WordPress.org

Make WordPress Core

Changes from tags/4.0 at r46222 to tags/4.0.1 at r46222


Ignore:
Location:
tags/4.0.1
Files:
2 added
42 edited

Legend:

Unmodified
Added
Removed
  • tags/4.0.1/package.json

    r46222 r46222  
    11{
    22  "name": "WordPress",
    3   "version": "4.0.0",
     3  "version": "4.0.1",
    44  "description": "WordPress is web software you can use to create a beautiful website or blog.",
    55  "repository": {
  • tags/4.0.1/src/readme.html

    r46222 r46222  
    1010<h1 id="logo">
    1111    <a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
    12     <br /> Version 4.0
     12    <br /> Version 4.0.1
    1313</h1>
    1414<p style="text-align: center">Semantic Personal Publishing Platform</p>
  • tags/4.0.1/src/wp-admin/about.php

    r46222 r46222  
    4141    </a>
    4242</h2>
     43
     44<div class="changelog point-releases">
     45    <h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 1 ); ?></h3>
     46    <p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
     47         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 23 ), '4.0.1', number_format_i18n( 23 ) ); ?>
     48        <?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_4.0.1' ); ?>
     49    </p>
     50</div>
    4351
    4452<div class="changelog">
  • tags/4.0.1/src/wp-admin/includes/class-wp-plugin-install-list-table.php

    r46222 r46222  
    274274        }
    275275
    276         if ( 'top' ==  $which ) { ?>
     276        if ( 'top' ==  $which ) {
     277            wp_referer_field();
     278        ?>
    277279            <div class="tablenav top">
    278280                <div class="alignleft actions">
  • tags/4.0.1/src/wp-admin/includes/image.php

    r46222 r46222  
    402402    }
    403403
     404    foreach ( $meta as &$value ) {
     405        if ( is_string( $value ) ) {
     406            $value = wp_kses_post( $value );
     407        }
     408    }
     409
    404410    /**
    405411     * Filter the array of meta data read from an image's exif data.
  • tags/4.0.1/src/wp-admin/includes/plugin-install.php

    r46222 r46222  
    236236    global $wp_list_table;
    237237
    238     if ( current_filter() == 'install_plugins_favorites' && empty( $_GET['user'] ) && ! get_user_option( 'wporg_favorites' ) )
    239             return;
    240 
    241     $wp_list_table->display();
     238    if ( current_filter() == 'install_plugins_favorites' && empty( $_GET['user'] ) && ! get_user_option( 'wporg_favorites' ) ) {
     239        return;
     240    }
     241
     242    ?>
     243    <form id="plugin-filter" action="" method="post">
     244        <?php $wp_list_table->display(); ?>
     245    </form>
     246    <?php
    242247}
    243248add_action( 'install_plugins_search',    'display_plugins_table' );
  • tags/4.0.1/src/wp-admin/includes/post.php

    r46222 r46222  
    12061206        }
    12071207    } else {
    1208         if ( function_exists( 'mb_strlen' ) && mb_strlen( $post_name ) > 30 ) {
    1209             $post_name_abridged = mb_substr( $post_name, 0, 14 ) . '&hellip;' . mb_substr( $post_name, -14 );
    1210         } elseif ( strlen( $post_name ) > 30 ) {
    1211             $post_name_abridged = substr( $post_name, 0, 14 ) . '&hellip;' . substr( $post_name, -14 );
     1208        if ( function_exists( 'mb_strlen' ) ) {
     1209            if ( mb_strlen( $post_name ) > 30 ) {
     1210                $post_name_abridged = mb_substr( $post_name, 0, 14 ) . '&hellip;' . mb_substr( $post_name, -14 );
     1211            } else {
     1212                $post_name_abridged = $post_name;
     1213            }
    12121214        } else {
    1213             $post_name_abridged = $post_name;
     1215            if ( strlen( $post_name ) > 30 ) {
     1216                $post_name_abridged = substr( $post_name, 0, 14 ) . '&hellip;' . substr( $post_name, -14 );
     1217            } else {
     1218                $post_name_abridged = $post_name;
     1219            }
    12141220        }
    12151221
  • tags/4.0.1/src/wp-admin/js/editor-expand.js

    r46222 r46222  
    33window.wp = window.wp || {};
    44
    5 jQuery( document ).ready( function($) {
     5jQuery( document ).ready( function( $ ) {
    66    var $window = $( window ),
    77        $document = $( document ),
     
    149149    // We need to wait for TinyMCE to initialize.
    150150    $document.on( 'tinymce-editor-init.editor-expand', function( event, editor ) {
     151        var hideFloatPanels = _.debounce( function() {
     152            ! $( '.mce-floatpanel:hover' ).length && tinymce.ui.FloatPanel.hideAll();
     153            $( '.mce-tooltip' ).hide();
     154        }, 1000, true );
     155
    151156        // Make sure it's the main editor.
    152157        if ( editor.id !== 'content' ) {
     
    225230        // Adjust when switching editor modes.
    226231        function mceShow() {
     232            $window.on( 'scroll.mce-float-panels', hideFloatPanels );
     233
    227234            setTimeout( function() {
    228235                editor.execCommand( 'wpAutoResize' );
     
    232239
    233240        function mceHide() {
     241            $window.off( 'scroll.mce-float-panels' );
     242
    234243            setTimeout( function() {
    235244                var top = $contentWrap.offset().top;
     
    252261            // Adjust when the editor resizes.
    253262            editor.on( 'setcontent wp-autoresize wp-toolbar-toggle', adjust );
     263
     264            $window.off( 'scroll.mce-float-panels' ).on( 'scroll.mce-float-panels', hideFloatPanels );
    254265        };
    255266
     
    259270            editor.off( 'hide', mceHide );
    260271            editor.off( 'setcontent wp-autoresize wp-toolbar-toggle', adjust );
     272
     273            $window.off( 'scroll.mce-float-panels' );
    261274        };
    262275
     
    591604
    592605                adjust();
     606            }).on( 'wp-window-resized.editor-expand', function() {
     607                if ( mceEditor && ! mceEditor.isHidden() ) {
     608                    mceEditor.execCommand( 'wpAutoResize' );
     609                } else {
     610                    textEditorResize();
     611                }
    593612            });
    594613
  • tags/4.0.1/src/wp-admin/js/media.js

    r46222 r46222  
    7373
    7474    $( document ).ready( function() {
     75        var $mediaGridWrap = $( '#wp-media-grid' );
     76
    7577        // Open up a manage media frame into the grid.
    76         wp.media && wp.media({
    77             frame: 'manage',
    78             container: $('#wpbody-content > .wrap')
    79         }).open();
     78        if ( $mediaGridWrap.length && window.wp && window.wp.media ) {
     79            window.wp.media({
     80                frame: 'manage',
     81                container: $mediaGridWrap
     82            }).open();
     83        }
    8084
    8185        $( '#find-posts-submit' ).click( function( event ) {
  • tags/4.0.1/src/wp-admin/plugin-install.php

    r46222 r46222  
    2525$wp_list_table = _get_list_table('WP_Plugin_Install_List_Table');
    2626$pagenum = $wp_list_table->get_pagenum();
     27
     28if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) {
     29    $location = remove_query_arg( '_wp_http_referer', wp_unslash( $_SERVER['REQUEST_URI'] ) );
     30
     31    if ( ! empty( $_REQUEST['paged'] ) ) {
     32        $location = add_query_arg( 'paged', (int) $_REQUEST['paged'], $location );
     33    }
     34
     35    wp_redirect( $location );
     36    exit;
     37}
     38
    2739$wp_list_table->prepare_items();
     40
     41$total_pages = $wp_list_table->get_pagination_arg( 'total_pages' );
     42
     43if ( $pagenum > $total_pages && $total_pages > 0 ) {
     44    wp_redirect( add_query_arg( 'paged', $total_pages ) );
     45    exit;
     46}
    2847
    2948$title = __( 'Add Plugins' );
  • tags/4.0.1/src/wp-admin/press-this.php

    r46222 r46222  
    6464    if ( is_wp_error($upload) ) {
    6565        wp_delete_post($post_ID);
    66         wp_die($upload);
     66        wp_die( esc_html( $upload->get_error_message() ) );
    6767    } else {
    6868        // Post formats.
  • tags/4.0.1/src/wp-admin/upload.php

    r46222 r46222  
    5858    require_once( ABSPATH . 'wp-admin/admin-header.php' );
    5959    ?>
    60     <div class="wrap">
     60    <div class="wrap" id="wp-media-grid">
    6161        <h2>
    6262        <?php
  • tags/4.0.1/src/wp-includes/canonical.php

    r46222 r46222  
    361361        unset($redirect['port']);
    362362
    363     if ( ! empty( $user_home['scheme'] ) && $user_home['scheme'] === 'https' ) {
    364         $redirect['scheme'] = 'https';
    365     }
    366 
    367363    // trailing /index.php
    368364    $redirect['path'] = preg_replace('|/' . preg_quote( $wp_rewrite->index, '|' ) . '/*?$|', '/', $redirect['path']);
     
