Changeset 5906
- Timestamp:
- 08/20/07 22:50:04 (1 year ago)
- Files:
-
- trunk/wp-admin/includes/bookmark.php (modified) (2 diffs)
- trunk/wp-admin/link-manager.php (modified) (3 diffs)
- trunk/wp-includes/bookmark.php (modified) (4 diffs)
- trunk/wp-includes/default-filters.php (modified) (5 diffs)
- trunk/wp-includes/post.php (modified) (1 diff)
- trunk/wp-includes/taxonomy.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/wp-admin/includes/bookmark.php
r5726 r5906 61 61 62 62 function get_link_to_edit( $link_id ) { 63 $link = get_link( $link_id ); 64 65 $link->link_url = clean_url($link->link_url); 66 $link->link_name = attribute_escape($link->link_name); 67 $link->link_image = attribute_escape($link->link_image); 68 $link->link_description = attribute_escape($link->link_description); 69 $link->link_rss = clean_url($link->link_rss); 70 $link->link_rel = attribute_escape($link->link_rel); 71 $link->link_notes = wp_specialchars($link->link_notes); 72 $link->post_category = $link->link_category; 73 74 return $link; 63 return get_link( $link_id, OBJECT, 'edit' ); 75 64 } 76 65 77 66 function wp_insert_link($linkdata) { 78 67 global $wpdb, $current_user; 68 69 $defaults = array('link_id' => 0, 'link_name' => '', 'link_url' => '', 'link_rating' => 0 ); 70 71 $linkdata = wp_parse_args($linkdata, $defaults); 72 $linkdata = sanitize_bookmark($linkdata, 'db'); 79 73 80 74 extract($linkdata, EXTR_SKIP); … … 85 79 $update = true; 86 80 87 $link_id = (int) $link_id; 81 if ( trim( $link_name ) == '' ) 82 return 0; 88 83 89 if ( trim( $link_name) == '' )84 if ( trim( $link_url ) == '' ) 90 85 return 0; 91 $link_name = apply_filters('pre_link_name', $link_name);92 93 if( trim( $link_url ) == '' )94 return 0;95 $link_url = apply_filters('pre_link_url', $link_url);96 86 97 87 if ( empty($link_rating) ) 98 88 $link_rating = 0; 99 else100 $link_rating = (int) $link_rating;101 89 102 90 if ( empty($link_image) ) 103 91 $link_image = ''; 104 $link_image = apply_filters('pre_link_image', $link_image);105 92 106 93 if ( empty($link_target) ) 107 94 $link_target = ''; 108 $link_target = apply_filters('pre_link_target', $link_target);109 95 110 96 if ( empty($link_visible) ) 111 97 $link_visible = 'Y'; 112 $link_visibile = preg_replace('/[^YNyn]/', '', $link_visible);113 98 114 99 if ( empty($link_owner) ) 115 100 $link_owner = $current_user->id; 116 else117 $link_owner = (int) $link_owner;118 101 119 102 if ( empty($link_notes) ) 120 103 $link_notes = ''; 121 $link_notes = apply_filters('pre_link_notes', $link_notes);122 104 123 105 if ( empty($link_description) ) 124 106 $link_description = ''; 125 $link_description = apply_filters('pre_link_description', $link_description);126 107 127 108 if ( empty($link_rss) ) 128 109 $link_rss = ''; 129 $link_rss = apply_filters('pre_link_rss', $link_rss);130 110 131 111 if ( empty($link_rel) ) 132 112 $link_rel = ''; 133 $link_rel = apply_filters('pre_link_rel', $link_rel);134 113 135 114 // Make sure we set a valid category trunk/wp-admin/link-manager.php
r5676 r5906 81 81 $select_cat .= '<option value="all"' . (($cat_id == 'all') ? " selected='selected'" : '') . '>' . __('All') . "</option>\n"; 82 82 foreach ((array) $categories as $cat) 83 $select_cat .= '<option value="' . $cat->term_id . '"' . (($cat->term_id == $cat_id) ? " selected='selected'" : '') . '>' . wp_specialchars(apply_filters('link_category', $cat->name)) . "</option>\n";83 $select_cat .= '<option value="' . $cat->term_id . '"' . (($cat->term_id == $cat_id) ? " selected='selected'" : '') . '>' . sanitize_term_field('name', $cat->name, $cat->term_id, 'link_category', 'display') . "</option>\n"; 84 84 $select_cat .