Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
21e34a51aa | ||
|
49a67fb33a | ||
|
ac5688a26a | ||
|
|
cd612932d6 | ||
|
33a77cca49 | ||
|
|
04e120a593 | ||
|
|
b2191ff30c |
@@ -42,6 +42,26 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
|
||||
<div class="about__section changelog">
|
||||
<div class="column">
|
||||
<h2><?php _e( 'Maintenance and Security Releases' ); ?></h2>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: WordPress version number. */
|
||||
__( '<strong>Version %s</strong> addressed some security issues.' ),
|
||||
'5.9.6'
|
||||
);
|
||||
?>
|
||||
<?php
|
||||
printf(
|
||||
/* translators: %s: HelpHub URL. */
|
||||
__( 'For more information, see <a href="%s">the release notes</a>.' ),
|
||||
sprintf(
|
||||
/* translators: %s: WordPress version. */
|
||||
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
||||
sanitize_title( '5.9.6' )
|
||||
)
|
||||
);
|
||||
?>
|
||||
</p>
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
@@ -475,3 +495,9 @@ __( 'Important! Your version of WordPress (%1$s) is no longer supported, you wil
|
||||
|
||||
/* translators: 1: WordPress version number, 2: Link to update WordPress */
|
||||
__( 'Important! Your version of WordPress (%1$s) will stop receiving security updates in the near future. To keep your site secure, please <a href="%2$s">update to the latest version of WordPress</a>.' );
|
||||
|
||||
/* translators: %s: The major version of WordPress for this branch. */
|
||||
__( 'This is the final release of WordPress %s' );
|
||||
|
||||
/* translators: The localized WordPress download URL. */
|
||||
__( 'https://wordpress.org/download/' );
|
||||
|
||||
@@ -2732,6 +2732,10 @@ function wp_ajax_set_attachment_thumbnail() {
|
||||
wp_send_json_error();
|
||||
}
|
||||
|
||||
if ( false === check_ajax_referer( 'set-attachment-thumbnail', '_ajax_nonce', false ) ) {
|
||||
wp_send_json_error();
|
||||
}
|
||||
|
||||
$post_ids = array();
|
||||
// For each URL, try to find its corresponding post ID.
|
||||
foreach ( $_POST['urls'] as $url ) {
|
||||
|
||||
@@ -240,9 +240,7 @@ function get_the_block_template_html() {
|
||||
$content = do_blocks( $content );
|
||||
$content = wptexturize( $content );
|
||||
$content = convert_smilies( $content );
|
||||
$content = shortcode_unautop( $content );
|
||||
$content = wp_filter_content_tags( $content );
|
||||
$content = do_shortcode( $content );
|
||||
$content = str_replace( ']]>', ']]>', $content );
|
||||
|
||||
// Wrap block template in .wp-site-blocks to allow for specific descendant styles
|
||||
|
||||
@@ -628,6 +628,10 @@ function serialize_blocks( $blocks ) {
|
||||
function filter_block_content( $text, $allowed_html = 'post', $allowed_protocols = array() ) {
|
||||
$result = '';
|
||||
|
||||
if ( false !== strpos( $text, '<!--' ) && false !== strpos( $text, '--->' ) ) {
|
||||
$text = preg_replace_callback( '%<!--(.*?)--->%', '_filter_block_content_callback', $text );
|
||||
}
|
||||
|
||||
$blocks = parse_blocks( $text );
|
||||
foreach ( $blocks as $block ) {
|
||||
$block = filter_block_kses( $block, $allowed_html, $allowed_protocols );
|
||||
@@ -637,6 +641,19 @@ function filter_block_content( $text, $allowed_html = 'post', $allowed_protocols
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Callback used for regular expression replacement in filter_block_content().
|
||||
*
|
||||
* @private
|
||||
* @since 6.2.1
|
||||
*
|
||||
* @param array $matches Array of preg_replace_callback matches.
|
||||
* @return string Replacement string.
|
||||
*/
|
||||
function _filter_block_content_callback( $matches ) {
|
||||
return '<!--' . rtrim( $matches[1], '-' ) . '-->';
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters and sanitizes a parsed block to remove non-allowable HTML from block
|
||||
* attribute values.
