diff -r 490d5cc509ed -r cf61fcea0001 wp/wp-includes/canonical.php
--- a/wp/wp-includes/canonical.php	Tue Jun 09 11:14:17 2015 +0000
+++ b/wp/wp-includes/canonical.php	Mon Oct 14 17:39:30 2019 +0200
@@ -17,7 +17,7 @@
  * prevents penalty for duplicate content by redirecting all incoming links to
  * one or the other.
  *
- * Prevents redirection for feeds, trackbacks, searches, comment popup, and
+ * Prevents redirection for feeds, trackbacks, searches, and
  * admin URLs. Does not redirect on non-pretty-permalink-supporting IIS 7+,
  * page/post previews, WP admin, Trackbacks, robots.txt, searches, or on POST
  * requests.
@@ -27,17 +27,20 @@
  * or query in an attempt to figure the correct page to go to.
  *
  * @since 2.3.0
- * @uses $wp_rewrite
- * @uses $is_IIS
+ *
+ * @global WP_Rewrite $wp_rewrite
+ * @global bool $is_IIS
+ * @global WP_Query $wp_query
+ * @global wpdb $wpdb WordPress database abstraction object.
+ * @global WP $wp Current WordPress environment instance. 
  *
  * @param string $requested_url Optional. The URL that was requested, used to
  *		figure if redirect is needed.
  * @param bool $do_redirect Optional. Redirect to the new URL.
- * @return null|false|string Null, if redirect not needed. False, if redirect
- *		not needed or the string of the URL
+ * @return string|void The string of the URL, if redirect needed.
  */
 function redirect_canonical( $requested_url = null, $do_redirect = true ) {
-	global $wp_rewrite, $is_IIS, $wp_query, $wpdb;
+	global $wp_rewrite, $is_IIS, $wp_query, $wpdb, $wp;
 
 	if ( isset( $_SERVER['REQUEST_METHOD'] ) && ! in_array( strtoupper( $_SERVER['REQUEST_METHOD'] ), array( 'GET', 'HEAD' ) ) ) {
 		return;
@@ -53,11 +56,11 @@
 		}
 	}
 
-	if ( is_trackback() || is_search() || is_comments_popup() || is_admin() || is_preview() || is_robots() || ( $is_IIS && !iis7_supports_permalinks() ) ) {
+	if ( is_trackback() || is_search() || is_admin() || is_preview() || is_robots() || ( $is_IIS && !iis7_supports_permalinks() ) ) {
 		return;
 	}
 
-	if ( !$requested_url ) {
+	if ( ! $requested_url && isset( $_SERVER['HTTP_HOST'] ) ) {
 		// build the URL in the address bar
 		$requested_url  = is_ssl() ? 'https://' : 'http://';
 		$requested_url .= $_SERVER['HTTP_HOST'];
@@ -65,14 +68,9 @@
 	}
 
 	$original = @parse_url($requested_url);
-	if ( false === $original )
+	if ( false === $original ) {
 		return;
-
-	// Some PHP setups turn requests for / into /index.php in REQUEST_URI
-	// See: https://core.trac.wordpress.org/ticket/5017
-	// See: https://core.trac.wordpress.org/ticket/7173
-	// Disabled, for now:
-	// $original['path'] = preg_replace('|/index\.php$|', '/', $original['path']);
+	}
 
 	$redirect = $original;
 	$redirect_url = false;
@@ -120,7 +118,7 @@
 		$id = max( get_query_var('p'), get_query_var('page_id'), get_query_var('attachment_id') );
 		if ( $id && $redirect_post = get_post($id) ) {
 			$post_type_obj = get_post_type_object($redirect_post->post_type);
-			if ( $post_type_obj->public ) {
+			if ( $post_type_obj->public && 'auto-draft' != $redirect_post->post_status ) {
 				$redirect_url = get_permalink($redirect_post);
 				$redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ), $redirect_url );
 			}
@@ -146,11 +144,26 @@
 			}
 		}
 
+		if ( get_query_var( 'page' ) && $wp_query->post &&
+			false !== strpos( $wp_query->post->post_content, '<!--nextpage-->' ) ) {
+			$redirect['path'] = rtrim( $redirect['path'], (int) get_query_var( 'page' ) . '/' );
+			$redirect['query'] = remove_query_arg( 'page', $redirect['query'] );
+			$redirect_url = get_permalink( $wp_query->post->ID );
+		}
+
 	} elseif ( is_object($wp_rewrite) && $wp_rewrite->using_permalinks() ) {
 		// rewriting of old ?p=X, ?m=2004, ?m=200401, ?m=20040101
-		if ( is_attachment() && !empty($_GET['attachment_id']) && ! $redirect_url ) {
-			if ( $redirect_url = get_attachment_link(get_query_var('attachment_id')) )
-				$redirect['query'] = remove_query_arg('attachment_id', $redirect['query']);
+		if ( is_attachment() &&
+			! array_diff( array_keys( $wp->query_vars ), array( 'attachment', 'attachment_id' ) ) &&
+			! $redirect_url ) {
+			if ( ! empty( $_GET['attachment_id'] ) ) {
+				$redirect_url = get_attachment_link( get_query_var( 'attachment_id' ) );
+				if ( $redirect_url ) {
+					$redirect['query'] = remove_query_arg( 'attachment_id', $redirect['query'] );
+				}
+			} else {
+				$redirect_url = get_attachment_link();
+			}
 		} elseif ( is_single() && !empty($_GET['p']) && ! $redirect_url ) {
 			if ( $redirect_url = get_permalink(get_query_var('p')) )
 				$redirect['query'] = remove_query_arg(array('p', 'post_type'), $redirect['query']);
@@ -160,7 +173,7 @@
 		} elseif ( is_page() && !empty($_GET['page_id']) && ! $redirect_url ) {
 			if ( $redirect_url = get_permalink(get_query_var('page_id')) )
 				$redirect['query'] = remove_query_arg('page_id', $redirect['query']);
-		} elseif ( is_page() && !is_feed() && isset($wp_query->queried_object) && 'page' == get_option('show_on_front') && $wp_query->queried_object->ID == get_option('page_on_front')  && ! $redirect_url ) {
+		} elseif ( is_page() && !is_feed() && 'page' == get_option('show_on_front') && get_queried_object_id() == get_option('page_on_front')  && ! $redirect_url ) {
 			$redirect_url = home_url('/');
 		} elseif ( is_home() && !empty($_GET['page_id']) && 'page' == get_option('show_on_front') && get_query_var('page_id') == get_option('page_for_posts')  && ! $redirect_url ) {
 			if ( $redirect_url = get_permalink(get_option('page_for_posts')) )
@@ -244,16 +257,24 @@
 			}
 		} elseif ( is_single() && strpos($wp_rewrite->permalink_structure, '%category%') !== false && $cat = get_query_var( 'category_name' ) ) {
 			$category = get_category_by_path( $cat );
-			$post_terms = wp_get_object_terms($wp_query->get_queried_object_id(), 'category', array('fields' => 'tt_ids'));
-			if ( (!$category || is_wp_error($category)) || ( !is_wp_error($post_terms) && !empty($post_terms) && !in_array($category->term_taxonomy_id, $post_terms) ) )
+			if ( ( ! $category || is_wp_error( $category ) ) || ! has_term( $category->term_id, 'category', $wp_query->get_queried_object_id() ) ) {
 				$redirect_url = get_permalink($wp_query->get_queried_object_id());
+			}
 		}
 
 		// Post Paging
-		if ( is_singular() && ! is_front_page() && get_query_var('page') ) {
+		if ( is_singular() && get_query_var('page') ) {
 			if ( !$redirect_url )
 				$redirect_url = get_permalink( get_queried_object_id() );
-			$redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' );
+
+			$page = get_query_var( 'page' );
+			if ( $page > 1 ) {
+				if ( is_front_page() ) {
+					$redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( "$wp_rewrite->pagination_base/$page", 'paged' );
+				} else {
+					$redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( $page, 'single_paged' );
+				}
+			}
 			$redirect['query'] = remove_query_arg( 'page', $redirect['query'] );
 		}
 
