Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
95929621e8 |
@@ -50,91 +50,6 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
|
||||
|
||||
<div class="changelog point-releases">
|
||||
<h3><?php _e( 'Maintenance and Security Releases' ); ?></h3>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: 1: WordPress version number, 2: plural number of bugs. More than one security issue. */
|
||||
_n(
|
||||
'<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
|
||||
'<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.',
|
||||
2
|
||||
),
|
||||
'5.2.7',
|
||||
number_format_i18n( 2 )
|
||||
);
|
||||
?>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: HelpHub URL */
|
||||
__( 'For more information, see <a href="%s">the release notes</a>.' ),
|
||||
sprintf(
|
||||
/* translators: %s: WordPress version */
|
||||
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
||||
sanitize_title( '5.2.7' )
|
||||
)
|
||||
);
|
||||
?>
|
||||
</p>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: WordPress version number */
|
||||
__( '<strong>Version %s</strong> addressed some security issues.' ),
|
||||
'5.2.6'
|
||||
);
|
||||
?>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: HelpHub URL */
|
||||
__( 'For more information, see <a href="%s">the release notes</a>.' ),
|
||||
sprintf(
|
||||
/* translators: %s: WordPress version */
|
||||
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
||||
sanitize_title( '5.2.6' )
|
||||
)
|
||||
);
|
||||
?>
|
||||
</p>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: WordPress version number */
|
||||
__( '<strong>Version %s</strong> addressed some security issues.' ),
|
||||
'5.2.5'
|
||||
);
|
||||
?>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: HelpHub URL */
|
||||
__( 'For more information, see <a href="%s">the release notes</a>.' ),
|
||||
sprintf(
|
||||
/* translators: %s: WordPress version */
|
||||
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
||||
sanitize_title( '5.2.5' )
|
||||
)
|
||||
);
|
||||
?>
|
||||
</p>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: WordPress version number */
|
||||
__( '<strong>Version %s</strong> addressed some security issues.' ),
|
||||
'5.2.4'
|
||||
);
|
||||
?>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: HelpHub URL */
|
||||
__( 'For more information, see <a href="%s">the release notes</a>.' ),
|
||||
sprintf(
|
||||
/* translators: %s: WordPress version */
|
||||
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
||||
sanitize_title( '5.2.4' )
|
||||
)
|
||||
);
|
||||
?>
|
||||
</p>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
|
||||
@@ -3057,7 +3057,7 @@ function edit_form_image_editor( $post ) {
|
||||
}
|
||||
?>
|
||||
</label>
|
||||
<?php wp_editor( format_to_edit( $post->post_content ), 'attachment_content', $editor_args ); ?>
|
||||
<?php wp_editor( $post->post_content, 'attachment_content', $editor_args ); ?>
|
||||
|
||||
</div>
|
||||
<?php
|
||||
|
||||
@@ -639,46 +639,23 @@ function set_screen_options() {
|
||||
}
|
||||
break;
|
||||
default:
|
||||
if ( '_page' === substr( $option, -5 ) || 'layout_columns' === $option ) {
|
||||
/**
|
||||
* Filters a screen option value before it is set.
|
||||
*
|
||||
* The filter can also be used to modify non-standard [items]_per_page
|
||||
* settings. See the parent function for a full list of standard options.
|
||||
*
|
||||
* Returning false to the filter will skip saving the current option.
|
||||
*
|
||||
* @since 2.8.0
|
||||
* @since 5.4.2 Only applied to options ending with '_page',
|
||||
* or the 'layout_columns' option.
|
||||
*
|
||||
* @see set_screen_options()
|
||||
*
|
||||
* @param bool $keep Whether to save or skip saving the screen option value.
|
||||
* Default false.
|
||||
* @param string $option The option name.
|
||||
* @param int $value The number of rows to use.
|
||||
*/
|
||||
$value = apply_filters( 'set-screen-option', false, $option, $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters a screen option value before it is set.
|
||||
*
|
||||
* The dynamic portion of the hook, `$option`, refers to the option name.
|
||||
* The filter can also be used to modify non-standard [items]_per_page
|
||||
* settings. See the parent function for a full list of standard options.
|
||||
*
|
||||
* Returning false to the filter will skip saving the current option.
|
||||
*
|
||||
* @since 5.4.2
|
||||
* @since 2.8.0
|
||||
*
|
||||
* @see set_screen_options()
|
||||
*
|
||||
* @param bool $keep Whether to save or skip saving the screen option value.
|
||||
* Default false.
|
||||
* @param string $option The option name.
|
||||
* @param int $value The number of rows to use.
|
||||
* @param bool $keep Whether to save or skip saving the screen option value. Default false.
|
||||
* @param string $option The option name.
|
||||
* @param int $value The number of rows to use.
|
||||
*/
|
||||
$value = apply_filters( "set_screen_option_{$option}", false, $option, $value );
|
||||
$value = apply_filters( 'set-screen-option', false, $option, $value );
|
||||
|
||||
if ( false === $value ) {
|
||||
return;
|
||||
|
||||
@@ -273,7 +273,6 @@ function get_theme_feature_list( $api = true ) {
|
||||
|
||||
__( 'Features' ) => array(
|
||||
'accessibility-ready' => __( 'Accessibility Ready' ),
|
||||
'block-styles' => __( 'Block Editor Styles' ),
|
||||
'custom-background' => __( 'Custom Background' ),
|
||||
'custom-colors' => __( 'Custom Colors' ),
|
||||
'custom-header' => __( 'Custom Header' ),
|
||||
@@ -296,7 +295,6 @@ function get_theme_feature_list( $api = true ) {
|
||||
'four-columns' => __( 'Four Columns' ),
|
||||
'left-sidebar' => __( 'Left Sidebar' ),
|
||||
'right-sidebar' => __( 'Right Sidebar' ),
|
||||
'wide-blocks' => __( 'Wide Blocks' ),
|
||||
),
|
||||
|
||||
);
|
||||
|
||||
@@ -396,7 +396,7 @@ if ( ! is_multisite() && current_user_can( 'edit_themes' ) && $broken_themes = w
|
||||
</tr>
|
||||
<?php foreach ( $broken_themes as $broken_theme ) : ?>
|
||||
<tr>
|
||||
<td><?php echo $broken_theme->get( 'Name' ) ? $broken_theme->display( 'Name' ) : esc_html( $broken_theme->get_stylesheet() ); ?></td>
|
||||
<td><?php echo $broken_theme->get( 'Name' ) ? $broken_theme->display( 'Name' ) : $broken_theme->get_stylesheet(); ?></td>
|
||||
<td><?php echo $broken_theme->errors()->get_error_message(); ?></td>
|
||||
<?php
|
||||
if ( $can_resume ) {
|
||||
|
||||
@@ -56,8 +56,8 @@ do_action( 'set_comment_cookies', $comment, $user, $cookies_consent );
|
||||
|
||||
$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
|
||||
|
||||
// If user didn't consent to cookies, add specific query arguments to display the awaiting moderation message.
|
||||
if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) {
|
||||
// Add specific query arguments to display the awaiting moderation message.
|
||||
if ( 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) {
|
||||
$location = add_query_arg(
|
||||
array(
|
||||
'unapproved' => $comment->comment_ID,
|
||||
|
||||
@@ -74,11 +74,11 @@ function has_blocks( $post = null ) {
|
||||
* @since 5.0.0
|
||||
* @see parse_blocks()
|
||||
*
|
||||
* @param string $block_name Full Block type to look for.
