Core update

wp-activate.php

@@ -36,7 +36,7 @@
  *
  * Fires on {@see 'wp_head'}.
  *
- * @since MU
+ * @since MU (3.0.0)
  */
 function do_activate_header() {
 	/**
@@ -53,7 +53,7 @@ function do_activate_header() {
 /**
  * Loads styles specific to this page.
  *
- * @since MU
+ * @since MU (3.0.0)
  */
 function wpmu_activate_stylesheet() {
 	?>
@@ -108,10 +108,9 @@ function wpmu_activate_stylesheet() {
 					);
 				} else {
 					printf(
-						/* translators: 1: site URL, 2: site domain, 3: username, 4: user email, 5: lost password URL */
-						__( 'Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.' ),
-						'http://' . $signup->domain,
-						$signup->domain,
+						/* translators: 1: site URL, 2: username, 3: user email, 4: lost password URL */
+						__( 'Your site at %1$s is active. You may now log in to your site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
+						sprintf( '<a href="http://%s">%s</a>', $signup->domain ),
 						$signup->user_login,
 						$signup->user_email,
 						wp_lostpassword_url()

wp-admin/admin-ajax.php

@@ -26,7 +26,7 @@
 
 // Require an action parameter
 if ( empty( $_REQUEST['action'] ) )
-	die( '0' );
+	wp_die( '0', 400 );
 
 /** Load WordPress Administration APIs */
 require_once( ABSPATH . 'wp-admin/includes/admin.php' );
@@ -61,14 +61,15 @@
 	'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor',
 	'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs',
 	'save-user-color-scheme', 'update-widget', 'query-themes', 'parse-embed', 'set-attachment-thumbnail',
-	'parse-media-shortcode', 'destroy-sessions', 'install-plugin', 'update-plugin', 'press-this-save-post',
-	'press-this-add-category', 'crop-image', 'generate-password', 'save-wporg-username', 'delete-plugin',
-	'search-plugins', 'search-install-plugins', 'activate-plugin', 'update-theme', 'delete-theme',
-	'install-theme', 'get-post-thumbnail-html', 'get-community-events',
+	'parse-media-shortcode', 'destroy-sessions', 'install-plugin', 'update-plugin', 'crop-image',
+	'generate-password', 'save-wporg-username', 'delete-plugin', 'search-plugins',
+	'search-install-plugins', 'activate-plugin', 'update-theme', 'delete-theme', 'install-theme',
+	'get-post-thumbnail-html', 'get-community-events', 'edit-theme-plugin-file',
 );
 
 // Deprecated
-$core_actions_post[] = 'wp-fullscreen-save-post';
+$core_actions_post_deprecated = array( 'wp-fullscreen-save-post', 'press-this-save-post', 'press-this-add-category' );
+$core_actions_post = array_merge( $core_actions_post, $core_actions_post_deprecated );
 
 // Register core Ajax calls.
 if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) )
@@ -80,6 +81,11 @@
 add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
 
 if ( is_user_logged_in() ) {
+	// If no action is registered, return a Bad Request response.
+	if ( ! has_action( 'wp_ajax_' . $_REQUEST['action'] ) ) {
+		wp_die( '0', 400 );
+	}
+
 	/**
 	 * Fires authenticated Ajax actions for logged-in users.
 	 *
@@ -90,6 +96,11 @@
 	 */
 	do_action( 'wp_ajax_' . $_REQUEST['action'] );
 } else {
+	// If no action is registered, return a Bad Request response.
+	if ( ! has_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ) ) {
+		wp_die( '0', 400 );
+	}
+
 	/**
 	 * Fires non-authenticated Ajax actions for logged-out users.
 	 *
@@ -101,4 +112,4 @@
 	do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
 }
 // Default status
-die( '0' );
+wp_die( '0' );

wp-admin/admin.php

@@ -87,16 +87,18 @@
 if ( ! wp_next_scheduled( 'wp_scheduled_delete' ) && ! wp_installing() )
 	wp_schedule_event(time(), 'daily', 'wp_scheduled_delete');
 
+// Schedule Transient cleanup.
+if ( ! wp_next_scheduled( 'delete_expired_transients' ) && ! wp_installing() ) {
+	wp_schedule_event( time(), 'daily', 'delete_expired_transients' );
+}
+
 set_screen_options();
 
 $date_format = __( 'F j, Y' );
 $time_format = __( 'g:i a' );
 
 wp_enqueue_script( 'common' );
 
-
-
-
 /**
  * $pagenow is set in vars.php
  * $wp_importers is sometimes set in wp-admin/includes/import.php

wp-admin/async-upload.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * Server-side file upload handler from wp-plupload, swfupload or other asynchronous upload methods.
+ * Server-side file upload handler from wp-plupload or other asynchronous upload methods.
  *
  * @package WordPress
  * @subpackage Administration
@@ -14,20 +14,10 @@
 	define( 'WP_ADMIN', true );
 }
 
-if ( defined('ABSPATH') )
-	require_once(ABSPATH . 'wp-load.php');
-else
+if ( defined( 'ABSPATH' ) ) {
+	require_once( ABSPATH . 'wp-load.php' );
+} else {
 	require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
-
-if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
-	// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
-	if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
-		$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
-	elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
-		$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
-	if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) )
-		$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
-	unset($current_user);
 }
 
 require_once( ABSPATH . 'wp-admin/admin.php' );

wp-admin/credits.php

@@ -16,20 +16,22 @@
 
 include( ABSPATH . 'wp-admin/admin-header.php' );
 ?>
-<div class="wrap about-wrap">
+<div class="wrap about-wrap full-width-layout">
 
 <h1><?php printf( __( 'Welcome to WordPress %s' ), $display_version ); ?></h1>
 
-<p class="about-text"><?php printf( __( 'Thank you for updating to the latest version! WordPress %s adds more ways for you to express yourself and represent your brand.' ), $display_version ); ?></p>
+<p class="about-text"><?php printf( __( 'Thank you for updating to the latest version! WordPress %s will smooth your design workflow and keep you safe from coding errors.' ), $display_version ); ?></p>
 
 <div class="wp-badge"><?php printf( __( 'Version %s' ), $display_version ); ?></div>
 
 <h2 class="nav-tab-wrapper wp-clearfix">
 	<a href="about.php" class="nav-tab"><?php _e( 'What&#8217;s New' ); ?></a>
 	<a href="credits.php" class="nav-tab nav-tab-active"><?php _e( 'Credits' ); ?></a>
 	<a href="freedoms.php" class="nav-tab"><?php _e( 'Freedoms' ); ?></a>
+	<a href="privacy.php" class="nav-tab"><?php _e( 'Privacy' ); ?></a>
 </h2>
 
+<div class="about-wrap-content">
 <?php
 
 $credits = wp_credits();
@@ -43,6 +45,7 @@
 	);
 	echo '</p>';
 	echo '</div>';
+	echo '</div>';
 	include( ABSPATH . 'wp-admin/admin-footer.php' );
 	exit;
 }
@@ -105,6 +108,7 @@
 	);
 ?></p>
 
+</div>
 </div>
 <?php
 
@@ -115,7 +119,7 @@
 // These are strings returned by the API that we want to be translatable
 __( 'Project Leaders' );
 __( 'Core Contributors to WordPress %s' );
-__( 'Contributing Developers' );
+__( 'Noteworthy Contributors' );
 __( 'Cofounder, Project Lead' );
 __( 'Lead Developer' );
 __( 'Release Lead' );