From 5156d3e99be13d8d8f22e343949c8d751742f86d Mon Sep 17 00:00:00 2001
From: lucha <lucha@paranoici.org>
Date: Sat, 7 Jul 2018 19:18:16 +0200
Subject: [PATCH] Wordpress 4.9.7
---
wp-admin/about.php | 18 +++++
wp-admin/edit-form-comment.php | 6 +-
.../includes/class-wp-community-events.php | 26 ++++++-
wp-admin/includes/file.php | 31 ++++----
wp-admin/includes/misc.php | 20 +++--
wp-admin/includes/plugin.php | 31 +++++++-
wp-admin/includes/template.php | 2 +-
wp-admin/includes/user.php | 4 +
wp-admin/privacy.php | 29 ++++++--
wp-content/plugins/akismet/_inc/akismet.css | 6 +-
wp-content/plugins/akismet/_inc/akismet.js | 11 +--
wp-content/plugins/akismet/akismet.php | 4 +-
.../plugins/akismet/class.akismet-admin.php | 54 +-------------
wp-content/plugins/akismet/class.akismet.php | 35 +--------
wp-content/plugins/akismet/readme.txt | 36 +--------
wp-content/plugins/akismet/views/config.php | 13 +---
wp-content/plugins/akismet/views/notice.php | 10 +--
wp-includes/class-wp-term-query.php | 2 +-
wp-includes/comment-template.php | 8 +-
wp-includes/functions.php | 37 +++++++++-
wp-includes/pluggable.php | 3 +
wp-includes/post.php | 73 ++++++++++++++-----
wp-includes/user.php | 9 +--
wp-includes/version.php | 2 +-
wp-includes/widgets.php | 5 +-
25 files changed, 252 insertions(+), 223 deletions(-)
diff --git a/wp-admin/about.php b/wp-admin/about.php
index cc8ca1198..357a65b09 100644
--- a/wp-admin/about.php
+++ b/wp-admin/about.php
@@ -32,6 +32,24 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
<div class="changelog point-releases">
<h3><?php _e( 'Maintenance and Security Releases' ); ?></h3>
+ <p>
+ <?php
+ printf(
+ /* translators: 1: WordPress version number, 2: plural number of bugs. */
+ _n(
+ '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+ '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.',
+ 17
+ ),
+ '4.9.7',
+ number_format_i18n( 17 )
+ );
+ ?>
+ <?php
+ /* translators: %s: Codex URL */
+ printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.9.7' );
+ ?>
+ </p>
<p>
<?php
printf(
diff --git a/wp-admin/edit-form-comment.php b/wp-admin/edit-form-comment.php
index 2ae7957f7..651ff15ba 100644
--- a/wp-admin/edit-form-comment.php
+++ b/wp-admin/edit-form-comment.php
@@ -29,7 +29,11 @@ if ( 'approved' === wp_get_comment_status( $comment ) && $comment->comment_post_
<div class="inside">
<div id="comment-link-box">
<strong><?php _ex( 'Permalink:', 'comment' ); ?></strong>
- <span id="sample-permalink"><a href="<?php echo $comment_link; ?>"><?php echo $comment_link; ?></a></span>
+ <span id="sample-permalink">
+ <a href="<?php echo esc_url( $comment_link ); ?>">
+ <?php echo esc_html( $comment_link ); ?>
+ </a>
+ </span>
</div>
</div>
<?php endif; ?>
diff --git a/wp-admin/includes/class-wp-community-events.php b/wp-admin/includes/class-wp-community-events.php
index bbb743d55..93ee9b7df 100644
--- a/wp-admin/includes/class-wp-community-events.php
+++ b/wp-admin/includes/class-wp-community-events.php
@@ -385,20 +385,33 @@ class WP_Community_Events {
}
/**
- * Discards expired events, and reduces the remaining list.
+ * Prepares the event list for presentation.
+ *
+ * Discards expired events, and makes WordCamps "sticky." Attendees need more
+ * advanced notice about WordCamps than they do for meetups, so camps should
+ * appear in the list sooner. If a WordCamp is coming up, the API will "stick"
+ * it in the response, even if it wouldn't otherwise appear. When that happens,
+ * the event will be at the end of the list, and will need to be moved into a
+ * higher position, so that it doesn't get trimmed off.
*
* @since 4.8.0
+ * @since 4.9.7 Stick a WordCamp to the final list.
*
* @param array $response_body The response body which contains the events.
* @return array The response body with events trimmed.
*/
protected function trim_events( $response_body ) {
if ( isset( $response_body['events'] ) ) {
+ $wordcamps = array();
$current_timestamp = current_time( 'timestamp' );
foreach ( $response_body['events'] as $key => $event ) {
- // Skip WordCamps, because they might be multi-day events.
- if ( 'meetup' !== $event['type'] ) {
+ /*
+ * Skip WordCamps, because they might be multi-day events.
+ * Save a copy so they can be pinned later.
+ */
+ if ( 'wordcamp' === $event['type'] ) {
+ $wordcamps[] = $event;
continue;
}
@@ -410,6 +423,13 @@ class WP_Community_Events {
}
$response_body['events'] = array_slice( $response_body['events'], 0, 3 );
+ $trimmed_event_types = wp_list_pluck( $response_body['events'], 'type' );
+
+ // Make sure the soonest upcoming WordCamps is pinned in the list.
+ if ( ! in_array( 'wordcamp', $trimmed_event_types ) && $wordcamps ) {
+ array_pop( $response_body['events'] );
+ array_push( $response_body['events'], $wordcamps[0] );
+ }
}
return $response_body;
diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php
index f9feb381b..3f51608d1 100644
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -1803,7 +1803,7 @@ function wp_print_request_filesystem_credentials_modal() {
*
* @since 4.9.6
*
- * @param array $group_data {
+ * @param array $group_data {
* The group data to render.
*
* @type string $group_label The user-facing heading for the group, e.g. 'Comments'.
