Changes from tags/3.9.1 at r59367 to tags/3.9.2 at r59367
- Location:
- tags/3.9.2
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
tags/3.9.2/package.json
r59367 r59367 1 1 { 2 2 "name": "WordPress", 3 "version": "3.9. 1",3 "version": "3.9.2", 4 4 "description": "WordPress is web software you can use to create a beautiful website or blog.", 5 5 "repository": { -
tags/3.9.2/src/readme.html
r59367 r59367 10 10 <h1 id="logo"> 11 11 <a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a> 12 <br /> Version 3.9. 112 <br /> Version 3.9.2 13 13 </h1> 14 14 <p style="text-align: center">Semantic Personal Publishing Platform</p> -
tags/3.9.2/src/wp-admin/about.php
r59367 r59367 40 40 41 41 <div class="changelog point-releases"> 42 <h3><?php echo _n( 'Maintenance Release', 'Maintenance Releases', 1 ); ?></h3> 42 <h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 2 ); ?></h3> 43 <p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.', 44 '<strong>Version %1$s</strong> addressed some security issues.', 6 ), '3.9.2', number_format_i18n( 6 ) ); ?> 45 <?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.9.2' ); ?> 46 </p> 43 47 <p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.', 44 48 '<strong>Version %1$s</strong> addressed %2$s bugs.', 34 ), '3.9.1', number_format_i18n( 34 ) ); ?> -
tags/3.9.2/src/wp-includes/ID3/getid3.lib.php
r59367 r59367 520 520 521 521 public static function XML2array($XMLstring) { 522 if (function_exists('simplexml_load_string')) { 523 if (function_exists('get_object_vars')) { 524 $XMLobject = simplexml_load_string($XMLstring); 525 return self::SimpleXMLelement2array($XMLobject); 526 } 522 if ( function_exists( 'simplexml_load_string' ) && function_exists( 'libxml_disable_entity_loader' ) ) { 523 $loader = libxml_disable_entity_loader( true ); 524 $XMLobject = simplexml_load_string( $XMLstring, 'SimpleXMLElement', LIBXML_NOENT ); 525 $return = self::SimpleXMLelement2array( $XMLobject ); 526 libxml_disable_entity_loader( $loader ); 527 return $return; 527 528 } 528 529 return false; -
tags/3.9.2/src/wp-includes/class-IXR.php
r59367 r59367 204 204 // first remove the XML declaration 205 205 // merged from WP #10698 - this method avoids the RAM usage of preg_replace on very large messages 206 $header = preg_replace( '/<\?xml.*?\?'.'>/ ', '', substr($this->message, 0, 100), 1);207 $this->message = substr_replace($this->message, $header, 0, 100);208 if ( trim($this->message) == '') {206 $header = preg_replace( '/<\?xml.*?\?'.'>/s', '', substr( $this->message, 0, 100 ), 1 ); 207 $this->message = trim( substr_replace( $this->message, $header, 0, 100 ) ); 208 if ( '' == $this->message ) { 209 209 return false; 210 210 } 211 212 // Then remove the DOCTYPE 213 $header = preg_replace( '/^<!DOCTYPE[^>]*+>/i', '', substr( $this->message, 0, 200 ), 1 ); 214 $this->message = trim( substr_replace( $this->message, $header, 0, 200 ) ); 215 if ( '' == $this->message ) { 216 return false; 217 } 218 219 // Check that the root tag is valid 220 $root_tag = substr( $this->message, 0, strcspn( substr( $this->message, 0, 20 ), "> \t\r\n" ) ); 221 if ( '<!DOCTYPE' === strtoupper( $root_tag ) ) { 222 return false; 223 } 224 if ( ! in_array( $root_tag, array( '<methodCall', '<methodResponse', '<fault' ) ) ) { 225 return false; 226 } 227 228 // Bail if there are too many elements to parse 229 $element_limit = 30000; 230 if ( function_exists( 'apply_filters' ) ) { 231 $element_limit = apply_filters( 'xmlrpc_element_limit', $element_limit ); 232 } 233 if ( $element_limit && 2 * $element_limit < substr_count( $this->message, '<' ) ) { 234 return false; 235 } 236 211 237 $this->_parser = xml_parser_create(); 212 238 // Set XML parser to take the case of tags in to account -
