Changes in branches/2.2 [5649:58137]
- Location:
- branches/2.2
- Files:
-
- 46 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.2/wp-admin/admin-ajax.php
r5649 r58137 287 287 } 288 288 } 289 die( $_POST['post_type']);289 die('0'); 290 290 break; 291 291 default : -
branches/2.2/wp-admin/admin-db.php
r5649 r58137 83 83 global $wpdb; 84 84 85 extract($catarr );85 extract($catarr, EXTR_SKIP); 86 86 87 87 if( trim( $cat_name ) == '' ) … … 298 298 global $wpdb, $current_user; 299 299 300 extract($linkdata );300 extract($linkdata, EXTR_SKIP); 301 301 302 302 $update = false; … … 420 420 421 421 $wpdb->query("DELETE FROM $wpdb->link2cat WHERE link_id = '$link_id'"); 422 return$wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");422 $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'"); 423 423 424 424 do_action('deleted_link', $link_id); 425 426 return true; 425 427 } 426 428 -
branches/2.2/wp-admin/admin-functions.php
r5649 r58137 106 106 $_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] ); 107 107 } 108 109 unset($_POST['no_filter']); 108 110 109 111 // Create the post. … … 284 286 } 285 287 288 unset($_POST['no_filter']); 289 286 290 add_meta( $post_ID ); 287 291 … … 403 407 $comment->comment_post_ID = (int) $comment->comment_post_ID; 404 408 405 $comment->comment_content = apply_filters( 'comment_text', $comment->comment_content );406 409 $comment->comment_content = format_to_edit( $comment->comment_content ); 407 410 $comment->comment_content = apply_filters( 'comment_edit_pre', $comment->comment_content); … … 903 906 global $wpdb; 904 907 905 $start = (int) $start;908 $start = abs( (int) $start ); 906 909 $num = (int) $num; 907 910 … … 946 949 if ( current_user_can('edit_post', $comment->comment_post_ID) ) { 947 950 echo " <a href='comment.php?action=editcomment&c=".$comment->comment_ID."'>" . __('Edit') . '</a>'; 948 echo ' | <a href="' . wp_nonce_url(' ocomment.php?action=deletecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';951 echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> '; 949 952 if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { 950 953 echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>'; … … 1111 1114 $post_ID = (int) $post_ID; 1112 1115 1116 $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); 1117 1113 1118 $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) ); 1114 1119 $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) ); … … 1125 1130 if ( $metakeyinput) 1126 1131 $metakey = $metakeyinput; // default 1132 1133 if ( in_array($metakey, $protected) ) 1134 return false; 1127 1135 1128 1136 $result = $wpdb->query( " … … 1145 1153 function update_meta( $mid, $mkey, $mvalue ) { 1146 1154 global $wpdb; 1155 1156 $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); 1157 1158 if ( in_array($mkey, $protected) ) 1159 return false; 1160 1147 1161 $mvalue = maybe_serialize( stripslashes( $mvalue )); 1148 1162 $mvalue = $wpdb->escape( $mvalue ); -
branches/2.2/wp-admin/edit-comments.php
r5649 r58137 77 77 78 78 if ( isset( $_GET['apage'] ) ) 79 $page = (int) $_GET['apage'];79 $page = abs( (int) $_GET['apage'] ); 80 80 else 81 81 $page = 1; -
branches/2.2/wp-admin/export.php
r5649 r58137 148 148 --> 149 149 150 <!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H: m'); ?>"-->150 <!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H:i'); ?>"--> 151 151 <rss version="2.0" 152 152 xmlns:content="http://purl.org/rss/1.0/modules/content/" -
branches/2.2/wp-admin/import/wordpress.php
r5649 r58137 38 38 global $wpdb; 39 39 preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return); 40 $return = $wpdb->escape( trim( $return[1] ) ); 40 $return = preg_replace('|^<!\[CDATA\[(.*)\]\]>$|s', '$1', $return[1]); 41 $return = $wpdb->escape( trim( $return ) ); 41 42 return $return; 42 43 } … … 216 217 217 218 while ( $c = array_shift($this->categories) ) { 218 $cat_name = trim( str_replace(array ('<![CDATA[', ']]>'), '', $this->get_tag( $c, 'wp:cat_name' )));219 $cat_name = trim($this->get_tag( $c, 'wp:cat_name' )); 219 220 220 221 // If the category exists we leave it alone … … 275 276 276 277 $post_content = $this->get_tag( $post, 'content:encoded' ); 277 $post_content = str_replace(array ('<![CDATA[', ']]>'), '', $post_content);278 278 $post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content); 279 279 $post_content = str_replace('<br>', '<br />', $post_content); -
branches/2.2/wp-admin/install-rtl.css
r5649 r58137 1 body { font -family:Tahoma, Georgia, "Times New Roman", Times, serif; }1 body { font: 13px Tahoma, Georgia, "Times New Roman", Times, serif; } 2 2 3 3 ul, ol { padding: 5px 20px 5px 5px; } 4 4 5 .step, th { text-align: left; } 5 h1, h2, h3 { font-family: "Times New Roman", Times, serif; font-weight: 700 } 6 7 .step, th { text-align: left } 8 9 input { font-family: "Times New Roman", Times, serif; padding: 1px } 10 11 #logo { background: url(../wp-content/plugins/WP-Jalali/wp-fa-logo.png) center right no-repeat; text-align: left; } 12 13 #admin_email {direction: ltr; text-align: left; } 14 15 #footer { font-style: normal; } -
branches/2.2/wp-admin/install.php
r5649 r58137 83 83 <?php 84 84 $result = wp_install($weblog_title, 'admin', $admin_email, $public); 85 extract($result );85 extract($result, EXTR_SKIP); 86 86 ?> 87 87 -
branches/2.2/wp-admin/link-import.php
r5649 r58137 74 74 <h2><?php _e('Importing...') ?></h2> 75 75 <?php 76 $cat_id = $_POST['cat_id'];77 if ( $cat_id == '' || $cat_id == 0)76 $cat_id = abs( (int) $_POST['cat_id'] ); 77 if ( $cat_id < 1 ) 78 78 $cat_id = 1; 79 79 -
branches/2.2/wp-admin/options.php
r5649 r58137 10 10 if ( !current_user_can('manage_options') ) 11 11 wp_die(__('Cheatin’ uh?')); 12 13 function sanitize_option($option, $value) { // Remember to call stripslashes!14 15 switch ($option) {16 case 'admin_email':17 $value = stripslashes($value);18 $value = sanitize_email($value);19 break;20 21 case 'default_post_edit_rows':22 case 'mailserver_port':23 case 'comment_max_links':24 $value = stripslashes($value);25 $value = abs((int) $value);26 break;27 28 case 'posts_per_page':29 case 'posts_per_rss':30 $value = stripslashes($value);31 $value = (int) $value;32 if ( empty($value) ) $value = 1;33 if ( $value < -1 ) $value = abs($value);34 break;35 36 case 'default_ping_status':37 case 'default_comment_status':38 $value = stripslashes($value);39 // Options that if not there have 0 value but need to be something like "closed"40 if ( $value == '0' || $value == '')41 $value = 'closed';42 break;43 44 case 'blogdescription':45 case 'blogname':46 if (current_user_can('unfiltered_html') == false)47 $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes48 $value = stripslashes($value);49 break;50 51 case 'blog_charset':52 $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes53 break;54 55 case 'date_format':56 case 'time_format':57 case 'mailserver_url':58 case 'mailserver_login':59 case 'mailserver_pass':60 case 'ping_sites':61 case 'upload_path':62 $value = strip_tags($value);63 $value = wp_filter_kses($value); // calls stripslashes then addslashes64 $value = stripslashes($value);65 break;66 67 case 'gmt_offset':68 $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes69 break;70 71 case 'siteurl':72 case 'home':73 $value = stripslashes($value);74 $value = clean_url($value);75 break;76 default :77 $value = stripslashes($value);78 break;79 }80 81 return $value;82 }83 12 84 13 switch($action) { … … 101 30 foreach ($options as $option) { 102 31 $option = trim($option); 103 $value = trim($_POST[$option]); 104 $value = sanitize_option($option, $value); // This does stripslashes on those that need it 32 $value = $_POST[$option]; 33 if(!is_array($value)) $value = trim($value); 34 $value = stripslashes_deep($value); 105 35 update_option($option, $value); 106 36 } … … 128 58 foreach ( (array) $options as $option) : 129 59 $disabled = ''; 60 $option->option_name = attribute_escape($option->option_name); 130 61 if ( is_serialized($option->option_value) ) { 131 62 if ( is_serialized_string($option->option_value) ) { 132 63 // this is a serialized string, so we should display it 133 $value = wp_specialchars(maybe_unserialize($option->option_value), 'single');64 $value = maybe_unserialize($option->option_value); 134 65 $options_to_update[] = $option->option_name; 135 66 $class = 'all-options'; … … 140 71 } 141 72 } else { 142 $value = wp_specialchars($option->option_value, 'single');73 $value = $option->option_value; 143 74 $options_to_update[] = $option->option_name; 144 75 $class = 'all-options'; … … 149 80 <td>"; 150 81 151 if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'> $value</textarea>";152 else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value. "'$disabled />";82 if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>"; 83 else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />"; 153 84 154 85 echo "</td> … … 159 90 </table> 160 91 <?php $options_to_update = implode(',', $options_to_update); ?> 161 <p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p>92 <p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p> 162 93 </form> 163 94 </div> -
branches/2.2/wp-admin/rtl.css
r5649 r58137 1 #viewarc, #viewcat, #namediv, #emaildiv, #uridiv, #planetnews li, #login ul li, #your-profile fieldset, 2 #footer .logo, .alignleft .available-theme { float: right; } 3 4 #templateside, .alignright { float: left; } 5 6 #login #send, .readmore, .widefat th { text-align: right; } 7 8 #postcustomsubmit, form#upload th, .submit, .editform th { text-align: left; } 9 10 #devnews h4, #wphead h1, #your-profile legend, fieldset.options legend, 11 #planetnews li .post { font-family: Tahoma, Georgia, "Times New Roman", Times, serif; } 12 13 #wphead { padding: .8em 2em .8em 19em; } 14 15 #wphead h1 { font-size: 2.4em; } 16 17 #postdiv, #titlediv, #guiddiv, #tagdiv { margin: 0 0 0 8px; } 18 19 #ed_toolbar input { margin: 3px 0 2px 2px; } 20 21 #edButtons input, #edButtons input:active { margin: 0px 0 -1px 2px; } 22 23 body, td { font: 13px Tahoma, "Lucida Grande", "Lucida Sans Unicode", Verdana; } 24 25 h2 { font: normal 32px/5px serif; } 26 27 textarea, input, select { font: 13px Tahoma, Verdana, Arial, Helvetica, sans-serif; } 28 29 .quicktags, .search { font: 12px Tahoma, Georgia, "Times New Roman", Times, serif; } 30 31 .updated, .confirm { padding: 0 3em 0 1em; } 1 #viewarc, #viewcat, #namediv, #emaildiv, #uridiv, #planetnews li, #login ul li, #your-profile fieldset, #footer .logo, .alignleft .available-theme { 2 float: right; 3 } 4 5 #templateside, .alignright { 6 float: left; 7 } 8 9 #login #send, .readmore, .widefat th { 10 text-align: right; 11 } 12 13 #postcustomsubmit, form#upload th, .submit, .editform th { 14 text-align: left; 15 } 16 17 #devnews h4, #wphead h1, #your-profile legend, fieldset.options legend, #planetnews li .post { 18 font-family: Tahoma, Georgia, "Times New Roman", Times, serif; 19 } 20 21 #wphead { 22 padding: .8em 2em .8em 19em; 23 } 24 25 #wphead h1 { 26 font-size: 2.4em; 27 } 28 29 #postdiv, #titlediv, #guiddiv, #tagdiv { 30 margin: 0 0 0 8px; 31 } 32 33 #ed_toolbar input { 34 margin: 3px 0 2px 2px; 35 } 36 37 #edButtons input, #edButtons input:active { 38 margin: 0px 0 -1px 2px; 39 } 40 41 body, td { 42 font: 13px Tahoma, "Lucida Grande", "Lucida Sans Unicode", Verdana; 43 } 44 45 h1, h2, h3, h4, h5 { 46 font-family: "Times New Roman", Times, serif; 47 } 48 h3.dbx-handle { 49 font-family: tahoma, Verdana, Arial, Helvetica, sans-serif; 50 } 51 52 textarea, input, select { 53 font: 13px Tahoma, Verdana, Arial, Helvetica, sans-serif; 54 } 55 56 .quicktags, .search { 57 font: 12px Tahoma, Georgia, "Times New Roman", Times, serif; 58 } 59 60 .updated, .confirm { 61 padding: 0 3em 0 1em; 62 } 32 63 33 64 .submit input, .submit input:focus, .button, .button:focus { 34 65 border-left-color: #999; 35 66 border-right-color: #ccc; 36 }67 } 37 68 38 69 .submit input:active, .button:active { 39 70 border-left-color: #ccc; 40 71 border-right-color: #999; 41 }72 } 42 73 43 74 #adminmenu { 44 75 padding: .2em 2em .3em .2em; 45 76 height: 28px; 46 } 47 48 #adminmenu li { line-height: 160%; } 77 } 49 78 50 79 #adminmenu a { … … 52 81 display: block; 53 82 float: right; 54 } 83 font: 700 16px/130% "Times New Roman", Times, serif; 84 } 55 85 56 86 #adminmenu a.current { 57 87 border-right: 0; 58 88 border-left: 2px solid #4f96c8; 59 } 60 61 #submenu, #minisub { padding: 1px 3em 0 2em; } 62 63 #submenu { height: 28px; } 64 65 #submenu li { line-height: 160%; } 89 } 90 91 #submenu, #minisub { 92 padding: 1px 3em 0 2em; 93 } 94 95 #submenu { 96 height: 28px; 97 } 66 98 67 99 #submenu a { … … 69 101 display: block; 70 102 float: right; 71 } 103 line-height: 155%; 104 } 72 105 73 106 #submenu .current { 74 107 border-right: 0; 75 108 border-left: 2px solid #045290; 76 }109 } 77 110 78 111 #currenttheme img { … … 80 113 margin-right: auto; 81 114 margin-left: 1em; 82 }115 } 83 116 84 117 #postdiv #quicktags { 85 118 padding-right: 0; 86 119 padding-left: 6px; 87 }120 } 88 121 89 122 .readmore { 90 123 margin-right: auto; 91 124 margin-left: 5em; 92 }125 } 93 126 94 127 #postexcerpt div, #attachmentlinks div { 95 128 margin-right: auto; 96 129 margin-left: 8px; 97 }130 } 98 131 99 132 * html #postexcerpt .dbx-toggle-open { 100 133 padding-right: 0; 101 134 padding-left: 8px; 102 }135 } 103 136 104 137 #searchform { … … 106 139 margin-right: auto; 107 140 margin-left: 1em; 108 }141 } 109 142 110 143 #poststuff { 111 144 margin-right: auto; 112 145 margin-left: 16em; 113 }146 } 114 147 115 148 #template div { 116 149 margin-right: auto; 117 150 margin-left: 190px; 118 }151 } 119 152 120 153 * html #template div { 121 154 margin-right: auto; 122 155 margin-left: 0px; 123 }156 } 124 157 125 158 #user_info { 126 159 right: auto; 127 160 left: 1em; 128 }129 161 } 162 130 163 #zeitgeist { 131 164 float: left; 132 165 margin-left: auto; 133 166 margin-right: 1em; 134 }167 } 135 168 136 169 #zeitgeist ul { 137 170 margin: 0 .6em .3em 0; 138 171 padding: 0 .6em 0 0; 139 } 172 } 173 174 .wrap ul { 175 margin-left: 500px; 176 } 140 177 141 178 #categorydiv ul { 142 179 margin-left: auto; 143 180 margin-right: 10px; 144 } 145 146 #moremeta fieldset div { margin: 2px 0px 0 0; } 181 } 147 182 148 183 #moremeta { 149 margin-right: auto;184 margin-right: 0; 150 185 margin-left: 15px; 151 186 right: auto; 152 left: 5%;153 }154 187 left: 6%; 188 } 189 155 190 #moremeta .dbx-content { 156 191 background: url(images/box-butt.gif) no-repeat bottom left; 157 padding-right: 0; 158 padding-left: 2px; 159 } 160 161 #moremeta .dbx-handle { background: #2685af url(images/box-head.gif) no-repeat left; } 162 163 #moremeta .dbx-box { background: url(images/box-bg.gif) repeat-y