Merge branch 'asset-management' into 'master'

Test SNIPE-IT software

See merge request saburly/wiaas/experiments!7

backend/wordpress/wp-admin/about.php

@@ -32,6 +32,24 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 
 		<div class="changelog point-releases">
 			<h3><?php _e( 'Maintenance and Security Releases' ); ?></h3>
+			<p>
+				<?php
+				printf(
+				/* translators: 1: WordPress version number, 2: plural number of bugs. */
+					_n(
+						'<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+						'<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.',
+						17
+					),
+					'4.9.7',
+					number_format_i18n( 17 )
+				);
+				?>
+				<?php
+				/* translators: %s: Codex URL */
+				printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.9.7' );
+				?>
+			</p>
 			<p>
 				<?php
 				printf(

backend/wordpress/wp-admin/edit-form-comment.php

@@ -29,7 +29,11 @@ if ( 'approved' === wp_get_comment_status( $comment ) && $comment->comment_post_
 <div class="inside">
 	<div id="comment-link-box">
 		<strong><?php _ex( 'Permalink:', 'comment' ); ?></strong>
-		<span id="sample-permalink"><a href="<?php echo $comment_link; ?>"><?php echo $comment_link; ?></a></span>
+		<span id="sample-permalink">
+			<a href="<?php echo esc_url( $comment_link ); ?>">
+				<?php echo esc_html( $comment_link ); ?>
+			</a>
+		</span>
 	</div>
 </div>
 <?php endif; ?>

backend/wordpress/wp-admin/includes/class-wp-community-events.php

@@ -385,20 +385,33 @@ class WP_Community_Events {
 	}
 
 	/**
-	 * Discards expired events, and reduces the remaining list.
+	 * Prepares the event list for presentation.
+	 *
+	 * Discards expired events, and makes WordCamps "sticky." Attendees need more
+	 * advanced notice about WordCamps than they do for meetups, so camps should
+	 * appear in the list sooner. If a WordCamp is coming up, the API will "stick"
+	 * it in the response, even if it wouldn't otherwise appear. When that happens,
+	 * the event will be at the end of the list, and will need to be moved into a
+	 * higher position, so that it doesn't get trimmed off.
 	 *
 	 * @since 4.8.0
+	 * @since 4.9.7 Stick a WordCamp to the final list.
 	 *
 	 * @param  array $response_body The response body which contains the events.
 	 * @return array The response body with events trimmed.
 	 */
 	protected function trim_events( $response_body ) {
 		if ( isset( $response_body['events'] ) ) {
+			$wordcamps         = array();
 			$current_timestamp = current_time( 'timestamp' );
 
 			foreach ( $response_body['events'] as $key => $event ) {
-				// Skip WordCamps, because they might be multi-day events.
-				if ( 'meetup' !== $event['type'] ) {
+				/*
+				 * Skip WordCamps, because they might be multi-day events.
+				 * Save a copy so they can be pinned later.
+				 */
+				if ( 'wordcamp' === $event['type'] ) {
+					$wordcamps[] = $event;
 					continue;
 				}
 
@@ -410,6 +423,13 @@ class WP_Community_Events {
 			}
 
 			$response_body['events'] = array_slice( $response_body['events'], 0, 3 );
+			$trimmed_event_types     = wp_list_pluck( $response_body['events'], 'type' );
+
+			// Make sure the soonest upcoming WordCamps is pinned in the list.
+			if ( ! in_array( 'wordcamp', $trimmed_event_types ) && $wordcamps ) {
+				array_pop( $response_body['events'] );
+				array_push( $response_body['events'], $wordcamps[0] );
+			}
 		}
 
 		return $response_body;

backend/wordpress/wp-admin/includes/file.php

@@ -1803,7 +1803,7 @@ function wp_print_request_filesystem_credentials_modal() {
  *
  * @since 4.9.6
  *
- * @param array  $group_data {
+ * @param array $group_data {
  *     The group data to render.
  *
  *     @type string $group_label  The user-facing heading for the group, e.g. 'Comments'.
@@ -1865,7 +1865,7 @@ function wp_privacy_generate_personal_data_export_group_html( $group_data ) {
  *
  * @since 4.9.6
  *
- * @param int  $request_id  The export request ID.
+ * @param int $request_id The export request ID.
  */
 function wp_privacy_generate_personal_data_export_file( $request_id ) {
 	if ( ! class_exists( 'ZipArchive' ) ) {
@@ -1889,9 +1889,8 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
 	$exports_dir = wp_privacy_exports_dir();
 	$exports_url = wp_privacy_exports_url();
 
-	$result = wp_mkdir_p( $exports_dir );
-	if ( is_wp_error( $result ) ) {
-		wp_send_json_error( $result->get_error_message() );
+	if ( ! wp_mkdir_p( $exports_dir ) ) {
+		wp_send_json_error( __( 'Unable to create export folder.' ) );
 	}
 