tags/3.9.2/src/wp-includes/class-wp-customize-widgets.php
r59367 r59367 1120 1120 1121 1121 /** 1122 * Get a widget instance's hash key. 1123 * 1124 * Serialize an instance and hash it with the AUTH_KEY; when a JS value is 1125 * posted back to save, this instance hash key is used to ensure that the 1126 * serialized_instance was not tampered with, but that it had originated 1127 * from WordPress and so is sanitized. 1122 * Get MAC for a serialized widget instance string. 1123 * 1124 * Allows values posted back from JS to be rejected if any tampering of the 1125 * data has occurred. 1128 1126 * 1129 1127 * @since 3.9.0 1130 1128 * @access protected 1131 1129 * 1132 * @param array $instance Widget instance. 1133 * @return string Widget instance's hash key. 1134 */ 1135 protected function get_instance_hash_key( $instance ) { 1136 $hash = md5( AUTH_KEY . serialize( $instance ) ); 1137 return $hash; 1130 * @param string $serialized_instance Widget instance. 1131 * @return string MAC for serialized widget instance. 1132 */ 1133 protected function get_instance_hash_key( $serialized_instance ) { 1134 return wp_hash( $serialized_instance ); 1138 1135 } 1139 1136 … … 1163 1160 1164 1161 $decoded = base64_decode( $value['encoded_serialized_instance'], true ); 1165 1166 1162 if ( false === $decoded ) { 1167 1163 return null; 1168 1164 } 1165 1166 if ( $this->get_instance_hash_key( $decoded ) !== $value['instance_hash_key'] ) { 1167 return null; 1168 } 1169 1169 1170 $instance = unserialize( $decoded ); 1170 1171 1171 if ( false === $instance ) { 1172 1172 return null; 1173 1173 } 1174 if ( $this->get_instance_hash_key( $instance ) !== $value['instance_hash_key'] ) { 1175 return null; 1176 } 1174 1177 1175 return $instance; 1178 1176 } … … 1195 1193 'title' => empty( $value['title'] ) ? '' : $value['title'], 1196 1194 'is_widget_customizer_js_value' => true, 1197 'instance_hash_key' => $this->get_instance_hash_key( $ value),1195 'instance_hash_key' => $this->get_instance_hash_key( $serialized ), 1198 1196 ); 1199 1197 } -
tags/3.9.2/src/wp-includes/compat.php
r59367 r59367 95 95 } 96 96 } 97 98 if ( ! function_exists( 'hash_equals' ) ) : 99 /** 100 * Compare two strings in constant time. 101 * 102 * This function was added in PHP 5.6. 103 * It can leak the length of a string. 104 * 105 * @since 3.9.2 106 * 107 * @param string $a Expected string. 108 * @param string $b Actual string. 109 * @return bool Whether strings are equal. 110 */ 111 function hash_equals( $a, $b ) { 112 $a_length = strlen( $a ); 113 if ( $a_length !== strlen( $b ) ) { 114 return false; 115 } 116 $result = 0; 117 118 // Do not attempt to "optimize" this. 119 for ( $i = 0; $i < $a_length; $i++ ) { 120 $result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] ); 121 } 122 123 return $result === 0; 124 } 125 endif; -
tags/3.9.2/src/wp-includes/pluggable.php
r59367 r59367 648 648 $hash = hash_hmac('md5', $username . '|' . $expiration, $key); 649 649 650 if ( hash_hmac( 'md5', $hmac, $key ) !== hash_hmac( 'md5', $hash, $key) ) {650 if ( ! hash_equals( $hash, $hmac ) ) { 651 651 /** 652 652 * Fires if a bad authentication cookie hash is encountered. … … 1659 1659 1660 1660 // Nonce generated 0-12 hours ago 1661 if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) === $nonce ) 1661 $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid, 'nonce'), -12, 10 ); 1662 if ( hash_equals( $expected, $nonce ) ) { 1662 1663 return 1; 1664 } 1665 1663 1666 // Nonce generated 12-24 hours ago 1664 if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) === $nonce ) 1667 $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid, 'nonce' ), -12, 10 ); 1668 if ( hash_equals( $expected, $nonce ) ) { 1665 1669 return 2; 1670 } 1671 1666 1672 // Invalid nonce 1667 1673 return false; … … 1688 1694 $i = wp_nonce_tick(); 1689 1695 1690 return substr(wp_hash($i . $action. $uid, 'nonce'), -12, 10);1696 return substr(wp_hash($i . '|' . $action . '|' . $uid, 'nonce'), -12, 10); 1691 1697 } 1692 1698 endif; … … 2108 2114 $avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo' height='{$size}' width='{$size}' />"; 2109 2115 } else { 2110 $avatar = "<img alt='{$safe_alt}' src='{$default}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />"; 2116 $out = esc_url( $default ); 2117 $avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />"; 2111 2118 } 2112 2119 … … 2201 2208 endif; 2202 2209 2210 if ( ! function_exists( 'hash_equals' ) ) : 2211 /** 2212 * Compare two strings in constant time. 2213 * 2214 * This function is NOT pluggable. It is in this file (in addition to 2215 * compat.php) to prevent errors if, during an update, pluggable.php 2216 * copies over but compat.php does not. 2217 * 2218 * This function was added in PHP 5.6. 2219 * It can leak the length of a string. 2220 * 2221 * @since 3.9.2 2222 * 2223 * @param string $a Expected string. 2224 * @param string $b Actual string. 2225 * @return bool Whether strings are equal. 2226 */ 2227 function hash_equals( $a, $b ) { 2228 $a_length = strlen( $a ); 2229 if ( $a_length !== strlen( $b ) ) { 2230 return false; 2231 } 2232 $result = 0; 2233 2234 // Do not attempt to "optimize" this. 2235 for ( $i = 0; $i < $a_length; $i++ ) { 2236 $result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] ); 2237 } 2238 2239 return $result === 0; 2240 } 2241 endif; -
tags/3.9.2/src/wp-includes/version.php
r59367 r59367 5 5 * @global string $wp_version 6 6 */ 7 $wp_version = '3.9. 1-src';7 $wp_version = '3.9.2-src'; 8 8 9 9 /** -
tags/3.9.2/src/wp-login.php
r59367 r59367 563 563 case 'resetpass' : 564 564 case 'rp' : 565 $user = check_password_reset_key($_GET['key'], $_GET['login']); 566 567 if ( is_wp_error($user) ) { 568 if ( $user->get_error_code() === 'expired_key' ) 565 list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) ); 566 $rp_cookie = 'wp-resetpass-' . COOKIEHASH; 567 if ( isset( $_GET['key'] ) ) { 568 $value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) ); 569 setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); 570 wp_safe_redirect( remove_query_arg( array( 'key', 'login' ) ) ); 571 exit; 572 } 573 574 if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) { 575 list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 ); 576 $user = check_password_reset_key( $rp_key, $rp_login ); 577 } else { 578 $user = false; 579 } 580 581 if ( ! $user || is_wp_error( $user ) ) { 582 setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); 583 if ( $user && $user->get_error_code() === 'expired_key' ) 569 584 wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) ); 570 585 else … … 590 605 if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) { 591 606 reset_password($user, $_POST['pass1']); 607 setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); 592 608 login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' ); 593 609 login_footer(); … … 601 617 602 618 ?> 603 <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass &key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post" autocomplete="off">604 <input type="hidden" id="user_login" value="<?php echo esc_attr( $ _GET['login']); ?>" autocomplete="off" />619 <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off"> 620 <input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" /> 605 621 606 622 <p>
Note: See TracChangeset
for help on using the changeset viewer.