left; } 192 padding-right: 10px; 193 padding-left: 0; 194 text-align: right; 195 } 196 197 #moremeta .dbx-handle { 198 background: #2685af url(images/box-head.gif) no-repeat left; 199 margin-top: -2px; 200 } 201 202 #moremeta .dbx-box { 203 background: url(images/box-bg.gif) repeat-y left; 204 padding-bottom: 0; 205 } 164 206 165 207 a.dbx-toggle, a.dbx-toggle:visited { 166 208 right: auto; 167 209 left: 2px; 168 } 169 170 #advancedstuff a.dbx-toggle, #advancedstuff a.dbx-toggle-open:visited { 171 right: auto; 172 left: 5px; 173 } 174 175 #advancedstuff a.dbx-toggle-open, #advancedstuff a.dbx-toggle-open:visited { 176 right: auto; 177 left: 5px; 178 } 210 } 211 179 212 180 213 #categorychecklist { 181 214 margin-right: auto; 182 215 margin-left: 6px; 183 }216 } 184 217 185 218 #ajax-response.alignleft { 186 219 margin-left: auto; 187 220 margin-right: 2em; 188 }221 } 189 222 190 223 #postdivrich #edButtons { 191 224 padding-left: 0; 192 225 padding-right: 3px; 193 }226 } 194 227 195 228 .page-numbers { 196 229 margin-right: auto; 197 230 margin-left: 3px; 198 }231 } 199 232 200 233 a.view-link { … … 203 236 margin-right:0; 204 237 margin-left:220px; 205 } 238 } 239 #advancedstuff { 240 direction: ltr; 241 } 242 #advancedstuff .dbx-handle { 243 text-align: right; 244 } 245 #advancedstuff .dbx-content * { 246 direction: rtl; 247 } -
branches/2.2/wp-admin/upload-functions.php
r5649 r58137 106 106 global $post_id, $tab, $style; 107 107 $enctype = $id ? '' : ' enctype="multipart/form-data"'; 108 $post_id = (int) $post_id; 108 109 ?> 109 <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&tab=upload&post_id=$post_id"; ?>">110 <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style . '&tab=upload&post_id=' . $post_id); ?>"> 110 111 <?php 111 112 if ( $id ) : … … 202 203 if ( !current_user_can( 'upload_files' ) ) 203 204 wp_die( __('You are not allowed to upload files.') 204 . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style= $style&tab=browse-all&post_id=$post_id'>"205 . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&tab=browse-all&post_id=$post_id") . "'>" 205 206 . __('Browse Files') . '</a>' 206 207 ); … … 212 213 if ( isset($file['error']) ) 213 214 wp_die($file['error'] . "<br /><a href='" . get_option('siteurl') 214 . "/wp-admin/upload.php?style= $style&tab=$from_tab&post_id=$post_id'>" . __('Back to Image Uploading') . '</a>'215 . "/wp-admin/upload.php?style=" . attribute_escape($style . "&tab=$from_tab&post_id=$post_id") . "'>" . __('Back to Image Uploading') . '</a>' 215 216 ); 216 217 … … 259 260 if ( !current_user_can('edit_post', (int) $ID) ) 260 261 wp_die( __('You are not allowed to delete this attachment.') 261 . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style= $style&tab=$from_tab&post_id=$post_id'>"262 . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&tab=$from_tab&post_id=$post_id") . "'>" 262 263 . __('Go back') . '</a>' 263 264 ); -
branches/2.2/wp-admin/users.php
r5649 r58137 382 382 <th colspan="7"><h3><?php echo $wp_roles->role_names[$role]; ?></h3></th> 383 383 <?php else : ?> 384 <th colspan="7"><h3><em><?php _e('No role for this blog'); ?></ h3></th>384 <th colspan="7"><h3><em><?php _e('No role for this blog'); ?></em></h3></th> 385 385 <?php endif; ?> 386 386 </tr> -
branches/2.2/wp-admin/widgets-rtl.css
r5649 r58137 5 5 * html #palettediv ul { padding: 0 10px 0 0; } 6 6 7 #palettediv ul { padding: 0 10px 0 0; } 7 #palettediv ul { padding: 0 10px 0 0; 8 margin-left: 1px!important;} 8 9 9 10 * .handle, #lastmodule span { -
branches/2.2/wp-app.php
r5649 r58137 674 674 675 675 $location = get_post_meta($entry['ID'], '_wp_attached_file', true); 676 677 if(!isset($location)) 676 $filetype = wp_check_filetype($location); 677 678 if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext'])) 678 679 $this->internal_error(__('Error ocurred while accessing post metadata for file location.')); 679 680 … … 708 709 709 710 $location = get_post_meta($entry['ID'], '_wp_attached_file', true); 710 711 if(!isset($location)) 711 $filetype = wp_check_filetype($location); 712 713 if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext'])) 712 714 $this->internal_error(__('Error ocurred while accessing post metadata for file location.')); 713 715 -
branches/2.2/wp-content/themes/default/functions.php
r5649 r58137 385 385 </div> 386 386 <div id="jsForm"> 387 <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">387 <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attribute_escape($_SERVER['REQUEST_URI']); ?>"> 388 388 <?php wp_nonce_field('kubrick-header'); ?> 389 389 <input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php echo attribute_escape(__('Font Color')); ?>"></input> -
branches/2.2/wp-includes/author-template.php
r5649 r58137 184 184 'feed' => '', 'feed_image' => ''); 185 185 $r = array_merge($defaults, $r); 186 extract($r );186 extract($r, EXTR_SKIP); 187 187 188 188 // TODO: Move select to get_authors(). -
branches/2.2/wp-includes/bookmark-template.php
r5649 r58137 254 254 'after' => '</li>', 'between' => "\n"); 255 255 $r = array_merge($defaults, $r); 256 extract($r );256 extract($r, EXTR_SKIP); 257 257 258 258 foreach ( (array) $bookmarks as $bookmark ) { … … 332 332 'category_before' => '<li id="%id" class="%class">', 'category_after' => '</li>'); 333 333 $r = array_merge($defaults, $r); 334 extract($r );334 extract($r, EXTR_SKIP); 335 335 336 336 $output = ''; -
branches/2.2/wp-includes/bookmark.php
r5649 r58137 35 35 'category_name' => '', 'hide_invisible' => 1, 'show_updated' => 0, 'include' => '', 'exclude' => ''); 36 36 $r = array_merge($defaults, $r); 37 extract($r );37 extract($r, EXTR_SKIP); 38 38 39 39 $key = md5( serialize( $r ) ); -
branches/2.2/wp-includes/category-template.php
r5649 r58137 192 192 $r = array_merge($defaults, $r); 193 193 $r['include_last_update_time'] = $r['show_last_update']; 194 extract($r );194 extract($r, EXTR_SKIP); 195 195 196 196 $categories = get_categories($r); … … 243 243 if ( isset($r['show_date']) ) 244 244 $r['include_last_update_time'] = $r['show_date']; 245 extract($r );245 extract($r, EXTR_SKIP); 246 246 247 247 $categories = get_categories($r); -
branches/2.2/wp-includes/category.php
r5649 r58137 29 29 $r['orderby'] = "cat_" . $r['orderby']; // restricts order by to cat_ID and cat_name fields 30 30 $r['number'] = (int) $r['number']; 31 extract($r );31 extract($r, EXTR_SKIP); 32 32 33 33 $key = md5( serialize( $r ) ); -
branches/2.2/wp-includes/class-phpmailer.php
r5649 r58137 391 391 function SendmailSend($header, $body) { 392 392 if ($this->Sender != "") 393 $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);393 $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, escapeshellarg($this->Sender)); 394 394 else 395 395 $sendmail = sprintf("%s -oi -t", $this->Sendmail); -
branches/2.2/wp-includes/classes.php
r5649 r58137 507 507 if ( $depth ) 508 508 $indent = str_repeat("\t", $depth); 509 extract($args );509 extract($args, EXTR_SKIP); 510 510 $css_class = 'page_item'; 511 511 $_current_page = get_page( $current_page ); … … 697 697 698 698 $r = array_merge($defaults, $r); 699 extract($r );699 extract($r, EXTR_SKIP); 700 700 701 701 if ( is_wp_error($id) ) { -
branches/2.2/wp-includes/comment-template.php
