diff -r c7c34916027a -r 177826044cd9 wp/wp-includes/compat.php
--- a/wp/wp-includes/compat.php	Mon Oct 14 18:06:33 2019 +0200
+++ b/wp/wp-includes/compat.php	Mon Oct 14 18:28:13 2019 +0200
@@ -7,8 +7,8 @@
  */
 
 // If gettext isn't available
-if ( !function_exists('_') ) {
-	function _($string) {
+if ( ! function_exists( '_' ) ) {
+	function _( $string ) {
 		return $string;
 	}
 }
@@ -125,7 +125,7 @@
 
 		$chars = array_merge( $chars, $pieces );
 
-	// If there's anything left over, repeat the loop.
+		// If there's anything left over, repeat the loop.
 	} while ( count( $pieces ) > 1 && $str = array_pop( $pieces ) );
 
 	return join( '', array_slice( $chars, $start, $length ) );
@@ -209,33 +209,33 @@
 		// Increment.
 		$count += count( $pieces );
 
-	// If there's anything left over, repeat the loop.
+		// If there's anything left over, repeat the loop.
 	} while ( $str = array_pop( $pieces ) );
 
 	// Fencepost: preg_split() always returns one extra item in the array.
 	return --$count;
 }
 
-if ( !function_exists('hash_hmac') ):
-/**
- * Compat function to mimic hash_hmac().
- *
- * @ignore
- * @since 3.2.0
- *
- * @see _hash_hmac()
- *
- * @param string $algo       Hash algorithm. Accepts 'md5' or 'sha1'.
- * @param string $data       Data to be hashed.
- * @param string $key        Secret key to use for generating the hash.
- * @param bool   $raw_output Optional. Whether to output raw binary data (true),
- *                           or lowercase hexits (false). Default false.
- * @return string|false The hash in output determined by `$raw_output`. False if `$algo`
- *                      is unknown or invalid.
- */
-function hash_hmac($algo, $data, $key, $raw_output = false) {
-	return _hash_hmac($algo, $data, $key, $raw_output);
-}
+if ( ! function_exists( 'hash_hmac' ) ) :
+	/**
+	 * Compat function to mimic hash_hmac().
+	 *
+	 * @ignore
+	 * @since 3.2.0
+	 *
+	 * @see _hash_hmac()
+	 *
+	 * @param string $algo       Hash algorithm. Accepts 'md5' or 'sha1'.
+	 * @param string $data       Data to be hashed.
+	 * @param string $key        Secret key to use for generating the hash.
+	 * @param bool   $raw_output Optional. Whether to output raw binary data (true),
+	 *                           or lowercase hexits (false). Default false.
+	 * @return string|false The hash in output determined by `$raw_output`. False if `$algo`
+	 *                      is unknown or invalid.
+	 */
+	function hash_hmac( $algo, $data, $key, $raw_output = false ) {
+		return _hash_hmac( $algo, $data, $key, $raw_output );
+	}
 endif;
 
 /**
@@ -252,30 +252,36 @@
  * @return string|false The hash in output determined by `$raw_output`. False if `$algo`
  *                      is unknown or invalid.
  */
-function _hash_hmac($algo, $data, $key, $raw_output = false) {
-	$packs = array('md5' => 'H32', 'sha1' => 'H40');
+function _hash_hmac( $algo, $data, $key, $raw_output = false ) {
+	$packs = array(
+		'md5'  => 'H32',
+		'sha1' => 'H40',
+	);
 
-	if ( !isset($packs[$algo]) )
+	if ( ! isset( $packs[ $algo ] ) ) {
 		return false;
+	}
 
-	$pack = $packs[$algo];
+	$pack = $packs[ $algo ];
 
-	if (strlen($key) > 64)
-		$key = pack($pack, $algo($key));
+	if ( strlen( $key ) > 64 ) {
+		$key = pack( $pack, $algo( $key ) );
+	}
 
-	$key = str_pad($key, 64, chr(0));
+	$key = str_pad( $key, 64, chr( 0 ) );
 
-	$ipad = (substr($key, 0, 64) ^ str_repeat(chr(0x36), 64));
-	$opad = (substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64));
+	$ipad = ( substr( $key, 0, 64 ) ^ str_repeat( chr( 0x36 ), 64 ) );
+	$opad = ( substr( $key, 0, 64 ) ^ str_repeat( chr( 0x5C ), 64 ) );
 
-	$hmac = $algo($opad . pack($pack, $algo($ipad . $data)));
+	$hmac = $algo( $opad . pack( $pack, $algo( $ipad . $data ) ) );
 
-	if ( $raw_output )
+	if ( $raw_output ) {
 		return pack( $pack, $hmac );
+	}
 	return $hmac;
 }
 
-if ( !function_exists('json_encode') ) {
+if ( ! function_exists( 'json_encode' ) ) {
 	function json_encode( $string ) {
 		global $wp_json;
 
@@ -288,7 +294,7 @@
 	}
 }
 
-if ( !function_exists('json_decode') ) {
+if ( ! function_exists( 'json_decode' ) ) {
 	/**
 	 * @global Services_JSON $wp_json
 	 * @param string $string
@@ -298,14 +304,15 @@
 	function json_decode( $string, $assoc_array = false ) {
 		global $wp_json;
 
-		if ( ! ($wp_json instanceof Services_JSON ) ) {
+		if ( ! ( $wp_json instanceof Services_JSON ) ) {
 			require_once( ABSPATH . WPINC . '/class-json.php' );
 			$wp_json = new Services_JSON();
 		}
 
 		$res = $wp_json->decode( $string );
-		if ( $assoc_array )
+		if ( $assoc_array ) {
 			$res = _json_decode_object_helper( $res );
+		}
 		return $res;
 	}
 
@@ -313,43 +320,44 @@
 	 * @param object $data
 	 * @return array
 	 */
-	function _json_decode_object_helper($data) {
-		if ( is_object($data) )
-			$data = get_object_vars($data);
-		return is_array($data) ? array_map(__FUNCTION__, $data) : $data;
+	function _json_decode_object_helper( $data ) {
+		if ( is_object( $data ) ) {
+			$data = get_object_vars( $data );
+		}
+		return is_array( $data ) ? array_map( __FUNCTION__, $data ) : $data;
 	}
 }
 
 if ( ! function_exists( 'hash_equals' ) ) :
-/**
- * Timing attack safe string comparison
- *
- * Compares two strings using the same time whether they're equal or not.
- *
- * This function was added in PHP 5.6.
- *
- * Note: It can leak the length of a string when arguments of differing length are supplied.
- *
- * @since 3.9.2
- *
- * @param string $a Expected string.
- * @param string $b Actual, user supplied, string.
- * @return bool Whether strings are equal.
- */
-function hash_equals( $a, $b ) {
-	$a_length = strlen( $a );
-	if ( $a_length !== strlen( $b ) ) {
-		return false;
+	/**
+	 * Timing attack safe string comparison
+	 *
+	 * Compares two strings using the same time whether they're equal or not.
+	 *
+	 * This function was added in PHP 5.6.
+	 *
+	 * Note: It can leak the length of a string when arguments of differing length are supplied.
+	 *
+	 * @since 3.9.2
+	 *
+	 * @param string $a Expected string.
+	 * @param string $b Actual, user supplied, string.
+	 * @return bool Whether strings are equal.
+	 */
+	function hash_equals( $a, $b ) {
+		$a_length = strlen( $a );
+		if ( $a_length !== strlen( $b ) ) {
+			return false;
+		}
+		$result = 0;
+
+		// Do not attempt to "optimize" this.
+		for ( $i = 0; $i < $a_length; $i++ ) {
+			$result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
+		}
+
+		return $result === 0;
 	}
-	$result = 0;
-
-	// Do not attempt to "optimize" this.
-	for ( $i = 0; $i < $a_length; $i++ ) {
-		$result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
-	}
-
-	return $result === 0;
-}
 endif;
 
 // JSON_PRETTY_PRINT was introduced in PHP 5.4
@@ -434,6 +442,10 @@
 if ( ! function_exists( 'random_int' ) ) {
 	require ABSPATH . WPINC . '/random_compat/random.php';
 }
+// sodium_crypto_box was introduced in PHP 7.2
+if ( ! function_exists( 'sodium_crypto_box' ) ) {
+	require ABSPATH . WPINC . '/sodium_compat/autoload.php';
+}
 
 if ( ! function_exists( 'array_replace_recursive' ) ) :
 	/**
@@ -472,9 +484,9 @@
 
 				foreach ( array_keys( $head ) as $key ) {
 					if ( isset( $key, $bref ) &&
-					     isset( $bref[ $key ] ) && is_array( $bref[ $key ] ) &&
-					     isset( $head[ $key ] ) && is_array( $head[ $key ] )
-					) {
+						isset( $bref[ $key ] ) && is_array( $bref[ $key ] ) &&
+						isset( $head[ $key ] ) && is_array( $head[ $key ] ) ) {
+
 						$bref_stack[] = &$bref[ $key ];
 						$head_stack[] = $head[ $key ];
 					} else {