Tag 3.9.4.

Built from https://develop.svn.wordpress.org/@32252

git-svn-id: http://core.svn.wordpress.org/tags/3.9.4@32223 1a063a9b-81f0-0310-95a4-ce76da25c4cd

license.txt

@@ -1,6 +1,6 @@
 WordPress - Web publishing software
 
-Copyright 2014 by the contributors
+Copyright 2015 by the contributors
 
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

readme.html

@@ -9,7 +9,7 @@
 <body>
 <h1 id="logo">
 	<a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
-	<br /> Version 3.9
+	<br /> Version 3.9.4
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 

wp-admin/about.php

@@ -38,10 +38,30 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 	</a>
 </h2>
 
+<div class="changelog point-releases">
+	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 4 ); ?></h3>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 8 ), '3.9.4' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.9.4' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 9 ), '3.9.3', number_format_i18n( 9 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.9.3' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 6 ), '3.9.2', number_format_i18n( 6 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.9.2' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed %2$s bugs.', 34 ), '3.9.1', number_format_i18n( 34 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.9.1' ); ?>
+ 	</p>
+</div>
+
 <div class="changelog">
 	<div class="about-overview">
 	<?php
-	if ( ( $locale = get_locale() ) && 'en_' === substr( $locale, 0, 3 ) ) : ?>
+	if ( ! is_ssl() && ( $locale = get_locale() ) && 'en_' === substr( $locale, 0, 3 ) ) : ?>
 		<embed src="//v0.wordpress.com/player.swf?v=1.03" type="application/x-shockwave-flash" width="640" height="360" wmode="direct" seamlesstabbing="true" allowfullscreen="true" allowscriptaccess="always" overstretch="true" flashvars="guid=sAiXhCfV&amp;isDynamicSeeking=true" title=""></embed>
 	<?php else : ?>
 		<img class="about-overview-img" src="//s.w.org/images/core/3.9/overview.png?0" />

wp-admin/credits.php

@@ -82,7 +82,7 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 
 <h1><?php printf( __( 'Welcome to WordPress %s' ), $display_version ); ?></h1>
 
-<div class="about-text"><?php printf( __( 'Thank you for updating to WordPress %s, the most beautiful WordPress&nbsp;yet.' ), $display_version ); ?></div>
+<div class="about-text"><?php printf( __( 'Thank you for updating! WordPress %s has lots of refinements we think you&#8217;ll love.' ), $display_version ); ?></div>
 
 <div class="wp-badge"><?php printf( __( 'Version %s' ), $display_version ); ?></div>
 

wp-admin/css/admin-menu-rtl.css

@@ -500,7 +500,7 @@ ul#adminmenu > li.current > a.current:after {
 }
 
 #adminmenu .awaiting-mod,
-#adminmenu span.update-plugins,
+#adminmenu .update-plugins,
 #sidemenu li a span.update-plugins {
 	display: inline-block;
 	background-color: #d54e21;

wp-admin/css/admin-menu.css

@@ -500,7 +500,7 @@ ul#adminmenu > li.current > a.current:after {
 }
 
 #adminmenu .awaiting-mod,
-#adminmenu span.update-plugins,
+#adminmenu .update-plugins,
 #sidemenu li a span.update-plugins {
 	display: inline-block;
 	background-color: #d54e21;

wp-admin/css/edit-rtl.css

@@ -355,7 +355,7 @@ td.plugin-title p {
 #content-resize-handle {
 	background: transparent url(../images/resize.gif) no-repeat scroll left bottom;
 	width: 12px;
-	cursor: n-resize;
+	cursor: row-resize;
 }
 
 .rtl #content-resize-handle {

wp-admin/css/edit.css

@@ -355,7 +355,7 @@ td.plugin-title p {
 #content-resize-handle {
 	background: transparent url(../images/resize.gif) no-repeat scroll right bottom;
 	width: 12px;
-	cursor: n-resize;
+	cursor: row-resize;
 }
 
 .rtl #content-resize-handle {

wp-admin/css/forms-rtl.css

@@ -75,24 +75,6 @@ input[type=radio] {
 	line-height: 10px;
 }
 
-input:disabled,
-input.disabled,
-textarea:disabled,
-textarea.disabled {
-	-webkit-box-shadow: inset 0 1px 2px rgba(0,0,0,0.04);
-	box-shadow: inset 0 1px 2px rgba(0,0,0,0.04);
-	border-color: rgba(222, 222, 222, .75);
-	background: rgba(255, 255, 255, .5);
-	color: rgba(51, 51, 51, .5);
-}
-
-input[type=checkbox]:disabled,
-input[type=radio]:disabled,
-input[type=checkbox]:disabled:checked:before,
-input[type=radio]:disabled:checked:before {
-	opacity: 0.7;
-}
-
 input[type=checkbox]:checked:before,
 input[type=radio]:checked:before {
 	float: right;
@@ -268,6 +250,24 @@ input[readonly] {
 	color: #666;
 }
 
+input:disabled,
+input.disabled,
+textarea:disabled,
+textarea.disabled {
+	-webkit-box-shadow: inset 0 1px 2px rgba(0,0,0,0.04);
+	box-shadow: inset 0 1px 2px rgba(0,0,0,0.04);
+	border-color: rgba(222, 222, 222, .75);
+	background: rgba(255, 255, 255, .5);
+	color: rgba(51, 51, 51, .5);
+}
+
+input[type=checkbox]:disabled,
+input[type=radio]:disabled,
+input[type=checkbox]:disabled:checked:before,
+input[type=radio]:disabled:checked:before {
+	opacity: 0.7;
+}
+
 /*------------------------------------------------------------------------------
   2.0 - Forms
 ------------------------------------------------------------------------------*/

wp-admin/css/forms.css

@@ -75,24 +75,6 @@ input[type=radio] {
 	line-height: 10px;
 }
 
-input:disabled,
-input.disabled,
-textarea:disabled,
-textarea.disabled {
-	-webkit-box-shadow: inset 0 1px 2px rgba(0,0,0,0.04);
-	box-shadow: inset 0 1px 2px rgba(0,0,0,0.04);
-	border-color: rgba(222, 222, 222, .75);
-	background: rgba(255, 255, 255, .5);
-	color: rgba(51, 51, 51, .5);
-}
-
-input[type=checkbox]:disabled,
-input[type=radio]:disabled,
-input[type=checkbox]:disabled:checked:before,
-input[type=radio]:disabled:checked:before {
-	opacity: 0.7;
-}
-
 input[type=checkbox]:checked:before,
 input[type=radio]:checked:before {
 	float: left;
@@ -268,6 +250,24 @@ input[readonly] {
 	color: #666;
 }
 
+input:disabled,
+input.disabled,
+textarea:disabled,
+textarea.disabled {
+	-webkit-box-shadow: inset 0 1px 2px rgba(0,0,0,0.04);
+	box-shadow: inset 0 1px 2px rgba(0,0,0,0.04);
+	border-color: rgba(222, 222, 222, .75);
+	background: rgba(255, 255, 255, .5);
+	color: rgba(51, 51, 51, .5);
+}
+
+input[type=checkbox]:disabled,
+input[type=radio]:disabled,
+input[type=checkbox]:disabled:checked:before,
+input[type=radio]:disabled:checked:before {
+	opacity: 0.7;
+}
+
 /*------------------------------------------------------------------------------
   2.0 - Forms
 ------------------------------------------------------------------------------*/

wp-admin/custom-header.php

@@ -40,7 +40,7 @@ class Custom_Image_Header {
 	 * @since 3.0.0
 	 * @access private
 	 */
-	var $default_headers;
+	var $default_headers = array();
 
 	/**
 	 * Holds custom headers uploaded by the user.
@@ -254,7 +254,7 @@ class Custom_Image_Header {
 		if ( !isset($_wp_default_headers) )
 			return;
 
-		if ( is_array( $this->default_headers ) ) {
+		if ( ! empty( $this->default_headers ) ) {
 			return;
 		}
 

wp-admin/freedoms.php

@@ -19,7 +19,7 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 
 <h1><?php printf( __( 'Welcome to WordPress %s' ), $display_version ); ?></h1>
 
-<div class="about-text"><?php printf( __( 'Thank you for updating to WordPress %s, the most beautiful WordPress&nbsp;yet.' ), $display_version ); ?></div>
+<div class="about-text"><?php printf( __( 'Thank you for updating! WordPress %s has lots of refinements we think you&#8217;ll love.' ), $display_version ); ?></div>
 
 <div class="wp-badge"><?php printf( __( 'Version %s' ), $display_version ); ?></div>
 

wp-admin/includes/ajax-actions.php

@@ -2233,7 +2233,7 @@ function wp_ajax_query_themes() {
 		wp_send_json_error();
 	}
 
-	$update_php = self_admin_url( 'update.php?action=install-theme' );
+	$update_php = network_admin_url( 'update.php?action=install-theme' );
 	foreach ( $api->themes as &$theme ) {
 		$theme->install_url = add_query_arg( array(
 			'theme'    => $theme->slug,

wp-admin/includes/class-wp-comments-list-table.php

@@ -537,9 +537,9 @@ class WP_Comments_List_Table extends WP_List_Table {
 
 		if ( current_user_can( 'edit_post', $post->ID ) ) {
 			$post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>";
-			$post_link .= get_the_title( $post->ID ) . '</a>';
+			$post_link .= esc_html( get_the_title( $post->ID ) ) . '</a>';
 		} else {
-			$post_link = get_the_title( $post->ID );
+			$post_link = esc_html( get_the_title( $post->ID ) );
 		}
 
 		echo '<div class="response-links"><span class="post-com-count-wrapper">';

wp-admin/includes/dashboard.php

@@ -531,7 +531,7 @@ function wp_dashboard_recent_drafts( $drafts = false ) {
 function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
 	$GLOBALS['comment'] =& $comment;
 
-	$comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
+	$comment_post_title = _draft_or_post_title( $comment->comment_post_ID );
 
 	if ( current_user_can( 'edit_post', $comment->comment_post_ID ) ) {
 		$comment_post_url = get_edit_post_link( $comment->comment_post_ID );

wp-admin/includes/image.php

@@ -366,6 +366,12 @@ function wp_read_image_metadata( $file ) {
 			$meta[ $key ] = utf8_encode( $meta[ $key ] );
 	}
 
+	foreach ( $meta as &$value ) {
+		if ( is_string( $value ) ) {
+			$value = wp_kses_post( $value );
+		}
+	}
+
 	/**
 	 * Filter the array of meta data read from an image's exif data.
 	 *

wp-admin/includes/post.php

@@ -177,6 +177,7 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
  * @return int Post ID.
  */
 function edit_post( $post_data = null ) {
+	global $wpdb;
 
 	if ( empty($post_data) )
 		$post_data = &$_POST;
@@ -317,7 +318,19 @@ function edit_post( $post_data = null ) {
 
 	update_post_meta( $post_ID, '_edit_last', get_current_user_id() );
 
-	wp_update_post( $post_data );
+	$success = wp_update_post( $post_data );
+	// If the save failed, see if we can sanity check the main fields and try again
+	if ( ! $success && is_callable( array( $wpdb, 'strip_invalid_text_for_column' ) ) ) {
+		$fields = array( 'post_title', 'post_content', 'post_excerpt' );
+
+		foreach( $fields as $field ) {
+			if ( isset( $post_data[ $field ] ) ) {
+				$post_data[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $post_data[ $field ] );
+			}
+		}
+
+		wp_update_post( $post_data );
+	}
 
 	// Now that we have an ID we can fix any attachment anchor hrefs
 	_fix_attachment_links( $post_ID );

wp-admin/includes/template.php

@@ -1437,7 +1437,7 @@ function _draft_or_post_title( $post = 0 ) {
 	$title = get_the_title( $post );
 	if ( empty( $title ) )
 		$title = __( '(no title)' );
-	return $title;
+	return esc_html( $title );
 }
 
 /**

wp-admin/js/customize-controls.js

@@ -309,8 +309,8 @@
 
 	api.HeaderControl = api.Control.extend({
 		ready: function() {
-			this.btnRemove        = $('.actions .remove');
-			this.btnNew           = $('.actions .new');
+			this.btnRemove        = $('#customize-control-header_image .actions .remove');
+			this.btnNew           = $('#customize-control-header_image .actions .new');
 
 			_.bindAll(this, 'openMedia', 'removeImage');
 

wp-admin/js/nav-menu.js

@@ -451,14 +451,14 @@ var wpNavMenu;
 				if ( ! isPrimaryMenuItem ) {
 					thisLink = menuItem.find( '.menus-move-left' ),
 					thisLinkText = menus.outFrom.replace( '%s', prevItemNameLeft );
-					thisLink.prop( 'title', menus.moveOutFrom.replace( '%s', prevItemNameLeft ) ).html( thisLinkText ).css( 'display', 'inline' );
+					thisLink.prop( 'title', menus.moveOutFrom.replace( '%s', prevItemNameLeft ) ).text( thisLinkText ).css( 'display', 'inline' );
 				}
 
 				if ( 0 !== position ) {
 					if ( menuItem.find( '.menu-item-data-parent-id' ).val() !== menuItem.prev().find( '.menu-item-data-db-id' ).val() ) {
 						thisLink = menuItem.find( '.menus-move-right' ),
 						thisLinkText = menus.under.replace( '%s', prevItemNameRight );
-						thisLink.prop( 'title', menus.moveUnder.replace( '%s', prevItemNameRight ) ).html( thisLinkText ).css( 'display', 'inline' );
+						thisLink.prop( 'title', menus.moveUnder.replace( '%s', prevItemNameRight ) ).text( thisLinkText ).css( 'display', 'inline' );
 					}
 				}
 
@@ -480,7 +480,7 @@ var wpNavMenu;
 					title = menus.subMenuFocus.replace( '%1$s', itemName ).replace( '%2$d', itemPosition ).replace( '%3$s', parentItemName );
 				}
 
-				$this.prop('title', title).html( title );
+				$this.prop('title', title).text( title );
 			});
 		},
 

wp-admin/js/post.js

@@ -1025,7 +1025,7 @@ jQuery(document).ready( function($) {
 
 			if ( mce ) {
 				editor.focus();
-				toolbarHeight = $( '#wp-content-editor-container .mce-toolbar-grp' ).height();
+				toolbarHeight = parseInt( $( '#wp-content-editor-container .mce-toolbar-grp' ).height(), 10 );
 
 				if ( toolbarHeight < 10 || toolbarHeight > 200 ) {
 					toolbarHeight = 30;

wp-admin/press-this.php

@@ -63,7 +63,7 @@ function press_it() {
 	// error handling for media_sideload
 	if ( is_wp_error($upload) ) {
 		wp_delete_post($post_ID);
-		wp_die($upload);
+		wp_die( esc_html( $upload->get_error_message() ) );
 	} else {
 		// Post formats
 		if ( isset( $_POST['post_format'] ) ) {

wp-admin/user/menu.php

@@ -7,11 +7,11 @@
  * @since 3.1.0
  */
 
-$menu[2] = array(__('Dashboard'), 'exist', 'index.php', '', 'menu-top menu-top-first menu-icon-dashboard', 'menu-dashboard', 'div');
+$menu[2] = array(__('Dashboard'), 'exist', 'index.php', '', 'menu-top menu-top-first menu-icon-dashboard', 'menu-dashboard', 'dashicons-dashboard');
 
 $menu[4] = array( '', 'exist', 'separator1', '', 'wp-menu-separator' );
 
-$menu[70] = array( __('Profile'), 'exist', 'profile.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
+$menu[70] = array( __('Profile'), 'exist', 'profile.php', '', 'menu-top menu-icon-users', 'menu-users', 'dashicons-admin-users' );
 
 $menu[99] = array( '', 'exist', 'separator-last', '', 'wp-menu-separator' );
 

wp-content/themes/twentyeleven/languages/twentyeleven.pot

@@ -2,9 +2,9 @@
 # This file is distributed under the GNU General Public License v2 or later.
 msgid ""
 msgstr ""
-"Project-Id-Version: Twenty Eleven 1.7\n"
+"Project-Id-Version: Twenty Eleven 1.8\n"
 "Report-Msgid-Bugs-To: http://wordpress.org/tags/twentyeleven\n"
-"POT-Creation-Date: 2014-03-18 19:16:24+00:00\n"
+"POT-Creation-Date: 2014-04-16 18:26:59+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -431,11 +431,11 @@ msgid ""
 "in <a href=\"%6$s\" title=\"Return to %7$s\" rel=\"gallery\">%8$s</a>"
 msgstr ""
 
-#: inc/theme-options.php:56 inc/theme-options.php:530
+#: inc/theme-options.php:56 inc/theme-options.php:528
 msgid "Color Scheme"
 msgstr ""
 
-#: inc/theme-options.php:62 inc/theme-options.php:547
+#: inc/theme-options.php:62 inc/theme-options.php:545
 msgid "Link Color"
 msgstr ""
 
@@ -534,40 +534,40 @@ msgstr ""
 msgid "%s Theme Options"
 msgstr ""
 
-#: inc/theme-options.php:554
+#: inc/theme-options.php:552
 msgid "Layout"
 msgstr ""
 
-#: inc/widgets.php:23
+#: inc/widgets.php:21
 msgid ""
 "Use this widget to list your recent Aside, Status, Quote, and Link posts"
 msgstr ""
 
-#: inc/widgets.php:24
+#: inc/widgets.php:22
 msgid "Twenty Eleven Ephemera"
 msgstr ""
 
-#: inc/widgets.php:59
+#: inc/widgets.php:56
 msgid "Ephemera"
 msgstr ""
 
-#: inc/widgets.php:98 inc/widgets.php:107
+#: inc/widgets.php:95 inc/widgets.php:104
 msgid "0 <span class=\"reply\">comments &rarr;</span>"
 msgstr ""
 
-#: inc/widgets.php:98 inc/widgets.php:107
+#: inc/widgets.php:95 inc/widgets.php:104
 msgid "1 <span class=\"reply\">comment &rarr;</span>"
 msgstr ""
 
-#: inc/widgets.php:98 inc/widgets.php:107
+#: inc/widgets.php:95 inc/widgets.php:104
 msgid "% <span class=\"reply\">comments &rarr;</span>"
 msgstr ""
 
-#: inc/widgets.php:170
+#: inc/widgets.php:167
 msgid "Title:"
 msgstr ""
 
