From e9d988989fe37ab8c5f903e47fbe36e6e00dc51f Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <ezyang@mit.edu>
Date: Sat, 28 May 2011 02:01:10 +0100
Subject: [PATCH] Wordpress 3.1.3

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
---
 readme.html                                   |  2 +-
 wp-admin/admin-ajax.php                       |  4 ++-
 wp-admin/custom-background.php                |  3 +-
 wp-admin/custom-header.php                    |  6 ++--
 .../includes/class-wp-plugins-list-table.php  | 25 ++++++++-------
 wp-admin/includes/import.php                  |  7 ++++-
 wp-admin/includes/media.php                   |  2 +-
 wp-admin/includes/post.php                    | 22 ++++++++-----
 wp-admin/includes/template.php                |  4 +++
 wp-admin/includes/update-core.php             |  2 +-
 wp-admin/ms-delete-site.php                   |  5 ++-
 wp-admin/plugins.php                          |  7 -----
 wp-admin/press-this.php                       |  2 +-
 wp-app.php                                    |  6 ++--
 wp-includes/canonical.php                     |  6 ++--
 wp-includes/class-oembed.php                  |  4 +--
 wp-includes/default-filters.php               | 11 +++++--
 wp-includes/formatting.php                    | 15 ++++++++-
 wp-includes/functions.php                     | 12 +++++++
 wp-includes/meta.php                          | 31 +++++++++++++++++++
 wp-includes/post.php                          | 27 +++++++++++-----
 wp-includes/query.php                         |  8 ++---
 wp-includes/taxonomy.php                      |  8 +++--
 wp-includes/theme.php                         |  2 +-
 wp-includes/version.php                       |  2 +-
 wp-login.php                                  |  3 +-
 26 files changed, 162 insertions(+), 64 deletions(-)

diff --git a/readme.html b/readme.html
index 75d36497..0939107c 100644
--- a/readme.html
+++ b/readme.html
@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo">
 	<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" width="250" height="68" /></a>
-	<br /> Version 3.1.2
+	<br /> Version 3.1.3
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 
diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index d2a8d4d2..a7e0b48d 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -396,7 +396,7 @@ case 'delete-meta' :
 	if ( !$meta = get_post_meta_by_id( $id ) )
 		die('1');
 
-	if ( !current_user_can( 'edit_post', $meta->post_id ) )
+	if ( !current_user_can( 'edit_post', $meta->post_id ) || is_protected_meta( $meta->meta_key ) )
 		die('-1');
 	if ( delete_meta( $meta->meta_id ) )
 		die('1');
@@ -855,6 +855,8 @@ case 'add-meta' :
 			die('0'); // if meta doesn't exist
 		if ( !current_user_can( 'edit_post', $meta->post_id ) )
 			die('-1');
+		if ( is_protected_meta( $meta->meta_key ) )
+			die('-1');
 		if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) {
 			if ( !$u = update_meta( $mid, $key, $value ) )
 				die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
diff --git a/wp-admin/custom-background.php b/wp-admin/custom-background.php
index e3fc23eb..530cb9e4 100644
--- a/wp-admin/custom-background.php
+++ b/wp-admin/custom-background.php
@@ -337,7 +337,8 @@ if ( get_background_image() ) {
 			'post_title' => $filename,
 			'post_content' => $url,
 			'post_mime_type' => $type,
-			'guid' => $url
+			'guid' => $url,
+			'context' => 'custom-background'
 		);
 
 		// Save the data
diff --git a/wp-admin/custom-header.php b/wp-admin/custom-header.php
index f1567f09..bf5f4157 100644
--- a/wp-admin/custom-header.php
+++ b/wp-admin/custom-header.php
@@ -595,7 +595,8 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?>
 		'post_title' => $filename,
 		'post_content' => $url,
 		'post_mime_type' => $type,
-		'guid' => $url);
+		'guid' => $url,
+		'context' => 'custom-header');
 
 		// Save the data
 		$id = wp_insert_attachment($object, $file);
@@ -687,7 +688,8 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?>
 			'post_title' => basename($cropped),
 			'post_content' => $url,
 			'post_mime_type' => 'image/jpeg',
-			'guid' => $url
+			'guid' => $url,
+			'context' => 'custom-header'
 		);
 
