Version %1$s addressed some security issues and fixed %2$s bug.', + 'Version %1$s addressed some security issues and fixed %2$s bugs.', 9 ), '3.8.2', number_format_i18n( 9 ) ); ?> + the release notes.' ), 'http://codex.wordpress.org/Version_3.8.2' ); ?> +

Version %1$s addressed %2$s bug.', 'Version %1$s addressed %2$s bugs.', 31 ), '3.8.1', number_format_i18n( 31 ) ); ?> the release notes.' ), 'http://codex.wordpress.org/Version_3.8.1' ); ?> diff -Nru wordpress-3.8.1+dfsg1/wp-admin/includes/class-wp-posts-list-table.php wordpress-3.8.2+dfsg/wp-admin/includes/class-wp-posts-list-table.php --- wordpress-3.8.1+dfsg1/wp-admin/includes/class-wp-posts-list-table.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-admin/includes/class-wp-posts-list-table.php 2014-04-09 12:29:27.000000000 +0000 @@ -839,7 +839,7 @@

diff -Nru wordpress-3.8.1+dfsg1/wp-admin/includes/class-wp-upgrader.php wordpress-3.8.2+dfsg/wp-admin/includes/class-wp-upgrader.php --- wordpress-3.8.1+dfsg1/wp-admin/includes/class-wp-upgrader.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-admin/includes/class-wp-upgrader.php 2014-04-09 12:29:27.000000000 +0000 @@ -1871,18 +1871,21 @@ if ( ! $this->should_update( $type, $item, $context ) ) return false; + $upgrader_item = $item; switch ( $type ) { case 'core': $skin->feedback( __( 'Updating to WordPress %s' ), $item->version ); $item_name = sprintf( __( 'WordPress %s' ), $item->version ); break; case 'theme': - $theme = wp_get_theme( $item ); + $upgrader_item = $item->theme; + $theme = wp_get_theme( $upgrader_item ); $item_name = $theme->Get( 'Name' ); $skin->feedback( __( 'Updating theme: %s' ), $item_name ); break; case 'plugin': - $plugin_data = get_plugin_data( $context . '/' . $item ); + $upgrader_item = $item->plugin; + $plugin_data = get_plugin_data( $context . '/' . $upgrader_item ); $item_name = $plugin_data['Name']; $skin->feedback( __( 'Updating plugin: %s' ), $item_name ); break; @@ -1894,7 +1897,7 @@ } // Boom, This sites about to get a whole new splash of paint! - $upgrade_result = $upgrader->upgrade( $item, array( + $upgrade_result = $upgrader->upgrade( $upgrader_item, array( 'clear_update_cache' => false, 'pre_check_md5' => false, /* always use partial builds if possible for core updates */ 'attempt_rollback' => true, /* only available for core updates */ @@ -1968,7 +1971,7 @@ wp_update_plugins(); // Check for Plugin updates $plugin_updates = get_site_transient( 'update_plugins' ); if ( $plugin_updates && !empty( $plugin_updates->response ) ) { - foreach ( array_keys( $plugin_updates->response ) as $plugin ) { + foreach ( $plugin_updates->response as $plugin ) { $this->update( 'plugin', $plugin ); } // Force refresh of plugin update information @@ -1979,8 +1982,8 @@ wp_update_themes(); // Check for Theme updates $theme_updates = get_site_transient( 'update_themes' ); if ( $theme_updates && !empty( $theme_updates->response ) ) { - foreach ( array_keys( $theme_updates->response ) as $theme ) { - $this->update( 'theme', $theme ); + foreach ( $theme_updates->response as $theme ) { + $this->update( 'theme', (object) $theme ); } // Force refresh of theme update information wp_clean_themes_cache(); @@ -1995,8 +1998,21 @@ // Clean up, and check for any pending translations // (Core_Upgrader checks for core updates) - wp_update_themes(); // Check for Theme updates - wp_update_plugins(); // Check for Plugin updates + $theme_stats = array(); + if ( isset( $this->update_results['theme'] ) ) { + foreach ( $this->update_results['theme'] as $upgrade ) { + $theme_stats[ $upgrade->item->theme ] = ( true === $upgrade->result ); + } + } + wp_update_themes( $theme_stats ); // Check for Theme updates + + $plugin_stats = array(); + if ( isset( $this->update_results['plugin'] ) ) { + foreach ( $this->update_results['plugin'] as $upgrade ) { + $plugin_stats[ $upgrade->item->plugin ] = ( true === $upgrade->result ); + } + } + wp_update_plugins( $plugin_stats ); // Check for Plugin updates // Finally, Process any new translations $language_updates = wp_get_translation_updates(); diff -Nru wordpress-3.8.1+dfsg1/wp-admin/includes/post.php wordpress-3.8.2+dfsg/wp-admin/includes/post.php --- wordpress-3.8.1+dfsg1/wp-admin/includes/post.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-admin/includes/post.php 2014-04-09 12:29:27.000000000 +0000 @@ -100,6 +100,10 @@ $post_id = false; $previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false; + if ( isset( $post_data['post_status'] ) && 'private' == $post_data['post_status'] && ! current_user_can( $ptype->cap->publish_posts ) ) { + $post_data['post_status'] = $previous_status ? $previous_status : 'pending'; + } + $published_statuses = array( 'publish', 'future' ); // Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published. @@ -111,6 +115,10 @@ if ( ! isset($post_data['post_status']) ) $post_data['post_status'] = $previous_status; + if ( isset( $post_data['post_password'] ) && ! current_user_can( $ptype->cap->publish_posts ) ) { + unset( $post_data['post_password'] ); + } + if (!isset( $post_data['comment_status'] )) $post_data['comment_status'] = 'closed'; @@ -170,6 +178,14 @@ $post_data['post_type'] = $post->post_type; $post_data['post_mime_type'] = $post->post_mime_type; + if ( ! empty( $post_data['post_status'] ) ) { + $post_data['post_status'] = sanitize_key( $post_data['post_status'] ); + + if ( 'inherit' == $post_data['post_status'] ) { + unset( $post_data['post_status'] ); + } + } + $ptype = get_post_type_object($post_data['post_type']); if ( !current_user_can( 'edit_post', $post_ID ) ) { if ( 'page' == $post_data['post_type'] ) @@ -187,9 +203,6 @@ _wp_upgrade_revisions_of_post( $post, wp_get_post_revisions( $post_ID ) ); } - $post_data = _wp_translate_postdata( true, $post_data ); - if ( is_wp_error($post_data) ) - wp_die( $post_data->get_error_message() ); if ( ( empty( $post_data['action'] ) || 'autosave' != $post_data['action'] ) && 'auto-draft' == $post_data['post_status'] ) { $post_data['post_status'] = 'draft'; } @@ -210,6 +223,10 @@ } } + $post_data = _wp_translate_postdata( true, $post_data ); + if ( is_wp_error($post_data) ) + wp_die( $post_data->get_error_message() ); + // Post Formats if ( isset( $post_data['post_format'] ) ) set_post_format( $post_ID, $post_data['post_format'] ); @@ -332,6 +349,14 @@ } unset($post_data['_status']); + if ( ! empty( $post_data['post_status'] ) ) { + $post_data['post_status'] = sanitize_key( $post_data['post_status'] ); + + if ( 'inherit' == $post_data['post_status'] ) { + unset( $post_data['post_status'] ); + } + } + $post_IDs = array_map( 'intval', (array) $post_data['post'] ); $reset = array( @@ -422,11 +447,26 @@ unset( $post_data['tax_input']['category'] ); } + $post_data['post_type'] = $post->post_type; $post_data['post_mime_type'] = $post->post_mime_type; $post_data['guid'] = $post->guid; + foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) { + if ( ! isset( $post_data[ $field ] ) ) { + $post_data[ $field ] = $post->$field; + } + } + $post_data['ID'] = $post_ID; - $updated[] = wp_update_post( $post_data ); + $post_data['post_ID'] = $post_ID; + + $translated_post_data = _wp_translate_postdata( true, $post_data ); + if ( is_wp_error( $translated_post_data ) ) { + $skipped[] = $post_ID; + continue; + } + + $updated[] = wp_update_post( $translated_post_data ); if ( isset( $post_data['sticky'] ) && current_user_can( $ptype->cap->edit_others_posts ) ) { if ( 'sticky' == $post_data['sticky'] ) @@ -569,10 +609,6 @@ if ( isset( $_POST['post_ID'] ) ) return edit_post(); - $translated = _wp_translate_postdata( false ); - if ( is_wp_error($translated) ) - return $translated; - if ( isset($_POST['visibility']) ) { switch ( $_POST['visibility'] ) { case 'public' : @@ -589,6 +625,10 @@ } } + $translated = _wp_translate_postdata( false ); + if ( is_wp_error($translated) ) + return $translated; + // Create the post. $post_ID = wp_insert_post( $_POST ); if ( is_wp_error( $post_ID ) ) diff -Nru wordpress-3.8.1+dfsg1/wp-admin/themes.php wordpress-3.8.2+dfsg/wp-admin/themes.php --- wordpress-3.8.1+dfsg1/wp-admin/themes.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-admin/themes.php 2014-04-09 12:29:27.000000000 +0000 @@ -142,7 +142,7 @@ $ct = wp_get_theme(); if ( $ct->errors() && ( ! is_multisite() || current_user_can( 'manage_network_themes' ) ) ) { - echo '

' . sprintf( __( 'ERROR: %s' ), $ct->errors()->get_error_message() ) . '

'; + echo '

' . sprintf( __( 'ERROR: %s' ), $ct->errors()->get_error_message() ) . '

'; } /* @@ -312,9 +312,9 @@

- - - + + +

diff -Nru wordpress-3.8.1+dfsg1/wp-content/plugins/akismet/admin.php wordpress-3.8.2+dfsg/wp-content/plugins/akismet/admin.php --- wordpress-3.8.1+dfsg1/wp-content/plugins/akismet/admin.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-content/plugins/akismet/admin.php 2014-04-09 12:29:27.000000000 +0000 @@ -39,13 +39,20 @@ 'plugins_page_akismet-key-config', 'jetpack_page_akismet-key-config', ) ) ) { - wp_register_style( 'akismet.css', AKISMET_PLUGIN_URL . 'akismet.css', array(), '2.5.9' ); + wp_register_style( 'akismet.css', AKISMET_PLUGIN_URL . 'akismet.css', array(), AKISMET_VERSION ); wp_enqueue_style( 'akismet.css'); - wp_register_script( 'akismet.js', AKISMET_PLUGIN_URL . 'akismet.js', array('jquery'), '2.5.9' ); + wp_register_script( 'akismet.js', AKISMET_PLUGIN_URL . 'akismet.js', array('jquery'), AKISMET_VERSION ); wp_enqueue_script( 'akismet.js' ); wp_localize_script( 'akismet.js', 'WPAkismet', array( - 'comment_author_url_nonce' => wp_create_nonce( 'comment_author_url_nonce' ) + 'comment_author_url_nonce' => wp_create_nonce( 'comment_author_url_nonce' ), + 'strings' => array( + 'Remove this URL' => __( 'Remove this URL' ), + 'Removing...' => __( 'Removing...' ), + 'URL removed' => __( 'URL removed' ), + '(undo)' => __( '(undo)' ), + 'Re-adding...' => __( 'Re-adding...' ), + ) ) ); } } @@ -335,11 +342,7 @@ $path = plugin_basename(__FILE__); echo '

' . _x( 'Spam', 'comments' ) . '

'; global $submenu; - if ( isset( $submenu['edit-comments.php'] ) ) - $link = 'edit-comments.php'; - else - $link = 'edit.php'; - echo '

'; + echo '

'.sprintf( _n( 'Akismet has protected your site from %3$s spam comments.', 'Akismet has protected your site from %3$s spam comments.', $count ), 'http://akismet.com/?return=true', esc_url( add_query_arg( array( 'page' => 'akismet-admin' ), admin_url( isset( $submenu['edit-comments.php'] ) ? 'edit-comments.php' : 'edit.php' ) ) ), number_format_i18n($count) ).'

'; } add_action('activity_box_end', 'akismet_stats'); @@ -546,11 +549,11 @@ global $submenu, $wp_db_version; if ( 8645 < $wp_db_version ) // 2.7 - $link = 'edit-comments.php?comment_status=spam'; + $link = add_query_arg( array( 'comment_status' => 'spam' ), admin_url( 'edit-comments.php' ) ); elseif ( isset( $submenu['edit-comments.php'] ) ) - $link = 'edit-comments.php?page=akismet-admin'; + $link = add_query_arg( array( 'page' => 'akismet-admin' ), admin_url( 'edit-comments.php' ) ); else - $link = 'edit.php?page=akismet-admin'; + $link = add_query_arg( array( 'page' => 'akismet-admin' ), admin_url( 'edit.php' ) ); if ( $count = get_option('akismet_spam_count') ) { $intro = sprintf( _n( @@ -581,14 +584,17 @@ // For WP >= 2.5 -function akismet_check_for_spam_button($comment_status) { +function akismet_check_for_spam_button( $comment_status ) { if ( 'approved' == $comment_status ) return; + if ( function_exists('plugins_url') ) - $link = 'admin.php?action=akismet_recheck_queue'; + $link = add_query_arg( array( 'action' => 'akismet_recheck_queue' ), admin_url( 'admin.php' ) ); else - $link = 'edit-comments.php?page=akismet-admin&recheckqueue=true&noheader=true'; - echo "

" . __('Check for Spam') . ""; + $link = add_query_arg( array( 'page' => 'akismet-admin', 'recheckqueue' => 'true', 'noheader' => 'true' ), admin_url( 'edit-comments.php' ) ); + + echo '

' . esc_html__('Check for Spam') . ''; + echo '

'; } add_action('manage_comments_nav', 'akismet_check_for_spam_button'); @@ -771,8 +777,12 @@ if ( ! ( isset( $_GET['recheckqueue'] ) || ( isset( $_REQUEST['action'] ) && 'akismet_recheck_queue' == $_REQUEST['action'] ) ) ) return; - - $moderation = $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE comment_approved = '0'", ARRAY_A ); + + $paginate = ''; + if ( isset( $_POST['limit'] ) && isset( $_POST['offset'] ) ) { + $paginate = $wpdb->prepare( " LIMIT %d OFFSET %d", array( $_POST['limit'], $_POST['offset'] ) ); + } + $moderation = $wpdb->get_results( "SELECT * FROM {$wpdb->comments} WHERE comment_approved = '0'{$paginate}", ARRAY_A ); foreach ( (array) $moderation as $c ) { $c['user_ip'] = $c['comment_author_IP']; $c['user_agent'] = $c['comment_agent']; @@ -780,7 +790,7 @@ $c['blog'] = get_bloginfo('url'); $c['blog_lang'] = get_locale(); $c['blog_charset'] = get_option('blog_charset'); - $c['permalink'] = get_permalink($c['comment_post_ID']); + $c['permalink'] = get_permalink($c['comment_post_ID']); $c['user_role'] = ''; if ( isset( $c['user_ID'] ) ) @@ -815,12 +825,20 @@ delete_comment_meta( $c['comment_ID'], 'akismet_rechecking' ); } - $redirect_to = isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : admin_url( 'edit-comments.php' ); - wp_safe_redirect( $redirect_to ); - exit; + if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) { + wp_send_json( array( + 'processed' => count((array) $moderation), + )); + } + else { + $redirect_to = isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : admin_url( 'edit-comments.php' ); + wp_safe_redirect( $redirect_to ); + exit; + } } add_action('admin_action_akismet_recheck_queue', 'akismet_recheck_queue'); +add_action('wp_ajax_akismet_recheck_queue', 'akismet_recheck_queue'); // Adds an 'x' link next to author URLs, clicking will remove the author URL and show an undo link function akismet_remove_comment_author_url() { diff -Nru wordpress-3.8.1+dfsg1/wp-content/plugins/akismet/akismet.css wordpress-3.8.2+dfsg/wp-content/plugins/akismet/akismet.css --- wordpress-3.8.1+dfsg1/wp-content/plugins/akismet/akismet.css 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-content/plugins/akismet/akismet.css 2014-04-09 12:29:27.000000000 +0000 @@ -1 +1 @@ -#submitted-on{position:relative}#the-comment-list .author .akismet-user-comment-count{display:inline}#the-comment-list .author a span{text-decoration:none;color:#999}#the-comment-list .remove_url{margin-left:3px;color:#999;padding:2px 3px 2px 0}#the-comment-list .remove_url:hover{color:#A7301F;font-weight:bold;padding:2px 2px 2px 0}#dashboard_recent_comments .akismet-status{display:none}.akismet-status{float:right}.akismet-status a{color:#AAA;font-style:italic}span.comment-link a{text-decoration:underline}span.comment-link:after{content:" "attr(title) " ";color:#aaa;text-decoration:none}.mshot-arrow{width:0;height:0;border-top:10px solid transparent;border-bottom:10px solid transparent;border-right:10px solid #5C5C5C;position:absolute;left:-6px;top:91px}.mshot-container{background:#5C5C5C;position:absolute;top:-94px;padding:7px;width:450px;height:338px;z-index:20000;-moz-border-radius:6px;border-radius:6px;-webkit-border-radius:6px}h2.ak-header{padding-left:38px;background:url('img/logo.png') no-repeat 0 9px;margin-bottom:14px;line-height:32px}.key-status{padding:0.4em 1em;color:#fff;font-weight:bold;text-align:center;-webkit-border-radius:3px;border-radius:3px;border-width:1px;border-style:solid;max-width:23.3em}input#key{width:25.3em !important}input#key.valid{border-color:#4F800D}input#key.invalid,input#key.failed{border-color:#888}.key-status.under-input{margin-top:-5px;padding-bottom:0px}.key-status.invalid,.key-status.failed{background-color:#888}.key-status.valid{background-color:#4F800D}.key-status.some{background-color:#993300}.key-status.empty{display:none}table.network-status th,table.network-status td{padding:0.4em;margin:0;text-align:center}table.network-status{border-color:#dfdfdf;border-width:0 0 1px 1px;border-style:solid;border-spacing:0;width:25.6em}table.network-status th,table.network-status td{border-color:#dfdfdf;border-width:1px 1px 0 0;border-style:solid;margin:0;border-spacing:0}table.network-status td.key-status{border-radius:0px;-webkit-border-radius:0px} \ No newline at end of file +#submitted-on{position:relative}#the-comment-list .author .akismet-user-comment-count{display:inline}#the-comment-list .author a span{text-decoration:none;color:#999}#the-comment-list .remove_url{margin-left:3px;color:#999;padding:2px 3px 2px 0}#the-comment-list .remove_url:hover{color:#A7301F;font-weight:bold;padding:2px 2px 2px 0}#dashboard_recent_comments .akismet-status{display:none}.akismet-status{float:right}.akismet-status a{color:#AAA;font-style:italic}span.comment-link a{text-decoration:underline}span.comment-link:after{content:" "attr(title) " ";color:#aaa;text-decoration:none}.mshot-arrow{width:0;height:0;border-top:10px solid transparent;border-bottom:10px solid transparent;border-right:10px solid #5C5C5C;position:absolute;left:-6px;top:91px}.mshot-container{background:#5C5C5C;position:absolute;top:-94px;padding:7px;width:450px;height:338px;z-index:20000;-moz-border-radius:6px;border-radius:6px;-webkit-border-radius:6px}h2.ak-header{padding-left:38px;background:url('img/logo.png') no-repeat 0 9px;margin-bottom:14px;line-height:32px}.key-status{padding:0.4em 1em;color:#fff;font-weight:bold;text-align:center;-webkit-border-radius:3px;border-radius:3px;border-width:1px;border-style:solid;max-width:23.3em}input#key{width:25.3em !important}input#key.valid{border-color:#4F800D}input#key.invalid,input#key.failed{border-color:#888}.key-status.under-input{margin-top:-5px;padding-bottom:0px}.key-status.invalid,.key-status.failed{background-color:#888}.key-status.valid{background-color:#4F800D}.key-status.some{background-color:#993300}.key-status.empty{display:none}table.network-status th,table.network-status td{padding:0.4em;margin:0;text-align:center}table.network-status{border-color:#dfdfdf;border-width:0 0 1px 1px;border-style:solid;border-spacing:0;width:25.6em}table.network-status th,table.network-status td{border-color:#dfdfdf;border-width:1px 1px 0 0;border-style:solid;margin:0;border-spacing:0}table.network-status td.key-status{border-radius:0px;-webkit-border-radius:0px}.checkforspam{display:inline-block !important;}.checkforspam-spinner{display:none;margin-top:10px;} \ No newline at end of file diff -Nru wordpress-3.8.1+dfsg1/wp-content/plugins/akismet/akismet.js wordpress-3.8.2+dfsg/wp-content/plugins/akismet/akismet.js --- wordpress-3.8.1+dfsg1/wp-content/plugins/akismet/akismet.js 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-content/plugins/akismet/akismet.js 2014-04-09 12:29:27.000000000 +0000 @@ -1,114 +1,154 @@ -jQuery(document).ready(function () { - jQuery( '.switch-have-key' ).click( function() { - var no_key = jQuery( this ).parents().find('div.no-key'); - var have_key = jQuery( this ).parents().find('div.have-key'); +jQuery( function ( $ ) { + $( '.switch-have-key' ).click( function() { + var no_key = $( this ).parents().find('div.no-key'); + var have_key = $( this ).parents().find('div.have-key'); no_key.addClass( 'hidden' ); have_key.removeClass( 'hidden' ); return false; }); - jQuery( 'p.need-key a' ).click( function(){ + $( 'p.need-key a' ).click( function(){ document.akismet_activate.submit(); }); - jQuery('.akismet-status').each(function () { - var thisId = jQuery(this).attr('commentid'); - jQuery(this).prependTo('#comment-' + thisId + ' .column-comment div:first-child'); - }); - jQuery('.akismet-user-comment-count').each(function () { - var thisId = jQuery(this).attr('commentid'); - jQuery(this).insertAfter('#comment-' + thisId + ' .author strong:first').show(); - }); - jQuery('#the-comment-list tr.comment .column-author a[title ^= "http://"]').each(function () { - var thisTitle = jQuery(this).attr('title'); - thisCommentId = jQuery(this).parents('tr:first').attr('id').split("-"); + $('.akismet-status').each(function () { + var thisId = $(this).attr('commentid'); + $(this).prependTo('#comment-' + thisId + ' .column-comment div:first-child'); + }); + $('.akismet-user-comment-count').each(function () { + var thisId = $(this).attr('commentid'); + $(this).insertAfter('#comment-' + thisId + ' .author strong:first').show(); + }); + $('#the-comment-list').find('tr.comment, tr[id ^= "comment-"]').find('.column-author a[title ^= "http://"]').each(function () { + var thisTitle = $(this).attr('title'); + thisCommentId = $(this).parents('tr:first').attr('id').split("-"); - jQuery(this).attr("id", "author_comment_url_"+ thisCommentId[1]); + $(this).attr("id", "author_comment_url_"+ thisCommentId[1]); if (thisTitle) { - jQuery(this).after(' x'); + $(this).after( + $( 'x' ) + .attr( 'commentid', thisCommentId[1] ) + .attr( 'title', WPAkismet.strings['Remove this URL'] ) + ); } }); - jQuery('.remove_url').live('click', function () { - var thisId = jQuery(this).attr('commentid'); + $('.remove_url').live('click', function () { + var thisId = $(this).attr('commentid'); var data = { action: 'comment_author_deurl', _wpnonce: WPAkismet.comment_author_url_nonce, id: thisId }; - jQuery.ajax({ + $.ajax({ url: ajaxurl, type: 'POST', data: data, beforeSend: function () { // Removes "x" link - jQuery("a[commentid='"+ thisId +"']").hide(); + $("a[commentid='"+ thisId +"']").hide(); // Show temp status - jQuery("#author_comment_url_"+ thisId).html('Removing...'); + $("#author_comment_url_"+ thisId).html( $( '' ).text( WPAkismet.strings['Removing...'] ) ); }, success: function (response) { if (response) { // Show status/undo link - jQuery("#author_comment_url_"+ thisId).attr('cid', thisId).addClass('akismet_undo_link_removal').html('URL removed (undo)'); - } + $("#author_comment_url_"+ thisId) + .attr('cid', thisId) + .addClass('akismet_undo_link_removal') + .html( + $( '' ).text( WPAkismet.strings['URL removed'] ) + ) + .append( ' ' ) + .append( + $( '' ) + .text( WPAkismet.strings['(undo)'] ) + .addClass( 'akismet-span-link' ) + ); + } } }); return false; }); - jQuery('.akismet_undo_link_removal').live('click', function () { - var thisId = jQuery(this).attr('cid'); - var thisUrl = jQuery(this).attr('href').replace("http://www.", "").replace("http://", ""); + $('.akismet_undo_link_removal').live('click', function () { + var thisId = $(this).attr('cid'); + var thisUrl = $(this).attr('href').replace("http://www.", "").replace("http://", ""); var data = { action: 'comment_author_reurl', _wpnonce: WPAkismet.comment_author_url_nonce, id: thisId, url: thisUrl }; - jQuery.ajax({ + $.ajax({ url: ajaxurl, type: 'POST', data: data, beforeSend: function () { // Show temp status - jQuery("#author_comment_url_"+ thisId).html('Re-adding…'); + $("#author_comment_url_"+ thisId).html( $( '' ).text( WPAkismet.strings['Re-adding...'] ) ); }, success: function (response) { if (response) { // Add "x" link - jQuery("a[commentid='"+ thisId +"']").show(); + $("a[commentid='"+ thisId +"']").show(); // Show link - jQuery("#author_comment_url_"+ thisId).removeClass('akismet_undo_link_removal').html(thisUrl); + $("#author_comment_url_"+ thisId).removeClass('akismet_undo_link_removal').html(thisUrl); } } }); return false; }); - jQuery('a[id^="author_comment_url"]').mouseover(function () { + $('a[id^="author_comment_url"], tr.pingback td.column-author a:first-of-type').mouseover(function () { var wpcomProtocol = ( 'https:' === location.protocol ) ? 'https://' : 'http://'; // Need to determine size of author column - var thisParentWidth = jQuery(this).parent().width(); + var thisParentWidth = $(this).parent().width(); // It changes based on if there is a gravatar present - thisParentWidth = (jQuery(this).parent().find('.grav-hijack').length) ? thisParentWidth - 42 + 'px' : thisParentWidth + 'px'; - if (jQuery(this).find('.mShot').length == 0 && !jQuery(this).hasClass('akismet_undo_link_removal')) { - var thisId = jQuery(this).attr('id').replace('author_comment_url_', ''); - jQuery('.widefat td').css('overflow', 'visible'); - jQuery(this).css('position', 'relative'); - var thisHref = jQuery.URLEncode(jQuery(this).attr('href')); - jQuery(this).append('

'); + thisParentWidth = ($(this).parent().find('.grav-hijack').length) ? thisParentWidth - 42 + 'px' : thisParentWidth + 'px'; + if ($(this).find('.mShot').length == 0 && !$(this).hasClass('akismet_undo_link_removal')) { + var self = $( this ); + $('.widefat td').css('overflow', 'visible'); + $(this).css('position', 'relative'); + var thisHref = $.URLEncode( $(this).attr('href') ); + $(this).append('

'); setTimeout(function () { - jQuery('.mshot-image_'+thisId).attr('src', wpcomProtocol+'s0.wordpress.com/mshots/v1/'+thisHref+'?w=450&r=2'); + self.find( '.mshot-image' ).attr('src', '//s0.wordpress.com/mshots/v1/'+thisHref+'?w=450&r=2'); }, 6000); setTimeout(function () { - jQuery('.mshot-image_'+thisId).attr('src', wpcomProtocol+'s0.wordpress.com/mshots/v1/'+thisHref+'?w=450&r=3'); + self.find( '.mshot-image' ).attr('src', '//s0.wordpress.com/mshots/v1/'+thisHref+'?w=450&r=3'); }, 12000); } else { - jQuery(this).find('.mShot').css('left', thisParentWidth).show(); + $(this).find('.mShot').css('left', thisParentWidth).show(); } }).mouseout(function () { - jQuery(this).find('.mShot').hide(); + $(this).find('.mShot').hide(); }); + $('.checkforspam:not(.button-disabled)').click( function(e) { + $('.checkforspam:not(.button-disabled)').addClass('button-disabled'); + $('.checkforspam-spinner').show(); + akismet_check_for_spam(0, 100); + e.preventDefault(); + }); + + function akismet_check_for_spam(offset, limit) { + $.post( + ajaxurl, + { + 'action': 'akismet_recheck_queue', + 'offset': offset, + 'limit': limit + }, + function(result) { + if (result.processed < limit) { + window.location.reload(); + } + else { + akismet_check_for_spam(offset + limit, limit); + } + } + ); + } }); // URL encode plugin jQuery.extend({URLEncode:function(c){var o='';var x=0;c=c.toString();var r=/(^[a-zA-Z0-9_.]*)/; @@ -117,10 +157,3 @@ }else{if(c[x]==' ')o+='+';else{var d=c.charCodeAt(x);var h=d.toString(16); o+='%'+(h.length<2?'0':'')+h.toUpperCase();}x++;}}return o;} }); -// Preload mshot images after everything else has loaded -jQuery(window).load(function() { - var wpcomProtocol = ( 'https:' === location.protocol ) ? 'https://' : 'http://'; - jQuery('a[id^="author_comment_url"]').each(function () { - jQuery.get(wpcomProtocol+'s0.wordpress.com/mshots/v1/'+jQuery.URLEncode(jQuery(this).attr('href'))+'?w=450'); - }); -}); diff -Nru wordpress-3.8.1+dfsg1/wp-content/plugins/akismet/akismet.php wordpress-3.8.2+dfsg/wp-content/plugins/akismet/akismet.php --- wordpress-3.8.1+dfsg1/wp-content/plugins/akismet/akismet.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-content/plugins/akismet/akismet.php 2014-04-09 12:29:27.000000000 +0000 @@ -6,7 +6,7 @@ Plugin Name: Akismet Plugin URI: http://akismet.com/?return=true Description: Used by millions, Akismet is quite possibly the best way in the world to protect your blog from comment and trackback spam. It keeps your site protected from spam even while you sleep. To get started: 1) Click the "Activate" link to the left of this description, 2) Sign up for an Akismet API key, and 3) Go to your Akismet configuration page, and save your API key. -Version: 2.5.9 +Version: 2.6.0 Author: Automattic Author URI: http://automattic.com/wordpress-plugins/ License: GPLv2 or later @@ -34,8 +34,9 @@ exit; } -define('AKISMET_VERSION', '2.5.9'); +define('AKISMET_VERSION', '2.6.0'); define('AKISMET_PLUGIN_URL', plugin_dir_url( __FILE__ )); +define('AKISMET_DELETE_LIMIT', 10000); /** If you hardcode a WP.com API key here, all key config screens will be hidden */ if ( defined('WPCOM_API_KEY') ) @@ -197,17 +198,26 @@ // filter handler used to return a spam result to pre_comment_approved function akismet_result_spam( $approved ) { + static $just_once = false; + if ( $just_once ) + return $approved; + // bump the counter here instead of when the filter is added to reduce the possibility of overcounting if ( $incr = apply_filters('akismet_spam_count_incr', 1) ) update_option( 'akismet_spam_count', get_option('akismet_spam_count') + $incr ); + // this is a one-shot deal - remove_filter( 'pre_comment_approved', 'akismet_result_spam' ); + $just_once = true; return 'spam'; } function akismet_result_hold( $approved ) { + static $just_once = false; + if ( $just_once ) + return $approved; + // once only - remove_filter( 'pre_comment_approved', 'akismet_result_hold' ); + $just_once = true; return '0'; } @@ -321,7 +331,7 @@ global $akismet_api_host, $akismet_api_port, $akismet_last_comment; $comment = $commentdata; - $comment['user_ip'] = $_SERVER['REMOTE_ADDR']; + $comment['user_ip'] = akismet_get_ip_address(); $comment['user_agent'] = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null; $comment['referrer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null; $comment['blog'] = get_option('home'); @@ -422,58 +432,70 @@ add_action('preprocess_comment', 'akismet_auto_check_comment', 1); +function akismet_get_ip_address() { + foreach( array( 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR' ) as $key ) { + if ( array_key_exists( $key, $_SERVER ) === true ) { + foreach ( explode( ',', $_SERVER[$key] ) as $ip ) { + $ip = trim($ip); + + if ( filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false ) { + return $ip; + } + } + } + } + return null; +} + function akismet_delete_old() { global $wpdb; - $now_gmt = current_time('mysql', 1); - $comment_ids = $wpdb->get_col("SELECT comment_id FROM $wpdb->comments WHERE DATE_SUB('$now_gmt', INTERVAL 15 DAY) > comment_date_gmt AND comment_approved = 'spam'"); - if ( empty( $comment_ids ) ) - return; + + while( $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_id FROM {$wpdb->comments} WHERE DATE_SUB(NOW(), INTERVAL 15 DAY) > comment_date_gmt AND comment_approved = 'spam' LIMIT %d", defined( 'AKISMET_DELETE_LIMIT' ) ? AKISMET_DELETE_LIMIT : 10000 ) ) ) { + if ( empty( $comment_ids ) ) + return; - $comma_comment_ids = implode( ', ', array_map('intval', $comment_ids) ); + $wpdb->queries = array(); - do_action( 'delete_comment', $comment_ids ); - $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_id IN ( $comma_comment_ids )"); - $wpdb->query("DELETE FROM $wpdb->commentmeta WHERE comment_id IN ( $comma_comment_ids )"); - clean_comment_cache( $comment_ids ); - $n = mt_rand(1, 5000); - if ( apply_filters('akismet_optimize_table', ($n == 11)) ) // lucky number - $wpdb->query("OPTIMIZE TABLE $wpdb->comments"); + do_action( 'delete_comment', $comment_ids ); + + $comma_comment_ids = implode( ', ', array_map('intval', $comment_ids) ); + + $wpdb->query("DELETE FROM {$wpdb->comments} WHERE comment_id IN ( $comma_comment_ids )"); + $wpdb->query("DELETE FROM {$wpdb->commentmeta} WHERE comment_id IN ( $comma_comment_ids )"); + + clean_comment_cache( $comment_ids ); + } + if ( apply_filters( 'akismet_optimize_table', ( mt_rand(1, 5000) == 11) ) ) // lucky number + $wpdb->query("OPTIMIZE TABLE {$wpdb->comments}"); } function akismet_delete_old_metadata() { global $wpdb; - $now_gmt = current_time( 'mysql', 1 ); $interval = apply_filters( 'akismet_delete_commentmeta_interval', 15 ); # enfore a minimum of 1 day $interval = absint( $interval ); - if ( $interval < 1 ) { - return; - } + if ( $interval < 1 ) + $interval = 1; // akismet_as_submitted meta values are large, so expire them // after $interval days regardless of the comment status - while ( TRUE ) { - $comment_ids = $wpdb->get_col( "SELECT $wpdb->comments.comment_id FROM $wpdb->commentmeta INNER JOIN $wpdb->comments USING(comment_id) WHERE meta_key = 'akismet_as_submitted' AND DATE_SUB('$now_gmt', INTERVAL {$interval} DAY) > comment_date_gmt LIMIT 10000" ); - - if ( empty( $comment_ids ) ) { - return; - } - + while ( $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT m.comment_id FROM {$wpdb->commentmeta} as m INNER JOIN {$wpdb->comments} as c USING(comment_id) WHERE m.meta_key = 'akismet_as_submitted' AND DATE_SUB(NOW(), INTERVAL %d DAY) > c.comment_date_gmt LIMIT 10000", $interval ) ) ) { + if ( empty( $comment_ids ) ) + return; + + $wpdb->queries = array(); + foreach ( $comment_ids as $comment_id ) { delete_comment_meta( $comment_id, 'akismet_as_submitted' ); } } - - /* - $n = mt_rand( 1, 5000 ); - if ( apply_filters( 'akismet_optimize_table', ( $n == 11 ), 'commentmeta' ) ) { // lucky number - $wpdb->query( "OPTIMIZE TABLE $wpdb->commentmeta" ); - } - */ -} + + if ( apply_filters( 'akismet_optimize_table', ( mt_rand(1, 5000) == 11) ) ) // lucky number + $wpdb->query("OPTIMIZE TABLE {$wpdb->comments}"); +} add_action('akismet_scheduled_delete', 'akismet_delete_old'); add_action('akismet_scheduled_delete', 'akismet_delete_old_metadata'); @@ -588,6 +610,71 @@ if ( $akismet_comment_nonce_option == 'true' || $akismet_comment_nonce_option == '' ) add_action( 'comment_form', 'akismet_add_comment_nonce' ); +function akismet_pingback_forwarded_for( $r, $url ) { + static $urls = array(); + + // Call this with $r == null to prime the callback to add headers on a specific URL + if ( is_null( $r ) && !in_array( $url, $urls ) ) { + $urls[] = $url; + } + + // Add X-Pingback-Forwarded-For header, but only for requests to a specific URL (the apparent pingback source) + if ( is_array( $r ) && is_array( $r['headers'] ) && !isset( $r['headers']['X-Pingback-Forwarded-For'] ) && in_array( $url, $urls ) ) { + $remote_ip = preg_replace( '/[^a-fx0-9:.,]/i', '', $_SERVER['REMOTE_ADDR'] ); + + // Note: this assumes REMOTE_ADDR is correct, and it may not be if a reverse proxy or CDN is in use + $r['headers']['X-Pingback-Forwarded-For'] = $remote_ip; + + // Also identify the request as a pingback verification in the UA string so it appears in logs + $r['user-agent'] .= '; verifying pingback from ' . $remote_ip; + } + + return $r; +} + +function akismet_pre_check_pingback( $method ) { + + if ( $method !== 'pingback.ping' ) + return; + + global $wp_xmlrpc_server; + + if ( !is_object( $wp_xmlrpc_server ) ) + return false; + + // Lame: tightly coupled with the IXR class. + $args = $wp_xmlrpc_server->message->params; + + if ( !empty( $args[1] ) ) { + $post_id = url_to_postid( $args[1] ); + + // If this gets through the pre-check, make sure we properly identify the outbound request as a pingback verification + akismet_pingback_forwarded_for( null, $args[0] ); + add_filter( 'http_request_args', 'akismet_pingback_forwarded_for', 10, 2 ); + + $comment = array( + 'comment_author_url' => $args[0], + 'comment_post_ID' => $post_id, + 'comment_author' => '', + 'comment_author_email' => '', + 'comment_content' => '', + 'comment_type' => 'pingback', + 'akismet_pre_check' => '1', + 'comment_pingback_target' => $args[1], + ); + + $comment = akismet_auto_check_comment( $comment ); + + if ( isset( $comment['akismet_result'] ) && 'true' == $comment['akismet_result'] ) { + // Lame: tightly coupled with the IXR classes. Unfortunately the action provides no context and no way to return anything. + $wp_xmlrpc_server->error( new IXR_Error( 0, 'Invalid discovery target' ) ); + } + } +} + +// Run this early in the pingback call, before doing a remote fetch of the source uri +add_action( 'xmlrpc_call', 'akismet_pre_check_pingback' ); + global $wp_version; if ( '3.0.5' == $wp_version ) { remove_filter( 'comment_text', 'wp_kses_data' ); diff -Nru wordpress-3.8.1+dfsg1/wp-content/plugins/akismet/readme.txt wordpress-3.8.2+dfsg/wp-content/plugins/akismet/readme.txt --- wordpress-3.8.1+dfsg1/wp-content/plugins/akismet/readme.txt 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-content/plugins/akismet/readme.txt 2014-04-09 12:29:27.000000000 +0000 @@ -2,8 +2,8 @@ Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, eoigal, automattic Tags: akismet, comments, spam Requires at least: 3.0 -Tested up to: 3.6 -Stable tag: 2.5.9 +Tested up to: 3.8.1 +Stable tag: 2.6.0 License: GPLv2 or later Akismet checks your comments against the Akismet web service to see if they look like spam or not. @@ -31,6 +31,14 @@ == Changelog == += 2.6.0 = +* Add ajax paging to the check for spam button to handle large volumes of comments +* Optimize javascript and add localization support +* Fix bug in link to spam comments from right now dashboard widget +* Fix bug with deleting old comments to avoid timeouts dealing with large volumes of comments +* Include X-Pingback-Forwarded-For header in outbound WordPress pingback verifications +* Add pre-check for pingbacks, to stop spam before an outbound verification request is made + = 2.5.9 = * Update 'Already have a key' link to redirect page rather than depend on javascript * Fix some non-translatable strings to be translatable diff -Nru wordpress-3.8.1+dfsg1/wp-content/themes/twentyfourteen/languages/twentyfourteen.pot wordpress-3.8.2+dfsg/wp-content/themes/twentyfourteen/languages/twentyfourteen.pot --- wordpress-3.8.1+dfsg1/wp-content/themes/twentyfourteen/languages/twentyfourteen.pot 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-content/themes/twentyfourteen/languages/twentyfourteen.pot 2014-04-09 12:29:27.000000000 +0000 @@ -1,14 +1,14 @@ -# Copyright (C) 2013 the WordPress team +# Copyright (C) 2014 the WordPress team # This file is distributed under the GNU General Public License v2 or later. msgid "" msgstr "" "Project-Id-Version: Twenty Fourteen 1.0\n" "Report-Msgid-Bugs-To: http://wordpress.org/tags/twentyfourteen\n" -"POT-Creation-Date: 2013-12-12 05:25:07+00:00\n" +"POT-Creation-Date: 2014-03-18 19:16:26+00:00\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"PO-Revision-Date: 2013-MO-DA HO:MI+ZONE\n" +"PO-Revision-Date: 2014-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" diff -Nru wordpress-3.8.1+dfsg1/wp-content/themes/twentythirteen/languages/twentythirteen.pot wordpress-3.8.2+dfsg/wp-content/themes/twentythirteen/languages/twentythirteen.pot --- wordpress-3.8.1+dfsg1/wp-content/themes/twentythirteen/languages/twentythirteen.pot 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-content/themes/twentythirteen/languages/twentythirteen.pot 2014-04-09 12:29:27.000000000 +0000 @@ -1,14 +1,14 @@ -# Copyright (C) 2013 the WordPress team +# Copyright (C) 2014 the WordPress team # This file is distributed under the GNU General Public License v2 or later. msgid "" msgstr "" "Project-Id-Version: Twenty Thirteen 1.1\n" "Report-Msgid-Bugs-To: http://wordpress.org/tags/twentythirteen\n" -"POT-Creation-Date: 2013-10-24 20:32:06+00:00\n" +"POT-Creation-Date: 2014-03-18 19:16:26+00:00\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"PO-Revision-Date: 2013-MO-DA HO:MI+ZONE\n" +"PO-Revision-Date: 2014-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" diff -Nru wordpress-3.8.1+dfsg1/wp-content/themes/twentytwelve/languages/twentytwelve.pot wordpress-3.8.2+dfsg/wp-content/themes/twentytwelve/languages/twentytwelve.pot --- wordpress-3.8.1+dfsg1/wp-content/themes/twentytwelve/languages/twentytwelve.pot 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-content/themes/twentytwelve/languages/twentytwelve.pot 2014-04-09 12:29:27.000000000 +0000 @@ -1,14 +1,14 @@ -# Copyright (C) 2013 the WordPress team +# Copyright (C) 2014 the WordPress team # This file is distributed under the GNU General Public License v2 or later. msgid "" msgstr "" "Project-Id-Version: Twenty Twelve 1.3\n" "Report-Msgid-Bugs-To: http://wordpress.org/tags/twentytwelve\n" -"POT-Creation-Date: 2013-10-24 20:32:05+00:00\n" +"POT-Creation-Date: 2014-03-18 19:16:25+00:00\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"PO-Revision-Date: 2013-MO-DA HO:MI+ZONE\n" +"PO-Revision-Date: 2014-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" diff -Nru wordpress-3.8.1+dfsg1/wp-includes/bookmark.php wordpress-3.8.2+dfsg/wp-includes/bookmark.php --- wordpress-3.8.1+dfsg1/wp-includes/bookmark.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-includes/bookmark.php 2014-04-09 12:29:27.000000000 +0000 @@ -226,8 +226,8 @@ $join = " INNER JOIN $wpdb->term_relationships AS tr ON ($wpdb->links.link_id = tr.object_id) INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_taxonomy_id = tr.term_taxonomy_id"; } - if ( $show_updated && get_option('links_recently_updated_time') ) { - $recently_updated_test = ", IF (DATE_ADD(link_updated, INTERVAL " . get_option('links_recently_updated_time') . " MINUTE) >= NOW(), 1,0) as recently_updated "; + if ( $show_updated ) { + $recently_updated_test = ", IF (DATE_ADD(link_updated, INTERVAL 120 MINUTE) >= NOW(), 1,0) as recently_updated "; } else { $recently_updated_test = ''; } diff -Nru wordpress-3.8.1+dfsg1/wp-includes/class-wp-xmlrpc-server.php wordpress-3.8.2+dfsg/wp-includes/class-wp-xmlrpc-server.php --- wordpress-3.8.1+dfsg1/wp-includes/class-wp-xmlrpc-server.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-includes/class-wp-xmlrpc-server.php 2014-04-09 12:29:27.000000000 +0000 @@ -5390,11 +5390,18 @@ // very stupid, but gives time to the 'from' server to publish ! sleep(1); + $remote_ip = preg_replace( '/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR'] ); + $user_agent = apply_filters( 'http_headers_useragent', 'WordPress/' . $GLOBALS['wp_version'] . '; ' . get_bloginfo( 'url' ) ); + // Let's check the remote site $http_api_args = array( 'timeout' => 10, 'redirection' => 0, 'limit_response_size' => 153600, // 150 KB + 'user-agent' => "$user_agent; verifying pingback from $remote_ip", + 'headers' => array( + 'X-Pingback-Forwarded-For' => $remote_ip, + ), ); $linea = wp_remote_retrieve_body( wp_safe_remote_get( $pagelinkedfrom, $http_api_args ) ); Binary files /tmp/JwncEXjCou/wordpress-3.8.1+dfsg1/wp-includes/js/plupload/plupload.silverlight.xap and /tmp/opUethdStd/wordpress-3.8.2+dfsg/wp-includes/js/plupload/plupload.silverlight.xap differ diff -Nru wordpress-3.8.1+dfsg1/wp-includes/pluggable.php wordpress-3.8.2+dfsg/wp-includes/pluggable.php --- wordpress-3.8.1+dfsg1/wp-includes/pluggable.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-includes/pluggable.php 2014-04-09 12:29:27.000000000 +0000 @@ -543,7 +543,7 @@ $key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme); $hash = hash_hmac('md5', $username . '|' . $expiration, $key); - if ( $hmac != $hash ) { + if ( hash_hmac( 'md5', $hmac, $key ) !== hash_hmac( 'md5', $hash, $key ) ) { do_action('auth_cookie_bad_hash', $cookie_elements); return false; } diff -Nru wordpress-3.8.1+dfsg1/wp-includes/post-template.php wordpress-3.8.2+dfsg/wp-includes/post-template.php --- wordpress-3.8.1+dfsg1/wp-includes/post-template.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-includes/post-template.php 2014-04-09 12:29:27.000000000 +0000 @@ -1248,8 +1248,7 @@ $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); $output = ' +

