Navigation

← Previous Changeset
Next Changeset →

Changeset 1940

Timestamp:

12/12/04 20:41:19 (4 years ago)

Author:

saxmatt

Message:

Axing htmlspecialchars because it double-encodes-encodes. Better error handling around queries.

Files:

trunk/wp-admin/admin-functions.php (modified) (3 diffs)
trunk/wp-admin/bookmarklet.php (modified) (4 diffs)
trunk/wp-admin/categories.php (modified) (5 diffs)
trunk/wp-admin/edit-comments.php (modified) (2 diffs)
trunk/wp-admin/edit-form-advanced.php (modified) (1 diff)
trunk/wp-admin/edit-page-form.php (modified) (1 diff)
trunk/wp-admin/edit.php (modified) (4 diffs)
trunk/wp-admin/link-add.php (modified) (3 diffs)
trunk/wp-admin/link-categories.php (modified) (8 diffs)
trunk/wp-admin/link-manager.php (modified) (10 diffs)
trunk/wp-admin/options.php (modified) (2 diffs)
trunk/wp-admin/plugin-editor.php (modified) (1 diff)
trunk/wp-admin/post.php (modified) (2 diffs)
trunk/wp-admin/profile.php (modified) (2 diffs)
trunk/wp-admin/sidebar.php (modified) (1 diff)
trunk/wp-admin/templates.php (modified) (2 diffs)
trunk/wp-admin/theme-editor.php (modified) (1 diff)
trunk/wp-admin/user-edit.php (modified) (2 diffs)
trunk/wp-admin/users.php (modified) (4 diffs)
trunk/wp-comments-popup.php (modified) (1 diff)
trunk/wp-comments.php (modified) (1 diff)
trunk/wp-includes/classes.php (modified) (9 diffs)
trunk/wp-includes/functions-formatting.php (modified) (1 diff)
trunk/wp-includes/functions-post.php (modified) (1 diff)
trunk/wp-includes/functions.php (modified) (1 diff)
trunk/wp-includes/links.php (modified) (2 diffs)
trunk/wp-includes/template-functions-author.php (modified) (2 diffs)
trunk/wp-includes/template-functions-category.php (modified) (1 diff)
trunk/wp-includes/template-functions-comment.php (modified) (2 diffs)
trunk/wp-includes/template-functions-general.php (modified) (1 diff)
trunk/wp-includes/template-functions-post.php (modified) (3 diffs)
trunk/wp-includes/vars.php (modified) (1 diff)
trunk/wp-links-opml.php (modified) (1 diff)
trunk/wp-trackback.php (modified) (1 diff)
trunk/xmlrpc.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/wp-admin/admin-functions.php

r1938	r1940
91	91	echo '<label for="category-', $category['cat_ID'], '" class="selectit"><input value="', $category['cat_ID'],
92	92	'" type="checkbox" name="post_category[]" id="category-', $category['cat_ID'], '"',
93		($category['checked'] ? ' checked="checked"' : ""), '/> ', ~~html~~specialchars($category['cat_name']), "</label>\n";
	93	($category['checked'] ? ' checked="checked"' : ""), '/> ', wp_specialchars($category['cat_name']), "</label>\n";
94	94
95	95	if(isset($category['children'])) {
…	…
114	114	foreach ($categories as $category) {
115	115	if ($category->category_parent == $parent) {
116		$category->cat_name = ~~html~~specialchars($category->cat_name);
	116	$category->cat_name = wp_specialchars($category->cat_name);
117	117	$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
118	118	$pad = str_repeat('— ', $level);
…	…
145	145	$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
146	146	$pad = str_repeat('– ', $level);
147		$category->cat_name = ~~html~~specialchars($category->cat_name);
	147	$category->cat_name = wp_specialchars($category->cat_name);
148	148	echo "\n\t<option value='$category->cat_ID'";
149	149	if ($currentparent == $category->cat_ID)

