Tag 4.5.21

Built from https://develop.svn.wordpress.org/tags/4.5.21@47716


git-svn-id: http://core.svn.wordpress.org/tags/4.5.21@47493 1a063a9b-81f0-0310-95a4-ce76da25c4cd

license.txt

@@ -1,6 +1,6 @@
 WordPress - Web publishing software
 
-Copyright 2011-2016 by the contributors
+Copyright 2011-2018 by the contributors
 
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

readme.html

@@ -9,7 +9,6 @@
 <body>
 <h1 id="logo">
 	<a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
-	<br /> Version 4.5
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 

wp-activate.php

@@ -18,6 +18,50 @@ if ( !is_multisite() ) {
 	die();
 }
 
+$valid_error_codes = array( 'already_active', 'blog_taken' );
+
+list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
+$activate_cookie = 'wp-activate-' . COOKIEHASH;
+
+$key    = '';
+$result = null;
+
+if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) {
+	wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 );
+} elseif ( ! empty( $_GET['key'] ) ) {
+	$key = $_GET['key'];
+} elseif ( ! empty( $_POST['key'] ) ) {
+	$key = $_POST['key'];
+}
+
+if ( $key ) {
+	$redirect_url = remove_query_arg( 'key' );
+
+	if ( $redirect_url !== remove_query_arg( false ) ) {
+		setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
+		wp_safe_redirect( $redirect_url );
+		exit;
+	} else {
+		$result = wpmu_activate_signup( $key );
+	}
+}
+
+if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) {
+	$key    = $_COOKIE[ $activate_cookie ];
+	$result = wpmu_activate_signup( $key );
+	setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
+}
+
+if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
+	status_header( 404 );
+} elseif ( is_wp_error( $result ) ) {
+	$error_code = $result->get_error_code();
+
+	if ( ! in_array( $error_code, $valid_error_codes ) ) {
+		status_header( 400 );
+	}
+}
+
 if ( is_object( $wp_object_cache ) )
 	$wp_object_cache->cache_enabled = false;
 
@@ -63,13 +107,14 @@ function wpmu_activate_stylesheet() {
 	<?php
 }
 add_action( 'wp_head', 'wpmu_activate_stylesheet' );
+add_action( 'wp_head', 'wp_sensitive_page_meta' );
 
 get_header( 'wp-activate' );
 ?>
 
 <div id="signup-content" class="widecolumn">
 	<div class="wp-activate-container">
-	<?php if ( empty($_GET['key']) && empty($_POST['key']) ) { ?>
+	<?php if ( ! $key ) { ?>
 
 		<h2><?php _e('Activation Key Required') ?></h2>
 		<form name="activateform" id="activateform" method="post" action="<?php echo network_site_url('wp-activate.php'); ?>">
@@ -83,28 +128,25 @@ get_header( 'wp-activate' );
 		</form>
 
 	<?php } else {
-
-		$key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
-		$result = wpmu_activate_signup( $key );
-		if ( is_wp_error($result) ) {
-			if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
-			    $signup = $result->get_error_data();
-				?>
-				<h2><?php _e('Your account is now active!'); ?></h2>
-				<?php
-				echo '<p class="lead-in">';
-				if ( $signup->domain . $signup->path == '' ) {
-					printf( __('Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.'), network_site_url( 'wp-login.php', 'login' ), $signup->user_login, $signup->user_email, wp_lostpassword_url() );
-				} else {
-					printf( __('Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.'), 'http://' . $signup->domain, $signup->domain, $signup->user_login, $signup->user_email, wp_lostpassword_url() );
-				}
-				echo '</p>';
+		if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) {
+			$signup = $result->get_error_data();
+			?>
+			<h2><?php _e('Your account is now active!'); ?></h2>
+			<?php
+			echo '<p class="lead-in">';
+			if ( $signup->domain . $signup->path == '' ) {
+				printf( __('Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.'), network_site_url( 'wp-login.php', 'login' ), $signup->user_login, $signup->user_email, wp_lostpassword_url() );
 			} else {
-				?>
-				<h2><?php _e('An error occurred during the activation'); ?></h2>
-				<?php
-			    echo '<p>'.$result->get_error_message().'</p>';
+				printf( __('Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.'), 'http://' . $signup->domain, $signup->domain, $signup->user_login, $signup->user_email, wp_lostpassword_url() );
 			}
+			echo '</p>';
+		} elseif ( $result === null || is_wp_error( $result ) ) {
+			?>
+			<h2><?php _e('An error occurred during the activation'); ?></h2>
+			<?php if ( is_wp_error( $result ) ) {
+				echo '<p>' . $result->get_error_message() . '</p>';
+			} ?>
+			<?php
 		} else {
 			$url = isset( $result['blog_id'] ) ? get_blogaddress_by_id( (int) $result['blog_id'] ) : '';
 			$user = get_userdata( (int) $result['user_id'] );

wp-admin/about.php

@@ -38,6 +38,168 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 			<a href="freedoms.php" class="nav-tab"><?php _e( 'Freedoms' ); ?></a>
 		</h2>
 
+		<div class="changelog point-releases">
+			<h3><?php _e( 'Maintenance and Security Releases' ); ?></h3>
+			<p>
+				<?php
+				printf(
+					/* translators: %s: WordPress version number */
+					__( '<strong>Version %s</strong> addressed some security issues.' ),
+					'4.5.21'
+				);
+				?>
+				<?php
+				printf(
+					/* translators: %s: HelpHub URL */
+					__( 'For more information, see <a href="%s">the release notes</a>.' ),
+					sprintf(
+						/* translators: %s: WordPress version */
+						esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+						sanitize_title( '4.5.21' )
+					)
+				);
+				?>
+			</p>
+			<p>
+				<?php
+				printf(
+					/* translators: %s: WordPress version number */
+					__( '<strong>Version %s</strong> addressed one security issue.' ),
+					'4.5.20'
+				);
+				?>
+				<?php
+				printf(
+					/* translators: %s: HelpHub URL */
+					__( 'For more information, see <a href="%s">the release notes</a>.' ),
+					sprintf(
+						/* translators: %s: WordPress version */
+						esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+						sanitize_title( '4.5.20' )
+					)
+				);
+				?>
+			</p>
+			<p>
+				<?php
+				printf(
+					/* translators: %s: WordPress version number */
+					__( '<strong>Version %s</strong> addressed some security issues.' ),
+					'4.5.19'
+				);
+				?>
+				<?php
+				printf(
+					/* translators: %s: HelpHub URL */
+					__( 'For more information, see <a href="%s">the release notes</a>.' ),
+					sprintf(
+						/* translators: %s: WordPress version */
+						esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+						sanitize_title( '4.5.19' )
+					)
+				);
+				?>
+			</p>
+			<p>
+				<?php
+				printf(
+				/* translators: %s: WordPress version number */
+					__( '<strong>Version %s</strong> addressed some security issues.' ),
+					'4.5.18'
+				);
+				?>
+				<?php
+				printf(
+				/* translators: %s: HelpHub URL */
+					__( 'For more information, see <a href="%s">the release notes</a>.' ),
+					sprintf(
+					/* translators: %s: WordPress version */
+						esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+						sanitize_title( '4.5.18' )
+					)
+				);
+				?>
+			</p>
+			<p>
+				<?php
+				printf(
+					/* translators: %s: WordPress version number */
+					__( '<strong>Version %s</strong> addressed some security issues.' ),
+					'4.5.17'
+				);
+				?>
+				<?php
+				printf(
+					/* translators: %s: HelpHub URL */
+					__( 'For more information, see <a href="%s">the release notes</a>.' ),
+					sprintf(
+						/* translators: %s: WordPress version */
+						esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
+						sanitize_title( '4.5.17' )
+					)
+				);
+				?>
+			</p>
+			<p>
+				<?php
+				/* translators: %s: WordPress version number */
+				printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.5.16' );
+				?>
+				<?php
+				/* translators: %s: Codex URL */
+				printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.16' );
+				?>
+			</p>
+			<p><?php printf( __( '<strong>Version %s</strong> addressed one security issue.' ), '4.5.15' ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.15' ); ?>
+			</p>
+			<p><?php printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.5.14' ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.14' ); ?>
+			</p>
+			<p><?php printf( __( '<strong>Version %s</strong> addressed one security issue.' ), '4.5.13' ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.13' ); ?>
+			</p>
+			<p><?php printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.5.12' ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.12' ); ?>
+			</p>
+			<p><?php printf( __( '<strong>Version %s</strong> addressed one security issue.' ), '4.5.11' ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.11' ); ?>
+			</p>
+			<p><?php printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.5.10' ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.10' ); ?>
+			</p>
+			<p><?php printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.5.9' ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.9' ); ?>
+			</p>
+			<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
+					'<strong>Version %1$s</strong> addressed %2$s bugs.', 1 ), '4.5.8', number_format_i18n( 1 ) ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.8' ); ?>
+			</p>
+			<p><?php printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.5.7' ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.7' ); ?>
+			</p>
+			<p><?php printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.5.6' ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.6' ); ?>
+			</p>
+			<p><?php printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.5.5' ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.5' ); ?>
+			</p>
+			<p><?php printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.5.4' ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.4' ); ?>
+			</p>
+			<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+				'<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 17 ), '4.5.3', number_format_i18n( 17 ) ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.3' ); ?>
+			</p>
+			<p><?php printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.5.2' ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.2' ); ?>
+			</p>
+			<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
+				'<strong>Version %1$s</strong> addressed %2$s bugs.', 12 ), '4.5.1', number_format_i18n( 12 ) ); ?>
+				<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.5.1' ); ?>
+			</p>
+		</div>
+
 		<div class="headline-feature feature-video" style="background-color:#191E23;">
 			<iframe width="1050" height="591" src="<?php echo esc_url( $video_url ); ?>" frameborder="0" allowfullscreen></iframe>
 			<script src="https://videopress.com/videopress-iframe.js"></script>

wp-admin/async-upload.php

@@ -32,7 +32,7 @@ if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['actio
 
 require_once( ABSPATH . 'wp-admin/admin.php' );
 
-header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
+header( 'Content-Type: text/plain; charset=' . get_option( 'blog_charset' ) );
 
 if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
 	include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );

wp-admin/css/themes-rtl.css

@@ -1586,9 +1586,9 @@ body.full-overlay-active {
 }
 
 .preview-tablet .wp-full-overlay-main {
-	margin: auto -3in auto 0;
-	width: 6in; /* Size is loosely based on a typical "tablet" device size. Intentionally ambiguous - this does not represent any particular device precisely. */
-	height: 9in;
+	margin: auto -360px auto 0;
+	width: 720px; /* Size is loosely based on a typical "tablet" device size. Intentionally ambiguous - this does not represent any particular device precisely. */
+	height: 1080px;
 	max-height: 100%;
 	max-width: 100%;
 	right: 50%;

wp-admin/css/themes.css

@@ -1586,9 +1586,9 @@ body.full-overlay-active {
 }
 
 .preview-tablet .wp-full-overlay-main {
-	margin: auto 0 auto -3in;
-	width: 6in; /* Size is loosely based on a typical "tablet" device size. Intentionally ambiguous - this does not represent any particular device precisely. */
-	height: 9in;
+	margin: auto 0 auto -360px;
+	width: 720px; /* Size is loosely based on a typical "tablet" device size. Intentionally ambiguous - this does not represent any particular device precisely. */
+	height: 1080px;
 	max-height: 100%;
 	max-width: 100%;
 	left: 50%;

wp-admin/customize.php

@@ -132,7 +132,7 @@ do_action( 'customize_controls_print_scripts' );
 			<div id="customize-info" class="accordion-section customize-info">
 				<div class="accordion-section-title">
 					<span class="preview-notice"><?php
-						echo sprintf( __( 'You are customizing %s' ), '<strong class="panel-title site-title">' . get_bloginfo( 'name' ) . '</strong>' );
+						echo sprintf( __( 'You are customizing %s' ), '<strong class="panel-title site-title">' . get_bloginfo( 'name', 'display' ) . '</strong>' );
 					?></span>
 					<button class="customize-help-toggle dashicons dashicons-editor-help" aria-expanded="false"><span class="screen-reader-text"><?php _e( 'Help' ); ?></span></button>
 				</div>

wp-admin/edit-tag-form.php

@@ -74,9 +74,9 @@ do_action( "{$taxonomy}_pre_edit_form", $tag, $taxonomy ); ?>
 <div id="message" class="updated">
 	<p><strong><?php echo $message; ?></strong></p>
 	<?php if ( $wp_http_referer ) { ?>
-	<p><a href="<?php echo esc_url( $wp_http_referer ); ?>"><?php printf( __( '&larr; Back to %s' ), $tax->labels->name ); ?></a></p>
+	<p><a href="<?php echo esc_url( wp_validate_redirect( esc_url_raw( $wp_http_referer ), admin_url( 'term.php?taxonomy=' . $taxonomy ) ) ); ?>"><?php printf( __( '&larr; Back to %s' ), $tax->labels->name ); ?></a></p>
 	<?php } else { ?>
-	<p><a href="<?php echo esc_url( wp_get_referer() ); ?>"><?php printf( __( '&larr; Back to %s' ), $tax->labels->name ); ?></a></p>
+	<p><a href="<?php echo esc_url( wp_validate_redirect( esc_url_raw( wp_get_referer() ), admin_url( 'term.php?taxonomy=' . $taxonomy ) ) ); ?>"><?php printf( __( '&larr; Back to %s' ), $tax->labels->name ); ?></a></p>
 	<?php } ?>
 </div>
 <?php endif; ?>

wp-admin/includes/ajax-actions.php

@@ -1009,6 +1009,8 @@ function wp_ajax_replyto_comment( $action ) {
 			if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
 				kses_remove_filters(); // start with a clean slate
 				kses_init_filters(); // set up the filters
+				remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+				add_filter( 'pre_comment_content', 'wp_filter_kses' );
 			}
 		}
 	} else {
@@ -2002,7 +2004,7 @@ function wp_ajax_upload_attachment() {
 			'success' => false,
 			'data'    => array(
 				'message'  => __( 'You do not have permission to upload files.' ),
-				'filename' => $_FILES['async-upload']['name'],
+				'filename' => esc_html( $_FILES['async-upload']['name'] ),
 			)
 		) );
 
@@ -2016,7 +2018,7 @@ function wp_ajax_upload_attachment() {
 				'success' => false,
 				'data'    => array(
 					'message'  => __( "You don't have permission to attach files to this post." ),
-					'filename' => $_FILES['async-upload']['name'],
+					'filename' => esc_html( $_FILES['async-upload']['name'] ),
 				)
 			) );
 
@@ -2026,7 +2028,11 @@ function wp_ajax_upload_attachment() {
 		$post_id = null;
 	}
 
-	$post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
+	$post_data = ! empty( $_REQUEST['post_data'] ) ? _wp_get_allowed_postdata( _wp_translate_postdata( false, (array) $_REQUEST['post_data'] ) ) : array();
+
+	if ( is_wp_error( $post_data ) ) {
+		wp_die( $post_data->get_error_message() );
+	}
 
 	// If the context is custom header or background, make sure the uploaded file is an image.
 	if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
@@ -2036,7 +2042,7 @@ function wp_ajax_upload_attachment() {
 				'success' => false,
 				'data'    => array(
 					'message'  => __( 'The uploaded file is not a valid image. Please try again.' ),
-					'filename' => $_FILES['async-upload']['name'],
+					'filename' => esc_html( $_FILES['async-upload']['name'] ),
 				)
 			) );
 
@@ -2051,7 +2057,7 @@ function wp_ajax_upload_attachment() {
 			'success' => false,
 			'data'    => array(
 				'message'  => $attachment_id->get_error_message(),
-				'filename' => $_FILES['async-upload']['name'],
+				'filename' => esc_html( $_FILES['async-upload']['name'] ),
 			)
 		) );
 
@@ -2602,7 +2608,7 @@ function wp_ajax_send_attachment_to_editor() {
 		$rel = $rel ? ' rel="attachment wp-att-' . $id . '"' : ''; // Hard-coded string, $id is already sanitized
 
 		if ( ! empty( $url ) ) {
-			$html = '<a href="' . esc_url( $url ) . '"' . $rel . '">' . $html . '</a>';
+			$html = '<a href="' . esc_url( $url ) . '"' . $rel . '>' . $html . '</a>';
 		}
 	}
 
@@ -2761,7 +2767,7 @@ function wp_ajax_get_revision_diffs() {
 	if ( ! $post = get_post( (int) $_REQUEST['post_id'] ) )
 		wp_send_json_error();
 
-	if ( ! current_user_can( 'read_post', $post->ID ) )
+	if ( ! current_user_can( 'edit_post', $post->ID ) )
 		wp_send_json_error();
 
 	// Really just pre-loading the cache here.

wp-admin/includes/class-wp-media-list-table.php

@@ -395,7 +395,7 @@ class WP_Media_List_Table extends WP_List_Table {
 			<span class="screen-reader-text"><?php _e( 'File name:' ); ?> </span>
 			<?php
 			$file = get_attached_file( $post->ID );
-			echo wp_basename( $file );
+			echo esc_html( wp_basename( $file ) );
 			?>
 		</p>
 		<?php

wp-admin/includes/class-wp-plugins-list-table.php

@@ -560,16 +560,16 @@ class WP_Plugins_List_Table extends WP_List_Table {
 				if ( $is_active ) {
 					if ( current_user_can( 'manage_network_plugins' ) ) {
 						/* translators: %s: plugin name */
-						$actions['deactivate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=deactivate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file ) . '" aria-label="' . esc_attr( sprintf( __( 'Network deactivate %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Network Deactivate' ) . '</a>';
+						$actions['deactivate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=deactivate&amp;plugin=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file ) . '" aria-label="' . esc_attr( sprintf( __( 'Network Deactivate %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Network Deactivate' ) . '</a>';
 						}
 				} else {
 					if ( current_user_can( 'manage_network_plugins' ) ) {
 						/* translators: %s: plugin name */
-						$actions['activate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=activate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( __( 'Network Activate %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Network Activate' ) . '</a>';
+						$actions['activate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=activate&amp;plugin=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( __( 'Network Activate %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Network Activate' ) . '</a>';
 					}
 					if ( current_user_can( 'delete_plugins' ) && ! is_plugin_active( $plugin_file ) ) {
 						/* translators: %s: plugin name */
-						$actions['delete'] = '<a href="' . wp_nonce_url( 'plugins.php?action=delete-selected&amp;checked[]=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-plugins' ) . '" class="delete" aria-label="' . esc_attr( sprintf( __( 'Delete %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Delete' ) . '</a>';
+						$actions['delete'] = '<a href="' . wp_nonce_url( 'plugins.php?action=delete-selected&amp;checked[]=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-plugins' ) . '" class="delete" aria-label="' . esc_attr( sprintf( __( 'Delete %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Delete' ) . '</a>';
 					}
 				}
 			} else {
@@ -583,14 +583,14 @@ class WP_Plugins_List_Table extends WP_List_Table {
 					);
 				} elseif ( $is_active ) {
 					/* translators: %s: plugin name */
-					$actions['deactivate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=deactivate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file ) . '" aria-label="' . esc_attr( sprintf( __( 'Deactivate %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Deactivate' ) . '</a>';
+					$actions['deactivate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=deactivate&amp;plugin=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file ) . '" aria-label="' . esc_attr( sprintf( __( 'Deactivate %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Deactivate' ) . '</a>';
 				} else {
 					/* translators: %s: plugin name */
-					$actions['activate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=activate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( __( 'Activate %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Activate' ) . '</a>';
+					$actions['activate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=activate&amp;plugin=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( __( 'Activate %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Activate' ) . '</a>';
 
 					if ( ! is_multisite() && current_user_can( 'delete_plugins' ) ) {
 						/* translators: %s: plugin name */
-						$actions['delete'] = '<a href="' . wp_nonce_url( 'plugins.php?action=delete-selected&amp;checked[]=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-plugins' ) . '" class="delete" aria-label="' . esc_attr( sprintf( __( 'Delete %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Delete' ) . '</a>';
+						$actions['delete'] = '<a href="' . wp_nonce_url( 'plugins.php?action=delete-selected&amp;checked[]=' . urlencode( $plugin_file ) . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-plugins' ) . '" class="delete" aria-label="' . esc_attr( sprintf( __( 'Delete %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Delete' ) . '</a>';
 					}
 				} // end if $is_active
 
@@ -598,7 +598,7 @@ class WP_Plugins_List_Table extends WP_List_Table {
 
 			if ( ( ! is_multisite() || $screen->in_admin( 'network' ) ) && current_user_can( 'edit_plugins' ) && is_writable( WP_PLUGIN_DIR . '/' . $plugin_file ) ) {
 				/* translators: %s: plugin name */
-				$actions['edit'] = '<a href="plugin-editor.php?file=' . $plugin_file . '" class="edit" aria-label="' . esc_attr( sprintf( __( 'Edit %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Edit' ) . '</a>';
+				$actions['edit'] = '<a href="plugin-editor.php?file=' . urlencode( $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( __( 'Edit %s' ), $plugin_data['Name'] ) ) . '">' . __( 'Edit' ) . '</a>';
 			}
 		} // end if $context
 

wp-admin/includes/class-wp-posts-list-table.php

@@ -911,7 +911,7 @@ class WP_Posts_List_Table extends WP_List_Table {
 		}
 
 		if ( ! is_post_type_hierarchical( $this->screen->post_type ) && 'excerpt' === $mode && current_user_can( 'read_post', $post->ID ) ) {
-			the_excerpt();
+			echo esc_html( get_the_excerpt() );
 		}
 
 		get_inline_data( $post );

wp-admin/includes/class-wp-press-this.php

@@ -119,10 +119,28 @@ class WP_Press_This {
 			'post_type'     => 'post',
 			'post_status'   => 'draft',
 			'post_format'   => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '',
-			'tax_input'     => ( ! empty( $_POST['tax_input'] ) ) ? $_POST['tax_input'] : array(),
-			'post_category' => ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array(),
 		);
 
+		// Only accept categories if the user actually can assign
+		$category_tax = get_taxonomy( 'category' );
+		if ( current_user_can( $category_tax->cap->assign_terms ) ) {
+			$post_data['post_category'] = ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array();
+		}
+
+		// Only accept taxonomies if the user can actually assign
+		if ( ! empty( $_POST['tax_input'] ) ) {
+			$tax_input = $_POST['tax_input'];
+			foreach ( $tax_input as $tax => $_ti ) {
+				$tax_object = get_taxonomy( $tax );
+				if ( ! $tax_object || ! current_user_can( $tax_object->cap->assign_terms ) ) {
+					unset( $tax_input[ $tax ] );
+				}
+			}
+
+			$post_data['tax_input'] = $tax_input;
+		}
+
+		// Toggle status to pending if user cannot actually publish
 		if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) {
 			if ( current_user_can( 'publish_posts' ) ) {
 				$post_data['post_status'] = 'publish';
@@ -454,7 +472,7 @@ class WP_Press_This {
 	 * @since 4.2.0
 	 *
 	 * @param string $src Embed source URL.
-	 * @return string If not from a supported provider, an empty string. Otherwise, a reformattd embed URL.
+	 * @return string If not from a supported provider, an empty string. Otherwise, a reformatted embed URL.
 	 */
 	private function _limit_embed( $src ) {
 		$src = $this->_limit_url( $src );
@@ -702,7 +720,11 @@ class WP_Press_This {
 			 * making PT fully backward compatible with the older bookmarklet.
 			 */
 			if ( empty( $_POST ) && ! empty( $data['u'] ) ) {
-				$data = $this->source_data_fetch_fallback( $data['u'], $data );
+				if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'scan-site' ) ) {
+					$data = $this->source_data_fetch_fallback( $data['u'], $data );
+				} else {
+					$data['errors'] = 'missing nonce';
+				}
 			} else {
 				foreach ( array( '_images', '_embeds' ) as $type ) {
 					if ( empty( $_POST[ $type ] ) ) {
@@ -884,6 +906,12 @@ class WP_Press_This {
 	public function categories_html( $post ) {
 		$taxonomy = get_taxonomy( 'category' );
 
+		// Bail if user cannot assign terms
+		if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
+			return;
+		}
+
+		// Only show "add" if user can edit terms
 		if ( current_user_can( $taxonomy->cap->edit_terms ) ) {
 			?>
 			<button type="button" class="add-cat-toggle button-link" aria-expanded="false">
@@ -1241,7 +1269,7 @@ class WP_Press_This {
 		$site_data = array(
 			'v' => ! empty( $data['v'] ) ? $data['v'] : '',
 			'u' => ! empty( $data['u'] ) ? $data['u'] : '',
-			'hasData' => ! empty( $data ),
+			'hasData' => ! empty( $data ) && ! isset( $data['errors'] ),
 		);
 
 		if ( ! empty( $images ) ) {
@@ -1302,6 +1330,12 @@ class WP_Press_This {
 		wp_enqueue_script( 'json2' );
 		wp_enqueue_script( 'editor' );
 
+		$categories_tax   = get_taxonomy( 'category' );
+		$show_categories  = current_user_can( $categories_tax->cap->assign_terms ) || current_user_can( $categories_tax->cap->edit_terms );
+
+		$tag_tax          = get_taxonomy( 'post_tag' );
+		$show_tags        = current_user_can( $tag_tax->cap->assign_terms );
+
 		$supports_formats = false;
 		$post_format      = 0;
 
@@ -1367,8 +1401,9 @@ class WP_Press_This {
 	<div id="scanbar" class="scan">
 		<form method="GET">
 			<label for="url-scan" class="screen-reader-text"><?php _e( 'Scan site for content' ); ?></label>
-			<input type="url" name="u" id="url-scan" class="scan-url" value="" placeholder="<?php esc_attr_e( 'Enter a URL to scan' ) ?>" />
+			<input type="url" name="u" id="url-scan" class="scan-url" value="<?php echo esc_attr( $site_data['u'] ) ?>" placeholder="<?php esc_attr_e( 'Enter a URL to scan' ) ?>" />
 			<input type="submit" name="url-scan-submit" id="url-scan-submit" class="scan-submit" value="<?php esc_attr_e( 'Scan' ) ?>" />
+			<?php wp_nonce_field( 'scan-site' ); ?>
 		</form>
 	</div>
 
@@ -1453,17 +1488,21 @@ class WP_Press_This {
 					</button>
 				<?php endif; ?>
 
-				<button type="button" class="button-link post-option">
-					<span class="dashicons dashicons-category"></span>
-					<span class="post-option-title"><?php _e( 'Categories' ); ?></span>
-					<span class="dashicons post-option-forward"></span>
-				</button>
+				<?php if ( $show_categories ) : ?>
+					<button type="button" class="button-link post-option">
+						<span class="dashicons dashicons-category"></span>
+						<span class="post-option-title"><?php _e( 'Categories' ); ?></span>
+						<span class="dashicons post-option-forward"></span>
+					</button>
+				<?php endif; ?>
 
-				<button type="button" class="button-link post-option">
-					<span class="dashicons dashicons-tag"></span>
-					<span class="post-option-title"><?php _e( 'Tags' ); ?></span>
-					<span class="dashicons post-option-forward"></span>
-				</button>
+				<?php if ( $show_tags ) : ?>
+					<button type="button" class="button-link post-option">
+						<span class="dashicons dashicons-tag"></span>
+						<span class="post-option-title"><?php _e( 'Tags' ); ?></span>
+						<span class="dashicons post-option-forward"></span>
+					</button>
+				<?php endif; ?>
 			</div>
 
 			<?php if ( $supports_formats ) : ?>
@@ -1477,23 +1516,27 @@ class WP_Press_This {
 				</div>
 			<?php endif; ?>
 
-			<div class="setting-modal is-off-screen is-hidden">
-				<button type="button" class="button-link modal-close">
-					<span class="dashicons post-option-back"></span>
-					<span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
-					<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
-				</button>
-				<?php $this->categories_html( $post ); ?>
-			</div>
+			<?php if ( $show_categories ) : ?>
+				<div class="setting-modal is-off-screen is-hidden">
+					<button type="button" class="button-link modal-close">
+						<span class="dashicons post-option-back"></span>
+						<span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
+						<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
+					</button>
+					<?php $this->categories_html( $post ); ?>
+				</div>
+			<?php endif; ?>
 
-			<div class="setting-modal tags is-off-screen is-hidden">
-				<button type="button" class="button-link modal-close">
-					<span class="dashicons post-option-back"></span>
-					<span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
-					<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
-				</button>
-				<?php $this->tags_html( $post ); ?>
-			</div>
+			<?php if ( $show_tags ) : ?>
+				<div class="setting-modal tags is-off-screen is-hidden">
+					<button type="button" class="button-link modal-close">
+						<span class="dashicons post-option-back"></span>
+						<span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
+						<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
+					</button>
+					<?php $this->tags_html( $post ); ?>
+				</div>
+			<?php endif; ?>
 		</div><!-- .options-panel -->
 	</div><!-- .wrapper -->
 

wp-admin/includes/class-wp-screen.php

@@ -290,7 +290,9 @@ final class WP_Screen {
 
 			switch ( $base ) {
 				case 'post' :
-					if ( isset( $_GET['post'] ) )
+					if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] )
+						wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
+					elseif ( isset( $_GET['post'] ) )
 						$post_id = (int) $_GET['post'];
 					elseif ( isset( $_POST['post_ID'] ) )
 						$post_id = (int) $_POST['post_ID'];
@@ -917,7 +919,8 @@ final class WP_Screen {
 
 		switch ( $this->base ) {
 			case 'widgets':
-				$this->_screen_settings = '<p><a id="access-on" href="widgets.php?widgets-access=on">' . __('Enable accessibility mode') . '</a><a id="access-off" href="widgets.php?widgets-access=off">' . __('Disable accessibility mode') . "</a></p>\n";
+				$nonce = wp_create_nonce( 'widgets-access' );
+				$this->_screen_settings = '<p><a id="access-on" href="widgets.php?widgets-access=on&_wpnonce=' . urlencode( $nonce ) . '">' . __('Enable accessibility mode') . '</a><a id="access-off" href="widgets.php?widgets-access=off&_wpnonce=' . urlencode( $nonce ) . '">' . __('Disable accessibility mode') . "</a></p>\n";
 				break;
 			case 'post' :
 				$expand = '<fieldset class="editor-expand hidden"><legend>' . __( 'Additional settings' ) . '</legend><label for="editor-expand-toggle">';

wp-admin/includes/class-wp-upgrader.php

@@ -2659,8 +2659,12 @@ class File_Upload_Upgrader {
 			if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) )
 				wp_die( $uploads['error'] );
 
-			$this->filename = $_GET[$urlholder];
+			$this->filename = sanitize_file_name( $_GET[ $urlholder ] );
 			$this->package = $uploads['basedir'] . '/' . $this->filename;
+
+			if ( 0 !== strpos( realpath( $this->package ), realpath( $uploads['basedir'] ) ) ) {
+				wp_die( __( 'Please select a file' ) );
+			}
 		}
 	}
 

wp-admin/includes/file.php

@@ -635,6 +635,10 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) {
 		if ( '__MACOSX/' === substr($info['name'], 0, 9) ) // Skip the OS X-created __MACOSX directory
 			continue;
 
+		if ( 0 !== validate_file( $info['name'] ) ) {
+			return new WP_Error( 'invalid_file_ziparchive', __( 'Could not extract file from archive.' ), $info['name'] );
+		}
+
 		$uncompressed_size += $info['size'];
 
 		if ( '/' == substr($info['name'], -1) ) // directory
@@ -792,6 +796,10 @@ function _unzip_file_pclzip($file, $to, $needed_dirs = array()) {
 		if ( '__MACOSX/' === substr($file['filename'], 0, 9) ) // Don't extract the OS X-created __MACOSX directory files
 			continue;
 
+		if ( 0 !== validate_file( $file['filename'] ) ) {
+			return new WP_Error( 'invalid_file_pclzip', __( 'Could not extract file from archive.' ), $file['filename'] );
+		}
+
 		if ( ! $wp_filesystem->put_contents( $to . $file['filename'], $file['content'], FS_CHMOD_FILE) )
 			return new WP_Error( 'copy_failed_pclzip', __( 'Could not copy file.' ), $file['filename'] );
 	}
@@ -1076,14 +1084,28 @@ function request_filesystem_credentials( $form_post, $type = '', $error = false,
 
 	$credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => ''));
 
+	$submitted_form = wp_unslash( $_POST );
+
+	// Verify nonce, or unset submitted form field values on failure
+	if ( ! isset( $_POST['_fs_nonce'] ) || ! wp_verify_nonce( $_POST['_fs_nonce'], 'filesystem-credentials' ) ) {
+		unset(
+			$submitted_form['hostname'],
+			$submitted_form['username'],
+			$submitted_form['password'],
+			$submitted_form['public_key'],
+			$submitted_form['private_key'],
+			$submitted_form['connection_type']
+		);
+	}
+
 	// If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
-	$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']);
-	$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']);
-	$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : '');
+	$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($submitted_form['hostname']) ? $submitted_form['hostname'] : $credentials['hostname']);
+	$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($submitted_form['username']) ? $submitted_form['username'] : $credentials['username']);
+	$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($submitted_form['password']) ? $submitted_form['password'] : '');
 
 	// Check to see if we are setting the public/private keys for ssh
-	$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : '');
-	$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : '');
+	$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($submitted_form['public_key']) ? $submitted_form['public_key'] : '');
+	$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($submitted_form['private_key']) ? $submitted_form['private_key'] : '');
 
 	// Sanitize the hostname, Some people might pass in odd-data:
 	$credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off
@@ -1100,8 +1122,8 @@ function request_filesystem_credentials( $form_post, $type = '', $error = false,
 		$credentials['connection_type'] = 'ssh';
 	} elseif ( ( defined( 'FTP_SSL' ) && FTP_SSL ) && 'ftpext' == $type ) { //Only the FTP Extension understands SSL
 		$credentials['connection_type'] = 'ftps';
-	} elseif ( ! empty( $_POST['connection_type'] ) ) {
-		$credentials['connection_type'] = wp_unslash( $_POST['connection_type'] );
+	} elseif ( ! empty( $submitted_form['connection_type'] ) ) {
+		$credentials['connection_type'] = $submitted_form['connection_type'];
 	} elseif ( ! isset( $credentials['connection_type'] ) ) { //All else fails (And it's not defaulted to something else saved), Default to FTP
 		$credentials['connection_type'] = 'ftp';
 	}
@@ -1243,11 +1265,12 @@ echo "<$heading_tag id='request-filesystem-credentials-title'>" . __( 'Connectio
 </fieldset>
 <?php
 foreach ( (array) $extra_fields as $field ) {
-	if ( isset( $_POST[ $field ] ) )
-		echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( wp_unslash( $_POST[ $field ] ) ) . '" />';
+	if ( isset( $submitted_form[ $field ] ) )
+		echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( $submitted_form[ $field ] ) . '" />';
 }
 ?>
 	<p class="request-filesystem-credentials-action-buttons">
+		<?php wp_nonce_field( 'filesystem-credentials', '_fs_nonce', false, true ); ?>
 		<button class="button cancel-button" data-js-action="close" type="button"><?php _e( 'Cancel' ); ?></button>
 		<?php submit_button( __( 'Proceed' ), 'button', 'upgrade', false ); ?>
 	</p>

wp-admin/includes/media.php

@@ -290,7 +290,7 @@ function media_handle_upload($file_id, $post_id, $post_data = array(), $override
 	$url = $file['url'];
 	$type = $file['type'];
 	$file = $file['file'];
-	$title = $name;
+	$title = sanitize_text_field( $name );
 	$content = '';
 	$excerpt = '';
 
@@ -2951,7 +2951,7 @@ function wp_add_id3_tag_data( &$metadata, $data ) {
 		if ( ! empty( $data[$version]['comments'] ) ) {
 			foreach ( $data[$version]['comments'] as $key => $list ) {
 				if ( 'length' !== $key && ! empty( $list ) ) {
-					$metadata[$key] = reset( $list );
+					$metadata[$key] = wp_kses_post( reset( $list ) );
 					// Fix bug in byte stream analysis.
 					if ( 'terms_of_use' === $key && 0 === strpos( $metadata[$key], 'yright notice.' ) )
 						$metadata[$key] = 'Cop' . $metadata[$key];

wp-admin/includes/misc.php

@@ -491,7 +491,7 @@ function iis7_rewrite_rule_exists($filename) {
 	if ( $doc->load($filename) === false )
 		return false;
 	$xpath = new DOMXPath($doc);
-	$rules = $xpath->query('/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')]');
+	$rules = $xpath->query('/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')] | /configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'WordPress\')]');
 	if ( $rules->length == 0 )
 		return false;
 	else
@@ -521,7 +521,7 @@ function iis7_delete_rewrite_rule($filename) {
 	if ( $doc -> load($filename) === false )
 		return false;
 	$xpath = new DOMXPath($doc);
-	$rules = $xpath->query('/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')]');
+	$rules = $xpath->query('/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')] | /configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'WordPress\')]');
 	if ( $rules->length > 0 ) {
 		$child = $rules->item(0);
 		$parent = $child->parentNode;
@@ -562,7 +562,7 @@ function iis7_add_rewrite_rule($filename, $rewrite_rule) {
 	$xpath = new DOMXPath($doc);
 
 	// First check if the rule already exists as in that case there is no need to re-add it
-	$wordpress_rules = $xpath->query('/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')]');
+	$wordpress_rules = $xpath->query('/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')] | /configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'WordPress\')]');
 	if ( $wordpress_rules->length > 0 )
 		return true;
 

wp-admin/includes/post.php

@@ -165,9 +165,37 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 		$post_data['post_date_gmt'] = get_gmt_from_date( $post_data['post_date'] );
 	}
 
+	if ( isset( $post_data['post_category'] ) ) {
+		$category_object = get_taxonomy( 'category' );
+		if ( ! current_user_can( $category_object->cap->assign_terms ) ) {
+			unset( $post_data['post_category'] );
+		}
+	}
+
 	return $post_data;
 }
 
+/**
+ * Returns only allowed post data fields
+ *
+ * @since 4.9.9
+ *
+ * @param array $post_data Array of post data. Defaults to the contents of $_POST.
+ * @return object|bool WP_Error on failure, true on success.
+ */
+function _wp_get_allowed_postdata( $post_data = null ) {
+	if ( empty( $post_data ) ) {
+		$post_data = $_POST;
+	}
+
+	// Pass through errors
+	if ( is_wp_error( $post_data ) ) {
+		return $post_data;
+	}
+
+	return array_diff_key( $post_data, array_flip( array( 'meta_input', 'file', 'guid' ) ) );
+}
+
 /**
  * Update an existing post with values provided in $_POST.
  *
@@ -236,6 +264,7 @@ function edit_post( $post_data = null ) {
 	$post_data = _wp_translate_postdata( true, $post_data );
 	if ( is_wp_error($post_data) )
 		wp_die( $post_data->get_error_message() );
+	$translated = _wp_get_allowed_postdata( $post_data );
 
 	// Post Formats
 	if ( isset( $post_data['post_format'] ) )
@@ -313,7 +342,7 @@ function edit_post( $post_data = null ) {
 		$attachment_data = isset( $post_data['attachments'][ $post_ID ] ) ? $post_data['attachments'][ $post_ID ] : array();
 
 		/** This filter is documented in wp-admin/includes/media.php */
-		$post_data = apply_filters( 'attachment_fields_to_save', $post_data, $attachment_data );
+		$translated = apply_filters( 'attachment_fields_to_save', $translated, $attachment_data );
 	}
 
 	// Convert taxonomy input to term IDs, to avoid ambiguity.
@@ -358,7 +387,7 @@ function edit_post( $post_data = null ) {
 				}
 			}
 
-			$post_data['tax_input'][ $taxonomy ] = $clean_terms;
+			$translated['tax_input'][ $taxonomy ] = $clean_terms;
 		}
 	}
 
@@ -366,18 +395,18 @@ function edit_post( $post_data = null ) {
 
 	update_post_meta( $post_ID, '_edit_last', get_current_user_id() );
 
-	$success = wp_update_post( $post_data );
+	$success = wp_update_post( $translated );
 	// If the save failed, see if we can sanity check the main fields and try again
 	if ( ! $success && is_callable( array( $wpdb, 'strip_invalid_text_for_column' ) ) ) {
 		$fields = array( 'post_title', 'post_content', 'post_excerpt' );
 
 		foreach ( $fields as $field ) {
-			if ( isset( $post_data[ $field ] ) ) {
-				$post_data[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $post_data[ $field ] );
+			if ( isset( $translated[ $field ] ) ) {
+				$translated[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $translated[ $field ] );
 			}
 		}
 
-		wp_update_post( $post_data );
+		wp_update_post( $translated );
 	}
 
 	// Now that we have an ID we can fix any attachment anchor hrefs
@@ -537,9 +566,9 @@ function bulk_edit_posts( $post_data = null ) {
 			unset( $post_data['tax_input']['category'] );
 		}
 
+		$post_data['post_ID']        = $post_ID;
 		$post_data['post_type'] = $post->post_type;
 		$post_data['post_mime_type'] = $post->post_mime_type;
-		$post_data['guid'] = $post->guid;
 
 		foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) {
 			if ( ! isset( $post_data[ $field ] ) ) {
@@ -547,14 +576,12 @@ function bulk_edit_posts( $post_data = null ) {
 			}
 		}
 
-		$post_data['ID'] = $post_ID;
-		$post_data['post_ID'] = $post_ID;
-
 		$post_data = _wp_translate_postdata( true, $post_data );
 		if ( is_wp_error( $post_data ) ) {
 			$skipped[] = $post_ID;
 			continue;
 		}
+		$post_data = _wp_get_allowed_postdata( $post_data );
 
 		$updated[] = wp_update_post( $post_data );
 
@@ -565,8 +592,8 @@ function bulk_edit_posts( $post_data = null ) {
 				unstick_post( $post_ID );
 		}
 
-		if ( isset( $post_data['post_format'] ) )
-			set_post_format( $post_ID, $post_data['post_format'] );
+		if ( isset( $shared_post_data['post_format'] ) )
+			set_post_format( $post_ID, $shared_post_data['post_format'] );
 	}
 
 	return array( 'updated' => $updated, 'skipped' => $skipped, 'locked' => $locked );
@@ -747,9 +774,10 @@ function wp_write_post() {
 	$translated = _wp_translate_postdata( false );
 	if ( is_wp_error($translated) )
 		return $translated;
+	$translated = _wp_get_allowed_postdata( $translated );
 
 	// Create the post.
-	$post_ID = wp_insert_post( $_POST );
+	$post_ID = wp_insert_post( $translated );
 	if ( is_wp_error( $post_ID ) )
 		return $post_ID;
 
@@ -1312,7 +1340,7 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
 
 		if ( false !== $view_link ) {
 			$display_link = urldecode( $view_link );
-			$return .= '<a id="sample-permalink" href="' . esc_url( $view_link ) . '"' . $preview_target . '>' . $display_link . "</a>\n";
+			$return .= '<a id="sample-permalink" href="' . esc_url( $view_link ) . '"' . $preview_target . '>' . esc_html( $display_link ) . "</a>\n";
 		} else {
 			$return .= '<span id="sample-permalink">' . $permalink . "</span>\n";
 		}
@@ -1336,14 +1364,14 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
 			}
 		}
 
-		$post_name_html = '<span id="editable-post-name">' . $post_name_abridged . '</span>';
-		$display_link = str_replace( array( '%pagename%', '%postname%' ), $post_name_html, urldecode( $permalink ) );
+		$post_name_html = '<span id="editable-post-name">' . esc_html( $post_name_abridged ) . '</span>';
+		$display_link = str_replace( array( '%pagename%', '%postname%' ), $post_name_html, esc_html( urldecode( $permalink ) ) );
 
 		$return = '<strong>' . __( 'Permalink:' ) . "</strong>\n";
 		$return .= '<span id="sample-permalink"><a href="' . esc_url( $view_link ) . '"' . $preview_target . '>' . $display_link . "</a></span>\n";
 		$return .= '&lrm;'; // Fix bi-directional text display defect in RTL languages.
 		$return .= '<span id="edit-slug-buttons"><button type="button" class="edit-slug button button-small hide-if-no-js" aria-label="' . __( 'Edit permalink' ) . '">' . __( 'Edit' ) . "</button></span>\n";
-		$return .= '<span id="editable-post-name-full">' . $post_name . "</span>\n";
+		$return .= '<span id="editable-post-name-full">' . esc_html( $post_name ) . "</span>\n";
 	}
 
 	/**
@@ -1657,6 +1685,7 @@ function wp_create_post_autosave( $post_data ) {
 	$post_data = _wp_translate_postdata( true, $post_data );
 	if ( is_wp_error( $post_data ) )
 		return $post_data;
+	$post_data = _wp_get_allowed_postdata( $post_data );
 
 	$post_author = get_current_user_id();
 

wp-admin/includes/template.php

@@ -769,7 +769,7 @@ function page_template_dropdown( $default = '' ) {
 	ksort( $templates );
 	foreach ( array_keys( $templates ) as $template ) {
 		$selected = selected( $default, $templates[ $template ], false );
-		echo "\n\t<option value='" . $templates[ $template ] . "' $selected>$template</option>";
+		echo "\n\t<option value='" . esc_attr( $templates[ $template ] ) . "' $selected>" . esc_html( $template ) . "</option>";
 	}
 }
 

wp-admin/includes/update-core.php

@@ -703,6 +703,9 @@ $_old_files = array(
 'wp-includes/js/tinymce/plugins/wpfullscreen',
 // 4.5
 'wp-includes/theme-compat/comments-popup.php',
+// 4.9.2
+'wp-includes/js/mediaelement/flashmediaelement.swf',
+'wp-includes/js/mediaelement/silverlightmediaelement.xap',
 );
 
 /**
@@ -1079,7 +1082,11 @@ function update_core($from, $to) {
 		$old_file = $to . $old_file;
 		if ( !$wp_filesystem->exists($old_file) )
 			continue;
-		$wp_filesystem->delete($old_file, true);
+
+		// If the file isn't deleted, try writing an empty string to the file instead.
+		if ( ! $wp_filesystem->delete( $old_file, true ) && $wp_filesystem->is_file( $old_file ) ) {
+			$wp_filesystem->put_contents( $old_file, '' );
+		}
 	}
 
 	// Remove any Genericons example.html's from the filesystem

wp-admin/includes/upgrade.php

@@ -2154,6 +2154,9 @@ function dbDelta( $queries = '', $execute = true ) {
 	 */
 	$iqueries = apply_filters( 'dbdelta_insert_queries', $iqueries );
 
