General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.

“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.” With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434). Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase. Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort. Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam. See #48900, #50434. Fixes #50413. Built from https://develop.svn.wordpress.org/trunk@48121 git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00 · 2020-06-22 17:26:13 +00:00 · 4b60af1a6a
parent 7dbc898342
commit 4b60af1a6a
46 changed files with 322 additions and 180 deletions
--- a/wp-admin/includes/admin-filters.php
+++ b/wp-admin/includes/admin-filters.php
@ -74,7 +74,7 @@ add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' );
 add_action( 'admin_head-nav-menus.php', '_wp_delete_orphaned_draft_menu_items' );

 // Plugin hooks.
-add_filter( 'whitelist_options', 'option_update_filter' );
+add_filter( 'allowed_options', 'option_update_filter' );

 // Plugin Install hooks.
 add_action( 'install_plugins_featured', 'install_dashboard' );
--- a/wp-admin/includes/class-wp-plugins-list-table.php
+++ b/wp-admin/includes/class-wp-plugins-list-table.php
@ -47,10 +47,10 @@ class WP_Plugins_List_Table extends WP_List_Table {
 			)
 		);

-		$status_whitelist = array( 'active', 'inactive', 'recently_activated', 'upgrade', 'mustuse', 'dropins', 'search', 'paused', 'auto-update-enabled', 'auto-update-disabled' );
+		$allowed_statuses = array( 'active', 'inactive', 'recently_activated', 'upgrade', 'mustuse', 'dropins', 'search', 'paused', 'auto-update-enabled', 'auto-update-disabled' );

 		$status = 'all';
-		if ( isset( $_REQUEST['plugin_status'] ) && in_array( $_REQUEST['plugin_status'], $status_whitelist, true ) ) {
+		if ( isset( $_REQUEST['plugin_status'] ) && in_array( $_REQUEST['plugin_status'], $allowed_statuses, true ) ) {
 			$status = $_REQUEST['plugin_status'];
 		}

--- a/wp-admin/includes/class-wp-site-health.php
+++ b/wp-admin/includes/class-wp-site-health.php
@ -1776,8 +1776,9 @@ class WP_Site_Health {
 	/**
 	 * Test if HTTP requests are blocked.
 	 *
-	 * It's possible to block all outgoing communication (with the possibility of whitelisting hosts) via the
-	 * HTTP API. This may create problems for users as many features are running as services these days.
+	 * It's possible to block all outgoing communication (with the possibility of allowing certain
+	 * hosts) via the HTTP API. This may create problems for users as many features are running as
+	 * services these days.
 	 *
 	 * @since 5.2.0
 	 *
@ -1833,8 +1834,8 @@ class WP_Site_Health {
 			$result['description'] .= sprintf(
 				'<p>%s</p>',
 				sprintf(
-					/* translators: 1: Name of the constant used. 2: List of hostnames whitelisted. */
-					__( 'HTTP requests have been blocked by the %1$s constant, with some hosts whitelisted: %2$s.' ),
+					/* translators: 1: Name of the constant used. 2: List of allowed hostnames. */
+					__( 'HTTP requests have been blocked by the %1$s constant, with some allowed hosts: %2$s.' ),
 					'<code>WP_HTTP_BLOCK_EXTERNAL</code>',
 					implode( ',', $hosts )
 				)
--- a/wp-admin/includes/deprecated.php
+++ b/wp-admin/includes/deprecated.php
@ -159,8 +159,8 @@ function wp_dropdown_cats( $currentcat = 0, $currentparent = 0, $parent = 0, $le
 * @deprecated 3.0.0 Use register_setting()
 * @see register_setting()
 *
- * @param string $option_group A settings group name. Should correspond to a whitelisted option key name.
- *                             Default whitelisted option key names include 'general', 'discussion', 'media',
+ * @param string $option_group A settings group name. Should correspond to an allowed option key name.
+ *                             Default allowed option key names include 'general', 'discussion', 'media',
 *                             'reading', 'writing', 'misc', 'options', and 'privacy'.
 * @param string $option_name The name of an option to sanitize and save.
 * @param callable $sanitize_callback A callback function that sanitizes the option's value.
--- a/wp-admin/includes/plugin.php
+++ b/wp-admin/includes/plugin.php
@ -2136,12 +2136,12 @@ function user_can_access_admin_page() {
 	return true;
 }

-/* Whitelist functions */
+/* Allowed list functions */

 /**
- * Refreshes the value of the options whitelist available via the 'whitelist_options' hook.
+ * Refreshes the value of the allowed options list available via the 'allowed_options' hook.
 *
- * See the {@see 'whitelist_options'} filter.
+ * See the {@see 'allowed_options'} filter.
 *
 * @since 2.7.0
 *
@ -2154,77 +2154,77 @@ function option_update_filter( $options ) {
 	global $new_whitelist_options;

 	if ( is_array( $new_whitelist_options ) ) {
-		$options = add_option_whitelist( $new_whitelist_options, $options );
+		$options = add_option_allowed_list( $new_whitelist_options, $options );
 	}

 	return $options;
 }

 /**
- * Adds an array of options to the options whitelist.
+ * Adds an array of options to the list of allowed options.
 *
 * @since 2.7.0
 *
- * @global array $whitelist_options
+ * @global array $allowed_options
 *
 * @param array        $new_options
 * @param string|array $options
 * @return array
 */
-function add_option_whitelist( $new_options, $options = '' ) {
+function add_option_allowed_list( $new_options, $options = '' ) {
 	if ( '' === $options ) {
-		global $whitelist_options;
+		global $allowed_options;
 	} else {
-		$whitelist_options = $options;
+		$allowed_options = $options;
 	}

 	foreach ( $new_options as $page => $keys ) {
 		foreach ( $keys as $key ) {
-			if ( ! isset( $whitelist_options[ $page ] ) || ! is_array( $whitelist_options[ $page ] ) ) {
-				$whitelist_options[ $page ]   = array();
-				$whitelist_options[ $page ][] = $key;
+			if ( ! isset( $allowed_options[ $page ] ) || ! is_array( $allowed_options[ $page ] ) ) {
+				$allowed_options[ $page ]   = array();
+				$allowed_options[ $page ][] = $key;
 			} else {
-				$pos = array_search( $key, $whitelist_options[ $page ], true );
+				$pos = array_search( $key, $allowed_options[ $page ], true );
 				if ( false === $pos ) {
-					$whitelist_options[ $page ][] = $key;
+					$allowed_options[ $page ][] = $key;
 				}
 			}
 		}
 	}

-	return $whitelist_options;
+	return $allowed_options;
 }

 /**
- * Removes a list of options from the options whitelist.
+ * Removes a list of options from the allowed options list.
 *
- * @since 2.7.0
+ * @since 5.5.0
 *
- * @global array $whitelist_options
+ * @global array $allowed_options
 *
 * @param array        $del_options
 * @param string|array $options
 * @return array
 */
-function remove_option_whitelist( $del_options, $options = '' ) {
+function remove_option_allowed_list( $del_options, $options = '' ) {
 	if ( '' === $options ) {
-		global $whitelist_options;
+		global $allowed_options;
 	} else {
-		$whitelist_options = $options;
+		$allowed_options = $options;
 	}

 	foreach ( $del_options as $page => $keys ) {
 		foreach ( $keys as $key ) {
-			if ( isset( $whitelist_options[ $page ] ) && is_array( $whitelist_options[ $page ] ) ) {
-				$pos = array_search( $key, $whitelist_options[ $page ], true );
+			if ( isset( $allowed_options[ $page ] ) && is_array( $allowed_options[ $page ] ) ) {
+				$pos = array_search( $key, $allowed_options[ $page ], true );
 				if ( false !== $pos ) {
-					unset( $whitelist_options[ $page ][ $pos ] );
+					unset( $allowed_options[ $page ][ $pos ] );
 				}
 			}
 		}
 	}

