Tag 3.4.2

git-svn-id: http://core.svn.wordpress.org/tags/3.4.2@21780 1a063a9b-81f0-0310-95a4-ce76da25c4cd

readme.html

@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo">
 	<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
-	<br /> Version 3.4
+	<br /> Version 3.4.2
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 

wp-admin/about.php

@@ -33,6 +33,19 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 	</a>
 </h2>
 
+<div class="changelog point-releases">
+	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 2 ); ?></h3>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 20 ), '3.4.2', number_format_i18n( 20 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.4.2' ); ?>
+ 	</p>
+
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 21 ), '3.4.1', number_format_i18n( 21 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.4.1' ); ?>
+ 	</p>
+</div>
+
 <div class="changelog">
 	<h3><?php _e( 'Live Theme Previews' ); ?></h3>
 

wp-admin/css/wp-admin.dev.css

@@ -1968,13 +1968,7 @@ html.wp-toolbar {
 	box-sizing: border-box;
 }
 
-.postbox-container .meta-box-sortables:empty {
-	min-height: 0;
-	height: 0;
-}
-
-.metabox-holder .postbox-container .empty-container,
-#post-body.columns-2 #side-sortables:empty {
+.metabox-holder .postbox-container .empty-container {
 	border: 3px dashed #CCCCCC;
 	height: 250px;
 }
@@ -2045,7 +2039,6 @@ html.wp-toolbar {
 		width: 50.5%;
 	}
 
-	#dashboard-widgets.metabox-holder .postbox-container .empty-container,
 	#dashboard-widgets #postbox-container-3 .empty-container,
 	#dashboard-widgets #postbox-container-4 .empty-container {
 		border: 0 none;

wp-admin/customize.php

@@ -7,6 +7,8 @@
  * @since 3.4.0
  */
 
+define( 'IFRAME_REQUEST', true );
+
 require_once( './admin.php' );
 if ( ! current_user_can( 'edit_theme_options' ) )
 	wp_die( __( 'Cheatin’ uh?' ) );
@@ -65,7 +67,6 @@ do_action( 'customize_controls_print_scripts' );
 <body class="<?php echo esc_attr( $body_class ); ?>">
 <div class="wp-full-overlay expanded">
 	<form id="customize-controls" class="wrap wp-full-overlay-sidebar">
-		<?php wp_nonce_field( 'customize_controls-' . $wp_customize->get_stylesheet() ); ?>
 		<div id="customize-header-actions" class="wp-full-overlay-header">
 			<?php
 				$save_text = $wp_customize->is_theme_active() ? __( 'Save &amp; Publish' ) : __( 'Save &amp; Activate' );
@@ -175,6 +176,10 @@ do_action( 'customize_controls_print_scripts' );
 		),
 		'settings' => array(),
 		'controls' => array(),
+		'nonce'    => array(
+ 			'save'    => wp_create_nonce( 'save-customize_' . $wp_customize->get_stylesheet() ),
+ 			'preview' => wp_create_nonce( 'preview-customize_' . $wp_customize->get_stylesheet() )
+ 		),
 	);
 
 	foreach ( $wp_customize->settings() as $id => $setting ) {

wp-admin/includes/class-wp-ms-themes-list-table.php

@@ -293,7 +293,7 @@ class WP_MS_Themes_List_Table extends WP_List_Table {
 		}
 
 		if ( current_user_can('edit_themes') )
-			$actions['edit'] = '<a href="' . esc_url('theme-editor.php?theme=' .  $theme_key ) . '" title="' . esc_attr__('Open this theme in the Theme Editor') . '" class="edit">' . __('Edit') . '</a>';
+			$actions['edit'] = '<a href="' . esc_url('theme-editor.php?theme=' . urlencode( $theme_key ) ) . '" title="' . esc_attr__('Open this theme in the Theme Editor') . '" class="edit">' . __('Edit') . '</a>';
 
 		if ( ! $allowed && current_user_can( 'delete_themes' ) && ! $this->is_site_themes && $theme_key != get_option( 'stylesheet' ) && $theme_key != get_option( 'template' ) )
 			$actions['delete'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=delete-selected&amp;checked[]=' . $theme_key . '&amp;theme_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-themes' ) ) . '" title="' . esc_attr__( 'Delete this theme' ) . '" class="delete">' . __( 'Delete' ) . '</a>';

wp-admin/includes/class-wp-plugins-list-table.php

@@ -90,7 +90,9 @@ class WP_Plugins_List_Table extends WP_List_Table {
 
 		foreach ( (array) $plugins['all'] as $plugin_file => $plugin_data ) {
 			// Filter into individual sections
-			if ( ! $screen->is_network && is_plugin_active_for_network( $plugin_file ) ) {
+			if ( is_multisite() && ! $screen->is_network && is_network_only_plugin( $plugin_file ) ) {
+				unset( $plugins['all'][ $plugin_file ] );
+			} elseif ( ! $screen->is_network && is_plugin_active_for_network( $plugin_file ) ) {
 				unset( $plugins['all'][ $plugin_file ] );
 			} elseif ( ( ! $screen->is_network && is_plugin_active( $plugin_file ) )
 				|| ( $screen->is_network && is_plugin_active_for_network( $plugin_file ) ) ) {

wp-admin/includes/class-wp-themes-list-table.php

@@ -128,7 +128,7 @@ class WP_Themes_List_Table extends WP_List_Table {
 			$activate_link = wp_nonce_url( "themes.php?action=activate&template=" . urlencode( $template ) . "&stylesheet=" . urlencode( $stylesheet ), 'switch-theme_' . $stylesheet );
 
 			$preview_link = esc_url( add_query_arg(
-				array( 'preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'preview_iframe' => true, 'TB_iframe' => 'true' ),
+				array( 'preview' => 1, 'template' => urlencode( $template ), 'stylesheet' => urlencode( $stylesheet ), 'preview_iframe' => true, 'TB_iframe' => 'true' ),
 				home_url( '/' ) ) );
 
 			$actions = array();

wp-admin/includes/class-wp-upgrader.php

@@ -1507,14 +1507,14 @@ class Theme_Installer_Skin extends WP_Upgrader_Skin {
 
 		$preview_link = add_query_arg( array(
 			'preview'    => 1,
-			'template'   => $template,
-			'stylesheet' => $stylesheet,
+			'template'   => urlencode( $template ),
+			'stylesheet' => urlencode( $stylesheet ),
 		), trailingslashit( get_home_url() ) );
 
 		$activate_link = add_query_arg( array(
 			'action'     => 'activate',
-			'template'   => $template,
-			'stylesheet' => $stylesheet,
+			'template'   => urlencode( $template ),
+			'stylesheet' => urlencode( $stylesheet ),
 		), admin_url('themes.php') );
 		$activate_link = wp_nonce_url( $activate_link, 'switch-theme_' . $stylesheet );
 
@@ -1571,14 +1571,14 @@ class Theme_Upgrader_Skin extends WP_Upgrader_Skin {
 
 			$preview_link = add_query_arg( array(
 				'preview'    => 1,
-				'template'   => $template,
-				'stylesheet' => $stylesheet,
+				'template'   => urlencode( $template ),
+				'stylesheet' => urlencode( $stylesheet ),
 			), trailingslashit( get_home_url() ) );
 
 			$activate_link = add_query_arg( array(
 				'action'     => 'activate',
-				'template'   => $template,
-				'stylesheet' => $stylesheet,
+				'template'   => urlencode( $template ),
+				'stylesheet' => urlencode( $stylesheet ),
 			), admin_url('themes.php') );
 			$activate_link = wp_nonce_url( $activate_link, 'switch-theme_' . $stylesheet );
 

wp-admin/includes/meta-boxes.php

@@ -483,17 +483,17 @@ function post_comment_meta_box($post) {
 	if ( 1 > $total ) {
 		echo '<p id="no-comments">' . __('No comments yet.') . '</p>';
 	} else {
-		$hidden = get_hidden_meta_boxes('post');
+		$hidden = get_hidden_meta_boxes( get_current_screen() );
 		if ( ! in_array('commentsdiv', $hidden) ) {
 			?>
 			<script type="text/javascript">jQuery(document).ready(function(){commentsBox.get(<?php echo $total; ?>, 10);});</script>
 			<?php
 		}
-	}
 
-	?>
-	<p class="hide-if-no-js hidden" id="show-comments"><a href="#commentstatusdiv" onclick="commentsBox.get(<?php echo $total; ?>);return false;"><?php _e('Show comments'); ?></a> <img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /></p>
-	<?php
+		?>
+		<p class="hide-if-no-js" id="show-comments"><a href="#commentstatusdiv" onclick="commentsBox.get(<?php echo $total; ?>);return false;"><?php _e('Show comments'); ?></a> <img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /></p>
+		<?php
+	}
 
 	wp_comment_trashnotice();
 }
@@ -688,7 +688,7 @@ function link_categories_meta_box($link) {
 		<p id="link-category-add" class="wp-hidden-child">
 			<label class="screen-reader-text" for="newcat"><?php _e( '+ Add New Category' ); ?></label>
 			<input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" aria-required="true" />
-			<input type="button" id="category-add-submit" class="add:categorychecklist:linkcategorydiv button" value="<?php esc_attr_e( 'Add' ); ?>" />
+			<input type="button" id="link-category-add-submit" class="add:categorychecklist:linkcategorydiv button" value="<?php esc_attr_e( 'Add' ); ?>" />
 			<?php wp_nonce_field( 'add-link-category', '_ajax_nonce', false ); ?>
 			<span id="category-ajax-response"></span>
 		</p>

wp-admin/includes/plugin.php

@@ -521,6 +521,7 @@ function activate_plugin( $plugin, $redirect = '', $network_wide = false, $silen
 	if ( is_multisite() && ( $network_wide || is_network_only_plugin($plugin) ) ) {
 		$network_wide = true;
 		$current = get_site_option( 'active_sitewide_plugins', array() );
+		$_GET['networkwide'] = 1; // Back compat for plugins looking for this value.
 	} else {
 		$current = get_option( 'active_plugins', array() );
 	}

wp-admin/includes/update-core.php

@@ -477,7 +477,7 @@ function update_core($from, $to) {
 	$mysql_version  = $wpdb->db_version();
 	$required_php_version = '5.2.4';
 	$required_mysql_version = '5.0';
-	$wp_version = '3.4';
+	$wp_version = '3.4.2';
 	$php_compat     = version_compare( $php_version, $required_php_version, '>=' );
 	if ( file_exists( WP_CONTENT_DIR . '/db.php' ) && empty( $wpdb->is_mysql ) )
 		$mysql_compat = true;
@@ -680,7 +680,7 @@ function _copy_dir($from, $to, $skip_list = array() ) {
 function _redirect_to_about_wordpress( $new_version ) {
 	global $wp_version, $pagenow, $action;
 
-	if ( version_compare( $wp_version, '3.4-RC1', '>=' ) )
+	if ( version_compare( $wp_version, '3.5-alpha', '>=' ) )
 		return;
 
 	// Ensure we only run this on the update-core.php page. wp_update_core() could be called in other contexts.
@@ -695,12 +695,17 @@ function _redirect_to_about_wordpress( $new_version ) {
 
 	// See do_core_upgrade()
 	show_message( __('WordPress updated successfully') );
-	show_message( '<span class="hide-if-no-js">' . sprintf( __( 'Welcome to WordPress %1$s. You will be redirected to the About WordPress screen. If not, click <a href="%s">here</a>.' ), $new_version, esc_url( self_admin_url( 'about.php?updated' ) ) ) . '</span>' );
-	show_message( '<span class="hide-if-js">' . sprintf( __( 'Welcome to WordPress %1$s. <a href="%2$s">Learn more</a>.' ), $new_version, esc_url( self_admin_url( 'about.php?updated' ) ) ) . '</span>' );
+
+	$js_message = __( 'Welcome to WordPress %1$s. You will be redirected to the About WordPress screen. If not, click <a href="%s">here</a>.' );
+	$js_message = str_replace( '"%s"', '"%2$s"', $js_message ); // in lieu of breaking the string.
+
+	// self_admin_url() won't exist when upgrading from <= 3.0, so relative URLs are intentional.
+	show_message( '<span class="hide-if-no-js">' . sprintf( $js_message, $new_version, 'about.php?updated' ) . '</span>' );
+	show_message( '<span class="hide-if-js">' . sprintf( __( 'Welcome to WordPress %1$s. <a href="%2$s">Learn more</a>.' ), $new_version, 'about.php?updated' ) . '</span>' );
 	echo '</div>';
 	?>
 <script type="text/javascript">
-window.location = '<?php echo self_admin_url( 'about.php?updated' ); ?>';
+window.location = 'about.php?updated';
 </script>
 	<?php
 

wp-admin/includes/update.php

@@ -264,7 +264,7 @@ function wp_theme_update_row( $theme_key, $theme ) {
 	$themes_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array());
 	$theme_name = wp_kses( $theme['Name'], $themes_allowedtags );
 
