Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
ai
noblogs-wp
Commits
e636ca21
Commit
e636ca21
authored
Aug 06, 2016
by
lucha
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Updated Wordpress 4.5.3
parent
cd5cc004
Changes
33
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
33 changed files
with
325 additions
and
108 deletions
+325
-108
readme.html
readme.html
+1
-1
wp-admin/about.php
wp-admin/about.php
+4
-0
wp-admin/includes/ajax-actions.php
wp-admin/includes/ajax-actions.php
+1
-1
wp-admin/includes/class-wp-media-list-table.php
wp-admin/includes/class-wp-media-list-table.php
+1
-1
wp-admin/includes/post.php
wp-admin/includes/post.php
+11
-4
wp-admin/includes/upgrade.php
wp-admin/includes/upgrade.php
+20
-2
wp-admin/nav-menus.php
wp-admin/nav-menus.php
+93
-15
wp-admin/options.php
wp-admin/options.php
+1
-1
wp-admin/revision.php
wp-admin/revision.php
+1
-1
wp-includes/class-oembed.php
wp-includes/class-oembed.php
+23
-1
wp-includes/class-wp-customize-manager.php
wp-includes/class-wp-customize-manager.php
+2
-0
wp-includes/class-wp-customize-widgets.php
wp-includes/class-wp-customize-widgets.php
+1
-1
wp-includes/customize/class-wp-customize-media-control.php
wp-includes/customize/class-wp-customize-media-control.php
+1
-1
wp-includes/customize/class-wp-customize-site-icon-control.php
...cludes/customize/class-wp-customize-site-icon-control.php
+2
-0
wp-includes/default-filters.php
wp-includes/default-filters.php
+1
-0
wp-includes/embed.php
wp-includes/embed.php
+36
-0
wp-includes/formatting.php
wp-includes/formatting.php
+10
-1
wp-includes/js/jquery/jquery-migrate.js
wp-includes/js/jquery/jquery-migrate.js
+75
-40
wp-includes/js/jquery/jquery-migrate.min.js
wp-includes/js/jquery/jquery-migrate.min.js
+2
-2
wp-includes/js/jquery/jquery.js
wp-includes/js/jquery/jquery.js
+5
-5
wp-includes/js/media-views.js
wp-includes/js/media-views.js
+4
-4
wp-includes/js/media-views.min.js
wp-includes/js/media-views.min.js
+2
-2
wp-includes/js/tinymce/plugins/wordpress/plugin.js
wp-includes/js/tinymce/plugins/wordpress/plugin.js
+10
-3
wp-includes/js/tinymce/plugins/wordpress/plugin.min.js
wp-includes/js/tinymce/plugins/wordpress/plugin.min.js
+1
-1
wp-includes/js/tinymce/plugins/wplink/plugin.js
wp-includes/js/tinymce/plugins/wplink/plugin.js
+1
-1
wp-includes/js/tinymce/plugins/wplink/plugin.min.js
wp-includes/js/tinymce/plugins/wplink/plugin.min.js
+1
-1
wp-includes/js/tinymce/wp-tinymce.js.gz
wp-includes/js/tinymce/wp-tinymce.js.gz
+0
-0
wp-includes/load.php
wp-includes/load.php
+1
-1
wp-includes/pluggable.php
wp-includes/pluggable.php
+8
-12
wp-includes/post-template.php
wp-includes/post-template.php
+1
-1
wp-includes/script-loader.php
wp-includes/script-loader.php
+3
-3
wp-includes/theme-compat/embed-content.php
wp-includes/theme-compat/embed-content.php
+1
-1
wp-includes/version.php
wp-includes/version.php
+1
-1
No files found.
readme.html
View file @
e636ca21
...
...
@@ -9,7 +9,7 @@
<body>
<h1
id=
"logo"
>
<a
href=
"https://wordpress.org/"
><img
alt=
"WordPress"
src=
"wp-admin/images/wordpress-logo.png"
/></a>
<br
/>
Version 4.5.
2
<br
/>
Version 4.5.
3
</h1>
<p
style=
"text-align: center"
>
Semantic Personal Publishing Platform
</p>
...
...
wp-admin/about.php
View file @
e636ca21
...
...
@@ -40,6 +40,10 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
<div
class=
"changelog point-releases"
>
<h3>
<?php
_e
(
'Maintenance and Security Releases'
);
?>
</h3>
<p>
<?php
printf
(
_n
(
'<strong>Version %s</strong> addressed some security issues and fixed %2$s bug.'
,
'<strong>Version %s</strong> addressed some security issues and fixed %2$s bugs.'
