vless'] ) && 'y' === $value['vless'] ) {
+				$html .= $name . ' ';
+			} else {
+				$html .= "{$name}=\"" . esc_attr( $value['value'] ) . '" ';
+			}
 		}
 		$text = trim( $html );
 	}
-	return "<a $text rel=\"$rel\">";
+	return "<a $text rel=\"" . esc_attr( $rel ) . "\">";
 }
 
 /**

wp-includes/functions.php

@@ -1613,6 +1613,11 @@ function wp_mkdir_p( $target ) {
 	if ( file_exists( $target ) )
 		return @is_dir( $target );
 
+	// Do not allow path traversals.
+	if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
+		return false;
+	}
+
 	// We need to find the permissions of the parent folder that exists and inherit that.
 	$target_parent = dirname( $target );
 	while ( '.' != $target_parent && ! is_dir( $target_parent ) && dirname( $target_parent ) !== $target_parent ) {

wp-includes/http.php

@@ -541,8 +541,9 @@ function wp_http_validate_url( $url ) {
 			$ip = $host;
 		} else {
 			$ip = gethostbyname( $host );
-			if ( $ip === $host ) // Error condition for gethostbyname()
-				$ip = false;
+			if ( $ip === $host ) { // Error condition for gethostbyname()
+				return false;
+			}
 		}
 		if ( $ip ) {
 			$parts = array_map( 'intval', explode( '.', $ip ) );

wp-includes/kses.php

@@ -1384,6 +1384,7 @@ function wp_kses_html_error($string) {
  * @return string Sanitized content
  */
 function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) {
+	$string  = preg_replace( '/(&#0*58(?![;0-9])|&#x0*3a(?![;a-f0-9]))/i', '$1;', $string );
 	$string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 );
 	if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) {
 		$string = trim( $string2[1] );

wp-includes/pluggable.php

@@ -1079,7 +1079,7 @@ if ( !function_exists('check_admin_referer') ) :
  *                   0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
  */
 function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
-	if ( -1 == $action )
+	if ( -1 === $action )
 		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
 
 	$adminurl = strtolower(admin_url());
@@ -1097,7 +1097,7 @@ function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
 	 */
 	do_action( 'check_admin_referer', $action, $result );
 
-	if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
+	if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
 		wp_nonce_ays( $action );
 		die();
 	}
@@ -1342,6 +1342,14 @@ function wp_validate_redirect($location, $default = '') {
 	if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )
 		return $default;
 
+	if ( ! isset( $lp['host'] ) && ! empty( $lp['path'] ) && '/' !== $lp['path'][0] ) {
+		$path = '';
+		if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
+			$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );
+		}
+		$location = '/' . ltrim( $path . '/', '/' ) . $location;
+	}
+
 	// Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
 	if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
 		return $default;
@@ -2637,4 +2645,3 @@ function wp_text_diff( $left_string, $right_string, $args = null ) {
 	return $r;
 }
 endif;
-

wp-includes/post-template.php

@@ -324,25 +324,9 @@ function get_the_content( $more_link_text = null, $strip_teaser = false ) {
 		}
 	}
 
-	if ( $preview ) // Preview fix for JavaScript bug with foreign languages.
-		$output =	preg_replace_callback( '/\%u([0-9A-F]{4})/', '_convert_urlencoded_to_entities', $output );
-
 	return $output;
 }
 
-/**
- * Preview fix for JavaScript bug with foreign languages.
- *
- * @since 3.1.0
- * @access private
- *
- * @param array $match Match array from preg_replace_callback.
- * @return string
- */
-function _convert_urlencoded_to_entities( $match ) {
-	return '&#' . base_convert( $match[1], 16, 10 ) . ';';
-}
-
 /**
  * Display the post excerpt.
  *

wp-includes/rest-api.php

@@ -544,7 +544,9 @@ function rest_send_cors_headers( $value ) {
 		header( 'Access-Control-Allow-Origin: ' . $origin );
 		header( 'Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE' );
 		header( 'Access-Control-Allow-Credentials: true' );
-		header( 'Vary: Origin' );
+		header( 'Vary: Origin', false );
+	} elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
+		header( 'Vary: Origin', false );
 	}
 
 	return $value;

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.9.9';
+$wp_version = '4.9.12';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.