= "</select>\n"; 85 85 … … 132 132 <?php 133 133 foreach ($links as $link) { 134 $link->link_name = attribute_escape(apply_filters('link_title', $link->link_name)); 135 $link->link_description = wp_specialchars(apply_filters('link_description', $link->link_description)); 136 $link->link_url = clean_url($link->link_url); 134 $link = sanitize_bookmark($link); 135 $link->link_name = attribute_escape($link->link_name); 137 136 $link->link_category = wp_get_link_cats($link->link_id); 138 137 $short_url = str_replace('http://', '', $link->link_url); … … 160 159 $cat_names = array(); 161 160 foreach ($link->link_category as $category) { 162 $cat = get_term($category, 'link_category' );163 $cat_name = wp_specialchars(apply_filters('link_category', $cat->name));161 $cat = get_term($category, 'link_category', OBJECT, 'display'); 162 $cat_name = $cat->name; 164 163 if ( $cat_id != $category ) 165 164 $cat_name = "<a href='link-manager.php?cat_id=$category'>$cat_name</a>"; trunk/wp-includes/bookmark.php
r5897 r5906 1 1 <?php 2 2 3 function get_bookmark($bookmark_id, $output = OBJECT ) {3 function get_bookmark($bookmark_id, $output = OBJECT, $filter = 'raw') { 4 4 global $wpdb; 5 5 … … 8 8 $link->link_category = wp_get_link_cats($bookmark_id); 9 9 10 $link = sanitize_bookmark($link, $filter); 11 10 12 if ( $output == OBJECT ) { 11 13 return $link; … … 17 19 return $link; 18 20 } 21 } 22 23 function get_bookmark_field( $field, $bookmark, $context = 'display' ) { 24 $bookmark = (int) $bookmark; 25 $bookmark = get_bookmark( $bookmark ); 26 27 if ( is_wp_error($bookmark) ) 28 return $bookmark; 29 30 if ( !is_object($bookmark) ) 31 return ''; 32 33 if ( !isset($bookmark->$field) ) 34 return ''; 35 36 return sanitize_bookmark_field($field, $bookmark->$field, $bookmark->link_id, $context); 19 37 } 20 38 … … 143 161 } 144 162 163 function sanitize_bookmark($bookmark, $context = 'display') { 164 $fields = array('link_id', 'link_url', 'link_name', 'link_image', 'link_target', 'link_category', 165 'link_description', 'link_visible', 'link_owner', 'link_rating', 'link_updated', 166 'link_rel', 'link_notes', 'link_rss', ); 167 168 $do_object = false; 169 if ( is_object($bookmark) ) 170 $do_object = true; 171 172 foreach ( $fields as $field ) { 173 if ( $do_object ) 174 $bookmark->$field = sanitize_bookmark_field($field, $bookmark->$field, $bookmark->link_id, $context); 175 else 176 $bookmark[$field] = sanitize_bookmark_field($field, $bookmark[$field], $bookmark['link_id'], $context); 177 } 178 179 return $bookmark; 180 } 181 182 function sanitize_bookmark_field($field, $value, $bookmark_id, $context) { 183 $int_fields = array('link_id', 'link_rating'); 184 if ( in_array($field, $int_fields) ) 185 $value = (int) $value; 186 187 $yesno = array('link_visible'); 188 if ( in_array($field, $yesno) ) 189 $value = preg_replace('/[^YNyn]/', '', $value); 190 191 if ( 'link_target' == $field ) { 192 $targets = array('_top', '_blank'); 193 if ( ! in_array($value, $targets) ) 194 $value = ''; 195 } 196 197 if ( 'raw' == $context ) 198 return $value; 199 200 if ( 'edit' == $context ) { 201 $format_to_edit = array('link_notes'); 202 $value = apply_filters("edit_$field", $value, $bookmark_id); 203 204 if ( in_array($field, $format_to_edit) ) { 205 $value = format_to_edit($value); 206 } else { 207 $value = attribute_escape($value); 208 } 209 } else if ( 'db' == $context ) { 210 $value = apply_filters("pre_$field", $value); 211 } else { 212 // Use display filters by default. 213 $value = apply_filters($field, $value, $bookmark_id, $context); 214 } 215 216 if ( 'attribute' == $context ) 217 $value = attribute_escape($value); 218 else if ( 'js' == $context ) 219 $value = js_escape($value); 220 221 return $value; 222 } 223 145 224 function delete_get_bookmark_cache() { 146 225 wp_cache_delete( 'get_bookmarks', 'bookmark' ); trunk/wp-includes/default-filters.php