    422418        $redirect['host'] = $original['host'];
    423419
    424     $compare_original = array( $original['scheme'], $original['host'], $original['path'] );
     420    $compare_original = array( $original['host'], $original['path'] );
    425421
    426422    if ( !empty( $original['port'] ) )
     
    430426        $compare_original[] = $original['query'];
    431427
    432     $compare_redirect = array( $redirect['scheme'], $redirect['host'], $redirect['path'] );
     428    $compare_redirect = array( $redirect['host'], $redirect['path'] );
    433429
    434430    if ( !empty( $redirect['port'] ) )
  • tags/4.0.1/src/wp-includes/class-phpass.php

    r46222 r46222  
    215215    function HashPassword($password)
    216216    {
     217        if ( strlen( $password ) > 4096 ) {
     218            return '*';
     219        }
     220
    217221        $random = '';
    218222
     
    250254    function CheckPassword($password, $stored_hash)
    251255    {
     256        if ( strlen( $password ) > 4096 ) {
     257            return false;
     258        }
     259
    252260        $hash = $this->crypt_private($password, $stored_hash);
    253261        if ($hash[0] == '*')
  • tags/4.0.1/src/wp-includes/css/media-views.css

    r46222 r46222  
    66    -moz-box-sizing: content-box;
    77    box-sizing: content-box;
     8}
     9
     10.media-frame input,
     11.media-frame select,
     12.media-frame textarea {
     13    -webkit-box-sizing: border-box;
     14    -moz-box-sizing: border-box;
     15    box-sizing: border-box;
    816}
    917
     
    5765    font-family: "Open Sans", sans-serif;
    5866    font-size: 12px;
    59     -webkit-box-sizing: border-box;
    60     -moz-box-sizing: border-box;
    61     box-sizing: border-box;
    6267    border-width: 1px;
    6368    border-style: solid;
  • tags/4.0.1/src/wp-includes/formatting.php

    r46222 r46222  
    2929 */
    3030function wptexturize($text, $reset = false) {
    31     global $wp_cockneyreplace;
     31    global $wp_cockneyreplace, $shortcode_tags;
    3232    static $static_characters, $static_replacements, $dynamic_characters, $dynamic_replacements,
    3333        $default_no_texturize_tags, $default_no_texturize_shortcodes, $run_texturize = true;
     
    206206    // Look for shortcodes and HTML elements.
    207207
     208    $tagnames = array_keys( $shortcode_tags );
     209    $tagregexp = join( '|', array_map( 'preg_quote', $tagnames ) );
     210    $tagregexp = "(?:$tagregexp)(?![\\w-])"; // Excerpt of get_shortcode_regex().
     211
     212    $comment_regex =
     213          '!'           // Start of comment, after the <.
     214        . '(?:'         // Unroll the loop: Consume everything until --> is found.
     215        .     '-(?!->)' // Dash not followed by end of comment.
     216        .     '[^\-]*+' // Consume non-dashes.
     217        . ')*+'         // Loop possessively.
     218        . '-->';        // End of comment.
     219
    208220    $regex =  '/('          // Capture the entire match.
    209221        .   '<'     // Find start of element.
    210222        .   '(?(?=!--)' // Is this a comment?
    211         .       '.+?--\s*>' // Find end of comment
     223        .       $comment_regex  // Find end of comment
    212224        .   '|'
    213225        .       '[^>]+>'    // Find end of element
     
    215227        . '|'
    216228        .   '\['        // Find start of shortcode.
    217         .   '\[?'       // Shortcodes may begin with [[
     229        .   '[\/\[]?'   // Shortcodes may begin with [/ or [[
     230        .   $tagregexp  // Only match registered shortcodes, because performance.
    218231        .   '(?:'
    219         .       '[^\[\]<>]' // Shortcodes do not contain other shortcodes.
     232        .       '[^\[\]<>]+'    // Shortcodes do not contain other shortcodes. Quantifier critical.
    220233        .   '|'
    221         .       '<[^>]+>'   // HTML elements permitted. Prevents matching ] before >.
    222         .   ')++'
     234        .       '<[^\[\]>]*>'   // HTML elements permitted. Prevents matching ] before >.
     235        .   ')*+'       // Possessive critical.
    223236        .   '\]'        // Find end of shortcode.
    224237        .   '\]?'       // Shortcodes may end with ]]
     
    242255            continue;
    243256
    244         } elseif ( '[' === $first && 1 === preg_match( '/^\[(?:[^\[\]<>]|<[^>]+>)++\]$/', $curl ) ) {
     257        } elseif ( '[' === $first && 1 === preg_match( '/^\[\/?' . $tagregexp . '(?:[^\[\]<>]+|<[^\[\]>]*>)*+\]$/', $curl ) ) {
    245258            // This is a shortcode delimiter.
    246259
    247260            _wptexturize_pushpop_element( $curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes );
    248261
    249         } elseif ( '[' === $first && 1 === preg_match( '/^\[\[?(?:[^\[\]<>]|<[^>]+>)++\]\]?$/', $curl ) ) {
     262        } elseif ( '[' === $first && 1 === preg_match( '/^\[[\/\[]?' . $tagregexp . '(?:[^\[\]<>]+|<[^\[\]>]*>)*+\]\]?$/', $curl ) ) {
    250263            // This is an escaped shortcode delimiter.
    251264
  • tags/4.0.1/src/wp-includes/http.php

    r46222 r46222  
    445445 */
    446446function wp_http_validate_url( $url ) {
     447    $original_url = $url;
    447448    $url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) );
    448     if ( ! $url )
     449    if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) )
    449450        return false;
    450451
     
    456457        return false;
    457458
    458     if ( false !== strpos( $parsed_url['host'], ':' ) )
     459    if ( false !== strpbrk( $parsed_url['host'], ':#?[]' ) )
    459460        return false;
    460461
     
    474475        if ( $ip ) {
    475476            $parts = array_map( 'intval', explode( '.', $ip ) );
    476             if ( '127.0.0.1' === $ip
    477                 || ( 10 === $parts[0] )
     477            if ( 127 === $parts[0] || 10 === $parts[0]
    478478                || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
    479479                || ( 192 === $parts[0] && 168 === $parts[1] )
  • tags/4.0.1/src/wp-includes/js/media-grid.js

    r46222 r46222  
    578578        },
    579579        /**
    580          * Respond to the keyboard events: right arrow, left arrow, escape.
     580         * Respond to the keyboard events: right arrow, left arrow, except when
     581         * focus is in a textarea or input field.
    581582         */
    582583        keyEvent: function( event ) {
    583             if ( 'INPUT' === event.target.tagName && ! ( event.target.readOnly || event.target.disabled ) ) {
     584            if ( ( 'INPUT' === event.target.nodeName || 'TEXTAREA' === event.target.nodeName ) && ! ( event.target.readOnly || event.target.disabled ) ) {
    584585                return;
    585586            }
  • tags/4.0.1/src/wp-includes/js/media-views.js

    r46222 r46222  
    58515851                    priority: -60,
    58525852                    click: function() {
    5853                         var model, changed = [], self = this,
     5853                        var changed = [], removed = [], self = this,
    58545854                            selection = this.controller.state().get( 'selection' ),
    58555855                            library = this.controller.state().get( 'library' );
     
    58705870                        }
    58715871
    5872                         while ( selection.length > 0 ) {
    5873                             model = selection.at( 0 );
     5872                        selection.each( function( model ) {
     5873                            if ( ! model.get( 'nonces' )['delete'] ) {
     5874                                removed.push( model );
     5875                                return;
     5876                            }
     5877
    58745878                            if ( media.view.settings.mediaTrash && 'trash' === model.get( 'status' ) ) {
    58755879                                model.set( 'status', 'inherit' );
    58765880                                changed.push( model.save() );
    5877                                 selection.remove( model );
     5881                                removed.push( model );
    58785882                            } else if ( media.view.settings.mediaTrash ) {
    58795883                                model.set( 'status', 'trash' );
    58805884                                changed.push( model.save() );
    5881                                 selection.remove( model );
     5885                                removed.push( model );
    58825886                            } else {
    58835887                                model.destroy();
    58845888                            }
    5885                         }
     5889                        } );
    58865890
    58875891                        if ( changed.length ) {
     5892                            selection.remove( removed );
     5893
    58885894                            $.when.apply( null, changed ).then( function() {
    58895895                                library._requery( true );
  • tags/4.0.1/src/wp-includes/js/mediaelement/mediaelement-and-player.min.js

    r46222 r46222  
    1111* License: MIT
    1212*
    13 */var mejs=mejs||{};mejs.version="2.15.0";mejs.meIndex=0;
     13*/var mejs=mejs||{};mejs.version="2.15.1";mejs.meIndex=0;
    1414mejs.plugins={silverlight:[{version:[3,0],types:["video/mp4","video/m4v","video/mov","video/wmv","audio/wma","audio/m4a","audio/mp3","audio/wav","audio/mpeg"]}],flash:[{version:[9,0,124],types:["video/mp4","video/m4v","video/mov","video/flv","video/rtmp","video/x-flv","audio/flv","audio/x-flv","audio/mp3","audio/m4a","audio/mpeg","video/youtube","video/x-youtube","application/x-mpegURL"]}],youtube:[{version:null,types:["video/youtube","video/x-youtube","audio/youtube","audio/x-youtube"]}],vimeo:[{version:null,
    1515types:["video/vimeo","video/x-vimeo"]}]};
     
