%s
', sprintf( - /* translators: 1: Name of the constant used. 2: List of hostnames whitelisted. */ - __( 'HTTP requests have been blocked by the %1$s constant, with some hosts whitelisted: %2$s.' ), + /* translators: 1: Name of the constant used. 2: List of allowed hostnames. */ + __( 'HTTP requests have been blocked by the %1$s constant, with some allowed hosts: %2$s.' ), 'WP_HTTP_BLOCK_EXTERNAL',
implode( ',', $hosts )
)
diff --git a/wp-admin/includes/deprecated.php b/wp-admin/includes/deprecated.php
index a9abf670a5..47201332dd 100644
--- a/wp-admin/includes/deprecated.php
+++ b/wp-admin/includes/deprecated.php
@@ -159,8 +159,8 @@ function wp_dropdown_cats( $currentcat = 0, $currentparent = 0, $parent = 0, $le
* @deprecated 3.0.0 Use register_setting()
* @see register_setting()
*
- * @param string $option_group A settings group name. Should correspond to a whitelisted option key name.
- * Default whitelisted option key names include 'general', 'discussion', 'media',
+ * @param string $option_group A settings group name. Should correspond to an allowed option key name.
+ * Default allowed option key names include 'general', 'discussion', 'media',
* 'reading', 'writing', 'misc', 'options', and 'privacy'.
* @param string $option_name The name of an option to sanitize and save.
* @param callable $sanitize_callback A callback function that sanitizes the option's value.
@@ -1530,7 +1530,7 @@ class WP_Privacy_Data_Export_Requests_Table extends WP_Privacy_Data_Export_Reque
$args['screen'] = 'export-personal-data';
}
- parent::__construct( $args );
+ parent::__construct( $args );
}
}
diff --git a/wp-admin/includes/plugin.php b/wp-admin/includes/plugin.php
index 8f0b39f9dd..3492b15ee2 100644
--- a/wp-admin/includes/plugin.php
+++ b/wp-admin/includes/plugin.php
@@ -2136,12 +2136,12 @@ function user_can_access_admin_page() {
return true;
}
-/* Whitelist functions */
+/* Allowed list functions */
/**
- * Refreshes the value of the options whitelist available via the 'whitelist_options' hook.
+ * Refreshes the value of the allowed options list available via the 'allowed_options' hook.
*
- * See the {@see 'whitelist_options'} filter.
+ * See the {@see 'allowed_options'} filter.
*
* @since 2.7.0
*
@@ -2154,77 +2154,77 @@ function option_update_filter( $options ) {
global $new_whitelist_options;
if ( is_array( $new_whitelist_options ) ) {
- $options = add_option_whitelist( $new_whitelist_options, $options );
+ $options = add_option_allowed_list( $new_whitelist_options, $options );
}
return $options;
}
/**
- * Adds an array of options to the options whitelist.
+ * Adds an array of options to the list of allowed options.
*
* @since 2.7.0
*
- * @global array $whitelist_options
+ * @global array $allowed_options
*
* @param array $new_options
* @param string|array $options
* @return array
*/
-function add_option_whitelist( $new_options, $options = '' ) {
+function add_option_allowed_list( $new_options, $options = '' ) {
if ( '' === $options ) {
- global $whitelist_options;
+ global $allowed_options;
} else {
- $whitelist_options = $options;
+ $allowed_options = $options;
}
foreach ( $new_options as $page => $keys ) {
foreach ( $keys as $key ) {
- if ( ! isset( $whitelist_options[ $page ] ) || ! is_array( $whitelist_options[ $page ] ) ) {
- $whitelist_options[ $page ] = array();
- $whitelist_options[ $page ][] = $key;
+ if ( ! isset( $allowed_options[ $page ] ) || ! is_array( $allowed_options[ $page ] ) ) {
+ $allowed_options[ $page ] = array();
+ $allowed_options[ $page ][] = $key;
} else {
- $pos = array_search( $key, $whitelist_options[ $page ], true );
+ $pos = array_search( $key, $allowed_options[ $page ], true );
if ( false === $pos ) {
- $whitelist_options[ $page ][] = $key;
+ $allowed_options[ $page ][] = $key;
}
}
}
}
- return $whitelist_options;
+ return $allowed_options;
}
/**
- * Removes a list of options from the options whitelist.
+ * Removes a list of options from the allowed options list.