-	return $whitelist_options;
+	return $allowed_options;
 }

 /**
--- a/wp-admin/includes/schema.php
+++ b/wp-admin/includes/schema.php
@ -446,8 +446,6 @@ function populate_options( array $options = array() ) {
 		'recently_edited'                 => '',
 		'template'                        => $template,
 		'stylesheet'                      => $stylesheet,
-		'comment_whitelist'               => 1,
-		'blacklist_keys'                  => '',
 		'comment_registration'            => 0,
 		'html_type'                       => 'text/html',

@ -532,6 +530,10 @@ function populate_options( array $options = array() ) {

 		// 5.3.0
 		'admin_email_lifespan'            => ( time() + 6 * MONTH_IN_SECONDS ),
+
+		// 5.5.0
+		'blocklist_keys'                  => '',
+		'comment_previously_approved'     => 1,
 	);

 	// 3.3.0
@ -550,7 +552,7 @@ function populate_options( array $options = array() ) {
 	$options = wp_parse_args( $options, $defaults );

 	// Set autoload to no for these options.
-	$fat_options = array( 'moderation_keys', 'recently_edited', 'blacklist_keys', 'uninstall_plugins' );
+	$fat_options = array( 'moderation_keys', 'recently_edited', 'blocklist_keys', 'uninstall_plugins' );

 	$keys             = "'" . implode( "', '", array_keys( $options ) ) . "'";
 	$existing_options = $wpdb->get_col( "SELECT option_name FROM $wpdb->options WHERE option_name in ( $keys )" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
@ -1140,7 +1142,7 @@ function populate_network_meta( $network_id, array $meta = array() ) {
 		$allowed_themes[ WP_DEFAULT_THEME ] = true;
 	}

-	// If WP_DEFAULT_THEME doesn't exist, also whitelist the latest core default theme.
+	// If WP_DEFAULT_THEME doesn't exist, also include the latest core default theme.
 	if ( ! wp_get_theme( WP_DEFAULT_THEME )->exists() ) {
 		$core_default = WP_Theme::get_core_default_theme();
 		if ( $core_default ) {
--- a/wp-admin/includes/upgrade.php
+++ b/wp-admin/includes/upgrade.php
@ -835,7 +835,7 @@ function upgrade_all() {
 		upgrade_530();
 	}

-	if ( $wp_current_db_version < 47597 ) {
+	if ( $wp_current_db_version < 48082 ) {
 		upgrade_550();
 	}

@ -2168,6 +2168,15 @@ function upgrade_530() {
 function upgrade_550() {
 	update_option( 'finished_updating_comment_type', 0 );
 	wp_schedule_single_event( time() + ( 1 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' );
+
+	// Use more clear and inclusive language.
+	$blocklist = get_option( 'blacklist_keys', '' );
+	update_option( 'blocklist_keys', $blocklist );
+	delete_option( 'blacklist_keys' );
+
+	$comment_previously_approved = get_option( 'comment_whitelist', '' );
+	update_option( 'comment_previously_approved', $comment_previously_approved );
+	delete_option( 'comment_whitelist' );
 }

 /**
--- a/wp-admin/js/password-strength-meter.js
+++ b/wp-admin/js/password-strength-meter.js
@ -23,15 +23,15 @@ window.wp = window.wp || {};
 		 * @since 3.7.0
 		 *
 		 * @param {string} password1       The subject password.
-		 * @param {Array}  blacklist An array of words that will lower the entropy of
+		 * @param {Array}  disallowedList An array of words that will lower the entropy of
 		 *                                 the password.
 		 * @param {string} password2       The password confirmation.
 		 *
 		 * @return {number} The password strength score.
 		 */
-		meter : function( password1, blacklist, password2 ) {
-			if ( ! $.isArray( blacklist ) )
-				blacklist = [ blacklist.toString() ];
+		meter : function( password1, disallowedList, password2 ) {
+			if ( ! $.isArray( disallowedList ) )
+				disallowedList = [ disallowedList.toString() ];

 			if (password1 != password2 && password2 && password2.length > 0)
 				return 5;
@ -41,7 +41,7 @@ window.wp = window.wp || {};
 				return -1;
 			}

-			var result = zxcvbn( password1, blacklist );
+			var result = zxcvbn( password1, disallowedList );
 			return result.score;
 		},

@ -49,20 +49,43 @@ window.wp = window.wp || {};
 		 * Builds an array of words that should be penalized.
 		 *
 		 * Certain words need to be penalized because it would lower the entropy of a
-		 * password if they were used. The blacklist is based on user input fields such
+		 * password if they were used. The disallowedList is based on user input fields such
 		 * as username, first name, email etc.
 		 *
 		 * @since 3.7.0
+		 * @deprecated 5.5.0 Use {@see 'userInputBlockList()'} instead.
 		 *
-		 * @return {string[]} The array of words to be blacklisted.
+		 * @return {string[]} The array of words to be disallowed.
 		 */
 		userInputBlacklist : function() {
+			wp.deprecated( 'wp.passwordStrength.userInputBlacklist()', {
+				version: '5.5.0',
+				alternative: 'wp.passwordStrength.userInputDisallowedList()',
+				plugin: 'WordPress',
+				hint: wp.i18n.__( 'Please consider writing more inclusive code.' )
+			} );
+
+			return wp.passwordStrength.userInputDisallowedList();
+		},
+
+		/**
+		 * Builds an array of words that should be penalized.
+		 *
+		 * Certain words need to be penalized because it would lower the entropy of a
+		 * password if they were used. The disallowed list is based on user input fields such
+		 * as username, first name, email etc.
+		 *
+		 * @since 5.5.0
+		 *
+		 * @return {string[]} The array of words to be disallowed.
+		 */
+		userInputDisallowedList : function() {
 			var i, userInputFieldsLength, rawValuesLength, currentField,
 				rawValues       = [],
-				blacklist       = [],
+				disallowedList  = [],
 				userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];

-			// Collect all the strings we want to blacklist.
+			// Collect all the strings we want to disallow.
 			rawValues.push( document.title );
 			rawValues.push( document.URL );

@ -85,7 +108,7 @@ window.wp = window.wp || {};
 			rawValuesLength = rawValues.length;
 			for ( i = 0; i < rawValuesLength; i++ ) {
 				if ( rawValues[ i ] ) {
-					blacklist = blacklist.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
+					disallowedList = disallowedList.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
 				}
 			}

