Changeset 6184

Show
Ignore:
Timestamp:
10/03/07 16:26:16 (1 year ago)
Author:
ryan
Message:

Add page sanitization. Props xknown. fixes #5135 for 2.3

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/2.3/wp-admin/includes/template.php

    r6089 r6184  
    494494                $current = ''; 
    495495 
    496             echo "\n\t<option value='$item->ID'$current>$pad $item->post_title</option>"; 
     496            echo "\n\t<option value='$item->ID'$current>$pad " . wp_specialchars($item->post_title) . "</option>"; 
    497497            parent_dropdown( $default, $item->ID, $level +1 ); 
    498498        } 

  • branches/2.3/wp-includes/post.php

    r6155 r6184  
    103103    } elseif ( is_object($post) ) { 
    104104        if ( 'page' == $post->post_type ) 
    105             return get_page($post, $output); 
     105            return get_page($post, $output, $filter); 
    106106        if ( !isset($post_cache[$blog_id][$post->ID]) ) 
    107107            $post_cache[$blog_id][$post->ID] = &$post; 
     
    112112            $_post = & $post_cache[$blog_id][$post]; 
    113113        elseif ( $_post = wp_cache_get($post, 'pages') ) 
    114             return get_page($_post, $output); 
     114            return get_page($_post, $output, $filter); 
    115115        else { 
    116116            $query = "SELECT * FROM $wpdb->posts WHERE ID = '$post' LIMIT 1"; 
    117117            $_post = & $wpdb->get_row($query); 
    118118            if ( 'page' == $_post->post_type ) 
    119                 return get_page($_post, $output); 
     119                return get_page($_post, $output, $filter); 
    120120            $post_cache[$blog_id][$post] = & $_post; 
    121121        } 
     
    973973// Retrieves page data given a page ID or page object. 
    974974// Handles page caching. 
    975 function &get_page(&$page, $output = OBJECT) { 
     975function &get_page(&$page, $output = OBJECT, $filter = 'raw') { 
    976976    global $wpdb, $blog_id; 
    977977 
     
    986986    } elseif ( is_object($page) ) { 
    987987        if ( 'post' == $page->post_type ) 
    988             return get_post($page, $output); 
     988            return get_post($page, $output, $filter); 
    989989        wp_cache_add($page->ID, $page, 'pages'); 
    990990        $_page = $page; 
     
    999999                wp_cache_add($_page->ID, $_page, 'pages'); 
    10001000            } elseif ( isset($GLOBALS['post_cache'][$blog_id][$page]) ) { // it's actually a page, and is cached 
    1001                 return get_post($page, $output); 
     1001                return get_post($page, $output, $filter); 
    10021002            } else { // it's not in any caches, so off to the DB we go 
    10031003                // Why are we using assignment for this query? 
    10041004                $_page = & $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID= '$page' LIMIT 1"); 
    10051005                if ( 'post' == $_page->post_type ) 
    1006                     return get_post($_page, $output); 
     1006                    return get_post($_page, $output, $filter); 
    10071007                // Potential issue: we're not checking to see if the post_type = 'page' 
    10081008                // So all non-'post' posts will get cached as pages. 
     
    10111011        } 
    10121012    } 
     1013 
     1014    $_page = sanitize_post($_page, $filter); 
    10131015 
    10141016    // at this point, one way or another, $_post contains the page object