diff --git a/wp-admin/about.php b/wp-admin/about.php
index cc8ca1198a0a9ad442a8d2ad657a315199f04b26..357a65b091d4f9ac9513b264f66d9a61092ff7ef 100644
--- a/wp-admin/about.php
+++ b/wp-admin/about.php
@@ -32,6 +32,24 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
<div class="changelog point-releases">
<h3><?php _e( 'Maintenance and Security Releases' ); ?></h3>
+ <p>
+ <?php
+ printf(
+ /* translators: 1: WordPress version number, 2: plural number of bugs. */
+ _n(
+ '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+ '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.',
+ 17
+ ),
+ '4.9.7',
+ number_format_i18n( 17 )
+ );
+ ?>
+ <?php
+ /* translators: %s: Codex URL */
+ printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.9.7' );
+ ?>
+ </p>
<p>
<?php
printf(
diff --git a/wp-admin/edit-form-comment.php b/wp-admin/edit-form-comment.php
index 2ae7957f726cce775bfc16dc3cd659a74d9c3d6e..651ff15babdb11ddea08cce42e1326dccfc9d388 100644
--- a/wp-admin/edit-form-comment.php
+++ b/wp-admin/edit-form-comment.php
@@ -29,7 +29,11 @@ if ( 'approved' === wp_get_comment_status( $comment ) && $comment->comment_post_
<div class="inside">
<div id="comment-link-box">
<strong><?php _ex( 'Permalink:', 'comment' ); ?></strong>
- <span id="sample-permalink"><a href="<?php echo $comment_link; ?>"><?php echo $comment_link; ?></a></span>
+ <span id="sample-permalink">
+ <a href="<?php echo esc_url( $comment_link ); ?>">
+ <?php echo esc_html( $comment_link ); ?>
+ </a>
+ </span>
</div>
</div>
<?php endif; ?>
diff --git a/wp-admin/includes/class-wp-community-events.php b/wp-admin/includes/class-wp-community-events.php
index bbb743d55551ade8391e523188fc85454c731a19..93ee9b7df8565f7000a28e580ff51e23a7a8087b 100644
--- a/wp-admin/includes/class-wp-community-events.php
+++ b/wp-admin/includes/class-wp-community-events.php
@@ -385,20 +385,33 @@ class WP_Community_Events {
}
/**
- * Discards expired events, and reduces the remaining list.
+ * Prepares the event list for presentation.
+ *
+ * Discards expired events, and makes WordCamps "sticky." Attendees need more
+ * advanced notice about WordCamps than they do for meetups, so camps should
+ * appear in the list sooner. If a WordCamp is coming up, the API will "stick"
+ * it in the response, even if it wouldn't otherwise appear. When that happens,
+ * the event will be at the end of the list, and will need to be moved into a
+ * higher position, so that it doesn't get trimmed off.
*
* @since 4.8.0
+ * @since 4.9.7 Stick a WordCamp to the final list.
*
* @param array $response_body The response body which contains the events.
* @return array The response body with events trimmed.
*/
protected function trim_events( $response_body ) {
if ( isset( $response_body['events'] ) ) {
+ $wordcamps = array();
$current_timestamp = current_time( 'timestamp' );
foreach ( $response_body['events'] as $key => $event ) {
- // Skip WordCamps, because they might be multi-day events.
- if ( 'meetup' !== $event['type'] ) {
+ /*
+ * Skip WordCamps, because they might be multi-day events.
+ * Save a copy so they can be pinned later.
+ */
+ if ( 'wordcamp' === $event['type'] ) {
+ $wordcamps[] = $event;
continue;
}
@@ -410,6 +423,13 @@ class WP_Community_Events {
}
$response_body['events'] = array_slice( $response_body['events'], 0, 3 );
+ $trimmed_event_types = wp_list_pluck( $response_body['events'], 'type' );
+
+ // Make sure the soonest upcoming WordCamps is pinned in the list.
+ if ( ! in_array( 'wordcamp', $trimmed_event_types ) && $wordcamps ) {
+ array_pop( $response_body['events'] );
+ array_push( $response_body['events'], $wordcamps[0] );
+ }
}
return $response_body;
diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php
index f9feb381bcae7884dfd14356815b3f49d906ea6e..3f51608d156a9ba0fd24951fb6c07233a88b3d38 100644
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -1803,7 +1803,7 @@ function wp_print_request_filesystem_credentials_modal() {
*
* @since 4.9.6
*
- * @param array $group_data {
+ * @param array $group_data {
* The group data to render.
*
* @type string $group_label The user-facing heading for the group, e.g. 'Comments'.
@@ -1865,7 +1865,7 @@ function wp_privacy_generate_personal_data_export_group_html( $group_data ) {
*
* @since 4.9.6
*
- * @param int $request_id The export request ID.
+ * @param int $request_id The export request ID.
*/
function wp_privacy_generate_personal_data_export_file( $request_id ) {
if ( ! class_exists( 'ZipArchive' ) ) {
@@ -1889,9 +1889,8 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
$exports_dir = wp_privacy_exports_dir();
$exports_url = wp_privacy_exports_url();
- $result = wp_mkdir_p( $exports_dir );
- if ( is_wp_error( $result ) ) {
- wp_send_json_error( $result->get_error_message() );
+ if ( ! wp_mkdir_p( $exports_dir ) ) {
+ wp_send_json_error( __( 'Unable to create export folder.' ) );
}
// Protect export folder from browsing.
@@ -2030,7 +2029,7 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
* @param string $archive_pathname The full path to the export file on the filesystem.
* @param string $archive_url The URL of the archive file.
* @param string $html_report_pathname The full path to the personal data report on the filesystem.
- * @param string $request_id The export request ID.
+ * @param int $request_id The export request ID.
*/
do_action( 'wp_privacy_personal_data_export_file_created', $archive_pathname, $archive_url, $html_report_pathname, $request_id );
}
@@ -2051,8 +2050,8 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
*
* @since 4.9.6
*
- * @param int $request_id The request ID for this personal data export.
