Commit db2090b5 authored by lucha's avatar lucha
Browse files

Wordpres 4.9.1

parent 7b700183
...@@ -30,6 +30,28 @@ include( ABSPATH . 'wp-admin/admin-header.php' ); ...@@ -30,6 +30,28 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
<a href="privacy.php" class="nav-tab"><?php _e( 'Privacy' ); ?></a> <a href="privacy.php" class="nav-tab"><?php _e( 'Privacy' ); ?></a>
</h2> </h2>
<div class="changelog point-releases">
<h3><?php _e( 'Maintenance and Security Releases' ); ?></h3>
<p>
<?php
printf(
/* translators: 1: WordPress version number, 2: plural number of bugs. */
_n(
'<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
'<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.',
11
),
'4.9.1',
number_format_i18n( 11 )
);
?>
<?php
/* translators: %s: Codex URL */
printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.9.1' );
?>
</p>
</div>
<div class="feature-section one-col"> <div class="feature-section one-col">
<div class="col"> <div class="col">
<h2> <h2>
......
...@@ -342,7 +342,8 @@ class WP_Upgrader { ...@@ -342,7 +342,8 @@ class WP_Upgrader {
if ( ! empty( $details['files'] ) ) { if ( ! empty( $details['files'] ) ) {
$children = $this->flatten_dirlist( $details['files'], $path . $name . '/' ); $children = $this->flatten_dirlist( $details['files'], $path . $name . '/' );
$files = array_merge( $files, $children ); // Merge keeping possible numeric keys, which array_merge() will reindex from 0..n
$files = $files + $children;
} }
} }
......
...@@ -445,7 +445,8 @@ function wp_edit_theme_plugin_file( $args ) { ...@@ -445,7 +445,8 @@ function wp_edit_theme_plugin_file( $args ) {
} }
} }
if ( 0 !== validate_file( $real_file, $allowed_files ) ) { // Compare based on relative paths
if ( 0 !== validate_file( $file, array_keys( $allowed_files ) ) ) {
return new WP_Error( 'disallowed_theme_file', __( 'Sorry, that file cannot be edited.' ) ); return new WP_Error( 'disallowed_theme_file', __( 'Sorry, that file cannot be edited.' ) );
} }
......
...@@ -903,7 +903,7 @@ $default_title = apply_filters( 'default_page_template_title', __( 'Default Tem ...@@ -903,7 +903,7 @@ $default_title = apply_filters( 'default_page_template_title', __( 'Default Tem
/** /**
* Fires before the help hint text in the 'Page Attributes' meta box. * Fires before the help hint text in the 'Page Attributes' meta box.
* *
* @since 4.8.0 * @since 4.9.0
* *
* @param WP_Post $post The current post. * @param WP_Post $post The current post.
*/ */
......
...@@ -77,12 +77,12 @@ function extract_from_markers( $filename, $marker ) { ...@@ -77,12 +77,12 @@ function extract_from_markers( $filename, $marker ) {
foreach ( $markerdata as $markerline ) { foreach ( $markerdata as $markerline ) {
if ( false !== strpos( $markerline, '# END ' . $marker ) ) { if ( false !== strpos( $markerline, '# END ' . $marker ) ) {
$state = false; $state = false;
if ( $state ) { }
$result[] = $markerline; if ( $state ) {
} $result[] = $markerline;
if ( false !== strpos( $markerline, '# BEGIN ' . $marker ) ) { }
$state = true; if ( false !== strpos( $markerline, '# BEGIN ' . $marker ) ) {
} $state = true;
} }
} }
......
