diff --git a/README.md b/README.md index c4c4d3431..287a3182c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ Project Nami =============== -### Version: `1.9.6` ### +### Version: `1.9.7` ### ### Description: ### [![Deploy to Azure](http://azuredeploy.net/deploybutton.png)](https://deploy.azure.com/?repository=https://github.com/ProjectNami/projectnami/tree/latest) diff --git a/wp-admin/about.php b/wp-admin/about.php index cc8ca1198..357a65b09 100644 --- a/wp-admin/about.php +++ b/wp-admin/about.php @@ -32,6 +32,24 @@

+

+ Version %1$s addressed some security issues and fixed %2$s bug.', + 'Version %1$s addressed some security issues and fixed %2$s bugs.', + 17 + ), + '4.9.7', + number_format_i18n( 17 ) + ); + ?> + the release notes.' ), 'https://codex.wordpress.org/Version_4.9.7' ); + ?> +

diff --git a/wp-admin/includes/class-wp-community-events.php b/wp-admin/includes/class-wp-community-events.php index d3cfda18f..788d2cdbf 100644 --- a/wp-admin/includes/class-wp-community-events.php +++ b/wp-admin/includes/class-wp-community-events.php @@ -388,20 +388,33 @@ protected function format_event_data_time( $response_body ) { } /** - * Discards expired events, and reduces the remaining list. + * Prepares the event list for presentation. + * + * Discards expired events, and makes WordCamps "sticky." Attendees need more + * advanced notice about WordCamps than they do for meetups, so camps should + * appear in the list sooner. If a WordCamp is coming up, the API will "stick" + * it in the response, even if it wouldn't otherwise appear. When that happens, + * the event will be at the end of the list, and will need to be moved into a + * higher position, so that it doesn't get trimmed off. * * @since 4.8.0 + * @since 4.9.7 Stick a WordCamp to the final list. * * @param array $response_body The response body which contains the events. * @return array The response body with events trimmed. */ protected function trim_events( $response_body ) { if ( isset( $response_body['events'] ) ) { + $wordcamps = array(); $current_timestamp = current_time( 'timestamp' ); foreach ( $response_body['events'] as $key => $event ) { - // Skip WordCamps, because they might be multi-day events. - if ( 'meetup' !== $event['type'] ) { + /* + * Skip WordCamps, because they might be multi-day events. + * Save a copy so they can be pinned later. + */ + if ( 'wordcamp' === $event['type'] ) { + $wordcamps[] = $event; continue; } @@ -413,6 +426,13 @@ protected function trim_events( $response_body ) { } $response_body['events'] = array_slice( $response_body['events'], 0, 3 ); + $trimmed_event_types = wp_list_pluck( $response_body['events'], 'type' ); + + // Make sure the soonest upcoming WordCamps is pinned in the list. + if ( ! in_array( 'wordcamp', $trimmed_event_types ) && $wordcamps ) { + array_pop( $response_body['events'] ); + array_push( $response_body['events'], $wordcamps[0] ); + } } return $response_body; diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index f9feb381b..3f51608d1 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -1803,7 +1803,7 @@ function wp_print_request_filesystem_credentials_modal() { * * @since 4.9.6 * - * @param array $group_data { + * @param array $group_data { * The group data to render. * * @type string $group_label The user-facing heading for the group, e.g. 'Comments'. @@ -1865,7 +1865,7 @@ function wp_privacy_generate_personal_data_export_group_html( $group_data ) { * * @since 4.9.6 * - * @param int $request_id The export request ID. + * @param int $request_id The export request ID. */ function wp_privacy_generate_personal_data_export_file( $request_id ) { if ( ! class_exists( 'ZipArchive' ) ) { @@ -1889,9 +1889,8 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) { $exports_dir = wp_privacy_exports_dir(); $exports_url = wp_privacy_exports_url(); - $result = wp_mkdir_p( $exports_dir ); - if ( is_wp_error( $result ) ) { - wp_send_json_error( $result->get_error_message() ); + if ( ! wp_mkdir_p( $exports_dir ) ) { + wp_send_json_error( __( 'Unable to create export folder.' ) ); } // Protect export folder from browsing. @@ -2030,7 +2029,7 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) { * @param string $archive_pathname The full path to the export file on the filesystem. * @param string $archive_url The URL of the archive file. * @param string $html_report_pathname The full path to the personal data report on the filesystem. - * @param string $request_id The export request ID. + * @param int $request_id The export request ID. */ do_action( 'wp_privacy_personal_data_export_file_created', $archive_pathname, $archive_url, $html_report_pathname, $request_id ); } @@ -2051,8 +2050,8 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) { * * @since 4.9.6 * - * @param int $request_id The request ID for this personal data export. - * @return true|WP_Error True on success or `WP_Error` on failure. + * @param int $request_id The request ID for this personal data export. + * @return true|WP_Error True on success or `WP_Error` on failure. */ function wp_privacy_send_personal_data_export_email( $request_id ) { // Get the request data. @@ -2062,11 +2061,11 @@ function wp_privacy_send_personal_data_export_email( $request_id ) { return new WP_Error( 'invalid', __( 'Invalid request ID when sending personal data export email.' ) ); } - /** This filter is documented in wp-admin/includes/file.php */ + /** This filter is documented in wp-includes/functions.php */ $expiration = apply_filters( 'wp_privacy_export_expiration', 3 * DAY_IN_SECONDS ); $expiration_date = date_i18n( get_option( 'date_format' ), time() + $expiration ); -/* translators: Do not translate EXPIRATION, LINK, EMAIL, SITENAME, SITEURL: those are placeholders. */ +/* translators: Do not translate EXPIRATION, LINK, SITENAME, SITEURL: those are placeholders. */ $email_text = __( 'Howdy, @@ -2077,8 +2076,6 @@ function wp_privacy_send_personal_data_export_email( $request_id ) { ###LINK### -This email has been sent to ###EMAIL###. - Regards, All at ###SITENAME### ###SITEURL###' @@ -2090,7 +2087,6 @@ function wp_privacy_send_personal_data_export_email( $request_id ) { * The following strings have a special meaning and will get replaced dynamically: * ###EXPIRATION### The date when the URL will be automatically deleted. * ###LINK### URL of the personal data export file for the user. - * ###EMAIL### The email we are sending to. * ###SITENAME### The name of the site. * ###SITEURL### The URL to the site. * @@ -2184,6 +2180,7 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde update_post_meta( $request_id, '_export_data_raw', $export_data ); // If we are not yet on the last page of the last exporter, return now. + /** This filter is documented in wp-admin/includes/ajax-actions.php */ $exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() ); $is_last_exporter = $exporter_index === count( $exporters ); $exporter_done = $response['done']; @@ -2219,7 +2216,13 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde delete_post_meta( $request_id, '_export_data_raw' ); update_post_meta( $request_id, '_export_data_grouped', $groups ); - // Generate the export file from the collected, grouped personal data. + /** + * Generate the export file from the collected, grouped personal data. + * + * @since 4.9.6 + * + * @param int $request_id The export request ID. + */ do_action( 'wp_privacy_personal_data_export_file', $request_id ); // Clear the grouped data now that it is no longer needed. diff --git a/wp-admin/includes/misc.php b/wp-admin/includes/misc.php index fbe7b9c20..58c81b6b6 100644 --- a/wp-admin/includes/misc.php +++ b/wp-admin/includes/misc.php @@ -194,6 +194,8 @@ function insert_with_markers( $filename, $marker, $insertion ) { * @since 1.5.0 * * @global WP_Rewrite $wp_rewrite + * + * @return bool|null True on write success, false on failure. Null in multisite. */ function save_mod_rewrite_rules() { if ( is_multisite() ) @@ -201,8 +203,11 @@ function save_mod_rewrite_rules() { global $wp_rewrite; - $home_path = get_home_path(); - $htaccess_file = $home_path.'.htaccess'; + // Ensure get_home_path() is declared. + require_once( ABSPATH . 'wp-admin/includes/file.php' ); + + $home_path = get_home_path(); + $htaccess_file = $home_path . '.htaccess'; /* * If the file doesn't already exist check for write access to the directory @@ -226,7 +231,7 @@ function save_mod_rewrite_rules() { * * @global WP_Rewrite $wp_rewrite * - * @return bool True if web.config was updated successfully + * @return bool|null True on write success, false on failure. Null in multisite. */ function iis7_save_url_rewrite_rules(){ if ( is_multisite() ) @@ -234,7 +239,10 @@ function iis7_save_url_rewrite_rules(){ global $wp_rewrite; - $home_path = get_home_path(); + // Ensure get_home_path() is declared. + require_once( ABSPATH . 'wp-admin/includes/file.php' ); + + $home_path = get_home_path(); $web_config_file = $home_path . 'web.config'; // Using win_is_writable() instead of is_writable() because of a bug in Windows PHP @@ -1149,7 +1157,7 @@ function update_option_new_admin_email( $old_value, $value ) { return; } - $hash = md5( $value . time() . mt_rand() ); + $hash = md5( $value . time() . wp_rand() ); $new_admin_email = array( 'hash' => $hash, 'newemail' => $value, @@ -1700,7 +1708,7 @@ public static function get_default_content( $descr = false ) { '