|
||||
* @param string $block_type Full Block type to look for.
|
||||
* @param int|string|WP_Post|null $post Optional. Post content, post ID, or post object. Defaults to global $post.
|
||||
* @return bool Whether the post content contains the specified block.
|
||||
*/
|
||||
function has_block( $block_name, $post = null ) {
|
||||
function has_block( $block_type, $post = null ) {
|
||||
if ( ! has_blocks( $post ) ) {
|
||||
return false;
|
||||
}
|
||||
@@ -90,30 +90,7 @@ function has_block( $block_name, $post = null ) {
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Normalize block name to include namespace, if provided as non-namespaced.
|
||||
* This matches behavior for WordPress 5.0.0 - 5.3.0 in matching blocks by
|
||||
* their serialized names.
|
||||
*/
|
||||
if ( false === strpos( $block_name, '/' ) ) {
|
||||
$block_name = 'core/' . $block_name;
|
||||
}
|
||||
|
||||
// Test for existence of block by its fully qualified name.
|
||||
$has_block = false !== strpos( $post, '<!-- wp:' . $block_name . ' ' );
|
||||
|
||||
if ( ! $has_block ) {
|
||||
/*
|
||||
* If the given block name would serialize to a different name, test for
|
||||
* existence by the serialized form.
|
||||
*/
|
||||
$serialized_block_name = strip_core_block_namespace( $block_name );
|
||||
if ( $serialized_block_name !== $block_name ) {
|
||||
$has_block = false !== strpos( $post, '<!-- wp:' . $serialized_block_name . ' ' );
|
||||
}
|
||||
}
|
||||
|
||||
return $has_block;
|
||||
return false !== strpos( $post, '<!-- wp:' . $block_type . ' ' );
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -136,207 +113,6 @@ function get_dynamic_block_names() {
|
||||
return $dynamic_block_names;
|
||||
}
|
||||
|
||||
/**
|
||||
* Given an array of attributes, returns a string in the serialized attributes
|
||||
* format prepared for post content.
|
||||
*
|
||||
* The serialized result is a JSON-encoded string, with unicode escape sequence
|
||||
* substitution for characters which might otherwise interfere with embedding
|
||||
* the result in an HTML comment.
|
||||
*
|
||||
* @since 5.3.1
|
||||
*
|
||||
* @param array $attributes Attributes object.
|
||||
* @return string Serialized attributes.
|
||||
*/
|
||||
function serialize_block_attributes( $block_attributes ) {
|
||||
$encoded_attributes = json_encode( $block_attributes );
|
||||
$encoded_attributes = preg_replace( '/--/', '\\u002d\\u002d', $encoded_attributes );
|
||||
$encoded_attributes = preg_replace( '/</', '\\u003c', $encoded_attributes );
|
||||
$encoded_attributes = preg_replace( '/>/', '\\u003e', $encoded_attributes );
|
||||
$encoded_attributes = preg_replace( '/&/', '\\u0026', $encoded_attributes );
|
||||
// Regex: /\\"/
|
||||
$encoded_attributes = preg_replace( '/\\\\"/', '\\u0022', $encoded_attributes );
|
||||
|
||||
return $encoded_attributes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the block name to use for serialization. This will remove the default
|
||||
* "core/" namespace from a block name.
|
||||
*
|
||||
* @since 5.3.1
|
||||
*
|
||||
* @param string $block_name Original block name.
|
||||
* @return string Block name to use for serialization.
|
||||
*/
|
||||
function strip_core_block_namespace( $block_name = null ) {
|
||||
if ( is_string( $block_name ) && 0 === strpos( $block_name, 'core/' ) ) {
|
||||
return substr( $block_name, 5 );
|
||||
}
|
||||
|
||||
return $block_name;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the content of a block, including comment delimiters.
|
||||
*
|
||||
* @since 5.3.1
|
||||
*
|
||||
* @param string $block_name Block name.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Block save content.
|
||||
* @return string Comment-delimited block content.
|
||||
*/
|
||||
function get_comment_delimited_block_content( $block_name = null, $block_attributes, $block_content ) {
|
||||
if ( is_null( $block_name ) ) {
|
||||
return $block_content;
|
||||
}
|
||||
|
||||
$serialized_block_name = strip_core_block_namespace( $block_name );
|
||||
$serialized_attributes = empty( $block_attributes ) ? '' : serialize_block_attributes( $block_attributes ) . ' ';
|
||||
|
||||
if ( empty( $block_content ) ) {
|
||||
return sprintf( '<!-- wp:%s %s/-->', $serialized_block_name, $serialized_attributes );
|
||||
}
|
||||
|
||||
return sprintf(
|
||||
'<!-- wp:%s %s-->%s<!-- /wp:%s -->',
|
||||
$serialized_block_name,
|
||||
$serialized_attributes,
|
||||
$block_content,
|
||||
$serialized_block_name
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the content of a block, including comment delimiters, serializing all
|
||||
* attributes from the given parsed block.
|
||||
*
|
||||
* This should be used when preparing a block to be saved to post content.
|
||||
* Prefer `render_block` when preparing a block for display. Unlike
|
||||
* `render_block`, this does not evaluate a block's `render_callback`, and will
|
||||
* instead preserve the markup as parsed.
|
||||
*
|
||||
* @since 5.3.1
|
||||
*
|
||||
* @param WP_Block_Parser_Block $block A single parsed block object.
|
||||
* @return string String of rendered HTML.
|
||||
*/
|
||||
function serialize_block( $block ) {
|
||||
$block_content = '';
|
||||
|
||||
$index = 0;
|
||||
foreach ( $block['innerContent'] as $chunk ) {
|
||||
$block_content .= is_string( $chunk ) ? $chunk : serialize_block( $block['innerBlocks'][ $index++ ] );
|
||||
}
|
||||
|
||||
if ( ! is_array( $block['attrs'] ) ) {
|
||||
$block['attrs'] = array();
|
||||
}
|
||||
|
||||
return get_comment_delimited_block_content(
|
||||
$block['blockName'],
|
||||
$block['attrs'],
|
||||
$block_content
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a joined string of the aggregate serialization of the given parsed
|
||||
* blocks.
|
||||
*
|
||||
* @since 5.3.1
|
||||
*
|
||||
* @param WP_Block_Parser_Block[] $blocks Parsed block objects.
|
||||
* @return string String of rendered HTML.
|
||||
*/
|
||||
function serialize_blocks( $blocks ) {
|
||||
return implode( '', array_map( 'serialize_block', $blocks ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters and sanitizes block content to remove non-allowable HTML from
|
||||
* parsed block attribute values.
|
||||
*
|
||||
* @since 5.3.1
|
||||
*
|
||||
* @param string $text Text that may contain block content.
|
||||
* @param array[]|string $allowed_html An array of allowed HTML elements
|
||||
* and attributes, or a context name
|
||||
* such as 'post'.
|
||||
* @param string[] $allowed_protocols Array of allowed URL protocols.
|
||||
* @return string The filtered and sanitized content result.
|
||||
*/
|
||||
function filter_block_content( $text, $allowed_html = 'post', $allowed_protocols = array() ) {
|
||||
$result = '';
|
||||
|
||||
$blocks = parse_blocks( $text );
|
||||
foreach ( $blocks as $block ) {
|
||||
$block = filter_block_kses( $block, $allowed_html, $allowed_protocols );
|
||||
$result .= serialize_block( $block );
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters and sanitizes a parsed block to remove non-allowable HTML from block
|
||||
* attribute values.
|
||||
*
|
||||
* @since 5.3.1
|
||||
*
|
||||
* @param WP_Block_Parser_Block $block The parsed block object.
|
||||
* @param array[]|string $allowed_html An array of allowed HTML
|
||||
* elements and attributes, or a
|
||||
* context name such as 'post'.
|
||||
* @param string[] $allowed_protocols Allowed URL protocols.
|
||||
* @return array The filtered and sanitized block object result.
|
||||
*/
|
||||
function filter_block_kses( $block, $allowed_html, $allowed_protocols = array() ) {
|
||||
$block['attrs'] = filter_block_kses_value( $block['attrs'], $allowed_html, $allowed_protocols );
|
||||
|
||||
if ( is_array( $block['innerBlocks'] ) ) {
|
||||
foreach ( $block['innerBlocks'] as $i => $inner_block ) {
|
||||
$block['innerBlocks'][ $i ] = filter_block_kses( $inner_block, $allowed_html, $allowed_protocols );
|
||||
}
|
||||
}
|
||||
|
||||
return $block;
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters and sanitizes a parsed block attribute value to remove non-allowable
|
||||
* HTML.
|
||||
*
|
||||
* @since 5.3.1
|
||||
*
|
||||
* @param mixed $value The attribute value to filter.
|
||||
* @param array[]|string $allowed_html An array of allowed HTML elements
|
||||
* and attributes, or a context name
|
||||
* such as 'post'.
|
||||
* @param string[] $allowed_protocols Array of allowed URL protocols.
|
||||
* @return array The filtered and sanitized result.
|
||||
*/
|
||||
function filter_block_kses_value( $value, $allowed_html, $allowed_protocols = array() ) {
|
||||
if ( is_array( $value ) ) {
|
||||
foreach ( $value as $key => $inner_value ) {
|
||||
$filtered_key = filter_block_kses_value( $key, $allowed_html, $allowed_protocols );
|
||||
$filtered_value = filter_block_kses_value( $inner_value, $allowed_html, $allowed_protocols );
|
||||
|
||||
if ( $filtered_key !== $key ) {
|
||||
unset( $value[ $key ] );
|
||||
}
|
||||
|
||||
$value[ $filtered_key ] = $filtered_value;
|
||||
}
|
||||
} elseif ( is_string( $value ) ) {
|
||||
return wp_kses( $value, $allowed_html, $allowed_protocols );
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
/**
|
||||
* Parses blocks out of a content string, and renders those appropriate for the excerpt.
|
||||
*
|
||||
|
||||
@@ -80,7 +80,7 @@ function render_block_core_rss( $attributes ) {
|
||||
}
|
||||
|
||||
$classes = 'grid' === $attributes['blockLayout'] ? ' is-grid columns-' . $attributes['columns'] : '';
|
||||
$list_items_markup = sprintf( "<ul class='%s'>%s</ul>", esc_attr( $class ), $list_items );
|
||||
$list_items_markup = "<ul class='wp-block-rss{$classes}'>{$list_items}</ul>";
|
||||
|
||||
// PHP 5.2 compatibility. See: http://simplepie.org/wiki/faq/i_m_getting_memory_leaks.
|
||||
$rss->__destruct();
|
||||
|
||||
@@ -46,7 +46,7 @@ function render_block_core_search( $attributes ) {
|
||||
|
||||
return sprintf(
|
||||
'<form class="%s" role="search" method="get" action="%s">%s</form>',
|
||||
esc_attr( $class ),
|
||||
$class,
|
||||
esc_url( home_url( '/' ) ),
|
||||
$label_markup . $input_markup . $button_markup
|
||||
);
|
||||
|
||||
@@ -695,7 +695,7 @@ class WP_Object_Cache {
|
||||
echo '</p>';
|
||||
echo '<ul>';
|
||||
foreach ( $this->cache as $group => $cache ) {
|
||||
echo '<li><strong>Group:</strong> ' . esc_html( $group ) . ' - ( ' . number_format( strlen( serialize( $cache ) ) / KB_IN_BYTES, 2 ) . 'k )</li>';
|
||||
echo "<li><strong>Group:</strong> $group - ( " . number_format( strlen( serialize( $cache ) ) / KB_IN_BYTES, 2 ) . 'k )</li>';
|
||||
}
|
||||
echo '</ul>';
|
||||
}
|
||||
|
||||
@@ -181,11 +181,7 @@ class Walker_Comment extends Walker {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( 'comment' === $comment->comment_type ) {
|
||||
add_filter( 'comment_text', array( $this, 'filter_comment_text' ), 40, 2 );
|
||||
}
|
||||
|
||||
if ( ( 'pingback' === $comment->comment_type || 'trackback' === $comment->comment_type ) && $args['short_ping'] ) {
|
||||
if ( ( 'pingback' == $comment->comment_type || 'trackback' == $comment->comment_type ) && $args['short_ping'] ) {
|
||||
ob_start();
|
||||
$this->ping( $comment, $depth, $args );
|
||||
$output .= ob_get_clean();
|
||||
@@ -198,10 +194,6 @@ class Walker_Comment extends Walker {
|
||||
$this->comment( $comment, $depth, $args );
|
||||
$output .= ob_get_clean();
|
||||
}
|
||||
|
||||
if ( 'comment' === $comment->comment_type ) {
|
||||
remove_filter( 'comment_text', array( $this, 'filter_comment_text' ), 40, 2 );
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -252,29 +244,6 @@ class Walker_Comment extends Walker {
|
||||
<?php
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters the comment text.
|
||||
*
|
||||
* Removes links from the pending comment's text if the commenter did not consent
|
||||
* to the comment cookies.
|
||||
*
|
||||
* @since 5.4.2
|
||||
*
|
||||
* @param string $comment_text Text of the current comment.
|
||||
* @param WP_Comment|null $comment The comment object. Null if not found.
|
||||
* @return string Filtered text of the current comment.
|
||||
*/
|
||||
public function filter_comment_text( $comment_text, $comment ) {
|
||||
$commenter = wp_get_current_commenter();
|
||||
$show_pending_links = ! empty( $commenter['comment_author'] );
|
||||
|
||||
if ( $comment && '0' == $comment->comment_approved && ! $show_pending_links ) {
|
||||
$comment_text = wp_kses( $comment_text, array() );
|
||||
}
|
||||
|
||||
return $comment_text;
|
||||
}
|
||||
|
||||
/**
|
||||
* Outputs a single comment.