r5649 r58137 286 286 $req = get_option('require_name_email'); 287 287 $commenter = wp_get_current_commenter(); 288 extract($commenter );288 extract($commenter, EXTR_SKIP); 289 289 290 290 // TODO: Use API instead of SELECTs. -
branches/2.2/wp-includes/comment.php
r5649 r58137 179 179 function wp_allow_comment($commentdata) { 180 180 global $wpdb; 181 extract($commentdata );181 extract($commentdata, EXTR_SKIP); 182 182 183 183 // Simple duplicate check … … 326 326 function wp_insert_comment($commentdata) { 327 327 global $wpdb; 328 extract($commentdata );328 extract($commentdata, EXTR_SKIP); 329 329 330 330 if ( ! isset($comment_author_IP) ) … … 458 458 459 459 // Now extract the merged array. 460 extract($commentarr );460 extract($commentarr, EXTR_SKIP); 461 461 462 462 $comment_content = apply_filters('comment_save_pre', $comment_content); … … 518 518 $pingback_href_original_pos = 27; 519 519 520 extract(parse_url($url) );520 extract(parse_url($url), EXTR_SKIP); 521 521 522 522 if ( !isset($host) ) // Not an URL. This should never happen. -
branches/2.2/wp-includes/default-filters.php
r5649 r58137 130 130 add_filter('sanitize_title', 'sanitize_title_with_dashes'); 131 131 132 add_filter('wp_title', 'wp_specialchars'); 133 132 134 // RSS filters 133 135 add_filter('the_title_rss', 'strip_tags'); -
branches/2.2/wp-includes/feed-rss2-comments.php
r5649 r58137 6 6 <!-- generator="wordpress/<?php echo $wp_version ?>" --> 7 7 <rss version="2.0" 8 xmlns:content="http://purl.org/rss/1.0/modules/content/"> 8 xmlns:content="http://purl.org/rss/1.0/modules/content/" 9 xmlns:dc="http://purl.org/dc/elements/1.1/" 10 > 9 11 <channel> 10 12 <title><?php … … 38 40 ?></title> 39 41 <link><?php comment_link() ?></link> 40 < author><?php echo get_comment_author_rss() ?></author>42 <dc:creator><?php echo get_comment_author_rss() ?></dc:creator> 41 43 <pubDate><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></pubDate> 42 44 <guid><?php comment_link() ?></guid> -
branches/2.2/wp-includes/formatting.php
r5649 r58137 12 12 if ( isset($wp_cockneyreplace) ) { 13 13 $cockney = array_keys($wp_cockneyreplace); 14 $cockney _replace = array_values($wp_cockneyreplace);14 $cockneyreplace = array_values($wp_cockneyreplace); 15 15 } else { 16 16 $cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause"); … … 637 637 // This is a pre save filter, so text is already escaped. 638 638 $text = stripslashes($text); 639 $text = preg_replace ('|<a (.+?)>|ie', "'<a ' . str_replace(' rel=\"nofollow\"','',stripslashes('$1')) . ' rel=\"nofollow\">'", $text);639 $text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text); 640 640 $text = $wpdb->escape($text); 641 641 return $text; 642 } 643 644 function wp_rel_nofollow_callback( $matches ) { 645 $text = $matches[1]; 646 $text = str_replace(array(' rel="nofollow"', " rel='nofollow'"), '', $text); 647 return "<a $text rel=\"nofollow\">"; 642 648 } 643 649 … … 1104 1110 function js_escape($text) { 1105 1111 $safe_text = wp_specialchars($text, 'double'); 1106 $safe_text = str_replace(''', "'", $safe_text);1112 $safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text)); 1107 1113 $safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text)); 1108 1114 return apply_filters('js_escape', $safe_text, $text); … … 1119 1125 } 1120 1126 1127 function sanitize_option($option, $value) { // Remember to call stripslashes! 1128 1129 switch ($option) { 1130 case 'admin_email': 1131 $value = sanitize_email($value); 1132 break; 1133 1134 case 'default_post_edit_rows': 1135 case 'mailserver_port': 1136 case 'comment_max_links': 1137 case 'page_on_front': 1138 case 'rss_excerpt_length': 1139 case 'default_category': 1140 case 'default_email_category': 1141 case 'default_link_category': 1142 $value = abs((int) $value); 1143 break; 1144 1145 case 'posts_per_page': 1146 case 'posts_per_rss': 1147 $value = (int) $value; 1148 if ( empty($value) ) $value = 1; 1149 if ( $value < -1 ) $value = abs($value); 1150 break; 1151 1152 case 'default_ping_status': 1153 case 'default_comment_status': 1154 // Options that if not there have 0 value but need to be something like "closed" 1155 if ( $value == '0' || $value == '') 1156 $value = 'closed'; 1157 break; 1158 1159 case 'blogdescription': 1160 case 'blogname': 1161 $value = addslashes($value); 1162 $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes 1163 $value = stripslashes($value); 1164 $value = wp_specialchars( $value ); 1165 break; 1166 1167 case 'blog_charset': 1168 $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes 1169 break; 1170 1171 case 'date_format': 1172 case 'time_format': 1173 case 'mailserver_url': 1174 case 'mailserver_login': 1175 case 'mailserver_pass': 1176 case 'ping_sites': 1177 case 'upload_path': 1178 $value = strip_tags($value); 1179 $value = addslashes($value); 1180 $value = wp_filter_kses($value); // calls stripslashes then addslashes 1181 $value = stripslashes($value); 1182 break; 1183 1184 case 'gmt_offset': 1185 $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes 1186 break; 1187 1188 case 'siteurl': 1189 case 'home': 1190 $value = stripslashes($value); 1191 $value = clean_url($value); 1192 break; 1193 default : 1194 break; 1195 } 1196 1197 return $value; 1198 } 1199 1200 function wp_parse_str( $string, &$array ) { 1201 parse_str( $string, $array ); 1202 if ( get_magic_quotes_gpc() ) 1203 $array = stripslashes_deep( $array ); // parse_str() adds slashes if magicquotes is on. See: http://php.net/parse_str 1204 $array = apply_filters( 'wp_parse_str', $array ); 1205 } 1206 1121 1207 ?> -
branches/2.2/wp-includes/functions.php
r5649 r58137 204 204 /* Options functions */ 205 205 206 // expects $setting to already be SQL-escaped 206 207 function get_option($setting) { 207 208 global $wpdb; … … 303 304 } 304 305 306 // expects $option_name to NOT be SQL-escaped 305 307 function update_option($option_name, $newvalue) { 306 308 global $wpdb; … … 308 310 wp_protect_special_option($option_name); 309 311 312 $safe_option_name = $wpdb->escape($option_name); 313 $newvalue = sanitize_option($option_name, $newvalue); 314 310 315 if ( is_string($newvalue) ) 311 316 $newvalue = trim($newvalue); 312 317 313 318 // If the new and old values are the same, no need to update. 314 $oldvalue = get_option($ option_name);319 $oldvalue = get_option($safe_option_name); 315 320 if ( $newvalue === $oldvalue ) { 316 321 return false; … … 350 355 351 356 // thx Alex Stapleton, http://alex.vort-x.net/blog/ 357 // expects $name to NOT be SQL-escaped 352 358 function add_option($name, $value = '', $description = '', $autoload = 'yes') { 353 359 global $wpdb; 354 360 355 361 wp_protect_special_option($name); 356 357 // Make sure the option doesn't already exist we can check the cache before we ask for a db query 362 $safe_name = $wpdb->escape($name); 363 364 // Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query 358 365 $notoptions = wp_cache_get('notoptions', 'options'); 359 if ( is_array($notoptions) && isset($notoptions[$name]) ) { 360 unset($notoptions[$name]); 361 wp_cache_set('notoptions', $notoptions, 'options'); 362 } elseif ( false !== get_option($name) ) { 366 if ( !is_array($notoptions) || !isset($notoptions[$name]) ) 367 if ( false !== get_option($safe_name) ) 363 368 return; 364 }365 369 366 370 $value = maybe_serialize($value); 371 $autoload = ( 'no' === $autoload ) ? 