,
17
),
'4.5.3'
,
number_format_i18n
(
17
)
);
?>
<?php
printf
(
__
(
'For more information, see <a href="%s">the release notes</a>.'
),
'https://codex.wordpress.org/Version_4.5.3'
);
?>
</p>
<p>
<?php
printf
(
__
(
'<strong>Version %s</strong> addressed some security issues.'
),
'4.5.2'
);
?>
<?php
printf
(
__
(
'For more information, see <a href="%s">the release notes</a>.'
),
'https://codex.wordpress.org/Version_4.5.2'
);
?>
</p>
...
...
wp-admin/includes/ajax-actions.php
View file @
e636ca21
...
...
@@ -2761,7 +2761,7 @@ function wp_ajax_get_revision_diffs() {
if
(
!
$post
=
get_post
(
(
int
)
$_REQUEST
[
'post_id'
]
)
)
wp_send_json_error
();
if
(
!
current_user_can
(
'
read
_post'
,
$post
->
ID
)
)
if
(
!
current_user_can
(
'
edit
_post'
,
$post
->
ID
)
)
wp_send_json_error
();
// Really just pre-loading the cache here.
...
...
wp-admin/includes/class-wp-media-list-table.php
View file @
e636ca21
...
...
@@ -395,7 +395,7 @@ class WP_Media_List_Table extends WP_List_Table {
<span
class=
"screen-reader-text"
>
<?php
_e
(
'File name:'
);
?>
</span>
<?php
$file
=
get_attached_file
(
$post
->
ID
);
echo
wp_basename
(
$file
);
echo
esc_html
(
wp_basename
(
$file
)
);
?>
</p>
<?php
...
...
wp-admin/includes/post.php
View file @
e636ca21
...
...
@@ -165,6 +165,13 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
$post_data
[
'post_date_gmt'
]
=
get_gmt_from_date
(
$post_data
[
'post_date'
]
);
}
if
(
isset
(
$post_data
[
'post_category'
]
)
)
{
$category_object
=
get_taxonomy
(
'category'
);
if
(
!
current_user_can
(
$category_object
->
cap
->
assign_terms
)
)
{
unset
(
$post_data
[
'post_category'
]
);
}
}
return
$post_data
;
}
...
...
@@ -1312,7 +1319,7 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
if
(
false
!==
$view_link
)
{
$display_link
=
urldecode
(
$view_link
);
$return
.
=
'<a id="sample-permalink" href="'
.
esc_url
(
$view_link
)
.
'"'
.
$preview_target
.
'>'
.
$display_link
.
"</a>
\n
"
;
$return
.
=
'<a id="sample-permalink" href="'
.
esc_url
(
$view_link
)
.
'"'
.
$preview_target
.
'>'
.
esc_html
(
$display_link
)
.
"</a>
\n
"
;
}
else
{
$return
.
=
'<span id="sample-permalink">'
.
$permalink
.
"</span>
\n
"
;
}
...
...
@@ -1336,14 +1343,14 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
}
}
$post_name_html
=
'<span id="editable-post-name">'
.
$post_name_abridged
.
'</span>'
;
$display_link
=
str_replace
(
array
(
'%pagename%'
,
'%postname%'
),
$post_name_html
,
urldecode
(
$permalink
)
);
$post_name_html
=
'<span id="editable-post-name">'
.
esc_html
(
$post_name_abridged
)
.
'</span>'
;
$display_link
=
str_replace
(
array
(
'%pagename%'
,
'%postname%'
),
$post_name_html
,
esc_html
(
urldecode
(
$permalink
)
)
);
$return
=
'<strong>'
.
__
(
'Permalink:'
)
.
"</strong>
\n
"
;
$return
.
=
'<span id="sample-permalink"><a href="'
.
esc_url
(
$view_link
)
.
'"'
.
$preview_target
.
'>'
.
$display_link
.
"</a></span>
\n
"
;
$return
.
=
'‎'
;
// Fix bi-directional text display defect in RTL languages.
$return
.
=
'<span id="edit-slug-buttons"><button type="button" class="edit-slug button button-small hide-if-no-js" aria-label="'
.
__
(
'Edit permalink'
)
.
'">'
.
__
(
'Edit'
)
.
"</button></span>
\n
"
;
$return
.
=
'<span id="editable-post-name-full">'
.
$post_name
.
"</span>
\n
"
;
$return
.
=
'<span id="editable-post-name-full">'
.
esc_html
(
$post_name
)
.
"</span>
\n
"
;
}
/**
...
...
wp-admin/includes/upgrade.php
View file @
e636ca21
...
...