' . __( 'Embedded content from other websites' ) . '

' . '

' . $suggested_text . __( 'Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.' ) . '

' . - '

' . __( 'These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.' ) . '

' . + '

' . __( 'These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.' ) . '

' . '

' . __( 'Analytics' ) . '

'; $descr && $content .= diff --git a/wp-admin/includes/plugin.php b/wp-admin/includes/plugin.php index d794a8acc..792b2a63d 100644 --- a/wp-admin/includes/plugin.php +++ b/wp-admin/includes/plugin.php @@ -1898,15 +1898,17 @@ function plugin_sandbox_scrape( $plugin ) { } /** - * Helper function for adding content to the postbox shown when editing the privacy policy. + * Helper function for adding content to the Privacy Policy Guide. * * Plugins and themes should suggest text for inclusion in the site's privacy policy. * The suggested text should contain information about any functionality that affects user privacy, - * and will be shown in the Suggested Privacy Policy Content postbox. + * and will be shown on the Privacy Policy Guide screen. * * A plugin or theme can use this function multiple times as long as it will help to better present * the suggested policy content. For example modular plugins such as WooCommerse or Jetpack * can add or remove suggested content depending on the modules/extensions that are enabled. + * For more information see the Plugin Handbook: + * https://developer.wordpress.org/plugins/privacy/suggesting-text-for-the-site-privacy-policy/. * * Intended for use with the `'admin_init'` action. * @@ -1914,9 +1916,32 @@ function plugin_sandbox_scrape( $plugin ) { * * @param string $plugin_name The name of the plugin or theme that is suggesting content for the site's privacy policy. * @param string $policy_text The suggested content for inclusion in the policy. - * For more information see the Plugins Handbook https://developer.wordpress.org/plugins/. */ function wp_add_privacy_policy_content( $plugin_name, $policy_text ) { + if ( ! is_admin() ) { + _doing_it_wrong( + __FUNCTION__, + sprintf( + /* translators: %s: admin_init */ + __( 'The suggested privacy policy content should be added only in wp-admin by using the %s (or later) action.' ), + 'admin_init' + ), + '4.9.7' + ); + return; + } elseif ( ! doing_action( 'admin_init' ) && ! did_action( 'admin_init' ) ) { + _doing_it_wrong( + __FUNCTION__, + sprintf( + /* translators: %s: admin_init */ + __( 'The suggested privacy policy content should be added by using the %s (or later) action. Please see the inline documentation.' ), + 'admin_init' + ), + '4.9.7' + ); + return; + } + if ( ! class_exists( 'WP_Privacy_Policy_Content' ) ) { require_once( ABSPATH . 'wp-admin/includes/misc.php' ); } diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index 2029684e4..29fd358e6 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -1017,7 +1017,7 @@ function do_meta_boxes( $screen, $context, $object ) { $hidden = get_hidden_meta_boxes( $screen ); - printf('
', htmlspecialchars($context)); + printf( '
', esc_attr( $context ) ); // Grab the ones the user has manually sorted. Pull them out of their previous context/priority and into the one the user chose if ( ! $already_sorted && $sorted = get_user_option( "meta-box-order_$page" ) ) { diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php index 68be2ba60..2ebcb3326 100644 --- a/wp-admin/includes/user.php +++ b/wp-admin/includes/user.php @@ -1380,6 +1380,7 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Requests_Table { * @return string Email column markup. */ public function column_email( $item ) { + /** This filter is documented in wp-admin/includes/ajax-actions.php */ $exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() ); $exporters_count = count( $exporters ); $request_id = $item->ID; @@ -1420,6 +1421,7 @@ public function column_next_steps( $item ) { esc_html_e( 'Waiting for confirmation' ); break; case 'request-confirmed': + /** This filter is documented in wp-admin/includes/ajax-actions.php */ $exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() ); $exporters_count = count( $exporters ); $request_id = $item->ID; @@ -1492,6 +1494,7 @@ public function column_email( $item ) { // Allow the administrator to "force remove" the personal data even if confirmation has not yet been received. $status = $item->status; if ( 'request-confirmed' !