Update to WordPress 5.5. IMPORTANT: If you select "Auto-resolve confl…

…icts" for this release, it may cause your customizations to wp-config.php to be removed. Changes were made in the upstream wp-config.php in order to support wp_get_environment_type(). Double-check the contents of your wp-config.php file after applying this update. If you have problems with merge conflicts, see https://pantheon.io/docs/git-resolve-merge-conflicts

For more information on the WordPress 5.5 Release, see https://wordpress.org/news/2020/08/eckstine/

readme.html

@@ -57,7 +57,7 @@ <h2>System Requirements</h2>
 
 <h3>Recommendations</h3>
 <ul>
-	<li><a href="https://secure.php.net/">PHP</a> version <strong>7.3</strong> or higher.</li>
+	<li><a href="https://secure.php.net/">PHP</a> version <strong>7.4</strong> or higher.</li>
 	<li><a href="https://www.mysql.com/">MySQL</a> version <strong>5.6</strong> or higher.</li>
 	<li>The <a href="https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html">mod_rewrite</a> Apache module.</li>
 	<li><a href="https://wordpress.org/news/2016/12/moving-toward-ssl/">HTTPS</a> support.</li>

wp-activate.php

@@ -57,7 +57,7 @@
 } elseif ( is_wp_error( $result ) ) {
 	$error_code = $result->get_error_code();
 
-	if ( ! in_array( $error_code, $valid_error_codes ) ) {
+	if ( ! in_array( $error_code, $valid_error_codes, true ) ) {
 		status_header( 400 );
 	}
 }
@@ -117,14 +117,16 @@ function wpmu_activate_stylesheet() {
 add_action( 'wp_head', 'wp_sensitive_page_meta' );
 
 get_header( 'wp-activate' );
+
+$blog_details = get_blog_details();
 ?>
 
 <div id="signup-content" class="widecolumn">
 	<div class="wp-activate-container">
 	<?php if ( ! $key ) { ?>
 
 		<h2><?php _e( 'Activation Key Required' ); ?></h2>
-		<form name="activateform" id="activateform" method="post" action="<?php echo network_site_url( 'wp-activate.php' ); ?>">
+		<form name="activateform" id="activateform" method="post" action="<?php echo network_site_url( $blog_details->path . 'wp-activate.php' ); ?>">
 			<p>
 				<label for="key"><?php _e( 'Activation Key:' ); ?></label>
 				<br /><input type="text" name="key" id="key" value="" size="50" />
@@ -136,7 +138,7 @@ function wpmu_activate_stylesheet() {
 
 		<?php
 	} else {
-		if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) {
+		if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes, true ) ) {
 			$signup = $result->get_error_data();
 			?>
 			<h2><?php _e( 'Your account is now active!' ); ?></h2>
@@ -146,7 +148,7 @@ function wpmu_activate_stylesheet() {
 				printf(
 					/* translators: 1: Login URL, 2: Username, 3: User email address, 4: Lost password URL. */
 					__( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
-					network_site_url( 'wp-login.php', 'login' ),
+					network_site_url( $blog_details->path . 'wp-login.php', 'login' ),
 					$signup->user_login,
 					$signup->user_email,
 					wp_lostpassword_url()
@@ -155,7 +157,7 @@ function wpmu_activate_stylesheet() {
 				printf(
 					/* translators: 1: Site URL, 2: Username, 3: User email address, 4: Lost password URL. */
 					__( 'Your site at %1$s is active. You may now log in to your site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
-					sprintf( '<a href="http://%1$s">%1$s</a>', $signup->domain ),
+					sprintf( '<a href="http://%1$s%2$s">%1$s%2$s</a>', $signup->domain, $blog_details->path ),
 					$signup->user_login,
 					$signup->user_email,
 					wp_lostpassword_url()
@@ -195,8 +197,12 @@ function wpmu_activate_stylesheet() {
 			<?php else : ?>
 				<p class="view">
 				<?php
-					/* translators: 1: Login URL, 2: Network home URL. */
-					printf( __( 'Your account is now activated. <a href="%1$s">Log in</a> or go back to the <a href="%2$s">homepage</a>.' ), network_site_url( 'wp-login.php', 'login' ), network_home_url() );
+					printf(
+						/* translators: 1: Login URL, 2: Network home URL. */
+						__( 'Your account is now activated. <a href="%1$s">Log in</a> or go back to the <a href="%2$s">homepage</a>.' ),
+						network_site_url( $blog_details->path . 'wp-login.php', 'login' ),
+						network_home_url( $blog_details->path )
+					);
 				?>
 				</p>
 				<?php

wp-admin/admin-ajax.php

@@ -139,18 +139,19 @@
 	'health-check-background-updates',
 	'health-check-loopback-requests',
 	'health-check-get-sizes',
+	'toggle-auto-updates',
 );
 
 // Deprecated.
 $core_actions_post_deprecated = array( 'wp-fullscreen-save-post', 'press-this-save-post', 'press-this-add-category' );
 $core_actions_post            = array_merge( $core_actions_post, $core_actions_post_deprecated );
 
 // Register core Ajax calls.
-if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) ) {
+if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get, true ) ) {
 	add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 );
 }
 
-if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post ) ) {
+if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post, true ) ) {
 	add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 );
 }
 

wp-admin/admin-header.php

@@ -32,19 +32,19 @@
 }
 
 get_admin_page_title();
-$title = esc_html( strip_tags( $title ) );
+$title = strip_tags( $title );
 
 if ( is_network_admin() ) {
 	/* translators: Network admin screen title. %s: Network title. */
-	$admin_title = sprintf( __( 'Network Admin: %s' ), esc_html( get_network()->site_name ) );
+	$admin_title = sprintf( __( 'Network Admin: %s' ), get_network()->site_name );
 } elseif ( is_user_admin() ) {
 	/* translators: User dashboard screen title. %s: Network title. */
-	$admin_title = sprintf( __( 'User Dashboard: %s' ), esc_html( get_network()->site_name ) );
+	$admin_title = sprintf( __( 'User Dashboard: %s' ), get_network()->site_name );
 } else {
 	$admin_title = get_bloginfo( 'name' );
 }
 
-if ( $admin_title == $title ) {
+if ( $admin_title === $title ) {
 	/* translators: Admin screen title. %s: Admin screen name. */
 	$admin_title = sprintf( __( '%s — WordPress' ), $title );
 } else {
@@ -71,18 +71,17 @@
 
 _wp_admin_html_begin();
 ?>
-<title><?php echo $admin_title; ?></title>
+<title><?php echo esc_html( $admin_title ); ?></title>
 <?php
 
 wp_enqueue_style( 'colors' );
-wp_enqueue_style( 'ie' );
 wp_enqueue_script( 'utils' );
 wp_enqueue_script( 'svg-painter' );
 
 $admin_body_class = preg_replace( '/[^a-z0-9_-]+/i', '-', $hook_suffix );
 ?>
 <script type="text/javascript">
-addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
+addLoadEvent = function(func){if(typeof jQuery!=='undefined')jQuery(document).ready(func);else if(typeof wpOnload!=='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>',
 	pagenow = '<?php echo $current_screen->id; ?>',
 	typenow = '<?php echo $current_screen->post_type; ?>',
@@ -91,7 +90,6 @@
 	decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',
 	isRtl = <?php echo (int) is_rtl(); ?>;
 </script>
-<meta name="viewport" content="width=device-width,initial-scale=1.0">
 <?php
 
 /**
@@ -148,7 +146,7 @@
  */
 do_action( 'admin_head' );
 
-if ( get_user_setting( 'mfold' ) == 'f' ) {
+if ( 'f' === get_user_setting( 'mfold' ) ) {
 	$admin_body_class .= ' folded';
 }
 
@@ -200,6 +198,11 @@
 	}
 }
 
+// Print a CSS class to make PHP errors visible.
+if ( error_get_last() && WP_DEBUG && WP_DEBUG_DISPLAY && ini_get( 'display_errors' ) ) {
+	$admin_body_class .= ' php-error';
+}
+
 ?>
 </head>
 <?php

wp-admin/admin.php

@@ -36,6 +36,7 @@
 nocache_headers();
 
 if ( get_option( 'db_upgraded' ) ) {
+
 	flush_rewrite_rules();
 	update_option( 'db_upgraded', false );
 
@@ -45,7 +46,11 @@
 	 * @since 2.8.0
 	 */
 	do_action( 'after_db_upgrade' );
-} elseif ( get_option( 'db_version' ) != $wp_db_version && empty( $_POST ) ) {
+
+} elseif ( ! wp_doing_ajax() && empty( $_POST )
+	&& (int) get_option( 'db_version' ) !== $wp_db_version
+) {
+
 	if ( ! is_multisite() ) {
 		wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
 		exit;
@@ -257,7 +262,9 @@
 			wp_die( __( 'Invalid plugin page.' ) );
 		}
 
-		if ( ! ( file_exists( WP_PLUGIN_DIR . "/$plugin_page" ) && is_file( WP_PLUGIN_DIR . "/$plugin_page" ) ) && ! ( file_exists( WPMU_PLUGIN_DIR . "/$plugin_page" ) && is_file( WPMU_PLUGIN_DIR . "/$plugin_page" ) ) ) {
+		if ( ! ( file_exists( WP_PLUGIN_DIR . "/$plugin_page" ) && is_file( WP_PLUGIN_DIR . "/$plugin_page" ) )
+			&& ! ( file_exists( WPMU_PLUGIN_DIR . "/$plugin_page" ) && is_file( WPMU_PLUGIN_DIR . "/$plugin_page" ) )
+		) {
 			/* translators: %s: Admin page generated by a plugin. */
 			wp_die( sprintf( __( 'Cannot load %s.' ), htmlentities( $plugin_page ) ) );
 		}
@@ -289,7 +296,7 @@
 
 	require_once ABSPATH . 'wp-admin/admin-footer.php';
 
-	exit();
+	exit;
 } elseif ( isset( $_GET['import'] ) ) {
 
 	$importer = $_GET['import'];
@@ -350,7 +357,7 @@
 	// Make sure rules are flushed.
 	flush_rewrite_rules( false );
 
-	exit();
+	exit;
 } else {
 	/**
 	 * Fires before a particular screen is loaded.

wp-admin/async-upload.php

@@ -42,20 +42,21 @@
 if ( isset( $_REQUEST['attachment_id'] ) && intval( $_REQUEST['attachment_id'] ) && $_REQUEST['fetch'] ) {
 	$id   = intval( $_REQUEST['attachment_id'] );
 	$post = get_post( $id );
-	if ( 'attachment' != $post->post_type ) {
+	if ( 'attachment' !== $post->post_type ) {
 		wp_die( __( 'Invalid post type.' ) );
 	}
-	if ( ! current_user_can( 'edit_post', $id ) ) {
-		wp_die( __( 'Sorry, you are not allowed to edit this item.' ) );
-	}
 
 	switch ( $_REQUEST['fetch'] ) {
 		case 3:
 			$thumb_url = wp_get_attachment_image_src( $id, 'thumbnail', true );
 			if ( $thumb_url ) {
 				echo '<img class="pinkynail" src="' . esc_url( $thumb_url[0] ) . '" alt="" />';
 			}
-			echo '<a class="edit-attachment" href="' . esc_url( get_edit_post_link( $id ) ) . '" target="_blank">' . _x( 'Edit', 'media item' ) . '</a>';
+			if ( current_user_can( 'edit_post', $id ) ) {
+				echo '<a class="edit-attachment" href="' . esc_url( get_edit_post_link( $id ) ) . '" target="_blank">' . _x( 'Edit', 'media item' ) . '</a>';
+			} else {
+				echo '<span class="edit-attachment">' . _x( 'Success', 'media item' ) . '</span>';
+			}
 
 			// Title shouldn't ever be empty, but use filename just in case.
 			$file  = get_attached_file( $post->ID );