WordPress 4.2.1 wordpress-4.2.1
authorEdward Z. Yang <ezyang@cs.stanford.edu>
Sun, 3 May 2015 19:07:00 +0000 (12:07 -0700)
committerEdward Z. Yang <ezyang@cs.stanford.edu>
Sun, 3 May 2015 19:07:00 +0000 (12:07 -0700)
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
readme.html
wp-admin/about.php
wp-admin/includes/upgrade.php
wp-includes/version.php
wp-includes/wp-db.php

index f09135ac5196af0763e52af42db3af0b04d449e8..1aea37e067ea270cf38485fc8a3d2248e5c262c4 100644 (file)
@@ -9,7 +9,7 @@
 <body>
 <h1 id="logo">
        <a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
-       <br /> Version 4.2
+       <br /> Version 4.2.1
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 
index 57c00d0cd735dad09abba213b49df6897d11d963..a1f16d3e29834f4d1c6c15fc40512387e731081f 100644 (file)
@@ -40,6 +40,14 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
        </a>
 </h2>
 
+<div class="changelog point-releases">
+       <h3><?php echo _n( 'Security Release', 'Security Releases', 1 ); ?></h3>
+       <p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 1 ), '4.2.1' ); ?>
+               <?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_4.2.1' ); ?>
+       </p>
+</div>
+
 <div class="headline-feature feature-video">
        <embed type="application/x-shockwave-flash" src="https://v0.wordpress.com/player.swf?v=1.04" width="1000" height="560" wmode="direct" seamlesstabbing="true" allowfullscreen="true" allowscriptaccess="always" overstretch="true" flashvars="guid=e9kH4FzP&amp;isDynamicSeeking=true"></embed>
 </div>
index b1c4bc28fae9ae101640e9d9fb7b7f84f6b1385b..9803f88b42dc26540cb8d439191dc283d08c73a5 100644 (file)
@@ -527,6 +527,9 @@ function upgrade_all() {
        if ( $wp_current_db_version < 31351 )
                upgrade_420();
 
+       if ( $wp_current_db_version < 31533 )
+               upgrade_421();
+
        maybe_disable_link_manager();
 
        maybe_disable_automattic_widgets();
@@ -1435,6 +1438,33 @@ function upgrade_420() {
        }
 }
 
+/**
+ * Execute changes made in WordPress 4.2.1.
+ *
+ * @since 4.2.1
+ */
+function upgrade_421() {
+       global $wp_current_db_version, $wpdb;
+
+       if ( $wp_current_db_version < 31533 ) {
+               $content_length = $wpdb->get_col_length( $wpdb->comments, 'comment_content' );
+               if ( ! $content_length ) {
+                       $content_length = 65535;
+               }
+
+               $comments = $wpdb->get_results(
+                       "SELECT comment_ID FROM $wpdb->comments
+                       WHERE comment_date_gmt > '2015-04-26'
+                       AND CHAR_LENGTH( comment_content ) >= $content_length
+                       AND ( comment_content LIKE '%<%' OR comment_content LIKE '%>%' )"
+               );
+
+               foreach ( $comments as $comment ) {
+                       wp_delete_comment( $comment->comment_ID, true );
+               }
+       }
+}
+
 /**
  * Executes network-level upgrade routines.
  *
index ac5dadd95aba5e52324dbfe1416fa3caa3beb4af..61d686739c4b573f27a100c73274645b310ebb4f 100644 (file)
@@ -4,14 +4,14 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.2';
+$wp_version = '4.2.1';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
  *
  * @global int $wp_db_version
  */
-$wp_db_version = 31532;
+$wp_db_version = 31533;
 
 /**
  * Holds the TinyMCE version
index 5e5cd1eefd12858c47327d01890df448b37f7286..0bd7a1882bff96055cb13debfc65e45fe301248a 100644 (file)
@@ -1946,11 +1946,20 @@ class wpdb {
         */
        protected function process_fields( $table, $data, $format ) {
                $data = $this->process_field_formats( $data, $format );
+               if ( false === $data ) {
+                       return false;
+               }
+
                $data = $this->process_field_charsets( $data, $table );
                if ( false === $data ) {
                        return false;
                }
 