@@ -1865,7 +1865,7 @@ function wp_privacy_generate_personal_data_export_group_html( $group_data ) {
*
* @since 4.9.6
*
- * @param int $request_id The export request ID.
+ * @param int $request_id The export request ID.
*/
function wp_privacy_generate_personal_data_export_file( $request_id ) {
if ( ! class_exists( 'ZipArchive' ) ) {
@@ -1889,9 +1889,8 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
$exports_dir = wp_privacy_exports_dir();
$exports_url = wp_privacy_exports_url();
- $result = wp_mkdir_p( $exports_dir );
- if ( is_wp_error( $result ) ) {
- wp_send_json_error( $result->get_error_message() );
+ if ( ! wp_mkdir_p( $exports_dir ) ) {
+ wp_send_json_error( __( 'Unable to create export folder.' ) );
}
// Protect export folder from browsing.
@@ -2030,7 +2029,7 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
* @param string $archive_pathname The full path to the export file on the filesystem.
* @param string $archive_url The URL of the archive file.
* @param string $html_report_pathname The full path to the personal data report on the filesystem.
- * @param string $request_id The export request ID.
+ * @param int $request_id The export request ID.
*/
do_action( 'wp_privacy_personal_data_export_file_created', $archive_pathname, $archive_url, $html_report_pathname, $request_id );
}
@@ -2051,8 +2050,8 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
*
* @since 4.9.6
*
- * @param int $request_id The request ID for this personal data export.
- * @return true|WP_Error True on success or `WP_Error` on failure.
+ * @param int $request_id The request ID for this personal data export.
+ * @return true|WP_Error True on success or `WP_Error` on failure.
*/
function wp_privacy_send_personal_data_export_email( $request_id ) {
// Get the request data.
@@ -2062,11 +2061,11 @@ function wp_privacy_send_personal_data_export_email( $request_id ) {
return new WP_Error( 'invalid', __( 'Invalid request ID when sending personal data export email.' ) );
}
- /** This filter is documented in wp-admin/includes/file.php */
+ /** This filter is documented in wp-includes/functions.php */
$expiration = apply_filters( 'wp_privacy_export_expiration', 3 * DAY_IN_SECONDS );
$expiration_date = date_i18n( get_option( 'date_format' ), time() + $expiration );
-/* translators: Do not translate EXPIRATION, LINK, EMAIL, SITENAME, SITEURL: those are placeholders. */
+/* translators: Do not translate EXPIRATION, LINK, SITENAME, SITEURL: those are placeholders. */
$email_text = __(
'Howdy,
@@ -2077,8 +2076,6 @@ so please download it before then.
###LINK###
-This email has been sent to ###EMAIL###.
-
Regards,
All at ###SITENAME###
###SITEURL###'
@@ -2090,7 +2087,6 @@ All at ###SITENAME###
* The following strings have a special meaning and will get replaced dynamically:
* ###EXPIRATION### The date when the URL will be automatically deleted.
* ###LINK### URL of the personal data export file for the user.
- * ###EMAIL### The email we are sending to.
* ###SITENAME### The name of the site.
* ###SITEURL### The URL to the site.
*
@@ -2184,6 +2180,7 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde
update_post_meta( $request_id, '_export_data_raw', $export_data );
// If we are not yet on the last page of the last exporter, return now.
+ /** This filter is documented in wp-admin/includes/ajax-actions.php */
$exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() );
$is_last_exporter = $exporter_index === count( $exporters );
$exporter_done = $response['done'];
@@ -2219,7 +2216,13 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde
delete_post_meta( $request_id, '_export_data_raw' );
update_post_meta( $request_id, '_export_data_grouped', $groups );
- // Generate the export file from the collected, grouped personal data.
+ /**
+ * Generate the export file from the collected, grouped personal data.
+ *
+ * @since 4.9.6
+ *
+ * @param int $request_id The export request ID.
+ */
do_action( 'wp_privacy_personal_data_export_file', $request_id );
// Clear the grouped data now that it is no longer needed.
diff --git a/wp-admin/includes/misc.php b/wp-admin/includes/misc.php
index c44590f6e..887c4e256 100644
--- a/wp-admin/includes/misc.php
+++ b/wp-admin/includes/misc.php
@@ -194,6 +194,8 @@ function insert_with_markers( $filename, $marker, $insertion ) {
* @since 1.5.0
*
* @global WP_Rewrite $wp_rewrite
+ *
+ * @return bool|null True on write success, false on failure. Null in multisite.
*/
function save_mod_rewrite_rules() {
if ( is_multisite() )
@@ -201,8 +203,11 @@ function save_mod_rewrite_rules() {
global $wp_rewrite;
- $home_path = get_home_path();
- $htaccess_file = $home_path.'.htaccess';
+ // Ensure get_home_path() is declared.
+ require_once( ABSPATH . 'wp-admin/includes/file.php' );
+
+ $home_path = get_home_path();
+ $htaccess_file = $home_path . '.htaccess';
/*
* If the file doesn't already exist check for write access to the directory
@@ -226,7 +231,7 @@ function save_mod_rewrite_rules() {
*
* @global WP_Rewrite $wp_rewrite
*
- * @return bool True if web.config was updated successfully
+ * @return bool|null True on write success, false on failure. Null in multisite.
*/
function iis7_save_url_rewrite_rules(){
if ( is_multisite() )
@@ -234,7 +239,10 @@ function iis7_save_url_rewrite_rules(){
global $wp_rewrite;
- $home_path = get_home_path();
+ // Ensure get_home_path() is declared.