trunk/wp-admin/bookmarklet.php

r1839	r1940
21	21	<?php
22	22	} else {
23		$popuptitle = ~~html~~specialchars(stripslashes($popuptitle));
24		$text = ~~html~~specialchars(stripslashes(urldecode($text)));
	23	$popuptitle = wp_specialchars(stripslashes($popuptitle));
	24	$text = wp_specialchars(stripslashes(urldecode($text)));
25	25
26	26	/* big funky fixes for browsers' javascript bugs */
…	…
41	41	}
42	42
43		$post_title = ~~$_REQUEST['post_title']~~;
	43	$post_title = wp_specialchars($_REQUEST['post_title']);
44	44	if (!empty($post_title)) {
45	45	$post_title = stripslashes($post_title);
…	…
47	47	$post_title = $popuptitle;
48	48	}
49		// I'm not sure why we're using $edited_post_title in the edit-form.php, but we are
50		// and that is what is being included below. For this reason, I am just duplicating
51		// the var instead of changing the assignment on the lines above.
52		// -- Alex King 2004-01-07
53		$edited_post_title = htmlspecialchars($post_title);
	49
	50	$edited_post_title = wp_specialchars($post_title);
54	51
55	52	// $post_pingback needs to be set in any file that includes edit-form.php
56	53	$post_pingback = get_settings('default_pingback_flag');
57	54
58		$content = htmlspecialchars($_REQUEST['content']);
59		if (!empty($content)) {
60		$content = stripslashes($content);
	55	$content = wp_specialchars($_REQUEST['content']);
	56	$popupurl = wp_specialchars($_REQUEST['popupurl']);
	57	if ( !empty($content) ) {
	58	$content = wp_specialchars( stripslashes($_REQUEST['content']) );
61	59	} else {
62	60	$content = '<a href="'.$popupurl.'">'.$popuptitle.'</a>'."\n$text";
…	…
72	70	<link rel="stylesheet" href="wp-admin.css" type="text/css" />
73	71	<link rel="shortcut icon" href="../wp-images/wp-favicon.png" />
74		~~<script type="text/javascript">~~
75		~~<!--~~
76		~~function launchupload() {~~
77		~~window.open ("upload.php", "wpupload", "width=380,height=360,location=0,menubar=0,resizable=1,scrollbars=yes,status=1,toolbar=0");~~
78		}
79	72
80		~~//-->~~
81		~~</script>~~
82	73	<style type="text/css">
83	74	<!--

trunk/wp-admin/categories.php

r1930	r1940
27	27	die (__('Cheatin’ uh?'));
28	28
29		$cat_name= ~~$_POST['cat_name']~~;
	29	$cat_name= wp_specialchars($_POST['cat_name']);
30	30	$id_result = $wpdb->get_row("SHOW TABLE STATUS LIKE '$wpdb->categories'");
31	31	$cat_ID = $id_result->Auto_increment;
…	…
65	65
66	66	require_once ('admin-header.php');
67		$cat_ID = ~~intval($_GET['cat_ID'])~~;
	67	$cat_ID = (int) $_GET['cat_ID'];
68	68	$category = $wpdb->get_row("SELECT * FROM $wpdb->categories WHERE cat_ID = '$cat_ID'");
69	69	$cat_name = $category->cat_name;
…	…
76	76	<tr>
77	77	<th width="33%" scope="row"><?php _e('Category name:') ?></th>
78		<td width="67%"><input name="cat_name" type="text" value="<?php echo ~~html~~specialchars($cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
	78	<td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
79	79	<input type="hidden" name="cat_ID" value="<?php echo $cat_ID ?>" /></td>
80	80	</tr>
81	81	<tr>
82	82	<th scope="row"><?php _e('Category slug:') ?></th>
83		<td><input name="category_nicename" type="text" value="<?php echo ~~html~~specialchars($category->category_nicename); ?>" size="40" /></td>
	83	<td><input name="category_nicename" type="text" value="<?php echo wp_specialchars($category->category_nicename); ?>" size="40" /></td>
84	84	</tr>
85	85	<tr>
…	…
93	93	<tr>
94	94	<th scope="row"><?php _e('Description:') ?></th>
95		<td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo ~~htmlspecialchars($category->category_description, ENT_NOQUOTES~~); ?></textarea></td>
	95	<td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description, 1); ?></textarea></td>
96	96	</tr>
97	97	</table>
…	…
108	108	die (__('Cheatin’ uh?'));
109	109
110		$cat_name = ~~$_POST['cat_name']~~;
	110	$cat_name = wp_specialchars($_POST['cat_name']);
111	111	$cat_ID = (int) $_POST['cat_ID'];
112	112	$category_nicename = sanitize_title($_POST['category_nicename'], $cat_ID);

trunk/wp-admin/edit-comments.php

r1875	r1940
7	7	require_once('admin-header.php');
8	8	if (empty($_GET['mode'])) $mode = 'view';
9		else $mode = ~~htmlspecialchars($_GET['mode']~~);
	9	else $mode = wp_specialchars($_GET['mode'], 1);
10	10	?>
11	11
…	…
30	30	<fieldset>
31	31	<legend><?php _e('Show Comments That Contain...') ?></legend>
32		<input type="text" name="s" value="<?php if (isset($_GET['s'])) echo ~~htmlspecialchars($_GET['s']~~); ?>" size="17" />
	32	<input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" />
33	33	<input type="submit" name="submit" value="<?php _e('Search') ?>" />
34	34	<input type="hidden" name="mode" value="<?php echo $mode; ?>" />

trunk/wp-admin/edit-form-advanced.php

r1937	r1940
129	129	}
130	130	?>
131		<input name="referredby" type="hidden" id="referredby" value="<?php echo ~~html~~specialchars($_SERVER['HTTP_REFERER']); ?>" />
	131	<input name="referredby" type="hidden" id="referredby" value="<?php echo wp_specialchars($_SERVER['HTTP_REFERER']); ?>" />
132	132	</p>
133	133