 		// Update the attachment
diff --git a/wp-admin/includes/class-wp-plugins-list-table.php b/wp-admin/includes/class-wp-plugins-list-table.php
index eefffb10..b5ad6d48 100644
--- a/wp-admin/includes/class-wp-plugins-list-table.php
+++ b/wp-admin/includes/class-wp-plugins-list-table.php
@@ -195,13 +195,6 @@ class WP_Plugins_List_Table extends WP_List_Table {
 		return array();
 	}
 
-	function display_tablenav( $which ) {
-		global $status;
-
-		if ( !in_array( $status, array( 'mustuse', 'dropins' ) ) )
-			parent::display_tablenav( $which );
-	}
-
 	function get_views() {
 		global $totals, $status;
 
@@ -286,11 +279,19 @@ class WP_Plugins_List_Table extends WP_List_Table {
 	function extra_tablenav( $which ) {
 		global $status;
 
-		if ( 'recently_activated' == $status ) { ?>
-			<div class="alignleft actions">
-				<?php submit_button( __( 'Clear List' ), 'secondary', 'clear-recent-list', false ); ?>
-			</div>
-		<?php }
+		if ( ! in_array($status, array('recently_activated', 'mustuse', 'dropins') ) )
+			return;
+
+		echo '<div class="alignleft actions">';
+
+		if ( 'recently_activated' == $status )
+			submit_button( __( 'Clear List' ), 'secondary', 'clear-recent-list', false );
+		elseif ( 'top' == $which && 'mustuse' == $status )
+			echo '<p>' . __( 'Files in the <code>/wp-content/mu-plugins</code> directory are executed automatically.' ) . '</p>';
+		elseif ( 'top' == $which && 'dropins' == $status )
+			echo '<p>' . __( 'Drop-ins are advanced plugins in the <code>/wp-content</code> directory that replace WordPress functionality when present.' ) . '</p>';
+
+		echo '</div>';
 	}
 
 	function current_action() {
diff --git a/wp-admin/includes/import.php b/wp-admin/includes/import.php
index 51861bdc..f57be766 100644
--- a/wp-admin/includes/import.php
+++ b/wp-admin/includes/import.php
@@ -80,12 +80,17 @@ function wp_import_handle_upload() {
 	$object = array( 'post_title' => $filename,
 		'post_content' => $url,
 		'post_mime_type' => $type,
-		'guid' => $url
+		'guid' => $url,
+		'context' => 'import',
+		'post_status' => 'private'
 	);
 
 	// Save the data
 	$id = wp_insert_attachment( $object, $file );
 
+	// schedule a cleanup for one day from now in case of failed import or missing wp_import_cleanup() call
+	wp_schedule_single_event( time() + 86400, 'importer_scheduled_cleanup', array( $id ) );
+
 	return array( 'file' => $file, 'id' => $id );
 }
 
diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index c9d603ea..7e27ded1 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -1192,7 +1192,7 @@ function get_media_item( $attachment_id, $args = null ) {
 	$toggle_on  = __( 'Show' );
 	$toggle_off = __( 'Hide' );
 
-	$filename = basename( $post->guid );
+	$filename = esc_html( basename( $post->guid ) );
 	$title = esc_attr( $post->post_title );
 
 	if ( $_tags = get_the_tags( $attachment_id ) ) {
diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php
index 12cbaa0f..bb6f469f 100644
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -138,6 +138,7 @@ function edit_post( $post_data = null ) {
 	$post_ID = (int) $post_data['post_ID'];
 	$post = get_post( $post_ID );
 	$post_data['post_type'] = $post->post_type;
+	$post_data['post_mime_type'] = $post->post_mime_type;
 
 	$ptype = get_post_type_object($post_data['post_type']);
 	if ( !current_user_can( $ptype->cap->edit_post, $post_ID ) ) {
@@ -199,6 +200,8 @@ function edit_post( $post_data = null ) {
 				continue;
 			if ( $meta->post_id != $post_ID )
 				continue;
+			if ( is_protected_meta( $value['key'] ) )
+				continue;
 			update_meta( $key, $value['key'], $value['value'] );
 		}
 	}
@@ -209,6 +212,8 @@ function edit_post( $post_data = null ) {
 				continue;
 			if ( $meta->post_id != $post_ID )
 				continue;
+			if ( is_protected_meta( $meta->meta_key ) )
+				continue;
 			delete_meta( $key );
 		}
 	}
@@ -527,6 +532,8 @@ function wp_write_post() {
 			return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this site.' ) );
 	}
 