+               $data = $this->process_field_lengths( $data, $table );
+               if ( false === $data ) {
+                       return false;
+               }
+
                $converted_data = $this->strip_invalid_text( $data );
 
                if ( $data !== $converted_data ) {
@@ -2031,6 +2040,40 @@ class wpdb {
                return $data;
        }
 
+       /**
+        * For string fields, record the maximum string length that field can safely save.
+        *
+        * @since 4.2.1
+        * @access protected
+        *
+        * @param array  $data  As it comes from the wpdb::process_field_charsets() method.
+        * @param string $table Table name.
+        * @return array|False The same array as $data with additional 'length' keys, or false if
+        *                     any of the values were too long for their corresponding field.
+        */
+       protected function process_field_lengths( $data, $table ) {
+               foreach ( $data as $field => $value ) {
+                       if ( '%d' === $value['format'] || '%f' === $value['format'] ) {
+                               // We can skip this field if we know it isn't a string.
+                               // This checks %d/%f versus ! %s because it's sprintf() could take more.
+                               $value['length'] = false;
+                       } else {
+                               $value['length'] = $this->get_col_length( $table, $field );
+                               if ( is_wp_error( $value['length'] ) ) {
+                                       return false;
+                               }
+                       }
+
+                       if ( false !== $value['length'] && mb_strlen( $value['value'] ) > $value['length'] ) {
+                               return false;
+                       }
+
+                       $data[ $field ] = $value;
+               }
+
+               return $data;
+       }
+
        /**
         * Retrieve one variable from the database.
         *
@@ -2361,6 +2404,77 @@ class wpdb {
                return $charset;
        }
 
+       /**
+        * Retrieve the maximum string length allowed in a given column.
+        *
+        * @since 4.2.1
+        * @access public
+        *
+        * @param string $table  Table name.
+        * @param string $column Column name.
+        * @return mixed Max column length as an int. False if the column has no
+        *               length. WP_Error object if there was an error.
+        */
+       public function get_col_length( $table, $column ) {
+               $tablekey = strtolower( $table );
+               $columnkey = strtolower( $column );
+
+               // Skip this entirely if this isn't a MySQL database.
+               if ( false === $this->is_mysql ) {
+                       return false;
+               }
+
+               if ( empty( $this->col_meta[ $tablekey ] ) ) {
+                       // This primes column information for us.
+                       $table_charset = $this->get_table_charset( $table );
+                       if ( is_wp_error( $table_charset ) ) {
+                               return $table_charset;
+                       }
+               }
+
+               if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) {
+                       return false;
+               }
+
+               $typeinfo = explode( '(', $this->col_meta[ $tablekey ][ $columnkey ]->Type );
+
+               $type = strtolower( $typeinfo[0] );
+               if ( ! empty( $typeinfo[1] ) ) {
+                       $length = trim( $typeinfo[1], ')' );
+               } else {
+                       $length = false;
+               }
+
+               switch( $type ) {
+                       case 'binary':
+                       case 'char':
+                       case 'varbinary':
+                       case 'varchar':
+                               return $length;
+                               break;
+                       case 'tinyblob':
+                       case 'tinytext':
+                               return 255; // 2^8 - 1
+                               break;
+                       case 'blob':
+                       case 'text':
+                               return 65535; // 2^16 - 1
+                               break;
+                       case 'mediumblob':
+                       case 'mediumtext':
+                               return 16777215; // 2^24 - 1
+                               break;
+                       case 'longblob':
+                       case 'longtext':
+                               return 4294967295; // 2^32 - 1
+                               break;
+                       default:
+                               return false;
+               }
+
+               return false;
+       }
+
        /**
         * Check if a string is ASCII.
         *