+ require_once( ABSPATH . 'wp-admin/includes/file.php' );
+
+ $home_path = get_home_path();
$web_config_file = $home_path . 'web.config';
// Using win_is_writable() instead of is_writable() because of a bug in Windows PHP
@@ -1150,7 +1158,7 @@ function update_option_new_admin_email( $old_value, $value ) {
return;
}
- $hash = md5( $value . time() . mt_rand() );
+ $hash = md5( $value . time() . wp_rand() );
$new_admin_email = array(
'hash' => $hash,
'newemail' => $value,
@@ -1701,7 +1709,7 @@ final class WP_Privacy_Policy_Content {
'<h3>' . __( 'Embedded content from other websites' ) . '</h3>' .
'<p>' . $suggested_text . __( 'Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.' ) . '</p>' .
- '<p>' . __( 'These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.' ) . '</p>' .
+ '<p>' . __( 'These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.' ) . '</p>' .
'<h3>' . __( 'Analytics' ) . '</h3>';
$descr && $content .=
diff --git a/wp-admin/includes/plugin.php b/wp-admin/includes/plugin.php
index d794a8acc..792b2a63d 100644
--- a/wp-admin/includes/plugin.php
+++ b/wp-admin/includes/plugin.php
@@ -1898,15 +1898,17 @@ function plugin_sandbox_scrape( $plugin ) {
}
/**
- * Helper function for adding content to the postbox shown when editing the privacy policy.
+ * Helper function for adding content to the Privacy Policy Guide.
*
* Plugins and themes should suggest text for inclusion in the site's privacy policy.
* The suggested text should contain information about any functionality that affects user privacy,
- * and will be shown in the Suggested Privacy Policy Content postbox.
+ * and will be shown on the Privacy Policy Guide screen.
*
* A plugin or theme can use this function multiple times as long as it will help to better present
* the suggested policy content. For example modular plugins such as WooCommerse or Jetpack
* can add or remove suggested content depending on the modules/extensions that are enabled.
+ * For more information see the Plugin Handbook:
+ * https://developer.wordpress.org/plugins/privacy/suggesting-text-for-the-site-privacy-policy/.
*
* Intended for use with the `'admin_init'` action.
*
@@ -1914,9 +1916,32 @@ function plugin_sandbox_scrape( $plugin ) {
*
* @param string $plugin_name The name of the plugin or theme that is suggesting content for the site's privacy policy.
* @param string $policy_text The suggested content for inclusion in the policy.
- * For more information see the Plugins Handbook https://developer.wordpress.org/plugins/.
*/
function wp_add_privacy_policy_content( $plugin_name, $policy_text ) {
+ if ( ! is_admin() ) {
+ _doing_it_wrong(
+ __FUNCTION__,
+ sprintf(
+ /* translators: %s: admin_init */
+ __( 'The suggested privacy policy content should be added only in wp-admin by using the %s (or later) action.' ),
+ '<code>admin_init</code>'
+ ),
+ '4.9.7'
+ );
+ return;
+ } elseif ( ! doing_action( 'admin_init' ) && ! did_action( 'admin_init' ) ) {
+ _doing_it_wrong(
+ __FUNCTION__,
+ sprintf(
+ /* translators: %s: admin_init */
+ __( 'The suggested privacy policy content should be added by using the %s (or later) action. Please see the inline documentation.' ),
+ '<code>admin_init</code>'
+ ),
+ '4.9.7'
+ );
+ return;
+ }
+
if ( ! class_exists( 'WP_Privacy_Policy_Content' ) ) {
require_once( ABSPATH . 'wp-admin/includes/misc.php' );
}
diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php
index 0c8c863ec..1ad35ca7c 100644
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -1018,7 +1018,7 @@ function do_meta_boxes( $screen, $context, $object ) {
$hidden = get_hidden_meta_boxes( $screen );
- printf('<div id="%s-sortables" class="meta-box-sortables">', htmlspecialchars($context));
+ printf( '<div id="%s-sortables" class="meta-box-sortables">', esc_attr( $context ) );
// Grab the ones the user has manually sorted. Pull them out of their previous context/priority and into the one the user chose
if ( ! $already_sorted && $sorted = get_user_option( "meta-box-order_$page" ) ) {
diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php
index 68be2ba60..2ebcb3326 100644
--- a/wp-admin/includes/user.php
+++ b/wp-admin/includes/user.php
@@ -1380,6 +1380,7 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Requests_Table {
* @return string Email column markup.
*/
public function column_email( $item ) {
+ /** This filter is documented in wp-admin/includes/ajax-actions.php */
$exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() );
$exporters_count = count( $exporters );
$request_id = $item->ID;
@@ -1420,6 +1421,7 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Requests_Table {
esc_html_e( 'Waiting for confirmation' );
break;
case 'request-confirmed':
+ /** This filter is documented in wp-admin/includes/ajax-actions.php */
$exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() );
$exporters_count = count( $exporters );
$request_id = $item->ID;
@@ -1492,6 +1494,7 @@ class WP_Privacy_Data_Removal_Requests_Table extends WP_Privacy_Requests_Table {
// Allow the administrator to "force remove" the personal data even if confirmation has not yet been received.
$status = $item->status;
if ( 'request-confirmed' !== $status ) {
+ /** This filter is documented in wp-admin/includes/ajax-actions.php */
$erasers = apply_filters( 'wp_privacy_personal_data_erasers', array() );
$erasers_count = count( $erasers );
$request_id = $item->ID;
@@ -1532,6 +1535,7 @@ class WP_Privacy_Data_Removal_Requests_Table extends WP_Privacy_Requests_Table {
esc_html_e( 'Waiting for confirmation' );
break;
case 'request-confirmed':
+ /** This filter is documented in wp-admin/includes/ajax-actions.php */
$erasers = apply_filters( 'wp_privacy_personal_data_erasers', array() );
$erasers_count = count( $erasers );
$request_id = $item->ID;
diff --git a/wp-admin/privacy.php b/wp-admin/privacy.php
index 991ad72ef..9c360dd18 100644
--- a/wp-admin/privacy.php
+++ b/wp-admin/privacy.php
@@ -22,14 +22,33 @@ if ( ! empty( $action ) ) {
$privacy_policy_page_id = isset( $_POST['page_for_privacy_policy'] ) ? (int) $_POST['page_for_privacy_policy'] : 0;
update_option( 'wp_page_for_privacy_policy', $privacy_policy_page_id );
+ $privacy_page_updated_message = __( 'Privacy policy page updated successfully.' );
+
+ if ( $privacy_policy_page_id ) {
+ /*
+ * Don't always link to the menu customizer:
+ *
+ * - Unpublished pages can't be selected by default.