    102102c.updateCurrent();if(!c.isFullScreen){c.setPlayerSize(c.width,c.height);c.setControlsSize()}},false);setTimeout(function(){c.setPlayerSize(c.width,c.height);c.setControlsSize()},50);c.globalBind("resize",function(){c.isFullScreen||mejs.MediaFeatures.hasTrueNativeFullScreen&&document.webkitIsFullScreen||c.setPlayerSize(c.width,c.height);c.setControlsSize()});c.media.pluginType=="youtube"&&c.options.autoplay&&c.container.find(".mejs-overlay-play").hide()}d&&a.pluginType=="native"&&c.play();if(c.options.success)typeof c.options.success==
    103103"string"?window[c.options.success](c.media,c.domNode,c):c.options.success(c.media,c.domNode,c)}},handleError:function(a){this.controls.hide();this.options.error&&this.options.error(a)},setPlayerSize:function(a,b){if(!this.options.setDimensions)return false;if(typeof a!="undefined")this.width=a;if(typeof b!="undefined")this.height=b;if(this.height.toString().indexOf("%")>0||this.$node.css("max-width")==="100%"||this.$node[0].currentStyle&&this.$node[0].currentStyle.maxWidth==="100%"){var c=this.isVideo?
    104 this.media.videoWidth&&this.media.videoWidth>0?this.media.videoWidth:this.media.getAttribute("width")!==null?this.media.getAttribute("width"):this.options.defaultVideoWidth:this.options.defaultAudioHeight,e=this.isVideo?this.media.videoHeight&&this.media.videoHeight>0?this.media.videoHeight:this.media.getAttribute("height")!==null?this.media.getAttribute("height"):this.options.defaultVideoHeight:this.options.defaultAudioHeight,d=this.container.parent().closest(":visible").width();c=this.isVideo||
    105 !this.options.autosizeProgress?parseInt(d*e/c,10)>this.container.parent().closest(":visible").height()?this.container.parent().closest(":visible").height():parseInt(d*e/c,10):e;if(isNaN(c))c=this.container.parent().closest(":visible").height();if(this.container.parent()[0].tagName.toLowerCase()==="body"){d=f(window).width();c=f(window).height()}if(c!=0&&d!=0){this.container.width(d).height(c);this.$media.add(this.container.find(".mejs-shim")).width("100%").height("100%");this.isVideo&&this.media.setVideoSize&&
    106 this.media.setVideoSize(d,c);this.layers.children(".mejs-layer").width("100%").height("100%")}}else{this.container.width(this.width).height(this.height);this.layers.children(".mejs-layer").width(this.width).height(this.height)}d=this.layers.find(".mejs-overlay-play");c=d.find(".mejs-overlay-button");d.height(this.container.height()-this.controls.height());c.css("margin-top","-"+(c.height()/2-this.controls.height()/2).toString()+"px")},setControlsSize:function(){var a=0,b=0,c=this.controls.find(".mejs-time-rail"),
    107 e=this.controls.find(".mejs-time-total");this.controls.find(".mejs-time-current");this.controls.find(".mejs-time-loaded");var d=c.siblings(),g=d.last(),k=null;if(!(!this.container.is(":visible")||!c.length||!c.is(":visible"))){if(this.options&&!this.options.autosizeProgress)b=parseInt(c.css("width"));if(b===0||!b){d.each(function(){var j=f(this);if(j.css("position")!="absolute"&&j.is(":visible"))a+=f(this).outerWidth(true)});b=this.controls.width()-a-(c.outerWidth(true)-c.width())}do{c.width(b);e.width(b-
    108 (e.outerWidth(true)-e.width()));if(g.css("position")!="absolute"){k=g.position();b--}}while(k!=null&&k.top>0&&b>0);this.setProgressRail&&this.setProgressRail();this.setCurrentRail&&this.setCurrentRail()}},buildposter:function(a,b,c,e){var d=f('<div class="mejs-poster mejs-layer"></div>').appendTo(c);b=a.$media.attr("poster");if(a.options.poster!=="")b=a.options.poster;b!==""&&b!=null?this.setPoster(b):d.hide();e.addEventListener("play",function(){d.hide()},false);a.options.showPosterWhenEnded&&a.options.autoRewind&&
    109 e.addEventListener("ended",function(){d.show()},false)},setPoster:function(a){var b=this.container.find(".mejs-poster"),c=b.find("img");if(c.length==0)c=f('<img width="100%" height="100%" />').appendTo(b);c.attr("src",a);b.css({"background-image":"url("+a+")"})},buildoverlays:function(a,b,c,e){var d=this;if(a.isVideo){var g=f('<div class="mejs-overlay mejs-layer"><div class="mejs-overlay-loading"><span></span></div></div>').hide().appendTo(c),k=f('<div class="mejs-overlay mejs-layer"><div class="mejs-overlay-error"></div></div>').hide().appendTo(c),
    110 j=f('<div class="mejs-overlay mejs-layer mejs-overlay-play"><div class="mejs-overlay-button"></div></div>').appendTo(c).bind("click",function(){d.options.clickToPlayPause&&e.paused&&e.play()});e.addEventListener("play",function(){j.hide();g.hide();b.find(".mejs-time-buffering").hide();k.hide()},false);e.addEventListener("playing",function(){j.hide();g.hide();b.find(".mejs-time-buffering").hide();k.hide()},false);e.addEventListener("seeking",function(){g.show();b.find(".mejs-time-buffering").show()},
    111 false);e.addEventListener("seeked",function(){g.hide();b.find(".mejs-time-buffering").hide()},false);e.addEventListener("pause",function(){mejs.MediaFeatures.isiPhone||j.show()},false);e.addEventListener("waiting",function(){g.show();b.find(".mejs-time-buffering").show()},false);e.addEventListener("loadeddata",function(){g.show();b.find(".mejs-time-buffering").show()},false);e.addEventListener("canplay",function(){g.hide();b.find(".mejs-time-buffering").hide()},false);e.addEventListener("error",function(){g.hide();
    112 b.find(".mejs-time-buffering").hide();k.show();k.find("mejs-overlay-error").html("Error loading this resource")},false);e.addEventListener("keydown",function(m){d.onkeydown(a,e,m)},false)}},buildkeyboard:function(a,b,c,e){var d=this;d.globalBind("keydown",function(g){return d.onkeydown(a,e,g)});d.globalBind("click",function(g){a.hasFocus=f(g.target).closest(".mejs-container").length!=0})},onkeydown:function(a,b,c){if(a.hasFocus&&a.options.enableKeyboard)for(var e=0,d=a.options.keyActions.length;e<
    113 d;e++)for(var g=a.options.keyActions[e],k=0,j=g.keys.length;k<j;k++)if(c.keyCode==g.keys[k]){typeof c.preventDefault=="function"&&c.preventDefault();g.action(a,b,c.keyCode);return false}return true},findTracks:function(){var a=this,b=a.$media.find("track");a.tracks=[];b.each(function(c,e){e=f(e);a.tracks.push({srclang:e.attr("srclang")?e.attr("srclang").toLowerCase():"",src:e.attr("src"),kind:e.attr("kind"),label:e.attr("label")||"",entries:[],isLoaded:false})})},changeSkin:function(a){this.container[0].className=
    114 "mejs-container "+a;this.setPlayerSize(this.width,this.height);this.setControlsSize()},play:function(){this.load();this.media.play()},pause:function(){try{this.media.pause()}catch(a){}},load:function(){this.isLoaded||this.media.load();this.isLoaded=true},setMuted:function(a){this.media.setMuted(a)},setCurrentTime:function(a){this.media.setCurrentTime(a)},getCurrentTime:function(){return this.media.currentTime},setVolume:function(a){this.media.setVolume(a)},getVolume:function(){return this.media.volume},
    115 setSrc:function(a){this.media.setSrc(a)},remove:function(){var a,b;for(a in this.options.features){b=this.options.features[a];if(this["clean"+b])try{this["clean"+b](this)}catch(c){}}if(this.isDynamic)this.$node.insertBefore(this.container);else{this.$media.prop("controls",true);this.$node.clone().insertBefore(this.container).show();this.$node.remove()}this.media.pluginType!=="native"&&this.media.remove();delete mejs.players[this.id];typeof this.container=="object"&&this.container.remove();this.globalUnbind();
    116 delete this.node.player}};(function(){function a(c,e){var d={d:[],w:[]};f.each((c||"").split(" "),function(g,k){var j=k+"."+e;if(j.indexOf(".")===0){d.d.push(j);d.w.push(j)}else d[b.test(k)?"w":"d"].push(j)});d.d=d.d.join(" ");d.w=d.w.join(" ");return d}var b=/^((after|before)print|(before)?unload|hashchange|message|o(ff|n)line|page(hide|show)|popstate|resize|storage)\b/;mejs.MediaElementPlayer.prototype.globalBind=function(c,e,d){c=a(c,this.id);c.d&&f(document).bind(c.d,e,d);c.w&&f(window).bind(c.w,
    117 e,d)};mejs.MediaElementPlayer.prototype.globalUnbind=function(c,e){c=a(c,this.id);c.d&&f(document).unbind(c.d,e);c.w&&f(window).unbind(c.w,e)}})();if(typeof f!="undefined"){f.fn.mediaelementplayer=function(a){a===false?this.each(function(){var b=f(this).data("mediaelementplayer");b&&b.remove();f(this).removeData("mediaelementplayer")}):this.each(function(){f(this).data("mediaelementplayer",new mejs.MediaElementPlayer(this,a))});return this};f(document).ready(function(){f(".mejs-player").mediaelementplayer()})}window.MediaElementPlayer=
    118 mejs.MediaElementPlayer})(mejs.$);
     104this.media.videoWidth&&this.media.videoWidth>0?this.media.videoWidth:this.media.getAttribute("width")!==null?this.media.getAttribute("width"):this.options.defaultVideoWidth:this.options.defaultAudioWidth,e=this.isVideo?this.media.videoHeight&&this.media.videoHeight>0?this.media.videoHeight:this.media.getAttribute("height")!==null?this.media.getAttribute("height"):this.options.defaultVideoHeight:this.options.defaultAudioHeight,d=this.container.parent().closest(":visible").width(),g=this.container.parent().closest(":visible").height();
     105c=this.isVideo||!this.options.autosizeProgress?parseInt(d*e/c,10):e;if(isNaN(c)||g!=0&&c>g)c=g;if(this.container.parent()[0].tagName.toLowerCase()==="body"){d=f(window).width();c=f(window).height()}if(c!=0&&d!=0){this.container.width(d).height(c);this.$media.add(this.container.find(".mejs-shim")).width("100%").height("100%");this.isVideo&&this.media.setVideoSize&&this.media.setVideoSize(d,c);this.layers.children(".mejs-layer").width("100%").height("100%")}}else{this.container.width(this.width).height(this.height);
     106this.layers.children(".mejs-layer").width(this.width).height(this.height)}d=this.layers.find(".mejs-overlay-play");g=d.find(".mejs-overlay-button");d.height(this.container.height()-this.controls.height());g.css("margin-top","-"+(g.height()/2-this.controls.height()/2).toString()+"px")},setControlsSize:function(){var a=0,b=0,c=this.controls.find(".mejs-time-rail"),e=this.controls.find(".mejs-time-total");this.controls.find(".mejs-time-current");this.controls.find(".mejs-time-loaded");var d=c.siblings(),
     107g=d.last(),k=null;if(!(!this.container.is(":visible")||!c.length||!c.is(":visible"))){if(this.options&&!this.options.autosizeProgress)b=parseInt(c.css("width"));if(b===0||!b){d.each(function(){var j=f(this);if(j.css("position")!="absolute"&&j.is(":visible"))a+=f(this).outerWidth(true)});b=this.controls.width()-a-(c.outerWidth(true)-c.width())}do{c.width(b);e.width(b-(e.outerWidth(true)-e.width()));if(g.css("position")!="absolute"){k=g.position();b--}}while(k!=null&&k.top>0&&b>0);this.setProgressRail&&
     108this.setProgressRail();this.setCurrentRail&&this.setCurrentRail()}},buildposter:function(a,b,c,e){var d=f('<div class="mejs-poster mejs-layer"></div>').appendTo(c);b=a.$media.attr("poster");if(a.options.poster!=="")b=a.options.poster;b!==""&&b!=null?this.setPoster(b):d.hide();e.addEventListener("play",function(){d.hide()},false);a.options.showPosterWhenEnded&&a.options.autoRewind&&e.addEventListener("ended",function(){d.show()},false)},setPoster:function(a){var b=this.container.find(".mejs-poster"),
     109c=b.find("img");if(c.length==0)c=f('<img width="100%" height="100%" />').appendTo(b);c.attr("src",a);b.css({"background-image":"url("+a+")"})},buildoverlays:function(a,b,c,e){var d=this;if(a.isVideo){var g=f('<div class="mejs-overlay mejs-layer"><div class="mejs-overlay-loading"><span></span></div></div>').hide().appendTo(c),k=f('<div class="mejs-overlay mejs-layer"><div class="mejs-overlay-error"></div></div>').hide().appendTo(c),j=f('<div class="mejs-overlay mejs-layer mejs-overlay-play"><div class="mejs-overlay-button"></div></div>').appendTo(c).bind("click",
     110function(){d.options.clickToPlayPause&&e.paused&&e.play()});e.addEventListener("play",function(){j.hide();g.hide();b.find(".mejs-time-buffering").hide();k.hide()},false);e.addEventListener("playing",function(){j.hide();g.hide();b.find(".mejs-time-buffering").hide();k.hide()},false);e.addEventListener("seeking",function(){g.show();b.find(".mejs-time-buffering").show()},false);e.addEventListener("seeked",function(){g.hide();b.find(".mejs-time-buffering").hide()},false);e.addEventListener("pause",function(){mejs.MediaFeatures.isiPhone||
     111j.show()},false);e.addEventListener("waiting",function(){g.show();b.find(".mejs-time-buffering").show()},false);e.addEventListener("loadeddata",function(){g.show();b.find(".mejs-time-buffering").show()},false);e.addEventListener("canplay",function(){g.hide();b.find(".mejs-time-buffering").hide()},false);e.addEventListener("error",function(){g.hide();b.find(".mejs-time-buffering").hide();k.show();k.find("mejs-overlay-error").html("Error loading this resource")},false);e.addEventListener("keydown",
     112function(m){d.onkeydown(a,e,m)},false)}},buildkeyboard:function(a,b,c,e){var d=this;d.globalBind("keydown",function(g){return d.onkeydown(a,e,g)});d.globalBind("click",function(g){a.hasFocus=f(g.target).closest(".mejs-container").length!=0})},onkeydown:function(a,b,c){if(a.hasFocus&&a.options.enableKeyboard)for(var e=0,d=a.options.keyActions.length;e<d;e++)for(var g=a.options.keyActions[e],k=0,j=g.keys.length;k<j;k++)if(c.keyCode==g.keys[k]){typeof c.preventDefault=="function"&&c.preventDefault();
     113g.action(a,b,c.keyCode);return false}return true},findTracks:function(){var a=this,b=a.$media.find("track");a.tracks=[];b.each(function(c,e){e=f(e);a.tracks.push({srclang:e.attr("srclang")?e.attr("srclang").toLowerCase():"",src:e.attr("src"),kind:e.attr("kind"),label:e.attr("label")||"",entries:[],isLoaded:false})})},changeSkin:function(a){this.container[0].className="mejs-container "+a;this.setPlayerSize(this.width,this.height);this.setControlsSize()},play:function(){this.load();this.media.play()},
     114pause:function(){try{this.media.pause()}catch(a){}},load:function(){this.isLoaded||this.media.load();this.isLoaded=true},setMuted:function(a){this.media.setMuted(a)},setCurrentTime:function(a){this.media.setCurrentTime(a)},getCurrentTime:function(){return this.media.currentTime},setVolume:function(a){this.media.setVolume(a)},getVolume:function(){return this.media.volume},setSrc:function(a){this.media.setSrc(a)},remove:function(){var a,b;for(a in this.options.features){b=this.options.features[a];if(this["clean"+
     115b])try{this["clean"+b](this)}catch(c){}}if(this.isDynamic)this.$node.insertBefore(this.container);else{this.$media.prop("controls",true);this.$node.clone().insertBefore(this.container).show();this.$node.remove()}this.media.pluginType!=="native"&&this.media.remove();delete mejs.players[this.id];typeof this.container=="object"&&this.container.remove();this.globalUnbind();delete this.node.player}};(function(){function a(c,e){var d={d:[],w:[]};f.each((c||"").split(" "),function(g,k){var j=k+"."+e;if(j.indexOf(".")===
     1160){d.d.push(j);d.w.push(j)}else d[b.test(k)?"w":"d"].push(j)});d.d=d.d.join(" ");d.w=d.w.join(" ");return d}var b=/^((after|before)print|(before)?unload|hashchange|message|o(ff|n)line|page(hide|show)|popstate|resize|storage)\b/;mejs.MediaElementPlayer.prototype.globalBind=function(c,e,d){c=a(c,this.id);c.d&&f(document).bind(c.d,e,d);c.w&&f(window).bind(c.w,e,d)};mejs.MediaElementPlayer.prototype.globalUnbind=function(c,e){c=a(c,this.id);c.d&&f(document).unbind(c.d,e);c.w&&f(window).unbind(c.w,e)}})();
     117if(typeof f!="undefined"){f.fn.mediaelementplayer=function(a){a===false?this.each(function(){var b=f(this).data("mediaelementplayer");b&&b.remove();f(this).removeData("mediaelementplayer")}):this.each(function(){f(this).data("mediaelementplayer",new mejs.MediaElementPlayer(this,a))});return this};f(document).ready(function(){f(".mejs-player").mediaelementplayer()})}window.MediaElementPlayer=mejs.MediaElementPlayer})(mejs.$);
    119118(function(f){f.extend(mejs.MepDefaults,{playpauseText:mejs.i18n.t("Play/Pause")});f.extend(MediaElementPlayer.prototype,{buildplaypause:function(a,b,c,e){var d=f('<div class="mejs-button mejs-playpause-button mejs-play" ><button type="button" aria-controls="'+this.id+'" title="'+this.options.playpauseText+'" aria-label="'+this.options.playpauseText+'"></button></div>').appendTo(b).click(function(g){g.preventDefault();e.paused?e.play():e.pause();return false});e.addEventListener("play",function(){d.removeClass("mejs-play").addClass("mejs-pause")},
    120119false);e.addEventListener("playing",function(){d.removeClass("mejs-play").addClass("mejs-pause")},false);e.addEventListener("pause",function(){d.removeClass("mejs-pause").addClass("mejs-play")},false);e.addEventListener("paused",function(){d.removeClass("mejs-pause").addClass("mejs-play")},false)}})})(mejs.$);
     
    150149(mejs.MediaFeatures.isFullScreen()||this.isFullScreen))mejs.MediaFeatures.cancelFullScreen();f(document.documentElement).removeClass("mejs-fullscreen");this.container.removeClass("mejs-container-fullscreen").width(normalWidth).height(normalHeight);if(this.media.pluginType==="native")this.$media.width(normalWidth).height(normalHeight);else{this.container.find(".mejs-shim").width(normalWidth).height(normalHeight);this.media.setVideoSize(normalWidth,normalHeight)}this.layers.children("div").width(normalWidth).height(normalHeight);
    151150this.fullscreenBtn.removeClass("mejs-unfullscreen").addClass("mejs-fullscreen");this.setControlsSize();this.isFullScreen=false;this.container.find(".mejs-captions-text").css("font-size","");this.container.find(".mejs-captions-position").css("bottom","")}}})})(mejs.$);
    152 (function(f){f.extend(mejs.MepDefaults,{speeds:["1.50","1.25","1.00","0.75"],defaultSpeed:"1.00"});f.extend(MediaElementPlayer.prototype,{buildspeed:function(a,b,c,e){if(a.isVideo)if(this.media.pluginType=="native"){c='<div class="mejs-button mejs-speed-button"><button type="button">'+this.options.defaultSpeed+'x</button><div class="mejs-speed-selector"><ul>';var d;f.inArray(this.options.defaultSpeed,this.options.speeds)===-1&&this.options.speeds.push(this.options.defaultSpeed);this.options.speeds.sort(function(g,
     151(function(f){f.extend(mejs.MepDefaults,{speeds:["1.50","1.25","1.00","0.75"],defaultSpeed:"1.00"});f.extend(MediaElementPlayer.prototype,{buildspeed:function(a,b,c,e){if(this.media.pluginType=="native"){c='<div class="mejs-button mejs-speed-button"><button type="button">'+this.options.defaultSpeed+'x</button><div class="mejs-speed-selector"><ul>';var d;f.inArray(this.options.defaultSpeed,this.options.speeds)===-1&&this.options.speeds.push(this.options.defaultSpeed);this.options.speeds.sort(function(g,
    153152k){return parseFloat(k)-parseFloat(g)});for(d=0;d<this.options.speeds.length;d++){c+='<li><input type="radio" name="speed" value="'+this.options.speeds[d]+'" id="'+this.options.speeds[d]+'" ';if(this.options.speeds[d]==this.options.defaultSpeed){c+="checked=true ";c+='/><label for="'+this.options.speeds[d]+'" class="mejs-speed-selected">'+this.options.speeds[d]+"x</label></li>"}else c+='/><label for="'+this.options.speeds[d]+'">'+this.options.speeds[d]+"x</label></li>"}c+="</ul></div></div>";a.speedButton=
    154153f(c).appendTo(b);a.playbackspeed=this.options.defaultSpeed;a.speedButton.on("click","input[type=radio]",function(){a.playbackspeed=f(this).attr("value");e.playbackRate=parseFloat(a.playbackspeed);a.speedButton.find("button").text(a.playbackspeed+"x");a.speedButton.find(".mejs-speed-selected").removeClass("mejs-speed-selected");a.speedButton.find("input[type=radio]:checked").next().addClass("mejs-speed-selected")});b=a.speedButton.find(".mejs-speed-selector");b.height(this.speedButton.find(".mejs-speed-selector ul").outerHeight(true)+
  • tags/4.0.1/src/wp-includes/js/quicktags.js

    r46222 r46222  
    385385            canvas.value = text.substring(0, startPos) + content + text.substring(endPos, text.length);
    386386
    387             canvas.focus();
    388387            canvas.selectionStart = startPos + content.length;
    389388            canvas.selectionEnd = startPos + content.length;
    390389            canvas.scrollTop = scrollTop;
     390            canvas.focus();
    391391        } else {
    392392            canvas.value += content;
     
    510510            }
    511511
    512             canvas.focus();
    513512            canvas.selectionStart = cursorPos;
    514513            canvas.selectionEnd = cursorPos;
    515514            canvas.scrollTop = scrollTop;
     515            canvas.focus();
    516516        } else { // other browsers?
    517517            if ( !endTag ) {
  • tags/4.0.1/src/wp-includes/js/tinymce/plugins/wpeditimage/plugin.js

    r46222 r46222  
    11/* global tinymce */
    22tinymce.PluginManager.add( 'wpeditimage', function( editor ) {
    3     var toolbarActive = false,
     3    var serializer,
     4        toolbarActive = false,
    45        editingImage = false;
    56
     
    8384            }
    8485
    85             out = b.replace( /<dl ([^>]+)>\s*<dt [^>]+>([\s\S]+?)<\/dt>\s*<dd [^>]+>([\s\S]*?)<\/dd>\s*<\/dl>/gi, function( a, b, c, caption ) {
     86            out = b.replace( /\s*<dl ([^>]+)>\s*<dt [^>]+>([\s\S]+?)<\/dt>\s*<dd [^>]+>([\s\S]*?)<\/dd>\s*<\/dl>\s*/gi, function( a, b, c, caption ) {
    8687                var id, classes, align, width;
    8788
     
    117118            });
    118119
    119             if ( out.indexOf('[caption') !== 0 ) {
     120            if ( out.indexOf('[caption') === -1 ) {
    120121                // the caption html seems broken, try to find the image that may be wrapped in a link
    121122                // and may be followed by <p> with the caption text.
     
    227228    }
    228229
     230    // Verify HTML in captions
     231    function verifyHTML( caption ) {
     232        if ( ! caption || ( caption.indexOf( '<' ) === -1 && caption.indexOf( '>' ) === -1 ) ) {
     233            return caption;
     234        }
     235
     236        if ( ! serializer ) {
     237            serializer = new tinymce.html.Serializer( {}, editor.schema );
     238        }
     239
     240        return serializer.serialize( editor.parser.parse( caption, { forced_root_block: false } ) );
     241    }
     242
    229243    function updateImage( imageNode, imageData ) {
    230244        var classes, className, node, html, parent, wrap, linkNode,
     
    304318
    305319        if ( imageData.caption ) {
     320            imageData.caption = verifyHTML( imageData.caption );
    306321
    307322            id = imageData.attachment_id ? 'attachment_' + imageData.attachment_id : null;
     
    646661                // Convert remaining line breaks to <br>
    647662                caption = caption.replace( /(<br[^>]*>)\s*\n\s*/g, '$1' ).replace( /\s*\n\s*/g, '<br />' );
     663                caption = verifyHTML( caption );
    648664            }
    649665
  • tags/4.0.1/src/wp-includes/js/tinymce/plugins/wpview/plugin.js

    r46222 r46222  
    1313        _noop = function() { return false; },
    1414        isios = /iPad|iPod|iPhone/.test( navigator.userAgent ),
    15         cursorInterval, lastKeyDownNode, setViewCursorTries, focus, execCommandView;
     15        cursorInterval, lastKeyDownNode, setViewCursorTries, focus, execCommandView, execCommandBefore;
    1616
    1717    function getView( node ) {
     
    369369    function isSpecialKey( key ) {
    370370        return ( ( key <= 47 && key !== VK.SPACEBAR && key !== VK.ENTER && key !== VK.DELETE && key !== VK.BACKSPACE && ( key < 37 || key > 40 ) ) ||
    371             key >= 224 || // OEM or non-printable 
     371            key >= 224 || // OEM or non-printable
    372372            ( key >= 144 && key <= 150 ) || // Num Lock, Scroll Lock, OEM
    373373            ( key >= 91 && key <= 93 ) || // Windows keys
     
    650650            view;
    651651
    652         if ( node && ( node.className === 'wpview-selection-before' || node.className === 'wpview-selection-after' ) && ( view = getView( node ) ) ) {
    653             handleEnter( view );
     652        if ( node && ( ( execCommandBefore = node.className === 'wpview-selection-before' ) || node.className === 'wpview-selection-after' ) && ( view = getView( node ) ) ) {
     653            handleEnter( view, execCommandBefore );
    654654            execCommandView = view;
    655655        }
     
    666666
    667667        if ( execCommandView ) {
    668             node = execCommandView.nextSibling;
     668            node = execCommandView[ execCommandBefore ? 'previousSibling' : 'nextSibling' ];
    669669
    670670            if ( node && node.nodeName === 'P' && editor.dom.isEmpty( node ) ) {
    671671                editor.dom.remove( node );
    672                 setViewCursor( false, execCommandView );
     672                setViewCursor( execCommandBefore, execCommandView );
    673673            }
    674674
  • tags/4.0.1/src/wp-includes/kses.php

    r46222 r46222  
    14411441    $css = str_replace(array("\n","\r","\t"), '', $css);
    14421442
    1443     if ( preg_match( '%[\\(&=}]|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments
     1443    if ( preg_match( '%[\\\\(&=}]|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments
    14441444        return '';
    14451445
  • tags/4.0.1/src/wp-includes/link-template.php

    r46222 r46222  
    258258    $post_type = get_post_type_object($post->post_type);
    259259
     260    if ( $post_type->hierarchical ) {
     261        $slug = get_page_uri( $id );
     262    }
     263
    260264    if ( !empty($post_link) && ( !$draft_or_pending || $sample ) ) {
    261265        if ( ! $leavename ) {
    262             if ( $post_type->hierarchical )
    263                 $slug = get_page_uri($id);
    264266            $post_link = str_replace("%$post->post_type%", $slug, $post_link);
    265267        }
     
    15121514
    15131515        if ( ! empty( $excluded_terms ) ) {
    1514             $where .= " AND p.ID NOT IN ( SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id IN (" . implode( $excluded_terms, ',' ) . ') )';
     1516            $where .= " AND p.ID NOT IN ( SELECT tr.object_id FROM $wpdb->term_relationships tr LEFT JOIN $wpdb->term_taxonomy tt ON (tr.term_taxonomy_id = tt.term_taxonomy_id) WHERE tt.term_id IN (" . implode( $excluded_terms, ',' ) . ') )';
    15151517        }
    15161518    }
  • tags/4.0.1/src/wp-includes/media-template.php

    r46222 r46222  
    313313
    314314                <div class="attachment-actions">
    315                     <# if ( 'image' === data.type && ! data.uploading && data.sizes ) { #>
     315                    <# if ( 'image' === data.type && ! data.uploading && data.sizes && data.can.save ) { #>
    316316                        <a class="button edit-attachment" href="#"><?php _e( 'Edit Image' ); ?></a>
    317317                    <# } #>
     
    395395                    <span class="value">{{ data.authorName }}</span>
    396396                </label>
    397                 <# if ( data.uploadedTo ) { #>
     397                <# if ( data.uploadedToTitle ) { #>
    398398                    <label class="setting">
    399399                        <span class="name"><?php _e( 'Uploaded To' ); ?></span>
     
    409409
    410410            <div class="actions">
    411                 <a class="view-attachment" href="{{ data.link }}"><?php _e( 'View attachment page' ); ?></a> |
    412                 <a href="post.php?post={{ data.id }}&action=edit"><?php _e( 'Edit more details' ); ?></a>
     411                <a class="view-attachment" href="{{ data.link }}"><?php _e( 'View attachment page' ); ?></a>
     412                <# if ( data.can.save ) { #> |
     413                    <a href="post.php?post={{ data.id }}&action=edit"><?php _e( 'Edit more details' ); ?></a>
     414                <# } #>
    413415                <# if ( ! data.uploading && data.can.remove ) { #> |
    414                         <?php if ( MEDIA_TRASH ): ?>
     416                    <?php if ( MEDIA_TRASH ): ?>
    415417                        <# if ( 'trash' === data.status ) { #>
    416418                            <a class="untrash-attachment" href="#"><?php _e( 'Untrash' ); ?></a>
     
    418420                            <a class="trash-attachment" href="#"><?php _e( 'Trash' ); ?></a>
    419421                        <# } #>
    420                         <?php else: ?>
    421                             <a class="delete-attachment" href="#"><?php _e( 'Delete Permanently' ); ?></a>
    422                         <?php endif; ?>
    423                     <# } #>
     422                    <?php else: ?>
     423                        <a class="delete-attachment" href="#"><?php _e( 'Delete Permanently' ); ?></a>
     424                    <?php endif; ?>
     425                <# } #>
    424426            </div>
    425427
  • tags/4.0.1/src/wp-includes/media.php

    r46222 r46222  
    12481248    }
    12491249
     1250    if ( $atts['type'] !== 'audio' ) {
     1251        $atts['type'] = 'video';
     1252    }
     1253
    12501254    $args = array(
    12511255        'post_status' => 'inherit',
     
    15971601        'class'    => apply_filters( 'wp_audio_shortcode_class', 'wp-audio-shortcode' ),
    15981602        'id'       => sprintf( 'audio-%d-%d', $post_id, $instances ),
    1599         'loop'     => $atts['loop'],
    1600         'autoplay' => $atts['autoplay'],
     1603        'loop'     => wp_validate_boolean( $atts['loop'] ),
     1604        'autoplay' => wp_validate_boolean( $atts['autoplay'] ),
    16011605        'preload'  => $atts['preload'],
    16021606        'style'    => 'width: 100%; visibility: hidden;',
     
    18231827        'height'   => absint( $atts['height'] ),
    18241828        'poster'   => esc_url( $atts['poster'] ),
    1825         'loop'     => $atts['loop'],
    1826         'autoplay' => $atts['autoplay'],
     1829        'loop'     => wp_validate_boolean( $atts['loop'] ),
     1830        'autoplay' => wp_validate_boolean( $atts['autoplay'] ),
    18271831        'preload'  => $atts['preload'],
    18281832    );
     
    26442648    if ( $attachment->post_parent ) {
    26452649        $post_parent = get_post( $attachment->post_parent );
     2650    } else {
     2651        $post_parent = false;
     2652    }
     2653
     2654    if ( $post_parent ) {
    26462655        $parent_type = get_post_type_object( $post_parent->post_type );
    26472656        if ( $parent_type && $parent_type->show_ui && current_user_can( 'edit_post', $attachment->post_parent ) ) {
  • tags/4.0.1/src/wp-includes/ms-functions.php

    r46222 r46222  
    13801380    populate_options();
    13811381    populate_roles();
    1382     $wp_roles->_init();
     1382
     1383    // populate_roles() clears previous role definitions so we start over.
     1384    $wp_roles = new WP_Roles();
    13831385
    13841386    $url = untrailingslashit( $url );
  • tags/4.0.1/src/wp-includes/pluggable.php

    r46222 r46222  
    670670
    671671    $key = wp_hash( $username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme );
    672     $hash = hash_hmac( 'sha256', $username . '|' . $expiration . '|' . $token, $key );
     672
     673    // If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
     674    $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
     675    $hash = hash_hmac( $algo, $username . '|' . $expiration . '|' . $token, $key );
    673676
    674677    if ( ! hash_equals( $hash, $hmac ) ) {
     
    735738
    736739    $key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme );
    737     $hash = hash_hmac( 'sha256', $user->user_login . '|' . $expiration . '|' . $token, $key );
     740
     741    // If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
     742    $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
     743    $hash = hash_hmac( $algo, $user->user_login . '|' . $expiration . '|' . $token, $key );
    738744
    739745    $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;
     
