<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[7279] sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main: Main: Curly quotes FTW!</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { white-space: pre-line; overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="http://meta.trac.wordpress.org/changeset/7279">7279</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"http://meta.trac.wordpress.org/changeset/7279","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>obenland</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2018-06-06 22:24:28 +0000 (Wed, 06 Jun 2018)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Main: Curly quotes FTW!
Props tobifjellner.
Fixes <a href="http://meta.trac.wordpress.org/ticket/3556">#3556</a>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgmainpageaboutphilosophyphp">sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/page-about-philosophy.php</a></li>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgmainpageaboutsecurityphp">sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/page-about-security.php</a></li>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgmainpageaboutphp">sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/page-about.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgmainpageaboutphilosophyphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/page-about-philosophy.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/page-about-philosophy.php 2018-06-06 18:50:37 UTC (rev 7278)
+++ sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/page-about-philosophy.php 2018-06-06 22:24:28 UTC (rev 7279)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -38,36 +38,36 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <div class="entry-content row">
</span><span class="cx" style="display: block; padding: 0 10px"> <section class="col-8">
</span><span class="cx" style="display: block; padding: 0 10px"> <h3 id="box"><?php esc_html_e( 'Out of the Box', 'wporg' ); ?></h3>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php esc_html_e( 'Great software should work with little configuration and setup. WordPress is designed to get you up and running and fully functional in no longer than five minutes. You shouldn’t have to battle to use the standard functionality of WordPress.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'Great software should work with little configuration and setup. WordPress is designed to get you up and running and fully functional in no longer than five minutes. You shouldn’t have to battle to use the standard functionality of WordPress.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php esc_html_e( 'We work hard to make sure that every release is in keeping with this philosophy. We ask for as few technical details as possible during the setup process as well as providing full explanations of anything we do ask.', 'wporg' ); ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <h3 id="majority"><?php esc_html_e( 'Design for the Majority', 'wporg' ); ?></h3>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php esc_html_e( 'Many end users of WordPress are non-technically minded. They don’t know what AJAX is, nor do they care about which version of PHP they are using. The average WordPress user simply wants to be able to write without problems or interruption. These are the users that we design the software for as they are ultimately the ones who are going to spend the most time using it for what it was built for.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'Many end users of WordPress are non-technically minded. They don’t know what AJAX is, nor do they care about which version of PHP they are using. The average WordPress user simply wants to be able to write without problems or interruption. These are the users that we design the software for as they are ultimately the ones who are going to spend the most time using it for what it was built for.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <h3 id="decisions"><?php esc_html_e( 'Decisions, not Options', 'wporg' ); ?></h3>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php esc_html_e( 'When making decisions these are the users we consider first. A great example of this consideration is software options. Every time you give a user an option, you are asking them to make a decision. When a user doesn’t care or understand the option this ultimately leads to frustration. As developers we sometimes feel that providing options for everything is a good thing, you can never have too many choices, right? Ultimately these choices end up being technical ones, choices that the average end user has no interest in. It’s our duty as developers to make smart design decisions and avoid putting the weight of technical choices on our end users.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'When making decisions these are the users we consider first. A great example of this consideration is software options. Every time you give a user an option, you are asking them to make a decision. When a user doesn’t care or understand the option this ultimately leads to frustration. As developers we sometimes feel that providing options for everything is a good thing, you can never have too many choices, right? Ultimately these choices end up being technical ones, choices that the average end user has no interest in. It’s our duty as developers to make smart design decisions and avoid putting the weight of technical choices on our end users.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <h3 id="clean"><?php esc_html_e( 'Clean, Lean, and Mean', 'wporg' ); ?></h3>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php esc_html_e( 'The core of WordPress will always provide a solid array of basic features. It’s designed to be lean and fast and will always stay that way. We are constantly asked "when will X feature be built" or "why isn’t X plugin integrated into the core". The rule of thumb is that the core should provide features that 80% or more of end users will actually appreciate and use. If the next version of WordPress comes with a feature that the majority of users immediately want to turn off, or think they’ll never use, then we’ve blown it. If we stick to the 80% principle then this should never happen.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'The core of WordPress will always provide a solid array of basic features. It’s designed to be lean and fast and will always stay that way. We are constantly asked “when will X feature be built” or “why isn’t X plugin integrated into the core”. The rule of thumb is that the core should provide features that 80% or more of end users will actually appreciate and use. If the next version of WordPress comes with a feature that the majority of users immediately want to turn off, or think they’ll never use, then we’ve blown it. If we stick to the 80% principle then this should never happen.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php esc_html_e( 'We are able to do this because we have a very capable theme and plugin system and a fantastic developer community. Different people have different needs, and having the sheer number of quality WordPress plugins and themes allows users to customize their installations to their taste. That should allow all users to find the remaining 20% and make all WordPress features those they appreciate and use.', 'wporg' ); ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <h3 id="simplicity"><?php esc_html_e( 'Striving for Simplicity', 'wporg' ); ?></h3>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php esc_html_e( 'We’re never done with simplicity. We want to make WordPress easier to use with every single release. We’ve got a good track record of this, if you don’t believe us then just take a look back at some older versions of WordPress!', 'wporg' ); ?></p>
- <p><?php esc_html_e( 'In past releases we’ve taken major steps to improve ease of use and ultimately make things simpler to understand. One great example of this is core software updates. Updating used to be a painful manual task that was too tricky for a lot of our users. We decided to focus on this and simplified it down to a single click. Now anyone with a WordPress install can perform one click upgrades on both the core of WordPress and plugins and themes.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'We’re never done with simplicity. We want to make WordPress easier to use with every single release. We’ve got a good track record of this, if you don’t believe us then just take a look back at some older versions of WordPress!', 'wporg' ); ?></p>
+ <p><?php esc_html_e( 'In past releases we’ve taken major steps to improve ease of use and ultimately make things simpler to understand. One great example of this is core software updates. Updating used to be a painful manual task that was too tricky for a lot of our users. We decided to focus on this and simplified it down to a single click. Now anyone with a WordPress install can perform one click upgrades on both the core of WordPress and plugins and themes.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php esc_html_e( 'We love to challenge ourselves and simplify tasks in ways that are positive for the overall WordPress user experience. Every version of WordPress should be easier and more enjoyable to use than the last.', 'wporg' ); ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <h3 id="deadlines"><?php esc_html_e( 'Deadlines Are Not Arbitrary', 'wporg' ); ?></h3>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php esc_html_e( 'Deadlines are not arbitrary, they’re a promise we make to ourselves and our users that helps us rein in the endless possibilities of things that could be a part of every release. We aspire to release three major versions a year because through trial and error we’ve found that to be a good balance between getting cool stuff in each release and not so much that we end up breaking more than we add.', 'wporg' ); ?></p>
- <p><?php esc_html_e( 'Good deadlines almost always make you trim something from a release. This is not a bad thing, it’s what they’re supposed to do.', 'wporg' ); ?></p>
- <p><?php esc_html_e( 'The route of delaying a release for that one-more-feature is a rabbit hole. We did that for over a year once, and it wasn’t pleasant for anybody.', 'wporg' ); ?></p>
- <p><?php esc_html_e( 'The more frequent and regular releases are, the less important it is for any particular feature to be in this release. If it doesn’t make it for this one, it’ll just be a few months before the next one. When releases become unpredictable or few and far between, there’s more pressure to try and squeeze in that one more thing because it’s going to be so long before the next one. Delay begets delay.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'Deadlines are not arbitrary, they’re a promise we make to ourselves and our users that helps us rein in the endless possibilities of things that could be a part of every release. We aspire to release three major versions a year because through trial and error we’ve found that to be a good balance between getting cool stuff in each release and not so much that we end up breaking more than we add.', 'wporg' ); ?></p>
+ <p><?php esc_html_e( 'Good deadlines almost always make you trim something from a release. This is not a bad thing, it’s what they’re supposed to do.', 'wporg' ); ?></p>
+ <p><?php esc_html_e( 'The route of delaying a release for that one-more-feature is a rabbit hole. We did that for over a year once, and it wasn’t pleasant for anybody.', 'wporg' ); ?></p>
+ <p><?php esc_html_e( 'The more frequent and regular releases are, the less important it is for any particular feature to be in this release. If it doesn’t make it for this one, it’ll just be a few months before the next one. When releases become unpredictable or few and far between, there’s more pressure to try and squeeze in that one more thing because it’s going to be so long before the next one. Delay begets delay.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <h3 id="minority"><?php esc_html_e( 'The Vocal Minority', 'wporg' ); ?></h3>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php esc_html_e( 'There’s a good rule of thumb within internet culture called the 1% rule. It states that "the number of people who create content on the internet represents approximately 1% (or less) of the people actually viewing that content".', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'There’s a good rule of thumb within internet culture called the 1% rule. It states that “the number of people who create content on the internet represents approximately 1% (or less) of the people actually viewing that content”.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php esc_html_e( 'So while we consider it really important to listen and respond to those who post feedback and voice their opinions on forums, they only represent a tiny fraction of our end users. When making decisions on how to move forward with future versions of WordPress, we look to engage more of those users who are not so vocal online. We do this by meeting and talking to users at WordCamps across the globe, this gives us a better balance of understanding and ultimately allows us to make better decisions for everyone moving forward.', 'wporg' ); ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <h3 id="gpl"><?php esc_html_e( 'Our Bill of Rights', 'wporg' ); ?></h3>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php esc_html_e( 'WordPress is licensed under the General Public License (GPLv2 or later) which provides four core freedoms, consider this as the WordPress "bill of rights":', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'WordPress is licensed under the General Public License (GPLv2 or later) which provides four core freedoms, consider this as the WordPress “bill of rights”:', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px"> <ul>
</span><span class="cx" style="display: block; padding: 0 10px"> <li><?php esc_html_e( 'The freedom to run the program, for any purpose.', 'wporg' ); ?></li>
</span><span class="cx" style="display: block; padding: 0 10px"> <li><?php esc_html_e( 'The freedom to study how the program works, and change it to make it do what you wish.', 'wporg' ); ?></li>
</span></span></pre></div>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgmainpageaboutsecurityphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/page-about-security.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/page-about-security.php 2018-06-06 18:50:37 UTC (rev 7278)
+++ sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/page-about-security.php 2018-06-06 22:24:28 UTC (rev 7279)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -45,7 +45,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: URL to English PDF */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'Learn more about WordPress core software security in this free white paper. You can also download it in <a href="%s">PDF format</a>.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ wp_kses_post( __( 'Learn more about WordPress core software security in this free white paper. You can also download it in <a href="%s">PDF format</a>.', 'wporg' ) ),
</ins><span class="cx" style="display: block; padding: 0 10px"> 'https://github.com/WordPress/Security-White-Paper/blob/master/WordPressSecurityWhitePaper.pdf?raw=true'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -52,30 +52,30 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <img src="//s.w.org/about/images/logos/wordpress-logo-stacked-rgb.png" class="aligncenter" />
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h2><?php _e( 'Overview', 'wporg' ); ?></h2>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h2><?php esc_html_e( 'Overview', 'wporg' ); ?></h2>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'This document is an analysis and explanation of the WordPress core software development and its related security processes, as well as an examination of the inherent security built directly into the software. Decision makers evaluating WordPress as a content management system or web application framework should use this document in their analysis and decision-making, and for developers to refer to it to familiarize themselves with the security components and best practices of the software.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'This document is an analysis and explanation of the WordPress core software development and its related security processes, as well as an examination of the inherent security built directly into the software. Decision makers evaluating WordPress as a content management system or web application framework should use this document in their analysis and decision-making, and for developers to refer to it to familiarize themselves with the security components and best practices of the software.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'The information in this document is up-to-date for the latest stable release of the software, WordPress 4.7 at time of publication, but should be considered relevant also to the most recent versions of the software as backwards compatibility is a strong focus for the WordPress development team. Specific security measures and changes will be noted as they have been added to the core software in specific releases. It is strongly encouraged to always be running the latest stable version of WordPress to ensure the most secure experience possible.', 'wporg' ); ?></p>
- <h2><?php _e( 'Executive Summary', 'wporg' ); ?></h2>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'The information in this document is up-to-date for the latest stable release of the software, WordPress 4.7 at time of publication, but should be considered relevant also to the most recent versions of the software as backwards compatibility is a strong focus for the WordPress development team. Specific security measures and changes will be noted as they have been added to the core software in specific releases. It is strongly encouraged to always be running the latest stable version of WordPress to ensure the most secure experience possible.', 'wporg' ); ?></p>
+ <h2><?php esc_html_e( 'Executive Summary', 'wporg' ); ?></h2>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: WordPress Market share - 30. Note the following % sign is escaped as %%. */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( "WordPress is a dynamic open-source content management system which is used to power millions of websites, web applications, and blogs. It currently powers more than %s%% of the top 10 million websites on the Internet. WordPress' usability, extensibility, and mature development community make it a popular and secure choice for websites of all sizes.", 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'WordPress is a dynamic open-source content management system which is used to power millions of websites, web applications, and blogs. It currently powers more than %s%% of the top 10 million websites on the Internet. WordPress’ usability, extensibility, and mature development community make it a popular and secure choice for websites of all sizes.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> WP_MARKET_SHARE
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'Since its inception in 2003, WordPress has undergone continual hardening so its core software can address and mitigate common security threats, including the Top 10 list identified by The Open Web Application Security Project (OWASP) as common security vulnerabilities, which are discussed in this document.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'Since its inception in 2003, WordPress has undergone continual hardening so its core software can address and mitigate common security threats, including the Top 10 list identified by The Open Web Application Security Project (OWASP) as common security vulnerabilities, which are discussed in this document.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'The WordPress Security Team, in collaboration with the WordPress Core Leadership Team and backed by the WordPress global community, works to identify and resolve security issues in the core software available for distribution and installation at WordPress.org, as well as recommending and documenting security best practices for third-party plugin and theme authors.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'The WordPress Security Team, in collaboration with the WordPress Core Leadership Team and backed by the WordPress global community, works to identify and resolve security issues in the core software available for distribution and installation at WordPress.org, as well as recommending and documenting security best practices for third-party plugin and theme authors.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'Site developers and administrators should pay particular attention to the correct use of core APIs and underlying server configuration which have been the source of common vulnerabilities, as well as ensuring all users employ strong passwords to access WordPress.', 'wporg' ); ?></p>
- <h2><?php _e( 'An Overview of WordPress', 'wporg' ); ?></h2>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'Site developers and administrators should pay particular attention to the correct use of core APIs and underlying server configuration which have been the source of common vulnerabilities, as well as ensuring all users employ strong passwords to access WordPress.', 'wporg' ); ?></p>
+ <h2><?php esc_html_e( 'An Overview of WordPress', 'wporg' ); ?></h2>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: 1: WordPress Market share - 30. Note the following % sign is escaped as %%. 2: Footnote 3: Market Penetration - 60. Note the following % sign is escaped as %%. */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'WordPress is a free and open source content management system (CMS). It is the most widely-used CMS software in the world and it powers more than %1$s%% of the top 10 million websites%2$s, giving it an estimated %3$s%% market share of all sites
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'WordPress is a free and open source content management system (CMS). It is the most widely-used CMS software in the world and it powers more than %1$s%% of the top 10 million websites%2$s, giving it an estimated %3$s%% market share of all sites
</ins><span class="cx" style="display: block; padding: 0 10px"> using a CMS.', 'wporg' ),
</span><span class="cx" style="display: block; padding: 0 10px"> WP_MARKET_SHARE,
</span><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref1"><a href="#footnote1">1</a></a></sup>',
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -83,59 +83,59 @@
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'WordPress is licensed under the General Public License (GPLv2 or later) which provides four core freedoms, and can be considered as the WordPress "bill of rights":', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'WordPress is licensed under the General Public License (GPLv2 or later) which provides four core freedoms, and can be considered as the WordPress “bill of rights”:', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px"> <ol>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <li><?php _e( 'The freedom to run the program, for any purpose.', 'wporg' ); ?></li>
- <li><?php _e( 'The freedom to study how the program works, and change it to make it do what you wish.', 'wporg' ); ?></li>
- <li><?php _e( 'The freedom to redistribute.', 'wporg' ); ?></li>
- <li><?php _e( 'The freedom to distribute copies of your modified versions to others.', 'wporg' ); ?></li>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <li><?php esc_html_e( 'The freedom to run the program, for any purpose.', 'wporg' ); ?></li>
+ <li><?php esc_html_e( 'The freedom to study how the program works, and change it to make it do what you wish.', 'wporg' ); ?></li>
+ <li><?php esc_html_e( 'The freedom to redistribute.', 'wporg' ); ?></li>
+ <li><?php esc_html_e( 'The freedom to distribute copies of your modified versions to others.', 'wporg' ); ?></li>
</ins><span class="cx" style="display: block; padding: 0 10px"> </ol>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'The WordPress Core Leadership Team', 'wporg' ); ?></h3>
- <p><?php _e( 'The WordPress project is a meritocracy, run by a core leadership team, and led by its co-creator and lead developer, Matt Mullenweg. The team governs all aspects of the project, including core development, WordPress.org, and community initiatives.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'The WordPress Core Leadership Team', 'wporg' ); ?></h3>
+ <p><?php esc_html_e( 'The WordPress project is a meritocracy, run by a core leadership team, and led by its co-creator and lead developer, Matt Mullenweg. The team governs all aspects of the project, including core development, WordPress.org, and community initiatives.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'The Core Leadership Team consists of Matt Mullenweg, five lead developers, and more than a dozen core developers with permanent commit access. These developers have final authority on technical decisions, and lead architecture discussions and implementation efforts.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'The Core Leadership Team consists of Matt Mullenweg, five lead developers, and more than a dozen core developers with permanent commit access. These developers have final authority on technical decisions, and lead architecture discussions and implementation efforts.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'WordPress has a number of contributing developers. Some of these are former or current committers, and some are likely future committers. These contributing developers are trusted and veteran contributors to WordPress who have earned a great deal of respect among their peers. As needed, WordPress also has guest committers, individuals who are granted commit access, sometimes for a specific component, on a temporary or trial basis.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'WordPress has a number of contributing developers. Some of these are former or current committers, and some are likely future committers. These contributing developers are trusted and veteran contributors to WordPress who have earned a great deal of respect among their peers. As needed, WordPress also has guest committers, individuals who are granted commit access, sometimes for a specific component, on a temporary or trial basis.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'The core and contributing developers primarily guide WordPress development. Every version, hundreds of developers contribute code to WordPress. These core contributors are volunteers who contribute to the core codebase in some way.', 'wporg' ); ?></p>
- <h3><?php _e( 'The WordPress Release Cycle', 'wporg' ); ?></h3>
- <p><?php _e( 'Each WordPress release cycle is led by one or more of the core WordPress developers. A release cycle usually lasts around 4 months from the initial scoping meeting to launch of the version.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'The core and contributing developers primarily guide WordPress development. Every version, hundreds of developers contribute code to WordPress. These core contributors are volunteers who contribute to the core codebase in some way.', 'wporg' ); ?></p>
+ <h3><?php esc_html_e( 'The WordPress Release Cycle', 'wporg' ); ?></h3>
+ <p><?php esc_html_e( 'Each WordPress release cycle is led by one or more of the core WordPress developers. A release cycle usually lasts around 4 months from the initial scoping meeting to launch of the version.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote*/
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'A release cycle follows the following pattern%s:', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'A release cycle follows the following pattern%s:', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref2"><a href="#footnote2">2</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px"> <ul>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <li><?php _e( 'Phase 1: Planning and securing team leads. This is done in the #core chat room on Slack. The release lead discusses features for the next release of WordPress. WordPress contributors get involved with that discussion. The release lead will identify team leads for each of the features.', 'wporg' ); ?></li>
- <li><?php _e( 'Phase 2: Development work begins. Team leads assemble teams and work on their assigned features. Regular chats are scheduled to ensure the development keeps moving forward.', 'wporg' ); ?></li>
- <li><?php _e( 'Phase 3: Beta. Betas are released, and beta-testers are asked to start reporting bugs. No more commits for new enhancements or feature requests are carried out from this phase on. Third-party plugin and theme authors are encouraged to test their code against the upcoming changes.', 'wporg' ); ?></li>
- <li><?php _e( 'Phase 4: Release Candidate. There is a string freeze for translatable strings from this point on. Work is targeted on regressions and blockers only.', 'wporg' ); ?></li>
- <li><?php _e( 'Phase 5: Launch. WordPress version is launched and made available in the WordPress Admin for updates.', 'wporg' ); ?></li>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <li><?php esc_html_e( 'Phase 1: Planning and securing team leads. This is done in the #core chat room on Slack. The release lead discusses features for the next release of WordPress. WordPress contributors get involved with that discussion. The release lead will identify team leads for each of the features.', 'wporg' ); ?></li>
+ <li><?php esc_html_e( 'Phase 2: Development work begins. Team leads assemble teams and work on their assigned features. Regular chats are scheduled to ensure the development keeps moving forward.', 'wporg' ); ?></li>
+ <li><?php esc_html_e( 'Phase 3: Beta. Betas are released, and beta-testers are asked to start reporting bugs. No more commits for new enhancements or feature requests are carried out from this phase on. Third-party plugin and theme authors are encouraged to test their code against the upcoming changes.', 'wporg' ); ?></li>
+ <li><?php esc_html_e( 'Phase 4: Release Candidate. There is a string freeze for translatable strings from this point on. Work is targeted on regressions and blockers only.', 'wporg' ); ?></li>
+ <li><?php esc_html_e( 'Phase 5: Launch. WordPress version is launched and made available in the WordPress Admin for updates.', 'wporg' ); ?></li>
</ins><span class="cx" style="display: block; padding: 0 10px"> </ul>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'Version Numbering and Security Releases', 'wporg' ); ?></h3>
- <p><?php _e( "A major WordPress version is dictated by the first two sequences. For example, 3.5 is a major release, as is 3.6, 3.7, or 4.0. There isn't a “WordPress 3” or “WordPress 4” and each major release is referred to by its numbering, e.g., “WordPress 3.9.”", 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'Version Numbering and Security Releases', 'wporg' ); ?></h3>
+ <p><?php esc_html_e( 'A major WordPress version is dictated by the first two sequences. For example, 3.5 is a major release, as is 3.6, 3.7, or 4.0. There isn’t a “WordPress 3” or “WordPress 4” and each major release is referred to by its numbering, e.g., “WordPress 3.9.”', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( "Major releases may add new user features and developer APIs. Though typically in the software world, a “major ” version means you can break backwards compatibility, WordPress strives to never break backwards compatibility. Backwards compatibility is one of the project's most important philosophies, with the aim of making updates much easier on users and developers alike.", 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'Major releases may add new user features and developer APIs. Though typically in the software world, a “major” version means you can break backwards compatibility, WordPress strives to never break backwards compatibility. Backwards compatibility is one of the project’s most important philosophies, with the aim of making updates much easier on users and developers alike.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'A minor WordPress version is dictated by the third sequence. Version 3.5.1 is a minor release, as is 3.4.2%s. A minor release is reserved for fixing security vulnerabilities and addressing critical bugs only. Since new versions of WordPress are released so frequently — the aim is every 4-5 months for a major release, and minor releases happen as needed — there is only a need for major and minor releases.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'A minor WordPress version is dictated by the third sequence. Version 3.5.1 is a minor release, as is 3.4.2%s. A minor release is reserved for fixing security vulnerabilities and addressing critical bugs only. Since new versions of WordPress are released so frequently — the aim is every 4-5 months for a major release, and minor releases happen as needed — there is only a need for major and minor releases.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref3"><a href="#footnote3">3</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'Version Backwards Compatibility', 'wporg' ); ?></h3>
- <p><?php _e( 'The WordPress project has a strong commitment to backwards compatibility. This commitment means that themes, plugins, and custom code continues to function when WordPress core software is updated, encouraging site owners to keep their WordPress version updated to the latest secure release.', 'wporg' ); ?></p>
- <h2><?php _e( 'WordPress and Security', 'wporg' ); ?></h2>
- <h3><?php _e( 'The WordPress Security Team', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'Version Backwards Compatibility', 'wporg' ); ?></h3>
+ <p><?php esc_html_e( 'The WordPress project has a strong commitment to backwards compatibility. This commitment means that themes, plugins, and custom code continues to function when WordPress core software is updated, encouraging site owners to keep their WordPress version updated to the latest secure release.', 'wporg' ); ?></p>
+ <h2><?php esc_html_e( 'WordPress and Security', 'wporg' ); ?></h2>
+ <h3><?php esc_html_e( 'The WordPress Security Team', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: 1: Number - 50; 2: Footnote*/
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'The WordPress Security Team is made up of approximately %1$s experts including lead developers and security researchers — about half are employees of Automattic (makers of WordPress.com, the earliest and largest WordPress hosting platform on the web), and a number work in the web security field. The team consults with well-known and trusted security researchers and hosting companies%2$s.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'The WordPress Security Team is made up of approximately %1$s experts including lead developers and security researchers — about half are employees of Automattic (makers of WordPress.com, the earliest and largest WordPress hosting platform on the web), and a number work in the web security field. The team consults with well-known and trusted security researchers and hosting companies%2$s.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> 50,
</span><span class="cx" style="display: block; padding: 0 10px"> '<sup><a href="#footnote3">3</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -144,69 +144,69 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'The WordPress Security Team often collaborates with other security teams to address issues in common dependencies, such as resolving the vulnerability in the PHP XML parser, used by the XML-RPC API that ships with WordPress, in WordPress 3.9.2%s. This vulnerability resolution was a result of a joint effort by both WordPress and Drupal security teams.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'The WordPress Security Team often collaborates with other security teams to address issues in common dependencies, such as resolving the vulnerability in the PHP XML parser, used by the XML-RPC API that ships with WordPress, in WordPress 3.9.2%s. This vulnerability resolution was a result of a joint effort by both WordPress and Drupal security teams.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref4"><a href="#footnote4">4</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'WordPress Security Risks, Process, and History', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'WordPress Security Risks, Process, and History', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: 1: HackerOne URL 2: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'The WordPress Security Team believes in Responsible Disclosure by alerting the security team immediately of any potential vulnerabilities. Potential security vulnerabilities can be signaled to the Security Team via the <a href="%1$s">WordPress HackerOne</a>%2$s. The Security Team communicates amongst itself via a private Slack channel, and works on a walled-off, private Trac for tracking, testing, and fixing bugs and security problems.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ wp_kses_post( __( 'The WordPress Security Team believes in Responsible Disclosure by alerting the security team immediately of any potential vulnerabilities. Potential security vulnerabilities can be signaled to the Security Team via the <a href="%1$s">WordPress HackerOne</a>%2$s. The Security Team communicates amongst itself via a private Slack channel, and works on a walled-off, private Trac for tracking, testing, and fixing bugs and security problems.', 'wporg' ) ),
</ins><span class="cx" style="display: block; padding: 0 10px"> 'https://hackerone.com/wordpress',
</span><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref5"><a href="#footnote5">5</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'Each security report is acknowledged upon receipt, and the team works to verify the vulnerability and determine its severity. If confirmed, the security team then plans for a patch to fix the problem which can be committed to an upcoming release of the WordPress software or it can be pushed as an immediate security release, depending on the severity of the issue.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'Each security report is acknowledged upon receipt, and the team works to verify the vulnerability and determine its severity. If confirmed, the security team then plans for a patch to fix the problem which can be committed to an upcoming release of the WordPress software or it can be pushed as an immediate security release, depending on the severity of the issue.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'For an immediate security release, an advisory is published by the Security Team to the WordPress.org News site%s announcing the release and detailing the changes. Credit for the responsible disclosure of a vulnerability is given in the advisory to encourage and reinforce continued responsible reporting in the future.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'For an immediate security release, an advisory is published by the Security Team to the WordPress.org News site%s announcing the release and detailing the changes. Credit for the responsible disclosure of a vulnerability is given in the advisory to encourage and reinforce continued responsible reporting in the future.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref6"><a href="#footnote6">6</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'Administrators of the WordPress software see a notification on their site dashboard to upgrade when a new release is available, and following the manual upgrade users are redirected to the About WordPress screen which details the changes. If administrators have automatic background updates enabled, they will receive an email after an upgrade has been completed.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'Administrators of the WordPress software see a notification on their site dashboard to upgrade when a new release is available, and following the manual upgrade users are redirected to the About WordPress screen which details the changes. If administrators have automatic background updates enabled, they will receive an email after an upgrade has been completed.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'Automatic Background Updates for Security Releases', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'Automatic Background Updates for Security Releases', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'Starting with version 3.7, WordPress introduced automated background updates for all minor releases%s, such as 3.7.1 and 3.7.2. The WordPress Security Team can identify, fix, and push out automated security enhancements for WordPress without the site owner needing to do anything on their end, and the security update will install automatically.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'Starting with version 3.7, WordPress introduced automated background updates for all minor releases%s, such as 3.7.1 and 3.7.2. The WordPress Security Team can identify, fix, and push out automated security enhancements for WordPress without the site owner needing to do anything on their end, and the security update will install automatically.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref7"><a href="#footnote7">7</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'When a security update is pushed for the current stable release of WordPress, the core team will also push security updates for all the releases that are capable of background updates (since WordPress 3.7), so these older but still recent versions of WordPress will receive security enhancements.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'When a security update is pushed for the current stable release of WordPress, the core team will also push security updates for all the releases that are capable of background updates (since WordPress 3.7), so these older but still recent versions of WordPress will receive security enhancements.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'Individual site owners can opt to remove automatic background updates through a simple change in their configuration file, but keeping the functionality is strongly recommended by the core team, as well as running the latest stable release of WordPress.', 'wporg' ); ?></p>
- <h3><?php _e( '2013 OWASP Top 10', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'Individual site owners can opt to remove automatic background updates through a simple change in their configuration file, but keeping the functionality is strongly recommended by the core team, as well as running the latest stable release of WordPress.', 'wporg' ); ?></p>
+ <h3><?php esc_html_e( '2013 OWASP Top 10', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'The Open Web Application Security Project (OWASP) is an online community dedicated to web application security. The OWASP Top 10 list%s focuses on identifying the most serious application security risks for a broad array of organizations. The Top 10 items are selected and prioritized in combination with consensus estimates of exploitability, detectability, and impact estimates.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'The Open Web Application Security Project (OWASP) is an online community dedicated to web application security. The OWASP Top 10 list%s focuses on identifying the most serious application security risks for a broad array of organizations. The Top 10 items are selected and prioritized in combination with consensus estimates of exploitability, detectability, and impact estimates.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref8"><a href="#footnote8">8</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'The following sections discuss the APIs, resources, and policies that WordPress uses to strengthen the core software and 3rd party plugins and themes against these potential risks.', 'wporg' ); ?></p>
- <h4><?php _e( 'A1 - Injection', 'wporg' ); ?></h4>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'The following sections discuss the APIs, resources, and policies that WordPress uses to strengthen the core software and 3rd party plugins and themes against these potential risks.', 'wporg' ); ?></p>
+ <h4><?php esc_html_e( 'A1 - Injection', 'wporg' ); ?></h4>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'There is a set of functions and APIs available in WordPress to assist developers in making sure unauthorized code cannot be injected, and help them validate and sanitize data. Best practices and documentation are available%s on how to use these APIs to protect, validate, or sanitize input and output data in HTML, URLs, HTTP headers, and when interacting with the database and filesystem. Administrators can also further restrict the types of file which can be uploaded via filters.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'There is a set of functions and APIs available in WordPress to assist developers in making sure unauthorized code cannot be injected, and help them validate and sanitize data. Best practices and documentation are available%s on how to use these APIs to protect, validate, or sanitize input and output data in HTML, URLs, HTTP headers, and when interacting with the database and filesystem. Administrators can also further restrict the types of file which can be uploaded via filters.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref9"><a href="#footnote9">9</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h4><?php _e( 'A2 - Broken Authentication and Session Management', 'wporg' ); ?></h4>
- <p><?php _e( 'WordPress core software manages user accounts and authentication and details such as the user ID, name, and password are managed on the server-side, as well as the authentication cookies. Passwords are protected in the database using standard salting and stretching techniques. Existing sessions are destroyed upon logout for versions of WordPress after 4.0.', 'wporg' ); ?></p>
- <h4><?php _e( 'A3 - Cross Site Scripting (XSS)', 'wporg' ); ?></h4>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h4><?php esc_html_e( 'A2 - Broken Authentication and Session Management', 'wporg' ); ?></h4>
+ <p><?php esc_html_e( 'WordPress core software manages user accounts and authentication and details such as the user ID, name, and password are managed on the server-side, as well as the authentication cookies. Passwords are protected in the database using standard salting and stretching techniques. Existing sessions are destroyed upon logout for versions of WordPress after 4.0.', 'wporg' ); ?></p>
+ <h4><?php esc_html_e( 'A3 - Cross Site Scripting (XSS)', 'wporg' ); ?></h4>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: 1: Footnote, 2: wp_kses() */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'WordPress provides a range of functions which can help ensure that user-supplied data is safe%1$s. Trusted users, that is administrators and editors on a single WordPress installation, and network administrators only in WordPress Multisite, can post unfiltered HTML or JavaScript as they need to, such as inside a post or page. Untrusted users and user-submitted content is filtered by default to remove dangerous entities, using the KSES library through the %2$s function.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'WordPress provides a range of functions which can help ensure that user-supplied data is safe%1$s. Trusted users, that is administrators and editors on a single WordPress installation, and network administrators only in WordPress Multisite, can post unfiltered HTML or JavaScript as they need to, such as inside a post or page. Untrusted users and user-submitted content is filtered by default to remove dangerous entities, using the KSES library through the %2$s function.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref10"><a href="#footnote10">10</a></sup>',
</span><span class="cx" style="display: block; padding: 0 10px"> '<code>wp_kses</code>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -215,46 +215,46 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: the_search_query() */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'As an example, the WordPress core team noticed before the release of WordPress 2.3 that the function %s was being misused by most theme authors, who were not escaping the function’s output for use in HTML. In a very rare case of slightly breaking backward compatibility, the function’s output was changed in WordPress 2.3 to be pre-escaped.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'As an example, the WordPress core team noticed before the release of WordPress 2.3 that the function %s was being misused by most theme authors, who were not escaping the function’s output for use in HTML. In a very rare case of slightly breaking backward compatibility, the function’s output was changed in WordPress 2.3 to be pre-escaped.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<code>the_search_query()</code>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h4><?php _e( 'A4 - Insecure Direct Object Reference', 'wporg' ); ?></h4>
- <p><?php _e( "WordPress often provides direct object reference, such as unique numeric identifiers of user accounts or content available in the URL or form fields. While these identifiers disclose direct system information, WordPress' rich permissions and access control system prevent unauthorized requests.", 'wporg' ); ?></p>
- <h4><?php _e( 'A5 - Security Misconfiguration', 'wporg' ); ?></h4>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h4><?php esc_html_e( 'A4 - Insecure Direct Object Reference', 'wporg' ); ?></h4>
+ <p><?php esc_html_e( 'WordPress often provides direct object reference, such as unique numeric identifiers of user accounts or content available in the URL or form fields. While these identifiers disclose direct system information, WordPress’ rich permissions and access control system prevent unauthorized requests.', 'wporg' ); ?></p>
+ <h4><?php esc_html_e( 'A5 - Security Misconfiguration', 'wporg' ); ?></h4>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'The majority of the WordPress security configuration operations are limited to a single authorized administrator. Default settings for WordPress are continually evaluated at the core team level, and the WordPress core team provides documentation and best practices to tighten security for server configuration for running a WordPress site%s.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'The majority of the WordPress security configuration operations are limited to a single authorized administrator. Default settings for WordPress are continually evaluated at the core team level, and the WordPress core team provides documentation and best practices to tighten security for server configuration for running a WordPress site%s.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref11"><a href="#footnote11">11</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h4><?php _e( 'A6 - Sensitive Data Exposure', 'wporg' ); ?></h4>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h4><?php esc_html_e( 'A6 - Sensitive Data Exposure', 'wporg' ); ?></h4>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( "WordPress user account passwords are salted and hashed based on the Portable PHP Password Hashing Framework%s. WordPress' permission system is used to control access to private information such an registered users' PII, commenters' email addresses, privately published content, etc. In WordPress 3.7, a password strength meter was included in the core software providing additional information to users setting their passwords and hints on increasing strength. WordPress also has an optional configuration setting for requiring HTTPS.", 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'WordPress user account passwords are salted and hashed based on the Portable PHP Password Hashing Framework%s. WordPress’ permission system is used to control access to private information such an registered users’ PII, commenters’ email addresses, privately published content, etc. In WordPress 3.7, a password strength meter was included in the core software providing additional information to users setting their passwords and hints on increasing strength. WordPress also has an optional configuration setting for requiring HTTPS.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref12"><a href="#footnote12">12</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h4><?php _e( 'A7 - Missing Function Level Access Control', 'wporg' ); ?></h4>
- <p><?php _e( 'WordPress checks for proper authorization and permissions for any function level access requests prior to the action being executed. Access or visualization of administrative URLs, menus, and pages without proper authentication is tightly integrated with the authentication system to prevent access from unauthorized users.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h4><?php esc_html_e( 'A7 - Missing Function Level Access Control', 'wporg' ); ?></h4>
+ <p><?php esc_html_e( 'WordPress checks for proper authorization and permissions for any function level access requests prior to the action being executed. Access or visualization of administrative URLs, menus, and pages without proper authentication is tightly integrated with the authentication system to prevent access from unauthorized users.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h4><?php _e( 'A8 - Cross Site Request Forgery (CSRF)', 'wporg' ); ?></h4>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h4><?php esc_html_e( 'A8 - Cross Site Request Forgery (CSRF)', 'wporg' ); ?></h4>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'WordPress uses cryptographic tokens, called nonces%s, to validate intent of action requests from authorized users to protect against potential CSRF threats. WordPress provides an API for the generation of these tokens to create and verify unique and temporary tokens, and the token is limited to a specific user, a specific action, a specific object, and a specific time period, which can be added to forms and URLs as needed. Additionally, all nonces are invalidated upon logout.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'WordPress uses cryptographic tokens, called nonces%s, to validate intent of action requests from authorized users to protect against potential CSRF threats. WordPress provides an API for the generation of these tokens to create and verify unique and temporary tokens, and the token is limited to a specific user, a specific action, a specific object, and a specific time period, which can be added to forms and URLs as needed. Additionally, all nonces are invalidated upon logout.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref13"><a href="#footnote13">13</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h4><?php _e( 'A9 - Using Components with Known Vulnerabilities', 'wporg' ); ?></h4>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h4><?php esc_html_e( 'A9 - Using Components with Known Vulnerabilities', 'wporg' ); ?></h4>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'The WordPress core team closely monitors the few included libraries and frameworks WordPress integrates with for core functionality. In the past the core team has made contributions to several third-party components to make them more secure, such as the update to fix a cross-site vulnerability in TinyMCE in WordPress 3.5.2%s.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'The WordPress core team closely monitors the few included libraries and frameworks WordPress integrates with for core functionality. In the past the core team has made contributions to several third-party components to make them more secure, such as the update to fix a cross-site vulnerability in TinyMCE in WordPress 3.5.2%s.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref14"><a href="#footnote14">14</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -262,42 +262,42 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'If necessary, the core team may decide to fork or replace critical external components, such as when the SWFUpload library was officially replaced by the Plupload library in 3.5.2, and a secure fork of SWFUpload was made available by the security team<%s for those plugins who continued to use SWFUpload in the short-term.', 'wporg' ),
- 'sup id="ref15"><a href="#footnote15">15</a></sup>'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'If necessary, the core team may decide to fork or replace critical external components, such as when the SWFUpload library was officially replaced by the Plupload library in 3.5.2, and a secure fork of SWFUpload was made available by the security team<%s for those plugins who continued to use SWFUpload in the short-term.', 'wporg' ),
+ '<sup id="ref15"><a href="#footnote15">15</a></sup>'
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h4><?php _e( 'A10 - Unvalidated Redirects and Forwards', 'wporg' ); ?></h4>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h4><?php esc_html_e( 'A10 - Unvalidated Redirects and Forwards', 'wporg' ); ?></h4>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( "WordPress' internal access control and authentication system will protect against attempts to direct users to unwanted destinations or automatic redirects. This functionality is also made available to plugin developers via an API, <code>wp_safe_redirect()</code>%s.", 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ wp_kses_post( __( 'WordPress’ internal access control and authentication system will protect against attempts to direct users to unwanted destinations or automatic redirects. This functionality is also made available to plugin developers via an API, <code>wp_safe_redirect()</code>%s.', 'wporg' ) ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref16"><a href="#footnote16">16</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'Further Security Risks and Concerns', 'wporg' ); ?></h3>
- <h4><?php _e( 'XXE (XML eXternal Entity) processing attacks', 'wporg' ); ?></h4>
- <p><?php _e( "When processing XML, WordPress disables the loading of custom XML entities to prevent both External Entity and Entity Expansion attacks. Beyond PHP's core functionality, WordPress does not provide additional secure XML processing API for plugin authors.", 'wporg' ); ?></p>
- <h4><?php _e( 'SSRF (Server Side Request Forgery) Attacks', 'wporg' ); ?></h4>
- <p><?php _e( 'HTTP requests issued by WordPress are filtered to prevent access to loopback and private IP addresses. Additionally, access is only allowed to certain standard HTTP ports.', 'wporg' ); ?></p>
- <h2><?php _e( 'WordPress Plugin and Theme Security', 'wporg' ); ?></h2>
- <h3><?php _e( 'The Default Theme', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'Further Security Risks and Concerns', 'wporg' ); ?></h3>
+ <h4><?php esc_html_e( 'XXE (XML eXternal Entity) processing attacks', 'wporg' ); ?></h4>
+ <p><?php esc_html_e( 'When processing XML, WordPress disables the loading of custom XML entities to prevent both External Entity and Entity Expansion attacks. Beyond PHP’s core functionality, WordPress does not provide additional secure XML processing API for plugin authors.', 'wporg' ); ?></p>
+ <h4><?php esc_html_e( 'SSRF (Server Side Request Forgery) Attacks', 'wporg' ); ?></h4>
+ <p><?php esc_html_e( 'HTTP requests issued by WordPress are filtered to prevent access to loopback and private IP addresses. Additionally, access is only allowed to certain standard HTTP ports.', 'wporg' ); ?></p>
+ <h2><?php esc_html_e( 'WordPress Plugin and Theme Security', 'wporg' ); ?></h2>
+ <h3><?php esc_html_e( 'The Default Theme', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: The latest Core Theme release - Currently Twenty Seventeen */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'WordPress requires a theme to be enabled to render content visible on the frontend. The default theme which ships with core WordPress (currently "%s") has been vigorously reviewed and tested for security reasons by both the team of theme developers plus the core development team.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'WordPress requires a theme to be enabled to render content visible on the frontend. The default theme which ships with core WordPress (currently "%s") has been vigorously reviewed and tested for security reasons by both the team of theme developers plus the core development team.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> wp_get_theme( 'core/' . WP_CORE_DEFAULT_THEME )->display( 'Name' )
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'The default theme can serve as a starting point for custom theme development, and site developers can create a child theme which includes some customization but falls back on the default theme for most functionality and security. The default theme can be easily removed by an administrator if not needed.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'The default theme can serve as a starting point for custom theme development, and site developers can create a child theme which includes some customization but falls back on the default theme for most functionality and security. The default theme can be easily removed by an administrator if not needed.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'WordPress.org Theme and Plugin Repositories', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'WordPress.org Theme and Plugin Repositories', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: 1: Number of plugins - 50,000; 2: Number of themes - 5,000 */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'There are approximately %1$s+ plugins and %2$s+ themes listed on the WordPress.org site. These themes and plugins are submitted for inclusion and are manually reviewed by volunteers before making them available on the repository.', 'wporg'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'There are approximately %1$s+ plugins and %2$s+ themes listed on the WordPress.org site. These themes and plugins are submitted for inclusion and are manually reviewed by volunteers before making them available on the repository.', 'wporg'
</ins><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> number_format_i18n( 50000 ),
</span><span class="cx" style="display: block; padding: 0 10px"> number_format_i18n( 5000 )
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -307,95 +307,95 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: 1: Footnote; 2: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'Inclusion of plugins and themes in the repository is not a guarantee that they are free from security vulnerabilities. Guidelines are provided for plugin authors to consult prior to submission for inclusion in the repository%1$s, and extensive documentation about how to do WordPress theme development%2$s is provided on the WordPress.org site.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'Inclusion of plugins and themes in the repository is not a guarantee that they are free from security vulnerabilities. Guidelines are provided for plugin authors to consult prior to submission for inclusion in the repository%1$s, and extensive documentation about how to do WordPress theme development%2$s is provided on the WordPress.org site.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref17"><a href="#footnote17">17</a></sup>',
</span><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref18"><a href="#footnote18">18</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'Each plugin and theme has the ability to be continually developed by the plugin or theme owner, and any subsequent fixes or feature development can be uploaded to the repository and made available to users with that plugin or theme installed with a description of that change. Site administrators are notified of plugins which need to be updated via their administration dashboard.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'Each plugin and theme has the ability to be continually developed by the plugin or theme owner, and any subsequent fixes or feature development can be uploaded to the repository and made available to users with that plugin or theme installed with a description of that change. Site administrators are notified of plugins which need to be updated via their administration dashboard.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'When a plugin vulnerability is discovered by the WordPress Security Team, they contact the plugin author and work together to fix and release a secure version of the plugin. If there is a lack of response from the plugin author or if the vulnerability is severe, the plugin/theme is pulled from the public directory, and in some cases, fixed and updated directly by the Security Team.', 'wporg' ); ?></p>
- <h3><?php _e( 'The Theme Review Team', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'When a plugin vulnerability is discovered by the WordPress Security Team, they contact the plugin author and work together to fix and release a secure version of the plugin. If there is a lack of response from the plugin author or if the vulnerability is severe, the plugin/theme is pulled from the public directory, and in some cases, fixed and updated directly by the Security Team.', 'wporg' ); ?></p>
+ <h3><?php esc_html_e( 'The Theme Review Team', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: 1: Footnote; 2: Footnote; 3: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'The Theme Review Team is a group of volunteers, led by key and established members of the WordPress community, who review and approve themes submitted to be included in the official WordPress Theme directory. The Theme Review Team maintains the official Theme Review Guidelines%1$s, the Theme Unit Test Datas%2$s, and the Theme Check Plugins%3$s, and attempts to engage and educate the WordPress Theme developer community regarding development best practices. Inclusion in the group is moderated by core committers of the WordPress development team.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'The Theme Review Team is a group of volunteers, led by key and established members of the WordPress community, who review and approve themes submitted to be included in the official WordPress Theme directory. The Theme Review Team maintains the official Theme Review Guidelines%1$s, the Theme Unit Test Datas%2$s, and the Theme Check Plugins%3$s, and attempts to engage and educate the WordPress Theme developer community regarding development best practices. Inclusion in the group is moderated by core committers of the WordPress development team.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref19"><a href="#footnote19">19</a></sup>',
</span><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref20"><a href="#footnote20">20</a></sup>',
</span><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref21"><a href="#footnote21">21</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h2><?php _e( 'The Role of the Hosting Provider in WordPress Security', 'wporg' ); ?></h2>
- <p><?php _e( 'WordPress can be installed on a multitude of platforms. Though WordPress core software provides many provisions for operating a secure web application, which were covered in this document, the configuration of the operating system and the underlying web server hosting the software is equally important to keep the WordPress applications secure.', 'wporg' ); ?></p>
- <h3><?php _e( 'A Note about WordPress.com and WordPress security', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h2><?php esc_html_e( 'The Role of the Hosting Provider in WordPress Security', 'wporg' ); ?></h2>
+ <p><?php esc_html_e( 'WordPress can be installed on a multitude of platforms. Though WordPress core software provides many provisions for operating a secure web application, which were covered in this document, the configuration of the operating system and the underlying web server hosting the software is equally important to keep the WordPress applications secure.', 'wporg' ); ?></p>
+ <h3><?php esc_html_e( 'A Note about WordPress.com and WordPress security', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'WordPress.com is the largest WordPress installation in the world, and is owned and managed by Automattic, Inc., which was founded by Matt Mullenweg, the WordPress project co-creator. WordPress.com runs on the core WordPress software, and has its own security processes, risks, and solutions%s. This document refers to security regarding the self-hosted, downloadable open source WordPress software available from WordPress.org and installable on any server in the world.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'WordPress.com is the largest WordPress installation in the world, and is owned and managed by Automattic, Inc., which was founded by Matt Mullenweg, the WordPress project co-creator. WordPress.com runs on the core WordPress software, and has its own security processes, risks, and solutions%s. This document refers to security regarding the self-hosted, downloadable open source WordPress software available from WordPress.org and installable on any server in the world.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref22"><a href="#footnote22">22</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h2><?php _e( 'Appendix', 'wporg' ); ?></h2>
- <h3><?php _e( 'Core WordPress APIs', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h2><?php esc_html_e( 'Appendix', 'wporg' ); ?></h2>
+ <h3><?php esc_html_e( 'Core WordPress APIs', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'The WordPress Core Application Programming Interface (API) is comprised of several individual APIs%s, each one covering the functions involved in, and use of, a given set of functionality. Together, these form the project interface which allows plugins and themes to interact with, alter, and extend WordPress core functionality safely and securely.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'The WordPress Core Application Programming Interface (API) is comprised of several individual APIs%s, each one covering the functions involved in, and use of, a given set of functionality. Together, these form the project interface which allows plugins and themes to interact with, alter, and extend WordPress core functionality safely and securely.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref23"><a href="#footnote23">23</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'While each WordPress API provides best practices and standardized ways to interact with and extend WordPress core software, the following WordPress APIs are the most pertinent to enforcing and hardening WordPress security:', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'While each WordPress API provides best practices and standardized ways to interact with and extend WordPress core software, the following WordPress APIs are the most pertinent to enforcing and hardening WordPress security:', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'Database API', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'Database API', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'The Database API%s, added in WordPress 0.71, provides the correct method for accessing data as named values which are stored in the database layer.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'The Database API%s, added in WordPress 0.71, provides the correct method for accessing data as named values which are stored in the database layer.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref24"><a href="#footnote24">24</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'Filesystem API', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'Filesystem API', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: 1: Footnote; 2: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'The Filesystem API%1$s, added in WordPress 2.6%2$s, was originally created for WordPress‘ own automatic updates feature. The Filesystem API abstracts out the functionality needed for reading and writing local files to the filesystem to be done securely, on a variety of host types.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'The Filesystem API%1$s, added in WordPress 2.6%2$s, was originally created for WordPress’ own automatic updates feature. The Filesystem API abstracts out the functionality needed for reading and writing local files to the filesystem to be done securely, on a variety of host types.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref25"><a href="#footnote25">25</a></sup>',
</span><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref26"><a href="#footnote26">26</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( 'It does this through the <code>WP_Filesystem_Base</code> class, and several subclasses which implement different ways of connecting to the local filesystem, depending on individual host support. Any theme or plugin that needs to write files locally should do so using the WP_Filesystem family of classes.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php echo wp_kses_post( __( 'It does this through the <code>WP_Filesystem_Base</code> class, and several subclasses which implement different ways of connecting to the local filesystem, depending on individual host support. Any theme or plugin that needs to write files locally should do so using the WP_Filesystem family of classes.', 'wporg' ) ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'HTTP API', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'HTTP API', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: 1: Footnote; 2: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'The HTTP API%1$s, added in WordPress 2.7%2$s and extended further in WordPress 2.8, standardizes the HTTP requests for WordPress. The API handles cookies, gzip encoding and decoding, chunk decoding (if HTTP 1.1), and various other HTTP protocol implementations. The API standardizes requests, tests each method prior to sending, and, based on your server configuration, uses the appropriate method to make the request.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'The HTTP API%1$s, added in WordPress 2.7%2$s and extended further in WordPress 2.8, standardizes the HTTP requests for WordPress. The API handles cookies, gzip encoding and decoding, chunk decoding (if HTTP 1.1), and various other HTTP protocol implementations. The API standardizes requests, tests each method prior to sending, and, based on your server configuration, uses the appropriate method to make the request.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref27"><a href="#footnote27">27</a></sup>',
</span><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref28"><a href="#footnote28">28</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'Permissions and current user API', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'Permissions and current user API', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Footnote */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( "The permissions and current user API%s is a set of functions which will help verify the current user's permissions and authority to perform any task or operation being requested, and can protect further against unauthorized users accessing or performing functions beyond their permitted capabilities.", 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'The permissions and current user API%s is a set of functions which will help verify the current user’s permissions and authority to perform any task or operation being requested, and can protect further against unauthorized users accessing or performing functions beyond their permitted capabilities.', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<sup id="ref29"><a href="#footnote29">29</a></sup>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'White paper content License', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'White paper content License', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: 1: Link to WordPress Foundation Trademark Polocy (English); 2: Link to Creative Commons CC0 license (English) */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'The text in this document (not including the WordPress logo or <a href="%1$s">trademark</a>) is licensed under <a href="%2$s">CC0 1.0 Universal (CC0 1.0) Public Domain Dedication</a>. You can copy, modify, distribute and perform the work, even for commercial purposes, all without asking permission.', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ wp_kses_post( __( 'The text in this document (not including the WordPress logo or <a href="%1$s">trademark</a>) is licensed under <a href="%2$s">CC0 1.0 Universal (CC0 1.0) Public Domain Dedication</a>. You can copy, modify, distribute and perform the work, even for commercial purposes, all without asking permission.', 'wporg' ) ),
</ins><span class="cx" style="display: block; padding: 0 10px"> 'http://wordpressfoundation.org/trademark-policy/',
</span><span class="cx" style="display: block; padding: 0 10px"> 'https://creativecommons.org/publicdomain/zero/1.0/'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -404,16 +404,16 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Link to the Drupal Security Whitepaper (english). */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( "<em>A special thank you to Drupal's </em><a href='%s'><em>security white paper</em></a><em>, which provided some inspiration. </em>", 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ wp_kses_post( __( '<em>A special thank you to Drupal’s </em><a href="%s"><em>security white paper</em></a><em>, which provided some inspiration. </em>', 'wporg' ) ),
</ins><span class="cx" style="display: block; padding: 0 10px"> 'http://drupalsecurityreport.org/'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'Additional Reading', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'Additional Reading', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px"> <ul>
</span><span class="cx" style="display: block; padding: 0 10px"> <li><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Link to News Blog including the <a> tags. */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'WordPress News %s', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'WordPress News %s', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<a href="https://wordpress.org/news/">https://wordpress.org/news/</a>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></li>
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -420,7 +420,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <li><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Link to News Blog Security Release Archive including the <a> tags. */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'WordPress Security releases %s', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'WordPress Security releases %s', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<a href="https://wordpress.org/news/category/security/">https://wordpress.org/news/category/security/</a>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></li>
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -427,7 +427,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <li><?php
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s: Link to Developer.WordPress.org including the <a> tags. */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- __( 'WordPress Developer Resources %s', 'wporg' ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ esc_html__( 'WordPress Developer Resources %s', 'wporg' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> '<a href="https://developer.wordpress.org/">https://developer.wordpress.org/</a>'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> ?></li>
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -435,15 +435,15 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <hr />
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( '<em>Authored by</em> Sara Rosso', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php echo wp_kses_post( __( '<em>Authored by</em> Sara Rosso', 'wporg' ) ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( '<em>Contributions from</em> Barry Abrahamson, Michael Adams, Jon Cave, Helen Hou-Sandí, Dion Hulse, Mo Jangda, Paul Maiorana', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php echo wp_kses_post( __( '<em>Contributions from</em> Barry Abrahamson, Michael Adams, Jon Cave, Helen Hou-Sandí, Dion Hulse, Mo Jangda, Paul Maiorana', 'wporg' ) ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php _e( '<em>Version 1.0 March 2015</em>', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php echo wp_kses_post( __( '<em>Version 1.0 March 2015</em>', 'wporg' ) ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <hr />
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <h3><?php _e( 'Footnotes', 'wporg' ); ?></h3>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <h3><?php esc_html_e( 'Footnotes', 'wporg' ); ?></h3>
</ins><span class="cx" style="display: block; padding: 0 10px"> <ul>
</span><span class="cx" style="display: block; padding: 0 10px"> <li id='footnote1'><a href="#ref1">[1]</a> <a href="https://w3techs.com/">https://w3techs.com/</a>, as of March 2017</li>
</span><span class="cx" style="display: block; padding: 0 10px"> <li id='footnote2'><a href="#ref2">[2]</a> <a href="https://make.wordpress.org/core/handbook/about/release-cycle/">https://make.wordpress.org/core/handbook/about/release-cycle/</a></li>
</span></span></pre></div>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgmainpageaboutphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/page-about.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/page-about.php 2018-06-06 18:50:37 UTC (rev 7278)
+++ sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/page-about.php 2018-06-06 22:24:28 UTC (rev 7279)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -103,7 +103,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> printf( wp_kses_post( __( 'WordPress started in 2003 when Mike Little and Matt Mullenweg created a <a href="%1$s">fork of b2/cafelog</a>. The need for an elegant, well-architected personal publishing system was clear even then. Today, WordPress is built on PHP and MySQL, and licensed under the GPLv2. It is also the platform of choice for over %2$s%% of all sites across the web.', 'wporg' ) ), esc_url( 'https://www.whoishostingthis.com/resources/b2-cafelog/' ), number_format_i18n( WP_MARKET_SHARE ) );
</span><span class="cx" style="display: block; padding: 0 10px"> ?>
</span><span class="cx" style="display: block; padding: 0 10px"> </p>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p><?php esc_html_e( 'The WordPress open source project has evolved in progressive ways over time — supported by skilled, enthusiastic developers, designers, scientists, bloggers, and more. WordPress provides the opportunity for anyone to create and share, from handcrafted personal anecdotes to world-changing movements. People with a limited tech experience can use it "out of the box", and more tech-savvy folks can customize it in remarkable ways.', 'wporg' ); ?></p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p><?php esc_html_e( 'The WordPress open source project has evolved in progressive ways over time — supported by skilled, enthusiastic developers, designers, scientists, bloggers, and more. WordPress provides the opportunity for anyone to create and share, from handcrafted personal anecdotes to world-changing movements. People with a limited tech experience can use it “out of the box”, and more tech-savvy folks can customize it in remarkable ways.', 'wporg' ); ?></p>
</ins><span class="cx" style="display: block; padding: 0 10px"> </section>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <section class="col-8">
</span></span></pre>
</div>
</div>
</body>
</html>