@@ -2154,6 +2154,9 @@ function dbDelta( $queries = '', $execute = true ) {
*/
$iqueries
=
apply_filters
(
'dbdelta_insert_queries'
,
$iqueries
);
$text_fields
=
array
(
'tinytext'
,
'text'
,
'mediumtext'
,
'longtext'
);
$blob_fields
=
array
(
'tinyblob'
,
'blob'
,
'mediumblob'
,
'longblob'
);
$global_tables
=
$wpdb
->
tables
(
'global'
);
foreach
(
$cqueries
as
$table
=>
$qry
)
{
// Upgrade global tables only for the main site. Don't upgrade at all if conditions are not optimal.
...
...
@@ -2223,9 +2226,24 @@ function dbDelta( $queries = '', $execute = true ) {
// Is actual field type different from the field type in query?
if
(
$tablefield
->
Type
!=
$fieldtype
)
{
$do_change
=
true
;
if
(
in_array
(
strtolower
(
$fieldtype
),
$text_fields
)
&&
in_array
(
strtolower
(
$tablefield
->
Type
),
$text_fields
)
)
{
if
(
array_search
(
strtolower
(
$fieldtype
),
$text_fields
)
<
array_search
(
strtolower
(
$tablefield
->
Type
),
$text_fields
)
)
{
$do_change
=
false
;
}
}
if
(
in_array
(
strtolower
(
$fieldtype
),
$blob_fields
)
&&
in_array
(
strtolower
(
$tablefield
->
Type
),
$blob_fields
)
)
{
if
(
array_search
(
strtolower
(
$fieldtype
),
$blob_fields
)
<
array_search
(
strtolower
(
$tablefield
->
Type
),
$blob_fields
)
)
{
$do_change
=
false
;
}
}
if
(
$do_change
)
{
// Add a query to change the column type
$cqueries
[]
=
"ALTER TABLE
{
$table
}
CHANGE COLUMN
{
$tablefield
->
Field
}
"
.
$cfields
[
strtolower
(
$tablefield
->
Field
)];
$for_update
[
$table
.
'.'
.
$tablefield
->
Field
]
=
"Changed type of
{
$table
}
.
{
$tablefield
->
Field
}
from
{
$tablefield
->
Type
}
to
{
$fieldtype
}
"
;
$cqueries
[]
=
"ALTER TABLE
{
$table
}
CHANGE COLUMN
{
$tablefield
->
Field
}
"
.
$cfields
[
strtolower
(
$tablefield
->
Field
)];
$for_update
[
$table
.
'.'
.
$tablefield
->
Field
]
=
"Changed type of
{
$table
}
.
{
$tablefield
->
Field
}
from
{
$tablefield
->
Type
}
to
{
$fieldtype
}
"
;
}
}
// Get the default value from the array
...
...
wp-admin/nav-menus.php
View file @
e636ca21
...
...
@@ -49,30 +49,108 @@ $num_locations = count( array_keys( $locations ) );
// Allowed actions: add, update, delete
$action
=
isset
(
$_REQUEST
[
'action'
]
)
?
$_REQUEST
[
'action'
]
:
'edit'
;
/*
* If a JSON blob of navigation menu data is found, expand it and inject it
* into `$_POST` to avoid PHP `max_input_vars` limitations. See #14134.
/**
* If a JSON blob of navigation menu data is in POST data, expand it and inject
* it into `$_POST` to avoid PHP `max_input_vars` limitations. See #14134.
*
* @ignore
* @since 4.5.3
* @access private
*/
if
(
isset
(
$_POST
[
'nav-menu-data'
]
)
)
{
function
_wp_expand_nav_menu_post_data
()
{
if
(
!
isset
(
$_POST
[
'nav-menu-data'
]
)
)
{
return
;
}
$data
=
json_decode
(
stripslashes
(
$_POST
[
'nav-menu-data'
]
)
);
if
(
!
is_null
(
$data
)
&&
$data
)
{
foreach
(
$data
as
$post_input_data
)
{
// For input names that are arrays (e.g. `menu-item-db-id[3]`), derive the array path keys via regex.
if
(
preg_match
(
'#(.*)\[(\w+)\]#'
,
$post_input_data
->
name
,
$matches
)
)
{
if
(
empty
(
$_POST
[
$matches
[
1
]
]
)
)
{
$_POST
[
$matches
[
1
]
]
=
array
();
}
// Cast input elements with a numeric array index to integers.
if
(
is_numeric
(
$matches
[
2
]
)
)
{
$matches
[
2
]
=
(
int
)
$matches
[
2
];
// For input names that are arrays (e.g. `menu-item-db-id[3][4][5]`),
// derive the array path keys via regex and set the value in $_POST.
