WordPress 4.2.5

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>

diff --git a/readme.html b/readme.html
index c44623cfa43016d7c8961115b1d2051201eb8b95..cdf3e4e4f5ed5fc1a417e8d7748743b1b70cd9d9 100644 (file)
--- a/readme.html
+++ b/readme.html
@@ -9,7 +9,7 @@
 <body>
 <h1 id="logo">
        <a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
 <body>
 <h1 id="logo">
        <a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>

-       <br /> Version 4.2.4
+       <br /> Version 4.2.5

 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 

diff --git a/wp-admin/about.php b/wp-admin/about.php
index 8105de98854902e7369907d24470890db983810b..6e85b919a6b818f90e57a0f149d11e18b7470372 100644 (file)
--- a/wp-admin/about.php
+++ b/wp-admin/about.php
@@ -41,7 +41,11 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 </h2>
 
 <div class="changelog point-releases">
 </h2>
 
 <div class="changelog point-releases">

-       <h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 4 ); ?></h3>
+       <h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 5 ); ?></h3>
+       <p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 2 ), '4.2.5', number_format_i18n( 2 ) ); ?>
+               <?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_4.2.5' ); ?>
+       </p>

        <p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
          '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 4 ), '4.2.4', number_format_i18n( 4 ) ); ?>
                <?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_4.2.4' ); ?>
        <p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
          '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 4 ), '4.2.4', number_format_i18n( 4 ) ); ?>
                <?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_4.2.4' ); ?>

diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php
index 423a159f78874f7b2a14b17c51a15f874b802a35..696b4328c7ce97281747ea659dcee74738dc24c0 100644 (file)
--- a/wp-admin/includes/ajax-actions.php
+++ b/wp-admin/includes/ajax-actions.php
@@ -1540,10 +1540,12 @@ function wp_ajax_inline_save() {
                $data['parent_id'] = $data['post_parent'];
 
        // Status.
                $data['parent_id'] = $data['post_parent'];
 
        // Status.

-       if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
+       if ( isset( $data['keep_private'] ) && 'private' == $data['keep_private'] ) {
+               $data['visibility']  = 'private';

                $data['post_status'] = 'private';
                $data['post_status'] = 'private';

-       else
+       } else {

                $data['post_status'] = $data['_status'];
                $data['post_status'] = $data['_status'];

+       }

 
        if ( empty($data['comment_status']) )
                $data['comment_status'] = 'closed';
 
        if ( empty($data['comment_status']) )
                $data['comment_status'] = 'closed';

diff --git a/wp-admin/includes/class-wp-ms-users-list-table.php b/wp-admin/includes/class-wp-ms-users-list-table.php
index e5eaeb5056185455a100d7f0ee1a7930607eedb7..c70636f6d979f1498fa82df6bde64ea62987fcb6 100644 (file)
--- a/wp-admin/includes/class-wp-ms-users-list-table.php
+++ b/wp-admin/includes/class-wp-ms-users-list-table.php
@@ -224,7 +224,7 @@ class WP_MS_Users_List_Table extends WP_List_Table {
                                        break;
 
                                        case 'email':
                                        break;
 
                                        case 'email':

-                                               echo "<td $attributes><a href='mailto:$user->user_email'>$user->user_email</a></td>";
+                                               echo "<td $attributes><a href='" . esc_url( "mailto:$user->user_email" ) . "'>$user->user_email</a></td>";

                                        break;
 
                                        case 'registered':
                                        break;
 
                                        case 'registered':

diff --git a/wp-admin/includes/class-wp-users-list-table.php b/wp-admin/includes/class-wp-users-list-table.php
index 500673637068075cd277f3d075ef4209dd34b0f0..07aab5b1b78a886bf113eedd5e9e25d9e6f807d1 100644 (file)
--- a/wp-admin/includes/class-wp-users-list-table.php
+++ b/wp-admin/includes/class-wp-users-list-table.php
@@ -420,7 +420,7 @@ class WP_Users_List_Table extends WP_List_Table {
                                        $r .= "<td $attributes>$user_object->first_name $user_object->last_name</td>";
                                        break;
                                case 'email':
                                        $r .= "<td $attributes>$user_object->first_name $user_object->last_name</td>";
                                        break;
                                case 'email':

-                                       $r .= "<td $attributes><a href='mailto:$email' title='" . esc_attr( sprintf( __( 'E-mail: %s' ), $email ) ) . "'>$email</a></td>";
+                                       $r .= "<td $attributes><a href='" . esc_url( "mailto:$email" ) . "' title='" . esc_attr( sprintf( __( 'E-mail: %s' ), $email ) ) . "'>$email</a></td>";

                                        break;
                                case 'role':
                                        $r .= "<td $attributes>$role_name</td>";
                                        break;
                                case 'role':
                                        $r .= "<td $attributes>$role_name</td>";

diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php
index 8a3d335030a7ee5b39021cbce49f1bd4c22ea6bd..b73eb41b3c31f7edb3143104a72f2137d2bc1949 100644 (file)
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -1260,7 +1260,16 @@ function map_meta_cap( $cap, $user_id ) {
                if ( empty( $comment ) )
                        break;
                $post = get_post( $comment->comment_post_ID );
                if ( empty( $comment ) )
                        break;
                $post = get_post( $comment->comment_post_ID );

-               $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
+
+               /*
+                * If the post doesn't exist, we have an orphaned comment.
+                * Fall back to the edit_posts capability, instead.
+                */
+               if ( $post ) {
+                       $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
+               } else {
+                       $caps = map_meta_cap( 'edit_posts', $user_id );
+               }

                break;
        case 'unfiltered_upload':
                if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  )
                break;
        case 'unfiltered_upload':
                if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  )

diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php
index 10c593d2a49d0e0c3d057d6e7557fea10a2443fa..aac66314937d21376dc42b6bb9da75975b9f63a4 100644 (file)
--- a/wp-includes/class-wp-xmlrpc-server.php
+++ b/wp-includes/class-wp-xmlrpc-server.php
@@ -1150,6 +1150,56 @@ class wp_xmlrpc_server extends IXR_Server {
                return $count > 1;
        }
 
                return $count > 1;
        }
 

+       private function _validate_boolean( $var ) {
+               if ( is_bool( $var ) ) {
+                       return $var;
+               }
+
+               if ( is_string( $var ) && 'false' === strtolower( $var ) ) {
+                       return false;
+               }
+
+               return (bool) $var;
+       }
+
+       /**
+        * Encapsulate the logic for sticking a post
+        * and determining if the user has permission to do so
+        *
+        * @since 4.3.0
+        * @access private
+        *
+        * @param array $post_data
+        * @param bool  $update
+        * @return void|IXR_Error
+        */
+       private function _toggle_sticky( $post_data, $update = false ) {
+               $post_type = get_post_type_object( $post_data['post_type'] );
+
+               // Private and password-protected posts cannot be stickied.
+               if ( 'private' === $post_data['post_status'] || ! empty( $post_data['post_password'] ) ) {
+                       // Error if the client tried to stick the post, otherwise, silently unstick.
+                       if ( ! empty( $post_data['sticky'] ) ) {
+                               return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) );
+                       }
+
+                       if ( $update ) {
+                               unstick_post( $post_data['ID'] );
+                       }
+               } elseif ( isset( $post_data['sticky'] ) )  {
+                       if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) {
+                               return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) );
+                       }
+
+                       $sticky = $this->_validate_boolean( $post_data['sticky'] );
+                       if ( $sticky ) {
+                               stick_post( $post_data['ID'] );
+                       } else {
+                               unstick_post( $post_data['ID'] );
+                       }
+               }
+       }
+

        /**
         * Helper method for wp_newPost and wp_editPost, containing shared logic.
         *
        /**
         * Helper method for wp_newPost and wp_editPost, containing shared logic.
         *


@@ -1242,20 +1292,9 @@ class wp_xmlrpc_server extends IXR_Server {
                $post_ID = $post_data['ID'];
 
                if ( $post_data['post_type'] == 'post' ) {
                $post_ID = $post_data['ID'];
 
                if ( $post_data['post_type'] == 'post' ) {

-                       // Private and password-protected posts cannot be stickied.
-                       if ( $post_data['post_status'] == 'private' || ! empty( $post_data['post_password'] ) ) {
-                               // Error if the client tried to stick the post, otherwise, silently unstick.
-                               if ( ! empty( $post_data['sticky'] ) )
-                                       return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) );
-                               if ( $update )
-                                       unstick_post( $post_ID );
-                       } elseif ( isset( $post_data['sticky'] ) )  {
-                               if ( ! current_user_can( $post_type->cap->edit_others_posts ) )
-                                       return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) );
-                               if ( $post_data['sticky'] )
-                                       stick_post( $post_ID );
-                               else
-                                       unstick_post( $post_ID );
+                       $error = $this->_toggle_sticky( $post_data, $update );
+                       if ( $error ) {
+                               return $error;

                        }
                }
 
                        }
                }
 


@@ -4580,10 +4619,12 @@ class wp_xmlrpc_server extends IXR_Server {
 
                // Only posts can be sticky
                if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) {
 
                // Only posts can be sticky
                if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) {

-                       if ( $content_struct['sticky'] == true )
-                               stick_post( $post_ID );
-                       elseif ( $content_struct['sticky'] == false )
-                               unstick_post( $post_ID );
+                       $data = $postdata;
+                       $data['sticky'] = $content_struct['sticky'];
+                       $error = $this->_toggle_sticky( $data );
+                       if ( $error ) {
+                               return $error;
+                       }

                }
 
                if ( isset($content_struct['custom_fields']) )
                }
 
                if ( isset($content_struct['custom_fields']) )


@@ -4873,8 +4914,8 @@ class wp_xmlrpc_server extends IXR_Server {
 
                $tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : null;
 
 
                $tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : null;
 

-               if ( ('publish' == $post_status) ) {
-                       if ( ( 'page' == $post_type ) && ! current_user_can( 'publish_pages' ) ) {
+               if ( 'publish' == $post_status || 'private' == $post_status ) {
+                       if ( 'page' == $post_type && ! current_user_can( 'publish_pages' ) ) {

                                return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this page.' ) );
                        } elseif ( ! current_user_can( 'publish_posts' ) ) {
                                return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this post.' ) );
                                return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this page.' ) );
                        } elseif ( ! current_user_can( 'publish_posts' ) ) {
                                return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this post.' ) );


@@ -4918,10 +4959,13 @@ class wp_xmlrpc_server extends IXR_Server {
 
                // Only posts can be sticky
                if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) {
 
                // Only posts can be sticky
                if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) {

-                       if ( $content_struct['sticky'] == true )
-                               stick_post( $post_ID );
-                       elseif ( $content_struct['sticky'] == false )
-                               unstick_post( $post_ID );
+                       $data = $newpost;
+                       $data['sticky'] = $content_struct['sticky'];
+                       $data['post_type'] = 'post';
+                       $error = $this->_toggle_sticky( $data, true );
+                       if ( $error ) {
+                               return $error;
+                       }

                }
 
                if ( isset($content_struct['custom_fields']) )
                }
 
                if ( isset($content_struct['custom_fields']) )

diff --git a/wp-includes/media.php b/wp-includes/media.php
index b69b328d1336207657fb44e3ad1440dd97afb319..35ecdd95691cb863395d9d721b9366006dd05e32 100644 (file)
--- a/wp-includes/media.php
+++ b/wp-includes/media.php
@@ -847,6 +847,8 @@ function img_caption_shortcode( $attr, $content = null ) {
                        $content = $matches[1];
                        $attr['caption'] = trim( $matches[2] );
                }
                        $content = $matches[1];
                        $attr['caption'] = trim( $matches[2] );
                }

+       } elseif ( strpos( $attr['caption'], '<' ) !== false ) {
+               $attr['caption'] = wp_kses( $attr['caption'], 'post' );

        }
 
        /**
        }
 
        /**

diff --git a/wp-includes/shortcodes.php b/wp-includes/shortcodes.php
index 531a1fa18650c84db60df2ec55016c29be7807e1..810db20076918d7fad44bc848ff0ff0a28ede7d4 100644 (file)
--- a/wp-includes/shortcodes.php
+++ b/wp-includes/shortcodes.php
@@ -457,6 +457,15 @@ function shortcode_parse_atts($text) {
                        elseif (isset($m[8]))
                                $atts[] = stripcslashes($m[8]);
                }
                        elseif (isset($m[8]))
                                $atts[] = stripcslashes($m[8]);
                }

+
+               // Reject any unclosed HTML elements
+               foreach( $atts as &$value ) {
+                       if ( false !== strpos( $value, '<' ) ) {
+                               if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) {
+                                       $value = '';
+                               }
+                       }
+               }

        } else {
                $atts = ltrim($text);
        }
        } else {
                $atts = ltrim($text);
        }

diff --git a/wp-includes/version.php b/wp-includes/version.php
index 21e9f5ad1a0f81078ead8fedddd11e2f0802d328..dda093a54a6e39006083378ce2746368cf20ff7c 100644 (file)
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
  *
  * @global string $wp_version
  */

-$wp_version = '4.2.4';
+$wp_version = '4.2.5';

 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php
index 14a3438b8edaac6305bb4737981e9bb65e316127..296a5d21d4aab2cf9628fa106619fbd18f386f92 100644 (file)
--- a/wp-includes/wp-db.php
+++ b/wp-includes/wp-db.php
@@ -2835,7 +2835,7 @@ class wpdb {
                                . '|REPLACE(?:\s+LOW_PRIORITY|\s+DELAYED)?(?:\s+INTO)?'
                                . '|UPDATE(?:\s+LOW_PRIORITY)?(?:\s+IGNORE)?'
                                . '|DELETE(?:\s+LOW_PRIORITY|\s+QUICK|\s+IGNORE)*(?:\s+FROM)?'
                                . '|REPLACE(?:\s+LOW_PRIORITY|\s+DELAYED)?(?:\s+INTO)?'
                                . '|UPDATE(?:\s+LOW_PRIORITY)?(?:\s+IGNORE)?'
                                . '|DELETE(?:\s+LOW_PRIORITY|\s+QUICK|\s+IGNORE)*(?:\s+FROM)?'

-                               . ')\s+((?:[0-9a-zA-Z$_.`]|[\xC2-\xDF][\x80-\xBF])+)/is', $query, $maybe ) ) {
+                               . ')\s+((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)/is', $query, $maybe ) ) {

                        return str_replace( '`', '', $maybe[1] );
                }
 
                        return str_replace( '`', '', $maybe[1] );
                }
 


@@ -2843,7 +2843,7 @@ class wpdb {
                if ( preg_match( '/^\s*(?:'
                                . 'SHOW\s+TABLE\s+STATUS.+(?:LIKE\s+|WHERE\s+Name\s*=\s*)'
                                . '|SHOW\s+(?:FULL\s+)?TABLES.+(?:LIKE\s+|WHERE\s+Name\s*=\s*)'
                if ( preg_match( '/^\s*(?:'
                                . 'SHOW\s+TABLE\s+STATUS.+(?:LIKE\s+|WHERE\s+Name\s*=\s*)'
                                . '|SHOW\s+(?:FULL\s+)?TABLES.+(?:LIKE\s+|WHERE\s+Name\s*=\s*)'

-                               . ')\W((?:[0-9a-zA-Z$_.`]|[\xC2-\xDF][\x80-\xBF])+)\W/is', $query, $maybe ) ) {
+                               . ')\W((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)\W/is', $query, $maybe ) ) {

                        return str_replace( '`', '', $maybe[1] );
                }
 
                        return str_replace( '`', '', $maybe[1] );
                }
 


@@ -2862,7 +2862,7 @@ class wpdb {
                                . '|LOAD\s+DATA.*INFILE.*INTO\s+TABLE'
                                . '|(?:GRANT|REVOKE).*ON\s+TABLE'
                                . '|SHOW\s+(?:.*FROM|.*TABLE)'
                                . '|LOAD\s+DATA.*INFILE.*INTO\s+TABLE'
                                . '|(?:GRANT|REVOKE).*ON\s+TABLE'
                                . '|SHOW\s+(?:.*FROM|.*TABLE)'

-                               . ')\s+\(*\s*((?:[0-9a-zA-Z$_.`]|[\xC2-\xDF][\x80-\xBF])+)\s*\)*/is', $query, $maybe ) ) {
+                               . ')\s+\(*\s*((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)\s*\)*/is', $query, $maybe ) ) {

                        return str_replace( '`', '', $maybe[1] );
                }
 
                        return str_replace( '`', '', $maybe[1] );
                }