General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.” With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434). Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase. Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort. Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam. See #48900, #50434. Fixes #50413. Built from https://develop.svn.wordpress.org/trunk@48121 git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
7dbc898342
commit
4b60af1a6a
|
@ -74,7 +74,7 @@ add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' );
|
||||||
add_action( 'admin_head-nav-menus.php', '_wp_delete_orphaned_draft_menu_items' );
|
add_action( 'admin_head-nav-menus.php', '_wp_delete_orphaned_draft_menu_items' );
|
||||||
|
|
||||||
// Plugin hooks.
|
// Plugin hooks.
|
||||||
add_filter( 'whitelist_options', 'option_update_filter' );
|
add_filter( 'allowed_options', 'option_update_filter' );
|
||||||
|
|
||||||
// Plugin Install hooks.
|
// Plugin Install hooks.
|
||||||
add_action( 'install_plugins_featured', 'install_dashboard' );
|
add_action( 'install_plugins_featured', 'install_dashboard' );
|
||||||
|
|
|
@ -47,10 +47,10 @@ class WP_Plugins_List_Table extends WP_List_Table {
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$status_whitelist = array( 'active', 'inactive', 'recently_activated', 'upgrade', 'mustuse', 'dropins', 'search', 'paused', 'auto-update-enabled', 'auto-update-disabled' );
|
$allowed_statuses = array( 'active', 'inactive', 'recently_activated', 'upgrade', 'mustuse', 'dropins', 'search', 'paused', 'auto-update-enabled', 'auto-update-disabled' );
|
||||||
|
|
||||||
$status = 'all';
|
$status = 'all';
|
||||||
if ( isset( $_REQUEST['plugin_status'] ) && in_array( $_REQUEST['plugin_status'], $status_whitelist, true ) ) {
|
if ( isset( $_REQUEST['plugin_status'] ) && in_array( $_REQUEST['plugin_status'], $allowed_statuses, true ) ) {
|
||||||
$status = $_REQUEST['plugin_status'];
|
$status = $_REQUEST['plugin_status'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1776,8 +1776,9 @@ class WP_Site_Health {
|
||||||
/**
|
/**
|
||||||
* Test if HTTP requests are blocked.
|
* Test if HTTP requests are blocked.
|
||||||
*
|
*
|
||||||
* It's possible to block all outgoing communication (with the possibility of whitelisting hosts) via the
|
* It's possible to block all outgoing communication (with the possibility of allowing certain
|
||||||
* HTTP API. This may create problems for users as many features are running as services these days.
|
* hosts) via the HTTP API. This may create problems for users as many features are running as
|
||||||
|
* services these days.
|
||||||
*
|
*
|
||||||
* @since 5.2.0
|
* @since 5.2.0
|
||||||
*
|
*
|
||||||
|
@ -1833,8 +1834,8 @@ class WP_Site_Health {
|
||||||
$result['description'] .= sprintf(
|
$result['description'] .= sprintf(
|
||||||
'<p>%s</p>',
|
'<p>%s</p>',
|
||||||
sprintf(
|
sprintf(
|
||||||
/* translators: 1: Name of the constant used. 2: List of hostnames whitelisted. */
|
/* translators: 1: Name of the constant used. 2: List of allowed hostnames. */
|
||||||
__( 'HTTP requests have been blocked by the %1$s constant, with some hosts whitelisted: %2$s.' ),
|
__( 'HTTP requests have been blocked by the %1$s constant, with some allowed hosts: %2$s.' ),
|
||||||
'<code>WP_HTTP_BLOCK_EXTERNAL</code>',
|
'<code>WP_HTTP_BLOCK_EXTERNAL</code>',
|
||||||
implode( ',', $hosts )
|
implode( ',', $hosts )
|
||||||
)
|
)
|
||||||
|
|
|
@ -159,8 +159,8 @@ function wp_dropdown_cats( $currentcat = 0, $currentparent = 0, $parent = 0, $le
|
||||||
* @deprecated 3.0.0 Use register_setting()
|
* @deprecated 3.0.0 Use register_setting()
|
||||||
* @see register_setting()
|
* @see register_setting()
|
||||||
*
|
*
|
||||||
* @param string $option_group A settings group name. Should correspond to a whitelisted option key name.
|
* @param string $option_group A settings group name. Should correspond to an allowed option key name.
|
||||||
* Default whitelisted option key names include 'general', 'discussion', 'media',
|
* Default allowed option key names include 'general', 'discussion', 'media',
|
||||||
* 'reading', 'writing', 'misc', 'options', and 'privacy'.
|
* 'reading', 'writing', 'misc', 'options', and 'privacy'.
|
||||||
* @param string $option_name The name of an option to sanitize and save.
|
* @param string $option_name The name of an option to sanitize and save.
|
||||||
* @param callable $sanitize_callback A callback function that sanitizes the option's value.
|
* @param callable $sanitize_callback A callback function that sanitizes the option's value.
|
||||||
|
@ -1530,7 +1530,7 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Data_Export_Reque
|
||||||
$args['screen'] = 'export-personal-data';
|
$args['screen'] = 'export-personal-data';
|
||||||
}
|
}
|
||||||
|
|
||||||
parent::__construct( $args );
|
parent::__construct( $args );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2136,12 +2136,12 @@ function user_can_access_admin_page() {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Whitelist functions */
|
/* Allowed list functions */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Refreshes the value of the options whitelist available via the 'whitelist_options' hook.
|
* Refreshes the value of the allowed options list available via the 'allowed_options' hook.
|
||||||
*
|
*
|
||||||
* See the {@see 'whitelist_options'} filter.
|
* See the {@see 'allowed_options'} filter.
|
||||||
*
|
*
|
||||||
* @since 2.7.0
|
* @since 2.7.0
|
||||||
*
|
*
|
||||||
|
@ -2154,77 +2154,77 @@ function option_update_filter( $options ) {
|
||||||
global $new_whitelist_options;
|
global $new_whitelist_options;
|
||||||
|
|
||||||
if ( is_array( $new_whitelist_options ) ) {
|
if ( is_array( $new_whitelist_options ) ) {
|
||||||
$options = add_option_whitelist( $new_whitelist_options, $options );
|
$options = add_option_allowed_list( $new_whitelist_options, $options );
|
||||||
}
|
}
|
||||||
|
|
||||||
return $options;
|
return $options;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Adds an array of options to the options whitelist.
|
* Adds an array of options to the list of allowed options.
|
||||||
*
|
*
|
||||||
* @since 2.7.0
|
* @since 2.7.0
|
||||||
*
|
*
|
||||||
* @global array $whitelist_options
|
* @global array $allowed_options
|
||||||
*
|
*
|
||||||
* @param array $new_options
|
* @param array $new_options
|
||||||
* @param string|array $options
|
* @param string|array $options
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
function add_option_whitelist( $new_options, $options = '' ) {
|
function add_option_allowed_list( $new_options, $options = '' ) {
|
||||||
if ( '' === $options ) {
|
if ( '' === $options ) {
|
||||||
global $whitelist_options;
|
global $allowed_options;
|
||||||
} else {
|
} else {
|
||||||
$whitelist_options = $options;
|
$allowed_options = $options;
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ( $new_options as $page => $keys ) {
|
foreach ( $new_options as $page => $keys ) {
|
||||||
foreach ( $keys as $key ) {
|
foreach ( $keys as $key ) {
|
||||||
if ( ! isset( $whitelist_options[ $page ] ) || ! is_array( $whitelist_options[ $page ] ) ) {
|
if ( ! isset( $allowed_options[ $page ] ) || ! is_array( $allowed_options[ $page ] ) ) {
|
||||||
$whitelist_options[ $page ] = array();
|
$allowed_options[ $page ] = array();
|
||||||
$whitelist_options[ $page ][] = $key;
|
$allowed_options[ $page ][] = $key;
|
||||||
} else {
|
} else {
|
||||||
$pos = array_search( $key, $whitelist_options[ $page ], true );
|
$pos = array_search( $key, $allowed_options[ $page ], true );
|
||||||
if ( false === $pos ) {
|
if ( false === $pos ) {
|
||||||
$whitelist_options[ $page ][] = $key;
|
$allowed_options[ $page ][] = $key;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $whitelist_options;
|
return $allowed_options;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Removes a list of options from the options whitelist.
|
* Removes a list of options from the allowed options list.