...@@ -194,17 +194,6 @@ function get_plugin_files( $plugin ) { ...@@ -194,17 +194,6 @@ function get_plugin_files( $plugin ) {
$plugin_file = WP_PLUGIN_DIR . '/' . $plugin; $plugin_file = WP_PLUGIN_DIR . '/' . $plugin;
$dir = dirname( $plugin_file ); $dir = dirname( $plugin_file );
$data = get_plugin_data( $plugin_file );
$label = isset( $data['Version'] )
? sanitize_key( 'files_' . $plugin . '-' . $data['Version'] )
: sanitize_key( 'files_' . $plugin );
$transient_key = substr( $label, 0, 29 ) . md5( $label );
$plugin_files = get_transient( $transient_key );
if ( false !== $plugin_files ) {
return $plugin_files;
}
$plugin_files = array( plugin_basename( $plugin_file ) ); $plugin_files = array( plugin_basename( $plugin_file ) );
if ( is_dir( $dir ) && WP_PLUGIN_DIR !== $dir ) { if ( is_dir( $dir ) && WP_PLUGIN_DIR !== $dir ) {
...@@ -225,8 +214,6 @@ function get_plugin_files( $plugin ) { ...@@ -225,8 +214,6 @@ function get_plugin_files( $plugin ) {
$plugin_files = array_values( array_unique( $plugin_files ) ); $plugin_files = array_values( array_unique( $plugin_files ) );
} }
set_transient( $transient_key, $plugin_files, HOUR_IN_SECONDS );
return $plugin_files; return $plugin_files;
} }
......
...@@ -435,11 +435,11 @@ function wp_upgrade() { ...@@ -435,11 +435,11 @@ function wp_upgrade() {
if ( is_multisite() ) { if ( is_multisite() ) {
$site_id = get_current_blog_id(); $site_id = get_current_blog_id();
if ( $wpdb->get_row( $wpdb->prepare( 'SELECT blog_id FROM %s WHERE blog_id = %d', $wpdb->blog_versions, $site_id ) ) ) { if ( $wpdb->get_row( $wpdb->prepare( "SELECT blog_id FROM {$wpdb->blog_versions} WHERE blog_id = %d", $site_id ) ) ) {
$wpdb->query( $wpdb->prepare( 'UPDATE %s SET db_version = %d WHERE blog_id = %d', $wpdb->blog_versions, $wp_db_version, $site_id ) ); $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->blog_versions} SET db_version = %d WHERE blog_id = %d", $wp_db_version, $site_id ) );
} else { } else {
$wpdb->query( $wpdb->prepare( 'INSERT INTO %s ( `blog_id` , `db_version` , `last_updated` ) VALUES ( %d, %d, %s);', $wpdb->blog_versions, $site_id, $wp_db_version, NOW() ) ); $wpdb->query( $wpdb->prepare( "INSERT INTO {$wpdb->blog_versions} ( `blog_id` , `db_version` , `last_updated` ) VALUES ( %d, %d, NOW() );", $site_id, $wp_db_version ) );
} }
} }
/** /**
......
...@@ -102,7 +102,7 @@ themes.view.Appearance = wp.Backbone.View.extend({ ...@@ -102,7 +102,7 @@ themes.view.Appearance = wp.Backbone.View.extend({
collection: self.collection, collection: self.collection,
parent: this parent: this
}); });
self.searchView = view; self.SearchView = view;
// Render and append after screen title // Render and append after screen title
view.render(); view.render();
...@@ -1448,7 +1448,7 @@ themes.Run = { ...@@ -1448,7 +1448,7 @@ themes.Run = {
this.render(); this.render();
// Start debouncing user searches after Backbone.history.start(). // Start debouncing user searches after Backbone.history.start().
this.view.searchView.doSearch = _.debounce( this.view.searchView.doSearch, 500 ); this.view.SearchView.doSearch = _.debounce( this.view.SearchView.doSearch, 500 );
}, },
render: function() { render: function() {
...@@ -1924,7 +1924,7 @@ themes.RunInstaller = { ...@@ -1924,7 +1924,7 @@ themes.RunInstaller = {
this.render(); this.render();
// Start debouncing user searches after Backbone.history.start(). // Start debouncing user searches after Backbone.history.start().
this.view.searchView.doSearch = _.debounce( this.view.searchView.doSearch, 500 ); this.view.SearchView.doSearch = _.debounce( this.view.SearchView.doSearch, 500 );
}, },
render: function() { render: function() {
......