preg_match
(
'#([^\[]*)(\[(.+)\])?#'
,
$post_input_data
->
name
,
$matches
);
$array_bits
=
array
(
$matches
[
1
]
);
if
(
isset
(
$matches
[
3
]
)
)
{
$array_bits
=
array_merge
(
$array_bits
,
explode
(
']['
,
$matches
[
3
]
)
);
}
$new_post_data
=
array
();
// Build the new array value from leaf to trunk.
for
(
$i
=
count
(
$array_bits
)
-
1
;
$i
>=
0
;
$i
--
)
{
if
(
$i
==
count
(
$array_bits
)
-
1
)
{
$new_post_data
[
$array_bits
[
$i
]
]
=
wp_slash
(
$post_input_data
->
value
);
}
else
{
$new_post_data
=
array
(
$array_bits
[
$i
]
=>
$new_post_data
);
}
$_POST
[
$matches
[
1
]
][
$matches
[
2
]
]
=
wp_slash
(
$post_input_data
->
value
);
}
else
{
$_POST
[
$post_input_data
->
name
]
=
wp_slash
(
$post_input_data
->
value
);
}
$_POST
=
array_replace_recursive
(
$_POST
,
$new_post_data
);
}
}
}
if
(
!
function_exists
(
'array_replace_recursive'
)
)
:
/**
* PHP-agnostic version of {@link array_replace_recursive()}.
*
* The array_replace_recursive() function is a PHP 5.3 function. WordPress
* currently supports down to PHP 5.2, so this method is a workaround
* for PHP 5.2.
*
* Note: array_replace_recursive() supports infinite arguments, but for our use-
* case, we only need to support two arguments.
*
* Subject to removal once WordPress makes PHP 5.3.0 the minimum requirement.
*
* @since 4.5.3
*
* @see http://php.net/manual/en/function.array-replace-recursive.php#109390
*
* @param array $base Array with keys needing to be replaced.
* @param array $replacements Array with the replaced keys.
*
* @return array
*/
function
array_replace_recursive
(
$base
=
array
(),
$replacements
=
array
()
)
{
foreach
(
array_slice
(
func_get_args
(),
1
)
as
$replacements
)
{
$bref_stack
=
array
(
&
$base
);
$head_stack
=
array
(
$replacements
);
do
{
end
(
$bref_stack
);
$bref
=
&
$bref_stack
[
key
(
$bref_stack
)
];
$head
=
array_pop
(
$head_stack
);
unset
(
$bref_stack
[
key
(
$bref_stack
)
]
);
foreach
(
array_keys
(
$head
)
as
$key
)
{
if
(
isset
(
$key
,
$bref
)
&&
isset
(
$bref
[
$key
]
)
&&
is_array
(
$bref
[
$key
]
)
&&
isset
(
$head
[
$key
]
)
&&
is_array
(
$head
[
$key
]
)
)
{
$bref_stack
[]
=
&
$bref
[
$key
];
$head_stack
[]
=
$head
[
$key
];
}
else
{
$bref
[
$key
]
=
$head
[
$key
];
}
}
}
while
(
count
(
$head_stack
)
);
}
return
$base
;
}
endif
;
/*
* If a JSON blob of navigation menu data is found, expand it and inject it
* into `$_POST` to avoid PHP `max_input_vars` limitations. See #14134.
*/
_wp_expand_nav_menu_post_data
();
switch
(
$action
)
{
case
'add-menu-item'
:
check_admin_referer
(
'add-menu_item'
,
'menu-settings-column-nonce'
);
...
...
wp-admin/options.php
View file @
e636ca21
...
...