-#: inc/widgets.php:173
+#: inc/widgets.php:170
 msgid "Number of posts to show:"
 msgstr ""
 

wp-content/themes/twentyeleven/style.css

@@ -4,7 +4,7 @@ Theme URI: http://wordpress.org/themes/twentyeleven
 Author: the WordPress team
 Author URI: http://wordpress.org/
 Description: The 2011 theme for WordPress is sophisticated, lightweight, and adaptable. Make it yours with a custom menu, header image, and background -- then go further with available theme options for light or dark color scheme, custom link colors, and three layout choices. Twenty Eleven comes equipped with a Showcase page template that transforms your front page into a showcase to show off your best content, widget support galore (sidebar, three footer areas, and a Showcase page widget area), and a custom "Ephemera" widget to display your Aside, Link, Quote, or Status posts. Included are styles for print and for the admin editor, support for featured images (as custom header images on posts and pages and as large images on featured "sticky" posts), and special styles for six different post formats.
-Version: 1.7
+Version: 1.8
 License: GNU General Public License v2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 Tags: dark, light, white, black, gray, one-column, two-columns, left-sidebar, right-sidebar, fixed-layout, responsive-layout, custom-background, custom-colors, custom-header, custom-menu, editor-style, featured-image-header, featured-images, flexible-header, full-width-template, microformats, post-formats, rtl-language-support, sticky-post, theme-options, translation-ready

wp-content/themes/twentyfourteen/languages/twentyfourteen.pot

@@ -2,9 +2,9 @@
 # This file is distributed under the GNU General Public License v2 or later.
 msgid ""
 msgstr ""
-"Project-Id-Version: Twenty Fourteen 1.0\n"
+"Project-Id-Version: Twenty Fourteen 1.1\n"
 "Report-Msgid-Bugs-To: http://wordpress.org/tags/twentyfourteen\n"
-"POT-Creation-Date: 2014-03-18 19:16:26+00:00\n"
+"POT-Creation-Date: 2014-04-16 18:29:37+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -85,19 +85,19 @@ msgstr ""
 
 #: content-aside.php:37 content-audio.php:37 content-gallery.php:37
 #: content-image.php:37 content-link.php:37 content-quote.php:37
-#: content-video.php:37 content.php:38 inc/widgets.php:185
+#: content-video.php:37 content.php:38 inc/widgets.php:194
 msgid "Leave a comment"
 msgstr ""
 
 #: content-aside.php:37 content-audio.php:37 content-gallery.php:37
 #: content-image.php:37 content-link.php:37 content-quote.php:37
-#: content-video.php:37 content.php:38 inc/widgets.php:185
+#: content-video.php:37 content.php:38 inc/widgets.php:194
 msgid "1 Comment"
 msgstr ""
 
 #: content-aside.php:37 content-audio.php:37 content-gallery.php:37
 #: content-image.php:37 content-link.php:37 content-quote.php:37
-#: content-video.php:37 content.php:38 inc/widgets.php:185
+#: content-video.php:37 content.php:38 inc/widgets.php:194
 msgid "% Comments"
 msgstr ""
 
@@ -110,7 +110,7 @@ msgstr ""
 
 #: content-aside.php:46 content-audio.php:46 content-gallery.php:46
 #: content-image.php:46 content-link.php:46 content-quote.php:46
-#: content-video.php:46 content.php:54 inc/widgets.php:118 inc/widgets.php:163
+#: content-video.php:46 content.php:54 inc/widgets.php:127 inc/widgets.php:172
 msgid "Continue reading <span class=\"meta-nav\">&rarr;</span>"
 msgstr ""
 
@@ -159,50 +159,50 @@ msgstr ""
 msgid "Secondary menu in left sidebar"
 msgstr ""
 
-#: functions.php:175
+#: functions.php:171
 msgid "Primary Sidebar"
 msgstr ""
 
-#: functions.php:177
+#: functions.php:173
 msgid "Main sidebar that appears on the left."
 msgstr ""
 
-#: functions.php:184
+#: functions.php:180
 msgid "Content Sidebar"
 msgstr ""
 
-#: functions.php:186
+#: functions.php:182
 msgid "Additional sidebar that appears on the right."
 msgstr ""
 
-#: functions.php:193
+#: functions.php:189
 msgid "Footer Widget Area"
 msgstr ""
 
-#: functions.php:195
+#: functions.php:191
 msgid "Appears in the footer section of the site."
 msgstr ""
 
-#: functions.php:217
+#: functions.php:213
 msgctxt "Lato font: on or off"
 msgid "on"
 msgstr ""
 
-#: functions.php:260
+#: functions.php:254
 msgid "Previous"
 msgstr ""
 
-#: functions.php:261
+#: functions.php:255
 msgid "Next"
 msgstr ""
 
-#: functions.php:384
+#: functions.php:372
 msgid "%d Article"
 msgid_plural "%d Articles"
 msgstr[0] ""
 msgstr[1] ""
 
-#: functions.php:500
+#: functions.php:488
 msgid "Page %s"
 msgstr ""
 
@@ -226,7 +226,7 @@ msgstr ""
 msgid "Next Image"
 msgstr ""
 
-#: inc/back-compat.php:41 inc/back-compat.php:53 inc/back-compat.php:68
+#: inc/back-compat.php:37 inc/back-compat.php:47 inc/back-compat.php:60
 msgid ""
 "Twenty Fourteen requires at least WordPress version 3.6. You are running "
 "version %s. Please upgrade and try again."
@@ -244,18 +244,18 @@ msgstr ""
 msgid "Display Site Title &amp; Tagline"
 msgstr ""
 
-#: inc/customizer.php:35 inc/featured-content.php:411
+#: inc/customizer.php:35 inc/featured-content.php:408
 msgid "Featured Content"
 msgstr ""
 
-#: inc/customizer.php:36 inc/featured-content.php:412
+#: inc/customizer.php:36 inc/featured-content.php:409
 msgid ""
 "Use a <a href=\"%1$s\">tag</a> to feature your posts. If no posts match the "
 "tag, <a href=\"%2$s\">sticky posts</a> will be displayed instead."
 msgstr ""
 
-#: inc/customizer.php:37 inc/customizer.php:104 inc/featured-content.php:413
-#: inc/featured-content.php:422 inc/featured-content.php:482
+#: inc/customizer.php:37 inc/customizer.php:102 inc/featured-content.php:410
+#: inc/featured-content.php:419 inc/featured-content.php:479
 msgctxt "featured content default tag slug"
 msgid "featured"
 msgstr ""
@@ -274,20 +274,20 @@ msgstr ""
 
 #. #-#-#-#-#  twentyfourteen.pot (Twenty Fourteen 1.0)  #-#-#-#-#
 #. Theme Name of the plugin/theme
-#: inc/customizer.php:101
+#: inc/customizer.php:99
 msgid "Twenty Fourteen"
 msgstr ""
 
-#: inc/customizer.php:104
+#: inc/customizer.php:102
 msgid ""
 "The home page features your choice of up to 6 posts prominently displayed in "
-"a grid or slider, controlled a <a href=\"%1$s\">tag</a>; you can change the "
-"tag and layout in <a href=\"%2$s\">Appearance &rarr; Customize</a>. If no "
-"posts match the tag, <a href=\"%3$s\">sticky posts</a> will be displayed "
+"a grid or slider, controlled by a <a href=\"%1$s\">tag</a>; you can change "
+"the tag and layout in <a href=\"%2$s\">Appearance &rarr; Customize</a>. If "
+"no posts match the tag, <a href=\"%3$s\">sticky posts</a> will be displayed "
 "instead."
 msgstr ""
 
-#: inc/customizer.php:105
+#: inc/customizer.php:103
 msgid ""
 "Enhance your site design by using <a href=\"%s\">Featured Images</a> for "
 "posts you&rsquo;d like to stand out (also known as post thumbnails). This "
@@ -296,110 +296,139 @@ msgid ""
 "title&mdash;and in the Featured Content area on the home page."
 msgstr ""
 
-#: inc/customizer.php:106
+#: inc/customizer.php:104
 msgid ""
 "For an in-depth tutorial, and more tips and tricks, visit the <a href=\"%s"
 "\">Twenty Fourteen documentation</a>."
 msgstr ""
 
-#: inc/featured-content.php:434
+#: inc/featured-content.php:431
 msgid "Tag Name"
 msgstr ""
 
-#: inc/featured-content.php:439
+#: inc/featured-content.php:436
 msgid "Don&rsquo;t display tag on front end."
 msgstr ""
 
-#: inc/template-tags.php:47
+#: inc/template-tags.php:45
 msgid "&larr; Previous"
 msgstr ""
 
-#: inc/template-tags.php:48
+#: inc/template-tags.php:46
 msgid "Next &rarr;"
 msgstr ""
 
-#: inc/template-tags.php:55
+#: inc/template-tags.php:53
 msgid "Posts navigation"
 msgstr ""
 
-#: inc/template-tags.php:84
+#: inc/template-tags.php:80
 msgid "Post navigation"
 msgstr ""
 
-#: inc/template-tags.php:88
+#: inc/template-tags.php:84
 msgid "<span class=\"meta-nav\">Published In</span>%title"
 msgstr ""
 
-#: inc/template-tags.php:90
+#: inc/template-tags.php:86
 msgid "<span class=\"meta-nav\">Previous Post</span>%title"
 msgstr ""
 
-#: inc/template-tags.php:91
+#: inc/template-tags.php:87
 msgid "<span class=\"meta-nav\">Next Post</span>%title"
 msgstr ""
 
-#: inc/template-tags.php:110
+#: inc/template-tags.php:104
 msgid "Sticky"
 msgstr ""
 
-#: inc/widgets.php:44
+#: inc/widgets.php:34
 msgid "Twenty Fourteen Ephemera"
 msgstr ""
 
-#: inc/widgets.php:46
+#: inc/widgets.php:36
 msgid ""
 "Use this widget to list your recent Aside, Quote, Video, Audio, Image, "
 "Gallery, and Link posts."
 msgstr ""
 
-#: inc/widgets.php:53 taxonomy-post_format.php:30
-msgid "Asides"
-msgstr ""
-
 #: inc/widgets.php:54 taxonomy-post_format.php:33
 msgid "Images"
 msgstr ""
 
-#: inc/widgets.php:55 taxonomy-post_format.php:36
+#: inc/widgets.php:55
+msgid "More images"
+msgstr ""
+
+#: inc/widgets.php:58 taxonomy-post_format.php:36
 msgid "Videos"
 msgstr ""
 
-#: inc/widgets.php:56 taxonomy-post_format.php:39
+#: inc/widgets.php:59
+msgid "More videos"
+msgstr ""
+
+#: inc/widgets.php:62 taxonomy-post_format.php:39
 msgid "Audio"
 msgstr ""
 
-#: inc/widgets.php:57 taxonomy-post_format.php:42
+#: inc/widgets.php:63
+msgid "More audio"
+msgstr ""
+
+#: inc/widgets.php:66 taxonomy-post_format.php:42
 msgid "Quotes"
 msgstr ""
 
-#: inc/widgets.php:58 taxonomy-post_format.php:45
+#: inc/widgets.php:67
+msgid "More quotes"
+msgstr ""
+
+#: inc/widgets.php:70 taxonomy-post_format.php:45
 msgid "Links"
 msgstr ""
 
-#: inc/widgets.php:59 taxonomy-post_format.php:48
+#: inc/widgets.php:71
+msgid "More links"
+msgstr ""
+
+#: inc/widgets.php:74 taxonomy-post_format.php:48
 msgid "Galleries"
 msgstr ""
 
-#: inc/widgets.php:153
+#: inc/widgets.php:75
+msgid "More galleries"
+msgstr ""
+
+#: inc/widgets.php:79 taxonomy-post_format.php:30
+msgid "Asides"
+msgstr ""
+
+#: inc/widgets.php:80
+msgid "More asides"
+msgstr ""
+
+#: inc/widgets.php:162
 msgid "This gallery contains <a href=\"%1$s\" rel=\"bookmark\">%2$s photo</a>."
 msgid_plural ""
 "This gallery contains <a href=\"%1$s\" rel=\"bookmark\">%2$s photos</a>."
 msgstr[0] ""
 msgstr[1] ""
 
-#: inc/widgets.php:194
-msgid "More %s <span class=\"meta-nav\">&rarr;</span>"
+#. translators: used with More archives link
+#: inc/widgets.php:206
+msgid "%s <span class=\"meta-nav\">&rarr;</span>"
 msgstr ""
 
-#: inc/widgets.php:242
+#: inc/widgets.php:255
 msgid "Title:"
 msgstr ""
 
-#: inc/widgets.php:245
+#: inc/widgets.php:258
 msgid "Number of posts to show:"
 msgstr ""
 
-#: inc/widgets.php:248
+#: inc/widgets.php:261
 msgid "Post format to show:"
 msgstr ""
 

wp-content/themes/twentyfourteen/style.css

@@ -4,7 +4,7 @@ Theme URI: http://wordpress.org/themes/twentyfourteen
 Author: the WordPress team
 Author URI: http://wordpress.org/
 Description: In 2014, our default theme lets you create a responsive magazine website with a sleek, modern design. Feature your favorite homepage content in either a grid or a slider. Use the three widget areas to customize your website, and change your content's layout with a full-width page template and a contributor page to show off your authors. Creating a magazine website with WordPress has never been easier.
-Version: 1.0
+Version: 1.1
 License: GNU General Public License v2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 Tags: black, green, white, light, dark, two-columns, three-columns, left-sidebar, right-sidebar, fixed-layout, responsive-layout, custom-background, custom-header, custom-menu, editor-style, featured-images, flexible-header, full-width-template, microformats, post-formats, rtl-language-support, sticky-post, theme-options, translation-ready, accessibility-ready

wp-content/themes/twentythirteen/languages/twentythirteen.pot

@@ -2,9 +2,9 @@
 # This file is distributed under the GNU General Public License v2 or later.
 msgid ""
 msgstr ""
-"Project-Id-Version: Twenty Thirteen 1.1\n"
+"Project-Id-Version: Twenty Thirteen 1.2\n"
 "Report-Msgid-Bugs-To: http://wordpress.org/tags/twentythirteen\n"
-"POT-Creation-Date: 2014-03-18 19:16:26+00:00\n"
+"POT-Creation-Date: 2014-04-16 18:28:45+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -179,71 +179,71 @@ msgctxt "Bitter font: on or off"
 msgid "on"
 msgstr ""
 
-#: functions.php:220
+#: functions.php:218
 msgid "Page %s"
 msgstr ""
 
-#: functions.php:235
+#: functions.php:231
 msgid "Main Widget Area"
 msgstr ""
 
-#: functions.php:237
+#: functions.php:233
 msgid "Appears in the footer section of the site."
 msgstr ""
 
-#: functions.php:245
+#: functions.php:241
 msgid "Secondary Widget Area"
 msgstr ""
 
-#: functions.php:247
+#: functions.php:243
 msgid "Appears on posts and pages in the sidebar."
 msgstr ""
 
-#: functions.php:272
+#: functions.php:266
 msgid "Posts navigation"
 msgstr ""
 
-#: functions.php:276
+#: functions.php:270
 msgid "<span class=\"meta-nav\">&larr;</span> Older posts"
 msgstr ""
 
-#: functions.php:280
+#: functions.php:274
 msgid "Newer posts <span class=\"meta-nav\">&rarr;</span>"
 msgstr ""
 
-#: functions.php:308
+#: functions.php:300
 msgid "Post navigation"
 msgstr ""
 
-#: functions.php:311
+#: functions.php:303
 msgctxt "Previous post link"
 msgid "<span class=\"meta-nav\">&larr;</span> %title"
 msgstr ""
 
-#: functions.php:312
+#: functions.php:304
 msgctxt "Next post link"
 msgid "%title <span class=\"meta-nav\">&rarr;</span>"
 msgstr ""
 
-#: functions.php:332
+#: functions.php:322
 msgid "Sticky"
 msgstr ""
 
 #. Translators: used between list items, there is a space after the comma.
-#: functions.php:338 functions.php:344
+#: functions.php:328 functions.php:334
 msgid ", "
 msgstr ""
 
-#: functions.php:353
+#: functions.php:343
 msgid "View all posts by %s"
 msgstr ""
 
-#: functions.php:373
+#: functions.php:363
 msgctxt "1: post format name. 2: date"
 msgid "%1$s on %2$s"
 msgstr ""
 
-#: functions.php:379
+#: functions.php:369
 msgid "Permalink to %s"
 msgstr ""
 
@@ -278,23 +278,23 @@ msgstr ""
 msgid "Next <span class=\"meta-nav\">&rarr;</span>"
 msgstr ""
 
-#: inc/back-compat.php:41 inc/back-compat.php:53 inc/back-compat.php:68
+#: inc/back-compat.php:37 inc/back-compat.php:47 inc/back-compat.php:60
 msgid ""
 "Twenty Thirteen requires at least WordPress version 3.6. You are running "
 "version %s. Please upgrade and try again."
 msgstr ""
 
-#: inc/custom-header.php:51
+#: inc/custom-header.php:49
 msgctxt "header image description"
 msgid "Circle"
 msgstr ""
 
-#: inc/custom-header.php:56
+#: inc/custom-header.php:54
 msgctxt "header image description"
 msgid "Diamond"
 msgstr ""
 
-#: inc/custom-header.php:61
+#: inc/custom-header.php:59
 msgctxt "header image description"
 msgid "Star"
 msgstr ""

wp-content/themes/twentythirteen/style.css

@@ -4,7 +4,7 @@ Theme URI: http://wordpress.org/themes/twentythirteen
 Author: the WordPress team
 Author URI: http://wordpress.org/
 Description: The 2013 theme for WordPress takes us back to the blog, featuring a full range of post formats, each displayed beautifully in their own unique way. Design details abound, starting with a vibrant color scheme and matching header images, beautiful typography and icons, and a flexible layout that looks great on any device, big or small.
-Version: 1.1
+Version: 1.2
 License: GNU General Public License v2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 Tags: black, brown, orange, tan, white, yellow, light, one-column, two-columns, right-sidebar, fluid-layout, responsive-layout, custom-header, custom-menu, editor-style, featured-images, microformats, post-formats, rtl-language-support, sticky-post, translation-ready

wp-content/themes/twentytwelve/languages/twentytwelve.pot

@@ -2,9 +2,9 @@
 # This file is distributed under the GNU General Public License v2 or later.
 msgid ""
 msgstr ""
-"Project-Id-Version: Twenty Twelve 1.3\n"
+"Project-Id-Version: Twenty Twelve 1.4\n"
 "Report-Msgid-Bugs-To: http://wordpress.org/tags/twentytwelve\n"
-"POT-Creation-Date: 2014-03-18 19:16:25+00:00\n"
+"POT-Creation-Date: 2014-04-16 18:27:55+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -109,7 +109,7 @@ msgstr ""
 
 #: content-aside.php:26 content-image.php:26 content-link.php:24
 #: content-page.php:24 content-quote.php:23 content-status.php:40
-#: content.php:51 functions.php:349 image.php:37
+#: content.php:51 functions.php:345 image.php:37
 msgid "Edit"
 msgstr ""
 
@@ -174,95 +174,95 @@ msgctxt "Open Sans font: add new subset (greek, cyrillic, vietnamese)"
 msgid "no-subset"
 msgstr ""
 
-#: functions.php:215
+#: functions.php:213
 msgid "Page %s"
 msgstr ""
 
-#: functions.php:244
+#: functions.php:242
 msgid "Main Sidebar"
 msgstr ""
 
-#: functions.php:246
+#: functions.php:244
 msgid ""
 "Appears on posts and pages except the optional Front Page template, which "
 "has its own widgets"
 msgstr ""
 
