Changeset 4229

Timestamp:

09/25/06 02:09:08 (2 years ago)

Author:

ryan

Message:

Make those chars feel special.

Files:

• branches/2.0/wp-admin/admin-db.php (modified) (1 diff)
• branches/2.0/wp-admin/admin-functions.php (modified) (4 diffs)
• branches/2.0/wp-admin/edit-form-advanced.php (modified) (1 diff)
• branches/2.0/wp-admin/options-misc.php (modified) (1 diff)
• branches/2.0/wp-admin/options-permalink.php (modified) (2 diffs)
• branches/2.0/wp-admin/options.php (modified) (2 diffs)
• branches/2.0/wp-admin/profile.php (modified) (1 diff)
• branches/2.0/wp-admin/user-edit.php (modified) (1 diff)
• branches/2.0/wp-includes/default-filters.php (modified) (2 diffs)
• branches/2.0/wp-includes/functions.php (modified) (1 diff)

branches/2.0/wp-admin/admin-db.php

@@ -267 +267 @@
-
-    $update = false;
+
-    if ( !empty($link_id) )
-        $update = true;
-
+    if( trim( $link_name ) == '' )
+        return 0;
+    $link_name = apply_filters('pre_link_name', $link_name);
+
+    if( trim( $link_url ) == '' )
+        return 0;
+    $link_url = apply_filters('pre_link_url', $link_url);
+
-    if ( empty($link_rating) )
-        $link_rating = 0;   
+    else
+        $link_rating = (int) $link_rating;
+
+    if ( empty($link_image) )
+        $link_image = '';
+    $link_image = apply_filters('pre_link_image', $link_image);
-
-    if ( empty($link_target) )
-        $link_target = '';  
+    $link_target = apply_filters('pre_link_target', $link_target);
-
-    if ( empty($link_visible) )
-        $link_visible = 'Y';
-
+
+
-    if ( empty($link_owner) )
-        $link_owner = $current_user->id;
+    else
+        $link_owner = (int) $link_owner;
-
-    if ( empty($link_notes) )
-        $link_notes = '';
+    $link_notes = apply_filters('pre_link_notes', $link_notes);
+
+    if ( empty($link_description) )
+        $link_description = '';
+    $link_description = apply_filters('pre_link_description', $link_description);
+
+    if ( empty($link_rss) )
+        $link_rss = '';
+    $link_rss = apply_filters('pre_link_rss', $link_rss);
+
+    if ( empty($link_rel) )
+        $link_rel = '';
+    $link_rel = apply_filters('pre_link_rel', $link_rel);
+
+    // Make sure we set a valid category
+    if (0 == count($link_category) || !is_array($link_category)) {
+        $link_category = array(get_option('default_link_category'));
+    }
-
-    if ( $update ) {

branches/2.0/wp-admin/admin-functions.php

@@ -266 +266 @@
-    $post->post_title = apply_filters('title_edit_pre', $post->post_title);
-
+    $post->post_password = format_to_edit($post->post_password); 
+
-    if ($post->post_status == 'static')
-        $post->page_template = get_post_meta($id, '_wp_page_template', true);
@@ -332 +334 @@
-
-    return $category;
+}
+
+function get_user_to_edit($user_id) {
+    $user = new WP_User($user_id);
+    $user->user_login = wp_specialchars($user->user_login, 1);
+    $user->user_email = wp_specialchars($user->user_email, 1);
+    $user->user_url = wp_specialchars($user->user_url, 1);
+    $user->first_name = wp_specialchars($user->first_name, 1);
+    $user->last_name = wp_specialchars($user->last_name, 1);
+    $user->display_name = wp_specialchars($user->display_name, 1);
+    $user->nickname = wp_specialchars($user->nickname, 1);
+    $user->aim = wp_specialchars($user->aim, 1);
+    $user->yim = wp_specialchars($user->yim, 1);
+    $user->jabber = wp_specialchars($user->jabber, 1);
+    $user->description = wp_specialchars($user->description);
+
+    return $user;
-}
-
@@ -448 +467 @@
-function get_link_to_edit($link_id) {
-    $link = get_link($link_id);
-
+
-    $link->link_url = wp_specialchars($link->link_url, 1);
-    $link->link_name = wp_specialchars($link->link_name, 1);
-
+
+
-    $link->link_notes = wp_specialchars($link->link_notes);
-
-
+
+
+
+
-    return $link;
-}
@@ -877 +899 @@
-
-    foreach ($keys as $key) {
+        $key = wp_specialchars($key, 1);
-        echo "\n\t<option value='$key'>$key</option>";
-    }

branches/2.0/wp-admin/edit-form-advanced.php

@@ -40 +40 @@
-    $already_pinged = explode("\n", trim($post->pinged));
-    foreach ($already_pinged as $pinged_url) {
-$pinged_url
+" . wp_specialchars($pinged_url) . "
-    }
-    $pings .= '</ul>';

branches/2.0/wp-admin/options-misc.php

@@ -18 +18 @@
-<tr valign="top">
-<th scope="row"><?php _e('Store uploads in this folder'); ?>:</th>
-str_replace(ABSPATH, '', get_settings('upload_path')
+wp_specialchars(str_replace(ABSPATH, '', get_settings('upload_path')), 1
-<br />
-<?php _e('Default is <code>wp-content/uploads</code>'); ?>

branches/2.0/wp-admin/options-permalink.php

@@ -149 +149 @@
-<br />
-</p>
-$permalink_structure
+wp_specialchars($permalink_structure, 1)
-
-<h3><?php _e('Optional'); ?></h3>
@@ -158 +158 @@
-<?php endif; ?>
-    <p> 
-$category_base
+wp_specialchars($category_base, 1)
-     </p> 
-    <p class="submit"> 

branches/2.0/wp-admin/options.php

@@ -25 +25 @@
-    die ( __('Cheatin’ uh?') );
-
+function sanitize_option($option, $value) {
+
+    switch ($option) {
+        case 'admin_email':
+            $value = sanitize_email($value);
+            break;
+
+        case 'default_post_edit_rows':
+        case 'mailserver_port':
+        case 'comment_max_links':
+            $value = abs((int) $value);
+            break;
+
+        case 'posts_per_page':
+        case 'posts_per_rss':
+            $value = (int) $value;
+            if ( empty($value) ) $value = 1;
+            if ( $value < -1 ) $value = abs($value);
+            break;
+
+        case 'default_ping_status':
+        case 'default_comment_status':
+            // Options that if not there have 0 value but need to be something like "closed"
+            if ( $value == '0' || $value == '')
+                $value = 'closed';
+            break;
+
+        case 'blogdescription':
+        case 'blogname':
+            if (current_user_can('unfiltered_html') == false)
+                $value = wp_filter_post_kses( $value );
+            break;
+
+        case 'blog_charset':
+            $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
+            break;
+
+        case 'date_format':
+        case 'time_format':
+        case 'mailserver_url':
+        case 'mailserver_login':
+        case 'mailserver_pass':
+        case 'ping_sites':
+        case 'upload_path':
+            $value = strip_tags($value);
+            $value = wp_filter_kses($value);
+            break;
+
+        case 'gmt_offset':
+            $value = preg_replace('/[^0-9:.-]/', '', $value);
+            break;
+
+        case 'siteurl':
+        case 'home':
+            $value = clean_url($value);
+            break;
+    }
+
+    return $value;  
+}
+
-switch($action) {
-
@@ -44 +105 @@
-    $old_home = get_settings('home');
-
-    // HACK
-    // Options that if not there have 0 value but need to be something like "closed"
-    $nonbools = array('default_ping_status', 'default_comment_status');
-    if ($options) {
-        foreach ($options as $option) {
-            $option = trim($option);
-            $value = trim(stripslashes($_POST[$option]));
-
-
-
-
-
-
+
-            
-            if (update_option($option, $value) ) {

branches/2.0/wp-admin/profile.php

@@ -6 +6 @@
-$parent_file = 'profile.php';
-include_once('admin-header.php');
-new WP_User
+get_user_to_edit
-
-$bookmarklet_height= 440;

branches/2.0/wp-admin/user-edit.php

@@ -50 +50 @@
-include ('admin-header.php');
-
-new WP_User
+get_user_to_edit
-
-if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.');

branches/2.0/wp-includes/default-filters.php

@@ -58 +58 @@
-add_filter('pre_category_description', 'wp_filter_kses');
-
+//Links
+add_filter('pre_link_name', 'strip_tags');
+add_filter('pre_link_name', 'trim');
+add_filter('pre_link_name', 'wp_filter_kses');
+add_filter('pre_link_name', 'wp_specialchars', 30);
+add_filter('pre_link_description', 'wp_filter_kses');
+add_filter('pre_link_notes', 'wp_filter_kses');
+add_filter('pre_link_url', 'strip_tags');
+add_filter('pre_link_url', 'trim');
+add_filter('pre_link_url', 'clean_url');
+add_filter('pre_link_image', 'strip_tags');
+add_filter('pre_link_image', 'trim');
+add_filter('pre_link_image', 'clean_url');
+add_filter('pre_link_rss', 'strip_tags');
+add_filter('pre_link_rss', 'trim');
+add_filter('pre_link_rss', 'clean_url');
+add_filter('pre_link_target', 'strip_tags');
+add_filter('pre_link_target', 'trim');
+add_filter('pre_link_target', 'wp_filter_kses');
+add_filter('pre_link_target', 'wp_specialchars', 30);
+add_filter('pre_link_rel', 'strip_tags');
+add_filter('pre_link_rel', 'trim');
+add_filter('pre_link_rel', 'wp_filter_kses');
+add_filter('pre_link_rel', 'wp_specialchars', 30);
+
-// Users
-add_filter('pre_user_display_name', 'strip_tags');
@@ -116 +141 @@
-add_filter('the_author', 'ent2ncr', 8);
-
+<<<<<<< .working
+=======
+// Misc filters
+add_filter('option_ping_sites', 'privacy_ping_filter');
+add_filter('option_blog_charset', 'wp_specialchars');
+
+>>>>>>> .merge-right.r4112
-// Actions
-add_action('publish_post', 'generic_ping');

branches/2.0/wp-includes/functions.php

@@ -322 +322 @@
-
-function form_option($option) {
-htmlspecialchars( get_option($option), ENT_QUOTES
+wp_specialchars( get_option($option), 1
-}
-