'no' : 'yes'; 367 372 368 373 if ( 'yes' == $autoload ) { … … 372 377 } else { 373 378 wp_cache_set($name, $value, 'options'); 379 } 380 381 // This option exists now 382 $notoptions = wp_cache_get('notoptions', 'options'); // yes, again... we need it to be fresh 383 if ( is_array($notoptions) && isset($notoptions[$name]) ) { 384 unset($notoptions[$name]); 385 wp_cache_set('notoptions', $notoptions, 'options'); 374 386 } 375 387 … … 762 774 $ret = ''; 763 775 if ( is_array(func_get_arg(0)) ) { 764 if ( @func_num_args() < 2 || ''== @func_get_arg(1) )776 if ( @func_num_args() < 2 || false === @func_get_arg(1) ) 765 777 $uri = $_SERVER['REQUEST_URI']; 766 778 else 767 779 $uri = @func_get_arg(1); 768 780 } else { 769 if ( @func_num_args() < 3 || ''== @func_get_arg(2) )781 if ( @func_num_args() < 3 || false === @func_get_arg(2) ) 770 782 $uri = $_SERVER['REQUEST_URI']; 771 783 else … … 802 814 } 803 815 804 parse_str($query, $qs); 805 if ( get_magic_quotes_gpc() ) 806 $qs = stripslashes_deep($qs); // parse_str() adds slashes if magicquotes is on. See: http://php.net/parse_str 816 wp_parse_str($query, $qs); 807 817 $qs = urlencode_deep($qs); 808 818 if ( is_array(func_get_arg(0)) ) { … … 825 835 $ret = trim($ret, '?'); 826 836 $ret = $protocol . $base . $ret . $frag; 827 $ret = trim($ret, '?');837 $ret = rtrim($ret, '?'); 828 838 return $ret; 829 839 } … … 839 849 */ 840 850 841 function remove_query_arg($key, $query= '') {851 function remove_query_arg($key, $query=FALSE) { 842 852 if ( is_array($key) ) { // removing multiple keys 843 853 foreach ( (array) $key as $k ) … … 1482 1492 1483 1493 function wp_parse_args( $args, $defaults = '' ) { 1484 if ( is_array( $args) ) :1494 if ( is_array( $args ) ) 1485 1495 $r =& $args; 1486 else : 1487 parse_str( $args, $r ); 1488 if ( get_magic_quotes_gpc() ) 1489 $r = stripslashes_deep( $r ); 1490 endif; 1491 1492 if ( is_array($defaults) ) : 1493 extract($defaults); 1494 extract($r); 1495 return compact(array_keys($defaults)); // only those options defined in $defaults 1496 else : 1496 else 1497 wp_parse_str( $args, $r ); 1498 1499 if ( is_array( $defaults ) ) 1500 return array_merge( $defaults, $r ); 1501 else 1497 1502 return $r; 1498 endif;1499 1503 } 1500 1504 -
branches/2.2/wp-includes/general-template.php
r5649 r58137 323 323 $defaults = array('type' => 'monthly', 'limit' => '', 'format' => 'html', 'before' => '', 'after' => '', 'show_post_count' => false); 324 324 $r = array_merge($defaults, $r); 325 extract($r );325 extract($r, EXTR_SKIP); 326 326 327 327 if ( '' == $type ) … … 814 814 if ( get_user_option( 'rich_editing' ) == 'true' && 815 815 ( ( preg_match( '!AppleWebKit/(\d+)!', $_SERVER['HTTP_USER_AGENT'], $match ) && intval($match[1]) >= 420 ) || 816 !preg_match( '!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT'] ) ) ) { 816 !preg_match( '!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT'] ) ) 817 && 'comment.php' != $pagenow ) { 817 818 $wp_rich_edit = true; 818 819 } else { … … 958 959 } 959 960 960 function paginate_links( $arg = '' ) { 961 if ( is_array($arg) ) 962 $a = &$arg; 963 else 964 parse_str($arg, $a); 965 966 // Defaults 967 $base = '%_%'; // http://example.com/all_posts.php%_% : %_% is replaced by format (below) 968 $format = '?page=%#%'; // ?page=%#% : %#% is replaced by the page number 969 $total = 1; 970 $current = 0; 971 $show_all = false; 972 $prev_next = true; 973 $prev_text = __('« Previous'); 974 $next_text = __('Next »'); 975 $end_size = 1; // How many numbers on either end including the end 976 $mid_size = 2; // How many numbers to either side of current not including current 977 $type = 'plain'; 978 $add_args = false; // array of query args to aadd 979 980 extract($a); 961 function paginate_links( $args = '' ) { 962 $defaults = array( 963 'base' => '%_%', // http://example.com/all_posts.php%_% : %_% is replaced by format (below) 964 'format' => '?page=%#%', // ?page=%#% : %#% is replaced by the page number 965 'total' => 1, 966 'current' => 0, 967 'show_all' => false, 968 'prev_next' => true, 969 'prev_text' => __('« Previous'), 970 'next_text' => __('Next »'), 971 'end_size' => 1, // How many numbers on either end including the end 972 'mid_size' => 2, // How many numbers to either side of current not including current 973 'type' => 'plain', 974 'add_args' => false // array of query args to aadd 975 ); 976 977 $args = wp_parse_args( $args, $defaults ); 978 extract($args, EXTR_SKIP); 981 979 982 980 // Who knows what else people pass in $args -
branches/2.2/wp-includes/link-template.php
r5649 r58137 483 483 if ( $permalink ) 484 484 $qstr = user_trailingslashit($qstr, 'paged'); 485 $qstr = preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', trailingslashit( get_option('home') ) . $qstr );486 485 487 486 // showing /page/1/ or ?paged=1 is redundant … … 491 490 $qstr = remove_query_arg('paged', $qstr); // for query style 492 491 } 492 493 $qstr = preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', trailingslashit( get_option('home') ) . $qstr ); 494 493 495 return $qstr; 494 496 } -
branches/2.2/wp-includes/pluggable.php
r5649 r58137 158 158 159 159 if ( !function_exists( 'wp_mail' ) ) : 160 function wp_mail( $to, $subject, $message, $headers = '') {160 function wp_mail($to, $subject, $message, $headers = '') { 161 161 global $phpmailer; 162 163 // (Re)create it, if it's gone missing 164 if ( !is_object( $phpmailer ) || !is_a( $phpmailer, 'PHPMailer' ) ) { 165 require_once ABSPATH . WPINC . '/class-phpmailer.php'; 166 require_once ABSPATH . WPINC . '/class-smtp.php'; 162 163 if ( !is_object( $phpmailer ) ) { 164 require_once(ABSPATH . WPINC . '/class-phpmailer.php'); 165 require_once(ABSPATH . WPINC . '/class-smtp.php'); 167 166 $phpmailer = new PHPMailer(); 168 167 } 169 170 // Compact the input, apply the filters, and extract them back out 171 extract( apply_filters( 'wp_mail', compact( 'to', 'subject', 'message', 'headers' ) ) ); 172 173 // Default headers 174 if ( empty( $headers ) ) { 175 $headers = array( 176 'MIME-Version' => '1.0' 177 ); 178 } elseif ( !is_array( $headers ) ) { 179 // Explode the headers out, so this function can take both 180 // string headers and an array of headers. 181 $tempheaders = (array) explode( "\n", $headers ); 182 $headers = array(); 183 184 // If it's actually got contents 185 if ( !empty( $tempheaders ) ) { 186 // Iterate through the raw headers 187 foreach ( $tempheaders as $header ) { 188 // Explode them out 189 list( $name, $content ) = explode( ':', trim( $header ), 2 ); 190 191 // Cleanup crew 192 $name = trim( $name ); 193 $content = trim( $content ); 194 195 // Mainly for legacy -- process a From: header if it's there 196 if ( $name == 'From' ) { 197 if ( strpos( '<', $content ) !== false ) { 198 // So... making my life hard again? 199 $from_name = substr( $content, 0, strpos( '<', $content ) - 1 ); 200 $from_name = str_replace( '"', '', $from_name ); 201 $from_name = trim( $from_name ); 202 203 $from_email = substr( $content, strpos( '<', $content ) + 1 ); 204 $from_email = str_replace( '>', '', $from_email ); 205 $from_email = trim( $from_email ); 206 } else { 207 $from_name = trim( $content ); 208 } 209 } elseif ( $name == 'Content-Type' ) { 210 if ( strpos( ';', $content ) !