 	// Protect export folder from browsing.
@@ -2030,7 +2029,7 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
 			 * @param string $archive_pathname     The full path to the export file on the filesystem.
 			 * @param string $archive_url          The URL of the archive file.
 			 * @param string $html_report_pathname The full path to the personal data report on the filesystem.
-			 * @param string $request_id           The export request ID.
+			 * @param int    $request_id           The export request ID.
 			 */
 			do_action( 'wp_privacy_personal_data_export_file_created', $archive_pathname, $archive_url, $html_report_pathname, $request_id );
 		}
@@ -2051,8 +2050,8 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
  *
  * @since 4.9.6
  *
- * @param int  $request_id  The request ID for this personal data export.
- * @return true|WP_Error    True on success or `WP_Error` on failure.
+ * @param int $request_id The request ID for this personal data export.
+ * @return true|WP_Error True on success or `WP_Error` on failure.
  */
 function wp_privacy_send_personal_data_export_email( $request_id ) {
 	// Get the request data.
@@ -2062,11 +2061,11 @@ function wp_privacy_send_personal_data_export_email( $request_id ) {
 		return new WP_Error( 'invalid', __( 'Invalid request ID when sending personal data export email.' ) );
 	}
 
-	/** This filter is documented in wp-admin/includes/file.php */
+	/** This filter is documented in wp-includes/functions.php */
 	$expiration      = apply_filters( 'wp_privacy_export_expiration', 3 * DAY_IN_SECONDS );
 	$expiration_date = date_i18n( get_option( 'date_format' ), time() + $expiration );
 
-/* translators: Do not translate EXPIRATION, LINK, EMAIL, SITENAME, SITEURL: those are placeholders. */
+/* translators: Do not translate EXPIRATION, LINK, SITENAME, SITEURL: those are placeholders. */
 $email_text = __(
 'Howdy,
 
@@ -2077,8 +2076,6 @@ so please download it before then.
 
 ###LINK###
 
-This email has been sent to ###EMAIL###.
-
 Regards,
 All at ###SITENAME###
 ###SITEURL###'
@@ -2090,7 +2087,6 @@ All at ###SITENAME###
 	 * The following strings have a special meaning and will get replaced dynamically:
 	 * ###EXPIRATION###         The date when the URL will be automatically deleted.
 	 * ###LINK###               URL of the personal data export file for the user.
-	 * ###EMAIL###              The email we are sending to.
 	 * ###SITENAME###           The name of the site.
 	 * ###SITEURL###            The URL to the site.
 	 *
@@ -2184,6 +2180,7 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde
 	update_post_meta( $request_id, '_export_data_raw', $export_data );
 
 	// If we are not yet on the last page of the last exporter, return now.
+	/** This filter is documented in wp-admin/includes/ajax-actions.php */
 	$exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() );
 	$is_last_exporter = $exporter_index === count( $exporters );
 	$exporter_done = $response['done'];
@@ -2219,7 +2216,13 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde
 	delete_post_meta( $request_id, '_export_data_raw' );
 	update_post_meta( $request_id, '_export_data_grouped', $groups );
 
-	// Generate the export file from the collected, grouped personal data.
+	/**
+	 * Generate the export file from the collected, grouped personal data.
+	 *
+	 * @since 4.9.6
+	 *
+	 * @param int $request_id The export request ID.
+	 */
 	do_action( 'wp_privacy_personal_data_export_file', $request_id );
 
 	// Clear the grouped data now that it is no longer needed.

backend/wordpress/wp-admin/includes/misc.php

@@ -194,6 +194,8 @@ function insert_with_markers( $filename, $marker, $insertion ) {
  * @since 1.5.0
  *
  * @global WP_Rewrite $wp_rewrite
+ *
+ * @return bool|null True on write success, false on failure. Null in multisite.
  */
 function save_mod_rewrite_rules() {
 	if ( is_multisite() )
@@ -201,8 +203,11 @@ function save_mod_rewrite_rules() {
 
 	global $wp_rewrite;
 
-	$home_path = get_home_path();
-	$htaccess_file = $home_path.'.htaccess';
+	// Ensure get_home_path() is declared.
+	require_once( ABSPATH . 'wp-admin/includes/file.php' );
+
+	$home_path     = get_home_path();
+	$htaccess_file = $home_path . '.htaccess';
 
 	/*
 	 * If the file doesn't already exist check for write access to the directory
@@ -226,7 +231,7 @@ function save_mod_rewrite_rules() {
  *
  * @global WP_Rewrite $wp_rewrite
  *
- * @return bool True if web.config was updated successfully
+ * @return bool|null True on write success, false on failure. Null in multisite.
  */
 function iis7_save_url_rewrite_rules(){
 	if ( is_multisite() )
@@ -234,7 +239,10 @@ function iis7_save_url_rewrite_rules(){
 
 	global $wp_rewrite;
 
-	$home_path = get_home_path();
+	// Ensure get_home_path() is declared.
+	require_once( ABSPATH . 'wp-admin/includes/file.php' );
+
+	$home_path       = get_home_path();
 	$web_config_file = $home_path . 'web.config';
 
 	// Using win_is_writable() instead of is_writable() because of a bug in Windows PHP
@@ -1150,7 +1158,7 @@ function update_option_new_admin_email( $old_value, $value ) {
 		return;
 	}
 
-	$hash = md5( $value . time() . mt_rand() );
+	$hash = md5( $value . time() . wp_rand() );
 	$new_admin_email = array(
 		'hash'     => $hash,
 		'newemail' => $value,
@@ -1701,7 +1709,7 @@ final class WP_Privacy_Policy_Content {
 
 			'<h3>' . __( 'Embedded content from other websites' ) . '</h3>' .
 			'<p>' . $suggested_text . __( 'Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.' ) . '</p>' .
-			'<p>' . __( 'These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.' ) . '</p>' .
+			'<p>' . __( 'These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.' ) . '</p>' .
 
 			'<h3>' . __( 'Analytics' ) . '</h3>';
 		$descr && $content .=