+ * - `WP_Customize_Nav_Menus::__construct()` checks the user's capabilities.
+ * - Themes might not "officially" support menus.
+ */
+ if (
+ 'publish' === get_post_status( $privacy_policy_page_id )
+ && current_user_can( 'edit_theme_options' )
+ && current_theme_supports( 'menus' )
+ ) {
+ $privacy_page_updated_message = sprintf(
+ /* translators: %s: URL to Customizer -> Menus */
+ __( 'Privacy policy page updated successfully. Remember to <a href="%s">update your menus</a>!' ),
+ esc_url( add_query_arg( 'autofocus[panel]', 'nav_menus', admin_url( 'customize.php' ) ) )
+ );
+ }
+ }
+
add_settings_error(
'page_for_privacy_policy',
'page_for_privacy_policy',
- sprintf(
- /* translators: %s: URL to Customizer -> Menus */
- __( 'Privacy policy page updated successfully. Remember to <a href="%s">update your menus</a>!' ),
- 'customize.php?autofocus[panel]=nav_menus'
- ),
+ $privacy_page_updated_message,
'updated'
);
} elseif ( 'create-privacy-page' === $action ) {
diff --git a/wp-content/plugins/akismet/_inc/akismet.css b/wp-content/plugins/akismet/_inc/akismet.css
index bf40fb14a..85f3c5ec7 100644
--- a/wp-content/plugins/akismet/_inc/akismet.css
+++ b/wp-content/plugins/akismet/_inc/akismet.css
@@ -417,10 +417,6 @@ table.comments td.comment p a:after {
padding: 1.5rem;
}
-.akismet-lower .notice {
- margin-bottom: 2rem;
-}
-
.akismet-card {
margin-top: 1rem;
margin-bottom: 0;
@@ -587,4 +583,4 @@ table.comments td.comment p a:after {
.akismet-section-header__actions {
line-height: 1.75rem;
-}
+}
\ No newline at end of file
diff --git a/wp-content/plugins/akismet/_inc/akismet.js b/wp-content/plugins/akismet/_inc/akismet.js
index b5df186f6..cac4d57fd 100644
--- a/wp-content/plugins/akismet/_inc/akismet.js
+++ b/wp-content/plugins/akismet/_inc/akismet.js
@@ -273,13 +273,4 @@ jQuery( function ( $ ) {
var img = new Image();
img.src = akismet_mshot_url( linkUrl );
}
-
- /**
- * Sets the comment form privacy notice display to hide when one clicks Core's dismiss button on the related admin notice.
- */
- $( '#akismet-privacy-notice-admin-notice' ).on( 'click', '.notice-dismiss', function(){
- $.ajax({
- url: './options-general.php?page=akismet-key-config&akismet_comment_form_privacy_notice=hide',
- });
- });
-});
+});
\ No newline at end of file
diff --git a/wp-content/plugins/akismet/akismet.php b/wp-content/plugins/akismet/akismet.php
index d4f21350b..a8ea4a15d 100644
--- a/wp-content/plugins/akismet/akismet.php
+++ b/wp-content/plugins/akismet/akismet.php
@@ -6,7 +6,7 @@
Plugin Name: Akismet Anti-Spam
Plugin URI: https://akismet.com/
Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. It keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
-Version: 4.0.8
+Version: 4.0.3
Author: Automattic
Author URI: https://automattic.com/wordpress-plugins/
License: GPLv2 or later
@@ -37,7 +37,7 @@ if ( !function_exists( 'add_action' ) ) {
exit;
}
-define( 'AKISMET_VERSION', '4.0.8' );
+define( 'AKISMET_VERSION', '4.0.3' );
define( 'AKISMET__MINIMUM_WP_VERSION', '4.0' );
define( 'AKISMET__PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
define( 'AKISMET_DELETE_LIMIT', 100000 );
diff --git a/wp-content/plugins/akismet/class.akismet-admin.php b/wp-content/plugins/akismet/class.akismet-admin.php
index 1e8061735..42e884f98 100644
--- a/wp-content/plugins/akismet/class.akismet-admin.php
+++ b/wp-content/plugins/akismet/class.akismet-admin.php
@@ -32,10 +32,6 @@ class Akismet_Admin {
if ( isset( $_POST['action'] ) && $_POST['action'] == 'enter-key' ) {
self::enter_api_key();
}
-
- if ( ! empty( $_GET['akismet_comment_form_privacy_notice'] ) && empty( $_GET['settings-updated']) ) {
- self::set_form_privacy_notice_option( $_GET['akismet_comment_form_privacy_notice'] );
- }
}
public static function init_hooks() {
@@ -69,23 +65,11 @@ class Akismet_Admin {
add_filter( 'wxr_export_skip_commentmeta', array( 'Akismet_Admin', 'exclude_commentmeta_from_export' ), 10, 3 );
add_filter( 'all_plugins', array( 'Akismet_Admin', 'modify_plugin_description' ) );
-
- if ( class_exists( 'Jetpack' ) ) {
- add_filter( 'akismet_comment_form_privacy_notice_url_display', array( 'Akismet_Admin', 'jetpack_comment_form_privacy_notice_url' ) );
- add_filter( 'akismet_comment_form_privacy_notice_url_hide', array( 'Akismet_Admin', 'jetpack_comment_form_privacy_notice_url' ) );
- }
}
public static function admin_init() {
load_plugin_textdomain( 'akismet' );
add_meta_box( 'akismet-status', __('Comment History', 'akismet'), array( 'Akismet_Admin', 'comment_status_meta_box' ), 'comment', 'normal' );
-
- if ( function_exists( 'wp_add_privacy_policy_content' ) ) {
- wp_add_privacy_policy_content(
- __( 'Akismet', 'akismet' ),
- __( 'We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter\'s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).', 'akismet' )
- );
- }
}
public static function admin_menu() {
@@ -276,13 +260,7 @@ class Akismet_Admin {
foreach( array( 'akismet_strictness', 'akismet_show_user_comments_approved' ) as $option ) {
update_option( $option, isset( $_POST[$option] ) && (int) $_POST[$option] == 1 ? '1' : '0' );
}
-
- if ( ! empty( $_POST['akismet_comment_form_privacy_notice'] ) ) {
- self::set_form_privacy_notice_option( $_POST['akismet_comment_form_privacy_notice'] );
- } else {
- self::set_form_privacy_notice_option( 'hide' );
- }
-
+
if ( Akismet::predefined_api_key() ) {
return false; //shouldn't have option to save key if already defined
}
@@ -847,14 +825,6 @@ class Akismet_Admin {
) );
}
- public static function display_privacy_notice_control_warning() {
- if ( !current_user_can( 'manage_options' ) )
- return;
- Akismet::view( 'notice', array(
- 'type' => 'privacy',
- ) );
- }
-
public static function display_spam_check_warning() {
Akismet::fix_scheduled_recheck();
@@ -988,10 +958,6 @@ class Akismet_Admin {
$notices[] = array( 'type' => $akismet_user->status );
}
- if ( false === get_option( 'akismet_comment_form_privacy_notice' ) ) {
- $notices[] = array( 'type' => 'privacy' );
- }
-
/*
// To see all variants when testing.
$notices[] = array( 'type' => 'active-notice', 'time_saved' => 'Cleaning up spam takes time. Akismet has saved you 1 minute!' );
@@ -1058,14 +1024,6 @@ class Akismet_Admin {
echo '<div class="notice notice-success"><p>' . esc_html( $message ) . '</p></div>';
}
-
- $akismet_comment_form_privacy_notice_option = get_option( 'akismet_comment_form_privacy_notice' );
- if ( ! in_array( $akismet_comment_form_privacy_notice_option, array( 'hide', 'display' ) ) ) {
- $api_key = Akismet::get_api_key();
- if ( ! empty( $api_key ) ) {
- self::display_privacy_notice_control_warning();
- }
- }
}
public static function display_status() {
@@ -1170,14 +1128,4 @@ class Akismet_Admin {
return $all_plugins;
}
-
- private static function set_form_privacy_notice_option( $state ) {
- if ( in_array( $state, array( 'display', 'hide' ) ) ) {
- update_option( 'akismet_comment_form_privacy_notice', $state );
- }
- }
-
- public static function jetpack_comment_form_privacy_notice_url( $url ) {
- return str_replace( 'options-general.php', 'admin.php', $url );
- }
}
diff --git a/wp-content/plugins/akismet/class.akismet.php b/wp-content/plugins/akismet/class.akismet.php
index 3a1307f42..0ed53fcea 100644
--- a/wp-content/plugins/akismet/class.akismet.php
+++ b/wp-content/plugins/akismet/class.akismet.php
@@ -51,9 +51,6 @@ class Akismet {
// Jetpack compatibility
add_filter( 'jetpack_options_whitelist', array( 'Akismet', 'add_to_jetpack_options_whitelist' ) );
add_action( 'update_option_wordpress_api_key', array( 'Akismet', 'updated_option' ), 10, 2 );
- add_action( 'add_option_wordpress_api_key', array( 'Akismet', 'added_option' ), 10, 2 );
-
- add_action( 'comment_form_after', array( 'Akismet', 'display_comment_form_privacy_notice' ) );
}
public static function get_api_key() {
@@ -113,18 +110,6 @@ class Akismet {
}
}
- /**
- * Treat the creation of an API key the same as updating the API key to a new value.
- *
- * @param mixed $option_name Will always be "wordpress_api_key", until something else hooks in here.
- * @param mixed $value The option value.
- */
- public static function added_option( $option_name, $value ) {
- if ( 'wordpress_api_key' === $option_name ) {
- return self::updated_option( '', $value );
- }
- }
-
public static function rest_auto_check_comment( $commentdata ) {
self::$is_rest_api_call = true;
@@ -1202,7 +1187,7 @@ class Akismet {
<!doctype html>
<html>
<head>
-<meta charset="<?php bloginfo( 'charset' ); ?>" />
+<meta charset="<?php bloginfo( 'charset' ); ?>">
<style>
* {
text-align: center;
@@ -1215,7 +1200,6 @@ p {
font-size: 18px;
}
</style>
-</head>
<body>
<p><?php echo esc_html( $message ); ?></p>
</body>
@@ -1404,21 +1388,4 @@ p {
return apply_filters( 'akismet_predefined_api_key', false );
}
-
- /**
- * Controls the display of a privacy related notice underneath the comment form using the `akismet_comment_form_privacy_notice` option and filter respectively.
- * Default is top not display the notice, leaving the choice to site admins, or integrators.
- */
- public static function display_comment_form_privacy_notice() {
- if ( 'display' !== apply_filters( 'akismet_comment_form_privacy_notice', get_option( 'akismet_comment_form_privacy_notice', 'hide' ) ) ) {
- return;
- }
- echo apply_filters(
- 'akismet_comment_form_privacy_notice_markup',
- '<p class="akismet_comment_form_privacy_notice">' . sprintf(
- __( 'This site uses Akismet to reduce spam. <a href="%s" target="_blank" rel="nofollow noopener">Learn how your comment data is processed</a>.', 'akismet' ),
- 'https://akismet.com/privacy/'
- ) . '</p>'
- );
- }
}
diff --git a/wp-content/plugins/akismet/readme.txt b/wp-content/plugins/akismet/readme.txt
index 4853f6fa0..c892430df 100644
--- a/wp-content/plugins/akismet/readme.txt
+++ b/wp-content/plugins/akismet/readme.txt
@@ -2,8 +2,8 @@
Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, eoigal, cfinke, automattic, jgs, procifer, stephdau
Tags: akismet, comments, spam, antispam, anti-spam, anti spam, comment moderation, comment spam, contact form spam, spam comments
Requires at least: 4.0
-Tested up to: 4.9.6
-Stable tag: 4.0.8
+Tested up to: 4.9.1
+Stable tag: 4.0.3
License: GPLv2 or later
Akismet checks your comments and contact form submissions against our global database of spam to protect you and your site from malicious content.
@@ -30,38 +30,6 @@ Upload the Akismet plugin to your blog, Activate it, then enter your [Akismet.co
== Changelog ==
-= 4.0.8 =
-*Release Date - 19 June 2018*
-
-* Improved the grammar and consistency of the in-admin privacy related notes (notice and config).
-* Revised in-admin explanation of the comment form privacy notice to make its usage clearer.
-* Added `rel="nofollow noopener"` to the comment form privacy notice to improve SEO and security.
-
-= 4.0.7 =
-*Release Date - 28 May 2018*
-
-* Based on user feedback, the link on "Learn how your comment data is processed." in the optional privacy notice now has a `target` of `_blank` and opens in a new tab/window.
-* Updated the in-admin privacy notice to use the term "comment" instead of "contact" in "Akismet can display a notice to your users under your comment forms."
-* Only show in-admin privacy notice if Akismet has an API Key configured
-
-= 4.0.6 =
-*Release Date - 26 May 2018*
-
-* Moved away from using `empty( get_option() )` to instantiating a variable to be compatible with older versions of PHP (5.3, 5.4, etc).
-
-= 4.0.5 =
-*Release Date - 26 May 2018*
-
-* Corrected version number after tagging. Sorry...
-
-= 4.0.4 =
-*Release Date - 26 May 2018*
-
-* Added a hook to provide Akismet-specific privacy information for a site's privacy policy.
-* Added tools to control the display of a privacy related notice under comment forms.
-* Fixed HTML in activation failure message to close META and HEAD tag properly.
-* Fixed a bug that would sometimes prevent Akismet from being correctly auto-configured.
-
= 4.0.3 =
*Release Date - 19 February 2018*
diff --git a/wp-content/plugins/akismet/views/config.php b/wp-content/plugins/akismet/views/config.php
index cc6fdd204..59dd18c59 100644
--- a/wp-content/plugins/akismet/views/config.php
+++ b/wp-content/plugins/akismet/views/config.php
@@ -151,17 +151,6 @@
?>
</td>
</tr>
- <tr>
- <th class="comment-form-privacy-notice" align="left" scope="row"><?php esc_html_e('Privacy', 'akismet'); ?></th>
- <td></td>
- <td align="left">
- <fieldset><legend class="screen-reader-text"><span><?php esc_html_e('Akismet privacy notice', 'akismet'); ?></span></legend>
- <p><label for="akismet_comment_form_privacy_notice_display"><input type="radio" name="akismet_comment_form_privacy_notice" id="akismet_comment_form_privacy_notice_display" value="display" <?php checked('display', get_option('akismet_comment_form_privacy_notice')); ?> /> <?php esc_html_e('Display a privacy notice under your comment forms.', 'akismet'); ?></label></p>
- <p><label for="akismet_comment_form_privacy_notice_hide"><input type="radio" name="akismet_comment_form_privacy_notice" id="akismet_comment_form_privacy_notice_hide" value="hide" <?php echo in_array( get_option('akismet_comment_form_privacy_notice'), array('display', 'hide') ) ? checked('hide', get_option('akismet_comment_form_privacy_notice'), false) : 'checked="checked"'; ?> /> <?php esc_html_e('Do not display privacy notice.', 'akismet'); ?></label></p>
- </fieldset>
- <span class="akismet-note"><?php esc_html_e( 'To help your site with transparency under privacy laws like the GDPR, Akismet can display a notice to your users under your comment forms. This feature is disabled by default, however, you can turn it on above.', 'akismet' );?></span>
- </td>
- </tr>
</tbody>
</table>
<div class="akismet-card-actions">
@@ -239,4 +228,4 @@
<?php } ?>
<?php endif;?>
</div>
-</div>
+</div>
\ No newline at end of file
diff --git a/wp-content/plugins/akismet/views/notice.php b/wp-content/plugins/akismet/views/notice.php
index 62476bd28..4f65b8402 100644
--- a/wp-content/plugins/akismet/views/notice.php
+++ b/wp-content/plugins/akismet/views/notice.php
@@ -15,7 +15,7 @@
<?php elseif ( $type == 'spam-check' ) :?>
<div class="notice notice-warning">
<p><strong><?php esc_html_e( 'Akismet has detected a problem.', 'akismet' );?></strong></p>
- <p><?php esc_html_e( 'Some comments have not yet been checked for spam by Akismet. They have been temporarily held for moderation and will automatically be rechecked later.', 'akismet' ); ?></p>
+ <p><?php printf( __( 'Some comments have not yet been checked for spam by Akismet. They have been temporarily held for moderation and will automatically be rechecked later.', 'akismet' ) ); ?></p>
<?php if ( $link_text ) { ?>
<p><?php echo $link_text; ?></p>
<?php } ?>
@@ -132,10 +132,4 @@
</p>
<?php endif; ?>
</div>
-<?php elseif ( $type == 'privacy' ) :?>
-<div class="notice notice-warning is-dismissible" id="akismet-privacy-notice-admin-notice">
- <p><strong><?php esc_html_e( 'Akismet & Privacy.', 'akismet' );?></strong></p>
- <p><?php esc_html_e( 'To help your site with transparency under privacy laws like the GDPR, Akismet can display a notice to your users under your comment forms. This feature is disabled by default, however, you can turn it on below.', 'akismet' ); ?></p>
- <p><?php printf( __(' Please <a href="%s">enable</a> or <a href="%s">disable</a> this feature. <a href="%s" id="akismet-privacy-notice-control-notice-info-link" target="_blank">More information</a>.', 'akismet' ), admin_url( apply_filters( 'akismet_comment_form_privacy_notice_url_display', 'options-general.php?page=akismet-key-config&akismet_comment_form_privacy_notice=display' ) ), admin_url( apply_filters( 'akismet_comment_form_privacy_notice_url_hide', 'options-general.php?page=akismet-key-config&akismet_comment_form_privacy_notice=hide' ) ), 'https://akismet.com/privacy/' ); ?></p>
-</div>
-<?php endif;?>
+<?php endif;?>
\ No newline at end of file
diff --git a/wp-includes/class-wp-term-query.php b/wp-includes/class-wp-term-query.php
index d704f5e16..3bbb10902 100644
--- a/wp-includes/class-wp-term-query.php
+++ b/wp-includes/class-wp-term-query.php
@@ -671,7 +671,7 @@ class WP_Term_Query {
$cache_key = "get_terms:$key:$last_changed";
$cache = wp_cache_get( $cache_key, 'terms' );
if ( false !== $cache ) {
- if ( 'all' === $_fields ) {
+ if ( 'all' === $_fields || 'all_with_object_id' === $_fields ) {
$cache = array_map( 'get_term', $cache );
}
diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php
index 51193cec1..7bde60c51 100644
--- a/wp-includes/comment-template.php
+++ b/wp-includes/comment-template.php
@@ -2123,6 +2123,7 @@ function wp_list_comments( $args = array(), $comments = null ) {
* @since 4.5.0 The 'author', 'email', and 'url' form fields are limited to 245, 100,
* and 200 characters, respectively.
* @since 4.6.0 Introduced the 'action' argument.
+ * @since 4.9.6 Introduced the 'cookies' default comment field.
*
* @param array $args {
* Optional. Default arguments and form fields to override.
@@ -2130,9 +2131,10 @@ function wp_list_comments( $args = array(), $comments = null ) {
* @type array $fields {
* Default comment fields, filterable by default via the {@see 'comment_form_default_fields'} hook.
*
- * @type string $author Comment author field HTML.
- * @type string $email Comment author email field HTML.
- * @type string $url Comment author URL field HTML.
+ * @type string $author Comment author field HTML.
+ * @type string $email Comment author email field HTML.
+ * @type string $url Comment author URL field HTML.
+ * @type string $cookies Comment cookie opt-in field HTML.
* }
* @type string $comment_field The comment textarea field HTML.
* @type string $must_log_in HTML element for a 'must be logged in to comment' message.
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index dd2ff35e7..5802a3414 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -1704,17 +1704,30 @@ function path_join( $base, $path ) {
* @since 3.9.0
* @since 4.4.0 Ensures upper-case drive letters on Windows systems.
* @since 4.5.0 Allows for Windows network shares.
+ * @since 4.9.7 Allows for PHP file wrappers.
*
* @param string $path Path to normalize.
* @return string Normalized path.
*/
function wp_normalize_path( $path ) {
+ $wrapper = '';
+ if ( wp_is_stream( $path ) ) {
+ list( $wrapper, $path ) = explode( '://', $path, 2 );
+ $wrapper .= '://';
+ }
+
+ // Standardise all paths to use /
$path = str_replace( '\\', '/', $path );
+
+ // Replace multiple slashes down to a singular, allowing for network shares having two slashes.
$path = preg_replace( '|(?<=.)/+|', '/', $path );
+
+ // Windows paths should uppercase the drive letter
if ( ':' === substr( $path, 1, 1 ) ) {
$path = ucfirst( $path );
}
- return $path;
+
+ return $wrapper . $path;
}
/**
@@ -5503,6 +5516,28 @@ function wp_delete_file( $file ) {
}
}
+/**
+ * Deletes a file if its path is within the given directory.
+ *
+ * @since 4.9.7
+ *
+ * @param string $file Absolute path to the file to delete.
+ * @param string $directory Absolute path to a directory.
+ * @return bool True on success, false on failure.
+ */
+function wp_delete_file_from_directory( $file, $directory ) {
+ $real_file = realpath( wp_normalize_path( $file ) );
+ $real_directory = realpath( wp_normalize_path( $directory ) );
+
+ if ( false === $real_file || false === $real_directory || strpos( wp_normalize_path( $real_file ), trailingslashit( wp_normalize_path( $real_directory ) ) ) !== 0 ) {
+ return false;
+ }
+
+ wp_delete_file( $file );
+
+ return true;
+}
+
/**
* Outputs a small JS snippet on preview tabs/windows to remove `window.name` on unload.
*
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 32fab32f6..dda43ce65 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -967,6 +967,9 @@ function wp_clear_auth_cookie() {
setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
+
+ // Post password cookie
+ setcookie( 'wp-postpass_' . COOKIEHASH, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
}
endif;
diff --git a/wp-includes/post.php b/wp-includes/post.php
index d69f5a839..14be53f44 100644
--- a/wp-includes/post.php
+++ b/wp-includes/post.php
@@ -5056,42 +5056,79 @@ function wp_delete_attachment( $post_id, $force_delete = false ) {
/** This action is documented in wp-includes/post.php */
do_action( 'deleted_post', $post_id );
+ wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file );
+
+ clean_post_cache( $post );
+
+ return $post;
+}
+
+/**
+ * Deletes all files that belong to the given attachment.
+ *
+ * @since 4.9.7
+ *
+ * @param int $post_id Attachment ID.
+ * @param array $meta The attachment's meta data.
+ * @param array $backup_sizes The meta data for the attachment's backup images.
+ * @param string $file Absolute path to the attachment's file.
+ * @return bool True on success, false on failure.
+ */
+function wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file ) {
+ global $wpdb;
+
$uploadpath = wp_get_upload_dir();
+ $deleted = true;
- if ( ! empty($meta['thumb']) ) {
+ if ( ! empty( $meta['thumb'] ) ) {
// Don't delete the thumb if another attachment uses it.
- if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%' . $wpdb->esc_like( $meta['thumb'] ) . '%', $post_id)) ) {
- $thumbfile = str_replace(basename($file), $meta['thumb'], $file);
- /** This filter is documented in wp-includes/functions.php */
- $thumbfile = apply_filters( 'wp_delete_file', $thumbfile );
- @ unlink( path_join($uploadpath['basedir'], $thumbfile) );
+ if ( ! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%' . $wpdb->esc_like( $meta['thumb'] ) . '%', $post_id ) ) ) {
+ $thumbfile = str_replace( basename( $file ), $meta['thumb'], $file );
+ if ( ! empty( $thumbfile ) ) {
+ $thumbfile = path_join( $uploadpath['basedir'], $thumbfile );
+ $thumbdir = path_join( $uploadpath['basedir'], dirname( $file ) );
+
+ if ( ! wp_delete_file_from_directory( $thumbfile, $thumbdir ) ) {
+ $deleted = false;
+ }
+ }
}
}
// Remove intermediate and backup images if there are any.
if ( isset( $meta['sizes'] ) && is_array( $meta['sizes'] ) ) {
+ $intermediate_dir = path_join( $uploadpath['basedir'], dirname( $file ) );
foreach ( $meta['sizes'] as $size => $sizeinfo ) {
$intermediate_file = str_replace( basename( $file ), $sizeinfo['file'], $file );
- /** This filter is documented in wp-includes/functions.php */
- $intermediate_file = apply_filters( 'wp_delete_file', $intermediate_file );
- @ unlink( path_join( $uploadpath['basedir'], $intermediate_file ) );
+ if ( ! empty( $intermediate_file ) ) {
+ $intermediate_file = path_join( $uploadpath['basedir'], $intermediate_file );
+
+ if ( ! wp_delete_file_from_directory( $intermediate_file, $intermediate_dir ) ) {
+ $deleted = false;
+ }
+ }
}
}
- if ( is_array($backup_sizes) ) {
+ if ( is_array( $backup_sizes ) ) {
+ $del_dir = path_join( $uploadpath['basedir'], dirname( $meta['file'] ) );
foreach ( $backup_sizes as $size ) {
- $del_file = path_join( dirname($meta['file']), $size['file'] );
- /** This filter is documented in wp-includes/functions.php */
- $del_file = apply_filters( 'wp_delete_file', $del_file );
- @ unlink( path_join($uploadpath['basedir'], $del_file) );
+ $del_file = path_join( dirname( $meta['file'] ), $size['file'] );
+ if ( ! empty( $del_file ) ) {
+ $del_file = path_join( $uploadpath['basedir'], $del_file );
+
+ if ( ! wp_delete_file_from_directory( $del_file, $del_dir ) ) {
+ $deleted = false;
+ }
+ }
}
}
- wp_delete_file( $file );
-
- clean_post_cache( $post );
+ if ( ! wp_delete_file_from_directory( $file, $uploadpath['basedir'] ) ) {
+ $deleted = false;
+ }
- return $post;
+ return $deleted;
}
/**
diff --git a/wp-includes/user.php b/wp-includes/user.php
index da9fb12ac..fa4ea7a7b 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -2650,7 +2650,7 @@ function send_confirmation_on_profile_email() {
return;
}
- $hash = md5( $_POST['email'] . time() . mt_rand() );
+ $hash = md5( $_POST['email'] . time() . wp_rand() );
$new_user_email = array(
'hash' => $hash,
'newemail' => $_POST['email'],
@@ -3260,7 +3260,7 @@ function wp_send_user_request( $request_id ) {
'siteurl' => network_home_url(),
);
- /* translators: Do not translate DESCRIPTION, CONFIRM_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
+ /* translators: Do not translate DESCRIPTION, CONFIRM_URL, SITENAME, SITEURL: those are placeholders. */
$email_text = __(
'Howdy,
@@ -3274,8 +3274,6 @@ To confirm this, please click on the following link:
You can safely ignore and delete this email if you do not want to
take this action.
-This email has been sent to ###EMAIL###.
-
Regards,
All at ###SITENAME###
###SITEURL###'
@@ -3288,7 +3286,6 @@ All at ###SITENAME###
*
* ###DESCRIPTION### Description of the action being performed so the user knows what the email is for.
* ###CONFIRM_URL### The link to click on to confirm the account action.
- * ###EMAIL### The email we are sending to.
* ###SITENAME### The name of the site.
* ###SITEURL### The URL to the site.
*
@@ -3431,7 +3428,7 @@ function wp_validate_user_request_key( $request_id, $key ) {
}
if ( ! $expiration_time || time() > $expiration_time ) {
- $return = new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) );
+ return new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) );
}
return true;
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 09aeef010..df79e447b 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
-$wp_version = '4.9.6';
+$wp_version = '4.9.7';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
diff --git a/wp-includes/widgets.php b/wp-includes/widgets.php
index 1e939e173..683c7ab91 100644
--- a/wp-includes/widgets.php
+++ b/wp-includes/widgets.php
@@ -420,8 +420,9 @@ function wp_sidebar_description( $id ) {
global $wp_registered_sidebars;
- if ( isset($wp_registered_sidebars[$id]['description']) )
- return esc_html( $wp_registered_sidebars[$id]['description'] );
+ if ( isset( $wp_registered_sidebars[ $id ]['description'] ) ) {
+ return wp_kses( $wp_registered_sidebars[ $id ]['description'], 'sidebar_description' );
+ }
}
/**
--
GitLab