- * @return true|WP_Error True on success or `WP_Error` on failure.
+ * @param int $request_id The request ID for this personal data export.
+ * @return true|WP_Error True on success or `WP_Error` on failure.
*/
function wp_privacy_send_personal_data_export_email( $request_id ) {
// Get the request data.
@@ -2062,11 +2061,11 @@ function wp_privacy_send_personal_data_export_email( $request_id ) {
return new WP_Error( 'invalid', __( 'Invalid request ID when sending personal data export email.' ) );
}
- /** This filter is documented in wp-admin/includes/file.php */
+ /** This filter is documented in wp-includes/functions.php */
$expiration = apply_filters( 'wp_privacy_export_expiration', 3 * DAY_IN_SECONDS );
$expiration_date = date_i18n( get_option( 'date_format' ), time() + $expiration );
-/* translators: Do not translate EXPIRATION, LINK, EMAIL, SITENAME, SITEURL: those are placeholders. */
+/* translators: Do not translate EXPIRATION, LINK, SITENAME, SITEURL: those are placeholders. */
$email_text = __(
'Howdy,
@@ -2077,8 +2076,6 @@ so please download it before then.
###LINK###
-This email has been sent to ###EMAIL###.
-
Regards,
All at ###SITENAME###
###SITEURL###'
@@ -2090,7 +2087,6 @@ All at ###SITENAME###
* The following strings have a special meaning and will get replaced dynamically:
* ###EXPIRATION### The date when the URL will be automatically deleted.
* ###LINK### URL of the personal data export file for the user.
- * ###EMAIL### The email we are sending to.
* ###SITENAME### The name of the site.
* ###SITEURL### The URL to the site.
*
@@ -2184,6 +2180,7 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde
update_post_meta( $request_id, '_export_data_raw', $export_data );
// If we are not yet on the last page of the last exporter, return now.
+ /** This filter is documented in wp-admin/includes/ajax-actions.php */
$exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() );
$is_last_exporter = $exporter_index === count( $exporters );
$exporter_done = $response['done'];
@@ -2219,7 +2216,13 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde
delete_post_meta( $request_id, '_export_data_raw' );
update_post_meta( $request_id, '_export_data_grouped', $groups );
- // Generate the export file from the collected, grouped personal data.
+ /**
+ * Generate the export file from the collected, grouped personal data.
+ *
+ * @since 4.9.6
+ *
+ * @param int $request_id The export request ID.
+ */
do_action( 'wp_privacy_personal_data_export_file', $request_id );
// Clear the grouped data now that it is no longer needed.
diff --git a/wp-admin/includes/misc.php b/wp-admin/includes/misc.php
index c44590f6e173bb5e4742c24caf2d1c20ed0d480b..887c4e25618e97908353d7f157a12fd0710cbe90 100644
--- a/wp-admin/includes/misc.php
+++ b/wp-admin/includes/misc.php
@@ -194,6 +194,8 @@ function insert_with_markers( $filename, $marker, $insertion ) {
* @since 1.5.0
*
* @global WP_Rewrite $wp_rewrite
+ *
+ * @return bool|null True on write success, false on failure. Null in multisite.
*/
function save_mod_rewrite_rules() {
if ( is_multisite() )
@@ -201,8 +203,11 @@ function save_mod_rewrite_rules() {
global $wp_rewrite;
- $home_path = get_home_path();
- $htaccess_file = $home_path.'.htaccess';
+ // Ensure get_home_path() is declared.
+ require_once( ABSPATH . 'wp-admin/includes/file.php' );
+
+ $home_path = get_home_path();
+ $htaccess_file = $home_path . '.htaccess';
/*
* If the file doesn't already exist check for write access to the directory
@@ -226,7 +231,7 @@ function save_mod_rewrite_rules() {
*
* @global WP_Rewrite $wp_rewrite
*
- * @return bool True if web.config was updated successfully
+ * @return bool|null True on write success, false on failure. Null in multisite.
*/
function iis7_save_url_rewrite_rules(){
if ( is_multisite() )
@@ -234,7 +239,10 @@ function iis7_save_url_rewrite_rules(){
global $wp_rewrite;
- $home_path = get_home_path();
+ // Ensure get_home_path() is declared.
+ require_once( ABSPATH . 'wp-admin/includes/file.php' );
+
+ $home_path = get_home_path();
$web_config_file = $home_path . 'web.config';
// Using win_is_writable() instead of is_writable() because of a bug in Windows PHP
@@ -1150,7 +1158,7 @@ function update_option_new_admin_email( $old_value, $value ) {
return;
}
- $hash = md5( $value . time() . mt_rand() );
+ $hash = md5( $value . time() . wp_rand() );
$new_admin_email = array(
'hash' => $hash,
'newemail' => $value,
@@ -1701,7 +1709,7 @@ final class WP_Privacy_Policy_Content {
'<h3>' . __( 'Embedded content from other websites' ) . '</h3>' .
'<p>' . $suggested_text . __( 'Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.' ) . '</p>' .
- '<p>' . __( 'These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.' ) . '</p>' .
+ '<p>' . __( 'These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.' ) . '</p>' .
'<h3>' . __( 'Analytics' ) . '</h3>';
$descr && $content .=
diff --git a/wp-admin/includes/plugin.php b/wp-admin/includes/plugin.php
index d794a8acc60e24eaa516f018ec485c1f16e2327a..792b2a63d82af6338e49f1028b378d18329c945e 100644
--- a/wp-admin/includes/plugin.php
+++ b/wp-admin/includes/plugin.php
@@ -1898,15 +1898,17 @@ function plugin_sandbox_scrape( $plugin ) {
}
/**
- * Helper function for adding content to the postbox shown when editing the privacy policy.
+ * Helper function for adding content to the Privacy Policy Guide.
*
* Plugins and themes should suggest text for inclusion in the site's privacy policy.
* The suggested text should contain information about any functionality that affects user privacy,
- * and will be shown in the Suggested Privacy Policy Content postbox.