+	$text_fields = array( 'tinytext', 'text', 'mediumtext', 'longtext' );
+	$blob_fields = array( 'tinyblob', 'blob', 'mediumblob', 'longblob' );
+
 	$global_tables = $wpdb->tables( 'global' );
 	foreach ( $cqueries as $table => $qry ) {
 		// Upgrade global tables only for the main site. Don't upgrade at all if conditions are not optimal.
@@ -2223,9 +2226,24 @@ function dbDelta( $queries = '', $execute = true ) {
 
 				// Is actual field type different from the field type in query?
 				if ($tablefield->Type != $fieldtype) {
+					$do_change = true;
+					if ( in_array( strtolower( $fieldtype ), $text_fields ) && in_array( strtolower( $tablefield->Type ), $text_fields ) ) {
+						if ( array_search( strtolower( $fieldtype ), $text_fields ) < array_search( strtolower( $tablefield->Type ), $text_fields ) ) {
+							$do_change = false;
+						}
+					}
+
+					if ( in_array( strtolower( $fieldtype ), $blob_fields ) && in_array( strtolower( $tablefield->Type ), $blob_fields ) ) {
+						if ( array_search( strtolower( $fieldtype ), $blob_fields ) < array_search( strtolower( $tablefield->Type ), $blob_fields ) ) {
+							$do_change = false;
+						}
+					}
+
+					if ( $do_change ) {
 					// Add a query to change the column type
-					$cqueries[] = "ALTER TABLE {$table} CHANGE COLUMN {$tablefield->Field} " . $cfields[strtolower($tablefield->Field)];
-					$for_update[$table.'.'.$tablefield->Field] = "Changed type of {$table}.{$tablefield->Field} from {$tablefield->Type} to {$fieldtype}";
+						$cqueries[] = "ALTER TABLE {$table} CHANGE COLUMN {$tablefield->Field} " . $cfields[strtolower($tablefield->Field)];
+						$for_update[$table.'.'.$tablefield->Field] = "Changed type of {$table}.{$tablefield->Field} from {$tablefield->Type} to {$fieldtype}";
+					}
 				}
 
 				// Get the default value from the array

wp-admin/js/customize-controls.js

@@ -3396,6 +3396,16 @@
 			}
 		});
 
+		// Ensure preview nonce is included with every customized request, to allow post data to be read.
+		$.ajaxPrefilter( function injectPreviewNonce( options ) {
+			if ( ! /wp_customize=on/.test( options.data ) ) {
+				return;
+			}
+			options.data += '&' + $.param({
+				customize_preview_nonce: api.settings.nonce.preview
+			});
+		});
+
 		// Refresh the nonces if the preview sends updated nonces over.
 		api.previewer.bind( 'nonce', function( nonce ) {
 			$.extend( this.nonce, nonce );

wp-admin/js/updates.js

@@ -46,9 +46,10 @@ window.wp = window.wp || {};
 			connectionType: null
 		},
 		ssh: {
-			publicKey: null,
-			privateKey: null
-		}
+			publicKey:  '',
+			privateKey: ''
+		},
+		fsNonce: ''
 	};
 
 	/**
@@ -184,6 +185,7 @@ window.wp = window.wp || {};
 			_ajax_nonce:     wp.updates.ajaxNonce,
 			plugin:          plugin,
 			slug:            slug,
+			_fs_nonce:       wp.updates.filesystemCredentials.fsNonce,
 			username:        wp.updates.filesystemCredentials.ftp.username,
 			password:        wp.updates.filesystemCredentials.ftp.password,
 			hostname:        wp.updates.filesystemCredentials.ftp.hostname,
@@ -482,6 +484,7 @@ window.wp = window.wp || {};
 		// File system credentials form submit noop-er / handler.
 		$( '#request-filesystem-credentials-dialog form' ).on( 'submit', function() {
 			// Persist the credentials input by the user for the duration of the page load.
+			wp.updates.filesystemCredentials.fsNonce = $( '#_fs_nonce' ).val();
 			wp.updates.filesystemCredentials.ftp.hostname = $('#hostname').val();
 			wp.updates.filesystemCredentials.ftp.username = $('#username').val();
 			wp.updates.filesystemCredentials.ftp.password = $('#password').val();

wp-admin/nav-menus.php

@@ -49,30 +49,108 @@ $num_locations = count( array_keys( $locations ) );
 // Allowed actions: add, update, delete
 $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'edit';
 
+/**
+ * If a JSON blob of navigation menu data is in POST data, expand it and inject
+ * it into `$_POST` to avoid PHP `max_input_vars` limitations. See #14134.
+ *
+ * @ignore
+ * @since 4.5.3
+ * @access private
+ */
+function _wp_expand_nav_menu_post_data() {
+	if ( ! isset( $_POST['nav-menu-data'] ) ) {
+		return;
+	}
+
+	$data = json_decode( stripslashes( $_POST['nav-menu-data'] ) );
+
+	if ( ! is_null( $data ) && $data ) {
+		foreach ( $data as $post_input_data ) {
+			// For input names that are arrays (e.g. `menu-item-db-id[3][4][5]`),
+			// derive the array path keys via regex and set the value in $_POST.
+			preg_match( '#([^\[]*)(\[(.+)\])?#', $post_input_data->name, $matches );
+
+			$array_bits = array( $matches[1] );
+
+			if ( isset( $matches[3] ) ) {
+				$array_bits = array_merge( $array_bits, explode( '][', $matches[3] ) );
+			}
+
+			$new_post_data = array();
+
+			// Build the new array value from leaf to trunk.
+			for ( $i = count( $array_bits ) - 1; $i >= 0; $i -- ) {
+				if ( $i == count( $array_bits ) - 1 ) {
+					$new_post_data[ $array_bits[ $i ] ] = wp_slash( $post_input_data->value );
+				} else {
+					$new_post_data = array( $array_bits[ $i ] => $new_post_data );
+				}
+			}
+
+			$_POST = array_replace_recursive( $_POST, $new_post_data );
+		}
+	}
+}
+
+if ( ! function_exists( 'array_replace_recursive' ) ) :
+	/**
+	 * PHP-agnostic version of {@link array_replace_recursive()}.
+	 *
+	 * The array_replace_recursive() function is a PHP 5.3 function. WordPress
+	 * currently supports down to PHP 5.2, so this method is a workaround
+	 * for PHP 5.2.
+	 *
+	 * Note: array_replace_recursive() supports infinite arguments, but for our use-
+	 * case, we only need to support two arguments.
+	 *
+	 * Subject to removal once WordPress makes PHP 5.3.0 the minimum requirement.
+	 *
+	 * @since 4.5.3
+	 *
+	 * @see http://php.net/manual/en/function.array-replace-recursive.php#109390
+	 *
+	 * @param  array $base         Array with keys needing to be replaced.
+	 * @param  array $replacements Array with the replaced keys.
+	 *
+	 * @return array
+	 */
+	function array_replace_recursive( $base = array(), $replacements = array() ) {
+		foreach ( array_slice( func_get_args(), 1 ) as $replacements ) {
+			$bref_stack = array( &$base );
+			$head_stack = array( $replacements );
+
+			do {
+				end( $bref_stack );
+
+				$bref = &$bref_stack[ key( $bref_stack ) ];
+				$head = array_pop( $head_stack );
+
+				unset( $bref_stack[ key( $bref_stack ) ] );
+
+				foreach ( array_keys( $head ) as $key ) {
+					if ( isset( $key, $bref ) &&
+					     isset( $bref[ $key ] ) && is_array( $bref[ $key ] ) &&
+					     isset( $head[ $key ] ) && is_array( $head[ $key ] )
+					) {
+						$bref_stack[] = &$bref[ $key ];
+						$head_stack[] = $head[ $key ];
+					} else {
+						$bref[ $key ] = $head[ $key ];
+					}
+				}
+			} while ( count( $head_stack ) );
+		}
+
+		return $base;
+	}
+endif;
+
 /*
  * If a JSON blob of navigation menu data is found, expand it and inject it
  * into `$_POST` to avoid PHP `max_input_vars` limitations. See #14134.
  */
-if ( isset( $_POST['nav-menu-data'] ) ) {
-	$data = json_decode( stripslashes( $_POST['nav-menu-data'] ) );
-	if ( ! is_null( $data ) && $data ) {
-		foreach ( $data as $post_input_data ) {
-			// For input names that are arrays (e.g. `menu-item-db-id[3]`), derive the array path keys via regex.
-			if ( preg_match( '#(.*)\[(\w+)\]#', $post_input_data->name, $matches ) ) {
-				if ( empty( $_POST[ $matches[1] ] ) ) {
-					$_POST[ $matches[1] ] = array();
-				}
-				// Cast input elements with a numeric array index to integers.
-				if ( is_numeric( $matches[2] ) ) {
-					$matches[2] = (int) $matches[2];
-				}
-				$_POST[ $matches[1] ][ $matches[2] ] = wp_slash( $post_input_data->value );
-			} else {
-				$_POST[ $post_input_data->name ] = wp_slash( $post_input_data->value );
-			}
-		}
-	}
-}
+_wp_expand_nav_menu_post_data();
+
 switch ( $action ) {
 	case 'add-menu-item':
 		check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' );

wp-admin/options.php

@@ -84,7 +84,7 @@ if ( is_multisite() && ! is_super_admin() && 'update' != $action ) {
 $whitelist_options = array(
 	'general' => array( 'blogname', 'blogdescription', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'timezone_string', 'WPLANG' ),
 	'discussion' => array( 'default_pingback_flag', 'default_ping_status', 'default_comment_status', 'comments_notify', 'moderation_notify', 'comment_moderation', 'require_name_email', 'comment_whitelist', 'comment_max_links', 'moderation_keys', 'blacklist_keys', 'show_avatars', 'avatar_rating', 'avatar_default', 'close_comments_for_old_posts', 'close_comments_days_old', 'thread_comments', 'thread_comments_depth', 'page_comments', 'comments_per_page', 'default_comments_page', 'comment_order', 'comment_registration' ),
-	'media' => array( 'thumbnail_size_w', 'thumbnail_size_h', 'thumbnail_crop', 'medium_size_w', 'medium_size_h', 'medium_large_size_w', 'medium_large_size_h', 'large_size_w', 'large_size_h', 'image_default_size', 'image_default_align', 'image_default_link_type' ),
+	'media' => array( 'thumbnail_size_w', 'thumbnail_size_h', 'thumbnail_crop', 'medium_size_w', 'medium_size_h', 'large_size_w', 'large_size_h', 'image_default_size', 'image_default_align', 'image_default_link_type' ),
 	'reading' => array( 'posts_per_page', 'posts_per_rss', 'rss_use_excerpt', 'show_on_front', 'page_on_front', 'page_for_posts', 'blog_public' ),
 	'writing' => array( 'default_category', 'default_email_category', 'default_link_category', 'default_post_format' )
 );

wp-admin/plugin-editor.php

@@ -96,9 +96,9 @@ default:
 			wp_die( $error );
 
 		if ( ( ! empty( $_GET['networkwide'] ) && ! is_plugin_active_for_network($file) ) || ! is_plugin_active($file) )
-			activate_plugin($file, "plugin-editor.php?file=$file&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error
+			activate_plugin($file, "plugin-editor.php?file=" . urlencode( $file ) . "&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error
 
-		wp_redirect( self_admin_url("plugin-editor.php?file=$file&a=te&scrollto=$scrollto") );
+		wp_redirect( self_admin_url("plugin-editor.php?file=" . urlencode( $file ) . "&a=te&scrollto=$scrollto") );
 		exit;
 	}
 
@@ -191,18 +191,18 @@ default:
 	if ( is_plugin_active( $plugin ) ) {
 		if ( is_writeable( $real_file ) ) {
 			/* translators: %s: plugin file name */
-			echo sprintf( __( 'Editing %s (active)' ), '<strong>' . $file . '</strong>' );
+			echo sprintf( __( 'Editing %s (active)' ), '<strong>' . esc_html( $file ) . '</strong>' );
 		} else {
 			/* translators: %s: plugin file name */
-			echo sprintf( __( 'Browsing %s (active)' ), '<strong>' . $file . '</strong>' );
+			echo sprintf( __( 'Browsing %s (active)' ), '<strong>' . esc_html( $file ) . '</strong>' );
 		}
 	} else {
 		if ( is_writeable( $real_file ) ) {
 			/* translators: %s: plugin file name */
-			echo sprintf( __( 'Editing %s (inactive)' ), '<strong>' . $file . '</strong>' );
+			echo sprintf( __( 'Editing %s (inactive)' ), '<strong>' . esc_html( $file ) . '</strong>' );
 		} else {
 			/* translators: %s: plugin file name */
-			echo sprintf( __( 'Browsing %s (inactive)' ), '<strong>' . $file . '</strong>' );
+			echo sprintf( __( 'Browsing %s (inactive)' ), '<strong>' . esc_html( $file ) . '</strong>' );
 		}
 	}
 	?></big>
@@ -247,7 +247,7 @@ foreach ( $plugin_files as $plugin_file ) :
 		continue;
 	}
 ?>
-		<li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&amp;plugin=<?php echo urlencode( $plugin ) ?>"><?php echo $plugin_file ?></a></li>
+		<li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&amp;plugin=<?php echo urlencode( $plugin ) ?>"><?php echo esc_html( $plugin_file ); ?></a></li>
 <?php endforeach; ?>
 	</ul>
 </div>

wp-admin/plugins.php

@@ -17,7 +17,7 @@ $pagenum = $wp_list_table->get_pagenum();
 
 $action = $wp_list_table->current_action();
 
-$plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin'] : '';
+$plugin = isset($_REQUEST['plugin']) ? wp_unslash( $_REQUEST['plugin'] ) : '';
 $s = isset($_REQUEST['s']) ? urlencode( wp_unslash( $_REQUEST['s'] ) ) : '';
 
 // Clean up request URI from temporary args for screen options/paging uri's to work as expected.
@@ -39,10 +39,10 @@ if ( $action ) {
 
 			check_admin_referer('activate-plugin_' . $plugin);
 
-			$result = activate_plugin($plugin, self_admin_url('plugins.php?error=true&plugin=' . $plugin), is_network_admin() );
+			$result = activate_plugin($plugin, self_admin_url('plugins.php?error=true&plugin=' . urlencode( $plugin ) ), is_network_admin() );
 			if ( is_wp_error( $result ) ) {
 				if ( 'unexpected_output' == $result->get_error_code() ) {
-					$redirect = self_admin_url('plugins.php?error=true&charsout=' . strlen($result->get_error_data()) . '&plugin=' . $plugin . "&plugin_status=$status&paged=$page&s=$s");
+					$redirect = self_admin_url('plugins.php?error=true&charsout=' . strlen($result->get_error_data()) . '&plugin=' . urlencode( $plugin ) . "&plugin_status=$status&paged=$page&s=$s");
 					wp_redirect(add_query_arg('_error_nonce', wp_create_nonce('plugin-activation-error_' . $plugin), $redirect));
 					exit;
 				} else {
@@ -73,7 +73,7 @@ if ( $action ) {
 
 			check_admin_referer('bulk-plugins');
 
-			$plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
+			$plugins = isset( $_POST['checked'] ) ? (array) wp_unslash( $_POST['checked'] ) : array();
 
 			if ( is_network_admin() ) {
 				foreach ( $plugins as $i => $plugin ) {
@@ -122,9 +122,9 @@ if ( $action ) {
 			check_admin_referer( 'bulk-plugins' );
 
 			if ( isset( $_GET['plugins'] ) )
-				$plugins = explode( ',', $_GET['plugins'] );
+				$plugins = explode( ',', wp_unslash( $_GET['plugins'] ) );
 			elseif ( isset( $_POST['checked'] ) )
-				$plugins = (array) $_POST['checked'];
+				$plugins = (array) wp_unslash( $_POST['checked'] );
 			else
 				$plugins = array();
 
@@ -197,7 +197,7 @@ if ( $action ) {
 
 			check_admin_referer('bulk-plugins');
 
-			$plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array();
+			$plugins = isset( $_POST['checked'] ) ? (array) wp_unslash( $_POST['checked'] ) : array();
 			// Do not deactivate plugins which are already deactivated.
 			if ( is_network_admin() ) {
 				$plugins = array_filter( $plugins, 'is_plugin_active_for_network' );
@@ -234,7 +234,7 @@ if ( $action ) {
 			check_admin_referer('bulk-plugins');
 
 			//$_POST = from the plugin form; $_GET = from the FTP details screen.
-			$plugins = isset( $_REQUEST['checked'] ) ? (array) $_REQUEST['checked'] : array();
+			$plugins = isset( $_REQUEST['checked'] ) ? (array) wp_unslash( $_REQUEST['checked'] ) : array();
 			if ( empty( $plugins ) ) {
 				wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") );
 				exit;
@@ -246,6 +246,14 @@ if ( $action ) {
 				exit;
 			}
 
+			// Bail on all if any paths are invalid.
+			// validate_file() returns truthy for invalid files
+			$invalid_plugin_files = array_filter( $plugins, 'validate_file' );
+			if ( $invalid_plugin_files ) {
+				wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") );
+				exit;
+			}
+
 			include(ABSPATH . 'wp-admin/update.php');
 
 			$parent_file = 'plugins.php';

wp-admin/post.php

@@ -16,7 +16,9 @@ $submenu_file = 'edit.php';
 
 wp_reset_vars( array( 'action' ) );
 
-if ( isset( $_GET['post'] ) )
+if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] )
+	wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
+elseif ( isset( $_GET['post'] ) )
  	$post_id = $post_ID = (int) $_GET['post'];
 elseif ( isset( $_POST['post_ID'] ) )
  	$post_id = $post_ID = (int) $_POST['post_ID'];
@@ -38,6 +40,10 @@ if ( $post ) {
 	$post_type_object = get_post_type_object( $post_type );
 }
 
+if ( isset( $_POST['post_type'] ) && $post && $post_type !== $_POST['post_type'] ) {
+	wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
+}
+
 if ( isset( $_POST['deletepost'] ) )
 	$action = 'delete';
 elseif ( isset($_POST['wp-preview']) && 'dopreview' == $_POST['wp-preview'] )
@@ -183,7 +189,7 @@ case 'editattachment':
 
 	// Update the thumbnail filename
 	$newmeta = wp_get_attachment_metadata( $post_id, true );
-	$newmeta['thumb'] = $_POST['thumb'];
+	$newmeta['thumb'] = wp_basename( $_POST['thumb'] );
 
 	wp_update_attachment_metadata( $post_id, $newmeta );
 

wp-admin/revision.php

@@ -63,7 +63,7 @@ default :
 	if ( ! $post = get_post( $revision->post_parent ) )
 		break;
 
-	if ( ! current_user_can( 'read_post', $revision->ID ) || ! current_user_can( 'read_post', $post->ID ) )
+	if ( ! current_user_can( 'read_post', $revision->ID ) || ! current_user_can( 'edit_post', $revision->post_parent ) )
 		break;
 
 	// Revisions disabled and we're not looking at an autosave

wp-admin/theme-editor.php

@@ -99,7 +99,7 @@ if ( empty( $file ) ) {
 	$relative_file = 'style.css';
 	$file = $allowed_files['style.css'];
 } else {
-	$relative_file = $file;
+	$relative_file = wp_unslash( $file );
 	$file = $theme->get_stylesheet_directory() . '/' . $relative_file;
 }
 
@@ -156,10 +156,12 @@ default:
  <div id="message" class="updated notice is-dismissible"><p><?php _e( 'File edited successfully.' ) ?></p></div>
 <?php endif;
 
-$description = get_file_description( $relative_file );
+$file_description = get_file_description( $relative_file );
 $file_show = array_search( $file, array_filter( $allowed_files ) );
-if ( $description != $file_show )
-	$description .= ' <span>(' . $file_show . ')</span>';
+$description = esc_html( $file_description );
+if ( $file_description != $file_show ) {
+	$description .= ' <span>(' . esc_html( $file_show ) . ')</span>';
+}
 ?>
 <div class="wrap">
 <h1><?php echo esc_html( $title ); ?></h1>
@@ -230,9 +232,9 @@ if ( $allowed_files ) :
 			echo "\t<ul>\n";
 		}
 		
-		$file_description = get_file_description( $filename );
+		$file_description = esc_html( get_file_description( $filename ) );
 		if ( $filename !== basename( $absolute_filename ) || $file_description !== $filename ) {
-			$file_description .= '<br /><span class="nonessential">(' . $filename . ')</span>';
+			$file_description .= '<br /><span class="nonessential">(' . esc_html( $filename ) . ')</span>';
 		}
 
 		if ( $absolute_filename === $file ) {

wp-admin/update-core.php

@@ -253,6 +253,8 @@ function list_plugin_updates() {
 	<tbody class="plugins">
 <?php
 	foreach ( (array) $plugins as $plugin_file => $plugin_data ) {
+		$plugin_data = (object) _get_plugin_data_markup_translate( $plugin_file, (array) $plugin_data, false, true );
+
 		// Get plugin compat for running version of WordPress.
 		if ( isset($plugin_data->update->tested) && version_compare($plugin_data->update->tested, $cur_wp_version, '>=') ) {
 			$compat = '<br />' . sprintf(__('Compatibility with WordPress %1$s: 100%% (according to its author)'), $cur_wp_version);

wp-admin/user-edit.php

@@ -181,7 +181,7 @@ include(ABSPATH . 'wp-admin/admin-header.php');
 	<p><strong><?php _e('User updated.') ?></strong></p>
 	<?php endif; ?>
 	<?php if ( $wp_http_referer && false === strpos( $wp_http_referer, 'user-new.php' ) && ! IS_PROFILE_PAGE ) : ?>
-	<p><a href="<?php echo esc_url( $wp_http_referer ); ?>"><?php _e('&larr; Back to Users'); ?></a></p>
+	<p><a href="<?php echo esc_url( wp_validate_redirect( esc_url_raw( $wp_http_referer ), self_admin_url( 'users.php' ) ) ); ?>"><?php _e('&larr; Back to Users'); ?></a></p>
 	<?php endif; ?>
 </div>
 <?php endif; ?>

wp-admin/user-new.php

@@ -70,7 +70,7 @@ if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
 			add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) );
 			$redirect = add_query_arg( array( 'update' => 'addnoconfirmation' , 'user_id' => $user_id ), 'user-new.php' );
 		} else {
-			$newuser_key = substr( md5( $user_id ), 0, 5 );
+			$newuser_key = wp_generate_password( 20, false );
 			add_option( 'new_user_' . $newuser_key, array( 'user_id' => $user_id, 'email' => $user_details->user_email, 'role' => $_REQUEST[ 'role' ] ) );
 
 			$roles = get_editable_roles();

wp-admin/widgets.php

@@ -22,6 +22,8 @@ if ( ! current_user_can( 'edit_theme_options' ) ) {
 
 $widgets_access = get_user_setting( 'widgets_access' );
 if ( isset($_GET['widgets-access']) ) {
+	check_admin_referer( 'widgets-access' );
+
 	$widgets_access = 'on' == $_GET['widgets-access'] ? 'on' : 'off';
 	set_user_setting( 'widgets_access', $widgets_access );
 }

wp-content/themes/twentysixteen/404.php

@@ -0,0 +1,34 @@
+<?php
+/**
+ * The template for displaying 404 pages (not found)
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+get_header(); ?>
+
+	<div id="primary" class="content-area">
+		<main id="main" class="site-main" role="main">
+
+			<section class="error-404 not-found">
+				<header class="page-header">
+					<h1 class="page-title"><?php _e( 'Oops! That page can&rsquo;t be found.', 'twentysixteen' ); ?></h1>
+				</header><!-- .page-header -->
+
+				<div class="page-content">
+					<p><?php _e( 'It looks like nothing was found at this location. Maybe try a search?', 'twentysixteen' ); ?></p>
+
+					<?php get_search_form(); ?>
+				</div><!-- .page-content -->
+			</section><!-- .error-404 -->
+
+		</main><!-- .site-main -->
+
+		<?php get_sidebar( 'content-bottom' ); ?>
+
+	</div><!-- .content-area -->
+
+<?php get_sidebar(); ?>
+<?php get_footer(); ?>

wp-content/themes/twentysixteen/archive.php

@@ -0,0 +1,65 @@
+<?php
+/**
+ * The template for displaying archive pages
+ *
+ * Used to display archive-type pages if nothing more specific matches a query.
+ * For example, puts together date-based pages if no date.php file exists.
+ *
+ * If you'd like to further customize these archive views, you may create a
+ * new template file for each one. For example, tag.php (Tag archives),
+ * category.php (Category archives), author.php (Author archives), etc.
+ *
+ * @link https://codex.wordpress.org/Template_Hierarchy
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+get_header(); ?>
+
+	<div id="primary" class="content-area">
+		<main id="main" class="site-main" role="main">
+
+		<?php if ( have_posts() ) : ?>
+
+			<header class="page-header">
+				<?php
+					the_archive_title( '<h1 class="page-title">', '</h1>' );
+					the_archive_description( '<div class="taxonomy-description">', '</div>' );
+				?>
+			</header><!-- .page-header -->
+
+			<?php
+			// Start the Loop.
+			while ( have_posts() ) : the_post();
+
+				/*
+				 * Include the Post-Format-specific template for the content.
+				 * If you want to override this in a child theme, then include a file
+				 * called content-___.php (where ___ is the Post Format name) and that will be used instead.
+				 */
+				get_template_part( 'template-parts/content', get_post_format() );
+
+			// End the loop.
+			endwhile;
+
+			// Previous/next page navigation.
+			the_posts_pagination( array(
+				'prev_text'          => __( 'Previous page', 'twentysixteen' ),
+				'next_text'          => __( 'Next page', 'twentysixteen' ),
+				'before_page_number' => '<span class="meta-nav screen-reader-text">' . __( 'Page', 'twentysixteen' ) . ' </span>',
+			) );
+
+		// If no content, include the "No posts found" template.
+		else :
+			get_template_part( 'template-parts/content', 'none' );
+
+		endif;
+		?>
+
+		</main><!-- .site-main -->
+	</div><!-- .content-area -->
+
+<?php get_sidebar(); ?>
+<?php get_footer(); ?>

wp-content/themes/twentysixteen/comments.php

@@ -0,0 +1,79 @@
+<?php
+/**
+ * The template for displaying comments
+ *
+ * The area of the page that contains both current comments
+ * and the comment form.
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+/*
+ * If the current post is protected by a password and
+ * the visitor has not yet entered the password we will
+ * return early without loading the comments.
+ */
+if ( post_password_required() ) {
+	return;
+}
+?>
+
+<div id="comments" class="comments-area">
+
+	<?php if ( have_comments() ) : ?>
+		<h2 class="comments-title">
+			<?php
+				$comments_number = get_comments_number();
+				if ( 1 === $comments_number ) {
+					/* translators: %s: post title */
+					printf( _x( 'One thought on &ldquo;%s&rdquo;', 'comments title', 'twentysixteen' ), get_the_title() );
+				} else {
+					printf(
+						/* translators: 1: number of comments, 2: post title */
+						_nx(
+							'%1$s thought on &ldquo;%2$s&rdquo;',
+							'%1$s thoughts on &ldquo;%2$s&rdquo;',
+							$comments_number,
+							'comments title',
+							'twentysixteen'
+						),
+						number_format_i18n( $comments_number ),
+						get_the_title()
+					);
+				}
+			?>
+		</h2>
+
+		<?php the_comments_navigation(); ?>
+
+		<ol class="comment-list">
+			<?php
+				wp_list_comments( array(
+					'style'       => 'ol',
+					'short_ping'  => true,
+					'avatar_size' => 42,
+				) );
+			?>
+		</ol><!-- .comment-list -->
+
+		<?php the_comments_navigation(); ?>
+
+	<?php endif; // Check for have_comments(). ?>
+
+	<?php
+		// If comments are closed and there are comments, let's leave a little note, shall we?
+		if ( ! comments_open() && get_comments_number() && post_type_supports( get_post_type(), 'comments' ) ) :
+	?>
+		<p class="no-comments"><?php _e( 'Comments are closed.', 'twentysixteen' ); ?></p>
+	<?php endif; ?>
+
+	<?php
+		comment_form( array(
+			'title_reply_before' => '<h2 id="reply-title" class="comment-reply-title">',
+			'title_reply_after'  => '</h2>',
+		) );
+	?>
+
+</div><!-- .comments-area -->

wp-content/themes/twentysixteen/css/editor-style.css

@@ -0,0 +1,547 @@
+/*
+Theme Name: Twenty Sixteen
+Description: Used to style the TinyMCE editor.
+*/
+
+
+/**
+ * Table of Contents:
+ *
+ * 1.0 - Body
+ * 2.0 - Typography
+ * 3.0 - Elements
+ * 4.0 - Alignment
+ * 5.0 - Caption
+ * 6.0 - Galleries
+ * 7.0 - Audio / Video
+ * 8.0 - RTL
+ */
+
+
+/**
+ * 1.0 - Body
+ */
+
+body {
+	color: #1a1a1a;
+	font-family: Merriweather, Georgia, serif;
+	font-size: 16px;
+	font-weight: 400;
+	line-height: 1.75;
+	margin: 20px 40px;
+	max-width: 600px;
+	vertical-align: baseline;
+}
+
+body.post-type-page {
+	max-width: 840px;
+}
+
+
+/**
+ * 2.0 - Typography
+ */
+
+h1,
+h2,
+h3,
+h4,
+h5,
+h6 {
+	clear: both;
+	font-weight: 900;
+	margin: 56px 0 28px;
+}
+
+h1 {
+	font-size: 33px;
+	line-height: 1.2727272727;
+}
+
+h2 {
+	font-size: 28px;
+	line-height: 1.25;
+}
+
+h3 {
+	font-size: 23px;
+	line-height: 1.2173913043;
+}
+
+h4,
+h5,
+h6 {
+	font-size: 19px;
+	line-height: 1.1052631579;
+}
+
+h4 {
+	letter-spacing: 0.13333em;
+	text-transform: uppercase;
+}
+
+h6 {
+	font-style: italic;
+}
+
+h1:first-child,
+h2:first-child,
+h3:first-child,
+h4:first-child,
+h5:first-child,
+h6:first-child {
+	margin-top: 0;
+}
+
+p {
+	margin: 0 0 28px;
+}
+
+b,
+strong {
+	font-weight: 700;
+}
+
+dfn,
+cite,
+em,
+i {
+	font-style: italic;
+}
+
+blockquote {
+	border-left: 4px solid #1a1a1a;
+	color: #686868;
+	font-size: 19px;
+	font-style: italic;
+	line-height: 1.4736842105;
+	margin-bottom: 28px;
+	overflow: hidden;
+	padding: 0 0 0 24px;
+}
+
+blockquote:not(.alignleft):not(.alignright) {
+	margin-left: -28px;
+}
+
+blockquote blockquote:not(.alignleft):not(.alignright) {
+	margin-left: 0;
+}
+
+blockquote:before,
+blockquote:after {
+	content: "";
+	display: table;
+}
+
+blockquote:after {
+	clear: both;
+}
+
+blockquote > :last-child {
+	margin-bottom: 0;
+}
+
+blockquote cite,
+blockquote small {
+	color: #1a1a1a;
+	font-size: 16px;
+	line-height: 1.75;
+}
+
+blockquote em,
+blockquote i,
+blockquote cite {
+	font-style: normal;
+}
+
+blockquote strong,
+blockquote b {
+	font-weight: 400;
+}
+
+blockquote.alignleft,
+blockquote.alignright {
+	border: 0 solid #1a1a1a;
+	border-top-width: 4px;
+	padding: 18px 0 0;
+	width: -webkit-calc(50% - 14px);
+	width: calc(50% - 14px);
+}
+
+address {
+	font-style: italic;
+	margin: 0 0 28px;
+}
+
+code,
+kbd,
+tt,
+var,
+samp,
+pre {
+	font-family: Inconsolata, monospace;
+}
+
+pre {
+	border: 1px solid #d1d1d1;
+	font-size: 16px;
+	line-height: 1.3125;
+	margin: 0 0 28px;
+	max-width: 100%;
+	overflow: auto;
+	padding: 14px;
+	white-space: pre;
+	white-space: pre-wrap;
+	word-wrap: break-word;
+}
+
+code {
+	background-color: #d1d1d1;
+	padding: 2px 4px;
+}
+
+abbr[title] {
+	border-bottom: 1px dotted #d1d1d1;
+	cursor: help;
+}
+
+mark,
+ins {
+	background: #007acc;
+	color: #fff;
+	padding: 2px 4px;
+	text-decoration: none;
+}
+
+sup,
+sub {
+	font-size: 75%;
+	height: 0;
+	line-height: 0;
+	position: relative;
+	vertical-align: baseline;
+}
+
+sub {
+	top: -6px;
+}
+
+sup {
+	bottom: -3px;
+}
+
+small {
+	font-size: 80%;
+}
+
+big {
+	font-size: 125%;
+}
+
+
+/**
+ * 3.0 - Elements
+ */
+
+hr {
+	background-color: #d1d1d1;
+	border: 0;
+	height: 1px;
+	margin-bottom: 28px;
+}
+
+ul,
+ol {
+	margin: 0 0 28px 0;
+	padding: 0;
+}
+
+ul {
+	list-style: disc;
+}
+
+ol {
+	list-style: decimal;
+}
+
+li > ul,
+li > ol {
+	margin-bottom: 0;
+}
+
+li > ul,
+blockquote > ul {
+	margin-left: 20px;
+}
+
+li > ol,
+blockquote > ol {
+	margin-left: 24px;
+}
+
+dl {
+	margin: 0 0 28px;
+}
+
+dt {
+	font-weight: bold;
+}
+
+dd {
+	margin: 0 0 28px;
+}
+
+table,
+th,
+td,
+.mce-item-table,
+.mce-item-table th,
+.mce-item-table td {
+	border: 1px solid #d1d1d1;
+}
+
+table a {
+	color: #007acc;
+}
+
+table,
+.mce-item-table {
+	border-collapse: separate;
+	border-spacing: 0;
+	border-width: 1px 0 0 1px;
+	margin: 0 0 28px;
+	width: 100%;
+}
+
+table th,
+.mce-item-table th,
+table caption {
+	border-width: 0 1px 1px 0;
+	font-size: 16px;
+	font-weight: 700;
+	padding: 7px;
+	text-align: left;
+	vertical-align: baseline;
+}
+
+table td,
+.mce-item-table td {
+	border-width: 0 1px 1px 0;
+	font-size: 16px;
+	padding: 7px;
+	vertical-align: baseline;
+}
+
+img {
+	border: 0;
+	height: auto;
+	max-width: 100%;
+	vertical-align: middle;
+}
+
+a img {
+	display: block;
+}
+
+figure {
+	margin: 0;
+}
+
+del {
+	opacity: 0.8;
+}
+
+a {
+	box-shadow: 0 1px 0 0 currentColor;
+	color: #007acc;
+	text-decoration: none;
+}
+
+fieldset {
+	border: 1px solid #d1d1d1;
+	margin: 0 0 28px;
+	padding: 14px;
+}
+
+
+/**
+ * 4.0 - Alignment
+ */
+
+.alignleft {
+	float: left;
+	margin: 6px 28px 28px 0;
+}
+
+.alignright {
+	float: right;
+	margin: 6px 0 28px 28px;
+}
+
+.aligncenter {
+	clear: both;
+	display: block;
+	margin: 0 auto 28px;
+}
+
+
+/**
+ * 5.0 - Caption
+ */
+
+.wp-caption {
+	background: transparent;
+	border: none;
+	margin-bottom: 28px;
+	max-width: 100%;
+	padding: 0;
+	text-align: inherit;
+}
+
+.wp-caption-text,
+.wp-caption-dd {
+	color: #686868;
+	font-size: 13px;
+	font-style: italic;
+	line-height: 1.6153846154;
+	padding-top: 7px;
+}
+
+
+/**
+ * 6.0 - Galleries
+ */
+
+.mce-content-body .wpview-wrap {
+	margin-bottom: 28px;
+}
+
+.gallery {
+	margin: 0 -1.1666667%;
+	padding: 0;
+}
+
+.gallery .gallery-item {
+	display: inline-block;
+	max-width: 33.33%;
+	padding: 0 1.1400652% 2.2801304%;
+	text-align: center;
+	vertical-align: top;
+	width: 100%;
+}
+
+.gallery-columns-1 .gallery-item {
+	max-width: 100%;
+}
+
+.gallery-columns-2 .gallery-item {
+	max-width: 50%;
+}
+
+.gallery-columns-4 .gallery-item {
+	max-width: 25%;
+}
+
+.gallery-columns-5 .gallery-item {
+	max-width: 20%;
+}
+
+.gallery-columns-6 .gallery-item {
+	max-width: 16.66%;
+}
+
+.gallery-columns-7 .gallery-item {
+	max-width: 14.28%;
+}
+
+.gallery-columns-8 .gallery-item {
+	max-width: 12.5%;
+}
+
+.gallery-columns-9 .gallery-item {
+	max-width: 11.11%;
+}
+
+.gallery .gallery-caption {
+	font-size: 13px;
+	margin: 0;
+}
+
+.gallery-columns-6 .gallery-caption,
+.gallery-columns-7 .gallery-caption,
+.gallery-columns-8 .gallery-caption,
+.gallery-columns-9 .gallery-caption {
+	display: none;
+}
+
+
+/**
+ * 7.0 - Audio / Video
+ */
+
+.wp-audio-shortcode a,
+.wp-playlist a {
+	box-shadow: none;
+}
+
+.mce-content-body .wp-audio-playlist {
+	margin: 0;
+	padding-bottom: 0;
+}
+
+.mce-content-body .wp-playlist-tracks {
+	margin-top: 0;
+}
+
+.mce-content-body  .wp-playlist-item {
+	padding: 10px 0;
+}
+
+.mce-content-body .wp-playlist-item-length {
+	top: 10px;
+}
+
+
+/**
+ * 8.0 - RTL
+ */
+
+.rtl blockquote {
+	border: 0 solid #1a1a1a;
+	border-right-width: 4px;
+}
+
+.rtl blockquote.alignleft,
+.rtl blockquote.alignright {
+	border: 0 solid #1a1a1a;
+	border-top-width: 4px;
+}
+
+.rtl blockquote:not(.alignleft):not(.alignright) {
+	margin-right: -28px;
+	padding: 0 24px 0 0;
+}
+
+.rtl blockquote blockquote:not(.alignleft):not(.alignright) {
+	margin-right: 0;
+	margin-left: auto;
+}
+
+.rtl li > ul,
+.rtl blockquote > ul {
+	margin-right: 20px;
+	margin-left: auto;
+}
+
+.rtl li > ol,
+.rtl blockquote > ol {
+	margin-right: 24px;
+	margin-left: auto;
+}
+
+.rtl table th,
+.rtl .mce-item-table th,
+.rtl table caption {
+	text-align: right;
+}

wp-content/themes/twentysixteen/css/ie.css

@@ -0,0 +1,48 @@
+/*
+Theme Name: Twenty Sixteen
+Description: Global Styles for older IE versions (previous to IE10).
+*/
+
+.site-header-main:before,
+.site-header-main:after,
+.site-footer:before,
+.site-footer:after {
+	content: "";
+	display: table;
+}
+
+.site-header-main:after,
+.site-footer:after {
+	clear: both;
+}
+
+@media screen and (min-width: 56.875em) {
+	.site-branding,
+	.site-info {
+		float: left;
+	}
+
+	.site-header-menu,
+	.site-footer .social-navigation {
+		float: right;
+	}
+
+	.site-footer .social-navigation {
+		margin-left: 7px;
+	}
+
+	.rtl .site-branding,
+	.rtl .site-info {
+		float: right;
+	}
+
+	.rtl .site-header-menu,
+	.rtl .site-footer .social-navigation {
+		float: left;
+	}
+
+	.rtl .site-footer .social-navigation {
+		margin-right: 7px;
+		margin-left: 0;
+	}
+}

wp-content/themes/twentysixteen/css/ie7.css

@@ -0,0 +1,176 @@
+/*
+Theme Name: Twenty Sixteen
+Description: IE7 specific style.
+*/
+
+.site-inner {
+	max-width: 656px;
+}
+
+.post-navigation,
+.pagination,
+.image-navigation,
+.entry-header,
+.entry-summary,
+.entry-content,
+.entry-footer,
+.page-header,
+.page-content,
+.post-thumbnail,
+.content-bottom-widgets,
+.comments-area {
+	margin-right: 28px;
+	margin-left: 28px;
+	max-width: 100%;
+}
+
+.site-header,
+.sidebar,
+.site-footer,
+.widecolumn {
+	padding-right: 28px;
+	padding-left: 28px;
+}
+
+.search-submit {
+	height: auto;
+	margin-top: 28px;
+	padding: 15px 0 8px;
+	position: relative;
+	width: auto;
+}
+
+.search-submit .screen-reader-text {
+	height: auto;
+	position: relative !important;
+	width: auto;
+}
+
+.image-navigation .nav-previous,
+.image-navigation .nav-next,
+.comment-navigation .nav-previous,
+.comment-navigation .nav-next {
+	*display: inline;
+	zoom: 1;
+}
+
+.image-navigation .nav-previous + .nav-next,
+.comment-navigation .nav-previous + .nav-next {
+	margin-left: 14px;
+}
+
+.pagination .nav-links {
+	padding: 0;
+}
+
+.pagination .page-numbers {
+	line-height: 1;
+	margin: -4px 14px 0;
+	padding: 18px 0;
+}
+
+.pagination .prev,
+.pagination .next {
+	display: inline-block;
+	font-size: 16px;
+	font-weight: 700;
+	height: auto;
+	left: 0;
+	line-height: 1;
+	margin: 0;
+	padding: 18px 14px;
+	position: relative;
+	right: 0;
+	text-transform: none;
+	width: auto;
+}
+
+.dropdown-toggle {
+	display: none;
+}
+
+.main-navigation ul ul {
+	display: block;
+}
+
+.social-navigation {
+	margin-top: 1.75em;
+}
+
+.social-navigation a {
+	height: auto;
+	padding: 3px 7px;
+	width: auto;
+}
+
+.social-navigation .screen-reader-text {
+	height: auto;
+	position: relative !important;
+	width: auto;
+}
+
+.site-header-main {
+	overflow : hidden;
+	zoom : 1;
+}
+
+.entry-footer > span {
+	margin-right: 14px;
+}
+
+.site-info .site-title {
+	font-size: 13px;
+	margin-right: 14px;
+}
+
+.gallery-item {
+	max-width: 30%;
+}
+
+.gallery-columns-1 .gallery-item {
+	max-width: 100%;
+}
+
+.gallery-columns-2 .gallery-item {
+	max-width: 46%;
+}
+
+.gallery-columns-4 .gallery-item {
+	max-width: 22%;
+}
+
+.gallery-columns-5 .gallery-item {
+	max-width: 17%;
+}
+
+.gallery-columns-6 .gallery-item {
+	max-width: 13.5%;
+}
+
+.gallery-columns-7 .gallery-item {
+	max-width: 11%;
+}
+
+.gallery-columns-8 .gallery-item {
+	max-width: 9.5%;
+}
+
+.gallery-columns-9 .gallery-item {
+	max-width: 8%;
+}
+
+.rtl .image-navigation .nav-previous + .nav-next,
+.rtl .comment-navigation .nav-previous + .nav-next {
+	margin-right: 14px;
+	margin-left: 0;
+}
+
+.rtl .entry-footer > span {
+	margin-right: 14px;
+	margin-left: 0;
+}
+
+.rtl .site-info .site-title {
+	margin-right: 0;
+	margin-left: 14px;
+}

wp-content/themes/twentysixteen/css/ie8.css

@@ -0,0 +1,222 @@
+/*
+Theme Name: Twenty Sixteen
+Description: IE8 specific style.
+*/
+
+code {
+	background-color: transparent;
+	padding: 0;
+}
+
+.entry-content a,
+.entry-summary a,
+.taxonomy-description a,
+.logged-in-as a,
+.comment-content a,
+.pingback .comment-body > a,
+.textwidget a,
+.entry-footer a:hover,
+.site-info a:hover {
+	text-decoration: underline;
+}
+
+.entry-content a:hover,
+.entry-content a:focus,
+.entry-summary a:hover,
+.entry-summary a:focus,
+.taxonomy-description a:hover,
+.taxonomy-description a:focus,
+.logged-in-as a:hover,
+.logged-in-as a:focus,
+.comment-content a:hover,
+.comment-content a:focus,
+.pingback .comment-body > a:hover,
+.pingback .comment-body > a:focus,
+.textwidget a:hover,
+.textwidget a:focus,
+.entry-content .wp-audio-shortcode a,
+.entry-content .wp-playlist a,
+.page-links a {
+	text-decoration: none;
+}
+
+.site {
+	margin: 21px;
+}
+
+.site-inner {
+	max-width: 710px;
+}
+
+.site-header {
+	padding-top: 3.9375em;
+	padding-bottom: 3.9375em;
+}
+
+.site-branding {
+	float: left;
+	margin-top: 1.3125em;
+	margin-bottom: 1.3125em;
+}
+
+.site-title {
+	font-size: 28px;
+	line-height: 1.25;
+}
+
+.site-description {
+	display: block;
+}
+
+.menu-toggle {
+	float: right;
+	font-size: 16px;
+	margin: 1.3125em 0;
+	padding: 0.8125em 0.875em 0.6875em;
+}
+
+.site-header-menu {
+	clear: both;
+	margin: 0;
+	padding: 1.3125em 0;
+}
+
+.site-header .main-navigation + .social-navigation {
+	margin-top: 2.625em;
+}
+
+.header-image {
+	margin: 1.3125em 0;
+}
+
+.site-main {
+	margin-bottom: 5.25em;
+}
+
+.post-navigation {
+	margin-bottom: 5.25em;
+}
+
+.post-navigation .post-title {
+	font-size: 28px;
+	line-height: 1.25;
+}
+
+.pagination {
+	margin: 0 7.6923% 4.421052632em;
+}
+
+.pagination .nav-links:before,
+.pagination .nav-links:after {
+	display: none;
+}
+
+/* restore screen-reader-text */
+.pagination .current .screen-reader-text {
+	position: absolute !important;
+}
+
+.pagination .page-numbers {
+	display: inline-block;
+	font-weight: 400;
+}
+
+.image-navigation .nav-previous,
+.image-navigation .nav-next,
+.comment-navigation .nav-previous,
+.comment-navigation .nav-next {
+	display: inline-block;
+}
+
+.image-navigation .nav-previous + .nav-next:before,
+.comment-navigation .nav-previous + .nav-next:before {
+	content: "\002f";
+	display: inline-block;
+	filter: alpha(opacity=70);
+	padding: 0 0.538461538em;
+}
+
+.site-main > article {
+	margin-bottom: 5.25em;
+}
+
+.entry-title {
+	font-size: 33px;
+	line-height: 1.2727272727;
+	margin-bottom: 0.8484848485em;
+}
+
+.entry-content blockquote.alignleft,
+.entry-content blockquote.alignright {
+	border-width: 4px 0 0 0;
+	padding: 0.9473684211em 0 0;
+	width: 50%;
+}
+
+.entry-footer > span:after {
+	content: "\002f";
+	display: inline-block;
+	filter: alpha(opacity=70);
+	padding: 0 0.538461538em;
+}
+
+.updated {
+	display: none;
+}
+
+.updated.published {
+	display: inline;
+}
+
+.comment-author {
+	margin-bottom: 0;
+}
+
+.comment-author .avatar {
+	height: 42px;
+	position: relative;
+	top: 0.25em;
+	width: 42px;
+}
+
+.comment-list .children > li {
+	padding-left: 1.75em;
+}
+
+.comment-list + .comment-respond,
+.comment-navigation + .comment-respond {
+	padding-top: 3.5em;
+}
+
+.comment-reply-link {
+	margin-top: 0;
+}
+
+.comments-area,
+.widget,
+.content-bottom-widgets .widget-area {
+	margin-bottom: 5.25em;
+}
+
+.sidebar,
+.widecolumn {
+	margin-bottom: 5.25em;
+}
+
+.site-footer .main-navigation,
+.site-footer .social-navigation {
+	display: none;
+}
+
+.rtl .site-branding {
+	float: right;
+}
+
+.rtl .menu-toggle {
+	float: left;
+}
+
+.rtl .comment-list .children > li {
+	padding-right: 1.75em;
+	padding-left: 0;
+}