-#: functions.php:254
+#: functions.php:252
 msgid "First Front Page Widget Area"
 msgstr ""
 
-#: functions.php:256 functions.php:266
+#: functions.php:254 functions.php:264
 msgid ""
 "Appears when using the optional Front Page template with a page set as "
 "Static Front Page"
 msgstr ""
 
-#: functions.php:264
+#: functions.php:262
 msgid "Second Front Page Widget Area"
 msgstr ""
 
-#: functions.php:288 single.php:20
+#: functions.php:286 single.php:20
 msgid "Post navigation"
 msgstr ""
 
-#: functions.php:289
+#: functions.php:287
 msgid "<span class=\"meta-nav\">&larr;</span> Older posts"
 msgstr ""
 
-#: functions.php:290
+#: functions.php:288
 msgid "Newer posts <span class=\"meta-nav\">&rarr;</span>"
 msgstr ""
 
-#: functions.php:317
+#: functions.php:313
 msgid "Pingback:"
 msgstr ""
 
-#: functions.php:317
+#: functions.php:313
 msgid "(Edit)"
 msgstr ""
 
-#: functions.php:332
+#: functions.php:328
 msgid "Post author"
 msgstr ""
 
 #. translators: 1: date, 2: time
-#: functions.php:338
+#: functions.php:334
 msgid "%1$s at %2$s"
 msgstr ""
 
-#: functions.php:344
+#: functions.php:340
 msgid "Your comment is awaiting moderation."
 msgstr ""
 
-#: functions.php:353
+#: functions.php:349
 msgid "Reply"
 msgstr ""
 
 #. Translators: used between list items, there is a space after the comma.
-#: functions.php:376 functions.php:379
+#: functions.php:370 functions.php:373
 msgid ", "
 msgstr ""
 
-#: functions.php:390
+#: functions.php:384
 msgid "View all posts by %s"
 msgstr ""
 
 #. Translators: 1 is category, 2 is tag, 3 is the date and 4 is the author's
 #. name.
-#: functions.php:396
+#: functions.php:390
 msgid ""
 "This entry was posted in %1$s and tagged %2$s on %3$s<span class=\"by-author"
 "\"> by %4$s</span>."
 msgstr ""
 
-#: functions.php:398
+#: functions.php:392
 msgid ""
 "This entry was posted in %1$s on %3$s<span class=\"by-author\"> by %4$s</"
 "span>."
 msgstr ""
 
-#: functions.php:400
+#: functions.php:394
 msgid "This entry was posted on %3$s<span class=\"by-author\"> by %4$s</span>."
 msgstr ""
 

wp-content/themes/twentytwelve/style.css

@@ -4,7 +4,7 @@ Theme URI: http://wordpress.org/themes/twentytwelve
 Author: the WordPress team
 Author URI: http://wordpress.org/
 Description: The 2012 theme for WordPress is a fully responsive theme that looks great on any device. Features include a front page template with its own widgets, an optional display font, styling for post formats on both index and single views, and an optional no-sidebar page template. Make it yours with a custom menu, header image, and background.
-Version: 1.3
+Version: 1.4
 License: GNU General Public License v2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 Tags: light, gray, white, one-column, two-columns, right-sidebar, fluid-layout, responsive-layout, custom-background, custom-header, custom-menu, editor-style, featured-images, flexible-header, full-width-template, microformats, post-formats, rtl-language-support, sticky-post, theme-options, translation-ready

wp-includes/ID3/getid3.lib.php

@@ -519,11 +519,12 @@ class getid3_lib
 	}
 
 	public static function XML2array($XMLstring) {
-		if (function_exists('simplexml_load_string')) {
-			if (function_exists('get_object_vars')) {
-				$XMLobject = simplexml_load_string($XMLstring);
-				return self::SimpleXMLelement2array($XMLobject);
-			}
+		if ( function_exists( 'simplexml_load_string' ) && function_exists( 'libxml_disable_entity_loader' ) ) {
+			$loader = libxml_disable_entity_loader( true );
+			$XMLobject = simplexml_load_string( $XMLstring, 'SimpleXMLElement', LIBXML_NOENT );
+			$return = self::SimpleXMLelement2array( $XMLobject );
+			libxml_disable_entity_loader( $loader );
+			return $return;
 		}
 		return false;
 	}

wp-includes/capabilities.php

@@ -1347,21 +1347,25 @@ function current_user_can( $capability ) {
  * @return bool
  */
 function current_user_can_for_blog( $blog_id, $capability ) {
-	if ( is_multisite() )
-		switch_to_blog( $blog_id );
+	$switched = is_multisite() ? switch_to_blog( $blog_id ) : false;
 
 	$current_user = wp_get_current_user();
 
-	if ( empty( $current_user ) )
+	if ( empty( $current_user ) ) {
+		if ( $switched ) {
+			restore_current_blog();
+		}
 		return false;
+	}
 
 	$args = array_slice( func_get_args(), 2 );
 	$args = array_merge( array( $capability ), $args );
 
 	$can = call_user_func_array( array( $current_user, 'has_cap' ), $args );
 
-	if ( is_multisite() )
+	if ( $switched ) {
 		restore_current_blog();
+	}
 
 	return $can;
 }

wp-includes/class-IXR.php

@@ -203,11 +203,37 @@ class IXR_Message
     {
         // first remove the XML declaration
         // merged from WP #10698 - this method avoids the RAM usage of preg_replace on very large messages
-        $header = preg_replace( '/<\?xml.*?\?'.'>/', '', substr($this->message, 0, 100), 1);
-        $this->message = substr_replace($this->message, $header, 0, 100);
-        if (trim($this->message) == '') {
+        $header = preg_replace( '/<\?xml.*?\?'.'>/s', '', substr( $this->message, 0, 100 ), 1 );
+        $this->message = trim( substr_replace( $this->message, $header, 0, 100 ) );
+        if ( '' == $this->message ) {
             return false;
         }
+
+        // Then remove the DOCTYPE
+        $header = preg_replace( '/^<!DOCTYPE[^>]*+>/i', '', substr( $this->message, 0, 200 ), 1 );
+        $this->message = trim( substr_replace( $this->message, $header, 0, 200 ) );
+        if ( '' == $this->message ) {
+            return false;
+        }
+
+        // Check that the root tag is valid
+        $root_tag = substr( $this->message, 0, strcspn( substr( $this->message, 0, 20 ), "> \t\r\n" ) );
+        if ( '<!DOCTYPE' === strtoupper( $root_tag ) ) {
+            return false;
+        }
+        if ( ! in_array( $root_tag, array( '<methodCall', '<methodResponse', '<fault' ) ) ) {
+            return false;
+        }
+
+        // Bail if there are too many elements to parse
+        $element_limit = 30000;
+        if ( function_exists( 'apply_filters' ) ) {
+            $element_limit = apply_filters( 'xmlrpc_element_limit', $element_limit );
+        }
+        if ( $element_limit && 2 * $element_limit < substr_count( $this->message, '<' ) ) {
+            return false;
+        }
+
         $this->_parser = xml_parser_create();
         // Set XML parser to take the case of tags in to account
         xml_parser_set_option($this->_parser, XML_OPTION_CASE_FOLDING, false);

wp-includes/class-phpass.php

@@ -214,6 +214,10 @@ class PasswordHash {
 
 	function HashPassword($password)
 	{
+		if ( strlen( $password ) > 4096 ) {
+			return '*';
+		}
+
 		$random = '';
 
 		if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
@@ -249,6 +253,10 @@ class PasswordHash {
 
 	function CheckPassword($password, $stored_hash)
 	{
+		if ( strlen( $password ) > 4096 ) {
+			return false;
+		}
+
 		$hash = $this->crypt_private($password, $stored_hash);
 		if ($hash[0] == '*')
 			$hash = crypt($password, $stored_hash);

wp-includes/class-wp-customize-widgets.php

@@ -1119,22 +1119,19 @@ final class WP_Customize_Widgets {
 	}
 
 	/**
-	 * Get a widget instance's hash key.
+	 * Get MAC for a serialized widget instance string.
 	 *
-	 * Serialize an instance and hash it with the AUTH_KEY; when a JS value is
-	 * posted back to save, this instance hash key is used to ensure that the
-	 * serialized_instance was not tampered with, but that it had originated
-	 * from WordPress and so is sanitized.
+	 * Allows values posted back from JS to be rejected if any tampering of the
+	 * data has occurred.
 	 *
 	 * @since 3.9.0
 	 * @access protected
 	 *
-	 * @param array $instance Widget instance.
-	 * @return string Widget instance's hash key.
+	 * @param string $serialized_instance Widget instance.
+	 * @return string MAC for serialized widget instance.
 	 */
-	protected function get_instance_hash_key( $instance ) {
-		$hash = md5( AUTH_KEY . serialize( $instance ) );
-		return $hash;
+	protected function get_instance_hash_key( $serialized_instance ) {
+		return wp_hash( $serialized_instance );
 	}
 
 	/**
@@ -1162,18 +1159,19 @@ final class WP_Customize_Widgets {
 		}
 
 		$decoded = base64_decode( $value['encoded_serialized_instance'], true );
-
 		if ( false === $decoded ) {
 			return null;
 		}
-		$instance = unserialize( $decoded );
 
+		if ( $this->get_instance_hash_key( $decoded ) !== $value['instance_hash_key'] ) {
+			return null;
+		}
+
+		$instance = unserialize( $decoded );
 		if ( false === $instance ) {
 			return null;
 		}
-		if ( $this->get_instance_hash_key( $instance ) !== $value['instance_hash_key'] ) {
-			return null;
-		}
+
 		return $instance;
 	}
 
@@ -1194,7 +1192,7 @@ final class WP_Customize_Widgets {
 				'encoded_serialized_instance'   => base64_encode( $serialized ),
 				'title'                         => empty( $value['title'] ) ? '' : $value['title'],
 				'is_widget_customizer_js_value' => true,
-				'instance_hash_key'             => $this->get_instance_hash_key( $value ),
+				'instance_hash_key'             => $this->get_instance_hash_key( $serialized ),
 			);
 		}
 		return $value;

wp-includes/class-wp-editor.php

@@ -103,12 +103,6 @@ final class _WP_Editors {
 			// A cookie (set when a user resizes the editor) overrides the height.
 			$cookie = (int) get_user_setting( 'ed_size' );
 
-			// Upgrade an old TinyMCE cookie if it is still around, and the new one isn't.
-			if ( ! $cookie && isset( $_COOKIE['TinyMCE_content_size'] ) ) {
-				parse_str( $_COOKIE['TinyMCE_content_size'], $cookie );
- 				$cookie = $cookie['ch'];
-			}
-
 			if ( $cookie )
 				$set['editor_height'] = $cookie;
 		}
@@ -241,11 +235,11 @@ final class _WP_Editors {
 
 		if ( empty(self::$first_init) ) {
 			if ( is_admin() ) {
-				add_action( 'admin_print_footer_scripts', array( __CLASS__, 'editor_js'), 50 );
-				add_action( 'admin_footer', array( __CLASS__, 'enqueue_scripts'), 1 );
+				add_action( 'admin_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 );
+				add_action( 'admin_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 );
 			} else {
-				add_action( 'wp_print_footer_scripts', array( __CLASS__, 'editor_js'), 50 );
-				add_action( 'wp_footer', array( __CLASS__, 'enqueue_scripts'), 1 );
+				add_action( 'wp_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 );
+				add_action( 'wp_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 );
 			}
 		}
 

wp-includes/compat.php

@@ -94,3 +94,32 @@ if ( !function_exists('json_decode') ) {
 		return is_array($data) ? array_map(__FUNCTION__, $data) : $data;
 	}
 }
+
+if ( ! function_exists( 'hash_equals' ) ) :
+/**
+ * Compare two strings in constant time.
+ *
+ * This function was added in PHP 5.6.
+ * It can leak the length of a string.
+ *
+ * @since 3.9.2
+ *
+ * @param string $a Expected string.
+ * @param string $b Actual string.
+ * @return bool Whether strings are equal.
+ */
+function hash_equals( $a, $b ) {
+	$a_length = strlen( $a );
+	if ( $a_length !== strlen( $b ) ) {
+		return false;
+	}
+	$result = 0;
+
+	// Do not attempt to "optimize" this.
+	for ( $i = 0; $i < $a_length; $i++ ) {
+		$result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
+	}
+
+	return $result === 0;
+}
+endif;

wp-includes/css/editor-rtl.css

@@ -279,6 +279,10 @@ div.mce-path {
     border-color: #bbb;
 }
 
+.mce-toolbar .mce-btn-group .mce-btn.mce-listbox span {
+	font-size: 13px;
+}
+
 .mce-panel .mce-btn i.mce-caret {
 	border-top: 6px solid #777;
 	margin-right: 2px;

wp-includes/css/editor.css

@@ -279,6 +279,10 @@ div.mce-path {
     border-color: #bbb;
 }
 
+.mce-toolbar .mce-btn-group .mce-btn.mce-listbox span {
+	font-size: 13px;
+}
+
 .mce-panel .mce-btn i.mce-caret {
 	border-top: 6px solid #777;
 	margin-left: 2px;

wp-includes/css/media-views-rtl.css

@@ -1781,7 +1781,8 @@
 	margin-top: 24px;
 }
 
-.media-embed .setting input.hidden {
+.media-embed .setting input.hidden,
+.media-embed .setting textarea.hidden {
 	display: none;
 }
 

wp-includes/css/media-views.css

@@ -1781,7 +1781,8 @@
 	margin-top: 24px;
 }
 
-.media-embed .setting input.hidden {
+.media-embed .setting input.hidden,
+.media-embed .setting textarea.hidden {
 	display: none;
 }
 

wp-includes/default-widgets.php

@@ -732,7 +732,7 @@ class WP_Widget_Recent_Posts extends WP_Widget {
 			$cache[ $args['widget_id'] ] = ob_get_flush();
 			wp_cache_set( 'widget_recent_posts', $cache, 'widget' );
 		} else {
-			ob_flush();
+			ob_end_flush();
 		}
 	}
 
@@ -1348,11 +1348,12 @@ class WP_Widget_Tag_Cloud extends WP_Widget {
 		<p>
 			<label for="<?php echo $this->get_field_id('nav_menu'); ?>"><?php _e('Select Menu:'); ?></label>
 			<select id="<?php echo $this->get_field_id('nav_menu'); ?>" name="<?php echo $this->get_field_name('nav_menu'); ?>">
+				<option value="0"><?php _e( '&mdash; Select &mdash;' ) ?></option>
 		<?php
 			foreach ( $menus as $menu ) {
 				echo '<option value="' . $menu->term_id . '"'
 					. selected( $nav_menu, $menu->term_id, false )
-					. '>'. $menu->name . '</option>';
+					. '>'. esc_html( $menu->name ) . '</option>';
 			}
 		?>
 			</select>

wp-includes/formatting.php

@@ -152,7 +152,14 @@ function wptexturize($text) {
 	$no_texturize_tags_stack = array();
 	$no_texturize_shortcodes_stack = array();
 
-	$textarr = preg_split('/(<.*>|\[.*\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
+	// Look for shortcodes and HTML elements.
+	
+	$shortcode_regex =
+		  '\['          // Find start of shortcode.
+		. '[^\[\]<>]++' // Shortcodes do not contain other shortcodes. Possessive critical.
+		. '\]';         // Find end of shortcode.
+
+	$textarr = preg_split("/(<[^>]*>|$shortcode_regex)/s", $text, -1, PREG_SPLIT_DELIM_CAPTURE);
 
 	foreach ( $textarr as &$curl ) {
 		if ( empty( $curl ) ) {
@@ -163,7 +170,7 @@ function wptexturize($text) {
 		$first = $curl[0];
 		if ( '<' === $first ) {
 			_wptexturize_pushpop_element($curl, $no_texturize_tags_stack, $no_texturize_tags, '<', '>');
-		} elseif ( '[' === $first ) {
+		} elseif ( '[' === $first && 1 === preg_match( '/^' . $shortcode_regex . '$/', $curl ) ) {
 			_wptexturize_pushpop_element($curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']');
 		} elseif ( empty($no_texturize_shortcodes_stack) && empty($no_texturize_tags_stack) ) {
 
@@ -214,6 +221,8 @@ function _wptexturize_pushpop_element($text, &$stack, $disabled_elements, $openi
 
 			array_push($stack, $matches[1]);
 		}
+	} elseif ( 0 == count( $stack ) ) {
+		// Stack is empty. Just stop.
 	} else {
 		// Closing? Check $text+2 against disabled elements
 		$c = preg_quote($closing, '/');
@@ -1169,21 +1178,23 @@ function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'displa
 }
 
 /**
- * Ensures a string is a valid SQL order by clause.
+ * Ensures a string is a valid SQL 'order by' clause.
  *
- * Accepts one or more columns, with or without ASC/DESC, and also accepts
- * RAND().
+ * Accepts one or more columns, with or without a sort order (ASC / DESC).
+ * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
+ *
+ * Also accepts 'RAND()'.
  *
  * @since 2.5.1
  *
- * @param string $orderby Order by string to be checked.
- * @return string|bool Returns the order by clause if it is a match, false otherwise.
+ * @param string $orderby Order by clause to be validated.
+ * @return string|bool Returns $orderby if valid, false otherwise.
  */
-function sanitize_sql_orderby( $orderby ){
-	preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
-	if ( !$obmatches )
-		return false;
-	return $orderby;
+function sanitize_sql_orderby( $orderby ) {
+	if ( preg_match( '/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby ) || preg_match( '/^\s*RAND\(\s*\)\s*$/i', $orderby ) ) {
+		return $orderby;
+	}
+	return false;
 }
 
 /**

wp-includes/http.php

@@ -451,8 +451,9 @@ function send_origin_headers() {
  * @return mixed URL or false on failure.
  */
 function wp_http_validate_url( $url ) {
+	$original_url = $url;
 	$url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) );
-	if ( ! $url )
+	if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) )
 		return false;
 
 	$parsed_url = @parse_url( $url );
@@ -462,7 +463,7 @@ function wp_http_validate_url( $url ) {
 	if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) )
 		return false;
 
-	if ( false !== strpos( $parsed_url['host'], ':' ) )
+	if ( false !== strpbrk( $parsed_url['host'], ':#?[]' ) )
 		return false;
 