@@ -84,7 +84,7 @@ if ( is_multisite() && ! is_super_admin() && 'update' != $action ) {
$whitelist_options
=
array
(
'general'
=>
array
(
'blogname'
,
'blogdescription'
,
'gmt_offset'
,
'date_format'
,
'time_format'
,
'start_of_week'
,
'timezone_string'
,
'WPLANG'
),
'discussion'
=>
array
(
'default_pingback_flag'
,
'default_ping_status'
,
'default_comment_status'
,
'comments_notify'
,
'moderation_notify'
,
'comment_moderation'
,
'require_name_email'
,
'comment_whitelist'
,
'comment_max_links'
,
'moderation_keys'
,
'blacklist_keys'
,
'show_avatars'
,
'avatar_rating'
,
'avatar_default'
,
'close_comments_for_old_posts'
,
'close_comments_days_old'
,
'thread_comments'
,
'thread_comments_depth'
,
'page_comments'
,
'comments_per_page'
,
'default_comments_page'
,
'comment_order'
,
'comment_registration'
),
'media'
=>
array
(
'thumbnail_size_w'
,
'thumbnail_size_h'
,
'thumbnail_crop'
,
'medium_size_w'
,
'medium_size_h'
,
'medium_large_size_w'
,
'medium_large_size_h'
,
'large_size_w'
,
'large_size_h'
,
'image_default_size'
,
'image_default_align'
,
'image_default_link_type'
),
'media'
=>
array
(
'thumbnail_size_w'
,
'thumbnail_size_h'
,
'thumbnail_crop'
,
'medium_size_w'
,
'medium_size_h'
,
'large_size_w'
,
'large_size_h'
,
'image_default_size'
,
'image_default_align'
,
'image_default_link_type'
),
'reading'
=>
array
(
'posts_per_page'
,
'posts_per_rss'
,
'rss_use_excerpt'
,
'show_on_front'
,
'page_on_front'
,
'page_for_posts'
,
'blog_public'
),
'writing'
=>
array
(
'default_category'
,
'default_email_category'
,
'default_link_category'
,
'default_post_format'
)
);
...
...
wp-admin/revision.php
View file @
e636ca21
...
...
@@ -63,7 +63,7 @@ default :
if
(
!
$post
=
get_post
(
$revision
->
post_parent
)
)
break
;
if
(
!
current_user_can
(
'read_post'
,
$revision
->
ID
)
||
!
current_user_can
(
'
read
_post'
,
$
post
->
ID
)
)
if
(
!
current_user_can
(
'read_post'
,
$revision
->
ID
)
||
!
current_user_can
(
'
edit
_post'
,
$
revision
->
post_parent
)
)
break
;
// Revisions disabled and we're not looking at an autosave
...
...
wp-includes/class-oembed.php
View file @
e636ca21
...
...
@@ -315,10 +315,32 @@ class WP_oEmbed {
* @return false|string False on failure, otherwise the UNSANITIZED (and potentially unsafe) HTML that should be used to embed.
*/
public
function
get_html
(
$url
,
$args
=
''
)
{
/**
* Filters the oEmbed result before any HTTP requests are made.
*
* This allows one to short-circuit the default logic, perhaps by
* replacing it with a routine that is more optimal for your setup.
*
* Passing a non-null value to the filter will effectively short-circuit retrieval,
* returning the passed value instead.
*
* @since 4.5.3
*
* @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. Default null.
* @param string $url The URL to the content that should be attempted to be embedded.
* @param array $args Optional. Arguments, usually passed from a shortcode. Default empty.
*/
$pre
=
apply_filters
(
'pre_oembed_result'
,
null
,
$url
,
$args
);
if
(
null
!==
$pre
)
{
return
$pre
;
}
$provider
=
$this
->
get_provider
(
$url
,
$args
);
if
(
!
$provider
||
false
===
$data
=
$this
->
fetch
(
$provider
,
$url
,
$args
)
)
if
(
!
$provider
||
false
===
$data
=
$this
->
fetch
(
$provider
,
$url
,
$args
)
)
{
return
false
;
}
/**
* Filter the HTML returned by the oEmbed provider.
...
...
wp-includes/class-wp-customize-manager.php
View file @
e636ca21
...
...
@@ -1542,6 +1542,7 @@ final class WP_Customize_Manager {
* @param string $preview_url URL to be previewed.
*/
public
function
set_preview_url
(
$preview_url
)
{
$preview_url
=
esc_url_raw
(
$preview_url
);
$this
->
preview_url
=
wp_validate_redirect
(
$preview_url
,
home_url
(
'/'
)
);
}
...
...
@@ -1573,6 +1574,7 @@ final class WP_Customize_Manager {
* @param string $return_url URL for return link.
*/
public
function
set_return_url
(
$return_url
)
{
$return_url
=
esc_url_raw
(
$return_url
);
$return_url
=
remove_query_arg
(
wp_removable_query_args
(),
$return_url
);
$return_url
=
wp_validate_redirect
(
$return_url
);
$this
->
return_url
=
$return_url
;
...
...
wp-includes/class-wp-customize-widgets.php
View file @
e636ca21
...
...
@@ -1061,7 +1061,7 @@ final class WP_Customize_Widgets {
* @return array
*/
public
function
preview_sidebars_widgets
(
$sidebars_widgets
)
{
$sidebars_widgets
=
get_option
(
'sidebars_widgets'
);
$sidebars_widgets
=
get_option
(
'sidebars_widgets'
,
array
()
);
unset
(
$sidebars_widgets
[
'array_version'
]
);
return
$sidebars_widgets
;
...
