2020 June 12
Updated WordPress to version 5.4.2. This is a "security and maintenance release" with 23 "fixes and enhancements", mostly corrections to the cross-site scripting vulnerabilities which continue to plague WordPress even in new feature code because its developers are morons and there is no adequate code review or configuration management of what they scribble in crayon before it is shipped to millions of customers. They're forever giving out "Props" to the third parties who scrutinised their shoddy product and found these flaws they couldn't be bothered to discover themselves. Me, I'd like to throw those responsible into the "prop" of a P-51 Mustang revving for takeoff. A total of 44 files were modified and 4 added. In integrating our local code, the following files contained both WordPress changes and our local code: wp-includes/class-walker-comment.php wp-includes/comment-template.php The following files containing local code but no WordPress changes have evil twin .min. files which I deleted from the update kit to avoid the peril of re-minimising them. wp-includes/css/media-views.css wp-includes/js/jquery/jquery-migrate.js wp-includes/js/plupload/moxie.js After integrating local code, I ran ../t/chk on all modified files and found no syntax errors. A run of ../t/ratdiff reported all local code integrated and in the correct locations. I made a ../t/mk_unkit.pl just in case we need to back out the changes. I applied the update kit. It, of course, wrecked the setting of unused theme permissions to 700, so I immediately reset them to avoid the vulnerabililty that creates. There were no immediate errors or things amiss, and the "Site Health" page reported only the usual bullshit due to our having secured the site against external twiddling by WordPress. Verified that the Themes page shows only our in-production theme and that the Plug-ins page shows none of the garbage bundled plug-ins that we disable. After three hours no problems have been manifest so I committed the WordPress 5.4.2 update (Build 476) and published the changes to GitHub.