-	$details_url = self_admin_url("theme-install.php?tab=theme-information&theme=$theme_key&TB_iframe=true&width=600&height=400");
+	$details_url = add_query_arg( array( 'TB_iframe' => 'true', 'width' => 1024, 'height' => 800 ), $current->response[ $theme_key ]['url'] );
 
 	$wp_list_table = _get_list_table('WP_MS_Themes_List_Table');
 

wp-admin/index.php

@@ -2,6 +2,8 @@
 /**
  * Dashboard Administration Screen
  *
+ * @internal This file should be parseable by PHP4.
+ *
  * @package WordPress
  * @subpackage Administration
  */
@@ -32,7 +34,10 @@ else
 
 $help = '<p>' . __( 'Welcome to your WordPress Dashboard! This is the screen you will see when you log in to your site, and gives you access to all the site management features of WordPress. You can get help for any screen by clicking the Help tab in the upper corner.' ) . '</p>';
 
-get_current_screen()->add_help_tab( array(
+// Not using chaining here, so as to be parseable by PHP4.
+$screen = get_current_screen();
+
+$screen->add_help_tab( array(
 	'id'      => 'overview',
 	'title'   => __( 'Overview' ),
 	'content' => $help,
@@ -43,7 +48,7 @@ get_current_screen()->add_help_tab( array(
 $help  = '<p>' . __('The left-hand navigation menu provides links to all of the WordPress administration screens, with submenu items displayed on hover. You can minimize this menu to a narrow icon strip by clicking on the Collapse Menu arrow at the bottom.') . '</p>';
 $help .= '<p>' . __('Links in the Toolbar at the top of the screen connect your dashboard and the front end of your site, and provide access to your profile and helpful WordPress information.') . '</p>';
 
-get_current_screen()->add_help_tab( array(
+$screen->add_help_tab( array(
 	'id'      => 'help-navigation',
 	'title'   => __('Navigation'),
 	'content' => $help,
@@ -54,7 +59,7 @@ $help .= '<p>' . __('<strong>Screen Options</strong> - Use the Screen Options ta
 $help .= '<p>' . __('<strong>Drag and Drop</strong> - To rearrange the boxes, drag and drop by clicking on the title bar of the selected box and releasing when you see a gray dotted-line rectangle appear in the location you want to place the box.') . '</p>';
 $help .= '<p>' . __('<strong>Box Controls</strong> - Click the title bar of the box to expand or collapse it. In addition, some box have configurable content, and will show a &#8220;Configure&#8221; link in the title bar if you hover over it.') . '</p>';
 
-get_current_screen()->add_help_tab( array(
+$screen->add_help_tab( array(
 	'id'      => 'help-layout',
 	'title'   => __('Layout'),
 	'content' => $help,
@@ -78,7 +83,7 @@ if ( ! is_multisite() && current_user_can( 'install_plugins' ) )
 if ( current_user_can( 'edit_theme_options' ) )
 	$help .= '<p>' . __('<strong>Welcome</strong> - Shows links for some of the most common tasks when setting up a new site.') . '</p>';
 
-get_current_screen()->add_help_tab( array(
+$screen->add_help_tab( array(
 	'id'      => 'help-content',
 	'title'   => __('Content'),
 	'content' => $help,
@@ -86,7 +91,7 @@ get_current_screen()->add_help_tab( array(
 
 unset( $help );
 
-get_current_screen()->set_help_sidebar(
+$screen->set_help_sidebar(
 	'<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
 	'<p>' . __( '<a href="http://codex.wordpress.org/Dashboard_Screen" target="_blank">Documentation on Dashboard</a>' ) . '</p>' .
 	'<p>' . __( '<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'

wp-admin/js/common.dev.js

@@ -216,7 +216,7 @@ $(document).ready( function() {
 			m.addClass('sub-open');
 		},
 		out: function(){
-			$(this).find('.wp-submenu').removeClass('sub-open');
+			$(this).find('.wp-submenu').removeClass('sub-open').css('margin-top', '');
 		},
 		timeout: 200,
 		sensitivity: 7,

wp-admin/js/customize-controls.dev.js

@@ -220,10 +220,6 @@
 				};
 			});
 
-			// Select a tab
-			this.selected = this.tabs[ panels.first().data('customizeTab') ];
-			this.selected.both.addClass('library-selected');
-
 			// Bind tab switch events
 			this.library.children('ul').on( 'click', 'li', function( event ) {
 				var id  = $(this).data('customizeTab'),
@@ -255,6 +251,18 @@
 					this.tabs.uploaded.both.addClass('hidden');
 			}
 
+			// Select a tab
+			panels.each( function() {
+				var tab = control.tabs[ $(this).data('customizeTab') ];
+
+				// Select the first visible tab.
+				if ( ! tab.link.hasClass('hidden') ) {
+					control.selected = tab;
+					tab.both.addClass('library-selected');
+					return false;
+				}
+			});
+
 			this.dropdownInit();
 		},
 		success: function( attachment ) {
@@ -294,7 +302,8 @@
 			// This is the promise object.
 			deferred.promise( this );
 
-			this.previewer = params.previewer;
+			this.container = params.container;
+			this.signature = params.signature;
 
 			$.extend( params, { channel: api.PreviewFrame.uuid() });
 
@@ -338,7 +347,7 @@
 
 			this.request.done( function( response ) {
 				var location = self.request.getResponseHeader('Location'),
-					signature = 'WP_CUSTOMIZER_SIGNATURE',
+					signature = self.signature,
 					index;
 
 				// Check if the location response header differs from the current URL.
@@ -371,7 +380,7 @@
 				response = response.slice( 0, index ) + response.slice( index + signature.length );
 
 				// Create the iframe and inject the html content.
-				self.iframe = $('<iframe />').appendTo( self.previewer.container );
+				self.iframe = $('<iframe />').appendTo( self.container );
 
 				// Bind load event after the iframe has been added to the page;
 				// otherwise it will fire when injected into the DOM.
@@ -416,7 +425,7 @@
 					reject();
 
 				iframe = $('<iframe src="' + self.previewUrl() + '" />').hide();
-				iframe.appendTo( self.previewer.container );
+				iframe.appendTo( self.container );
 				iframe.load( function() {
 					self.triedLogin = true;
 
@@ -497,6 +506,7 @@
 
 			this.container   = api.ensure( params.container );
 			this.allowedUrls = params.allowedUrls;
+			this.signature   = params.signature;
 
 			params.url = window.location.href;
 
@@ -570,7 +580,8 @@
 				url:        this.url(),
 				previewUrl: this.previewUrl(),
 				query:      this.query() || {},
-				previewer:  this
+				container:  this.container,
+				signature:  this.signature
 			});
 
 			this.loading.done( function() {
@@ -583,6 +594,8 @@
 
 					self.targetWindow( this.targetWindow() );
 					self.channel( this.channel() );
+
+					self.send( 'active' );
 				});
 
 				this.send( 'sync', {
@@ -683,23 +696,26 @@
 			container:   '#customize-preview',
 			form:        '#customize-controls',
 			previewUrl:  api.settings.url.preview,
-			allowedUrls: api.settings.url.allowed
+			allowedUrls: api.settings.url.allowed,
+			signature:   'WP_CUSTOMIZER_SIGNATURE'
 		}, {
+
+			nonce: api.settings.nonce,
+
 			query: function() {
 				return {
 					wp_customize: 'on',
 					theme:        api.settings.theme.stylesheet,
-					customized:   JSON.stringify( api.get() )
+					customized:   JSON.stringify( api.get() ),
+					nonce:        this.nonce.preview
 				};
 			},
 
-			nonce: $('#_wpnonce').val(),
-
 			save: function() {
 				var self  = this,
 					query = $.extend( this.query(), {
 						action: 'customize_save',
-						nonce:  this.nonce
+						nonce:  this.nonce.save
 					}),
 					request = $.post( api.settings.url.ajax, query );
 
@@ -733,6 +749,11 @@
 			}
 		});
 
+		// Refresh the nonces if the preview sends updated nonces over.
+ 		previewer.bind( 'nonce', function( nonce ) {
+ 			$.extend( this.nonce, nonce );
+ 		});
+
 		$.each( api.settings.settings, function( id, data ) {
 			api.create( id, id, data.value, {
 				transport: data.transport,

wp-admin/js/link.dev.js

@@ -23,7 +23,7 @@ jQuery(document).ready( function($) {
 
 	// Ajax Cat
 	newCat = $('#newcat').one( 'focus', function() { $(this).val( '' ).removeClass( 'form-input-tip' ) } );
-	$('#category-add-submit').click( function() { newCat.focus(); } );
+	$('#link-category-add-submit').click( function() { newCat.focus(); } );
 	syncChecks = function() {
 		if ( noSyncChecks )
 			return;

wp-admin/js/link.js

@@ -1 +1 @@
-jQuery(document).ready(function(c){var b,a=false,d,e;c("#link_name").focus();postboxes.add_postbox_toggles("link");c("#category-tabs a").click(function(){var f=c(this).attr("href");c(this).parent().addClass("tabs").siblings("li").removeClass("tabs");c(".tabs-panel").hide();c(f).show();if("#categories-all"==f){deleteUserSetting("cats")}else{setUserSetting("cats","pop")}return false});if(getUserSetting("cats")){c('#category-tabs a[href="#categories-pop"]').click()}b=c("#newcat").one("focus",function(){c(this).val("").removeClass("form-input-tip")});c("#category-add-submit").click(function(){b.focus()});d=function(){if(a){return}a=true;var f=c(this),h=f.is(":checked"),g=f.val().toString();c("#in-link-category-"+g+", #in-popular-category-"+g).prop("checked",h);a=false};e=function(g,f){c(f.what+" response_data",g).each(function(){var h=c(c(this).text());h.find("label").each(function(){var j=c(this),l=j.find("input").val(),m=j.find("input")[0].id,i=c.trim(j.text()),k;c("#"+m).change(d);k=c('<option value="'+parseInt(l,10)+'"></option>').text(i)})})};c("#categorychecklist").wpList({alt:"",what:"link-category",response:"category-ajax-response",addAfter:e});c('a[href="#categories-all"]').click(function(){deleteUserSetting("cats")});c('a[href="#categories-pop"]').click(function(){setUserSetting("cats","pop")});if("pop"==getUserSetting("cats")){c('a[href="#categories-pop"]').click()}c("#category-add-toggle").click(function(){c(this).parents("div:first").toggleClass("wp-hidden-children");c('#category-tabs a[href="#categories-all"]').click();c("#newcategory").focus();return false});c(".categorychecklist :checkbox").change(d).filter(":checked").change()});
+jQuery(document).ready(function(c){var b,a=false,d,e;c("#link_name").focus();postboxes.add_postbox_toggles("link");c("#category-tabs a").click(function(){var f=c(this).attr("href");c(this).parent().addClass("tabs").siblings("li").removeClass("tabs");c(".tabs-panel").hide();c(f).show();if("#categories-all"==f){deleteUserSetting("cats")}else{setUserSetting("cats","pop")}return false});if(getUserSetting("cats")){c('#category-tabs a[href="#categories-pop"]').click()}b=c("#newcat").one("focus",function(){c(this).val("").removeClass("form-input-tip")});c("#link-category-add-submit").click(function(){b.focus()});d=function(){if(a){return}a=true;var f=c(this),h=f.is(":checked"),g=f.val().toString();c("#in-link-category-"+g+", #in-popular-category-"+g).prop("checked",h);a=false};e=function(g,f){c(f.what+" response_data",g).each(function(){var h=c(c(this).text());h.find("label").each(function(){var j=c(this),l=j.find("input").val(),m=j.find("input")[0].id,i=c.trim(j.text()),k;c("#"+m).change(d);k=c('<option value="'+parseInt(l,10)+'"></option>').text(i)})})};c("#categorychecklist").wpList({alt:"",what:"link-category",response:"category-ajax-response",addAfter:e});c('a[href="#categories-all"]').click(function(){deleteUserSetting("cats")});c('a[href="#categories-pop"]').click(function(){setUserSetting("cats","pop")});if("pop"==getUserSetting("cats")){c('a[href="#categories-pop"]').click()}c("#category-add-toggle").click(function(){c(this).parents("div:first").toggleClass("wp-hidden-children");c('#category-tabs a[href="#categories-all"]').click();c("#newcategory").focus();return false});c(".categorychecklist :checkbox").change(d).filter(":checked").change()});

wp-admin/js/post.dev.js

@@ -342,7 +342,7 @@ jQuery(document).ready( function($) {
 			return false;
 		});
 