This diff is collapsed.
...@@ -322,7 +322,7 @@ if ( ! in_array( 'theme_editor_notice', $dismissed_pointers, true ) ) : ...@@ -322,7 +322,7 @@ if ( ! in_array( 'theme_editor_notice', $dismissed_pointers, true ) ) :
echo sprintf( echo sprintf(
/* translators: %s: Codex URL */ /* translators: %s: Codex URL */
__( 'You appear to be making direct edits to your theme in the WordPress dashboard. We recommend that you don&#8217;t! Editing your theme directly could break your site and your changes may be lost in future updates. If you need to tweak more than your theme&#8217;s CSS, you might want to try <a href="%s">making a child theme</a>.' ), __( 'You appear to be making direct edits to your theme in the WordPress dashboard. We recommend that you don&#8217;t! Editing your theme directly could break your site and your changes may be lost in future updates. If you need to tweak more than your theme&#8217;s CSS, you might want to try <a href="%s">making a child theme</a>.' ),
esc_url( 'https://codex.wordpress.org/Child_Themes' ) esc_url( __( 'https://codex.wordpress.org/Child_Themes' ) )
); );
?> ?>
</p> </p>
......
...@@ -75,7 +75,7 @@ if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) { ...@@ -75,7 +75,7 @@ if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
$redirect = add_query_arg( array( 'update' => 'could_not_add' ), 'user-new.php' ); $redirect = add_query_arg( array( 'update' => 'could_not_add' ), 'user-new.php' );
} }
} else { } else {
$newuser_key = substr( md5( $user_id ), 0, 5 ); $newuser_key = wp_generate_password( 20, false );
add_option( 'new_user_' . $newuser_key, array( 'user_id' => $user_id, 'email' => $user_details->user_email, 'role' => $_REQUEST[ 'role' ] ) ); add_option( 'new_user_' . $newuser_key, array( 'user_id' => $user_id, 'email' => $user_details->user_email, 'role' => $_REQUEST[ 'role' ] ) );
$roles = get_editable_roles(); $roles = get_editable_roles();
......
...@@ -984,34 +984,10 @@ final class WP_Theme implements ArrayAccess { ...@@ -984,34 +984,10 @@ final class WP_Theme implements ArrayAccess {
* being absolute paths. * being absolute paths.
*/ */
public function get_files( $type = null, $depth = 0, $search_parent = false ) { public function get_files( $type = null, $depth = 0, $search_parent = false ) {
// get and cache all theme files to start with. $files = (array) self::scandir( $this->get_stylesheet_directory(), $type, $depth );
$label = sanitize_key( 'files_' . $this->cache_hash . '-' . $this->get( 'Version' ) );
$transient_key = substr( $label, 0, 29 ) . md5( $label );
$all_files = get_transient( $transient_key ); if ( $search_parent && $this->parent() ) {
if ( false === $all_files ) { $files += (array) self::scandir( $this->get_template_directory(), $type, $depth );
$all_files = (array) self::scandir( $this->get_stylesheet_directory(), null, -1 );
if ( $search_parent && $this->parent() ) {
$all_files += (array) self::scandir( $this->get_template_directory(), null, -1 );
}
set_transient( $transient_key, $all_files, HOUR_IN_SECONDS );
}
// Filter $all_files by $type & $depth.
$files = array();
if ( $type ) {
$type = (array) $type;
$_extensions = implode( '|', $type );
}
foreach ( $all_files as $key => $file ) {
if ( $depth >= 0 && substr_count( $key, '/' ) > $depth ) {
continue; // Filter by depth.
}
if ( ! $type || preg_match( '~\.(' . $_extensions . ')$~', $file ) ) { // Filter by type.
$files[ $key ] = $file;
}
} }
return $files; return $files;
......