    19341940    // If the hash is still md5...
    19351941    if ( strlen($hash) <= 32 ) {
    1936         $check = ( $hash == md5($password) );
     1942        $check = hash_equals( $hash, md5( $password ) );
    19371943        if ( $check && $user_id ) {
    19381944            // Rehash using new hash.
  • tags/4.0.1/src/wp-includes/post.php

    r46222 r46222  
    47204720    $defaults = array(
    47214721        'file'        => $file,
    4722         'post_parent' => $parent
     4722        'post_parent' => 0
    47234723    );
     4724
    47244725    $data = wp_parse_args( $args, $defaults );
     4726
     4727    if ( ! empty( $parent ) ) {
     4728        $data['post_parent'] = $parent;
     4729    }
    47254730
    47264731    $data['post_type'] = 'attachment';
  • tags/4.0.1/src/wp-includes/session.php

    r46222 r46222  
    6262     */
    6363    final private function hash_token( $token ) {
    64         return hash( 'sha256', $token );
     64        // If ext/hash is not present, use sha1() instead.
     65        if ( function_exists( 'hash' ) ) {
     66            return hash( 'sha256', $token );
     67        } else {
     68            return sha1( $token );
     69        }
    6570    }
    6671
  • tags/4.0.1/src/wp-includes/user.php

    r46222 r46222  
    18191819
    18201820    if ( $update ) {
     1821        if ( $user_email !== $old_user_data->user_email ) {
     1822            $data['user_activation_key'] = '';
     1823        }
    18211824        $wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
    18221825        $user_id = (int) $ID;
  • tags/4.0.1/src/wp-includes/version.php

    r46222 r46222  
    55 * @global string $wp_version
    66 */
    7 $wp_version = '4.0-src';
     7$wp_version = '4.0.1-src';
    88
    99/**
  • tags/4.0.1/src/wp-login.php

    r46222 r46222  
    572572        list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
    573573        $user = check_password_reset_key( $rp_key, $rp_login );
     574        if ( isset( $_POST['pass1'] ) && ! hash_equals( $rp_key, $_POST['rp_key'] ) ) {
     575            $user = false;
     576        }
    574577    } else {
    575578        $user = false;
     
    641644    do_action( 'resetpass_form', $user );
    642645    ?>
     646    <input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" />
    643647    <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
    644648</form>
  • tags/4.0.1/tests/phpunit/tests/auth.php

    r46222 r46222  
    33/**
    44 * @group pluggable
     5 * @group auth
    56 */
    67class Tests_Auth extends WP_UnitTestCase {
     
    100101        $this->assertFalse( wp_verify_nonce( null ) );
    101102    }
     103
     104    function test_password_length_limit() {
     105        $passwords = array(
     106            str_repeat( 'a', 4095 ), // short
     107            str_repeat( 'a', 4096 ), // limit
     108            str_repeat( 'a', 4097 ), // long
     109        );
     110
     111        $user_id = $this->factory->user->create( array( 'user_login' => 'password-length-test' ) );
     112
     113        wp_set_password( $passwords[1], $user_id );
     114        $user = get_user_by( 'id', $user_id );
     115        // phpass hashed password
     116        $this->assertStringStartsWith( '$P$', $user->data->user_pass );
     117
     118        $user = wp_authenticate( 'password-length-test', $passwords[0] );
     119        // Wrong Password
     120        $this->assertInstanceOf( 'WP_Error', $user );
     121
     122        $user = wp_authenticate( 'password-length-test', $passwords[1] );
     123        $this->assertInstanceOf( 'WP_User', $user );
     124        $this->assertEquals( $user_id, $user->ID );
     125
     126        $user = wp_authenticate( 'password-length-test', $passwords[2] );
     127        // Wrong Password
     128        $this->assertInstanceOf( 'WP_Error', $user );
     129
     130
     131        wp_set_password( $passwords[2], $user_id );
     132        $user = get_user_by( 'id', $user_id );
     133        // Password broken by setting it to be too long.
     134        $this->assertEquals( '*', $user->data->user_pass );
     135
     136        $user = wp_authenticate( 'password-length-test', $passwords[0] );
     137        // Wrong Password
     138        $this->assertInstanceOf( 'WP_Error', $user );
     139
     140        $user = wp_authenticate( 'password-length-test', $passwords[1] );
     141        // Wrong Password
     142        $this->assertInstanceOf( 'WP_Error', $user );
     143
     144        $user = wp_authenticate( 'password-length-test', $passwords[2] );
     145        // Password broken by setting it to be too long.
     146        $this->assertInstanceOf( 'WP_Error', $user );
     147    }
    102148}
  • tags/4.0.1/tests/phpunit/tests/formatting/WPTexturize.php

    r46222 r46222  
    1212    function test_disable() {
    1313        $this->assertEquals('<pre>---</pre>', wptexturize('<pre>---</pre>'));
    14         $this->assertEquals('[a]a&#8211;b[code]---[/code]a&#8211;b[/a]', wptexturize('[a]a--b[code]---[/code]a--b[/a]'));
    1514        $this->assertEquals('<pre><code></code>--</pre>', wptexturize('<pre><code></code>--</pre>'));
    1615
     
    11941193            ),
    11951194            array(
     1195                '[is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]',
     1196                '[is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]',
     1197            ),
     1198            array(
     1199                '[caption - is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]',
     1200                '[caption &#8211; is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]',
     1201            ),
     1202            array(
     1203                '[caption - is it wise to <a title="allow user content here? hmm"> ] maybe </a> ]',
     1204                '[caption - is it wise to <a title="allow user content here? hmm"> ] maybe </a> ]',
     1205            ),
     1206            array(
     1207                '[caption - is it wise to <a title="allow user content here? hmm"> maybe </a> ]',
     1208                '[caption - is it wise to <a title="allow user content here? hmm"> maybe </a> ]',
     1209            ),
     1210            array(
     1211                '[caption compare=">"]',
     1212                '[caption compare=&#8221;>&#8221;]',
     1213            ),
     1214            array(
     1215                '[caption compare="<>"]',
     1216                '[caption compare="<>"]',
     1217            ),
     1218            array(
     1219                '[caption compare="<" attr2="value" <!-->/]',
     1220                '[caption compare="<" attr2="value" <!-->/]',
     1221            ),
     1222            array(
     1223                '[caption compare="<"]',
     1224                '[caption compare=&#8221;<&#8221;]',
     1225            ),
     1226            array(
     1227                '[caption compare="<"]<br />',
     1228                '[caption compare=&#8221;<"]<br />',
     1229            ),
     1230            array(
    11961231                '[ photos by <a href="http://example.com/?a[]=1&a[]=2"> this guy </a> ]',
    11971232                '[ photos by <a href="http://example.com/?a[]=1&#038;a[]=2"> this guy </a> ]',
     
    12111246            array(
    12121247                '[/...]', // This would actually be ignored by the shortcode system.  The decision to not texturize it is intentional, if not correct.
    1213                 '[/...]',
     1248                '[/&#8230;]',
    12141249            ),
    12151250            array(
    12161251                '[...]...[/...]', // These are potentially usable shortcodes.
    1217                 '[...]&#8230;[/...]',
     1252                '[&#8230;]&#8230;[/&#8230;]',
    12181253            ),
    12191254            array(
    12201255                '[[...]]...[[/...]]', // Shortcode parsing will ignore the inner ]...[ part and treat this as a single escaped shortcode.
    1221                 '[[...]]&#8230;[[/...]]',
     1256                '[[&#8230;]]&#8230;[[/&#8230;]]',
    12221257            ),
    12231258            array(
    12241259                '[[[...]]]...[[[/...]]]', // Again, shortcode parsing matches, but only the [[...] and [/...]] parts.
    1225                 '[[[...]]]&#8230;[[[/...]]]',
     1260                '[[[&#8230;]]]&#8230;[[[/&#8230;]]]',
    12261261            ),
    12271262            array(
     
    12311266            array(
    12321267                '[code]...[/code]]...', // These are potentially usable shortcodes.  Unfortunately, the meaning of [/code]] is ambiguous unless we run the entire shortcode regexp.
    1233                 '[code]...[/code]]...', // This test would not pass in 3.9 because the extra brace was always ignored by texturize.
     1268                '[code]&#8230;[/code]]&#8230;', // This test would not pass in 3.9 because the extra brace was always ignored by texturize.
    12341269            ),
    12351270            array(
     
    13461381            ),
    13471382            array(
    1348                 '[Let\'s get crazy<input>[plugin code="<a href=\'?a[]=100\'>hello</a>"]</input>world]',
    1349                 '[Let&#8217;s get crazy<input>[plugin code="<a href=\'?a[]=100\'>hello</a>"]</input>world]',
     1383                '[Let\'s get crazy<input>[caption code="<a href=\'?a[]=100\'>hello</a>"]</input>world]', // caption shortcode is invalid here because it contains [] chars.
     1384                '[Let&#8217;s get crazy<input>[caption code=&#8221;<a href=\'?a[]=100\'>hello</a>&#8220;]</input>world]',
    13501385            ),
    13511386        );
     
    17161751            array(
    17171752                '<span>hello[code]---</span>',
    1718                 '<span>hello[code]---</span>',
     1753                '<span>hello[code]&#8212;</span>',
    17191754            ),
    17201755            array(
    17211756                '[code]hello<span>---</span>',
    1722                 '[code]hello<span>---</span>',
     1757                '[code]hello<span>&#8212;</span>',
    17231758            ),
    17241759            array(
    17251760                '[code]hello</span>---</span>',
    1726                 '[code]hello</span>---</span>',
     1761                '[code]hello</span>&#8212;</span>',
     1762            ),
     1763        );
     1764    }
     1765
     1766    /**
     1767     * Test disabling shortcode texturization.
     1768     *
     1769     * @ticket 29557
     1770     * @dataProvider data_unregistered_shortcodes
     1771     */
     1772    function test_unregistered_shortcodes( $input, $output ) {
     1773        add_filter( 'no_texturize_shortcodes', array( $this, 'filter_shortcodes' ), 10, 1 );
     1774   
     1775        $output = $this->assertEquals( $output, wptexturize( $input ) );
     1776   
     1777        remove_filter( 'no_texturize_shortcodes', array( $this, 'filter_shortcodes' ), 10, 1 );
     1778        return $output;
     1779    }
     1780   
     1781    function filter_shortcodes( $disabled ) {
     1782        $disabled[] = 'audio';
     1783        return $disabled;
     1784    }
     1785
     1786    function data_unregistered_shortcodes() {
     1787        return array(
     1788            array(
     1789                '[a]a--b[code]---[/code]a--b[/a]', // code is not a registered shortcode.
     1790                '[a]a&#8211;b[code]&#8212;[/code]a&#8211;b[/a]',
     1791            ),
     1792            array(
     1793                '[a]a--b[audio]---[/audio]a--b[/a]',
     1794                '[a]a&#8211;b[audio]---[/audio]a&#8211;b[/a]',
     1795            ),
     1796            array(
     1797                '[code ...]...[/code]', // code is not a registered shortcode.
     1798                '[code &#8230;]&#8230;[/code]',
     1799            ),
     1800            array(
     1801                '[hello ...]...[/hello]', // hello is not a registered shortcode.
     1802                '[hello &#8230;]&#8230;[/hello]',
     1803            ),
     1804            array(
     1805                '[...]...[/...]', // These are potentially usable shortcodes.
     1806                '[&#8230;]&#8230;[/&#8230;]',
     1807            ),
     1808            array(
     1809                '[gal>ery ...]',
     1810                '[gal>ery &#8230;]',
     1811            ),
     1812            array(
     1813                '[randomthing param="test"]',
     1814                '[randomthing param=&#8221;test&#8221;]',
     1815            ),
     1816            array(
     1817                '[[audio]...[/audio]...', // These are potentially usable shortcodes.  Unfortunately, the meaning of [[audio] is ambiguous unless we run the entire shortcode regexp.
     1818                '[[audio]&#8230;[/audio]&#8230;',
     1819            ),
     1820            array(
     1821                '[audio]...[/audio]]...', // These are potentially usable shortcodes.  Unfortunately, the meaning of [/audio]] is ambiguous unless we run the entire shortcode regexp.
     1822                '[audio]...[/audio]]...', // This test would not pass in 3.9 because the extra brace was always ignored by texturize.
     1823            ),
     1824            array(
     1825                '<span>hello[/audio]---</span>',
     1826                '<span>hello[/audio]&#8212;</span>',
     1827            ),
     1828            array(
     1829                '[/audio]hello<span>---</span>',
     1830                '[/audio]hello<span>&#8212;</span>',
     1831            ),
     1832            array(
     1833                '[audio]hello[/audio]---</span>',
     1834                '[audio]hello[/audio]&#8212;</span>',
     1835            ),
     1836            array(
     1837                '<span>hello</span>---[audio]',
     1838                '<span>hello</span>&#8212;[audio]',
     1839            ),
     1840            array(
     1841                '<span>hello[audio]---</span>',
     1842                '<span>hello[audio]---</span>',
     1843            ),
     1844            array(
     1845                '[audio]hello<span>---</span>',
     1846                '[audio]hello<span>---</span>',
     1847            ),
     1848            array(
     1849                '[audio]hello</span>---</span>',
     1850                '[audio]hello</span>---</span>',
    17271851            ),
    17281852        );
  • tags/4.0.1/tests/phpunit/tests/link.php

    r46222 r46222  
    191191
    192192    /**
    193     * @ticket 22112
    194     */
     193     * @ticket 22112
     194     */
    195195    function test_get_adjacent_post_exclude_self_term() {
    196         $include = $this->factory->category->create();
     196        // Bump term_taxonomy to mimic shared term offsets.
     197        global $wpdb;
     198        $wpdb->insert( $wpdb->term_taxonomy, array( 'taxonomy' => 'foo', 'term_id' => 12345, 'description' => '' ) );
     199
     200        $include = $this->factory->term->create( array(
     201            'taxonomy' => 'category',
     202            'name' => 'Include',
     203        ) );
    197204        $exclude = $this->factory->category->create();
    198205
  • tags/4.0.1/tests/phpunit/tests/post/attachments.php

    r46222 r46222  
    255255    }
    256256
     257    /**
     258     * @ticket 29646
     259     */
     260    function test_update_orphan_attachment_parent() {
     261        $filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
     262        $contents = file_get_contents( $filename );
     263
     264        $upload = wp_upload_bits( basename( $filename ), null, $contents );
     265        $this->assertTrue( empty( $upload['error'] ) );
     266
     267        $attachment_id = $this->_make_attachment( $upload );
     268
     269        // Assert that the attachment is an orphan
     270        $attachment = get_post( $attachment_id );
     271        $this->assertEquals( $attachment->post_parent, 0 );
     272
     273        $post_id = wp_insert_post( array( 'post_content' => rand_str(), 'post_title' => rand_str() ) );
     274
     275        // Assert that the attachment has a parent
     276        wp_insert_attachment( $attachment, '', $post_id );
     277        $attachment = get_post( $attachment_id );
     278        $this->assertEquals( $attachment->post_parent, $post_id );
     279    }
     280
    257281}
  • tags/4.0.1/tests/phpunit/tests/query/results.php

    r46222 r46222  
    652652    }
    653653
     654    /**
     655     * @ticket 29615
     656     */
     657    function test_child_post_in_hierarchical_post_type_with_default_permalinks() {
     658        global $wp_rewrite;
     659
     660        $old_permastruct = get_option( 'permalink_structure' );
     661        $wp_rewrite->set_permalink_structure( '' );
     662        $wp_rewrite->flush_rules();
     663
     664        register_post_type( 'handbook', array( 'hierarchical' => true ) );
     665
     666        $post_1 = $this->factory->post->create( array( 'post_title' => 'Contributing to the WordPress Codex', 'post_type' => 'handbook' ) );
     667        $post_2 = $this->factory->post->create( array( 'post_title' => 'Getting Started', 'post_parent' => $post_1, 'post_type' => 'handbook' ) );
     668
     669        $this->assertContains( 'contributing-to-the-wordpress-codex/getting-started', get_permalink( $post_2 ) );
     670
     671        $result = $this->q->query( array( 'handbook' => 'contributing-to-the-wordpress-codex/getting-started', 'post_type' => 'handbook' ) );
     672        $this->assertCount( 1, $result );
     673
     674        $wp_rewrite->set_permalink_structure( $old_permastruct );
     675        $wp_rewrite->flush_rules();
     676    }
     677
    654678}
  • tags/4.0.1/tests/phpunit/tests/user.php

    r46222 r46222  
    655655        $this->assertNotContains( 'key', $metas );
    656656    }
     657
     658    function test_changing_email_invalidates_password_reset_key() {
     659        global $wpdb;
     660
     661        $user = $this->factory->user->create_and_get();
     662        $wpdb->update( $wpdb->users, array( 'user_activation_key' => 'key' ), array( 'ID' => $user->ID ) );
     663        clean_user_cache( $user );
     664
     665        $user = get_userdata( $user->ID );
     666        $this->assertEquals( 'key', $user->user_activation_key );
     667
     668        // Check that changing something other than the email doesn't remove the key.
     669        $userdata = array(
     670            'ID'            => $user->ID,
     671            'user_nicename' => 'wat',
     672        );
     673        wp_update_user( $userdata );
     674
     675        $user = get_userdata( $user->ID );
     676        $this->assertEquals( 'key', $user->user_activation_key );
     677
     678        // Now check that changing the email does remove it.
     679        $userdata = array(
     680            'ID'            => $user->ID,
     681            'user_nicename' => 'cat',
     682            'user_email'    => 'foo@bar.dev',
     683        );
     684        wp_update_user( $userdata );
     685
     686        $user = get_userdata( $user->ID );
     687        $this->assertEmpty( $user->user_activation_key );
     688    }
    657689}
  • tags/4.0.1/tests/phpunit/tests/xmlrpc/wp/uploadFile.php

    r46222 r46222  
    5656    }
    5757
    58     /**
    59      * @ticket 11946
    60      */
    61     function test_valid_mime() {
    62         $this->make_user_by_role( 'editor' );
    63 
    64         // create attachment
    65         $filename = ( DIR_TESTDATA . '/images/test-image-mime-jpg.png' );
    66         $contents = file_get_contents( $filename );
    67         $data = array(
    68             'name' => 'test-image-mime-jpg.png',
    69             'type' => 'image/png',
    70             'bits' => $contents
    71         );
    72 
    73         $result = $this->myxmlrpcserver->mw_newMediaObject( array( 0, 'editor', 'editor', $data ) );
    74 
    75         $this->assertNotInstanceOf( 'IXR_Error', $result );
    76 
    77         $this->assertEquals( 'image/jpeg', $result['type'] );
    78     }
    7958}
Note: See TracChangeset for help on using the changeset viewer.