...
wp-includes/customize/class-wp-customize-media-control.php
View file @
e636ca21
...
...
@@ -214,7 +214,7 @@ class WP_Customize_Media_Control extends WP_Customize_Control {
</div>
<div
class=
"actions"
>
<
#
if
(
data.defaultAttachment
)
{
#
>
<button
type=
"button"
class=
"button default-button"
>
{{ data.button_labels
.
default }}
</button>
<button
type=
"button"
class=
"button default-button"
>
{{ data.button_labels
['
default
']
}}
</button>
<
#
}
#
>
<
#
if
(
data.canUpload
)
{
#
>
<button
type=
"button"
class=
"button upload-button"
id=
"{{ data.settings['default'] }}-button"
>
{{ data.button_labels.select }}
</button>
...
...
wp-includes/customize/class-wp-customize-site-icon-control.php
View file @
e636ca21
...
...
@@ -60,6 +60,7 @@ class WP_Customize_Site_Icon_Control extends WP_Customize_Cropped_Image_Control
</label>
<
#
if
(
data.attachment
&&
data.attachment.id
)
{
#
>
<
#
if
(
data.attachment.sizes
)
{
#
>
<div
class=
"current"
>
<div
class=
"container"
>
<div
class=
"site-icon-preview"
>
...
...
@@ -75,6 +76,7 @@ class WP_Customize_Site_Icon_Control extends WP_Customize_Cropped_Image_Control
</div>
</div>
</div>
<
#
}
#
>
<div
class=
"actions"
>
<
#
if
(
data.canUpload
)
{
#
>
<button
type=
"button"
class=
"button remove-button"
>
<?php
echo
$this
->
button_labels
[
'remove'
];
?>
</button>
...
...
wp-includes/default-filters.php
View file @
e636ca21
...
...
@@ -476,5 +476,6 @@ add_filter( 'the_excerpt_embed', 'wp_embed_excerpt_attachment' );
add_filter
(
'oembed_dataparse'
,
'wp_filter_oembed_result'
,
10
,
3
);
add_filter
(
'oembed_response_data'
,
'get_oembed_response_data_rich'
,
10
,
4
);
add_filter
(
'pre_oembed_result'
,
'wp_filter_pre_oembed_result'
,
10
,
3
);
unset
(
$filter
,
$action
);
wp-includes/embed.php
View file @
e636ca21
...
...
@@ -1079,3 +1079,39 @@ function the_embed_site_title() {
*/
echo
apply_filters
(
'embed_site_title_html'
,
$site_title
);
}
/**
* Filters the oEmbed result before any HTTP requests are made.
*
* If the URL belongs to the current site, the result is fetched directly instead of
* going through the oEmbed discovery process.
*
* @since 4.5.3
*
* @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. Default null.
* @param string $url The URL that should be inspected for discovery `<link>` tags.
* @param array $args oEmbed remote get arguments.
* @return null|string The UNSANITIZED (and potentially unsafe) HTML that should be used to embed.
* Null if the URL does not belong to the current site.
*/
function
wp_filter_pre_oembed_result
(
$result
,
$url
,
$args
)
{
$post_id
=
url_to_postid
(
$url
);
/** This filter is documented in wp-includes/class-wp-oembed-controller.php */
$post_id
=
apply_filters
(
'oembed_request_post_id'
,
$post_id
,
$url
);
if
(
!
$post_id
)
{
return
$result
;
}
$width
=
isset
(
$args
[
'width'
]
)
?
$args
[
'width'
]
:
0
;
$data
=
get_oembed_response_data
(
$post_id
,
$width
);
$data
=
_wp_oembed_get_object
()
->
data2html
(
(
object
)
$data
,
$url
);
if
(
!
$data
)
{
return
$result
;
}
return
$data
;
}
wp-includes/formatting.php
View file @
e636ca21
...
...
@@ -1364,7 +1364,8 @@ function remove_accents( $string ) {
* operating systems and special characters requiring special escaping
* to manipulate at the command line. Replaces spaces and consecutive
* dashes with a single dash. Trims period, dash and underscore from beginning
* and end of filename.
* and end of filename. It is not guaranteed that this function will return a
* filename that is allowed to be uploaded.
*
* @since 2.1.0
*
...
...
@@ -1389,6 +1390,14 @@ function sanitize_file_name( $filename ) {
$filename
=
preg_replace
(
'/[\r\n\t -]+/'
,
'-'
,
$filename
);
$filename
=
trim
(
$filename
,
'.-_'
);
if
(
false
===
strpos
(
$filename
,
'.'