|
||||||
*
|
*
|
||||||
* @since 2.7.0
|
* @since 5.5.0
|
||||||
*
|
*
|
||||||
* @global array $whitelist_options
|
* @global array $allowed_options
|
||||||
*
|
*
|
||||||
* @param array $del_options
|
* @param array $del_options
|
||||||
* @param string|array $options
|
* @param string|array $options
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
function remove_option_whitelist( $del_options, $options = '' ) {
|
function remove_option_allowed_list( $del_options, $options = '' ) {
|
||||||
if ( '' === $options ) {
|
if ( '' === $options ) {
|
||||||
global $whitelist_options;
|
global $allowed_options;
|
||||||
} else {
|
} else {
|
||||||
$whitelist_options = $options;
|
$allowed_options = $options;
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ( $del_options as $page => $keys ) {
|
foreach ( $del_options as $page => $keys ) {
|
||||||
foreach ( $keys as $key ) {
|
foreach ( $keys as $key ) {
|
||||||
if ( isset( $whitelist_options[ $page ] ) && is_array( $whitelist_options[ $page ] ) ) {
|
if ( isset( $allowed_options[ $page ] ) && is_array( $allowed_options[ $page ] ) ) {
|
||||||
$pos = array_search( $key, $whitelist_options[ $page ], true );
|
$pos = array_search( $key, $allowed_options[ $page ], true );
|
||||||
if ( false !== $pos ) {
|
if ( false !== $pos ) {
|
||||||
unset( $whitelist_options[ $page ][ $pos ] );
|
unset( $allowed_options[ $page ][ $pos ] );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $whitelist_options;
|
return $allowed_options;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -2234,7 +2234,7 @@ function get_block_categories( $post ) {
|
||||||
function get_block_editor_server_block_settings() {
|
function get_block_editor_server_block_settings() {
|
||||||
$block_registry = WP_Block_Type_Registry::get_instance();
|
$block_registry = WP_Block_Type_Registry::get_instance();
|
||||||
$blocks = array();
|
$blocks = array();
|
||||||
$fields_to_pick = array(
|
$fields_to_pick = array(
|
||||||
'title' => 'title',
|
'title' => 'title',
|
||||||
'description' => 'description',
|
'description' => 'description',
|
||||||
'icon' => 'icon',
|
'icon' => 'icon',
|
||||||
|
|
|
@ -446,8 +446,6 @@ function populate_options( array $options = array() ) {
|
||||||
'recently_edited' => '',
|
'recently_edited' => '',
|
||||||
'template' => $template,
|
'template' => $template,
|
||||||
'stylesheet' => $stylesheet,
|
'stylesheet' => $stylesheet,
|
||||||
'comment_whitelist' => 1,
|
|
||||||
'blacklist_keys' => '',
|
|
||||||
'comment_registration' => 0,
|
'comment_registration' => 0,
|
||||||
'html_type' => 'text/html',
|
'html_type' => 'text/html',
|
||||||
|
|
||||||
|
@ -532,6 +530,10 @@ function populate_options( array $options = array() ) {
|
||||||
|
|
||||||
// 5.3.0
|
// 5.3.0
|
||||||
'admin_email_lifespan' => ( time() + 6 * MONTH_IN_SECONDS ),
|
'admin_email_lifespan' => ( time() + 6 * MONTH_IN_SECONDS ),
|
||||||
|
|
||||||
|
// 5.5.0
|
||||||
|
'blocklist_keys' => '',
|
||||||
|
'comment_previously_approved' => 1,
|
||||||
);
|
);
|
||||||
|
|
||||||
// 3.3.0
|
// 3.3.0
|
||||||
|
@ -550,7 +552,7 @@ function populate_options( array $options = array() ) {
|
||||||
$options = wp_parse_args( $options, $defaults );
|
$options = wp_parse_args( $options, $defaults );
|
||||||
|
|
||||||
// Set autoload to no for these options.
|
// Set autoload to no for these options.
|
||||||
$fat_options = array( 'moderation_keys', 'recently_edited', 'blacklist_keys', 'uninstall_plugins' );
|
$fat_options = array( 'moderation_keys', 'recently_edited', 'blocklist_keys', 'uninstall_plugins' );
|
||||||
|
|
||||||
$keys = "'" . implode( "', '", array_keys( $options ) ) . "'";
|
$keys = "'" . implode( "', '", array_keys( $options ) ) . "'";
|
||||||
$existing_options = $wpdb->get_col( "SELECT option_name FROM $wpdb->options WHERE option_name in ( $keys )" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
|
$existing_options = $wpdb->get_col( "SELECT option_name FROM $wpdb->options WHERE option_name in ( $keys )" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
|
||||||
|
@ -1140,7 +1142,7 @@ function populate_network_meta( $network_id, array $meta = array() ) {
|
||||||
$allowed_themes[ WP_DEFAULT_THEME ] = true;
|
$allowed_themes[ WP_DEFAULT_THEME ] = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// If WP_DEFAULT_THEME doesn't exist, also whitelist the latest core default theme.
|
// If WP_DEFAULT_THEME doesn't exist, also include the latest core default theme.
|
||||||
if ( ! wp_get_theme( WP_DEFAULT_THEME )->exists() ) {
|
if ( ! wp_get_theme( WP_DEFAULT_THEME )->exists() ) {
|
||||||
$core_default = WP_Theme::get_core_default_theme();
|
$core_default = WP_Theme::get_core_default_theme();
|
||||||
if ( $core_default ) {
|
if ( $core_default ) {
|
||||||
|
|
|
@ -835,7 +835,7 @@ function upgrade_all() {
|
||||||
upgrade_530();
|
upgrade_530();
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $wp_current_db_version < 47597 ) {
|
if ( $wp_current_db_version < 48082 ) {
|
||||||
upgrade_550();
|
upgrade_550();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2168,6 +2168,15 @@ function upgrade_530() {
|
||||||
function upgrade_550() {
|
function upgrade_550() {
|
||||||
update_option( 'finished_updating_comment_type', 0 );
|
update_option( 'finished_updating_comment_type', 0 );
|
||||||
wp_schedule_single_event( time() + ( 1 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' );
|
wp_schedule_single_event( time() + ( 1 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' );
|
||||||
|
|
||||||
|
// Use more clear and inclusive language.
|
||||||
|
$blocklist = get_option( 'blacklist_keys', '' );
|
||||||
|
update_option( 'blocklist_keys', $blocklist );
|
||||||
|
delete_option( 'blacklist_keys' );
|
||||||
|
|
||||||
|
$comment_previously_approved = get_option( 'comment_whitelist', '' );
|
||||||
|
update_option( 'comment_previously_approved', $comment_previously_approved );
|
||||||
|
delete_option( 'comment_whitelist' );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -22,16 +22,16 @@ window.wp = window.wp || {};
|
||||||
*
|
*
|
||||||
* @since 3.7.0
|
* @since 3.7.0
|
||||||
*
|
*
|
||||||
* @param {string} password1 The subject password.
|
* @param {string} password1 The subject password.
|
||||||
* @param {Array} blacklist An array of words that will lower the entropy of
|
* @param {Array} disallowedList An array of words that will lower the entropy of
|
||||||
* the password.
|
* the password.
|
||||||
* @param {string} password2 The password confirmation.
|
* @param {string} password2 The password confirmation.
|
||||||
*
|
*
|
||||||
* @return {number} The password strength score.
|
* @return {number} The password strength score.
|
||||||
*/
|
*/
|
||||||
meter : function( password1, blacklist, password2 ) {
|
meter : function( password1, disallowedList, password2 ) {
|
||||||
if ( ! $.isArray( blacklist ) )
|
if ( ! $.isArray( disallowedList ) )
|
||||||
blacklist = [ blacklist.toString() ];
|
disallowedList = [ disallowedList.toString() ];
|
||||||
|
|
||||||
if (password1 != password2 && password2 && password2.length > 0)
|
if (password1 != password2 && password2 && password2.length > 0)
|
||||||
return 5;
|
return 5;
|
||||||
|
@ -41,7 +41,7 @@ window.wp = window.wp || {};
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
var result = zxcvbn( password1, blacklist );
|
var result = zxcvbn( password1, disallowedList );
|
||||||
return result.score;
|
return result.score;
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -49,20 +49,43 @@ window.wp = window.wp || {};
|
||||||
* Builds an array of words that should be penalized.
|
* Builds an array of words that should be penalized.
|
||||||
*
|
*
|
||||||
* Certain words need to be penalized because it would lower the entropy of a
|
* Certain words need to be penalized because it would lower the entropy of a
|
||||||
* password if they were used. The blacklist is based on user input fields such
|
* password if they were used. The disallowedList is based on user input fields such
|
||||||
* as username, first name, email etc.
|
* as username, first name, email etc.
|
||||||
*
|
*
|
||||||
* @since 3.7.0
|
* @since 3.7.0
|
||||||
|
* @deprecated 5.5.0 Use {@see 'userInputBlockList()'} instead.
|
||||||
*
|
*
|
||||||
* @return {string[]} The array of words to be blacklisted.
|
* @return {string[]} The array of words to be disallowed.
|
||||||
*/
|
*/
|
||||||
userInputBlacklist : function() {
|
userInputBlacklist : function() {
|
||||||
|
wp.deprecated( 'wp.passwordStrength.userInputBlacklist()', {
|
||||||
|
version: '5.5.0',
|
||||||
|
alternative: 'wp.passwordStrength.userInputDisallowedList()',
|
||||||
|
plugin: 'WordPress',
|
||||||
|
hint: wp.i18n.__( 'Please consider writing more inclusive code.' )
|
||||||
|
} );
|
||||||
|
|
||||||
|
return wp.passwordStrength.userInputDisallowedList();
|
||||||
|
},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Builds an array of words that should be penalized.
|
||||||
|
*
|
||||||
|
* Certain words need to be penalized because it would lower the entropy of a
|
||||||
|
* password if they were used. The disallowed list is based on user input fields such
|
||||||
|
* as username, first name, email etc.
|
||||||
|
*
|
||||||
|
* @since 5.5.0
|
||||||
|
*
|
||||||
|
* @return {string[]} The array of words to be disallowed.
|
||||||
|
*/
|
||||||
|
userInputDisallowedList : function() {
|
||||||
var i, userInputFieldsLength, rawValuesLength, currentField,
|
var i, userInputFieldsLength, rawValuesLength, currentField,
|
||||||
rawValues = [],
|
rawValues = [],
|
||||||
blacklist = [],
|
disallowedList = [],
|
||||||
userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
|
userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
|
||||||
|
|
||||||
// Collect all the strings we want to blacklist.
|
// Collect all the strings we want to disallow.