...@@ -476,7 +476,7 @@ function rss_enclosure() { ...@@ -476,7 +476,7 @@ function rss_enclosure() {
* *
* @param string $html_link_tag The HTML link tag with a URI and other attributes. * @param string $html_link_tag The HTML link tag with a URI and other attributes.
*/ */
echo apply_filters( 'rss_enclosure', '<enclosure url="' . trim( htmlspecialchars( $enclosure[0] ) ) . '" length="' . trim( $enclosure[1] ) . '" type="' . $type . '" />' . "\n" ); echo apply_filters( 'rss_enclosure', '<enclosure url="' . esc_url( trim( $enclosure[0] ) ) . '" length="' . absint( trim( $enclosure[1] ) ) . '" type="' . esc_attr( $type ) . '" />' . "\n" );
} }
} }
} }
...@@ -510,7 +510,7 @@ function atom_enclosure() { ...@@ -510,7 +510,7 @@ function atom_enclosure() {
* *
* @param string $html_link_tag The HTML link tag with a URI and other attributes. * @param string $html_link_tag The HTML link tag with a URI and other attributes.
*/ */
echo apply_filters( 'atom_enclosure', '<link href="' . trim( htmlspecialchars( $enclosure[0] ) ) . '" rel="enclosure" length="' . trim( $enclosure[1] ) . '" type="' . trim( $enclosure[2] ) . '" />' . "\n" ); echo apply_filters( 'atom_enclosure', '<link href="' . esc_url( trim( $enclosure[0] ) ) . '" rel="enclosure" length="' . absint( trim( $enclosure[1] ) ) . '" type="' . esc_attr( trim( $enclosure[2] ) ) . '" />' . "\n" );
} }
} }
} }
......
...@@ -2561,8 +2561,9 @@ function get_allowed_mime_types( $user = null ) { ...@@ -2561,8 +2561,9 @@ function get_allowed_mime_types( $user = null ) {
if ( function_exists( 'current_user_can' ) ) if ( function_exists( 'current_user_can' ) )
$unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' ); $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
if ( empty( $unfiltered ) ) if ( empty( $unfiltered ) ) {
unset( $t['htm|html'] ); unset( $t['htm|html'], $t['js'] );
}
/** /**
* Filters list of allowed mime types and file extensions. * Filters list of allowed mime types and file extensions.
......
...@@ -703,7 +703,7 @@ function get_bloginfo( $show = '', $filter = 'raw' ) { ...@@ -703,7 +703,7 @@ function get_bloginfo( $show = '', $filter = 'raw' ) {
*/ */
$output = __( 'html_lang_attribute' ); $output = __( 'html_lang_attribute' );
if ( 'html_lang_attribute' === $output || preg_match( '/[^a-zA-Z0-9-]/', $output ) ) { if ( 'html_lang_attribute' === $output || preg_match( '/[^a-zA-Z0-9-]/', $output ) ) {
$output = get_locale(); $output = is_admin() ? get_user_locale() : get_locale();
$output = str_replace( '_', '-', $output ); $output = str_replace( '_', '-', $output );
} }
break; break;
...@@ -3568,12 +3568,14 @@ function get_language_attributes( $doctype = 'html' ) { ...@@ -3568,12 +3568,14 @@ function get_language_attributes( $doctype = 'html' ) {
if ( function_exists( 'is_rtl' ) && is_rtl() ) if ( function_exists( 'is_rtl' ) && is_rtl() )
$attributes[] = 'dir="rtl"'; $attributes[] = 'dir="rtl"';
if ( $lang = get_bloginfo('language') ) { if ( $lang = get_bloginfo( 'language' ) ) {
if ( get_option('html_type') == 'text/html' || $doctype == 'html' ) if ( get_option( 'html_type' ) == 'text/html' || $doctype == 'html' ) {
$attributes[] = "lang=\"$lang\""; $attributes[] = 'lang="' . esc_attr( $lang ) . '"';
}
if ( get_option('html_type') != 'text/html' || $doctype == 'xhtml' ) if ( get_option( 'html_type' ) != 'text/html' || $doctype == 'xhtml' ) {
$attributes[] = "xml:lang=\"$lang\""; $attributes[] = 'xml:lang="' . esc_attr( $lang ) . '"';
}
} }
$output = implode(' ', $attributes); $output = implode(' ', $attributes);
......