== false ) { 211 list( $type, $charset ) = explode( ';', $content ); 212 $content_type = trim( $content_type ); 213 $charset = trim( str_replace( array( 'charset=', '"' ), '', $charset ) ); 214 } else { 215 $content_type = trim( $content ); 216 } 168 169 $mail = compact('to', 'subject', 'message', 'headers'); 170 $mail = apply_filters('wp_mail', $mail); 171 extract($mail, EXTR_SKIP); 172 173 if ( $headers == '' ) { 174 $headers = "MIME-Version: 1.0\n" . 175 "From: " . apply_filters('wp_mail_from', "wordpress@" . preg_replace('#^www\.#', '', strtolower($_SERVER['SERVER_NAME']))) . "\n" . 176 "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; 177 } 178 179 $phpmailer->ClearAddresses(); 180 $phpmailer->ClearCCs(); 181 $phpmailer->ClearBCCs(); 182 $phpmailer->ClearReplyTos(); 183 $phpmailer->ClearAllRecipients(); 184 $phpmailer->ClearCustomHeaders(); 185 186 $phpmailer->FromName = "WordPress"; 187 $phpmailer->AddAddress("$to", ""); 188 $phpmailer->Subject = $subject; 189 $phpmailer->Body = $message; 190 $phpmailer->IsHTML(false); 191 $phpmailer->IsMail(); // set mailer to use php mail() 192 193 do_action_ref_array('phpmailer_init', array(&$phpmailer)); 194 195 $mailheaders = (array) explode( "\n", $headers ); 196 foreach ( $mailheaders as $line ) { 197 $header = explode( ":", $line ); 198 switch ( trim( $header[0] ) ) { 199 case "From": 200 $from = trim( str_replace( '"', '', $header[1] ) ); 201 if ( strpos( $from, '<' ) ) { 202 $phpmailer->FromName = str_replace( '"', '', substr( $header[1], 0, strpos( $header[1], '<' ) - 1 ) ); 203 $from = trim( substr( $from, strpos( $from, '<' ) + 1 ) ); 204 $from = str_replace( '>', '', $from ); 217 205 } else { 218 // Add it to our grand headers array 219 $headers[trim( $name )] = trim( $content ); 206 $phpmailer->FromName = $from; 220 207 } 221 } 208 $phpmailer->From = trim( $from ); 209 break; 210 default: 211 if ( $line != '' && $header[0] != 'MIME-Version' && $header[0] != 'Content-Type' ) 212 $phpmailer->AddCustomHeader( $line ); 213 break; 222 214 } 223 215 } 224 225 // Empty out the values that may be set 226 $phpmailer->ClearAddresses(); 227 $phpmailer->ClearAllRecipients(); 228 $phpmailer->ClearAttachments(); 229 $phpmailer->ClearBCCs(); 230 $phpmailer->ClearCCs(); 231 $phpmailer->ClearCustomHeaders(); 232 $phpmailer->ClearReplyTos(); 233 234 // From email and name 235 // If we don't have a name from the input headers 236 if ( !isset( $from_name ) ) { 237 $from_name = 'WordPress'; 238 } 239 240 // If we don't have an email from the input headers 241 if ( !isset( $from_email ) ) { 242 // Get the site domain and get rid of www. 243 $sitename = strtolower( $_SERVER['SERVER_NAME'] ); 244 if ( substr( $sitename, 0, 4 ) == 'www.' ) { 245 $sitename = substr( $sitename, 4 ); 246 } 247 248 $from_email = 'wordpress@' . $sitename; 249 } 250 251 // Set the from name and email 252 $phpmailer->From = apply_filters( 'wp_mail_from', $from_email ); 253 $phpmailer->FromName = apply_filters( 'wp_mail_from_name', $from_name ); 254 255 // Set destination address 256 $phpmailer->AddAddress( $to ); 257 258 // Set mail's subject and body 259 $phpmailer->Subject = $subject; 260 $phpmailer->Body = $message; 261 262 // Set to use PHP's mail() 263 $phpmailer->IsMail(); 264 265 // Set Content-Type and charset 266 // If we don't have a content-type from the input headers 267 if ( !isset( $content_type ) ) { 268 $content_type = 'text/plain'; 269 } 270 271 // Set whether it's plaintext or not, depending on $content_type 272 if ( $content_type == 'text/html' ) { 273 $phpmailer->IsHTML( true ); 274 } else { 275 $phpmailer->IsHTML( false ); 276 } 277 278 // If we don't have a charset from the input headers 279 if ( !isset( $charset ) ) { 280 $charset = get_bloginfo( 'charset' ); 281 } 282 283 // Set the content-type and charset 284 $phpmailer->ContentType = apply_filters( 'wp_mail_content_type', 'text/plain' ); 285 $phpmailer->CharSet = apply_filters( 'wp_mail_charset', $charset ); 286 287 // Set custom headers 288 if ( !empty( $headers ) ) { 289 foreach ( $headers as $name => $content ) { 290 $phpmailer->AddCustomHeader( sprintf( '%1$s: %2$s', $name, $content ) ); 291 } 292 } 293 294 do_action_ref_array( 'phpmailer_init', array( &$phpmailer ) ); 295 296 // Send! 216 297 217 $result = @$phpmailer->Send(); 298 218 299 219 return $result; 300 220 } … … 304 224 function wp_login($username, $password, $already_md5 = false) { 305 225 global $wpdb, $error; 226 227 $username = sanitize_user($username); 306 228 307 229 if ( '' == $username ) … … 399 321 $location = wp_kses_no_null($location); 400 322 323 // remove %0d and %0a from location 401 324 $strip = array('%0d', '%0a'); 402 $location = str_replace($strip, '', $location); 325 $found = true; 326 while($found) { 327 $found = false; 328 foreach($strip as $val) { 329 while(strpos($location, $val) !== false) { 330 $found = true; 331 $location = str_replace($val, '', $location); 332 } 333 } 334 } 403 335 404 336 if ( $is_IIS ) { -
branches/2.2/wp-includes/plugin.php
r5649 r58137 20 20 21 21 // So the format is wp_filter['tag']['array of priorities']['array of functions serialized']['array of ['array (functions, accepted_args)]'] 22 $wp_filter[$tag][$priority][ serialize($function_to_add)] = array('function' => $function_to_add, 'accepted_args' => $accepted_args);22 $wp_filter[$tag][$priority][_wp_filter_build_unique_id($tag, $function_to_add, $priority)] = array('function' => $function_to_add, 'accepted_args' => $accepted_args); 23 23 unset( $merged_filters[ $tag ] ); 24 24 return true; … … 99 99 function remove_filter($tag, $function_to_remove, $priority = 10, $accepted_args = 1) { 100 100 global $wp_filter, $merged_filters; 101 102 unset($GLOBALS['wp_filter'][$tag][$priority][ serialize($function_to_remove)]);101 102 unset($GLOBALS['wp_filter'][$tag][$priority][_wp_filter_build_unique_id($tag, $function_to_remove, $priority)]); 103 103 unset( $merged_filters[ $tag ] ); 104 104 … … 236 236 */ 237 237 function plugin_basename($file) { 238 $file = preg_replace('|\\\\+|', '\\\\', $file); 239 $file = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', $file); 238 $file = str_replace('\\','/',$file); // sanitize for Win32 installs 239 $file = preg_replace('|/+|','/', $file); // remove any duplicate slash 240 $file = preg_replace('|^.*/wp-content/plugins/|','',$file); // get relative path from plugins dir 240 241 return $file; 241 242 } … … 279 280 } 280 281 282 function _wp_filter_build_unique_id($tag, $function, $priority = 10) 283 { 284 global $wp_filter; 285 286 // If function then just skip all of the tests and not overwrite the following. 287 if( is_string($function) ) 288 return $function; 289 // Object Class Calling 290 else if(is_object($function[0]) ) 291 { 292 $obj_idx = get_class($function[0]).$function[1]; 293 if( is_null($function[0]->wp_filter_id) ) { 294 $count = count((array)$wp_filter[$tag][$priority]); 295 $function[0]->wp_filter_id = $count; 296 $obj_idx .= $count; 297 unset($count); 298 } else 299 $obj_idx .= $function[0]->wp_filter_id; 300 return $obj_idx; 301 } 302 // Static Calling 303 else if( is_string($function[0]) ) 304 return $function[0].$function[1]; 305 } 306 281 307 ?> -
branches/2.2/wp-includes/post-template.php
r5649 r58137 142 142 'previouspagelink' => __('Previous page'), 'pagelink' => '%', 'more_file' => '', 'echo' => 1); 143 143 $r = array_merge($defaults, $r); 144 extract($r );144 extract($r, EXTR_SKIP); 145 145 146 146 global $id, $page, $numpages, $multipage, $more, $pagenow; … … 256 256 'name' => 'page_id', 'show_option_none' => ''); 257 257 $r = array_merge($defaults, $r); 258 extract($r );258 extract($r, EXTR_SKIP); 259 259 260 260 $pages = get_pages($r); -