*
- * @since 2.7.0
+ * @since 5.5.0
*
- * @global array $whitelist_options
+ * @global array $allowed_options
*
* @param array $del_options
* @param string|array $options
* @return array
*/
-function remove_option_whitelist( $del_options, $options = '' ) {
+function remove_option_allowed_list( $del_options, $options = '' ) {
if ( '' === $options ) {
- global $whitelist_options;
+ global $allowed_options;
} else {
- $whitelist_options = $options;
+ $allowed_options = $options;
}
foreach ( $del_options as $page => $keys ) {
foreach ( $keys as $key ) {
- if ( isset( $whitelist_options[ $page ] ) && is_array( $whitelist_options[ $page ] ) ) {
- $pos = array_search( $key, $whitelist_options[ $page ], true );
+ if ( isset( $allowed_options[ $page ] ) && is_array( $allowed_options[ $page ] ) ) {
+ $pos = array_search( $key, $allowed_options[ $page ], true );
if ( false !== $pos ) {
- unset( $whitelist_options[ $page ][ $pos ] );
+ unset( $allowed_options[ $page ][ $pos ] );
}
}
}
}
- return $whitelist_options;
+ return $allowed_options;
}
/**
diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php
index e6ad6da6e6..907f92b46a 100644
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -2234,7 +2234,7 @@ function get_block_categories( $post ) {
function get_block_editor_server_block_settings() {
$block_registry = WP_Block_Type_Registry::get_instance();
$blocks = array();
- $fields_to_pick = array(
+ $fields_to_pick = array(
'title' => 'title',
'description' => 'description',
'icon' => 'icon',
diff --git a/wp-admin/includes/schema.php b/wp-admin/includes/schema.php
index 616c63349c..1104b99871 100644
--- a/wp-admin/includes/schema.php
+++ b/wp-admin/includes/schema.php
@@ -446,8 +446,6 @@ function populate_options( array $options = array() ) {
'recently_edited' => '',
'template' => $template,
'stylesheet' => $stylesheet,
- 'comment_whitelist' => 1,
- 'blacklist_keys' => '',
'comment_registration' => 0,
'html_type' => 'text/html',
@@ -532,6 +530,10 @@ function populate_options( array $options = array() ) {
// 5.3.0
'admin_email_lifespan' => ( time() + 6 * MONTH_IN_SECONDS ),
+
+ // 5.5.0
+ 'blocklist_keys' => '',
+ 'comment_previously_approved' => 1,
);
// 3.3.0
@@ -550,7 +552,7 @@ function populate_options( array $options = array() ) {
$options = wp_parse_args( $options, $defaults );
// Set autoload to no for these options.
- $fat_options = array( 'moderation_keys', 'recently_edited', 'blacklist_keys', 'uninstall_plugins' );
+ $fat_options = array( 'moderation_keys', 'recently_edited', 'blocklist_keys', 'uninstall_plugins' );
$keys = "'" . implode( "', '", array_keys( $options ) ) . "'";
$existing_options = $wpdb->get_col( "SELECT option_name FROM $wpdb->options WHERE option_name in ( $keys )" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
@@ -1140,7 +1142,7 @@ function populate_network_meta( $network_id, array $meta = array() ) {
$allowed_themes[ WP_DEFAULT_THEME ] = true;
}
- // If WP_DEFAULT_THEME doesn't exist, also whitelist the latest core default theme.
+ // If WP_DEFAULT_THEME doesn't exist, also include the latest core default theme.
if ( ! wp_get_theme( WP_DEFAULT_THEME )->exists() ) {
$core_default = WP_Theme::get_core_default_theme();
if ( $core_default ) {
diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php
index be125f913e..3f45ea6f9b 100644
--- a/wp-admin/includes/upgrade.php
+++ b/wp-admin/includes/upgrade.php
@@ -835,7 +835,7 @@ function upgrade_all() {
upgrade_530();
}
- if ( $wp_current_db_version < 47597 ) {
+ if ( $wp_current_db_version < 48082 ) {
upgrade_550();
}
@@ -2168,6 +2168,15 @@ function upgrade_530() {
function upgrade_550() {
update_option( 'finished_updating_comment_type', 0 );
wp_schedule_single_event( time() + ( 1 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' );
+
+ // Use more clear and inclusive language.
+ $blocklist = get_option( 'blacklist_keys', '' );
+ update_option( 'blocklist_keys', $blocklist );
+ delete_option( 'blacklist_keys' );
+
+ $comment_previously_approved = get_option( 'comment_whitelist', '' );
+ update_option( 'comment_previously_approved', $comment_previously_approved );
+ delete_option( 'comment_whitelist' );
}
/**
diff --git a/wp-admin/js/password-strength-meter.js b/wp-admin/js/password-strength-meter.js
index 135095910c..2678d5b9b5 100644
--- a/wp-admin/js/password-strength-meter.js
+++ b/wp-admin/js/password-strength-meter.js
@@ -22,16 +22,16 @@ window.wp = window.wp || {};
*
* @since 3.7.0
*
- * @param {string} password1 The subject password.
- * @param {Array} blacklist An array of words that will lower the entropy of
- * the password.
- * @param {string} password2 The password confirmation.
+ * @param {string} password1 The subject password.
+ * @param {Array} disallowedList An array of words that will lower the entropy of
+ * the password.
+ * @param {string} password2 The password confirmation.
*
* @return {number} The password strength score.
*/
- meter : function( password1, blacklist, password2 ) {
- if ( ! $.isArray( blacklist ) )
- blacklist = [ blacklist.toString() ];
+ meter : function( password1, disallowedList, password2 ) {
+ if ( ! $.isArray( disallowedList ) )
+ disallowedList = [ disallowedList.toString() ];
if (password1 != password2 && password2 && password2.length > 0)
return 5;
@@ -41,7 +41,7 @@ window.wp = window.wp || {};
return -1;
}
- var result = zxcvbn( password1, blacklist );
+ var result = zxcvbn( password1, disallowedList );
return result.score;
},
@@ -49,20 +49,43 @@ window.wp = window.wp || {};
* Builds an array of words that should be penalized.
*
* Certain words need to be penalized because it would lower the entropy of a
- * password if they were used. The blacklist is based on user input fields such
+ * password if they were used. The disallowedList is based on user input fields such
* as username, first name, email etc.
*
* @since 3.7.0
+ * @deprecated 5.5.0 Use {@see 'userInputBlockList()'} instead.
*
- * @return {string[]} The array of words to be blacklisted.
+ * @return {string[]} The array of words to be disallowed.
*/
userInputBlacklist : function() {
+ wp.deprecated( 'wp.passwordStrength.userInputBlacklist()', {
+ version: '5.5.0',
+ alternative: 'wp.passwordStrength.userInputDisallowedList()',
+ plugin: 'WordPress',
+ hint: wp.i18n.__( 'Please consider writing more inclusive code.' )
+ } );
+
+ return wp.passwordStrength.userInputDisallowedList();
+ },
+
+ /**
+ * Builds an array of words that should be penalized.
+ *
+ * Certain words need to be penalized because it would lower the entropy of a
+ * password if they were used. The disallowed list is based on user input fields such
+ * as username, first name, email etc.
+ *
+ * @since 5.5.0
+ *
+ * @return {string[]} The array of words to be disallowed.
+ */
+ userInputDisallowedList : function() {
var i, userInputFieldsLength, rawValuesLength, currentField,
rawValues = [],
- blacklist = [],
+ disallowedList = [],
userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
- // Collect all the strings we want to blacklist.
+ // Collect all the strings we want to disallow.
rawValues.push( document.title );
rawValues.push( document.URL );
@@ -85,7 +108,7 @@ window.wp = window.wp || {};
rawValuesLength = rawValues.length;
for ( i = 0; i < rawValuesLength; i++ ) {
if ( rawValues[ i ] ) {
- blacklist = blacklist.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
+ disallowedList = disallowedList.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
}
}
@@ -93,15 +116,15 @@ window.wp = window.wp || {};
* Remove empty values, short words and duplicates. Short words are likely to
* cause many false positives.
*/
- blacklist = $.grep( blacklist, function( value, key ) {
+ disallowedList = $.grep( disallowedList, function( value, key ) {
if ( '' === value || 4 > value.length ) {
return false;
}
- return $.inArray( value, blacklist ) === key;
+ return $.inArray( value, disallowedList ) === key;
});
- return blacklist;
+ return disallowedList;
}
};
diff --git a/wp-admin/js/password-strength-meter.min.js b/wp-admin/js/password-strength-meter.min.js
index 808d02e959..e768d8327a 100644
--- a/wp-admin/js/password-strength-meter.min.js
+++ b/wp-admin/js/password-strength-meter.min.js
@@ -1,2 +1,2 @@
/*! This file is auto-generated */
-window.wp=window.wp||{},function(l){wp.passwordStrength={meter:function(n,e,t){return l.isArray(e)||(e=[e.toString()]),n!=t&&t&&0'+e.message+"
'+e.message+"
'+e.message+"
'+e.message+"
' . esc_html( $option_page ) . ''
)
);
@@ -233,7 +243,7 @@ if ( 'update' === $action ) { // We are saving settings sent from a settings pag
}
$options = explode( ',', wp_unslash( $_POST['page_options'] ) );
} else {
- $options = $whitelist_options[ $option_page ];
+ $options = $allowed_options[ $option_page ];
}
if ( 'general' === $option_page ) {
diff --git a/wp-content/themes/twentyfourteen/inc/featured-content.php b/wp-content/themes/twentyfourteen/inc/featured-content.php
index 65d248f97b..da8b76f715 100644
--- a/wp-content/themes/twentyfourteen/inc/featured-content.php
+++ b/wp-content/themes/twentyfourteen/inc/featured-content.php
@@ -233,7 +233,7 @@ class Featured_Content {
return;
}
- // We need to respect post IDs already in the blacklist.
+ // We need to respect post IDs already in the exclude list.
$post__not_in = $query->get( 'post__not_in' );
if ( ! empty( $post__not_in ) ) {
diff --git a/wp-content/themes/twentynineteen/package.json b/wp-content/themes/twentynineteen/package.json
index b479c0c77f..2d6e4f935b 100644
--- a/wp-content/themes/twentynineteen/package.json
+++ b/wp-content/themes/twentynineteen/package.json
@@ -20,7 +20,6 @@
"options": {
"autoRename": false,
"autoRenameStrict": false,
- "blacklist": {},
"clean": true,
"greedy": false,
"processUrls": false,
diff --git a/wp-content/themes/twentytwenty/package.json b/wp-content/themes/twentytwenty/package.json
index 4d11fa4c52..38916604d9 100644
--- a/wp-content/themes/twentytwenty/package.json
+++ b/wp-content/themes/twentytwenty/package.json
@@ -33,7 +33,6 @@
"options": {
"autoRename": false,
"autoRenameStrict": false,
- "blacklist": {},
"clean": true,
"greedy": false,
"processUrls": false,
diff --git a/wp-includes/Requests/SSL.php b/wp-includes/Requests/SSL.php
index 2b0376853a..7d8af850a5 100644
--- a/wp-includes/Requests/SSL.php
+++ b/wp-includes/Requests/SSL.php
@@ -125,7 +125,7 @@ class Requests_SSL {
* @return boolean Does the domain match?
*/
public static function match_domain($host, $reference) {
- // Check if the reference is blacklisted first
+ // Check if the reference is blocklisted first
if (self::verify_reference_name($reference) !== true) {
return false;
}
@@ -149,4 +149,4 @@ class Requests_SSL {
return false;
}
-}
\ No newline at end of file
+}
diff --git a/wp-includes/class-wp-customize-widgets.php b/wp-includes/class-wp-customize-widgets.php
index 872cef24ed..0aa75168a4 100644
--- a/wp-includes/class-wp-customize-widgets.php
+++ b/wp-includes/class-wp-customize-widgets.php
@@ -1684,7 +1684,7 @@ final class WP_Customize_Widgets {
* List of the tag names seen for before_widget strings.
*
* This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the
- * data-* attributes can be whitelisted.
+ * data-* attributes can be allowed.
*
* @since 4.5.0
* @var array
diff --git a/wp-includes/class-wp-date-query.php b/wp-includes/class-wp-date-query.php
index 6e3dac6331..a86ed6da82 100644
--- a/wp-includes/class-wp-date-query.php
+++ b/wp-includes/class-wp-date-query.php
@@ -462,10 +462,10 @@ class WP_Date_Query {
/**
* Validates a column name parameter.
*
- * Column names without a table prefix (like 'post_date') are checked against a whitelist of
- * known tables, and then, if found, have a table prefix (such as 'wp_posts.') prepended.
- * Prefixed column names (such as 'wp_posts.post_date') bypass this whitelist check,
- * and are only sanitized to remove illegal characters.
+ * Column names without a table prefix (like 'post_date') are checked against a list of
+ * allowed and known tables, and then, if found, have a table prefix (such as 'wp_posts.')
+ * prepended. Prefixed column names (such as 'wp_posts.post_date') bypass this allowed
+ * check, and are only sanitized to remove illegal characters.
*
* @since 3.7.0
*
diff --git a/wp-includes/class-wp-image-editor-imagick.php b/wp-includes/class-wp-image-editor-imagick.php
index 57f9df1827..4d49e55b2c 100644
--- a/wp-includes/class-wp-image-editor-imagick.php
+++ b/wp-includes/class-wp-image-editor-imagick.php
@@ -305,8 +305,8 @@ class WP_Image_Editor_Imagick extends WP_Image_Editor {
);
/**
- * Set the filter value if '$filter_name' name is in our whitelist and the related
- * Imagick constant is defined or fall back to our default filter.
+ * Set the filter value if '$filter_name' name is in the allowed list and the related
+ * Imagick constant is defined or fall back to the default filter.
*/
if ( in_array( $filter_name, $allowed_filters, true ) && defined( 'Imagick::' . $filter_name ) ) {
$filter = constant( 'Imagick::' . $filter_name );
diff --git a/wp-includes/class-wp-oembed-controller.php b/wp-includes/class-wp-oembed-controller.php
index 290d60a66d..31951041ef 100644
--- a/wp-includes/class-wp-oembed-controller.php
+++ b/wp-includes/class-wp-oembed-controller.php
@@ -94,7 +94,7 @@ final class WP_oEmbed_Controller {
'sanitize_callback' => 'absint',
),
'discover' => array(
- 'description' => __( 'Whether to perform an oEmbed discovery request for non-whitelisted providers.' ),
+ 'description' => __( 'Whether to perform an oEmbed discovery request for unsanctioned providers.' ),
'type' => 'boolean',
'default' => true,
),
diff --git a/wp-includes/class-wp-oembed.php b/wp-includes/class-wp-oembed.php
index 235faa6619..18d38ee757 100644
--- a/wp-includes/class-wp-oembed.php
+++ b/wp-includes/class-wp-oembed.php
@@ -131,10 +131,10 @@ class WP_oEmbed {
self::$early_providers = array();
/**
- * Filters the list of whitelisted oEmbed providers.
+ * Filters the list of sanctioned oEmbed providers.
*
* Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized
- * iframes. The providers in this list are whitelisted, meaning they are trusted and allowed to
+ * iframes. The providers in this list are sanctioned, meaning they are trusted and allowed to
* embed any content, such as iframes, videos, JavaScript, and arbitrary HTML.
*
* Supported providers:
diff --git a/wp-includes/class-wp.php b/wp-includes/class-wp.php
index e26e348563..ddaebd75a9 100644
--- a/wp-includes/class-wp.php
+++ b/wp-includes/class-wp.php
@@ -275,7 +275,7 @@ class WP {
}
/**
- * Filters the query variables whitelist before processing.
+ * Filters the query variables allowed before processing.
*
* Allows (publicly allowed) query vars to be added, removed, or changed prior
* to executing the query. Needed to allow custom rewrite rules using your own arguments
@@ -283,7 +283,7 @@ class WP {
*
* @since 1.5.0
*
- * @param string[] $public_query_vars The array of whitelisted query variable names.
+ * @param string[] $public_query_vars The array of allowed query variable names.
*/
$this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars );
diff --git a/wp-includes/comment.php b/wp-includes/comment.php
index f95328381a..744af98b9b 100644
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@@ -10,15 +10,15 @@
* Check whether a comment passes internal checks to be allowed to add.
*
* If manual comment moderation is set in the administration, then all checks,
- * regardless of their type and whitelist, will fail and the function will
+ * regardless of their type and substance, will fail and the function will
* return false.
*
* If the number of links exceeds the amount in the administration, then the
- * check fails. If any of the parameter contents match the blacklist of words,
+ * check fails. If any of the parameter contents contain any disallowed words,
* then the check fails.
*
* If the comment author was approved before, then the comment is automatically
- * whitelisted.
+ * approved.
*
* If all checks pass, the function will return true.
*
@@ -126,7 +126,7 @@ function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent,
* as well as whether there are any moderation keywords (if set) present in the author
* email address. If both checks pass, return true. Otherwise, return false.
*/
- if ( 1 == get_option( 'comment_whitelist' ) ) {
+ if ( 1 == get_option( 'comment_previously_approved' ) ) {
if ( 'trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email ) {
$comment_user = get_user_by( 'email', wp_unslash( $email ) );
if ( ! empty( $comment_user->ID ) ) {
@@ -815,7 +815,7 @@ function wp_allow_comment( $commentdata, $avoid_die = false ) {
$approved = 0;
}
- if ( wp_blacklist_check(
+ if ( wp_blocklist_check(
$commentdata['comment_author'],
$commentdata['comment_author_email'],
$commentdata['comment_author_url'],
@@ -1262,9 +1262,9 @@ function wp_check_comment_data_max_lengths( $comment_data ) {
}
/**
- * Does comment contain blacklisted characters or words.
+ * Checks if a comment contains disallowed characters or words.
*
- * @since 1.5.0
+ * @since 5.5.0
*
* @param string $author The author of the comment
* @param string $email The email of the comment
@@ -1272,13 +1272,14 @@ function wp_check_comment_data_max_lengths( $comment_data ) {
* @param string $comment The comment content
* @param string $user_ip The comment author's IP address
* @param string $user_agent The author's browser user agent
- * @return bool True if comment contains blacklisted content, false if comment does not
+ * @return bool True if comment contains disallowed content, false if comment does not
*/
-function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
+function wp_blocklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
/**
- * Fires before the comment is tested for blacklisted characters or words.
+ * Fires before the comment is tested for disallowed characters or words.
*
* @since 1.5.0
+ * @deprecated 5.5.0 Use {@see 'wp_blocklist_check'} instead.
*
* @param string $author Comment author.
* @param string $email Comment author's email.
@@ -1287,14 +1288,28 @@ function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_ag
* @param string $user_ip Comment author's IP address.
* @param string $user_agent Comment author's browser user agent.
*/
- do_action( 'wp_blacklist_check', $author, $email, $url, $comment, $user_ip, $user_agent );
+ do_action_deprecated( 'wp_blacklist_check', array( $author, $email, $url, $comment, $user_ip, $user_agent ), '5.5.0', 'wp_blocklist_check', __( 'Please consider writing more inclusive code.' ) );
- $mod_keys = trim( get_option( 'blacklist_keys' ) );
+ /**
+ * Fires before the comment is tested for disallowed characters or words.
+ *
+ * @since 5.5.0
+ *
+ * @param string $author Comment author.
+ * @param string $email Comment author's email.
+ * @param string $url Comment author's URL.
+ * @param string $comment Comment content.
+ * @param string $user_ip Comment author's IP address.
+ * @param string $user_agent Comment author's browser user agent.
+ */
+ do_action( 'wp_blocklist_check', $author, $email, $url, $comment, $user_ip, $user_agent );
+
+ $mod_keys = trim( get_option( 'blocklist_keys' ) );
if ( '' === $mod_keys ) {
return false; // If moderation keys are empty.
}
- // Ensure HTML tags are not being used to bypass the blacklist.
+ // Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
$comment_without_html = wp_strip_all_tags( $comment );
$words = explode( "\n", $mod_keys );
diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php
index c9024e7ae0..18c91c0a4e 100644
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@@ -96,7 +96,7 @@ add_filter( 'pre_post_mime_type', 'sanitize_mime_type' );
add_filter( 'post_mime_type', 'sanitize_mime_type' );
// Meta.
-add_filter( 'register_meta_args', '_wp_register_meta_args_whitelist', 10, 2 );
+add_filter( 'register_meta_args', '_wp_register_meta_args_allowed_list', 10, 2 );
// Post meta.
add_action( 'added_post_meta', 'wp_cache_set_posts_last_changed' );
diff --git a/wp-includes/deprecated.php b/wp-includes/deprecated.php
index 1024e7cc6d..7a55903f4d 100644
--- a/wp-includes/deprecated.php
+++ b/wp-includes/deprecated.php
@@ -3995,3 +3995,83 @@ function wp_unregister_GLOBALS() { // phpcs:ignore WordPress.NamingConventions.
// register_globals was deprecated in PHP 5.3 and removed entirely in PHP 5.4.
_deprecated_function( __FUNCTION__, '5.5.0' );
}
+
+/**
+ * Does comment contain disallowed characters or words.
+ *
+ * @since 1.5.0
+ * @deprecated 5.5.0 Use wp_blocklist_check() instead.
+ * Please consider writing more inclusive code.
+ *
+ * @param string $author The author of the comment
+ * @param string $email The email of the comment
+ * @param string $url The url used in the comment
+ * @param string $comment The comment content
+ * @param string $user_ip The comment author's IP address
+ * @param string $user_agent The author's browser user agent
+ * @return bool True if comment contains disallowed content, false if comment does not
+ */
+function wp_blacklist_check( $author, $email, $url, $comment, $user_ip, $user_agent ) {
+ _deprecated_function( __FUNCTION__, '5.5.0', 'wp_blocklist_check()' );
+
+ return wp_blocklist_check( $author, $email, $url, $comment, $user_ip, $user_agent );
+}
+
+/**
+ * Filters out `register_meta()` args based on an allowed list.
+ *
+ * `register_meta()` args may change over time, so requiring the allowed list
+ * to be explicitly turned off is a warranty seal of sorts.
+ *
+ * @access private
+ * @since 4.6.0
+ * @deprecated 5.5.0 Use _wp_register_meta_args_allowed_list() instead.
+ * Please consider writing more inclusive code.
+ *
+ * @param array $args Arguments from `register_meta()`.
+ * @param array $default_args Default arguments for `register_meta()`.
+ * @return array Filtered arguments.
+ */
+function _wp_register_meta_args_whitelist( $args, $default_args ) {
+ _deprecated_function( __FUNCTION__, '5.5.0', '_wp_register_meta_args_allowed_list()' );
+
+ return _wp_register_meta_args_allowed_list( $args, $default_args );
+}
+
+/**
+ * Adds an array of options to the list of allowed options.
+ *
+ * @since 2.7.0
+ * @deprecated 5.5.0 Use add_option_allowed_list() instead.
+ * Please consider writing more inclusive code.
+ *
+ * @global array $allowed_options
+ *
+ * @param array $new_options
+ * @param string|array $options
+ * @return array
+ */
+function add_option_whitelist( $new_options, $options = '' ) {
+ _deprecated_function( __FUNCTION__, '5.5.0', 'add_option_allowed_list()' );
+
+ return add_option_allowed_list( $new_options, $options );
+}
+
+/**
+ * Removes a list of options from the allowed options list.
+ *
+ * @since 2.7.0
+ * @deprecated 5.5.0 Use remove_option_allowed_list() instead.
+ * Please consider writing more inclusive code.
+ *
+ * @global array $allowed_options
+ *
+ * @param array $del_options
+ * @param string|array $options
+ * @return array
+ */
+function remove_option_whitelist( $del_options, $options = '' ) {
+ _deprecated_function( __FUNCTION__, '5.5.0', 'remove_option_allowed_list()' );
+
+ return remove_option_allowed_list( $del_options, $options );
+}
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index 14fcceaaef..dca237aa54 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -2048,7 +2048,7 @@ function sanitize_file_name( $filename ) {
/*
* Loop over any intermediate extensions. Postfix them with a trailing underscore
- * if they are a 2 - 5 character long alpha string not in the extension whitelist.
+ * if they are a 2 - 5 character long alpha string not in the allowed extension list.
*/
foreach ( (array) $parts as $part ) {
$filename .= '.' . $part;
@@ -4852,7 +4852,7 @@ function sanitize_option( $option, $value ) {
break;
case 'moderation_keys':
- case 'blacklist_keys':
+ case 'blocklist_keys':
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
if ( is_wp_error( $value ) ) {
$error = $value->get_error_message();
diff --git a/wp-includes/http.php b/wp-includes/http.php
index 7d71f39cd5..d4acb41330 100644
--- a/wp-includes/http.php
+++ b/wp-includes/http.php
@@ -593,7 +593,7 @@ function wp_http_validate_url( $url ) {
}
/**
- * Whitelists allowed redirect hosts for safe HTTP requests as well.
+ * Mark allowed redirect hosts safe for HTTP requests as well.
*
* Attached to the {@see 'http_request_host_is_external'} filter.
*
@@ -611,7 +611,8 @@ function allowed_http_request_hosts( $is_external, $host ) {
}
/**
- * Whitelists any domain in a multisite installation for safe HTTP requests.
+ * Adds any domain in a multisite installation for safe HTTP requests to the
+ * allowed list.
*
* Attached to the {@see 'http_request_host_is_external'} filter.
*
diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index b838d37c95..c157bd0fc6 100644
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -1720,13 +1720,14 @@ function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) {
* Callback for `wp_kses_bad_protocol_once()` regular expression.
*
* This function processes URL protocols, checks to see if they're in the
- * whitelist or not, and returns different data depending on the answer.
+ * list of allowed protocols or not, and returns different data depending
+ * on the answer.
*
* @access private
* @ignore
* @since 1.0.0
*
- * @param string $string URI scheme to check against the whitelist.
+ * @param string $string URI scheme to check against the list of allowed protocols.
* @param string[] $allowed_protocols Array of allowed URL protocols.
* @return string Sanitized content.
*/
@@ -1772,7 +1773,7 @@ function wp_kses_normalize_entities( $string, $context = 'html' ) {
// Disarm all entities by converting & to &
$string = str_replace( '&', '&', $string );
- // Change back the allowed entities in our entity whitelist.
+ // Change back the allowed entities in our list of allowed entities.
if ( 'xml' === $context ) {
$string = preg_replace_callback( '/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_xml_named_entities', $string );
} else {
@@ -1912,7 +1913,7 @@ function valid_unicode( $i ) {
*
* This function decodes numeric HTML entities (`A` and `A`).
* It doesn't do anything with named entities like `ä`, but we don't
- * need them in the URL protocol whitelisting system anyway.
+ * need them in the allowed URL protocols system anyway.
*
* @since 1.0.0
*
diff --git a/wp-includes/meta.php b/wp-includes/meta.php
index e31e6d4a1a..5251258b8c 100644
--- a/wp-includes/meta.php
+++ b/wp-includes/meta.php
@@ -1396,19 +1396,19 @@ function get_registered_metadata( $object_type, $object_id, $meta_key = '' ) {
}
/**
- * Filters out `register_meta()` args based on a whitelist.
+ * Filters out `register_meta()` args based on an allowed list.
*
- * `register_meta()` args may change over time, so requiring the whitelist
+ * `register_meta()` args may change over time, so requiring the allowed list
* to be explicitly turned off is a warranty seal of sorts.
*
* @access private
- * @since 4.6.0
+ * @since 5.5.0
*
* @param array $args Arguments from `register_meta()`.
* @param array $default_args Default arguments for `register_meta()`.
* @return array Filtered arguments.
*/
-function _wp_register_meta_args_whitelist( $args, $default_args ) {
+function _wp_register_meta_args_allowed_list( $args, $default_args ) {
return array_intersect_key( $args, $default_args );
}
diff --git a/wp-includes/ms-blogs.php b/wp-includes/ms-blogs.php
index 3da331ef12..d2da311f0b 100644
--- a/wp-includes/ms-blogs.php
+++ b/wp-includes/ms-blogs.php
@@ -720,9 +720,9 @@ function update_blog_status( $blog_id, $pref, $value, $deprecated = null ) {
_deprecated_argument( __FUNCTION__, '3.1.0' );
}
- $pref_whitelist = array( 'site_id', 'domain', 'path', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
+ $allowed_field_names = array( 'site_id', 'domain', 'path', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
- if ( ! in_array( $pref, $pref_whitelist, true ) ) {
+ if ( ! in_array( $pref, $allowed_field_names, true ) ) {
return $value;
}
diff --git a/wp-includes/ms-default-filters.php b/wp-includes/ms-default-filters.php
index 0f93d37610..d0054b502e 100644
--- a/wp-includes/ms-default-filters.php
+++ b/wp-includes/ms-default-filters.php
@@ -124,5 +124,5 @@ add_action( 'update_option_home', 'clean_site_details_cache', 10, 0 );
// If the network upgrade hasn't run yet, assume ms-files.php rewriting is used.
add_filter( 'default_site_option_ms_files_rewriting', '__return_true' );
-// Whitelist multisite domains for HTTP requests.
+// Allow multisite domains for HTTP requests.
add_filter( 'http_request_host_is_external', 'ms_allowed_http_request_hosts', 20, 2 );
diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php
index 53335a56dc..c2af99ef55 100644
--- a/wp-includes/ms-functions.php
+++ b/wp-includes/ms-functions.php
@@ -441,7 +441,8 @@ function is_email_address_unsafe( $user_email ) {
* Sanitize and validate data required for a user sign-up.
*
* Verifies the validity and uniqueness of user names and user email addresses,
- * and checks email addresses against admin-provided domain whitelists and blacklists.
+ * and checks email addresses against allowed and disallowed domains provided by
+ * administrators.
*
* The {@see 'wpmu_validate_user_signup'} hook provides an easy way to modify the sign-up
* process. The value $result, which is passed to the hook, contains both the user-provided
@@ -1358,7 +1359,7 @@ function wpmu_create_blog( $domain, $path, $title, $user_id, $options = array(),
wp_installing( true );
}
- $site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
+ $allowed_data_fields = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
$site_data = array_merge(
array(
@@ -1366,14 +1367,14 @@ function wpmu_create_blog( $domain, $path, $title, $user_id, $options = array(),
'path' => $path,
'network_id' => $network_id,
),
- array_intersect_key( $options, array_flip( $site_data_whitelist ) )
+ array_intersect_key( $options, array_flip( $allowed_data_fields ) )
);
// Data to pass to wp_initialize_site().
$site_initialization_data = array(
'title' => $title,
'user_id' => $user_id,
- 'options' => array_diff_key( $options, array_flip( $site_data_whitelist ) ),
+ 'options' => array_diff_key( $options, array_flip( $allowed_data_fields ) ),
);
$blog_id = wp_insert_site( array_merge( $site_data, $site_initialization_data ) );
@@ -1840,12 +1841,12 @@ function get_most_recent_post_of_user( $user_id ) {
//
/**
- * Check an array of MIME types against a whitelist.
+ * Check an array of MIME types against a list of allowed types.
*
* WordPress ships with a set of allowed upload filetypes,
* which is defined in wp-includes/functions.php in
* get_allowed_mime_types(). This function is used to filter
- * that list against the filetype whitelist provided by Multisite
+ * that list against the filetypes allowed provided by Multisite
* Super Admins at wp-admin/network/settings.php.
*
* @since MU (3.0.0)
diff --git a/wp-includes/ms-site.php b/wp-includes/ms-site.php
index 4ba9d8ed20..56d14f7eb5 100644
--- a/wp-includes/ms-site.php
+++ b/wp-includes/ms-site.php
@@ -114,10 +114,10 @@ function wp_insert_site( array $data ) {
$meta['WPLANG'] = get_network_option( $new_site->network_id, 'WPLANG' );
}
- // Rebuild the data expected by the `wpmu_new_blog` hook prior to 5.1.0 using whitelisted keys.
- // The `$site_data_whitelist` matches the one used in `wpmu_create_blog()`.
- $site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
- $meta = array_merge( array_intersect_key( $data, array_flip( $site_data_whitelist ) ), $meta );
+ // Rebuild the data expected by the `wpmu_new_blog` hook prior to 5.1.0 using allowed keys.
+ // The `$allowed_data_fields` matches the one used in `wpmu_create_blog()`.
+ $allowed_data_fields = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
+ $meta = array_merge( array_intersect_key( $data, array_flip( $allowed_data_fields ) ), $meta );
/**
* Fires immediately after a new site is created.
@@ -492,8 +492,8 @@ function wp_prepare_site_data( $data, $defaults, $old_site = null ) {
*/
$data = apply_filters( 'wp_normalize_site_data', $data );
- $whitelist = array( 'domain', 'path', 'network_id', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
- $data = array_intersect_key( wp_parse_args( $data, $defaults ), array_flip( $whitelist ) );
+ $allowed_data_fields = array( 'domain', 'path', 'network_id', 'registered', 'last_updated', 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' );
+ $data = array_intersect_key( wp_parse_args( $data, $defaults ), array_flip( $allowed_data_fields ) );
$errors = new WP_Error();
diff --git a/wp-includes/option.php b/wp-includes/option.php
index 28ef635466..b1d553bf7a 100644
--- a/wp-includes/option.php
+++ b/wp-includes/option.php
@@ -2097,8 +2097,8 @@ function register_initial_settings() {
* @global array $new_whitelist_options
* @global array $wp_registered_settings
*
- * @param string $option_group A settings group name. Should correspond to a whitelisted option key name.
- * Default whitelisted option key names include 'general', 'discussion', 'media',
+ * @param string $option_group A settings group name. Should correspond to an allowed option key name.
+ * Default allowed option key names include 'general', 'discussion', 'media',
* 'reading', 'writing', 'misc', 'options', and 'privacy'.
* @param string $option_name The name of an option to sanitize and save.
* @param array $args {
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index bdf86913b2..2ebfb405c4 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -1466,7 +1466,7 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
$wpp = parse_url( home_url() );
/**
- * Filters the whitelist of hosts to redirect to.
+ * Filters the list of allowed hosts to redirect to.
*
* @since 2.3.0
*
diff --git a/wp-includes/rest-api/class-wp-rest-server.php b/wp-includes/rest-api/class-wp-rest-server.php
index baf0246a0f..232c48339e 100644
--- a/wp-includes/rest-api/class-wp-rest-server.php
+++ b/wp-includes/rest-api/class-wp-rest-server.php
@@ -605,7 +605,7 @@ class WP_REST_Server {
$embedded = array();
foreach ( $data['_links'] as $rel => $links ) {
- // If a list of relations was specified, and the link relation is not in the whitelist, don't process the link.
+ // If a list of relations was specified, and the link relation is not in the list of allowed relations, don't process the link.
if ( is_array( $embed ) && ! in_array( $rel, $embed, true ) ) {
continue;
}
diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
index 0fbdb4f5c9..5bee39b1a8 100644
--- a/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
+++ b/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
@@ -251,7 +251,7 @@ class WP_REST_Settings_Controller extends WP_REST_Controller {
}
/*
- * Whitelist the supported types for settings, as we don't want invalid types
+ * Allow the supported types for settings, as we don't want invalid types
* to be updated with arbitrary values that we can't do decent sanitizing for.
*/
if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'integer', 'string', 'boolean', 'array', 'object' ), true ) ) {
@@ -304,7 +304,7 @@ class WP_REST_Settings_Controller extends WP_REST_Controller {
*
* By default, the schema of settings will throw an error if a value is set to
* `null` as it's not a valid value for something like "type => string". We
- * provide a wrapper sanitizer to whitelist the use of `null`.
+ * provide a wrapper sanitizer to allow the use of `null`.
*
* @since 4.7.0
*
diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php
index 27fac092cf..f31ae3b32c 100644
--- a/wp-includes/script-loader.php
+++ b/wp-includes/script-loader.php
@@ -1064,7 +1064,7 @@ function wp_default_scripts( $scripts ) {
)
);
- $scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 );
+ $scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'wp-deprecated', 'zxcvbn-async' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'password-strength-meter',
'pwsL10n',
@@ -1077,6 +1077,7 @@ function wp_default_scripts( $scripts ) {
'mismatch' => _x( 'Mismatch', 'password mismatch' ),
)
);
+ $scripts->set_translations( 'password-strength-meter' );
$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter', 'wp-util' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
diff --git a/wp-includes/sodium_compat/src/Core/Ed25519.php b/wp-includes/sodium_compat/src/Core/Ed25519.php
index 72286441de..16ae1d2e88 100644
--- a/wp-includes/sodium_compat/src/Core/Ed25519.php
+++ b/wp-includes/sodium_compat/src/Core/Ed25519.php
@@ -376,8 +376,8 @@ abstract class ParagonIE_Sodium_Core_Ed25519 extends ParagonIE_Sodium_Core_Curve
*/
public static function small_order($R)
{
- /** @var array