r5797 r5906 1 1 <?php 2 2 3 // Some default filters 4 add_filter('bloginfo','wp_specialchars'); 5 add_filter('term_description', 'wptexturize'); 6 add_filter('category_description', 'wptexturize'); 7 add_filter('list_cats', 'wptexturize'); 8 add_filter('comment_author', 'wptexturize'); 9 add_filter('comment_text', 'wptexturize'); 10 add_filter('single_post_title', 'wptexturize'); 11 add_filter('the_title', 'wptexturize'); 12 add_filter('the_content', 'wptexturize'); 13 add_filter('the_excerpt', 'wptexturize'); 14 add_filter('bloginfo', 'wptexturize'); 15 add_filter('pre_kses', 'wp_pre_kses_less_than'); 3 // Strip, trim, kses, special chars for string saves 4 $filters = array('pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 5 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 6 'pre_user_nickname'); 7 foreach ( $filters as $filter ) { 8 add_filter($filter, 'strip_tags'); 9 add_filter($filter, 'trim'); 10 add_filter($filter, 'wp_filter_kses'); 11 add_filter($filter, 'wp_specialchars', 30); 12 } 16 13 17 // Comments, trackbacks, pingbacks 18 add_filter('pre_comment_author_name', 'strip_tags'); 19 add_filter('pre_comment_author_name', 'trim'); 20 add_filter('pre_comment_author_name', 'wp_specialchars', 30); 14 // Kses only for textarea saves 15 $filters = array('pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description'); 16 foreach ( $filters as $filter ) { 17 add_filter($filter, 'wp_filter_kses'); 18 } 21 19 22 add_filter('pre_comment_author_email', 'trim'); 23 add_filter('pre_comment_author_email', 'sanitize_email'); 20 // Email 21 $filters = array('pre_comment_author_email', 'pre_user_email'); 22 foreach ( $filters as $filter ) { 23 add_filter($filter, 'trim'); 24 add_filter($filter, 'sanitize_email'); 25 add_filter($filter, 'wp_filter_kses'); 26 } 24 27 25 add_filter('pre_comment_author_url', 'strip_tags'); 26 add_filter('pre_comment_author_url', 'trim'); 27 add_filter('pre_comment_author_url', 'clean_url'); 28 29 add_filter('pre_comment_content', 'wp_rel_nofollow', 15); 30 add_filter('pre_comment_content', 'balanceTags', 30); 31 32 add_filter('pre_comment_author_name', 'wp_filter_kses'); 33 add_filter('pre_comment_author_email', 'wp_filter_kses'); 34 add_filter('pre_comment_author_url', 'wp_filter_kses'); 35 36 add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce'); 37 38 // Default filters for these functions 39 add_filter('comment_author', 'wptexturize'); 40 add_filter('comment_author', 'convert_chars'); 41 add_filter('comment_author', 'wp_specialchars'); 42 43 add_filter('comment_email', 'antispambot'); 44 45 add_filter('comment_flood_filter', 'wp_throttle_comment_flood', 10, 3); 46 47 add_filter('comment_url', 'clean_url'); 48 49 add_filter('comment_text', 'convert_chars'); 50 add_filter('comment_text', 'make_clickable', 9); 51 add_filter('comment_text', 'force_balance_tags', 25); 52 add_filter('comment_text', 'wpautop', 30); 53 add_filter('comment_text', 'convert_smilies', 20); 54 55 add_filter('comment_excerpt', 'convert_chars'); 56 57 // Terms 58 add_filter('pre_term_name', 'strip_tags'); 59 add_filter('pre_term_name', 'trim'); 60 add_filter('pre_term_name', 'wp_filter_kses'); 61 add_filter('pre_term_name', 'wp_specialchars', 30); 62 add_filter('pre_term_description', 'wp_filter_kses'); 63 64 // Categories 65 add_filter('pre_category_name', 'strip_tags'); 66 add_filter('pre_category_name', 'trim'); 67 add_filter('pre_category_name', 'wp_filter_kses'); 68 add_filter('pre_category_name', 'wp_specialchars', 30); 69 add_filter('pre_category_description', 'wp_filter_kses'); 70 71 //Links 72 add_filter('pre_link_name', 'strip_tags'); 73 add_filter('pre_link_name', 'trim'); 74 add_filter('pre_link_name', 'wp_filter_kses'); 75 add_filter('pre_link_name', 'wp_specialchars', 30); 76 add_filter('pre_link_description', 'wp_filter_kses'); 77 add_filter('pre_link_notes', 'wp_filter_kses'); 78 add_filter('pre_link_url', 'strip_tags'); 79 add_filter('pre_link_url', 'trim'); 80 add_filter('pre_link_url', 'clean_url'); 81 add_filter('pre_link_image', 'strip_tags'); 82 add_filter('pre_link_image', 'trim'); 83 add_filter('pre_link_image', 'clean_url'); 84 add_filter('pre_link_rss', 'strip_tags'); 85 add_filter('pre_link_rss', 'trim'); 86 add_filter('pre_link_rss', 'clean_url'); 87 add_filter('pre_link_target', 'strip_tags'); 88 add_filter('pre_link_target', 'trim'); 89 add_filter('pre_link_target', 'wp_filter_kses'); 90 add_filter('pre_link_target', 'wp_specialchars', 30); 91 add_filter('pre_link_rel', 'strip_tags'); 92 add_filter('pre_link_rel', 'trim'); 93 add_filter('pre_link_rel', 'wp_filter_kses'); 94 add_filter('pre_link_rel', 'wp_specialchars', 30); 95 96 // Users 97 add_filter('pre_user_display_name', 'strip_tags'); 98 add_filter('pre_user_display_name', 'trim'); 99 add_filter('pre_user_display_name', 'wp_filter_kses'); 100 add_filter('pre_user_display_name', 'wp_specialchars', 30); 101 add_filter('pre_user_first_name', 'strip_tags'); 102 add_filter('pre_user_first_name', 'trim'); 103 add_filter('pre_user_first_name', 'wp_filter_kses'); 104 add_filter('pre_user_first_name', 'wp_specialchars', 30); 105 add_filter('pre_user_last_name', 'strip_tags'); 106 add_filter('pre_user_last_name', 'trim'); 107 add_filter('pre_user_last_name', 'wp_filter_kses'); 108 add_filter('pre_user_last_name', 'wp_specialchars', 30); 109 add_filter('pre_user_nickname', 'strip_tags'); 110 add_filter('pre_user_nickname', 'trim'); 111 add_filter('pre_user_nickname', 'wp_filter_kses'); 112 add_filter('pre_user_nickname', 'wp_specialchars', 30); 113 add_filter('pre_user_description', 'trim'); 114 add_filter('pre_user_description', 'wp_filter_kses'); 115 add_filter('pre_user_url', 'strip_tags'); 116 add_filter('pre_user_url', 'trim'); 117 add_filter('pre_user_url', 'clean_url'); 118 add_filter('pre_user_email', 'trim'); 119 add_filter('pre_user_email', 'sanitize_email'); 28 // URL 29 $filters = array('pre_comment_author_url', 'pre_user_url', 'pre_link_url', 'pre_link_image', 30 'pre_link_rss', 'comment_url'); 31 foreach ( $filters as $filter ) { 32 add_filter($filter, 'strip_tags'); 33 add_filter($filter, 'trim'); 34 add_filter($filter, 'clean_url'); 35 add_filter($filter, 'wp_filter_kses'); 36 } 120 37 121 38 // Places to balance tags on input 122 add_filter('content_save_pre', 'balanceTags', 50); 123 add_filter('excerpt_save_pre', 'balanceTags', 50); 124 add_filter('comment_save_pre', 'balanceTags', 50); 39 $filters = array('content_save_pre', 'excerpt_save_pre', 'comment_save_pre', 'pre_comment_content'); 40 foreach ( $filters as $filter ) { 41 add_filter( $filter, 'balanceTags', 50); 42 } 125 43 126 // Misc. title, content, and excerpt filters 44 // Format strings for display. 