From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id A4FA213829B for ; Mon, 30 May 2016 08:42:38 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2A695142A6; Mon, 30 May 2016 08:42:35 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B085C142A6 for ; Mon, 30 May 2016 08:42:34 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 24CF9340834 for ; Mon, 30 May 2016 08:42:33 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id C203195D for ; Mon, 30 May 2016 08:42:30 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1464597805.ac14f14fed8b7bdf898cf04e9d2b7745a4cb53b7.blueness@gentoo> Subject: [gentoo-commits] proj/blogs-gentoo:master commit in: plugins/jetpack/, plugins/jetpack/modules/shortcodes/, plugins/jetpack/modules/ X-VCS-Repository: proj/blogs-gentoo X-VCS-Files: plugins/jetpack/jetpack.php plugins/jetpack/modules/shortcodes.php plugins/jetpack/modules/shortcodes/polldaddy.php plugins/jetpack/modules/shortcodes/vimeo.php plugins/jetpack/modules/shortcodes/youtube.php plugins/jetpack/readme.txt X-VCS-Directories: plugins/jetpack/ plugins/jetpack/modules/shortcodes/ plugins/jetpack/modules/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: ac14f14fed8b7bdf898cf04e9d2b7745a4cb53b7 X-VCS-Branch: master Date: Mon, 30 May 2016 08:42:30 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 4034053d-3f0f-4a49-9521-0c2db6f67bf4 X-Archives-Hash: c7314e32867bdd46a29498b1a2ef5ee4 commit: ac14f14fed8b7bdf898cf04e9d2b7745a4cb53b7 Author: Anthony G. Basile gentoo org> AuthorDate: Mon May 30 08:43:25 2016 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Mon May 30 08:43:25 2016 +0000 URL: https://gitweb.gentoo.org/proj/blogs-gentoo.git/commit/?id=ac14f14f Update plugin jecpack to 4.0.3 plugins/jetpack/jetpack.php | 4 +- plugins/jetpack/modules/shortcodes.php | 60 ++++++++++++++++++++++++ plugins/jetpack/modules/shortcodes/polldaddy.php | 7 +-- plugins/jetpack/modules/shortcodes/vimeo.php | 5 +- plugins/jetpack/modules/shortcodes/youtube.php | 2 +- plugins/jetpack/readme.txt | 11 ++++- 6 files changed, 77 insertions(+), 12 deletions(-) diff --git a/plugins/jetpack/jetpack.php b/plugins/jetpack/jetpack.php index 4118993..c5ee481 100644 --- a/plugins/jetpack/jetpack.php +++ b/plugins/jetpack/jetpack.php @@ -5,7 +5,7 @@ * Plugin URI: http://jetpack.com * Description: Bring the power of the WordPress.com cloud to your self-hosted WordPress. Jetpack enables you to connect your blog to a WordPress.com account to use the powerful features normally only available to WordPress.com users. * Author: Automattic - * Version: 4.0.2 + * Version: 4.0.3 * Author URI: http://jetpack.com * License: GPL2+ * Text Domain: jetpack @@ -14,7 +14,7 @@ define( 'JETPACK__MINIMUM_WP_VERSION', '4.4' ); -define( 'JETPACK__VERSION', '4.0.2' ); +define( 'JETPACK__VERSION', '4.0.3' ); define( 'JETPACK_MASTER_USER', true ); define( 'JETPACK__API_VERSION', 1 ); define( 'JETPACK__PLUGIN_DIR', plugin_dir_path( __FILE__ ) ); diff --git a/plugins/jetpack/modules/shortcodes.php b/plugins/jetpack/modules/shortcodes.php index 0de4c14..320de04 100644 --- a/plugins/jetpack/modules/shortcodes.php +++ b/plugins/jetpack/modules/shortcodes.php @@ -67,6 +67,66 @@ function jetpack_load_shortcodes() { } } +/** + * Runs preg_replace so that replacements don't happen within open tags. + * Parameters are the same as preg_replace, with an added optional search param for improved performance + * + * @param String $pattern + * @param String $replacement + * @param String $content + * @param String $search + * @return String $content + */ +function jetpack_preg_replace_outside_tags( $pattern, $replacement, $content, $search = null ) { + if( ! function_exists( 'wp_html_split' ) ) { + return $content; + } + + if ( $search && false === strpos( $content, $search ) ) { + return $content; + } + + $textarr = wp_html_split( $content ); + unset( $content ); + foreach( $textarr as &$element ) { + if ( '' === $element || '<' === $element{0} ) + continue; + $element = preg_replace( $pattern, $replacement, $element ); + } + + return join( $textarr ); +} + +/** + * Runs preg_replace_callback so that replacements don't happen within open tags. + * Parameters are the same as preg_replace, with an added optional search param for improved performance + * + * @param String $pattern + * @param String $replacement + * @param String $content + * @param String $search + * @return String $content + */ +function jetpack_preg_replace_callback_outside_tags( $pattern, $callback, $content, $search = null ) { + if( ! function_exists( 'wp_html_split' ) ) { + return $content; + } + + if ( $search && false === strpos( $content, $search ) ) { + return $content; + } + + $textarr = wp_html_split( $content ); + unset( $content ); + foreach( $textarr as &$element ) { + if ( '' === $element || '<' === $element{0} ) + continue; + $element = preg_replace_callback( $pattern, $callback, $element ); + } + + return join( $textarr ); +} + global $wp_version; if ( version_compare( $wp_version, '3.6-z', '>=' ) ) { diff --git a/plugins/jetpack/modules/shortcodes/polldaddy.php b/plugins/jetpack/modules/shortcodes/polldaddy.php index 70ec89b..39890d4 100644 --- a/plugins/jetpack/modules/shortcodes/polldaddy.php +++ b/plugins/jetpack/modules/shortcodes/polldaddy.php @@ -565,17 +565,12 @@ new PolldaddyShortcode(); if ( ! function_exists( 'polldaddy_link' ) ) { // http://polldaddy.com/poll/1562975/?view=results&msg=voted function polldaddy_link( $content ) { - return preg_replace( '!(?:\n|\A)http://polldaddy.com/poll/([0-9]+?)/(.+)?(?:\n|\Z)!i', "\n\n", $content ); + return jetpack_preg_replace_outside_tags( '!(?:\n|\A)http://polldaddy.com/poll/([0-9]+?)/(.+)?(?:\n|\Z)!i', "\n\n", $content, 'polldaddy.com/poll' ); } // higher priority because we need it before auto-link and autop get to it add_filter( 'the_content', 'polldaddy_link', 1 ); add_filter( 'the_content_rss', 'polldaddy_link', 1 ); - - /** This filter is documented in modules/shortcodes/youtube.php */ - if ( apply_filters( 'jetpack_comments_allow_oembed', get_option( 'embed_autourls' ) ) ) { - add_filter( 'comment_text', 'polldaddy_link', 1 ); - } } wp_oembed_add_provider( '#http://poll\.fm/.*#i', 'http://polldaddy.com/oembed/', true ); diff --git a/plugins/jetpack/modules/shortcodes/vimeo.php b/plugins/jetpack/modules/shortcodes/vimeo.php index f63367d..3d585a0 100644 --- a/plugins/jetpack/modules/shortcodes/vimeo.php +++ b/plugins/jetpack/modules/shortcodes/vimeo.php @@ -268,10 +268,11 @@ function vimeo_link( $content ) { */ $plain_url = "(?:[^'\">]?\/?(?:https?:\/\/)?vimeo\.com[^0-9]+)([0-9]+)(?:[^'\"0-9<]|$)"; - return preg_replace_callback( + return jetpack_preg_replace_callback_outside_tags( sprintf( '#%s|%s#i', $shortcode, $plain_url ), 'vimeo_link_callback', - $content + $content, + 'vimeo' ); } diff --git a/plugins/jetpack/modules/shortcodes/youtube.php b/plugins/jetpack/modules/shortcodes/youtube.php index 2ea76dd..d5db874 100644 --- a/plugins/jetpack/modules/shortcodes/youtube.php +++ b/plugins/jetpack/modules/shortcodes/youtube.php @@ -104,7 +104,7 @@ add_filter( 'pre_kses', 'youtube_embed_to_short_code' ); * @return string The content with embeds instead of URLs */ function youtube_link( $content ) { - return preg_replace_callback( '!(?:\n|\A)https?://(?:www\.)?(?:youtube.com/(?:v/|playlist|watch[/\#?])|youtu\.be/)[^\s]+?(?:\n|\Z)!i', 'youtube_link_callback', $content ); + return jetpack_preg_replace_callback_outside_tags( '!(?:\n|\A)https?://(?:www\.)?(?:youtube.com/(?:v/|playlist|watch[/\#?])|youtu\.be/)[^\s]+?(?:\n|\Z)!i', 'youtube_link_callback', $content, 'youtube.com/' ); } /** diff --git a/plugins/jetpack/readme.txt b/plugins/jetpack/readme.txt index 9bfe0a9..c03940a 100644 --- a/plugins/jetpack/readme.txt +++ b/plugins/jetpack/readme.txt @@ -1,7 +1,7 @@ === Jetpack by WordPress.com === Contributors: automattic, adamkheckler, aduth, akirk, allendav, alternatekev, andy, apeatling, azaozz, batmoo, barry, beaulebens, blobaugh, cainm, cfinke, chaselivingston, chellycat, christinepollock, csonnek, danielbachhuber, daniloercoli, designsimply, dllh, dsmart, dzver, ebinnion, eliorivero, enej, eoigal, ethitter, gcorne, georgestephanis, gibrown, goldsounds, hew, hugobaeta, HypertextRanch, iammattthomas, iandunn, jacobshere, jblz, jeherve, jenhooks, jenia, jkudish, jmdodd, Joen, johnjamesjacoby, jshreve, koke, kraftbj, lancewillett, lschuyler, macmanx, martinremy, matt, matveb, mattwiebe, maverick3x6, mcsf, mdawaffe, michaeldcain, michael-arestad, migueluy, mikeyarce, mjangda, mkaz, nancythanki, nickmomrik, obenland, pento, professor44, ryancowles, richardmuscat, richardmtl, roccotripaldi, samhotchkiss, sdquirk, stephdau, tmoorewp, Viper007Bond, westi, yoavf, zinigor Tags: WordPress.com, jet pack, comments, contact, gallery, performance, sharing, security, shortcodes, stats, subscriptions, widgets -Stable tag: 4.0.2 +Stable tag: 4.0.3 Requires at least: 4.4 Tested up to: 4.5 @@ -73,7 +73,16 @@ There are opportunities for developers at all levels to contribute. [Learn more 4. Publicize. 5. Related Posts. +== Upgrade Notice == += 4.0.3 = +Jetpack 4.0.3 fixes a critical security issue. Please upgrade immediately. + == Changelog == += 4.0.3 = +Release date: May 26th, 2016 + +* Important security update. Please upgrade immediately. + = 4.0.2 = Release date: April 21st, 2016