trunk/wp-admin/edit-page-form.php

r1935	r1940
78	78	<p class="submit">
79	79	<input name="savepage" type="submit" id="savepage" tabindex="6" value="<?php $post_ID ? _e('Edit Page') :_e('Create New Page') ?> »" />
80		<input name="referredby" type="hidden" id="referredby" value="<?php if (isset($_SERVER['HTTP_REFERER'])) echo ~~html~~specialchars($_SERVER['HTTP_REFERER']); ?>" />
	80	<input name="referredby" type="hidden" id="referredby" value="<?php if (isset($_SERVER['HTTP_REFERER'])) echo wp_specialchars($_SERVER['HTTP_REFERER']); ?>" />
81	81	</p>
82	82

trunk/wp-admin/edit.php

r1889	r1940
5	5	$parent_file = 'edit.php';
6	6	require_once('admin-header.php');
	7
	8	$_GET['m'] = (int) $_GET['m'];
7	9
8	10	get_currentuserinfo();
…	…
66	68	echo $month[substr( $_GET['m'], 4, 2 )] . ' ' . substr( $_GET['m'], 0, 4 );
67	69	} elseif ( isset( $_GET['s'] ) ) {
68		printf(__('Search for “%s”'), ~~html~~specialchars($_GET['s']) );
	70	printf(__('Search for “%s”'), wp_specialchars($_GET['s']) );
69	71	} else {
70	72	_e('Last 15 Posts');
…	…
91	93	$arc_month = $arc_row->mmonth;
92	94
93		if( isset($_GET['m']) && $arc_year . zeroise($arc_month, 2) == $_GET['m'] )
	95	if( isset($_GET['m']) && $arc_year . zeroise($arc_month, 2) == (int) $_GET['m'] )
94	96	$default = 'selected="selected"';
95	97	else
…	…
122	124	<?php
123	125	$what_to_show = 'posts';
124		if ( empty($_GET['m']) && empty($_GET['s']) ) {
	126	if ( empty($_GET['m']) \|\| 0 == $_GET['m'] && empty($_GET['s']) ) {
125	127	$showposts = 15;
126	128	} else {

trunk/wp-admin/link-add.php

r1818	r1940
2	2	require_once('admin.php');
3	3
4		$title = ~~'Add Link'~~;
	4	$title = __('Add Link');
5	5	$this_file = 'link-manager.php';
6	6	$parent_file = 'link-manager.php';
7	7
8	8	function category_dropdown($fieldname, $selected = 0) {
9		global $wpdb;
10
11		$results = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle FROM $wpdb->linkcategories ORDER BY cat_id");
12		~~echo ' <select name="'.$fieldname.'" size="1">'."~~\n";
13		foreach ($results as $row) {
14		~~echo " <option value=\"".$row->cat_id."\"~~";
15		if ($row->cat_id == $selected)
16		~~echo " selected~~";
17		~~echo ">".$row->cat_id.": ".html~~specialchars($row->cat_name);
18		if ($row->auto_toggle == 'Y')
19		echo ' (auto toggle)';
20		~~echo "</option>\n~~";
21		}
22		~~echo "~~ </select>\n";
	9	global $wpdb;
	10
	11	$results = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle FROM $wpdb->linkcategories ORDER BY cat_id");
	12	echo "\n<select name='$fieldname' size='1'>\n";
	13	foreach ($results as $row) {
	14	echo "\n\t<option value='$row->cat_id'";
	15	if ($row->cat_id == $selected)
	16	echo " selected='selected'";
	17	echo ">$row->cat_id : " . wp_specialchars($row->cat_name);
	18	if ($row->auto_toggle == 'Y')
	19	echo ' (auto toggle)';
	20	echo "</option>";
	21	}
	22	echo "\n</select>\n";
23	23	}
24	24
…	…
50	50
51	51	<?php if ($_GET['added']) : ?>
52		<div class="updated"><p>~~Link added.~~</p></div>
	52	<div class="updated"><p><?php _e('Link added.'); ?></p></div>
53	53	<?php endif; ?>
54	54	<div class="wrap">
…	…
60	60	<tr>
61	61	<th width="33%" scope="row"><?php _e('URI:') ?></th>
62		<td width="67%"><input type="text" name="linkurl" value="<?php echo ~~$_GET['linkurl']~~; ?>" style="width: 95%;" /></td>
	62	<td width="67%"><input type="text" name="linkurl" value="<?php echo wp_specialchars($_GET['linkurl'], 1); ?>" style="width: 95%;" /></td>
63	63	</tr>
64	64	<tr>
65	65	<th scope="row"><?php _e('Link Name:') ?></th>
66		<td><input type="text" name="name" value="<?php echo ~~urldecode($_GET['name']~~); ?>" style="width: 95%" /></td>
	66	<td><input type="text" name="name" value="<?php echo wp_specialchars( urldecode($_GET['name']), 1 ); ?>" style="width: 95%" /></td>
67	67	</tr>
68	68	<tr>

trunk/wp-admin/link-categories.php

r1818	r1940
29	29	die (__("Cheatin' uh ?"));
30	30
31		$cat_name = ~~addslashe~~s($_POST['cat_name']);
	31	$cat_name = wp_specialchars($_POST['cat_name']);
32	32	$auto_toggle = $_POST['auto_toggle'];
33	33	if ($auto_toggle != 'Y') {
…	…
80	80	case 'Delete':
81	81	{
82		$cat_id = $_GET['cat_id'];
	82	$cat_id = (int) $_GET['cat_id'];
83	83	$cat_name=get_linkcatname($cat_id);
84	84
…	…
98	98	{
99	99	include_once ('admin-header.php');
100		$cat_id = $_GET['cat_id'];
	100	$cat_id = (int) $_GET['cat_id'];
101	101	$row = $wpdb->get_row("SELECT cat_id, cat_name, auto_toggle, show_images, show_description, "
102	102	. " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
…	…
109	109
110	110	<div class="wrap">
111		<h2>Edit “<?php echo ~~html~~specialchars($row->cat_name)?>” Category </h2>
	111	<h2>Edit “<?php echo wp_specialchars($row->cat_name)?>” Category </h2>
112	112
113	113	<form name="editcat" method="post">
…	…
119	119	<tr>
120	120	<th width="33%" scope="row"><?php _e('Name:') ?></th>
121		<td width="67%"><input name="cat_name" type="text" value="<?php echo ~~html~~specialchars($row->cat_name)?>" size="30" /></td>
	121	<td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($row->cat_name)?>" size="30" /></td>
122	122	</tr>
123	123	<tr>
…	…
177	177	<tr>
178	178	<th width="33%" scope="row"><?php _e('Before Link:') ?></th>
179		<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo ~~html~~specialchars($row->text_before_link)?>" /></td>
	179	<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link)?>" /></td>
180	180	</tr>
181	181	<tr>
182	182	<th scope="row"><?php _e('Between Link and Description:') ?></th>
183		<td><input type="text" name="text_after_link" size="45" value="<?php echo ~~html~~specialchars($row->text_after_link)?>" /></td>
	183	<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link)?>" /></td>
184	184	</tr>
185	185	<tr>
186	186	<th scope="row"><?php _e('After Link:') ?></th>
187		<td><input type="text" name="text_after_all" size="45" value="<?php echo ~~html~~specialchars($row->text_after_all)?>"/></td>
	187	<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all)?>"/></td>
188	188	</tr>
189	189	</table>
…	…
205	205	if (isset($submit)) {
206	206
207		$cat_id=$_POST["cat_id"];
208
209		$cat_name= ~~$_POST["cat_name"]~~;
	207	$cat_id = (int)$_POST["cat_id"];
	208
	209	$cat_name= wp_specialchars($_POST["cat_name"]);
210	210	$auto_toggle = $_POST["auto_toggle"];
211	211	if ($auto_toggle != 'Y') {
…	…
311	311	?>
312	312	<tr valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;">
313		<td><?php echo ~~html~~specialchars($row->cat_name)?></td>
	313	<td><?php echo wp_specialchars($row->cat_name)?></td>
314	314	<td ><?php echo $row->cat_id?></td>
315	315	<td><?php echo $row->auto_toggle?></td>

trunk/wp-admin/link-manager.php

r1856	r1940
33	33	if ($row->cat_id == $selected)
34	34	echo " selected='selected'";
35		echo ">$row->cat_id: ".~~html~~specialchars($row->cat_name);
	35	echo ">$row->cat_id: ".wp_specialchars($row->cat_name);
36	36	if ('Y' == $row->auto_toggle)
37	37	echo ' (auto toggle)';
…	…
161	161	check_admin_referer();
162	162
163		$link_url = ~~$_POST['linkurl']~~;
	163	$link_url = wp_specialchars($_POST['linkurl']);
164	164	$link_url = preg_match('/^(https?\|ftps?\|mailto\|news\|gopher):/is', $link_url) ? $link_url : 'http://' . $link_url;
165		$link_name = ~~$_POST['name']~~;
166		$link_image = ~~$_POST['image']~~;
	165	$link_name = wp_specialchars($_POST['name']);
	166	$link_image = wp_specialchars($_POST['image']);
167	167	$link_target = $_POST['target'];
168	168	$link_category = $_POST['category'];
…	…
172	172	$link_rel = $_POST['rel'];
173	173	$link_notes = $_POST['notes'];
174		$link_rss_uri = ~~$_POST['rss_uri']~~;
	174	$link_rss_uri = wp_specialchars($_POST['rss_uri']);
175	175	$auto_toggle = get_autotoggle($link_category);
176	176
…	…
208	208	check_admin_referer();
209	209
210		$link_id = $_POST['link_id'];
211		$link_url = ~~$_POST['linkurl']~~;
	210	$link_id = (int) $_POST['link_id'];
	211	$link_url = wp_specialchars($_POST['linkurl']);
212	212	$link_url = preg_match('/^(https?\|ftps?\|mailto\|news\|gopher):/is', $link_url) ? $link_url : 'http://' . $link_url;
213		$link_name = ~~$_POST['name']~~;
214		$link_image = ~~$_POST['image']~~;
215		$link_target = ~~$_POST['target']~~;
	213	$link_name = wp_specialchars($_POST['name']);
	214	$link_image = wp_specialchars($_POST['image']);
	215	$link_target = wp_specialchars($_POST['target']);
216	216	$link_category = $_POST['category'];
217	217	$link_description = $_POST['description'];
…	…
271	271	} // end Delete
272	272
273		case 'linkedit':
274		{
	273	case 'linkedit': {
275	274	$xfn = true;
276	275	include_once ('admin-header.php');
277		if ($user_level < 5) {
	276	if ($user_level < 5)
278	277	die(__('You do not have sufficient permissions to edit the links for this blog.'));
279		}
	278
280	279	$link_id = (int) $_GET['link_id'];
281		$row = $wpdb->get_row("SELECT *
282		FROM $wpdb->links
283		WHERE link_id = $link_id");
	280	$row = $wpdb->get_row("SELECT * FROM $wpdb->links WHERE link_id = $link_id");
284	281
285	282	if ($row) {
286		$link_url = ~~htmlspecialchars($row->link_url~~);
287		$link_name = ~~htmlspecialchars($row->link_name~~);
	283	$link_url = wp_specialchars($row->link_url, 1);
	284	$link_name = wp_specialchars($row->link_name, 1);
288	285	$link_image = $row->link_image;
289	286	$link_target = $row->link_target;
290	287	$link_category = $row->link_category;
291		$link_description = ~~html~~specialchars($row->link_description);
	288	$link_description = wp_specialchars($row->link_description);
292	289	$link_visible = $row->link_visible;
293	290	$link_rating = $row->link_rating;
294	291	$link_rel = $row->link_rel;
295		$link_notes = htmlspecialchars($row->link_notes);
296		$link_rss_uri = htmlspecialchars($row->link_rss);
297		}
	292	$link_notes = wp_specialchars($row->link_notes);
	293	$link_rss_uri = wp_specialchars($row->link_rss);
	294	} else {
	295	die( __('Link not found.') );
	296	}
298	297
299	298	?>
…	…
493	492	<p class="submit"><input type="submit" name="submit" value="<?php _e('Save Changes »') ?>" />
494	493	<input type="hidden" name="action" value="editlink" />
495		<input type="hidden" name="link_id" value="<?php echo $link_id; ?>" />
496		<input type="hidden" name="order_by" value="<?php echo ~~$order_by~~ ?>" />
497		<input type="hidden" name="cat_id" value="<?php echo $cat_id ?>" /></p>
	494	<input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
	495	<input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
	496	<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" /></p>
498	497	</form>
499	498	</div>
…	…
599	598	if ($row->cat_id == $cat_id)
600	599	echo " selected='selected'";
601		echo ">".$row->cat_id.": ".~~html~~specialchars($row->cat_name);
	600	echo ">".$row->cat_id.": ".wp_specialchars($row->cat_name);
602	601	if ($row->auto_toggle == 'Y')
603	602	echo ' (auto toggle)';
…	…
631	630	<input type="hidden" name="link_id" value="" />
632	631	<input type="hidden" name="action" value="" />
633		<input type="hidden" name="order_by" value="<?php echo ~~$order_by~~ ?>" />
634		<input type="hidden" name="cat_id" value="<?php echo $cat_id ?>" />
	632	<input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
	633	<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
635	634	<table width="100%" cellpadding="3" cellspacing="3">
636	635	<tr>
…	…
661	660	if ($links) {
662	661	foreach ($links as $link) {
663		$link->link_name = ~~html~~specialchars($link->link_name);
664		$link->link_category = ~~html~~specialchars($link->link_category);
665		$link->link_description = ~~html~~specialchars($link->link_description);
666		$link->link_url = ~~html~~specialchars($link->link_url);
	662	$link->link_name = wp_specialchars($link->link_name);
	663	$link->link_category = wp_specialchars($link->link_category);
	664	$link->link_description = wp_specialchars($link->link_description);
	665	$link->link_url = wp_specialchars($link->link_url);
667	666	$short_url = str_replace('http://', '', $link->link_url);
668	667	$short_url = str_replace('www.', '', $short_url);
…	…
754	753	?>
755	754
756
757
758	755	<?php include('admin-footer.php'); ?>

trunk/wp-admin/options.php

r1915	r1940
49	49	if ($user_level >= $option->option_admin_level) {
50	50	$old_val = $option->option_value;
51		$new_val = ~~$_POST[$option->option_name]~~;
	51	$new_val = wp_specialchars($_POST[$option->option_name]);
52	52	if (!$new_val) {
53	53	if (3 == $option->option_type)
…	…
89	89
90	90	foreach ($options as $option) :
91		$value = ~~html~~specialchars($option->option_value);
	91	$value = wp_specialchars($option->option_value);
92	92	echo "
93	93	<tr>

trunk/wp-admin/plugin-editor.php

r1897	r1940
68	68	$f = fopen($real_file, 'r');
69	69	$content = fread($f, filesize($real_file));
70		$content = ~~html~~specialchars($content);
	70	$content = wp_specialchars($content);
71	71	}
72	72

trunk/wp-admin/post.php

r1917	r1940
657	657	$default_post_cat = get_settings('default_category');
658	658
659		$content = ~~html~~specialchars($content);
	659	$content = wp_specialchars($content);
660	660	$content = apply_filters('default_content', $content);
661	661	$edited_post_title = apply_filters('default_title', $edited_post_title);
…	…
678	678	if ($is_NS4 \|\| $is_gecko) {
679	679	?>
680		<a href="javascript:if(navigator.userAgent.indexOf('Safari') >= 0){Q=getSelection();}else{Q=document.selection?document.selection.createRange().text:document.getSelection();}void(window.open('<?php echo get_settings('siteurl') ?>/wp-admin/bookmarklet.php?text='+encodeURIComponent(Q)+'&popupurl='+encodeURIComponent(location.href)+'&popuptitle='+encodeURIComponent(document.title),'<?php _e('WordPress bookmarklet') ?>','scrollbars=yes,width=600,height=460,left=100,top=150,status=yes'));"><?php printf(__('Press It - %s'), ~~html~~specialchars(get_settings('blogname'))); ?></a>
	680	<a href="javascript:if(navigator.userAgent.indexOf('Safari') >= 0){Q=getSelection();}else{Q=document.selection?document.selection.createRange().text:document.getSelection();}void(window.open('<?php echo get_settings('siteurl') ?>/wp-admin/bookmarklet.php?text='+encodeURIComponent(Q)+'&popupurl='+encodeURIComponent(location.href)+'&popuptitle='+encodeURIComponent(document.title),'<?php _e('WordPress bookmarklet') ?>','scrollbars=yes,width=600,height=460,left=100,top=150,status=yes'));"><?php printf(__('Press It - %s'), wp_specialchars(get_settings('blogname'))); ?></a>
681	681	<?php
682	682	} else if ($is_winIE) {

trunk/wp-admin/profile.php

r1866	r1940
2	2	require_once('admin.php');
3	3
4		$title = ~~"Profile"~~;
	4	$title = 'Profile';
5	5	$parent_file = 'profile.php';
6	6
7		$wpvarstoreset = array('action',~~'redirect','profile',~~'user');
	7	$wpvarstoreset = array('action', 'profile', 'user');
8	8	for ($i=0; $i<count($wpvarstoreset); $i += 1) {
9	9	$wpvar = $wpvarstoreset[$i];
…	…
67	67	}
68	68
69		$newuser_firstname = ~~$_POST['newuser_firstname']~~;
70		$newuser_lastname = ~~$_POST['newuser_lastname']~~;
	69	$newuser_firstname = wp_specialchars($_POST['newuser_firstname']);
	70	$newuser_lastname = wp_specialchars($_POST['newuser_lastname']);
71	71	$newuser_nickname = $_POST['newuser_nickname'];
72	72	$newuser_nicename = sanitize_title($newuser_nickname);
73		$newuser_icq = ~~$_POST['newuser_icq']~~;
74		$newuser_aim = ~~$_POST['newuser_aim']~~;
75		$newuser_msn = ~~$_POST['newuser_msn']~~;
76		$newuser_yim = ~~$_POST['newuser_yim']~~;
77		$newuser_email = ~~$_POST['newuser_email']~~;
78		$newuser_url = ~~$_POST['newuser_url'~~];
	73	$newuser_icq = wp_specialchars($_POST['newuser_icq']);
	74	$newuser_aim = wp_specialchars($_POST['newuser_aim']);
	75	$newuser_msn = wp_specialchars($_POST['newuser_msn']);
	76	$newuser_yim = wp_specialchars($_POST['newuser_yim']);
	77	$newuser_email = wp_specialchars($_POST['newuser_email']);
	78	$newuser_url = wp_specialchars($_POST['newuser_url')];
79	79	$newuser_url = preg_match('/^(https?\|ftps?\|mailto\|news\|gopher):/is', $newuser_url) ? $newuser_url : 'http://' . $newuser_url;
80		$newuser_idmode~~=$_POST['newuser_idmode']~~;
	80	$newuser_idmode = wp_specialchars($_POST['newuser_idmode']);
81	81	$user_description = $_POST['user_description'];
82	82

trunk/wp-admin/sidebar.php

r1429	r1940
31	31	<head>
32	32	<title>WordPress › Sidebar</title>
33		<meta http-equiv="Content-Type" content="text/html; charset=<?php ~~echo $blog_charset~~ ?>" />
	33	<meta http-equiv="Content-Type" content="text/html; charset=<?php bloginfo('blog_charset'); ?>" />
34	34	<link rel="stylesheet" href="wp-admin.css" type="text/css" />
35	35	<link rel="shortcut icon" href="../wp-images/wp-favicon.png" />

trunk/wp-admin/templates.php

r1938	r1940
64	64	$f = fopen($real_file, 'r');
65	65	$content = fread($f, filesize($real_file));
66		$content = ~~html~~specialchars($content);
	66	$content = wp_specialchars($content);
67	67	}
68	68
…	…
74	74	<?php
75	75	if (is_writeable($real_file)) {
76		echo '<h2>' . sprintf(__('Editing <strong>%s</strong>'), ~~$file~~) . '</h2>';
	76	echo '<h2>' . sprintf(__('Editing <strong>%s</strong>'), wp_specialchars($file) ) . '</h2>';
77	77	} else {
78		echo '<h2>' . sprintf(__('Browsing <strong>%s</strong>'), ~~$file~~) . '</h2>';
	78	echo '<h2>' . sprintf(__('Browsing <strong>%s</strong>'), wp_specialchars($file) ) . '</h2>';
79	79	}
80	80	?>

trunk/wp-admin/theme-editor.php

r1881	r1940
74	74	$f = fopen($real_file, 'r');
75	75	$content = fread($f, filesize($real_file));
76		$content = ~~html~~specialchars($content);
	76	$content = wp_specialchars($content);
77	77	}
78	78

trunk/wp-admin/user-edit.php

r1924	r1940
46	46	}
47	47
48		$new_user_login = ~~$_POST['new_user_login']~~;
49		$new_firstname = ~~$_POST['new_firstname']~~;
50		$new_lastname = ~~$_POST['new_lastname']~~;
	48	$new_user_login = wp_specialchars($_POST['new_user_login']);
	49	$new_firstname = wp_specialchars($_POST['new_firstname']);
	50	$new_lastname = wp_specialchars($_POST['new_lastname']);
51	51	$new_nickname = $_POST['new_nickname'];
52	52	$new_nicename = sanitize_title($new_nickname, $user_id);
53		$new_icq = ~~$_POST['new_icq']~~;
54		$new_aim = ~~$_POST['new_aim']~~;
55		$new_msn = ~~$_POST['new_msn']~~;
56		$new_yim = ~~$_POST['new_yim']~~;
57		$new_email = ~~$_POST['new_email']~~;
58		$new_url = ~~$_POST['new_url']~~;
	53	$new_icq = wp_specialchars($_POST['new_icq']);
	54	$new_aim = wp_specialchars($_POST['new_aim']);
	55	$new_msn = wp_specialchars($_POST['new_msn']);
	56	$new_yim = wp_specialchars($_POST['new_yim']);
	57	$new_email = wp_specialchars($_POST['new_email']);
	58	$new_url = wp_specialchars($_POST['new_url']);
59	59	$new_url = preg_match('/^(https?\|ftps?\|mailto\|news\|gopher):/is', $new_url) ? $new_url : 'http://' . $new_url;
60		$new_idmode = ~~$_POST['new_idmode']~~;
	60	$new_idmode = wp_specialchars($_POST['new_idmode']);
61	61	$new_description = $_POST['new_description'];
62	62
…	…
196	196	break;
197	197	}
198
199		/* </Team> */
	198
200	199	include('admin-footer.php');
201	200	?>

trunk/wp-admin/users.php

r1902	r1940
5	5	$parent_file = 'users.php';
6	6
7		$wpvarstoreset = array('action'~~,'standalone','redirect','profile'~~);
	7	$wpvarstoreset = array('action');
8	8	for ($i=0; $i<count($wpvarstoreset); $i += 1) {
9	9	$wpvar = $wpvarstoreset[$i];
…	…
25	25	check_admin_referer();
26	26
27		function filter($value) {
28		return ereg('^[a-zA-Z0-9\_-\\|]+$',$value);
29		}
30
31		$user_login = $_POST['user_login'];
32		$pass1 = $_POST['pass1'];
33		$pass2 = $_POST['pass2'];
34		$user_email = $_POST['email'];
35		$user_firstname = $_POST['firstname'];
36		$user_lastname = $_POST['lastname'];
37		$user_uri = $_POST['uri'];
	27	$user_login = wp_specialchars($_POST['user_login']);
	28	$pass1 = $_POST['pass1'];
	29	$pass2 = $_POST['pass2'];
	30	$user_email = wp_specialchars($_POST['email']);
	31	$user_firstname = wp_specialchars($_POST['firstname']);
	32	$user_lastname = wp_specialchars($_POST['lastname']);
	33	$user_uri = wp_specialchars($_POST['uri']);
38	34
39	35	/* checking login has been typed */
…	…
131	127	check_admin_referer();
132	128
133		$id = ~~intval($_GET['id'])~~;
	129	$id = (int) $_GET['id'];
134	130
135	131	if (!$id) {
…	…
229	225
230	226	<?php
231		$users = $wpdb->get_results("SELECT * FROM $wpdb->users WHERE user_level = 0 ORDER BY ID");
232		if ($users) {
	227	$users = $wpdb->get_results("SELECT * FROM $wpdb->users WHERE user_level = 0 ORDER BY ID");
	228	if ($users) {
233	229	?>
234	230	<div class="wrap">

trunk/wp-comments-popup.php

r1855	r1940
64	64	<label for="author"><?php _e("Name"); ?></label>
65	65	<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
66		<input type="hidden" name="redirect_to" value="<?php echo ~~html~~specialchars($_SERVER["REQUEST_URI"]); ?>" />
	66	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
67	67	</p>
68	68

trunk/wp-comments.php

r1855	r1940
42	42	<label for="author"><?php _e('Name'); ?></label> <?php if ($req) _e('(required)'); ?>
43	43	<input type="hidden" name="comment_post_ID" value="<?php echo $post->ID; ?>" />
44		<input type="hidden" name="redirect_to" value="<?php echo ~~html~~specialchars($_SERVER['REQUEST_URI']); ?>" />
	44	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER['REQUEST_URI']); ?>" />
45	45	</p>
46	46

trunk/wp-includes/classes.php

r1933	r1940
58	58	$this->query = $query;
59	59	$this->query_vars = $qv;
	60	$qv['m'] = (int) $qv['m'];
60	61
61	62	if ('' != $qv['name']) {
…	…
72	73	}
73	74
74		if (~~'' !=~~ $qv['second']) {
	75	if ( (int) $qv['second']) {
75	76	$this->is_time = true;
76	77	$this->is_date = true;
77	78	}
78	79
79		if (~~'' !=~~ $qv['minute']) {
	80	if ( (int) $qv['minute']) {
80	81	$this->is_time = true;
81	82	$this->is_date = true;
82	83	}
83	84
84		if (~~'' !=~~ $qv['hour']) {
	85	if ( (int) $qv['hour']) {
85	86	$this->is_time = true;
86		$this->is_date = true;
87		}
88
89		if (~~'' !=~~ $qv['day']) {
	87	$this->is_date = true;
	88	}
	89
	90	if ( (int) $qv['day']) {
90	91	if (! $this->is_date) {
91	92	$this->is_day = true;
…	…
94	95	}
95	96
96		if (~~'' !=~~ $qv['monthnum']) {
	97	if ( (int) $qv['monthnum']) {
97	98	if (! $this->is_date) {
98	99	$this->is_month = true;
…	…
101	102	}
102	103
103		if (~~'' !=~~ $qv['year']) {
	104	if ( (int) $qv['year']) {
104	105	if (! $this->is_date) {
105	106	$this->is_year = true;
…	…
108	109	}
109	110
110		if (~~'' !=~~ $qv['m']) {
	111	if ( (int) $qv['m']) {
111	112	$this->is_date = true;
112
113	113	if (strlen($qv['m']) > 9) {
114		$this->is_time = true;
115		} else if (strlen($qv['m']) > 7) {
116		$this->is_day = true;
117		} else if (strlen($qv['m']) > 5) {
118		$this->is_month = true;
119		} else {
120		$this->is_year = true;
121		}
	114	$this->is_time = true;
	115	} else if (strlen($qv['m']) > 7) {
	116	$this->is_day = true;
	117	} else if (strlen($qv['m']) > 5) {
	118	$this->is_month = true;
	119	} else {
	120	$this->is_year = true;
	121	}
122	122	}
123	123
…	…
233	233
234	234	// If a month is specified in the querystring, load that month
235		if (~~'' != $q['m']~~) {
	235	if ( (int) $q['m'] ) {
236	236	$q['m'] = '' . preg_replace('\|[^0-9]\|', '', $q['m']);
237	237	$where .= ' AND YEAR(post_date)=' . substr($q['m'], 0, 4);
…	…
248	248	}
249	249
250		if (~~'' != $q['hour']~~) {
	250	if ( (int) $q['hour'] ) {
251	251	$q['hour'] = '' . intval($q['hour']);
252	252	$where .= " AND HOUR(post_date)='" . $q['hour'] . "'";
253	253	}
254	254
255		if (~~'' != $q['minute']~~) {
	255	if ( (int) $q['minute'] ) {
256	256	$q['minute'] = '' . intval($q['minute']);
257	257	$where .= " AND MINUTE(post_date)='" . $q['minute'] . "'";
258	258	}
259	259
260		if (~~'' != $q['second']~~) {
	260	if ( (int) $q['second'] ) {
261	261	$q['second'] = '' . intval($q['second']);
262	262	$where .= " AND SECOND(post_date)='" . $q['second'] . "'";
263	263	}
264	264
265		if (~~'' != $q['year']~~) {
	265	if ( (int) $q['year'] ) {
266	266	$q['year'] = '' . intval($q['year']);
267	267	$where .= " AND YEAR(post_date)='" . $q['year'] . "'";
268	268	}
269	269
270		if (~~'' != $q['monthnum']~~) {
	270	if ( (int) $q['monthnum'] ) {
271	271	$q['monthnum'] = '' . intval($q['monthnum']);
272	272