@ -93,15 +116,15 @@ window.wp = window.wp || {};
 			 * Remove empty values, short words and duplicates. Short words are likely to
 			 * cause many false positives.
 			 */
-			blacklist = $.grep( blacklist, function( value, key ) {
+			disallowedList = $.grep( disallowedList, function( value, key ) {
 				if ( '' === value || 4 > value.length ) {
 					return false;
 				}

-				return $.inArray( value, blacklist ) === key;
+				return $.inArray( value, disallowedList ) === key;
 			});

-			return blacklist;
+			return disallowedList;
 		}
 	};

--- a/wp-admin/js/password-strength-meter.min.js
+++ b/wp-admin/js/password-strength-meter.min.js
@ -1,2 +1,2 @@
 /*! This file is auto-generated */
-window.wp=window.wp||{},function(l){wp.passwordStrength={meter:function(n,e,t){return l.isArray(e)||(e=[e.toString()]),n!=t&&t&&0<t.length?5:void 0===window.zxcvbn?-1:zxcvbn(n,e).score},userInputBlacklist:function(){var n,e,t,r,i=[],o=[],a=["user_login","first_name","last_name","nickname","display_name","email","url","description","weblog_title","admin_email"];for(i.push(document.title),i.push(document.URL),e=a.length,n=0;n<e;n++)0!==(r=l("#"+a[n])).length&&(i.push(r[0].defaultValue),i.push(r.val()));for(t=i.length,n=0;n<t;n++)i[n]&&(o=o.concat(i[n].replace(/\W/g," ").split(" ")));return o=l.grep(o,function(n,e){return!(""===n||n.length<4)&&l.inArray(n,o)===e})}},window.passwordStrength=wp.passwordStrength.meter}(jQuery);
+window.wp=window.wp||{},function(l){wp.passwordStrength={meter:function(e,n,t){return l.isArray(n)||(n=[n.toString()]),e!=t&&t&&0<t.length?5:void 0===window.zxcvbn?-1:zxcvbn(e,n).score},userInputBlacklist:function(){return wp.deprecated("wp.passwordStrength.userInputBlacklist()",{version:"5.5.0",alternative:"wp.passwordStrength.userInputDisallowedList()",plugin:"WordPress",hint:wp.i18n.__("Please consider writing more inclusive code.")}),wp.passwordStrength.userInputDisallowedList()},userInputDisallowedList:function(){var e,n,t,r,i=[],s=[],o=["user_login","first_name","last_name","nickname","display_name","email","url","description","weblog_title","admin_email"];for(i.push(document.title),i.push(document.URL),n=o.length,e=0;e<n;e++)0!==(r=l("#"+o[e])).length&&(i.push(r[0].defaultValue),i.push(r.val()));for(t=i.length,e=0;e<t;e++)i[e]&&(s=s.concat(i[e].replace(/\W/g," ").split(" ")));return s=l.grep(s,function(e,n){return!(""===e||e.length<4)&&l.inArray(e,s)===n})}},window.passwordStrength=wp.passwordStrength.meter}(jQuery);
--- a/wp-admin/js/user-profile.js
+++ b/wp-admin/js/user-profile.js
@ -220,7 +220,7 @@
 			return;
 		}

-		strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputBlacklist(), pass1 );
+		strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputDisallowedList(), pass1 );

 		switch ( strength ) {
 			case -1:
--- a/wp-admin/js/user-profile.min.js
+++ b/wp-admin/js/user-profile.min.js
--- a/wp-admin/options-discussion.php
+++ b/wp-admin/options-discussion.php
@ -181,7 +181,7 @@ printf( __( 'Comments should be displayed with the %s comments at the top of eac
 <input name="comment_moderation" type="checkbox" id="comment_moderation" value="1" <?php checked( '1', get_option( 'comment_moderation' ) ); ?> />
 <?php _e( 'Comment must be manually approved' ); ?> </label>
 <br />
-<label for="comment_whitelist"><input type="checkbox" name="comment_whitelist" id="comment_whitelist" value="1" <?php checked( '1', get_option( 'comment_whitelist' ) ); ?> /> <?php _e( 'Comment author must have a previously approved comment' ); ?></label>
+<label for="comment_previously_approved"><input type="checkbox" name="comment_previously_approved" id="comment_previously_approved" value="1" <?php checked( '1', get_option( 'comment_previously_approved' ) ); ?> /> <?php _e( 'Comment author must have a previously approved comment' ); ?></label>
 </fieldset></td>
 </tr>
 <tr>
@ -206,9 +206,9 @@ printf(
 <tr>
 <th scope="row"><?php _e( 'Comment Blocklist' ); ?></th>
 <td><fieldset><legend class="screen-reader-text"><span><?php _e( 'Comment Blocklist' ); ?></span></legend>
-<p><label for="blacklist_keys"><?php _e( 'When a comment contains any of these words in its content, author name, URL, email, IP address, or browser&#8217;s user agent string, it will be put in the Trash. One word or IP address per line. It will match inside words, so &#8220;press&#8221; will match &#8220;WordPress&#8221;.' ); ?></label></p>
+<p><label for="blocklist_keys"><?php _e( 'When a comment contains any of these words in its content, author name, URL, email, IP address, or browser&#8217;s user agent string, it will be put in the Trash. One word or IP address per line. It will match inside words, so &#8220;press&#8221; will match &#8220;WordPress&#8221;.' ); ?></label></p>
 <p>
-<textarea name="blacklist_keys" rows="10" cols="50" id="blacklist_keys" class="large-text code"><?php echo esc_textarea( get_option( 'blacklist_keys' ) ); ?></textarea>
+<textarea name="blocklist_keys" rows="10" cols="50" id="blocklist_keys" class="large-text code"><?php echo esc_textarea( get_option( 'blocklist_keys' ) ); ?></textarea>
 </p>
 </fieldset></td>
 </tr>
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@ -80,7 +80,7 @@ if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update
 	);
 }

-$whitelist_options            = array(
+$allowed_options            = array(
 	'general'    => array(
 		'blogname',
 		'blogdescription',
@ -100,10 +100,10 @@ $whitelist_options            = array(
 		'moderation_notify',
 		'comment_moderation',
 		'require_name_email',
-		'comment_whitelist',
+		'comment_previously_approved',
 		'comment_max_links',
 		'moderation_keys',
-		'blacklist_keys',
+		'blocklist_keys',
 		'show_avatars',
 		'avatar_rating',
 		'avatar_default',
@ -146,36 +146,36 @@ $whitelist_options            = array(
 		'default_post_format',
 	),
 );
-$whitelist_options['misc']    = array();
-$whitelist_options['options'] = array();
-$whitelist_options['privacy'] = array();
+$allowed_options['misc']    = array();
+$allowed_options['options'] = array();
+$allowed_options['privacy'] = array();

 $mail_options = array( 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass' );

 if ( ! in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ), true ) ) {
-	$whitelist_options['reading'][] = 'blog_charset';
+	$allowed_options['reading'][] = 'blog_charset';
 }

 if ( get_site_option( 'initial_db_version' ) < 32453 ) {
-	$whitelist_options['writing'][] = 'use_smilies';
-	$whitelist_options['writing'][] = 'use_balanceTags';
+	$allowed_options['writing'][] = 'use_smilies';
+	$allowed_options['writing'][] = 'use_balanceTags';
 }

 if ( ! is_multisite() ) {
 	if ( ! defined( 'WP_SITEURL' ) ) {
-		$whitelist_options['general'][] = 'siteurl';
+		$allowed_options['general'][] = 'siteurl';
 	}
 	if ( ! defined( 'WP_HOME' ) ) {
-		$whitelist_options['general'][] = 'home';
+		$allowed_options['general'][] = 'home';
 	}

