Editor: Bump @wordpress packages for 5.9.5.

desrosj · desrosj · commit 67cf588d2703 · 2022-10-17T18:08:24.000Z
Package updates for bug fixes: * @wordpress/block-directory: 3.0.30 * @wordpress/block-library: 6.0.29 * @wordpress/customize-widgets: 2.0.30 * @wordpress/edit-post: 5.0.30 * @wordpress/edit-site: 3.0.30 * @wordpress/edit-widgets: 3.1.25 * @wordpress/widgets: 2.0.25 git-svn-id: https://develop.svn.wordpress.org/branches/5.9@54564 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -82,24 +82,24 @@
 		"@wordpress/api-fetch": "5.2.7",
 		"@wordpress/autop": "3.2.3",
 		"@wordpress/blob": "3.2.2",
-		"@wordpress/block-directory": "3.0.29",
+		"@wordpress/block-directory": "3.0.30",
 		"@wordpress/block-editor": "8.0.18",
-		"@wordpress/block-library": "6.0.28",
+		"@wordpress/block-library": "6.0.29",
 		"@wordpress/block-serialization-default-parser": "4.2.3",
 		"@wordpress/blocks": "11.1.5",
 		"@wordpress/components": "19.2.3",
 		"@wordpress/compose": "5.0.7",
 		"@wordpress/core-data": "4.0.11",
-		"@wordpress/customize-widgets": "2.0.29",
+		"@wordpress/customize-widgets": "2.0.30",
 		"@wordpress/data": "6.1.5",
 		"@wordpress/data-controls": "2.2.9",
 		"@wordpress/date": "4.2.3",
 		"@wordpress/deprecated": "3.2.3",
 		"@wordpress/dom": "3.2.7",
 		"@wordpress/dom-ready": "3.2.3",
-		"@wordpress/edit-post": "5.0.29",
-		"@wordpress/edit-site": "3.0.29",
-		"@wordpress/edit-widgets": "3.1.24",
+		"@wordpress/edit-post": "5.0.30",
+		"@wordpress/edit-site": "3.0.30",
+		"@wordpress/edit-widgets": "3.1.25",
 		"@wordpress/editor": "12.0.22",
 		"@wordpress/element": "4.0.4",
 		"@wordpress/escape-html": "2.2.3",
@@ -128,7 +128,7 @@
 		"@wordpress/url": "3.3.2",
 		"@wordpress/viewport": "4.0.7",
 		"@wordpress/warning": "2.2.2",
-		"@wordpress/widgets": "2.0.24",
+		"@wordpress/widgets": "2.0.25",
 		"@wordpress/wordcount": "3.2.3",
 		"backbone": "1.4.0",
 		"clipboard": "2.0.8",
diff --git a/src/wp-includes/blocks/legacy-widget.php b/src/wp-includes/blocks/legacy-widget.php
@@ -46,7 +46,7 @@ function render_block_core_legacy_widget( $attributes ) {
 
 	if ( isset( $attributes['instance']['encoded'], $attributes['instance']['hash'] ) ) {
 		$serialized_instance = base64_decode( $attributes['instance']['encoded'] );
-		if ( wp_hash( $serialized_instance ) !== $attributes['instance']['hash'] ) {
+		if ( ! hash_equals( wp_hash( $serialized_instance ), (string) $attributes['instance']['hash'] ) ) {
 			return '';
 		}
 		$instance = unserialize( $serialized_instance );
diff --git a/src/wp-includes/blocks/navigation.php b/src/wp-includes/blocks/navigation.php
@@ -549,13 +549,13 @@ function render_block_core_navigation( $attributes, $content, $block ) {
 					</div>
 				</div>
 			</div>',
-		$modal_unique_id,
+		esc_attr( $modal_unique_id ),
 		$inner_blocks_html,
 		__( 'Open menu' ), // Open button label.
 		__( 'Close menu' ), // Close button label.
-		implode( ' ', $responsive_container_classes ),
-		implode( ' ', $open_button_classes ),
-		$colors['overlay_inline_styles'],
+		esc_attr( implode( ' ', $responsive_container_classes ) ),
+		esc_attr( implode( ' ', $open_button_classes ) ),
+		esc_attr( safecss_filter_attr( $colors['overlay_inline_styles'] ) ),
 		__( 'Menu' )
 	);
 
diff --git a/src/wp-includes/blocks/post-featured-image.php b/src/wp-includes/blocks/post-featured-image.php
@@ -43,7 +43,7 @@ function render_block_core_post_featured_image( $attributes, $content, $block )
 		if ( ! empty( $attributes['scale'] ) ) {
 			$image_styles .= "object-fit:{$attributes['scale']};";
 		}
-		$featured_image = str_replace( 'src=', "style='$image_styles' src=", $featured_image );
+		$featured_image = str_replace( '<img ', '<img style="' . esc_attr( safecss_filter_attr( $image_styles ) ) . '" ', $featured_image );
 	}
 
 	return "<figure $wrapper_attributes>$featured_image</figure>";
diff --git a/src/wp-includes/blocks/rss.php b/src/wp-includes/blocks/rss.php
@@ -16,7 +16,7 @@ function render_block_core_rss( $attributes ) {
 	$rss = fetch_feed( $attributes['feedURL'] );
 
 	if ( is_wp_error( $rss ) ) {
-		return '<div class="components-placeholder"><div class="notice notice-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . $rss->get_error_message() . '</div></div>';
+		return '<div class="components-placeholder"><div class="notice notice-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $rss->get_error_message() ) . '</div></div>';
 	}
 
 	if ( ! $rss->get_item_quantity() ) {
@@ -44,8 +44,8 @@ function render_block_core_rss( $attributes ) {
 			if ( $date ) {
 				$date = sprintf(
 					'<time datetime="%1$s" class="wp-block-rss__item-publish-date">%2$s</time> ',
-					date_i18n( get_option( 'c' ), $date ),
-					date_i18n( get_option( 'date_format' ), $date )
+					esc_attr( date_i18n( get_option( 'c' ), $date ) ),
+					esc_attr( date_i18n( get_option( 'date_format' ), $date ) )
 				);
 			}
 		}
diff --git a/src/wp-includes/blocks/search.php b/src/wp-includes/blocks/search.php
@@ -276,12 +276,12 @@ function styles_for_block_core_search( $attributes ) {
 	// Add color styles.
 	$has_text_color = ! empty( $attributes['style']['color']['text'] );
 	if ( $has_text_color ) {
-		$button_styles[] = sprintf( 'color: %s;', esc_attr( $attributes['style']['color']['text'] ) );
+		$button_styles[] = sprintf( 'color: %s;', $attributes['style']['color']['text'] );
 	}
 
 	$has_background_color = ! empty( $attributes['style']['color']['background'] );
 	if ( $has_background_color ) {
-		$button_styles[] = sprintf( 'background-color: %s;', esc_attr( $attributes['style']['color']['background'] ) );
+		$button_styles[] = sprintf( 'background-color: %s;', $attributes['style']['color']['background'] );
 	}
 
 	$has_custom_gradient = ! empty( $attributes['style']['color']['gradient'] );
@@ -290,9 +290,9 @@ function styles_for_block_core_search( $attributes ) {
 	}
 
 	return array(
-		'input'   => ! empty( $input_styles ) ? sprintf( ' style="%s"', safecss_filter_attr( implode( ' ', $input_styles ) ) ) : '',
-		'button'  => ! empty( $button_styles ) ? sprintf( ' style="%s"', safecss_filter_attr( implode( ' ', $button_styles ) ) ) : '',
-		'wrapper' => ! empty( $wrapper_styles ) ? sprintf( ' style="%s"', safecss_filter_attr( implode( ' ', $wrapper_styles ) ) ) : '',
+		'input'   => ! empty( $input_styles ) ? sprintf( ' style="%s"', esc_attr( safecss_filter_attr( implode( ' ', $input_styles ) ) ) ) : '',
+		'button'  => ! empty( $button_styles ) ? sprintf( ' style="%s"', esc_attr( safecss_filter_attr( implode( ' ', $button_styles ) ) ) ) : '',
+		'wrapper' => ! empty( $wrapper_styles ) ? sprintf( ' style="%s"', esc_attr( safecss_filter_attr( implode( ' ', $wrapper_styles ) ) ) ) : '',
 	);
 }
 
diff --git a/src/wp-includes/blocks/widget-group.php b/src/wp-includes/blocks/widget-group.php
@@ -28,7 +28,7 @@ function render_block_core_widget_group( $attributes, $content, $block ) {
 	$html = '';
 
 	if ( ! empty( $attributes['title'] ) ) {
-		$html .= $before_title . $attributes['title'] . $after_title;
+		$html .= $before_title . esc_html( $attributes['title'] ) . $after_title;
 	}
 
 	$html .= '<div class="wp-widget-group__inner-blocks">';

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ function render_block_core_legacy_widget( $attributes ) {`
`46`	`46`
`47`	`47`	`if ( isset( $attributes['instance']['encoded'], $attributes['instance']['hash'] ) ) {`
`48`	`48`	`$serialized_instance = base64_decode( $attributes['instance']['encoded'] );`
`49`		`- if ( wp_hash( $serialized_instance ) !== $attributes['instance']['hash'] ) {`
	`49`	`+ if ( ! hash_equals( wp_hash( $serialized_instance ), (string) $attributes['instance']['hash'] ) ) {`
`50`	`50`	`return '';`
`51`	`51`	`}`
`52`	`52`	`$instance = unserialize( $serialized_instance );`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ function render_block_core_post_featured_image( $attributes, $content, $block )`
`43`	`43`	`if ( ! empty( $attributes['scale'] ) ) {`
`44`	`44`	`$image_styles .= "object-fit:{$attributes['scale']};";`
`45`	`45`	`}`
`46`		`- $featured_image = str_replace( 'src=', "style='$image_styles' src=", $featured_image );`
	`46`	`+ $featured_image = str_replace( '<img ', '<img style="' . esc_attr( safecss_filter_attr( $image_styles ) ) . '" ', $featured_image );`
`47`	`47`	`}`
`48`	`48`
`49`	`49`	`return "<figure $wrapper_attributes>$featured_image</figure>";`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ function render_block_core_rss( $attributes ) {`
`16`	`16`	`$rss = fetch_feed( $attributes['feedURL'] );`
`17`	`17`
`18`	`18`	`if ( is_wp_error( $rss ) ) {`
`19`		`- return '<div class="components-placeholder"><div class="notice notice-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . $rss->get_error_message() . '</div></div>';`
	`19`	`+ return '<div class="components-placeholder"><div class="notice notice-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $rss->get_error_message() ) . '</div></div>';`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`if ( ! $rss->get_item_quantity() ) {`
`@@ -44,8 +44,8 @@ function render_block_core_rss( $attributes ) {`
`44`	`44`	`if ( $date ) {`
`45`	`45`	`$date = sprintf(`
`46`	`46`	`'<time datetime="%1$s" class="wp-block-rss__item-publish-date">%2$s</time> ',`
`47`		`- date_i18n( get_option( 'c' ), $date ),`
`48`		`- date_i18n( get_option( 'date_format' ), $date )`
	`47`	`+ esc_attr( date_i18n( get_option( 'c' ), $date ) ),`
	`48`	`+ esc_attr( date_i18n( get_option( 'date_format' ), $date ) )`
`49`	`49`	`);`
`50`	`50`	`}`
`51`	`51`	`}`
Original file line number	Diff line number	Diff line change
`@@ -276,12 +276,12 @@ function styles_for_block_core_search( $attributes ) {`
`276`	`276`	`// Add color styles.`
`277`	`277`	`$has_text_color = ! empty( $attributes['style']['color']['text'] );`
`278`	`278`	`if ( $has_text_color ) {`
`279`		`- $button_styles[] = sprintf( 'color: %s;', esc_attr( $attributes['style']['color']['text'] ) );`
	`279`	`+ $button_styles[] = sprintf( 'color: %s;', $attributes['style']['color']['text'] );`
`280`	`280`	`}`
`281`	`281`
`282`	`282`	`$has_background_color = ! empty( $attributes['style']['color']['background'] );`
`283`	`283`	`if ( $has_background_color ) {`
`284`		`- $button_styles[] = sprintf( 'background-color: %s;', esc_attr( $attributes['style']['color']['background'] ) );`
	`284`	`+ $button_styles[] = sprintf( 'background-color: %s;', $attributes['style']['color']['background'] );`
`285`	`285`	`}`
`286`	`286`
`287`	`287`	`$has_custom_gradient = ! empty( $attributes['style']['color']['gradient'] );`
`@@ -290,9 +290,9 @@ function styles_for_block_core_search( $attributes ) {`
`290`	`290`	`}`
`291`	`291`
`292`	`292`	`return array(`
`293`		`- 'input' => ! empty( $input_styles ) ? sprintf( ' style="%s"', safecss_filter_attr( implode( ' ', $input_styles ) ) ) : '',`
`294`		`- 'button' => ! empty( $button_styles ) ? sprintf( ' style="%s"', safecss_filter_attr( implode( ' ', $button_styles ) ) ) : '',`
`295`		`- 'wrapper' => ! empty( $wrapper_styles ) ? sprintf( ' style="%s"', safecss_filter_attr( implode( ' ', $wrapper_styles ) ) ) : '',`
	`293`	`+ 'input' => ! empty( $input_styles ) ? sprintf( ' style="%s"', esc_attr( safecss_filter_attr( implode( ' ', $input_styles ) ) ) ) : '',`
	`294`	`+ 'button' => ! empty( $button_styles ) ? sprintf( ' style="%s"', esc_attr( safecss_filter_attr( implode( ' ', $button_styles ) ) ) ) : '',`
	`295`	`+ 'wrapper' => ! empty( $wrapper_styles ) ? sprintf( ' style="%s"', esc_attr( safecss_filter_attr( implode( ' ', $wrapper_styles ) ) ) ) : '',`
`296`	`296`	`);`
`297`	`297`	`}`
`298`	`298`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ function render_block_core_widget_group( $attributes, $content, $block ) {`
`28`	`28`	`$html = '';`
`29`	`29`
`30`	`30`	`if ( ! empty( $attributes['title'] ) ) {`
`31`		`- $html .= $before_title . $attributes['title'] . $after_title;`
	`31`	`+ $html .= $before_title . esc_html( $attributes['title'] ) . $after_title;`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`$html .= '<div class="wp-widget-group__inner-blocks">';`