+ * and will be shown on the Privacy Policy Guide screen.
*
* A plugin or theme can use this function multiple times as long as it will help to better present
* the suggested policy content. For example modular plugins such as WooCommerse or Jetpack
* can add or remove suggested content depending on the modules/extensions that are enabled.
+ * For more information see the Plugin Handbook:
+ * https://developer.wordpress.org/plugins/privacy/suggesting-text-for-the-site-privacy-policy/.
*
* Intended for use with the `'admin_init'` action.
*
@@ -1914,9 +1916,32 @@ function plugin_sandbox_scrape( $plugin ) {
*
* @param string $plugin_name The name of the plugin or theme that is suggesting content for the site's privacy policy.
* @param string $policy_text The suggested content for inclusion in the policy.
- * For more information see the Plugins Handbook https://developer.wordpress.org/plugins/.
*/
function wp_add_privacy_policy_content( $plugin_name, $policy_text ) {
+ if ( ! is_admin() ) {
+ _doing_it_wrong(
+ __FUNCTION__,
+ sprintf(
+ /* translators: %s: admin_init */
+ __( 'The suggested privacy policy content should be added only in wp-admin by using the %s (or later) action.' ),
+ '<code>admin_init</code>'
+ ),
+ '4.9.7'
+ );
+ return;
+ } elseif ( ! doing_action( 'admin_init' ) && ! did_action( 'admin_init' ) ) {
+ _doing_it_wrong(
+ __FUNCTION__,
+ sprintf(
+ /* translators: %s: admin_init */
+ __( 'The suggested privacy policy content should be added by using the %s (or later) action. Please see the inline documentation.' ),
+ '<code>admin_init</code>'
+ ),
+ '4.9.7'
+ );
+ return;
+ }
+
if ( ! class_exists( 'WP_Privacy_Policy_Content' ) ) {
require_once( ABSPATH . 'wp-admin/includes/misc.php' );
}
diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php
index 0c8c863ec75d7975bfa1958369f1f5c0005bdf58..1ad35ca7ce80efb22cf314cff4a218cab4fc7ba6 100644
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -1018,7 +1018,7 @@ function do_meta_boxes( $screen, $context, $object ) {
$hidden = get_hidden_meta_boxes( $screen );
- printf('<div id="%s-sortables" class="meta-box-sortables">', htmlspecialchars($context));
+ printf( '<div id="%s-sortables" class="meta-box-sortables">', esc_attr( $context ) );
// Grab the ones the user has manually sorted. Pull them out of their previous context/priority and into the one the user chose
if ( ! $already_sorted && $sorted = get_user_option( "meta-box-order_$page" ) ) {
diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php
index 68be2ba60afe75f718ab97c491c47dffc8307ecc..2ebcb332637b147b7fae069b8f808c7152a73f9a 100644
--- a/wp-admin/includes/user.php
+++ b/wp-admin/includes/user.php
@@ -1380,6 +1380,7 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Requests_Table {
* @return string Email column markup.
*/
public function column_email( $item ) {
+ /** This filter is documented in wp-admin/includes/ajax-actions.php */
$exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() );
$exporters_count = count( $exporters );
$request_id = $item->ID;
@@ -1420,6 +1421,7 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Requests_Table {
esc_html_e( 'Waiting for confirmation' );
break;
case 'request-confirmed':
+ /** This filter is documented in wp-admin/includes/ajax-actions.php */
$exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() );
$exporters_count = count( $exporters );
$request_id = $item->ID;
@@ -1492,6 +1494,7 @@ class WP_Privacy_Data_Removal_Requests_Table extends WP_Privacy_Requests_Table {
// Allow the administrator to "force remove" the personal data even if confirmation has not yet been received.
$status = $item->status;
if ( 'request-confirmed' !== $status ) {
+ /** This filter is documented in wp-admin/includes/ajax-actions.php */
$erasers = apply_filters( 'wp_privacy_personal_data_erasers', array() );
$erasers_count = count( $erasers );
$request_id = $item->ID;
@@ -1532,6 +1535,7 @@ class WP_Privacy_Data_Removal_Requests_Table extends WP_Privacy_Requests_Table {
esc_html_e( 'Waiting for confirmation' );
break;
case 'request-confirmed':
+ /** This filter is documented in wp-admin/includes/ajax-actions.php */
$erasers = apply_filters( 'wp_privacy_personal_data_erasers', array() );
$erasers_count = count( $erasers );
$request_id = $item->ID;
diff --git a/wp-admin/privacy.php b/wp-admin/privacy.php
index 991ad72effb9ce016bf37379cd008160f67195f8..9c360dd18f06087dda806a3cd3e3471f723f57a9 100644
--- a/wp-admin/privacy.php
+++ b/wp-admin/privacy.php
@@ -22,14 +22,33 @@ if ( ! empty( $action ) ) {
$privacy_policy_page_id = isset( $_POST['page_for_privacy_policy'] ) ? (int) $_POST['page_for_privacy_policy'] : 0;
update_option( 'wp_page_for_privacy_policy', $privacy_policy_page_id );
+ $privacy_page_updated_message = __( 'Privacy policy page updated successfully.' );
+
+ if ( $privacy_policy_page_id ) {
+ /*
+ * Don't always link to the menu customizer:
+ *
+ * - Unpublished pages can't be selected by default.
+ * - `WP_Customize_Nav_Menus::__construct()` checks the user's capabilities.
+ * - Themes might not "officially" support menus.