+	$_POST['post_mime_type'] = '';
+
 	// Check for autosave collisions
 	// Does this need to be updated? ~ Mark
 	$temp_id = false;
@@ -632,8 +639,6 @@ function add_meta( $post_ID ) {
 	global $wpdb;
 	$post_ID = (int) $post_ID;
 
-	$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
-
 	$metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : '';
 	$metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : '';
 	$metavalue = isset($_POST['metavalue']) ? maybe_serialize( stripslashes_deep( $_POST['metavalue'] ) ) : '';
@@ -650,7 +655,7 @@ function add_meta( $post_ID ) {
 		if ( $metakeyinput)
 			$metakey = $metakeyinput; // default
 
-		if ( in_array($metakey, $protected) )
+		if ( is_protected_meta( $metakey ) )
 			return false;
 
 		wp_cache_delete($post_ID, 'post_meta');
@@ -756,11 +761,9 @@ function has_meta( $postid ) {
 function update_meta( $meta_id, $meta_key, $meta_value ) {
 	global $wpdb;
 
-	$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
-
 	$meta_key = stripslashes($meta_key);
 
-	if ( in_array($meta_key, $protected) )
+	if ( is_protected_meta( $meta_key ) )
 		return false;
 
 	if ( '' === trim( $meta_value ) )
@@ -993,7 +996,12 @@ function wp_edit_attachments_query( $q = false ) {
 	$q['m']   = isset( $q['m'] ) ? (int) $q['m'] : 0;
 	$q['cat'] = isset( $q['cat'] ) ? (int) $q['cat'] : 0;
 	$q['post_type'] = 'attachment';
-	$q['post_status'] = isset( $q['status'] ) && 'trash' == $q['status'] ? 'trash' : 'inherit';
+	$post_type = get_post_type_object( 'attachment' );
+	$states = array( 'inherit' );
+	if ( current_user_can( $post_type->cap->read_private_posts ) )
+		$states[] = 'private';
+
+	$q['post_status'] = isset( $q['status'] ) && 'trash' == $q['status'] ? 'trash' : $states;
 	$media_per_page = (int) get_user_option( 'upload_per_page' );
 	if ( empty( $media_per_page ) || $media_per_page < 1 )
 		$media_per_page = 20;
diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php
index b345c36b..2f16b3c1 100644
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -465,6 +465,10 @@ function list_meta( $meta ) {
  */
 function _list_meta_row( $entry, &$count ) {
 	static $update_nonce = false;
+
+	if ( is_protected_meta( $entry['meta_key'] ) )
+		return;
+
 	if ( !$update_nonce )
 		$update_nonce = wp_create_nonce( 'add-meta' );
 
diff --git a/wp-admin/includes/update-core.php b/wp-admin/includes/update-core.php
index 227baaef..0673363b 100644
--- a/wp-admin/includes/update-core.php
+++ b/wp-admin/includes/update-core.php
@@ -294,7 +294,7 @@ function update_core($from, $to) {
 	$mysql_version  = $wpdb->db_version();
 	$required_php_version = '4.3';
 	$required_mysql_version = '4.1.2';
-	$wp_version = '3.1.2';
+	$wp_version = '3.1.3';
 	$php_compat     = version_compare( $php_version, $required_php_version, '>=' );
 	$mysql_compat   = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );
 
diff --git a/wp-admin/ms-delete-site.php b/wp-admin/ms-delete-site.php
index 8b26b0b6..2ae22339 100644
--- a/wp-admin/ms-delete-site.php
+++ b/wp-admin/ms-delete-site.php
@@ -34,6 +34,8 @@ screen_icon();
 echo '<h2>' . esc_html( $title ) . '</h2>';
 
 if ( isset( $_POST['action'] ) && $_POST['action'] == 'deleteblog' && isset( $_POST['confirmdelete'] ) && $_POST['confirmdelete'] == '1' ) {
+	check_admin_referer( 'delete-blog' );
+
 	$hash = wp_generate_password( 20, false );
 	update_option( 'delete_blog_hash', $hash );
 
@@ -68,11 +70,12 @@ Webmaster
 	<p><?php _e( 'Remember, once deleted your site cannot be restored.' ) ?></p>
 
 	<form method="post" name="deletedirect">
+		<?php wp_nonce_field( 'delete-blog' ) ?>
 		<input type="hidden" name="action" value="deleteblog" />
 		<p><input id="confirmdelete" type="checkbox" name="confirmdelete" value="1" /> <label for="confirmdelete"><strong><?php printf( __( "I'm sure I want to permanently disable my site, and I am aware I can never get it back or use %s again." ), is_subdomain_install() ? $current_blog->domain : $current_blog->domain . $current_blog->path ); ?></strong></label></p>
 		<?php submit_button( __( 'Delete My Site Permanently' ) ); ?>
 	</form>
-	<?php
+ 	<?php
 }
 echo '</div>';
 
diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index 0c36bbd1..f64d51b6 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -407,13 +407,6 @@ if ( $s )
 <input type="hidden" name="plugin_status" value="<?php echo esc_attr($status) ?>" />
 <input type="hidden" name="paged" value="<?php echo esc_attr($page) ?>" />
 
-<?php
-if ( 'mustuse' == $status )
-	echo '<br class="clear" /><p>' . __( 'Files in the <code>/wp-content/mu-plugins</code> directory are executed automatically.' ) . '</p>';
-elseif ( 'dropins' == $status )
-	echo '<br class="clear" /><p>' . __( 'Drop-ins are advanced plugins in the <code>/wp-content</code> directory that replace WordPress functionality when present.' ) . '</p>';
-?>
-
 <?php $wp_list_table->display(); ?>
 </form>
 
diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php
index e2b3f334..1f7b418e 100644
--- a/wp-admin/press-this.php
+++ b/wp-admin/press-this.php
@@ -225,7 +225,7 @@ if ( !empty($_REQUEST['ajax']) ) {
 						$src = 'http://'.str_replace('//','/', $host['host'].'/'.$src);
 					else
 						$src = 'http://'.str_replace('//','/', $host['host'].'/'.dirname($host['path']).'/'.$src);
-				$sources[] = esc_attr($src);
+				$sources[] = esc_url($src);
 			}
 			return "'" . implode("','", $sources) . "'";
 		}
diff --git a/wp-app.php b/wp-app.php
index 6de52882..c836e2f7 100644
--- a/wp-app.php
+++ b/wp-app.php
@@ -607,13 +607,13 @@ EOD;
 
 		$slug = '';
 		if ( isset( $_SERVER['HTTP_SLUG'] ) )
-			$slug = sanitize_file_name( $_SERVER['HTTP_SLUG'] );
+			$slug = $_SERVER['HTTP_SLUG'];
 		elseif ( isset( $_SERVER['HTTP_TITLE'] ) )
-			$slug = sanitize_file_name( $_SERVER['HTTP_TITLE'] );
+			$slug = $_SERVER['HTTP_TITLE'];
 		elseif ( empty( $slug ) ) // just make a random name
 			$slug = substr( md5( uniqid( microtime() ) ), 0, 7);
 		$ext = preg_replace( '|.*/([a-z0-9]+)|', '$1', $_SERVER['CONTENT_TYPE'] );
-		$slug = "$slug.$ext";
+		$slug = sanitize_file_name( "$slug.$ext" );
 		$file = wp_upload_bits( $slug, NULL, $bits);
 
 		log_app('wp_upload_bits returns:',print_r($file,true));
diff --git a/wp-includes/canonical.php b/wp-includes/canonical.php
index d111514d..9d66856c 100644
--- a/wp-includes/canonical.php
+++ b/wp-includes/canonical.php
@@ -141,8 +141,10 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 				$redirect['query'] = remove_query_arg('year', $redirect['query']);
 		} elseif ( is_author() && !empty($_GET['author']) && preg_match( '|^[0-9]+$|', $_GET['author'] ) ) {
 			$author = get_userdata(get_query_var('author'));
-			if ( false !== $author && $redirect_url = get_author_posts_url($author->ID, $author->user_nicename) )
-				$redirect['query'] = remove_query_arg('author', $redirect['query']);
+			if ( ( false !== $author ) && $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE $wpdb->posts.post_author = %d AND $wpdb->posts.post_status = 'publish' LIMIT 1", $author->ID ) ) ) {
+				if ( $redirect_url = get_author_posts_url($author->ID, $author->user_nicename) )
+					$redirect['query'] = remove_query_arg('author', $redirect['query']);
+			}
 		} elseif ( is_category() || is_tag() || is_tax() ) { // Terms (Tags/categories)
 