-	$whitelist_options['general'][] = 'users_can_register';
-	$whitelist_options['general'][] = 'default_role';
+	$allowed_options['general'][] = 'users_can_register';
+	$allowed_options['general'][] = 'default_role';

-	$whitelist_options['writing']   = array_merge( $whitelist_options['writing'], $mail_options );
-	$whitelist_options['writing'][] = 'ping_sites';
+	$allowed_options['writing']   = array_merge( $allowed_options['writing'], $mail_options );
+	$allowed_options['writing'][] = 'ping_sites';

-	$whitelist_options['media'][] = 'uploads_use_yearmonth_folders';
+	$allowed_options['media'][] = 'uploads_use_yearmonth_folders';

 	/*
 	 * If upload_url_path is not the default (empty),
@ -183,8 +183,8 @@ if ( ! is_multisite() ) {
 	 * they can be edited, otherwise they're locked.
 	 */
 	if ( get_option( 'upload_url_path' ) || ( get_option( 'upload_path' ) != 'wp-content/uploads' && get_option( 'upload_path' ) ) ) {
-		$whitelist_options['media'][] = 'upload_path';
-		$whitelist_options['media'][] = 'upload_url_path';
+		$allowed_options['media'][] = 'upload_path';
+		$allowed_options['media'][] = 'upload_url_path';
 	}
 } else {
 	/**
@ -195,18 +195,28 @@ if ( ! is_multisite() ) {
 	 * @param bool $enabled Whether post-by-email configuration is enabled. Default true.
 	 */
 	if ( apply_filters( 'enable_post_by_email_configuration', true ) ) {
-		$whitelist_options['writing'] = array_merge( $whitelist_options['writing'], $mail_options );
+		$allowed_options['writing'] = array_merge( $allowed_options['writing'], $mail_options );
 	}
 }

 /**
- * Filters the options whitelist.
+ * Filters the allowed options list.
 *
 * @since 2.7.0
+ * @deprecated 5.5.0 Use {@see 'allowed_options'} instead.
 *
- * @param array $whitelist_options The options whitelist.
+ * @param array $allowed_options The allowed options list.
 */
-$whitelist_options = apply_filters( 'whitelist_options', $whitelist_options );
+$allowed_options = apply_filters_deprecated( 'whitelist_options', array( $allowed_options ), '5.5.0', 'apply_filters_deprecated', __( 'Please consider writing more inclusive code.' ) );
+
+/**
+ * Filters the allowed options list.
+ *
+ * @since 5.5.0
+ *
+ * @param array $allowed_options The allowed options list.
+ */
+$allowed_options = apply_filters( 'allowed_options', $allowed_options );

 if ( 'update' === $action ) { // We are saving settings sent from a settings page.
 	if ( 'options' === $option_page && ! isset( $_POST['option_page'] ) ) { // This is for back compat and will eventually be removed.
@ -217,11 +227,11 @@ if ( 'update' === $action ) { // We are saving settings sent from a settings pag
 		check_admin_referer( $option_page . '-options' );
 	}

-	if ( ! isset( $whitelist_options[ $option_page ] ) ) {
+	if ( ! isset( $allowed_options[ $option_page ] ) ) {
 		wp_die(
 			sprintf(
 				/* translators: %s: The options page name. */
-				__( '<strong>Error</strong>: Options page %s not found in the options whitelist.' ),
+				__( '<strong>Error</strong>: Options page %s not found in the allowed options list.' ),
 				'<code>' . esc_html( $option_page ) . '</code>'
 			)
 		);
@ -233,7 +243,7 @@ if ( 'update' === $action ) { // We are saving settings sent from a settings pag
 		}
 		$options = explode( ',', wp_unslash( $_POST['page_options'] ) );
 	} else {
-		$options = $whitelist_options[ $option_page ];
+		$options = $allowed_options[ $option_page ];
 	}

 	if ( 'general' === $option_page ) {
--- a/wp-content/themes/twentyfourteen/inc/featured-content.php
+++ b/wp-content/themes/twentyfourteen/inc/featured-content.php
@ -233,7 +233,7 @@ class Featured_Content {
 			return;
 		}

-		// We need to respect post IDs already in the blacklist.
+		// We need to respect post IDs already in the exclude list.
 		$post__not_in = $query->get( 'post__not_in' );

 		if ( ! empty( $post__not_in ) ) {
--- a/wp-content/themes/twentynineteen/package.json
+++ b/wp-content/themes/twentynineteen/package.json
@ -20,7 +20,6 @@
    "options": {
      "autoRename": false,
      "autoRenameStrict": false,
-      "blacklist": {},
      "clean": true,
      "greedy": false,
      "processUrls": false,
--- a/wp-content/themes/twentytwenty/package.json
+++ b/wp-content/themes/twentytwenty/package.json
@ -33,7 +33,6 @@
 		"options": {
 			"autoRename": false,
 			"autoRenameStrict": false,
-			"blacklist": {},
 			"clean": true,
 			"greedy": false,
 			"processUrls": false,
--- a/wp-includes/Requests/SSL.php
+++ b/wp-includes/Requests/SSL.php
@ -125,7 +125,7 @@ class Requests_SSL {
 	 * @return boolean Does the domain match?
 	 */
 	public static function match_domain($host, $reference) {
-		// Check if the reference is blacklisted first
+		// Check if the reference is blocklisted first
 		if (self::verify_reference_name($reference) !== true) {
 			return false;
 		}
--- a/wp-includes/class-wp-customize-widgets.php
+++ b/wp-includes/class-wp-customize-widgets.php
@ -1684,7 +1684,7 @@ final class WP_Customize_Widgets {
 	 * List of the tag names seen for before_widget strings.
 	 *
 	 * This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the
-	 * data-* attributes can be whitelisted.
+	 * data-* attributes can be allowed.
 	 *
 	 * @since 4.5.0
 	 * @var array
--- a/wp-includes/class-wp-date-query.php
+++ b/wp-includes/class-wp-date-query.php
@ -462,10 +462,10 @@ class WP_Date_Query {
 	/**
 	 * Validates a column name parameter.
 	 *
-	 * Column names without a table prefix (like 'post_date') are checked against a whitelist of
-	 * known tables, and then, if found, have a table prefix (such as 'wp_posts.') prepended.
-	 * Prefixed column names (such as 'wp_posts.post_date') bypass this whitelist check,
-	 * and are only sanitized to remove illegal characters.
+	 * Column names without a table prefix (like 'post_date') are checked against a list of
+	 * allowed and known tables, and then, if found, have a table prefix (such as 'wp_posts.')
+	 * prepended. Prefixed column names (such as 'wp_posts.post_date') bypass this allowed
+	 * check, and are only sanitized to remove illegal characters.
 	 *
 	 * @since 3.7.0
 	 *
--- a/wp-includes/class-wp-image-editor-imagick.php
+++ b/wp-includes/class-wp-image-editor-imagick.php
@ -305,8 +305,8 @@ class WP_Image_Editor_Imagick extends WP_Image_Editor {
 		);

