Tag 5.3.2

Built from https://develop.svn.wordpress.org/tags/5.3.2@46994


git-svn-id: http://core.svn.wordpress.org/tags/5.3.2@46794 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/about.php

@@ -51,6 +51,31 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 		<div class="about__section changelog">
 			<div class="column">
 				<h2><?php _e( 'Maintenance and Security Releases' ); ?></h2>
+				<p>
+					<?php
+					printf(
+						/* translators: 1: WordPress version number, 2: plural number of bugs. More than one security issue. */
+						_n(
+							'<strong>Version %1$s</strong> addressed %2$s bug.',
+							'<strong>Version %1$s</strong> addressed %2$s bugs.',
+							5
+						),
+						'5.3.2',
+						number_format_i18n( 5 )
+					);
+					?>
+					<?php
+					printf(
+						/* translators: %s: HelpHub URL */
+						__( 'For more information, see <a href="%s">the release notes</a>.' ),
+						sprintf(
+							/* translators: %s: WordPress version */
+							esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+							sanitize_title( '5.3.2' )
+						)
+					);
+					?>
+				</p>
 				<p>
 					<?php
 					printf(

wp-admin/css/colors/_admin.scss

@@ -104,9 +104,13 @@ textarea:focus {
 	.button.active,
 	.button.active:focus,
 	.button.active:hover {
-		border-color: darken( $button-color, 5% );
-		color: darken( $button-text-color, 5% );
-		box-shadow: inset 0 2px 5px -3px darken( $button-color, 5% );
+		border-color: $button-color;
+		color: darken( #32373c, 5% );
+		box-shadow: inset 0 2px 5px -3px $button-color;
+	}
+
+	.button.active:focus {
+		box-shadow: 0 0 0 1px #32373c;
 	}
 
 	.button-primary {

wp-admin/css/colors/blue/colors-rtl.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #dd9f32;
-  color: #f2f2f2;
-  box-shadow: inset 0 2px 5px -3px #dd9f32;
+  border-color: #e1a948;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #e1a948;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/blue/colors.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #dd9f32;
-  color: #f2f2f2;
-  box-shadow: inset 0 2px 5px -3px #dd9f32;
+  border-color: #e1a948;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #e1a948;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/coffee/colors-rtl.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #bf9878;
-  color: #f2f2f2;
-  box-shadow: inset 0 2px 5px -3px #bf9878;
+  border-color: #c7a589;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #c7a589;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/coffee/colors.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #bf9878;
-  color: #f2f2f2;
-  box-shadow: inset 0 2px 5px -3px #bf9878;
+  border-color: #c7a589;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #c7a589;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/ectoplasm/colors-rtl.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #93a43e;
-  color: #f2f2f2;
-  box-shadow: inset 0 2px 5px -3px #93a43e;
+  border-color: #a3b745;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #a3b745;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/ectoplasm/colors.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #93a43e;
-  color: #f2f2f2;
-  box-shadow: inset 0 2px 5px -3px #93a43e;
+  border-color: #a3b745;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #a3b745;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/light/colors-rtl.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #0490b3;
-  color: #262626;
-  box-shadow: inset 0 2px 5px -3px #0490b3;
+  border-color: #04a4cc;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #04a4cc;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/light/colors.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #0490b3;
-  color: #262626;
-  box-shadow: inset 0 2px 5px -3px #0490b3;
+  border-color: #04a4cc;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #04a4cc;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/midnight/colors-rtl.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #dd382d;
-  color: #f2f2f2;
-  box-shadow: inset 0 2px 5px -3px #dd382d;
+  border-color: #e14d43;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #e14d43;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/midnight/colors.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #dd382d;
-  color: #f2f2f2;
-  box-shadow: inset 0 2px 5px -3px #dd382d;
+  border-color: #e14d43;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #e14d43;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/ocean/colors-rtl.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #8faf91;
-  color: #f2f2f2;
-  box-shadow: inset 0 2px 5px -3px #8faf91;
+  border-color: #9ebaa0;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #9ebaa0;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/ocean/colors.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #8faf91;
-  color: #f2f2f2;
-  box-shadow: inset 0 2px 5px -3px #8faf91;
+  border-color: #9ebaa0;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #9ebaa0;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/sunrise/colors-rtl.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #d97426;
-  color: #f2f2f2;
-  box-shadow: inset 0 2px 5px -3px #d97426;
+  border-color: #dd823b;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #dd823b;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-admin/css/colors/sunrise/colors.css