 	$parsed_home = @parse_url( get_option( 'home' ) );
@@ -480,8 +481,7 @@ function wp_http_validate_url( $url ) {
 		}
 		if ( $ip ) {
 			$parts = array_map( 'intval', explode( '.', $ip ) );
-			if ( '127.0.0.1' === $ip
-				|| ( 10 === $parts[0] )
+			if ( 127 === $parts[0] || 10 === $parts[0]
 				|| ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
 				|| ( 192 === $parts[0] && 168 === $parts[1] )
 			) {

wp-includes/js/customize-models.js

@@ -113,6 +113,10 @@
 				return false;
 			}
 
+			if (this.get('imageWidth') <= this.get('themeWidth')) {
+				return false;
+			}
+
 			return true;
 		}
 	});

wp-includes/js/customize-models.min.js

@@ -1 +1 @@
-!function(a,b){var c=b.customize;c.HeaderTool={},c.HeaderTool.ImageModel=Backbone.Model.extend({defaults:function(){return{header:{attachment_id:0,url:"",timestamp:_.now(),thumbnail_url:""},choice:"",selected:!1,random:!1}},initialize:function(){this.on("hide",this.hide,this)},hide:function(){this.set("choice",""),c("header_image").set("remove-header"),c("header_image_data").set("remove-header")},destroy:function(){var a=this.get("header"),d=c.HeaderTool.currentHeader.get("header").attachment_id;d&&a.attachment_id===d&&c.HeaderTool.currentHeader.trigger("hide"),b.ajax.post("custom-header-remove",{nonce:_wpCustomizeHeader.nonces.remove,wp_customize:"on",theme:c.settings.theme.stylesheet,attachment_id:a.attachment_id}),this.trigger("destroy",this,this.collection)},save:function(){this.get("random")?(c("header_image").set(this.get("header").random),c("header_image_data").set(this.get("header").random)):this.get("header").defaultName?(c("header_image").set(this.get("header").url),c("header_image_data").set(this.get("header").defaultName)):(c("header_image").set(this.get("header").url),c("header_image_data").set(this.get("header"))),c.HeaderTool.combinedList.trigger("control:setImage",this)},importImage:function(){var a=this.get("header");void 0!==a.attachment_id&&b.ajax.post("custom-header-add",{nonce:_wpCustomizeHeader.nonces.add,wp_customize:"on",theme:c.settings.theme.stylesheet,attachment_id:a.attachment_id})},shouldBeCropped:function(){return this.get("themeFlexWidth")===!0&&this.get("themeFlexHeight")===!0?!1:this.get("themeFlexWidth")===!0&&this.get("themeHeight")===this.get("imageHeight")?!1:this.get("themeFlexHeight")===!0&&this.get("themeWidth")===this.get("imageWidth")?!1:this.get("themeWidth")===this.get("imageWidth")&&this.get("themeHeight")===this.get("imageHeight")?!1:!0}}),c.HeaderTool.ChoiceList=Backbone.Collection.extend({model:c.HeaderTool.ImageModel,comparator:function(a){return-a.get("header").timestamp},initialize:function(){var a=c.HeaderTool.currentHeader.get("choice").replace(/^https?:\/\//,""),b=this.isRandomChoice(c.get().header_image);this.type||(this.type="uploaded"),"undefined"==typeof this.data&&(this.data=_wpCustomizeHeader.uploads),b&&(a=c.get().header_image),this.on("control:setImage",this.setImage,this),this.on("control:removeImage",this.removeImage,this),this.on("add",this.maybeAddRandomChoice,this),_.each(this.data,function(b,c){b.attachment_id||(b.defaultName=c),"undefined"==typeof b.timestamp&&(b.timestamp=0),this.add({header:b,choice:b.url.split("/").pop(),selected:a===b.url.replace(/^https?:\/\//,"")},{silent:!0})},this),this.size()>0&&this.addRandomChoice(a)},maybeAddRandomChoice:function(){1===this.size()&&this.addRandomChoice()},addRandomChoice:function(a){var b=RegExp(this.type).test(a),c="random-"+this.type+"-image";this.add({header:{timestamp:0,random:c,width:245,height:41},choice:c,random:!0,selected:b})},isRandomChoice:function(a){return/^random-(uploaded|default)-image$/.test(a)},shouldHideTitle:function(){return this.size()<2},setImage:function(a){this.each(function(a){a.set("selected",!1)}),a&&a.set("selected",!0)},removeImage:function(){this.each(function(a){a.set("selected",!1)})}}),c.HeaderTool.DefaultsList=c.HeaderTool.ChoiceList.extend({initialize:function(){this.type="default",this.data=_wpCustomizeHeader.defaults,c.HeaderTool.ChoiceList.prototype.initialize.apply(this)}})}(jQuery,window.wp);
+!function(a,b){var c=b.customize;c.HeaderTool={},c.HeaderTool.ImageModel=Backbone.Model.extend({defaults:function(){return{header:{attachment_id:0,url:"",timestamp:_.now(),thumbnail_url:""},choice:"",selected:!1,random:!1}},initialize:function(){this.on("hide",this.hide,this)},hide:function(){this.set("choice",""),c("header_image").set("remove-header"),c("header_image_data").set("remove-header")},destroy:function(){var a=this.get("header"),d=c.HeaderTool.currentHeader.get("header").attachment_id;d&&a.attachment_id===d&&c.HeaderTool.currentHeader.trigger("hide"),b.ajax.post("custom-header-remove",{nonce:_wpCustomizeHeader.nonces.remove,wp_customize:"on",theme:c.settings.theme.stylesheet,attachment_id:a.attachment_id}),this.trigger("destroy",this,this.collection)},save:function(){this.get("random")?(c("header_image").set(this.get("header").random),c("header_image_data").set(this.get("header").random)):this.get("header").defaultName?(c("header_image").set(this.get("header").url),c("header_image_data").set(this.get("header").defaultName)):(c("header_image").set(this.get("header").url),c("header_image_data").set(this.get("header"))),c.HeaderTool.combinedList.trigger("control:setImage",this)},importImage:function(){var a=this.get("header");void 0!==a.attachment_id&&b.ajax.post("custom-header-add",{nonce:_wpCustomizeHeader.nonces.add,wp_customize:"on",theme:c.settings.theme.stylesheet,attachment_id:a.attachment_id})},shouldBeCropped:function(){return this.get("themeFlexWidth")===!0&&this.get("themeFlexHeight")===!0?!1:this.get("themeFlexWidth")===!0&&this.get("themeHeight")===this.get("imageHeight")?!1:this.get("themeFlexHeight")===!0&&this.get("themeWidth")===this.get("imageWidth")?!1:this.get("themeWidth")===this.get("imageWidth")&&this.get("themeHeight")===this.get("imageHeight")?!1:this.get("imageWidth")<=this.get("themeWidth")?!1:!0}}),c.HeaderTool.ChoiceList=Backbone.Collection.extend({model:c.HeaderTool.ImageModel,comparator:function(a){return-a.get("header").timestamp},initialize:function(){var a=c.HeaderTool.currentHeader.get("choice").replace(/^https?:\/\//,""),b=this.isRandomChoice(c.get().header_image);this.type||(this.type="uploaded"),"undefined"==typeof this.data&&(this.data=_wpCustomizeHeader.uploads),b&&(a=c.get().header_image),this.on("control:setImage",this.setImage,this),this.on("control:removeImage",this.removeImage,this),this.on("add",this.maybeAddRandomChoice,this),_.each(this.data,function(b,c){b.attachment_id||(b.defaultName=c),"undefined"==typeof b.timestamp&&(b.timestamp=0),this.add({header:b,choice:b.url.split("/").pop(),selected:a===b.url.replace(/^https?:\/\//,"")},{silent:!0})},this),this.size()>0&&this.addRandomChoice(a)},maybeAddRandomChoice:function(){1===this.size()&&this.addRandomChoice()},addRandomChoice:function(a){var b=RegExp(this.type).test(a),c="random-"+this.type+"-image";this.add({header:{timestamp:0,random:c,width:245,height:41},choice:c,random:!0,selected:b})},isRandomChoice:function(a){return/^random-(uploaded|default)-image$/.test(a)},shouldHideTitle:function(){return this.size()<2},setImage:function(a){this.each(function(a){a.set("selected",!1)}),a&&a.set("selected",!0)},removeImage:function(){this.each(function(a){a.set("selected",!1)})}}),c.HeaderTool.DefaultsList=c.HeaderTool.ChoiceList.extend({initialize:function(){this.type="default",this.data=_wpCustomizeHeader.defaults,c.HeaderTool.ChoiceList.prototype.initialize.apply(this)}})}(jQuery,window.wp);

wp-includes/js/customize-views.js

@@ -70,7 +70,7 @@
 		},
 
 		setButtons: function() {
-			var elements = $('.actions .remove');
+			var elements = $('#customize-control-header_image .actions .remove');
 			if (this.model.get('choice')) {
 				elements.show();
 			} else {

wp-includes/js/customize-views.min.js

@@ -1 +1 @@
-!function(a,b,c){if(b&&b.customize){var d=b.customize;d.HeaderTool.CurrentView=b.Backbone.View.extend({template:b.template("header-current"),initialize:function(){this.listenTo(this.model,"change",this.render),this.render()},render:function(){return this.$el.html(this.template(this.model.toJSON())),this.setPlaceholder(),this.setButtons(),this},getHeight:function(){var a,b,c,e=this.$el.find("img");return e.length?(this.$el.find(".inner").hide(),a=this.model.get("savedHeight"),b=e.height()||a,b||(c=d.get().header_image_data,b=c&&c.width&&c.height?260/c.width*c.height:40),b):(this.$el.find(".inner").show(),40)},setPlaceholder:function(a){var b=a||this.getHeight();this.model.set("savedHeight",b),this.$el.add(this.$el.find(".placeholder")).height(b)},setButtons:function(){var b=a(".actions .remove");this.model.get("choice")?b.show():b.hide()}}),d.HeaderTool.ChoiceView=b.Backbone.View.extend({template:b.template("header-choice"),className:"header-view",events:{"click .choice,.random":"select","click .close":"removeImage"},initialize:function(){var a=[this.model.get("header").url,this.model.get("choice")];this.listenTo(this.model,"change:selected",this.toggleSelected),c.contains(a,d.get().header_image)&&d.HeaderTool.currentHeader.set(this.extendedModel())},render:function(){return this.$el.html(this.template(this.extendedModel())),this.toggleSelected(),this},toggleSelected:function(){this.$el.toggleClass("selected",this.model.get("selected"))},extendedModel:function(){var a=this.model.get("collection");return c.extend(this.model.toJSON(),{type:a.type})},getHeight:d.HeaderTool.CurrentView.prototype.getHeight,setPlaceholder:d.HeaderTool.CurrentView.prototype.setPlaceholder,select:function(){this.preventJump(),this.model.save(),d.HeaderTool.currentHeader.set(this.extendedModel())},preventJump:function(){var b=a(".wp-full-overlay-sidebar-content"),d=b.scrollTop();c.defer(function(){b.scrollTop(d)})},removeImage:function(a){a.stopPropagation(),this.model.destroy(),this.remove()}}),d.HeaderTool.ChoiceListView=b.Backbone.View.extend({initialize:function(){this.listenTo(this.collection,"add",this.addOne),this.listenTo(this.collection,"remove",this.render),this.listenTo(this.collection,"sort",this.render),this.listenTo(this.collection,"change",this.toggleList),this.render()},render:function(){this.$el.empty(),this.collection.each(this.addOne,this),this.toggleList()},addOne:function(a){var b;a.set({collection:this.collection}),b=new d.HeaderTool.ChoiceView({model:a}),this.$el.append(b.render().el)},toggleList:function(){var a=this.$el.parents().prev(".customize-control-title"),b=this.$el.find(".random").parent();this.collection.shouldHideTitle()?a.add(b).hide():a.add(b).show()}}),d.HeaderTool.CombinedList=b.Backbone.View.extend({initialize:function(a){this.collections=a,this.on("all",this.propagate,this)},propagate:function(a,b){c.each(this.collections,function(c){c.trigger(a,b)})}})}}(jQuery,window.wp,_);
+!function(a,b,c){if(b&&b.customize){var d=b.customize;d.HeaderTool.CurrentView=b.Backbone.View.extend({template:b.template("header-current"),initialize:function(){this.listenTo(this.model,"change",this.render),this.render()},render:function(){return this.$el.html(this.template(this.model.toJSON())),this.setPlaceholder(),this.setButtons(),this},getHeight:function(){var a,b,c,e=this.$el.find("img");return e.length?(this.$el.find(".inner").hide(),a=this.model.get("savedHeight"),b=e.height()||a,b||(c=d.get().header_image_data,b=c&&c.width&&c.height?260/c.width*c.height:40),b):(this.$el.find(".inner").show(),40)},setPlaceholder:function(a){var b=a||this.getHeight();this.model.set("savedHeight",b),this.$el.add(this.$el.find(".placeholder")).height(b)},setButtons:function(){var b=a("#customize-control-header_image .actions .remove");this.model.get("choice")?b.show():b.hide()}}),d.HeaderTool.ChoiceView=b.Backbone.View.extend({template:b.template("header-choice"),className:"header-view",events:{"click .choice,.random":"select","click .close":"removeImage"},initialize:function(){var a=[this.model.get("header").url,this.model.get("choice")];this.listenTo(this.model,"change:selected",this.toggleSelected),c.contains(a,d.get().header_image)&&d.HeaderTool.currentHeader.set(this.extendedModel())},render:function(){return this.$el.html(this.template(this.extendedModel())),this.toggleSelected(),this},toggleSelected:function(){this.$el.toggleClass("selected",this.model.get("selected"))},extendedModel:function(){var a=this.model.get("collection");return c.extend(this.model.toJSON(),{type:a.type})},getHeight:d.HeaderTool.CurrentView.prototype.getHeight,setPlaceholder:d.HeaderTool.CurrentView.prototype.setPlaceholder,select:function(){this.preventJump(),this.model.save(),d.HeaderTool.currentHeader.set(this.extendedModel())},preventJump:function(){var b=a(".wp-full-overlay-sidebar-content"),d=b.scrollTop();c.defer(function(){b.scrollTop(d)})},removeImage:function(a){a.stopPropagation(),this.model.destroy(),this.remove()}}),d.HeaderTool.ChoiceListView=b.Backbone.View.extend({initialize:function(){this.listenTo(this.collection,"add",this.addOne),this.listenTo(this.collection,"remove",this.render),this.listenTo(this.collection,"sort",this.render),this.listenTo(this.collection,"change",this.toggleList),this.render()},render:function(){this.$el.empty(),this.collection.each(this.addOne,this),this.toggleList()},addOne:function(a){var b;a.set({collection:this.collection}),b=new d.HeaderTool.ChoiceView({model:a}),this.$el.append(b.render().el)},toggleList:function(){var a=this.$el.parents().prev(".customize-control-title"),b=this.$el.find(".random").parent();this.collection.shouldHideTitle()?a.add(b).hide():a.add(b).show()}}),d.HeaderTool.CombinedList=b.Backbone.View.extend({initialize:function(a){this.collections=a,this.on("all",this.propagate,this)},propagate:function(a,b){c.each(this.collections,function(c){c.trigger(a,b)})}})}}(jQuery,window.wp,_);

wp-includes/js/mce-view.js

@@ -451,10 +451,6 @@ window.wp = window.wp || {};
 				firefox = this.ua.is( 'ff' ),
 				className = '.wp-' +  this.shortcode.tag + '-shortcode';
 
-			if ( this.player ) {
-				this.unsetPlayer();
-			}
-
 			media = $( node ).find( className );
 
 			if ( ! this.isCompatible( media ) ) {
@@ -487,20 +483,17 @@ window.wp = window.wp || {};
 		 * @returns {string}
 		 */
 		getHtml: function() {
-			var attrs = _.defaults(
-				this.shortcode.attrs.named,
-				wp.media[ this.shortcode.tag ].defaults
-			);
-			return this.template({ model: attrs });
+			var attrs = this.shortcode.attrs.named;
+			attrs.content = this.shortcode.content;
+
+			return this.template({ model: _.defaults(
+				attrs,
+				wp.media[ this.shortcode.tag ].defaults )
+			});
 		},
 
 		unbind: function() {
-			var self = this;
-			this.pauseAllPlayers();
-			_.each( this.players, function (player) {
-				self.removePlayer( player );
-			} );
-			this.players = [];
+			this.unsetPlayers();
 		}
 	});
 	_.extend( wp.mce.media.View.prototype, wp.media.mixin );
@@ -547,22 +540,10 @@ window.wp = window.wp || {};
 		template:  media.template('editor-playlist'),
 
 		initialize: function( options ) {
+			this.players = [];
 			this.data = {};
 			this.attachments = [];
 			this.shortcode = options.shortcode;
-			_.bindAll( this, 'setPlayer' );
-			$(this).on('ready', this.setNode);
-		},
-
-		/**
-		 * Set the element context for the view, and then fetch the playlist's
-		 *   associated attachments.
-		 *
-		 * @param {Event} e
-		 * @param {HTMLElement} node
-		 */
-		setNode: function(e, node) {
-			this.node = node;
 			this.fetch();
 		},
 
@@ -571,7 +552,7 @@ window.wp = window.wp || {};
 		 */
 		fetch: function() {
 			this.attachments = wp.media.playlist.attachments( this.shortcode );
-			this.attachments.more().done( this.setPlayer );
+			this.dfd = this.attachments.more().done( _.bind( this.render, this ) );
 		},
 
 		/**
@@ -582,36 +563,31 @@ window.wp = window.wp || {};
 		 * @global WPPlaylistView
 		 * @global tinymce.editors
 		 */
-		setPlayer: function() {
-			var p,
-				html = this.getHtml(),
-				t = this.encodedText,
-				self = this;
-
-			this.unsetPlayer();
+		render: function() {
+			var html = this.getHtml(), self = this;
 
 			_.each( tinymce.editors, function( editor ) {
 				var doc;
 				if ( editor.plugins.wpview ) {
 					doc = editor.getDoc();
-					$( doc ).find( '[data-wpview-text="' + t + '"]' ).each(function(i, elem) {
+					$( doc ).find( '[data-wpview-text="' + this.encodedText + '"]' ).each(function (i, elem) {
 						var node = $( elem );
-						node.html( html );
-						self.node = elem;
+
+						// The <ins> is used to mark the end of the wrapper div. Needed when comparing
+						// the content as string for preventing extra undo levels.
+						node.html( html ).append( '<ins data-wpview-end="1"></ins>' );
+
+						if ( ! self.data.tracks ) {
+							return;
+						}
+
+						self.players.push( new WPPlaylistView({
+							el: $( elem ).find( '.wp-playlist' ).get(0),
+							metadata: self.data
+						}).player );
 					});
 				}
 			}, this );
-
-			if ( ! this.data.tracks ) {
-				return;
-			}
-
-			p = new WPPlaylistView({
-				el: $( self.node ).find( '.wp-playlist' ).get(0),
-				metadata: this.data
-			});
-
-			this.player = p._player;
 		},
 
 		/**
@@ -695,6 +671,10 @@ window.wp = window.wp || {};
 			this.data = options;
 
 			return this.template( options );
+		},
+
+		unbind: function() {
+			this.unsetPlayers();
 		}
 	});
 	_.extend( wp.mce.media.PlaylistView.prototype, wp.media.mixin );

wp-includes/js/media-audiovideo.js

@@ -162,11 +162,13 @@
 		 *
 		 *  Examples: modal closes, shortcode properties are removed, etc.
 		 */
-		unsetPlayer : function() {
-			if ( this.player ) {
+		unsetPlayers : function() {
+			if ( this.players && this.players.length ) {
 				wp.media.mixin.pauseAllPlayers();
-				wp.media.mixin.removePlayer( this.player );
-				this.player = false;
+				_.each( this.players, function (player) {
+					wp.media.mixin.removePlayer( player );
+				} );
+				this.players = [];
 			}
 		}
 	};
@@ -705,10 +707,10 @@
 	media.view.MediaDetails = media.view.Settings.AttachmentDisplay.extend({
 		initialize: function() {
 			_.bindAll(this, 'success');
-
-			this.listenTo( this.controller, 'close', media.mixin.unsetPlayer );
+			this.players = [];
+			this.listenTo( this.controller, 'close', media.mixin.unsetPlayers );
 			this.on( 'ready', this.setPlayer );
-			this.on( 'media:setting:remove', media.mixin.unsetPlayer, this );
+			this.on( 'media:setting:remove', media.mixin.unsetPlayers, this );
 			this.on( 'media:setting:remove', this.render );
 			this.on( 'media:setting:remove', this.setPlayer );
 			this.events = _.extend( this.events, {
@@ -764,8 +766,8 @@
 		 * @global MediaElementPlayer
 		 */
 		setPlayer : function() {
-			if ( ! this.player && this.media ) {
-				this.player = new MediaElementPlayer( this.media, this.settings );
+			if ( ! this.players.length && this.media ) {
+				this.players.push( new MediaElementPlayer( this.media, this.settings ) );
 			}
 		},
 

wp-includes/js/media-views.js

@@ -2175,7 +2175,7 @@
 					library:        options.selection,
 					editing:        options.editing,
 					menu:           'video-playlist',
-					dragInfoText:   l10n.playlistDragInfo,
+					dragInfoText:   l10n.videoPlaylistDragInfo,
 					dragInfo:       false
 				}),
 
@@ -3270,6 +3270,7 @@
 		localDrag: false,
 		overContainer: false,
 		overDropzone: false,
+		draggingFile: null,
 
 		initialize: function() {
 			var self = this;
@@ -3309,6 +3310,21 @@
 			return supports;
 		},
 
+		isDraggingFile: function( event ) {
+			if ( this.draggingFile !== null ) {
+				return this.draggingFile;
+			}
+
+			if ( _.isUndefined( event.originalEvent ) || _.isUndefined( event.originalEvent.dataTransfer ) ) {
+				return false;
+			}
+
+			this.draggingFile = _.indexOf( event.originalEvent.dataTransfer.types, 'Files' ) > -1 &&
+				_.indexOf( event.originalEvent.dataTransfer.types, 'text/plain' ) === -1;
+
+			return this.draggingFile;
+		},
+
 		refresh: function( e ) {
 			var dropzone_id;
 			for ( dropzone_id in this.dropzones ) {
@@ -3320,6 +3336,10 @@
 				$( e.target ).closest( '.uploader-editor' ).toggleClass( 'droppable', this.overDropzone );
 			}
 
+			if ( ! this.overContainer && ! this.overDropzone ) {
+				this.draggingFile = null;
+			}
+
 			return this;
 		},
 
@@ -3383,8 +3403,8 @@
 			return this;
 		},
 
-		containerDragover: function() {
-			if ( this.localDrag ) {
+		containerDragover: function( event ) {
+			if ( this.localDrag || ! this.isDraggingFile( event ) ) {
 				return;
 			}
 
@@ -3399,13 +3419,13 @@
 			_.delay( _.bind( this.refresh, this ), 50 );
 		},
 
-		dropzoneDragover: function( e ) {
-			if ( this.localDrag ) {
+		dropzoneDragover: function( event ) {
+			if ( this.localDrag || ! this.isDraggingFile( event ) ) {
 				return;
 			}
 
 			this.overDropzone = true;
-			this.refresh( e );
+			this.refresh( event );
 			return false;
 		},
 

wp-includes/js/mediaelement/wp-mediaelement.css

@@ -28,6 +28,10 @@
 	width: auto;
 }
 
+.media-embed-details .embed-media-settings .checkbox-setting span {
+	display: inline-block;
+}
+
 .media-embed-details .embed-media-settings {
 	padding-top: 0;
 	top: 28px;
@@ -50,8 +54,8 @@
 }
 
 .media-embed-details .embed-media-settings .checkbox-setting {
-	width: 100px;
-	clear: none;
+	float: none;
+	margin: 0 0 10px;
 }
 
 .video-details .wp-video-holder {
@@ -98,6 +102,7 @@
 }
 
 .wp-playlist-caption {
+	display: block;
 	max-width: 88%;
 	overflow: hidden;
 	text-overflow: ellipsis;
@@ -109,6 +114,8 @@
 .wp-playlist-item .wp-playlist-caption {
 	text-decoration: none;
 	color: #000;
+	max-width: -webkit-calc(100% - 40px);
+	max-width: calc(100% - 40px);
 }
 
 .wp-playlist-item-meta {
@@ -142,6 +149,11 @@
 	line-height: 1.5;
 }
 
+.rtl .wp-playlist-item-length {
+	left: 3px;
+	right: auto;
+}
+
 .wp-playlist-tracks {
 	margin-top: 10px;
 }
@@ -195,9 +207,19 @@
 	border: 0;
 }
 
+.rtl .wp-playlist .wp-playlist-current-item img {
+	float: right;
+	margin-left: 10px;
+	margin-right: 0;
+}
+
 .wp-playlist-current-item .wp-playlist-item-title,
 .wp-playlist-current-item .wp-playlist-item-artist {
 	overflow: hidden;
 	text-overflow: ellipsis;
 	white-space: nowrap;
+}
+
+.wp-audio-playlist .me-cannotplay span {
+	padding: 5px 15px;
 }

wp-includes/js/mediaelement/wp-playlist.js

@@ -7,6 +7,7 @@
 		initialize : function (options) {
 			this.index = 0;
 			this.settings = {};
+			this.compatMode = $( 'body' ).hasClass( 'wp-admin' ) && $( '#content_ifr' ).length;
 			this.data = options.metadata || $.parseJSON( this.$('script').html() );
 			this.playerNode = this.$( this.data.type );
 
@@ -26,7 +27,9 @@
 				this.renderTracks();
 			}
 
-			this.playerNode.attr( 'src', this.current.get( 'src' ) );
+			if ( this.isCompatibleSrc() ) {
+				this.playerNode.attr( 'src', this.current.get( 'src' ) );
+			}
 
 			_.bindAll( this, 'bindPlayer', 'bindResetPlayer', 'setPlayer', 'ended', 'clickTrack' );
 
@@ -38,40 +41,64 @@
 		},
 
 		bindPlayer : function (mejs) {
-			this.player = mejs;
-			this.player.addEventListener( 'ended', this.ended );
+			this.mejs = mejs;
+			this.mejs.addEventListener( 'ended', this.ended );
 		},
 
 		bindResetPlayer : function (mejs) {
 			this.bindPlayer( mejs );
-			this.playCurrentSrc();
+			if ( this.isCompatibleSrc() ) {
+				this.playCurrentSrc();
+			}
 		},
 
-		setPlayer: function () {
-			if ( this._player ) {
-				this._player.pause();
-				this._player.remove();
+		isCompatibleSrc: function () {
+			var testNode;
+
+			if ( this.compatMode ) {
+				testNode = $( '<span><source type="' + this.current.get( 'type' ) + '" /></span>' );
+
+				if ( ! wp.media.mixin.isCompatible( testNode ) ) {
+					this.playerNode.removeAttr( 'src' );
+					this.playerNode.removeAttr( 'poster' );
+					return;
+				}
+			}
+
+			return true;
+		},
+
+		setPlayer: function (force) {
+			if ( this.player ) {
+				this.player.pause();
+				this.player.remove();
 				this.playerNode = this.$( this.data.type );
-				this.playerNode.attr( 'src', this.current.get( 'src' ) );
+			}
+
+			if (force) {
+				if ( this.isCompatibleSrc() ) {
+					this.playerNode.attr( 'src', this.current.get( 'src' ) );
+				}
 				this.settings.success = this.bindResetPlayer;
 			}
+
 			/**
 			 * This is also our bridge to the outside world
 			 */
-			this._player = new MediaElementPlayer( this.playerNode.get(0), this.settings );
+			this.player = new MediaElementPlayer( this.playerNode.get(0), this.settings );
 		},
 
 		playCurrentSrc : function () {
 			this.renderCurrent();
-			this.player.setSrc( this.playerNode.attr( 'src' ) );
-			this.player.load();
-			this.player.play();
+			this.mejs.setSrc( this.playerNode.attr( 'src' ) );
+			this.mejs.load();
+			this.mejs.play();
 		},
 
 		renderCurrent : function () {
-			var dimensions;
+			var dimensions, defaultImage = 'wp-includes/images/media/video.png';
 			if ( 'video' === this.data.type ) {
-				if ( this.data.images && this.current.get( 'image' ) ) {
+				if ( this.data.images && this.current.get( 'image' ) && -1 === this.current.get( 'image' ).src.indexOf( defaultImage ) ) {
 					this.playerNode.attr( 'poster', this.current.get( 'image' ).src );
 				}
 				dimensions = this.current.get( 'dimensions' ).resized;
@@ -134,14 +161,14 @@
 		},
 
 		loadCurrent : function () {
-			var last = this.playerNode.attr( 'src' ).split('.').pop(),
+			var last = this.playerNode.attr( 'src' ) && this.playerNode.attr( 'src' ).split('.').pop(),
 				current = this.current.get( 'src' ).split('.').pop();
 
-			this.player.pause();
+			this.mejs && this.mejs.pause();
 
 			if ( last !== current ) {
-				this.setPlayer();
-			} else {
+				this.setPlayer( true );
+			} else if ( this.isCompatibleSrc() ) {
 				this.playerNode.attr( 'src', this.current.get( 'src' ) );
 				this.playCurrentSrc();
 			}

wp-includes/js/shortcode.js

@@ -37,13 +37,13 @@ window.wp = window.wp || {};
 			// If we matched a leading `[`, strip it from the match
 			// and increment the index accordingly.
 			if ( match[1] ) {
-				result.match = result.match.slice( 1 );
+				result.content = result.content.slice( 1 );
 				result.index++;
 			}
 
 			// If we matched a trailing `]`, strip it from the match.
 			if ( match[7] ) {
-				result.match = result.match.slice( 0, -1 );
+				result.content = result.content.slice( 0, -1 );
 			}
 
 			return result;

wp-includes/js/shortcode.min.js

@@ -1 +1 @@
-window.wp=window.wp||{},function(){wp.shortcode={next:function(a,b,c){var d,e,f=wp.shortcode.regexp(a);return f.lastIndex=c||0,(d=f.exec(b))?"["===d[1]&&"]"===d[7]?wp.shortcode.next(a,b,f.lastIndex):(e={index:d.index,content:d[0],shortcode:wp.shortcode.fromMatch(d)},d[1]&&(e.match=e.match.slice(1),e.index++),d[7]&&(e.match=e.match.slice(0,-1)),e):void 0},replace:function(a,b,c){return b.replace(wp.shortcode.regexp(a),function(a,b,d,e,f,g,h,i){if("["===b&&"]"===i)return a;var j=c(wp.shortcode.fromMatch(arguments));return j?b+j+i:a})},string:function(a){return new wp.shortcode(a).string()},regexp:_.memoize(function(a){return new RegExp("\\[(\\[?)("+a+")(?![\\w-])([^\\]\\/]*(?:\\/(?!\\])[^\\]\\/]*)*?)(?:(\\/)\\]|\\](?:([^\\[]*(?:\\[(?!\\/\\2\\])[^\\[]*)*)(\\[\\/\\2\\]))?)(\\]?)","g")}),attrs:_.memoize(function(a){var b,c,d={},e=[];for(b=/(\w+)\s*=\s*"([^"]*)"(?:\s|$)|(\w+)\s*=\s*\'([^\']*)\'(?:\s|$)|(\w+)\s*=\s*([^\s\'"]+)(?:\s|$)|"([^"]*)"(?:\s|$)|(\S+)(?:\s|$)/g,a=a.replace(/[\u00a0\u200b]/g," ");c=b.exec(a);)c[1]?d[c[1].toLowerCase()]=c[2]:c[3]?d[c[3].toLowerCase()]=c[4]:c[5]?d[c[5].toLowerCase()]=c[6]:c[7]?e.push(c[7]):c[8]&&e.push(c[8]);return{named:d,numeric:e}}),fromMatch:function(a){var b;return b=a[4]?"self-closing":a[6]?"closed":"single",new wp.shortcode({tag:a[2],attrs:a[3],type:b,content:a[5]})}},wp.shortcode=_.extend(function(a){_.extend(this,_.pick(a||{},"tag","attrs","type","content"));var b=this.attrs;this.attrs={named:{},numeric:[]},b&&(_.isString(b)?this.attrs=wp.shortcode.attrs(b):_.isEqual(_.keys(b),["named","numeric"])?this.attrs=b:_.each(a.attrs,function(a,b){this.set(b,a)},this))},wp.shortcode),_.extend(wp.shortcode.prototype,{get:function(a){return this.attrs[_.isNumber(a)?"numeric":"named"][a]},set:function(a,b){return this.attrs[_.isNumber(a)?"numeric":"named"][a]=b,this},string:function(){var a="["+this.tag;return _.each(this.attrs.numeric,function(b){a+=/\s/.test(b)?' "'+b+'"':" "+b}),_.each(this.attrs.named,function(b,c){a+=" "+c+'="'+b+'"'}),"single"===this.type?a+"]":"self-closing"===this.type?a+" /]":(a+="]",this.content&&(a+=this.content),a+"[/"+this.tag+"]")}})}(),function(){wp.html=_.extend(wp.html||{},{attrs:function(a){var b,c;return"/"===a[a.length-1]&&(a=a.slice(0,-1)),b=wp.shortcode.attrs(a),c=b.named,_.each(b.numeric,function(a){/\s/.test(a)||(c[a]="")}),c},string:function(a){var b="<"+a.tag,c=a.content||"";return _.each(a.attrs,function(a,c){b+=" "+c,""!==a&&(_.isBoolean(a)&&(a=a?"true":"false"),b+='="'+a+'"')}),a.single?b+" />":(b+=">",b+=_.isObject(c)?wp.html.string(c):c,b+"</"+a.tag+">")}})}();
+window.wp=window.wp||{},function(){wp.shortcode={next:function(a,b,c){var d,e,f=wp.shortcode.regexp(a);return f.lastIndex=c||0,(d=f.exec(b))?"["===d[1]&&"]"===d[7]?wp.shortcode.next(a,b,f.lastIndex):(e={index:d.index,content:d[0],shortcode:wp.shortcode.fromMatch(d)},d[1]&&(e.content=e.content.slice(1),e.index++),d[7]&&(e.content=e.content.slice(0,-1)),e):void 0},replace:function(a,b,c){return b.replace(wp.shortcode.regexp(a),function(a,b,d,e,f,g,h,i){if("["===b&&"]"===i)return a;var j=c(wp.shortcode.fromMatch(arguments));return j?b+j+i:a})},string:function(a){return new wp.shortcode(a).string()},regexp:_.memoize(function(a){return new RegExp("\\[(\\[?)("+a+")(?![\\w-])([^\\]\\/]*(?:\\/(?!\\])[^\\]\\/]*)*?)(?:(\\/)\\]|\\](?:([^\\[]*(?:\\[(?!\\/\\2\\])[^\\[]*)*)(\\[\\/\\2\\]))?)(\\]?)","g")}),attrs:_.memoize(function(a){var b,c,d={},e=[];for(b=/(\w+)\s*=\s*"([^"]*)"(?:\s|$)|(\w+)\s*=\s*\'([^\']*)\'(?:\s|$)|(\w+)\s*=\s*([^\s\'"]+)(?:\s|$)|"([^"]*)"(?:\s|$)|(\S+)(?:\s|$)/g,a=a.replace(/[\u00a0\u200b]/g," ");c=b.exec(a);)c[1]?d[c[1].toLowerCase()]=c[2]:c[3]?d[c[3].toLowerCase()]=c[4]:c[5]?d[c[5].toLowerCase()]=c[6]:c[7]?e.push(c[7]):c[8]&&e.push(c[8]);return{named:d,numeric:e}}),fromMatch:function(a){var b;return b=a[4]?"self-closing":a[6]?"closed":"single",new wp.shortcode({tag:a[2],attrs:a[3],type:b,content:a[5]})}},wp.shortcode=_.extend(function(a){_.extend(this,_.pick(a||{},"tag","attrs","type","content"));var b=this.attrs;this.attrs={named:{},numeric:[]},b&&(_.isString(b)?this.attrs=wp.shortcode.attrs(b):_.isEqual(_.keys(b),["named","numeric"])?this.attrs=b:_.each(a.attrs,function(a,b){this.set(b,a)},this))},wp.shortcode),_.extend(wp.shortcode.prototype,{get:function(a){return this.attrs[_.isNumber(a)?"numeric":"named"][a]},set:function(a,b){return this.attrs[_.isNumber(a)?"numeric":"named"][a]=b,this},string:function(){var a="["+this.tag;return _.each(this.attrs.numeric,function(b){a+=/\s/.test(b)?' "'+b+'"':" "+b}),_.each(this.attrs.named,function(b,c){a+=" "+c+'="'+b+'"'}),"single"===this.type?a+"]":"self-closing"===this.type?a+" /]":(a+="]",this.content&&(a+=this.content),a+"[/"+this.tag+"]")}})}(),function(){wp.html=_.extend(wp.html||{},{attrs:function(a){var b,c;return"/"===a[a.length-1]&&(a=a.slice(0,-1)),b=wp.shortcode.attrs(a),c=b.named,_.each(b.numeric,function(a){/\s/.test(a)||(c[a]="")}),c},string:function(a){var b="<"+a.tag,c=a.content||"";return _.each(a.attrs,function(a,c){b+=" "+c,""!==a&&(_.isBoolean(a)&&(a=a?"true":"false"),b+='="'+a+'"')}),a.single?b+" />":(b+=">",b+=_.isObject(c)?wp.html.string(c):c,b+"</"+a.tag+">")}})}();

wp-includes/js/tinymce/plugins/wordpress/plugin.js

@@ -63,7 +63,7 @@ tinymce.PluginManager.add( 'wordpress', function( editor ) {
 
 	// Hide the toolbars after loading
 	editor.on( 'PostRender', function() {
-		if ( getUserSetting('hidetb', '0') === '0' ) {
+		if ( editor.getParam( 'wordpress_adv_hidden', true ) && getUserSetting( 'hidetb', '0' ) === '0' ) {
 			toggleToolbars( 'hide' );
 		}
 	});
@@ -317,7 +317,7 @@ tinymce.PluginManager.add( 'wordpress', function( editor ) {
 			dom.bind( doc, 'dragstart dragend dragover drop', function( event ) {
 				if ( typeof window.jQuery !== 'undefined' ) {
 					// Trigger the jQuery handlers.
-					window.jQuery( document ).triggerHandler( event.type );
+					window.jQuery( document ).trigger( new window.jQuery.Event( event ) );
 				}
 			});
 		}

wp-includes/js/tinymce/plugins/wpeditimage/plugin.js

@@ -1,6 +1,7 @@
 /* global tinymce */
 tinymce.PluginManager.add( 'wpeditimage', function( editor ) {
-	var toolbarActive = false;
+	var serializer,
+		toolbarActive = false;
 
 	function parseShortcode( content ) {
 		return content.replace( /(?:<p>)?\[(?:wp_)?caption([^\]]+)\]([\s\S]+?)\[\/(?:wp_)?caption\](?:<\/p>)?/g, function( a, b, c ) {
@@ -208,6 +209,19 @@ tinymce.PluginManager.add( 'wpeditimage', function( editor ) {
 		return node && !! ( node.textContent || node.innerText );
 	}
 
+	// Verify HTML in captions
+	function verifyHTML( caption ) {
+		if ( ! caption || ( caption.indexOf( '<' ) === -1 && caption.indexOf( '>' ) === -1 ) ) {
+			return caption;
+		}
+
+		if ( ! serializer ) {
+			serializer = new tinymce.html.Serializer( {}, editor.schema );
+		}
+
+		return serializer.serialize( editor.parser.parse( caption, { forced_root_block: false } ) );
+	}
+
 	function updateImage( imageNode, imageData ) {
 		var classes, className, node, html, parent, wrap, linkNode,
 			captionNode, dd, dl, id, attrs, linkAttrs, width, height,
@@ -285,6 +299,7 @@ tinymce.PluginManager.add( 'wpeditimage', function( editor ) {
 		}
 
 		if ( imageData.caption ) {
+			imageData.caption = verifyHTML( imageData.caption );
 
 			id = imageData.attachment_id ? 'attachment_' + imageData.attachment_id : null;
 			className = 'wp-caption align' + ( imageData.align || 'none' );
@@ -320,7 +335,7 @@ tinymce.PluginManager.add( 'wpeditimage', function( editor ) {
 
 				if ( parent = dom.getParent( node, 'p' ) ) {
 					wrap = dom.create( 'div', { 'class': 'mceTemp' }, html );
-					dom.insertAfter( wrap, parent );
+					parent.parentNode.insertBefore( wrap, parent );
 					dom.remove( node );
 
 					if ( dom.isEmpty( parent ) ) {
@@ -563,6 +578,7 @@ tinymce.PluginManager.add( 'wpeditimage', function( editor ) {
 
 				// Convert remaining line breaks to <br>
 				caption = caption.replace( /(<br[^>]*>)\s*\n\s*/g, '$1' ).replace( /\s*\n\s*/g, '<br />' );
+				caption = verifyHTML( caption );
 			}
 
 			if ( ! imgNode ) {
@@ -593,7 +609,7 @@ tinymce.PluginManager.add( 'wpeditimage', function( editor ) {
 
 					if ( parent && parent.nodeName === 'P' ) {
 						wrap = dom.create( 'div', { 'class': 'mceTemp' }, html );
-						dom.insertAfter( wrap, parent );
+						parent.parentNode.insertBefore( wrap, parent );
 						editor.selection.select( wrap );
 						editor.nodeChanged();
 

wp-includes/js/tinymce/plugins/wplink/plugin.js

@@ -15,8 +15,10 @@ tinymce.PluginManager.add( 'wplink', function( editor ) {
 	editor.addShortcut( 'ctrl+k', '', 'WP_Link' );
 
 	function setState( button, node ) {
-		button.disabled( editor.selection.isCollapsed() && node.nodeName !== 'A' );
-		button.active( node.nodeName === 'A' && ! node.name );
+		var parent = editor.dom.getParent( node, 'a' );
+
+		button.disabled( ( editor.selection.isCollapsed() && ! parent ) || ( parent && ! parent.href ) );
+		button.active( parent && parent.href );
 	}
 
 	editor.addButton( 'link', {

wp-includes/js/tinymce/plugins/wplink/plugin.min.js

@@ -1 +1 @@
-tinymce.PluginManager.add("wplink",function(a){function b(b,c){b.disabled(a.selection.isCollapsed()&&"A"!==c.nodeName),b.active("A"===c.nodeName&&!c.name)}var c;a.addCommand("WP_Link",function(){c&&c.disabled()||"undefined"==typeof window.wpLink||window.wpLink.open(a.id)}),a.addShortcut("alt+shift+a","","WP_Link"),a.addShortcut("ctrl+k","","WP_Link"),a.addButton("link",{icon:"link",tooltip:"Insert/edit link",shortcut:"Alt+Shift+A",cmd:"WP_Link",onPostRender:function(){c=this,a.on("nodechange",function(a){b(c,a.element)})}}),a.addButton("unlink",{icon:"unlink",tooltip:"Remove link",cmd:"unlink",onPostRender:function(){var c=this;a.on("nodechange",function(a){b(c,a.element)})}}),a.addMenuItem("link",{icon:"link",text:"Insert link",shortcut:"Alt+Shift+A",cmd:"WP_Link",stateSelector:"a[href]",context:"insert",prependToContext:!0})});
+tinymce.PluginManager.add("wplink",function(a){function b(b,c){var d=a.dom.getParent(c,"a");b.disabled(a.selection.isCollapsed()&&!d||d&&!d.href),b.active(d&&d.href)}var c;a.addCommand("WP_Link",function(){c&&c.disabled()||"undefined"==typeof window.wpLink||window.wpLink.open(a.id)}),a.addShortcut("alt+shift+a","","WP_Link"),a.addShortcut("ctrl+k","","WP_Link"),a.addButton("link",{icon:"link",tooltip:"Insert/edit link",shortcut:"Alt+Shift+A",cmd:"WP_Link",onPostRender:function(){c=this,a.on("nodechange",function(a){b(c,a.element)})}}),a.addButton("unlink",{icon:"unlink",tooltip:"Remove link",cmd:"unlink",onPostRender:function(){var c=this;a.on("nodechange",function(a){b(c,a.element)})}}),a.addMenuItem("link",{icon:"link",text:"Insert link",shortcut:"Alt+Shift+A",cmd:"WP_Link",stateSelector:"a[href]",context:"insert",prependToContext:!0})});

wp-includes/js/tinymce/plugins/wpview/plugin.js

@@ -332,17 +332,24 @@ tinymce.PluginManager.add( 'wpview', function( editor ) {
 		tinymce.each( dom.select( 'div[data-wpview-text]', event.node ), function( node ) {
 			// Empty the wrap node
 			if ( 'textContent' in node ) {
-				node.textContent = '';
+				node.textContent = '\u00a0';
 			} else {
-				node.innerText = '';
+				node.innerText = '\u00a0';
 			}
-
-			// This makes all views into block tags (as we use <div>).
-			// Can use 'PostProcess' and a regex instead.
-			dom.replace( dom.create( 'p', null, window.decodeURIComponent( dom.getAttrib( node, 'data-wpview-text' ) ) ), node );
 		});
     });
 
+    editor.on( 'PostProcess', function( event ) {
+		if ( event.content ) {
+			event.content = event.content.replace( /<div [^>]*?data-wpview-text="([^"]*)"[^>]*>[\s\S]*?<\/div>/g, function( match, shortcode ) {
+				if ( shortcode ) {
+					return '<p>' + window.decodeURIComponent( shortcode ) + '</p>';
+				}
+				return ''; // If error, remove the view wrapper
+			});
+		}
+	});
+
 	editor.on( 'keydown', function( event ) {
 		var keyCode = event.keyCode,
 			body = editor.getBody(),

wp-includes/kses.php

@@ -1434,7 +1434,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 	$css = wp_kses_no_null($css);
 	$css = str_replace(array("\n","\r","\t"), '', $css);
 
-	if ( preg_match( '%[\\(&=}]|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments
+	if ( preg_match( '%[\\\\(&=}]|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments
 		return '';
 
 	$css_array = explode( ';', trim( $css ) );

wp-includes/media-template.php

@@ -16,7 +16,8 @@
 function wp_underscore_audio_template() {
 	$audio_types = wp_get_audio_extensions();
 ?>
-<audio controls
+<audio style="visibility: hidden"
+	controls
 	class="wp-audio-shortcode"
 	width="{{ _.isUndefined( data.model.width ) ? 400 : data.model.width }}"
 	preload="{{ _.isUndefined( data.model.preload ) ? 'none' : data.model.preload }}"
@@ -853,15 +854,14 @@ function wp_print_media_templates() {
 				</div>
 
 				<label class="setting checkbox-setting">
-					<span><?php _e( 'Autoplay' ); ?></span>
 					<input type="checkbox" data-setting="autoplay" />
+					<span><?php _e( 'Autoplay' ); ?></span>
 				</label>
 
 				<label class="setting checkbox-setting">
-					<span><?php _e( 'Loop' ); ?></span>
 					<input type="checkbox" data-setting="loop" />
+					<span><?php _e( 'Loop' ); ?></span>
 				</label>
-				<div class="clear"></div>
 			</div>
 		</div>
 	</script>
@@ -944,15 +944,14 @@ function wp_print_media_templates() {
 				</div>
 
 				<label class="setting checkbox-setting">
-					<span><?php _e( 'Autoplay' ); ?></span>
 					<input type="checkbox" data-setting="autoplay" />
+					<span><?php _e( 'Autoplay' ); ?></span>
 				</label>
 
 				<label class="setting checkbox-setting">
-					<span><?php _e( 'Loop' ); ?></span>
 					<input type="checkbox" data-setting="loop" />
+					<span><?php _e( 'Loop' ); ?></span>
 				</label>
-				<div class="clear"></div>
 
 				<label class="setting" data-setting="content">
 					<span><?php _e( 'Tracks (subtitles, captions, descriptions, chapters, or metadata)' ); ?></span>

wp-includes/media.php

@@ -1215,6 +1215,10 @@ function wp_playlist_shortcode( $attr ) {
 		$orderby = 'none';
 	}
 
+	if ( $atts['type'] !== 'audio' ) {
+		$atts['type'] = 'video';
+	}
+
 	$args = array(
 		'post_status' => 'inherit',
 		'post_type' => 'attachment',
@@ -1353,6 +1357,8 @@ function wp_playlist_shortcode( $attr ) {
 		echo (int) $theme_width;
 	?>"<?php if ( 'video' === $safe_type ):
 		echo ' height="', (int) $theme_height, '"';
+	else:
+		echo ' style="visibility: hidden"';
 	endif; ?>></<?php echo $safe_type ?>>
 	<div class="wp-playlist-next"></div>
 	<div class="wp-playlist-prev"></div>
@@ -1555,7 +1561,7 @@ function wp_audio_shortcode( $attr, $content = '' ) {
 		'loop'     => $loop,
 		'autoplay' => $autoplay,
 		'preload'  => $preload,
-		'style'    => 'width: 100%',
+		'style'    => 'width: 100%; visibility: hidden;',
 	);
 
 	// These ones should just be omitted altogether if they are blank
@@ -2654,7 +2660,7 @@ function wp_enqueue_media( $args = array() ) {
 	if ( did_action( 'wp_enqueue_media' ) )
 		return;
 
-	global $content_width;
+	global $content_width, $wpdb;
 
 	$defaults = array(
 		'post' => null,
@@ -2693,15 +2699,20 @@ function wp_enqueue_media( $args = array() ) {
 		}
 	}
 
-	$audio = $video = 0;
-	$counts = (array) wp_count_attachments();
-	foreach ( $counts as $mime => $total ) {
-		if ( 0 === strpos( $mime, 'audio/' ) ) {
-			$audio += (int) $total;
-		} elseif ( 0 === strpos( $mime, 'video/' ) ) {
-			$video += (int) $total;
-		}
-	}
+	$has_audio = $wpdb->get_var( "
+		SELECT ID
+		FROM $wpdb->posts
+		WHERE post_type = 'attachment'
+		AND post_mime_type LIKE 'audio%'
+		LIMIT 1
+	" );
+	$has_video = $wpdb->get_var( "
+		SELECT ID
+		FROM $wpdb->posts
+		WHERE post_type = 'attachment'
+		AND post_mime_type LIKE 'video%'
+		LIMIT 1
+	" );
 
 	$settings = array(
 		'tabs'      => $tabs,
@@ -2717,8 +2728,8 @@ function wp_enqueue_media( $args = array() ) {
 		),
 		'defaultProps' => $props,
 		'attachmentCounts' => array(
-			'audio' => $audio,
-			'video' => $video
+			'audio' => (int) $has_audio,
+			'video' => (int) $has_video,
 		),
 		'embedExts'    => $exts,
 		'embedMimes'   => $ext_mimes,
@@ -2829,7 +2840,7 @@ function wp_enqueue_media( $args = array() ) {
 		'videoReplaceTitle'     => __( 'Replace Video' ),
 		'videoAddSourceTitle'   => __( 'Add Video Source' ),
 		'videoDetailsCancel'    => __( 'Cancel Edit' ),
-		'videoSelectPosterImageTitle' => _( 'Select Poster Image' ),
+		'videoSelectPosterImageTitle' => __( 'Select Poster Image' ),
 		'videoAddTrackTitle'	=> __( 'Add Subtitles' ),
 
  		// Playlist

wp-includes/ms-load.php

@@ -348,13 +348,30 @@ function get_site_by_path( $domain, $path, $segments = null ) {
 	 * then cache whether we can just always ignore paths.
 	 */
 
+	// Either www or non-www is supported, not both. If a www domain is requested,
+	// query for both to provide the proper redirect.
+	$domains = array( $domain );
+	if ( 'www.' === substr( $domain, 0, 4 ) ) {
+		$domains[] = substr( $domain, 4 );
+		$search_domains = "'" . implode( "', '", $wpdb->_escape( $domains ) ) . "'";
+	}
+
 	if ( count( $paths ) > 1 ) {
-		$paths = "'" . implode( "', '", $wpdb->_escape( $paths ) ) . "'";
-		$sql = $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE domain = %s", $domain );
-		$sql .= " AND path IN ($paths) ORDER BY CHAR_LENGTH(path) DESC LIMIT 1";
+		$search_paths = "'" . implode( "', '", $wpdb->_escape( $paths ) ) . "'";
+	}
+
+	if ( count( $domains ) > 1 && count( $paths ) > 1 ) {
+		$site = $wpdb->get_row( "SELECT * FROM $wpdb->blogs WHERE domain IN ($search_domains) AND path IN ($search_paths) ORDER BY CHAR_LENGTH(domain) DESC, CHAR_LENGTH(path) DESC LIMIT 1" );
+	} elseif ( count( $domains ) > 1 ) {
+		$sql = $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE path = %s", $paths[0] );
+		$sql .= " AND domain IN ($search_domains) ORDER BY CHAR_LENGTH(domain) DESC LIMIT 1";
+		$site = $wpdb->get_row( $sql );
+	} elseif ( count( $paths ) > 1 ) {
+		$sql = $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE domain = %s", $domains[0] );
+		$sql .= " AND path IN ($search_paths) ORDER BY CHAR_LENGTH(path) DESC LIMIT 1";
 		$site = $wpdb->get_row( $sql );
 	} else {
-		$site = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE domain = %s and path = %s", $domain, $paths[0] ) );
+		$site = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE domain = %s AND path = %s", $domains[0], $paths[0] ) );
 	}
 
 	if ( $site ) {

wp-includes/ms-settings.php

@@ -35,7 +35,7 @@ if ( !isset( $current_site ) || !isset( $current_blog ) ) {
 		$_SERVER['HTTP_HOST'] = substr( $_SERVER['HTTP_HOST'], 0, -4 );
 	}
 
-	$path = strtolower( stripslashes( $_SERVER['REQUEST_URI'] ) );
+	$path = stripslashes( $_SERVER['REQUEST_URI'] );
 	if ( is_admin() ) {
 		$path = preg_replace( '#(.*)/wp-admin/.*#', '$1/', $path );
 	}
@@ -53,9 +53,9 @@ if ( !isset( $current_site ) || !isset( $current_blog ) ) {
 			$current_site->blog_id = BLOGID_CURRENT_SITE;
 		}
 
-		if ( $current_site->domain === $domain && $current_site->path === $path ) {
+		if ( 0 === strcasecmp( $current_site->domain, $domain ) && 0 === strcasecmp( $current_site->path, $path ) ) {
 			$current_blog = get_site_by_path( $domain, $path );
-		} elseif ( '/' !== $current_site->path && $current_site->domain === $domain && 0 === strpos( $path, $current_site->path ) ) {
+		} elseif ( '/' !== $current_site->path && 0 === strcasecmp( $current_site->domain, $domain ) && 0 === stripos( $path, $current_site->path ) ) {
 			// If the current network has a path and also matches the domain and path of the request,
 			// we need to look for a site using the first path segment following the network's path.
 			$current_blog = get_site_by_path( $domain, $path, 1 + count( explode( '/', trim( $current_site->path, '/' ) ) ) );

wp-includes/pluggable.php

@@ -647,7 +647,7 @@ function wp_validate_auth_cookie($cookie = '', $scheme = '') {
 	$key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
 	$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
 
-	if ( hash_hmac( 'md5', $hmac, $key ) !== hash_hmac( 'md5', $hash, $key ) ) {
+	if ( ! hash_equals( $hash, $hmac ) ) {
 		/**
 		 * Fires if a bad authentication cookie hash is encountered.
 		 *
@@ -1658,11 +1658,17 @@ function wp_verify_nonce($nonce, $action = -1) {
 	$i = wp_nonce_tick();
 
 	// Nonce generated 0-12 hours ago
-	if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) === $nonce )
+	$expected = substr( wp_hash( $i . '|' . $action . '|' . $uid, 'nonce'), -12, 10 );
+	if ( hash_equals( $expected, $nonce ) ) {
 		return 1;
+	}
+
 	// Nonce generated 12-24 hours ago
-	if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) === $nonce )
+	$expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid, 'nonce' ), -12, 10 );
+	if ( hash_equals( $expected, $nonce ) ) {
 		return 2;
+	}
+
 	// Invalid nonce
 	return false;
 }
@@ -1687,7 +1693,7 @@ function wp_create_nonce($action = -1) {
 
 	$i = wp_nonce_tick();
 
-	return substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10);
+	return substr(wp_hash($i . '|' . $action . '|' . $uid, 'nonce'), -12, 10);
 }
 endif;
 
@@ -1863,7 +1869,7 @@ function wp_check_password($password, $hash, $user_id = '') {
 
 	// If the hash is still md5...
 	if ( strlen($hash) <= 32 ) {
-		$check = ( $hash == md5($password) );
+		$check = hash_equals( $hash, md5( $password ) );
 		if ( $check && $user_id ) {
 			// Rehash using new hash.
 			wp_set_password($password, $user_id);
@@ -2107,7 +2113,8 @@ function get_avatar( $id_or_email, $size = '96', $default = '', $alt = false ) {
 		$out = str_replace( '&#038;', '&amp;', esc_url( $out ) );
 		$avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo' height='{$size}' width='{$size}' />";
 	} else {
-		$avatar = "<img alt='{$safe_alt}' src='{$default}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
+		$out = esc_url( $default );
+		$avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
 	}
 
 	/**
@@ -2200,3 +2207,35 @@ function wp_text_diff( $left_string, $right_string, $args = null ) {
 }
 endif;
 
+if ( ! function_exists( 'hash_equals' ) ) :
+/**
+ * Compare two strings in constant time.
+ *
+ * This function is NOT pluggable. It is in this file (in addition to
+ * compat.php) to prevent errors if, during an update, pluggable.php
+ * copies over but compat.php does not.
+ *
+ * This function was added in PHP 5.6.
+ * It can leak the length of a string.
+ *
+ * @since 3.9.2
+ *
+ * @param string $a Expected string.
+ * @param string $b Actual string.
+ * @return bool Whether strings are equal.
+ */
+function hash_equals( $a, $b ) {
+	$a_length = strlen( $a );
+	if ( $a_length !== strlen( $b ) ) {
+		return false;
+	}
+	$result = 0;
+
+	// Do not attempt to "optimize" this.
+	for ( $i = 0; $i < $a_length; $i++ ) {
+		$result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
+	}
+
+	return $result === 0;
+}
+endif;

wp-includes/script-loader.php

@@ -635,7 +635,7 @@ function wp_default_styles( &$styles ) {
 	$styles->add( 'wp-jquery-ui-dialog', "/wp-includes/css/jquery-ui-dialog$suffix.css", array( 'dashicons' ) );
 	$styles->add( 'mediaelement',        "/wp-includes/js/mediaelement/mediaelementplayer.min.css", array(), '2.13.0' );
 	$styles->add( 'wp-mediaelement',     "/wp-includes/js/mediaelement/wp-mediaelement.css", array( 'mediaelement' ) );
-	$styles->add( 'thickbox',            '/wp-includes/js/thickbox/thickbox.css', array( 'dashicons' ), '20131201' );
+	$styles->add( 'thickbox',            '/wp-includes/js/thickbox/thickbox.css', array( 'dashicons' ) );
 
 	// Deprecated CSS
 	$styles->add( 'media',      "/wp-admin/css/deprecated-media$suffix.css" );

wp-includes/user.php

@@ -1716,6 +1716,9 @@ function wp_insert_user( $userdata ) {
 	$data = wp_unslash( $data );
 
 	if ( $update ) {
+		if ( $user_email !== $old_user_data->user_email ) {
+			$data['user_activation_key'] = '';
+		}
 		$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
 		$user_id = (int) $ID;
 	} else {

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '3.9';
+$wp_version = '3.9.4';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
@@ -18,7 +18,7 @@ $wp_db_version = 27916;
  *
  * @global string $tinymce_version
  */
-$tinymce_version = '4021-20140412';
+$tinymce_version = '4021-20140423';
 
 /**
  * Holds the required PHP version

wp-includes/widgets.php

@@ -1421,7 +1421,7 @@ function retrieve_widgets( $theme_changed = false ) {
 		// time() that sidebars were stored is in $old_sidebars_widgets['time']
 		$_sidebars_widgets = $old_sidebars_widgets['data'];
 
-		if ( 'customize' === $theme_changed ) {
+		if ( 'customize' !== $theme_changed ) {
 			remove_theme_mod( 'sidebars_widgets' );
 		}
 
@@ -1506,7 +1506,7 @@ function retrieve_widgets( $theme_changed = false ) {
 	}
 
 	$sidebars_widgets['wp_inactive_widgets'] = array_merge($lost_widgets, (array) $sidebars_widgets['wp_inactive_widgets']);
-	if ( 'customize' === $theme_changed ) {
+	if ( 'customize' !== $theme_changed ) {
 		wp_set_sidebars_widgets( $sidebars_widgets );
 	}
 

wp-includes/wp-db.php

@@ -140,6 +140,43 @@ class wpdb {
 	 */
 	protected $result;
 
+	/**
+	 * Cached column info, for sanity checking data before inserting
+	 *
+	 * @since 4.2.0
+	 * @access protected
+	 * @var array
+	 */
+	protected $col_meta = array();
+
+	/**
+	 * Calculated character sets on tables
+	 *
+	 * @since 4.2.0
+	 * @access protected
+	 * @var array
+	 */
+	protected $table_charset = array();
+
+	/**
+	 * Whether text fields in the current query need to be sanity checked.
+	 *
+	 * @since 4.2.0
+	 * @access protected
+	 * @var bool
+	 */
+	protected $check_current_query = true;
+
+	/**
+	 * Flag to ensure we don't run into recursion problems when checking the collation.
+	 *
+	 * @since 4.2.0
+	 * @access private
+	 * @see wpdb::check_safe_collation()
+	 * @var boolean
+	 */
+	private $checking_collation = false;
+
 	/**
 	 * Saved info on the table column
 	 *
@@ -639,6 +676,14 @@ class wpdb {
 	 * @param mixed  $value The value to set
 	 */
 	function __set( $name, $value ) {
+		$protected_members = array(
+			'col_meta',
+			'table_charset',
+			'check_current_query',
+		);
+		if (  in_array( $name, $protected_members, true ) ) {
+			return;
+		}
 		$this->$name = $value;
 	}
 
@@ -708,7 +753,7 @@ class wpdb {
 					$query = $this->prepare( 'SET NAMES %s', $charset );
 					if ( ! empty( $collate ) )
 						$query .= $this->prepare( ' COLLATE %s', $collate );
-					mysqli_query( $query, $dbh );
+					mysqli_query( $dbh, $query );
 				}
 			} else {
 				if ( function_exists( 'mysql_set_charset' ) && $this->has_cap( 'set_charset' ) ) {
@@ -1496,8 +1541,10 @@ class wpdb {
 	 * @return int|false Number of rows affected/selected or false on error
 	 */
 	function query( $query ) {
-		if ( ! $this->ready )
+		if ( ! $this->ready ) {
+			$this->check_current_query = true;
 			return false;
+		}
 
 		/**
 		 * Filter the database query.
@@ -1517,6 +1564,20 @@ class wpdb {
 		// Log how the function was called
 		$this->func_call = "\$db->query(\"$query\")";
 
+		// If we're writing to the database, make sure the query will write safely.
+		if ( $this->check_current_query && ! $this->check_ascii( $query ) ) {
+			$stripped_query = $this->strip_invalid_text_from_query( $query );
+			// strip_invalid_text_from_query() can perform queries, so we need
+			// to flush again, just to make sure everything is clear.
+			$this->flush();
+			if ( $stripped_query !== $query ) {
+				$this->insert_id = 0;
+				return false;
+			}
+		}
+
+		$this->check_current_query = true;
+
 		// Keep track of the last query for debug..
 		$this->last_query = $query;
 
@@ -1690,23 +1751,29 @@ class wpdb {
 	 * @return int|false The number of rows affected, or false on error.
 	 */
 	function _insert_replace_helper( $table, $data, $format = null, $type = 'INSERT' ) {
-		if ( ! in_array( strtoupper( $type ), array( 'REPLACE', 'INSERT' ) ) )
+		if ( ! in_array( strtoupper( $type ), array( 'REPLACE', 'INSERT' ) ) ) {
 			return false;
-		$this->insert_id = 0;
-		$formats = $format = (array) $format;
-		$fields = array_keys( $data );
-		$formatted_fields = array();
-		foreach ( $fields as $field ) {
-			if ( !empty( $format ) )
-				$form = ( $form = array_shift( $formats ) ) ? $form : $format[0];
-			elseif ( isset( $this->field_types[$field] ) )
-				$form = $this->field_types[$field];
-			else
-				$form = '%s';
-			$formatted_fields[] = $form;
 		}
-		$sql = "{$type} INTO `$table` (`" . implode( '`,`', $fields ) . "`) VALUES (" . implode( ",", $formatted_fields ) . ")";
-		return $this->query( $this->prepare( $sql, $data ) );
+
+		$data = $this->process_fields( $table, $data, $format );
+		if ( false === $data ) {
+			return false;
+		}
+
+		$formats = $values = array();
+		foreach ( $data as $value ) {
+			$formats[] = $value['format'];
+			$values[]  = $value['value'];
+		}
+
+		$fields  = '`' . implode( '`, `', array_keys( $data ) ) . '`';
+		$formats = implode( ', ', $formats );
+
+		$sql = "$type INTO `$table` ($fields) VALUES ($formats)";
+
+		$this->insert_id = 0;
+		$this->check_current_query = false;
+		return $this->query( $this->prepare( $sql, $values ) );
 	}
 
 	/**
@@ -1731,34 +1798,36 @@ class wpdb {
 	 * @return int|false The number of rows updated, or false on error.
 	 */
 	function update( $table, $data, $where, $format = null, $where_format = null ) {
-		if ( ! is_array( $data ) || ! is_array( $where ) )
+		if ( ! is_array( $data ) || ! is_array( $where ) ) {
 			return false;
-
-		$formats = $format = (array) $format;
-		$bits = $wheres = array();
-		foreach ( (array) array_keys( $data ) as $field ) {
-			if ( !empty( $format ) )
-				$form = ( $form = array_shift( $formats ) ) ? $form : $format[0];
-			elseif ( isset($this->field_types[$field]) )
-				$form = $this->field_types[$field];
-			else
-				$form = '%s';
-			$bits[] = "`$field` = {$form}";
 		}
 
-		$where_formats = $where_format = (array) $where_format;
-		foreach ( (array) array_keys( $where ) as $field ) {
-			if ( !empty( $where_format ) )
-				$form = ( $form = array_shift( $where_formats ) ) ? $form : $where_format[0];
-			elseif ( isset( $this->field_types[$field] ) )
-				$form = $this->field_types[$field];
-			else
-				$form = '%s';
-			$wheres[] = "`$field` = {$form}";
+		$data = $this->process_fields( $table, $data, $format );
+		if ( false === $data ) {
+			return false;
+		}
+		$where = $this->process_fields( $table, $where, $where_format );
+		if ( false === $where ) {
+			return false;
 		}
 
-		$sql = "UPDATE `$table` SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres );
-		return $this->query( $this->prepare( $sql, array_merge( array_values( $data ), array_values( $where ) ) ) );
+		$fields = $conditions = $values = array();
+		foreach ( $data as $field => $value ) {
+			$fields[] = "`$field` = " . $value['format'];
+			$values[] = $value['value'];
+		}
+		foreach ( $where as $field => $value ) {
+			$conditions[] = "`$field` = " . $value['format'];
+			$values[] = $value['value'];
+		}
+
+		$fields = implode( ', ', $fields );
+		$conditions = implode( ' AND ', $conditions );
+
+		$sql = "UPDATE `$table` SET $fields WHERE $conditions";
+
+		$this->check_current_query = false;
+		return $this->query( $this->prepare( $sql, $values ) );
 	}
 
 	/**
@@ -1780,30 +1849,135 @@ class wpdb {
 	 * @return int|false The number of rows updated, or false on error.
 	 */
 	function delete( $table, $where, $where_format = null ) {
-		if ( ! is_array( $where ) )
+		if ( ! is_array( $where ) ) {
 			return false;
-
-		$bits = $wheres = array();
-
-		$where_formats = $where_format = (array) $where_format;
-
-		foreach ( array_keys( $where ) as $field ) {
-			if ( !empty( $where_format ) ) {
-				$form = ( $form = array_shift( $where_formats ) ) ? $form : $where_format[0];
-			} elseif ( isset( $this->field_types[ $field ] ) ) {
-				$form = $this->field_types[ $field ];
-			} else {
-				$form = '%s';
-			}
-
-			$wheres[] = "$field = $form";
 		}
 
-		$sql = "DELETE FROM $table WHERE " . implode( ' AND ', $wheres );
-		return $this->query( $this->prepare( $sql, $where ) );
+		$where = $this->process_fields( $table, $where, $where_format );
+		if ( false === $where ) {
+			return false;
+		}
+
+		$conditions = $values = array();
+		foreach ( $where as $field => $value ) {
+			$conditions[] = "`$field` = " . $value['format'];
+			$values[] = $value['value'];
+		}
+
+		$conditions = implode( ' AND ', $conditions );
+
+		$sql = "DELETE FROM `$table` WHERE $conditions";
+
+		$this->check_current_query = false;
+		return $this->query( $this->prepare( $sql, $values ) );
 	}
 
 
+	/**
+	 * Processes arrays of field/value pairs and field formats.
+	 *
+	 * This is a helper method for wpdb's CRUD methods, which take field/value
+	 * pairs for inserts, updates, and where clauses. This method first pairs
+	 * each value with a format. Then it determines the charset of that field,
+	 * using that to determine if any invalid text would be stripped. If text is
+	 * stripped, then field processing is rejected and the query fails.
+	 *
+	 * @since 4.2.0
+	 * @access protected
+	 *
+	 * @param string $table  Table name.
+	 * @param array  $data   Field/value pair.
+	 * @param mixed  $format Format for each field.
+	 * @return array|bool Returns an array of fields that contain paired values
+	 *                    and formats. Returns false for invalid values.
+	 */
+	protected function process_fields( $table, $data, $format ) {
+		$data = $this->process_field_formats( $data, $format );
+		$data = $this->process_field_charsets( $data, $table );
+		if ( false === $data ) {
+			return false;
+		}
+
+		$converted_data = $this->strip_invalid_text( $data );
+
+		if ( $data !== $converted_data ) {
+			return false;
+		}
+
+		return $data;
+	}
+
+	/**
+	 * Prepares arrays of value/format pairs as passed to wpdb CRUD methods.
+	 *
+	 * @since 4.2.0
+	 * @access protected
+	 *
+	 * @param array $data   Array of fields to values.
+	 * @param mixed $format Formats to be mapped to the values in $data.
+	 * @return array Array, keyed by field names with values being an array
+	 *               of 'value' and 'format' keys.
+	 */
+	protected function process_field_formats( $data, $format ) {
+		$formats = $original_formats = (array) $format;
+
+		foreach ( $data as $field => $value ) {
+			$value = array(
+				'value'  => $value,
+				'format' => '%s',
+			);
+
+			if ( ! empty( $format ) ) {
+				$value['format'] = array_shift( $formats );
+				if ( ! $value['format'] ) {
+					$value['format'] = reset( $original_formats );
+				}
+			} elseif ( isset( $this->field_types[ $field ] ) ) {
+				$value['format'] = $this->field_types[ $field ];
+			}
+
+			$data[ $field ] = $value;
+		}
+
+		return $data;
+	}
+
+	/**
+	 * Adds field charsets to field/value/format arrays generated by
+	 * the {@see wpdb::process_field_formats()} method.
+	 *
+	 * @since 4.2.0
+	 * @access protected
+	 *
+	 * @param array  $data  As it comes from the {@see wpdb::process_field_formats()} method.
+	 * @param string $table Table name.
+	 * @return The same array as $data with additional 'charset' keys.
+	 */
+	protected function process_field_charsets( $data, $table ) {
+		foreach ( $data as $field => $value ) {
+			if ( '%d' === $value['format'] || '%f' === $value['format'] ) {
+				// We can skip this field if we know it isn't a string.
+				// This checks %d/%f versus ! %s because it's sprintf() could take more.
+				$value['charset'] = false;
+			} elseif ( $this->check_ascii( $value['value'] ) ) {
+				// If it's ASCII, then we don't need the charset. We can skip this field.
+				$value['charset'] = false;
+			} else {
+				$value['charset'] = $this->get_col_charset( $table, $field );
+				if ( is_wp_error( $value['charset'] ) ) {
+					return false;
+				}
+
+				// This isn't ASCII. Don't have strip_invalid_text() re-check.
+				$value['ascii'] = false;
+			}
+
+			$data[ $field ] = $value;
+		}
+
+		return $data;
+	}
+
 	/**
 	 * Retrieve one variable from the database.
 	 *
@@ -1819,6 +1993,10 @@ class wpdb {
 	 * @return string|null Database query result (as string), or null on failure
 	 */
 	function get_var( $query = null, $x = 0, $y = 0 ) {
+		if ( $this->check_safe_collation( $query ) ) {
+			$this->check_current_query = false;
+		}
+
 		$this->func_call = "\$db->get_var(\"$query\", $x, $y)";
 		if ( $query )
 			$this->query( $query );
@@ -1847,6 +2025,11 @@ class wpdb {
 	 */
 	function get_row( $query = null, $output = OBJECT, $y = 0 ) {
 		$this->func_call = "\$db->get_row(\"$query\",$output,$y)";
+
+		if ( $this->check_safe_collation( $query ) ) {
+			$this->check_current_query = false;
+		}
+
 		if ( $query )
 			$this->query( $query );
 		else
@@ -1883,6 +2066,10 @@ class wpdb {
 	 * @return array Database query result. Array indexed from 0 by SQL result row number.
 	 */
 	function get_col( $query = null , $x = 0 ) {
+		if ( $this->check_safe_collation( $query ) ) {
+			$this->check_current_query = false;
+		}
+
 		if ( $query )
 			$this->query( $query );
 
@@ -1910,6 +2097,10 @@ class wpdb {
 	function get_results( $query = null, $output = OBJECT ) {
 		$this->func_call = "\$db->get_results(\"$query\", $output)";
 
+		if ( $this->check_safe_collation( $query ) ) {
+			$this->check_current_query = false;
+		}
+
 		if ( $query )
 			$this->query( $query );
 		else
@@ -1950,6 +2141,527 @@ class wpdb {
 		return null;
 	}
 