|
||||
*
|
||||
@@ -295,14 +264,13 @@ class Walker_Comment extends Walker {
|
||||
$add_below = 'div-comment';
|
||||
}
|
||||
|
||||
$commenter = wp_get_current_commenter();
|
||||
$show_pending_links = isset( $commenter['comment_author'] ) && $commenter['comment_author'];
|
||||
|
||||
$commenter = wp_get_current_commenter();
|
||||
if ( $commenter['comment_author_email'] ) {
|
||||
$moderation_note = __( 'Your comment is awaiting moderation.' );
|
||||
} else {
|
||||
$moderation_note = __( 'Your comment is awaiting moderation. This is a preview, your comment will be visible after it has been approved.' );
|
||||
}
|
||||
|
||||
?>
|
||||
<<?php echo $tag; ?> <?php comment_class( $this->has_children ? 'parent' : '', $comment ); ?> id="comment-<?php comment_ID(); ?>">
|
||||
<?php if ( 'div' != $args['style'] ) : ?>
|
||||
@@ -311,21 +279,14 @@ class Walker_Comment extends Walker {
|
||||
<div class="comment-author vcard">
|
||||
<?php
|
||||
if ( 0 != $args['avatar_size'] ) {
|
||||
echo get_avatar( $comment, $args['avatar_size'] );
|
||||
}
|
||||
echo get_avatar( $comment, $args['avatar_size'] );}
|
||||
?>
|
||||
<?php
|
||||
$comment_author = get_comment_author_link( $comment );
|
||||
|
||||
if ( '0' == $comment->comment_approved && ! $show_pending_links ) {
|
||||
$comment_author = get_comment_author( $comment );
|
||||
}
|
||||
|
||||
printf(
|
||||
/* translators: %s: Comment author link. */
|
||||
__( '%s <span class="says">says:</span>' ),
|
||||
sprintf( '<cite class="fn">%s</cite>', $comment_author )
|
||||
);
|
||||
/* translators: %s: comment author link */
|
||||
printf(
|
||||
__( '%s <span class="says">says:</span>' ),
|
||||
sprintf( '<cite class="fn">%s</cite>', get_comment_author_link( $comment ) )
|
||||
);
|
||||
?>
|
||||
</div>
|
||||
<?php if ( '0' == $comment->comment_approved ) : ?>
|
||||
@@ -393,14 +354,13 @@ class Walker_Comment extends Walker {
|
||||
protected function html5_comment( $comment, $depth, $args ) {
|
||||
$tag = ( 'div' === $args['style'] ) ? 'div' : 'li';
|
||||
|
||||
$commenter = wp_get_current_commenter();
|
||||
$show_pending_links = ! empty( $commenter['comment_author'] );
|
||||
|
||||
$commenter = wp_get_current_commenter();
|
||||
if ( $commenter['comment_author_email'] ) {
|
||||
$moderation_note = __( 'Your comment is awaiting moderation.' );
|
||||
} else {
|
||||
$moderation_note = __( 'Your comment is awaiting moderation. This is a preview, your comment will be visible after it has been approved.' );
|
||||
}
|
||||
|
||||
?>
|
||||
<<?php echo $tag; ?> id="comment-<?php comment_ID(); ?>" <?php comment_class( $this->has_children ? 'parent' : '', $comment ); ?>>
|
||||
<article id="div-comment-<?php comment_ID(); ?>" class="comment-body">
|
||||
@@ -408,21 +368,14 @@ class Walker_Comment extends Walker {
|
||||
<div class="comment-author vcard">
|
||||
<?php
|
||||
if ( 0 != $args['avatar_size'] ) {
|
||||
echo get_avatar( $comment, $args['avatar_size'] );
|
||||
}
|
||||
echo get_avatar( $comment, $args['avatar_size'] );}
|
||||
?>
|
||||
<?php
|
||||
$comment_author = get_comment_author_link( $comment );
|
||||
|
||||
if ( '0' == $comment->comment_approved && ! $show_pending_links ) {
|
||||
$comment_author = get_comment_author( $comment );
|
||||
}
|
||||
|
||||
printf(
|
||||
/* translators: %s: Comment author link. */
|
||||
__( '%s <span class="says">says:</span>' ),
|
||||
sprintf( '<b class="fn">%s</b>', $comment_author )
|
||||
);
|
||||
/* translators: %s: comment author link */
|
||||
printf(
|
||||
__( '%s <span class="says">says:</span>' ),
|
||||
sprintf( '<b class="fn">%s</b>', get_comment_author_link( $comment ) )
|
||||
);
|
||||
?>
|
||||
</div><!-- .comment-author -->
|
||||
|
||||
@@ -448,20 +401,18 @@ class Walker_Comment extends Walker {
|
||||
</div><!-- .comment-content -->
|
||||
|
||||
<?php
|
||||
if ( '1' == $comment->comment_approved || $show_pending_links ) {
|
||||
comment_reply_link(
|
||||
array_merge(
|
||||
$args,
|
||||
array(
|
||||
'add_below' => 'div-comment',
|
||||
'depth' => $depth,
|
||||
'max_depth' => $args['max_depth'],
|
||||
'before' => '<div class="reply">',
|
||||
'after' => '</div>',
|
||||
)
|
||||
comment_reply_link(
|
||||
array_merge(
|
||||
$args,
|
||||
array(
|
||||
'add_below' => 'div-comment',
|
||||
'depth' => $depth,
|
||||
'max_depth' => $args['max_depth'],
|
||||
'before' => '<div class="reply">',
|
||||
'after' => '</div>',
|
||||
)
|
||||
);
|
||||
}
|
||||
)
|
||||
);
|
||||
?>
|
||||
</article><!-- .comment-body -->
|
||||
<?php
|
||||
|
||||
@@ -527,15 +527,10 @@ class WP_Comment_Query {
|
||||
// Numeric values are assumed to be user ids.
|
||||
if ( is_numeric( $unapproved_identifier ) ) {
|
||||
$approved_clauses[] = $wpdb->prepare( "( user_id = %d AND comment_approved = '0' )", $unapproved_identifier );
|
||||
} else {
|
||||
|
||||
// Otherwise we match against email addresses.
|
||||
if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
|
||||
// Only include requested comment.
|
||||
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' AND comment_ID = %d )", $unapproved_identifier, (int) $_GET['unapproved'] );
|
||||
} else {
|
||||
// Include all of the author's unapproved comments.
|
||||
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier );
|
||||
}
|
||||
} else {
|
||||
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2886,11 +2886,22 @@ final class WP_Customize_Manager {
|
||||
add_filter( 'wp_save_post_revision_post_has_changed', array( $this, '_filter_revision_post_has_changed' ), 5, 3 );
|
||||
|
||||
/*
|
||||
* Update the changeset post. The publish_customize_changeset action will cause the settings in the
|
||||
* changeset to be saved via WP_Customize_Setting::save(). Updating a post with publish status will
|
||||
* trigger WP_Customize_Manager::publish_changeset_values().
|
||||
* Update the changeset post. The publish_customize_changeset action
|
||||
* will cause the settings in the changeset to be saved via
|
||||
* WP_Customize_Setting::save().
|
||||
*/
|
||||
add_filter( 'wp_insert_post_data', array( $this, 'preserve_insert_changeset_post_content' ), 5, 3 );
|
||||
|
||||
// Prevent content filters from corrupting JSON in post_content.
|
||||
$has_kses = ( false !== has_filter( 'content_save_pre', 'wp_filter_post_kses' ) );
|
||||
if ( $has_kses ) {
|
||||
kses_remove_filters();
|
||||
}
|
||||
$has_targeted_link_rel_filters = ( false !== has_filter( 'content_save_pre', 'wp_targeted_link_rel' ) );
|
||||
if ( $has_targeted_link_rel_filters ) {
|
||||
wp_remove_targeted_link_rel_filters();
|
||||
}
|
||||
|
||||
// Note that updating a post with publish status will trigger WP_Customize_Manager::publish_changeset_values().
|
||||
if ( $changeset_post_id ) {
|
||||
if ( $args['autosave'] && 'auto-draft' !== get_post_status( $changeset_post_id ) ) {
|
||||
// See _wp_translate_postdata() for why this is required as it will use the edit_post meta capability.
|
||||
@@ -2917,7 +2928,14 @@ final class WP_Customize_Manager {
|
||||
$this->_changeset_post_id = $r; // Update cached post ID for the loaded changeset.
|
||||
}
|
||||
}
|
||||
remove_filter( 'wp_insert_post_data', array( $this, 'preserve_insert_changeset_post_content' ), 5 );
|
||||
|
||||
// Restore removed content filters.
|
||||
if ( $has_kses ) {
|
||||
kses_init_filters();
|
||||
}
|
||||
if ( $has_targeted_link_rel_filters ) {
|
||||
wp_init_targeted_link_rel_filters();
|
||||
}
|
||||
|
||||
$this->_changeset_data = null; // Reset so WP_Customize_Manager::changeset_data() will re-populate with updated contents.
|
||||
|
||||
@@ -2935,51 +2953,6 @@ final class WP_Customize_Manager {
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Preserve the initial JSON post_content passed to save into the post.
|
||||
*
|
||||
* This is needed to prevent KSES and other {@see 'content_save_pre'} filters
|
||||
* from corrupting JSON data.
|
||||
*
|
||||
* Note that WP_Customize_Manager::validate_setting_values() have already
|
||||
* run on the setting values being serialized as JSON into the post content
|
||||
* so it is pre-sanitized.
|
||||
*
|
||||
* Also, the sanitization logic is re-run through the respective
|
||||
* WP_Customize_Setting::sanitize() method when being read out of the
|
||||
* changeset, via WP_Customize_Manager::post_value(), and this sanitized
|
||||
* value will also be sent into WP_Customize_Setting::update() for
|
||||
* persisting to the DB.
|
||||
*
|
||||
* Multiple users can collaborate on a single changeset, where one user may
|
||||
* have the unfiltered_html capability but another may not. A user with
|
||||
* unfiltered_html may add a script tag to some field which needs to be kept
|
||||
* intact even when another user updates the changeset to modify another field
|
||||
* when they do not have unfiltered_html.
|
||||
*
|
||||
* @since 5.4.1
|
||||
*
|
||||
* @param array $data An array of slashed and processed post data.
|
||||
* @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data.
|
||||
* @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as originally passed to wp_insert_post().
|
||||
* @return array Filtered post data.
|
||||
*/
|
||||
public function preserve_insert_changeset_post_content( $data, $postarr, $unsanitized_postarr ) {
|
||||
if (
|
||||
isset( $data['post_type'] ) &&
|
||||
isset( $unsanitized_postarr['post_content'] ) &&
|
||||
'customize_changeset' === $data['post_type'] ||
|
||||
(
|
||||
'revision' === $data['post_type'] &&
|
||||
! empty( $data['post_parent'] ) &&
|
||||
'customize_changeset' === get_post_type( $data['post_parent'] )
|
||||
)
|
||||
) {
|
||||
$data['post_content'] = $unsanitized_postarr['post_content'];
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Trash or delete a changeset post.
|
||||
*
|
||||
|
||||
@@ -538,6 +538,7 @@ class WP_Query {
|
||||
'attachment',
|
||||
'attachment_id',
|
||||
'name',
|
||||
'static',
|
||||
'pagename',
|
||||
'page_id',
|
||||
'second',
|
||||
@@ -797,7 +798,11 @@ class WP_Query {
|
||||
$this->is_single = true;
|
||||
} elseif ( $qv['p'] ) {
|
||||
$this->is_single = true;
|
||||
} elseif ( '' != $qv['pagename'] || ! empty( $qv['page_id'] ) ) {
|
||||
} elseif ( ( '' !== $qv['hour'] ) && ( '' !== $qv['minute'] ) && ( '' !== $qv['second'] ) && ( '' != $qv['year'] ) && ( '' != $qv['monthnum'] ) && ( '' != $qv['day'] ) ) {
|
||||
// If year, month, day, hour, minute, and second are set, a single
|
||||
// post is being queried.
|
||||
$this->is_single = true;
|
||||
} elseif ( '' != $qv['static'] || '' != $qv['pagename'] || ! empty( $qv['page_id'] ) ) {
|
||||
$this->is_page = true;
|
||||
$this->is_single = false;
|
||||
} else {
|
||||
|
||||
@@ -14,7 +14,7 @@ class WP {
|
||||
* @since 2.0.0
|
||||
* @var string[]
|
||||
*/
|
||||
public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
|
||||
public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
|
||||
|
||||
/**
|
||||
* Private query variables.
|
||||
@@ -403,10 +403,6 @@ class WP {
|
||||
|
||||
if ( is_user_logged_in() ) {
|
||||
$headers = array_merge( $headers, wp_get_nocache_headers() );
|
||||
} elseif ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
|
||||
// Unmoderated comments are only visible for one minute via the moderation hash.
|
||||
$headers['Expires'] = gmdate( 'D, d M Y H:i:s', time() + MINUTE_IN_SECONDS );
|
||||
$headers['Cache-Control'] = 'max-age=60, must-revalidate';
|
||||
}
|
||||
if ( ! empty( $this->query_vars['error'] ) ) {
|
||||
$status = (int) $this->query_vars['error'];
|
||||
|
||||
@@ -591,28 +591,28 @@ function comment_date( $d = '', $comment_ID = 0 ) {
|
||||
* @return string The maybe truncated comment with 20 words or less.
|
||||
*/
|
||||
function get_comment_excerpt( $comment_ID = 0 ) {
|
||||
$comment = get_comment( $comment_ID );
|
||||
|
||||
if ( ! post_password_required( $comment->comment_post_ID ) ) {
|
||||
$comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) );
|
||||
} else {
|
||||
$comment_text = __( 'Password protected' );
|
||||
}
|
||||
|
||||
/* translators: Maximum number of words used in a comment excerpt. */
|
||||
$comment_excerpt_length = intval( _x( '20', 'comment_excerpt_length' ) );
|
||||
$comment = get_comment( $comment_ID );
|
||||
$comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) );
|
||||
$words = explode( ' ', $comment_text );
|
||||
|
||||
/**
|
||||
* Filters the maximum number of words used in the comment excerpt.
|
||||
* Filters the amount of words used in the comment excerpt.
|
||||
*
|
||||
* @since 4.4.0
|
||||
*
|
||||
* @param int $comment_excerpt_length The amount of words you want to display in the comment excerpt.
|
||||
*/
|
||||
$comment_excerpt_length = apply_filters( 'comment_excerpt_length', $comment_excerpt_length );
|
||||
$comment_excerpt_length = apply_filters( 'comment_excerpt_length', 20 );
|
||||
|
||||
$excerpt = wp_trim_words( $comment_text, $comment_excerpt_length, '…' );
|
||||
$use_ellipsis = count( $words ) > $comment_excerpt_length;
|
||||
if ( $use_ellipsis ) {
|
||||
$words = array_slice( $words, 0, $comment_excerpt_length );
|
||||
}
|
||||
|
||||
$excerpt = trim( join( ' ', $words ) );
|
||||
if ( $use_ellipsis ) {
|
||||
$excerpt .= '…';
|
||||
}
|
||||
/**
|
||||
* Filters the retrieved comment excerpt.
|
||||
*
|
||||
@@ -999,7 +999,7 @@ function comment_text( $comment_ID = 0, $args = array() ) {
|
||||
* @see Walker_Comment::comment()
|
||||
*
|
||||
* @param string $comment_text Text of the current comment.
|
||||
* @param WP_Comment|null $comment The comment object. Null if not found.
|
||||
* @param WP_Comment|null $comment The comment object.
|
||||
* @param array $args An array of arguments.
|
||||
*/
|
||||
echo apply_filters( 'comment_text', $comment_text, $comment, $args );
|
||||
@@ -2311,13 +2311,13 @@ function comment_form( $args = array(), $post_id = null ) {
|
||||
/** This filter is documented in wp-includes/link-template.php */
|
||||
'must_log_in' => '<p class="must-log-in">' . sprintf(
|
||||
/* translators: %s: login URL */
|
||||
__( 'You must be <a href="%s">logged in</a> to post a comment.' ),
|
||||
__( 'You must be <a href="%s">logged in</a> to post a comment.' ),
|
||||
wp_login_url( apply_filters( 'the_permalink', get_permalink( $post_id ), $post_id ) )
|
||||
) . '</p>',
|
||||
/** This filter is documented in wp-includes/link-template.php */
|
||||
'logged_in_as' => '<p class="logged-in-as">' . sprintf(
|
||||
/* translators: 1: edit user link, 2: accessibility text, 3: user name, 4: logout URL */
|
||||
__( '<a href="%1$s" aria-label="%2$s">Logged in as %3$s</a>. <a href="%4$s">Log out?</a>' ),
|
||||
__( '<a href="%1$s" aria-label="%2$s">Logged in as %3$s</a>. <a href="%4$s">Log out?</a>' ),
|
||||
get_edit_user_link(),
|
||||
/* translators: %s: user name */
|
||||
esc_attr( sprintf( __( 'Logged in as %s. Edit your profile.' ), $user_identity ) ),
|
||||
|
||||
@@ -1808,12 +1808,7 @@ function wp_get_unapproved_comment_author_email() {
|
||||
$comment = get_comment( $comment_id );
|
||||
|
||||
if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) {
|
||||
// The comment will only be viewable by the comment author for 1 minute.
|
||||
$comment_preview_expires = strtotime( $comment->comment_date_gmt . '+1 minute' );
|
||||
|
||||
if ( time() < $comment_preview_expires ) {
|
||||
$commenter_email = $comment->comment_author_email;
|
||||
}
|
||||
$commenter_email = $comment->comment_author_email;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -245,7 +245,6 @@ add_filter( 'option_siteurl', '_config_wp_siteurl' );
|
||||
add_filter( 'tiny_mce_before_init', '_mce_set_direction' );
|
||||
add_filter( 'teeny_mce_before_init', '_mce_set_direction' );
|
||||
add_filter( 'pre_kses', 'wp_pre_kses_less_than' );
|
||||
add_filter( 'pre_kses', 'wp_pre_kses_block_attributes', 10, 3 );
|
||||
add_filter( 'sanitize_title', 'sanitize_title_with_dashes', 10, 3 );
|
||||
add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );
|
||||
add_filter( 'comment_flood_filter', 'wp_throttle_comment_flood', 10, 3 );
|
||||
@@ -573,8 +572,8 @@ add_filter( 'the_excerpt_embed', 'wpautop' );
|
||||
add_filter( 'the_excerpt_embed', 'shortcode_unautop' );
|
||||
add_filter( 'the_excerpt_embed', 'wp_embed_excerpt_attachment' );
|
||||
|
||||
add_filter( 'oembed_dataparse', 'wp_filter_oembed_iframe_title_attribute', 5, 3 );
|
||||
add_filter( 'oembed_dataparse', 'wp_filter_oembed_result', 10, 3 );
|
||||
add_filter( 'oembed_dataparse', 'wp_filter_oembed_iframe_title_attribute', 20, 3 );
|
||||
add_filter( 'oembed_response_data', 'get_oembed_response_data_rich', 10, 4 );
|
||||
add_filter( 'pre_oembed_result', 'wp_filter_pre_oembed_result', 10, 3 );
|
||||
|
||||
|
||||
@@ -797,24 +797,11 @@ function wp_filter_oembed_iframe_title_attribute( $result, $data, $url ) {
|
||||
|
||||
$title = ! empty( $data->title ) ? $data->title : '';
|
||||
|
||||
$pattern = '`<iframe([^>]*)>`i';
|
||||
if ( preg_match( $pattern, $result, $matches ) ) {
|
||||
$attrs = wp_kses_hair( $matches[1], wp_allowed_protocols() );
|
||||
$pattern = '`<iframe[^>]*?title=(\\\\\'|\\\\"|[\'"])([^>]*?)\1`i';
|
||||
$has_title_attr = preg_match( $pattern, $result, $matches );
|
||||
|
||||
foreach ( $attrs as $attr => $item ) {
|
||||
$lower_attr = strtolower( $attr );
|
||||
if ( $lower_attr === $attr ) {
|
||||
continue;
|
||||
}
|
||||
if ( ! isset( $attrs[ $lower_attr ] ) ) {
|
||||
$attrs[ $lower_attr ] = $item;
|
||||
unset( $attrs[ $attr ] );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ( ! empty( $attrs['title']['value'] ) ) {
|
||||
$title = $attrs['title']['value'];
|
||||
if ( $has_title_attr && ! empty( $matches[2] ) ) {
|
||||
$title = $matches[2];
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -833,11 +820,11 @@ function wp_filter_oembed_iframe_title_attribute( $result, $data, $url ) {
|
||||
return $result;
|
||||
}
|
||||
|
||||
if ( isset( $attrs['title'] ) ) {
|
||||
unset( $attrs['title'] );
|
||||
$attr_string = join( ' ', wp_list_pluck( $attrs, 'whole' ) );
|
||||
$result = str_replace( $matches[0], '<iframe ' . trim( $attr_string ) . '>', $result );
|
||||
if ( $has_title_attr ) {
|
||||
// Remove the old title, $matches[1]: quote, $matches[2]: title attribute value.
|
||||
$result = str_replace( ' title=' . $matches[1] . $matches[2] . $matches[1], '', $result );
|
||||
}
|
||||
|
||||
return str_ireplace( '<iframe ', sprintf( '<iframe title="%s" ', esc_attr( $title ) ), $result );
|
||||
}
|
||||
|
||||
|
||||
@@ -1998,24 +1998,6 @@ function remove_accents( $string ) {
|
||||
function sanitize_file_name( $filename ) {
|
||||
$filename_raw = $filename;
|
||||
$special_chars = array( '?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}', '%', '+', chr( 0 ) );
|
||||
|
||||
// Check for support for utf8 in the installed PCRE library once and store the result in a static.
|
||||
static $utf8_pcre = null;
|
||||
if ( ! isset( $utf8_pcre ) ) {
|
||||
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
|
||||
$utf8_pcre = @preg_match( '/^./u', 'a' );
|
||||
}
|
||||
|
||||
if ( ! seems_utf8( $filename ) ) {
|
||||
$_ext = pathinfo( $filename, PATHINFO_EXTENSION );
|
||||
$_name = pathinfo( $filename, PATHINFO_FILENAME );
|
||||
$filename = sanitize_title_with_dashes( $_name ) . '.' . $_ext;
|
||||
}
|
||||
|
||||
if ( $utf8_pcre ) {
|
||||
$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters the list of characters to remove from a filename.
|
||||
*
|
||||
@@ -2025,6 +2007,7 @@ function sanitize_file_name( $filename ) {
|
||||
* @param string $filename_raw Filename as it was passed into sanitize_file_name().
|
||||
*/
|
||||
$special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw );
|
||||
$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
|
||||
$filename = str_replace( $special_chars, '', $filename );
|
||||
$filename = str_replace( array( '%20', '+' ), '-', $filename );
|
||||
$filename = preg_replace( '/[\r\n\t -]+/', '-', $filename );
|
||||
@@ -3060,26 +3043,8 @@ function wp_rel_nofollow_callback( $matches ) {
|
||||
*/
|
||||
function wp_targeted_link_rel( $text ) {
|
||||
// Don't run (more expensive) regex if no links with targets.
|
||||
if ( stripos( $text, 'target' ) === false || stripos( $text, '<a ' ) === false || is_serialized( $text ) ) {
|
||||
return $text;
|
||||
}
|
||||
|
||||
$script_and_style_regex = '/<(script|style).*?<\/\\1>/si';
|
||||
|
||||
preg_match_all( $script_and_style_regex, $text, $matches );
|
||||
$extra_parts = $matches[0];
|
||||
$html_parts = preg_split( $script_and_style_regex, $text );
|
||||
|
||||
foreach ( $html_parts as &$part ) {
|
||||
$part = preg_replace_callback( '|<a\s([^>]*target\s*=[^>]*)>|i', 'wp_targeted_link_rel_callback', $part );
|
||||
}
|
||||
|
||||
$text = '';
|
||||
for ( $i = 0; $i < count( $html_parts ); $i++ ) {
|
||||
$text .= $html_parts[ $i ];
|
||||
if ( isset( $extra_parts[ $i ] ) ) {
|
||||
$text .= $extra_parts[ $i ];
|
||||
}
|
||||
if ( stripos( $text, 'target' ) !== false && stripos( $text, '<a ' ) !== false ) {
|
||||
$text = preg_replace_callback( '|<a\s([^>]*target\s*=[^>]*)>|i', 'wp_targeted_link_rel_callback', $text );
|
||||
}
|
||||
|
||||
return $text;
|
||||
@@ -3097,17 +3062,8 @@ function wp_targeted_link_rel( $text ) {
|
||||
* @return string HTML A Element with rel noreferrer noopener in addition to any existing values
|
||||
*/
|
||||
function wp_targeted_link_rel_callback( $matches ) {
|
||||
$link_html = $matches[1];
|
||||
$original_link_html = $link_html;
|
||||
|
||||
// Consider the html escaped if there are no unescaped quotes
|
||||
$is_escaped = ! preg_match( '/(^|[^\\\\])[\'"]/', $link_html );
|
||||
if ( $is_escaped ) {
|
||||
// Replace only the quotes so that they are parsable by wp_kses_hair, leave the rest as is
|
||||
$link_html = preg_replace( '/\\\\([\'"])/', '$1', $link_html );
|
||||
}
|
||||
|
||||
$atts = wp_kses_hair( $link_html, wp_allowed_protocols() );
|
||||
$link_html = $matches[1];
|
||||
$rel_match = array();
|
||||
|
||||
/**
|
||||
* Filters the rel values that are added to links with `target` attribute.
|
||||
@@ -3119,21 +3075,35 @@ function wp_targeted_link_rel_callback( $matches ) {
|
||||
*/
|
||||
$rel = apply_filters( 'wp_targeted_link_rel', 'noopener noreferrer', $link_html );
|
||||
|
||||
// Return early if no rel values to be added or if no actual target attribute
|
||||
if ( ! $rel || ! isset( $atts['target'] ) ) {
|
||||
return "<a $original_link_html>";
|
||||
// Avoid additional regex if the filter removes rel values.
|
||||
if ( ! $rel ) {
|
||||
return "<a $link_html>";
|
||||
}
|
||||
|
||||
if ( isset( $atts['rel'] ) ) {
|
||||
$all_parts = preg_split( '/\s/', "{$atts['rel']['value']} $rel", -1, PREG_SPLIT_NO_EMPTY );
|
||||
$rel = implode( ' ', array_unique( $all_parts ) );
|
||||
// Value with delimiters, spaces around are optional.
|
||||
$attr_regex = '|rel\s*=\s*?(\\\\{0,1}["\'])(.*?)\\1|i';
|
||||
preg_match( $attr_regex, $link_html, $rel_match );
|
||||
|
||||
if ( empty( $rel_match[0] ) ) {
|
||||
// No delimiters, try with a single value and spaces, because `rel = va"lue` is totally fine...
|
||||
$attr_regex = '|rel\s*=(\s*)([^\s]*)|i';
|
||||
preg_match( $attr_regex, $link_html, $rel_match );
|
||||
}
|
||||
|
||||
$atts['rel']['whole'] = 'rel="' . esc_attr( $rel ) . '"';
|
||||
$link_html = join( ' ', array_column( $atts, 'whole' ) );
|
||||
|
||||
if ( $is_escaped ) {
|
||||
$link_html = preg_replace( '/[\'"]/', '\\\\$0', $link_html );
|
||||
if ( ! empty( $rel_match[0] ) ) {
|
||||
$parts = preg_split( '|\s+|', strtolower( $rel_match[2] ) );
|
||||
$parts = array_map( 'esc_attr', $parts );
|
||||
$needed = explode( ' ', $rel );
|
||||
$parts = array_unique( array_merge( $parts, $needed ) );
|
||||
$delimiter = trim( $rel_match[1] ) ? $rel_match[1] : '"';
|
||||
$rel = 'rel=' . $delimiter . trim( implode( ' ', $parts ) ) . $delimiter;
|
||||
$link_html = str_replace( $rel_match[0], $rel, $link_html );
|
||||
} elseif ( preg_match( '|target\s*=\s*?\\\\"|', $link_html ) ) {
|
||||
$link_html .= " rel=\\\"$rel\\\"";
|
||||
} elseif ( preg_match( '#(target|href)\s*=\s*?\'#', $link_html ) ) {
|
||||
$link_html .= " rel='$rel'";
|
||||
} else {
|
||||
$link_html .= " rel=\"$rel\"";
|
||||
}
|
||||
|
||||
return "<a $link_html>";
|
||||
@@ -4837,31 +4807,6 @@ function wp_pre_kses_less_than_callback( $matches ) {
|
||||
return $matches[0];
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove non-allowable HTML from parsed block attribute values when filtering
|
||||
* in the post context.
|
||||
*
|
||||
* @since 5.3.1
|
||||
*
|
||||
* @param string $string Content to be run through KSES.
|
||||
* @param array[]|string $allowed_html An array of allowed HTML elements
|
||||
* and attributes, or a context name
|
||||
* such as 'post'.
|
||||
* @param string[] $allowed_protocols Array of allowed URL protocols.
|
||||
* @return string Filtered text to run through KSES.
|
||||
*/
|
||||
function wp_pre_kses_block_attributes( $string, $allowed_html, $allowed_protocols ) {
|
||||
/*
|
||||
* `filter_block_content` is expected to call `wp_kses`. Temporarily remove
|
||||
* the filter to avoid recursion.
|
||||
*/
|
||||
remove_filter( 'pre_kses', 'wp_pre_kses_block_attributes', 10 );
|
||||
$string = filter_block_content( $string, $allowed_html, $allowed_protocols );
|
||||
add_filter( 'pre_kses', 'wp_pre_kses_block_attributes', 10, 3 );
|
||||
|
||||
return $string;
|
||||
}
|
||||
|
||||
/**
|
||||
* WordPress implementation of PHP sprintf() with filters.
|
||||
*
|
||||
|
||||
@@ -1787,11 +1787,6 @@ function wp_mkdir_p( $target ) {
|
||||
return @is_dir( $target );
|
||||
}
|
||||
|
||||
// Do not allow path traversals.