+ */
+ if (
+ 'publish' === get_post_status( $privacy_policy_page_id )
+ && current_user_can( 'edit_theme_options' )
+ && current_theme_supports( 'menus' )
+ ) {
+ $privacy_page_updated_message = sprintf(
+ /* translators: %s: URL to Customizer -> Menus */
+ __( 'Privacy policy page updated successfully. Remember to <a href="%s">update your menus</a>!' ),
+ esc_url( add_query_arg( 'autofocus[panel]', 'nav_menus', admin_url( 'customize.php' ) ) )
+ );
+ }
+ }
+
add_settings_error(
'page_for_privacy_policy',
'page_for_privacy_policy',
- sprintf(
- /* translators: %s: URL to Customizer -> Menus */
- __( 'Privacy policy page updated successfully. Remember to <a href="%s">update your menus</a>!' ),
- 'customize.php?autofocus[panel]=nav_menus'
- ),
+ $privacy_page_updated_message,
'updated'
);
} elseif ( 'create-privacy-page' === $action ) {
diff --git a/wp-content/plugins/akismet/_inc/akismet.css b/wp-content/plugins/akismet/_inc/akismet.css
index bf40fb14aba4f9780f7670999d3c83ea0a6604a6..85f3c5ec73f34bb53d51ec58a8c7e4a102066436 100644
--- a/wp-content/plugins/akismet/_inc/akismet.css
+++ b/wp-content/plugins/akismet/_inc/akismet.css
@@ -417,10 +417,6 @@ table.comments td.comment p a:after {
padding: 1.5rem;
}
-.akismet-lower .notice {
- margin-bottom: 2rem;
-}
-
.akismet-card {
margin-top: 1rem;
margin-bottom: 0;
@@ -587,4 +583,4 @@ table.comments td.comment p a:after {
.akismet-section-header__actions {
line-height: 1.75rem;
-}
+}
\ No newline at end of file
diff --git a/wp-content/plugins/akismet/_inc/akismet.js b/wp-content/plugins/akismet/_inc/akismet.js
index b5df186f632189f94f43a67cd61fa56506517b4f..cac4d57fdac63e6294530636ff4dc27ddc3c6825 100644
--- a/wp-content/plugins/akismet/_inc/akismet.js
+++ b/wp-content/plugins/akismet/_inc/akismet.js
@@ -273,13 +273,4 @@ jQuery( function ( $ ) {
var img = new Image();
img.src = akismet_mshot_url( linkUrl );
}
-
- /**
- * Sets the comment form privacy notice display to hide when one clicks Core's dismiss button on the related admin notice.
- */
- $( '#akismet-privacy-notice-admin-notice' ).on( 'click', '.notice-dismiss', function(){
- $.ajax({
- url: './options-general.php?page=akismet-key-config&akismet_comment_form_privacy_notice=hide',
- });
- });
-});
+});
\ No newline at end of file
diff --git a/wp-content/plugins/akismet/akismet.php b/wp-content/plugins/akismet/akismet.php
index d4f21350b3719890e97fcb8ad2a2d06706a30ca1..a8ea4a15db7475c39c5b2973291ad83425619d63 100644
--- a/wp-content/plugins/akismet/akismet.php
+++ b/wp-content/plugins/akismet/akismet.php
@@ -6,7 +6,7 @@
Plugin Name: Akismet Anti-Spam
Plugin URI: https://akismet.com/
Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. It keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
-Version: 4.0.8
+Version: 4.0.3
Author: Automattic
Author URI: https://automattic.com/wordpress-plugins/
License: GPLv2 or later
@@ -37,7 +37,7 @@ if ( !function_exists( 'add_action' ) ) {
exit;
}
-define( 'AKISMET_VERSION', '4.0.8' );
+define( 'AKISMET_VERSION', '4.0.3' );
define( 'AKISMET__MINIMUM_WP_VERSION', '4.0' );
define( 'AKISMET__PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
define( 'AKISMET_DELETE_LIMIT', 100000 );
diff --git a/wp-content/plugins/akismet/class.akismet-admin.php b/wp-content/plugins/akismet/class.akismet-admin.php
index 1e80617355054cee1563882016c474223afe4ff0..42e884f9864c2aa6dc8e69b6effd7052166d1f0a 100644
--- a/wp-content/plugins/akismet/class.akismet-admin.php
+++ b/wp-content/plugins/akismet/class.akismet-admin.php
@@ -32,10 +32,6 @@ class Akismet_Admin {
if ( isset( $_POST['action'] ) && $_POST['action'] == 'enter-key' ) {
self::enter_api_key();
}
-
- if ( ! empty( $_GET['akismet_comment_form_privacy_notice'] ) && empty( $_GET['settings-updated']) ) {
- self::set_form_privacy_notice_option( $_GET['akismet_comment_form_privacy_notice'] );
- }
}
public static function init_hooks() {
@@ -69,23 +65,11 @@ class Akismet_Admin {
add_filter( 'wxr_export_skip_commentmeta', array( 'Akismet_Admin', 'exclude_commentmeta_from_export' ), 10, 3 );
add_filter( 'all_plugins', array( 'Akismet_Admin', 'modify_plugin_description' ) );
-
- if ( class_exists( 'Jetpack' ) ) {
- add_filter( 'akismet_comment_form_privacy_notice_url_display', array( 'Akismet_Admin', 'jetpack_comment_form_privacy_notice_url' ) );
- add_filter( 'akismet_comment_form_privacy_notice_url_hide', array( 'Akismet_Admin', 'jetpack_comment_form_privacy_notice_url' ) );
- }
}
public static function admin_init() {
load_plugin_textdomain( 'akismet' );
add_meta_box( 'akismet-status', __('Comment History', 'akismet'), array( 'Akismet_Admin', 'comment_status_meta_box' ), 'comment', 'normal' );
-
- if ( function_exists( 'wp_add_privacy_policy_content' ) ) {
- wp_add_privacy_policy_content(
- __( 'Akismet', 'akismet' ),
- __( 'We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter\'s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).', 'akismet' )
- );
- }
}
public static function admin_menu() {
@@ -276,13 +260,7 @@ class Akismet_Admin {
foreach( array( 'akismet_strictness', 'akismet_show_user_comments_approved' ) as $option ) {
update_option( $option, isset( $_POST[$option] ) && (int) $_POST[$option] == 1 ? '1' : '0' );
}
-
- if ( ! empty( $_POST['akismet_comment_form_privacy_notice'] ) ) {
- self::set_form_privacy_notice_option( $_POST['akismet_comment_form_privacy_notice'] );
- } else {
- self::set_form_privacy_notice_option( 'hide' );
- }
-
+
if ( Akismet::predefined_api_key() ) {
return false; //shouldn't have option to save key if already defined
}
@@ -847,14 +825,6 @@ class Akismet_Admin {
) );
}
- public static function display_privacy_notice_control_warning() {
- if ( !current_user_can( 'manage_options' ) )
- return;
- Akismet::view( 'notice', array(
- 'type' => 'privacy',
- ) );
- }
-
public static function display_spam_check_warning() {
Akismet::fix_scheduled_recheck();
@@ -988,10 +958,6 @@ class Akismet_Admin {
$notices[] = array( 'type' => $akismet_user->status );
}
- if ( false === get_option( 'akismet_comment_form_privacy_notice' ) ) {
- $notices[] = array( 'type' => 'privacy' );
- }
-
/*
// To see all variants when testing.
$notices[] = array( 'type' => 'active-notice', 'time_saved' => 'Cleaning up spam takes time. Akismet has saved you 1 minute!' );
@@ -1058,14 +1024,6 @@ class Akismet_Admin {
echo '<div class="notice notice-success"><p>' . esc_html( $message ) . '</p></div>';
}
-
- $akismet_comment_form_privacy_notice_option = get_option( 'akismet_comment_form_privacy_notice' );
- if ( ! in_array( $akismet_comment_form_privacy_notice_option, array( 'hide', 'display' ) ) ) {
- $api_key = Akismet::get_api_key();
- if ( ! empty( $api_key ) ) {
- self::display_privacy_notice_control_warning();
- }
- }
}
public static function display_status() {
@@ -1170,14 +1128,4 @@ class Akismet_Admin {
return $all_plugins;
}
-
- private static function set_form_privacy_notice_option( $state ) {
- if ( in_array( $state, array( 'display', 'hide' ) ) ) {
- update_option( 'akismet_comment_form_privacy_notice', $state );
- }
- }
-
- public static function jetpack_comment_form_privacy_notice_url( $url ) {
- return str_replace( 'options-general.php', 'admin.php', $url );
- }
}
diff --git a/wp-content/plugins/akismet/class.akismet.php b/wp-content/plugins/akismet/class.akismet.php
index 3a1307f42f158ea8a33a72e4d1a1580ed33a8f50..0ed53fcea06415897d9776420e51e30e766f33b3 100644
--- a/wp-content/plugins/akismet/class.akismet.php
+++ b/wp-content/plugins/akismet/class.akismet.php
@@ -51,9 +51,6 @@ class Akismet {
// Jetpack compatibility
add_filter( 'jetpack_options_whitelist', array( 'Akismet', 'add_to_jetpack_options_whitelist' ) );
add_action( 'update_option_wordpress_api_key', array( 'Akismet', 'updated_option' ), 10, 2 );
- add_action( 'add_option_wordpress_api_key', array( 'Akismet', 'added_option' ), 10, 2 );
-
- add_action( 'comment_form_after', array( 'Akismet', 'display_comment_form_privacy_notice' ) );
}
public static function get_api_key() {
@@ -113,18 +110,6 @@ class Akismet {
}
}
- /**
- * Treat the creation of an API key the same as updating the API key to a new value.
- *
- * @param mixed $option_name Will always be "wordpress_api_key", until something else hooks in here.
- * @param mixed $value The option value.
- */
- public static function added_option( $option_name, $value ) {
- if ( 'wordpress_api_key' === $option_name ) {
- return self::updated_option( '', $value );
- }
- }
-
public static function rest_auto_check_comment( $commentdata ) {
self::$is_rest_api_call = true;
@@ -1202,7 +1187,7 @@ class Akismet {
<!doctype html>
<html>
<head>
-<meta charset="<?php bloginfo( 'charset' ); ?>" />
+<meta charset="<?php bloginfo( 'charset' ); ?>">
<style>
* {
text-align: center;
@@ -1215,7 +1200,6 @@ p {
font-size: 18px;
}
</style>
-</head>
<body>
<p><?php echo esc_html( $message ); ?></p>
</body>
@@ -1404,21 +1388,4 @@ p {
return apply_filters( 'akismet_predefined_api_key', false );
}
-
- /**
- * Controls the display of a privacy related notice underneath the comment form using the `akismet_comment_form_privacy_notice` option and filter respectively.
- * Default is top not display the notice, leaving the choice to site admins, or integrators.
- */
- public static function display_comment_form_privacy_notice() {
- if ( 'display' !== apply_filters( 'akismet_comment_form_privacy_notice', get_option( 'akismet_comment_form_privacy_notice', 'hide' ) ) ) {
- return;
- }
- echo apply_filters(
- 'akismet_comment_form_privacy_notice_markup',
- '<p class="akismet_comment_form_privacy_notice">' . sprintf(
- __( 'This site uses Akismet to reduce spam. <a href="%s" target="_blank" rel="nofollow noopener">Learn how your comment data is processed</a>.', 'akismet' ),
- 'https://akismet.com/privacy/'
- ) . '</p>'
- );
- }
}
diff --git a/wp-content/plugins/akismet/readme.txt b/wp-content/plugins/akismet/readme.txt
index 4853f6fa0dbcacea13883e7a06be238c1ef117d7..c892430dfb48ff8b19f3c6fe92480bbd361542a8 100644
--- a/wp-content/plugins/akismet/readme.txt
+++ b/wp-content/plugins/akismet/readme.txt
@@ -2,8 +2,8 @@
Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, eoigal, cfinke, automattic, jgs, procifer, stephdau
Tags: akismet, comments, spam, antispam, anti-spam, anti spam, comment moderation, comment spam, contact form spam, spam comments
Requires at least: 4.0
-Tested up to: 4.9.6
-Stable tag: 4.0.8
+Tested up to: 4.9.1
+Stable tag: 4.0.3
License: GPLv2 or later
Akismet checks your comments and contact form submissions against our global database of spam to protect you and your site from malicious content.