+
+	/**
+	 * Retrieves the character set for the given table.
+	 *
+	 * @since 4.2.0
+	 * @access protected
+	 *
+	 * @param string $table Table name.
+	 * @return string|WP_Error Table character set, {@see WP_Error} object if it couldn't be found.
+	 */
+	protected function get_table_charset( $table ) {
+		$tablekey = strtolower( $table );
+
+		/**
+		 * Filter the table charset value before the DB is checked.
+		 *
+		 * Passing a non-null value to the filter will effectively short-circuit
+		 * checking the DB for the charset, returning that value instead.
+		 *
+		 * @since 4.2.0
+		 *
+		 * @param string $charset The character set to use. Default null.
+		 * @param string $table   The name of the table being checked.
+		 */
+		$charset = apply_filters( 'pre_get_table_charset', null, $table );
+		if ( null !== $charset ) {
+			return $charset;
+		}
+
+		if ( isset( $this->table_charset[ $tablekey ] ) ) {
+			return $this->table_charset[ $tablekey ];
+		}
+
+		$charsets = $columns = array();
+		$results = $this->get_results( "SHOW FULL COLUMNS FROM `$table`" );
+		if ( ! $results ) {
+			return new WP_Error( 'wpdb_get_table_charset_failure' );
+		}
+
+		foreach ( $results as $column ) {
+			$columns[ strtolower( $column->Field ) ] = $column;
+		}
+
+		$this->col_meta[ $tablekey ] = $columns;
+
+		foreach ( $columns as $column ) {
+			if ( ! empty( $column->Collation ) ) {
+				list( $charset ) = explode( '_', $column->Collation );
+				$charsets[ strtolower( $charset ) ] = true;
+			}
+
+			list( $type ) = explode( '(', $column->Type );
+
+			// A binary/blob means the whole query gets treated like this.
+			if ( in_array( strtoupper( $type ), array( 'BINARY', 'VARBINARY', 'TINYBLOB', 'MEDIUMBLOB', 'BLOB', 'LONGBLOB' ) ) ) {
+				$this->table_charset[ $tablekey ] = 'binary';
+				return 'binary';
+			}
+		}
+
+		// utf8mb3 is an alias for utf8.
+		if ( isset( $charsets['utf8mb3'] ) ) {
+			$charsets['utf8'] = true;
+			unset( $charsets['utf8mb3'] );
+		}
+
+		// Check if we have more than one charset in play.
+		$count = count( $charsets );
+		if ( 1 === $count ) {
+			$charset = key( $charsets );
+		} elseif ( 0 === $count ) {
+			// No charsets, assume this table can store whatever.
+			$charset = false;
+		} else {
+			// More than one charset. Remove latin1 if present and recalculate.
+			unset( $charsets['latin1'] );
+			$count = count( $charsets );
+			if ( 1 === $count ) {
+				// Only one charset (besides latin1).
+				$charset = key( $charsets );
+			} elseif ( 2 === $count && isset( $charsets['utf8'], $charsets['utf8mb4'] ) ) {
+				// Two charsets, but they're utf8 and utf8mb4, use utf8.
+				$charset = 'utf8';
+			} else {
+				// Two mixed character sets. ascii.
+				$charset = 'ascii';
+			}
+		}
+
+		$this->table_charset[ $tablekey ] = $charset;
+		return $charset;
+	}
+
+	/**
+	 * Retrieves the character set for the given column.
+	 *
+	 * @since 4.2.0
+	 * @access public
+	 *
+	 * @param string $table  Table name.
+	 * @param string $column Column name.
+	 * @return mixed Column character set as a string. False if the column has no
+	 *               character set. {@see WP_Error} object if there was an error.
+	 */
+	public function get_col_charset( $table, $column ) {
+		$tablekey = strtolower( $table );
+		$columnkey = strtolower( $column );
+
+		/**
+		 * Filter the column charset value before the DB is checked.
+		 *
+		 * Passing a non-null value to the filter will short-circuit
+		 * checking the DB for the charset, returning that value instead.
+		 *
+		 * @since 4.2.0
+		 *
+		 * @param string $charset The character set to use. Default null.
+		 * @param string $table   The name of the table being checked.
+		 * @param string $column  The name of the column being checked.
+		 */
+		$charset = apply_filters( 'pre_get_col_charset', null, $table, $column );
+		if ( null !== $charset ) {
+			return $charset;
+		}
+
+		// Skip this entirely if this isn't a MySQL database.
+		if ( false === $this->is_mysql ) {
+			return false;
+		}
+
+		if ( empty( $this->table_charset[ $tablekey ] ) ) {
+			// This primes column information for us.
+			$table_charset = $this->get_table_charset( $table );
+			if ( is_wp_error( $table_charset ) ) {
+				return $table_charset;
+			}
+		}
+
+		// If still no column information, return the table charset.
+		if ( empty( $this->col_meta[ $tablekey ] ) ) {
+			return $this->table_charset[ $tablekey ];
+		}
+
+		// If this column doesn't exist, return the table charset.
+		if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) {
+			return $this->table_charset[ $tablekey ];
+		}
+
+		// Return false when it's not a string column.
+		if ( empty( $this->col_meta[ $tablekey ][ $columnkey ]->Collation ) ) {
+			return false;
+		}
+
+		list( $charset ) = explode( '_', $this->col_meta[ $tablekey ][ $columnkey ]->Collation );
+		return $charset;
+	}
+
+	/**
+	 * Check if a string is ASCII.
+	 *
+	 * The negative regex is faster for non-ASCII strings, as it allows
+	 * the search to finish as soon as it encounters a non-ASCII character.
+	 *
+	 * @since 4.2.0
+	 * @access protected
+	 *
+	 * @param string $string String to check.
+	 * @return bool True if ASCII, false if not.
+	 */
+	protected function check_ascii( $string ) {
+		if ( function_exists( 'mb_check_encoding' ) ) {
+			if ( mb_check_encoding( $string, 'ASCII' ) ) {
+				return true;
+			}
+		} elseif ( ! preg_match( '/[^\x00-\x7F]/', $string ) ) {
+			return true;
+		}
+
+		return false;
+	}
+
+	/**
+	 * Check if the query is accessing a collation considered safe on the current version of MySQL.
+	 *
+	 * @since 4.2.0
+	 * @access protected
+	 *
+	 * @param string $query The query to check.
+	 * @return bool True if the collation is safe, false if it isn't.
+	 */
+	protected function check_safe_collation( $query ) {
+		if ( $this->checking_collation ) {
+			return true;
+		}
+
+		// We don't need to check the collation for queries that don't read data.
+		$query = ltrim( $query, "\r\n\t (" );
+		if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN)\s/i', $query ) ) {
+			return true;
+		}
+
+		// All-ASCII queries don't need extra checking.
+		if ( $this->check_ascii( $query ) ) {
+			return true;
+		}
+
+		$table = $this->get_table_from_query( $query );
+		if ( ! $table ) {
+			return false;
+		}
+
+		$this->checking_collation = true;
+		$collation = $this->get_table_charset( $table );
+		$this->checking_collation = false;
+
+		// Tables with no collation, or latin1 only, don't need extra checking.
+		if ( false === $collation || 'latin1' === $collation ) {
+			return true;
+		}
+
+		$table = strtolower( $table );
+		if ( empty( $this->col_meta[ $table ] ) ) {
+			return false;
+		}
+
+		// If any of the columns don't have one of these collations, it needs more sanity checking.
+		foreach( $this->col_meta[ $table ] as $col ) {
+			if ( empty( $col->Collation ) ) {
+				continue;
+			}
+
+			if ( ! in_array( $col->Collation, array( 'utf8_general_ci', 'utf8_bin', 'utf8mb4_general_ci', 'utf8mb4_bin' ), true ) ) {
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+	/**
+	 * Strips any invalid characters based on value/charset pairs.
+	 *
+	 * @since 4.2.0
+	 * @access protected
+	 *
+	 * @param array $data Array of value arrays. Each value array has the keys
+	 *                    'value' and 'charset'. An optional 'ascii' key can be
+	 *                    set to false to avoid redundant ASCII checks.
+	 * @return array|WP_Error The $data parameter, with invalid characters removed from
+	 *                        each value. This works as a passthrough: any additional keys
+	 *                        such as 'field' are retained in each value array. If we cannot
+	 *                        remove invalid characters, a {@see WP_Error} object is returned.
+	 */
+		// If any of the columns don't have one of these collations, it needs more sanity checking.
+	protected function strip_invalid_text( $data ) {
+		// Some multibyte character sets that we can check in PHP.
+		$mb_charsets = array(
+			'ascii'   => 'ASCII',
+			'big5'    => 'BIG-5',
+			'eucjpms' => 'eucJP-win',
+			'gb2312'  => 'EUC-CN',
+			'ujis'    => 'EUC-JP',
+			'utf32'   => 'UTF-32',
+		);
+
+		$supported_charsets = array();
+		if ( function_exists( 'mb_list_encodings' ) ) {
+			$supported_charsets = mb_list_encodings();
+		}
+
+		$db_check_string = false;
+
+		foreach ( $data as &$value ) {
+			$charset = $value['charset'];
+
+			// Column isn't a string, or is latin1, which will will happily store anything.
+			if ( false === $charset || 'latin1' === $charset ) {
+				continue;
+			}
+
+			if ( ! is_string( $value['value'] ) ) {
+				continue;
+			}
+
+			// ASCII is always OK.
+			if ( ! isset( $value['ascii'] ) && $this->check_ascii( $value['value'] ) ) {
+				continue;
+			}
+
+			// Convert the text locally.
+			if ( $supported_charsets ) {
+				if ( isset( $mb_charsets[ $charset ] ) && in_array( $mb_charsets[ $charset ], $supported_charsets ) ) {
+					$value['value'] = mb_convert_encoding( $value['value'], $mb_charsets[ $charset ], $mb_charsets[ $charset ] );
+					continue;
+				}
+			}
+
+			// utf8 can be handled by regex, which is a bunch faster than a DB lookup.
+			if ( 'utf8' === $charset || 'utf8mb3' === $charset || 'utf8mb4' === $charset ) {
+				$regex = '/
+					(
+						(?: [\x00-\x7F]                  # single-byte sequences   0xxxxxxx
+						|   [\xC2-\xDF][\x80-\xBF]       # double-byte sequences   110xxxxx 10xxxxxx
+						|   \xE0[\xA0-\xBF][\x80-\xBF]   # triple-byte sequences   1110xxxx 10xxxxxx * 2
+						|   [\xE1-\xEC][\x80-\xBF]{2}
+						|   \xED[\x80-\x9F][\x80-\xBF]
+						|   [\xEE-\xEF][\x80-\xBF]{2}';
+
+				if ( 'utf8mb4' === $charset) {
+					$regex .= '
+						|    \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
+						|    [\xF1-\xF3][\x80-\xBF]{3}
+						|    \xF4[\x80-\x8F][\x80-\xBF]{2}
+					';
+				}
+
+				$regex .= '){1,50}                          # ...one or more times
+					)
+					| .                                  # anything else
+					/x';
+				$value['value'] = preg_replace( $regex, '$1', $value['value'] );
+				continue;
+			}
+
+			// We couldn't use any local conversions, send it to the DB.
+			$value['db'] = $db_check_string = true;
+		}
+		unset( $value ); // Remove by reference.
+
+		if ( $db_check_string ) {
+			$queries = array();
+			foreach ( $data as $col => $value ) {
+				if ( ! empty( $value['db'] ) ) {
+					if ( ! isset( $queries[ $value['charset'] ] ) ) {
+						$queries[ $value['charset'] ] = array();
+					}
+
+					// Split the CONVERT() calls by charset, so we can make sure the connection is right
+					$queries[ $value['charset'] ][ $col ] = $this->prepare( "CONVERT( %s USING {$value['charset']} )", $value['value'] );
+				}
+			}
+
+			$connection_charset = $this->charset;
+			foreach ( $queries as $charset => $query ) {
+				if ( ! $query ) {
+					continue;
+				}
+
+				// Change the charset to match the string(s) we're converting
+				if ( $charset !== $connection_charset ) {
+					$connection_charset = $charset;
+					$this->set_charset( $this->dbh, $charset );
+				}
+
+				$this->check_current_query = false;
+
+				$row = $this->get_row( "SELECT " . implode( ', ', $query ), ARRAY_N );
+				if ( ! $row ) {
+					$this->set_charset( $this->dbh, $connection_charset );
+					return new WP_Error( 'wpdb_strip_invalid_text_failure' );
+				}
+
+				$cols = array_keys( $query );
+				$col_count = count( $cols );
+				for ( $ii = 0; $ii < $col_count; $ii++ ) {
+					$data[ $cols[ $ii ] ]['value'] = $row[ $ii ];
+				}
+			}
+
+			// Don't forget to change the charset back!
+			if ( $connection_charset !== $this->charset ) {
+				$this->set_charset( $this->dbh );
+			}
+		}
+
+		return $data;
+	}
+
+	/**
+	 * Strips any invalid characters from the query.
+	 *
+	 * @since 4.2.0
+	 * @access protected
+	 *
+	 * @param string $query Query to convert.
+	 * @return string|WP_Error The converted query, or a {@see WP_Error} object if the conversion fails.
+	 */
+	protected function strip_invalid_text_from_query( $query ) {
+		$table = $this->get_table_from_query( $query );
+		if ( $table ) {
+			$charset = $this->get_table_charset( $table );
+			if ( is_wp_error( $charset ) ) {
+				return $charset;
+			}
+
+			// We can't reliably strip text from tables containing binary/blob columns
+			if ( 'binary' === $charset ) {
+				return $query;
+			}
+		} else {
+			$charset = $this->charset;
+		}
+
+		$data = array(
+			'value'   => $query,
+			'charset' => $charset,
+			'ascii'   => false,
+		);
+
+		$data = $this->strip_invalid_text( array( $data ) );
+		if ( is_wp_error( $data ) ) {
+			return $data;
+		}
+
+		return $data[0]['value'];
+	}
+
+	/**
+	 * Strips any invalid characters from the string for a given table and column.
+	 *
+	 * @since 4.2.0
+	 * @access public
+	 *
+	 * @param string $table  Table name.
+	 * @param string $column Column name.
+	 * @param string $value  The text to check.
+	 * @return string|WP_Error The converted string, or a `WP_Error` object if the conversion fails.
+	 */
+	public function strip_invalid_text_for_column( $table, $column, $value ) {
+		if ( ! is_string( $value ) || $this->check_ascii( $value ) ) {
+			return $value;
+		}
+
+		$charset = $this->get_col_charset( $table, $column );
+		if ( ! $charset ) {
+			// Not a string column.
+			return $value;
+		} elseif ( is_wp_error( $charset ) ) {
+			// Bail on real errors.
+			return $charset;
+		}
+
+		$data = array(
+			$column => array(
+				'value'   => $value,
+				'charset' => $charset,
+				'ascii'   => false,
+			)
+		);
+
+		$data = $this->strip_invalid_text( $data );
+		if ( is_wp_error( $data ) ) {
+			return $data;
+		}
+
+		return $data[ $column ]['value'];
+	}
+
+	/**
+	 * Find the first table name referenced in a query.
+	 *
+	 * @since 4.2.0
+	 * @access protected
+	 *
+	 * @param string $query The query to search.
+	 * @return string|false $table The table name found, or false if a table couldn't be found.
+	 */
+	protected function get_table_from_query( $query ) {
+		// Remove characters that can legally trail the table name.
+		$query = rtrim( $query, ';/-#' );
+
+		// Allow (select...) union [...] style queries. Use the first query's table name.
+		$query = ltrim( $query, "\r\n\t (" );
+
+		/*
+		 * Strip everything between parentheses except nested selects and use only 1,000
+		 * chars of the query.
+		 */
+		$query = preg_replace( '/\((?!\s*select)[^(]*?\)/is', '()', substr( $query, 0, 1000 ) );
+
+		// Quickly match most common queries.
+		if ( preg_match( '/^\s*(?:'
+				. 'SELECT.*?\s+FROM'
+				. '|INSERT(?:\s+LOW_PRIORITY|\s+DELAYED|\s+HIGH_PRIORITY)?(?:\s+IGNORE)?(?:\s+INTO)?'
+				. '|REPLACE(?:\s+LOW_PRIORITY|\s+DELAYED)?(?:\s+INTO)?'
+				. '|UPDATE(?:\s+LOW_PRIORITY)?(?:\s+IGNORE)?'
+				. '|DELETE(?:\s+LOW_PRIORITY|\s+QUICK|\s+IGNORE)*(?:\s+FROM)?'
+				. ')\s+`?([\w-]+)`?/is', $query, $maybe ) ) {
+			return $maybe[1];
+		}
+
+		// SHOW TABLE STATUS and SHOW TABLES
+		if ( preg_match( '/^\s*(?:'
+				. 'SHOW\s+TABLE\s+STATUS.+(?:LIKE\s+|WHERE\s+Name\s*=\s*)'
+				. '|SHOW\s+(?:FULL\s+)?TABLES.+(?:LIKE\s+|WHERE\s+Name\s*=\s*)'
+				. ')\W([\w-]+)\W/is', $query, $maybe ) ) {
+			return $maybe[1];
+		}
+
+		// Big pattern for the rest of the table-related queries.
+		if ( preg_match( '/^\s*(?:'
+				. '(?:EXPLAIN\s+(?:EXTENDED\s+)?)?SELECT.*?\s+FROM'
+				. '|DESCRIBE|DESC|EXPLAIN|HANDLER'
+				. '|(?:LOCK|UNLOCK)\s+TABLE(?:S)?'
+				. '|(?:RENAME|OPTIMIZE|BACKUP|RESTORE|CHECK|CHECKSUM|ANALYZE|REPAIR).*\s+TABLE'
+				. '|TRUNCATE(?:\s+TABLE)?'
+				. '|CREATE(?:\s+TEMPORARY)?\s+TABLE(?:\s+IF\s+NOT\s+EXISTS)?'
+				. '|ALTER(?:\s+IGNORE)?\s+TABLE'
+				. '|DROP\s+TABLE(?:\s+IF\s+EXISTS)?'
+				. '|CREATE(?:\s+\w+)?\s+INDEX.*\s+ON'
+				. '|DROP\s+INDEX.*\s+ON'
+				. '|LOAD\s+DATA.*INFILE.*INTO\s+TABLE'
+				. '|(?:GRANT|REVOKE).*ON\s+TABLE'
+				. '|SHOW\s+(?:.*FROM|.*TABLE)'
+				. ')\s+\(*\s*`?([\w-]+)`?\s*\)*/is', $query, $maybe ) ) {
+			return $maybe[1];
+		}
+
+		return false;
+	}
+
 	/**
 	 * Load the column metadata from the last query.
 	 *

wp-login.php

@@ -523,7 +523,7 @@ case 'retrievepassword' :
 
 ?>
 
-<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
+<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
 	<p>
 		<label for="user_login" ><?php _e('Username or E-mail:') ?><br />
 		<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
@@ -562,10 +562,28 @@ break;
 
 case 'resetpass' :
 case 'rp' :
-	$user = check_password_reset_key($_GET['key'], $_GET['login']);
+	list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
+	$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
+	if ( isset( $_GET['key'] ) ) {
+		$value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
+		setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
+		wp_safe_redirect( remove_query_arg( array( 'key', 'login' ) ) );
+		exit;
+	}
 
-	if ( is_wp_error($user) ) {
-		if ( $user->get_error_code() === 'expired_key' )
+	if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
+		list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
+		$user = check_password_reset_key( $rp_key, $rp_login );
+		if ( isset( $_POST['pass1'] ) && ! hash_equals( $rp_key, $_POST['rp_key'] ) ) {
+			$user = false;
+		}
+	} else {
+		$user = false;
+	}
+
+	if ( ! $user || is_wp_error( $user ) ) {
+		setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
+		if ( $user && $user->get_error_code() === 'expired_key' )
 			wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
 		else
 			wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
@@ -589,6 +607,7 @@ case 'rp' :
 
 	if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
 		reset_password($user, $_POST['pass1']);
+		setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
 		login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
 		login_footer();
 		exit;
@@ -600,8 +619,8 @@ case 'rp' :
 	login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
 
 ?>
-<form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post" autocomplete="off">
-	<input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
+<form name="resetpassform" id="resetpassform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off">
+	<input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" />
 
 	<p>
 		<label for="pass1"><?php _e('New password') ?><br />
@@ -627,6 +646,7 @@ case 'rp' :
 	 */
 	do_action( 'resetpass_form', $user );
 	?>
+	<input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" />
 	<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
 </form>