wp-content/themes/twentysixteen/footer.php

@@ -0,0 +1,59 @@
+<?php
+/**
+ * The template for displaying the footer
+ *
+ * Contains the closing of the #content div and all content after
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+?>
+
+		</div><!-- .site-content -->
+
+		<footer id="colophon" class="site-footer" role="contentinfo">
+			<?php if ( has_nav_menu( 'primary' ) ) : ?>
+				<nav class="main-navigation" role="navigation" aria-label="<?php esc_attr_e( 'Footer Primary Menu', 'twentysixteen' ); ?>">
+					<?php
+						wp_nav_menu( array(
+							'theme_location' => 'primary',
+							'menu_class'     => 'primary-menu',
+						 ) );
+					?>
+				</nav><!-- .main-navigation -->
+			<?php endif; ?>
+
+			<?php if ( has_nav_menu( 'social' ) ) : ?>
+				<nav class="social-navigation" role="navigation" aria-label="<?php esc_attr_e( 'Footer Social Links Menu', 'twentysixteen' ); ?>">
+					<?php
+						wp_nav_menu( array(
+							'theme_location' => 'social',
+							'menu_class'     => 'social-links-menu',
+							'depth'          => 1,
+							'link_before'    => '<span class="screen-reader-text">',
+							'link_after'     => '</span>',
+						) );
+					?>
+				</nav><!-- .social-navigation -->
+			<?php endif; ?>
+
+			<div class="site-info">
+				<?php
+					/**
+					 * Fires before the twentysixteen footer text for footer customization.
+					 *
+					 * @since Twenty Sixteen 1.0
+					 */
+					do_action( 'twentysixteen_credits' );
+				?>
+				<span class="site-title"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" rel="home"><?php bloginfo( 'name' ); ?></a></span>
+				<a href="<?php echo esc_url( __( 'https://wordpress.org/', 'twentysixteen' ) ); ?>"><?php printf( __( 'Proudly powered by %s', 'twentysixteen' ), 'WordPress' ); ?></a>
+			</div><!-- .site-info -->
+		</footer><!-- .site-footer -->
+	</div><!-- .site-inner -->
+</div><!-- .site -->
+
+<?php wp_footer(); ?>
+</body>
+</html>

wp-content/themes/twentysixteen/functions.php

@@ -0,0 +1,421 @@
+<?php
+/**
+ * Twenty Sixteen functions and definitions
+ *
+ * Set up the theme and provides some helper functions, which are used in the
+ * theme as custom template tags. Others are attached to action and filter
+ * hooks in WordPress to change core functionality.
+ *
+ * When using a child theme you can override certain functions (those wrapped
+ * in a function_exists() call) by defining them first in your child theme's
+ * functions.php file. The child theme's functions.php file is included before
+ * the parent theme's file, so the child theme functions would be used.
+ *
+ * @link https://codex.wordpress.org/Theme_Development
+ * @link https://codex.wordpress.org/Child_Themes
+ *
+ * Functions that are not pluggable (not wrapped in function_exists()) are
+ * instead attached to a filter or action hook.
+ *
+ * For more information on hooks, actions, and filters,
+ * {@link https://codex.wordpress.org/Plugin_API}
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+/**
+ * Twenty Sixteen only works in WordPress 4.4 or later.
+ */
+if ( version_compare( $GLOBALS['wp_version'], '4.4-alpha', '<' ) ) {
+	require get_template_directory() . '/inc/back-compat.php';
+}
+
+if ( ! function_exists( 'twentysixteen_setup' ) ) :
+/**
+ * Sets up theme defaults and registers support for various WordPress features.
+ *
+ * Note that this function is hooked into the after_setup_theme hook, which
+ * runs before the init hook. The init hook is too late for some features, such
+ * as indicating support for post thumbnails.
+ *
+ * Create your own twentysixteen_setup() function to override in a child theme.
+ *
+ * @since Twenty Sixteen 1.0
+ */
+function twentysixteen_setup() {
+	/*
+	 * Make theme available for translation.
+	 * Translations can be filed at WordPress.org. See: https://translate.wordpress.org/projects/wp-themes/twentysixteen
+	 * If you're building a theme based on Twenty Sixteen, use a find and replace
+	 * to change 'twentysixteen' to the name of your theme in all the template files
+	 */
+	load_theme_textdomain( 'twentysixteen' );
+
+	// Add default posts and comments RSS feed links to head.
+	add_theme_support( 'automatic-feed-links' );
+
+	/*
+	 * Let WordPress manage the document title.
+	 * By adding theme support, we declare that this theme does not use a
+	 * hard-coded <title> tag in the document head, and expect WordPress to
+	 * provide it for us.
+	 */
+	add_theme_support( 'title-tag' );
+
+	/*
+	 * Enable support for custom logo.
+	 *
+	 *  @since Twenty Sixteen 1.2
+	 */
+	add_theme_support( 'custom-logo', array(
+		'height'      => 240,
+		'width'       => 240,
+		'flex-height' => true,
+	) );
+
+	/*
+	 * Enable support for Post Thumbnails on posts and pages.
+	 *
+	 * @link http://codex.wordpress.org/Function_Reference/add_theme_support#Post_Thumbnails
+	 */
+	add_theme_support( 'post-thumbnails' );
+	set_post_thumbnail_size( 1200, 9999 );
+
+	// This theme uses wp_nav_menu() in two locations.
+	register_nav_menus( array(
+		'primary' => __( 'Primary Menu', 'twentysixteen' ),
+		'social'  => __( 'Social Links Menu', 'twentysixteen' ),
+	) );
+
+	/*
+	 * Switch default core markup for search form, comment form, and comments
+	 * to output valid HTML5.
+	 */
+	add_theme_support( 'html5', array(
+		'search-form',
+		'comment-form',
+		'comment-list',
+		'gallery',
+		'caption',
+	) );
+
+	/*
+	 * Enable support for Post Formats.
+	 *
+	 * See: https://codex.wordpress.org/Post_Formats
+	 */
+	add_theme_support( 'post-formats', array(
+		'aside',
+		'image',
+		'video',
+		'quote',
+		'link',
+		'gallery',
+		'status',
+		'audio',
+		'chat',
+	) );
+
+	/*
+	 * This theme styles the visual editor to resemble the theme style,
+	 * specifically font, colors, icons, and column width.
+	 */
+	add_editor_style( array( 'css/editor-style.css', twentysixteen_fonts_url() ) );
+
+	// Indicate widget sidebars can use selective refresh in the Customizer.
+	add_theme_support( 'customize-selective-refresh-widgets' );
+}
+endif; // twentysixteen_setup
+add_action( 'after_setup_theme', 'twentysixteen_setup' );
+
+/**
+ * Sets the content width in pixels, based on the theme's design and stylesheet.
+ *
+ * Priority 0 to make it available to lower priority callbacks.
+ *
+ * @global int $content_width
+ *
+ * @since Twenty Sixteen 1.0
+ */
+function twentysixteen_content_width() {
+	$GLOBALS['content_width'] = apply_filters( 'twentysixteen_content_width', 840 );
+}
+add_action( 'after_setup_theme', 'twentysixteen_content_width', 0 );
+
+/**
+ * Registers a widget area.
+ *
+ * @link https://developer.wordpress.org/reference/functions/register_sidebar/
+ *
+ * @since Twenty Sixteen 1.0
+ */
+function twentysixteen_widgets_init() {
+	register_sidebar( array(
+		'name'          => __( 'Sidebar', 'twentysixteen' ),
+		'id'            => 'sidebar-1',
+		'description'   => __( 'Add widgets here to appear in your sidebar.', 'twentysixteen' ),
+		'before_widget' => '<section id="%1$s" class="widget %2$s">',
+		'after_widget'  => '</section>',
+		'before_title'  => '<h2 class="widget-title">',
+		'after_title'   => '</h2>',
+	) );
+
+	register_sidebar( array(
+		'name'          => __( 'Content Bottom 1', 'twentysixteen' ),
+		'id'            => 'sidebar-2',
+		'description'   => __( 'Appears at the bottom of the content on posts and pages.', 'twentysixteen' ),
+		'before_widget' => '<section id="%1$s" class="widget %2$s">',
+		'after_widget'  => '</section>',
+		'before_title'  => '<h2 class="widget-title">',
+		'after_title'   => '</h2>',
+	) );
+
+	register_sidebar( array(
+		'name'          => __( 'Content Bottom 2', 'twentysixteen' ),
+		'id'            => 'sidebar-3',
+		'description'   => __( 'Appears at the bottom of the content on posts and pages.', 'twentysixteen' ),
+		'before_widget' => '<section id="%1$s" class="widget %2$s">',
+		'after_widget'  => '</section>',
+		'before_title'  => '<h2 class="widget-title">',
+		'after_title'   => '</h2>',
+	) );
+}
+add_action( 'widgets_init', 'twentysixteen_widgets_init' );
+
+if ( ! function_exists( 'twentysixteen_fonts_url' ) ) :
+/**
+ * Register Google fonts for Twenty Sixteen.
+ *
+ * Create your own twentysixteen_fonts_url() function to override in a child theme.
+ *
+ * @since Twenty Sixteen 1.0
+ *
+ * @return string Google fonts URL for the theme.
+ */
+function twentysixteen_fonts_url() {
+	$fonts_url = '';
+	$fonts     = array();
+	$subsets   = 'latin,latin-ext';
+
+	/* translators: If there are characters in your language that are not supported by Merriweather, translate this to 'off'. Do not translate into your own language. */
+	if ( 'off' !== _x( 'on', 'Merriweather font: on or off', 'twentysixteen' ) ) {
+		$fonts[] = 'Merriweather:400,700,900,400italic,700italic,900italic';
+	}
+
+	/* translators: If there are characters in your language that are not supported by Montserrat, translate this to 'off'. Do not translate into your own language. */
+	if ( 'off' !== _x( 'on', 'Montserrat font: on or off', 'twentysixteen' ) ) {
+		$fonts[] = 'Montserrat:400,700';
+	}
+
+	/* translators: If there are characters in your language that are not supported by Inconsolata, translate this to 'off'. Do not translate into your own language. */
+	if ( 'off' !== _x( 'on', 'Inconsolata font: on or off', 'twentysixteen' ) ) {
+		$fonts[] = 'Inconsolata:400';
+	}
+
+	if ( $fonts ) {
+		$fonts_url = add_query_arg( array(
+			'family' => urlencode( implode( '|', $fonts ) ),
+			'subset' => urlencode( $subsets ),
+		), 'https://fonts.googleapis.com/css' );
+	}
+
+	return $fonts_url;
+}
+endif;
+
+/**
+ * Handles JavaScript detection.
+ *
+ * Adds a `js` class to the root `<html>` element when JavaScript is detected.
+ *
+ * @since Twenty Sixteen 1.0
+ */
+function twentysixteen_javascript_detection() {
+	echo "<script>(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);</script>\n";
+}
+add_action( 'wp_head', 'twentysixteen_javascript_detection', 0 );
+
+/**
+ * Enqueues scripts and styles.
+ *
+ * @since Twenty Sixteen 1.0
+ */
+function twentysixteen_scripts() {
+	// Add custom fonts, used in the main stylesheet.
+	wp_enqueue_style( 'twentysixteen-fonts', twentysixteen_fonts_url(), array(), null );
+
+	// Add Genericons, used in the main stylesheet.
+	wp_enqueue_style( 'genericons', get_template_directory_uri() . '/genericons/genericons.css', array(), '3.4.1' );
+
+	// Theme stylesheet.
+	wp_enqueue_style( 'twentysixteen-style', get_stylesheet_uri() );
+
+	// Load the Internet Explorer specific stylesheet.
+	wp_enqueue_style( 'twentysixteen-ie', get_template_directory_uri() . '/css/ie.css', array( 'twentysixteen-style' ), '20160816' );
+	wp_style_add_data( 'twentysixteen-ie', 'conditional', 'lt IE 10' );
+
+	// Load the Internet Explorer 8 specific stylesheet.
+	wp_enqueue_style( 'twentysixteen-ie8', get_template_directory_uri() . '/css/ie8.css', array( 'twentysixteen-style' ), '20160816' );
+	wp_style_add_data( 'twentysixteen-ie8', 'conditional', 'lt IE 9' );
+
+	// Load the Internet Explorer 7 specific stylesheet.
+	wp_enqueue_style( 'twentysixteen-ie7', get_template_directory_uri() . '/css/ie7.css', array( 'twentysixteen-style' ), '20160816' );
+	wp_style_add_data( 'twentysixteen-ie7', 'conditional', 'lt IE 8' );
+
+	// Load the html5 shiv.
+	wp_enqueue_script( 'twentysixteen-html5', get_template_directory_uri() . '/js/html5.js', array(), '3.7.3' );
+	wp_script_add_data( 'twentysixteen-html5', 'conditional', 'lt IE 9' );
+
+	wp_enqueue_script( 'twentysixteen-skip-link-focus-fix', get_template_directory_uri() . '/js/skip-link-focus-fix.js', array(), '20160816', true );
+
+	if ( is_singular() && comments_open() && get_option( 'thread_comments' ) ) {
+		wp_enqueue_script( 'comment-reply' );
+	}
+
+	if ( is_singular() && wp_attachment_is_image() ) {
+		wp_enqueue_script( 'twentysixteen-keyboard-image-navigation', get_template_directory_uri() . '/js/keyboard-image-navigation.js', array( 'jquery' ), '20160816' );
+	}
+
+	wp_enqueue_script( 'twentysixteen-script', get_template_directory_uri() . '/js/functions.js', array( 'jquery' ), '20160816', true );
+
+	wp_localize_script( 'twentysixteen-script', 'screenReaderText', array(
+		'expand'   => __( 'expand child menu', 'twentysixteen' ),
+		'collapse' => __( 'collapse child menu', 'twentysixteen' ),
+	) );
+}
+add_action( 'wp_enqueue_scripts', 'twentysixteen_scripts' );
+
+/**
+ * Adds custom classes to the array of body classes.
+ *
+ * @since Twenty Sixteen 1.0
+ *
+ * @param array $classes Classes for the body element.
+ * @return array (Maybe) filtered body classes.
+ */
+function twentysixteen_body_classes( $classes ) {
+	// Adds a class of custom-background-image to sites with a custom background image.
+	if ( get_background_image() ) {
+		$classes[] = 'custom-background-image';
+	}
+
+	// Adds a class of group-blog to sites with more than 1 published author.
+	if ( is_multi_author() ) {
+		$classes[] = 'group-blog';
+	}
+
+	// Adds a class of no-sidebar to sites without active sidebar.
+	if ( ! is_active_sidebar( 'sidebar-1' ) ) {
+		$classes[] = 'no-sidebar';
+	}
+
+	// Adds a class of hfeed to non-singular pages.
+	if ( ! is_singular() ) {
+		$classes[] = 'hfeed';
+	}
+
+	return $classes;
+}
+add_filter( 'body_class', 'twentysixteen_body_classes' );
+
+/**
+ * Converts a HEX value to RGB.
+ *
+ * @since Twenty Sixteen 1.0
+ *
+ * @param string $color The original color, in 3- or 6-digit hexadecimal form.
+ * @return array Array containing RGB (red, green, and blue) values for the given
+ *               HEX code, empty array otherwise.
+ */
+function twentysixteen_hex2rgb( $color ) {
+	$color = trim( $color, '#' );
+
+	if ( strlen( $color ) === 3 ) {
+		$r = hexdec( substr( $color, 0, 1 ).substr( $color, 0, 1 ) );
+		$g = hexdec( substr( $color, 1, 1 ).substr( $color, 1, 1 ) );
+		$b = hexdec( substr( $color, 2, 1 ).substr( $color, 2, 1 ) );
+	} else if ( strlen( $color ) === 6 ) {
+		$r = hexdec( substr( $color, 0, 2 ) );
+		$g = hexdec( substr( $color, 2, 2 ) );
+		$b = hexdec( substr( $color, 4, 2 ) );
+	} else {
+		return array();
+	}
+
+	return array( 'red' => $r, 'green' => $g, 'blue' => $b );
+}
+
+/**
+ * Custom template tags for this theme.
+ */
+require get_template_directory() . '/inc/template-tags.php';
+
+/**
+ * Customizer additions.
+ */
+require get_template_directory() . '/inc/customizer.php';
+
+/**
+ * Add custom image sizes attribute to enhance responsive image functionality
+ * for content images
+ *
+ * @since Twenty Sixteen 1.0
+ *
+ * @param string $sizes A source size value for use in a 'sizes' attribute.
+ * @param array  $size  Image size. Accepts an array of width and height
+ *                      values in pixels (in that order).
+ * @return string A source size value for use in a content image 'sizes' attribute.
+ */
+function twentysixteen_content_image_sizes_attr( $sizes, $size ) {
+	$width = $size[0];
+
+	840 <= $width && $sizes = '(max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px';
+
+	if ( 'page' === get_post_type() ) {
+		840 > $width && $sizes = '(max-width: ' . $width . 'px) 85vw, ' . $width . 'px';
+	} else {
+		840 > $width && 600 <= $width && $sizes = '(max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 984px) 61vw, (max-width: 1362px) 45vw, 600px';
+		600 > $width && $sizes = '(max-width: ' . $width . 'px) 85vw, ' . $width . 'px';
+	}
+
+	return $sizes;
+}
+add_filter( 'wp_calculate_image_sizes', 'twentysixteen_content_image_sizes_attr', 10 , 2 );
+
+/**
+ * Add custom image sizes attribute to enhance responsive image functionality
+ * for post thumbnails
+ *
+ * @since Twenty Sixteen 1.0
+ *
+ * @param array $attr Attributes for the image markup.
+ * @param int   $attachment Image attachment ID.
+ * @param array $size Registered image size or flat array of height and width dimensions.
+ * @return string A source size value for use in a post thumbnail 'sizes' attribute.
+ */
+function twentysixteen_post_thumbnail_sizes_attr( $attr, $attachment, $size ) {
+	if ( 'post-thumbnail' === $size ) {
+		is_active_sidebar( 'sidebar-1' ) && $attr['sizes'] = '(max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 984px) 60vw, (max-width: 1362px) 62vw, 840px';
+		! is_active_sidebar( 'sidebar-1' ) && $attr['sizes'] = '(max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 88vw, 1200px';
+	}
+	return $attr;
+}
+add_filter( 'wp_get_attachment_image_attributes', 'twentysixteen_post_thumbnail_sizes_attr', 10 , 3 );
+
+/**
+ * Modifies tag cloud widget arguments to have all tags in the widget same font size.
+ *
+ * @since Twenty Sixteen 1.1
+ *
+ * @param array $args Arguments for tag cloud widget.
+ * @return array A new modified arguments.
+ */
+function twentysixteen_widget_tag_cloud_args( $args ) {
+	$args['largest'] = 1;
+	$args['smallest'] = 1;
+	$args['unit'] = 'em';
+	return $args;
+}
+add_filter( 'widget_tag_cloud_args', 'twentysixteen_widget_tag_cloud_args' );

wp-content/themes/twentysixteen/genericons/COPYING.txt

@@ -0,0 +1,9 @@
+Genericons is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+
+The fonts are distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+As a special exception, if you create a document which uses this font, and embed this font or unaltered portions of this font into the document, this font does not by itself cause the resulting document to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why the document might be covered by the GNU General Public License. If you modify this font, you may extend this exception to your version of the font, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.
+
+This license does not convey any intellectual property rights to third party trademarks that may be included in the icon font; such marks remain subject to all rights and guidelines of use of their owner.

wp-content/themes/twentysixteen/genericons/Genericons.svg

@@ -0,0 +1,537 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
+<!--
+2015-9-18: Created with FontForge (http://fontforge.org)
+-->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
+<metadata>
+Created by FontForge 20150618 at Fri Sep 18 10:24:13 2015
+ By Joen Asmussen
+Copyright (c) 2015, Joen Asmussen
+</metadata>
+<defs>
+<font id="Genericons" horiz-adv-x="2048" >
+  <font-face 
+    font-family="Genericons"
+    font-weight="400"
+    font-stretch="normal"
+    units-per-em="2048"
+    panose-1="2 0 5 3 0 0 0 0 0 0"
+    ascent="2048"
+    descent="0"
+    bbox="-0.0140489 0 2048.01 2048"
+    underline-thickness="102.4"
+    underline-position="-204.8"
+    unicode-range="U+0020-F517"
+  />
+    <missing-glyph />
+    <glyph glyph-name="space" unicode=" " horiz-adv-x="200" 
+ />
+    <glyph glyph-name="uniF413" unicode="&#xf413;" 
+d="M256 1280c565.504 0 1024 -458.496 1024 -1024h-256c0 423.552 -344.448 768 -768 768v256zM256 1792c848.256 0 1536 -687.744 1536 -1536h-256c0 705.792 -574.208 1280 -1280 1280v256zM448 640c106.112 0 192 -86.0156 192 -192s-85.8877 -192 -192 -192
+s-192 86.0156 -192 192s85.8877 192 192 192z" />
+    <glyph glyph-name="uniF462" unicode="&#xf462;" 
+d="M618.502 1337l-213.004 142.004l-303.335 -455.002l303.335 -455.002l213.004 142.004l-208.665 312.998zM1642.5 1479l-213.004 -142.004l208.665 -312.998l-208.665 -312.998l213.004 -142.004l303.335 455.002zM771.821 543.045l248.357 -62.0898l256 1024
+l-248.357 62.0898z" />
+    <glyph glyph-name="uniF457" unicode="&#xf457;" 
+d="M1024 1792c424.064 0 768 -343.936 768 -768s-343.936 -768 -768 -768c-424.192 0 -768 343.936 -768 768s343.808 768 768 768zM1024 512c70.6562 0 128 57.4717 128 128s-57.3438 128 -128 128c-70.7842 0 -128 -57.4717 -128 -128s57.2158 -128 128 -128z
+M1342.72 1155.84c24.832 38.9121 37.248 85.1201 37.1201 138.752c0 74.4961 -27.6475 133.504 -83.7119 176.641c-55.9355 43.2637 -133.632 64.7676 -231.936 64.7676c-119.809 0 -234.496 -31.2324 -344.32 -93.9521l91.9043 -180.096
+c89.2158 47.2314 167.168 70.9121 233.983 70.9121c26.752 0 48.5127 -5.37598 65.2803 -16.2559c17.2803 -10.752 25.4717 -25.4727 25.4717 -44.0322c0 -23.2959 -8.06348 -44.0322 -23.5518 -62.208c-16 -18.0479 -41.4717 -38.4004 -77.1836 -60.9277
+c-45.1846 -28.1602 -76.416 -57.0889 -94.3359 -87.04c-17.5361 -29.6963 -26.3682 -66.4326 -26.3682 -109.44v-56.96h203.647v34.0479c0 18.6885 5.50391 35.2002 17.2803 48.8965c12.0322 14.0801 40.96 36.0957 86.9121 66.0479
+c55.04 34.8154 94.5918 71.6797 119.808 110.848z" />
+    <glyph glyph-name="uniF403" unicode="&#xf403;" 
+d="M1541.38 1530.62l506.624 -506.624l-506.624 -506.624c-131.456 -134.272 -314.752 -217.728 -517.376 -217.728c-202.752 0 -386.048 83.4551 -517.504 217.983l-506.496 506.368v0l506.496 506.496c131.456 134.4 314.624 217.984 517.504 217.984
+c202.752 0 385.92 -83.584 517.376 -217.856zM1404.42 651.776l372.096 372.224l-370.943 370.944c-102.528 104.704 -237.568 161.536 -381.568 161.536c-144.128 0 -279.168 -56.9609 -380.288 -160.385l-372.096 -372.096l370.688 -370.56
+c102.528 -104.96 237.696 -161.792 381.824 -161.792c144 0 279.168 56.832 380.288 160.128zM1408 1024zM640 1024c0 212.096 172.032 384 384 384s384 -171.904 384 -384c0 -211.968 -172.032 -384 -384 -384s-384 172.032 -384 384zM768 1152
+c0 -70.6562 57.2158 -128 128 -128c70.6562 0 128 57.3438 128 128s-57.3438 128 -128 128c-70.7842 0 -128 -57.3438 -128 -128z" />
+    <glyph glyph-name="uniF505" unicode="&#xf505;" 
+d="M256 1408v256h256v-256h-256zM768 1664h1024v-256h-1024v256zM256 896v256h256v-256h-256zM1408 1152v-256h-640v256h640zM256 384v256h256v-256h-256zM768 384v256h896v-256h-896z" />
+    <glyph glyph-name="uniF50F" unicode="&#xf50f;" 
+d="M1920 1024l-384 -384v256h-384v-384h256l-384 -384l-384 384h256v384h-384v-256l-384 384l384 384v-256h384v384h-256l384 384l384 -384h-256v-384h384v256z" />
+    <glyph glyph-name="uniF307" unicode="&#xf307;" 
+d="M768 640v128h128v-128h-128zM768 896v128h128v-128h-128zM768 1152v128h128v-128h-128zM512 640v128h128v-128h-128zM512 896v128h128v-128h-128zM1280 896v128h128v-128h-128zM1024 1152v128h128v-128h-128zM1280 1152v128h128v-128h-128zM1408 1664h256v-1280h-1408
+v1280h256v128h128v-128h640v128h128v-128zM1536 640v640c0 70.7842 -57.2158 128 -128 128h-896c-70.6562 0 -128 -57.2158 -128 -128v-640c0 -70.7842 57.3438 -128 128 -128h896c70.7842 0 128 57.2158 128 128zM1024 896v128h128v-128h-128zM1024 640v128h128v-128h-128z
+" />
+    <glyph glyph-name="uniF460" unicode="&#xf460;" 
+d="M1664 1280h128l-256 -768h-768l256 768h128l86.2725 256h339.455zM1300.86 1280h214.271l-43.1357 128h-128zM809.728 1536l86.2725 -256l-256 -768h-128l-256 768h128l86.2725 256h339.455zM532.864 1280h214.271l-43.1357 128h-128z" />
+    <glyph glyph-name="uniF430" unicode="&#xf430;" 
+d="M1024 1453.31l86.6562 -86.6553l-342.656 -342.656h896v-128h-896l342.656 -342.656l-86.6562 -86.6553l-493.312 493.312z" />
+    <glyph glyph-name="uniF515" unicode="&#xf515;" 
+d="M1024 1920c499.2 0 896 -396.8 896 -896s-396.8 -896 -896 -896s-896 396.8 -896 896s396.8 896 896 896zM1382.4 601.6c38.3994 0 64 25.6006 64 51.2002c0 38.4004 -12.8008 51.2002 -38.4004 64c-153.6 89.6006 -332.8 140.8 -524.8 140.8
+c-115.2 0 -217.601 -25.5996 -320 -51.1992c-25.6006 -12.8008 -51.2002 -25.6006 -51.2002 -64c0 -25.6006 12.7998 -51.2002 51.2002 -51.2002c0 0 25.5996 12.7998 38.3994 12.7998c89.6006 12.7998 192 25.5996 281.601 25.5996
+c166.399 0 332.8 -38.3994 460.8 -115.199c12.7998 -12.8008 25.5996 -12.8008 38.4004 -12.8008zM1484.8 832c38.4004 0 64 38.4004 64 76.7998c0 38.4004 -12.7998 64 -38.3994 76.7998c-179.2 102.4 -409.601 166.4 -640 166.4c-153.601 0 -256 -25.5996 -358.4 -51.2002
+c-38.4004 -12.7998 -51.2002 -38.3994 -51.2002 -76.7998s38.4004 -76.7998 76.7998 -89.5996c12.8008 0 25.6006 12.7998 38.4004 12.7998c76.7998 25.5996 179.2 38.3994 294.4 38.3994c217.6 0 422.399 -51.1992 563.199 -140.8
+c25.6006 0 25.6006 -12.7998 51.2002 -12.7998zM1600 1113.6c38.4004 0 76.7998 38.4004 76.7998 89.6006c0 38.3994 -25.5996 64 -51.2002 76.7998c-204.8 128 -473.6 179.2 -742.399 179.2c-153.601 0 -294.4 -12.7998 -422.4 -51.2002
+c-38.3994 -12.7998 -64 -38.4004 -64 -89.5996c0 -51.2002 38.4004 -89.6006 89.6006 -89.6006c25.5996 0 38.3994 12.7998 51.1992 12.7998c115.2 25.6006 230.4 38.4004 358.4 38.4004c243.2 0 486.4 -51.2002 652.8 -153.6
+c25.6006 -12.8008 38.4004 -12.8008 51.2002 -12.8008z" />
+    <glyph glyph-name="uniF448" unicode="&#xf448;" 
+d="M512 384v1280h384v-1280h-384zM1152 1664h384v-1280h-384v1280z" />
+    <glyph glyph-name="uniF453" unicode="&#xf453;" 
+d="M1536 2048c141.312 0 256 -114.688 256 -256v-1536c0 -141.312 -114.688 -256 -256 -256h-1024c-141.312 0 -256 114.688 -256 256v1536c0 141.312 114.688 256 256 256h1024zM1024 128c70.7842 0 128 57.2158 128 128s-57.2158 128 -128 128
+c-70.6562 0 -128 -57.2158 -128 -128s57.3438 -128 128 -128zM1536 512v1280h-1024v-1280h1024z" />
+    <glyph glyph-name="uniF419" unicode="&#xf419;" 
+d="M0 256v256h2048v-256h-2048zM0 1792h2048v-256h-2048v256zM0 896v256h2048v-256h-2048z" />
+    <glyph glyph-name="uniF423" unicode="&#xf423;" 
+d="M567.936 1440.9l-267.136 -480.896h403.2v-384h-128v256h-492.8l372.864 671.104zM1644.8 960h403.2v-384h-128v256h-492.8l372.864 671.104l112 -62.207zM1088 1344c176.768 0 320 -143.232 320 -320s-143.232 -320 -320 -320s-320 143.232 -320 320
+s143.232 320 320 320zM1088 832c105.856 0 192 86.1436 192 192s-86.1436 192 -192 192s-192 -86.1436 -192 -192s86.1436 -192 192 -192z" />
+    <glyph glyph-name="uniF512" unicode="&#xf512;" 
+d="M1920 1280l-555.136 -387.968l212.863 -636.032l-553.728 394.496l-553.728 -394.496l212.991 636.032l-555.264 387.968h685.312l210.688 640l210.688 -640h685.312z" />
+    <glyph glyph-name="uniF417" unicode="&#xf417;" 
+d="M960 1792c318.08 0 576 -257.92 576 -576c0 -159.232 -64.6396 -303.36 -169.088 -407.68l-406.912 -407.04l-406.912 407.04c-104.448 104.319 -169.088 248.447 -169.088 407.68c0 318.08 257.92 576 576 576zM960 896c176.64 0 320 143.36 320 320
+s-143.36 320 -320 320c-176.768 0 -320 -143.36 -320 -320s143.232 -320 320 -320z" />
+    <glyph glyph-name="uniF410" unicode="&#xf410;" 
+d="M256 1536h1536v-128l-768 -384l-768 384v128zM256 1216l768 -384l768 384v-704h-1536v704z" />
+    <glyph glyph-name="uniF449" unicode="&#xf449;" 
+d="M512 512v1024h1024v-1024h-1024z" />
+    <glyph glyph-name="uniF467" unicode="&#xf467;" 
+d="M1280 1280c282.752 0 512 -229.248 512 -512v-299.904l-150.016 149.889c-99.9688 99.9678 -231.04 150.016 -361.984 150.016h-256v-384l-640 640l640 640v-384h256z" />
+    <glyph glyph-name="uniF224" unicode="&#xf224;" 
+d="M1536 1792c141.312 0 256 -114.688 256 -256v-384c0 -424.064 -343.936 -768 -768 -768s-768 343.936 -768 768v384c0 141.312 114.688 256 256 256h1024zM1498.5 1189.5c50.0479 50.0479 50.0479 131.072 0 180.992c-50.0479 50.0479 -130.944 50.0479 -180.992 0
+l-293.504 -293.504l-293.504 293.504c-50.0479 50.0479 -131.072 50.0479 -180.992 0c-50.0479 -49.9199 -50.0479 -130.944 0 -180.992l361.984 -361.984l4.22363 4.22461c22.4004 -37.376 61.5684 -63.7441 108.288 -63.7441s85.8877 26.3682 108.288 63.7441
+l4.22363 -4.22461z" />
+    <glyph glyph-name="uniF203" unicode="&#xf203;" 
+d="M1664 1920c141.312 0 256 -114.688 256 -256v-1280c0 -141.312 -114.688 -256 -256 -256h-281.856v711.168h269.44l12.416 259.456h-281.984v192.384v0.255859v12.0322c0 71.2959 15.2324 114.432 108.544 114.432c86.6562 0 166.017 -0.639648 166.017 -0.639648
+l5.8877 242.304s-77.6963 9.98438 -182.528 9.98438c-259.584 0 -372.096 -159.872 -372.096 -333.952v-236.8h-254.336v-259.328h254.336v-711.296h-723.84c-141.312 0 -256 114.688 -256 256v1280c0 141.312 114.688 256 256 256h1280z" />
+    <glyph glyph-name="uniF502" unicode="&#xf502;" 
+d="M128 2048h1920l-960 -960z" />
+    <glyph glyph-name="uniF412" unicode="&#xf412;" 
+d="M1920 832l-640 -640v448h-1024v704l384 384v-704h640v448z" />
+    <glyph glyph-name="uniF440" unicode="&#xf440;" 
+d="M1152 640v-256h256l-384 -384l-384 384h256v256h256zM1664 1024c141.312 0 256 -114.688 256 -256s-114.688 -256 -256 -256h-384v256h-512v-256h-384c-141.312 0 -256 114.688 -256 256s114.688 256 256 256h6.40039c-4.09668 20.7363 -6.40039 42.1123 -6.40039 64
+c0 176.768 143.232 320 320 320c89.3438 0 169.984 -36.7363 227.968 -95.8721c60.7998 131.84 193.408 223.872 348.032 223.872c211.968 0 384 -171.904 384 -384c0 -45.1836 -9.21582 -87.8076 -23.5518 -128h23.5518z" />
+    <glyph glyph-name="uniF305" unicode="&#xf305;" 
+d="M1408 1664h256v-1280h-1408v1280h256v128h128v-128h640v128h128v-128zM1536 640v640c0 70.7842 -57.2158 128 -128 128h-896c-70.6562 0 -128 -57.2158 -128 -128v-640c0 -70.7842 57.3438 -128 128 -128h896c70.7842 0 128 57.2158 128 128zM960 1280
+c35.3281 0 64 -28.6719 64 -64v-512c0 -35.3281 -28.6719 -64 -64 -64s-64 28.6719 -64 64v448h-64c-35.3281 0 -64 28.6719 -64 64s28.6719 64 64 64h128z" />
+    <glyph glyph-name="uniF443" unicode="&#xf443;" 
+d="M1152 1664l384 -384v-121.472v-6.52832v-768h-1024v1280h512h128zM1408 512v640h-256h-128v128v256h-384v-1024h768z" />
+    <glyph glyph-name="uniF411" unicode="&#xf411;" 
+d="M1280 1728l448 -448l-896 -896h-448v448zM1280 1536l-594.688 -594.688l96 -96l594.688 594.688zM768 512l128 128l-96 96v0l-64 64v0l-96 96l-128 -128zM845.312 781.312l96 -96l594.688 594.688l-96 96z" />
+    <glyph glyph-name="uniF402" unicode="&#xf402;" 
+d="M896 1536v-256h256v-128h-256v-256h-128v256h-256v128h256v256h128zM1297.15 878.848l494.848 -494.848l-128 -128l-494.848 494.848c-94.8486 -68.9912 -210.816 -110.848 -337.152 -110.848c-318.08 0 -576 257.92 -576 576s257.92 576 576 576s576 -257.92 576 -576
+c0 -126.336 -41.8564 -242.304 -110.848 -337.152zM832 768c247.552 0 448 200.576 448 448s-200.448 448 -448 448c-247.424 0 -448 -200.576 -448 -448s200.576 -448 448 -448z" />
+    <glyph glyph-name="uniF420" unicode="&#xf420;" 
+d="M483.2 1564.8l-227.2 227.2h640v-640l-232.32 232.32c-93.0557 -92.1602 -151.68 -218.88 -151.68 -360.32c0 -238.208 163.584 -436.736 384 -493.824v-262.656c-363.008 61.0566 -640 376.064 -640 756.48c0 212.096 88.0645 402.048 227.2 540.8zM1792 1024
+c0 -212.096 -88.0645 -401.92 -227.2 -540.8l227.2 -227.2h-640v640l18.5596 -18.5596l213.761 -213.761c93.0557 92.1602 151.68 218.88 151.68 360.32c0 238.208 -163.584 436.736 -384 493.824v262.656c363.008 -61.0566 640 -376.064 640 -756.48z" />
+    <glyph glyph-name="uniF425" unicode="&#xf425;" 
+d="M704 1024c35.3281 0 64 -28.6719 64 -64s-28.6719 -64 -64 -64s-64 28.6719 -64 64s28.6719 64 64 64zM704 1280c35.3281 0 64 -28.6719 64 -64s-28.6719 -64 -64 -64s-64 28.6719 -64 64s28.6719 64 64 64zM704 768c35.3281 0 64 -28.6719 64 -64s-28.6719 -64 -64 -64
+s-64 28.6719 -64 64s28.6719 64 64 64zM896 896v128h384v-128h-384zM896 640v128h384v-128h-384zM1280 1664h256v-1280h-1152v1280h256c0 70.7842 57.3438 128 128 128h384c70.7842 0 128 -57.2158 128 -128zM832 1664c-35.3281 0 -64 -28.6719 -64 -64s28.6719 -64 64 -64
+h256c35.3281 0 64 28.6719 64 64s-28.6719 64 -64 64h-256zM1408 512v1024h-128v-128h-640v128h-128v-1024h896zM896 1152v128h384v-128h-384z" />
+    <glyph glyph-name="uniF508" unicode="&#xf508;" 
+d="M1450.5 1395.2c45.6963 -69.376 124.288 -115.2 213.504 -115.2c5.50391 0 10.4961 1.28027 15.8721 1.66406l-399.872 -799.872l-256 512l-256 -512l-128 256l-256 -512l-299.776 599.424l228.992 114.561l70.7842 -141.568l256 512l128 -256l256 512l256 -512z
+M1664 1728c106.112 0 192 -86.0156 192 -192s-85.8877 -192 -192 -192s-192 86.0156 -192 192s85.8877 192 192 192z" />
+    <glyph glyph-name="uniF507" unicode="&#xf507;" 
+d="M1792 604.544c76.2881 -44.416 128 -126.08 128 -220.544c0 -141.312 -114.688 -256 -256 -256s-256 114.688 -256 256c0 94.5918 51.7119 176.128 128 220.544v163.456c0 70.7842 -57.2158 128 -128 128h-256v-291.456c76.2881 -44.416 128 -126.08 128 -220.544
+c0 -141.312 -114.688 -256 -256 -256s-256 114.688 -256 256c0 94.4639 51.8398 176.128 128 220.544v291.456h-256c-70.6562 0 -128 -57.2158 -128 -128v-163.456c76.1602 -44.416 128 -126.08 128 -220.544c0 -141.312 -114.688 -256 -256 -256s-256 114.688 -256 256
+c0 94.4639 51.8398 176.128 128 220.544v163.456c0 212.096 171.904 384 384 384h256v291.456c-76.1602 44.416 -128 126.08 -128 220.544c0 141.312 114.688 256 256 256s256 -114.688 256 -256c0 -94.4639 -51.7119 -176.128 -128 -220.544v-291.456h256
+c211.968 0 384 -171.904 384 -384v-163.456zM1024 1792c-70.6562 0 -128 -57.3438 -128 -128s57.3438 -128 128 -128s128 57.3438 128 128s-57.3438 128 -128 128zM384 256c70.6562 0 128 57.2158 128 128s-57.3438 128 -128 128s-128 -57.2158 -128 -128
+s57.3438 -128 128 -128zM1024 256c70.6562 0 128 57.2158 128 128s-57.3438 128 -128 128s-128 -57.2158 -128 -128s57.3438 -128 128 -128zM1664 256c70.7842 0 128 57.2158 128 128s-57.2158 128 -128 128s-128 -57.2158 -128 -128s57.2158 -128 128 -128z" />
+    <glyph glyph-name="uniF306" unicode="&#xf306;" 
+d="M1151.87 1219.46c0.12793 -0.511719 0.12793 -0.896484 0.12793 -1.4082v-1.79199v-0.255859c0 -5.12012 -0.639648 -10.3682 -1.91992 -15.4883l-128 -512c-8.57617 -34.1758 -43.2637 -55.04 -77.5684 -46.5918c-34.3037 8.57617 -55.168 43.2637 -46.5918 77.5684
+l108.16 432.512h-174.08c-35.3281 0 -64 28.6719 -64 64s28.6719 64 64 64h256h1.53613h1.28027c1.02344 -0.12793 1.91992 -0.12793 2.81543 -0.255859h0.255859c30.3359 -2.68848 54.5283 -26.624 57.8564 -56.96v0c0 -0.768555 0.12793 -1.4082 0.12793 -2.04785
+v-1.28027zM1408 1664h256v-1280h-1408v1280h256v128h128v-128h640v128h128v-128zM1536 640v640c0 70.7842 -57.2158 128 -128 128h-896c-70.6562 0 -128 -57.2158 -128 -128v-640c0 -70.7842 57.3438 -128 128 -128h896c70.7842 0 128 57.2158 128 128z" />
+    <glyph glyph-name="uniF406" unicode="&#xf406;" 
+d="M2048 1920l-832 -832l832 -832l-128 -128l-832 832l-832 -832l-128 128l832 832l-832 832l128 128l832 -832l832 832z" />
+    <glyph glyph-name="uniF215" unicode="&#xf215;" 
+d="M1664 1920c141.312 0 256 -114.688 256 -256v-1280c0 -141.312 -114.688 -256 -256 -256h-1280c-141.312 0 -256 114.688 -256 256v1280c0 141.312 114.688 256 256 256h1280zM1024 1408c-212.096 0 -384 -171.904 -384 -384c0 -211.968 171.904 -384 384 -384
+c211.968 0 384 172.032 384 384c0 212.096 -172.032 384 -384 384zM1792 384v768h-274.176c10.624 -41.0879 18.1758 -83.4561 18.1758 -128c0 -282.752 -229.248 -512 -512 -512s-512 229.248 -512 512c0 44.5439 7.42383 86.9121 18.1758 128h-274.176v-768
+c0 -70.7842 57.3438 -128 128 -128h1280c70.7842 0 128 57.2158 128 128zM1792 1536v128c0 70.6562 -57.2158 128 -128 128h-128c-70.7842 0 -128 -57.3438 -128 -128v-128c0 -70.6562 57.2158 -128 128 -128h128c70.7842 0 128 57.3438 128 128z" />
+    <glyph glyph-name="uniF202" unicode="&#xf202;" 
+d="M1920 1583.74c-49.2803 -73.7285 -111.744 -138.368 -183.552 -190.208c0.767578 -15.7441 1.2793 -31.6162 1.2793 -47.4883c0 -485.76 -369.92 -1046.02 -1046.27 -1046.02c-207.616 0 -400.768 60.7998 -563.456 165.248
+c28.7998 -3.45605 58.1123 -5.24805 87.8076 -5.24805c172.032 0 330.752 58.752 456.448 157.439c-160.768 2.81641 -296.576 108.929 -343.424 255.104c22.5283 -3.96777 45.4404 -6.52832 69.248 -6.52832c33.5361 0 65.9199 4.48047 96.7676 12.7998
+c-168.319 33.792 -294.912 182.272 -294.912 360.448v4.73633c49.6641 -27.5205 106.368 -44.0322 166.528 -45.9521c-98.6875 65.9199 -163.456 178.432 -163.456 305.92c0 67.3281 18.1758 130.688 49.792 184.96c181.376 -222.464 452.353 -368.768 757.889 -384.128
+c-6.27246 26.8799 -9.60059 54.9121 -9.60059 83.7119c0 203.008 164.608 367.616 367.616 367.616c105.855 0 201.472 -44.6719 268.544 -116.096c83.584 16.5117 162.304 47.1035 233.216 89.2158c-27.3916 -85.8887 -85.7598 -157.952 -161.536 -203.393
+c74.3682 8.83203 145.152 28.5439 211.072 57.8564z" />
+    <glyph glyph-name="uniF222" unicode="&#xf222;" 
+d="M1223.94 775.936c20.0967 20.0967 52.0967 19.9688 72.0645 0c19.9678 -19.9678 19.9678 -52.9912 0 -72.96c-56.96 -56.96 -145.92 -86.0156 -270.976 -86.0156c-126.977 0 -216.064 29.0557 -273.024 86.0156c-19.9678 19.9688 -19.9678 52.9922 0 72.96
+c19.9678 19.9688 51.9678 19.9688 71.9355 0c38.0166 -38.0156 103.04 -56.0635 199.04 -56.0635c97.9209 0 162.944 18.0479 200.96 56.0635zM894.976 982.016c0 -61.0557 -49.9199 -112 -112 -112c-60.9277 0 -110.976 50.9443 -110.976 112
+c0 61.9521 49.9199 112 110.976 112c61.9521 0 112 -50.0479 112 -112zM1265.02 1094.02c61.9512 0 112 -50.0479 112 -112c0 -61.0557 -50.0488 -112 -112 -112c-61.9521 0 -112 50.9443 -112 112c0 61.9521 50.0479 112 112 112zM1698.05 1089.02
+c24.96 17.9199 43.0078 45.9512 43.1357 78.9756c0 54.0156 -44.0312 98.0479 -98.0479 98.0479c-32 0 -57.9834 -16 -76.0322 -39.04c53.8887 -39.9355 98.9443 -87.04 130.944 -137.983zM1021.06 500.992c347.904 0 631.937 177.023 632.064 393.983
+c0 219.009 -284.032 396.032 -632.064 396.032c-349.056 0 -632.96 -177.023 -632.96 -395.008s283.904 -395.008 632.96 -395.008zM306.944 1168c0 -30.9756 16 -57.9844 39.9355 -74.8799c32 50.9443 76.9277 97.0234 131.968 136.96
+c-17.9199 22.0156 -43.0078 35.9678 -72.96 35.9678c-54.9121 0 -98.9434 -44.0322 -98.9434 -98.0479zM1600 1805.06c-41.9844 0 -77.0557 -35.0713 -77.0557 -77.0557s35.0713 -77.0557 77.0557 -77.0557s77.0557 34.9434 77.0557 77.0557
+s-35.0713 77.0557 -77.0557 77.0557zM1842.94 1168c0 -75.0078 -41.9844 -137.984 -101.889 -173.056c8.95996 -32 13.9521 -64.8965 13.9521 -98.9443c0 -274.944 -329.088 -498.048 -734.08 -498.048s-734.976 222.976 -734.976 497.023
+c0 35.9688 6.01562 70.0166 16.1279 104.064c-57.9844 34.9443 -97.0244 97.0244 -97.0244 168.96c0 110.976 89.9844 200.96 200.96 200.96c66.0488 0 124.032 -32.8955 160 -82.9443c114.944 60.9287 257.024 99.9688 411.904 105.984l92.0322 456.96
+c3.07227 14.0801 11.0078 25.9844 23.04 33.0244c12.0322 8.06348 25.9834 9.9834 39.04 7.04004l312.96 -72.0645c30.9756 52.9922 88.96 89.9844 155.008 89.9844c98.9443 0 179.072 -80 179.072 -178.944s-80 -178.944 -178.944 -178.944
+c-95.1035 0 -172.032 73.9844 -178.048 167.937l-262.016 60.0322l-77.0566 -386.049c148.992 -7.93555 285.952 -46.9756 397.057 -108.031c35.9678 51.9678 94.9756 86.0156 162.943 86.0156c109.952 0 199.937 -89.9844 199.937 -200.96z" />
+    <glyph glyph-name="uniF214" unicode="&#xf214;" 
+d="M1091.2 1920v-452.992h425.216v-281.216h-425.216v-459.52c0 -103.937 5.50391 -170.624 16.6396 -200.192c10.8799 -29.3125 31.4883 -52.8643 61.3125 -70.5283c39.6797 -23.8076 84.8633 -35.7119 135.936 -35.7119c90.624 0 180.864 29.4404 270.72 88.4482v-282.624
+c-76.6719 -35.9678 -146.048 -61.3125 -208 -75.9043c-61.9512 -14.4639 -129.023 -21.7598 -201.216 -21.7598c-81.9199 0 -154.368 10.3682 -217.344 30.9756c-62.9756 20.6084 -116.608 50.3047 -161.024 88.4482c-44.5439 38.2725 -75.2637 78.9766 -92.416 122.112
+c-17.1514 43.1357 -25.7275 105.6 -25.7275 187.52v628.736h-198.016v253.568c70.3994 22.9121 130.688 55.6797 180.863 98.4316c50.3047 42.624 90.4961 93.8242 120.832 153.856c30.3359 59.7754 51.2002 135.808 62.7207 228.352h254.72z" />
+    <glyph glyph-name="uniF104" unicode="&#xf104;" 
+d="M512 1664l1152 -640l-1152 -640v1280z" />
+    <glyph glyph-name="uniF50B" unicode="&#xf50b;" 
+d="M1408 1152l-384 -384l-384 384h256v512h256v-512h256zM384 640h1280v-256h-1280v256z" />
+    <glyph glyph-name="uniF409" unicode="&#xf409;" 
+d="M1024 1664l640 -512l-128 -128v-512h-1024v512l-128 128zM1152 576v448h-256v-448h256z" />
+    <glyph glyph-name="uniF458" unicode="&#xf458;" 
+d="M1920 1024l-1024 -640v480l-768 -480v1280l768 -480v480z" />
+    <glyph glyph-name="uniF218" unicode="&#xf218;" 
+d="M729.6 1152h550.4s12.7998 -38.4004 12.7998 -89.5996c0 -332.801 -230.399 -563.2 -563.2 -563.2c-320 0 -588.8 268.8 -588.8 588.8s281.601 588.8 588.8 588.8c153.601 0 294.4 -51.2002 384 -153.6l-153.6 -153.601c-38.4004 25.6006 -102.4 76.8008 -230.4 76.8008
+c-204.8 0 -371.199 -166.4 -371.199 -371.2s166.399 -371.2 371.199 -371.2c230.4 0 320 166.4 332.801 243.2h-332.801v204.8zM1664 1152h128v-128h-128v-128h-128v128h-128v128h128v128h128v-128z" />
+    <glyph glyph-name="uniF513" unicode="&#xf513;" 
+d="M1920 1280l-555.136 -387.968l212.863 -636.032l-553.728 394.496l-553.728 -394.496l212.991 636.032l-555.264 387.968h685.312l210.688 640l210.688 -640h685.312zM1024 807.68l307.584 -219.136l-118.4 353.536l300.288 209.92h-371.456l-118.016 358.528v-702.849z
+" />
+    <glyph glyph-name="uniF301" unicode="&#xf301;" 
+d="M704 1152h960l-256 -640h-1024v1024h384l64 -128h448v-128h-640l-128 -256h128z" />
+    <glyph glyph-name="uniF474" unicode="&#xf474;" 
+d="M128 1408v384h384zM640 768v512h768v-512h-768zM1536 1792h384v-384zM128 640l384 -384h-384v384zM1536 256l384 384v-384h-384zM1536 1408l256 384l128 -128zM1536 640l384 -256l-128 -128zM128 384l384 256l-256 -384zM128 1664l128 128l256 -384z" />
+    <glyph glyph-name="uniF438" unicode="&#xf438;" 
+d="M1280 1792c141.312 0 256 -114.688 256 -256v-1024c0 -141.312 -114.688 -256 -256 -256h-512c-141.312 0 -256 114.688 -256 256v384h128v-128h768v768h-768v-128h-128v128c0 141.312 114.688 256 256 256h512zM1024 384c70.7842 0 128 57.2158 128 128
+s-57.2158 128 -128 128c-70.6562 0 -128 -57.2158 -128 -128s57.3438 -128 128 -128zM768 896v128h-512v256h512v128l384 -256z" />
+    <glyph glyph-name="uniF451" unicode="&#xf451;" 
+d="M256 384v1280l1024 -640zM1408 1664h384v-1280h-384v1280z" />
+    <glyph glyph-name="uniF404" unicode="&#xf404;" 
+d="M1024 640c-19.8398 0 -39.04 2.43164 -57.8564 5.63184l436.225 436.225c3.2002 -18.8164 5.63184 -38.0166 5.63184 -57.8564c0 -211.968 -172.032 -384 -384 -384zM1696.26 1375.74l351.744 -351.744l-506.624 -506.624
+c-131.456 -134.272 -314.752 -217.728 -517.376 -217.728c-117.248 0 -226.944 29.3115 -324.864 79.1035l147.072 146.944c56.7041 -20.6084 115.968 -34.0479 177.92 -34.0479c144 0 279.168 56.832 380.288 160.128l372.096 372.224l-216.063 215.936zM1606.02 1722.11
+l128.641 -129.024l-1279.87 -1279.87l-128.896 128.769l128 128.128l-453.888 453.888v0l506.496 506.496c131.456 134.4 314.624 217.984 517.504 217.984c170.368 0 324.48 -61.8242 448 -160.385zM896 1024c70.6562 0 128 57.3438 128 128s-57.3438 128 -128 128
+c-70.7842 0 -128 -57.3438 -128 -128s57.2158 -128 128 -128zM1229.18 1345.28l105.729 105.728c-90.752 66.8164 -197.12 105.473 -310.912 105.473c-144.128 0 -279.168 -56.9609 -380.288 -160.385l-372.096 -372.096l318.208 -318.336l113.023 113.024
+c-38.6553 59.5195 -62.8477 129.023 -62.8477 205.312c0 212.096 172.032 384 384 384c76.2881 0 145.792 -24.1924 205.184 -62.7197z" />
+    <glyph glyph-name="uniF209" unicode="&#xf209;" 
+d="M1073.15 2048c481.664 0 798.976 -348.672 798.976 -722.944c0 -495.104 -275.328 -865.151 -680.96 -865.151c-136.32 0 -264.448 73.7275 -308.352 157.439c0 0 -73.2168 -290.943 -88.832 -347.136c-26.8809 -97.2803 -79.2324 -194.56 -127.104 -270.208
+l-148.992 54.0156c-3.58398 88.3203 -0.639648 194.049 22.0166 289.92c24.1914 102.4 162.304 687.744 162.304 687.744s-40.3203 80.6406 -40.3203 199.809c0 187.008 108.544 326.784 243.456 326.784c114.816 0 170.24 -86.1445 170.24 -189.44
+c0 -115.328 -73.7275 -288 -111.488 -448c-31.6152 -133.632 67.2002 -242.816 199.168 -242.816c239.232 0 400.128 307.072 400.128 670.977c0 276.607 -186.367 483.712 -525.184 483.712c-382.72 0 -621.312 -285.568 -621.312 -604.544
+c0 -110.08 32.5117 -187.521 83.1992 -247.424c23.5527 -27.7764 26.624 -38.9121 18.3047 -70.6562c-6.0166 -23.04 -19.9688 -78.9766 -25.7285 -101.248c-8.44824 -32 -34.3037 -43.2637 -63.2314 -31.3604c-176.257 71.6807 -258.433 264.96 -258.433 482.048
+c0 358.656 302.336 788.48 902.145 788.48z" />
+    <glyph glyph-name="uniF217" unicode="&#xf217;" 
+d="M1024 1920c494.08 0 896 -402.048 896 -896c0 -494.08 -401.92 -896 -896 -896c-493.952 0 -896 401.92 -896 896c0 493.952 402.048 896 896 896zM1112.83 1769.47c-211.2 10.4961 -420.864 -73.4717 -564.608 -220.16
+c-146.432 -144.256 -216.063 -354.176 -189.695 -551.68c23.4238 -197.248 142.592 -378.496 307.584 -476.032c160.768 -96 365.312 -104.191 530.943 -29.0557c-47.1035 -13.0557 -96.6396 -20.3516 -147.712 -20.3516c-303.487 0 -550.399 246.911 -550.399 550.399
+c0 143.872 55.6797 274.944 146.304 373.12c1.02441 1.02441 1.91992 1.91992 2.81641 2.94434c4.60742 4.73535 9.08789 9.47168 13.6953 14.208c0.512695 0.383789 0.896484 1.02344 1.4082 1.2793c128 148.353 317.056 242.177 528.256 242.177
+c221.057 0 418.176 -102.912 546.048 -263.424c-20.8633 33.5352 -44.0312 65.6631 -69.376 95.6152c-137.983 168.832 -343.68 273.408 -555.264 280.96zM1415.04 1006.21c4.35156 -90.3682 -25.3438 -182.912 -80.7676 -257.152
+c-55.5527 -73.8555 -135.169 -129.664 -225.28 -156.928c-74.8799 -22.7842 -156.544 -25.5996 -234.112 -7.04004c54.0166 -21.6318 112.896 -33.6641 174.464 -33.6641c259.968 0 471.296 211.456 471.296 471.296c0 0.768555 -0.12793 1.66406 -0.12793 2.68848
+c-13.6953 142.336 -88.1914 276.352 -200.319 359.168c-137.345 104.576 -332.288 116.864 -479.232 38.0156c-73.2158 -38.5273 -136.832 -97.1514 -176.896 -166.912c-40.5762 -69.8877 -58.4961 -151.68 -52.2246 -230.912
+c10.624 -158.976 124.8 -305.023 271.616 -345.216c146.432 -44.0322 313.344 19.584 391.936 142.849c82.5605 120.447 62.7207 293.119 -36.3516 391.68c-94.0801 104.192 -260.992 115.968 -367.872 36.8643c-54.0156 -38.6562 -92.5439 -94.3359 -105.344 -157.057
+c-13.3125 -62.0801 -1.66406 -128.64 30.4639 -181.76c32.1279 -53.7598 83.7119 -93.5684 141.952 -108.032c58.2402 -15.1035 121.6 -4.86328 171.52 25.6006c50.5605 30.4639 87.5518 80.1279 97.9199 135.68c11.3926 55.2959 -1.66406 114.432 -34.3037 158.848
+c-32.1279 45.5684 -82.8164 73.3447 -135.936 76.9287c-52.9922 4.0957 -105.856 -17.2803 -141.568 -54.2725c-36.6084 -35.9678 -52.0957 -89.0879 -44.6719 -137.855c7.55176 -48.6406 38.2715 -93.6963 80 -115.584c26.4961 -14.7207 57.4717 -19.8408 86.9121 -16.3848
+c-62.0801 1.53613 -114.177 43.2646 -131.456 100.097c-0.512695 0.767578 -1.02441 1.66406 -1.4082 2.6875c-17.9199 41.4717 -13.0557 94.3359 16.1279 133.376c28.416 38.7842 77.5684 63.3604 128.768 60.7998c51.0723 -1.66406 101.376 -33.0234 128 -78.9756
+c27.3926 -45.8242 32 -106.752 7.80859 -158.336c-24.0645 -51.7119 -73.7285 -90.2402 -131.584 -101.632c-57.4717 -12.416 -122.752 4.73535 -167.68 47.3594c-44.8008 40.96 -72.0645 104.192 -67.4561 168.32c3.83984 133.12 150.911 237.44 287.104 200.96
+c138.368 -31.6162 226.944 -196.736 173.824 -338.304c-48.6406 -142.72 -224.769 -225.536 -373.888 -166.912c-74.1123 27.5195 -134.784 85.8877 -169.729 157.568c-34.9443 72.1914 -42.2402 158.592 -17.9199 237.695c47.8721 161.664 226.176 269.185 398.848 238.464
+c175.36 -25.5996 313.217 -192.64 317.568 -374.016zM1024 207.488c319.232 0 595.968 184.319 730.112 451.712c37.248 84.7354 58.8799 175.744 58.8799 265.728c0 318.977 -247.04 554.368 -553.216 607.616c154.496 -64 279.296 -200.32 331.52 -362.496
+c70.1445 -203.136 20.8643 -447.872 -133.12 -608.896c-148.224 -162.944 -384.384 -245.633 -608.128 -206.208c-226.048 35.584 -422.912 198.271 -517.504 407.936c-97.792 209.408 -90.3682 468.224 26.8799 674.432c116.736 206.337 329.344 354.433 566.272 395.009
+c11.7754 2.17578 23.6797 3.96777 35.584 5.37598c-420.992 -32.1279 -753.664 -384.641 -753.664 -813.696c0 -450.304 366.208 -816.512 816.384 -816.512z" />
+    <glyph glyph-name="uniF469" unicode="&#xf469;" 
+d="M256 1280h1536v-768h-256v384h-1024v-384h-256v768zM1408 1664v-256h-768v256h768zM1408 640c0 -98.3037 37.5039 -196.48 112.512 -271.488l112.513 -112.512h-768l-112.513 112.512c-75.0078 75.0078 -112.512 173.185 -112.512 271.488v128h768v-128z" />
+    <glyph glyph-name="uniF476" unicode="&#xf476;" 
+d="M384 1248c123.776 0 224 -100.224 224 -224c0 -123.648 -100.224 -224 -224 -224s-224 100.352 -224 224c0 123.776 100.224 224 224 224zM1024 1248c123.648 0 224 -100.224 224 -224c0 -123.648 -100.352 -224 -224 -224c-123.776 0 -224 100.352 -224 224
+c0 123.776 100.224 224 224 224zM1664 1248c123.648 0 224 -100.224 224 -224c0 -123.648 -100.352 -224 -224 -224s-224 100.352 -224 224c0 123.776 100.352 224 224 224z" />
+    <glyph glyph-name="uniF211" unicode="&#xf211;" 
+d="M1472 1440c229.888 0 416 -186.24 416 -416s-186.112 -416 -416 -416s-416 186.24 -416 416s186.112 416 416 416zM576 1440c229.76 0 416 -186.24 416 -416s-186.24 -416 -416 -416s-416 186.24 -416 416s186.24 416 416 416z" />
+    <glyph glyph-name="uniF456" unicode="&#xf456;" 
+d="M1024 1792c424.064 0 768 -343.936 768 -768s-343.936 -768 -768 -768c-424.192 0 -768 343.936 -768 768s343.808 768 768 768zM1024 512c70.7842 0 128 57.2158 128 128s-57.2158 128 -128 128c-70.6562 0 -128 -57.2158 -128 -128s57.3438 -128 128 -128zM1113.22 896
+l51.584 640h-281.6l51.2002 -640h178.815z" />
+    <glyph glyph-name="uniF471" unicode="&#xf471;" 
+d="M512 1664h358.656c163.328 0 281.855 -23.2959 355.712 -69.7598c73.7275 -46.4639 110.592 -120.448 110.592 -221.824c0 -68.8643 -16.1279 -125.312 -48.3838 -169.344c-32.3838 -44.1602 -75.2646 -70.6562 -128.769 -79.6162v-7.93652
+c72.96 -16.2559 125.568 -46.7197 157.952 -91.3916c32.2559 -44.6719 48.5127 -104.063 48.5127 -178.048c0 -105.088 -38.0166 -187.008 -113.921 -245.888c-76.0312 -58.8809 -178.943 -88.1924 -309.248 -88.1924h-431.104v1152zM768 1207.81h130.176
+c66.3047 0 114.176 10.2402 143.872 30.7207c29.5684 20.4795 44.5439 54.3994 44.5439 101.632c0 44.1602 -16.1279 75.7754 -48.5117 94.9756c-32.3838 19.0723 -83.4561 28.7998 -153.344 28.7998h-116.736v-256.128zM768 1013.89v-300.16h147.456
+c67.2002 0 116.864 12.9287 148.864 38.6562c32.1279 25.7285 48.1279 65.1523 48.1279 118.145c0 95.6152 -68.3525 143.487 -204.929 143.487h-139.52v-0.12793z" />
+    <glyph glyph-name="uniF433" unicode="&#xf433;" 
+d="M0 896l896 -896h-896v896z" />
+    <glyph glyph-name="uniF447" unicode="&#xf447;" 
+d="M1408 512c70.7842 0 128 -57.2158 128 -128s-57.2158 -128 -128 -128s-128 57.2158 -128 128s57.2158 128 128 128zM640 512c70.6562 0 128 -57.2158 128 -128s-57.3438 -128 -128 -128s-128 57.2158 -128 128s57.3438 128 128 128zM1536 896h-896v-128h896v-128h-1024
+v1024h-256v128h384v-256h1152z" />
+    <glyph glyph-name="uniF511" unicode="&#xf511;" 
+d="M1024 1510.53l-118.016 -358.528h-371.328l300.288 -209.92l-118.272 -353.28l307.328 218.88l307.584 -219.136l-118.4 353.536l300.288 209.92h-371.456zM1024 1920v0l210.688 -640h685.312l-555.136 -387.968l212.863 -636.032l-553.728 394.496l-553.728 -394.496
+l212.991 636.032l-555.264 387.968h685.312z" />
+    <glyph glyph-name="uniF427" unicode="&#xf427;" 
+d="M1717.72 1436.21c99.7246 -99.7246 99.7246 -261.281 0 -361.006l-232.861 -232.989c-98.5723 -98.5723 -257.44 -99.3398 -357.421 -2.81543l-455.353 -455.354h-288.036v287.908l455.097 454.969l-0.767578 0.768555c-99.5967 99.5957 -99.5967 261.408 0 361.005
+l232.989 232.989c99.5957 99.7246 261.408 99.7246 361.005 0zM1344.04 1104.01l160.02 160.021l-256.031 256.031l-160.021 -160.02z" />
+    <glyph glyph-name="uniF219" unicode="&#xf219;" 
+d="M1438.08 1832.7c0 0 563.456 -229.376 370.176 -838.4c-267.264 -554.496 -784.64 -349.056 -784.64 -349.056v-277.504s-19.7119 -153.344 -202.88 -220.288c-183.296 -66.6885 -351.616 59.5195 -351.616 59.5195v279.809
+c83.584 -85.5039 195.712 -134.272 240.128 -9.98438v945.92h311.68v-537.472s460.416 -138.496 522.368 289.792c9.85645 475.392 -546.944 472.832 -546.944 472.832s-349.184 22.2715 -522.495 -257.536c-131.2 -222.848 37.1191 -423.424 37.1191 -423.424
+l-225.279 -200.448s-339.2 418.433 -7.42383 871.552c430.848 487.681 1159.81 194.688 1159.81 194.688z" />
+    <glyph glyph-name="uniF100" unicode="&#xf100;" 
+d="M512 1408h1024v-128h-1024v128zM1152 1152v-128h-640v128h640zM1280 1024v128h256v-128h-256zM896 768v128h640v-128h-640zM768 896v-128h-256v128h256zM512 512v128h768v-128h-768z" />
+    <glyph glyph-name="uniF400" unicode="&#xf400;" 
+d="M1792 384l-128 -128l-494.848 494.848c-94.8486 -68.9912 -210.816 -110.848 -337.152 -110.848c-318.08 0 -576 257.92 -576 576s257.92 576 576 576s576 -257.92 576 -576c0 -126.336 -41.8564 -242.304 -110.848 -337.152zM384 1216c0 -247.424 200.576 -448 448 -448
+c247.552 0 448 200.576 448 448s-200.448 448 -448 448c-247.424 0 -448 -200.576 -448 -448z" />
+    <glyph glyph-name="uniF439" unicode="&#xf439;" 
+d="M896 1664v-384h-256v384c0 70.7842 57.3438 128 128 128s128 -57.2158 128 -128zM1408 1664v-384h-256v384c0 70.7842 57.2158 128 128 128s128 -57.2158 128 -128zM384 1152h1280c0 -309.632 -219.904 -567.68 -512 -627.072v-268.928h-256v268.928
+c-292.096 59.2646 -512 317.44 -512 627.072z" />
+    <glyph glyph-name="uniF509" unicode="&#xf509;" 
+d="M1534.21 717.824l147.712 -88.5762c-134.4 -223.36 -378.24 -373.248 -657.92 -373.248c-279.552 0 -523.52 149.888 -657.92 373.248l147.712 88.7041c92.1602 -98.1758 226.816 -168.96 382.208 -194.688v500.736h-128v128h128v163.456
+c-76.1602 44.416 -128 126.08 -128 220.544c0 141.312 114.688 256 256 256s256 -114.688 256 -256c0 -94.4639 -51.7119 -176.128 -128 -220.544v-163.456h128v-128h-128v-500.864c155.52 25.7285 289.92 96.3838 382.208 194.688zM1024 1664
+c-70.6562 0 -128 -57.3438 -128 -128s57.3438 -128 128 -128c70.7842 0 128 57.3438 128 128s-57.2158 128 -128 128z" />
+    <glyph glyph-name="uniF510" unicode="&#xf510;" 
+d="M1664 1152v-256h-512v-512h-256v512h-512v256h512v512h256v-512h512z" />
+    <glyph glyph-name="uniF445" unicode="&#xf445;" 
+d="M1888 748.032l-57.5996 -139.648l-305.408 21.8887c-31.3604 -39.9365 -66.9443 -75.6484 -106.88 -107.009l21.7598 -305.536l-139.264 -57.5996l-200.704 231.552c-25.2158 -3.07129 -49.9199 -7.67969 -75.9043 -7.67969c-25.7275 0 -50.1758 4.6084 -75.1357 7.67969
+l-200.96 -231.808l-139.393 57.7275l21.7607 305.408c-39.9365 31.3604 -75.5205 66.9443 -107.009 106.88l-305.536 -21.7598l-57.7275 139.264l231.68 200.832c-3.07129 25.0879 -7.67969 49.792 -7.67969 75.7764c0 25.7275 4.6084 50.1758 7.55176 75.1357
+l-231.552 200.96l57.7275 139.393l305.28 -21.7607c31.4883 39.9365 67.2002 75.7764 107.265 107.265l-21.7607 305.408l139.137 57.5996l200.96 -231.68c24.96 2.94336 49.5352 7.67969 75.3916 7.67969s50.4316 -4.73633 75.3916 -7.67969l200.96 231.68
+l139.265 -57.5996l-21.8887 -305.408c39.9365 -31.3604 75.6484 -67.0723 107.137 -107.008l305.408 21.6318l57.5996 -139.136l-231.552 -200.832c3.07129 -25.0889 7.67969 -49.6641 7.67969 -75.6484c0 -25.7275 -4.6084 -50.3037 -7.67969 -75.2637zM1280 1024
+c0 141.312 -114.688 256 -256 256s-256 -114.688 -256 -256s114.688 -256 256 -256s256 114.688 256 256z" />
+    <glyph glyph-name="uniF516" unicode="&#xf516;" 
+d="M1024 1452.42v-467.328h-155.776v467.328h155.776zM1408 1452.42v-467.328h-155.776v467.328h155.776zM323.2 1920h1596.8v-1090.82l-467.456 -445.184h-350.464l-233.6 -256h-228.48v256h-512v1224.32zM1764.22 907.136v857.088h-1285.5v-1129.73h350.977v-211.328
+l233.472 211.328h428.16z" />
+    <glyph glyph-name="uniF435" unicode="&#xf435;" 
+d="M384 512l640 640l640 -640h-1280zM384 1408h1280v-128h-1280v128z" />
+    <glyph glyph-name="uniF300" unicode="&#xf300;" 
+d="M1536 1536c141.312 0 256 -114.688 256 -256v-384c0 -141.312 -114.688 -256 -256 -256h-448l-448 -448v448h-128c-141.312 0 -256 114.688 -256 256v384c0 141.312 114.688 256 256 256h1024z" />
+    <glyph glyph-name="uniF514" unicode="&#xf514;" 
+d="M1664 768v128l256 -256l-256 -256v128h-256c-282.752 0 -512 229.248 -512 512c0 141.312 -114.688 256 -256 256h-384v256h384c282.752 0 512 -229.248 512 -512c0 -141.312 114.688 -256 256 -256h256zM1408 1280c-61.8242 0 -117.888 -22.9121 -162.176 -59.3916
+c-27.3926 83.9678 -70.7842 160 -128 224.768c82.5596 56.96 182.271 90.624 290.176 90.624h256v128l256 -256l-256 -256v128h-256zM640 768c61.8242 0 117.888 22.9121 162.176 59.3916c27.3926 -83.9678 70.7842 -160 128 -224.768
+c-82.5596 -56.832 -182.271 -90.624 -290.176 -90.624h-384v256h384z" />
+    <glyph glyph-name="uniF102" unicode="&#xf102;" 
+d="M1408 1408l512 -128v-896h-1792v896l512 128l128 256h512zM1024 512.256c247.552 0 448 200.448 448 448c0 247.424 -200.448 448 -448 448c-247.424 0 -448 -200.576 -448 -448c0 -247.552 200.576 -448 448 -448zM512 1600v-96.1279l-256 -64v160.128h256z
+M1024 1280.13c176.768 0 320 -143.231 320 -320c0 -176.768 -143.232 -320 -320 -320s-320 143.232 -320 320c0 176.769 143.232 320 320 320z" />
+    <glyph glyph-name="uniF466" unicode="&#xf466;" 
+d="M640 1344l-320 -320l320 -320v-320l-640 640l640 640v-320zM1408 1280c282.752 0 512 -229.248 512 -512v-299.904l-150.016 149.889c-99.9688 99.9678 -231.04 150.016 -361.984 150.016h-256v-384l-640 640l640 640v-384h256z" />
+    <glyph glyph-name="uniF463" unicode="&#xf463;" 
+d="M1536 1408l-768 -384l-768 384v128h1536v-128zM0 1216l768 -384l256 128v-448h-1024v704zM1920 1152c70.7842 0 128 -57.3438 128 -128v-640c0 -70.7842 -57.2158 -128 -128 -128h-640c-70.7842 0 -128 57.2158 -128 128v640c0 70.6562 57.2158 128 128 128h640z
+M1920 640v128h-256v256h-128v-256h-256v-128h256v-256h128v256h256z" />
+    <glyph glyph-name="uniF422" unicode="&#xf422;" 
+d="M384 1536h1152v-1024h-1152v1024zM1408 640v640h-896v-640h896z" />
+    <glyph glyph-name="uniF201" unicode="&#xf201;" 
+d="M1024 128c128 0 256 32 368 80c-16 144 -64 368 -208 688c-288 -96 -560 -304 -704 -576c144 -128 336 -192 544 -192zM1536 288c208 144 352 384 384 640c-192 32 -368 32 -576 0c16 -32 128 -304 192 -640zM128 1088v-64c0 -224 80 -432 224 -592
+c176 288 496 496 784 592c-16 48 -48 112 -80 176c-368 -112 -592 -144 -928 -112zM1760 1536c-160 -128 -368 -192 -560 -288c48 -64 64 -112 96 -176c208 48 480 32 624 0c-16 176 -64 336 -160 464zM672 1856c-256 -112 -448 -336 -512 -624c288 -32 688 48 832 96
+c-96 192 -192 352 -320 528zM1024 1920c-64 0 -128 -16 -192 -16c128 -208 192 -320 304 -512c128 48 384 128 528 256c-160 160 -384 272 -640 272zM1024 2048c560 0 1024 -464 1024 -1024s-464 -1024 -1024 -1024s-1024 464 -1024 1024s464 1024 1024 1024z" />
+    <glyph glyph-name="uniF426" unicode="&#xf426;" 
+d="M1664 1024c141.312 0 256 -114.688 256 -256s-114.688 -256 -256 -256h-1280c-141.312 0 -256 114.688 -256 256s114.688 256 256 256h6.52832c-4.35254 20.8643 -6.52832 41.9844 -6.52832 64c0 176.768 143.232 320 320 320
+c89.3438 0 169.984 -36.8643 227.968 -95.8721c60.7998 131.84 193.408 223.872 348.032 223.872c211.968 0 384 -171.904 384 -384c0 -45.1836 -9.21582 -87.8076 -23.5518 -128h23.5518z" />
+    <glyph glyph-name="uniF446" unicode="&#xf446;" 
+d="M1024 1792c424.064 0 768 -343.936 768 -768s-343.936 -768 -768 -768s-768 343.936 -768 768s343.936 768 768 768zM1536 1024c0 282.752 -229.248 512 -512 512c-94.8477 0 -182.528 -27.5195 -258.688 -72.4482l698.368 -698.24
+c44.8008 76.1602 72.3203 163.969 72.3203 258.688zM512 1024c0 -282.752 229.248 -512 512 -512c94.7197 0 182.4 27.5195 258.56 72.3203l-698.239 698.239c-44.8008 -76.1592 -72.3203 -163.84 -72.3203 -258.56z" />
+    <glyph glyph-name="uniF504" unicode="&#xf504;" 
+d="M1664 1536c0 -94.4639 -51.7119 -176.128 -128 -220.544v-163.456c0 -282.752 -229.248 -512 -512 -512c-141.312 0 -256 -114.688 -256 -256v-128h-256v1059.46c-76.1602 44.416 -128 126.08 -128 220.544c0 141.312 114.688 256 256 256s256 -114.688 256 -256
+c0 -94.4639 -51.8398 -176.128 -128 -220.544v-490.496c75.5195 44.0322 162.304 71.04 256 71.04c141.312 0 256 114.688 256 256v163.456c-76.2881 44.416 -128 126.08 -128 220.544c0 141.312 114.688 256 256 256s256 -114.688 256 -256zM640 1664
+c-70.6562 0 -128 -57.3438 -128 -128s57.3438 -128 128 -128s128 57.3438 128 128s-57.3438 128 -128 128zM1408 1408c70.7842 0 128 57.3438 128 128s-57.2158 128 -128 128s-128 -57.3438 -128 -128s57.2158 -128 128 -128z" />
+    <glyph glyph-name="uniF465" unicode="&#xf465;" 
+d="M1536 1408l-768 -384l-768 384v128h1536v-128zM0 1216l768 -384l256 128v-448h-1024v704zM1920 1152c70.7842 0 128 -57.3438 128 -128v-640c0 -70.7842 -57.2158 -128 -128 -128h-640c-70.7842 0 -128 57.2158 -128 128v640c0 70.6562 57.2158 128 128 128h640z
+M1531.52 384l452.48 452.48l-90.4961 90.4951l-361.984 -361.983l-180.991 180.992l-90.4961 -90.4961z" />
+    <glyph glyph-name="uniF424" unicode="&#xf424;" 
+d="M1408 1792l384 -384v-768l-384 -384h-768l-384 384v768l384 384h768zM1024 512c70.7842 0 128 57.2158 128 128s-57.2158 128 -128 128c-70.6562 0 -128 -57.2158 -128 -128s57.3438 -128 128 -128zM1113.22 896l51.584 640h-281.6l51.2002 -640h178.815z" />
+    <glyph glyph-name="uniF418" unicode="&#xf418;" 
+d="M1408 1504l128 -96l-512 -768h-128l-288 416l128 128l224 -192z" />
+    <glyph glyph-name="uniF429" unicode="&#xf429;" 
+d="M1024 1453.31l493.312 -493.312l-493.312 -493.312l-86.6562 86.6553l342.656 342.656h-896v128h896l-342.656 342.656z" />
+    <glyph glyph-name="uniF308" unicode="&#xf308;" 
+d="M477.696 568.192l543.104 543.104l90.3682 -90.624l-542.976 -542.976c-100.225 -100.353 -152.32 -115.84 -226.305 -135.809c20.0967 74.1123 35.584 126.08 135.809 226.305zM1189.5 1732.61l180.992 180.991l542.976 -543.104l-180.991 -180.992
+c-50.0488 50.0479 -130.944 50.0479 -180.992 0l-180.992 -180.992c-50.0479 -50.0479 -50.0479 -130.943 0 -180.992l-180.992 -180.991l-543.104 542.976l180.991 180.992c50.0488 -50.0479 131.072 -50.0479 181.12 0l180.992 181.12
+c50.0479 50.0479 50.0479 130.943 0 180.992z" />
+    <glyph glyph-name="uniF226" unicode="&#xf226;" 
+d="M1477.76 1792c120.32 0 152.576 -68.6084 126.464 -195.584l-51.8398 -258.688c-40.96 -206.848 -88.0635 -445.695 -94.0801 -470.144c-11.0078 -44.1602 -27.9033 -119.168 -132.992 -119.168h-250.367c-9.98438 0 -9.98438 0 -20.0967 -10.1123
+c-6.65527 -6.65527 -393.344 -455.424 -393.344 -455.424c-30.208 -34.6875 -80.3838 -28.5439 -98.6875 -21.1201c-18.3047 7.2959 -50.6885 29.6963 -50.6885 89.9844v1301.63s33.2803 138.624 146.304 138.624h819.328zM1394.94 1391.1l34.3037 179.2
+c6.27148 29.6963 -16.3838 52.4805 -40.5762 52.4805h-657.536c-29.8242 0 -49.792 -26.8799 -49.792 -49.792v-1015.68c0 -3.19922 2.43262 -3.83984 4.86426 -1.15137c0 0 242.304 290.815 269.184 324.352c26.8809 33.4082 39.168 38.6562 79.3604 38.6562h221.184
+c30.208 0 47.2324 25.3438 50.3047 40.1924c3.2002 14.8477 28.9277 149.12 34.4316 176.256s-19.3281 54.9121 -44.7998 54.9121h-270.976c-35.9688 0 -61.8242 25.4717 -61.8242 61.3115v39.04c0 35.9678 25.7275 60.416 61.5674 60.416h319.232
+s46.9756 20.4805 51.0723 39.8076z" />
+    <glyph glyph-name="uniF205" unicode="&#xf205;" 
+d="M1024 1920c493.952 0 896 -401.92 896 -896c0 -493.952 -402.048 -896 -896 -896c-494.08 0 -896 402.048 -896 896c0 494.08 401.92 896 896 896zM218.496 1024c0 -318.848 185.216 -594.432 454.016 -724.992l-384.256 1052.93
+c-44.6719 -100.224 -69.7598 -211.071 -69.7598 -327.936zM1024 218.496c93.8242 0 183.808 16.1279 267.648 45.5684c-2.17676 3.45508 -4.09668 7.16797 -5.76074 11.2637l-247.552 678.271l-241.92 -702.336c72.1924 -21.248 148.48 -32.7676 227.584 -32.7676z
+M1134.98 1401.73l291.072 -866.176l80.3838 268.544c34.9443 111.488 61.3125 191.488 61.3125 260.48c0 99.584 -35.8398 168.576 -66.4326 222.08c-40.7031 66.4316 -78.9756 122.624 -78.9756 189.056c0 74.1123 56.1924 142.977 135.168 142.977
+c3.58398 0 7.04004 -0.384766 10.4961 -0.640625c-143.36 131.328 -334.208 211.456 -544 211.456c-281.472 0 -529.024 -144.256 -673.024 -363.008c18.9443 -0.639648 36.7363 -0.896484 51.8408 -0.896484c84.2236 0 214.655 10.2402 214.655 10.2402
+c43.3926 2.56055 48.5127 -61.3115 5.24805 -66.4316c0 0 -43.7754 -5.12012 -92.1602 -7.68066l293.12 -872.575l176.256 528.64l-125.439 343.936c-43.3926 2.56055 -84.4805 7.68066 -84.4805 7.68066c-43.2637 2.55957 -38.2715 68.9922 5.12012 66.4316
+c0 0 132.992 -10.2402 212.225 -10.2402c84.2236 0 214.783 10.2402 214.783 10.2402c43.3926 2.56055 48.5127 -61.3115 5.12012 -66.4316c0 0 -43.6475 -5.12012 -92.2881 -7.68066zM1730.82 1410.56c3.58398 -25.7275 5.50391 -53.248 5.63184 -82.8154
+c0 -81.792 -15.4883 -173.696 -61.3125 -288.512l-246.144 -711.425c239.488 139.521 400.512 399.104 400.512 696.192c0 140.16 -35.8398 271.872 -98.6875 386.56z" />
+    <glyph glyph-name="uniF472" unicode="&#xf472;" 
+d="M1368.06 1408h-128l-240.129 -768h128l-39.9355 -128h-448l39.9355 128h128l240.129 768h-128l39.9355 128h448z" />
+    <glyph glyph-name="uniF216" unicode="&#xf216;" 
+d="M1791.62 1265.92c0.383789 -2.94434 0.639648 -5.75977 0.639648 -8.7041v-466.943c0 -2.94434 -0.255859 -5.76074 -0.511719 -8.96094c-0.12793 -0.767578 -0.383789 -1.79199 -0.511719 -2.81543c-0.384766 -1.79199 -0.640625 -3.58398 -1.15234 -5.50391
+c-0.255859 -1.02441 -0.768555 -2.04785 -1.02441 -3.07227c-0.639648 -1.66406 -1.15137 -3.2002 -1.79199 -4.86426c-0.511719 -1.02344 -1.02344 -2.04785 -1.53613 -3.07129c-0.639648 -1.53613 -1.40723 -2.94434 -2.30371 -4.48047
+c-0.511719 -0.895508 -1.28027 -1.91992 -1.91992 -2.94434c-0.767578 -1.2793 -1.66406 -2.55957 -2.6875 -3.96777c-0.768555 -0.895508 -1.53613 -1.79199 -2.30469 -2.81543c-1.02344 -1.02441 -2.04785 -2.30469 -3.32812 -3.45605
+c-0.767578 -0.896484 -1.66406 -1.79199 -2.6875 -2.68848c-1.02441 -0.895508 -2.30371 -2.04785 -3.71191 -3.07227c-0.768555 -0.767578 -1.79199 -1.53516 -2.81641 -2.30371l-1.15137 -0.767578l-702.208 -467.072
+c-11.1367 -7.42383 -23.8086 -11.0078 -36.6084 -11.0078s-25.4717 3.58398 -36.7363 11.2637l-702.208 467.072c-0.255859 0.255859 -0.639648 0.511719 -1.02344 0.767578l-2.94434 2.30469c-1.28027 0.895508 -2.55957 2.04785 -3.71191 3.07129
+c-0.895508 0.896484 -1.79199 1.79199 -2.6875 2.68848c-1.02441 1.02344 -2.17676 2.30371 -3.2002 3.45605c-0.768555 0.895508 -1.53613 1.79199 -2.30469 2.81543c-0.895508 1.28027 -1.79199 2.56055 -2.6875 3.96875
+c-0.768555 0.895508 -1.4082 1.91992 -1.91992 2.94336c-0.896484 1.53613 -1.66406 2.94434 -2.30371 4.48047c-0.512695 0.895508 -1.02441 1.91992 -1.53613 3.07129c-0.640625 1.66406 -1.15234 3.2002 -1.66406 4.86426
+c-0.383789 0.896484 -0.768555 1.91992 -1.02441 3.07227c-0.511719 1.91992 -0.767578 3.71191 -1.15137 5.50391c-0.128906 1.02441 -0.384766 2.04785 -0.512695 2.94434c-0.383789 2.81543 -0.639648 5.75977 -0.639648 8.57617v466.943
+c0 2.94434 0.255859 5.75977 0.639648 8.7041c0.12793 0.896484 0.383789 1.79199 0.512695 2.81641c0.383789 1.91992 0.639648 3.71191 1.15137 5.50391c0.255859 1.15137 0.640625 2.17578 1.02441 3.2002c0.511719 1.53516 1.02344 3.19922 1.66406 4.86328
+c0.511719 1.02441 1.02344 2.04785 1.53613 3.2002c0.639648 1.53613 1.40723 2.81641 2.30371 4.48047c0.639648 0.895508 1.28027 1.91992 1.91992 2.94336c0.767578 1.28027 1.79199 2.68848 2.6875 3.96875c0.640625 1.02344 1.4082 1.79199 2.30469 2.81543
+c1.02344 1.28027 2.04785 2.43164 3.2002 3.58398c0.895508 0.768555 1.79199 1.66406 2.6875 2.68848c1.15234 1.02344 2.43164 2.04785 3.71191 3.07129l2.94434 2.17676c0.383789 0.255859 0.767578 0.639648 1.15137 0.895508l702.208 466.944
+c22.1445 14.7197 51.0723 14.7197 73.2168 0l702.08 -467.2c0.383789 -0.255859 0.767578 -0.639648 1.15137 -0.896484c0.896484 -0.767578 1.91992 -1.53516 2.81641 -2.30371c1.2793 -0.895508 2.55957 -1.91992 3.71191 -3.07227
+c1.02344 -0.895508 1.91992 -1.79199 2.6875 -2.6875c1.15234 -1.02441 2.17676 -2.17578 3.32812 -3.45605c0.768555 -0.896484 1.53613 -1.79199 2.30469 -2.81641c0.895508 -1.2793 1.79199 -2.55957 2.6875 -3.96777
+c0.639648 -0.895508 1.4082 -1.91992 1.91992 -2.94434c0.896484 -1.53516 1.66406 -2.81543 2.30371 -4.35156c0.512695 -1.02441 1.02441 -2.04785 1.53613 -3.2002c0.640625 -1.66406 1.15234 -3.2002 1.79199 -4.73535
+c0.255859 -1.02441 0.768555 -2.04883 1.02441 -3.2002c0.511719 -1.79199 0.767578 -3.58398 1.15137 -5.50391c0.128906 -0.896484 0.384766 -1.79199 0.512695 -2.81641zM1090.05 1601.28v-307.328l286.208 -190.977l231.168 154.24zM957.952 1601.28l-517.248 -344.064
+l231.04 -154.24l286.208 191.104v307.2zM387.84 1133.95v-220.416l165.12 110.208zM957.952 446.208v307.328l-286.208 190.976l-231.04 -154.111zM1024 867.84l233.472 155.904l-233.472 155.904l-233.472 -155.904zM1090.05 446.208l517.376 344.064l-231.168 154.111
+l-286.208 -190.976v-307.2zM1660.29 913.536v220.416l-165.248 -110.208z" />
+    <glyph glyph-name="uniF475" unicode="&#xf475;" 
+d="M1024 1792c424.064 0 768 -343.936 768 -768s-343.936 -768 -768 -768s-768 343.936 -768 768s343.936 768 768 768zM476.16 1340.54l-2.81641 3.96777c-4.60742 -7.93555 -8.83203 -16.1279 -13.1836 -24.3193l4.47949 1.02344l17.5361 6.27246l30.208 2.6875zM1024 384
+c265.088 0 493.056 162.176 590.208 392.576l-6.52832 10.4961l14.9766 50.8154l-34.6885 25.2158l-25.3438 7.55273l-23.5518 19.8398l-55.8086 -21.1201l-52.7354 -3.07227l-39.9365 29.0566l-39.04 53.5039l-0.767578 32.5117l0.895508 54.2725l5.63184 7.55176
+l4.86426 18.1758l22.7842 35.0723l13.3125 13.0557l18.6875 20.7363l13.0557 25.5996l36.8643 34.9443l37.7598 -0.383789l27.6484 9.59961l66.4316 7.16797l25.9844 -36.8643l24.1924 -10.4961c-8.44824 39.4248 -20.2246 77.6963 -35.585 114.049l-5.50391 5.11914
+l-13.4395 -6.65527l-28.9277 -2.68848l-23.8086 -21.248l-25.9834 -35.0723l-50.6885 -11.6475l-23.5518 9.21582l2.6875 40.5762l13.3125 25.2158l46.4639 -2.6875l8.57617 21.8877l-24.0645 26.624l20.6084 8.32031l40.4482 22.0156l14.4639 11.6484
+c-49.1523 77.6953 -113.664 144.256 -190.721 194.688l-4.35156 -1.79199l20.3516 -17.792l-32.8955 5.24805l-4.6084 -9.34375l21.248 -2.56055l-7.93555 -8.95996l-59.9043 -10.3682l-77.3115 -34.3037l-59.9043 -28.9277l-6.27246 59.6475l16.8965 32.6406
+l-12.416 21.7598l-45.9521 19.4561l-22.1436 17.1523l32.1279 7.67969l69.1201 16.8955l29.8232 1.66406c-64.7676 22.1445 -132.991 36.7363 -205.056 36.7363c-146.56 0 -280.064 -51.4561 -388.096 -134.656l38.2715 1.15234l47.7441 -12.2881l32 -8.19238
+l34.8164 7.80859l47.6152 -6.0166l29.9521 7.2959l5.63184 18.0488l28.1602 -2.94434l11.0078 -22.7842l47.6162 4.35254l-74.752 -24.7041l-36.0957 -20.8643l-55.168 -42.2402l13.6963 -14.9756l38.3994 -18.0479l27.3926 -28.0322l33.6641 34.4316l19.4551 37.8887
+l33.0244 22.6553l33.0244 -16.7676l9.08789 -18.4316l28.9277 10.2393l10.2402 -55.168l20.4795 -20.0957l-74.752 -19.0723l-54.7842 -21.5039l42.752 11.7764l-5.24707 -17.1523l13.5674 -15.3604l11.2646 -7.16797l-45.9521 -18.6875l16.1279 18.8154l-25.9844 -5.63184
+l-31.2314 -14.8477l-14.208 -16.5117l-34.9443 -19.3281l-25.6006 -20.2246l-9.72754 -23.4238l-32.7676 -26.752l-25.8564 -59.3916l-8.06348 -25.7285l-23.6807 47.4883l-46.208 -0.12793l-38.3994 0.255859l-49.2803 -39.6797l-6.52832 -43.5205l29.6963 -32.3838
+l57.2158 30.7197l-14.8477 -43.5195l-40.4482 -26.1123l-39.2959 9.47266l-43.5205 18.1758l-49.9199 79.1035l-22.1436 47.2324l-5.24805 16.2559l7.42383 -66.0479l-0.639648 -17.1523l-8.19238 10.2402l-4.99219 16.6396l-9.9834 12.416l-5.12012 22.9121
+l-0.255859 35.9678l-26.752 46.3359c-17.4082 -58.1113 -29.5684 -118.399 -29.5684 -182.144c0 -295.936 202.88 -543.232 476.16 -616.192l-4.0957 12.6729l-9.60059 137.6l-11.1357 62.8477l-67.3281 65.792l-31.7441 56.3203l-10.624 27.9043l7.67969 16.5117
+l14.0801 52.9922l7.55273 61.6953l-8.32031 4.73633l-14.9756 -10.8799l-19.9688 9.34375l13.4404 6.27246l59.9043 13.8242l39.4238 17.6631l-2.43262 -26.752l14.5928 24.1924l19.7119 -6.91211l67.7119 -21.6318l48.5117 -33.6641l34.9443 -19.3281l8.31934 -5.50391
+l-8.19141 -48.7676l33.4082 9.47168l-8.32031 -16.6396l47.3604 -10.1123l48 -3.96777l31.3594 -19.7119l1.28027 -57.3447l-22.7842 -65.4072l-27.6475 -68.0967l-50.1768 -30.8477l-39.9355 -90.8799l-36.0957 5.12012l17.1514 -23.4238l-1.91992 -16.5127
+l-33.2803 -26.4961c19.4561 -1.79199 38.1445 -5.8877 57.9844 -5.8877z" />
+    <glyph glyph-name="uniF432" unicode="&#xf432;" 
+d="M1408 640l-448 448l-448 -448l-128 128l576 576l576 -576z" />
+    <glyph glyph-name="uniF210" unicode="&#xf210;" 
+d="M1024 2048c565.632 0 1024 -458.496 1024 -1024c0 -565.632 -458.368 -1024 -1024 -1024c-100.864 0 -198.016 14.7197 -290.176 42.1123c38.7842 61.4395 81.2793 140.288 103.04 219.264c12.6719 45.5684 72.0635 281.6 72.0635 281.6
+c35.7119 -67.9678 139.648 -127.743 250.24 -127.743c329.088 0 552.448 300.159 552.448 701.823c0 303.744 -257.28 586.624 -648.192 586.624c-486.527 0 -731.904 -348.8 -731.904 -639.744c0 -176.128 66.5605 -332.928 209.664 -391.168
+c23.4248 -9.59961 44.416 -0.511719 51.2002 25.4727c4.73633 18.0479 16 63.4873 20.9922 82.1758c6.78418 25.7275 4.0957 34.6875 -14.8477 57.2158c-41.0879 48.6406 -67.4561 111.488 -67.4561 200.704c0 258.816 193.536 490.496 504.063 490.496
+c274.944 0 426.112 -168.064 426.112 -392.448c0 -295.296 -130.432 -544.384 -324.608 -544.384c-107.136 0 -187.264 88.5762 -161.664 197.12c30.7207 129.664 90.4961 269.824 90.4961 363.392c0 83.8398 -44.9277 153.729 -138.111 153.729
+c-109.44 0 -197.504 -113.28 -197.504 -265.088c0 -96.6406 32.7676 -162.049 32.7676 -162.049s-112.128 -474.88 -131.712 -557.951c-18.4316 -77.8242 -20.7363 -163.456 -17.9199 -235.137c-360.832 158.336 -612.992 518.784 -612.992 937.984
+c0 565.504 458.496 1024 1024 1024z" />
+    <glyph glyph-name="uniF437" unicode="&#xf437;" 
+d="M1280 1792c141.312 0 256 -114.688 256 -256v-1024c0 -141.312 -114.688 -256 -256 -256h-512c-141.312 0 -256 114.688 -256 256v1024c0 141.312 114.688 256 256 256h512zM1024 384c70.7842 0 128 57.2158 128 128s-57.2158 128 -128 128
+c-70.6562 0 -128 -57.2158 -128 -128s57.3438 -128 128 -128zM1408 768v768h-768v-768h768z" />
+    <glyph glyph-name="uniF468" unicode="&#xf468;" 
+d="M256 256v1536h256v-1536h-256zM1536 1664h256v-768h-256c-256 0 -256 128 -512 128s-256 -128 -384 -128v768c128 0 128 128 384 128s256 -128 512 -128z" />
+    <glyph glyph-name="uniF107" unicode="&#xf107;" 
+d="M1088 1792c176.768 0 320 -143.232 320 -320v-384c0 -131.2 -78.9756 -243.584 -192 -292.992v150.912c39.04 35.2002 64 85.6318 64 142.08v384c0 105.856 -86.1436 192 -192 192s-192 -86.1436 -192 -192v-384c0 -56.4482 24.96 -106.88 64 -142.08v-150.912
+c-112.896 49.4082 -192 161.792 -192 292.992v384c0 176.768 143.232 320 320 320zM960 1380.99c112.896 -49.4082 192 -161.792 192 -292.992v-384c0 -176.768 -143.232 -320 -320 -320s-320 143.232 -320 320v384c0 131.2 79.1035 243.584 192 292.992v-150.912
+c-39.04 -35.2002 -64 -85.6318 -64 -142.08v-384c0 -105.856 86.1436 -192 192 -192s192 86.1436 192 192v384c0 56.4482 -24.96 106.88 -64 142.08v150.912z" />
+    <glyph glyph-name="uniF442" unicode="&#xf442;" 
+d="M1280 640v256l128 128v-512h-896v896h512l-128 -128h-256v-640h640zM1024 1664h640v-640h-128v421.504l-549.504 -549.504l-90.4961 90.4961l549.504 549.504h-421.504v128z" />
+    <glyph glyph-name="uniF221" unicode="&#xf221;" 
+d="M1664 1024c0 -55.9355 -35.9678 -102.912 -85.8877 -120.32c13.8232 -20.6074 21.8877 -45.0557 21.8877 -71.6797c0 -55.8076 -35.9678 -102.784 -85.8877 -120.32c13.8232 -20.6074 21.8877 -45.0557 21.8877 -71.6797c0 -70.6562 -57.3438 -128 -128 -128h-64
+c70.6562 0 128 -57.3438 128 -128s-57.3438 -128 -128 -128h-448c-192 0 -256 128 -384 128h-128v640h192c128 0 320 256 320 640c0 0 0 128 64 128s192 -144 192 -320c0 -192 -32 -320 -32 -320h416c70.6562 0 128 -57.3438 128 -128z" />
+    <glyph glyph-name="uniF50A" unicode="&#xf50a;" 
+d="M1856 1024c35.3281 0 64 -28.6719 64 -64s-28.6719 -64 -64 -64h-204.928c-9.85645 -48.7676 -26.624 -94.5918 -46.8486 -138.624c116.608 -134.528 187.776 -309.376 187.776 -501.376v-64c0 -35.2002 -28.6719 -64 -64 -64s-64 28.7998 -64 64v64
+c0 144.896 -48.7676 277.888 -130.048 385.152c-116.736 -155.265 -300.672 -257.152 -509.952 -257.152c-208.768 0 -392.448 101.504 -509.312 256.128c-81.2803 -106.88 -130.688 -239.231 -130.688 -384.128v-64c0 -35.2002 -28.6719 -64 -64 -64s-64 28.7998 -64 64v64
+c0 192 71.2959 366.72 187.904 501.376c-20.3525 44.0322 -36.9922 89.8564 -46.9766 138.624h-204.928c-35.3281 0 -64 28.6719 -64 64s28.6719 64 64 64h192c0 61.6963 12.1602 119.936 29.0557 176c-98.1758 129.024 -157.056 289.408 -157.056 464v64
+c0 35.3281 28.6719 64 64 64s64 -28.6719 64 -64v-64c0 -353.408 286.592 -640 640 -640c353.536 0 640 286.592 640 640v64c0 35.3281 28.6719 64 64 64s64 -28.6719 64 -64v-64c0 -173.952 -58.4961 -333.824 -156.032 -462.592
+c17.2803 -56.3203 28.0322 -115.328 28.0322 -177.408h192zM1024 1152c-208.896 0 -388.352 126.08 -467.84 305.92c116.864 126.08 282.496 206.08 467.84 206.08c185.472 0 350.976 -80 467.84 -206.08c-79.4883 -179.84 -258.815 -305.92 -467.84 -305.92z" />
+    <glyph glyph-name="uniF455" unicode="&#xf455;" 
+d="M1024 1792c424.064 0 768 -343.936 768 -768s-343.936 -768 -768 -768c-424.192 0 -768 343.936 -768 768s343.808 768 768 768zM1024 1536c-70.7842 0 -128 -57.3438 -128 -128s57.2158 -128 128 -128c70.6562 0 128 57.3438 128 128s-57.3438 128 -128 128zM1280 512
+v128h-160v512h-320.128v-128h128.128v-384h-160v-128h512z" />
+    <glyph glyph-name="uniF223" unicode="&#xf223;" 
+d="M1105.28 1232.51v92.9287c0 44.1592 -36.4805 79.8711 -81.2803 79.8711s-81.2803 -35.7119 -81.2803 -79.8711l-0.383789 -481.024c-2.55957 -184.192 -155.008 -332.416 -342.912 -332.416c-189.696 0 -343.424 150.912 -343.424 337.28v209.151h262.784v-206.592
+c0 -43.9043 36.3516 -79.7441 81.2803 -79.7441c44.9277 0 81.2793 35.7119 81.2793 79.7441v487.168c6.65625 180.48 157.185 324.992 342.656 324.992c186.112 0 337.152 -145.536 342.656 -327.04v-106.624l-156.416 -45.8242zM1529.22 1058.43h262.784v-209.151
+c0 -186.368 -153.728 -337.28 -343.424 -337.28c-188.544 0 -341.632 149.376 -343.296 334.08v210.304l104.96 -48l156.288 45.8242v-211.84c0 -44.2881 36.3516 -80 81.4072 -80c44.9287 0 81.2803 35.7119 81.2803 80v216.063z" />
+    <glyph glyph-name="uniF212" unicode="&#xf212;" 
+d="M1658.75 1791.87c184.192 -5.37598 270.976 -123.776 260.352 -355.072c-7.93555 -172.928 -129.792 -409.472 -365.439 -710.016c-243.584 -313.729 -449.792 -470.784 -618.368 -470.784c-104.448 0 -192.896 95.6162 -264.96 286.72
+c-48.2559 175.232 -96.5117 350.336 -144.64 525.568c-53.6318 190.976 -111.232 286.592 -172.672 286.592c-13.4404 0 -60.416 -27.7764 -140.673 -83.584l-84.3516 107.648c88.4482 77.0557 175.616 154.111 261.504 231.168
+c117.888 100.991 206.464 154.111 265.472 159.487c139.521 13.3125 225.28 -81.2793 257.536 -283.392c34.8164 -218.24 58.8799 -353.92 72.4482 -407.04c40.1924 -180.992 84.4805 -271.36 132.736 -271.36c37.5039 0 93.8232 58.752 169.088 176.128
+c75.0078 117.376 115.2 206.849 120.576 268.16c10.624 101.376 -29.4404 152.192 -120.576 152.192c-43.0078 0 -87.2959 -9.98438 -132.736 -29.1846c88.0645 285.952 256.512 424.704 504.704 416.769z" />
+    <glyph glyph-name="uniF206" unicode="&#xf206;" 
+d="M729.6 1152h550.4s12.7998 -38.4004 12.7998 -89.5996c0 -332.801 -230.399 -563.2 -563.2 -563.2c-320 0 -588.8 268.8 -588.8 588.8s281.601 588.8 588.8 588.8c153.601 0 294.4 -51.2002 384 -153.6l-153.6 -153.601c-38.4004 25.6006 -102.4 76.8008 -230.4 76.8008
+c-204.8 0 -371.199 -166.4 -371.199 -371.2s166.399 -371.2 371.199 -371.2c230.4 0 320 166.4 332.801 243.2h-332.801v204.8zM1664 1152h128v-128h-128v-128h-128v128h-128v128h128v128h128v-128z" />
+    <glyph glyph-name="uniF407" unicode="&#xf407;" 
+d="M1280 1536l256 -128v-128h-128h-128h-128h-128h-128h-128h-128h-128h-128v128l256 128c0 70.7842 57.3438 128 128 128h384c70.7842 0 128 -57.2158 128 -128zM1088 1408c35.3281 0 64 28.6719 64 64s-28.6719 64 -64 64h-256c-35.3281 0 -64 -28.6719 -64 -64
+s28.6719 -64 64 -64h256zM1280 1216h128v-704c0 -70.7842 -57.2158 -128 -128 -128h-640c-70.6562 0 -128 57.2158 -128 128v704h128v-704h128v704h128v-704h128v704h128v-704h128v704z" />
+    <glyph glyph-name="uniF414" unicode="&#xf414;" 
+d="M1996.03 601.984c116.992 -190.208 29.6953 -345.984 -193.536 -345.984h-1556.99c-223.231 0 -310.528 155.776 -193.536 345.984l759.552 1236.99c116.864 190.336 308.097 190.336 424.961 0zM1024 512c70.7842 0 128 57.2158 128 128s-57.2158 128 -128 128
+c-70.6562 0 -128 -57.2158 -128 -128s57.3438 -128 128 -128zM1113.22 896l51.584 640h-281.6l51.2002 -640h178.815z" />
+    <glyph glyph-name="uniF50E" unicode="&#xf50e;" 
+d="M384 896v256h1280v-256h-1280z" />
+    <glyph glyph-name="uniF461" unicode="&#xf461;" 
+d="M1024 384l-647.552 612.992c-149.376 141.312 -161.408 383.231 -27.1367 540.288c134.4 157.184 364.416 169.855 513.792 28.5439l160.896 -152.32l160.768 152.32c149.248 141.184 379.393 128.64 513.792 -28.5439
+c134.656 -157.057 122.368 -398.977 -27.0078 -540.416z" />
+    <glyph glyph-name="uniF470" unicode="&#xf470;" 
+d="M1536 1152c70.7842 0 128 -57.3438 128 -128v-640c0 -70.7842 -57.2158 -128 -128 -128h-1024c-70.6562 0 -128 57.2158 -128 128v640c0 70.6562 57.3438 128 128 128v128c0 282.752 229.248 512 512 512s512 -229.248 512 -512v-128zM768 1152h512v128
+c0 141.312 -114.688 256 -256 256s-256 -114.688 -256 -256v-128z" />
+    <glyph glyph-name="uniF50C" unicode="&#xf50c;" 
+d="M1479.55 819.2c98.5605 -32 203.137 -51.2002 312.448 -51.2002v-512c-848.256 0 -1536 687.744 -1536 1536h512c0 -162.048 38.5283 -314.752 105.856 -450.816l-189.185 -189.184c136.192 -235.008 344.96 -422.4 595.328 -532.224z" />
+    <glyph glyph-name="uniF220" unicode="&#xf220;" 
+d="M1856.77 834.048c32.3848 -65.6641 50.6885 -138.88 50.3047 -217.344c0 -269.696 -218.88 -488.704 -488.576 -488.704c-83.584 0 -161.92 21.376 -230.656 58.1123c-50.4316 -8.83203 -102.016 -13.8242 -154.496 -13.8242
+c-465.279 0 -842.624 377.216 -842.624 842.496c0 58.2402 6.14453 114.688 17.2803 169.6c-42.4961 72.1924 -67.0723 156.8 -67.0723 246.912c0 269.824 218.88 488.704 488.704 488.704c95.7441 0 184.704 -27.3916 260.225 -75.0078
+c46.4639 7.80762 94.5918 12.416 143.871 12.416c465.408 0 842.624 -377.344 842.624 -842.624c0 -62.0801 -6.65527 -122.752 -19.584 -180.736zM1466.11 612.096c38.9121 55.5527 58.624 118.656 58.752 188.16c0 58.2402 -11.2646 107.904 -34.1758 148.353
+c-22.9121 40.3193 -54.7842 73.8555 -95.2324 100.224c-39.168 25.7275 -87.8076 48.1279 -143.744 66.0479c-55.4238 17.9199 -118.271 34.1758 -186.496 48.6396c-53.7598 12.416 -93.0557 21.8887 -116.479 28.6729c-23.04 6.14355 -45.4404 15.2314 -67.8398 26.3672
+c-21.8887 10.624 -38.5283 23.5527 -50.4326 38.0166c-11.1357 13.9521 -16.7676 30.3359 -16.7676 49.2803c0 31.2314 16.8955 57.4717 52.2236 80.5117c36.3525 23.5518 85.6318 35.9678 146.048 35.9678c64.8965 0 112.384 -11.2637 140.544 -32.6396
+c29.1846 -21.6318 54.2725 -53.6318 75.5205 -93.3125c18.5596 -31.3594 34.9434 -53.248 50.6875 -67.2002c16.3838 -14.5918 40.5762 -22.3994 71.9365 -22.3994c34.9434 0 63.8721 12.416 86.9121 36.4795c23.04 23.4248 34.6875 50.8164 34.6875 81.1523
+c0 31.3604 -9.08789 63.3604 -25.2158 95.7441c-17.2803 32.3838 -44.7998 63.1035 -81.9199 92.2881c-36.8643 28.5439 -83.8398 52.0957 -139.008 69.5039c-55.8086 16.7676 -121.729 25.5996 -196.736 25.5996c-94.7197 0 -177.536 -13.1836 -247.424 -39.04
+c-70.5283 -26.3682 -125.952 -64.3838 -163.584 -113.664c-38.0166 -49.2793 -56.96 -106.496 -56.96 -170.239c0 -67.2002 17.792 -123.776 54.2715 -169.217c35.0723 -44.1592 83.9688 -79.8721 144.385 -105.728c58.752 -25.2158 133.247 -47.3604 220.672 -66.0479
+c64.2559 -13.3125 115.712 -26.2402 154.239 -38.0166c36.8643 -11.2637 67.3281 -27.9033 89.9844 -49.2793c22.1436 -20.7363 32.6396 -46.9766 32.6396 -80.1279c0 -42.3682 -20.2236 -76.8008 -62.0801 -105.345c-43.1357 -29.0557 -100.352 -43.9033 -169.728 -43.9033
+c-50.9443 0 -92.416 7.16797 -122.624 21.6318c-30.3359 13.9521 -54.2715 32.5117 -70.5283 54.2715c-17.2793 22.6562 -33.4072 51.4561 -48.6396 85.7607c-13.4404 31.3594 -29.5684 55.8076 -49.2803 72.0635c-20.7354 17.2803 -45.3115 25.7285 -74.4961 25.7285
+c-35.0713 0 -64.7676 -10.3682 -87.8076 -32.3848c-23.5518 -21.8877 -35.3281 -48.6396 -35.3281 -79.6152c0 -48.8965 17.9199 -100.608 53.8877 -152.192c35.0723 -50.9443 82.3047 -92.416 138.752 -123.136c79.3604 -41.8564 180.864 -63.1045 301.696 -63.1045
+c100.736 0 189.44 15.4883 263.04 46.208c75.3926 30.9766 132.225 74.4961 171.648 129.92z" />
+    <glyph glyph-name="uniF415" unicode="&#xf415;" 
+d="M1408 1024h512v-256h-310.016c-98.8164 -225.92 -323.584 -384 -585.984 -384c-176.768 0 -335.488 72.832 -451.072 188.928l0.640625 0.640625c-50.0488 50.0479 -50.0488 130.943 0 180.991c50.0479 50.0488 130.943 50.1768 180.991 0
+c69.376 -69.6318 163.456 -114.56 269.44 -114.56c212.096 0 384 171.904 384 384zM1024 1408c-212.096 0 -384 -171.904 -384 -384h-512v256h310.016c98.8164 225.92 323.712 384 585.984 384c176.896 0 335.488 -72.96 451.072 -188.928
+c50.0479 -50.0479 50.0479 -130.944 0 -180.992s-130.944 -50.0479 -180.992 0l-0.639648 -0.639648c-69.376 69.6318 -163.328 114.56 -269.44 114.56zM832 1024c0 106.112 86.0156 192 192 192c106.112 0 192 -85.8877 192 -192s-85.8877 -192 -192 -192
+c-105.984 0 -192 85.8877 -192 192z" />
+    <glyph glyph-name="uniF207" unicode="&#xf207;" 
+d="M604.672 256h-329.216v990.72h329.216v-990.72zM440.064 1381.89h-2.04883c-110.464 0 -182.016 76.1602 -182.016 171.137c0 97.1514 73.5996 171.136 186.368 171.136c112.512 0 181.888 -74.1123 184.063 -171.136c0 -94.9766 -71.5518 -171.137 -186.367 -171.137z
+M1792 256h-329.216v530.048c0 133.12 -47.3604 224 -166.656 224c-91.1357 0 -145.28 -61.1836 -169.088 -120.32c-8.57617 -21.2471 -10.752 -50.9434 -10.752 -80.5117v-553.216h-329.344s4.35156 897.792 0 990.72h329.344v-140.416
+c43.7764 67.4561 121.984 163.584 296.448 163.584c216.704 0 379.264 -141.567 379.264 -445.823v-568.064z" />
+    <glyph glyph-name="uniF500" unicode="&#xf500;" 
+d="M2048 0h-1920l960 959.872z" />
+    <glyph glyph-name="uniF302" unicode="&#xf302;" 
+d="M1024 1536h512v-512l-768 -768l-512 512zM1280 1152c70.7842 0 128 57.2158 128 128s-57.2158 128 -128 128s-128 -57.2158 -128 -128s57.2158 -128 128 -128z" />
+    <glyph glyph-name="uniF108" unicode="&#xf108;" 
+d="M1664 1536c141.312 0 256 -114.688 256 -256v-384c0 -141.312 -114.688 -256 -256 -256h-128v-448l-448 448h-331.008l128 128h395.008c211.712 0 384 172.288 384 384v384zM1280 1792c141.312 0 256 -114.688 256 -256v-384c0 -141.312 -114.688 -256 -256 -256h-448
+l-448 -448v448h-128c-141.312 0 -256 114.688 -256 256v384c0 141.312 114.688 256 256 256h1024z" />
+    <glyph glyph-name="uniF405" unicode="&#xf405;" 
+d="M1536 1408l-320 -320l320 -320l-128 -128l-320 320l-320 -320l-128 128l320 320l-320 320l128 128l320 -320l320 320z" />
+    <glyph glyph-name="uniF501" unicode="&#xf501;" 
+d="M0 128v1920l960 -960z" />
+    <glyph glyph-name="uniF50D" unicode="&#xf50d;" 
+d="M1024.13 896c-105.984 0 -192.128 86.0156 -192.128 192v512c0 105.856 86.1436 192 192.128 192c106.112 0 191.872 -86.1436 191.872 -192v-512c0 -105.984 -85.7598 -192 -191.872 -192zM1401.47 1024h192c-27.3916 -244.48 -206.464 -441.984 -441.472 -496v-272
+h-256v272c-234.88 54.0156 -414.08 251.52 -441.472 496h192c30.5918 -181.504 187.52 -320 377.472 -320c190.208 0 347.008 138.496 377.472 320z" />
+    <glyph glyph-name="uniF503" unicode="&#xf503;" 
+d="M2048 2048v-1920l-960 960z" />
+    <glyph glyph-name="uniF101" unicode="&#xf101;" 
+d="M1024 1792c424.064 0 768 -343.936 768 -768s-343.936 -768 -768 -768s-768 343.936 -768 768s343.936 768 768 768zM1024 768c141.312 0 256 114.688 256 256s-114.688 256 -256 256s-256 -114.688 -256 -256s114.688 -256 256 -256z" />
+    <glyph glyph-name="uniF204" unicode="&#xf204;" 
+d="M1182.21 1271.81h328.704l-14.4639 -302.72h-314.24v-841.088h-320.128v841.088h-222.08v302.72h222.08v258.561c0 203.008 131.456 389.632 434.176 389.632c122.496 0 212.992 -11.6484 212.992 -11.6484l-7.04004 -282.624s-92.5439 0.640625 -193.536 0.640625
+c-108.928 0 -126.464 -50.3037 -126.464 -133.504c0 -12.416 0 -15.3604 0 -13.9521v-207.104z" />
+    <glyph glyph-name="uniF444" unicode="&#xf444;" 
+d="M1600 640c-70.7842 0 -128 -57.2158 -128 -128s57.2158 -128 128 -128h64v-128h-1024c-141.312 0 -256 114.688 -256 256v1024c0 141.312 114.688 256 256 256h1024v-1152h-64zM640 384h817.92c-30.7197 34.0479 -49.9199 78.5918 -49.9199 128
+s19.2002 93.9521 49.9199 128h-817.92c-70.6562 0 -128 -57.2158 -128 -128s57.3438 -128 128 -128z" />
+    <glyph glyph-name="uniF416" unicode="&#xf416;" 
+d="M1088 1792c176.768 0 320 -143.232 320 -320v-640c0 -247.424 -200.576 -448 -448 -448s-448 200.576 -448 448v320h128v-320c0 -176.768 143.232 -320 320 -320c176.64 0 320 143.232 320 320v640c0 105.984 -86.0156 192 -192 192c-106.112 0 -192 -86.0156 -192 -192
+v-512c0 -35.3281 28.6719 -64 64 -64s64 28.6719 64 64v451.968h128v-451.968c0 -105.984 -86.0156 -192 -192 -192c-106.112 0 -192 86.0156 -192 192v512c0 176.768 143.232 320 320 320z" />
+    <glyph glyph-name="uniF459" unicode="&#xf459;" 
+d="M1920 1664v-1280l-768 480v-480l-1024 640l1024 640v-480z" />
+    <glyph glyph-name="uniF441" unicode="&#xf441;" 
+d="M1664 1024c141.312 0 256 -114.688 256 -256s-114.688 -256 -256 -256h-512v256h256l-384 384l-384 -384h256v-256h-512c-141.312 0 -256 114.688 -256 256s114.688 256 256 256h6.40039c-4.09668 20.7363 -6.40039 42.1123 -6.40039 64c0 176.768 143.232 320 320 320
+c89.3438 0 169.984 -36.7363 227.968 -95.8721c60.7998 131.84 193.408 223.872 348.032 223.872c211.968 0 384 -171.904 384 -384c0 -45.1836 -9.21582 -87.8076 -23.5518 -128h23.5518z" />
+    <glyph glyph-name="uniF506" unicode="&#xf506;" 
+d="M768 1920l489.344 -489.472l-640 -640l-268.928 269.056c-49.792 49.792 -49.792 131.2 0 180.992l292.864 292.735l-1.28027 2.68848s128 128 128 384zM1738.24 565.76c33.1514 -32.7676 53.7598 -78.208 53.7598 -128.64c0 -99.9678 -81.1523 -181.12 -181.12 -181.12
+c-50.4316 0 -95.7441 20.6084 -128.64 53.7598l-330.24 330.24v128l-64 64c-35.2002 35.2002 -104.704 23.2959 -154.496 -26.4961l-75.0078 -75.0078c-49.792 -49.792 -131.2 -49.792 -180.992 0l-14.8477 14.8477l640 640l14.8477 -14.8477
+c49.792 -49.792 49.792 -131.2 0 -180.992l-75.0078 -75.0078c-49.792 -49.792 -61.6963 -119.296 -26.4961 -154.496l64 -64h128zM1610.88 373.12c35.3281 0 64 28.6719 64 64s-28.6719 64 -64 64s-64 -28.6719 -64 -64s28.6719 -64 64 -64z" />
+    <glyph glyph-name="uniF105" unicode="&#xf105;" 
+d="M1408 1408c0 -167.04 -107.264 -307.584 -256 -360.448v-535.552l-256 -128v663.552c-148.864 52.8643 -256 193.408 -256 360.448c0 212.096 171.904 384 384 384c211.968 0 384 -171.904 384 -384z" />
+    <glyph glyph-name="uniF473" unicode="&#xf473;" 
+d="M384 1664h1280v-1280h-1280v1280zM768 1408c-70.6562 0 -128 -57.3438 -128 -128s57.3438 -128 128 -128s128 57.3438 128 128s-57.3438 128 -128 128zM1536 512v576l-128 192l-448 -672l-192 288l-256 -384h1024z" />
+    <glyph glyph-name="uniF452" unicode="&#xf452;" 
+d="M512 1664l1024 -640l-1024 -640v1280z" />
+    <glyph glyph-name="uniF408" unicode="&#xf408;" 
+d="M1792 1150.72l-475.904 -329.983l182.528 -535.04l-474.624 331.903l-474.624 -331.903l182.528 535.04l-475.904 329.983l587.52 -1.02344l180.48 535.68l180.48 -535.68z" />
+    <glyph glyph-name="uniF450" unicode="&#xf450;" 
+d="M768 1024l1024 640v-1280zM256 384v1280h384v-1280h-384z" />
+    <glyph glyph-name="uniF517" unicode="&#xf517;" 
+d="M1408 1152l384 384v-1024l-384 384v-256c0 -70.7842 -57.2158 -128 -128 -128h-896c-70.6562 0 -128 57.2158 -128 128v768c0 70.6562 57.3438 128 128 128h896c70.7842 0 128 -57.3438 128 -128v-256z" />
+    <glyph glyph-name="uniF106" unicode="&#xf106;" 
+d="M256 896v640h640v-640c0 -282.752 -229.248 -512 -512 -512v256c141.312 0 256 114.688 256 256h-384zM1152 1536h640v-640c0 -282.752 -229.248 -512 -512 -512v256c141.312 0 256 114.688 256 256h-384v640z" />
+    <glyph glyph-name="uniF208" unicode="&#xf208;" 
+d="M1664 1920c141.312 0 256 -114.688 256 -256v-1280c0 -141.312 -114.688 -256 -256 -256h-1280c-141.312 0 -256 114.688 -256 256v1280c0 141.312 114.688 256 256 256h1280zM663.168 384v792.96h-263.552v-792.96h263.552zM531.328 1285.25
+c91.9043 0 149.12 60.9277 149.12 136.96c-1.66406 77.6963 -57.2158 136.96 -147.328 136.96c-90.2402 0 -149.12 -59.2637 -149.12 -136.96c0 -76.0322 57.2158 -136.96 145.664 -136.96h1.66406zM1613.44 384v454.656c0 243.456 -130.049 356.863 -303.488 356.863
+c-139.776 0 -202.496 -76.9277 -237.44 -130.943v112.384h-263.552c3.45605 -74.3682 0 -792.96 0 -792.96h263.552v442.88c0 23.6797 1.79199 47.3604 8.57617 64.1279c19.0723 47.3604 62.4639 96.3838 135.296 96.3838c95.4883 0 133.504 -72.7031 133.504 -179.199
+v-424.192h263.553z" />
+    <glyph glyph-name="uniF304" unicode="&#xf304;" 
+d="M1024 1152c-141.312 0 -256 114.688 -256 256s114.688 256 256 256s256 -114.688 256 -256s-114.688 -256 -256 -256zM1152 1024c211.968 0 384 -171.904 384 -384v-256h-1024v256c0 212.096 172.032 384 384 384h256z" />
+    <glyph glyph-name="uniF225" unicode="&#xf225;" 
+d="M655.104 1857.54l368.896 -307.968l-531.456 -328.192l-364.544 291.84zM128 929.536l364.544 291.84l531.456 -328.064l-368.896 -308.096zM1024 893.312l531.456 328.064l364.544 -291.84l-527.232 -344.32zM1920 1513.22l-364.544 -291.84l-531.456 328.192
+l368.768 307.968zM1025.02 826.88l369.92 -306.944l158.464 103.297v-115.713l-528.384 -317.056l-528.257 317.056v115.713l158.336 -103.297z" />
+    <glyph glyph-name="uniF103" unicode="&#xf103;" 
+d="M1152 1408h896v-896h-896v896zM128 1024v384h896v-384h-896zM640 512v384h384v-384h-384zM128 512v384h384v-384h-384z" />
+    <glyph glyph-name="uniF431" unicode="&#xf431;" 
+d="M1408 1280l128 -128l-576 -576l-576 576l128 128l448 -448z" />
+    <glyph glyph-name="uniF200" unicode="&#xf200;" 
+d="M1024 2048c565.504 0 1024 -458.496 1024 -1024c0 -452.224 -293.12 -835.712 -699.776 -971.392c-51.9678 -9.98438 -70.3994 21.7598 -70.3994 49.2793c0 33.4082 1.2793 144 1.2793 280.704c0 95.7441 -32.7676 158.208 -69.5039 189.696
+c228.097 25.3438 467.456 112 467.456 505.344c0 111.744 -39.5518 203.136 -105.088 274.688c10.4961 25.8555 45.6963 130.048 -10.2402 270.976c0 0 -85.8877 27.5205 -281.344 -104.96c-81.792 22.7842 -169.344 34.0479 -256.384 34.4316
+c-87.04 -0.383789 -174.592 -11.6475 -256.384 -34.4316c-195.584 132.48 -281.601 104.96 -281.601 104.96c-55.6797 -140.928 -20.4795 -244.992 -9.85547 -270.976c-65.5361 -71.5527 -105.472 -162.944 -105.472 -274.688c0 -392.32 239.104 -480.384 466.432 -506.112
+c-29.3125 -25.7275 -55.6797 -70.6553 -65.0244 -136.96c-58.2393 -26.2393 -206.72 -71.2959 -297.983 85.248c0 0 -54.1445 98.1768 -156.929 105.473c0 0 -100.096 1.2793 -7.04004 -62.208c0 0 67.0723 -31.4883 113.664 -150.017c0 0 60.0322 -198.912 344.96 -137.216
+c0.512695 -85.248 1.4082 -149.76 1.4082 -173.952c0 -27.2637 -18.6875 -58.752 -69.8877 -49.5361c-406.912 135.425 -700.288 519.168 -700.288 971.648c0 565.504 458.496 1024 1024 1024z" />
+    <glyph glyph-name="uniF421" unicode="&#xf421;" 
+d="M384 896v256h1152v-256h-1152z" />
+    <glyph glyph-name="uniF454" unicode="&#xf454;" 
+d="M640 896v128h-512v256h512v128l384 -256zM1536 2048c141.312 0 256 -114.688 256 -256v-1536c0 -141.312 -114.688 -256 -256 -256h-1024c-141.312 0 -256 114.688 -256 256v640h256v-384h1024v1280h-1024v-384h-256v384c0 141.312 114.688 256 256 256h1024zM1024 128
+c70.7842 0 128 57.2158 128 128s-57.2158 128 -128 128c-70.6562 0 -128 -57.2158 -128 -128s57.3438 -128 128 -128z" />
+    <glyph glyph-name="uniF213" unicode="&#xf213;" 
+d="M1536 1664c211.968 0 384 -171.904 384 -384v-512c0 -212.096 -172.032 -384 -384 -384h-1024c-212.096 0 -384 171.904 -384 384v512c0 212.096 171.904 384 384 384h1024zM768 640l640 384l-640 384v-768z" />
+    <glyph glyph-name="uniF401" unicode="&#xf401;" 
+d="M1297.15 878.848l494.848 -494.848l-128 -128l-494.848 494.848c-94.8486 -68.9912 -210.816 -110.848 -337.152 -110.848c-318.08 0 -576 257.92 -576 576s257.92 576 576 576s576 -257.92 576 -576c0 -126.336 -41.8564 -242.304 -110.848 -337.152zM832 768
+c247.552 0 448 200.576 448 448s-200.448 448 -448 448c-247.424 0 -448 -200.576 -448 -448s200.576 -448 448 -448zM512 1152v128h640v-128h-640z" />
+    <glyph glyph-name="uniF436" unicode="&#xf436;" 
+d="M512 1408v128h128v-128h-128zM768 1408v128h128v-128h-128zM1024 1408v128h128v-128h-128zM1280 1536h128v-128h-128v128zM512 1152v128h128v-128h-128zM768 1152v128h128v-128h-128zM1024 1152v128h128v-128h-128zM1280 1152v128h128v-128h-128zM512 896v128h128v-128
+h-128zM768 896v128h128v-128h-128zM1024 896v128h128v-128h-128zM1280 896v128h128v-128h-128zM512 640v128h128v-128h-128zM768 640v128h128v-128h-128zM1024 640v128h128v-128h-128zM1280 640v128h128v-128h-128z" />
+    <glyph glyph-name="uniF434" unicode="&#xf434;" 
+d="M1152 0l896 896v-896h-896z" />
+    <glyph glyph-name="uniF303" unicode="&#xf303;" 
+d="M960 1792c388.736 0 704 -315.136 704 -704c0 -388.736 -315.264 -704 -704 -704c-388.864 0 -704 315.264 -704 704c0 388.864 315.136 704 704 704zM960 512c317.952 0 576 257.92 576 576s-258.048 576 -576 576c-318.08 0 -576 -257.92 -576 -576
+s257.92 -576 576 -576zM1024 1536v-421.504l297.984 -297.984l-90.4961 -90.4961l-335.488 335.488v474.496h128z" />
+    <glyph glyph-name="uniF464" unicode="&#xf464;" 
+d="M1536 1408l-768 -384l-768 384v128h1536v-128zM0 1216l768 -384l256 128v-448h-1024v704zM1920 1152c70.7842 0 128 -57.3438 128 -128v-640c0 -70.7842 -57.2158 -128 -128 -128h-640c-70.7842 0 -128 57.2158 -128 128v640c0 70.6562 57.2158 128 128 128h640z
+M1920 640v128h-640v-128h640z" />
+    <glyph glyph-name="uniF109" unicode="&#xf109;" 
+d="M256 1280h384l384 384v-1280l-384 384h-384v512zM1295.49 1295.62c69.5039 -69.5039 112.512 -165.504 112.512 -271.616s-43.0078 -202.112 -112.512 -271.488l-90.4961 90.4961c46.3359 46.208 75.0078 110.208 75.0078 180.992
+c0 70.6562 -28.6719 134.656 -75.0078 181.12zM1476.61 1476.61c115.712 -115.841 187.392 -275.841 187.392 -452.608c0 -176.896 -71.6797 -336.896 -187.392 -452.608l-90.4961 90.4961c92.6719 92.6719 149.888 220.672 149.888 362.112
+c0 141.312 -57.2158 269.44 -149.888 361.984z" />
+    <glyph glyph-name="uniF428" unicode="&#xf428;" 
+d="M1024 1280c141.312 0 256 -114.688 256 -256s-114.688 -256 -256 -256s-256 114.688 -256 256s114.688 256 256 256z" />
+  </font>
+</defs></svg>

wp-content/themes/twentysixteen/genericons/LICENSE.txt

@@ -0,0 +1,339 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.

wp-content/themes/twentysixteen/genericons/README.md

@@ -0,0 +1,218 @@
+# Genericons
+
+Genericons are vector icons embedded in a webfont designed to be clean and simple keeping with a generic aesthetic.
+
+Use genericons for instant HiDPI, to change icon colors on the fly, or even with CSS effects such as drop-shadows or gradients!
+
+
+## Usage
+
+To use it, place the `genericons` folder in your stylesheet directory and enqueue the genericons.css file. Now you can create an icon like this:
+
+```
+.my-icon:before {
+	content: '\f101';
+	font: normal 16px/1 'Genericons';
+	display: inline-block;
+	-webkit-font-smoothing: antialiased;
+	-moz-osx-font-smoothing: grayscale;
+}
+```
+
+This will output a comment icon before every element with the class "my-icon". The `content: '\f101';` part of this CSS is easily copied from the helper tool at http://genericons.com/, or `example.html` in the `font` directory.
+
+You can also use the bundled example.css if you'd rather insert the icons using HTML tags.
+
+
+## Building your own Genericons
+
+In the `source` directory, you'll find all Genericons source icons in SVG format. This will allow you to bake your own flavor of Genericons using a tool such as FontCustom (http://fontcustom.com) or Fontello (http://fontello.com). Perhaps you need more logos than are available in the base Genericons package? Just add those logos and bake your own expanded set. Maybe you need just a few of the icons Genericons provides, but would like to trim the fat? Remove the ones you won't need!
+
+
+### FontCustom instructions
+
+FontCustom is a powerful commandline tool which which bakes icon fonts from the SVG source files. It's the tool Genericons is built on, and it provides highly accurate and perfectly crisp icons, *provided all SVGs have the same pixel height*.
+
+It's not that hard to use, and once it's installed you'll never think of icon-fonts the same way again. Seriously, you should try it. Icon fonts for everyone!
+
+1. Install FontCustom. Follow the instructions on the website: http://fontcustom.com/
+2. In the `source` directory from the Genericons download, open the file called `fontcustom.yml` in a text editor. Customize the `font_name` and `css_selector`.
+3. Open a terminal. Browse to the `source` directory. Type `fontcustom compile`.
+
+You'll now receive a brand new subdirectory called `fontcustom-webfont`. Inside here you'll find your very own flavor of Genericons, with only the icons you want, including a handy example page that'll help you copy/paste the necessary glyphs or CSS values. 
+
+*Please note*: In the source directory, there's a hidden file called `.fontcustom-manifest.json`. This file is auto-generated by the FontCustom tool, and holds codepoints (unicode addresses) for every glyph, so its address doesn't change when you add or remove icons. If you feel the need to "start fresh" with the unicode addresses, you should delete this file. 
+
+
+### Fontello instructions
+
+Fontello is very easy to use. Just drop the SVG files of the icons you want onto their website and download the font. The downside is that Fontello seems to ignore the 16px pixelgrid, so you'll end up with fuzzy icons. Buyer beware.
+
+
+## Notes
+
+**Photoshop mockups**
+
+The `Genericons.ttf` file can be placed in your system fonts folder and used Photoshop or other graphics apps if you like.
+
+If you're using Genericons in your Photoshop mockups, please remember to delete the old version of the font from Font Book, and grab the new one from the zip file. This also affects using it in your webdesigns: if you have an old version of the font installed locally, that's the font that'll be used in your website as well, so if you're missing icons, check for old versions of the font on your system.
+
+**Pixel grid**
+
+Genericons has been designed for a 16x16px grid. That means it'll look sharp at font-size: 16px exactly. It'll also be crisp at multiples thereof, such as 32px or 64px. It'll look reasonably crisp at in-between font sizes such as 24px or 48px, but not quite as crisp as 16 or 32. Please don't set the font-size to 17px, though, that'll just look terrible blurry.
+
+**Antialiasing**
+
+If you keep intact the `-webkit-font-smoothing: antialiased;` and `-moz-osx-font-smoothing: grayscale;` CSS properties. That'll make the icons look their best possible, in Firefox and WebKit based browsers.
+
+**optimizeLegibility**
+
+Note: On Android browsers with version 4.2, 4.3, and probably later, Genericons will simply not show up if you're using the CSS property "text-rendering" set to "optimizeLegibility.
+
+**Updates**
+
+We don't often update icons, but do very carefully when we get good feedback suggesting improvements. Please be mindful if you upgrade, and check that the updated icons behave as you intended.
+
+**Base64 encoding**
+
+By default, Genericons ships with a stylesheet that includes a base64 encoded version of the font. This is to sidestep issues with cross-origin requests for fonts, that happen when a stylesheet loads a font that's stored on a different domain or subdomain. This is very common when using caching plugins.
+
+Base64 encoding comes with a 25% filesize overhead compared to just loading the WOFF file directly. If you know that you won't be loading fonts across domains, or have the ability to edit your server config files to allow it, you can get slightly faster performance by loading Genericons without the base64 encoding. Simply edit `genericons.css` and edit the `@font-face` declaration to match this:
+
+```
+@font-face {
+	font-family: 'Genericons';
+		src: url('Genericons.woff') format('woff'),
+		url('Genericons.ttf') format('truetype'),
+		url('Genericons.svg#genericonsregular') format('svg');
+	font-weight: normal;
+	font-style: normal;
+}
+```
+
+
+
+## Changelog
+
+**3.4.1**
+
+* IE8 support restored.
+
+**3.4**
+
+* Updated: Update Google Plus icon to new geometric version. This also *retires* the "alt" version, so *please be mindful if you choose to update, make sure you use the `f206` glyph, not the `f218` glyph, as it no longer exists!
+* New: Added helper rotation classes to the base CSS, thanks to geminorum. Apply `genericon-rotate-90` to rotate 90 degrees, -180, -270. Or `genericon-flip-horizontal` or -vertical. 
+
+*Again, it is important if you choose to update to this version, make sure you're not using `genericon-googleplus-alt` or unicode character `f218`, as that has been retired! Use `genericon-googleplus` and glyph `f206` instead!*
+
+**3.3.1**
+
+Security Hardening: Remove Genericons example.html file. Please visit genericons.com instead.
+
+**3.3**
+
+The Open Source release.
+
+You can now build your own flavors of Genericons with all the SVGs provided. 
+
+
+**3.2**
+
+A number of new icons and a couple of quick updates. 
+
+* New: Activity
+* New: HTML anchor
+* New: Bug
+* New: Download
+* New: Handset
+* New: Microphone
+* New: Minus
+* New: Plus
+* New: Move
+* New: Rating stars, empty, half, full
+* New: Shuffle
+* New: video camera
+* New: Spotify
+* New: Twitch
+* Update: Fixed geometry in Edit icon
+* Update: Updated Foursquare icon
+* IE8 bugfix, slipstreamed into this. 
+
+Twitch and Spotify mark the last social icons that will be added to Genericons.
+Future social icons will have to happen in a separate font. 
+
+**3.1**
+
+Genericons is now generated using a commandline tool called FontCustom. This makes it far easier to add new icons to the font, but the switch means the download zip now has a different layout, fonts have different filenames, there's now no .otf font included (but the .ttf should suffice), and the font now has slightly different metrics. I've taken great care to ensure this new version should work as a drop-in replacement, but please be mindful and test carefully if you choose to upgrade.
+
+* Per feedback, the baked-in 16px width and height has been removed from the helper CSS. It wasn't really necessary (the glyph itself has these dimensions naturally), and it caused some headaches.
+* Base64 encoding is now included by default in the helper CSS. This makes it drop-in easy to get Genericons working in Firefox even when using a CDN. 
+* Title attribute on website tool.
+* New: Website.
+* New: Ellipsis.
+* New: Foursquare.
+* New: X-post.
+* New: Sitemap.
+* New: Hierarchy.
+* New: Paintbrush.
+* Updated: Show and Hide icons were updated for clarity.
+
+**3.0.3**
+
+Bunch of updates mostly.
+
+* Two new icons, Dropbox and Fullscreen.
+* Updates to all icons containing an exclamation mark.
+* Updates to Image and Quote.
+* Nicer "Share" icon.
+* Bigger default Linkedin icon.
+
+**3.0.2**
+
+A slew of new stuff and updates.
+
+* Social icons: Skype, Digg, Reddit, Stumbleupon, Pocket.
+* New generic icons: heart, lock and print.
+* New editing icons: code, bold, italic, image
+* New interaction icons: subscribe, unsubscribe, subscribed, reply all, reply, flag.
+* The hyperlink icon has been updated to be clearer, chunkier.
+* The "home" icon has been updated for style, size and clarity.
+* The email icon has been updated for style and clarity, and to fit with the new subscribe icons.
+* The document icon has been updated for style.
+* The "pin" icon has been updated for style and clarity.
+* The Twitter icon has been scaled down to fit with the other social icons.
+
+**3.0.1**
+
+Mostly maintenance. 
+
+* Fixed an issue with the example page that showed an old "top" icon instead of the actual NEW "refresh" icon.
+* Added inverse Google+ and Path.
+* Replaced tabs with spaces in the helper CSS.
+* Changed the Genericons.com copy/paste tool to serve span's instead of div's for casual icon insertion. It's being converted to "inline-block" anyway.
+
+**3.0**
+
+Mainly maintenance and a few new icons.
+
+* Fast forward, rewind, PollDaddy, Notice, Info, Help, Portfolio
+* Updated the feed icon. It's a bit smaller now for consistency, the previous one was rather big.
+* So, the previous version numbering, 2.09, wasn't very PHP version compare friendly. So from now on it'll be 3.0, 3.1 etc. Props Ipstenu.
+* Genericons.com now has a mini release blog.
+* The CSS has prettier formatting, props Konstantin Obenland.
+
+**2.09**
+
+Updated Facebook icon to new version. Updated Instagram logo to use new one-color version. Updated Google+ icon to use same radius as Instagram and Facebook. Added a bunch of new icons, cog, unapprove, cart, media player buttons, tablet, send to tablet.                                            
+
+**2.06**
+
+Included Base64 encoded version. This is necessary for Genericons to work with CDNs in Firefox. Firefox blocks fonts linked from a different domain. A CDN (typically s.example.com) usually puts the font on a subdomain, and is hence blocked in Firefox.
+
+**2.05**
+
+Added a bunch of new icons, including upload to cloud, download to cloud, many more.
+
+**2.0**
+
+Initial public release

wp-content/themes/twentysixteen/header.php

@@ -0,0 +1,99 @@
+<?php
+/**
+ * The template for displaying the header
+ *
+ * Displays all of the head element and everything up until the "site-content" div.
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+?><!DOCTYPE html>
+<html <?php language_attributes(); ?> class="no-js">
+<head>
+	<meta charset="<?php bloginfo( 'charset' ); ?>">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<link rel="profile" href="http://gmpg.org/xfn/11">
+	<?php if ( is_singular() && pings_open( get_queried_object() ) ) : ?>
+	<link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>">
+	<?php endif; ?>
+	<?php wp_head(); ?>
+</head>
+
+<body <?php body_class(); ?>>
+<div id="page" class="site">
+	<div class="site-inner">
+		<a class="skip-link screen-reader-text" href="#content"><?php _e( 'Skip to content', 'twentysixteen' ); ?></a>
+
+		<header id="masthead" class="site-header" role="banner">
+			<div class="site-header-main">
+				<div class="site-branding">
+					<?php twentysixteen_the_custom_logo(); ?>
+
+					<?php if ( is_front_page() && is_home() ) : ?>
+						<h1 class="site-title"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" rel="home"><?php bloginfo( 'name' ); ?></a></h1>
+					<?php else : ?>
+						<p class="site-title"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" rel="home"><?php bloginfo( 'name' ); ?></a></p>
+					<?php endif;
+
+					$description = get_bloginfo( 'description', 'display' );
+					if ( $description || is_customize_preview() ) : ?>
+						<p class="site-description"><?php echo $description; ?></p>
+					<?php endif; ?>
+				</div><!-- .site-branding -->
+
+				<?php if ( has_nav_menu( 'primary' ) || has_nav_menu( 'social' ) ) : ?>
+					<button id="menu-toggle" class="menu-toggle"><?php _e( 'Menu', 'twentysixteen' ); ?></button>
+
+					<div id="site-header-menu" class="site-header-menu">
+						<?php if ( has_nav_menu( 'primary' ) ) : ?>
+							<nav id="site-navigation" class="main-navigation" role="navigation" aria-label="<?php esc_attr_e( 'Primary Menu', 'twentysixteen' ); ?>">
+								<?php
+									wp_nav_menu( array(
+										'theme_location' => 'primary',
+										'menu_class'     => 'primary-menu',
+									 ) );
+								?>
+							</nav><!-- .main-navigation -->
+						<?php endif; ?>
+
+						<?php if ( has_nav_menu( 'social' ) ) : ?>
+							<nav id="social-navigation" class="social-navigation" role="navigation" aria-label="<?php esc_attr_e( 'Social Links Menu', 'twentysixteen' ); ?>">
+								<?php
+									wp_nav_menu( array(
+										'theme_location' => 'social',
+										'menu_class'     => 'social-links-menu',
+										'depth'          => 1,
+										'link_before'    => '<span class="screen-reader-text">',
+										'link_after'     => '</span>',
+									) );
+								?>
+							</nav><!-- .social-navigation -->
+						<?php endif; ?>
+					</div><!-- .site-header-menu -->
+				<?php endif; ?>
+			</div><!-- .site-header-main -->
+
+			<?php if ( get_header_image() ) : ?>
+				<?php
+					/**
+					 * Filter the default twentysixteen custom header sizes attribute.
+					 *
+					 * @since Twenty Sixteen 1.0
+					 *
+					 * @param string $custom_header_sizes sizes attribute
+					 * for Custom Header. Default '(max-width: 709px) 85vw,
+					 * (max-width: 909px) 81vw, (max-width: 1362px) 88vw, 1200px'.
+					 */
+					$custom_header_sizes = apply_filters( 'twentysixteen_custom_header_sizes', '(max-width: 709px) 85vw, (max-width: 909px) 81vw, (max-width: 1362px) 88vw, 1200px' );
+				?>
+				<div class="header-image">
+					<a href="<?php echo esc_url( home_url( '/' ) ); ?>" rel="home">
+						<img src="<?php header_image(); ?>" srcset="<?php echo esc_attr( wp_get_attachment_image_srcset( get_custom_header()->attachment_id ) ); ?>" sizes="<?php echo esc_attr( $custom_header_sizes ); ?>" width="<?php echo esc_attr( get_custom_header()->width ); ?>" height="<?php echo esc_attr( get_custom_header()->height ); ?>" alt="<?php echo esc_attr( get_bloginfo( 'name', 'display' ) ); ?>">
+					</a>
+				</div><!-- .header-image -->
+			<?php endif; // End header image check. ?>
+		</header><!-- .site-header -->
+
+		<div id="content" class="site-content">

wp-content/themes/twentysixteen/image.php

@@ -0,0 +1,112 @@
+<?php
+/**
+ * The template for displaying image attachments
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+get_header(); ?>
+
+	<div id="primary" class="content-area">
+		<main id="main" class="site-main" role="main">
+
+			<?php
+				// Start the loop.
+				while ( have_posts() ) : the_post();
+			?>
+
+				<article id="post-<?php the_ID(); ?>" <?php post_class(); ?>>
+
+					<nav id="image-navigation" class="navigation image-navigation">
+						<div class="nav-links">
+							<div class="nav-previous"><?php previous_image_link( false, __( 'Previous Image', 'twentysixteen' ) ); ?></div>
+							<div class="nav-next"><?php next_image_link( false, __( 'Next Image', 'twentysixteen' ) ); ?></div>
+						</div><!-- .nav-links -->
+					</nav><!-- .image-navigation -->
+
+					<header class="entry-header">
+						<?php the_title( '<h1 class="entry-title">', '</h1>' ); ?>
+					</header><!-- .entry-header -->
+
+					<div class="entry-content">
+
+						<div class="entry-attachment">
+							<?php
+								/**
+								 * Filter the default twentysixteen image attachment size.
+								 *
+								 * @since Twenty Sixteen 1.0
+								 *
+								 * @param string $image_size Image size. Default 'large'.
+								 */
+								$image_size = apply_filters( 'twentysixteen_attachment_size', 'large' );
+
+								echo wp_get_attachment_image( get_the_ID(), $image_size );
+							?>
+
+							<?php twentysixteen_excerpt( 'entry-caption' ); ?>
+
+						</div><!-- .entry-attachment -->
+
+						<?php
+							the_content();
+							wp_link_pages( array(
+								'before'      => '<div class="page-links"><span class="page-links-title">' . __( 'Pages:', 'twentysixteen' ) . '</span>',
+								'after'       => '</div>',
+								'link_before' => '<span>',
+								'link_after'  => '</span>',
+								'pagelink'    => '<span class="screen-reader-text">' . __( 'Page', 'twentysixteen' ) . ' </span>%',
+								'separator'   => '<span class="screen-reader-text">, </span>',
+							) );
+						?>
+					</div><!-- .entry-content -->
+
+					<footer class="entry-footer">
+						<?php twentysixteen_entry_meta(); ?>
+						<?php
+							// Retrieve attachment metadata.
+							$metadata = wp_get_attachment_metadata();
+							if ( $metadata ) {
+								printf( '<span class="full-size-link"><span class="screen-reader-text">%1$s </span><a href="%2$s">%3$s &times; %4$s</a></span>',
+									esc_html_x( 'Full size', 'Used before full size attachment link.', 'twentysixteen' ),
+									esc_url( wp_get_attachment_url() ),
+									absint( $metadata['width'] ),
+									absint( $metadata['height'] )
+								);
+							}
+						?>
+						<?php
+							edit_post_link(
+								sprintf(
+									/* translators: %s: Name of current post */
+									__( 'Edit<span class="screen-reader-text"> "%s"</span>', 'twentysixteen' ),
+									get_the_title()
+								),
+								'<span class="edit-link">',
+								'</span>'
+							);
+						?>
+					</footer><!-- .entry-footer -->
+				</article><!-- #post-## -->
+
+				<?php
+					// If comments are open or we have at least one comment, load up the comment template.
+					if ( comments_open() || get_comments_number() ) {
+						comments_template();
+					}
+
+					// Parent post navigation.
+					the_post_navigation( array(
+						'prev_text' => _x( '<span class="meta-nav">Published in</span><span class="post-title">%title</span>', 'Parent post link', 'twentysixteen' ),
+					) );
+				// End the loop.
+				endwhile;
+			?>
+
+		</main><!-- .site-main -->
+	</div><!-- .content-area -->
+
+<?php get_sidebar(); ?>
+<?php get_footer(); ?>

wp-content/themes/twentysixteen/inc/back-compat.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * Twenty Sixteen back compat functionality
+ *
+ * Prevents Twenty Sixteen from running on WordPress versions prior to 4.4,
+ * since this theme is not meant to be backward compatible beyond that and
+ * relies on many newer functions and markup changes introduced in 4.4.
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+/**
+ * Prevent switching to Twenty Sixteen on old versions of WordPress.
+ *
+ * Switches to the default theme.
+ *
+ * @since Twenty Sixteen 1.0
+ */
+function twentysixteen_switch_theme() {
+	switch_theme( WP_DEFAULT_THEME, WP_DEFAULT_THEME );
+
+	unset( $_GET['activated'] );
+
+	add_action( 'admin_notices', 'twentysixteen_upgrade_notice' );
+}
+add_action( 'after_switch_theme', 'twentysixteen_switch_theme' );
+
+/**
+ * Adds a message for unsuccessful theme switch.
+ *
+ * Prints an update nag after an unsuccessful attempt to switch to
+ * Twenty Sixteen on WordPress versions prior to 4.4.
+ *
+ * @since Twenty Sixteen 1.0
+ *
+ * @global string $wp_version WordPress version.
+ */
+function twentysixteen_upgrade_notice() {
+	$message = sprintf( __( 'Twenty Sixteen requires at least WordPress version 4.4. You are running version %s. Please upgrade and try again.', 'twentysixteen' ), $GLOBALS['wp_version'] );
+	printf( '<div class="error"><p>%s</p></div>', $message );
+}
+
+/**
+ * Prevents the Customizer from being loaded on WordPress versions prior to 4.4.
+ *
+ * @since Twenty Sixteen 1.0
+ *
+ * @global string $wp_version WordPress version.
+ */
+function twentysixteen_customize() {
+	wp_die( sprintf( __( 'Twenty Sixteen requires at least WordPress version 4.4. You are running version %s. Please upgrade and try again.', 'twentysixteen' ), $GLOBALS['wp_version'] ), '', array(
+		'back_link' => true,
+	) );
+}
+add_action( 'load-customize.php', 'twentysixteen_customize' );
+
+/**
+ * Prevents the Theme Preview from being loaded on WordPress versions prior to 4.4.
+ *
+ * @since Twenty Sixteen 1.0
+ *
+ * @global string $wp_version WordPress version.
+ */
+function twentysixteen_preview() {
+	if ( isset( $_GET['preview'] ) ) {
+		wp_die( sprintf( __( 'Twenty Sixteen requires at least WordPress version 4.4. You are running version %s. Please upgrade and try again.', 'twentysixteen' ), $GLOBALS['wp_version'] ) );
+	}
+}
+add_action( 'template_redirect', 'twentysixteen_preview' );

wp-content/themes/twentysixteen/inc/template-tags.php

@@ -0,0 +1,254 @@
+<?php
+/**
+ * Custom Twenty Sixteen template tags
+ *
+ * Eventually, some of the functionality here could be replaced by core features.
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+if ( ! function_exists( 'twentysixteen_entry_meta' ) ) :
+/**
+ * Prints HTML with meta information for the categories, tags.
+ *
+ * Create your own twentysixteen_entry_meta() function to override in a child theme.
+ *
+ * @since Twenty Sixteen 1.0
+ */
+function twentysixteen_entry_meta() {
+	if ( 'post' === get_post_type() ) {
+		$author_avatar_size = apply_filters( 'twentysixteen_author_avatar_size', 49 );
+		printf( '<span class="byline"><span class="author vcard">%1$s<span class="screen-reader-text">%2$s </span> <a class="url fn n" href="%3$s">%4$s</a></span></span>',
+			get_avatar( get_the_author_meta( 'user_email' ), $author_avatar_size ),
+			_x( 'Author', 'Used before post author name.', 'twentysixteen' ),
+			esc_url( get_author_posts_url( get_the_author_meta( 'ID' ) ) ),
+			get_the_author()
+		);
+	}
+
+	if ( in_array( get_post_type(), array( 'post', 'attachment' ) ) ) {
+		twentysixteen_entry_date();
+	}
+
+	$format = get_post_format();
+	if ( current_theme_supports( 'post-formats', $format ) ) {
+		printf( '<span class="entry-format">%1$s<a href="%2$s">%3$s</a></span>',
+			sprintf( '<span class="screen-reader-text">%s </span>', _x( 'Format', 'Used before post format.', 'twentysixteen' ) ),
+			esc_url( get_post_format_link( $format ) ),
+			get_post_format_string( $format )
+		);
+	}
+
+	if ( 'post' === get_post_type() ) {
+		twentysixteen_entry_taxonomies();
+	}
+
+	if ( ! is_singular() && ! post_password_required() && ( comments_open() || get_comments_number() ) ) {
+		echo '<span class="comments-link">';
+		comments_popup_link( sprintf( __( 'Leave a comment<span class="screen-reader-text"> on %s</span>', 'twentysixteen' ), get_the_title() ) );
+		echo '</span>';
+	}
+}
+endif;
+
+if ( ! function_exists( 'twentysixteen_entry_date' ) ) :
+/**
+ * Prints HTML with date information for current post.
+ *
+ * Create your own twentysixteen_entry_date() function to override in a child theme.
+ *
+ * @since Twenty Sixteen 1.0
+ */
+function twentysixteen_entry_date() {
+	$time_string = '<time class="entry-date published updated" datetime="%1$s">%2$s</time>';
+
+	if ( get_the_time( 'U' ) !== get_the_modified_time( 'U' ) ) {
+		$time_string = '<time class="entry-date published" datetime="%1$s">%2$s</time><time class="updated" datetime="%3$s">%4$s</time>';
+	}
+
+	$time_string = sprintf( $time_string,
+		esc_attr( get_the_date( 'c' ) ),
+		get_the_date(),
+		esc_attr( get_the_modified_date( 'c' ) ),
+		get_the_modified_date()
+	);
+
+	printf( '<span class="posted-on"><span class="screen-reader-text">%1$s </span><a href="%2$s" rel="bookmark">%3$s</a></span>',
+		_x( 'Posted on', 'Used before publish date.', 'twentysixteen' ),
+		esc_url( get_permalink() ),
+		$time_string
+	);
+}
+endif;
+
+if ( ! function_exists( 'twentysixteen_entry_taxonomies' ) ) :
+/**
+ * Prints HTML with category and tags for current post.
+ *
+ * Create your own twentysixteen_entry_taxonomies() function to override in a child theme.
+ *
+ * @since Twenty Sixteen 1.0
+ */
+function twentysixteen_entry_taxonomies() {
+	$categories_list = get_the_category_list( _x( ', ', 'Used between list items, there is a space after the comma.', 'twentysixteen' ) );
+	if ( $categories_list && twentysixteen_categorized_blog() ) {
+		printf( '<span class="cat-links"><span class="screen-reader-text">%1$s </span>%2$s</span>',
+			_x( 'Categories', 'Used before category names.', 'twentysixteen' ),
+			$categories_list
+		);
+	}
+
+	$tags_list = get_the_tag_list( '', _x( ', ', 'Used between list items, there is a space after the comma.', 'twentysixteen' ) );
+	if ( $tags_list ) {
+		printf( '<span class="tags-links"><span class="screen-reader-text">%1$s </span>%2$s</span>',
+			_x( 'Tags', 'Used before tag names.', 'twentysixteen' ),
+			$tags_list
+		);
+	}
+}
+endif;
+
+if ( ! function_exists( 'twentysixteen_post_thumbnail' ) ) :
+/**
+ * Displays an optional post thumbnail.
+ *
+ * Wraps the post thumbnail in an anchor element on index views, or a div
+ * element when on single views.
+ *
+ * Create your own twentysixteen_post_thumbnail() function to override in a child theme.
+ *
+ * @since Twenty Sixteen 1.0
+ */
+function twentysixteen_post_thumbnail() {
+	if ( post_password_required() || is_attachment() || ! has_post_thumbnail() ) {
+		return;
+	}
+
+	if ( is_singular() ) :
+	?>
+
+	<div class="post-thumbnail">
+		<?php the_post_thumbnail(); ?>
+	</div><!-- .post-thumbnail -->
+
+	<?php else : ?>
+
+	<a class="post-thumbnail" href="<?php the_permalink(); ?>" aria-hidden="true">
+		<?php the_post_thumbnail( 'post-thumbnail', array( 'alt' => the_title_attribute( 'echo=0' ) ) ); ?>
+	</a>
+
+	<?php endif; // End is_singular()
+}
+endif;
+
+if ( ! function_exists( 'twentysixteen_excerpt' ) ) :
+	/**
+	 * Displays the optional excerpt.
+	 *
+	 * Wraps the excerpt in a div element.
+	 *
+	 * Create your own twentysixteen_excerpt() function to override in a child theme.
+	 *
+	 * @since Twenty Sixteen 1.0
+	 *
+	 * @param string $class Optional. Class string of the div element. Defaults to 'entry-summary'.
+	 */
+	function twentysixteen_excerpt( $class = 'entry-summary' ) {
+		$class = esc_attr( $class );
+
+		if ( has_excerpt() || is_search() ) : ?>
+			<div class="<?php echo $class; ?>">
+				<?php the_excerpt(); ?>
+			</div><!-- .<?php echo $class; ?> -->
+		<?php endif;
+	}
+endif;
+
+if ( ! function_exists( 'twentysixteen_excerpt_more' ) && ! is_admin() ) :
+/**
+ * Replaces "[...]" (appended to automatically generated excerpts) with ... and
+ * a 'Continue reading' link.
+ *
+ * Create your own twentysixteen_excerpt_more() function to override in a child theme.
+ *
+ * @since Twenty Sixteen 1.0
+ *
+ * @return string 'Continue reading' link prepended with an ellipsis.
+ */
+function twentysixteen_excerpt_more() {
+	$link = sprintf( '<a href="%1$s" class="more-link">%2$s</a>',
+		esc_url( get_permalink( get_the_ID() ) ),
+		/* translators: %s: Name of current post */
+		sprintf( __( 'Continue reading<span class="screen-reader-text"> "%s"</span>', 'twentysixteen' ), get_the_title( get_the_ID() ) )
+	);
+	return ' &hellip; ' . $link;
+}
+add_filter( 'excerpt_more', 'twentysixteen_excerpt_more' );
+endif;
+
+if ( ! function_exists( 'twentysixteen_categorized_blog' ) ) :
+/**
+ * Determines whether blog/site has more than one category.
+ *
+ * Create your own twentysixteen_categorized_blog() function to override in a child theme.
+ *
+ * @since Twenty Sixteen 1.0
+ *
+ * @return bool True if there is more than one category, false otherwise.
+ */
+function twentysixteen_categorized_blog() {
+	if ( false === ( $all_the_cool_cats = get_transient( 'twentysixteen_categories' ) ) ) {
+		// Create an array of all the categories that are attached to posts.
+		$all_the_cool_cats = get_categories( array(
+			'fields'     => 'ids',
+			// We only need to know if there is more than one category.
+			'number'     => 2,
+		) );
+
+		// Count the number of categories that are attached to the posts.
+		$all_the_cool_cats = count( $all_the_cool_cats );
+
+		set_transient( 'twentysixteen_categories', $all_the_cool_cats );
+	}
+
+	if ( $all_the_cool_cats > 1 ) {
+		// This blog has more than 1 category so twentysixteen_categorized_blog should return true.
+		return true;
+	} else {
+		// This blog has only 1 category so twentysixteen_categorized_blog should return false.
+		return false;
+	}
+}
+endif;
+
+/**
+ * Flushes out the transients used in twentysixteen_categorized_blog().
+ *
+ * @since Twenty Sixteen 1.0
+ */
+function twentysixteen_category_transient_flusher() {
+	if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) {
+		return;
+	}
+	// Like, beat it. Dig?
+	delete_transient( 'twentysixteen_categories' );
+}
+add_action( 'edit_category', 'twentysixteen_category_transient_flusher' );
+add_action( 'save_post',     'twentysixteen_category_transient_flusher' );
+
+if ( ! function_exists( 'twentysixteen_the_custom_logo' ) ) :
+/**
+ * Displays the optional custom logo.
+ *
+ * Does nothing if the custom logo is not available.
+ *
+ * @since Twenty Sixteen 1.2
+ */
+function twentysixteen_the_custom_logo() {
+	if ( function_exists( 'the_custom_logo' ) ) {
+		the_custom_logo();
+	}
+}
+endif;

wp-content/themes/twentysixteen/index.php

@@ -0,0 +1,62 @@
+<?php
+/**
+ * The main template file
+ *
+ * This is the most generic template file in a WordPress theme
+ * and one of the two required files for a theme (the other being style.css).
+ * It is used to display a page when nothing more specific matches a query.
+ * E.g., it puts together the home page when no home.php file exists.
+ *
+ * @link http://codex.wordpress.org/Template_Hierarchy
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+get_header(); ?>
+
+	<div id="primary" class="content-area">
+		<main id="main" class="site-main" role="main">
+
+		<?php if ( have_posts() ) : ?>
+
+			<?php if ( is_home() && ! is_front_page() ) : ?>
+				<header>
+					<h1 class="page-title screen-reader-text"><?php single_post_title(); ?></h1>
+				</header>
+			<?php endif; ?>
+
+			<?php
+			// Start the loop.
+			while ( have_posts() ) : the_post();
+
+				/*
+				 * Include the Post-Format-specific template for the content.
+				 * If you want to override this in a child theme, then include a file
+				 * called content-___.php (where ___ is the Post Format name) and that will be used instead.
+				 */
+				get_template_part( 'template-parts/content', get_post_format() );
+
+			// End the loop.
+			endwhile;
+
+			// Previous/next page navigation.
+			the_posts_pagination( array(
+				'prev_text'          => __( 'Previous page', 'twentysixteen' ),
+				'next_text'          => __( 'Next page', 'twentysixteen' ),
+				'before_page_number' => '<span class="meta-nav screen-reader-text">' . __( 'Page', 'twentysixteen' ) . ' </span>',
+			) );
+
+		// If no content, include the "No posts found" template.
+		else :
+			get_template_part( 'template-parts/content', 'none' );
+
+		endif;
+		?>
+
+		</main><!-- .site-main -->
+	</div><!-- .content-area -->
+
+<?php get_sidebar(); ?>
+<?php get_footer(); ?>

wp-content/themes/twentysixteen/js/color-scheme-control.js

@@ -0,0 +1,96 @@
+/* global colorScheme, Color */
+/**
+ * Add a listener to the Color Scheme control to update other color controls to new values/defaults.
+ * Also trigger an update of the Color Scheme CSS when a color is changed.
+ */
+
+( function( api ) {
+	var cssTemplate = wp.template( 'twentysixteen-color-scheme' ),
+		colorSchemeKeys = [
+			'background_color',
+			'page_background_color',
+			'link_color',
+			'main_text_color',
+			'secondary_text_color'
+		],
+		colorSettings = [
+			'background_color',
+			'page_background_color',
+			'link_color',
+			'main_text_color',
+			'secondary_text_color'
+		];
+
+	api.controlConstructor.select = api.Control.extend( {
+		ready: function() {
+			if ( 'color_scheme' === this.id ) {
+				this.setting.bind( 'change', function( value ) {
+					var colors = colorScheme[value].colors;
+
+					// Update Background Color.
+					var color = colors[0];
+					api( 'background_color' ).set( color );
+					api.control( 'background_color' ).container.find( '.color-picker-hex' )
+						.data( 'data-default-color', color )
+						.wpColorPicker( 'defaultColor', color );
+
+					// Update Page Background Color.
+					color = colors[1];
+					api( 'page_background_color' ).set( color );
+					api.control( 'page_background_color' ).container.find( '.color-picker-hex' )
+						.data( 'data-default-color', color )
+						.wpColorPicker( 'defaultColor', color );
+
+					// Update Link Color.
+					color = colors[2];
+					api( 'link_color' ).set( color );
+					api.control( 'link_color' ).container.find( '.color-picker-hex' )
+						.data( 'data-default-color', color )
+						.wpColorPicker( 'defaultColor', color );
+
+					// Update Main Text Color.
+					color = colors[3];
+					api( 'main_text_color' ).set( color );
+					api.control( 'main_text_color' ).container.find( '.color-picker-hex' )
+						.data( 'data-default-color', color )
+						.wpColorPicker( 'defaultColor', color );
+
+					// Update Secondary Text Color.
+					color = colors[4];
+					api( 'secondary_text_color' ).set( color );
+					api.control( 'secondary_text_color' ).container.find( '.color-picker-hex' )
+						.data( 'data-default-color', color )
+						.wpColorPicker( 'defaultColor', color );
+				} );
+			}
+		}
+	} );
+
+	// Generate the CSS for the current Color Scheme.
+	function updateCSS() {
+		var scheme = api( 'color_scheme' )(),
+			css,
+			colors = _.object( colorSchemeKeys, colorScheme[ scheme ].colors );
+
+		// Merge in color scheme overrides.
+		_.each( colorSettings, function( setting ) {
+			colors[ setting ] = api( setting )();
+		} );
+
+		// Add additional color.
+		// jscs:disable
+		colors.border_color = Color( colors.main_text_color ).toCSS( 'rgba', 0.2 );
+		// jscs:enable
+
+		css = cssTemplate( colors );
+
+		api.previewer.send( 'update-color-scheme-css', css );
+	}
+
+	// Update the CSS whenever a color setting is changed.
+	_.each( colorSettings, function( setting ) {
+		api( setting, function( setting ) {
+			setting.bind( updateCSS );
+		} );
+	} );
+} )( wp.customize );

wp-content/themes/twentysixteen/js/customize-preview.js

@@ -0,0 +1,41 @@
+/**
+ * Live-update changed settings in real time in the Customizer preview.
+ */
+
+( function( $ ) {
+	var style = $( '#twentysixteen-color-scheme-css' ),
+		api = wp.customize;
+
+	if ( ! style.length ) {
+		style = $( 'head' ).append( '<style type="text/css" id="twentysixteen-color-scheme-css" />' )
+		                    .find( '#twentysixteen-color-scheme-css' );
+	}
+
+	// Site title.
+	api( 'blogname', function( value ) {
+		value.bind( function( to ) {
+			$( '.site-title a' ).text( to );
+		} );
+	} );
+
+	// Site tagline.
+	api( 'blogdescription', function( value ) {
+		value.bind( function( to ) {
+			$( '.site-description' ).text( to );
+		} );
+	} );
+
+	// Add custom-background-image body class when background image is added.
+	api( 'background_image', function( value ) {
+		value.bind( function( to ) {
+			$( 'body' ).toggleClass( 'custom-background-image', '' !== to );
+		} );
+	} );
+
+	// Color Scheme CSS.
+	api.bind( 'preview-ready', function() {
+		api.preview.bind( 'update-color-scheme-css', function( css ) {
+			style.html( css );
+		} );
+	} );
+} )( jQuery );

wp-content/themes/twentysixteen/js/functions.js

@@ -0,0 +1,200 @@
+/* global screenReaderText */
+/**
+ * Theme functions file.
+ *
+ * Contains handlers for navigation and widget area.
+ */
+
+( function( $ ) {
+	var body, masthead, menuToggle, siteNavigation, socialNavigation, siteHeaderMenu, resizeTimer;
+
+	function initMainNavigation( container ) {
+
+		// Add dropdown toggle that displays child menu items.
+		var dropdownToggle = $( '<button />', {
+			'class': 'dropdown-toggle',
+			'aria-expanded': false
+		} ).append( $( '<span />', {
+			'class': 'screen-reader-text',
+			text: screenReaderText.expand
+		} ) );
+
+		container.find( '.menu-item-has-children > a' ).after( dropdownToggle );
+
+		// Toggle buttons and submenu items with active children menu items.
+		container.find( '.current-menu-ancestor > button' ).addClass( 'toggled-on' );
+		container.find( '.current-menu-ancestor > .sub-menu' ).addClass( 'toggled-on' );
+
+		// Add menu items with submenus to aria-haspopup="true".
+		container.find( '.menu-item-has-children' ).attr( 'aria-haspopup', 'true' );
+
+		container.find( '.dropdown-toggle' ).click( function( e ) {
+			var _this            = $( this ),
+				screenReaderSpan = _this.find( '.screen-reader-text' );
+
+			e.preventDefault();
+			_this.toggleClass( 'toggled-on' );
+			_this.next( '.children, .sub-menu' ).toggleClass( 'toggled-on' );
+
+			// jscs:disable
+			_this.attr( 'aria-expanded', _this.attr( 'aria-expanded' ) === 'false' ? 'true' : 'false' );
+			// jscs:enable
+			screenReaderSpan.text( screenReaderSpan.text() === screenReaderText.expand ? screenReaderText.collapse : screenReaderText.expand );
+		} );
+	}
+	initMainNavigation( $( '.main-navigation' ) );
+
+	masthead         = $( '#masthead' );
+	menuToggle       = masthead.find( '#menu-toggle' );
+	siteHeaderMenu   = masthead.find( '#site-header-menu' );
+	siteNavigation   = masthead.find( '#site-navigation' );
+	socialNavigation = masthead.find( '#social-navigation' );
+
+	// Enable menuToggle.
+	( function() {
+
+		// Return early if menuToggle is missing.
+		if ( ! menuToggle.length ) {
+			return;
+		}
+
+		// Add an initial values for the attribute.
+		menuToggle.add( siteNavigation ).add( socialNavigation ).attr( 'aria-expanded', 'false' );
+
+		menuToggle.on( 'click.twentysixteen', function() {
+			$( this ).add( siteHeaderMenu ).toggleClass( 'toggled-on' );
+
+			// jscs:disable
+			$( this ).add( siteNavigation ).add( socialNavigation ).attr( 'aria-expanded', $( this ).add( siteNavigation ).add( socialNavigation ).attr( 'aria-expanded' ) === 'false' ? 'true' : 'false' );
+			// jscs:enable
+		} );
+	} )();
+
+	// Fix sub-menus for touch devices and better focus for hidden submenu items for accessibility.
+	( function() {
+		if ( ! siteNavigation.length || ! siteNavigation.children().length ) {
+			return;
+		}
+
+		// Toggle `focus` class to allow submenu access on tablets.
+		function toggleFocusClassTouchScreen() {
+			if ( window.innerWidth >= 910 ) {
+				$( document.body ).on( 'touchstart.twentysixteen', function( e ) {
+					if ( ! $( e.target ).closest( '.main-navigation li' ).length ) {
+						$( '.main-navigation li' ).removeClass( 'focus' );
+					}
+				} );
+				siteNavigation.find( '.menu-item-has-children > a' ).on( 'touchstart.twentysixteen', function( e ) {
+					var el = $( this ).parent( 'li' );
+
+					if ( ! el.hasClass( 'focus' ) ) {
+						e.preventDefault();
+						el.toggleClass( 'focus' );
+						el.siblings( '.focus' ).removeClass( 'focus' );
+					}
+				} );
+			} else {
+				siteNavigation.find( '.menu-item-has-children > a' ).unbind( 'touchstart.twentysixteen' );
+			}
+		}
+
+		if ( 'ontouchstart' in window ) {
+			$( window ).on( 'resize.twentysixteen', toggleFocusClassTouchScreen );
+			toggleFocusClassTouchScreen();
+		}
+
+		siteNavigation.find( 'a' ).on( 'focus.twentysixteen blur.twentysixteen', function() {
+			$( this ).parents( '.menu-item' ).toggleClass( 'focus' );
+		} );
+	} )();
+
+	// Add the default ARIA attributes for the menu toggle and the navigations.
+	function onResizeARIA() {
+		if ( window.innerWidth < 910 ) {
+			if ( menuToggle.hasClass( 'toggled-on' ) ) {
+				menuToggle.attr( 'aria-expanded', 'true' );
+			} else {
+				menuToggle.attr( 'aria-expanded', 'false' );
+			}
+
+			if ( siteHeaderMenu.hasClass( 'toggled-on' ) ) {
+				siteNavigation.attr( 'aria-expanded', 'true' );
+				socialNavigation.attr( 'aria-expanded', 'true' );
+			} else {
+				siteNavigation.attr( 'aria-expanded', 'false' );
+				socialNavigation.attr( 'aria-expanded', 'false' );
+			}
+
+			menuToggle.attr( 'aria-controls', 'site-navigation social-navigation' );
+		} else {
+			menuToggle.removeAttr( 'aria-expanded' );
+			siteNavigation.removeAttr( 'aria-expanded' );
+			socialNavigation.removeAttr( 'aria-expanded' );
+			menuToggle.removeAttr( 'aria-controls' );
+		}
+	}
+
+	// Add 'below-entry-meta' class to elements.
+	function belowEntryMetaClass( param ) {
+		if ( body.hasClass( 'page' ) || body.hasClass( 'search' ) || body.hasClass( 'single-attachment' ) || body.hasClass( 'error404' ) ) {
+			return;
+		}
+
+		$( '.entry-content' ).find( param ).each( function() {
+			var element              = $( this ),
+				elementPos           = element.offset(),
+				elementPosTop        = elementPos.top,
+				entryFooter          = element.closest( 'article' ).find( '.entry-footer' ),
+				entryFooterPos       = entryFooter.offset(),
+				entryFooterPosBottom = entryFooterPos.top + ( entryFooter.height() + 28 ),
+				caption              = element.closest( 'figure' ),
+				newImg;
+
+			// Add 'below-entry-meta' to elements below the entry meta.
+			if ( elementPosTop > entryFooterPosBottom ) {
+
+				// Check if full-size images and captions are larger than or equal to 840px.
+				if ( 'img.size-full' === param ) {
+
+					// Create an image to find native image width of resized images (i.e. max-width: 100%).
+					newImg = new Image();
+					newImg.src = element.attr( 'src' );
+
+					$( newImg ).on( 'load.twentysixteen', function() {
+						if ( newImg.width >= 840  ) {
+							element.addClass( 'below-entry-meta' );
+
+							if ( caption.hasClass( 'wp-caption' ) ) {
+								caption.addClass( 'below-entry-meta' );
+								caption.removeAttr( 'style' );
+							}
+						}
+					} );
+				} else {
+					element.addClass( 'below-entry-meta' );
+				}
+			} else {
+				element.removeClass( 'below-entry-meta' );
+				caption.removeClass( 'below-entry-meta' );
+			}
+		} );
+	}
+
+	$( document ).ready( function() {
+		body = $( document.body );
+
+		$( window )
+			.on( 'load.twentysixteen', onResizeARIA )
+			.on( 'resize.twentysixteen', function() {
+				clearTimeout( resizeTimer );
+				resizeTimer = setTimeout( function() {
+					belowEntryMetaClass( 'img.size-full' );
+					belowEntryMetaClass( 'blockquote.alignleft, blockquote.alignright' );
+				}, 300 );
+				onResizeARIA();
+			} );
+
+		belowEntryMetaClass( 'img.size-full' );
+		belowEntryMetaClass( 'blockquote.alignleft, blockquote.alignright' );
+	} );
+} )( jQuery );

wp-content/themes/twentysixteen/js/html5.js

@@ -0,0 +1,326 @@
+/**
+* @preserve HTML5 Shiv 3.7.3 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed
+*/
+;(function(window, document) {
+/*jshint evil:true */
+  /** version */
+  var version = '3.7.3';
+
+  /** Preset options */
+  var options = window.html5 || {};
+
+  /** Used to skip problem elements */
+  var reSkip = /^<|^(?:button|map|select|textarea|object|iframe|option|optgroup)$/i;
+
+  /** Not all elements can be cloned in IE **/
+  var saveClones = /^(?:a|b|code|div|fieldset|h1|h2|h3|h4|h5|h6|i|label|li|ol|p|q|span|strong|style|table|tbody|td|th|tr|ul)$/i;
+
+  /** Detect whether the browser supports default html5 styles */
+  var supportsHtml5Styles;
+
+  /** Name of the expando, to work with multiple documents or to re-shiv one document */
+  var expando = '_html5shiv';
+
+  /** The id for the the documents expando */
+  var expanID = 0;
+
+  /** Cached data for each document */
+  var expandoData = {};
+
+  /** Detect whether the browser supports unknown elements */
+  var supportsUnknownElements;
+
+  (function() {
+    try {
+        var a = document.createElement('a');
+        a.innerHTML = '<xyz></xyz>';
+        //if the hidden property is implemented we can assume, that the browser supports basic HTML5 Styles
+        supportsHtml5Styles = ('hidden' in a);
+
+        supportsUnknownElements = a.childNodes.length == 1 || (function() {
+          // assign a false positive if unable to shiv
+          (document.createElement)('a');
+          var frag = document.createDocumentFragment();
+          return (
+            typeof frag.cloneNode == 'undefined' ||
+            typeof frag.createDocumentFragment == 'undefined' ||
+            typeof frag.createElement == 'undefined'
+          );
+        }());
+    } catch(e) {
+      // assign a false positive if detection fails => unable to shiv
+      supportsHtml5Styles = true;
+      supportsUnknownElements = true;
+    }
+
+  }());
+
+  /*--------------------------------------------------------------------------*/
+
+  /**
+   * Creates a style sheet with the given CSS text and adds it to the document.
+   * @private
+   * @param {Document} ownerDocument The document.
+   * @param {String} cssText The CSS text.
+   * @returns {StyleSheet} The style element.
+   */
+  function addStyleSheet(ownerDocument, cssText) {
+    var p = ownerDocument.createElement('p'),
+        parent = ownerDocument.getElementsByTagName('head')[0] || ownerDocument.documentElement;
+
+    p.innerHTML = 'x<style>' + cssText + '</style>';
+    return parent.insertBefore(p.lastChild, parent.firstChild);
+  }
+
+  /**
+   * Returns the value of `html5.elements` as an array.
+   * @private
+   * @returns {Array} An array of shived element node names.
+   */
+  function getElements() {
+    var elements = html5.elements;
+    return typeof elements == 'string' ? elements.split(' ') : elements;
+  }
+
+  /**
+   * Extends the built-in list of html5 elements
+   * @memberOf html5
+   * @param {String|Array} newElements whitespace separated list or array of new element names to shiv
+   * @param {Document} ownerDocument The context document.
+   */
+  function addElements(newElements, ownerDocument) {
+    var elements = html5.elements;
+    if(typeof elements != 'string'){
+      elements = elements.join(' ');
+    }
+    if(typeof newElements != 'string'){
+      newElements = newElements.join(' ');
+    }
+    html5.elements = elements +' '+ newElements;
+    shivDocument(ownerDocument);
+  }
+
+   /**
+   * Returns the data associated to the given document
+   * @private
+   * @param {Document} ownerDocument The document.
+   * @returns {Object} An object of data.
+   */
+  function getExpandoData(ownerDocument) {
+    var data = expandoData[ownerDocument[expando]];
+    if (!data) {
+        data = {};
+        expanID++;
+        ownerDocument[expando] = expanID;
+        expandoData[expanID] = data;
+    }
+    return data;
+  }
+
+  /**
+   * returns a shived element for the given nodeName and document
+   * @memberOf html5
+   * @param {String} nodeName name of the element
+   * @param {Document|DocumentFragment} ownerDocument The context document.
+   * @returns {Object} The shived element.
+   */
+  function createElement(nodeName, ownerDocument, data){
+    if (!ownerDocument) {
+        ownerDocument = document;
+    }
+    if(supportsUnknownElements){
+        return ownerDocument.createElement(nodeName);
+    }
+    if (!data) {
+        data = getExpandoData(ownerDocument);
+    }
+    var node;
+
+    if (data.cache[nodeName]) {
+        node = data.cache[nodeName].cloneNode();
+    } else if (saveClones.test(nodeName)) {
+        node = (data.cache[nodeName] = data.createElem(nodeName)).cloneNode();
+    } else {
+        node = data.createElem(nodeName);
+    }
+
+    // Avoid adding some elements to fragments in IE < 9 because
+    // * Attributes like `name` or `type` cannot be set/changed once an element
+    //   is inserted into a document/fragment
+    // * Link elements with `src` attributes that are inaccessible, as with
+    //   a 403 response, will cause the tab/window to crash
+    // * Script elements appended to fragments will execute when their `src`
+    //   or `text` property is set
+    return node.canHaveChildren && !reSkip.test(nodeName) && !node.tagUrn ? data.frag.appendChild(node) : node;
+  }
+
+  /**
+   * returns a shived DocumentFragment for the given document
+   * @memberOf html5
+   * @param {Document} ownerDocument The context document.
+   * @returns {Object} The shived DocumentFragment.
+   */
+  function createDocumentFragment(ownerDocument, data){
+    if (!ownerDocument) {
+        ownerDocument = document;
+    }
+    if(supportsUnknownElements){
+        return ownerDocument.createDocumentFragment();
+    }
+    data = data || getExpandoData(ownerDocument);
+    var clone = data.frag.cloneNode(),
+        i = 0,
+        elems = getElements(),
+        l = elems.length;
+    for(;i<l;i++){
+        clone.createElement(elems[i]);
+    }
+    return clone;
+  }
+
+  /**
+   * Shivs the `createElement` and `createDocumentFragment` methods of the document.
+   * @private
+   * @param {Document|DocumentFragment} ownerDocument The document.
+   * @param {Object} data of the document.
+   */
+  function shivMethods(ownerDocument, data) {
+    if (!data.cache) {
+        data.cache = {};
+        data.createElem = ownerDocument.createElement;
+        data.createFrag = ownerDocument.createDocumentFragment;
+        data.frag = data.createFrag();
+    }
+
+
+    ownerDocument.createElement = function(nodeName) {
+      //abort shiv
+      if (!html5.shivMethods) {
+          return data.createElem(nodeName);
+      }
+      return createElement(nodeName, ownerDocument, data);
+    };
+
+    ownerDocument.createDocumentFragment = Function('h,f', 'return function(){' +
+      'var n=f.cloneNode(),c=n.createElement;' +
+      'h.shivMethods&&(' +
+        // unroll the `createElement` calls
+        getElements().join().replace(/[\w\-:]+/g, function(nodeName) {
+          data.createElem(nodeName);
+          data.frag.createElement(nodeName);
+          return 'c("' + nodeName + '")';
+        }) +
+      ');return n}'
+    )(html5, data.frag);
+  }
+
+  /*--------------------------------------------------------------------------*/
+
+  /**
+   * Shivs the given document.
+   * @memberOf html5
+   * @param {Document} ownerDocument The document to shiv.
+   * @returns {Document} The shived document.
+   */
+  function shivDocument(ownerDocument) {
+    if (!ownerDocument) {
+        ownerDocument = document;
+    }
+    var data = getExpandoData(ownerDocument);
+
+    if (html5.shivCSS && !supportsHtml5Styles && !data.hasCSS) {
+      data.hasCSS = !!addStyleSheet(ownerDocument,
+        // corrects block display not defined in IE6/7/8/9
+        'article,aside,dialog,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}' +
+        // adds styling not present in IE6/7/8/9
+        'mark{background:#FF0;color:#000}' +
+        // hides non-rendered elements
+        'template{display:none}'
+      );
+    }
+    if (!supportsUnknownElements) {
+      shivMethods(ownerDocument, data);
+    }
+    return ownerDocument;
+  }
+
+  /*--------------------------------------------------------------------------*/
+
+  /**
+   * The `html5` object is exposed so that more elements can be shived and
+   * existing shiving can be detected on iframes.
+   * @type Object
+   * @example
+   *
+   * // options can be changed before the script is included
+   * html5 = { 'elements': 'mark section', 'shivCSS': false, 'shivMethods': false };
+   */
+  var html5 = {
+
+    /**
+     * An array or space separated string of node names of the elements to shiv.
+     * @memberOf html5
+     * @type Array|String
+     */
+    'elements': options.elements || 'abbr article aside audio bdi canvas data datalist details dialog figcaption figure footer header hgroup main mark meter nav output picture progress section summary template time video',
+
+    /**
+     * current version of html5shiv
+     */
+    'version': version,
+
+    /**
+     * A flag to indicate that the HTML5 style sheet should be inserted.
+     * @memberOf html5
+     * @type Boolean
+     */
+    'shivCSS': (options.shivCSS !== false),
+
+    /**
+     * Is equal to true if a browser supports creating unknown/HTML5 elements
+     * @memberOf html5
+     * @type boolean
+     */
+    'supportsUnknownElements': supportsUnknownElements,
+
+    /**
+     * A flag to indicate that the document's `createElement` and `createDocumentFragment`
+     * methods should be overwritten.
+     * @memberOf html5
+     * @type Boolean
+     */
+    'shivMethods': (options.shivMethods !== false),
+
+    /**
+     * A string to describe the type of `html5` object ("default" or "default print").
+     * @memberOf html5
+     * @type String
+     */
+    'type': 'default',
+
+    // shivs the document according to the specified `html5` object options
+    'shivDocument': shivDocument,
+
+    //creates a shived element
+    createElement: createElement,
+
+    //creates a shived documentFragment
+    createDocumentFragment: createDocumentFragment,
+
+    //extends list of elements
+    addElements: addElements
+  };
+
+  /*--------------------------------------------------------------------------*/
+
+  // expose html5
+  window.html5 = html5;
+
+  // shiv the document
+  shivDocument(document);
+
+  if(typeof module == 'object' && module.exports){
+    module.exports = html5;
+  }
+
+}(typeof window !== "undefined" ? window : this, document));

wp-content/themes/twentysixteen/js/keyboard-image-navigation.js

@@ -0,0 +1,26 @@
+/**
+ * Twenty Sixteen keyboard support for image navigation.
+ */
+
+( function( $ ) {
+	$( document ).on( 'keydown.twentysixteen', function( e ) {
+		var url = false;
+
+		// Left arrow key code.
+		if ( 37 === e.which ) {
+			url = $( '.nav-previous a' ).attr( 'href' );
+
+		// Right arrow key code.
+		} else if ( 39 === e.which ) {
+			url = $( '.nav-next a' ).attr( 'href' );
+
+		// Other key code.
+		} else {
+			return;
+		}
+
+		if ( url && ! $( 'textarea, input' ).is( ':focus' ) ) {
+			window.location = url;
+		}
+	} );
+} )( jQuery );

wp-content/themes/twentysixteen/js/skip-link-focus-fix.js

@@ -0,0 +1,36 @@
+/**
+ * Makes "skip to content" link work correctly in IE9, Chrome, and Opera
+ * for better accessibility.
+ *
+ * @link http://www.nczonline.net/blog/2013/01/15/fixing-skip-to-content-links/
+ */
+
+ ( function() {
+	var isWebkit = navigator.userAgent.toLowerCase().indexOf( 'webkit' ) > -1,
+		isOpera  = navigator.userAgent.toLowerCase().indexOf( 'opera' )  > -1,
+		isIE     = navigator.userAgent.toLowerCase().indexOf( 'msie' )   > -1;
+
+	if ( ( isWebkit || isOpera || isIE ) && document.getElementById && window.addEventListener ) {
+		window.addEventListener( 'hashchange', function() {
+			var id = location.hash.substring( 1 ),
+				element;
+
+			if ( ! ( /^[A-z0-9_-]+$/.test( id ) ) ) {
+				return;
+			}
+
+			element = document.getElementById( id );
+
+			if ( element ) {
+				if ( ! ( /^(?:a|select|input|button|textarea)$/i.test( element.tagName ) ) ) {
+					element.tabIndex = -1;
+				}
+
+				element.focus();
+
+				// Repositions the window on jump-to-anchor to account for admin bar and border height.
+				window.scrollBy( 0, -53 );
+			}
+		}, false );
+	}
+} )();

wp-content/themes/twentysixteen/page.php

@@ -0,0 +1,41 @@
+<?php
+/**
+ * The template for displaying pages
+ *
+ * This is the template that displays all pages by default.
+ * Please note that this is the WordPress construct of pages and that
+ * other "pages" on your WordPress site will use a different template.
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+get_header(); ?>
+
+<div id="primary" class="content-area">
+	<main id="main" class="site-main" role="main">
+		<?php
+		// Start the loop.
+		while ( have_posts() ) : the_post();
+
+			// Include the page content template.
+			get_template_part( 'template-parts/content', 'page' );
+
+			// If comments are open or we have at least one comment, load up the comment template.
+			if ( comments_open() || get_comments_number() ) {
+				comments_template();
+			}
+
+			// End of the loop.
+		endwhile;
+		?>
+
+	</main><!-- .site-main -->
+
+	<?php get_sidebar( 'content-bottom' ); ?>
+
+</div><!-- .content-area -->
+
+<?php get_sidebar(); ?>
+<?php get_footer(); ?>

wp-content/themes/twentysixteen/readme.txt

@@ -0,0 +1,81 @@
+=== Twenty Sixteen ===
+Contributors: the WordPress team
+Requires at least: WordPress 4.4
+Tested up to: WordPress 4.5
+Version: 1.3
+License: GPLv2 or later
+License URI: http://www.gnu.org/licenses/gpl-2.0.html
+Tags: one-column, two-columns, right-sidebar, accessibility-ready, custom-background, custom-colors, custom-header, custom-menu, editor-style, featured-images, flexible-header, microformats, post-formats, rtl-language-support, sticky-post, threaded-comments, translation-ready, blog
+
+== Description ==
+Twenty Sixteen is a modernized take on an ever-popular WordPress layout — the horizontal masthead with an optional right sidebar that works perfectly for blogs and websites. It has custom color options with beautiful default color schemes, a harmonious fluid grid using a mobile-first approach, and impeccable polish in every detail. Twenty Sixteen will make your WordPress look beautiful everywhere.
+
+* Mobile-first, Responsive Layout
+* Custom Colors
+* Custom Header
+* Social Links
+* Post Formats
+* The GPL v2.0 or later license. :) Use it to make something cool.
+
+For more information about Twenty Sixteen please go to https://codex.wordpress.org/Twenty_Sixteen.
+
+== Installation ==
+
+1. In your admin panel, go to Appearance -> Themes and click the 'Add New' button.
+2. Type in Twenty Sixteen in the search form and press the 'Enter' key on your keyboard.
+3. Click on the 'Activate' button to use your new theme right away.
+4. Go to https://codex.wordpress.org/Twenty_Sixteen for a guide on how to customize this theme.
+5. Navigate to Appearance > Customize in your admin panel and customize to taste.
+
+== Copyright ==
+
+Twenty Sixteen WordPress Theme, Copyright 2014-2015 WordPress.org
+Twenty Sixteen is distributed under the terms of the GNU GPL
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+Twenty Sixteen Theme bundles the following third-party resources:
+
+HTML5 Shiv v3.7.0, Copyright 2014 Alexander Farkas
+Licenses: MIT/GPL2
+Source: https://github.com/aFarkas/html5shiv
+
+Genericons icon font, Copyright 2013-2015 Automattic.com
+License: GNU GPL, Version 2 (or later)
+Source: http://www.genericons.com
+
+Image used in screenshot.png: A photo by Austin Schmid (https://unsplash.com/schmidy/), licensed under Creative Commons Zero(http://creativecommons.org/publicdomain/zero/1.0/)
+
+== Changelog ==
+
+= 1.3 =
+* Released: August 16, 2016
+
+https://codex.wordpress.org/Twenty_Sixteen_Theme_Changelog#Version_1.3
+
+= 1.2 =
+* Released: April 12, 2016
+
+https://codex.wordpress.org/Twenty_Sixteen_Theme_Changelog#Version_1.2
+
+= 1.1 =
+* Released: January 6, 2016
+
+https://codex.wordpress.org/Twenty_Sixteen_Theme_Changelog#Version_1.1
+
+= 1.0 =
+* Released: December 8, 2015
+
+Initial release
+
+== Notes ==
+
+Only the default and dark color schemes are accessibility ready.

wp-content/themes/twentysixteen/rtl.css

@@ -0,0 +1,754 @@
+/*
+Theme Name: Twenty Sixteen
+Description: Adds support for languages written in a Right To Left (RTL) direction.
+It's easy, just a matter of overwriting all the horizontal positioning attributes
+of your CSS stylesheet in a separate stylesheet file named rtl.css.
+
+See: https://codex.wordpress.org/Right_to_Left_Language_Support
+*/
+
+/**
+ * Table of Contents:
+ *
+ * 1.0 - Normalize
+ * 2.0 - Typography
+ * 3.0 - Elements
+ * 4.0 - Forms
+ * 5.0 - Navigations
+ * 6.0 - Accessibility
+ * 7.0 - Widgets
+ * 8.0 - Content
+ *   8.1 - Header
+ *   8.2 - Posts and pages
+ *   8.3 - Comments
+ *   8.4 - Footer
+ * 9.0 - Multisites
+ * 10.0 - Media Queries
+ *    10.1 - >= 710px
+ *    10.2 - >= 910px
+ *    10.3 - >= 985px
+ *    10.4 - >= 1200px
+ */
+
+
+/**
+ * 1.0 - Normalize
+ */
+
+body {
+	direction: rtl;
+	unicode-bidi: embed;
+}
+
+input[type="checkbox"],
+input[type="radio"] {
+	margin-right: auto;
+	margin-left: 0.4375em;
+}
+
+
+/**
+ * 2.0 - Typography
+ */
+
+body,
+button,
+button[disabled]:hover,
+button[disabled]:focus,
+input[type="button"],
+input[type="button"][disabled]:hover,
+input[type="button"][disabled]:focus,
+input[type="reset"],
+input[type="reset"][disabled]:hover,
+input[type="reset"][disabled]:focus,
+input[type="submit"],
+input[type="submit"][disabled]:hover,
+input[type="submit"][disabled]:focus,
+input,
+select,
+textarea,
+.post-password-form label,
+.main-navigation,
+.post-navigation,
+.post-navigation .post-title,
+.pagination,
+.image-navigation,
+.comment-navigation,
+.site .skip-link,
+.logged-in .site .skip-link,
+.widget .widget-title,
+.widget_recent_entries .post-date,
+.widget_rss .rss-date,
+.widget_rss cite,
+.tagcloud a,
+.site-title,
+.entry-title,
+.entry-footer,
+.sticky-post,
+.page-title,
+.page-links,
+.comments-title,
+.comment-reply-title,
+.comment-metadata,
+.pingback .edit-link,
+.comment-reply-link,
+.comment-form label,
+.no-comments,
+.required,
+.site-footer .site-title,
+.site-footer .site-title:after,
+.widecolumn label,
+.widecolumn .mu_register label {
+	font-family: Arial, Tahoma, sans-serif;
+}
+
+::-webkit-input-placeholder {
+	font-family: Arial, Tahoma, sans-serif;
+}
+
+:-moz-placeholder {
+	font-family: Arial, Tahoma, sans-serif;
+}
+
+::-moz-placeholder {
+	font-family: Arial, Tahoma, sans-serif;
+}
+
+:-ms-input-placeholder {
+	font-family: Arial, Tahoma, sans-serif;
+}
+
+blockquote {
+	border-right-width: 4px;
+	border-left-width: 0;
+	padding-right: 1.263157895em;
+	padding-left: 0;
+}
+
+.entry-content h1,
+.entry-content h2,
+.entry-content h3,
+.entry-content h4,
+.entry-content h5,
+.entry-content h6,
+.entry-summary h1,
+.entry-summary h2,
+.entry-summary h3,
+.entry-summary h4,
+.entry-summary h5,
+.entry-summary h6,
+.comment-content h1,
+.comment-content h2,
+.comment-content h3,
+.comment-content h4,
+.comment-content h5,
+.comment-content h6,
+.textwidget h1,
+.textwidget h2,
+.textwidget h3,
+.textwidget h4,
+.textwidget h5,
+.textwidget h6,
+.entry-content .author-title,
+.widget_calendar caption,
+.widecolumn h2 {
+	font-weight: 700;
+}
+
+
+/**
+ * 3.0 - Elements
+ */
+
+ul,
+ol {
+	margin: 0 1.25em 1.75em 0;
+}
+
+ol {
+	margin-right: 1.5em;
+	margin-left: 0;
+}
+
+caption,
+th,
+td {
+	text-align: right;
+}
+
+
+/**
+ * 4.0 - Forms
+ */
+
+input[type="search"].search-field {
+	border-radius: 0 2px 2px 0;
+}
+
+.search-submit:before {
+	left: 1px;
+}
+
+.search-submit {
+	border-radius: 2px 0 0 2px;
+	left: 0;
+	right: auto;
+}
+
+
+/**
+ * 5.0 - Navigation
+ */
+
+.main-navigation ul ul {
+	margin-right: 0.875em;
+	margin-left: auto;
+}
+
+.main-navigation .menu-item-has-children > a {
+	margin-right: auto;
+	margin-left: 56px;
+}
+
+.dropdown-toggle {
+	left: 0;
+	right: auto;
+}
+
+.dropdown-toggle:after {
+	border-right-width: 1px;
+	border-left-width: 0;
+	left: auto;
+	right: 1px;
+}
+
+.social-navigation li {
+	float: right;
+	margin: 0 0 0.4375em 0.4375em;
+}
+
+.pagination:before {
+	left: 0;
+	right: auto;
+}
+
+.pagination:after {
+	left: 54px;
+	right: auto;
+}
+
+.pagination .nav-links {
+	padding-right: 0;
+	padding-left: 106px;
+}
+
+.pagination .nav-links:before {
+	content: "\f430";
+	left: -1px;
+	right: auto;
+}
+
+.pagination .nav-links:after {
+	content: "\f429";
+	left: 55px;
+	right: auto;
+}
+
+.pagination .page-numbers {
+	margin: 0 -0.7368421053em 0 0.7368421053em;
+}
+
+.pagination .prev,
+.pagination .next {
+	margin: 0;
+}
+
+.pagination .prev {
+	left: 54px;
+	right: auto;
+}
+
+.pagination .prev:before {
+	content: "\f429";
+	left: auto;
+	right: -1px;
+}
+
+.pagination .next {
+	left: 0;
+	right: auto;
+}
+
+.pagination .next:before {
+	content: "\f430";
+	left: -1px;
+	right: auto;
+}
+
+.comment-navigation {
+	margin-right: 0;
+	margin-left: 0;
+}
+
+
+/**
+ * 6.0 - Accessibility
+ */
+
+.site .skip-link {
+	left: auto;
+	right: -9999em;
+}
+
+.site .skip-link:focus {
+	left: auto;
+	right: 6px;
+}
+
+
+/**
+ * 7.0 - Widgets
+ */
+
+.tagcloud a {
+	margin-right: 0;
+	margin-left: 0.1875em;
+}
+
+
+/**
+ * 8.0 - Content
+ */
+
+
+/**
+ * 8.1 - Header
+ */
+
+.site-branding {
+	margin-right: 0;
+	margin-left: auto;
+}
+
+
+/**
+ * 8.2 - Posts and pages
+ */
+
+.author-avatar .avatar {
+	float: right;
+	margin-right: 0;
+	margin-left: 1.75em;
+}
+
+.entry-footer .avatar {
+	margin-right: 0;
+	margin-left: 0.5384615385em;
+}
+
+.page-links a,
+.page-links > span {
+	margin-right: auto;
+	margin-left: 0.3076923077em;
+}
+
+.page-links > .page-links-title {
+	padding-right: 0;
+	padding-left: 0.6153846154em;
+}
+
+body:not(.search-results) .entry-summary .alignright {
+	margin: 0.2631578947em 0 1.4736842105em 1.4736842105em;
+}
+
+body:not(.search-results) .entry-summary .alignleft {
+	margin: 0.2631578947em 1.4736842105em 1.4736842105em 0;
+}
+
+
+/**
+ * 8.3 - Comments
+ */
+
+.comment-list .children > li {
+	padding-right: 0.875em;
+	padding-left: 0;
+}
+
+.comment-author .avatar {
+	float: right;
+	margin-right: auto;
+	margin-left: 0.875em;
+}
+
+.bypostauthor > article .fn:after {
+	left: auto;
+	right: 3px;
+}
+
+.comment-content ul,
+.comment-content ol {
+	margin: 0 1.25em 1.5em 0;
+}
+
+.comment-reply-title small a {
+	float: left;
+}
+
+
+/**
+ * 8.4 - Footer
+ */
+
+.site-footer .site-title:after {
+	padding-right: 0.538461538em;
+	padding-left: 0.307692308em;
+}
+
+
+/**
+ * 9.0 - Multisites
+ */
+
+.widecolumn .mu_register label {
+	margin-right: 0;
+	margin-left: 0.7692307692em;
+}
+
+
+/**
+ * 10.0 - Media Queries
+ */
+
+
+/**
+ * 10.1 - >= 710px
+ */
+
+@media screen and (min-width: 44.375em) {
+	.pagination {
+		margin: 0 7.6923% 4.421052632em 23.0769%;
+	}
+
+	.entry-header,
+	.post-thumbnail,
+	.entry-content,
+	.entry-summary,
+	.entry-footer,
+	.comments-area,
+	.image-navigation,
+	.post-navigation,
+	.page-header,
+	.page-content,
+	.content-bottom-widgets {
+		margin-right: 7.6923%;
+		margin-left: 23.0769%;
+	}
+
+	.entry-content blockquote:not(.alignright):not(.alignleft),
+	.entry-summary blockquote,
+	.comment-content blockquote {
+		margin-right: -1.473684211em;
+		margin-left: auto;
+	}
+
+	.entry-content blockquote blockquote:not(.alignright):not(.alignleft),
+	.entry-summary blockquote blockquote,
+	.comment-content blockquote blockquote {
+		margin-right: 0;
+		margin-left: auto;
+	}
+
+	.entry-content ul,
+	.entry-summary ul,
+	.comment-content ul,
+	.entry-content ol,
+	.entry-summary ol,
+	.comment-content ol {
+		margin-right: 0;
+		margin-left: auto;
+	}
+
+	.entry-content li > ul,
+	.entry-summary li > ul,
+	.comment-content li > ul,
+	.entry-content blockquote > ul,
+	.entry-summary blockquote > ul,
+	.comment-content blockquote > ul {
+		margin-right: 1.25em;
+		margin-left: auto;
+	}
+
+	.entry-content li > ol,
+	.entry-summary li > ol,
+	.comment-content li > ol,
+	.entry-content blockquote > ol,
+	.entry-summary blockquote > ol,
+	.comment-content blockquote > ol {
+		margin-right: 1.5em;
+		margin-left: auto;
+	}
+
+	.comment-list .children > li {
+		padding-right: 1.75em;
+		padding-left: 0;
+	}
+
+	.sidebar,
+	.widecolumn {
+		padding-right: 7.6923%;
+		padding-left: 23.0769%;
+	}
+
+	body:not(.search-results) .entry-summary li > ul,
+	body:not(.search-results) .entry-summary blockquote > ul {
+		margin-right: 1.157894737em;
+		margin-left: auto;
+	}
+
+	body:not(.search-results) .entry-summary li > ol,
+	body:not(.search-results) .entry-summary blockquote > ol {
+		margin-right: 1.473684211em;
+		margin-left: auto;
+	}
+}
+
+
+/**
+ * 10.2 - >= 910px
+ */
+
+@media screen and (min-width: 56.875em) {
+	.main-navigation .primary-menu > li {
+		float: right;
+	}
+
+	.main-navigation ul ul {
+		left: auto;
+		margin: 0;
+		right: -999em;
+	}
+
+	.main-navigation ul ul:before {
+		left: 9px;
+		right: auto;
+	}
+
+	.main-navigation ul ul:after {
+		left: 11px;
+		right: auto;
+	}
+
+	.main-navigation li:hover > ul,
+	.main-navigation li.focus > ul {
+		left: 0;
+		right: auto;
+	}
+
+	.main-navigation ul ul li:hover > ul,
+	.main-navigation ul ul li.focus > ul {
+		left: 100%;
+		right: auto;
+	}
+
+	.main-navigation .menu-item-has-children > a {
+		margin: 0;
+		padding-right: 0.875em;
+		padding-left: 2.25em;
+	}
+
+	.main-navigation .menu-item-has-children > a:after {
+		left: 0.625em;
+		right: auto;
+	}
+
+	.main-navigation ul ul .menu-item-has-children > a {
+		padding-right: 0.875em;
+		padding-left: 2.0625em;
+	}
+
+	.main-navigation ul ul .menu-item-has-children > a:after {
+		left: 0.5625em;
+		right: auto;
+		top: 0.8125em;
+		-webkit-transform: rotate(-90deg);
+		-moz-transform: rotate(-90deg);
+		-ms-transform: rotate(-90deg);
+		transform: rotate(-90deg);
+	}
+
+	.content-area {
+		float: right;
+		margin-right: auto;
+		margin-left: -100%;
+	}
+
+	.entry-header,
+	.post-thumbnail,
+	.entry-content,
+	.entry-summary,
+	.entry-footer,
+	.comments-area,
+	.image-navigation,
+	.post-navigation,
+	.pagination,
+	.page-header,
+	.page-content,
+	.content-bottom-widgets {
+		margin-right: 0;
+		margin-left: 0;
+	}
+
+	.sidebar {
+		float: right;
+		margin-right: 75%;
+		margin-left: auto;
+		padding: 0;
+	}
+
+	.widget blockquote {
+		padding-right: 1.0625em;
+		padding-left: 0;
+	}
+
+	.widget .alignright {
+		margin: 0.2307692308em 0 1.6153846154em 1.6153846154em;
+	}
+
+	.widget .alignleft {
+		margin: 0.2307692308em 1.6153846154em 1.6153846154em 0;
+	}
+
+	.tagcloud a {
+		margin: 0 0 0.5384615385em 0.2307692308em;
+	}
+
+	.content-bottom-widgets .widget-area:nth-child(1):nth-last-child(2),
+	.content-bottom-widgets .widget-area:nth-child(2):nth-last-child(1) {
+		float: right;
+		margin-right: auto;
+		margin-left: 7.1428571%;
+	}
+
+	.content-bottom-widgets .widget-area:nth-child(2):nth-last-child(1):last-of-type {
+		margin-right: auto;
+		margin-left: 0;
+	}
+
+	.site-info {
+		margin: 0.538461538em 0 0.538461538em auto;
+	}
+
+	.no-sidebar .entry-header,
+	.no-sidebar .entry-content,
+	.no-sidebar .entry-summary,
+	.no-sidebar .entry-footer,
+	.no-sidebar .comments-area,
+	.no-sidebar .image-navigation,
+	.no-sidebar .post-navigation,
+	.no-sidebar .pagination,
+	.no-sidebar .page-header,
+	.no-sidebar .page-content,
+	.no-sidebar .content-bottom-widgets {
+		margin-right: 15%;
+		margin-left: 15%;
+	}
+
+	.no-sidebar .post-thumbnail {
+		margin-right: 0;
+		margin-left: 0;
+	}
+
+	.widecolumn {
+		padding-right: 15%;
+		padding-left: 15%;
+	}
+}
+
+
+/**
+ * 10.3 - >= 985px
+ */
+
+@media screen and (min-width: 61.5625em) {
+	body:not(.search-results) article:not(.type-page) .entry-content {
+		float: left;
+	}
+
+	body:not(.search-results) article:not(.type-page) .entry-content > blockquote.alignleft.below-entry-meta {
+		margin-right: 1.473684211em;
+		margin-left: 0;
+		width: -webkit-calc(50% - 0.736842105em);
+		width: calc(50% - 0.736842105em);;
+	}
+
+	body:not(.search-results) article:not(.type-page) .entry-content > blockquote.alignright.below-entry-meta {
+		margin-right: -40%;
+		margin-left: 1.473684211em;
+		width: -webkit-calc(60% - 1.4736842105em);
+		width: calc(60% - 1.4736842105em);
+	}
+
+	body:not(.search-results) article:not(.type-page) img.below-entry-meta,
+	body:not(.search-results) article:not(.type-page) figure.below-entry-meta {
+		margin-right: -40%;
+		margin-left: 0;
+	}
+
+	body:not(.search-results) article:not(.type-page) .entry-footer {
+		float: right;
+	}
+
+	body.no-sidebar:not(.search-results) article:not(.type-page) .entry-content {
+		float: right;
+		margin-right: 34.99999999%;
+		margin-left: -100%;
+	}
+
+	body.no-sidebar:not(.search-results) article:not(.type-page) .entry-footer {
+		margin-right: 15%;
+		margin-left: -100%;
+	}
+}
+
+
+/**
+ * 10.4 - >= 1200px
+ */
+
+@media screen and (min-width: 75em) {
+	body:not(.search-results) .entry-summary li > ul,
+	body:not(.search-results) .entry-summary blockquote > ul {
+		margin-right: 0.956521739em;
+		margin-left: auto;
+	}
+
+	body:not(.search-results) .entry-summary li > ol,
+	body:not(.search-results) .entry-summary blockquote > ol {
+		margin-right: 1.52173913em;
+		margin-left: auto;
+	}
+
+	body:not(.search-results) .entry-summary blockquote {
+		padding-right: 1.347826087em;
+		padding-left: 0;
+	}
+
+	body:not(.search-results) .entry-summary blockquote:not(.alignright):not(.alignleft) {
+		margin-right: -1.52173913em;
+		margin-left: auto;
+	}
+
+	body:not(.search-results) .entry-summary blockquote blockquote:not(.alignright):not(.alignleft) {
+		margin-right: 0;
+		margin-left: auto;
+	}
+
+	body:not(.search-results) .entry-summary .alignright {
+		margin: 0.2608695652em 0 1.5217391304em 1.5217391304em;
+	}
+
+	body:not(.search-results) .entry-summary .alignleft {
+		margin: 0.2608695652em 1.5217391304em 1.5217391304em 0;
+	}
+}

wp-content/themes/twentysixteen/search.php

@@ -0,0 +1,53 @@
+<?php
+/**
+ * The template for displaying search results pages
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+get_header(); ?>
+
+	<section id="primary" class="content-area">
+		<main id="main" class="site-main" role="main">
+
+		<?php if ( have_posts() ) : ?>
+
+			<header class="page-header">
+				<h1 class="page-title"><?php printf( __( 'Search Results for: %s', 'twentysixteen' ), '<span>' . esc_html( get_search_query() ) . '</span>' ); ?></h1>
+			</header><!-- .page-header -->
+
+			<?php
+			// Start the loop.
+			while ( have_posts() ) : the_post();
+
+				/**
+				 * Run the loop for the search to output the results.
+				 * If you want to overload this in a child theme then include a file
+				 * called content-search.php and that will be used instead.
+				 */
+				get_template_part( 'template-parts/content', 'search' );
+
+			// End the loop.
+			endwhile;
+
+			// Previous/next page navigation.
+			the_posts_pagination( array(
+				'prev_text'          => __( 'Previous page', 'twentysixteen' ),
+				'next_text'          => __( 'Next page', 'twentysixteen' ),
+				'before_page_number' => '<span class="meta-nav screen-reader-text">' . __( 'Page', 'twentysixteen' ) . ' </span>',
+			) );
+
+		// If no content, include the "No posts found" template.
+		else :
+			get_template_part( 'template-parts/content', 'none' );
+
+		endif;
+		?>
+
+		</main><!-- .site-main -->
+	</section><!-- .content-area -->
+
+<?php get_sidebar(); ?>
+<?php get_footer(); ?>

wp-content/themes/twentysixteen/searchform.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * Template for displaying search forms in Twenty Sixteen
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+?>
+
+<form role="search" method="get" class="search-form" action="<?php echo esc_url( home_url( '/' ) ); ?>">
+	<label>
+		<span class="screen-reader-text"><?php echo _x( 'Search for:', 'label', 'twentysixteen' ); ?></span>
+		<input type="search" class="search-field" placeholder="<?php echo esc_attr_x( 'Search &hellip;', 'placeholder', 'twentysixteen' ); ?>" value="<?php echo get_search_query(); ?>" name="s" />
+	</label>
+	<button type="submit" class="search-submit"><span class="screen-reader-text"><?php echo _x( 'Search', 'submit button', 'twentysixteen' ); ?></span></button>
+</form>

wp-content/themes/twentysixteen/sidebar-content-bottom.php

@@ -0,0 +1,28 @@
+<?php
+/**
+ * The template for the content bottom widget areas on posts and pages
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+if ( ! is_active_sidebar( 'sidebar-2' ) && ! is_active_sidebar( 'sidebar-3' ) ) {
+	return;
+}
+
+// If we get this far, we have widgets. Let's do this.
+?>
+<aside id="content-bottom-widgets" class="content-bottom-widgets" role="complementary">
+	<?php if ( is_active_sidebar( 'sidebar-2' ) ) : ?>
+		<div class="widget-area">
+			<?php dynamic_sidebar( 'sidebar-2' ); ?>
+		</div><!-- .widget-area -->
+	<?php endif; ?>
+
+	<?php if ( is_active_sidebar( 'sidebar-3' ) ) : ?>
+		<div class="widget-area">
+			<?php dynamic_sidebar( 'sidebar-3' ); ?>
+		</div><!-- .widget-area -->
+	<?php endif; ?>
+</aside><!-- .content-bottom-widgets -->

wp-content/themes/twentysixteen/sidebar.php

@@ -0,0 +1,15 @@
+<?php
+/**
+ * The template for the sidebar containing the main widget area
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+?>
+
+<?php if ( is_active_sidebar( 'sidebar-1' )  ) : ?>
+	<aside id="secondary" class="sidebar widget-area" role="complementary">
+		<?php dynamic_sidebar( 'sidebar-1' ); ?>
+	</aside><!-- .sidebar .widget-area -->
+<?php endif; ?>

wp-content/themes/twentysixteen/single.php

@@ -0,0 +1,54 @@
+<?php
+/**
+ * The template for displaying all single posts and attachments
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+
+get_header(); ?>
+
+<div id="primary" class="content-area">
+	<main id="main" class="site-main" role="main">
+		<?php
+		// Start the loop.
+		while ( have_posts() ) : the_post();
+
+			// Include the single post content template.
+			get_template_part( 'template-parts/content', 'single' );
+
+			// If comments are open or we have at least one comment, load up the comment template.
+			if ( comments_open() || get_comments_number() ) {
+				comments_template();
+			}
+
+			if ( is_singular( 'attachment' ) ) {
+				// Parent post navigation.
+				the_post_navigation( array(
+					'prev_text' => _x( '<span class="meta-nav">Published in</span><span class="post-title">%title</span>', 'Parent post link', 'twentysixteen' ),
+				) );
+			} elseif ( is_singular( 'post' ) ) {
+				// Previous/next post navigation.
+				the_post_navigation( array(
+					'next_text' => '<span class="meta-nav" aria-hidden="true">' . __( 'Next', 'twentysixteen' ) . '</span> ' .
+						'<span class="screen-reader-text">' . __( 'Next post:', 'twentysixteen' ) . '</span> ' .
+						'<span class="post-title">%title</span>',
+					'prev_text' => '<span class="meta-nav" aria-hidden="true">' . __( 'Previous', 'twentysixteen' ) . '</span> ' .
+						'<span class="screen-reader-text">' . __( 'Previous post:', 'twentysixteen' ) . '</span> ' .
+						'<span class="post-title">%title</span>',
+				) );
+			}
+
+			// End of the loop.
+		endwhile;
+		?>
+
+	</main><!-- .site-main -->
+
+	<?php get_sidebar( 'content-bottom' ); ?>
+
+</div><!-- .content-area -->
+
+<?php get_sidebar(); ?>
+<?php get_footer(); ?>

wp-content/themes/twentysixteen/template-parts/biography.php

@@ -0,0 +1,37 @@
+<?php
+/**
+ * The template part for displaying an Author biography
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+?>
+
+<div class="author-info">
+	<div class="author-avatar">
+		<?php
+		/**
+		 * Filter the Twenty Sixteen author bio avatar size.
+		 *
+		 * @since Twenty Sixteen 1.0
+		 *
+		 * @param int $size The avatar height and width size in pixels.
+		 */
+		$author_bio_avatar_size = apply_filters( 'twentysixteen_author_bio_avatar_size', 42 );
+
+		echo get_avatar( get_the_author_meta( 'user_email' ), $author_bio_avatar_size );
+		?>
+	</div><!-- .author-avatar -->
+
+	<div class="author-description">
+		<h2 class="author-title"><span class="author-heading"><?php _e( 'Author:', 'twentysixteen' ); ?></span> <?php echo get_the_author(); ?></h2>
+
+		<p class="author-bio">
+			<?php the_author_meta( 'description' ); ?>
+			<a class="author-link" href="<?php echo esc_url( get_author_posts_url( get_the_author_meta( 'ID' ) ) ); ?>" rel="author">
+				<?php printf( __( 'View all posts by %s', 'twentysixteen' ), get_the_author() ); ?>
+			</a>
+		</p><!-- .author-bio -->
+	</div><!-- .author-description -->
+</div><!-- .author-info -->

wp-content/themes/twentysixteen/template-parts/content-none.php

@@ -0,0 +1,33 @@
+<?php
+/**
+ * The template part for displaying a message that posts cannot be found
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+?>
+
+<section class="no-results not-found">
+	<header class="page-header">
+		<h1 class="page-title"><?php _e( 'Nothing Found', 'twentysixteen' ); ?></h1>
+	</header><!-- .page-header -->
+
+	<div class="page-content">
+		<?php if ( is_home() && current_user_can( 'publish_posts' ) ) : ?>
+
+			<p><?php printf( __( 'Ready to publish your first post? <a href="%1$s">Get started here</a>.', 'twentysixteen' ), esc_url( admin_url( 'post-new.php' ) ) ); ?></p>
+
+		<?php elseif ( is_search() ) : ?>
+
+			<p><?php _e( 'Sorry, but nothing matched your search terms. Please try again with some different keywords.', 'twentysixteen' ); ?></p>
+			<?php get_search_form(); ?>
+
+		<?php else : ?>
+
+			<p><?php _e( 'It seems we can&rsquo;t find what you&rsquo;re looking for. Perhaps searching can help.', 'twentysixteen' ); ?></p>
+			<?php get_search_form(); ?>
+
+		<?php endif; ?>
+	</div><!-- .page-content -->
+</section><!-- .no-results -->

wp-content/themes/twentysixteen/template-parts/content-page.php

@@ -0,0 +1,45 @@
+<?php
+/**
+ * The template used for displaying page content
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+?>
+
+<article id="post-<?php the_ID(); ?>" <?php post_class(); ?>>
+	<header class="entry-header">
+		<?php the_title( '<h1 class="entry-title">', '</h1>' ); ?>
+	</header><!-- .entry-header -->
+
+	<?php twentysixteen_post_thumbnail(); ?>
+
+	<div class="entry-content">
+		<?php
+		the_content();
+
+		wp_link_pages( array(
+			'before'      => '<div class="page-links"><span class="page-links-title">' . __( 'Pages:', 'twentysixteen' ) . '</span>',
+			'after'       => '</div>',
+			'link_before' => '<span>',
+			'link_after'  => '</span>',
+			'pagelink'    => '<span class="screen-reader-text">' . __( 'Page', 'twentysixteen' ) . ' </span>%',
+			'separator'   => '<span class="screen-reader-text">, </span>',
+		) );
+		?>
+	</div><!-- .entry-content -->
+
+	<?php
+		edit_post_link(
+			sprintf(
+				/* translators: %s: Name of current post */
+				__( 'Edit<span class="screen-reader-text"> "%s"</span>', 'twentysixteen' ),
+				get_the_title()
+			),
+			'<footer class="entry-footer"><span class="edit-link">',
+			'</span></footer><!-- .entry-footer -->'
+		);
+	?>
+
+</article><!-- #post-## -->

wp-content/themes/twentysixteen/template-parts/content-search.php

@@ -0,0 +1,53 @@
+<?php
+/**
+ * The template part for displaying results in search pages
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+?>
+
+<article id="post-<?php the_ID(); ?>" <?php post_class(); ?>>
+	<header class="entry-header">
+		<?php the_title( sprintf( '<h2 class="entry-title"><a href="%s" rel="bookmark">', esc_url( get_permalink() ) ), '</a></h2>' ); ?>
+	</header><!-- .entry-header -->
+
+	<?php twentysixteen_post_thumbnail(); ?>
+
+	<?php twentysixteen_excerpt(); ?>
+
+	<?php if ( 'post' === get_post_type() ) : ?>
+
+		<footer class="entry-footer">
+			<?php twentysixteen_entry_meta(); ?>
+			<?php
+				edit_post_link(
+					sprintf(
+						/* translators: %s: Name of current post */
+						__( 'Edit<span class="screen-reader-text"> "%s"</span>', 'twentysixteen' ),
+						get_the_title()
+					),
+					'<span class="edit-link">',
+					'</span>'
+				);
+			?>
+		</footer><!-- .entry-footer -->
+
+	<?php else : ?>
+
+		<?php
+			edit_post_link(
+				sprintf(
+					/* translators: %s: Name of current post */
+					__( 'Edit<span class="screen-reader-text"> "%s"</span>', 'twentysixteen' ),
+					get_the_title()
+				),
+				'<footer class="entry-footer"><span class="edit-link">',
+				'</span></footer><!-- .entry-footer -->'
+			);
+		?>
+
+	<?php endif; ?>
+</article><!-- #post-## -->
+

wp-content/themes/twentysixteen/template-parts/content-single.php

@@ -0,0 +1,53 @@
+<?php
+/**
+ * The template part for displaying single posts
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+?>
+
+<article id="post-<?php the_ID(); ?>" <?php post_class(); ?>>
+	<header class="entry-header">
+		<?php the_title( '<h1 class="entry-title">', '</h1>' ); ?>
+	</header><!-- .entry-header -->
+
+	<?php twentysixteen_excerpt(); ?>
+
+	<?php twentysixteen_post_thumbnail(); ?>
+
+	<div class="entry-content">
+		<?php
+			the_content();
+
+			wp_link_pages( array(
+				'before'      => '<div class="page-links"><span class="page-links-title">' . __( 'Pages:', 'twentysixteen' ) . '</span>',
+				'after'       => '</div>',
+				'link_before' => '<span>',
+				'link_after'  => '</span>',
+				'pagelink'    => '<span class="screen-reader-text">' . __( 'Page', 'twentysixteen' ) . ' </span>%',
+				'separator'   => '<span class="screen-reader-text">, </span>',
+			) );
+
+			if ( '' !== get_the_author_meta( 'description' ) ) {
+				get_template_part( 'template-parts/biography' );
+			}
+		?>
+	</div><!-- .entry-content -->
+
+	<footer class="entry-footer">
+		<?php twentysixteen_entry_meta(); ?>
+		<?php
+			edit_post_link(
+				sprintf(
+					/* translators: %s: Name of current post */
+					__( 'Edit<span class="screen-reader-text"> "%s"</span>', 'twentysixteen' ),
+					get_the_title()
+				),
+				'<span class="edit-link">',
+				'</span>'
+			);
+		?>
+	</footer><!-- .entry-footer -->
+</article><!-- #post-## -->

wp-content/themes/twentysixteen/template-parts/content.php

@@ -0,0 +1,57 @@
+<?php
+/**
+ * The template part for displaying content
+ *
+ * @package WordPress
+ * @subpackage Twenty_Sixteen
+ * @since Twenty Sixteen 1.0
+ */
+?>
+
+<article id="post-<?php the_ID(); ?>" <?php post_class(); ?>>
+	<header class="entry-header">
+		<?php if ( is_sticky() && is_home() && ! is_paged() ) : ?>
+			<span class="sticky-post"><?php _e( 'Featured', 'twentysixteen' ); ?></span>
+		<?php endif; ?>
+
+		<?php the_title( sprintf( '<h2 class="entry-title"><a href="%s" rel="bookmark">', esc_url( get_permalink() ) ), '</a></h2>' ); ?>
+	</header><!-- .entry-header -->
+
+	<?php twentysixteen_excerpt(); ?>
+
+	<?php twentysixteen_post_thumbnail(); ?>
+
+	<div class="entry-content">
+		<?php
+			/* translators: %s: Name of current post */
+			the_content( sprintf(
+				__( 'Continue reading<span class="screen-reader-text"> "%s"</span>', 'twentysixteen' ),
+				get_the_title()
+			) );
+
+			wp_link_pages( array(
+				'before'      => '<div class="page-links"><span class="page-links-title">' . __( 'Pages:', 'twentysixteen' ) . '</span>',
+				'after'       => '</div>',
+				'link_before' => '<span>',
+				'link_after'  => '</span>',
+				'pagelink'    => '<span class="screen-reader-text">' . __( 'Page', 'twentysixteen' ) . ' </span>%',
+				'separator'   => '<span class="screen-reader-text">, </span>',
+			) );
+		?>
+	</div><!-- .entry-content -->
+
+	<footer class="entry-footer">
+		<?php twentysixteen_entry_meta(); ?>
+		<?php
+			edit_post_link(
+				sprintf(
+					/* translators: %s: Name of current post */
+					__( 'Edit<span class="screen-reader-text"> "%s"</span>', 'twentysixteen' ),
+					get_the_title()
+				),
+				'<span class="edit-link">',
+				'</span>'
+			);
+		?>
+	</footer><!-- .entry-footer -->
+</article><!-- #post-## -->

wp-includes/cache.php

@@ -691,7 +691,7 @@ class WP_Object_Cache {
 		echo "</p>";
 		echo '<ul>';
 		foreach ($this->cache as $group => $cache) {
-			echo "<li><strong>Group:</strong> $group - ( " . number_format( strlen( serialize( $cache ) ) / KB_IN_BYTES, 2 ) . 'k )</li>';
+			echo '<li><strong>Group:</strong> ' . esc_html( $group ) . ' - ( ' . number_format( strlen( serialize( $cache ) ) / KB_IN_BYTES, 2 ) . 'k )</li>';
 		}
 		echo '</ul>';
 	}

wp-includes/class-oembed.php

@@ -221,6 +221,7 @@ class WP_oEmbed {
 	 * @return false|string False on failure, otherwise the oEmbed provider URL.
 	 */
 	public function get_provider( $url, $args = '' ) {
+		$args = wp_parse_args( $args );
 
 		$provider = false;
 
@@ -315,10 +316,34 @@ class WP_oEmbed {
 	 * @return false|string False on failure, otherwise the UNSANITIZED (and potentially unsafe) HTML that should be used to embed.
 	 */
 	public function get_html( $url, $args = '' ) {
+		$args = wp_parse_args( $args );
+
+		/**
+		 * Filters the oEmbed result before any HTTP requests are made.
+		 *
+		 * This allows one to short-circuit the default logic, perhaps by
+		 * replacing it with a routine that is more optimal for your setup.
+		 *
+		 * Passing a non-null value to the filter will effectively short-circuit retrieval,
+		 * returning the passed value instead.
+		 *
+		 * @since 4.5.3
+		 *
+		 * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. Default null.
+		 * @param string      $url    The URL to the content that should be attempted to be embedded.
+		 * @param array       $args   Optional. Arguments, usually passed from a shortcode. Default empty.
+		 */
+		$pre = apply_filters( 'pre_oembed_result', null, $url, $args );
+
+		if ( null !== $pre ) {
+			return $pre;
+		}
+
 		$provider = $this->get_provider( $url, $args );
 
-		if ( !$provider || false === $data = $this->fetch( $provider, $url, $args ) )
+		if ( ! $provider || false === $data = $this->fetch( $provider, $url, $args ) ) {
 			return false;
+		}
 
 		/**
 		 * Filter the HTML returned by the oEmbed provider.

wp-includes/class-phpmailer.php

@@ -31,7 +31,7 @@ class PHPMailer
      * The PHPMailer Version number.
      * @var string
      */
-    public $Version = '5.2.14';
+    public $Version = '5.2.22';
 
     /**
      * Email priority.
@@ -201,6 +201,9 @@ class PHPMailer
     /**
      * An ID to be used in the Message-ID header.
      * If empty, a unique id will be generated.
+     * You can set your own, but it must be in the format "<id@domain>",
+     * as defined in RFC5322 section 3.6.4 or it will be ignored.
+     * @see https://tools.ietf.org/html/rfc5322#section-3.6.4
      * @var string
      */
     public $MessageID = '';
@@ -285,7 +288,7 @@ class PHPMailer
 
     /**
      * SMTP auth type.
-     * Options are LOGIN (default), PLAIN, NTLM, CRAM-MD5
+     * Options are CRAM-MD5, LOGIN, PLAIN, attempted in that order if not specified
      * @var string
      */
     public $AuthType = '';
@@ -352,6 +355,7 @@ class PHPMailer
     /**
      * Whether to split multiple to addresses into multiple messages
      * or send them all in one message.
+     * Only supported in `mail` and `sendmail` transports, not in SMTP.
      * @var boolean
      */
     public $SingleTo = false;
@@ -394,7 +398,7 @@ class PHPMailer
 
     /**
      * DKIM Identity.
-     * Usually the email address used as the source of the email
+     * Usually the email address used as the source of the email.
      * @var string
      */
     public $DKIM_identity = '';
@@ -419,6 +423,13 @@ class PHPMailer
      */
     public $DKIM_private = '';
 
+    /**
+     * DKIM private key string.
+     * If set, takes precedence over `$DKIM_private`.
+     * @var string
+     */
+    public $DKIM_private_string = '';
+
     /**
      * Callback Action function name.
      *
@@ -446,6 +457,15 @@ class PHPMailer
      */
     public $XMailer = '';
 
+    /**
+     * Which validator to use by default when validating email addresses.
+     * May be a callable to inject your own validator, but there are several built-in validators.
+     * @see PHPMailer::validateAddress()
+     * @var string|callable
+     * @static
+     */
+    public static $validator = 'auto';
+
     /**
      * An instance of the SMTP sender class.
      * @var SMTP
@@ -634,9 +654,11 @@ class PHPMailer
      * Constructor.
      * @param boolean $exceptions Should we throw external exceptions?
      */
-    public function __construct($exceptions = false)
+    public function __construct($exceptions = null)
     {
-        $this->exceptions = (boolean)$exceptions;
+        if ($exceptions !== null) {
+            $this->exceptions = (boolean)$exceptions;
+        }
     }
 
     /**
@@ -645,9 +667,7 @@ class PHPMailer
     public function __destruct()
     {
         //Close any open SMTP connection nicely
-        if ($this->Mailer == 'smtp') {
-            $this->smtpClose();
-        }
+        $this->smtpClose();
     }
 
     /**
@@ -671,14 +691,16 @@ class PHPMailer
         } else {
             $subject = $this->encodeHeader($this->secureHeader($subject));
         }
-        if (ini_get('safe_mode') || !($this->UseSendmailOptions)) {
+
+        //Can't use additional_parameters in safe_mode, calling mail() with null params breaks
+        //@link http://php.net/manual/en/function.mail.php
+        if (ini_get('safe_mode') or !$this->UseSendmailOptions or is_null($params)) {
             $result = @mail($to, $subject, $body, $header);
         } else {
             $result = @mail($to, $subject, $body, $header, $params);
         }
         return $result;
     }
-
     /**
      * Output debugging info via user-defined method.
      * Only generates output if SMTP debug output is enabled (@see SMTP::$do_debug).
@@ -713,7 +735,7 @@ class PHPMailer
             case 'echo':
             default:
                 //Normalize line breaks
-                $str = preg_replace('/(\r\n|\r|\n)/ms', "\n", $str);
+                $str = preg_replace('/\r\n?/ms', "\n", $str);
                 echo gmdate('Y-m-d H:i:s') . "\t" . str_replace(
                     "\n",
                     "\n                   \t                  ",
@@ -850,7 +872,7 @@ class PHPMailer
         $name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim
         if (($pos = strrpos($address, '@')) === false) {
             // At-sign is misssing.
-            $error_message = $this->lang('invalid_address') . $address;
+            $error_message = $this->lang('invalid_address') . " (addAnAddress $kind): $address";
             $this->setError($error_message);
             $this->edebug($error_message);
             if ($this->exceptions) {
@@ -900,7 +922,7 @@ class PHPMailer
             return false;
         }
         if (!$this->validateAddress($address)) {
-            $error_message = $this->lang('invalid_address') . $address;
+            $error_message = $this->lang('invalid_address') . " (addAnAddress $kind): $address";
             $this->setError($error_message);
             $this->edebug($error_message);
             if ($this->exceptions) {
@@ -923,6 +945,61 @@ class PHPMailer
         return false;
     }
 
+    /**
+     * Parse and validate a string containing one or more RFC822-style comma-separated email addresses
+     * of the form "display name <address>" into an array of name/address pairs.
+     * Uses the imap_rfc822_parse_adrlist function if the IMAP extension is available.
+     * Note that quotes in the name part are removed.
+     * @param string $addrstr The address list string
+     * @param bool $useimap Whether to use the IMAP extension to parse the list
+     * @return array
+     * @link http://www.andrew.cmu.edu/user/agreen1/testing/mrbs/web/Mail/RFC822.php A more careful implementation
+     */
+    public function parseAddresses($addrstr, $useimap = true)
+    {
+        $addresses = array();
+        if ($useimap and function_exists('imap_rfc822_parse_adrlist')) {
+            //Use this built-in parser if it's available
+            $list = imap_rfc822_parse_adrlist($addrstr, '');
+            foreach ($list as $address) {
+                if ($address->host != '.SYNTAX-ERROR.') {
+                    if ($this->validateAddress($address->mailbox . '@' . $address->host)) {
+                        $addresses[] = array(
+                            'name' => (property_exists($address, 'personal') ? $address->personal : ''),
+                            'address' => $address->mailbox . '@' . $address->host
+                        );
+                    }
+                }
+            }
+        } else {
+            //Use this simpler parser
+            $list = explode(',', $addrstr);
+            foreach ($list as $address) {
+                $address = trim($address);
+                //Is there a separate name part?
+                if (strpos($address, '<') === false) {
+                    //No separate name, just use the whole thing
+                    if ($this->validateAddress($address)) {
+                        $addresses[] = array(
+                            'name' => '',
+                            'address' => $address
+                        );
+                    }
+                } else {
+                    list($name, $email) = explode('<', $address);
+                    $email = trim(str_replace('>', '', $email));
+                    if ($this->validateAddress($email)) {
+                        $addresses[] = array(
+                            'name' => trim(str_replace(array('"', "'"), '', $name)),
+                            'address' => $email
+                        );
+                    }
+                }
+            }
+        }
+        return $addresses;
+    }
+
     /**
      * Set the From and FromName properties.
      * @param string $address
@@ -939,7 +1016,7 @@ class PHPMailer
         if (($pos = strrpos($address, '@')) === false or
             (!$this->has8bitChars(substr($address, ++$pos)) or !$this->idnSupported()) and
             !$this->validateAddress($address)) {
-            $error_message = $this->lang('invalid_address') . $address;
+            $error_message = $this->lang('invalid_address') . " (setFrom) $address";
             $this->setError($error_message);
             $this->edebug($error_message);
             if ($this->exceptions) {
@@ -972,19 +1049,30 @@ class PHPMailer
     /**
      * Check that a string looks like an email address.
      * @param string $address The email address to check
-     * @param string $patternselect A selector for the validation pattern to use :
+     * @param string|callable $patternselect A selector for the validation pattern to use :
      * * `auto` Pick best pattern automatically;
      * * `pcre8` Use the squiloople.com pattern, requires PCRE > 8.0, PHP >= 5.3.2, 5.2.14;
      * * `pcre` Use old PCRE implementation;
      * * `php` Use PHP built-in FILTER_VALIDATE_EMAIL;
      * * `html5` Use the pattern given by the HTML5 spec for 'email' type form input elements.
      * * `noregex` Don't use a regex: super fast, really dumb.
+     * Alternatively you may pass in a callable to inject your own validator, for example:
+     * PHPMailer::validateAddress('user@example.com', function($address) {
+     *     return (strpos($address, '@') !== false);
+     * });
+     * You can also set the PHPMailer::$validator static to a callable, allowing built-in methods to use your validator.
      * @return boolean
      * @static
      * @access public
      */
-    public static function validateAddress($address, $patternselect = 'auto')
+    public static function validateAddress($address, $patternselect = null)
     {
+        if (is_null($patternselect)) {
+            $patternselect = self::$validator;
+        }
+        if (is_callable($patternselect)) {
+            return call_user_func($patternselect, $address);
+        }
         //Reject line breaks in addresses; it's valid RFC5322, but not RFC5321
         if (strpos($address, "\n") !== false or strpos($address, "\r") !== false) {
             return false;
@@ -1161,7 +1249,7 @@ class PHPMailer
                 }
                 $this->$address_kind = $this->punyencodeAddress($this->$address_kind);
                 if (!$this->validateAddress($this->$address_kind)) {
-                    $error_message = $this->lang('invalid_address') . $this->$address_kind;
+                    $error_message = $this->lang('invalid_address') . ' (punyEncode) ' . $this->$address_kind;
                     $this->setError($error_message);
                     $this->edebug($error_message);
                     if ($this->exceptions) {
@@ -1172,7 +1260,7 @@ class PHPMailer
             }
 
             // Set whether the message is multipart/alternative
-            if (!empty($this->AltBody)) {
+            if ($this->alternativeExists()) {
                 $this->ContentType = 'multipart/alternative';
             }
 
@@ -1206,9 +1294,11 @@ class PHPMailer
 
             // Sign with DKIM if enabled
             if (!empty($this->DKIM_domain)
-                && !empty($this->DKIM_private)
                 && !empty($this->DKIM_selector)
-                && file_exists($this->DKIM_private)) {
+                && (!empty($this->DKIM_private_string)
+                   || (!empty($this->DKIM_private) && file_exists($this->DKIM_private))
+                )
+            ) {
                 $header_dkim = $this->DKIM_Add(
                     $this->MIMEHeader . $this->mailHeader,
                     $this->encodeHeader($this->secureHeader($this->Subject)),
@@ -1274,19 +1364,24 @@ class PHPMailer
      */
     protected function sendmailSend($header, $body)
     {
-        if ($this->Sender != '') {
+        // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
+        if (!empty($this->Sender) and self::isShellSafe($this->Sender)) {
             if ($this->Mailer == 'qmail') {
-                $sendmail = sprintf('%s -f%s', escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
+                $sendmailFmt = '%s -f%s';
             } else {
-                $sendmail = sprintf('%s -oi -f%s -t', escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
+                $sendmailFmt = '%s -oi -f%s -t';
             }
         } else {
             if ($this->Mailer == 'qmail') {
-                $sendmail = sprintf('%s', escapeshellcmd($this->Sendmail));
+                $sendmailFmt = '%s';
             } else {
-                $sendmail = sprintf('%s -oi -t', escapeshellcmd($this->Sendmail));
+                $sendmailFmt = '%s -oi -t';
             }
         }
+
+        // TODO: If possible, this should be changed to escapeshellarg.  Needs thorough testing.
+        $sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);
+
         if ($this->SingleTo) {
             foreach ($this->SingleToArray as $toAddr) {
                 if (!@$mail = popen($sendmail, 'w')) {
@@ -1332,6 +1427,40 @@ class PHPMailer
         return true;
     }
 
+    /**
+     * Fix CVE-2016-10033 and CVE-2016-10045 by disallowing potentially unsafe shell characters.
+     *
+     * Note that escapeshellarg and escapeshellcmd are inadequate for our purposes, especially on Windows.
+     * @param string $string The string to be validated
+     * @see https://github.com/PHPMailer/PHPMailer/issues/924 CVE-2016-10045 bug report
+     * @access protected
+     * @return boolean
+     */
+    protected static function isShellSafe($string)
+    {
+        // Future-proof
+        if (escapeshellcmd($string) !== $string
+            or !in_array(escapeshellarg($string), array("'$string'", "\"$string\""))
+        ) {
+            return false;
+        }
+
+        $length = strlen($string);
+
+        for ($i = 0; $i < $length; $i++) {
+            $c = $string[$i];
+
+            // All other characters have a special meaning in at least one common shell, including = and +.
+            // Full stop (.) has a special meaning in cmd.exe, but its impact should be negligible here.
+            // Note that this does permit non-Latin alphanumeric characters based on the current locale.
+            if (!ctype_alnum($c) && strpos('@_-.', $c) === false) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
     /**
      * Send mail using the PHP mail() function.
      * @param string $header The message headers
@@ -1349,17 +1478,20 @@ class PHPMailer
         }
         $to = implode(', ', $toArr);
 
-        if (empty($this->Sender)) {
-            $params = ' ';
-        } else {
-            $params = sprintf('-f%s', $this->Sender);
+        $params = null;
+        //This sets the SMTP envelope sender which gets turned into a return-path header by the receiver
+        if (!empty($this->Sender) and $this->validateAddress($this->Sender)) {
+            // CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
+            if (self::isShellSafe($this->Sender)) {
+                $params = sprintf('-f%s', $this->Sender);
+            }
         }
-        if ($this->Sender != '' and !ini_get('safe_mode')) {
+        if (!empty($this->Sender) and !ini_get('safe_mode') and $this->validateAddress($this->Sender)) {
             $old_from = ini_get('sendmail_from');
             ini_set('sendmail_from', $this->Sender);
         }
         $result = false;
-        if ($this->SingleTo && count($toArr) > 1) {
+        if ($this->SingleTo and count($toArr) > 1) {
             foreach ($toArr as $toAddr) {
                 $result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params);
                 $this->doCallback($result, array($toAddr), $this->cc, $this->bcc, $this->Subject, $body, $this->From);
@@ -1409,10 +1541,10 @@ class PHPMailer
         if (!$this->smtpConnect($this->SMTPOptions)) {
             throw new phpmailerException($this->lang('smtp_connect_failed'), self::STOP_CRITICAL);
         }
-        if ('' == $this->Sender) {
-            $smtp_from = $this->From;
-        } else {
+        if (!empty($this->Sender) and $this->validateAddress($this->Sender)) {
             $smtp_from = $this->Sender;
+        } else {
+            $smtp_from = $this->From;
         }
         if (!$this->smtp->mail($smtp_from)) {
             $this->setError($this->lang('from_failed') . $smtp_from . ' : ' . implode(',', $this->smtp->getError()));
@@ -1466,12 +1598,17 @@ class PHPMailer
      * @throws phpmailerException
      * @return boolean
      */
-    public function smtpConnect($options = array())
+    public function smtpConnect($options = null)
     {
         if (is_null($this->smtp)) {
             $this->smtp = $this->getSMTPInstance();
         }
 
+        //If no options are provided, use whatever is set in the instance
+        if (is_null($options)) {
+            $options = $this->SMTPOptions;
+        }
+
         // Already connected?
         if ($this->smtp->connected()) {
             return true;
@@ -1541,7 +1678,7 @@ class PHPMailer
                         if (!$this->smtp->startTLS()) {
                             throw new phpmailerException($this->lang('connect_host'));
                         }
-                        // We must resend HELO after tls negotiation
+                        // We must resend EHLO after TLS negotiation
                         $this->smtp->hello($hello);
                     }
                     if ($this->SMTPAuth) {
@@ -1580,7 +1717,7 @@ class PHPMailer
      */
     public function smtpClose()
     {
-        if ($this->smtp !== null) {
+        if (is_a($this->smtp, 'SMTP')) {
             if ($this->smtp->connected()) {
                 $this->smtp->quit();
                 $this->smtp->close();
@@ -1599,6 +1736,19 @@ class PHPMailer
      */
     public function setLanguage($langcode = 'en', $lang_path = '')
     {
+        // Backwards compatibility for renamed language codes
+        $renamed_langcodes = array(
+            'br' => 'pt_br',
+            'cz' => 'cs',
+            'dk' => 'da',
+            'no' => 'nb',
+            'se' => 'sv',
+        );
+
+        if (isset($renamed_langcodes[$langcode])) {
+            $langcode = $renamed_langcodes[$langcode];
+        }
+
         // Define full set of translatable strings in English
         $PHPMAILER_LANG = array(
             'authenticate' => 'SMTP Error: Could not authenticate.',
@@ -1625,6 +1775,10 @@ class PHPMailer
             // Calculate an absolute path so it can work if CWD is not here
             $lang_path = dirname(__FILE__). DIRECTORY_SEPARATOR . 'language'. DIRECTORY_SEPARATOR;
         }
+        //Validate $langcode
+        if (!preg_match('/^[a-z]{2}(?:_[a-zA-Z]{2})?$/', $langcode)) {
+            $langcode = 'en';
+        }
         $foundlang = true;
         $lang_file = $lang_path . 'phpmailer.lang-' . $langcode . '.php';
         // There is no English translation file
@@ -1918,7 +2072,9 @@ class PHPMailer
             $result .= $this->headerLine('Subject', $this->encodeHeader($this->secureHeader($this->Subject)));
         }
 
-        if ($this->MessageID != '') {
+        // Only allow a custom message ID if it conforms to RFC 5322 section 3.6.4
+        // https://tools.ietf.org/html/rfc5322#section-3.6.4
+        if ('' != $this->MessageID and preg_match('/^<.*@.*>$/', $this->MessageID)) {
             $this->lastMessageID = $this->MessageID;
         } else {
             $this->lastMessageID = sprintf('<%s@%s>', $this->uniqueid, $this->serverHostname());
@@ -2020,7 +2176,15 @@ class PHPMailer
      */
     public function getSentMIMEMessage()
     {
-        return $this->MIMEHeader . $this->mailHeader . self::CRLF . $this->MIMEBody;
+        return rtrim($this->MIMEHeader . $this->mailHeader, "\n\r") . self::CRLF . self::CRLF . $this->MIMEBody;
+    }
+
+    /**
+     * Create unique ID
+     * @return string
+     */
+    protected function generateId() {
+        return md5(uniqid(time()));
     }
 
     /**
@@ -2034,7 +2198,7 @@ class PHPMailer
     {
         $body = '';
         //Create unique IDs and preset boundaries
-        $this->uniqueid = md5(uniqid(time()));
+        $this->uniqueid = $this->generateId();
         $this->boundary[1] = 'b1_' . $this->uniqueid;
         $this->boundary[2] = 'b2_' . $this->uniqueid;
         $this->boundary[3] = 'b3_' . $this->uniqueid;
@@ -2050,11 +2214,12 @@ class PHPMailer
         //Can we do a 7-bit downgrade?
         if ($bodyEncoding == '8bit' and !$this->has8bitChars($this->Body)) {
             $bodyEncoding = '7bit';
+            //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit
             $bodyCharSet = 'us-ascii';
         }
-        //If lines are too long, change to quoted-printable transfer encoding
-        if (self::hasLineLongerThanMax($this->Body)) {
-            $this->Encoding = 'quoted-printable';
+        //If lines are too long, and we're not already using an encoding that will shorten them,
+        //change to quoted-printable transfer encoding for the body part only
+        if ('base64' != $this->Encoding and self::hasLineLongerThanMax($this->Body)) {
             $bodyEncoding = 'quoted-printable';
         }
 
@@ -2063,10 +2228,12 @@ class PHPMailer
         //Can we do a 7-bit downgrade?
         if ($altBodyEncoding == '8bit' and !$this->has8bitChars($this->AltBody)) {
             $altBodyEncoding = '7bit';
+            //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit
             $altBodyCharSet = 'us-ascii';
         }
-        //If lines are too long, change to quoted-printable transfer encoding
-        if (self::hasLineLongerThanMax($this->AltBody)) {
+        //If lines are too long, and we're not already using an encoding that will shorten them,
+        //change to quoted-printable transfer encoding for the alt body part only
+        if ('base64' != $altBodyEncoding and self::hasLineLongerThanMax($this->AltBody)) {
             $altBodyEncoding = 'quoted-printable';
         }
         //Use this as a preamble in all multipart message types
@@ -2169,8 +2336,10 @@ class PHPMailer
                 $body .= $this->attachAll('attachment', $this->boundary[1]);
                 break;
             default:
-                // catch case 'plain' and case ''
-                $body .= $this->encodeString($this->Body, $bodyEncoding);
+                // Catch case 'plain' and case '', applies to simple `text/plain` and `text/html` body content types
+                //Reset the `Encoding` property in case we changed it for line length reasons
+                $this->Encoding = $bodyEncoding;
+                $body .= $this->encodeString($this->Body, $this->Encoding);
                 break;
         }
 
@@ -2276,8 +2445,7 @@ class PHPMailer
 
     /**
      * Set the message type.
-     * PHPMailer only supports some preset message types,
-     * not arbitrary MIME structures.
+     * PHPMailer only supports some preset message types, not arbitrary MIME structures.
      * @access protected
      * @return void
      */
@@ -2295,6 +2463,7 @@ class PHPMailer
         }
         $this->message_type = implode('_', $type);
         if ($this->message_type == '') {
+            //The 'plain' message_type refers to the message having a single body element, not that it is plain-text
             $this->message_type = 'plain';
         }
     }
@@ -2324,6 +2493,7 @@ class PHPMailer
 
     /**
      * Add an attachment from a path on the filesystem.
+     * Never use a user-supplied path to a file!
      * Returns false if the file could not be found or read.
      * @param string $path Path to the attachment.
      * @param string $name Overrides the attachment name.
@@ -2849,6 +3019,7 @@ class PHPMailer
      * displayed inline with the message, not just attached for download.
      * This is used in HTML messages that embed the images
      * the HTML refers to using the $cid value.
+     * Never use a user-supplied path to a file!
      * @param string $path Path to the attachment.
      * @param string $cid Content ID of the attachment; Use this to reference
      *        the content when using an embedded image in HTML.
@@ -3209,21 +3380,29 @@ class PHPMailer
     }
 
     /**
-     * Create a message from an HTML string.
-     * Automatically makes modifications for inline images and backgrounds
-     * and creates a plain-text version by converting the HTML.
-     * Overwrites any existing values in $this->Body and $this->AltBody
+     * Create a message body from an HTML string.
+     * Automatically inlines images and creates a plain-text version by converting the HTML,
+     * overwriting any existing values in Body and AltBody.
+     * Do not source $message content from user input!
+     * $basedir is prepended when handling relative URLs, e.g. <img src="/images/a.png"> and must not be empty
+     * will look for an image file in $basedir/images/a.png and convert it to inline.
+     * If you don't provide a $basedir, relative paths will be left untouched (and thus probably break in email)
+     * If you don't want to apply these transformations to your HTML, just set Body and AltBody directly.
      * @access public
      * @param string $message HTML message string
-     * @param string $basedir baseline directory for path
+     * @param string $basedir Absolute path to a base directory to prepend to relative paths to images
      * @param boolean|callable $advanced Whether to use the internal HTML to text converter
      *    or your own custom converter @see PHPMailer::html2text()
-     * @return string $message
+     * @return string $message The transformed message Body
      */
     public function msgHTML($message, $basedir = '', $advanced = false)
     {
         preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message, $images);
         if (array_key_exists(2, $images)) {
+            if (strlen($basedir) > 1 && substr($basedir, -1) != '/') {
+                // Ensure $basedir has a trailing /
+                $basedir .= '/';
+            }
             foreach ($images[2] as $imgindex => $url) {
                 // Convert data URIs into embedded images
                 if (preg_match('#^data:(image[^;,]*)(;base64)?,#', $url, $match)) {
@@ -3241,18 +3420,24 @@ class PHPMailer
                             $message
                         );
                     }
-                } elseif (substr($url, 0, 4) !== 'cid:' && !preg_match('#^[A-z]+://#', $url)) {
-                    // Do not change urls for absolute images (thanks to corvuscorax)
+                    continue;
+                }
+                if (
+                    // Only process relative URLs if a basedir is provided (i.e. no absolute local paths)
+                    !empty($basedir)
+                    // Ignore URLs containing parent dir traversal (..)
+                    && (strpos($url, '..') === false)
                     // Do not change urls that are already inline images
+                    && substr($url, 0, 4) !== 'cid:'
+                    // Do not change absolute URLs, including anonymous protocol
+                    && !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url)
+                ) {
                     $filename = basename($url);
                     $directory = dirname($url);
                     if ($directory == '.') {
                         $directory = '';
                     }
                     $cid = md5($url) . '@phpmailer.0'; // RFC2392 S 2
-                    if (strlen($basedir) > 1 && substr($basedir, -1) != '/') {
-                        $basedir .= '/';
-                    }
                     if (strlen($directory) > 1 && substr($directory, -1) != '/') {
                         $directory .= '/';
                     }
@@ -3277,7 +3462,7 @@ class PHPMailer
         // Convert all message body line breaks to CRLF, makes quoted-printable encoding work much better
         $this->Body = $this->normalizeBreaks($message);
         $this->AltBody = $this->normalizeBreaks($this->html2text($message, $advanced));
-        if (empty($this->AltBody)) {
+        if (!$this->alternativeExists()) {
             $this->AltBody = 'To view this email message, open it in a program that understands HTML!' .
                 self::CRLF . self::CRLF;
         }
@@ -3288,7 +3473,7 @@ class PHPMailer
      * Convert an HTML string into plain text.
      * This is used by msgHTML().
      * Note - older versions of this function used a bundled advanced converter
-     * which was been removed for license reasons in #232
+     * which was been removed for license reasons in #232.
      * Example usage:
      * <code>
      * // Use default conversion
@@ -3588,7 +3773,7 @@ class PHPMailer
      * @access public
      * @param string $signHeader
      * @throws phpmailerException
-     * @return string
+     * @return string The DKIM signature value
      */
     public function DKIM_Sign($signHeader)
     {
@@ -3598,15 +3783,35 @@ class PHPMailer
             }
             return '';
         }
-        $privKeyStr = file_get_contents($this->DKIM_private);
-        if ($this->DKIM_passphrase != '') {
+        $privKeyStr = !empty($this->DKIM_private_string) ? $this->DKIM_private_string : file_get_contents($this->DKIM_private);
+        if ('' != $this->DKIM_passphrase) {
             $privKey = openssl_pkey_get_private($privKeyStr, $this->DKIM_passphrase);
         } else {
-            $privKey = $privKeyStr;
+            $privKey = openssl_pkey_get_private($privKeyStr);
         }
-        if (openssl_sign($signHeader, $signature, $privKey)) {
-            return base64_encode($signature);
+        //Workaround for missing digest algorithms in old PHP & OpenSSL versions
+        //@link http://stackoverflow.com/a/11117338/333340
+        if (version_compare(PHP_VERSION, '5.3.0') >= 0 and
+            in_array('sha256WithRSAEncryption', openssl_get_md_methods(true))) {
+            if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) {
+                openssl_pkey_free($privKey);
+                return base64_encode($signature);
+            }
+        } else {
+            $pinfo = openssl_pkey_get_details($privKey);
+            $hash = hash('sha256', $signHeader);
+            //'Magic' constant for SHA256 from RFC3447
+            //@link https://tools.ietf.org/html/rfc3447#page-43
+            $t = '3031300d060960864801650304020105000420' . $hash;
+            $pslen = $pinfo['bits'] / 8 - (strlen($t) / 2 + 3);
+            $eb = pack('H*', '0001' . str_repeat('FF', $pslen) . '00' . $t);
+
+            if (openssl_private_encrypt($eb, $signature, $privKey, OPENSSL_NO_PADDING)) {
+                openssl_pkey_free($privKey);
+                return base64_encode($signature);
+            }
         }
+        openssl_pkey_free($privKey);
         return '';
     }
 
@@ -3623,7 +3828,7 @@ class PHPMailer
         foreach ($lines as $key => $line) {
             list($heading, $value) = explode(':', $line, 2);
             $heading = strtolower($heading);
-            $value = preg_replace('/\s+/', ' ', $value); // Compress useless spaces
+            $value = preg_replace('/\s{2,}/', ' ', $value); // Compress useless spaces
             $lines[$key] = $heading . ':' . trim($value); // Don't forget to remove WSP around the value
         }
         $signHeader = implode("\r\n", $lines);
@@ -3661,7 +3866,7 @@ class PHPMailer
      */
     public function DKIM_Add($headers_line, $subject, $body)
     {
-        $DKIMsignatureType = 'rsa-sha1'; // Signature & hash algorithms
+        $DKIMsignatureType = 'rsa-sha256'; // Signature & hash algorithms
         $DKIMcanonicalization = 'relaxed/simple'; // Canonicalization of header/body
         $DKIMquery = 'dns/txt'; // Query method
         $DKIMtime = time(); // Signature Timestamp = seconds since 00:00:00 - Jan 1, 1970 (UTC time zone)
@@ -3669,6 +3874,7 @@ class PHPMailer
         $headers = explode($this->LE, $headers_line);
         $from_header = '';
         $to_header = '';
+        $date_header = '';
         $current = '';
         foreach ($headers as $header) {
             if (strpos($header, 'From:') === 0) {
@@ -3677,6 +3883,9 @@ class PHPMailer
             } elseif (strpos($header, 'To:') === 0) {
                 $to_header = $header;
                 $current = 'to_header';
+            } elseif (strpos($header, 'Date:') === 0) {
+                $date_header = $header;
+                $current = 'date_header';
             } else {
                 if (!empty($$current) && strpos($header, ' =?') === 0) {
                     $$current .= $header;
@@ -3687,6 +3896,7 @@ class PHPMailer
         }
         $from = str_replace('|', '=7C', $this->DKIM_QP($from_header));
         $to = str_replace('|', '=7C', $this->DKIM_QP($to_header));
+        $date = str_replace('|', '=7C', $this->DKIM_QP($date_header));
         $subject = str_replace(
             '|',
             '=7C',
@@ -3694,7 +3904,7 @@ class PHPMailer
         ); // Copied header fields (dkim-quoted-printable)
         $body = $this->DKIM_BodyC($body);
         $DKIMlen = strlen($body); // Length of body
-        $DKIMb64 = base64_encode(pack('H*', sha1($body))); // Base64 of packed binary SHA-1 hash of body
+        $DKIMb64 = base64_encode(pack('H*', hash('sha256', $body))); // Base64 of packed binary SHA-256 hash of body
         if ('' == $this->DKIM_identity) {
             $ident = '';
         } else {
@@ -3707,16 +3917,18 @@ class PHPMailer
             $this->DKIM_selector .
             ";\r\n" .
             "\tt=" . $DKIMtime . '; c=' . $DKIMcanonicalization . ";\r\n" .
-            "\th=From:To:Subject;\r\n" .
+            "\th=From:To:Date:Subject;\r\n" .
             "\td=" . $this->DKIM_domain . ';' . $ident . "\r\n" .
             "\tz=$from\r\n" .
             "\t|$to\r\n" .
+            "\t|$date\r\n" .
             "\t|$subject;\r\n" .
             "\tbh=" . $DKIMb64 . ";\r\n" .
             "\tb=";
         $toSign = $this->DKIM_HeaderC(
             $from_header . "\r\n" .
             $to_header . "\r\n" .
+            $date_header . "\r\n" .
             $subject_header . "\r\n" .
             $dkimhdrs
         );

wp-includes/class-smtp.php

@@ -30,7 +30,7 @@ class SMTP
      * The PHPMailer SMTP version number.
      * @var string
      */
-    const VERSION = '5.2.14';
+    const VERSION = '5.2.22';
 
     /**
      * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
      * @deprecated Use the `VERSION` constant instead
      * @see SMTP::VERSION
      */
-    public $Version = '5.2.14';
+    public $Version = '5.2.22';
 
     /**
      * SMTP server port number.
@@ -150,6 +150,17 @@ class SMTP
      */
     public $Timelimit = 300;
 
+	/**
+	 * @var array patterns to extract smtp transaction id from smtp reply
+	 * Only first capture group will be use, use non-capturing group to deal with it
+	 * Extend this class to override this property to fulfil your needs.
+	 */
+	protected $smtp_transaction_id_patterns = array(
+		'exim' => '/[0-9]{3} OK id=(.*)/',
+		'sendmail' => '/[0-9]{3} 2.0.0 (.*) Message/',
+		'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/'
+	);
+
     /**
      * The socket for the server connection.
      * @var resource
@@ -206,7 +217,7 @@ class SMTP
         }
         //Avoid clash with built-in function names
         if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) {
-            call_user_func($this->Debugoutput, $str, $this->do_debug);
+            call_user_func($this->Debugoutput, $str, $level);
             return;
         }
         switch ($this->Debugoutput) {
@@ -272,8 +283,8 @@ class SMTP
         $errstr = '';
         if ($streamok) {
             $socket_context = stream_context_create($options);
-            //Suppress errors; connection failures are handled at a higher level
-            $this->smtp_conn = @stream_socket_client(
+            set_error_handler(array($this, 'errorHandler'));
+            $this->smtp_conn = stream_socket_client(
                 $host . ":" . $port,
                 $errno,
                 $errstr,
@@ -281,12 +292,14 @@ class SMTP
                 STREAM_CLIENT_CONNECT,
                 $socket_context
             );
+            restore_error_handler();
         } else {
             //Fall back to fsockopen which should work in more places, but is missing some features
             $this->edebug(
                 "Connection: stream_socket_client not available, falling back to fsockopen",
                 self::DEBUG_CONNECTION
             );
+            set_error_handler(array($this, 'errorHandler'));
             $this->smtp_conn = fsockopen(
                 $host,
                 $port,
@@ -294,6 +307,7 @@ class SMTP
                 $errstr,
                 $timeout
             );
+            restore_error_handler();
         }
         // Verify we connected properly
         if (!is_resource($this->smtp_conn)) {
@@ -336,11 +350,22 @@ class SMTP
         if (!$this->sendCommand('STARTTLS', 'STARTTLS', 220)) {
             return false;
         }
+
+        //Allow the best TLS version(s) we can
+        $crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
+
+        //PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT
+        //so add them back in manually if we can
+        if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
+            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
+            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
+        }
+
         // Begin encrypted connection
         if (!stream_socket_enable_crypto(
             $this->smtp_conn,
             true,
-            STREAM_CRYPTO_METHOD_TLS_CLIENT
+            $crypto_method
         )) {
             return false;
         }
@@ -353,7 +378,7 @@ class SMTP
      * @see hello()
      * @param string $username The user name
      * @param string $password The password
-     * @param string $authtype The auth type (PLAIN, LOGIN, NTLM, CRAM-MD5, XOAUTH2)
+     * @param string $authtype The auth type (PLAIN, LOGIN, CRAM-MD5)
      * @param string $realm The auth realm for NTLM
      * @param string $workstation The auth workstation for NTLM
      * @param null|OAuth $OAuth An optional OAuth instance (@see PHPMailerOAuth)
@@ -389,7 +414,7 @@ class SMTP
             );
 
             if (empty($authtype)) {
-                foreach (array('LOGIN', 'CRAM-MD5', 'PLAIN') as $method) {
+                foreach (array('CRAM-MD5', 'LOGIN', 'PLAIN') as $method) {
                     if (in_array($method, $this->server_caps['AUTH'])) {
                         $authtype = $method;
                         break;
@@ -673,7 +698,7 @@ class SMTP
     protected function parseHelloFields($type)
     {
         $this->server_caps = array();
-        $lines = explode("\n", $this->last_reply);
+        $lines = explode("\n", $this->helo_rply);
 
         foreach ($lines as $n => $s) {
             //First 4 chars contain response code followed by - or space
@@ -1115,4 +1140,47 @@ class SMTP
     {
         return $this->Timeout;
     }
+
+    /**
+     * Reports an error number and string.
+     * @param integer $errno The error number returned by PHP.
+     * @param string $errmsg The error message returned by PHP.
+     */
+    protected function errorHandler($errno, $errmsg)
+    {
+        $notice = 'Connection: Failed to connect to server.';
+        $this->setError(
+            $notice,
+            $errno,
+            $errmsg
+        );
+        $this->edebug(
+            $notice . ' Error number ' . $errno . '. "Error notice: ' . $errmsg,
+            self::DEBUG_CONNECTION
+        );
+    }
+
+	/**
+	 * Will return the ID of the last smtp transaction based on a list of patterns provided
+	 * in SMTP::$smtp_transaction_id_patterns.
+	 * If no reply has been received yet, it will return null.
+	 * If no pattern has been matched, it will return false.
+	 * @return bool|null|string
+	 */
+	public function getLastTransactionID()
+	{
+		$reply = $this->getLastReply();
+
+		if (empty($reply)) {
+			return null;
+		}
+
+		foreach($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
+			if(preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
+				return $matches[1];
+			}
+		}
+
+		return false;
+    }
 }

wp-includes/class-wp-customize-manager.php

@@ -386,13 +386,31 @@ final class WP_Customize_Manager {
 
 		show_admin_bar( false );
 
+		/*
+		 * Clear incoming post data if the user lacks a CSRF token (nonce). Note that the customizer
+		 * application will inject the customize_preview_nonce query parameter into all Ajax requests.
+		 * For similar behavior elsewhere in WordPress, see rest_cookie_check_errors() which logs out
+		 * a user when a valid nonce isn't present.
+		 */
+		$has_post_data_nonce = (
+			check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'nonce', false )
+			||
+			check_ajax_referer( 'save-customize_' . $this->get_stylesheet(), 'nonce', false )
+			||
+			check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'customize_preview_nonce', false )
+		);
+		if ( ! $has_post_data_nonce ) {
+			unset( $_POST['customized'] );
+			unset( $_REQUEST['customized'] );
+		}
+
 		if ( ! current_user_can( 'customize' ) ) {
 			$this->wp_die( -1, __( 'You are not allowed to customize the appearance of this site.' ) );
 		}
 
 		$this->original_stylesheet = get_stylesheet();
 
-		$this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null );
+		$this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) && 0 === validate_file( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null );
 
 		if ( $this->is_theme_active() ) {
 			// Once the theme is loaded, we'll validate it.
@@ -1542,6 +1560,7 @@ final class WP_Customize_Manager {
 	 * @param string $preview_url URL to be previewed.
 	 */
 	public function set_preview_url( $preview_url ) {
+		$preview_url = esc_url_raw( $preview_url );
 		$this->preview_url = wp_validate_redirect( $preview_url, home_url( '/' ) );
 	}
 
@@ -1573,6 +1592,7 @@ final class WP_Customize_Manager {
 	 * @param string $return_url URL for return link.
 	 */
 	public function set_return_url( $return_url ) {
+		$return_url = esc_url_raw( $return_url );
 		$return_url = remove_query_arg( wp_removable_query_args(), $return_url );
 		$return_url = wp_validate_redirect( $return_url );
 		$this->return_url = $return_url;

wp-includes/class-wp-customize-widgets.php

@@ -1061,7 +1061,7 @@ final class WP_Customize_Widgets {
 	 * @return array
 	 */
 	public function preview_sidebars_widgets( $sidebars_widgets ) {
-		$sidebars_widgets = get_option( 'sidebars_widgets' );
+		$sidebars_widgets = get_option( 'sidebars_widgets', array() );
 
 		unset( $sidebars_widgets['array_version'] );
 		return $sidebars_widgets;

wp-includes/class-wp-image-editor-imagick.php

@@ -376,8 +376,8 @@ class WP_Image_Editor_Imagick extends WP_Image_Editor {
 			 */
 			if ( is_callable( array( $this->image, 'getImageAlphaChannel' ) )
 				&& is_callable( array( $this->image, 'setImageAlphaChannel' ) )
-				&& defined( Imagick::ALPHACHANNEL_UNDEFINED )
-				&& defined( Imagick::ALPHACHANNEL_OPAQUE )
+				&& defined( 'Imagick::ALPHACHANNEL_UNDEFINED' )
+				&& defined( 'Imagick::ALPHACHANNEL_OPAQUE' )
 			) {
 				if ( $this->image->getImageAlphaChannel() === Imagick::ALPHACHANNEL_UNDEFINED ) {
 					$this->image->setImageAlphaChannel( Imagick::ALPHACHANNEL_OPAQUE );

wp-includes/class-wp-theme.php

@@ -718,8 +718,9 @@ final class WP_Theme implements ArrayAccess {
 	private function markup_header( $header, $value, $translate ) {
 		switch ( $header ) {
 			case 'Name' :
-				if ( empty( $value ) )
-					$value = $this->get_stylesheet();
+				if ( empty( $value ) ) {
+					$value = esc_html( $this->get_stylesheet() );
+				}
 				break;
 			case 'Description' :
 				$value = wptexturize( $value );

wp-includes/class-wp-xmlrpc-server.php

@@ -382,6 +382,11 @@ class wp_xmlrpc_server extends IXR_Server {
 			if ( isset($meta['id']) ) {
 				$meta['id'] = (int) $meta['id'];
 				$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
+
+				if ( ! $pmeta || $pmeta->post_id != $post_id ) {
+					continue;
+				}
+
 				if ( isset($meta['key']) ) {
 					$meta['key'] = wp_unslash( $meta['key'] );
 					if ( $meta['key'] !== $pmeta->meta_key )
@@ -1292,10 +1297,31 @@ class wp_xmlrpc_server extends IXR_Server {
 	 * @return IXR_Error|string
 	 */
 	protected function _insert_post( $user, $content_struct ) {
-		$defaults = array( 'post_status' => 'draft', 'post_type' => 'post', 'post_author' => 0,
-			'post_password' => '', 'post_excerpt' => '', 'post_content' => '', 'post_title' => '' );
+		$defaults = array(
+			'post_status'    => 'draft',
+			'post_type'      => 'post',
+			'post_author'    => null,
+			'post_password'  => null,
+			'post_excerpt'   => null,
+			'post_content'   => null,
+			'post_title'     => null,
+			'post_date'      => null,
+			'post_date_gmt'  => null,
+			'post_format'    => null,
+			'post_name'      => null,
+			'post_thumbnail' => null,
+			'post_parent'    => null,
+			'ping_status'    => null,
+			'comment_status' => null,
+			'custom_fields'  => null,
+			'terms_names'    => null,
+			'terms'          => null,
+			'sticky'         => null,
+			'enclosure'      => null,
+			'ID'             => null,
+		);
 
-		$post_data = wp_parse_args( $content_struct, $defaults );
+		$post_data = wp_parse_args( array_intersect_key( $content_struct, $defaults ), $defaults );
 
 		$post_type = get_post_type_object( $post_data['post_type'] );
 		if ( ! $post_type )
@@ -1485,9 +1511,6 @@ class wp_xmlrpc_server extends IXR_Server {
 
 			$post_data['tax_input'] = $terms;
 			unset( $post_data['terms'], $post_data['terms_names'] );
-		} else {
-			// Do not allow direct submission of 'tax_input', clients must use 'terms' and/or 'terms_names'.
-			unset( $post_data['tax_input'], $post_data['post_category'], $post_data['tags_input'] );
 		}
 
 		if ( isset( $post_data['post_format'] ) ) {

wp-includes/class-wp.php

@@ -15,7 +15,7 @@ class WP {
 	 * @access public
 	 * @var array
 	 */
-	public $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
+	public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
 
 	/**
 	 * Private query variables.
@@ -301,6 +301,8 @@ class WP {
 		foreach ( $this->public_query_vars as $wpvar ) {
 			if ( isset( $this->extra_query_vars[$wpvar] ) )
 				$this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar];
+			elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] ) && $_GET[ $wpvar ] !== $_POST[ $wpvar ] )
+				wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
 			elseif ( isset( $_POST[$wpvar] ) )
 				$this->query_vars[$wpvar] = $_POST[$wpvar];
 			elseif ( isset( $_GET[$wpvar] ) )

wp-includes/comment.php

@@ -2867,6 +2867,8 @@ function wp_handle_comment_submission( $comment_data ) {
 			) {
 				kses_remove_filters(); // start with a clean slate
 				kses_init_filters(); // set up the filters
+				remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+				add_filter( 'pre_comment_content', 'wp_filter_kses' );
 			}
 		}
 	} else {

wp-includes/customize/class-wp-customize-media-control.php

@@ -214,7 +214,7 @@ class WP_Customize_Media_Control extends WP_Customize_Control {
 			</div>
 			<div class="actions">
 				<# if ( data.defaultAttachment ) { #>
-					<button type="button" class="button default-button">{{ data.button_labels.default }}</button>
+					<button type="button" class="button default-button">{{ data.button_labels['default'] }}</button>
 				<# } #>
 				<# if ( data.canUpload ) { #>
 				<button type="button" class="button upload-button" id="{{ data.settings['default'] }}-button">{{ data.button_labels.select }}</button>

wp-includes/customize/class-wp-customize-site-icon-control.php

@@ -60,6 +60,7 @@ class WP_Customize_Site_Icon_Control extends WP_Customize_Cropped_Image_Control
 		</label>
 
 		<# if ( data.attachment && data.attachment.id ) { #>
+		<# if ( data.attachment.sizes ) { #>
 		<div class="current">
 			<div class="container">
 				<div class="site-icon-preview">
@@ -75,6 +76,7 @@ class WP_Customize_Site_Icon_Control extends WP_Customize_Cropped_Image_Control
 				</div>
 			</div>
 		</div>
+		<# } #>
 		<div class="actions">
 			<# if ( data.canUpload ) { #>
 				<button type="button" class="button remove-button"><?php echo $this->button_labels['remove']; ?></button>

wp-includes/default-filters.php

@@ -476,5 +476,6 @@ add_filter( 'the_excerpt_embed',      'wp_embed_excerpt_attachment'           );
 
 add_filter( 'oembed_dataparse',       'wp_filter_oembed_result',        10, 3 );
 add_filter( 'oembed_response_data',   'get_oembed_response_data_rich',  10, 4 );
+add_filter( 'pre_oembed_result',      'wp_filter_pre_oembed_result',    10, 3 );
 
 unset( $filter, $action );

wp-includes/embed.php

@@ -251,7 +251,7 @@ function wp_embed_handler_googlevideo( $matches, $attr, $url, $rawattr ) {
  */
 function wp_embed_handler_youtube( $matches, $attr, $url, $rawattr ) {
 	global $wp_embed;
-	$embed = $wp_embed->autoembed( "https://youtube.com/watch?v={$matches[2]}" );
+	$embed = $wp_embed->autoembed( sprintf( "https://youtube.com/watch?v=%s", urlencode( $matches[2] ) ) );
 
 	/**
 	 * Filter the YoutTube embed output.
@@ -782,24 +782,30 @@ function wp_filter_oembed_result( $result, $data, $url ) {
 	}
 	$html = $content[1] . $content[2];
 
+	preg_match( '/ src=([\'"])(.*?)\1/', $html, $results );
+
+	if ( ! empty( $results ) ) {
+		$secret = wp_generate_password( 10, false );
+
+		$url = esc_url( "{$results[2]}#?secret=$secret" );
+		$q = $results[1];
+
+		$html = str_replace( $results[0], ' src=' . $q . $url . $q . ' data-secret=' . $q . $secret . $q, $html );
+		$html = str_replace( '<blockquote', "<blockquote data-secret=\"$secret\"", $html );
+	}
+
+	$allowed_html['blockquote']['data-secret'] = true;
+	$allowed_html['iframe']['data-secret'] = true;
+
+	$html = wp_kses( $html, $allowed_html );
+
 	if ( ! empty( $content[1] ) ) {
 		// We have a blockquote to fall back on. Hide the iframe by default.
 		$html = str_replace( '<iframe', '<iframe style="position: absolute; clip: rect(1px, 1px, 1px, 1px);"', $html );
 		$html = str_replace( '<blockquote', '<blockquote class="wp-embedded-content"', $html );
 	}
 
-	$html = str_replace( '<iframe', '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"', $html );
-
-	preg_match( '/ src=[\'"]([^\'"]*)[\'"]/', $html, $results );
-
-	if ( ! empty( $results ) ) {
-		$secret = wp_generate_password( 10, false );
-
-		$url = esc_url( "{$results[1]}#?secret=$secret" );
-
-		$html = str_replace( $results[0], " src=\"$url\" data-secret=\"$secret\"", $html );
-		$html = str_replace( '<blockquote', "<blockquote data-secret=\"$secret\"", $html );
-	}
+	$html = str_ireplace( '<iframe', '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"', $html );
 
 	return $html;
 }
@@ -1079,3 +1085,39 @@ function the_embed_site_title() {
 	 */
 	echo apply_filters( 'embed_site_title_html', $site_title );
 }
+
+/**
+ * Filters the oEmbed result before any HTTP requests are made.
+ *
+ * If the URL belongs to the current site, the result is fetched directly instead of
+ * going through the oEmbed discovery process.
+ *
+ * @since 4.5.3
+ *
+ * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. Default null.
+ * @param string      $url    The URL that should be inspected for discovery `<link>` tags.
+ * @param array       $args   oEmbed remote get arguments.
+ * @return null|string The UNSANITIZED (and potentially unsafe) HTML that should be used to embed.
+ *                     Null if the URL does not belong to the current site.
+ */
+function wp_filter_pre_oembed_result( $result, $url, $args ) {
+	$post_id = url_to_postid( $url );
+
+	/** This filter is documented in wp-includes/class-wp-oembed-controller.php */
+	$post_id = apply_filters( 'oembed_request_post_id', $post_id, $url );
+
+	if ( ! $post_id ) {
+		return $result;
+	}
+
+	$width = isset( $args['width'] ) ? $args['width'] : 0;
+
+	$data = get_oembed_response_data( $post_id, $width );
+	$data = _wp_oembed_get_object()->data2html( (object) $data, $url );
+
+	if ( ! $data ) {
+		return $result;
+	}
+
+	return $data;
+}