== $status ) { + /** This filter is documented in wp-admin/includes/ajax-actions.php */ $erasers = apply_filters( 'wp_privacy_personal_data_erasers', array() ); $erasers_count = count( $erasers ); $request_id = $item->ID; @@ -1532,6 +1535,7 @@ public function column_next_steps( $item ) { esc_html_e( 'Waiting for confirmation' ); break; case 'request-confirmed': + /** This filter is documented in wp-admin/includes/ajax-actions.php */ $erasers = apply_filters( 'wp_privacy_personal_data_erasers', array() ); $erasers_count = count( $erasers ); $request_id = $item->ID; diff --git a/wp-admin/privacy.php b/wp-admin/privacy.php index 991ad72ef..9c360dd18 100644 --- a/wp-admin/privacy.php +++ b/wp-admin/privacy.php @@ -22,14 +22,33 @@ $privacy_policy_page_id = isset( $_POST['page_for_privacy_policy'] ) ? (int) $_POST['page_for_privacy_policy'] : 0; update_option( 'wp_page_for_privacy_policy', $privacy_policy_page_id ); + $privacy_page_updated_message = __( 'Privacy policy page updated successfully.' ); + + if ( $privacy_policy_page_id ) { + /* + * Don't always link to the menu customizer: + * + * - Unpublished pages can't be selected by default. + * - `WP_Customize_Nav_Menus::__construct()` checks the user's capabilities. + * - Themes might not "officially" support menus. + */ + if ( + 'publish' === get_post_status( $privacy_policy_page_id ) + && current_user_can( 'edit_theme_options' ) + && current_theme_supports( 'menus' ) + ) { + $privacy_page_updated_message = sprintf( + /* translators: %s: URL to Customizer -> Menus */ + __( 'Privacy policy page updated successfully. Remember to update your menus!' ), + esc_url( add_query_arg( 'autofocus[panel]', 'nav_menus', admin_url( 'customize.php' ) ) ) + ); + } + } + add_settings_error( 'page_for_privacy_policy', 'page_for_privacy_policy', - sprintf( - /* translators: %s: URL to Customizer -> Menus */ - __( 'Privacy policy page updated successfully. Remember to update your menus!' ), - 'customize.php?autofocus[panel]=nav_menus' - ), + $privacy_page_updated_message, 'updated' ); } elseif ( 'create-privacy-page' === $action ) { diff --git a/wp-includes/class-wp-term-query.php b/wp-includes/class-wp-term-query.php index 6d35fe5d6..def009dc8 100644 --- a/wp-includes/class-wp-term-query.php +++ b/wp-includes/class-wp-term-query.php @@ -674,7 +674,7 @@ public function get_terms() { $cache_key = "get_terms:$key:$last_changed"; $cache = wp_cache_get( $cache_key, 'terms' ); if ( false !== $cache ) { - if ( 'all' === $_fields ) { + if ( 'all' === $_fields || 'all_with_object_id' === $_fields ) { $cache = array_map( 'get_term', $cache ); } diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 51193cec1..7bde60c51 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -2123,6 +2123,7 @@ function wp_list_comments( $args = array(), $comments = null ) { * @since 4.5.0 The 'author', 'email', and 'url' form fields are limited to 245, 100, * and 200 characters, respectively. * @since 4.6.0 Introduced the 'action' argument. + * @since 4.9.6 Introduced the 'cookies' default comment field. * * @param array $args { * Optional. Default arguments and form fields to override. @@ -2130,9 +2131,10 @@ function wp_list_comments( $args = array(), $comments = null ) { * @type array $fields { * Default comment fields, filterable by default via the {@see 'comment_form_default_fields'} hook. * - * @type string $author Comment author field HTML. - * @type string $email Comment author email field HTML. - * @type string $url Comment author URL field HTML. + * @type string $author Comment author field HTML. + * @type string $email Comment author email field HTML. + * @type string $url Comment author URL field HTML. + * @type string $cookies Comment cookie opt-in field HTML. * } * @type string $comment_field The comment textarea field HTML. * @type string $must_log_in HTML element for a 'must be logged in to comment' message. diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 59fb55755..313e015ec 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -1716,17 +1716,30 @@ function path_join( $base, $path ) { * @since 3.9.0 * @since 4.4.0 Ensures upper-case drive letters on Windows systems. * @since 4.5.0 Allows for Windows network shares. + * @since 4.9.7 Allows for PHP file wrappers. * * @param string $path Path to normalize. * @return string Normalized path. */ function wp_normalize_path( $path ) { + $wrapper = ''; + if ( wp_is_stream( $path ) ) { + list( $wrapper, $path ) = explode( '://', $path, 2 ); + $wrapper .= '://'; + } + + // Standardise all paths to use / $path = str_replace( '\\', '/', $path ); + + // Replace multiple slashes down to a singular, allowing for network shares having two slashes. $path = preg_replace( '|(?<=.)/+|', '/', $path ); + + // Windows paths should uppercase the drive letter if ( ':' === substr( $path, 1, 1 ) ) { $path = ucfirst( $path ); } - return $path; + + return $wrapper . $path; } /** @@ -5518,6 +5531,28 @@ function wp_delete_file( $file ) { } } +/** + * Deletes a file if its path is within the given directory. + * + * @since 4.9.7 + * + * @param string $file Absolute path to the file to delete. + * @param string $directory Absolute path to a directory. + * @return bool True on success, false on failure. + */ +function wp_delete_file_from_directory( $file, $directory ) { + $real_file = realpath( wp_normalize_path( $file ) ); + $real_directory = realpath( wp_normalize_path( $directory ) ); + + if ( false === $real_file || false === $real_directory || strpos( wp_normalize_path( $real_file ), trailingslashit( wp_normalize_path( $real_directory ) ) ) !== 0 ) { + return false; + } + + wp_delete_file( $file ); + + return true; +} + /** * Outputs a small JS snippet on preview tabs/windows to remove `window.name` on unload. * diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 792136759..a8c03d238 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -967,6 +967,9 @@ function wp_clear_auth_cookie() { setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); + + // Post password cookie + setcookie( 'wp-postpass_' . COOKIEHASH, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); } endif; diff --git a/wp-includes/pn-version.php b/wp-includes/pn-version.php index c167e86d1..bab517b5c 100644 --- a/wp-includes/pn-version.php +++ b/wp-includes/pn-version.php @@ -1,3 +1,3 @@ get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%' . $wpdb->esc_like( $meta['thumb'] ) . '%', $post_id)) ) { - $thumbfile = str_replace(basename($file), $meta['thumb'], $file); - /** This filter is documented in wp-includes/functions.php */ - $thumbfile = apply_filters( 'wp_delete_file', $thumbfile ); - @ unlink( path_join($uploadpath['basedir'], $thumbfile) ); + if ( ! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%' . $wpdb->esc_like( $meta['thumb'] ) . '%', $post_id ) ) ) { + $thumbfile = str_replace( basename( $file ), $meta['thumb'], $file ); + if ( ! empty( $thumbfile ) ) { + $thumbfile = path_join( $uploadpath['basedir'], $thumbfile ); + $thumbdir = path_join( $uploadpath['basedir'], dirname( $file ) ); + + if ( ! wp_delete_file_from_directory( $thumbfile, $thumbdir ) ) { + $deleted = false; + } + } } } // Remove intermediate and backup images if there are any. if ( isset( $meta['sizes'] ) && is_array( $meta['sizes'] ) ) { + $intermediate_dir = path_join( $uploadpath['basedir'], dirname( $file ) ); foreach ( $meta['sizes'] as $size => $sizeinfo ) { $intermediate_file = str_replace( basename( $file ), $sizeinfo['file'], $file ); - /** This filter is documented in wp-includes/functions.php */ - $intermediate_file = apply_filters( 'wp_delete_file', $intermediate_file ); - @ unlink( path_join( $uploadpath['basedir'], $intermediate_file ) ); + if ( ! empty( $intermediate_file ) ) { + $intermediate_file = path_join( $uploadpath['basedir'], $intermediate_file ); + + if ( ! wp_delete_file_from_directory( $intermediate_file, $intermediate_dir ) ) { + $deleted = false; + } + } } } - if ( is_array($backup_sizes) ) { + if ( is_array( $backup_sizes ) ) { + $del_dir = path_join( $uploadpath['basedir'], dirname( $meta['file'] ) ); foreach ( $backup_sizes as $size ) { - $del_file = path_join( dirname($meta['file']), $size['file'] ); - /** This filter is documented in wp-includes/functions.php */ - $del_file = apply_filters( 'wp_delete_file', $del_file ); - @ unlink( path_join($uploadpath['basedir'], $del_file) ); + $del_file = path_join( dirname( $meta['file'] ), $size['file'] ); + if ( ! empty( $del_file ) ) { + $del_file = path_join( $uploadpath['basedir'], $del_file ); + + if ( ! wp_delete_file_from_directory( $del_file, $del_dir ) ) { + $deleted = false; + } + } } } - wp_delete_file( $file ); - - clean_post_cache( $post ); + if ( ! wp_delete_file_from_directory( $file, $uploadpath['basedir'] ) ) { + $deleted = false; + } - return $post; + return $deleted; } /** diff --git a/wp-includes/user.php b/wp-includes/user.php index a226efdb4..88f771377 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -2648,7 +2648,7 @@ function send_confirmation_on_profile_email() { return; } - $hash = md5( $_POST['email'] . time() . mt_rand() ); + $hash = md5( $_POST['email'] . time() . wp_rand() ); $new_user_email = array( 'hash' => $hash, 'newemail' => $_POST['email'], @@ -3258,7 +3258,7 @@ function wp_send_user_request( $request_id ) { 'siteurl' => network_home_url(), ); - /* translators: Do not translate DESCRIPTION, CONFIRM_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ + /* translators: Do not translate DESCRIPTION, CONFIRM_URL, SITENAME, SITEURL: those are placeholders. */ $email_text = __( 'Howdy, @@ -3272,8 +3272,6 @@ function wp_send_user_request( $request_id ) { You can safely ignore and delete this email if you do not want to take this action. -This email has been sent to ###EMAIL###. - Regards, All at ###SITENAME### ###SITEURL###' @@ -3286,7 +3284,6 @@ function wp_send_user_request( $request_id ) { * * ###DESCRIPTION### Description of the action being performed so the user knows what the email is for. * ###CONFIRM_URL### The link to click on to confirm the account action. - * ###EMAIL### The email we are sending to. * ###SITENAME### The name of the site. * ###SITEURL### The URL to the site. * @@ -3429,7 +3426,7 @@ function wp_validate_user_request_key( $request_id, $key ) { } if ( ! $expiration_time || time() > $expiration_time ) { - $return = new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) ); + return new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) ); } return true; diff --git a/wp-includes/version.php b/wp-includes/version.php index 9710ebbf5..f5efbfcdb 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9.6'; +$wp_version = '4.9.7'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff --git a/wp-includes/widgets.php b/wp-includes/widgets.php index 1e939e173..683c7ab91 100644 --- a/wp-includes/widgets.php +++ b/wp-includes/widgets.php @@ -420,8 +420,9 @@ function wp_sidebar_description( $id ) { global $wp_registered_sidebars; - if ( isset($wp_registered_sidebars[$id]['description']) ) - return esc_html( $wp_registered_sidebars[$id]['description'] ); + if ( isset( $wp_registered_sidebars[ $id ]['description'] ) ) { + return wp_kses( $wp_registered_sidebars[ $id ]['description'], 'sidebar_description' ); + } } /**