 		/**
-		 * Set the filter value if '$filter_name' name is in our whitelist and the related
-		 * Imagick constant is defined or fall back to our default filter.
+		 * Set the filter value if '$filter_name' name is in the allowed list and the related
+		 * Imagick constant is defined or fall back to the default filter.
 		 */
 		if ( in_array( $filter_name, $allowed_filters, true ) && defined( 'Imagick::' . $filter_name ) ) {
 			$filter = constant( 'Imagick::' . $filter_name );
--- a/wp-includes/class-wp-oembed-controller.php
+++ b/wp-includes/class-wp-oembed-controller.php
@ -94,7 +94,7 @@ final class WP_oEmbed_Controller {
 							'sanitize_callback' => 'absint',
 						),
 						'discover'  => array(
-							'description' => __( 'Whether to perform an oEmbed discovery request for non-whitelisted providers.' ),
+							'description' => __( 'Whether to perform an oEmbed discovery request for unsanctioned providers.' ),
 							'type'        => 'boolean',
 							'default'     => true,
 						),
--- a/wp-includes/class-wp-oembed.php
+++ b/wp-includes/class-wp-oembed.php
@ -131,10 +131,10 @@ class WP_oEmbed {
 		self::$early_providers = array();

 		/**
-		 * Filters the list of whitelisted oEmbed providers.
+		 * Filters the list of sanctioned oEmbed providers.
 		 *
 		 * Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized
-		 * iframes. The providers in this list are whitelisted, meaning they are trusted and allowed to
+		 * iframes. The providers in this list are sanctioned, meaning they are trusted and allowed to
 		 * embed any content, such as iframes, videos, JavaScript, and arbitrary HTML.
 		 *
 		 * Supported providers:
--- a/wp-includes/class-wp.php
+++ b/wp-includes/class-wp.php
@ -275,7 +275,7 @@ class WP {
 		}

 		/**
-		 * Filters the query variables whitelist before processing.
+		 * Filters the query variables allowed before processing.
 		 *
 		 * Allows (publicly allowed) query vars to be added, removed, or changed prior
 		 * to executing the query. Needed to allow custom rewrite rules using your own arguments
@ -283,7 +283,7 @@ class WP {
 		 *
 		 * @since 1.5.0
 		 *
-		 * @param string[] $public_query_vars The array of whitelisted query variable names.
+		 * @param string[] $public_query_vars The array of allowed query variable names.
 		 */
 		$this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars );

--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@ -10,15 +10,15 @@
 * Check whether a comment passes internal checks to be allowed to add.
 *
 * If manual comment moderation is set in the administration, then all checks,
- * regardless of their type and whitelist, will fail and the function will
+ * regardless of their type and substance, will fail and the function will
 * return false.
 *
 * If the number of links exceeds the amount in the administration, then the
- * check fails. If any of the parameter contents match the blacklist of words,
+ * check fails. If any of the parameter contents contain any disallowed words,
 * then the check fails.
 *
 * If the comment author was approved before, then the comment is automatically
- * whitelisted.
+ * approved.
 *
 * If all checks pass, the function will return true.
 *
@ -126,7 +126,7 @@ function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent,
 	 * as well as whether there are any moderation keywords (if set) present in the author
 	 * email address. If both checks pass, return true. Otherwise, return false.
 	 */
-	if ( 1 == get_option( 'comment_whitelist' ) ) {
+	if ( 1 == get_option( 'comment_previously_approved' ) ) {
 		if ( 'trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email ) {
 			$comment_user = get_user_by( 'email', wp_unslash( $email ) );
 			if ( ! empty( $comment_user->ID ) ) {
@ -815,7 +815,7 @@ function wp_allow_comment( $commentdata, $avoid_die = false ) {
 			$approved = 0;
 		}

-		if ( wp_blacklist_check(
+		if ( wp_blocklist_check(
 			$commentdata['comment_author'],
 			$commentdata['comment_author_email'],
 			$commentdata['comment_author_url'],
@ -1262,9 +1262,9 @@ function wp_check_comment_data_max_lengths( $comment_data ) {
 }

 /**
- * Does comment contain blacklisted characters or words.
+ * Checks if a comment contains disallowed characters or words.
 *
- * @since 1.5.0
+ * @since 5.5.0
 *
 * @param string $author The author of the comment
 * @param string $email The email of the comment
@ -1272,13 +1272,14 @@ function wp_check_comment_data_max_lengths( $comment_data ) {
 * @param string $comment The comment content
 * @param string $user_ip The comment author's IP address
 * @param string $user_agent The author's browser user agent
- * @return bool True if comment contains blacklisted content, false if comment does not
+ * @return bool True if comment contains disallowed content, false if comment does not
 */
-function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
+function wp_blocklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
 	/**
-	 * Fires before the comment is tested for blacklisted characters or words.
+	 * Fires before the comment is tested for disallowed characters or words.
 	 *
 	 * @since 1.5.0
+	 * @deprecated 5.5.0 Use {@see 'wp_blocklist_check'} instead.
 	 *
 	 * @param string $author     Comment author.
 	 * @param string $email      Comment author's email.
@ -1287,14 +1288,28 @@ function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_ag
 	 * @param string $user_ip    Comment author's IP address.
 	 * @param string $user_agent Comment author's browser user agent.
 	 */
-	do_action( 'wp_blacklist_check', $author, $email, $url, $comment, $user_ip, $user_agent );
+	do_action_deprecated( 'wp_blacklist_check', array( $author, $email, $url, $comment, $user_ip, $user_agent ), '5.5.0', 'wp_blocklist_check', __( 'Please consider writing more inclusive code.' ) );

-	$mod_keys = trim( get_option( 'blacklist_keys' ) );
+	/**
+	 * Fires before the comment is tested for disallowed characters or words.
+	 *
+	 * @since 5.5.0
+	 *
+	 * @param string $author     Comment author.
+	 * @param string $email      Comment author's email.
+	 * @param string $url        Comment author's URL.
+	 * @param string $comment    Comment content.
+	 * @param string $user_ip    Comment author's IP address.
+	 * @param string $user_agent Comment author's browser user agent.
+	 */
+	do_action( 'wp_blocklist_check', $author, $email, $url, $comment, $user_ip, $user_agent );
+
+	$mod_keys = trim( get_option( 'blocklist_keys' ) );
 	if ( '' === $mod_keys ) {
 		return false; // If moderation keys are empty.
 	}

-	// Ensure HTML tags are not being used to bypass the blacklist.
+	// Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
 	$comment_without_html = wp_strip_all_tags( $comment );

 	$words = explode( "\n", $mod_keys );
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@ -96,7 +96,7 @@ add_filter( 'pre_post_mime_type', 'sanitize_mime_type' );
 add_filter( 'post_mime_type', 'sanitize_mime_type' );

 // Meta.
-add_filter( 'register_meta_args', '_wp_register_meta_args_whitelist', 10, 2 );
+add_filter( 'register_meta_args', '_wp_register_meta_args_allowed_list', 10, 2 );