 			$term_count = 0;
diff --git a/wp-includes/class-oembed.php b/wp-includes/class-oembed.php
index 87e59a69..8a275a2c 100644
--- a/wp-includes/class-oembed.php
+++ b/wp-includes/class-oembed.php
@@ -165,8 +165,8 @@ class WP_oEmbed {
 	function fetch( $provider, $url, $args = '' ) {
 		$args = wp_parse_args( $args, wp_embed_defaults() );
 
-		$provider = add_query_arg( 'maxwidth', $args['width'], $provider );
-		$provider = add_query_arg( 'maxheight', $args['height'], $provider );
+		$provider = add_query_arg( 'maxwidth', (int) $args['width'], $provider );
+		$provider = add_query_arg( 'maxheight', (int) $args['height'], $provider );
 		$provider = add_query_arg( 'url', urlencode($url), $provider );
 
 		foreach( array( 'json', 'xml' ) as $format ) {
diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php
index 4822e2ea..58e00b5e 100644
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@@ -58,14 +58,14 @@ foreach ( array( 'comment_author_email', 'user_email' ) as $filter ) {
 
 // Save URL
 foreach ( array( 'pre_comment_author_url', 'pre_user_url', 'pre_link_url', 'pre_link_image',
-	'pre_link_rss' ) as $filter ) {
+	'pre_link_rss', 'pre_post_guid' ) as $filter ) {
 	add_filter( $filter, 'wp_strip_all_tags' );
 	add_filter( $filter, 'esc_url_raw'       );
 	add_filter( $filter, 'wp_filter_kses'    );
 }
 
 // Display URL
-foreach ( array( 'user_url', 'link_url', 'link_image', 'link_rss', 'comment_url' ) as $filter ) {
+foreach ( array( 'user_url', 'link_url', 'link_image', 'link_rss', 'comment_url', 'post_guid' ) as $filter ) {
 	if ( is_admin() )
 		add_filter( $filter, 'wp_strip_all_tags' );
 	add_filter( $filter, 'esc_url'           );
@@ -86,6 +86,10 @@ foreach ( array( 'pre_post_status', 'pre_post_comment_status', 'pre_post_ping_st
 	add_filter( $filter, 'sanitize_key' );
 }
 
+// Mime types
+add_filter( 'pre_post_mime_type', 'sanitize_mime_type' );
+add_filter( 'post_mime_type', 'sanitize_mime_type' );
+
 // Places to balance tags on input
 foreach ( array( 'content_save_pre', 'excerpt_save_pre', 'comment_save_pre', 'pre_comment_content' ) as $filter ) {
 	add_filter( $filter, 'balanceTags', 50 );
@@ -218,6 +222,7 @@ add_action( 'template_redirect',   'wp_shortlink_header',           11, 0 );
 // Login actions
 add_action( 'login_head',          'wp_print_head_scripts',         9     );
 add_action( 'login_footer',        'wp_print_footer_scripts'              );
+add_action( 'login_init',          'send_frame_options_header',     10, 0 );
 
 // Feed Generator Tags
 foreach ( array( 'rss2_head', 'commentsrss2_head', 'rss_head', 'rdf_header', 'atom_head', 'comments_atom_head', 'opml_head', 'app_head' ) as $action ) {
@@ -249,6 +254,8 @@ add_action( 'save_post',                  '_save_post_hook',          5, 2 );
 add_action( 'transition_post_status',     '_transition_post_status',  5, 3 );
 add_action( 'comment_form', 'wp_comment_form_unfiltered_html_nonce'        );
 add_action( 'wp_scheduled_delete',        'wp_scheduled_delete'            );
+add_action( 'admin_init',                 'send_frame_options_header', 10, 0 );
+add_action( 'importer_scheduled_cleanup', 'wp_delete_attachment'           );
 
 // Navigation menu actions
 add_action( 'delete_post',                '_wp_delete_post_menu_item'      );
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index c4f53e9c..6c53f863 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -718,7 +718,7 @@ function sanitize_file_name( $filename ) {
 		if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) {
 			$allowed = false;
 			foreach ( $mimes as $ext_preg => $mime_match ) {
-				$ext_preg = '!(^' . $ext_preg . ')$!i';
+				$ext_preg = '!^(' . $ext_preg . ')$!i';
 				if ( preg_match( $ext_preg, $part ) ) {
 					$allowed = true;
 					break;
@@ -2903,4 +2903,17 @@ function capital_P_dangit( $text ) {
 
 }
 
+/**
+ * Sanitize a mime type
+ *
+ * @since 3.1.3
+ *
+ * @param string $mime_type Mime type
+ * @return string Sanitized mime type
+ */
+function sanitize_mime_type( $mime_type ) {
+	$sani_mime_type = preg_replace( '/[^-*.a-zA-Z0-9\/]/', '', $mime_type );
+	return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type );
+}
+
 ?>
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index 72843130..34fe1132 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -4482,4 +4482,16 @@ function wp_find_hierarchy_loop_tortoise_hare( $callback, $start, $override = ar
 	return false;
 }
 
+/**
+ * Send a HTTP header to limit rendering of pages to same origin iframes.
+ *
+ * @link https://developer.mozilla.org/en/the_x-frame-options_response_header
+ *
+ * @since 3.1.3
+ * @return none
+ */
+function send_frame_options_header() {
+	@header( 'X-Frame-Options: SAMEORIGIN' );
+}
+
 ?>
diff --git a/wp-includes/meta.php b/wp-includes/meta.php
index 27a12881..08d51a26 100644
--- a/wp-includes/meta.php
+++ b/wp-includes/meta.php
@@ -45,6 +45,7 @@ function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique =
 	// expected_slashed ($meta_key)
 	$meta_key = stripslashes($meta_key);
 	$meta_value = stripslashes_deep($meta_value);
+	$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
 
 	$check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique );
 	if ( null !== $check )
@@ -113,6 +114,7 @@ function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_v
 	// expected_slashed ($meta_key)
 	$meta_key = stripslashes($meta_key);
 	$meta_value = stripslashes_deep($meta_value);
+	$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
 
 	$check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value );
 	if ( null !== $check )
@@ -488,4 +490,33 @@ function _get_meta_table($type) {
 
 	return $wpdb->$table_name;
 }
+
+/**
+ * Determine whether a meta key is protected
+ *
+ * @since 3.1.3
+ *
+ * @param string $meta_key Meta key
+ * @return bool True if the key is protected, false otherwise.
+ */
+function is_protected_meta( $meta_key, $meta_type = null ) {
+	$protected = (  '_' == $meta_key[0] );
+
+	return apply_filters( 'is_protected_meta', $protected, $meta_key, $meta_type );
+}
+
+/**
+ * Sanitize meta value
+ *
+ * @since 3.1.3
+ *
+ * @param string $meta_key Meta key
+ * @param mixed $meta_value Meta value to sanitize
+ * @param string $meta_type Type of meta
+ * @return mixed Sanitized $meta_value
+ */
+function sanitize_meta( $meta_key, $meta_value, $meta_type = null ) {
+	return apply_filters( 'sanitize_meta', $meta_value, $meta_key, $meta_type );
+}
+
 ?>
diff --git a/wp-includes/post.php b/wp-includes/post.php
index 191b42c5..d859473b 100644
--- a/wp-includes/post.php
+++ b/wp-includes/post.php
@@ -557,12 +557,18 @@ function get_post_status($ID = '') {
 	if ( !is_object($post) )
 		return false;
 
-	// Unattached attachments are assumed to be published.
-	if ( ('attachment' == $post->post_type) && ('inherit' == $post->post_status) && ( 0 == $post->post_parent) )
-		return 'publish';
+	if ( 'attachment' == $post->post_type ) {
+		if ( 'private' == $post->post_status )
+			return 'private';
 
-	if ( ('attachment' == $post->post_type) && $post->post_parent && ($post->ID != $post->post_parent) )
-		return get_post_status($post->post_parent);
+		// Unattached attachments are assumed to be published
+		if ( ( 'inherit' == $post->post_status ) && ( 0 == $post->post_parent) )
+			return 'publish';
+
+		// Inherit status from the parent
+		if ( $post->post_parent && ( $post->ID != $post->post_parent ) )
+			return get_post_status($post->post_parent);
+	}
 
 	return $post->post_status;
 }
@@ -3532,10 +3538,10 @@ function is_local_attachment($url) {
 function wp_insert_attachment($object, $file = false, $parent = 0) {
 	global $wpdb, $user_ID;
 
-	$defaults = array('post_status' => 'draft', 'post_type' => 'post', 'post_author' => $user_ID,
+	$defaults = array('post_status' => 'inherit', 'post_type' => 'post', 'post_author' => $user_ID,
 		'ping_status' => get_option('default_ping_status'), 'post_parent' => 0,
 		'menu_order' => 0, 'to_ping' =>  '', 'pinged' => '', 'post_password' => '',
-		'guid' => '', 'post_content_filtered' => '', 'post_excerpt' => '', 'import_id' => 0);
+		'guid' => '', 'post_content_filtered' => '', 'post_excerpt' => '', 'import_id' => 0, 'context' => '');
 
 	$object = wp_parse_args($object, $defaults);
 	if ( !empty($parent) )
@@ -3550,7 +3556,9 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
 		$post_author = $user_ID;
 
 	$post_type = 'attachment';
-	$post_status = 'inherit';
+
+	if ( ! in_array( $post_status, array( 'inherit', 'private' ) ) )
+		$post_status = 'inherit';
 
 	// Make sure we set a valid category.
 	if ( !isset($post_category) || 0 == count($post_category) || !is_array($post_category) ) {
@@ -3653,6 +3661,9 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
 	if ( isset($post_parent) && $post_parent < 0 )
 		add_post_meta($post_ID, '_wp_attachment_temp_parent', $post_parent, true);
 
+	if ( ! empty( $context ) )
+		add_post_meta( $post_ID, '_wp_attachment_context', $context, true );
+
 	if ( $update) {
 		do_action('edit_attachment', $post_ID);
 	} else {
diff --git a/wp-includes/query.php b/wp-includes/query.php
index ed08ebc4..14942d94 100644
--- a/wp-includes/query.php
+++ b/wp-includes/query.php
@@ -2231,10 +2231,6 @@ class WP_Query {
 			}
 		}
 
-		if ( !empty( $this->tax_query->queries ) || !empty( $q['meta_key'] ) ) {
-			$groupby = "{$wpdb->posts}.ID";
-		}
-
 		// Author/user stuff
 
 		if ( empty($q['author']) || ($q['author'] == '0') ) {
@@ -2480,6 +2476,10 @@ class WP_Query {
 			$where .= $clauses['where'];
 		}
 
+		if ( ! empty( $this->tax_query->queries ) || ! empty( $q['meta_query'] ) ) {
+			$groupby = "{$wpdb->posts}.ID";
+		}
+
 		// Apply filters on where and join prior to paging so that any
 		// manipulations to them are reflected in the paging by day queries.
 		if ( !$q['suppress_filters'] ) {
diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php
index 33d4329d..d9ae2d5a 100644
--- a/wp-includes/taxonomy.php
+++ b/wp-includes/taxonomy.php
@@ -1255,8 +1255,10 @@ function &get_terms($taxonomies, $args = '') {
 		$where .= " AND t.slug = '$slug'";
 	}
 
-	if ( !empty($name__like) )
-		$where .= " AND t.name LIKE '" . like_escape( $name__like ) . "%'";
+	if ( !empty($name__like) ) {
+		$name__like = like_escape( $name__like );
+		$where .= $wpdb->prepare( " AND t.name LIKE %s", $name__like . '%' );
+	}
 
 	if ( '' !== $parent ) {
 		$parent = (int) $parent;
@@ -1278,7 +1280,7 @@ function &get_terms($taxonomies, $args = '') {
 
 	if ( !empty($search) ) {
 		$search = like_escape($search);
-		$where .= " AND (t.name LIKE '%$search%')";
+		$where .= $wpdb->prepare( " AND (t.name LIKE %s)", '%' . $search . '%');
 	}
 
 	$selects = array();
diff --git a/wp-includes/theme.php b/wp-includes/theme.php
index c2960557..14176ac7 100644
--- a/wp-includes/theme.php
+++ b/wp-includes/theme.php
@@ -1435,7 +1435,7 @@ function get_header_image() {
 	else
 		$url = str_replace( 'https://', 'http://', $url );
 
-	return $url;
+	return esc_url_raw( $url );
 }
 
 /**
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 14980a3d..aefcfeb2 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -22,7 +22,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  *
  * @global string $wp_version
  */
-$wp_version = '3.1.2';
+$wp_version = '3.1.3';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
diff --git a/wp-login.php b/wp-login.php
index ab9cff55..0f471b0d 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -368,7 +368,8 @@ if ( SITECOOKIEPATH != COOKIEPATH )
 	setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
 
 // allow plugins to override the default actions, and to add extra actions if they want
-do_action('login_form_' . $action);
+do_action( 'login_init' );
+do_action( 'login_form_' . $action );
 
 $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
 switch ($action) {
-- 
2.44.0