|
||||
|
||||
@@ -2408,6 +2408,29 @@ function sanitize_html_class( $class, $fallback = '' ) {
|
||||
return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback );
|
||||
}
|
||||
|
||||
/**
|
||||
* Strips out all characters not allowed in a locale name.
|
||||
*
|
||||
* @since 6.2.1
|
||||
*
|
||||
* @param string $locale_name The locale name to be sanitized.
|
||||
* @return string The sanitized value.
|
||||
*/
|
||||
function sanitize_locale_name( $locale_name ) {
|
||||
// Limit to A-Z, a-z, 0-9, '_', '-'.
|
||||
$sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $locale_name );
|
||||
|
||||
/**
|
||||
* Filters a sanitized locale name string.
|
||||
*
|
||||
* @since 6.2.1
|
||||
*
|
||||
* @param string $sanitized The sanitized locale name.
|
||||
* @param string $locale_name The locale name before sanitization.
|
||||
*/
|
||||
return apply_filters( 'sanitize_locale_name', $sanitized, $locale_name );
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts lone & characters into `&` (a.k.a. `&`)
|
||||
*
|
||||
|
||||
@@ -824,6 +824,7 @@ VideoDetails = MediaDetails.extend(/** @lends wp.media.view.MediaFrame.VideoDeta
|
||||
|
||||
wp.ajax.send( 'set-attachment-thumbnail', {
|
||||
data : {
|
||||
_ajax_nonce: wp.media.view.settings.nonce.setAttachmentThumbnail,
|
||||
urls: urls,
|
||||
thumbnail_id: attachment.get( 'id' )
|
||||
}
|
||||
|
||||
2
wp-includes/js/media-audiovideo.min.js
vendored
2
wp-includes/js/media-audiovideo.min.js
vendored
File diff suppressed because one or more lines are too long
@@ -49,6 +49,7 @@
|
||||
|
||||
var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ),
|
||||
blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ),
|
||||
allowedProtocols = new RegExp( '^https?:$', 'i' ),
|
||||
i, source, height, sourceURL, targetURL;
|
||||
|
||||
for ( i = 0; i < blockquotes.length; i++ ) {
|
||||
@@ -84,6 +85,11 @@
|
||||
sourceURL.href = source.getAttribute( 'src' );
|
||||
targetURL.href = data.value;
|
||||
|
||||
/* Only follow link if the protocol is in the allow list. */
|
||||
if ( ! allowedProtocols.test( targetURL.protocol ) ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Only continue if link hostname matches iframe's hostname. */
|
||||
if ( targetURL.host === sourceURL.host ) {
|
||||
if ( document.activeElement === source ) {
|
||||
|
||||
2
wp-includes/js/wp-embed.min.js
vendored
2
wp-includes/js/wp-embed.min.js
vendored
@@ -1,2 +1,2 @@
|
||||
/*! This file is auto-generated */
|
||||
!function(c,d){"use strict";var e=!1,o=!1;if(d.querySelector)if(c.addEventListener)e=!0;if(c.wp=c.wp||{},!c.wp.receiveEmbedMessage)if(c.wp.receiveEmbedMessage=function(e){var t=e.data;if(t)if(t.secret||t.message||t.value)if(!/[^a-zA-Z0-9]/.test(t.secret)){for(var r,a,i,s=d.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),n=d.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),o=0;o<n.length;o++)n[o].style.display="none";for(o=0;o<s.length;o++)if(r=s[o],e.source===r.contentWindow){if(r.removeAttribute("style"),"height"===t.message){if(1e3<(i=parseInt(t.value,10)))i=1e3;else if(~~i<200)i=200;r.height=i}if("link"===t.message)if(a=d.createElement("a"),i=d.createElement("a"),a.href=r.getAttribute("src"),i.href=t.value,i.host===a.host)if(d.activeElement===r)c.top.location.href=t.value}}},e)c.addEventListener("message",c.wp.receiveEmbedMessage,!1),d.addEventListener("DOMContentLoaded",t,!1),c.addEventListener("load",t,!1);function t(){if(!o){o=!0;for(var e,t,r,a=-1!==navigator.appVersion.indexOf("MSIE 10"),i=!!navigator.userAgent.match(/Trident.*rv:11\./),s=d.querySelectorAll("iframe.wp-embedded-content"),n=0;n<s.length;n++){if(!(r=(t=s[n]).getAttribute("data-secret")))r=Math.random().toString(36).substr(2,10),t.src+="#?secret="+r,t.setAttribute("data-secret",r);if(a||i)(e=t.cloneNode(!0)).removeAttribute("security"),t.parentNode.replaceChild(e,t);t.contentWindow.postMessage({message:"ready",secret:r},"*")}}}}(window,document);
|
||||
!function(d,l){"use strict";var e=!1,o=!1;if(l.querySelector)if(d.addEventListener)e=!0;if(d.wp=d.wp||{},!d.wp.receiveEmbedMessage)if(d.wp.receiveEmbedMessage=function(e){var t=e.data;if(t)if(t.secret||t.message||t.value)if(!/[^a-zA-Z0-9]/.test(t.secret)){for(var r,a,i,s=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),n=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),o=new RegExp("^https?:$","i"),c=0;c<n.length;c++)n[c].style.display="none";for(c=0;c<s.length;c++)if(r=s[c],e.source===r.contentWindow){if(r.removeAttribute("style"),"height"===t.message){if(1e3<(i=parseInt(t.value,10)))i=1e3;else if(~~i<200)i=200;r.height=i}if("link"===t.message)if(a=l.createElement("a"),i=l.createElement("a"),a.href=r.getAttribute("src"),i.href=t.value,o.test(i.protocol))if(i.host===a.host)if(l.activeElement===r)d.top.location.href=t.value}}},e)d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",t,!1),d.addEventListener("load",t,!1);function t(){if(!o){o=!0;for(var e,t,r,a=-1!==navigator.appVersion.indexOf("MSIE 10"),i=!!navigator.userAgent.match(/Trident.*rv:11\./),s=l.querySelectorAll("iframe.wp-embedded-content"),n=0;n<s.length;n++){if(!(r=(t=s[n]).getAttribute("data-secret")))r=Math.random().toString(36).substr(2,10),t.src+="#?secret="+r,t.setAttribute("data-secret",r);if(a||i)(e=t.cloneNode(!0)).removeAttribute("security"),t.parentNode.replaceChild(e,t);t.contentWindow.postMessage({message:"ready",secret:r},"*")}}}}(window,document);
|
||||
@@ -2415,6 +2415,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
|
||||
'direction',
|
||||
'float',
|
||||
'list-style-type',
|
||||
'object-fit',
|
||||
'object-position',
|
||||
'overflow',
|
||||
'vertical-align',
|
||||
|
||||
@@ -147,9 +147,9 @@ function determine_locale() {
|
||||
$wp_lang = '';
|
||||
|
||||
if ( ! empty( $_GET['wp_lang'] ) ) {
|
||||
$wp_lang = sanitize_text_field( $_GET['wp_lang'] );
|
||||
$wp_lang = sanitize_locale_name( wp_unslash( $_GET['wp_lang'] ) );
|
||||
} elseif ( ! empty( $_COOKIE['wp_lang'] ) ) {
|
||||
$wp_lang = sanitize_text_field( $_COOKIE['wp_lang'] );
|
||||
$wp_lang = sanitize_locale_name( wp_unslash( $_COOKIE['wp_lang'] ) );
|
||||
}
|
||||
|
||||
if ( ! empty( $wp_lang ) && ! empty( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) {
|
||||
|
||||
@@ -4388,7 +4388,8 @@ function wp_enqueue_media( $args = array() ) {
|
||||
/** This filter is documented in wp-admin/includes/media.php */
|
||||
'captions' => ! apply_filters( 'disable_captions', '' ),
|
||||
'nonce' => array(
|
||||
'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ),
|
||||
'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ),
|
||||
'setAttachmentThumbnail' => wp_create_nonce( 'set-attachment-thumbnail' ),
|
||||
),
|
||||
'post' => array(
|
||||
'id' => 0,
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '5.9.5';
|
||||
$wp_version = '5.9.6';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
||||
Reference in New Issue
Block a user