' . __( 'Password:' ) . '

'; return apply_filters( 'the_password_form', $output ); } @@ -1443,3 +1442,22 @@ echo $rows; echo ""; } + +/** + * Dashboard CSS fixes for 3.8.2. + * + * This function cheaply fixes #WP27082 and #WP26910 in lieu of + * changing the massive wp-admin.css file in a point release. + * This lucky includes file was already receiving an update. + * + * @since 3.8.2 + * @access private + */ +function wp_382_css_hotfix() { + echo ' +'; +} +add_action( 'admin_print_styles', 'wp_382_css_hotfix', 30 ); diff -Nru wordpress-3.8.1+dfsg1/wp-includes/query.php wordpress-3.8.2+dfsg/wp-includes/query.php --- wordpress-3.8.1+dfsg1/wp-includes/query.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-includes/query.php 2014-04-09 12:29:27.000000000 +0000 @@ -3273,7 +3273,11 @@ $term = get_term_by( 'slug', $this->get( 'category_name' ), 'category' ); } } elseif ( $this->is_tag ) { - $term = get_term( $this->get( 'tag_id' ), 'post_tag' ); + if ( $this->get( 'tag_id' ) ) { + $term = get_term( $this->get( 'tag_id' ), 'post_tag' ); + } elseif ( $this->get( 'tag' ) ) { + $term = get_term_by( 'slug', $this->get( 'tag' ), 'post_tag' ); + } } else { $tax_query_in_and = wp_list_filter( $this->tax_query->queries, array( 'operator' => 'NOT IN' ), 'NOT' ); $query = reset( $tax_query_in_and ); diff -Nru wordpress-3.8.1+dfsg1/wp-includes/update.php wordpress-3.8.2+dfsg/wp-includes/update.php --- wordpress-3.8.1+dfsg1/wp-includes/update.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-includes/update.php 2014-04-09 12:29:27.000000000 +0000 @@ -168,9 +168,10 @@ * @since 2.3.0 * @uses $wp_version Used to notify the WordPress version. * + * @param array $extra_stats Extra statistics to report to the WordPress.org API. * @return mixed Returns null if update is unsupported. Returns false if check is too soon. */ -function wp_update_plugins() { +function wp_update_plugins( $extra_stats = array() ) { include ABSPATH . WPINC . '/version.php'; // include an unmodified $wp_version if ( defined('WP_INSTALLING') ) @@ -209,7 +210,7 @@ $time_not_changed = isset( $current->last_checked ) && $timeout > ( time() - $current->last_checked ); - if ( $time_not_changed ) { + if ( $time_not_changed && ! $extra_stats ) { $plugin_changed = false; foreach ( $plugins as $file => $p ) { $new_option->checked[ $file ] = $p['Version']; @@ -258,6 +259,10 @@ 'user-agent' => 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ) ); + if ( $extra_stats ) { + $options['body']['update_stats'] = json_encode( $extra_stats ); + } + $url = $http_url = 'http://api.wordpress.org/plugins/update-check/1.1/'; if ( $ssl = wp_http_supports( array( 'ssl' ) ) ) $url = set_url_scheme( $url, 'https' ); @@ -299,9 +304,10 @@ * @since 2.7.0 * @uses $wp_version Used to notify the WordPress version. * + * @param array $extra_stats Extra statistics to report to the WordPress.org API. * @return mixed Returns null if update is unsupported. Returns false if check is too soon. */ -function wp_update_themes() { +function wp_update_themes( $extra_stats = array() ) { include ABSPATH . WPINC . '/version.php'; // include an unmodified $wp_version if ( defined( 'WP_INSTALLING' ) ) @@ -351,7 +357,7 @@ $time_not_changed = isset( $last_update->last_checked ) && $timeout > ( time() - $last_update->last_checked ); - if ( $time_not_changed ) { + if ( $time_not_changed && ! $extra_stats ) { $theme_changed = false; foreach ( $checked as $slug => $v ) { if ( !isset( $last_update->checked[ $slug ] ) || strval($last_update->checked[ $slug ]) !== strval($v) ) @@ -398,6 +404,10 @@ 'user-agent' => 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ) ); + if ( $extra_stats ) { + $options['body']['update_stats'] = json_encode( $extra_stats ); + } + $url = $http_url = 'http://api.wordpress.org/themes/update-check/1.1/'; if ( $ssl = wp_http_supports( array( 'ssl' ) ) ) $url = set_url_scheme( $url, 'https' ); @@ -610,14 +620,14 @@ add_action( 'load-update-core.php', 'wp_update_plugins' ); add_action( 'admin_init', '_maybe_update_plugins' ); add_action( 'wp_update_plugins', 'wp_update_plugins' ); -add_action( 'upgrader_process_complete', 'wp_update_plugins' ); +add_action( 'upgrader_process_complete', 'wp_update_plugins', 10, 0 ); add_action( 'load-themes.php', 'wp_update_themes' ); add_action( 'load-update.php', 'wp_update_themes' ); add_action( 'load-update-core.php', 'wp_update_themes' ); add_action( 'admin_init', '_maybe_update_themes' ); add_action( 'wp_update_themes', 'wp_update_themes' ); -add_action( 'upgrader_process_complete', 'wp_update_themes' ); +add_action( 'upgrader_process_complete', 'wp_update_themes', 10, 0 ); add_action( 'wp_maybe_auto_update', 'wp_maybe_auto_update' ); diff -Nru wordpress-3.8.1+dfsg1/wp-includes/version.php wordpress-3.8.2+dfsg/wp-includes/version.php --- wordpress-3.8.1+dfsg1/wp-includes/version.php 2014-02-08 12:29:35.000000000 +0000 +++ wordpress-3.8.2+dfsg/wp-includes/version.php 2014-04-09 12:29:27.000000000 +0000 @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '3.8.1'; +$wp_version = '3.8.2'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

- Version 3.8.1 + Version 3.8.2

' . _x( 'Spam', 'comments' ) . '

-
Version 3.8.1 +
Version 3.8.2