)
)
{
$mime_types
=
wp_get_mime_types
();
$filetype
=
wp_check_filetype
(
'test.'
.
$filename
,
$mime_types
);
if
(
$filetype
[
'ext'
]
===
$filename
)
{
$filename
=
'unnamed-file.'
.
$filetype
[
'ext'
];
}
}
// Split the filename into a base and extension[s]
$parts
=
explode
(
'.'
,
$filename
);
...
...
wp-includes/js/jquery/jquery-migrate.js
View file @
e636ca21
/*!
* jQuery Migrate - v1.4.
0
- 2016-0
2-26
* jQuery Migrate - v1.4.
1
- 2016-0
5-19
* Copyright jQuery Foundation and other contributors
*/
(
function
(
jQuery
,
window
,
undefined
)
{
...
...
@@ -7,7 +7,7 @@
// "use strict";
jQuery
.
migrateVersion
=
"
1.4.
0
"
;
jQuery
.
migrateVersion
=
"
1.4.
1
"
;
var
warnedAbout
=
{};
...
...
@@ -193,9 +193,11 @@ jQuery.attrHooks.value = {
var
matched
,
browser
,
oldInit
=
jQuery
.
fn
.
init
,
oldFind
=
jQuery
.
find
,
oldParseJSON
=
jQuery
.
parseJSON
,
rspaceAngle
=
/^
\s
*</
,
rattrHash
=
/
\[\s
*
\w
+
\s
*
[
~|^$*
]?
=
\s
*
(?![\s
'"
])[^
#
\]]
*#/
,
rattrHashTest
=
/
\[(\s
*
[
-
\w]
+
\s
*
)([
~|^$*
]?
=
)\s
*
([
-
\w
#
]
*
?
#
[
-
\w
#
]
*
)\s
*
\]
/
,
rattrHashGlob
=
/
\[(\s
*
[
-
\w]
+
\s
*
)([
~|^$*
]?
=
)\s
*
([
-
\w
#
]
*
?
#
[
-
\w
#
]
*
)\s
*
\]
/g
,
// Note: XSS check is done below after string is trimmed
rquickExpr
=
/^
([^
<
]
*
)(
<
[\w\W]
+>
)([^
>
]
*
)
$/
;
...
...
@@ -203,45 +205,37 @@ var matched, browser,
jQuery
.
fn
.
init
=
function
(
selector
,
context
,
rootjQuery
)
{
var
match
,
ret
;
if
(
selector
&&
typeof
selector
===
"
string
"
&&
!
jQuery
.
isPlainObject
(
context
)
&&
(
match
=
rquickExpr
.
exec
(
jQuery
.
trim
(
selector
)
))
&&
match
[
0
]
)
{
// This is an HTML string according to the "old" rules; is it still?
if
(
!
rspaceAngle
.
test
(
selector
)
)
{
migrateWarn
(
"
$(html) HTML strings must start with '<' character
"
);
}
if
(
match
[
3
]
)
{
migrateWarn
(
"
$(html) HTML text after last tag is ignored
"
);
}
// Consistently reject any HTML-like string starting with a hash (#9521)
// Note that this may break jQuery 1.6.x code that otherwise would work.
if
(
match
[
0
].
charAt
(
0
)
===
"
#
"
)
{
migrateWarn
(
"
HTML string cannot start with a '#' character
"
);
jQuery
.
error
(
"
JQMIGRATE: Invalid selector string (XSS)
"
);
}
// Now process using loose rules; let pre-1.8 play too
if
(
context
&&
context
.
context
)
{
// jQuery object as context; parseHTML expects a DOM object
context
=
context
.
context
;
}
if
(
jQuery
.
parseHTML
)
{
return
oldInit
.
call
(
this
,
jQuery
.
parseHTML
(
match
[
2
],
context
&&
context
.
ownerDocument
||
context
||
document
,
true
),
context
,
rootjQuery
);
}
}
if
(
selector
&&
typeof
selector
===
"
string
"
)
{
if
(
!
jQuery
.
isPlainObject
(
context
)
&&
(
match
=
rquickExpr
.
exec
(
jQuery
.
trim
(
selector
)
))
&&
match
[
0
]
)
{
if
(
selector
===
"
#
"
)
{
// This is an HTML string according to the "old" rules; is it still?
if
(
!
rspaceAngle
.
test
(
selector
)
)
{
migrateWarn
(
"
$(html) HTML strings must start with '<' character
"
);
}
if
(
match
[
3
]
)
{
migrateWarn
(
"
$(html) HTML text after last tag is ignored
"
);
}
// jQuery( "#" ) is a bogus ID selector, but it returned an empty set before jQuery 3.0
migrateWarn
(
"
jQuery( '#' ) is not a valid selector
"
);
selector
=
[];
// Consistently reject any HTML-like string starting with a hash (gh-9521)
// Note that this may break jQuery 1.6.x code that otherwise would work.