branches/2.2/wp-includes/post.php
r5649 r58137 183 183 'meta_key' => '', 'meta_value' =>'', 'post_type' => 'post', 'post_status' => 'publish', 'post_parent' => 0); 184 184 $r = array_merge($defaults, $r); 185 extract($r );185 extract($r, EXTR_SKIP); 186 186 $numberposts = (int) $numberposts; 187 187 $offset = (int) $offset; … … 491 491 492 492 // export array as variables 493 extract($postarr );493 extract($postarr, EXTR_SKIP); 494 494 495 495 // Are we updating or creating? … … 882 882 883 883 // import postdata as variables 884 extract($postdata );884 extract($postdata, EXTR_SKIP); 885 885 886 886 // form an excerpt … … 1068 1068 'hierarchical' => 1, 'exclude' => '', 'include' => '', 'meta_key' => '', 'meta_value' => '', 'authors' => ''); 1069 1069 $r = array_merge($defaults, $r); 1070 extract($r );1070 extract($r, EXTR_SKIP); 1071 1071 1072 1072 $key = md5( serialize( $r ) ); … … 1222 1222 1223 1223 // Export array as variables 1224 extract($object );1224 extract($object, EXTR_SKIP); 1225 1225 1226 1226 // Get the basics. -
branches/2.2/wp-includes/query.php
r5649 r58137 414 414 $qv = &$this->query_vars; 415 415 416 if ( ! empty($qv['robots']) ) {416 if ( ! empty($qv['robots']) ) 417 417 $this->is_robots = true; 418 return;419 }420 421 if ('404' == $qv['error']) {422 $this->is_404 = true;423 if ( !empty($query) ) {424 do_action_ref_array('parse_query', array(&$this));425 }426 return;427 }428 418 429 419 $qv['p'] = (int) $qv['p']; … … 607 597 } 608 598 599 if ( !empty($qv['post_type']) ) 600 $qv['post_type'] = sanitize_user($qv['post_type'], true); 601 602 if ( !empty($qv['post_status']) ) 603 $qv['post_status'] = sanitize_user($qv['post_status'], true); 604 609 605 if ( $this->is_posts_page && !$qv['withcomments'] ) 610 606 $this->is_comment_feed = false; … … 612 608 $this->is_singular = $this->is_single || $this->is_page || $this->is_attachment; 613 609 // Done correcting is_* for page_on_front and page_for_posts 610 611 if ('404' == $qv['error']) 612 $this->set_404(); 614 613 615 614 if ( !empty($query) ) -
branches/2.2/wp-includes/registration.php
r5649 r58137 33 33 global $wpdb; 34 34 35 extract($userdata );35 extract($userdata, EXTR_SKIP); 36 36 37 37 // Are we updating or creating? -
branches/2.2/wp-includes/rewrite.php
r5649 r58137 136 136 // Substitute the substring matches into the query. 137 137 eval("\$query = \"$query\";"); 138 // Filter out non-public query vars 139 global $wp; 140 parse_str($query, $query_vars); 141 $query = array(); 142 foreach ( $query_vars as $key => $value ) { 143 if ( in_array($key, $wp->public_query_vars) ) 144 $query[$key] = $value; 145 } 146 // Do the query 138 147 $query = new WP_Query($query); 139 148 if ( $query->is_single || $query->is_page ) -
branches/2.2/wp-includes/rss.php
r5649 r58137 10 10 define('RSS', 'RSS'); 11 11 define('ATOM', 'Atom'); 12 define('MAGPIE_USER_AGENT', 'WordPress/' . $ wp_version);12 define('MAGPIE_USER_AGENT', 'WordPress/' . $GLOBALS['wp_version']); 13 13 14 14 class MagpieRSS { … … 592 592 593 593 if ( !defined('MAGPIE_USER_AGENT') ) { 594 $ua = 'WordPress/' . $ wp_version;594 $ua = 'WordPress/' . $GLOBALS['wp_version']; 595 595 596 596 if ( MAGPIE_CACHE_ON ) { -
branches/2.2/wp-includes/theme.php
r5649 r58137 80 80 $theme = $name; 81 81 $theme_uri = trim( $theme_uri[1] ); 82 $template = trim( $template[1] ); 82 83 83 84 if ( '' == $author_uri[1] ) { -
branches/2.2/wp-includes/vars.php
r5649 r58137 2 2 3 3 // On which page are we ? 4 if ( preg_match('#([^/]+\.php)$#', $PHP_SELF, $self_matches) ) { 4 if ( is_admin() ) { 5 // wp-admin pages are checked more carefully 6 preg_match('#/wp-admin/?(.*?)$#i', $PHP_SELF, $self_matches); 5 7 $pagenow = $self_matches[1]; 6 } elseif ( strpos($PHP_SELF, '?') !== false ) { 7 $pagenow = explode('/', $PHP_SELF); 8 $pagenow = trim($pagenow[(sizeof($pagenow)-1)]); 9 $pagenow = explode('?', $pagenow); 10 $pagenow = $pagenow[0]; 8 $pagenow = preg_replace('#\?.*?$#', '', $pagenow); 9 if ( '' === $pagenow || 'index' === $pagenow || 'index.php' === $pagenow ) { 10 $pagenow = 'index.php'; 11 } else { 12 preg_match('#(.*?)(/|$)#', $pagenow, $self_matches); 13 $pagenow = strtolower($self_matches[1]); 14 if ( '.php' !== substr($pagenow, -4, 4) ) 15 $pagenow .= '.php'; // for Options +Multiviews: /wp-admin/themes/index.php (themes.php is queried) 16 } 11 17 } else { 12 $pagenow = 'index.php'; 18 if ( preg_match('#([^/]+\.php)([?/].*?)?$#i', $PHP_SELF, $self_matches) ) 19 $pagenow = strtolower($self_matches[1]); 20 else 21 $pagenow = 'index.php'; 13 22 } 14 23 -
branches/2.2/wp-includes/version.php
r5649 r58137 3 3 // This holds the version number in a separate file so we can bump it without cluttering the SVN 4 4 5 $wp_version = '2.2. 1-beta';5 $wp_version = '2.2.3'; 6 6 $wp_db_version = 5183; 7 7 -
branches/2.2/wp-includes/widgets.php
r5649 r58137 333 333 $title = empty( $options['title'] ) ? __( 'Pages' ) : $options['title']; 334 334 $sortby = empty( $options['sortby'] ) ? 'menu_order' : $options['sortby']; 335 $exclude = empty( $options['exclude'] ) ? '' : '&exclude=' .$options['exclude'];335 $exclude = empty( $options['exclude'] ) ? '' : $options['exclude']; 336 336 337 337 if ( $sortby == 'menu_order' ) { … … 339 339 } 340 340 341 $out = wp_list_pages( 'title_li=&echo=0&sort_column=' . $sortby . $exclude);341 $out = wp_list_pages( array('title_li' => '', 'echo' => 0, 'sort_column' => $sortby, 'exclude' => $exclude) ); 342 342 343 343 if ( !empty( $out ) ) { … … 379 379 <select name="pages-sortby" id="pages-sortby"> 380 380 <option value="post_title"<?php selected( $options['sortby'], 'post_title' ); ?>><?php _e('Page title'); ?></option> 381 <option value="menu_order"<?php selected( $options['sortby'], 'menu_order' ); ?>><?php _e(' Menuorder'); ?></option>381 <option value="menu_order"<?php selected( $options['sortby'], 'menu_order' ); ?>><?php _e('Page order'); ?></option> 382 382 <option value="ID"<?php selected( $options['sortby'], 'ID' ); ?>><?php _e( 'Page ID' ); ?></option> 383 383 </select></label></p> … … 390 390 function wp_widget_links($args) { 391 391 global $wp_db_version; 392 extract($args );392 extract($args, EXTR_SKIP); 393 393 if ( $wp_db_version < 3582 ) { 394 394 // This ONLY works with li/h2 sidebars. … … 631 631 function onCatChange() { 632 632 if ( dropdown.options[dropdown.selectedIndex].value > 0 ) { 633 location.href = "<?php echo get_option('siteurl'); ?>/?cat="+dropdown.options[dropdown.selectedIndex].value;633 location.href = "<?php echo get_option('home'); ?>/?cat="+dropdown.options[dropdown.selectedIndex].value; 634 634 } 635 635 } … … 806 806 function wp_widget_rss($args, $number = 1) { 807 807 require_once(ABSPATH . WPINC . '/rss.php'); 808 extract($args );808 extract($args, EXTR_SKIP); 809 809 $options = get_option('widget_rss'); 810 810 if ( isset($options['error']) && $options['error'] ) … … 861 861 } 862 862 } else { 863 echo __('<li>An error has occured; the feed is probably down. Try again later.</li>');863 echo '<li>' . __( 'An error has occurred; the feed is probably down. Try again later.' ) . '</li>'; 864 864 } 865 865 ?> -
branches/2.2/wp-mail.php
r5649 r58137 65 65 if (preg_match('/From: /', $line) | preg_match('/Reply-To: /', $line)) { 66 66 $author=trim($line); 67 if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) { 68 $author = $regs[1]; 69 echo "Author = {$author} <p>"; 70 $author = $wpdb->escape($author); 71 $result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1"); 72 if (!$result) 67 if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) { 68 $author = $regs[1]; 69 echo "Author = {$author} <p>"; 70 $author = $wpdb->escape($author); 71 $result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1"); 72 if (!$result) 73 $post_author = 1; 74 else 75 $post_author = $result->ID; 76 } else 73 77 $post_author = 1; 74 else75 $post_author = $result->ID;76 } else77 $post_author = 1;78 78 } 79 79 -
branches/2.2/wp-settings.php
r5649 r58137 49 49 $_SERVER['PHP_SELF'] = $PHP_SELF = preg_replace("/(\?.*)?$/",'',$_SERVER["REQUEST_URI"]); 50 50 51 if ( !(phpversion() >= '4. 1') )52 die( 'Your server is running PHP version ' . phpversion() . ' but WordPress requires at least 4. 1' );51 if ( !(phpversion() >= '4.2') ) 52 die( 'Your server is running PHP version ' . phpversion() . ' but WordPress requires at least 4.2.' ); 53 53 54 54 if ( !extension_loaded('mysql') && !file_exists(ABSPATH . 'wp-content/db.php') ) -
branches/2.2/xmlrpc.php
r5649 r58137 850 850 return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); 851 851 852 extract($actual_post );852 extract($actual_post, EXTR_SKIP); 853 853 854 854 if ( ('publish' == $post_status) && !current_user_can('publish_posts') ) … … 930 930 } 931 931 932 $cap = ($publish) ? 'publish_posts' : 'edit_posts'; 932 933 $user = set_current_user(0, $user_login); 933 if ( !current_user_can( 'publish_posts') )934 if ( !current_user_can($cap) ) 934 935 return new IXR_Error(401, __('Sorry, you can not post on this weblog or category.')); 935 936 … … 1000 1001 1001 1002 if(isset($content_struct["mt_allow_comments"])) { 1002 switch((int) $content_struct["mt_allow_comments"]) { 1003 case 0: 1004 $comment_status = "closed"; 1005 break; 1006 case 1: 1007 $comment_status = "open"; 1008 break; 1009 default: 1010 $comment_status = get_option("default_comment_status"); 1011 break; 1003 if(!is_numeric($content_struct["mt_allow_comments"])) { 1004 switch($content_struct["mt_allow_comments"]) { 1005 case "closed": 1006 $comment_status = "closed"; 1007 break; 1008 case "open": 1009 $comment_status = "open"; 1010 break; 1011 default: 1012 $comment_status = get_option("default_comment_status"); 1013 break; 1014 } 1012 1015 } 1016 else { 1017 switch((int) $content_struct["mt_allow_comments"]) { 1018 case 0: 1019 $comment_status = "closed"; 1020 break; 1021 case 1: 1022 $comment_status = "open"; 1023 break; 1024 default: 1025 $comment_status = get_option("default_comment_status"); 1026 break; 1027 } 1028 } 1029 } 1030 else { 1031 $comment_status = get_option("default_comment_status"); 1013 1032 } 1014 1033 1015 1034 if(isset($content_struct["mt_allow_pings"])) { 1016 switch((int) $content_struct["mt_allow_pings"]) { 1017 case 0: 1018 $ping_status = "closed"; 1019 break; 1020 case 1: 1021 $ping_status = "open"; 1022 break; 1023 default: 1024 $ping_status = get_option("default_ping_status"); 1025 break; 1035 if(!is_numeric($content_struct["mt_allow_pings"])) { 1036 switch($content_struct["mt_allow_pings"]) { 1037 case "closed": 1038 $ping_status = "closed"; 1039 break; 1040 case "open": 1041 $ping_status = "open"; 1042 break; 1043 default: 1044 $ping_status = get_option("default_ping_status"); 1045 break; 1046 } 1026 1047 } 1048 else { 1049 switch((int) $content_struct["mt_allow_pings"]) { 1050 case 0: 1051 $ping_status = "closed"; 1052 break; 1053 case 1: 1054 $ping_status = "open"; 1055 break; 1056 default: 1057 $ping_status = get_option("default_ping_status"); 1058 break; 1059 } 1060 } 1061 } 1062 else { 1063 $ping_status = get_option("default_ping_status"); 1027 1064 } 1028 1065 … … 1127 1164 } 1128 1165 1129 extract($postdata);1130 1166 $this->escape($postdata); 1167 extract($postdata, EXTR_SKIP); 1131 1168 1132 1169 // Let WordPress manage slug if none was provided. … … 1178 1215 } 1179 1216 1180 // Only set ping_status if it was provided. 1217 if(isset($content_struct["mt_allow_comments"])) { 1218 if(!is_numeric($content_struct["mt_allow_comments"])) { 1219 switch($content_struct["mt_allow_comments"]) { 1220 case "closed": 1221 $comment_status = "closed"; 1222 break; 1223 case "open": 1224 $comment_status = "open"; 1225 break; 1226 default: 1227 $comment_status = get_option("default_comment_status"); 1228 break; 1229 } 1230 } 1231 else { 1232 switch((int) $content_struct["mt_allow_comments"]) { 1233 case 0: 1234 $comment_status = "closed"; 1235 break; 1236 case 1: 1237 $comment_status = "open"; 1238 break; 1239 default: 1240 $comment_status = get_option("default_comment_status"); 1241 break; 1242 } 1243 } 1244 } 1245 1181 1246 if(isset($content_struct["mt_allow_pings"])) { 1182 switch((int) $content_struct["mt_allow_pings"]) { 1183 case 0: 1184 $ping_status = "closed"; 1185 break; 1186 case 1: 1187 $ping_status = "open"; 1188 break; 1247 if(!is_numeric($content_struct["mt_allow_pings"])) { 1248 switch($content_struct["mt_allow_pings"]) { 1249 case "closed": 1250 $ping_status = "closed"; 1251 break; 1252 case "open": 1253 $ping_status = "open"; 1254 break; 1255 default: 1256 $ping_status = get_option("default_ping_status"); 1257 break; 1258 } 1259 } 1260 else { 1261 switch((int) $content_struct["mt_allow_pings"]) { 1262 case 0: 1263 $ping_status = "closed"; 1264 break; 1265 case 1: 1266 $ping_status = "open"; 1267 break; 1268 default: 1269 $ping_status = get_option("default_ping_status"); 1270 break; 1271 } 1189 1272 } 1190 1273 } … … 1221 1304 $to_ping = implode(' ', $to_ping); 1222 1305 1223 if(isset($content_struct["mt_allow_comments"])) {1224 $comment_status = (int) $content_struct["mt_allow_comments"];1225 }1226 1227 1306 // Do some timestamp voodoo 1228 1307 $dateCreatedd = $content_struct['dateCreated']; … … 1437 1516 $bits = $data['bits']; 1438 1517 1518 logIO('O', '(MW) Received '.strlen($bits).' bytes'); 1519 1520 if ( !$this->login_pass_ok($user_login, $user_pass) ) 1521 return $this->error; 1522 1523 set_current_user(0, $user_login); 1524 if ( !current_user_can('upload_files') ) { 1525 logIO('O', '(MW) User does not have upload_files capability'); 1526 $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.')); 1527 return $this->error; 1528 } 1529 1530 if ( $upload_err = apply_filters( "pre_upload_error", false ) ) 1531 return new IXR_Error(500, $upload_err); 1532 1439 1533 if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) { 1440 1534 // Get postmeta info on the object. … … 1454 1548 $name = "wpid{$old_file->ID}-{$filename}"; 1455 1549 } 1456 1457 logIO('O', '(MW) Received '.strlen($bits).' bytes');1458 1459 if ( !$this->login_pass_ok($user_login, $user_pass) )1460 return $this->error;1461 1462 set_current_user(0, $user_login);1463 if ( !current_user_can('upload_files') ) {1464 logIO('O', '(MW) User does not have upload_files capability');1465 $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.'));1466 return $this->error;1467 }1468 1469 if ( $upload_err = apply_filters( "pre_upload_error", false ) )1470 return new IXR_Error(500, $upload_err);1471 1550 1472 1551 $upload = wp_upload_bits($name, $type, $bits, $overwrite);
Note: See TracChangeset
for help on using the changeset viewer.