Changes from tags/3.9.2 at r59792 to tags/3.9.1 at r59792

Location:

tags/3.9.1

Files:

• package.json (modified) (1 diff)
• src/readme.html (modified) (1 diff)
• src/wp-admin/about.php (modified) (1 diff)
• src/wp-includes/ID3/getid3.lib.php (modified) (1 diff)
• src/wp-includes/class-IXR.php (modified) (1 diff)
• src/wp-includes/class-wp-customize-widgets.php (modified) (3 diffs)
• src/wp-includes/compat.php (modified) (1 diff)
• src/wp-includes/pluggable.php (modified) (5 diffs)
• src/wp-includes/version.php (modified) (1 diff)
• src/wp-login.php (modified) (3 diffs)

tags/3.9.1/package.json

@@ -1 +1 @@
 {
   "name": "WordPress",
-  "version": "3.9.2",
+  "version": "3.9.1",
   "description": "WordPress is web software you can use to create a beautiful website or blog.",
   "repository": {

tags/3.9.1/src/readme.html

@@ -10 +10 @@
 <h1 id="logo">
     <a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
-    <br /> Version 3.9.2
+    <br /> Version 3.9.1
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>

tags/3.9.1/src/wp-admin/about.php

@@ -40 +40 @@
 
 <div class="changelog point-releases">
-    <h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 2 ); ?></h3>
-    <p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
-         '<strong>Version %1$s</strong> addressed some security issues.', 6 ), '3.9.2', number_format_i18n( 6 ) ); ?>
-        <?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.9.2' ); ?>
-    </p>
+    <h3><?php echo _n( 'Maintenance Release', 'Maintenance Releases', 1 ); ?></h3>
     <p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
          '<strong>Version %1$s</strong> addressed %2$s bugs.', 34 ), '3.9.1', number_format_i18n( 34 ) ); ?>

tags/3.9.1/src/wp-includes/ID3/getid3.lib.php

@@ -520 +520 @@
 
     public static function XML2array($XMLstring) {
-        if ( function_exists( 'simplexml_load_string' ) && function_exists( 'libxml_disable_entity_loader' ) ) {
-            $loader = libxml_disable_entity_loader( true );
-            $XMLobject = simplexml_load_string( $XMLstring, 'SimpleXMLElement', LIBXML_NOENT );
-            $return = self::SimpleXMLelement2array( $XMLobject );
-            libxml_disable_entity_loader( $loader );
-            return $return;
+        if (function_exists('simplexml_load_string')) {
+            if (function_exists('get_object_vars')) {
+                $XMLobject = simplexml_load_string($XMLstring);
+                return self::SimpleXMLelement2array($XMLobject);
+            }
         }
         return false;

tags/3.9.1/src/wp-includes/class-IXR.php

@@ -204 +204 @@
         // first remove the XML declaration
         // merged from WP #10698 - this method avoids the RAM usage of preg_replace on very large messages
-        $header = preg_replace( '/<\?xml.*?\?'.'>/s', '', substr( $this->message, 0, 100 ), 1 );
-        $this->message = trim( substr_replace( $this->message, $header, 0, 100 ) );
-        if ( '' == $this->message ) {
+        $header = preg_replace( '/<\?xml.*?\?'.'>/', '', substr($this->message, 0, 100), 1);
+        $this->message = substr_replace($this->message, $header, 0, 100);
+        if (trim($this->message) == '') {
             return false;
         }
-
-        // Then remove the DOCTYPE
-        $header = preg_replace( '/^<!DOCTYPE[^>]*+>/i', '', substr( $this->message, 0, 200 ), 1 );
-        $this->message = trim( substr_replace( $this->message, $header, 0, 200 ) );
-        if ( '' == $this->message ) {
-            return false;
-        }
-
-        // Check that the root tag is valid
-        $root_tag = substr( $this->message, 0, strcspn( substr( $this->message, 0, 20 ), "> \t\r\n" ) );
-        if ( '<!DOCTYPE' === strtoupper( $root_tag ) ) {
-            return false;
-        }
-        if ( ! in_array( $root_tag, array( '<methodCall', '<methodResponse', '<fault' ) ) ) {
-            return false;
-        }
-
-        // Bail if there are too many elements to parse
-        $element_limit = 30000;
-        if ( function_exists( 'apply_filters' ) ) {
-            $element_limit = apply_filters( 'xmlrpc_element_limit', $element_limit );
-        }
-        if ( $element_limit && 2 * $element_limit < substr_count( $this->message, '<' ) ) {
-            return false;
-        }
-
         $this->_parser = xml_parser_create();
         // Set XML parser to take the case of tags in to account

tags/3.9.1/src/wp-includes/class-wp-customize-widgets.php

@@ -1120 +1120 @@
 
     /**
-     * Get MAC for a serialized widget instance string.
-     *
-     * Allows values posted back from JS to be rejected if any tampering of the
-     * data has occurred.
+     * Get a widget instance's hash key.
+     *
+     * Serialize an instance and hash it with the AUTH_KEY; when a JS value is
+     * posted back to save, this instance hash key is used to ensure that the
+     * serialized_instance was not tampered with, but that it had originated
+     * from WordPress and so is sanitized.
      *
      * @since 3.9.0
      * @access protected
      *
-     * @param string $serialized_instance Widget instance.
-     * @return string MAC for serialized widget instance.
-     */
-    protected function get_instance_hash_key( $serialized_instance ) {
-        return wp_hash( $serialized_instance );
+     * @param array $instance Widget instance.
+     * @return string Widget instance's hash key.
+     */
+    protected function get_instance_hash_key( $instance ) {
+        $hash = md5( AUTH_KEY . serialize( $instance ) );
+        return $hash;
     }
 
@@ -1160 +1163 @@
 
         $decoded = base64_decode( $value['encoded_serialized_instance'], true );
+
         if ( false === $decoded ) {
             return null;
         }
-
-        if ( $this->get_instance_hash_key( $decoded ) !== $value['instance_hash_key'] ) {
-            return null;
-        }
-
         $instance = unserialize( $decoded );
+
         if ( false === $instance ) {
             return null;
         }
-
+        if ( $this->get_instance_hash_key( $instance ) !== $value['instance_hash_key'] ) {
+            return null;
+        }
         return $instance;
     }
@@ -1193 +1195 @@
                 'title'                         => empty( $value['title'] ) ? '' : $value['title'],
                 'is_widget_customizer_js_value' => true,
-                'instance_hash_key'             => $this->get_instance_hash_key( $serialized ),
+                'instance_hash_key'             => $this->get_instance_hash_key( $value ),
             );
         }

tags/3.9.1/src/wp-includes/compat.php

@@ -95 +95 @@
     }
 }
-
-if ( ! function_exists( 'hash_equals' ) ) :
-/**
- * Compare two strings in constant time.
- *
- * This function was added in PHP 5.6.
- * It can leak the length of a string.
- *
- * @since 3.9.2
- *
- * @param string $a Expected string.
- * @param string $b Actual string.
- * @return bool Whether strings are equal.
- */
-function hash_equals( $a, $b ) {
-    $a_length = strlen( $a );
-    if ( $a_length !== strlen( $b ) ) {
-        return false;
-    }
-    $result = 0;
-
-    // Do not attempt to "optimize" this.
-    for ( $i = 0; $i < $a_length; $i++ ) {
-        $result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
-    }
-
-    return $result === 0;
-}
-endif;

tags/3.9.1/src/wp-includes/pluggable.php

@@ -648 +648 @@
     $hash = hash_hmac('md5', $username . '|' . $expiration, $key);
 
-    if ( ! hash_equals( $hash, $hmac ) ) {
+    if ( hash_hmac( 'md5', $hmac, $key ) !== hash_hmac( 'md5', $hash, $key ) ) {
         /**
          * Fires if a bad authentication cookie hash is encountered.
@@ -1659 +1659 @@
 
     // Nonce generated 0-12 hours ago
-    $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid, 'nonce'), -12, 10 );
-    if ( hash_equals( $expected, $nonce ) ) {
+    if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) === $nonce )
         return 1;
-    }
-
     // Nonce generated 12-24 hours ago
-    $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid, 'nonce' ), -12, 10 );
-    if ( hash_equals( $expected, $nonce ) ) {
+    if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) === $nonce )
         return 2;
-    }
-
     // Invalid nonce
     return false;
@@ -1694 +1688 @@
     $i = wp_nonce_tick();
 
-    return substr(wp_hash($i . '|' . $action . '|' . $uid, 'nonce'), -12, 10);
+    return substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10);
 }
 endif;
@@ -2114 +2108 @@
         $avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo' height='{$size}' width='{$size}' />";
     } else {
-        $out = esc_url( $default );
-        $avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
+        $avatar = "<img alt='{$safe_alt}' src='{$default}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
     }
 
@@ -2208 +2201 @@
 endif;
 
-if ( ! function_exists( 'hash_equals' ) ) :
-/**
- * Compare two strings in constant time.
- *
- * This function is NOT pluggable. It is in this file (in addition to
- * compat.php) to prevent errors if, during an update, pluggable.php
- * copies over but compat.php does not.
- *
- * This function was added in PHP 5.6.
- * It can leak the length of a string.
- *
- * @since 3.9.2
- *
- * @param string $a Expected string.
- * @param string $b Actual string.
- * @return bool Whether strings are equal.
- */
-function hash_equals( $a, $b ) {
-    $a_length = strlen( $a );
-    if ( $a_length !== strlen( $b ) ) {
-        return false;
-    }
-    $result = 0;
-
-    // Do not attempt to "optimize" this.
-    for ( $i = 0; $i < $a_length; $i++ ) {
-        $result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
-    }
-
-    return $result === 0;
-}
-endif;

tags/3.9.1/src/wp-includes/version.php

@@ -5 +5 @@
  * @global string $wp_version
  */
-$wp_version = '3.9.2-src';
+$wp_version = '3.9.1-src';
 
 /**

tags/3.9.1/src/wp-login.php

@@ -563 +563 @@
 case 'resetpass' :
 case 'rp' :
-    list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
-    $rp_cookie = 'wp-resetpass-' . COOKIEHASH;
-    if ( isset( $_GET['key'] ) ) {
-        $value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
-        setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
-        wp_safe_redirect( remove_query_arg( array( 'key', 'login' ) ) );
-        exit;
-    }
-
-    if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
-        list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
-        $user = check_password_reset_key( $rp_key, $rp_login );
-    } else {
-        $user = false;
-    }
-
-    if ( ! $user || is_wp_error( $user ) ) {
-        setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
-        if ( $user && $user->get_error_code() === 'expired_key' )
+    $user = check_password_reset_key($_GET['key'], $_GET['login']);
+
+    if ( is_wp_error($user) ) {
+        if ( $user->get_error_code() === 'expired_key' )
             wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
         else
@@ -605 +590 @@
     if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
         reset_password($user, $_POST['pass1']);
-        setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
         login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
         login_footer();
@@ -617 +601 @@
 
 ?>
-<form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off">
-    <input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" />
+<form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post" autocomplete="off">
+    <input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
 
     <p>