- Version 3.8.4 +
Version 3.8.5
- Semantic Personal Publishing Platform
diff -uNrp wordpress-3.8.4/wp-admin/about.php wordpress-3.8.5/wp-admin/about.php --- wordpress-3.8.4/wp-admin/about.php 2014-08-06 11:27:27.000000000 -0700 +++ wordpress-3.8.5/wp-admin/about.php 2014-11-20 08:26:19.000000000 -0800 @@ -41,6 +41,10 @@ include( ABSPATH . 'wp-admin/admin-headeVersion %1$s addressed a security issue.', + 'Version %1$s addressed some security issues.', 8 ), '3.8.5', number_format_i18n( 8 ) ); ?> + the release notes.' ), 'http://codex.wordpress.org/Version_3.8.5' ); ?> +
+Version %1$s addressed a security issue.', 'Version %1$s addressed some security issues.', 5 ), '3.8.4', number_format_i18n( 5 ) ); ?> the release notes.' ), 'http://codex.wordpress.org/Version_3.8.4' ); ?>
diff -uNrp wordpress-3.8.4/wp-admin/includes/image.php wordpress-3.8.5/wp-admin/includes/image.php --- wordpress-3.8.4/wp-admin/includes/image.php 2013-10-30 07:39:10.000000000 -0700 +++ wordpress-3.8.5/wp-admin/includes/image.php 2014-11-20 07:59:10.000000000 -0800 @@ -316,6 +316,12 @@ function wp_read_image_metadata( $file ) $meta[ $key ] = utf8_encode( $meta[ $key ] ); } + foreach ( $meta as &$value ) { + if ( is_string( $value ) ) { + $value = wp_kses_post( $value ); + } + } + return apply_filters( 'wp_read_image_metadata', $meta, $file, $sourceImageType ); } diff -uNrp wordpress-3.8.4/wp-admin/press-this.php wordpress-3.8.5/wp-admin/press-this.php --- wordpress-3.8.4/wp-admin/press-this.php 2013-12-09 11:23:10.000000000 -0800 +++ wordpress-3.8.5/wp-admin/press-this.php 2014-11-20 06:00:10.000000000 -0800 @@ -65,7 +65,7 @@ function press_it() { // error handling for media_sideload if ( is_wp_error($upload) ) { wp_delete_post($post_ID); - wp_die($upload); + wp_die( esc_html( $upload->get_error_message() ) ); } else { // Post formats if ( isset( $_POST['post_format'] ) ) { diff -uNrp wordpress-3.8.4/wp-includes/class-phpass.php wordpress-3.8.5/wp-includes/class-phpass.php --- wordpress-3.8.4/wp-includes/class-phpass.php 2013-06-20 18:21:12.000000000 -0700 +++ wordpress-3.8.5/wp-includes/class-phpass.php 2014-11-20 08:07:10.000000000 -0800 @@ -214,6 +214,10 @@ class PasswordHash { function HashPassword($password) { + if ( strlen( $password ) > 4096 ) { + return '*'; + } + $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { @@ -249,6 +253,10 @@ class PasswordHash { function CheckPassword($password, $stored_hash) { + if ( strlen( $password ) > 4096 ) { + return false; + } + $hash = $this->crypt_private($password, $stored_hash); if ($hash[0] == '*') $hash = crypt($password, $stored_hash); diff -uNrp wordpress-3.8.4/wp-includes/formatting.php wordpress-3.8.5/wp-includes/formatting.php --- wordpress-3.8.4/wp-includes/formatting.php 2013-12-11 11:49:11.000000000 -0800 +++ wordpress-3.8.5/wp-includes/formatting.php 2014-11-20 06:37:10.000000000 -0800 @@ -121,7 +121,14 @@ function wptexturize($text) { $no_texturize_tags_stack = array(); $no_texturize_shortcodes_stack = array(); - $textarr = preg_split('/(<.*>|\[.*\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE); + // Look for shortcodes and HTML elements. + + $shortcode_regex = + '\[' // Find start of shortcode. + . '[^\[\]<>]++' // Shortcodes do not contain other shortcodes. Possessive critical. + . '\]'; // Find end of shortcode. + + $textarr = preg_split("/(<[^>]*>|$shortcode_regex)/s", $text, -1, PREG_SPLIT_DELIM_CAPTURE); foreach ( $textarr as &$curl ) { if ( empty( $curl ) ) @@ -131,7 +138,7 @@ function wptexturize($text) { $first = $curl[0]; if ( '<' === $first ) { _wptexturize_pushpop_element($curl, $no_texturize_tags_stack, $no_texturize_tags, '<', '>'); - } elseif ( '[' === $first ) { + } elseif ( '[' === $first && 1 === preg_match( '/^' . $shortcode_regex . '$/', $curl ) ) { _wptexturize_pushpop_element($curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']'); } elseif ( empty($no_texturize_shortcodes_stack) && empty($no_texturize_tags_stack) ) { // This is not a tag, nor is the texturization disabled static strings @@ -172,6 +179,8 @@ function _wptexturize_pushpop_element($t array_push($stack, $matches[1]); } + } elseif ( 0 == count( $stack ) ) { + // Stack is empty. Just stop. } else { // Closing? Check $text+2 against disabled elements $c = preg_quote($closing, '/'); diff -uNrp wordpress-3.8.4/wp-includes/http.php wordpress-3.8.5/wp-includes/http.php --- wordpress-3.8.4/wp-includes/http.php 2013-11-12 19:23:10.000000000 -0800 +++ wordpress-3.8.5/wp-includes/http.php 2014-11-20 06:02:23.000000000 -0800 @@ -451,8 +451,9 @@ function send_origin_headers() { * @return mixed URL or false on failure. */ function wp_http_validate_url( $url ) { + $original_url = $url; $url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) ); - if ( ! $url ) + if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) ) return false; $parsed_url = @parse_url( $url ); @@ -462,7 +463,7 @@ function wp_http_validate_url( $url ) { if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) ) return false; - if ( false !== strpos( $parsed_url['host'], ':' ) ) + if ( false !== strpbrk( $parsed_url['host'], ':#?[]' ) ) return false; $parsed_home = @parse_url( get_option( 'home' ) ); @@ -480,8 +481,7 @@ function wp_http_validate_url( $url ) { } if ( $ip ) { $parts = array_map( 'intval', explode( '.', $ip ) ); - if ( '127.0.0.1' === $ip - || ( 10 === $parts[0] ) + if ( 127 === $parts[0] || 10 === $parts[0] || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) || ( 192 === $parts[0] && 168 === $parts[1] ) ) { diff -uNrp wordpress-3.8.4/wp-includes/kses.php wordpress-3.8.5/wp-includes/kses.php --- wordpress-3.8.4/wp-includes/kses.php 2013-11-27 14:32:09.000000000 -0800 +++ wordpress-3.8.5/wp-includes/kses.php 2014-11-20 05:16:52.000000000 -0800 @@ -1407,7 +1407,7 @@ function safecss_filter_attr( $css, $dep $css = wp_kses_no_null($css); $css = str_replace(array("\n","\r","\t"), '', $css); - if ( preg_match( '%[\\(&=}]|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments + if ( preg_match( '%[\\\\(&=}]|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments return ''; $css_array = explode( ';', trim( $css ) ); diff -uNrp wordpress-3.8.4/wp-includes/pluggable.php wordpress-3.8.5/wp-includes/pluggable.php --- wordpress-3.8.4/wp-includes/pluggable.php 2014-08-06 10:58:11.000000000 -0700 +++ wordpress-3.8.5/wp-includes/pluggable.php 2014-11-20 04:05:11.000000000 -0800 @@ -1537,7 +1537,7 @@ function wp_check_password($password, $h // If the hash is still md5... if ( strlen($hash) <= 32 ) { - $check = ( $hash == md5($password) ); + $check = hash_equals( $hash, md5( $password ) ); if ( $check && $user_id ) { // Rehash using new hash. wp_set_password($password, $user_id); diff -uNrp wordpress-3.8.4/wp-includes/user.php wordpress-3.8.5/wp-includes/user.php --- wordpress-3.8.4/wp-includes/user.php 2013-11-30 17:35:10.000000000 -0800 +++ wordpress-3.8.5/wp-includes/user.php 2014-11-20 05:42:25.000000000 -0800 @@ -1409,6 +1409,9 @@ function wp_insert_user( $userdata ) { $data = wp_unslash( $data ); if ( $update ) { + if ( $user_email !== $old_user_data->user_email ) { + $data['user_activation_key'] = ''; + } $wpdb->update( $wpdb->users, $data, compact( 'ID' ) ); $user_id = (int) $ID; } else { diff -uNrp wordpress-3.8.4/wp-includes/version.php wordpress-3.8.5/wp-includes/version.php --- wordpress-3.8.4/wp-includes/version.php 2014-08-06 11:27:27.000000000 -0700 +++ wordpress-3.8.5/wp-includes/version.php 2014-11-20 08:26:19.000000000 -0800 @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '3.8.4'; +$wp_version = '3.8.5'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff -uNrp wordpress-3.8.4/wp-login.php wordpress-3.8.5/wp-login.php --- wordpress-3.8.4/wp-login.php 2014-08-05 23:38:13.000000000 -0700 +++ wordpress-3.8.5/wp-login.php 2014-11-20 04:25:11.000000000 -0800 @@ -524,7 +524,7 @@ case 'retrievepassword' : ?> -