if
(
match
[
0
].
charAt
(
0
)
===
"
#
"
)
{
migrateWarn
(
"
HTML string cannot start with a '#' character
"
);
jQuery
.
error
(
"
JQMIGRATE: Invalid selector string (XSS)
"
);
}
}
else
if
(
rattrHash
.
test
(
selector
)
)
{
// Now process using loose rules; let pre-1.8 play too
// Is this a jQuery context? parseHTML expects a DOM element (#178)
if
(
context
&&
context
.
context
&&
context
.
context
.
nodeType
)
{
context
=
context
.
context
;
}
// The nonstandard and undocumented unquoted-hash was removed in jQuery 1.12.0
// Note that this doesn't actually fix the selector due to potential false positives
migrateWarn
(
"
Attribute selectors with '#' must be quoted: '
"
+
selector
+
"
'
"
);
if
(
jQuery
.
parseHTML
)
{
return
oldInit
.
call
(
this
,
jQuery
.
parseHTML
(
match
[
2
],
context
&&
context
.
ownerDocument
||
context
||
document
,
true
),
context
,
rootjQuery
);
}
}
}
ret
=
oldInit
.
apply
(
this
,
arguments
);
...
...
@@ -263,6 +257,47 @@ jQuery.fn.init = function( selector, context, rootjQuery ) {
};
jQuery
.
fn
.
init
.
prototype
=
jQuery
.
fn
;
jQuery
.
find
=
function
(
selector
)
{
var
args
=
Array
.
prototype
.
slice
.
call
(
arguments
);
// Support: PhantomJS 1.x
// String#match fails to match when used with a //g RegExp, only on some strings
if
(
typeof
selector
===
"
string
"
&&
rattrHashTest
.
test
(
selector
)
)
{
// The nonstandard and undocumented unquoted-hash was removed in jQuery 1.12.0
// First see if qS thinks it's a valid selector, if so avoid a false positive
try
{
document
.
querySelector
(
selector
);
}
catch
(
err1
)
{
// Didn't *look* valid to qSA, warn and try quoting what we think is the value
selector
=
selector
.
replace
(
rattrHashGlob
,
function
(
_
,
attr
,
op
,
value
)
{
return
"
[
"
+
attr
+
op
+
"
\"
"
+
value
+
"
\"
]
"
;
}
);
// If the regexp *may* have created an invalid selector, don't update it
// Note that there may be false alarms if selector uses jQuery extensions
try
{
document
.
querySelector
(
selector
);
migrateWarn
(
"
Attribute selector with '#' must be quoted:
"
+
args
[
0
]
);
args
[
0
]
=
selector
;
}
catch
(
err2
)
{
migrateWarn
(
"
Attribute selector with '#' was not fixed:
"
+
args
[
0
]
);
}
}
}
return
oldFind
.
apply
(
this
,
args
);
};
// Copy properties attached to original jQuery.find method (e.g. .attr, .isXML)
var
findProp
;
for
(
findProp
in
oldFind
)
{
if
(
Object
.
prototype
.
hasOwnProperty
.
call
(
oldFind
,
findProp
)
)
{
jQuery
.
find
[
findProp
]
=
oldFind
[
findProp
];
}
}
// Let $.parseJSON(falsy_value) return null
jQuery
.
parseJSON
=
function
(
json
)
{
if
(
!
json
)
{
...
...
@@ -631,7 +666,7 @@ jQuery.event.special.ready = {
};
var
oldSelf
=
jQuery
.
fn
.
andSelf
||
jQuery
.
fn
.
addBack
,
oldFind
=
jQuery
.
fn
.
find
;
oldF
nF
ind
=
jQuery
.
fn
.
find
;
jQuery
.
fn
.
andSelf
=
function
()
{
migrateWarn
(
"
jQuery.fn.andSelf() replaced by jQuery.fn.addBack()
"
);
...
...
@@ -639,7 +674,7 @@ jQuery.fn.andSelf = function() {
};
jQuery
.
fn
.
find
=
function
(
selector
)
{
var
ret
=
oldFind
.
apply
(
this
,
arguments
);
var
ret
=
oldF
nF
ind
.
apply
(
this
,
arguments
);
ret
.
context
=
this
.
context
;
ret
.
selector
=
this
.
selector
?
this
.
selector
+
"
"
+
selector
:
selector
;
return
ret
;
...
...