...@@ -357,7 +357,7 @@ function wp_default_scripts( &$scripts ) { ...@@ -357,7 +357,7 @@ function wp_default_scripts( &$scripts ) {
$scripts->add( 'mediaelement-migrate', "/wp-includes/js/mediaelement/mediaelement-migrate$suffix.js", array(), false, 1); $scripts->add( 'mediaelement-migrate', "/wp-includes/js/mediaelement/mediaelement-migrate$suffix.js", array(), false, 1);
did_action( 'init' ) && $scripts->add_inline_script( 'mediaelement-core', sprintf( 'var mejsL10n = %s;', wp_json_encode( array( did_action( 'init' ) && $scripts->add_inline_script( 'mediaelement-core', sprintf( 'var mejsL10n = %s;', wp_json_encode( array(
'language' => strtolower( str_replace( '_', '-', is_admin() ? get_user_locale() : get_locale() ) ), 'language' => strtolower( strtok( is_admin() ? get_user_locale() : get_locale(), '_-' ) ),
'strings' => array( 'strings' => array(
'mejs.install-flash' => __( 'You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https://get.adobe.com/flashplayer/' ), 'mejs.install-flash' => __( 'You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https://get.adobe.com/flashplayer/' ),
'mejs.fullscreen-off' => __( 'Turn off Fullscreen' ), 'mejs.fullscreen-off' => __( 'Turn off Fullscreen' ),
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.9'; $wp_version = '4.9.1';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
......
...@@ -1643,14 +1643,21 @@ class wpdb { ...@@ -1643,14 +1643,21 @@ class wpdb {
$socket = null; $socket = null;
$is_ipv6 = false; $is_ipv6 = false;
// First peel off the socket parameter from the right, if it exists.
$socket_pos = strpos( $host, ':/' );
if ( $socket_pos !== false ) {
$socket = substr( $host, $socket_pos + 1 );
$host = substr( $host, 0, $socket_pos );
}
// We need to check for an IPv6 address first. // We need to check for an IPv6 address first.
// An IPv6 address will always contain at least two colons. // An IPv6 address will always contain at least two colons.
if ( substr_count( $host, ':' ) > 1 ) { if ( substr_count( $host, ':' ) > 1 ) {
$pattern = '#^(?:\[)?(?<host>[0-9a-fA-F:]+)(?:\]:(?<port>[\d]+))?(?:/(?<socket>.+))?#'; $pattern = '#^(?:\[)?(?<host>[0-9a-fA-F:]+)(?:\]:(?<port>[\d]+))?#';
$is_ipv6 = true; $is_ipv6 = true;
} else { } else {
// We seem to be dealing with an IPv4 address. // We seem to be dealing with an IPv4 address.
$pattern = '#^(?<host>[^:/]*)(?::(?<port>[\d]+))?(?::(?<socket>.+))?#'; $pattern = '#^(?<host>[^:/]*)(?::(?<port>[\d]+))?#';
} }
$matches = array(); $matches = array();
...@@ -1662,7 +1669,7 @@ class wpdb { ...@@ -1662,7 +1669,7 @@ class wpdb {
} }
$host = ''; $host = '';
foreach ( array( 'host', 'port', 'socket' ) as $component ) { foreach ( array( 'host', 'port' ) as $component ) {
if ( ! empty( $matches[ $component ] ) ) { if ( ! empty( $matches[ $component ] ) ) {
$$component = $matches[ $component ]; $$component = $matches[ $component ];
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment