Changeset 5121
- Timestamp:
- 03/27/07 23:47:02 (1 year ago)
- Files:
-
- branches/2.0/wp-admin/admin-functions.php (modified) (7 diffs)
- branches/2.0/wp-includes/functions.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/2.0/wp-admin/admin-functions.php
r5070 r5121 290 290 $text = wp_specialchars(stripslashes(urldecode($_REQUEST['text']))); 291 291 $text = funky_javascript_fix($text); 292 $popupurl = attribute_escape(stripslashes($_REQUEST['popupurl']));292 $popupurl = clean_url(stripslashes($_REQUEST['popupurl'])); 293 293 $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; 294 294 } … … 340 340 $user->user_login = attribute_escape($user->user_login); 341 341 $user->user_email = attribute_escape($user->user_email); 342 $user->user_url = attribute_escape($user->user_url);342 $user->user_url = clean_url($user->user_url); 343 343 $user->first_name = attribute_escape($user->first_name); 344 344 $user->last_name = attribute_escape($user->last_name); … … 364 364 if ($user_id != 0) { 365 365 $update = true; 366 $user->ID = $user_id;366 $user->ID = (int) $user_id; 367 367 $userdata = get_userdata($user_id); 368 368 $user->user_login = $wpdb->escape($userdata->user_login); … … 389 389 $user->user_email = wp_specialchars(trim($_POST['email'])); 390 390 if (isset ($_POST['url'])) { 391 $user->user_url = wp_specialchars(trim($_POST['url']));391 $user->user_url = clean_url(trim($_POST['url'])); 392 392 $user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 393 393 } … … 867 867 <td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td> 868 868 <td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td> 869 <td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='". __('Update')."' /><br />870 <input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='". __('Delete')."' /></td>869 <td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".attribute_escape(__('Update'))."' /><br /> 870 <input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='".attribute_escape(__('Delete'))."' /></td> 871 871 </tr> 872 872 "; … … 932 932 function add_meta($post_ID) { 933 933 global $wpdb; 934 $post_ID = (int) $post_ID; 934 935 935 936 $metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect']))); … … 958 959 function delete_meta($mid) { 959 960 global $wpdb; 961 $mid = (int) $mid; 960 962 961 963 $result = $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'"); branches/2.0/wp-includes/functions.php
r5100 r5121 771 771 $_category = $category; 772 772 } else { 773 $category = (int) $category; 773 774 if ( ! $_category = wp_cache_get($category, 'category') ) { 774 775 $_category = $wpdb->get_row("SELECT * FROM $wpdb->categories WHERE cat_ID = '$category' LIMIT 1"); … … 808 809 $_comment = & $comment_cache[$comment->comment_ID]; 809 810 } else { 811 $comment = (int) $comment; 810 812 if ( !isset($comment_cache[$comment]) ) { 811 813 $_comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment' LIMIT 1");