|
||||||
rawValues.push( document.title );
|
rawValues.push( document.title );
|
||||||
rawValues.push( document.URL );
|
rawValues.push( document.URL );
|
||||||
|
|
||||||
|
@ -85,7 +108,7 @@ window.wp = window.wp || {};
|
||||||
rawValuesLength = rawValues.length;
|
rawValuesLength = rawValues.length;
|
||||||
for ( i = 0; i < rawValuesLength; i++ ) {
|
for ( i = 0; i < rawValuesLength; i++ ) {
|
||||||
if ( rawValues[ i ] ) {
|
if ( rawValues[ i ] ) {
|
||||||
blacklist = blacklist.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
|
disallowedList = disallowedList.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -93,15 +116,15 @@ window.wp = window.wp || {};
|
||||||
* Remove empty values, short words and duplicates. Short words are likely to
|
* Remove empty values, short words and duplicates. Short words are likely to
|
||||||
* cause many false positives.
|
* cause many false positives.
|
||||||
*/
|
*/
|
||||||
blacklist = $.grep( blacklist, function( value, key ) {
|
disallowedList = $.grep( disallowedList, function( value, key ) {
|
||||||
if ( '' === value || 4 > value.length ) {
|
if ( '' === value || 4 > value.length ) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $.inArray( value, blacklist ) === key;
|
return $.inArray( value, disallowedList ) === key;
|
||||||
});
|
});
|
||||||
|
|
||||||
return blacklist;
|
return disallowedList;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
/*! This file is auto-generated */
|
/*! This file is auto-generated */
|
||||||
window.wp=window.wp||{},function(l){wp.passwordStrength={meter:function(n,e,t){return l.isArray(e)||(e=[e.toString()]),n!=t&&t&&0<t.length?5:void 0===window.zxcvbn?-1:zxcvbn(n,e).score},userInputBlacklist:function(){var n,e,t,r,i=[],o=[],a=["user_login","first_name","last_name","nickname","display_name","email","url","description","weblog_title","admin_email"];for(i.push(document.title),i.push(document.URL),e=a.length,n=0;n<e;n++)0!==(r=l("#"+a[n])).length&&(i.push(r[0].defaultValue),i.push(r.val()));for(t=i.length,n=0;n<t;n++)i[n]&&(o=o.concat(i[n].replace(/\W/g," ").split(" ")));return o=l.grep(o,function(n,e){return!(""===n||n.length<4)&&l.inArray(n,o)===e})}},window.passwordStrength=wp.passwordStrength.meter}(jQuery);
|
window.wp=window.wp||{},function(l){wp.passwordStrength={meter:function(e,n,t){return l.isArray(n)||(n=[n.toString()]),e!=t&&t&&0<t.length?5:void 0===window.zxcvbn?-1:zxcvbn(e,n).score},userInputBlacklist:function(){return wp.deprecated("wp.passwordStrength.userInputBlacklist()",{version:"5.5.0",alternative:"wp.passwordStrength.userInputDisallowedList()",plugin:"WordPress",hint:wp.i18n.__("Please consider writing more inclusive code.")}),wp.passwordStrength.userInputDisallowedList()},userInputDisallowedList:function(){var e,n,t,r,i=[],s=[],o=["user_login","first_name","last_name","nickname","display_name","email","url","description","weblog_title","admin_email"];for(i.push(document.title),i.push(document.URL),n=o.length,e=0;e<n;e++)0!==(r=l("#"+o[e])).length&&(i.push(r[0].defaultValue),i.push(r.val()));for(t=i.length,e=0;e<t;e++)i[e]&&(s=s.concat(i[e].replace(/\W/g," ").split(" ")));return s=l.grep(s,function(e,n){return!(""===e||e.length<4)&&l.inArray(e,s)===n})}},window.passwordStrength=wp.passwordStrength.meter}(jQuery);
|
|
@ -220,7 +220,7 @@
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputBlacklist(), pass1 );
|
strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputDisallowedList(), pass1 );
|
||||||
|
|
||||||
switch ( strength ) {
|
switch ( strength ) {
|
||||||
case -1:
|
case -1:
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -181,7 +181,7 @@ printf( __( 'Comments should be displayed with the %s comments at the top of eac
|
||||||
<input name="comment_moderation" type="checkbox" id="comment_moderation" value="1" <?php checked( '1', get_option( 'comment_moderation' ) ); ?> />
|
<input name="comment_moderation" type="checkbox" id="comment_moderation" value="1" <?php checked( '1', get_option( 'comment_moderation' ) ); ?> />
|
||||||
<?php _e( 'Comment must be manually approved' ); ?> </label>
|
<?php _e( 'Comment must be manually approved' ); ?> </label>
|
||||||
<br />
|
<br />
|
||||||
<label for="comment_whitelist"><input type="checkbox" name="comment_whitelist" id="comment_whitelist" value="1" <?php checked( '1', get_option( 'comment_whitelist' ) ); ?> /> <?php _e( 'Comment author must have a previously approved comment' ); ?></label>
|
<label for="comment_previously_approved"><input type="checkbox" name="comment_previously_approved" id="comment_previously_approved" value="1" <?php checked( '1', get_option( 'comment_previously_approved' ) ); ?> /> <?php _e( 'Comment author must have a previously approved comment' ); ?></label>
|
||||||
</fieldset></td>
|
</fieldset></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
|
@ -206,9 +206,9 @@ printf(
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e( 'Comment Blocklist' ); ?></th>
|
<th scope="row"><?php _e( 'Comment Blocklist' ); ?></th>
|
||||||
<td><fieldset><legend class="screen-reader-text"><span><?php _e( 'Comment Blocklist' ); ?></span></legend>
|
<td><fieldset><legend class="screen-reader-text"><span><?php _e( 'Comment Blocklist' ); ?></span></legend>
|
||||||
<p><label for="blacklist_keys"><?php _e( 'When a comment contains any of these words in its content, author name, URL, email, IP address, or browser’s user agent string, it will be put in the Trash. One word or IP address per line. It will match inside words, so “press” will match “WordPress”.' ); ?></label></p>
|
<p><label for="blocklist_keys"><?php _e( 'When a comment contains any of these words in its content, author name, URL, email, IP address, or browser’s user agent string, it will be put in the Trash. One word or IP address per line. It will match inside words, so “press” will match “WordPress”.' ); ?></label></p>
|
||||||
<p>
|
<p>
|
||||||
<textarea name="blacklist_keys" rows="10" cols="50" id="blacklist_keys" class="large-text code"><?php echo esc_textarea( get_option( 'blacklist_keys' ) ); ?></textarea>
|
<textarea name="blocklist_keys" rows="10" cols="50" id="blocklist_keys" class="large-text code"><?php echo esc_textarea( get_option( 'blocklist_keys' ) ); ?></textarea>
|
||||||
</p>
|
</p>
|
||||||
</fieldset></td>
|
</fieldset></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
|
@ -80,7 +80,7 @@ if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$whitelist_options = array(
|
$allowed_options = array(
|
||||||
'general' => array(
|
'general' => array(
|
||||||
'blogname',
|
'blogname',
|
||||||
'blogdescription',
|
'blogdescription',
|
||||||
|
@ -100,10 +100,10 @@ $whitelist_options = array(
|
||||||
'moderation_notify',
|
'moderation_notify',
|
||||||
'comment_moderation',
|
'comment_moderation',
|
||||||
'require_name_email',
|
'require_name_email',
|
||||||
'comment_whitelist',
|
'comment_previously_approved',
|
||||||
'comment_max_links',
|
'comment_max_links',
|
||||||
'moderation_keys',
|
'moderation_keys',
|
||||||
'blacklist_keys',
|
'blocklist_keys',
|
||||||
'show_avatars',
|
'show_avatars',
|
||||||
'avatar_rating',
|
'avatar_rating',
|
||||||
'avatar_default',
|
'avatar_default',
|
||||||
|
@ -146,36 +146,36 @@ $whitelist_options = array(
|
||||||
'default_post_format',
|
'default_post_format',
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
$whitelist_options['misc'] = array();
|
$allowed_options['misc'] = array();
|
||||||
$whitelist_options['options'] = array();
|
$allowed_options['options'] = array();
|
||||||
$whitelist_options['privacy'] = array();
|
$allowed_options['privacy'] = array();
|
||||||
|
|
||||||
$mail_options = array( 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass' );
|
$mail_options = array( 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass' );
|
||||||
|
|
||||||
if ( ! in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ), true ) ) {
|
if ( ! in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ), true ) ) {
|
||||||
$whitelist_options['reading'][] = 'blog_charset';
|
$allowed_options['reading'][] = 'blog_charset';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( get_site_option( 'initial_db_version' ) < 32453 ) {
|
if ( get_site_option( 'initial_db_version' ) < 32453 ) {
|
||||||
$whitelist_options['writing'][] = 'use_smilies';
|
$allowed_options['writing'][] = 'use_smilies';
|
||||||
$whitelist_options['writing'][] = 'use_balanceTags';
|
$allowed_options['writing'][] = 'use_balanceTags';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! is_multisite() ) {
|
if ( ! is_multisite() ) {
|
||||||
if ( ! defined( 'WP_SITEURL' ) ) {
|
if ( ! defined( 'WP_SITEURL' ) ) {
|
||||||
$whitelist_options['general'][] = 'siteurl';
|
$allowed_options['general'][] = 'siteurl';
|
||||||
}
|
}
|
||||||
if ( ! defined( 'WP_HOME' ) ) {
|
if ( ! defined( 'WP_HOME' ) ) {
|
||||||
$whitelist_options['general'][] = 'home';
|
$allowed_options['general'][] = 'home';
|
||||||
}
|
}
|
||||||
|
|
||||||
$whitelist_options['general'][] = 'users_can_register';
|
$allowed_options['general'][] = 'users_can_register';
|
||||||
$whitelist_options['general'][] = 'default_role';
|
$allowed_options['general'][] = 'default_role';
|
||||||
|
|
||||||
$whitelist_options['writing'] = array_merge( $whitelist_options['writing'], $mail_options );
|
$allowed_options['writing'] = array_merge( $allowed_options['writing'], $mail_options );
|
||||||
$whitelist_options['writing'][] = 'ping_sites';
|
$allowed_options['writing'][] = 'ping_sites';
|
||||||
|
|
||||||
$whitelist_options['media'][] = 'uploads_use_yearmonth_folders';
|
$allowed_options['media'][] = 'uploads_use_yearmonth_folders';
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If upload_url_path is not the default (empty),
|
* If upload_url_path is not the default (empty),
|
||||||
|
@ -183,8 +183,8 @@ if ( ! is_multisite() ) {
|
||||||
* they can be edited, otherwise they're locked.