@@ -30,38 +30,6 @@ Upload the Akismet plugin to your blog, Activate it, then enter your [Akismet.co
== Changelog ==
-= 4.0.8 =
-*Release Date - 19 June 2018*
-
-* Improved the grammar and consistency of the in-admin privacy related notes (notice and config).
-* Revised in-admin explanation of the comment form privacy notice to make its usage clearer.
-* Added `rel="nofollow noopener"` to the comment form privacy notice to improve SEO and security.
-
-= 4.0.7 =
-*Release Date - 28 May 2018*
-
-* Based on user feedback, the link on "Learn how your comment data is processed." in the optional privacy notice now has a `target` of `_blank` and opens in a new tab/window.
-* Updated the in-admin privacy notice to use the term "comment" instead of "contact" in "Akismet can display a notice to your users under your comment forms."
-* Only show in-admin privacy notice if Akismet has an API Key configured
-
-= 4.0.6 =
-*Release Date - 26 May 2018*
-
-* Moved away from using `empty( get_option() )` to instantiating a variable to be compatible with older versions of PHP (5.3, 5.4, etc).
-
-= 4.0.5 =
-*Release Date - 26 May 2018*
-
-* Corrected version number after tagging. Sorry...
-
-= 4.0.4 =
-*Release Date - 26 May 2018*
-
-* Added a hook to provide Akismet-specific privacy information for a site's privacy policy.
-* Added tools to control the display of a privacy related notice under comment forms.
-* Fixed HTML in activation failure message to close META and HEAD tag properly.
-* Fixed a bug that would sometimes prevent Akismet from being correctly auto-configured.
-
= 4.0.3 =
*Release Date - 19 February 2018*
diff --git a/wp-content/plugins/akismet/views/config.php b/wp-content/plugins/akismet/views/config.php
index cc6fdd2046648b0cf8743828265c89e86d6f287c..59dd18c594e93fd46cc24758b592f159b28f6a6b 100644
--- a/wp-content/plugins/akismet/views/config.php
+++ b/wp-content/plugins/akismet/views/config.php
@@ -151,17 +151,6 @@
?>
</td>
</tr>
- <tr>
- <th class="comment-form-privacy-notice" align="left" scope="row"><?php esc_html_e('Privacy', 'akismet'); ?></th>
- <td></td>
- <td align="left">
- <fieldset><legend class="screen-reader-text"><span><?php esc_html_e('Akismet privacy notice', 'akismet'); ?></span></legend>
- <p><label for="akismet_comment_form_privacy_notice_display"><input type="radio" name="akismet_comment_form_privacy_notice" id="akismet_comment_form_privacy_notice_display" value="display" <?php checked('display', get_option('akismet_comment_form_privacy_notice')); ?> /> <?php esc_html_e('Display a privacy notice under your comment forms.', 'akismet'); ?></label></p>
- <p><label for="akismet_comment_form_privacy_notice_hide"><input type="radio" name="akismet_comment_form_privacy_notice" id="akismet_comment_form_privacy_notice_hide" value="hide" <?php echo in_array( get_option('akismet_comment_form_privacy_notice'), array('display', 'hide') ) ? checked('hide', get_option('akismet_comment_form_privacy_notice'), false) : 'checked="checked"'; ?> /> <?php esc_html_e('Do not display privacy notice.', 'akismet'); ?></label></p>
- </fieldset>
- <span class="akismet-note"><?php esc_html_e( 'To help your site with transparency under privacy laws like the GDPR, Akismet can display a notice to your users under your comment forms. This feature is disabled by default, however, you can turn it on above.', 'akismet' );?></span>
- </td>
- </tr>
</tbody>
</table>
<div class="akismet-card-actions">
@@ -239,4 +228,4 @@
<?php } ?>
<?php endif;?>
</div>
-</div>
+</div>
\ No newline at end of file
diff --git a/wp-content/plugins/akismet/views/notice.php b/wp-content/plugins/akismet/views/notice.php
index 62476bd2854b3b2ed1b4b6100b4fcb25b008f95d..4f65b8402befd43a7b124ccd2c9cd3ec60f49e6c 100644
--- a/wp-content/plugins/akismet/views/notice.php
+++ b/wp-content/plugins/akismet/views/notice.php
@@ -15,7 +15,7 @@
<?php elseif ( $type == 'spam-check' ) :?>
<div class="notice notice-warning">
<p><strong><?php esc_html_e( 'Akismet has detected a problem.', 'akismet' );?></strong></p>
- <p><?php esc_html_e( 'Some comments have not yet been checked for spam by Akismet. They have been temporarily held for moderation and will automatically be rechecked later.', 'akismet' ); ?></p>
+ <p><?php printf( __( 'Some comments have not yet been checked for spam by Akismet. They have been temporarily held for moderation and will automatically be rechecked later.', 'akismet' ) ); ?></p>
<?php if ( $link_text ) { ?>
<p><?php echo $link_text; ?></p>
<?php } ?>
@@ -132,10 +132,4 @@
</p>
<?php endif; ?>
</div>
-<?php elseif ( $type == 'privacy' ) :?>
-<div class="notice notice-warning is-dismissible" id="akismet-privacy-notice-admin-notice">
- <p><strong><?php esc_html_e( 'Akismet & Privacy.', 'akismet' );?></strong></p>
- <p><?php esc_html_e( 'To help your site with transparency under privacy laws like the GDPR, Akismet can display a notice to your users under your comment forms. This feature is disabled by default, however, you can turn it on below.', 'akismet' ); ?></p>
- <p><?php printf( __(' Please <a href="%s">enable</a> or <a href="%s">disable</a> this feature. <a href="%s" id="akismet-privacy-notice-control-notice-info-link" target="_blank">More information</a>.', 'akismet' ), admin_url( apply_filters( 'akismet_comment_form_privacy_notice_url_display', 'options-general.php?page=akismet-key-config&akismet_comment_form_privacy_notice=display' ) ), admin_url( apply_filters( 'akismet_comment_form_privacy_notice_url_hide', 'options-general.php?page=akismet-key-config&akismet_comment_form_privacy_notice=hide' ) ), 'https://akismet.com/privacy/' ); ?></p>
-</div>
-<?php endif;?>
+<?php endif;?>
\ No newline at end of file
diff --git a/wp-includes/class-wp-term-query.php b/wp-includes/class-wp-term-query.php
index d704f5e161e80fff11fc352b6f3f1c48757be854..3bbb1090241593a1fe45a42daaebdbbc31e9e784 100644
--- a/wp-includes/class-wp-term-query.php
+++ b/wp-includes/class-wp-term-query.php
@@ -671,7 +671,7 @@ class WP_Term_Query {
$cache_key = "get_terms:$key:$last_changed";
$cache = wp_cache_get( $cache_key, 'terms' );
if ( false !== $cache ) {
- if ( 'all' === $_fields ) {
+ if ( 'all' === $_fields || 'all_with_object_id' === $_fields ) {
$cache = array_map( 'get_term', $cache );
}
diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php
index 51193cec1dc6dc5dc0369182860acaf86edb8fe3..7bde60c517a8bfb8f7619b06c5e1192e5f73b1e8 100644
--- a/wp-includes/comment-template.php
+++ b/wp-includes/comment-template.php
@@ -2123,6 +2123,7 @@ function wp_list_comments( $args = array(), $comments = null ) {
* @since 4.5.0 The 'author', 'email', and 'url' form fields are limited to 245, 100,
* and 200 characters, respectively.
* @since 4.6.0 Introduced the 'action' argument.
+ * @since 4.9.6 Introduced the 'cookies' default comment field.
*
* @param array $args {
* Optional. Default arguments and form fields to override.
@@ -2130,9 +2131,10 @@ function wp_list_comments( $args = array(), $comments = null ) {
* @type array $fields {
* Default comment fields, filterable by default via the {@see 'comment_form_default_fields'} hook.
*
- * @type string $author Comment author field HTML.
- * @type string $email Comment author email field HTML.
- * @type string $url Comment author URL field HTML.
+ * @type string $author Comment author field HTML.
+ * @type string $email Comment author email field HTML.
+ * @type string $url Comment author URL field HTML.
+ * @type string $cookies Comment cookie opt-in field HTML.
* }
* @type string $comment_field The comment textarea field HTML.
* @type string $must_log_in HTML element for a 'must be logged in to comment' message.
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index dd2ff35e7dd3fddbc4330de111a04995b27cac0a..5802a341469f77e52e255d7a7e78a37187e66354 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -1704,17 +1704,30 @@ function path_join( $base, $path ) {
* @since 3.9.0
* @since 4.4.0 Ensures upper-case drive letters on Windows systems.
* @since 4.5.0 Allows for Windows network shares.
+ * @since 4.9.7 Allows for PHP file wrappers.
*
* @param string $path Path to normalize.
* @return string Normalized path.
*/
function wp_normalize_path( $path ) {
+ $wrapper = '';
+ if ( wp_is_stream( $path ) ) {
+ list( $wrapper, $path ) = explode( '://', $path, 2 );
+ $wrapper .= '://';
+ }
+
+ // Standardise all paths to use /
$path = str_replace( '\\', '/', $path );
+
+ // Replace multiple slashes down to a singular, allowing for network shares having two slashes.
$path = preg_replace( '|(?<=.)/+|', '/', $path );
+
+ // Windows paths should uppercase the drive letter
if ( ':' === substr( $path, 1, 1 ) ) {
$path = ucfirst( $path );
}
- return $path;
+
+ return $wrapper . $path;
}
/**
@@ -5503,6 +5516,28 @@ function wp_delete_file( $file ) {
}
}
+/**
+ * Deletes a file if its path is within the given directory.
+ *
+ * @since 4.9.7
+ *
+ * @param string $file Absolute path to the file to delete.
+ * @param string $directory Absolute path to a directory.
+ * @return bool True on success, false on failure.
+ */
+function wp_delete_file_from_directory( $file, $directory ) {
+ $real_file = realpath( wp_normalize_path( $file ) );
+ $real_directory = realpath( wp_normalize_path( $directory ) );
+
+ if ( false === $real_file || false === $real_directory || strpos( wp_normalize_path( $real_file ), trailingslashit( wp_normalize_path( $real_directory ) ) ) !== 0 ) {
+ return false;
+ }
+
+ wp_delete_file( $file );
+
+ return true;
+}
+
/**
* Outputs a small JS snippet on preview tabs/windows to remove `window.name` on unload.
*
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 32fab32f652658d3903082ae51afb5abc1cbf939..dda43ce6582d25c094be5bade9312d6c02b86dc7 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -967,6 +967,9 @@ function wp_clear_auth_cookie() {
setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
+
+ // Post password cookie
+ setcookie( 'wp-postpass_' . COOKIEHASH, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
}
endif;
diff --git a/wp-includes/post.php b/wp-includes/post.php
index d69f5a839d10cf46beb1a5fe9d6471f213c17e81..14be53f443dd470087fba5968c25ed0b52101cc2 100644
--- a/wp-includes/post.php
+++ b/wp-includes/post.php
@@ -5056,42 +5056,79 @@ function wp_delete_attachment( $post_id, $force_delete = false ) {
/** This action is documented in wp-includes/post.php */
do_action( 'deleted_post', $post_id );
+ wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file );
+
+ clean_post_cache( $post );
+
+ return $post;
+}
+
+/**
+ * Deletes all files that belong to the given attachment.
+ *
+ * @since 4.9.7
+ *
+ * @param int $post_id Attachment ID.
+ * @param array $meta The attachment's meta data.
+ * @param array $backup_sizes The meta data for the attachment's backup images.
+ * @param string $file Absolute path to the attachment's file.
+ * @return bool True on success, false on failure.
+ */
+function wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file ) {
+ global $wpdb;
+
$uploadpath = wp_get_upload_dir();
+ $deleted = true;
- if ( ! empty($meta['thumb']) ) {
+ if ( ! empty( $meta['thumb'] ) ) {
// Don't delete the thumb if another attachment uses it.
- if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%' . $wpdb->esc_like( $meta['thumb'] ) . '%', $post_id)) ) {
- $thumbfile = str_replace(basename($file), $meta['thumb'], $file);
- /** This filter is documented in wp-includes/functions.php */
- $thumbfile = apply_filters( 'wp_delete_file', $thumbfile );
- @ unlink( path_join($uploadpath['basedir'], $thumbfile) );
+ if ( ! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%' . $wpdb->esc_like( $meta['thumb'] ) . '%', $post_id ) ) ) {
+ $thumbfile = str_replace( basename( $file ), $meta['thumb'], $file );
+ if ( ! empty( $thumbfile ) ) {
+ $thumbfile = path_join( $uploadpath['basedir'], $thumbfile );
+ $thumbdir = path_join( $uploadpath['basedir'], dirname( $file ) );
+
+ if ( ! wp_delete_file_from_directory( $thumbfile, $thumbdir ) ) {
+ $deleted = false;
+ }
+ }
}
}
// Remove intermediate and backup images if there are any.
if ( isset( $meta['sizes'] ) && is_array( $meta['sizes'] ) ) {
+ $intermediate_dir = path_join( $uploadpath['basedir'], dirname( $file ) );
foreach ( $meta['sizes'] as $size => $sizeinfo ) {
$intermediate_file = str_replace( basename( $file ), $sizeinfo['file'], $file );
- /** This filter is documented in wp-includes/functions.php */
- $intermediate_file = apply_filters( 'wp_delete_file', $intermediate_file );
- @ unlink( path_join( $uploadpath['basedir'], $intermediate_file ) );
+ if ( ! empty( $intermediate_file ) ) {
+ $intermediate_file = path_join( $uploadpath['basedir'], $intermediate_file );
+
+ if ( ! wp_delete_file_from_directory( $intermediate_file, $intermediate_dir ) ) {
+ $deleted = false;
+ }
+ }
}
}
- if ( is_array($backup_sizes) ) {
+ if ( is_array( $backup_sizes ) ) {
+ $del_dir = path_join( $uploadpath['basedir'], dirname( $meta['file'] ) );
foreach ( $backup_sizes as $size ) {
- $del_file = path_join( dirname($meta['file']), $size['file'] );
- /** This filter is documented in wp-includes/functions.php */
- $del_file = apply_filters( 'wp_delete_file', $del_file );
- @ unlink( path_join($uploadpath['basedir'], $del_file) );
+ $del_file = path_join( dirname( $meta['file'] ), $size['file'] );
+ if ( ! empty( $del_file ) ) {
+ $del_file = path_join( $uploadpath['basedir'], $del_file );
+
+ if ( ! wp_delete_file_from_directory( $del_file, $del_dir ) ) {
+ $deleted = false;
+ }
+ }
}
}
- wp_delete_file( $file );
-
- clean_post_cache( $post );
+ if ( ! wp_delete_file_from_directory( $file, $uploadpath['basedir'] ) ) {
+ $deleted = false;
+ }
- return $post;
+ return $deleted;
}
/**
diff --git a/wp-includes/user.php b/wp-includes/user.php
index da9fb12ac761f3357ab17446c6dc84e8d95ac3e2..fa4ea7a7ba03e27bfa5233c04d44692bfbf084b8 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -2650,7 +2650,7 @@ function send_confirmation_on_profile_email() {
return;
}
- $hash = md5( $_POST['email'] . time() . mt_rand() );
+ $hash = md5( $_POST['email'] . time() . wp_rand() );
$new_user_email = array(
'hash' => $hash,
'newemail' => $_POST['email'],
@@ -3260,7 +3260,7 @@ function wp_send_user_request( $request_id ) {
'siteurl' => network_home_url(),
);
- /* translators: Do not translate DESCRIPTION, CONFIRM_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
+ /* translators: Do not translate DESCRIPTION, CONFIRM_URL, SITENAME, SITEURL: those are placeholders. */
$email_text = __(
'Howdy,
@@ -3274,8 +3274,6 @@ To confirm this, please click on the following link:
You can safely ignore and delete this email if you do not want to
take this action.
-This email has been sent to ###EMAIL###.
-
Regards,
All at ###SITENAME###
###SITEURL###'
@@ -3288,7 +3286,6 @@ All at ###SITENAME###
*
* ###DESCRIPTION### Description of the action being performed so the user knows what the email is for.
* ###CONFIRM_URL### The link to click on to confirm the account action.
- * ###EMAIL### The email we are sending to.
* ###SITENAME### The name of the site.
* ###SITEURL### The URL to the site.
*
@@ -3431,7 +3428,7 @@ function wp_validate_user_request_key( $request_id, $key ) {
}
if ( ! $expiration_time || time() > $expiration_time ) {
- $return = new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) );
+ return new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) );
}
return true;
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 09aeef0100f970291ff08700defcc2f298f41da5..df79e447bbe17b48d9243b922dbce786b951b1f4 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
-$wp_version = '4.9.6';
+$wp_version = '4.9.7';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
diff --git a/wp-includes/widgets.php b/wp-includes/widgets.php
index 1e939e173dd149eb7e6843be9717857e4f86411f..683c7ab9136ad25c3c41bae77cb1605e0447e708 100644
--- a/wp-includes/widgets.php
+++ b/wp-includes/widgets.php
@@ -420,8 +420,9 @@ function wp_sidebar_description( $id ) {
global $wp_registered_sidebars;
- if ( isset($wp_registered_sidebars[$id]['description']) )
- return esc_html( $wp_registered_sidebars[$id]['description'] );
+ if ( isset( $wp_registered_sidebars[ $id ]['description'] ) ) {
+ return wp_kses( $wp_registered_sidebars[ $id ]['description'], 'sidebar_description' );
+ }
}
/**