|
||||
if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// We need to find the permissions of the parent folder that exists and inherit that.
|
||||
$target_parent = dirname( $target );
|
||||
while ( '.' != $target_parent && ! is_dir( $target_parent ) && dirname( $target_parent ) !== $target_parent ) {
|
||||
|
||||
@@ -555,7 +555,7 @@ function wp_http_validate_url( $url ) {
|
||||
} else {
|
||||
$ip = gethostbyname( $host );
|
||||
if ( $ip === $host ) { // Error condition for gethostbyname()
|
||||
return false;
|
||||
$ip = false;
|
||||
}
|
||||
}
|
||||
if ( $ip ) {
|
||||
|
||||
@@ -1658,7 +1658,7 @@ function wp_kses_html_error( $string ) {
|
||||
*/
|
||||
function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) {
|
||||
$string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string );
|
||||
$string2 = preg_split( '/:|�*58;|�*3a;|:/i', $string, 2 );
|
||||
$string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 );
|
||||
if ( isset( $string2[1] ) && ! preg_match( '%/\?%', $string2[0] ) ) {
|
||||
$string = trim( $string2[1] );
|
||||
$protocol = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols );
|
||||
|
||||
@@ -1092,7 +1092,7 @@ if ( ! function_exists( 'check_admin_referer' ) ) :
|
||||
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
|
||||
*/
|
||||
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
|
||||
if ( -1 === $action ) {
|
||||
if ( -1 == $action ) {
|
||||
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
|
||||
}
|
||||
|
||||
@@ -1111,7 +1111,7 @@ if ( ! function_exists( 'check_admin_referer' ) ) :
|
||||
*/
|
||||
do_action( 'check_admin_referer', $action, $result );
|
||||
|
||||
if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
|
||||
if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
|
||||
wp_nonce_ays( $action );
|
||||
die();
|
||||
}
|
||||
@@ -1374,9 +1374,9 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
|
||||
* @return string redirect-sanitized URL
|
||||
*/
|
||||
function wp_validate_redirect( $location, $default = '' ) {
|
||||
$location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) );
|
||||
// Browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'.
|
||||
if ( '//' === substr( $location, 0, 2 ) ) {
|
||||
$location = trim( $location, " \t\n\r\0\x08\x0B" );
|
||||
// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
|
||||
if ( substr( $location, 0, 2 ) == '//' ) {
|
||||
$location = 'http:' . $location;
|
||||
}
|
||||
|
||||
@@ -1400,7 +1400,6 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
|
||||
$path = '';
|
||||
if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
|
||||
$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );
|
||||
$path = wp_normalize_path( $path );
|
||||
}
|
||||
$location = '/' . ltrim( $path . '/', '/' ) . $location;
|
||||
}
|
||||
|
||||
@@ -3385,9 +3385,6 @@ function wp_get_recent_posts( $args = array(), $output = ARRAY_A ) {
|
||||
function wp_insert_post( $postarr, $wp_error = false ) {
|
||||
global $wpdb;
|
||||
|
||||
// Capture original pre-sanitized array for passing into filters.
|
||||
$unsanitized_postarr = $postarr;
|
||||
|
||||
$user_id = get_current_user_id();
|
||||
|
||||
$defaults = array(
|
||||
@@ -3699,27 +3696,21 @@ function wp_insert_post( $postarr, $wp_error = false ) {
|
||||
* Filters attachment post data before it is updated in or added to the database.
|
||||
*
|
||||
* @since 3.9.0
|
||||
* @since 5.4.1 `$unsanitized_postarr` argument added.
|
||||
*
|
||||
* @param array $data An array of slashed, sanitized, and processed attachment post data.
|
||||
* @param array $postarr An array of slashed and sanitized attachment post data, but not processed.
|
||||
* @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed attachment post data
|
||||
* as originally passed to wp_insert_post().
|
||||
* @param array $data An array of sanitized attachment post data.
|
||||
* @param array $postarr An array of unsanitized attachment post data.
|
||||
*/
|
||||
$data = apply_filters( 'wp_insert_attachment_data', $data, $postarr, $unsanitized_postarr );
|
||||
$data = apply_filters( 'wp_insert_attachment_data', $data, $postarr );
|
||||
} else {
|
||||
/**
|
||||
* Filters slashed post data just before it is inserted into the database.
|
||||
*
|
||||
* @since 2.7.0
|
||||
* @since 5.4.1 `$unsanitized_postarr` argument added.
|
||||
*
|
||||
* @param array $data An array of slashed, sanitized, and processed post data.
|
||||
* @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data.
|
||||
* @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as
|
||||
* originally passed to wp_insert_post().
|
||||
* @param array $data An array of slashed post data.
|
||||
* @param array $postarr An array of sanitized, but otherwise unmodified post data.
|
||||
*/
|
||||
$data = apply_filters( 'wp_insert_post_data', $data, $postarr, $unsanitized_postarr );
|
||||
$data = apply_filters( 'wp_insert_post_data', $data, $postarr );
|
||||
}
|
||||
$data = wp_unslash( $data );
|
||||
$where = array( 'ID' => $post_ID );
|
||||
|
||||
@@ -587,9 +587,7 @@ function rest_send_cors_headers( $value ) {
|
||||
header( 'Access-Control-Allow-Origin: ' . $origin );
|
||||
header( 'Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE' );
|
||||
header( 'Access-Control-Allow-Credentials: true' );
|
||||
header( 'Vary: Origin', false );
|
||||
} elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
|
||||
header( 'Vary: Origin', false );
|
||||
header( 'Vary: Origin' );
|
||||
}
|
||||
|
||||
return $value;
|
||||
|
||||
@@ -499,7 +499,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
return new WP_Error( 'rest_cannot_edit_others', __( 'Sorry, you are not allowed to create posts as this user.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) {
|
||||
if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) ) {
|
||||
return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
@@ -654,7 +654,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
return new WP_Error( 'rest_cannot_edit_others', __( 'Sorry, you are not allowed to update posts as this user.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) {
|
||||
if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) ) {
|
||||
return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
@@ -956,7 +956,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
* @return stdClass|WP_Error Post object or WP_Error.
|
||||
*/
|
||||
protected function prepare_item_for_database( $request ) {
|
||||
$prepared_post = new stdClass();
|
||||
$prepared_post = new stdClass;
|
||||
|
||||
// Post ID.
|
||||
if ( isset( $request['id'] ) ) {
|
||||
|
||||
@@ -1178,6 +1178,8 @@ function wp_default_scripts( &$scripts ) {
|
||||
)
|
||||
);
|
||||
|
||||
$scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array( 'jquery' ), false, 1 );
|
||||
|
||||
$scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array( 'backbone', 'wp-util' ), false, 1 );
|
||||
|
||||
$scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 );
|
||||
|
||||
@@ -1773,7 +1773,7 @@ function wp_insert_user( $userdata ) {
|
||||
$data = apply_filters( 'wp_pre_insert_user_data', $data, $update, $update ? (int) $ID : null );
|
||||
|
||||
if ( $update ) {
|
||||
if ( $user_email !== $old_user_data->user_email || $user_pass !== $old_user_data->user_pass ) {
|
||||
if ( $user_email !== $old_user_data->user_email ) {
|
||||
$data['user_activation_key'] = '';
|
||||
}
|
||||
$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '5.2.7';
|
||||
$wp_version = '5.2.3';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
||||
Reference in New Issue
Block a user