 // Post meta.
 add_action( 'added_post_meta', 'wp_cache_set_posts_last_changed' );
--- a/wp-includes/deprecated.php
+++ b/wp-includes/deprecated.php
@ -3995,3 +3995,83 @@ function wp_unregister_GLOBALS() {  // phpcs:ignore WordPress.NamingConventions.
 	// register_globals was deprecated in PHP 5.3 and removed entirely in PHP 5.4.
 	_deprecated_function( __FUNCTION__, '5.5.0' );
 }
+
+/**
+ * Does comment contain disallowed characters or words.
+ *
+ * @since 1.5.0
+ * @deprecated 5.5.0 Use wp_blocklist_check() instead.
+ *                   Please consider writing more inclusive code.
+ *
+ * @param string $author The author of the comment
+ * @param string $email The email of the comment
+ * @param string $url The url used in the comment
+ * @param string $comment The comment content
+ * @param string $user_ip The comment author's IP address
+ * @param string $user_agent The author's browser user agent
+ * @return bool True if comment contains disallowed content, false if comment does not
+ */
+function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
+	_deprecated_function( __FUNCTION__, '5.5.0', 'wp_blocklist_check()' );
+
+	return wp_blocklist_check( $author, $email, $url, $comment, $user_ip, $user_agent );
+}
+
+/**
+ * Filters out `register_meta()` args based on an allowed list.
+ *
+ * `register_meta()` args may change over time, so requiring the allowed list
+ * to be explicitly turned off is a warranty seal of sorts.
+ *
+ * @access private
+ * @since 4.6.0
+ * @deprecated 5.5.0 Use _wp_register_meta_args_allowed_list() instead.
+ *                   Please consider writing more inclusive code.
+ *
+ * @param array $args         Arguments from `register_meta()`.
+ * @param array $default_args Default arguments for `register_meta()`.
+ * @return array Filtered arguments.
+ */
+function _wp_register_meta_args_whitelist( $args, $default_args ) {
+	_deprecated_function( __FUNCTION__, '5.5.0', '_wp_register_meta_args_allowed_list()' );
+
+	return _wp_register_meta_args_allowed_list( $args, $default_args );
+}
+
+/**
+ * Adds an array of options to the list of allowed options.
+ *
+ * @since 2.7.0
+ * @deprecated 5.5.0 Use add_option_allowed_list() instead.
+ *                   Please consider writing more inclusive code.
+ *
+ * @global array $allowed_options
+ *
+ * @param array        $new_options
+ * @param string|array $options
+ * @return array
+ */
+function add_option_whitelist( $new_options, $options = '' ) {
+	_deprecated_function( __FUNCTION__, '5.5.0', 'add_option_allowed_list()' );
+
+	return add_option_allowed_list( $new_options, $options );
+}
+
+/**
+ * Removes a list of options from the allowed options list.
+ *
+ * @since 2.7.0
+ * @deprecated 5.5.0 Use remove_option_allowed_list() instead.
+ *                   Please consider writing more inclusive code.
+ *
+ * @global array $allowed_options
+ *
+ * @param array        $del_options
+ * @param string|array $options
+ * @return array
+ */
+function remove_option_whitelist( $del_options, $options = '' ) {
+	_deprecated_function( __FUNCTION__, '5.5.0', 'remove_option_allowed_list()' );
+
+	return remove_option_allowed_list( $del_options, $options );
+}
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@ -2048,7 +2048,7 @@ function sanitize_file_name( $filename ) {

 	/*
 	 * Loop over any intermediate extensions. Postfix them with a trailing underscore
-	 * if they are a 2 - 5 character long alpha string not in the extension whitelist.
+	 * if they are a 2 - 5 character long alpha string not in the allowed extension list.
 	 */
 	foreach ( (array) $parts as $part ) {
 		$filename .= '.' . $part;
@ -4852,7 +4852,7 @@ function sanitize_option( $option, $value ) {
 			break;

 		case 'moderation_keys':
-		case 'blacklist_keys':
+		case 'blocklist_keys':
 			$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
 			if ( is_wp_error( $value ) ) {
 				$error = $value->get_error_message();
--- a/wp-includes/http.php
+++ b/wp-includes/http.php
@ -593,7 +593,7 @@ function wp_http_validate_url( $url ) {
 }

 /**
- * Whitelists allowed redirect hosts for safe HTTP requests as well.
+ * Mark allowed redirect hosts safe for HTTP requests as well.
 *
 * Attached to the {@see 'http_request_host_is_external'} filter.
 *
@ -611,7 +611,8 @@ function allowed_http_request_hosts( $is_external, $host ) {
 }

 /**
- * Whitelists any domain in a multisite installation for safe HTTP requests.
+ * Adds any domain in a multisite installation for safe HTTP requests to the
+ * allowed list.
 *
 * Attached to the {@see 'http_request_host_is_external'} filter.
 *
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@ -1720,13 +1720,14 @@ function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) {
 * Callback for `wp_kses_bad_protocol_once()` regular expression.
 *
 * This function processes URL protocols, checks to see if they're in the
- * whitelist or not, and returns different data depending on the answer.
+ * list of allowed protocols or not, and returns different data depending
+ * on the answer.
 *
 * @access private
 * @ignore
 * @since 1.0.0
 *
- * @param string   $string            URI scheme to check against the whitelist.
+ * @param string   $string            URI scheme to check against the list of allowed protocols.
 * @param string[] $allowed_protocols Array of allowed URL protocols.
 * @return string Sanitized content.
 */
@ -1772,7 +1773,7 @@ function wp_kses_normalize_entities( $string, $context = 'html' ) {
 	// Disarm all entities by converting & to &amp;
 	$string = str_replace( '&', '&amp;', $string );

-	// Change back the allowed entities in our entity whitelist.
+	// Change back the allowed entities in our list of allowed entities.
 	if ( 'xml' === $context ) {
 		$string = preg_replace_callback( '/&amp;([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_xml_named_entities', $string );
 	} else {
@ -1912,7 +1913,7 @@ function valid_unicode( $i ) {
 *
 * This function decodes numeric HTML entities (`&#65;` and `&#x41;`).
 * It doesn't do anything with named entities like `&auml;`, but we don't
- * need them in the URL protocol whitelisting system anyway.
+ * need them in the allowed URL protocols system anyway.
 *
 * @since 1.0.0
 *
--- a/wp-includes/meta.php
+++ b/wp-includes/meta.php
@ -1396,19 +1396,19 @@ function get_registered_metadata( $object_type, $object_id, $meta_key = '' ) {
 }

 /**
- * Filters out `register_meta()` args based on a whitelist.
+ * Filters out `register_meta()` args based on an allowed list.
 *
- * `register_meta()` args may change over time, so requiring the whitelist
+ * `register_meta()` args may change over time, so requiring the allowed list
 * to be explicitly turned off is a warranty seal of sorts.
 *
 * @access private
- * @since 4.6.0
+ * @since 5.5.0
 *
 * @param array $args         Arguments from `register_meta()`.
 * @param array $default_args Default arguments for `register_meta()`.
 * @return array Filtered arguments.
 */
-function _wp_register_meta_args_whitelist( $args, $default_args ) {
+function _wp_register_meta_args_allowed_list( $args, $default_args ) {
 	return array_intersect_key( $args, $default_args );
 }

--- a/wp-includes/ms-blogs.php
+++ b/wp-includes/ms-blogs.php
@ -720,9 +720,9 @@ function update_blog_status( $blog_id, $pref, $value, $deprecated = null ) {
 		_deprecated_argument( __FUNCTION__, '3.1.0' );
 	}

-	$pref_whitelist = array( 'site_id', 'domain', 'path', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
+	$allowed_field_names = array( 'site_id', 'domain', 'path', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );

-	if ( ! in_array( $pref, $pref_whitelist, true ) ) {
+	if ( ! in_array( $pref, $allowed_field_names, true ) ) {
 		return $value;
 	}

--- a/wp-includes/ms-default-filters.php
+++ b/wp-includes/ms-default-filters.php
@ -124,5 +124,5 @@ add_action( 'update_option_home', 'clean_site_details_cache', 10, 0 );
 // If the network upgrade hasn't run yet, assume ms-files.php rewriting is used.
 add_filter( 'default_site_option_ms_files_rewriting', '__return_true' );

-// Whitelist multisite domains for HTTP requests.
+// Allow multisite domains for HTTP requests.
 add_filter( 'http_request_host_is_external', 'ms_allowed_http_request_hosts', 20, 2 );
--- a/wp-includes/ms-functions.php
+++ b/wp-includes/ms-functions.php
@ -441,7 +441,8 @@ function is_email_address_unsafe( $user_email ) {
 * Sanitize and validate data required for a user sign-up.
 *
 * Verifies the validity and uniqueness of user names and user email addresses,
- * and checks email addresses against admin-provided domain whitelists and blacklists.
+ * and checks email addresses against allowed and disallowed domains provided by
+ * administrators.
 *
 * The {@see 'wpmu_validate_user_signup'} hook provides an easy way to modify the sign-up
 * process. The value $result, which is passed to the hook, contains both the user-provided
@ -1358,7 +1359,7 @@ function wpmu_create_blog( $domain, $path, $title, $user_id, $options = array(),
 		wp_installing( true );
 	}

-	$site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
+	$allowed_data_fields = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );

 	$site_data = array_merge(
 		array(
@ -1366,14 +1367,14 @@ function wpmu_create_blog( $domain, $path, $title, $user_id, $options = array(),
 			'path'       => $path,
 			'network_id' => $network_id,
 		),
-		array_intersect_key( $options, array_flip( $site_data_whitelist ) )
+		array_intersect_key( $options, array_flip( $allowed_data_fields ) )
 	);

 	// Data to pass to wp_initialize_site().
 	$site_initialization_data = array(
 		'title'   => $title,
 		'user_id' => $user_id,
-		'options' => array_diff_key( $options, array_flip( $site_data_whitelist ) ),
+		'options' => array_diff_key( $options, array_flip( $allowed_data_fields ) ),
 	);

 	$blog_id = wp_insert_site( array_merge( $site_data, $site_initialization_data ) );
@ -1840,12 +1841,12 @@ function get_most_recent_post_of_user( $user_id ) {
 //

 /**
- * Check an array of MIME types against a whitelist.
+ * Check an array of MIME types against a list of allowed types.
 *
 * WordPress ships with a set of allowed upload filetypes,
 * which is defined in wp-includes/functions.php in
 * get_allowed_mime_types(). This function is used to filter
- * that list against the filetype whitelist provided by Multisite
+ * that list against the filetypes allowed provided by Multisite
 * Super Admins at wp-admin/network/settings.php.
 *
 * @since MU (3.0.0)
--- a/wp-includes/ms-site.php
+++ b/wp-includes/ms-site.php
@ -114,10 +114,10 @@ function wp_insert_site( array $data ) {
 			$meta['WPLANG'] = get_network_option( $new_site->network_id, 'WPLANG' );
 		}

-		// Rebuild the data expected by the `wpmu_new_blog` hook prior to 5.1.0 using whitelisted keys.
-		// The `$site_data_whitelist` matches the one used in `wpmu_create_blog()`.
-		$site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
-		$meta                = array_merge( array_intersect_key( $data, array_flip( $site_data_whitelist ) ), $meta );
+		// Rebuild the data expected by the `wpmu_new_blog` hook prior to 5.1.0 using allowed keys.
+		// The `$allowed_data_fields` matches the one used in `wpmu_create_blog()`.
+		$allowed_data_fields = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
+		$meta                = array_merge( array_intersect_key( $data, array_flip( $allowed_data_fields ) ), $meta );

 		/**
 		 * Fires immediately after a new site is created.
@ -492,8 +492,8 @@ function wp_prepare_site_data( $data, $defaults, $old_site = null ) {
 	 */
 	$data = apply_filters( 'wp_normalize_site_data', $data );

-	$whitelist = array( 'domain', 'path', 'network_id', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
-	$data      = array_intersect_key( wp_parse_args( $data, $defaults ), array_flip( $whitelist ) );
+	$allowed_data_fields = array( 'domain', 'path', 'network_id', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
+	$data                = array_intersect_key( wp_parse_args( $data, $defaults ), array_flip( $allowed_data_fields ) );

 	$errors = new WP_Error();

--- a/wp-includes/option.php
+++ b/wp-includes/option.php
@ -2097,8 +2097,8 @@ function register_initial_settings() {
 * @global array $new_whitelist_options
 * @global array $wp_registered_settings
 *
- * @param string $option_group A settings group name. Should correspond to a whitelisted option key name.
- *                             Default whitelisted option key names include 'general', 'discussion', 'media',
+ * @param string $option_group A settings group name. Should correspond to an allowed option key name.
+ *                             Default allowed option key names include 'general', 'discussion', 'media',
 *                             'reading', 'writing', 'misc', 'options', and 'privacy'.
 * @param string $option_name The name of an option to sanitize and save.
 * @param array  $args {
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@ -1466,7 +1466,7 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
 		$wpp = parse_url( home_url() );

 		/**
-		 * Filters the whitelist of hosts to redirect to.
+		 * Filters the list of allowed hosts to redirect to.
 		 *
 		 * @since 2.3.0
 		 *
--- a/wp-includes/rest-api/class-wp-rest-server.php
+++ b/wp-includes/rest-api/class-wp-rest-server.php
@ -605,7 +605,7 @@ class WP_REST_Server {
 		$embedded = array();

 		foreach ( $data['_links'] as $rel => $links ) {
-			// If a list of relations was specified, and the link relation is not in the whitelist, don't process the link.
+			// If a list of relations was specified, and the link relation is not in the list of allowed relations, don't process the link.
 			if ( is_array( $embed ) && ! in_array( $rel, $embed, true ) ) {
 				continue;
 			}
--- a/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
+++ b/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
@ -251,7 +251,7 @@ class WP_REST_Settings_Controller extends WP_REST_Controller {
 			}

 			/*
-			 * Whitelist the supported types for settings, as we don't want invalid types
+			 * Allow the supported types for settings, as we don't want invalid types
 			 * to be updated with arbitrary values that we can't do decent sanitizing for.
 			 */
 			if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'integer', 'string', 'boolean', 'array', 'object' ), true ) ) {
@ -304,7 +304,7 @@ class WP_REST_Settings_Controller extends WP_REST_Controller {
 	 *
 	 * By default, the schema of settings will throw an error if a value is set to
 	 * `null` as it's not a valid value for something like "type => string". We
-	 * provide a wrapper sanitizer to whitelist the use of `null`.
+	 * provide a wrapper sanitizer to allow the use of `null`.
 	 *
 	 * @since 4.7.0
 	 *
--- a/wp-includes/script-loader.php
+++ b/wp-includes/script-loader.php
@ -1064,7 +1064,7 @@ function wp_default_scripts( $scripts ) {
 		)
 	);

-	$scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 );
+	$scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'wp-deprecated', 'zxcvbn-async' ), false, 1 );
 	did_action( 'init' ) && $scripts->localize(
 		'password-strength-meter',
 		'pwsL10n',
@ -1077,6 +1077,7 @@ function wp_default_scripts( $scripts ) {
 			'mismatch' => _x( 'Mismatch', 'password mismatch' ),
 		)
 	);
+	$scripts->set_translations( 'password-strength-meter' );

 	$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter', 'wp-util' ), false, 1 );
 	did_action( 'init' ) && $scripts->localize(
--- a/wp-includes/sodium_compat/src/Core/Ed25519.php
+++ b/wp-includes/sodium_compat/src/Core/Ed25519.php
@ -376,8 +376,8 @@ abstract class ParagonIE_Sodium_Core_Ed25519 extends ParagonIE_Sodium_Core_Curve
     */
    public static function small_order($R)
    {
-        /** @var array<int, array<int, int>> $blacklist */
-        $blacklist = array(
+        /** @var array<int, array<int, int>> $blocklist */
+        $blocklist = array(
            /* 0 (order 4) */
            array(
                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -463,13 +463,13 @@ abstract class ParagonIE_Sodium_Core_Ed25519 extends ParagonIE_Sodium_Core_Curve
                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
            )
        );
-        /** @var int $countBlacklist */
-        $countBlacklist = count($blacklist);
+        /** @var int $countBlocklist */
+        $countBlocklist = count($blocklist);

-        for ($i = 0; $i < $countBlacklist; ++$i) {
+        for ($i = 0; $i < $countBlocklist; ++$i) {
            $c = 0;
            for ($j = 0; $j < 32; ++$j) {
-                $c |= self::chrToInt($R[$j]) ^ (int) $blacklist[$i][$j];
+                $c |= self::chrToInt($R[$j]) ^ (int) $blocklist[$i][$j];
            }
            if ($c === 0) {
                return true;
--- a/wp-includes/sodium_compat/src/Core32/Ed25519.php
+++ b/wp-includes/sodium_compat/src/Core32/Ed25519.php
@ -378,7 +378,7 @@ abstract class ParagonIE_Sodium_Core32_Ed25519 extends ParagonIE_Sodium_Core32_C
     */
    public static function small_order($R)
    {
-        static $blacklist = array(
+        static $blocklist = array(
            /* 0 (order 4) */
            array(
                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -464,13 +464,13 @@ abstract class ParagonIE_Sodium_Core32_Ed25519 extends ParagonIE_Sodium_Core32_C
                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
            )
        );
-        /** @var array<int, array<int, int>> $blacklist */
-        $countBlacklist = count($blacklist);
+        /** @var array<int, array<int, int>> $blocklist */
+        $countBlocklist = count($blocklist);

-        for ($i = 0; $i < $countBlacklist; ++$i) {
+        for ($i = 0; $i < $countBlocklist; ++$i) {
            $c = 0;
            for ($j = 0; $j < 32; ++$j) {
-                $c |= self::chrToInt($R[$j]) ^ $blacklist[$i][$j];
+                $c |= self::chrToInt($R[$j]) ^ $blocklist[$i][$j];
            }
            if ($c === 0) {
                return true;
--- a/wp-includes/theme.php
+++ b/wp-includes/theme.php
@ -2823,7 +2823,7 @@ function get_theme_support( $feature, ...$args ) {
 * @return bool|void Whether feature was removed.
 */
 function remove_theme_support( $feature ) {
-	// Blacklist: for internal registrations not used directly by themes.
+	// Do not remove internal registrations that are not used directly by themes.
 	if ( in_array( $feature, array( 'editor-style', 'widgets', 'menus' ), true ) ) {
 		return false;
 	}
@ -2832,11 +2832,11 @@ function remove_theme_support( $feature ) {
 }

 /**
- * Do not use. Removes theme support internally, ignorant of the blacklist.
+ * Do not use. Removes theme support internally without knowledge of those not used by
+ * themes directly.
 *
 * @access private
 * @since 3.1.0
- *
 * @global array               $_wp_theme_features
 * @global Custom_Image_Header $custom_image_header
 * @global Custom_Background   $custom_background
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@ -1593,11 +1593,11 @@ function wp_insert_user( $userdata ) {
 	}

 	/**
-	 * Filters the list of blacklisted usernames.
+	 * Filters the list of disallowed usernames.
 	 *
 	 * @since 4.4.0
 	 *
-	 * @param array $usernames Array of blacklisted usernames.
+	 * @param array $usernames Array of disallowed usernames.
 	 */
 	$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );

--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,14 +13,14 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.5-alpha-48120';
+$wp_version = '5.5-alpha-48121';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
 *
 * @global int $wp_db_version
 */
-$wp_db_version = 48072;
+$wp_db_version = 48121;

 /**
 * Holds the TinyMCE version.
--- a/wp-includes/widgets.php
+++ b/wp-includes/widgets.php
@ -1282,7 +1282,7 @@ function retrieve_widgets( $theme_changed = false ) {
 }

 /**
- * Compares a list of sidebars with their widgets against a whitelist.
+ * Compares a list of sidebars with their widgets against an allowed list.
 *
 * @since 4.9.0
 * @since 4.9.2 Always tries to restore widget assignments from previous data, not just if sidebars needed mapping.
@ -1457,22 +1457,22 @@ function wp_map_sidebars_widgets( $existing_sidebars_widgets ) {
 }

 /**
- * Compares a list of sidebars with their widgets against a whitelist.
+ * Compares a list of sidebars with their widgets against an allowed list.
 *
 * @since 4.9.0
 *
 * @param array $sidebars_widgets   List of sidebars and their widget instance IDs.
- * @param array $whitelist        Optional. List of widget IDs to compare against. Default: Registered widgets.
- * @return array Sidebars with whitelisted widgets.
+ * @param array $allowed_widget_ids Optional. List of widget IDs to compare against. Default: Registered widgets.
+ * @return array Sidebars with allowed widgets.
 */
-function _wp_remove_unregistered_widgets( $sidebars_widgets, $whitelist = array() ) {
-	if ( empty( $whitelist ) ) {
-		$whitelist = array_keys( $GLOBALS['wp_registered_widgets'] );
+function _wp_remove_unregistered_widgets( $sidebars_widgets, $allowed_widget_ids = array() ) {
+	if ( empty( $allowed_widget_ids ) ) {
+		$allowed_widget_ids = array_keys( $GLOBALS['wp_registered_widgets'] );
 	}

 	foreach ( $sidebars_widgets as $sidebar => $widgets ) {
 		if ( is_array( $widgets ) ) {
-			$sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $whitelist );
+			$sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $allowed_widget_ids );
 		}
 	}