-		$('#' + taxonomy + 'checklist li.popular-category :checkbox, #' + taxonomy + 'checklist-pop :checkbox').live( 'click', function(){
+		$('#' + taxonomy + 'checklist li.popular-category input[type="checkbox"], #' + taxonomy + 'checklist-pop input[type="checkbox"]').live( 'click', function(){
 			var t = $(this), c = t.is(':checked'), id = t.val();
 			if ( id && t.parents('#taxonomy-'+taxonomy).length )
 				$('#in-' + taxonomy + '-' + id + ', #in-popular-' + taxonomy + '-' + id).prop( 'checked', c );

wp-admin/load-scripts.php

@@ -51,6 +51,11 @@ function is_lighttpd_before_150() {}
  */
 function add_action() {}
 
+/**
+ * @ignore
+ */
+function did_action() {}
+
 /**
  * @ignore
  */

wp-admin/plugins.php

@@ -51,6 +51,11 @@ if ( $action ) {
 			}
 
 			if ( ! is_network_admin() ) {
+				if ( is_network_only_plugin( $plugin ) ) {
+					wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") );
+					exit;
+				}
+
 				$recent = (array) get_option( 'recently_activated' );
 				unset( $recent[ $plugin ] );
 				update_option( 'recently_activated', $recent );
@@ -72,10 +77,17 @@ if ( $action ) {
 			$plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
 
 			// Only activate plugins which are not already active.
-			$check = is_network_admin() ? 'is_plugin_active_for_network' : 'is_plugin_active';
-			foreach ( $plugins as $i => $plugin )
-				if ( $check( $plugin ) )
-					unset( $plugins[ $i ] );
+			if ( is_network_admin() ) {
+				foreach ( $plugins as $i => $plugin ) {
+					if ( is_plugin_active_for_network( $plugin ) )
+						unset( $plugins[ $i ] );
+				}
+			} else {
+				foreach ( $plugins as $i => $plugin ) {
+					if ( is_plugin_active( $plugin ) || is_network_only_plugin( $plugin ) )
+						unset( $plugins[ $i ] );
+				}
+			}
 
 			if ( empty($plugins) ) {
 				wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") );

wp-admin/setup-config.php

@@ -44,12 +44,14 @@ define('WP_DEBUG', false);
 require(ABSPATH . WPINC . '/load.php');
 require(ABSPATH . WPINC . '/version.php');
 
-// Also loads functions.php, plugin.php, l10n.php, pomo/mo.php (all required by setup-config.php)
-wp_load_translations_early();
-
 // Check for the required PHP version and for the MySQL extension or a database drop-in.
 wp_check_php_mysql_versions();
 
+require_once(ABSPATH . WPINC . '/functions.php');
+
+// Also loads plugin.php, l10n.php, pomo/mo.php (all required by setup-config.php)
+wp_load_translations_early();
+
 // Turn register_globals off.
 wp_unregister_GLOBALS();
 
@@ -217,9 +219,10 @@ switch($step) {
 	}
 
 	$key = 0;
-	foreach ( $config_file as &$line ) {
+	// Not a PHP5-style by-reference foreach, as this file must be parseable by PHP4.
+	foreach ( $config_file as $line_num => $line ) {
 		if ( '$table_prefix  =' == substr( $line, 0, 16 ) ) {
-			$line = '$table_prefix  = \'' . addcslashes( $prefix, "\\'" ) . "';\r\n";
+			$config_file[ $line_num ] = '$table_prefix  = \'' . addcslashes( $prefix, "\\'" ) . "';\r\n";
 			continue;
 		}
 
@@ -234,7 +237,7 @@ switch($step) {
 			case 'DB_USER'     :
 			case 'DB_PASSWORD' :
 			case 'DB_HOST'     :
-				$line = "define('" . $constant . "'," . $padding . "'" . addcslashes( constant( $constant ), "\\'" ) . "');\r\n";
+				$config_file[ $line_num ] = "define('" . $constant . "'," . $padding . "'" . addcslashes( constant( $constant ), "\\'" ) . "');\r\n";
 				break;
 			case 'AUTH_KEY'         :
 			case 'SECURE_AUTH_KEY'  :
@@ -244,7 +247,7 @@ switch($step) {
 			case 'SECURE_AUTH_SALT' :
 			case 'LOGGED_IN_SALT'   :
 			case 'NONCE_SALT'       :
-				$line = "define('" . $constant . "'," . $padding . "'" . $secret_keys[$key++] . "');\r\n";
+				$config_file[ $line_num ] = "define('" . $constant . "'," . $padding . "'" . $secret_keys[$key++] . "');\r\n";
 				break;
 		}
 	}

wp-admin/themes.php

@@ -20,7 +20,7 @@ if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) {
 		$theme = wp_get_theme( $_GET['stylesheet'] );
 		if ( ! $theme->exists() || ! $theme->is_allowed() )
 			wp_die( __( 'Cheatin’ uh?' ) );
-		switch_theme($_GET['template'], $_GET['stylesheet']);
+		switch_theme( $theme->get_template(), $theme->get_stylesheet() );
 		wp_redirect( admin_url('themes.php?activated=true') );
 		exit;
 	} elseif ( 'delete' == $_GET['action'] ) {
@@ -64,6 +64,8 @@ if ( current_user_can( 'install_themes' ) ) {
 	) );
 }
 
+add_thickbox();
+
 endif; // switch_themes
 
 if ( current_user_can( 'edit_theme_options' ) ) {

wp-includes/canonical.php

@@ -100,7 +100,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 		}
 
 		if ( ! $redirect_url ) {
-			if ( $redirect_url = redirect_guess_404_permalink( $requested_url ) ) {
+			if ( $redirect_url = redirect_guess_404_permalink() ) {
 				$redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'page', 'feed', 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ), $redirect_url );
 			}
 		}
@@ -461,31 +461,16 @@ function _remove_qs_args_if_not_in_url( $query_string, Array $args_to_check, $ur
 }
 
 /**
- * Attempts to guess the correct URL from the current URL (that produced a 404) or
- * the current query variables.
+ * Attempts to guess the correct URL based on query vars
  *
  * @since 2.3.0
  * @uses $wpdb
  *
- * @param string $current_url Optional. The URL that has 404'd.
  * @return bool|string The correct URL if one is found. False on failure.
  */
-function redirect_guess_404_permalink( $current_url = '' ) {
+function redirect_guess_404_permalink() {
 	global $wpdb, $wp_rewrite;
 
-	if ( ! empty( $current_url ) )
-		$parsed_url = @parse_url( $current_url );
-
-	// Attempt to redirect bare category slugs if the permalink structure starts
-	// with the %category% tag.
-	if ( isset( $parsed_url['path'] )
-		&& preg_match( '#^[^%]+%category%#', $wp_rewrite->permalink_structure )
-		&& $cat = get_category_by_path( $parsed_url['path'] )
-	) {
-		if ( ! is_wp_error( $cat ) )
-			return get_term_link( $cat );
-	}
-
 	if ( get_query_var('name') ) {
 		$where = $wpdb->prepare("post_name LIKE %s", like_escape( get_query_var('name') ) . '%');
 

wp-includes/capabilities.php

@@ -1130,6 +1130,8 @@ function map_meta_cap( $cap, $user_id ) {
 		// Disallow unfiltered_html for all users, even admins and super admins.
 		if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML )
 			$caps[] = 'do_not_allow';
+		elseif ( is_multisite() && ! is_super_admin( $user_id ) )
+			$caps[] = 'do_not_allow';
 		else
 			$caps[] = $cap;
 		break;

wp-includes/class-oembed.php

@@ -213,8 +213,14 @@ class WP_oEmbed {
 			$errors = libxml_use_internal_errors( 'true' );
 			$data = simplexml_load_string( $response_body );
 			libxml_use_internal_errors( $errors );
-			if ( is_object( $data ) )
-				return $data;
+			if ( ! is_object( $data ) )
+				return false;
+
+			$return = new stdClass;
+			foreach ( $data as $key => $value )
+				$return->$key = (string) $value;
+
+			return $return;
 		}
 		return false;
 	}

wp-includes/class-phpmailer.php

@@ -760,13 +760,13 @@ class PHPMailer {
     } else {
       if ($this->SingleTo === true && count($toArr) > 1) {
         foreach ($toArr as $key => $val) {
-          $rt = @mail($val, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params);
+          $rt = @mail($val, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header);
           // implement call back function if it exists
           $isSent = ($rt == 1) ? 1 : 0;
           $this->doCallback($isSent, $val, $this->cc, $this->bcc, $this->Subject, $body);
         }
       } else {
-        $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params);
+        $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header);
         // implement call back function if it exists
         $isSent = ($rt == 1) ? 1 : 0;
         $this->doCallback($isSent, $to, $this->cc, $this->bcc, $this->Subject, $body);

wp-includes/class-wp-atom-server.php

@@ -167,9 +167,7 @@ class wp_atom_server {
 				array('GET' => 'get_attachment',
 						'POST' => 'create_attachment'),
 			'@/attachment/file/(\d+)$@' =>
-				array('GET' => 'get_file',
-						'PUT' => 'put_file',
-						'DELETE' => 'delete_file'),
+				array('GET' => 'get_file'),
 			'@/attachment/(\d+)$@' =>
 				array('GET' => 'get_attachment',
 						'PUT' => 'put_attachment',
@@ -315,6 +313,12 @@ EOD;
 
 		$entry = array_pop($parser->feed->entries);
 
+		$publish = ! ( isset( $entry->draft ) && 'yes' == trim( $entry->draft ) );
+		$cap = ($publish) ? 'publish_posts' : 'edit_posts';
+
+		if ( !current_user_can($cap) )
+			$this->auth_required(__('Sorry, you do not have the right to edit/publish new posts.'));
+
 		$catnames = array();
 		if ( !empty( $entry->categories ) ) {
 			foreach ( $entry->categories as $cat ) {
@@ -331,13 +335,6 @@ EOD;
 				array_push($post_category, $cat->term_id);
 		}
 
-		$publish = ! ( isset( $entry->draft ) && 'yes' == trim( $entry->draft ) );
-
-		$cap = ($publish) ? 'publish_posts' : 'edit_posts';
-
-		if ( !current_user_can($cap) )
-			$this->auth_required(__('Sorry, you do not have the right to edit/publish new posts.'));
-
 		$blog_ID = get_current_blog_id();
 		$post_status = ($publish) ? 'publish' : 'draft';
 		$post_author = (int) $user_ID;
@@ -398,7 +395,7 @@ EOD;
 	function get_post($postID) {
 		global $entry;
 
-		if ( !current_user_can( 'edit_post', $postID ) )
+		if ( ! get_post( $postID ) || ! current_user_can( 'edit_post', $postID ) )
 			$this->auth_required( __( 'Sorry, you do not have the right to access this post.' ) );
 
 		$this->set_current_entry($postID);
@@ -429,10 +426,14 @@ EOD;
 		global $entry;
 		$this->set_current_entry($postID);
 
-		if ( !current_user_can('edit_post', $entry['ID']) )
+		if ( !current_user_can('edit_post', $postID) )
 			$this->auth_required(__('Sorry, you do not have the right to edit this post.'));
 
 		$publish = ! ( isset($parsed->draft) && 'yes' == trim($parsed->draft) );
+
+		if ( $publish && ! current_user_can( 'publish_posts' ) )
+			$this->auth_required( __( 'Sorry, you do not have the right to publish this post.' ) );
+
 		$post_status = ($publish) ? 'publish' : 'draft';
 
 		extract($entry);
@@ -473,7 +474,7 @@ EOD;
 		global $entry;
 		$this->set_current_entry($postID);
 
-		if ( !current_user_can('edit_post', $postID) )
+		if ( !current_user_can('delete_post', $postID) )
 			$this->auth_required(__('Sorry, you do not have the right to delete this post.'));
 
 		if ( $entry['post_type'] == 'attachment' ) {
@@ -504,6 +505,9 @@ EOD;
 		if ( !isset($postID) ) {
 			$this->get_attachments();
 		} else {
+			if ( ! current_user_can( 'edit_post', $postID ) )
+				$this->auth_required( __( 'Sorry, you do not have the right to edit this post.' ) );
+
 			$this->set_current_entry($postID);
 			$output = $this->get_entry($postID, 'attachment');
 			$this->output($output);
@@ -589,7 +593,7 @@ EOD;
 		global $entry;
 		$this->set_current_entry($postID);
 
-		if ( !current_user_can('edit_post', $entry['ID']) )
+		if ( !current_user_can('edit_post', $entry['ID']) || 'attachment' != $entry['post_type'] )
 			$this->auth_required(__('Sorry, you do not have the right to edit this post.'));
 
 		extract($entry);
@@ -624,7 +628,7 @@ EOD;
 		global $entry;
 		$this->set_current_entry($postID);
 
-		if ( !current_user_can('edit_post', $postID) )
+		if ( !current_user_can('delete_post', $postID) )
 			$this->auth_required(__('Sorry, you do not have the right to delete this post.'));
 
 		$location = get_post_meta($entry['ID'], '_wp_attached_file', true);
@@ -633,11 +637,8 @@ EOD;
 		if ( !isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']) )
 			$this->internal_error(__('Error occurred while accessing post metadata for file location.'));
 
-		// delete file
-		@unlink($location);
-
 		// delete attachment
-		$result = wp_delete_post($postID);
+		$result = wp_delete_attachment($postID);
 
 		if ( !$result )
 			$this->internal_error(__('For some strange yet very annoying reason, this post could not be deleted.'));
@@ -970,7 +971,7 @@ EOD;
 
 		$count = get_option('posts_per_rss');
 
-		wp('posts_per_page=' . $count . '&offset=' . ($count * ($page-1)) . '&orderby=modified&post_status=any');
+		wp('posts_per_page=' . $count . '&offset=' . ($count * ($page-1)) . '&orderby=modified&perm=readable');
 
 		$post = $GLOBALS['post'];
 		$posts = $GLOBALS['posts'];

wp-includes/class-wp-customize-control.php

@@ -321,6 +321,21 @@ class WP_Customize_Image_Control extends WP_Customize_Upload_Control {
 
 		$this->add_tab( 'upload-new', __('Upload New'), array( $this, 'tab_upload_new' ) );
 		$this->add_tab( 'uploaded',   __('Uploaded'),   array( $this, 'tab_uploaded' ) );
+
+		// Early priority to occur before $this->manager->prepare_controls();
+		add_action( 'customize_controls_init', array( $this, 'prepare_control' ), 5 );
+	}
+
+	/**
+	 * Prepares the control.
+	 *
+	 * If no tabs exist, removes the control from the manager.
+	 *
+	 * @since 3.4.2
+	 */
+	public function prepare_control() {
+		if ( ! $this->tabs )
+			$this->manager->remove_control( $this->id );
 	}
 
 	public function to_json() {
@@ -455,6 +470,20 @@ class WP_Customize_Background_Image_Control extends WP_Customize_Image_Control {
 }
 
 class WP_Customize_Header_Image_Control extends WP_Customize_Image_Control {
+	/**
+	 * The processed default headers.
+	 * @since 3.4.2
+	 * @var array
+	 */
+	protected $default_headers;
+
+	/**
+	 * The uploaded headers.
+	 * @since 3.4.2
+	 * @var array
+	 */
+	protected $uploaded_headers;
+
 	public function __construct( $manager ) {
 		parent::__construct( $manager, 'header_image', array(
 			'label'    => __( 'Header Image' ),
@@ -474,7 +503,34 @@ class WP_Customize_Header_Image_Control extends WP_Customize_Image_Control {
 			)
 		) );
 
-		$this->add_tab( 'default',  __('Default'),  array( $this, 'tab_default_headers' ) );
+		// Remove the upload tab.
+		$this->remove_tab( 'upload-new' );
+	}
+
+	/**
+	 * Prepares the control.
+	 *
+	 * If no tabs exist, removes the control from the manager.
+	 *
+	 * @since 3.4.2
+	 */
+	public function prepare_control() {
+		global $custom_image_header;
+		if ( empty( $custom_image_header ) )
+			return parent::prepare_control();
+
+		// Process default headers and uploaded headers.
+		$custom_image_header->process_default_headers();
+		$this->default_headers = $custom_image_header->default_headers;
+		$this->uploaded_headers = get_uploaded_header_images();
+
+		if ( $this->default_headers )
+			$this->add_tab( 'default',  __('Default'),  array( $this, 'tab_default_headers' ) );
+
+		if ( ! $this->uploaded_headers )
+			$this->remove_tab( 'uploaded' );
+
+		return parent::prepare_control();
 	}
 
 	public function print_header_image( $choice, $header ) {
@@ -498,19 +554,14 @@ class WP_Customize_Header_Image_Control extends WP_Customize_Image_Control {
 	}
 
 	public function tab_uploaded() {
-		$headers = get_uploaded_header_images();
-
 		?><div class="uploaded-target"></div><?php
 
-		foreach ( $headers as $choice => $header )
+		foreach ( $this->uploaded_headers as $choice => $header )
 			$this->print_header_image( $choice, $header );
 	}
 
 	public function tab_default_headers() {
-		global $custom_image_header;
-		$custom_image_header->process_default_headers();
-
-		foreach ( $custom_image_header->default_headers as $choice => $header )
+		foreach ( $this->default_headers as $choice => $header )
 			$this->print_header_image( $choice, $header );
 	}
 }

wp-includes/class-wp-customize-manager.php

@@ -17,6 +17,8 @@ final class WP_Customize_Manager {
 	protected $sections = array();
 	protected $controls = array();
 
+	protected $nonce_tick;
+
 	protected $customized;
 
 	private $_post_values;
@@ -308,6 +310,8 @@ final class WP_Customize_Manager {
 	 * @since 3.4.0
 	 */
 	public function customize_preview_init() {
+		$this->nonce_tick = check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'nonce' );
+
 		$this->prepare_controls();
 
 		wp_enqueue_script( 'customize-preview' );
@@ -362,6 +366,13 @@ final class WP_Customize_Manager {
 			'channel' => esc_js( $_POST['customize_messenger_channel'] ),
 		);
 
+		if ( 2 == $this->nonce_tick ) {
+ 			$settings['nonce'] = array(
+ 				'save' => wp_create_nonce( 'save-customize_' . $this->get_stylesheet() ),
+ 				'preview' => wp_create_nonce( 'preview-customize_' . $this->get_stylesheet() )
+ 			);
+ 		}
+
 		foreach ( $this->settings as $id => $setting ) {
 			$settings['values'][ $id ] = $setting->js_value();
 		}
@@ -468,7 +479,7 @@ final class WP_Customize_Manager {
 		if ( ! $this->is_preview() )
 			die;
 
-		check_ajax_referer( 'customize_controls-' . $this->get_stylesheet(), 'nonce' );
+		check_ajax_referer( 'save-customize_' . $this->get_stylesheet(), 'nonce' );
 
 		// Do we have to switch themes?
 		if ( ! $this->is_theme_active() ) {

wp-includes/class-wp-editor.php

@@ -337,7 +337,6 @@ final class _WP_Editors {
 						foreach ( $editor_styles as $key => $file ) {
 							if ( $file && file_exists( "$template_dir/$file" ) ) {
 								$mce_css[] = "$template_uri/$file";
-								$editor_styles[$key] = '';
 							}
 						}
 					}
@@ -784,7 +783,7 @@ final class _WP_Editors {
 			<div class="link-search-wrapper">
 				<label>
 					<span><?php _e( 'Search' ); ?></span>
-					<input type="search" id="search-field" class="link-search-field" tabindex="60" autocomplete="off" />
+					<input type="text" id="search-field" class="link-search-field" tabindex="60" autocomplete="off" />
 					<img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />
 				</label>
 			</div>

wp-includes/class-wp-theme.php

@@ -794,7 +794,7 @@ final class WP_Theme implements ArrayAccess {
 	 * @return string URL to the stylesheet directory.
 	 */
 	public function get_stylesheet_directory_uri() {
-		return $this->get_theme_root_uri() . '/' . $this->stylesheet;
+		return $this->get_theme_root_uri() . '/' . str_replace( '%2F', '/', rawurlencode( $this->stylesheet ) );
 	}
 
 	/**
@@ -814,7 +814,7 @@ final class WP_Theme implements ArrayAccess {
 		else
 			$theme_root_uri = $this->get_theme_root_uri();
 
-		return $theme_root . '/' . $this->template;
+		return $theme_root_uri . '/' . str_replace( '%2F', '/', rawurlencode( $this->template ) );
 	}
 
 	/**
@@ -930,10 +930,9 @@ final class WP_Theme implements ArrayAccess {
 			$files = (array) $this->get_files( 'php', 1 );
 
 			foreach ( $files as $file => $full_path ) {
-				$headers = get_file_data( $full_path, array( 'Template Name' => 'Template Name' ) );
-				if ( empty( $headers['Template Name'] ) )
+				if ( ! preg_match( '|Template Name:(.*)$|mi', file_get_contents( $full_path ), $header ) )
 					continue;
-				$page_templates[ $file ] = $headers['Template Name'];
+				$page_templates[ $file ] = _cleanup_header_comment( $header[1] );
 			}
 
 			$this->cache_add( 'page_templates', $page_templates );
@@ -1072,7 +1071,8 @@ final class WP_Theme implements ArrayAccess {
 	 * @return array Array of stylesheet names.
 	 */
 	public static function get_allowed( $blog_id = null ) {
-		return self::get_allowed_on_network() + self::get_allowed_on_site( $blog_id );
+		$network = (array) apply_filters( 'allowed_themes', self::get_allowed_on_network() );
+		return $network + self::get_allowed_on_site( $blog_id );
 	}
 
 	/**

wp-includes/class-wp-xmlrpc-server.php

@@ -622,7 +622,11 @@ class wp_xmlrpc_server extends IXR_Server {
 			'post_password'     => $post['post_password'],
 			'post_excerpt'      => $post['post_excerpt'],
 			'post_content'      => $post['post_content'],
+			'post_parent'       => strval( $post['post_parent'] ),
+			'post_mime_type'    => $post['post_mime_type'],
 			'link'              => post_permalink( $post['ID'] ),
+			'guid'              => $post['guid'],
+			'menu_order'        => intval( $post['menu_order'] ),
 			'comment_status'    => $post['comment_status'],
 			'ping_status'       => $post['ping_status'],
 			'sticky'            => ( $post['post_type'] === 'post' && is_sticky( $post['ID'] ) ),
@@ -1337,7 +1341,7 @@ class wp_xmlrpc_server extends IXR_Server {
 			return new IXR_Error( 404, __( 'Invalid post ID.' ) );
 
 		$post_type = get_post_type_object( $post['post_type'] );
-		if ( ! current_user_can( $post_type->cap->edit_posts, $post_id ) )
+		if ( ! current_user_can( $post_type->cap->edit_post, $post_id ) )
 			return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) );
 
 		return $this->_prepare_post( $post, $fields );
@@ -1394,13 +1398,15 @@ class wp_xmlrpc_server extends IXR_Server {
 			$post_type = get_post_type_object( $filter['post_type'] );
 			if ( ! ( (bool) $post_type ) )
 				return new IXR_Error( 403, __( 'The post type specified is not valid' ) );
-
-			if ( ! current_user_can( $post_type->cap->edit_posts ) )
-				return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type' ));
-
-			$query['post_type'] = $filter['post_type'];
+		} else {
+			$post_type = get_post_type_object( 'post' );
 		}
 
+		if ( ! current_user_can( $post_type->cap->edit_posts ) )
+			return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type' ));
+
+		$query['post_type'] = $post_type->name;
+
 		if ( isset( $filter['post_status'] ) )
 			$query['post_status'] = $filter['post_status'];
 
@@ -1427,7 +1433,7 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		foreach ( $posts_list as $post ) {
 			$post_type = get_post_type_object( $post['post_type'] );
-			if ( ! current_user_can( $post_type->cap->edit_posts, $post['ID'] ) )
+			if ( ! current_user_can( $post_type->cap->edit_post, $post['ID'] ) )
 				continue;
 