@@ -91,9 +91,13 @@ textarea:focus {
 .wp-core-ui .button.active,
 .wp-core-ui .button.active:focus,
 .wp-core-ui .button.active:hover {
-  border-color: #d97426;
-  color: #f2f2f2;
-  box-shadow: inset 0 2px 5px -3px #d97426;
+  border-color: #dd823b;
+  color: #262a2e;
+  box-shadow: inset 0 2px 5px -3px #dd823b;
+}
+
+.wp-core-ui .button.active:focus {
+  box-shadow: 0 0 0 1px #32373c;
 }
 
 .wp-core-ui .button-primary {

wp-includes/feed.php

@@ -649,55 +649,59 @@ function self_link() {
 }
 
 /**
- * Get the timestamp of the most recently modified post from WP_Query.
+ * Get the UTC time of the most recently modified post from WP_Query.
  *
- * If viewing a comment feed, the timestamp of the most recently modified
+ * If viewing a comment feed, the time of the most recently modified
  * comment will be returned.
  *
  * @global WP_Query $wp_query WordPress Query object.
  *
  * @since 5.2.0
  *
- * @param string $format Format of the timestamp to return, passed to mysql2date.
- *
- * @return string The timestamp.
+ * @param string $format Date format string to return the time in.
+ * @return string|false The time in requested format, or false on failure.
  */
 function get_feed_build_date( $format ) {
 	global $wp_query;
 
-	if ( empty( $wp_query ) || ! $wp_query->have_posts() ) {
-		// Fallback to last time any post was modified or published.
-		return get_lastpostmodified( 'GMT' );
+	$datetime          = false;
+	$max_modified_time = false;
+	$utc               = new DateTimeZone( 'UTC' );
+
+	if ( ! empty( $wp_query ) && $wp_query->have_posts() ) {
+		// Extract the post modified times from the posts.
+		$modified_times = wp_list_pluck( $wp_query->posts, 'post_modified_gmt' );
+
+		// If this is a comment feed, check those objects too.
+		if ( $wp_query->is_comment_feed() && $wp_query->comment_count ) {
+			// Extract the comment modified times from the comments.
+			$comment_times = wp_list_pluck( $wp_query->comments, 'comment_date_gmt' );
+
+			// Add the comment times to the post times for comparison.
+			$modified_times = array_merge( $modified_times, $comment_times );
+		}
+
+		// Determine the maximum modified time.
+		$datetime = date_create_immutable_from_format( 'Y-m-d H:i:s', max( $modified_times ), $utc );
 	}
 
-	// Extract the post modified times from the posts.
-	$modified_times = wp_list_pluck( $wp_query->posts, 'post_modified_gmt' );
-
-	// If this is a comment feed, check those objects too.
-	if ( $wp_query->is_comment_feed() && $wp_query->comment_count ) {
-		// Extract the comment modified times from the comments.
-		$comment_times = wp_list_pluck( $wp_query->comments, 'comment_date_gmt' );
-
-		// Add the comment times to the post times for comparison.
-		$modified_times = array_merge( $modified_times, $comment_times );
+	if ( false === $datetime ) {
+		// Fall back to last time any post was modified or published.
+		$datetime = date_create_immutable_from_format( 'Y-m-d H:i:s', get_lastpostmodified( 'GMT' ), $utc );
 	}
 
-	// Determine the maximum modified time.
-	$datetime = date_create_immutable_from_format(
-		'Y-m-d H:i:s',
-		max( $modified_times ),
-		new DateTimeZone( 'UTC' )
-	);
-
-	$max_modified_time = $datetime->format( $format );
+	if ( false !== $datetime ) {
+		$max_modified_time = $datetime->format( $format );
+	}
 
 	/**
 	 * Filters the date the last post or comment in the query was modified.
 	 *
 	 * @since 5.2.0
 	 *
-	 * @param string $max_modified_time Date the last post or comment was modified in the query.
-	 * @param string $format            The date format requested in get_feed_build_date.
+	 * @param string|false $max_modified_time Date the last post or comment was modified in the query, in UTC.
+	 *                                        False on failure.
+	 * @param string       $format            The date format requested in get_feed_build_date().
 	 */
 	return apply_filters( 'get_feed_build_date', $max_modified_time, $format );
 }

wp-includes/functions.php

@@ -2410,6 +2410,7 @@ function _wp_upload_dir( $time = null ) {
 function wp_unique_filename( $dir, $filename, $unique_filename_callback = null ) {
 	// Sanitize the file name before we begin processing.
 	$filename = sanitize_file_name( $filename );
+	$ext2     = null;
 
 	// Separate the filename into a name and extension.
 	$ext  = pathinfo( $filename, PATHINFO_EXTENSION );
@@ -2472,17 +2473,32 @@ function wp_unique_filename( $dir, $filename, $unique_filename_callback = null )
 
 		// Prevent collisions with existing file names that contain dimension-like strings
 		// (whether they are subsizes or originals uploaded prior to #42437).
+		$upload_dir = wp_get_upload_dir();
 
 		// The (resized) image files would have name and extension, and will be in the uploads dir.
-		if ( @is_dir( $dir ) && $name && $ext ) {
-			// List of all files and directories contained in $dir (with the "dot" files removed).
-			$files = array_diff( scandir( $dir ), array( '.', '..' ) );
+		if ( $name && $ext && @is_dir( $dir ) && false !== strpos( $dir, $upload_dir['basedir'] ) ) {
+			// List of all files and directories contained in $dir.
+			$files = @scandir( $dir );
 
 			if ( ! empty( $files ) ) {
-				while ( _wp_check_existing_file_names( $filename, $files ) ) {
+				// Remove "dot" dirs.
+				$files = array_diff( $files, array( '.', '..' ) );
+			}
+
+			if ( ! empty( $files ) ) {
+				// The extension case may have changed above.
+				$new_ext = ! empty( $ext2 ) ? $ext2 : $ext;
+
+				// Ensure this never goes into infinite loop
+				// as it uses pathinfo() and regex in the check but string replacement for the changes.
+				$count = count( $files );
+				$i     = 0;
+
+				while ( $i <= $count && _wp_check_existing_file_names( $filename, $files ) ) {
 					$new_number = (int) $number + 1;
-					$filename   = str_replace( array( "-{$number}{$ext}", "{$number}{$ext}" ), "-{$new_number}{$ext}", $filename );
+					$filename   = str_replace( array( "-{$number}{$new_ext}", "{$number}{$new_ext}" ), "-{$new_number}{$new_ext}", $filename );
 					$number     = $new_number;
+					$i++;
 				}
 			}
 		}
@@ -2524,7 +2540,7 @@ function _wp_check_existing_file_names( $filename, $files ) {
 		$ext = ".$ext";
 	}
 
-	$regex = '/^' . preg_quote( $fname ) . '-(?:\d+x\d+|scaled|rotated)' . preg_quote( $ext ) . '$/';
+	$regex = '/^' . preg_quote( $fname ) . '-(?:\d+x\d+|scaled|rotated)' . preg_quote( $ext ) . '$/i';
 
 	foreach ( $files as $file ) {
 		if ( preg_match( $regex, $file ) ) {

wp-includes/post.php

@@ -3747,13 +3747,14 @@ function wp_insert_post( $postarr, $wp_error = false ) {
 	}
 
 	if ( 'attachment' !== $post_type ) {
+		$now = gmdate( 'Y-m-d H:i:s' );
+
 		if ( 'publish' === $post_status ) {
-			// String comparison to work around far future dates (year 2038+) on 32-bit systems.
-			if ( $post_date_gmt > gmdate( 'Y-m-d H:i:59' ) ) {
+			if ( strtotime( $post_date_gmt ) - strtotime( $now ) >= MINUTE_IN_SECONDS ) {
 				$post_status = 'future';
 			}
 		} elseif ( 'future' === $post_status ) {
-			if ( $post_date_gmt <= gmdate( 'Y-m-d H:i:59' ) ) {
+			if ( strtotime( $post_date_gmt ) - strtotime( $now ) < MINUTE_IN_SECONDS ) {
 				$post_status = 'publish';
 			}
 		}
@@ -6385,7 +6386,7 @@ function get_posts_by_author_sql( $post_type, $full = true, $post_author = null,
  *                          'gmt' uses the `post_date_gmt` field.
  *                          Default 'server'.
  * @param string $post_type Optional. The post type to check. Default 'any'.
- * @return string The date of the last post.
+ * @return string The date of the last post, or false on failure.
  */
 function get_lastpostdate( $timezone = 'server', $post_type = 'any' ) {
 	/**
@@ -6393,9 +6394,9 @@ function get_lastpostdate( $timezone = 'server', $post_type = 'any' ) {
 	 *
 	 * @since 2.3.0
 	 *
-	 * @param string $date     Date the last post was published.
-	 * @param string $timezone Location to use for getting the post published date.
-	 *                         See get_lastpostdate() for accepted `$timezone` values.
+	 * @param string|false $date     Date the last post was published. False on failure.
+	 * @param string       $timezone Location to use for getting the post published date.
+	 *                               See get_lastpostdate() for accepted `$timezone` values.
 	 */
 	return apply_filters( 'get_lastpostdate', _get_last_post_time( $timezone, 'date', $post_type ), $timezone );
 }
@@ -6414,7 +6415,7 @@ function get_lastpostdate( $timezone = 'server', $post_type = 'any' ) {
  *                          for information on accepted values.
  *                          Default 'server'.
  * @param string $post_type Optional. The post type to check. Default 'any'.
- * @return string The timestamp in 'Y-m-d H:i:s' format.
+ * @return string The timestamp in 'Y-m-d H:i:s' format, or false on failure.
  */
 function get_lastpostmodified( $timezone = 'server', $post_type = 'any' ) {
 	/**
@@ -6445,9 +6446,10 @@ function get_lastpostmodified( $timezone = 'server', $post_type = 'any' ) {
 	 *
 	 * @since 2.3.0
 	 *
-	 * @param string $lastpostmodified The most recent time that a post was modified, in 'Y-m-d H:i:s' format.
-	 * @param string $timezone         Location to use for getting the post modified date.
-	 *                                 See get_lastpostdate() for accepted `$timezone` values.
+	 * @param string|false $lastpostmodified The most recent time that a post was modified, in 'Y-m-d H:i:s' format.
+	 *                                       False on failure.
+	 * @param string       $timezone         Location to use for getting the post modified date.
+	 *                                       See get_lastpostdate() for accepted `$timezone` values.
 	 */
 	return apply_filters( 'get_lastpostmodified', $lastpostmodified, $timezone );
 }
@@ -6465,7 +6467,7 @@ function get_lastpostmodified( $timezone = 'server', $post_type = 'any' ) {
  *                          for information on accepted values.
  * @param string $field     Post field to check. Accepts 'date' or 'modified'.
  * @param string $post_type Optional. The post type to check. Default 'any'.
- * @return string|false The timestamp in 'Y-m-d H:i:s' format, or false on error.
+ * @return string|false The timestamp in 'Y-m-d H:i:s' format, or false on failure.
  */
 function _get_last_post_time( $timezone, $field, $post_type = 'any' ) {
 	global $wpdb;

wp-includes/version.php

@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.3.1';
+$wp_version = '5.3.2';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.