@@ -306,7 +327,10 @@
 				}
 			}
 
-			if ( get_option('page_comments') && ( ( 'newest' == get_option('default_comments_page') && get_query_var('cpage') > 0 ) || ( 'newest' != get_option('default_comments_page') && get_query_var('cpage') > 1 ) ) ) {
+			if ( get_option( 'page_comments' ) && (
+				( 'newest' == get_option( 'default_comments_page' ) && get_query_var( 'cpage' ) > 0 ) ||
+				( 'newest' != get_option( 'default_comments_page' ) && get_query_var( 'cpage' ) > 1 )
+			) ) {
 				$addl_path = ( !empty( $addl_path ) ? trailingslashit($addl_path) : '' ) . user_trailingslashit( $wp_rewrite->comments_pagination_base . '-' . get_query_var('cpage'), 'commentpaged' );
 				$redirect['query'] = remove_query_arg( 'cpage', $redirect['query'] );
 			}
@@ -324,7 +348,7 @@
 				/** This filter is documented in wp-login.php */
 				$redirect_url = apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) );
 			} else {
-				$redirect_url = site_url( 'wp-login.php?action=register' );
+				$redirect_url = wp_registration_url();
 			}
 
 			wp_redirect( $redirect_url, 301 );
@@ -368,12 +392,28 @@
 	// trailing /index.php
 	$redirect['path'] = preg_replace('|/' . preg_quote( $wp_rewrite->index, '|' ) . '/*?$|', '/', $redirect['path']);
 
-	// Remove trailing spaces from the path
-	$redirect['path'] = preg_replace( '#(%20| )+$#', '', $redirect['path'] );
+	$punctuation_pattern = implode( '|', array_map( 'preg_quote', array(
+		' ', '%20',  // space
+		'!', '%21',  // exclamation mark
+		'"', '%22',  // double quote
+		"'", '%27',  // single quote
+		'(', '%28',  // opening bracket
+		')', '%29',  // closing bracket
+		',', '%2C',  // comma
+		'.', '%2E',  // period
+		';', '%3B',  // semicolon
+		'{', '%7B',  // opening curly bracket
+		'}', '%7D',  // closing curly bracket
+		'%E2%80%9C', // opening curly quote
+		'%E2%80%9D', // closing curly quote
+	) ) );
+
+	// Remove trailing spaces and end punctuation from the path.
+	$redirect['path'] = preg_replace( "#($punctuation_pattern)+$#", '', $redirect['path'] );
 
 	if ( !empty( $redirect['query'] ) ) {
-		// Remove trailing spaces from certain terminating query string args
-		$redirect['query'] = preg_replace( '#((p|page_id|cat|tag)=[^&]*?)(%20| )+$#', '$1', $redirect['query'] );
+		// Remove trailing spaces and end punctuation from certain terminating query string args.
+		$redirect['query'] = preg_replace( "#((p|page_id|cat|tag)=[^&]*?)($punctuation_pattern)+$#", '$1', $redirect['query'] );
 
 		// Clean up empty query strings
 		$redirect['query'] = trim(preg_replace( '#(^|&)(p|page_id|cat|tag)=?(&|$)#', '&', $redirect['query']), '&');
@@ -447,12 +487,22 @@
 			$redirect_url .= '?' . $redirect['query'];
 	}
 
-	if ( !$redirect_url || $redirect_url == $requested_url )
-		return false;
+	if ( ! $redirect_url || $redirect_url == $requested_url ) {
+		return;
+	}
 
 	// Hex encoded octets are case-insensitive.
 	if ( false !== strpos($requested_url, '%') ) {
 		if ( !function_exists('lowercase_octets') ) {
+			/**
+			 * Converts the first hex-encoded octet match to lowercase.
+			 *
+			 * @since 3.1.0
+			 * @ignore
+			 *
+			 * @param array $matches Hex-encoded octet matches for the requested URL.
+			 * @return string Lowercased version of the first match.
+			 */
 			function lowercase_octets($matches) {
 				return strtolower( $matches[0] );
 			}
@@ -461,7 +511,7 @@
 	}
 
 	/**
-	 * Filter the canonical redirect URL.
+	 * Filters the canonical redirect URL.
 	 *
 	 * Returning false to this filter will cancel the redirect.
 	 *
@@ -472,8 +522,10 @@
 	 */
 	$redirect_url = apply_filters( 'redirect_canonical', $redirect_url, $requested_url );
 
-	if ( !$redirect_url || $redirect_url == $requested_url ) // yes, again -- in case the filter aborted the request
-		return false;
+	// yes, again -- in case the filter aborted the request
+	if ( ! $redirect_url || strip_fragment_from_url( $redirect_url ) == strip_fragment_from_url( $requested_url ) ) {
+		return;
+	}
 
 	if ( $do_redirect ) {
 		// protect against chained redirects
@@ -483,7 +535,7 @@
 		} else {
 			// Debug
 			// die("1: $redirect_url<br />2: " . redirect_canonical( $redirect_url, false ) );
-			return false;
+			return;
 		}
 	} else {
 		return $redirect_url;
@@ -517,16 +569,45 @@
 }
 
 /**
+ * Strips the #fragment from a URL, if one is present.
+ *
+ * @since 4.4.0
+ *
+ * @param string $url The URL to strip.
+ * @return string The altered URL.
+ */
+function strip_fragment_from_url( $url ) {
+	$parsed_url = @parse_url( $url );
+	if ( ! empty( $parsed_url['host'] ) ) {
+		// This mirrors code in redirect_canonical(). It does not handle every case.
+		$url = $parsed_url['scheme'] . '://' . $parsed_url['host'];
+		if ( ! empty( $parsed_url['port'] ) ) {
+			$url .= ':' . $parsed_url['port'];
+		}
+
+		if ( ! empty( $parsed_url['path'] ) ) {
+			$url .= $parsed_url['path'];
+		}
+
+		if ( ! empty( $parsed_url['query'] ) ) {
+			$url .= '?' . $parsed_url['query'];
+		}
+	}
+
+	return $url;
+}
+
+/**
  * Attempts to guess the correct URL based on query vars
  *
  * @since 2.3.0
  *
  * @global wpdb $wpdb WordPress database abstraction object.
  *
- * @return bool|string The correct URL if one is found. False on failure.
+ * @return false|string The correct URL if one is found. False on failure.
  */
 function redirect_guess_404_permalink() {
-	global $wpdb, $wp_rewrite;
+	global $wpdb;
 
 	if ( get_query_var('name') ) {
 		$where = $wpdb->prepare("post_name LIKE %s", $wpdb->esc_like( get_query_var('name') ) . '%');
@@ -549,7 +630,7 @@
 			return false;
 		if ( get_query_var( 'feed' ) )
 			return get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) );
-		elseif ( get_query_var( 'page' ) )
+		elseif ( get_query_var( 'page' ) && 1 < get_query_var( 'page' ) )
 			return trailingslashit( get_permalink( $post_id ) ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' );
 		else
 			return get_permalink( $post_id );
@@ -558,6 +639,16 @@
 	return false;
 }
 
+/**
+ * Redirects a variety of shorthand URLs to the admin.
+ *
+ * If a user visits example.com/admin, they'll be redirected to /wp-admin.
+ * Visiting /login redirects to /wp-login.php, and so on.
+ *
+ * @since 3.4.0
+ *
+ * @global WP_Rewrite $wp_rewrite
+ */
 function wp_redirect_admin_locations() {
 	global $wp_rewrite;
 	if ( ! ( is_404() && $wp_rewrite->using_permalinks() ) )
@@ -581,7 +672,7 @@
 		site_url( 'login', 'relative' ),
 	);
 	if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $logins ) ) {
-		wp_redirect( site_url( 'wp-login.php', 'login' ) );
+		wp_redirect( wp_login_url() );
 		exit;
 	}
 }