 			$struct[] = $this->_prepare_post( $post, $fields );

wp-includes/class.wp-scripts.php

@@ -31,10 +31,8 @@ class WP_Scripts extends WP_Dependencies {
 	var $default_dirs;
 
 	function __construct() {
-		if ( ! function_exists( 'did_action' ) || did_action( 'init' ) )
-			$this->init();
-		else
-			add_action( 'init', array( $this, 'init' ), 0 );
+		$this->init();
+		add_action( 'init', array( $this, 'init' ), 0 );
 	}
 
 	function init() {

wp-includes/css/editor.dev.css

@@ -1237,7 +1237,7 @@ html[dir="rtl"] .wp-switch-editor {
 
 #wp-link .link-search-wrapper span {
 	float: left;
-	margin-top: 6px;
+	margin-top: 9px;
 }
 
 #wp-link .link-search-wrapper input[type="text"] {

wp-includes/formatting.php

@@ -3236,7 +3236,7 @@ function sanitize_mime_type( $mime_type ) {
  * @return string URLs starting with the http or https protocol, separated by a carriage return.
  */
 function sanitize_trackback_urls( $to_ping ) {
-	$urls_to_ping = preg_split( '/\r\n\t /', trim( $to_ping ), -1, PREG_SPLIT_NO_EMPTY );
+	$urls_to_ping = preg_split( '/[\r\n\t ]/', trim( $to_ping ), -1, PREG_SPLIT_NO_EMPTY );
 	foreach ( $urls_to_ping as $k => $url ) {
 		if ( !preg_match( '#^https?://.#i', $url ) )
 			unset( $urls_to_ping[$k] );

wp-includes/functions.php

@@ -1486,7 +1486,12 @@ function wp_upload_dir( $time = null ) {
 
 	// Make sure we have an uploads dir
 	if ( ! wp_mkdir_p( $uploads['path'] ) ) {
-		$message = sprintf( __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), $uploads['path'] );
+		if ( 0 === strpos( $uploads['basedir'], ABSPATH ) )
+			$error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir'];
+		else
+			$error_path = basename( $uploads['basedir'] ) . $uploads['subdir'];
+
+		$message = sprintf( __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), $error_path );
 		return array( 'error' => $message );
 	}
 
@@ -1604,7 +1609,12 @@ function wp_upload_bits( $name, $deprecated, $bits, $time = null ) {
 
 	$new_file = $upload['path'] . "/$filename";
 	if ( ! wp_mkdir_p( dirname( $new_file ) ) ) {
-		$message = sprintf( __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), dirname( $new_file ) );
+		if ( 0 === strpos( $upload['basedir'], ABSPATH ) )
+			$error_path = str_replace( ABSPATH, '', $upload['basedir'] ) . $upload['subdir'];
+		else
+			$error_path = basename( $upload['basedir'] ) . $upload['subdir'];
+
+		$message = sprintf( __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), $error_path );
 		return array( 'error' => $message );
 	}
 
@@ -1835,99 +1845,19 @@ function get_allowed_mime_types() {
 /**
  * Retrieve nonce action "Are you sure" message.
  *
- * The action is split by verb and noun. The action format is as follows:
- * verb-action_extra. The verb is before the first dash and has the format of
- * letters and no spaces and numbers. The noun is after the dash and before the
- * underscore, if an underscore exists. The noun is also only letters.
+ * Deprecated in 3.4.1 and 3.5.0. Backported to 3.3.3.
  *
- * The filter will be called for any action, which is not defined by WordPress.
- * You may use the filter for your plugin to explain nonce actions to the user,
- * when they get the "Are you sure?" message. The filter is in the format of
- * 'explain_nonce_$verb-$noun' with the $verb replaced by the found verb and the
- * $noun replaced by the found noun. The two parameters that are given to the
- * hook are the localized "Are you sure you want to do this?" message with the
- * extra text (the text after the underscore).
- *
- * @package WordPress
- * @subpackage Security
  * @since 2.0.4
+ * @deprecated 3.4.1
+ * @deprecated Use wp_nonce_ays()
+ * @see wp_nonce_ays()
  *
  * @param string $action Nonce action.
  * @return string Are you sure message.
  */
 function wp_explain_nonce( $action ) {
-	if ( $action !== -1 && preg_match( '/([a-z]+)-([a-z]+)(_(.+))?/', $action, $matches ) ) {
-		$verb = $matches[1];
-		$noun = $matches[2];
-
-		$trans = array();
-		$trans['update']['attachment'] = array( __( 'Your attempt to edit this attachment: “%s” has failed.' ), 'get_the_title' );
-
-		$trans['add']['category']      = array( __( 'Your attempt to add this category has failed.' ), false );
-		$trans['delete']['category']   = array( __( 'Your attempt to delete this category: “%s” has failed.' ), 'get_cat_name' );
-		$trans['update']['category']   = array( __( 'Your attempt to edit this category: “%s” has failed.' ), 'get_cat_name' );
-
-		$trans['delete']['comment']    = array( __( 'Your attempt to delete this comment: “%s” has failed.' ), 'use_id' );
-		$trans['unapprove']['comment'] = array( __( 'Your attempt to unapprove this comment: “%s” has failed.' ), 'use_id' );
-		$trans['approve']['comment']   = array( __( 'Your attempt to approve this comment: “%s” has failed.' ), 'use_id' );
-		$trans['update']['comment']    = array( __( 'Your attempt to edit this comment: “%s” has failed.' ), 'use_id' );
-		$trans['bulk']['comments']     = array( __( 'Your attempt to bulk modify comments has failed.' ), false );
-		$trans['moderate']['comments'] = array( __( 'Your attempt to moderate comments has failed.' ), false );
-
-		$trans['add']['bookmark']      = array( __( 'Your attempt to add this link has failed.' ), false );
-		$trans['delete']['bookmark']   = array( __( 'Your attempt to delete this link: “%s” has failed.' ), 'use_id' );
-		$trans['update']['bookmark']   = array( __( 'Your attempt to edit this link: “%s” has failed.' ), 'use_id' );
-		$trans['bulk']['bookmarks']    = array( __( 'Your attempt to bulk modify links has failed.' ), false );
-
-		$trans['add']['page']          = array( __( 'Your attempt to add this page has failed.' ), false );
-		$trans['delete']['page']       = array( __( 'Your attempt to delete this page: “%s” has failed.' ), 'get_the_title' );
-		$trans['update']['page']       = array( __( 'Your attempt to edit this page: “%s” has failed.' ), 'get_the_title' );
-
-		$trans['edit']['plugin']       = array( __( 'Your attempt to edit this plugin file: “%s” has failed.' ), 'use_id' );
-		$trans['activate']['plugin']   = array( __( 'Your attempt to activate this plugin: “%s” has failed.' ), 'use_id' );
-		$trans['deactivate']['plugin'] = array( __( 'Your attempt to deactivate this plugin: “%s” has failed.' ), 'use_id' );
-		$trans['upgrade']['plugin']    = array( __( 'Your attempt to update this plugin: “%s” has failed.' ), 'use_id' );
-
-		$trans['add']['post']          = array( __( 'Your attempt to add this post has failed.' ), false );
-		$trans['delete']['post']       = array( __( 'Your attempt to delete this post: “%s” has failed.' ), 'get_the_title' );
-		$trans['update']['post']       = array( __( 'Your attempt to edit this post: “%s” has failed.' ), 'get_the_title' );
-
-		$trans['add']['user']          = array( __( 'Your attempt to add this user has failed.' ), false );
-		$trans['delete']['users']      = array( __( 'Your attempt to delete users has failed.' ), false );
-		$trans['bulk']['users']        = array( __( 'Your attempt to bulk modify users has failed.' ), false );
-		$trans['update']['user']       = array( __( 'Your attempt to edit this user: “%s” has failed.' ), 'get_the_author_meta', 'display_name' );
-		$trans['update']['profile']    = array( __( 'Your attempt to modify the profile for: “%s” has failed.' ), 'get_the_author_meta', 'display_name' );
-
-		$trans['update']['options']    = array( __( 'Your attempt to edit your settings has failed.' ), false );
-		$trans['update']['permalink']  = array( __( 'Your attempt to change your permalink structure to: %s has failed.' ), 'use_id' );
-		$trans['edit']['file']         = array( __( 'Your attempt to edit this file: “%s” has failed.' ), 'use_id' );
-		$trans['edit']['theme']        = array( __( 'Your attempt to edit this theme file: “%s” has failed.' ), 'use_id' );
-		$trans['switch']['theme']      = array( __( 'Your attempt to switch to this theme: “%s” has failed.' ), 'use_id' );
-
-		$trans['log']['out']           = array( sprintf( __( 'You are attempting to log out of %s' ), get_bloginfo( 'sitename' ) ), false );
-
-		if ( isset( $trans[$verb][$noun] ) ) {
-			if ( !empty( $trans[$verb][$noun][1] ) ) {
-				$lookup = $trans[$verb][$noun][1];
-				if ( isset($trans[$verb][$noun][2]) )
-					$lookup_value = $trans[$verb][$noun][2];
-				$object = $matches[4];
-				if ( 'use_id' != $lookup ) {
-					if ( isset( $lookup_value ) )
-						$object = call_user_func( $lookup, $lookup_value, $object );
-					else
-						$object = call_user_func( $lookup, $object );
-				}
-				return sprintf( $trans[$verb][$noun][0], esc_html($object) );
-			} else {
-				return $trans[$verb][$noun][0];
-			}
-		}
-
-		return apply_filters( 'explain_nonce_' . $verb . '-' . $noun, __( 'Are you sure you want to do this?' ), isset($matches[4]) ? $matches[4] : '' );
-	} else {
-		return apply_filters( 'explain_nonce_' . $action, __( 'Are you sure you want to do this?' ) );
-	}
+	_deprecated_function( __FUNCTION__, '3.4.1', 'wp_nonce_ays()' );
+	return __( 'Are you sure you want to do this?' );
 }
 
 /**
@@ -1944,11 +1874,14 @@ function wp_explain_nonce( $action ) {
  */
 function wp_nonce_ays( $action ) {
 	$title = __( 'WordPress Failure Notice' );
-	$html = esc_html( wp_explain_nonce( $action ) );
-	if ( 'log-out' == $action )
-		$html .= "</p><p>" . sprintf( __( "Do you really want to <a href='%s'>log out</a>?"), wp_logout_url() );
-	elseif ( wp_get_referer() )
-		$html .= "</p><p><a href='" . esc_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
+	if ( 'log-out' == $action ) {
+		$html = sprintf( __( 'You are attempting to log out of %s' ), get_bloginfo( 'name' ) ) . '</p><p>';
+		$html .= sprintf( __( "Do you really want to <a href='%s'>log out</a>?"), wp_logout_url() );
+	} else {
+		$html = __( 'Are you sure you want to do this?' );
+		if ( wp_get_referer() )
+			$html .= "</p><p><a href='" . esc_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
+	}
 
 	wp_die( $html, $title, array('response' => 403) );
 }
@@ -3622,7 +3555,11 @@ function wp_allowed_protocols() {
  * @return string|array Either a string containing a reversed comma separated trace or an array of individual calls.
  */
 function wp_debug_backtrace_summary( $ignore_class = null, $skip_frames = 0, $pretty = true ) {
-	$trace  = debug_backtrace( false );
+	if ( version_compare( PHP_VERSION, '5.2.5', '>=' ) )
+		$trace = debug_backtrace( false );
+	else
+		$trace = debug_backtrace();
+
 	$caller = array();
 	$check_class = ! is_null( $ignore_class );
 	$skip_frames++; // skip this function
@@ -3690,7 +3627,7 @@ function _device_can_upload() {
 	if ( strpos($ua, 'iPhone') !== false
 		|| strpos($ua, 'iPad') !== false
 		|| strpos($ua, 'iPod') !== false ) {
-			return false;
+			return preg_match( '#OS ([\d_]+) like Mac OS X#', $ua, $version ) && version_compare( $version[1], '6', '>=' );
 	} else {
 		return true;
 	}

wp-includes/js/customize-preview.dev.js

@@ -88,7 +88,12 @@
 				preview.trigger( event, args );
 			});
 			preview.send( 'synced' );
-		})
+		});
+
+	 	preview.bind( 'active', function() {
+	 		if ( api.settings.nonce )
+	 			preview.send( 'nonce', api.settings.nonce );
+	 	});
 
 		preview.send( 'ready' );
 

wp-includes/js/customize-preview.js

@@ -1 +1 @@
-(function(b,d){var c=wp.customize,a;a=function(g,e,f){var h;return function(){var i=arguments;f=f||this;clearTimeout(h);h=setTimeout(function(){h=null;g.apply(f,i)},e)}};c.Preview=c.Messenger.extend({initialize:function(g,f){var e=this;c.Messenger.prototype.initialize.call(this,g,f);this.body=d(document.body);this.body.on("click.preview","a",function(h){h.preventDefault();e.send("scroll",0);e.send("url",d(this).prop("href"))});this.body.on("submit.preview","form",function(h){h.preventDefault()});this.window=d(window);this.window.on("scroll.preview",a(function(){e.send("scroll",e.window.scrollTop())},200));this.bind("scroll",function(h){e.window.scrollTop(h)})}});d(function(){c.settings=window._wpCustomizeSettings;if(!c.settings){return}var f,e;f=new c.Preview({url:window.location.href,channel:c.settings.channel});f.bind("settings",function(g){d.each(g,function(i,h){if(c.has(i)){c(i).set(h)}else{c.create(i,h)}})});f.trigger("settings",c.settings.values);f.bind("setting",function(g){var h;g=g.slice();if(h=c(g.shift())){h.set.apply(h,g)}});f.bind("sync",function(g){d.each(g,function(i,h){f.trigger(i,h)});f.send("synced")});f.send("ready");e=d.map(["color","image","position_x","repeat","attachment"],function(g){return"background_"+g});c.when.apply(c,e).done(function(j,i,m,h,l){var n=d(document.body),o=d("head"),g=d("#custom-background-css"),k;if(n.hasClass("custom-background")&&!g.length){return}k=function(){var p="";n.toggleClass("custom-background",!!(j()||i()));if(j()){p+="background-color: "+j()+";"}if(i()){p+='background-image: url("'+i()+'");';p+="background-position: top "+m()+";";p+="background-repeat: "+h()+";";p+="background-position: top "+l()+";"}g.remove();g=d('<style type="text/css" id="custom-background-css">body.custom-background { '+p+" }</style>").appendTo(o)};d.each(arguments,function(){this.bind(k)})})})})(wp,jQuery);
+(function(b,d){var c=wp.customize,a;a=function(g,e,f){var h;return function(){var i=arguments;f=f||this;clearTimeout(h);h=setTimeout(function(){h=null;g.apply(f,i)},e)}};c.Preview=c.Messenger.extend({initialize:function(g,f){var e=this;c.Messenger.prototype.initialize.call(this,g,f);this.body=d(document.body);this.body.on("click.preview","a",function(h){h.preventDefault();e.send("scroll",0);e.send("url",d(this).prop("href"))});this.body.on("submit.preview","form",function(h){h.preventDefault()});this.window=d(window);this.window.on("scroll.preview",a(function(){e.send("scroll",e.window.scrollTop())},200));this.bind("scroll",function(h){e.window.scrollTop(h)})}});d(function(){c.settings=window._wpCustomizeSettings;if(!c.settings){return}var f,e;f=new c.Preview({url:window.location.href,channel:c.settings.channel});f.bind("settings",function(g){d.each(g,function(i,h){if(c.has(i)){c(i).set(h)}else{c.create(i,h)}})});f.trigger("settings",c.settings.values);f.bind("setting",function(g){var h;g=g.slice();if(h=c(g.shift())){h.set.apply(h,g)}});f.bind("sync",function(g){d.each(g,function(i,h){f.trigger(i,h)});f.send("synced")});f.bind("active",function(){if(c.settings.nonce){f.send("nonce",c.settings.nonce)}});f.send("ready");e=d.map(["color","image","position_x","repeat","attachment"],function(g){return"background_"+g});c.when.apply(c,e).done(function(j,i,m,h,l){var n=d(document.body),o=d("head"),g=d("#custom-background-css"),k;if(n.hasClass("custom-background")&&!g.length){return}k=function(){var p="";n.toggleClass("custom-background",!!(j()||i()));if(j()){p+="background-color: "+j()+";"}if(i()){p+='background-image: url("'+i()+'");';p+="background-position: top "+m()+";";p+="background-repeat: "+h()+";";p+="background-position: top "+l()+";"}g.remove();g=d('<style type="text/css" id="custom-background-css">body.custom-background { '+p+" }</style>").appendTo(o)};d.each(arguments,function(){this.bind(k)})})})})(wp,jQuery);

wp-includes/js/imgareaselect/jquery.imgareaselect.dev.js

@@ -1,6 +1,6 @@
 /*
  * imgAreaSelect jQuery plugin
- * version 0.9.8
+ * version 0.9.9
  *
  * Copyright (c) 2008-2011 Michal Wojciechowski (odyniec.net)
  *
@@ -706,7 +706,7 @@ $.imgAreaSelect = function (img, options) {
         setSelection(selX(x1), selY(y1), selX(x1), selY(y1));
 
         /* If this is an API call, callback functions should not be triggered */
-        if (!this instanceof $.imgAreaSelect) {
+        if (!(this instanceof $.imgAreaSelect)) {
             options.onSelectChange(img, getSelection());
             options.onSelectEnd(img, getSelection());
         }
@@ -866,7 +866,7 @@ $.imgAreaSelect = function (img, options) {
      *            properties
      */
     function styleOptions($elem, props) {
-        for (option in props)
+        for (var option in props)
             if (options[option] !== undefined)
                 $elem.css(props[option], options[option]);
     }
@@ -1143,7 +1143,7 @@ $.imgAreaSelect = function (img, options) {
      * attribute seems to trigger it. The check is for version 7 and above to
      * accommodate for MSIE 9 running in compatibility mode.
      */
-   if ($.browser.msie && $.browser.version >= 7)
+   if (!imgLoaded && $.browser.msie && $.browser.version >= 7)
         img.src = img.src;
 };
 

wp-includes/js/plupload/wp-plupload.dev.js

@@ -73,6 +73,10 @@ if ( typeof wp === 'undefined' )
 			this.plupload[ elements[ key ] ] = this[ key ].prop('id');
 		}
 
+		// If the uploader has neither a browse button nor a dropzone, bail.
+		if ( ! ( this.browser && this.browser.length ) && ! ( this.dropzone && this.dropzone.length ) )
+			return;
+
 		this.uploader = new plupload.Uploader( this.plupload );
 		delete this.plupload;
 
@@ -113,7 +117,13 @@ if ( typeof wp === 'undefined' )
 			});
 		}( this.dropzone, this.supports.dragdrop ));
 
-		this.browser.on( 'mouseenter', this.refresh );
+		if ( this.browser ) {
+			this.browser.on( 'mouseenter', this.refresh );
+		} else {
+			this.uploader.disableBrowse( true );
+			// If HTML5 mode, hide the auto-created file container.
+			$('#' + this.uploader.id + '_html5_container').hide();
+		}
 
 		this.uploader.bind( 'UploadProgress', this.progress );
 

wp-includes/js/plupload/wp-plupload.js

@@ -1 +1 @@
-if(typeof wp==="undefined"){var wp={}}(function(a,b){var c;if(typeof _wpPluploadSettings==="undefined"){return}c=function(e){var d=this,g={container:"container",browser:"browse_button",dropzone:"drop_element"},f;this.supports={upload:c.browser.supported};this.supported=this.supports.upload;if(!this.supported){return}this.plupload=b.extend(true,{multipart_params:{}},c.defaults);this.container=document.body;b.extend(true,this,e);for(f in this){if(b.isFunction(this[f])){this[f]=b.proxy(this[f],this)}}for(f in g){if(!this[f]){continue}this[f]=b(this[f]).first();if(!this[f].length){delete this[f];continue}if(!this[f].prop("id")){this[f].prop("id","__wp-uploader-id-"+c.uuid++)}this.plupload[g[f]]=this[f].prop("id")}this.uploader=new plupload.Uploader(this.plupload);delete this.plupload;this.param(this.params||{});delete this.params;this.uploader.init();this.supports.dragdrop=this.uploader.features.dragdrop&&!c.browser.mobile;(function(j,h){var i=50,k;if(!j){return}j.toggleClass("supports-drag-drop",!!h);if(!h){return j.unbind(".wp-uploader")}j.bind("dragover.wp-uploader",function(){if(k){return}j.addClass("drag-over");k=true});j.bind("dragleave.wp-uploader, drop.wp-uploader",function(){k=false;j.removeClass("drag-over")})}(this.dropzone,this.supports.dragdrop));this.browser.on("mouseenter",this.refresh);this.uploader.bind("UploadProgress",this.progress);this.uploader.bind("FileUploaded",function(h,j,i){try{i=JSON.parse(i.response)}catch(k){return d.error(pluploadL10n.default_error,k)}if(!i||!i.type||!i.data){return d.error(pluploadL10n.default_error)}if("error"===i.type){return d.error(i.data.message,i.data)}if("success"===i.type){return d.success(i.data)}});this.uploader.bind("Error",function(h,i){var k=pluploadL10n.default_error,j;for(j in c.errorMap){if(i.code===plupload[j]){k=c.errorMap[j];break}}d.error(k,i);h.refresh()});this.uploader.bind("FilesAdded",function(h,i){b.each(i,function(){d.added(this)});h.refresh();h.start()});this.init()};b.extend(c,_wpPluploadSettings);c.uuid=0;c.errorMap={FAILED:pluploadL10n.upload_failed,FILE_EXTENSION_ERROR:pluploadL10n.invalid_filetype,IMAGE_FORMAT_ERROR:pluploadL10n.not_an_image,IMAGE_MEMORY_ERROR:pluploadL10n.image_memory_exceeded,IMAGE_DIMENSIONS_ERROR:pluploadL10n.image_dimensions_exceeded,GENERIC_ERROR:pluploadL10n.upload_failed,IO_ERROR:pluploadL10n.io_error,HTTP_ERROR:pluploadL10n.http_error,SECURITY_ERROR:pluploadL10n.security_error};b.extend(c.prototype,{param:function(d,e){if(arguments.length===1&&typeof d==="string"){return this.uploader.settings.multipart_params[d]}if(arguments.length>1){this.uploader.settings.multipart_params[d]=e}else{b.extend(this.uploader.settings.multipart_params,d)}},init:function(){},error:function(){},success:function(){},added:function(){},progress:function(){},complete:function(){},refresh:function(){this.uploader.refresh()}});a.Uploader=c})(wp,jQuery);
+if(typeof wp==="undefined"){var wp={}}(function(a,b){var c;if(typeof _wpPluploadSettings==="undefined"){return}c=function(e){var d=this,g={container:"container",browser:"browse_button",dropzone:"drop_element"},f;this.supports={upload:c.browser.supported};this.supported=this.supports.upload;if(!this.supported){return}this.plupload=b.extend(true,{multipart_params:{}},c.defaults);this.container=document.body;b.extend(true,this,e);for(f in this){if(b.isFunction(this[f])){this[f]=b.proxy(this[f],this)}}for(f in g){if(!this[f]){continue}this[f]=b(this[f]).first();if(!this[f].length){delete this[f];continue}if(!this[f].prop("id")){this[f].prop("id","__wp-uploader-id-"+c.uuid++)}this.plupload[g[f]]=this[f].prop("id")}if(!(this.browser&&this.browser.length)&&!(this.dropzone&&this.dropzone.length)){return}this.uploader=new plupload.Uploader(this.plupload);delete this.plupload;this.param(this.params||{});delete this.params;this.uploader.init();this.supports.dragdrop=this.uploader.features.dragdrop&&!c.browser.mobile;(function(j,h){var i=50,k;if(!j){return}j.toggleClass("supports-drag-drop",!!h);if(!h){return j.unbind(".wp-uploader")}j.bind("dragover.wp-uploader",function(){if(k){return}j.addClass("drag-over");k=true});j.bind("dragleave.wp-uploader, drop.wp-uploader",function(){k=false;j.removeClass("drag-over")})}(this.dropzone,this.supports.dragdrop));if(this.browser){this.browser.on("mouseenter",this.refresh)}else{this.uploader.disableBrowse(true);b("#"+this.uploader.id+"_html5_container").hide()}this.uploader.bind("UploadProgress",this.progress);this.uploader.bind("FileUploaded",function(h,j,i){try{i=JSON.parse(i.response)}catch(k){return d.error(pluploadL10n.default_error,k)}if(!i||!i.type||!i.data){return d.error(pluploadL10n.default_error)}if("error"===i.type){return d.error(i.data.message,i.data)}if("success"===i.type){return d.success(i.data)}});this.uploader.bind("Error",function(h,i){var k=pluploadL10n.default_error,j;for(j in c.errorMap){if(i.code===plupload[j]){k=c.errorMap[j];break}}d.error(k,i);h.refresh()});this.uploader.bind("FilesAdded",function(h,i){b.each(i,function(){d.added(this)});h.refresh();h.start()});this.init()};b.extend(c,_wpPluploadSettings);c.uuid=0;c.errorMap={FAILED:pluploadL10n.upload_failed,FILE_EXTENSION_ERROR:pluploadL10n.invalid_filetype,IMAGE_FORMAT_ERROR:pluploadL10n.not_an_image,IMAGE_MEMORY_ERROR:pluploadL10n.image_memory_exceeded,IMAGE_DIMENSIONS_ERROR:pluploadL10n.image_dimensions_exceeded,GENERIC_ERROR:pluploadL10n.upload_failed,IO_ERROR:pluploadL10n.io_error,HTTP_ERROR:pluploadL10n.http_error,SECURITY_ERROR:pluploadL10n.security_error};b.extend(c.prototype,{param:function(d,e){if(arguments.length===1&&typeof d==="string"){return this.uploader.settings.multipart_params[d]}if(arguments.length>1){this.uploader.settings.multipart_params[d]=e}else{b.extend(this.uploader.settings.multipart_params,d)}},init:function(){},error:function(){},success:function(){},added:function(){},progress:function(){},complete:function(){},refresh:function(){this.uploader.refresh()}});a.Uploader=c})(wp,jQuery);

wp-includes/js/tinymce/langs/wp-langs.php

@@ -8,6 +8,9 @@ function mce_escape($text) {
 	return esc_js($text);
 }
 
+if ( ! class_exists( '_WP_Editors' ) )
+	require( ABSPATH . WPINC . '/class-wp-editor.php' );
+
 function wp_mce_translation() {
 
 	$default = array(

wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin_src.js

@@ -142,13 +142,16 @@
 				var id, cls, w, cap, div_cls, img, trim = tinymce.trim;
 
 				id = b.match(/id=['"]([^'"]*)['"] ?/);
-				b = b.replace(id[0], '');
+				if ( id )
+					b = b.replace(id[0], '');
 
 				cls = b.match(/align=['"]([^'"]*)['"] ?/);
-				b = b.replace(cls[0], '');
+				if ( cls )
+					b = b.replace(cls[0], '');
 
 				w = b.match(/width=['"]([0-9]*)['"] ?/);
-				b = b.replace(w[0], '');
+				if ( w )
+					b = b.replace(w[0], '');
 
 				c = trim(c);
 				img = c.match(/((?:<a [^>]+>)?<img [^>]+>(?:<\/a>)?)([\s\S]*)/i);

wp-includes/js/wp-lists.dev.js

@@ -78,7 +78,7 @@ wpList = {
 		if ( !s )
 			return false;
 
-		if ( !e.is('[class^="add:' + list.id + ':"]') )
+		if ( !e.is('[id="' + s.what + '-add-submit"]') )
 			return !wpList.add.call( list, e, s );
 
 		if ( !s.element )
@@ -397,7 +397,7 @@ wpList = {
 			return list.wpList.add(this);
 		});
 
-		$el.delegate( '[class^="add:' + list.id + ':"]:not(form)', 'click', function(){
+		$el.delegate( 'a[class^="add:' + list.id + ':"], input[class^="add:' + list.id + ':"]', 'click', function(){
 			return list.wpList.add(this);
 		});
 

wp-includes/l10n.php

@@ -392,7 +392,7 @@ function load_default_textdomain() {
 		return;
 	}
 
-	if ( is_admin()  )
+	if ( is_admin() || ( defined( 'WP_REPAIRING' ) && WP_REPAIRING ) )
 		load_textdomain( 'default', WP_LANG_DIR . "/admin-$locale.mo" );
 
 	if ( is_network_admin() || ( defined( 'WP_INSTALLING_NETWORK' ) && WP_INSTALLING_NETWORK ) )

wp-includes/load.php

@@ -105,12 +105,12 @@ function wp_check_php_mysql_versions() {
 	$php_version = phpversion();
 	if ( version_compare( $required_php_version, $php_version, '>' ) ) {
 		wp_load_translations_early();
-		wp_die( sprintf( __( 'Your server is running PHP version %1$s but WordPress %2$s requires at least %3$s.' ), $php_version, $wp_version, $required_php_version ) );
+		die( sprintf( __( 'Your server is running PHP version %1$s but WordPress %2$s requires at least %3$s.' ), $php_version, $wp_version, $required_php_version ) );
 	}
 
 	if ( ! extension_loaded( 'mysql' ) && ! file_exists( WP_CONTENT_DIR . '/db.php' ) ) {
 		wp_load_translations_early();
-		wp_die( __( 'Your PHP installation appears to be missing the MySQL extension which is required by WordPress.' ) );
+		die( __( 'Your PHP installation appears to be missing the MySQL extension which is required by WordPress.' ) );
 	}
 }
 
@@ -685,7 +685,6 @@ function wp_load_translations_early() {
 	require_once ABSPATH . WPINC . '/locale.php';
 
 	// General libraries
-	require_once ABSPATH . WPINC . '/functions.php';
 	require_once ABSPATH . WPINC . '/plugin.php';
 
 	$locales = $locations = array();

wp-includes/post-template.php

@@ -1220,7 +1220,7 @@ function get_the_password_form() {
 	$output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post">
 	<p>' . __("This post is password protected. To view it please enter your password below:") . '</p>
 	<p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p>
-	</form>
+</form>
 	';
 	return apply_filters('the_password_form', $output);
 }

wp-includes/rewrite.php

@@ -1537,7 +1537,7 @@ class WP_Rewrite {
 		$registration_pages['.*wp-register.php$'] = $this->index . '?register=true'; // Deprecated
 
 		// Post
-		$post_rewrite = $this->generate_rewrite_rules( $this->permalink_structure, EP_PERMALINK, false, true, false, false );
+		$post_rewrite = $this->generate_rewrite_rules( $this->permalink_structure, EP_PERMALINK );
 		$post_rewrite = apply_filters('post_rewrite_rules', $post_rewrite);
 
 		// Date

wp-includes/script-loader.php

@@ -62,14 +62,14 @@ function wp_default_scripts( &$scripts ) {
 	$scripts->add( 'utils', "/wp-admin/js/utils$suffix.js" );
 
 	$scripts->add( 'common', "/wp-admin/js/common$suffix.js", array('jquery', 'hoverIntent', 'utils'), false, 1 );
-	$scripts->localize( 'common', 'commonL10n', array(
+	did_action( 'init' ) && $scripts->localize( 'common', 'commonL10n', array(
 		'warnDelete' => __("You are about to permanently delete the selected items.\n  'Cancel' to stop, 'OK' to delete.")
 	) );
 
 	$scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 );
 
 	$scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 );
-	$scripts->localize( 'quicktags', 'quicktagsL10n', array(
+	did_action( 'init' ) && $scripts->localize( 'quicktags', 'quicktagsL10n', array(
 		'wordLookup' => __('Enter a word to look up:'),
 		'dictionaryLookup' => esc_attr(__('Dictionary lookup')),
 		'lookup' => esc_attr(__('lookup')),
@@ -93,13 +93,13 @@ function wp_default_scripts( &$scripts ) {
 	$scripts->add( 'prototype', '/wp-includes/js/prototype.js', array(), '1.6.1');
 
 	$scripts->add( 'wp-ajax-response', "/wp-includes/js/wp-ajax-response$suffix.js", array('jquery'), false, 1 );
-	$scripts->localize( 'wp-ajax-response', 'wpAjax', array(
+	did_action( 'init' ) && $scripts->localize( 'wp-ajax-response', 'wpAjax', array(
 		'noPerm' => __('You do not have permission to do that.'),
 		'broken' => __('An unidentified error has occurred.')
 	) );
 
 	$scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-widget', 'jquery-ui-position' ), '20111129a', 1 );
-	$scripts->localize( 'wp-pointer', 'wpPointerL10n', array(
+	did_action( 'init' ) && $scripts->localize( 'wp-pointer', 'wpPointerL10n', array(
 		'dismiss' => __('Dismiss'),
 	) );
 
@@ -170,7 +170,7 @@ function wp_default_scripts( &$scripts ) {
 	$scripts->add( 'jquery-touch-punch', "/wp-includes/js/jquery/jquery.ui.touch-punch.js", array('jquery-ui-widget', 'jquery-ui-mouse'), '0.2.2', 1 );
 
 	$scripts->add( 'thickbox', "/wp-includes/js/thickbox/thickbox.js", array('jquery'), '3.1-20111117', 1 );
-	$scripts->localize( 'thickbox', 'thickboxL10n', array(
+	did_action( 'init' ) && $scripts->localize( 'thickbox', 'thickboxL10n', array(
 			'next' => __('Next >'),
 			'prev' => __('< Prev'),
 			'image' => __('Image'),
@@ -227,10 +227,10 @@ function wp_default_scripts( &$scripts ) {
 	$scripts->add( 'plupload-all', false, array('plupload', 'plupload-html5', 'plupload-flash', 'plupload-silverlight', 'plupload-html4'), '1.5.4' );
 
 	$scripts->add( 'plupload-handlers', "/wp-includes/js/plupload/handlers$suffix.js", array('plupload-all', 'jquery') );
-	$scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n );
+	did_action( 'init' ) && $scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n );
 
 	$scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array('plupload-all', 'jquery', 'json2') );
-	$scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n );
+	did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n );
 
 	// keep 'swfupload' for back-compat.
 	$scripts->add( 'swfupload', '/wp-includes/js/swfupload/swfupload.js', array(), '2201-20110113');
@@ -246,7 +246,7 @@ function wp_default_scripts( &$scripts ) {
 	}
 
 	$scripts->add( 'swfupload-handlers', "/wp-includes/js/swfupload/handlers$suffix.js", array('swfupload-all', 'jquery'), '2201-20110524');
-	$scripts->localize( 'swfupload-handlers', 'swfuploadL10n', $uploader_l10n );
+	did_action( 'init' ) && $scripts->localize( 'swfupload-handlers', 'swfuploadL10n', $uploader_l10n );
 
 	$scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js" );
 
@@ -255,7 +255,7 @@ function wp_default_scripts( &$scripts ) {
 	$scripts->add( 'imgareaselect', "/wp-includes/js/imgareaselect/jquery.imgareaselect$suffix.js", array('jquery'), '0.9.8', 1 );
 
 	$scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array('jquery'), false, 1 );
-	$scripts->localize( 'password-strength-meter', 'pwsL10n', array(
+	did_action( 'init' ) && $scripts->localize( 'password-strength-meter', 'pwsL10n', array(
 		'empty' => __('Strength indicator'),
 		'short' => __('Very weak'),
 		'bad' => __('Weak'),
@@ -272,7 +272,7 @@ function wp_default_scripts( &$scripts ) {
 	$scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", array(), false, 1 );
 
 	$scripts->add( 'wplink', "/wp-includes/js/wplink$suffix.js", array( 'jquery', 'wpdialogs' ), false, 1 );
-	$scripts->localize( 'wplink', 'wpLinkL10n', array(
+	did_action( 'init' ) && $scripts->localize( 'wplink', 'wpLinkL10n', array(
 		'title' => __('Insert/edit link'),
 		'update' => __('Update'),
 		'save' => __('Add Link'),
@@ -285,7 +285,7 @@ function wp_default_scripts( &$scripts ) {
 	$scripts->add( 'wpdialogs-popup', "/wp-includes/js/tinymce/plugins/wpdialogs/js/popup$suffix.js", array( 'wpdialogs' ), false, 1 );
 
 	$scripts->add( 'word-count', "/wp-admin/js/word-count$suffix.js", array( 'jquery' ), false, 1 );
-	$scripts->localize( 'word-count', 'wordCountL10n', array(
+	did_action( 'init' ) && $scripts->localize( 'word-count', 'wordCountL10n', array(
 		/* translators: If your word count is based on single characters (East Asian characters),
 		   enter 'characters'. Otherwise, enter 'words'. Do not translate into your own language. */
 		'type' => 'characters' == _x( 'words', 'word count: words or characters?' ) ? 'c' : 'w',
@@ -299,7 +299,7 @@ function wp_default_scripts( &$scripts ) {
 	$scripts->add( 'customize-loader',   "/wp-includes/js/customize-loader$suffix.js",   array( 'customize-base' ), false, 1 );
 	$scripts->add( 'customize-preview',  "/wp-includes/js/customize-preview$suffix.js",  array( 'customize-base' ), false, 1 );
 	$scripts->add( 'customize-controls', "/wp-admin/js/customize-controls$suffix.js", array( 'customize-base' ), false, 1 );
-	$scripts->localize( 'customize-controls', '_wpCustomizeControlsL10n', array(
+	did_action( 'init' ) && $scripts->localize( 'customize-controls', '_wpCustomizeControlsL10n', array(
 		'activate'  => __( 'Save & Activate' ),
 		'save'      => __( 'Save & Publish' ),
 		'saved'     => __( 'Saved' ),
@@ -311,7 +311,7 @@ function wp_default_scripts( &$scripts ) {
 	if ( is_admin() ) {
 		$scripts->add( 'ajaxcat', "/wp-admin/js/cat$suffix.js", array( 'wp-lists' ) );
 		$scripts->add_data( 'ajaxcat', 'group', 1 );
-		$scripts->localize( 'ajaxcat', 'catL10n', array(
+		did_action( 'init' ) && $scripts->localize( 'ajaxcat', 'catL10n', array(
 			'add' => esc_attr(__('Add')),
 			'how' => __('Separate multiple categories with commas.')
 		) );
@@ -319,7 +319,7 @@ function wp_default_scripts( &$scripts ) {
 		$scripts->add( 'admin-categories', "/wp-admin/js/categories$suffix.js", array('wp-lists'), false, 1 );
 
 		$scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array('jquery', 'wp-ajax-response'), false, 1 );
-		$scripts->localize( 'admin-tags', 'tagsl10n', array(
+		did_action( 'init' ) && $scripts->localize( 'admin-tags', 'tagsl10n', array(
 			'noPerm' => __('You do not have permission to do that.'),
 			'broken' => __('An unidentified error has occurred.')
 		));
@@ -327,7 +327,7 @@ function wp_default_scripts( &$scripts ) {
 		$scripts->add( 'admin-custom-fields', "/wp-admin/js/custom-fields$suffix.js", array('wp-lists'), false, 1 );
 
 		$scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array('wp-lists', 'quicktags', 'jquery-query'), false, 1 );
-		$scripts->localize( 'admin-comments', 'adminCommentsL10n', array(
+		did_action( 'init' ) && $scripts->localize( 'admin-comments', 'adminCommentsL10n', array(
 			'hotkeys_highlight_first' => isset($_GET['hotkeys_highlight_first']),
 			'hotkeys_highlight_last' => isset($_GET['hotkeys_highlight_last']),
 			'replyApprove' => __( 'Approve and Reply' ),
@@ -339,7 +339,7 @@ function wp_default_scripts( &$scripts ) {
 		$scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array('jquery-ui-sortable'), false, 1 );
 
 		$scripts->add( 'post', "/wp-admin/js/post$suffix.js", array('suggest', 'wp-lists', 'postbox'), false, 1 );
-		$scripts->localize( 'post', 'postL10n', array(
+		did_action( 'init' ) && $scripts->localize( 'post', 'postL10n', array(
 			'ok' => __('OK'),
 			'cancel' => __('Cancel'),
 			'publishOn' => __('Publish on:'),
@@ -365,7 +365,7 @@ function wp_default_scripts( &$scripts ) {
 
 		$scripts->add( 'comment', "/wp-admin/js/comment$suffix.js", array('jquery') );
 		$scripts->add_data( 'comment', 'group', 1 );
-		$scripts->localize( 'comment', 'commentL10n', array(
+		did_action( 'init' ) && $scripts->localize( 'comment', 'commentL10n', array(
 			'submittedOn' => __('Submitted on:')
 		) );
 
@@ -379,7 +379,7 @@ function wp_default_scripts( &$scripts ) {
 		$scripts->add( 'theme-preview', "/wp-admin/js/theme-preview$suffix.js", array( 'thickbox', 'jquery' ), false, 1 );
 
 		$scripts->add( 'inline-edit-post', "/wp-admin/js/inline-edit-post$suffix.js", array( 'jquery', 'suggest' ), false, 1 );
-		$scripts->localize( 'inline-edit-post', 'inlineEditL10n', array(
+		did_action( 'init' ) && $scripts->localize( 'inline-edit-post', 'inlineEditL10n', array(
 			'error' => __('Error while saving the changes.'),
 			'ntdeltitle' => __('Remove From Bulk Edit'),
 			'notitle' => __('(no title)'),
@@ -387,12 +387,12 @@ function wp_default_scripts( &$scripts ) {
 		) );
 
 		$scripts->add( 'inline-edit-tax', "/wp-admin/js/inline-edit-tax$suffix.js", array( 'jquery' ), false, 1 );
-		$scripts->localize( 'inline-edit-tax', 'inlineEditL10n', array(
+		did_action( 'init' ) && $scripts->localize( 'inline-edit-tax', 'inlineEditL10n', array(
 			'error' => __('Error while saving the changes.')
 		) );
 
 		$scripts->add( 'plugin-install', "/wp-admin/js/plugin-install$suffix.js", array( 'jquery', 'thickbox' ), false, 1 );
-		$scripts->localize( 'plugin-install', 'plugininstallL10n', array(
+		did_action( 'init' ) && $scripts->localize( 'plugin-install', 'plugininstallL10n', array(
 			'plugin_information' => __('Plugin Information:'),
 			'ays' => __('Are you sure you want to install this plugin?')
 		) );
@@ -406,12 +406,12 @@ function wp_default_scripts( &$scripts ) {
 		$scripts->add( 'media', "/wp-admin/js/media$suffix.js", array( 'jquery-ui-draggable' ), false, 1 );
 
 		$scripts->add( 'image-edit', "/wp-admin/js/image-edit$suffix.js", array('jquery', 'json2', 'imgareaselect'), false, 1 );
-		$scripts->localize( 'image-edit', 'imageEditL10n', array(
+		did_action( 'init' ) && $scripts->localize( 'image-edit', 'imageEditL10n', array(
 			'error' => __( 'Could not load the preview image. Please reload the page and try again.' )
 		));
 
 		$scripts->add( 'set-post-thumbnail', "/wp-admin/js/set-post-thumbnail$suffix.js", array( 'jquery' ), false, 1 );
-		$scripts->localize( 'set-post-thumbnail', 'setPostThumbnailL10n', array(
+		did_action( 'init' ) && $scripts->localize( 'set-post-thumbnail', 'setPostThumbnailL10n', array(
 			'setThumbnail' => __( 'Use as featured image' ),
 			'saving' => __( 'Saving...' ),
 			'error' => __( 'Could not set that as the thumbnail image. Try a different attachment.' ),
@@ -420,7 +420,7 @@ function wp_default_scripts( &$scripts ) {
 
 		// Navigation Menus
 		$scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", array('jquery-ui-sortable') );
-		$scripts->localize( 'nav-menu', 'navMenuL10n', array(
+		did_action( 'init' ) && $scripts->localize( 'nav-menu', 'navMenuL10n', array(
 			'noResultsFound' => _x('No results found.', 'search results'),
 			'warnDeleteMenu' => __( "You are about to permanently delete this menu. \n 'Cancel' to stop, 'OK' to delete." ),
 			'saveAlert' => __('The changes you made will be lost if you navigate away from this page.')

wp-includes/taxonomy.php

@@ -1926,6 +1926,10 @@ function wp_get_object_terms($object_ids, $taxonomies, $args = array()) {
 	if ( !empty($orderby) )
 		$orderby = "ORDER BY $orderby";
 
+	$order = strtoupper( $order );
+	if ( '' !== $order && ! in_array( $order, array( 'ASC', 'DESC' ) ) )
+		$order = 'ASC';
+
 	$taxonomies = "'" . implode("', '", $taxonomies) . "'";
 	$object_ids = implode(', ', $object_ids);
 

wp-includes/theme.php

@@ -381,7 +381,7 @@ function search_theme_directories( $force = false ) {
 				if ( ! $sub_dirs )
 					return false;
 				foreach ( $sub_dirs as $sub_dir ) {
-					if ( ! is_dir( $theme_root . '/' . $dir ) || $dir[0] == '.' || $dir == 'CVS' )
+					if ( ! is_dir( $theme_root . '/' . $dir . '/' . $sub_dir ) || $dir[0] == '.' || $dir == 'CVS' )
 						continue;
 					if ( ! file_exists( $theme_root . '/' . $dir . '/' . $sub_dir . '/style.css' ) )
 						continue;
@@ -1629,11 +1629,12 @@ add_action( 'admin_enqueue_scripts', '_wp_customize_loader_settings' );
  * @since 3.4.0
  *
  * @param string $stylesheet Optional. Theme to customize. Defaults to current theme.
+ * 	The theme's stylesheet will be urlencoded if necessary.
  */
 function wp_customize_url( $stylesheet = null ) {
 	$url = admin_url( 'customize.php' );
 	if ( $stylesheet )
-		$url .= '?theme=' . $stylesheet;
+		$url .= '?theme=' . urlencode( $stylesheet );
 	return esc_url( $url );
 }
 

wp-includes/update.php

@@ -58,6 +58,7 @@ function wp_version_check() {
 		$multisite_enabled = 1;
 	} else {
 		$user_count = count_users( );
+		$user_count = $user_count['total_users'];
 		$multisite_enabled = 0;
 		$num_blogs = 1;
 		$wp_install = home_url( '/' );
@@ -70,7 +71,7 @@ function wp_version_check() {
 		'mysql'             => $mysql_version,
 		'local_package'     => isset( $wp_local_package ) ? $wp_local_package : '',
 		'blogs'             => $num_blogs,
-		'users'             => $user_count['total_users'],
+		'users'             => $user_count,
 		'multisite_enabled' => $multisite_enabled
 	);
 

wp-includes/version.php

@@ -4,21 +4,21 @@
  *
  * @global string $wp_version
  */
-$wp_version = '3.4';
+$wp_version = '3.4.2';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
  *
  * @global int $wp_db_version
  */
-$wp_db_version = 20596;
+$wp_db_version = 21707;
 
 /**
  * Holds the TinyMCE version
  *
  * @global string $tinymce_version
  */
-$tinymce_version = '349-20805';
+$tinymce_version = '349-21274';
 
 /**
  * Holds the cache manifest version

wp-load.php

@@ -48,8 +48,10 @@ if ( file_exists( ABSPATH . 'wp-config.php') ) {
 	require_once( ABSPATH . WPINC . '/load.php' );
 	require_once( ABSPATH . WPINC . '/version.php' );
 
-	wp_load_translations_early();
 	wp_check_php_mysql_versions();
+	wp_load_translations_early();
+
+	require_once( ABSPATH . WPINC . '/functions.php' );
 
 	// Die with an error message
 	$die  = __( "There doesn't seem to be a <code>wp-config.php</code> file. I need this before we can get started." ) . '</p>';

wp-login.php

@@ -39,7 +39,7 @@ if ( force_ssl_admin() && !is_ssl() ) {
  * @param WP_Error $wp_error Optional. WordPress Error Object
  */
 function login_header($title = 'Log In', $message = '', $wp_error = '') {
-	global $error, $interim_login, $current_site, $customize_login;
+	global $error, $interim_login, $current_site;
 
 	// Don't index any of these forms
 	add_action( 'login_head', 'wp_no_robots' );
@@ -68,9 +68,6 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
 		<meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" /><?php
 	}
 
-	if ( $customize_login )
-		wp_enqueue_script( 'customize-base' );
-
 	do_action( 'login_enqueue_scripts' );
 	do_action( 'login_head' );
 
@@ -568,6 +565,8 @@ default:
 	$secure_cookie = '';
 	$interim_login = isset($_REQUEST['interim-login']);
 	$customize_login = isset( $_REQUEST['customize-login'] );
+	if ( $customize_login )
+		wp_enqueue_script( 'customize-base' );
 
 	// If the user wants ssl but the session is not ssl, force a secure cookie.
 	if ( !empty($_POST['log']) && !force_ssl_admin() ) {
@@ -604,21 +603,18 @@ default:
 	if ( !is_wp_error($user) && !$reauth ) {
 		if ( $interim_login ) {
 			$message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
-			login_header( '', $message );
+			login_header( '', $message ); ?>
 
-			if ( ! $customize_login ) : ?>
-				<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
-				<p class="alignright">
-				<input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
-<?php		endif;
-
-			?></div><?php
-
-			do_action('login_footer');
-
-			if ( $customize_login ) : ?>
+			<?php if ( ! $customize_login ) : ?>
+			<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
+			<p class="alignright">
+			<input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
+			<?php endif; ?>
+			</div>
+			<?php do_action( 'login_footer' ); ?>
+			<?php if ( $customize_login ) : ?>
 				<script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
-<?php		endif; ?>
+			<?php endif; ?>
 			</body></html>
 <?php		exit;
 		}