45 $filters = array('comment_author', 'term_name', 'term_description', 'link_name', 'link_description', 46 'link_notes', 'bloginfo'); 47 foreach ( $filters as $filter ) { 48 add_filter($filter, 'wptexturize'); 49 add_filter($filter, 'convert_chars'); 50 add_filter($filter, 'wp_specialchars'); 51 } 52 53 // Display filters 54 add_filter('the_title', 'wptexturize'); 127 55 add_filter('the_title', 'convert_chars'); 128 56 add_filter('the_title', 'trim'); 129 57 58 add_filter('the_content', 'wptexturize'); 130 59 add_filter('the_content', 'convert_smilies'); 131 60 add_filter('the_content', 'convert_chars'); 132 61 add_filter('the_content', 'wpautop'); 133 62 63 add_filter('the_excerpt', 'wptexturize'); 134 64 add_filter('the_excerpt', 'convert_smilies'); 135 65 add_filter('the_excerpt', 'convert_chars'); … … 137 67 add_filter('get_the_excerpt', 'wp_trim_excerpt'); 138 68 139 add_filter('sanitize_title', 'sanitize_title_with_dashes'); 69 add_filter('comment_text', 'wptexturize'); 70 add_filter('comment_text', 'convert_chars'); 71 add_filter('comment_text', 'make_clickable', 9); 72 add_filter('comment_text', 'force_balance_tags', 25); 73 add_filter('comment_text', 'convert_smilies', 20); 74 add_filter('comment_text', 'wpautop', 30); 75 76 add_filter('comment_excerpt', 'convert_chars'); 77 78 add_filter('list_cats', 'wptexturize'); 79 add_filter('single_post_title', 'wptexturize'); 140 80 141 81 // RSS filters … … 147 87 add_filter('the_excerpt_rss', 'ent2ncr', 8); 148 88 add_filter('comment_author_rss', 'ent2ncr', 8); 89 add_filter('comment_text_rss', 'ent2ncr', 8); 149 90 add_filter('comment_text_rss', 'wp_specialchars'); 150 add_filter('comment_text_rss', 'ent2ncr', 8);151 91 add_filter('bloginfo_rss', 'ent2ncr', 8); 152 92 add_filter('the_author', 'ent2ncr', 8); … … 159 99 add_filter('mce_plugins', '_mce_load_rtl_plugin'); 160 100 add_filter('mce_buttons', '_mce_add_direction_buttons'); 161 162 // Redirect Old Slugs 163 add_ action('template_redirect', 'wp_old_slug_redirect');164 add_ action('edit_post', 'wp_check_for_changed_slugs');165 add_ action('edit_form_advanced', 'wp_remember_old_slug');101 add_filter('pre_kses', 'wp_pre_kses_less_than'); 102 add_filter('sanitize_title', 'sanitize_title_with_dashes'); 103 add_filter('comment_flood_filter', 'wp_throttle_comment_flood', 10, 3); 104 add_filter('pre_comment_content', 'wp_rel_nofollow', 15); 105 add_filter('comment_email', 'antispambot'); 166 106 167 107 // Actions … … 190 130 add_action('save_post', '_save_post_hook', 5, 2); 191 131 add_action('transition_post_status', '_transition_post_status', 5, 3); 132 add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce'); 133 // Redirect Old Slugs 134 add_action('template_redirect', 'wp_old_slug_redirect'); 135 add_action('edit_post', 'wp_check_for_changed_slugs'); 136 add_action('edit_form_advanced', 'wp_remember_old_slug'); 192 137 193 138 ?> trunk/wp-includes/post.php
r5855 r5906 478 478 } else { 479 479 // Use display filters by default. 480 $value = apply_filters("post_$field", $value, $post_id, $context); 480 if ( $prefixed ) 481 $value = apply_filters($field, $value, $post_id, $context); 482 else 483 $value = apply_filters("post_$field", $value, $post_id, $context); 481 484 } 482 485 trunk/wp-includes/taxonomy.php
r5896 r5906 230 230 * might be inaccurate or wrong. 231 231 */ 232 function &get_term(&$term, $taxonomy, $output = OBJECT ) {232 function &get_term(&$term, $taxonomy, $output = OBJECT, $filter = 'raw') { 233 233 global $wpdb; 234 234 … … 252 252 $_term = apply_filters('get_term', $_term, $taxonomy); 253 253 $_term = apply_filters("get_$taxonomy", $_term, $taxonomy); 254 $_term = sanitize_term($_term, $taxonomy, $filter); 254 255 255 256 if ( $output == OBJECT ) { … … 560 561 561 562 function sanitize_term($term, $taxonomy, $context = 'display') { 562 $fields = array('term_id', 'name', 'description', 'slug', 'count', ' term_group');563 $fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group'); 563 564 564 565 $do_object = false;