|
* they can be edited, otherwise they're locked.
|
||||||
*/
|
*/
|
||||||
if ( get_option( 'upload_url_path' ) || ( get_option( 'upload_path' ) != 'wp-content/uploads' && get_option( 'upload_path' ) ) ) {
|
if ( get_option( 'upload_url_path' ) || ( get_option( 'upload_path' ) != 'wp-content/uploads' && get_option( 'upload_path' ) ) ) {
|
||||||
$whitelist_options['media'][] = 'upload_path';
|
$allowed_options['media'][] = 'upload_path';
|
||||||
$whitelist_options['media'][] = 'upload_url_path';
|
$allowed_options['media'][] = 'upload_url_path';
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/**
|
/**
|
||||||
|
@ -195,18 +195,28 @@ if ( ! is_multisite() ) {
|
||||||
* @param bool $enabled Whether post-by-email configuration is enabled. Default true.
|
* @param bool $enabled Whether post-by-email configuration is enabled. Default true.
|
||||||
*/
|
*/
|
||||||
if ( apply_filters( 'enable_post_by_email_configuration', true ) ) {
|
if ( apply_filters( 'enable_post_by_email_configuration', true ) ) {
|
||||||
$whitelist_options['writing'] = array_merge( $whitelist_options['writing'], $mail_options );
|
$allowed_options['writing'] = array_merge( $allowed_options['writing'], $mail_options );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters the options whitelist.
|
* Filters the allowed options list.
|
||||||
*
|
*
|
||||||
* @since 2.7.0
|
* @since 2.7.0
|
||||||
|
* @deprecated 5.5.0 Use {@see 'allowed_options'} instead.
|
||||||
*
|
*
|
||||||
* @param array $whitelist_options The options whitelist.
|
* @param array $allowed_options The allowed options list.
|
||||||
*/
|
*/
|
||||||
$whitelist_options = apply_filters( 'whitelist_options', $whitelist_options );
|
$allowed_options = apply_filters_deprecated( 'whitelist_options', array( $allowed_options ), '5.5.0', 'apply_filters_deprecated', __( 'Please consider writing more inclusive code.' ) );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Filters the allowed options list.
|
||||||
|
*
|
||||||
|
* @since 5.5.0
|
||||||
|
*
|
||||||
|
* @param array $allowed_options The allowed options list.
|
||||||
|
*/
|
||||||
|
$allowed_options = apply_filters( 'allowed_options', $allowed_options );
|
||||||
|
|
||||||
if ( 'update' === $action ) { // We are saving settings sent from a settings page.
|
if ( 'update' === $action ) { // We are saving settings sent from a settings page.
|
||||||
if ( 'options' === $option_page && ! isset( $_POST['option_page'] ) ) { // This is for back compat and will eventually be removed.
|
if ( 'options' === $option_page && ! isset( $_POST['option_page'] ) ) { // This is for back compat and will eventually be removed.
|
||||||
|
@ -217,11 +227,11 @@ if ( 'update' === $action ) { // We are saving settings sent from a settings pag
|
||||||
check_admin_referer( $option_page . '-options' );
|
check_admin_referer( $option_page . '-options' );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! isset( $whitelist_options[ $option_page ] ) ) {
|
if ( ! isset( $allowed_options[ $option_page ] ) ) {
|
||||||
wp_die(
|
wp_die(
|
||||||
sprintf(
|
sprintf(
|
||||||
/* translators: %s: The options page name. */
|
/* translators: %s: The options page name. */
|
||||||
__( '<strong>Error</strong>: Options page %s not found in the options whitelist.' ),
|
__( '<strong>Error</strong>: Options page %s not found in the allowed options list.' ),
|
||||||
'<code>' . esc_html( $option_page ) . '</code>'
|
'<code>' . esc_html( $option_page ) . '</code>'
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
@ -233,7 +243,7 @@ if ( 'update' === $action ) { // We are saving settings sent from a settings pag
|
||||||
}
|
}
|
||||||
$options = explode( ',', wp_unslash( $_POST['page_options'] ) );
|
$options = explode( ',', wp_unslash( $_POST['page_options'] ) );
|
||||||
} else {
|
} else {
|
||||||
$options = $whitelist_options[ $option_page ];
|
$options = $allowed_options[ $option_page ];
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( 'general' === $option_page ) {
|
if ( 'general' === $option_page ) {
|
||||||
|
|
|
@ -233,7 +233,7 @@ class Featured_Content {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// We need to respect post IDs already in the blacklist.
|
// We need to respect post IDs already in the exclude list.
|
||||||
$post__not_in = $query->get( 'post__not_in' );
|
$post__not_in = $query->get( 'post__not_in' );
|
||||||
|
|
||||||
if ( ! empty( $post__not_in ) ) {
|
if ( ! empty( $post__not_in ) ) {
|
||||||
|
|
|
@ -20,7 +20,6 @@
|
||||||
"options": {
|
"options": {
|
||||||
"autoRename": false,
|
"autoRename": false,
|
||||||
"autoRenameStrict": false,
|
"autoRenameStrict": false,
|
||||||
"blacklist": {},
|
|
||||||
"clean": true,
|
"clean": true,
|
||||||
"greedy": false,
|
"greedy": false,
|
||||||
"processUrls": false,
|
"processUrls": false,
|
||||||
|
|
|
@ -33,7 +33,6 @@
|
||||||
"options": {
|
"options": {
|
||||||
"autoRename": false,
|
"autoRename": false,
|
||||||
"autoRenameStrict": false,
|
"autoRenameStrict": false,
|
||||||
"blacklist": {},
|
|
||||||
"clean": true,
|
"clean": true,
|
||||||
"greedy": false,
|
"greedy": false,
|
||||||
"processUrls": false,
|
"processUrls": false,
|
||||||
|
|
|
@ -125,7 +125,7 @@ class Requests_SSL {
|
||||||
* @return boolean Does the domain match?
|
* @return boolean Does the domain match?
|
||||||
*/
|
*/
|
||||||
public static function match_domain($host, $reference) {
|
public static function match_domain($host, $reference) {
|
||||||
// Check if the reference is blacklisted first
|
// Check if the reference is blocklisted first
|
||||||
if (self::verify_reference_name($reference) !== true) {
|
if (self::verify_reference_name($reference) !== true) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -149,4 +149,4 @@ class Requests_SSL {
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1684,7 +1684,7 @@ final class WP_Customize_Widgets {
|
||||||
* List of the tag names seen for before_widget strings.
|
* List of the tag names seen for before_widget strings.
|
||||||
*
|
*
|
||||||
* This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the
|
* This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the
|
||||||
* data-* attributes can be whitelisted.
|
* data-* attributes can be allowed.
|
||||||
*
|
*
|
||||||
* @since 4.5.0
|
* @since 4.5.0
|
||||||
* @var array
|
* @var array
|
||||||
|
|
|
@ -462,10 +462,10 @@ class WP_Date_Query {
|
||||||
/**
|
/**
|
||||||
* Validates a column name parameter.
|
* Validates a column name parameter.
|
||||||
*
|
*
|
||||||
* Column names without a table prefix (like 'post_date') are checked against a whitelist of
|
* Column names without a table prefix (like 'post_date') are checked against a list of
|
||||||
* known tables, and then, if found, have a table prefix (such as 'wp_posts.') prepended.
|
* allowed and known tables, and then, if found, have a table prefix (such as 'wp_posts.')
|
||||||
* Prefixed column names (such as 'wp_posts.post_date') bypass this whitelist check,
|
* prepended. Prefixed column names (such as 'wp_posts.post_date') bypass this allowed
|
||||||
* and are only sanitized to remove illegal characters.
|
* check, and are only sanitized to remove illegal characters.
|
||||||
*
|
*
|
||||||
* @since 3.7.0
|
* @since 3.7.0
|
||||||
*
|
*
|
||||||
|
|
|
@ -305,8 +305,8 @@ class WP_Image_Editor_Imagick extends WP_Image_Editor {
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the filter value if '$filter_name' name is in our whitelist and the related
|
* Set the filter value if '$filter_name' name is in the allowed list and the related
|
||||||
* Imagick constant is defined or fall back to our default filter.
|
* Imagick constant is defined or fall back to the default filter.
|
||||||
*/
|
*/
|
||||||
if ( in_array( $filter_name, $allowed_filters, true ) && defined( 'Imagick::' . $filter_name ) ) {
|
if ( in_array( $filter_name, $allowed_filters, true ) && defined( 'Imagick::' . $filter_name ) ) {
|
||||||
$filter = constant( 'Imagick::' . $filter_name );
|
$filter = constant( 'Imagick::' . $filter_name );
|
||||||
|
|
|
@ -94,7 +94,7 @@ final class WP_oEmbed_Controller {
|
||||||
'sanitize_callback' => 'absint',
|
'sanitize_callback' => 'absint',
|
||||||
),
|
),
|
||||||
'discover' => array(
|
'discover' => array(
|
||||||
'description' => __( 'Whether to perform an oEmbed discovery request for non-whitelisted providers.' ),
|
'description' => __( 'Whether to perform an oEmbed discovery request for unsanctioned providers.' ),
|
||||||
'type' => 'boolean',
|
'type' => 'boolean',
|
||||||
'default' => true,
|
'default' => true,
|
||||||
),
|
),
|
||||||
|
|
|
@ -131,10 +131,10 @@ class WP_oEmbed {
|
||||||
self::$early_providers = array();
|
self::$early_providers = array();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters the list of whitelisted oEmbed providers.
|
* Filters the list of sanctioned oEmbed providers.
|
||||||
*
|
*
|
||||||
* Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized
|
* Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized
|
||||||
* iframes. The providers in this list are whitelisted, meaning they are trusted and allowed to
|
* iframes. The providers in this list are sanctioned, meaning they are trusted and allowed to
|
||||||
* embed any content, such as iframes, videos, JavaScript, and arbitrary HTML.
|
* embed any content, such as iframes, videos, JavaScript, and arbitrary HTML.
|
||||||
*
|
*
|
||||||
* Supported providers:
|
* Supported providers:
|
||||||
|
|
|
@ -275,7 +275,7 @@ class WP {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters the query variables whitelist before processing.
|
* Filters the query variables allowed before processing.
|
||||||
*
|
*
|
||||||
* Allows (publicly allowed) query vars to be added, removed, or changed prior
|
* Allows (publicly allowed) query vars to be added, removed, or changed prior
|
||||||
* to executing the query. Needed to allow custom rewrite rules using your own arguments
|
* to executing the query. Needed to allow custom rewrite rules using your own arguments
|
||||||
|
@ -283,7 +283,7 @@ class WP {
|
||||||
*
|
*
|
||||||
* @since 1.5.0
|
* @since 1.5.0
|
||||||
*
|
*
|
||||||
* @param string[] $public_query_vars The array of whitelisted query variable names.
|
* @param string[] $public_query_vars The array of allowed query variable names.
|
||||||
*/
|
*/
|
||||||
$this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars );
|
$this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars );
|
||||||
|
|
||||||
|
|
|
@ -10,15 +10,15 @@
|
||||||
* Check whether a comment passes internal checks to be allowed to add.
|
* Check whether a comment passes internal checks to be allowed to add.
|
||||||
*
|
*
|
||||||
* If manual comment moderation is set in the administration, then all checks,
|
* If manual comment moderation is set in the administration, then all checks,
|
||||||
* regardless of their type and whitelist, will fail and the function will
|
* regardless of their type and substance, will fail and the function will
|
||||||
* return false.
|
* return false.
|
||||||
*
|
*
|
||||||
* If the number of links exceeds the amount in the administration, then the
|
* If the number of links exceeds the amount in the administration, then the
|
||||||
* check fails. If any of the parameter contents match the blacklist of words,
|
* check fails. If any of the parameter contents contain any disallowed words,
|
||||||
* then the check fails.
|
* then the check fails.
|
||||||
*
|
*
|
||||||
* If the comment author was approved before, then the comment is automatically
|
* If the comment author was approved before, then the comment is automatically
|
||||||
* whitelisted.
|
* approved.
|
||||||
*
|
*
|
||||||
* If all checks pass, the function will return true.
|
* If all checks pass, the function will return true.
|
||||||
*
|
*
|
||||||
|
@ -126,7 +126,7 @@ function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent,
|
||||||
* as well as whether there are any moderation keywords (if set) present in the author
|
* as well as whether there are any moderation keywords (if set) present in the author
|
||||||
* email address. If both checks pass, return true. Otherwise, return false.
|
* email address. If both checks pass, return true. Otherwise, return false.
|
||||||
*/
|
*/
|
||||||
if ( 1 == get_option( 'comment_whitelist' ) ) {
|
if ( 1 == get_option( 'comment_previously_approved' ) ) {
|
||||||
if ( 'trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email ) {
|
if ( 'trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email ) {
|
||||||
$comment_user = get_user_by( 'email', wp_unslash( $email ) );
|
$comment_user = get_user_by( 'email', wp_unslash( $email ) );
|
||||||
if ( ! empty( $comment_user->ID ) ) {
|
if ( ! empty( $comment_user->ID ) ) {
|
||||||
|
@ -815,7 +815,7 @@ function wp_allow_comment( $commentdata, $avoid_die = false ) {
|
||||||
$approved = 0;
|
$approved = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( wp_blacklist_check(
|
if ( wp_blocklist_check(
|
||||||
$commentdata['comment_author'],
|
$commentdata['comment_author'],
|
||||||
$commentdata['comment_author_email'],
|
$commentdata['comment_author_email'],
|
||||||
$commentdata['comment_author_url'],
|
$commentdata['comment_author_url'],
|
||||||
|
@ -1262,9 +1262,9 @@ function wp_check_comment_data_max_lengths( $comment_data ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Does comment contain blacklisted characters or words.
|
* Checks if a comment contains disallowed characters or words.
|
||||||
*
|
*
|
||||||
* @since 1.5.0
|
* @since 5.5.0
|
||||||
*
|
*
|
||||||
* @param string $author The author of the comment
|
* @param string $author The author of the comment
|
||||||
* @param string $email The email of the comment
|
* @param string $email The email of the comment
|
||||||
|
@ -1272,13 +1272,14 @@ function wp_check_comment_data_max_lengths( $comment_data ) {
|
||||||
* @param string $comment The comment content
|
* @param string $comment The comment content
|
||||||
* @param string $user_ip The comment author's IP address
|
* @param string $user_ip The comment author's IP address
|
||||||
* @param string $user_agent The author's browser user agent
|
* @param string $user_agent The author's browser user agent
|
||||||
* @return bool True if comment contains blacklisted content, false if comment does not
|
* @return bool True if comment contains disallowed content, false if comment does not
|
||||||
*/
|
*/
|
||||||
function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
|
function wp_blocklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
|
||||||
/**
|
/**
|
||||||
* Fires before the comment is tested for blacklisted characters or words.
|
* Fires before the comment is tested for disallowed characters or words.
|
||||||
*
|
*
|
||||||
* @since 1.5.0
|
* @since 1.5.0
|
||||||
|
* @deprecated 5.5.0 Use {@see 'wp_blocklist_check'} instead.
|
||||||
*
|
*
|
||||||
* @param string $author Comment author.
|
* @param string $author Comment author.
|
||||||
* @param string $email Comment author's email.
|
* @param string $email Comment author's email.
|
||||||
|
@ -1287,14 +1288,28 @@ function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_ag
|
||||||
* @param string $user_ip Comment author's IP address.
|
* @param string $user_ip Comment author's IP address.
|
||||||
* @param string $user_agent Comment author's browser user agent.
|
* @param string $user_agent Comment author's browser user agent.
|
||||||
*/
|
*/
|
||||||
do_action( 'wp_blacklist_check', $author, $email, $url, $comment, $user_ip, $user_agent );
|
do_action_deprecated( 'wp_blacklist_check', array( $author, $email, $url, $comment, $user_ip, $user_agent ), '5.5.0', 'wp_blocklist_check', __( 'Please consider writing more inclusive code.' ) );
|
||||||
|
|
||||||
$mod_keys = trim( get_option( 'blacklist_keys' ) );
|
/**
|
||||||
|
* Fires before the comment is tested for disallowed characters or words.
|
||||||
|
*
|
||||||
|
* @since 5.5.0
|
||||||
|
*
|
||||||
|
* @param string $author Comment author.
|
||||||
|
* @param string $email Comment author's email.
|
||||||
|
* @param string $url Comment author's URL.
|
||||||
|
* @param string $comment Comment content.
|
||||||
|
* @param string $user_ip Comment author's IP address.
|
||||||
|
* @param string $user_agent Comment author's browser user agent.
|
||||||
|
*/
|
||||||
|
do_action( 'wp_blocklist_check', $author, $email, $url, $comment, $user_ip, $user_agent );
|
||||||
|
|
||||||
|
$mod_keys = trim( get_option( 'blocklist_keys' ) );
|
||||||
if ( '' === $mod_keys ) {
|
if ( '' === $mod_keys ) {
|
||||||
return false; // If moderation keys are empty.
|
return false; // If moderation keys are empty.
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ensure HTML tags are not being used to bypass the blacklist.
|
// Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
|
||||||
$comment_without_html = wp_strip_all_tags( $comment );
|
$comment_without_html = wp_strip_all_tags( $comment );
|
||||||
|
|
||||||
$words = explode( "\n", $mod_keys );
|
$words = explode( "\n", $mod_keys );
|
||||||
|
|
|
@ -96,7 +96,7 @@ add_filter( 'pre_post_mime_type', 'sanitize_mime_type' );
|
||||||
add_filter( 'post_mime_type', 'sanitize_mime_type' );
|
add_filter( 'post_mime_type', 'sanitize_mime_type' );
|
||||||
|
|
||||||
// Meta.
|
// Meta.
|
||||||
add_filter( 'register_meta_args', '_wp_register_meta_args_whitelist', 10, 2 );
|
add_filter( 'register_meta_args', '_wp_register_meta_args_allowed_list', 10, 2 );
|
||||||
|
|
||||||
// Post meta.
|
// Post meta.
|
||||||
add_action( 'added_post_meta', 'wp_cache_set_posts_last_changed' );
|
add_action( 'added_post_meta', 'wp_cache_set_posts_last_changed' );
|
||||||
|
|
|
@ -3995,3 +3995,83 @@ function wp_unregister_GLOBALS() { // phpcs:ignore WordPress.NamingConventions.
|
||||||
// register_globals was deprecated in PHP 5.3 and removed entirely in PHP 5.4.
|
// register_globals was deprecated in PHP 5.3 and removed entirely in PHP 5.4.
|
||||||
_deprecated_function( __FUNCTION__, '5.5.0' );
|
_deprecated_function( __FUNCTION__, '5.5.0' );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Does comment contain disallowed characters or words.
|
||||||
|
*
|
||||||
|
* @since 1.5.0
|
||||||
|
* @deprecated 5.5.0 Use wp_blocklist_check() instead.
|
||||||
|
* Please consider writing more inclusive code.
|
||||||
|
*
|
||||||
|
* @param string $author The author of the comment
|
||||||
|
* @param string $email The email of the comment
|
||||||
|
* @param string $url The url used in the comment
|
||||||
|
* @param string $comment The comment content
|
||||||
|
* @param string $user_ip The comment author's IP address
|
||||||
|
* @param string $user_agent The author's browser user agent
|
||||||
|
* @return bool True if comment contains disallowed content, false if comment does not
|
||||||
|
*/
|
||||||
|
function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
|
||||||
|
_deprecated_function( __FUNCTION__, '5.5.0', 'wp_blocklist_check()' );
|
||||||
|
|
||||||
|
return wp_blocklist_check( $author, $email, $url, $comment, $user_ip, $user_agent );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Filters out `register_meta()` args based on an allowed list.
|
||||||
|
*
|
||||||
|
* `register_meta()` args may change over time, so requiring the allowed list
|
||||||
|
* to be explicitly turned off is a warranty seal of sorts.
|
||||||
|
*
|
||||||
|
* @access private
|
||||||
|
* @since 4.6.0
|
||||||
|
* @deprecated 5.5.0 Use _wp_register_meta_args_allowed_list() instead.
|
||||||
|
* Please consider writing more inclusive code.
|
||||||
|
*
|
||||||
|
* @param array $args Arguments from `register_meta()`.
|
||||||
|
* @param array $default_args Default arguments for `register_meta()`.
|
||||||
|
* @return array Filtered arguments.
|
||||||
|
*/
|
||||||
|
function _wp_register_meta_args_whitelist( $args, $default_args ) {
|
||||||
|
_deprecated_function( __FUNCTION__, '5.5.0', '_wp_register_meta_args_allowed_list()' );
|
||||||
|
|
||||||
|
return _wp_register_meta_args_allowed_list( $args, $default_args );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Adds an array of options to the list of allowed options.
|
||||||
|
*
|
||||||
|
* @since 2.7.0
|
||||||
|
* @deprecated 5.5.0 Use add_option_allowed_list() instead.
|
||||||
|
* Please consider writing more inclusive code.
|
||||||
|
*
|
||||||
|
* @global array $allowed_options
|
||||||
|
*
|
||||||
|
* @param array $new_options
|
||||||
|
* @param string|array $options
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
function add_option_whitelist( $new_options, $options = '' ) {
|
||||||
|
_deprecated_function( __FUNCTION__, '5.5.0', 'add_option_allowed_list()' );
|
||||||
|
|
||||||
|
return add_option_allowed_list( $new_options, $options );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Removes a list of options from the allowed options list.
|
||||||
|
*
|
||||||
|
* @since 2.7.0
|
||||||
|
* @deprecated 5.5.0 Use remove_option_allowed_list() instead.
|
||||||
|
* Please consider writing more inclusive code.
|
||||||
|
*
|
||||||
|
* @global array $allowed_options
|
||||||
|
*
|
||||||
|
* @param array $del_options
|
||||||
|
* @param string|array $options
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
function remove_option_whitelist( $del_options, $options = '' ) {
|
||||||
|
_deprecated_function( __FUNCTION__, '5.5.0', 'remove_option_allowed_list()' );
|
||||||
|
|
||||||
|
return remove_option_allowed_list( $del_options, $options );
|
||||||
|
}
|
||||||
|
|
|
@ -2048,7 +2048,7 @@ function sanitize_file_name( $filename ) {
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Loop over any intermediate extensions. Postfix them with a trailing underscore
|
* Loop over any intermediate extensions. Postfix them with a trailing underscore
|
||||||
* if they are a 2 - 5 character long alpha string not in the extension whitelist.
|
* if they are a 2 - 5 character long alpha string not in the allowed extension list.
|
||||||
*/
|
*/
|
||||||
foreach ( (array) $parts as $part ) {
|
foreach ( (array) $parts as $part ) {
|
||||||
$filename .= '.' . $part;
|
$filename .= '.' . $part;
|
||||||
|
@ -4852,7 +4852,7 @@ function sanitize_option( $option, $value ) {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'moderation_keys':
|
case 'moderation_keys':
|
||||||
case 'blacklist_keys':
|
case 'blocklist_keys':
|
||||||
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
|
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
|
||||||
if ( is_wp_error( $value ) ) {
|
if ( is_wp_error( $value ) ) {
|
||||||
$error = $value->get_error_message();
|
$error = $value->get_error_message();
|
||||||
|
|
|
@ -593,7 +593,7 @@ function wp_http_validate_url( $url ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Whitelists allowed redirect hosts for safe HTTP requests as well.
|
* Mark allowed redirect hosts safe for HTTP requests as well.
|
||||||
*
|
*
|
||||||
* Attached to the {@see 'http_request_host_is_external'} filter.
|
* Attached to the {@see 'http_request_host_is_external'} filter.
|
||||||
*
|
*
|
||||||
|
@ -611,7 +611,8 @@ function allowed_http_request_hosts( $is_external, $host ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Whitelists any domain in a multisite installation for safe HTTP requests.
|
* Adds any domain in a multisite installation for safe HTTP requests to the
|
||||||
|
* allowed list.
|
||||||
*
|
*
|
||||||
* Attached to the {@see 'http_request_host_is_external'} filter.
|
* Attached to the {@see 'http_request_host_is_external'} filter.
|
||||||
*
|
*
|
||||||
|
|
|
@ -1720,13 +1720,14 @@ function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) {
|
||||||
* Callback for `wp_kses_bad_protocol_once()` regular expression.
|
* Callback for `wp_kses_bad_protocol_once()` regular expression.
|
||||||
*
|
*
|
||||||
* This function processes URL protocols, checks to see if they're in the
|
* This function processes URL protocols, checks to see if they're in the
|
||||||
* whitelist or not, and returns different data depending on the answer.
|
* list of allowed protocols or not, and returns different data depending
|
||||||
|
* on the answer.
|
||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
* @ignore
|
* @ignore
|
||||||
* @since 1.0.0
|
* @since 1.0.0
|
||||||
*
|
*
|
||||||
* @param string $string URI scheme to check against the whitelist.
|
* @param string $string URI scheme to check against the list of allowed protocols.
|
||||||
* @param string[] $allowed_protocols Array of allowed URL protocols.
|
* @param string[] $allowed_protocols Array of allowed URL protocols.
|
||||||
* @return string Sanitized content.
|
* @return string Sanitized content.
|
||||||
*/
|
*/
|
||||||
|
@ -1772,7 +1773,7 @@ function wp_kses_normalize_entities( $string, $context = 'html' ) {
|
||||||
// Disarm all entities by converting & to &
|
// Disarm all entities by converting & to &
|
||||||
$string = str_replace( '&', '&', $string );
|
$string = str_replace( '&', '&', $string );
|
||||||
|
|
||||||
// Change back the allowed entities in our entity whitelist.
|
// Change back the allowed entities in our list of allowed entities.
|
||||||
if ( 'xml' === $context ) {
|
if ( 'xml' === $context ) {
|
||||||
$string = preg_replace_callback( '/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_xml_named_entities', $string );
|
$string = preg_replace_callback( '/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_xml_named_entities', $string );
|
||||||
} else {
|
} else {
|
||||||
|
@ -1912,7 +1913,7 @@ function valid_unicode( $i ) {
|
||||||
*
|
*
|
||||||
* This function decodes numeric HTML entities (`A` and `A`).
|
* This function decodes numeric HTML entities (`A` and `A`).
|
||||||
* It doesn't do anything with named entities like `ä`, but we don't
|
* It doesn't do anything with named entities like `ä`, but we don't
|
||||||
* need them in the URL protocol whitelisting system anyway.
|
* need them in the allowed URL protocols system anyway.
|
||||||
*
|
*
|
||||||
* @since 1.0.0
|
* @since 1.0.0
|
||||||
*
|
*
|
||||||
|
|
|
@ -1396,19 +1396,19 @@ function get_registered_metadata( $object_type, $object_id, $meta_key = '' ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters out `register_meta()` args based on a whitelist.
|
* Filters out `register_meta()` args based on an allowed list.
|
||||||
*
|
*
|
||||||
* `register_meta()` args may change over time, so requiring the whitelist
|
* `register_meta()` args may change over time, so requiring the allowed list
|
||||||
* to be explicitly turned off is a warranty seal of sorts.
|
* to be explicitly turned off is a warranty seal of sorts.
|
||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
* @since 4.6.0
|
* @since 5.5.0
|
||||||
*
|
*
|
||||||
* @param array $args Arguments from `register_meta()`.
|
* @param array $args Arguments from `register_meta()`.
|
||||||
* @param array $default_args Default arguments for `register_meta()`.
|
* @param array $default_args Default arguments for `register_meta()`.
|
||||||
* @return array Filtered arguments.
|
* @return array Filtered arguments.
|
||||||
*/
|
*/
|
||||||
function _wp_register_meta_args_whitelist( $args, $default_args ) {
|
function _wp_register_meta_args_allowed_list( $args, $default_args ) {
|
||||||
return array_intersect_key( $args, $default_args );
|
return array_intersect_key( $args, $default_args );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -720,9 +720,9 @@ function update_blog_status( $blog_id, $pref, $value, $deprecated = null ) {
|
||||||
_deprecated_argument( __FUNCTION__, '3.1.0' );
|
_deprecated_argument( __FUNCTION__, '3.1.0' );
|
||||||
}
|
}
|
||||||
|
|
||||||
$pref_whitelist = array( 'site_id', 'domain', 'path', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
$allowed_field_names = array( 'site_id', 'domain', 'path', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
||||||
|
|
||||||
if ( ! in_array( $pref, $pref_whitelist, true ) ) {
|
if ( ! in_array( $pref, $allowed_field_names, true ) ) {
|
||||||
return $value;
|
return $value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -124,5 +124,5 @@ add_action( 'update_option_home', 'clean_site_details_cache', 10, 0 );
|
||||||
// If the network upgrade hasn't run yet, assume ms-files.php rewriting is used.
|
// If the network upgrade hasn't run yet, assume ms-files.php rewriting is used.
|
||||||
add_filter( 'default_site_option_ms_files_rewriting', '__return_true' );
|
add_filter( 'default_site_option_ms_files_rewriting', '__return_true' );
|
||||||
|
|
||||||
// Whitelist multisite domains for HTTP requests.
|
// Allow multisite domains for HTTP requests.
|
||||||
add_filter( 'http_request_host_is_external', 'ms_allowed_http_request_hosts', 20, 2 );
|
add_filter( 'http_request_host_is_external', 'ms_allowed_http_request_hosts', 20, 2 );
|
||||||
|
|
|
@ -441,7 +441,8 @@ function is_email_address_unsafe( $user_email ) {
|
||||||
* Sanitize and validate data required for a user sign-up.
|
* Sanitize and validate data required for a user sign-up.
|
||||||
*
|
*
|
||||||
* Verifies the validity and uniqueness of user names and user email addresses,
|
* Verifies the validity and uniqueness of user names and user email addresses,
|
||||||
* and checks email addresses against admin-provided domain whitelists and blacklists.
|
* and checks email addresses against allowed and disallowed domains provided by
|
||||||
|
* administrators.
|
||||||
*
|
*
|
||||||
* The {@see 'wpmu_validate_user_signup'} hook provides an easy way to modify the sign-up
|
* The {@see 'wpmu_validate_user_signup'} hook provides an easy way to modify the sign-up
|
||||||
* process. The value $result, which is passed to the hook, contains both the user-provided
|
* process. The value $result, which is passed to the hook, contains both the user-provided
|
||||||
|
@ -1358,7 +1359,7 @@ function wpmu_create_blog( $domain, $path, $title, $user_id, $options = array(),
|
||||||
wp_installing( true );
|
wp_installing( true );
|
||||||
}
|
}
|
||||||
|
|
||||||
$site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
$allowed_data_fields = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
||||||
|
|
||||||
$site_data = array_merge(
|
$site_data = array_merge(
|
||||||
array(
|
array(
|
||||||
|
@ -1366,14 +1367,14 @@ function wpmu_create_blog( $domain, $path, $title, $user_id, $options = array(),
|
||||||
'path' => $path,
|
'path' => $path,
|
||||||
'network_id' => $network_id,
|
'network_id' => $network_id,
|
||||||
),
|
),
|
||||||
array_intersect_key( $options, array_flip( $site_data_whitelist ) )
|
array_intersect_key( $options, array_flip( $allowed_data_fields ) )
|
||||||
);
|
);
|
||||||
|
|
||||||
// Data to pass to wp_initialize_site().
|
// Data to pass to wp_initialize_site().
|
||||||
$site_initialization_data = array(
|
$site_initialization_data = array(
|
||||||
'title' => $title,
|
'title' => $title,
|
||||||
'user_id' => $user_id,
|
'user_id' => $user_id,
|
||||||
'options' => array_diff_key( $options, array_flip( $site_data_whitelist ) ),
|
'options' => array_diff_key( $options, array_flip( $allowed_data_fields ) ),
|
||||||
);
|
);
|
||||||
|
|
||||||
$blog_id = wp_insert_site( array_merge( $site_data, $site_initialization_data ) );
|
$blog_id = wp_insert_site( array_merge( $site_data, $site_initialization_data ) );
|
||||||
|
@ -1840,12 +1841,12 @@ function get_most_recent_post_of_user( $user_id ) {
|
||||||
//
|
//
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check an array of MIME types against a whitelist.
|
* Check an array of MIME types against a list of allowed types.
|
||||||
*
|
*
|
||||||
* WordPress ships with a set of allowed upload filetypes,
|
* WordPress ships with a set of allowed upload filetypes,
|
||||||
* which is defined in wp-includes/functions.php in
|
* which is defined in wp-includes/functions.php in
|
||||||
* get_allowed_mime_types(). This function is used to filter
|
* get_allowed_mime_types(). This function is used to filter
|
||||||
* that list against the filetype whitelist provided by Multisite
|
* that list against the filetypes allowed provided by Multisite
|
||||||
* Super Admins at wp-admin/network/settings.php.
|
* Super Admins at wp-admin/network/settings.php.
|
||||||
*
|
*
|
||||||
* @since MU (3.0.0)
|
* @since MU (3.0.0)
|
||||||
|
|
|
@ -114,10 +114,10 @@ function wp_insert_site( array $data ) {
|
||||||
$meta['WPLANG'] = get_network_option( $new_site->network_id, 'WPLANG' );
|
$meta['WPLANG'] = get_network_option( $new_site->network_id, 'WPLANG' );
|
||||||
}
|
}
|
||||||
|
|
||||||
// Rebuild the data expected by the `wpmu_new_blog` hook prior to 5.1.0 using whitelisted keys.
|
// Rebuild the data expected by the `wpmu_new_blog` hook prior to 5.1.0 using allowed keys.
|
||||||
// The `$site_data_whitelist` matches the one used in `wpmu_create_blog()`.
|
// The `$allowed_data_fields` matches the one used in `wpmu_create_blog()`.
|
||||||
$site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
$allowed_data_fields = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
||||||
$meta = array_merge( array_intersect_key( $data, array_flip( $site_data_whitelist ) ), $meta );
|
$meta = array_merge( array_intersect_key( $data, array_flip( $allowed_data_fields ) ), $meta );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Fires immediately after a new site is created.
|
* Fires immediately after a new site is created.
|
||||||
|
@ -492,8 +492,8 @@ function wp_prepare_site_data( $data, $defaults, $old_site = null ) {
|
||||||
*/
|
*/
|
||||||
$data = apply_filters( 'wp_normalize_site_data', $data );
|
$data = apply_filters( 'wp_normalize_site_data', $data );
|
||||||
|
|
||||||
$whitelist = array( 'domain', 'path', 'network_id', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
$allowed_data_fields = array( 'domain', 'path', 'network_id', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
|
||||||
$data = array_intersect_key( wp_parse_args( $data, $defaults ), array_flip( $whitelist ) );
|
$data = array_intersect_key( wp_parse_args( $data, $defaults ), array_flip( $allowed_data_fields ) );
|
||||||
|
|
||||||
$errors = new WP_Error();
|
$errors = new WP_Error();
|
||||||
|
|
||||||
|
|
|
@ -2097,8 +2097,8 @@ function register_initial_settings() {
|
||||||
* @global array $new_whitelist_options
|
* @global array $new_whitelist_options
|
||||||
* @global array $wp_registered_settings
|
* @global array $wp_registered_settings
|
||||||
*
|
*
|
||||||
* @param string $option_group A settings group name. Should correspond to a whitelisted option key name.
|
* @param string $option_group A settings group name. Should correspond to an allowed option key name.
|
||||||
* Default whitelisted option key names include 'general', 'discussion', 'media',
|
* Default allowed option key names include 'general', 'discussion', 'media',
|
||||||
* 'reading', 'writing', 'misc', 'options', and 'privacy'.
|
* 'reading', 'writing', 'misc', 'options', and 'privacy'.
|
||||||
* @param string $option_name The name of an option to sanitize and save.
|
* @param string $option_name The name of an option to sanitize and save.
|
||||||
* @param array $args {
|
* @param array $args {
|
||||||
|
|
|
@ -1466,7 +1466,7 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
|
||||||
$wpp = parse_url( home_url() );
|
$wpp = parse_url( home_url() );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters the whitelist of hosts to redirect to.
|
* Filters the list of allowed hosts to redirect to.
|
||||||
*
|
*
|
||||||
* @since 2.3.0
|
* @since 2.3.0
|
||||||
*
|
*
|
||||||
|
|
|
@ -605,7 +605,7 @@ class WP_REST_Server {
|
||||||
$embedded = array();
|
$embedded = array();
|
||||||
|
|
||||||
foreach ( $data['_links'] as $rel => $links ) {
|
foreach ( $data['_links'] as $rel => $links ) {
|
||||||
// If a list of relations was specified, and the link relation is not in the whitelist, don't process the link.
|
// If a list of relations was specified, and the link relation is not in the list of allowed relations, don't process the link.
|
||||||
if ( is_array( $embed ) && ! in_array( $rel, $embed, true ) ) {
|
if ( is_array( $embed ) && ! in_array( $rel, $embed, true ) ) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
|
@ -251,7 +251,7 @@ class WP_REST_Settings_Controller extends WP_REST_Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Whitelist the supported types for settings, as we don't want invalid types
|
* Allow the supported types for settings, as we don't want invalid types
|
||||||
* to be updated with arbitrary values that we can't do decent sanitizing for.
|
* to be updated with arbitrary values that we can't do decent sanitizing for.
|
||||||
*/
|
*/
|
||||||
if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'integer', 'string', 'boolean', 'array', 'object' ), true ) ) {
|
if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'integer', 'string', 'boolean', 'array', 'object' ), true ) ) {
|
||||||
|
@ -304,7 +304,7 @@ class WP_REST_Settings_Controller extends WP_REST_Controller {
|
||||||
*
|
*
|
||||||
* By default, the schema of settings will throw an error if a value is set to
|
* By default, the schema of settings will throw an error if a value is set to
|
||||||
* `null` as it's not a valid value for something like "type => string". We
|
* `null` as it's not a valid value for something like "type => string". We
|
||||||
* provide a wrapper sanitizer to whitelist the use of `null`.
|
* provide a wrapper sanitizer to allow the use of `null`.
|
||||||
*
|
*
|
||||||
* @since 4.7.0
|
* @since 4.7.0
|
||||||
*
|
*
|
||||||
|
|
|
@ -1064,7 +1064,7 @@ function wp_default_scripts( $scripts ) {
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 );
|
$scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'wp-deprecated', 'zxcvbn-async' ), false, 1 );
|
||||||
did_action( 'init' ) && $scripts->localize(
|
did_action( 'init' ) && $scripts->localize(
|
||||||
'password-strength-meter',
|
'password-strength-meter',
|
||||||
'pwsL10n',
|
'pwsL10n',
|
||||||
|
@ -1077,6 +1077,7 @@ function wp_default_scripts( $scripts ) {
|
||||||
'mismatch' => _x( 'Mismatch', 'password mismatch' ),
|
'mismatch' => _x( 'Mismatch', 'password mismatch' ),
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
$scripts->set_translations( 'password-strength-meter' );
|
||||||
|
|
||||||
$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter', 'wp-util' ), false, 1 );
|
$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter', 'wp-util' ), false, 1 );
|
||||||
did_action( 'init' ) && $scripts->localize(
|
did_action( 'init' ) && $scripts->localize(
|
||||||
|
|
|
@ -376,8 +376,8 @@ abstract class ParagonIE_Sodium_Core_Ed25519 extends ParagonIE_Sodium_Core_Curve
|
||||||
*/
|
*/
|
||||||
public static function small_order($R)
|
public static function small_order($R)
|
||||||
{
|
{
|
||||||
/** @var array<int, array<int, int>> $blacklist */
|
/** @var array<int, array<int, int>> $blocklist */
|
||||||
$blacklist = array(
|
$blocklist = array(
|
||||||
/* 0 (order 4) */
|
/* 0 (order 4) */
|
||||||
array(
|
array(
|
||||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
@ -463,13 +463,13 @@ abstract class ParagonIE_Sodium_Core_Ed25519 extends ParagonIE_Sodium_Core_Curve
|
||||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
/** @var int $countBlacklist */
|
/** @var int $countBlocklist */
|
||||||
$countBlacklist = count($blacklist);
|
$countBlocklist = count($blocklist);
|
||||||
|
|
||||||
for ($i = 0; $i < $countBlacklist; ++$i) {
|
for ($i = 0; $i < $countBlocklist; ++$i) {
|
||||||
$c = 0;
|
$c = 0;
|
||||||
for ($j = 0; $j < 32; ++$j) {
|
for ($j = 0; $j < 32; ++$j) {
|
||||||
$c |= self::chrToInt($R[$j]) ^ (int) $blacklist[$i][$j];
|
$c |= self::chrToInt($R[$j]) ^ (int) $blocklist[$i][$j];
|
||||||
}
|
}
|
||||||
if ($c === 0) {
|
if ($c === 0) {
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -378,7 +378,7 @@ abstract class ParagonIE_Sodium_Core32_Ed25519 extends ParagonIE_Sodium_Core32_C
|
||||||
*/
|
*/
|
||||||
public static function small_order($R)
|
public static function small_order($R)
|
||||||
{
|
{
|
||||||
static $blacklist = array(
|
static $blocklist = array(
|
||||||
/* 0 (order 4) */
|
/* 0 (order 4) */
|
||||||
array(
|
array(
|
||||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
@ -464,13 +464,13 @@ abstract class ParagonIE_Sodium_Core32_Ed25519 extends ParagonIE_Sodium_Core32_C
|
||||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
/** @var array<int, array<int, int>> $blacklist */
|
/** @var array<int, array<int, int>> $blocklist */
|
||||||
$countBlacklist = count($blacklist);
|
$countBlocklist = count($blocklist);
|
||||||
|
|
||||||
for ($i = 0; $i < $countBlacklist; ++$i) {
|
for ($i = 0; $i < $countBlocklist; ++$i) {
|
||||||
$c = 0;
|
$c = 0;
|
||||||
for ($j = 0; $j < 32; ++$j) {
|
for ($j = 0; $j < 32; ++$j) {
|
||||||
$c |= self::chrToInt($R[$j]) ^ $blacklist[$i][$j];
|
$c |= self::chrToInt($R[$j]) ^ $blocklist[$i][$j];
|
||||||
}
|
}
|
||||||
if ($c === 0) {
|
if ($c === 0) {
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -2823,7 +2823,7 @@ function get_theme_support( $feature, ...$args ) {
|
||||||
* @return bool|void Whether feature was removed.
|
* @return bool|void Whether feature was removed.
|
||||||
*/
|
*/
|
||||||
function remove_theme_support( $feature ) {
|
function remove_theme_support( $feature ) {
|
||||||
// Blacklist: for internal registrations not used directly by themes.
|
// Do not remove internal registrations that are not used directly by themes.
|
||||||
if ( in_array( $feature, array( 'editor-style', 'widgets', 'menus' ), true ) ) {
|
if ( in_array( $feature, array( 'editor-style', 'widgets', 'menus' ), true ) ) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -2832,11 +2832,11 @@ function remove_theme_support( $feature ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Do not use. Removes theme support internally, ignorant of the blacklist.
|
* Do not use. Removes theme support internally without knowledge of those not used by
|
||||||
|
* themes directly.
|
||||||
*
|
*
|
||||||
* @access private
|
* @access private
|
||||||
* @since 3.1.0
|
* @since 3.1.0
|
||||||
*
|
|
||||||
* @global array $_wp_theme_features
|
* @global array $_wp_theme_features
|
||||||
* @global Custom_Image_Header $custom_image_header
|
* @global Custom_Image_Header $custom_image_header
|
||||||
* @global Custom_Background $custom_background
|
* @global Custom_Background $custom_background
|
||||||
|
|
|
@ -1593,11 +1593,11 @@ function wp_insert_user( $userdata ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters the list of blacklisted usernames.
|
* Filters the list of disallowed usernames.
|
||||||
*
|
*
|
||||||
* @since 4.4.0
|
* @since 4.4.0
|
||||||
*
|
*
|
||||||
* @param array $usernames Array of blacklisted usernames.
|
* @param array $usernames Array of disallowed usernames.
|
||||||
*/
|
*/
|
||||||
$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
|
$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
|
||||||
|
|
||||||
|
|
|
@ -13,14 +13,14 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '5.5-alpha-48120';
|
$wp_version = '5.5-alpha-48121';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
*
|
*
|
||||||
* @global int $wp_db_version
|
* @global int $wp_db_version
|
||||||
*/
|
*/
|
||||||
$wp_db_version = 48072;
|
$wp_db_version = 48121;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the TinyMCE version.
|
* Holds the TinyMCE version.
|
||||||
|
|
|
@ -1282,7 +1282,7 @@ function retrieve_widgets( $theme_changed = false ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Compares a list of sidebars with their widgets against a whitelist.
|
* Compares a list of sidebars with their widgets against an allowed list.
|
||||||
*
|
*
|
||||||
* @since 4.9.0
|
* @since 4.9.0
|
||||||
* @since 4.9.2 Always tries to restore widget assignments from previous data, not just if sidebars needed mapping.
|
* @since 4.9.2 Always tries to restore widget assignments from previous data, not just if sidebars needed mapping.
|
||||||
|
@ -1457,22 +1457,22 @@ function wp_map_sidebars_widgets( $existing_sidebars_widgets ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Compares a list of sidebars with their widgets against a whitelist.
|
* Compares a list of sidebars with their widgets against an allowed list.
|
||||||
*
|
*
|
||||||
* @since 4.9.0
|
* @since 4.9.0
|
||||||
*
|
*
|
||||||
* @param array $sidebars_widgets List of sidebars and their widget instance IDs.
|
* @param array $sidebars_widgets List of sidebars and their widget instance IDs.
|
||||||
* @param array $whitelist Optional. List of widget IDs to compare against. Default: Registered widgets.
|
* @param array $allowed_widget_ids Optional. List of widget IDs to compare against. Default: Registered widgets.
|
||||||
* @return array Sidebars with whitelisted widgets.
|
* @return array Sidebars with allowed widgets.
|
||||||
*/
|
*/
|
||||||
function _wp_remove_unregistered_widgets( $sidebars_widgets, $whitelist = array() ) {
|
function _wp_remove_unregistered_widgets( $sidebars_widgets, $allowed_widget_ids = array() ) {
|
||||||
if ( empty( $whitelist ) ) {
|
if ( empty( $allowed_widget_ids ) ) {
|
||||||
$whitelist = array_keys( $GLOBALS['wp_registered_widgets'] );
|
$allowed_widget_ids = array_keys( $GLOBALS['wp_registered_widgets'] );
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ( $sidebars_widgets as $sidebar => $widgets ) {
|
foreach ( $sidebars_widgets as $sidebar => $widgets ) {
|
||||||
if ( is_array( $widgets ) ) {
|
if ( is_array( $widgets ) ) {
|
||||||
$sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $whitelist );
|
$sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $allowed_widget_ids );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue