Navigation

← Previous Changeset
Next Changeset →

Changeset 4112

Timestamp:

08/24/06 22:33:16 (2 years ago)

Author:

ryan

Message:

Make those chars feel special.

Files:

trunk/wp-admin/admin-db.php (modified) (1 diff)
trunk/wp-admin/admin-functions.php (modified) (5 diffs)
trunk/wp-admin/edit-form-advanced.php (modified) (1 diff)
trunk/wp-admin/options-misc.php (modified) (1 diff)
trunk/wp-admin/options-permalink.php (modified) (2 diffs)
trunk/wp-admin/options.php (modified) (2 diffs)
trunk/wp-admin/profile.php (modified) (1 diff)
trunk/wp-admin/user-edit.php (modified) (1 diff)
trunk/wp-admin/users.php (modified) (3 diffs)
trunk/wp-includes/default-filters.php (modified) (2 diffs)
trunk/wp-includes/functions.php (modified) (1 diff)
trunk/wp-includes/link-template.php (modified) (1 diff)
trunk/wp-includes/query.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/wp-admin/admin-db.php

r4041	r4112
294	294
295	295	$update = false;
	296
296	297	if ( !empty($link_id) )
297	298	$update = true;
298	299
	300	if( trim( $link_name ) == '' )
	301	return 0;
	302	$link_name = apply_filters('pre_link_name', $link_name);
	303
	304	if( trim( $link_url ) == '' )
	305	return 0;
	306	$link_url = apply_filters('pre_link_url', $link_url);
	307
299	308	if ( empty($link_rating) )
300	309	$link_rating = 0;
	310	else
	311	$link_rating = (int) $link_rating;
	312
	313	if ( empty($link_image) )
	314	$link_image = '';
	315	$link_image = apply_filters('pre_link_image', $link_image);
301	316
302	317	if ( empty($link_target) )
303	318	$link_target = '';
	319	$link_target = apply_filters('pre_link_target', $link_target);
304	320
305	321	if ( empty($link_visible) )
306	322	$link_visible = 'Y';
	323	$link_visibile = preg_replace('/[^YNyn]/', '', $link_visible);
307	324
308	325	if ( empty($link_owner) )
309	326	$link_owner = $current_user->id;
	327	else
	328	$link_owner = (int) $link_owner;
310	329
311	330	if ( empty($link_notes) )
312	331	$link_notes = '';
	332	$link_notes = apply_filters('pre_link_notes', $link_notes);
	333
	334	if ( empty($link_description) )
	335	$link_description = '';
	336	$link_description = apply_filters('pre_link_description', $link_description);
	337
	338	if ( empty($link_rss) )
	339	$link_rss = '';
	340	$link_rss = apply_filters('pre_link_rss', $link_rss);
	341
	342	if ( empty($link_rel) )
	343	$link_rel = '';
	344	$link_rel = apply_filters('pre_link_rel', $link_rel);
313	345
314	346	// Make sure we set a valid category

trunk/wp-admin/admin-functions.php

r4100	r4112
302	302	$post->post_title = apply_filters('title_edit_pre', $post->post_title);
303	303
	304	$post->post_password = format_to_edit($post->post_password);
	305
304	306	if ($post->post_type == 'page')
305	307	$post->page_template = get_post_meta($id, '_wp_page_template', true);
…	…
381	383	}
382	384
	385
	386	function get_user_to_edit($user_id) {
	387	$user = new WP_User($user_id);
	388	$user->user_login = wp_specialchars($user->user_login, 1);
	389	$user->user_email = wp_specialchars($user->user_email, 1);
	390	$user->user_url = wp_specialchars($user->user_url, 1);
	391	$user->first_name = wp_specialchars($user->first_name, 1);
	392	$user->last_name = wp_specialchars($user->last_name, 1);
	393	$user->display_name = wp_specialchars($user->display_name, 1);
	394	$user->nickname = wp_specialchars($user->nickname, 1);
	395	$user->aim = wp_specialchars($user->aim, 1);
	396	$user->yim = wp_specialchars($user->yim, 1);
	397	$user->jabber = wp_specialchars($user->jabber, 1);
	398	$user->description = wp_specialchars($user->description);
	399
	400	return $user;
	401	}
383	402
384	403	// Creates a new user from the "Users" form using $_POST information.
…	…
510	529	$link->link_url = wp_specialchars($link->link_url, 1);
511	530	$link->link_name = wp_specialchars($link->link_name, 1);
512		$link->link_description = wp_specialchars($link->link_description);
	531	$link->link_image = wp_specialchars($link->link_image, 1);
	532	$link->link_description = wp_specialchars($link->link_description, 1);
513	533	$link->link_notes = wp_specialchars($link->link_notes);
514		$link->link_rss = wp_specialchars($link->link_rss);
	534	$link->link_rss = wp_specialchars($link->link_rss, 1);
	535	$link->link_rel = wp_specialchars($link->link_rel, 1);
515	536	$link->post_category = $link->link_category;
516	537
…	…
960	981	if ('_' == $entry['meta_key'] { 0 })
961	982	$style .= ' hidden';
962		$key_js = ~~addslashes(wp_specialchars( $entry['meta_key'], 'double' )~~);
	983	$key_js = js_escape($entry['meta_key']);
963	984	$entry['meta_key'] = wp_specialchars( $entry['meta_key'], true );
964	985	$entry['meta_value'] = wp_specialchars( $entry['meta_value'], true );
…	…
1012	1033
1013	1034	foreach ($keys as $key) {
	1035	$key = wp_specialchars($key, 1);
1014	1036	echo "\n\t<option value='$key'>$key</option>";
1015	1037	}

trunk/wp-admin/edit-form-advanced.php

r4094	r4112
40	40	$already_pinged = explode("\n", trim($post->pinged));
41	41	foreach ($already_pinged as $pinged_url) {
42		$pings .= "\n\t<li>~~$pinged_url~~</li>";
	42	$pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
43	43	}
44	44	$pings .= '</ul>';

trunk/wp-admin/options-misc.php

r3759	r4112
18	18	<tr valign="top">
19	19	<th scope="row"><?php _e('Store uploads in this folder'); ?>:</th>
20		<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo ~~str_replace(ABSPATH, '', get_settings('upload_path')~~); ?>" size="40" />
	20	<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo wp_specialchars(str_replace(ABSPATH, '', get_settings('upload_path')), 1); ?>" size="40" />
21	21	<br />
22	22	<?php _e('Default is <code>wp-content/uploads</code>'); ?>

trunk/wp-admin/options-permalink.php

r3759	r4112
149	149	<br />
150	150	</p>
151		<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo ~~$permalink_structure~~; ?>" size="50" /></p>
	151	<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo wp_specialchars($permalink_structure, 1); ?>" size="50" /></p>
152	152
153	153	<h3><?php _e('Optional'); ?></h3>
…	…
158	158	<?php endif; ?>
159	159	<p>
160		<?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo ~~$category_base~~; ?>" size="30" />
	160	<?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo wp_specialchars($category_base, 1); ?>" size="30" />
161	161	</p>
162	162	<p class="submit">

trunk/wp-admin/options.php

r4006	r4112
10	10	if ( !current_user_can('manage_options') )
11	11	wp_die(__('Cheatin’ uh?'));
	12
	13	function sanitize_option($option, $value) {
	14
	15	switch ($option) {
	16	case 'admin_email':
	17	$value = sanitize_email($value);
	18	break;
	19
	20	case 'default_post_edit_rows':
	21	case 'mailserver_port':
	22	case 'comment_max_links':
	23	$value = abs((int) $value);
	24	break;
	25
	26	case 'posts_per_page':
	27	case 'posts_per_rss':
	28	$value = (int) $value;
	29	if ( empty($value) ) $value = 1;
	30	if ( $value < -1 ) $value = abs($value);
	31	break;
	32
	33	case 'default_ping_status':
	34	case 'default_comment_status':
	35	// Options that if not there have 0 value but need to be something like "closed"
	36	if ( $value == '0' \|\| $value == '')
	37	$value = 'closed';
	38	break;
	39
	40	case 'blogdescription':
	41	case 'blogname':
	42	if (current_user_can('unfiltered_html') == false)
	43	$value = wp_filter_post_kses( $value );
	44	break;
	45
	46	case 'blog_charset':
	47	$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
	48	break;
	49
	50	case 'date_format':
	51	case 'time_format':
	52	case 'mailserver_url':
	53	case 'mailserver_login':
	54	case 'mailserver_pass':
	55	case 'ping_sites':
	56	case 'upload_path':
	57	$value = strip_tags($value);
	58	$value = wp_filter_kses($value);
	59	break;
	60
	61	case 'gmt_offset':
	62	$value = preg_replace('/[^0-9:.-]/', '', $value);
	63	break;
	64
	65	case 'siteurl':
	66	case 'home':
	67	$value = clean_url($value);
	68	break;
	69	}
	70
	71	return $value;
	72	}
12	73
13	74	switch($action) {
…	…
30	91	$old_home = get_settings('home');
31	92
32		~~// HACK~~
33		~~// Options that if not there have 0 value but need to be something like "closed"~~
34		~~$nonbools = array('default_ping_status', 'default_comment_status');~~
35	93	if ($options) {
36	94	foreach ($options as $option) {
37	95	$option = trim($option);
38	96	$value = trim(stripslashes($_POST[$option]));
39		if( in_array($option, $nonbools) && ( $value == '0' \|\| $value == '') )
40		$value = 'closed';
41
42		if( $option == 'blogdescription' \|\| $option == 'blogname' )
43		if (current_user_can('unfiltered_html') == false)
44		$value = wp_filter_post_kses( $value );
	97	$value = sanitize_option($option, $value);
45	98
46	99	if (update_option($option, $value) ) {

trunk/wp-admin/profile.php

r4079	r4112
9	9	$parent_file = 'profile.php';
10	10	include_once('admin-header.php');
11		$profileuser = ~~new WP_User~~($user_ID);
	11	$profileuser = get_user_to_edit($user_ID);
12	12
13	13	$bookmarklet_height= 440;

trunk/wp-admin/user-edit.php

r3946	r4112
41	41	include ('admin-header.php');
42	42
43		$profileuser = ~~new WP_User~~($user_id);
	43	$profileuser = get_user_to_edit($user_id);
44	44
45	45	if ( !current_user_can('edit_user', $user_id) )

trunk/wp-admin/users.php

r4000	r4112
98	98
99	99	function get_results() {
100		return $this->results;
	100	return (array) $this->results;
101	101	}
102	102
…	…
336	336
337	337	<?php if ( $wp_user_search->is_search() ) : ?>
338		<h2><?php printf(__('Users Matching "%s" by Role'), ~~$wp_user_search->search_term~~); ?></h2>
	338	<h2><?php printf(__('Users Matching "%s" by Role'), wp_specialchars($wp_user_search->search_term)); ?></h2>
339	339	<?php else : ?>
340	340	<h2><?php _e('User List by Role'); ?></h2>
…	…
342	342
343	343	<form action="" method="get" name="search" id="search">
344		<p><input type="text" name="usersearch" id="usersearch" value="<?php echo wp_specialchars($wp_user_search->search_term); ?>" /> <input type="submit" value="<?php _e('Search for users »'); ?>" /></p>
	344	<p><input type="text" name="usersearch" id="usersearch" value="<?php echo wp_specialchars($wp_user_search->search_term, 1); ?>" /> <input type="submit" value="<?php _e('Search for users »'); ?>" /></p>
345	345	</form>
346	346

trunk/wp-includes/default-filters.php

r4046	r4112
55	55	add_filter('pre_category_name', 'wp_specialchars', 30);
56	56	add_filter('pre_category_description', 'wp_filter_kses');
	57
	58	//Links
	59	add_filter('pre_link_name', 'strip_tags');
	60	add_filter('pre_link_name', 'trim');
	61	add_filter('pre_link_name', 'wp_filter_kses');
	62	add_filter('pre_link_name', 'wp_specialchars', 30);
	63	add_filter('pre_link_description', 'wp_filter_kses');
	64	add_filter('pre_link_notes', 'wp_filter_kses');
	65	add_filter('pre_link_url', 'strip_tags');
	66	add_filter('pre_link_url', 'trim');
	67	add_filter('pre_link_url', 'clean_url');
	68	add_filter('pre_link_image', 'strip_tags');
	69	add_filter('pre_link_image', 'trim');
	70	add_filter('pre_link_image', 'clean_url');
	71	add_filter('pre_link_rss', 'strip_tags');
	72	add_filter('pre_link_rss', 'trim');
	73	add_filter('pre_link_rss', 'clean_url');
	74	add_filter('pre_link_target', 'strip_tags');
	75	add_filter('pre_link_target', 'trim');
	76	add_filter('pre_link_target', 'wp_filter_kses');
	77	add_filter('pre_link_target', 'wp_specialchars', 30);
	78	add_filter('pre_link_rel', 'strip_tags');
	79	add_filter('pre_link_rel', 'trim');
	80	add_filter('pre_link_rel', 'wp_filter_kses');
	81	add_filter('pre_link_rel', 'wp_specialchars', 30);
57	82
58	83	// Users
…	…
116	141	// Misc filters
117	142	add_filter('option_ping_sites', 'privacy_ping_filter');
	143	add_filter('option_blog_charset', 'wp_specialchars');
118	144
119	145	// Actions

trunk/wp-includes/functions.php

r4109	r4112
200	200
201	201	function form_option($option) {
202		echo ~~htmlspecialchars( get_option($option), ENT_QUOTES~~ );
	202	echo wp_specialchars( get_option($option), 1 );
203	203	}
204	204

trunk/wp-includes/link-template.php

r3862	r4112
477	477
478	478	if (isset($max_num_pages)) return $max_num_pages;
479
	479	$posts_per = (int) get_option('posts_per_page');
	480	if ( empty($posts_per) ) $posts_per = 1;
	481
480	482	if ( 'posts' == get_query_var('what_to_show') ) {
481	483	preg_match('#FROM\s(.*)\sORDER BY#siU', $wp_query->request, $matches);
482	484	$fromwhere = $matches[1];
483	485	$numposts = $wpdb->get_var("SELECT COUNT(DISTINCT ID) FROM $fromwhere");
484		$max_num_pages = ceil($numposts / ~~get_option('posts_per_page')~~);
	486	$max_num_pages = ceil($numposts / $posts_per);
485	487	} else {
486	488	preg_match('#FROM\s(.*)\sORDER BY#siU', $wp_query->request, $matches);
487	489	$fromwhere = preg_replace('/( AND )?post_date >= (\'\|\")(.?)(\'\|\")( AND post_date <= (\'\")(.?)(\'\"))?/siU', '', $matches[1]);
488	490	$num_days = $wpdb->query("SELECT DISTINCT post_date FROM $fromwhere GROUP BY year(post_date), month(post_date), dayofmonth(post_date)");
489		$max_num_pages = ceil($num_days / ~~get_option('posts_per_page')~~);
	491	$max_num_pages = ceil($num_days / $posts_per);
490	492	}
491	493

trunk/wp-includes/query.php

r4096	r4112
552	552	$q['what_to_show'] = 'posts';
553	553	}
	554	$q['posts_per_page'] = (int) $q['posts_per_page'];
	555	if ( $q['posts_per_page'] < -1 )
	556	$q['posts_per_page'] = abs($q['posts_per_page']);
	557	else if ( $q['posts_per_page'] == 0 )
	558	$q['posts_per_page'] = 1;
554	559
555	560	if ( $this->is_home && (empty($this->query) \|\| $q['preview'] == 'true') && ( 'page' == get_option('show_on_front') ) && get_option('page_on_front') ) {

Navigation

Changeset 4112

Legend:

Download in other formats: