Diff from tags/2.2@58146 to branches/2.2@58146 – WordPress Trac

branches/2.2/wp-admin/admin-ajax.php

r58146	r58146
287	287	}
288	288	}
289		die(~~$_POST['post_type']~~);
	289	die('0');
290	290	break;
291	291	default :

branches/2.2/wp-admin/admin-db.php

                       r58146
     global $wpdb;
     extract($catarr);
+    extract($catarr, EXTR_SKIP);
     if( trim( $cat_name ) == '' )
 …
     global $wpdb, $current_user;
     extract($linkdata);
+    extract($linkdata, EXTR_SKIP);
     $update = false;
 …
     $wpdb->query("DELETE FROM $wpdb->link2cat WHERE link_id = '$link_id'");
     return $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
+    $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
     do_action('deleted_link', $link_id);
+    return true;
+}

branches/2.2/wp-admin/admin-functions.php

                       r58146
         $_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] );
+    }
+    unset($_POST['no_filter']);
     // Create the post.
 …
+    }
+    unset($_POST['no_filter']);
     add_meta( $post_ID );
 …
     $post->post_password = format_to_edit( $post->post_password );
+    $post->menu_order = (int) $post->menu_order;
     if ( $post->post_type == 'page' )
 …
 function get_comment_to_edit( $id ) {
     $comment = get_comment( $id );
+    $comment->comment_content = format_to_edit( $comment->comment_content, user_can_richedit() );
+    $comment->comment_ID = (int) $comment->comment_ID;
+    $comment->comment_post_ID = (int) $comment->comment_post_ID;
+    $comment->comment_content = format_to_edit( $comment->comment_content );
     $comment->comment_content = apply_filters( 'comment_edit_pre', $comment->comment_content);
     $comment->comment_author = format_to_edit( $comment->comment_author );
     $comment->comment_author_email = format_to_edit( $comment->comment_author_email );
+    $comment->comment_author_url = clean_url($comment->comment_author_url);
     $comment->comment_author_url = format_to_edit( $comment->comment_author_url );
 …
 function get_category_to_edit( $id ) {
     $category = get_category( $id );
+    $category->term_id = (int) $category->term_id;
+    $category->parent = (int) $category->parent;
     return $category;
 …
     global $wpdb;
     $start = (int) $start;
+    $start = abs( (int) $start );
     $num = (int) $num;
 …
 if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
     echo " <a href='comment.php?action=editcomment&amp;c=".$comment->comment_ID."'>" .  __('Edit') . '</a>';
     echo ' | <a href="' . wp_nonce_url('ocomment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
+    echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
     if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
         echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
 …
         $entry['meta_key']   = attribute_escape($entry['meta_key']);
         $entry['meta_value'] = attribute_escape($entry['meta_value']);
+        $entry['meta_id'] = (int) $entry['meta_id'];
         $r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>";
         $r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>";
 …
     foreach ( $keys as $key ) {
         $key = attribute_escape( $key);
+        $key = attribute_escape( $key );
         echo "\n\t<option value='$key'>$key</option>";
+    }
 …
     $post_ID = (int) $post_ID;
+    $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
     $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
     $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
 …
         if ( $metakeyinput)
             $metakey = $metakeyinput; // default
+        if ( in_array($metakey, $protected) )
+            return false;
         $result = $wpdb->query( "
 …
 function update_meta( $mid, $mkey, $mvalue ) {
     global $wpdb;
+    $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
+    if ( in_array($mkey, $protected) )
+        return false;
     $mvalue = maybe_serialize( stripslashes( $mvalue ));
     $mvalue = $wpdb->escape( $mvalue );

branches/2.2/wp-admin/comment.php

                       r58146
     $nonce_action .= $comment;
     if ( ! $comment = get_comment($comment) )
+    if ( ! $comment = get_comment_to_edit($comment) )
         wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));
 …
 <tr>
 <th scope="row" valign="top"><p><?php _e('Comment:'); ?></p></th>
 <td><?php echo apply_filters( 'comment_text', $comment->comment_content ); ?></td>
+<td><?php echo $comment->comment_content; ?></td>
 </tr>
 </table>
 …
         wp_redirect(wp_get_referer());
     } else {
         wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments');
+        wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments');
+    }
     exit();
 …
         wp_redirect(wp_get_referer());
     } else {
         wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments');
+        wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments');
+    }
     exit();

branches/2.2/wp-admin/edit-comments.php

                       r58146
 if ( isset( $_GET['apage'] ) )
     $page = (int) $_GET['apage'];
+    $page = abs( (int) $_GET['apage'] );
 else
     $page = 1;
 $start = $offset = ( $page - 1 ) * 20;
 …
 $page_links = paginate_links( array(
     'base' => 'edit-comments.php?%_%',
     'format' => 'apage=%#%',
+    'base' => add_query_arg( 'apage', '%#%' ),
+    'format' => '',
     'total' => ceil($total / 20),
     'current' => $page

branches/2.2/wp-admin/edit-form-advanced.php

                       r58146
 <?php
+if ( isset($_GET['message']) )
+      $_GET['message'] = (int) $_GET['message'];
 $messages[1] = __('Post updated');
 $messages[2] = __('Custom field updated');
 …
 ?>
 <?php if (isset($_GET['message'])) : ?>
 <div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>
+<div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div>
 <?php endif; ?>
 …
     wp_nonce_field('add-post');
 } else {
+    $post_ID = (int) $post_ID;
     $form_action = 'editpost';
     $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 …
+}
 $form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
 $form_prevstatus = '<input type="hidden" name="prev_status" value="' . $post->post_status . '" />';
 $form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $post->to_ping) .'" />';
+$form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />';
+$form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />';
+$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';
 if ('' != $post->pinged) {
 …
+}
 $saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . __('Save and Continue Editing') . '" />';
+$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape( __('Save and Continue Editing') ) . '" />';
 if (empty($post->post_status)) $post->post_status = 'draft';
 …
 ?>
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" />
 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
 <input type="hidden" name="post_author" value="<?php echo $post->post_author ?>" />
+<input type="hidden" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
 <input type="hidden" id="post_type" name="post_type" value="post" />
 …
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Password') ?></h3>
 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div>
 </fieldset>
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Slug') ?></h3>
 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div>
 </fieldset>
 …
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
 echo "<option value='$o->ID' $selected>$o->display_name</option>";
+echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars( $o->display_name ) . "</option>";
 endforeach;
 ?>
 …
 <fieldset id="titlediv">
     <legend><?php _e('Title') ?></legend>
     <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+    <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
 </fieldset>
 …
 ?>
 <?php if ( current_user_can('publish_posts') ) : ?>
     <input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" />
+    <input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish'); ?>" />
 <?php endif; ?>
 <?php
 …
 <?php
 if (current_user_can('upload_files')) {
     $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
+    $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID);
     $uploading_iframe_src = wp_nonce_url("upload.php?style=inline&amp;tab=upload&amp;post_id=$uploading_iframe_ID", 'inlineuploading');
     $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);

branches/2.2/wp-admin/edit-form-comment.php

                       r58146
 $toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
 $form_action = 'editedcomment';
 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='".$comment->comment_post_ID;
+$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='" . $comment->comment_post_ID;
 ?>
 …
 <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
 <div class="wrap">
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
 …
     <legend><label for="name"><?php _e('Name:') ?></label></legend>
     <div>
       <input type="text" name="newcomment_author" size="25" value="<?php echo $comment->comment_author ?>" tabindex="1" id="name" />
+      <input type="text" name="newcomment_author" size="25" value="<?php echo attribute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" />
     </div>
 </fieldset>
 …
         <legend><label for="email"><?php _e('E-mail:') ?></label></legend>
         <div>
           <input type="text" name="newcomment_author_email" size="20" value="<?php echo $comment->comment_author_email ?>" tabindex="2" id="email" />
+          <input type="text" name="newcomment_author_email" size="20" value="<?php echo attribute_escape( $comment->comment_author_email ); ?>" tabindex="2" id="email" />
     </div>
 </fieldset>
 …
         <legend><label for="newcomment_author_url"><?php _e('URL:') ?></label></legend>
         <div>
           <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url ?>" tabindex="3" />
+          <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape( $comment->comment_author_url ); ?>" tabindex="3" />
     </div>
 </fieldset>

branches/2.2/wp-admin/edit-form.php

                       r58146
 <input type="hidden" name="mode" value="bookmarklet" />
 <?php endif; ?>
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='post' />
 …
     <fieldset id="titlediv">
       <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend>
       <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+      <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div>
     </fieldset>
 …
 </script>
 <input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />
+<input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" />
 <p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Locator">URL</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Locator">URL</abbr>s with spaces.)'), 'http://wordpress.org/docs/reference/post/#trackback'); echo '<br />'; ?>
 …
         echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />';
     } ?>
     <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />
+    <input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" />
 </p>

branches/2.2/wp-admin/edit-page-form.php

                       r58146
 <h2 id="write-post"><?php _e('Write Page'); ?></h2>
 <?php
 if (0 == $post_ID) {
     $form_action = 'post';
 …
     $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
 } else {
+    $post_ID = (int) $post_ID;
     $form_action = 'editpost';
     $nonce_action = 'update-page_' . $post_ID;
     $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
+}
+$temp_ID = (int) $temp_ID;
+$user_ID = (int) $user_ID;
 $sendto = clean_url(stripslashes(wp_get_referer()));
 …
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Page Password') ?></h3>
 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div>
 </fieldset>
 …
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Page Slug') ?></h3>
 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div>
 </fieldset>
 …
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
+$o->ID = (int) $o->ID;
+$o->display_name = wp_specialchars( $o->display_name );
 echo "<option value='$o->ID' $selected>$o->display_name</option>";
 endforeach;
 …
 <fieldset id="titlediv">
   <legend><?php _e('Page Title') ?></legend>
   <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div>
 </fieldset>

branches/2.2/wp-admin/export.php

r58146	r58146
148	148	-->
149	149
150		<!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H:m'); ?>"-->
	150	<!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H:i'); ?>"-->
151	151	<rss version="2.0"
152	152	xmlns:content="http://purl.org/rss/1.0/modules/content/"

branches/2.2/wp-admin/import/wordpress.php

                       r58146
         global $wpdb;
         preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
+        $return = $wpdb->escape( trim( $return[1] ) );
+        $return = preg_replace('|^<!\[CDATA\[(.*)\]\]>$|s', '$1', $return[1]);
+        $return = $wpdb->escape( trim( $return ) );
         return $return;
+    }
 …
         while ( $c = array_shift($this->categories) ) {
             $cat_name = trim(str_replace(array ('<![CDATA[', ']]>'), '', $this->get_tag( $c, 'wp:cat_name' )));
+            $cat_name = trim($this->get_tag( $c, 'wp:cat_name' ));
             // If the category exists we leave it alone
 …
         $post_content = $this->get_tag( $post, 'content:encoded' );
-        $post_content = str_replace(array ('<![CDATA[', ']]>'), '', $post_content);
         $post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
         $post_content = str_replace('<br>', '<br />', $post_content);

branches/2.2/wp-admin/install-rtl.css

                       r58146
 body { font-family: Tahoma, Georgia, "Times New Roman", Times, serif; }
+body { font: 13px Tahoma, Georgia, "Times New Roman", Times, serif; }
 ul, ol { padding: 5px 20px 5px 5px; }
+.step, th { text-align: left; }
+h1, h2, h3 { font-family: "Times New Roman", Times, serif; font-weight: 700 }
+.step, th { text-align: left }
+input { font-family: "Times New Roman", Times, serif; padding: 1px }
+#logo { background: url(../wp-content/plugins/WP-Jalali/wp-fa-logo.png) center right no-repeat; text-align: left; }
+#admin_email {direction: ltr; text-align: left; }
+#footer { font-style: normal; }

branches/2.2/wp-admin/install.php

r58146	r58146
83	83	<?php
84	84	$result = wp_install($weblog_title, 'admin', $admin_email, $public);
85		extract($result);
	85	extract($result, EXTR_SKIP);
86	86	?>
87	87

branches/2.2/wp-admin/link-import.php

                       r58146
 <h2><?php _e('Importing...') ?></h2>
 <?php
         $cat_id = $_POST['cat_id'];
         if ( $cat_id == '' || $cat_id == 0 )
+        $cat_id = abs( (int) $_POST['cat_id'] );
+        if ( $cat_id < 1 )
             $cat_id  = 1;

branches/2.2/wp-admin/options.php

                       r58146
 if ( !current_user_can('manage_options') )
     wp_die(__('Cheatin&#8217; uh?'));
-function sanitize_option($option, $value) { // Remember to call stripslashes!
-    switch ($option) {
-        case 'admin_email':
-            $value = stripslashes($value);
-            $value = sanitize_email($value);
-            break;
-        case 'default_post_edit_rows':
-        case 'mailserver_port':
-        case 'comment_max_links':
-            $value = stripslashes($value);
-            $value = abs((int) $value);
-            break;
-        case 'posts_per_page':
-        case 'posts_per_rss':
-            $value = stripslashes($value);
-            $value = (int) $value;
-            if ( empty($value) ) $value = 1;
-            if ( $value < -1 ) $value = abs($value);
-            break;
-        case 'default_ping_status':
-        case 'default_comment_status':
-            $value = stripslashes($value);
-            // Options that if not there have 0 value but need to be something like "closed"
-            if ( $value == '0' || $value == '')
-                $value = 'closed';
-            break;
-        case 'blogdescription':
-        case 'blogname':
-            if (current_user_can('unfiltered_html') == false)
-                $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
-            $value = stripslashes($value);
-            break;
-        case 'blog_charset':
-            $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes
-            break;
-        case 'date_format':
-        case 'time_format':
-        case 'mailserver_url':
-        case 'mailserver_login':
-        case 'mailserver_pass':
-        case 'ping_sites':
-        case 'upload_path':
-            $value = strip_tags($value);
-            $value = wp_filter_kses($value); // calls stripslashes then addslashes
-            $value = stripslashes($value);
-            break;
-        case 'gmt_offset':
-            $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes
-            break;
-        case 'siteurl':
-        case 'home':
-            $value = stripslashes($value);
-            $value = clean_url($value);
-            break;
-        default :
-            $value = stripslashes($value);
-            break;
+    }
-    return $value;
+}
 switch($action) {
 …
         foreach ($options as $option) {
             $option = trim($option);
+            $value = trim($_POST[$option]);
+            $value = sanitize_option($option, $value); // This does stripslashes on those that need it
+            $value = $_POST[$option];
+            if(!is_array($value))   $value = trim($value);
+            $value = stripslashes_deep($value);
             update_option($option, $value);
+        }
 …
 foreach ( (array) $options as $option) :
     $disabled = '';
+    $option->option_name = attribute_escape($option->option_name);
     if ( is_serialized($option->option_value) ) {
         if ( is_serialized_string($option->option_value) ) {
             // this is a serialized string, so we should display it
             $value = wp_specialchars(maybe_unserialize($option->option_value), 'single');
+            $value = maybe_unserialize($option->option_value);
             $options_to_update[] = $option->option_name;
             $class = 'all-options';
 …
+        }
     } else {
         $value = wp_specialchars($option->option_value, 'single');
+        $value = $option->option_value;
         $options_to_update[] = $option->option_name;
         $class = 'all-options';
 …
 <td>";
     if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";
     else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />";
+    if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
+    else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />";
     echo "</td>
 …
   </table>
 <?php $options_to_update = implode(',', $options_to_update); ?>
 <p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
   </form>
 </div>

branches/2.2/wp-admin/rtl.css

                       r58146
+#viewarc, #viewcat, #namediv, #emaildiv, #uridiv, #planetnews li, #login ul li, #your-profile fieldset,
+    #footer .logo, .alignleft .available-theme { float: right; }
+#templateside, .alignright { float: left; }
+#login #send, .readmore, .widefat th { text-align: right; }
+#postcustomsubmit, form#upload th, .submit, .editform th { text-align: left; }
+#devnews h4, #wphead h1, #your-profile legend, fieldset.options legend,
+    #planetnews li .post { font-family: Tahoma, Georgia, "Times New Roman", Times, serif; }
+#wphead { padding: .8em 2em .8em 19em; }
+#wphead h1 { font-size: 2.4em; }
+#postdiv, #titlediv, #guiddiv, #tagdiv { margin: 0 0 0 8px; }
+#ed_toolbar input { margin: 3px 0 2px 2px; }
+#edButtons input, #edButtons input:active { margin: 0px 0 -1px 2px; }
+body, td { font: 13px Tahoma, "Lucida Grande", "Lucida Sans Unicode", Verdana; }
+h2 { font: normal 32px/5px serif; }
+textarea, input, select { font:  13px Tahoma, Verdana, Arial, Helvetica, sans-serif; }
+.quicktags, .search { font: 12px Tahoma, Georgia, "Times New Roman", Times, serif; }
+.updated, .confirm { padding: 0 3em 0 1em; }
+#viewarc, #viewcat, #namediv, #emaildiv, #uridiv, #planetnews li, #login ul li, #your-profile fieldset, #footer .logo, .alignleft .available-theme {
+    float: right;
+    }
+#templateside, .alignright {
+    float: left;
+    }
+#login #send, .readmore, .widefat th {
+    text-align: right;
+    }
+#postcustomsubmit, form#upload th, .submit, .editform th {
+    text-align: left;
+    }
+#devnews h4, #wphead h1, #your-profile legend, fieldset.options legend, #planetnews li .post {
+    font-family: Tahoma, Georgia, "Times New Roman", Times, serif;
+    }
+#wphead {
+    padding: .8em 2em .8em 19em;
+    }
+#wphead h1 {
+    font-size: 2.4em;
+    }
+#postdiv, #titlediv, #guiddiv, #tagdiv {
+    margin: 0 0 0 8px;
+    }
+#ed_toolbar input {
+    margin: 3px 0 2px 2px;
+    }
+#edButtons input, #edButtons input:active {
+    margin: 0px 0 -1px 2px;
+    }
+body, td {
+    font: 13px Tahoma, "Lucida Grande", "Lucida Sans Unicode", Verdana;
+    }
+h1, h2, h3, h4, h5 {
+    font-family: "Times New Roman", Times, serif;
+    }
+h3.dbx-handle {
+    font-family: tahoma, Verdana, Arial, Helvetica, sans-serif;
+    }
+textarea, input, select {
+    font:  13px Tahoma, Verdana, Arial, Helvetica, sans-serif;
+    }
+.quicktags, .search {
+    font: 12px Tahoma, Georgia, "Times New Roman", Times, serif;
+    }
+.updated, .confirm {
+    padding: 0 3em 0 1em;
+    }
 .submit input, .submit input:focus, .button, .button:focus {
     border-left-color: #999;
     border-right-color: #ccc;
+}
+    }
 .submit input:active, .button:active {
     border-left-color: #ccc;
     border-right-color: #999;
+}
+    }
 #adminmenu {
     padding: .2em 2em .3em .2em;
     height: 28px;
+}
+#adminmenu li { line-height: 160%; }
+    }
 #adminmenu a {
 …
     display: block;
     float: right;
+}
+    font: 700 16px/130% "Times New Roman", Times, serif;
+    }
 #adminmenu a.current {
     border-right: 0;
     border-left: 2px solid #4f96c8;
+}
+#submenu, #minisub { padding: 1px 3em 0 2em; }
+#submenu { height: 28px; }
+#submenu li { line-height: 160%; }
+    }
+#submenu, #minisub {
+    padding: 1px 3em 0 2em;
+    }
+#submenu {
+    height: 28px;
+    }
 #submenu a {
 …
     display: block;
     float: right;
+}
+    line-height: 155%;
+    }
 #submenu .current {
     border-right: 0;
     border-left: 2px solid #045290;
+}
+    }
 #currenttheme img {
 …
     margin-right: auto;
     margin-left: 1em;
+}
+    }
 #postdiv #quicktags {
     padding-right: 0;
     padding-left: 6px;
+}
+    }
 .readmore {
     margin-right: auto;
     margin-left: 5em;
+}
+    }
 #postexcerpt div, #attachmentlinks div {
     margin-right: auto;
     margin-left: 8px;
+}
+    }
 * html #postexcerpt .dbx-toggle-open {
     padding-right: 0;
     padding-left: 8px;
+}
+    }
 #searchform {
 …
     margin-right: auto;
     margin-left: 1em;
+}
+    }
 #poststuff {
     margin-right: auto;
     margin-left: 16em;
+}
+    }
 #template div {
     margin-right: auto;
     margin-left: 190px;
+}
+    }
 * html #template div {
     margin-right: auto;
     margin-left: 0px;
+}
+    }
 #user_info {
     right: auto;
     left: 1em;
+}
+    }
 #zeitgeist {
     float: left;
     margin-left: auto;
     margin-right: 1em;
+}
+    }
 #zeitgeist ul {
     margin: 0 .6em .3em 0;
     padding: 0 .6em 0 0;
+}
+    }
+.wrap ul {
+    margin-left: 500px;
+    }
 #categorydiv ul {
     margin-left: auto;
     margin-right: 10px;
+}
+#moremeta fieldset div { margin: 2px 0px 0 0; }
+    }
 #moremeta {
     margin-right: auto;
+    margin-right: 0;
     margin-left: 15px;
     right: auto;
     left: 5%;
+}
+    left: 6%;
+    }
 #moremeta .dbx-content {
     background: url(images/box-butt.gif) no-repeat bottom left;
+    padding-right: 0;
+    padding-left: 2px;
+}
+#moremeta .dbx-handle { background: #2685af url(images/box-head.gif) no-repeat left; }
+#moremeta .dbx-box { background: url(images/box-bg.gif) repeat-y left; }
+    padding-right: 10px;
+    padding-left: 0;
+    text-align: right;
+    }
+#moremeta .dbx-handle {
+    background: #2685af url(images/box-head.gif) no-repeat left;
+    margin-top: -2px;
+    }
+#moremeta .dbx-box {
+    background: url(images/box-bg.gif) repeat-y left;
+    padding-bottom: 0;
+    }
 a.dbx-toggle, a.dbx-toggle:visited {
     right: auto;
     left: 2px;
+}
+#advancedstuff a.dbx-toggle, #advancedstuff a.dbx-toggle-open:visited {
+    right: auto;
+    left: 5px;
+}
+#advancedstuff a.dbx-toggle-open, #advancedstuff a.dbx-toggle-open:visited {
+    right: auto;
+    left: 5px;
+}
+    }
 #categorychecklist {
     margin-right: auto;
     margin-left: 6px;
+}
+    }
 #ajax-response.alignleft {
     margin-left: auto;
     margin-right: 2em;
+}
+    }
 #postdivrich #edButtons {
     padding-left: 0;
     padding-right: 3px;
+}
+    }
 .page-numbers {
     margin-right: auto;
     margin-left: 3px;
+}
+    }
 a.view-link {
 …
     margin-right:0;
     margin-left:220px;
+}
+    }
+#advancedstuff {
+    direction: ltr;
+    }
+#advancedstuff .dbx-handle {
+    text-align: right;
+    }
+#advancedstuff .dbx-content * {
+    direction: rtl;
+    }

branches/2.2/wp-admin/upload-functions.php

                       r58146
     global $post_id, $tab, $style;
     $enctype = $id ? '' : ' enctype="multipart/form-data"';
+    $post_id = (int) $post_id;
 ?>
     <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>">
+    <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style . '&amp;tab=upload&amp;post_id=' . $post_id); ?>">
 <?php
     if ( $id ) :
 …
         if ( !current_user_can( 'upload_files' ) )
             wp_die( __('You are not allowed to upload files.')
                 . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=browse-all&amp;post_id=$post_id'>"
+                . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=browse-all&amp;post_id=$post_id") . "'>"
                 . __('Browse Files') . '</a>'
             );
 …
         if ( isset($file['error']) )
             wp_die($file['error'] . "<br /><a href='" . get_option('siteurl')
             . "/wp-admin/upload.php?style=$style&amp;tab=$from_tab&amp;post_id=$post_id'>" . __('Back to Image Uploading') . '</a>'
+            . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=$from_tab&amp;post_id=$post_id") . "'>" . __('Back to Image Uploading') . '</a>'
         );
 …
         if ( !current_user_can('edit_post', (int) $ID) )
             wp_die( __('You are not allowed to delete this attachment.')
                 . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=$from_tab&amp;post_id=$post_id'>"
+                . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=$from_tab&amp;post_id=$post_id") . "'>"
                 . __('Go back') . '</a>'
             );

branches/2.2/wp-admin/user-edit.php

r58146	r58146
77	77	<?php wp_nonce_field('update-user_' . $user_id) ?>
78	78	<?php if ( $wp_http_referer ) : ?>
79		<input type="hidden" name="wp_http_referer" value="<?php echo ~~wp_specialchars~~($wp_http_referer); ?>" />
	79	<input type="hidden" name="wp_http_referer" value="<?php echo clean_url($wp_http_referer); ?>" />
80	80	<?php endif; ?>
81	81	<p>

branches/2.2/wp-admin/users.php

r58146	r58146
382	382	<th colspan="7"><h3><?php echo $wp_roles->role_names[$role]; ?></h3></th>
383	383	<?php else : ?>
384		<th colspan="7"><h3><em><?php _e('No role for this blog'); ?></h3></th>
	384	<th colspan="7"><h3><em><?php _e('No role for this blog'); ?></em></h3></th>
385	385	<?php endif; ?>
386	386	</tr>

branches/2.2/wp-admin/widgets-rtl.css

                       r58146
 * html #palettediv ul { padding: 0 10px 0 0; }
+#palettediv ul { padding: 0 10px 0 0; }
+#palettediv ul { padding: 0 10px 0 0;
+ margin-left: 1px!important;}
 * .handle, #lastmodule span {

branches/2.2/wp-admin/widgets.css

                       r58146
 .placematt {
-    position: absolute;
     cursor: default;
     margin: 10px 0 0;
     padding: 0;
     width: 238px;
+    float:left;
     background-color: #ffe;
+}
 …
+}
 #palettediv {
     border: 1px solid #bbb;
     background-color: #f0f8ff;
     height: 180px;
+    height:auto;
     margin-top: 10px;
+}

branches/2.2/wp-admin/widgets.php

                       r58146
 require_once 'admin.php';
 if ( ! current_user_can('edit_themes') )
+if ( ! current_user_can('switch_themes') )
     wp_die( __( 'Cheatin&#8217; uh?' ));
 …
 ?>
     <link rel="stylesheet" href="widgets.css?version=<?php bloginfo('version'); ?>" type="text/css" />
+    <!--[if IE 7]>
+    <style type="text/css">
+    #palette {float:left;}
+    </style>
+    <![endif]-->
     <style type="text/css">
         .dropzone ul { height: <?php echo constant( 'WP_WIDGETS_HEIGHT' ); ?>px; }
 …
         widgets.map(function(o) {o='widgetprefix-'+o; Position.absolutize(o); Position.relativize(o);} );
         $A(Draggables.drags).map(function(o) {o.startDrag(null); o.finishDrag(null);});
+        for ( var n in Draggables.drags ) {
+            if ( Draggables.drags[n].element.id == 'lastmodule' ) {
+                Draggables.drags[n].destroy();
+                break;
+        //for ( var n in Draggables.drags ) {
+        for ( n=0; n<=Draggables.drags.length; n++ ) {
+            if ( parseInt( n ) ) {
+                if ( Draggables.drags[n].element.id == 'lastmodule' ) {
+                    Draggables.drags[n].destroy();
+                    break;
+                }
+            }
+        }
 …
             if ( $(o).childNodes.length == 0 ) {
                 pm.style.display = 'block';
                 Position.absolutize(o+'placematt');
+                //Position.absolutize(o+'placematt');
             } else {
                 pm.style.display = 'none';
 …
         <form id="sbadmin" method="post" onsubmit="serializeAll();">
+            <p class="submit">
+                <input type="submit" value="<?php _e( 'Save Changes &raquo;' ); ?>" />
+            </p>
             <div id="zones">
             <?php
 …
                     <h3><?php echo $sidebar['name']; ?></h3>
                     <div id="<?php echo $index; ?>placematt" class="module placematt">
+                    <div id="<?php echo $index; ?>placematt" class="module placemat">
                         <span class="handle">
                             <h4><?php _e( 'Default Sidebar' ); ?></h4>

branches/2.2/wp-app.php

                       r58146
         $location = get_post_meta($entry['ID'], '_wp_attached_file', true);
+        if(!isset($location))
+        $filetype = wp_check_filetype($location);
+        if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
             $this->internal_error(__('Error ocurred while accessing post metadata for file location.'));
 …
         $location = get_post_meta($entry['ID'], '_wp_attached_file', true);
+        if(!isset($location))
+        $filetype = wp_check_filetype($location);
+        if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
             $this->internal_error(__('Error ocurred while accessing post metadata for file location.'));

branches/2.2/wp-content/themes/default/functions.php

r58146	r58146
385	385	</div>
386	386	<div id="jsForm">
387		<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo ~~$_SERVER['REQUEST_URI']~~; ?>">
	387	<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attribute_escape($_SERVER['REQUEST_URI']); ?>">
388	388	<?php wp_nonce_field('kubrick-header'); ?>
389	389	<input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php echo attribute_escape(__('Font Color')); ?>"></input>

branches/2.2/wp-includes/author-template.php

r58146	r58146
184	184	'feed' => '', 'feed_image' => '');
185	185	$r = array_merge($defaults, $r);
186		extract($r);
	186	extract($r, EXTR_SKIP);
187	187
188	188	// TODO: Move select to get_authors().

branches/2.2/wp-includes/bookmark-template.php

                       r58146
         'after' => '</li>', 'between' => "\n");
     $r = array_merge($defaults, $r);
     extract($r);
+    extract($r, EXTR_SKIP);
     foreach ( (array) $bookmarks as $bookmark ) {
 …
         'category_before' => '<li id="%id" class="%class">', 'category_after' => '</li>');
     $r = array_merge($defaults, $r);
     extract($r);
+    extract($r, EXTR_SKIP);
     $output = '';

branches/2.2/wp-includes/bookmark.php

r58146	r58146
35	35	'category_name' => '', 'hide_invisible' => 1, 'show_updated' => 0, 'include' => '', 'exclude' => '');
36	36	$r = array_merge($defaults, $r);
37		extract($r);
	37	extract($r, EXTR_SKIP);
38	38
39	39	$key = md5( serialize( $r ) );

branches/2.2/wp-includes/category-template.php

                       r58146
 function _get_the_category_usort($a, $b) {
     return strcmp($a->category_name, $b->category_name);
+}
+function _get_the_category_usort_by_ID($a, $b) {
+    if ( $a->cat_ID > $b->cat_ID )
+        return 1;
+    elseif ( $a->cat_ID < $b->cat_ID )
+        return -1;
+    else
+        return 0;
+}
 …
     $r = array_merge($defaults, $r);
     $r['include_last_update_time'] = $r['show_last_update'];
     extract($r);
+    extract($r, EXTR_SKIP);
     $categories = get_categories($r);
 …
     if ( isset($r['show_date']) )
         $r['include_last_update_time'] = $r['show_date'];
     extract($r);
+    extract($r, EXTR_SKIP);
     $categories = get_categories($r);

branches/2.2/wp-includes/category.php

r58146	r58146
29	29	$r['orderby'] = "cat_" . $r['orderby']; // restricts order by to cat_ID and cat_name fields
30	30	$r['number'] = (int) $r['number'];
31		extract($r);
	31	extract($r, EXTR_SKIP);
32	32
33	33	$key = md5( serialize( $r ) );

branches/2.2/wp-includes/class-phpmailer.php

r58146	r58146
391	391	function SendmailSend($header, $body) {
392	392	if ($this->Sender != "")
393		$sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, ~~$this->Sender~~);
	393	$sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, escapeshellarg($this->Sender));
394	394	else
395	395	$sendmail = sprintf("%s -oi -t", $this->Sendmail);

branches/2.2/wp-includes/classes.php

                       r58146
         if ( $depth )
             $indent = str_repeat("\t", $depth);
         extract($args);
+        extract($args, EXTR_SKIP);
         $css_class = 'page_item';
         $_current_page = get_page( $current_page );
 …
         $r = array_merge($defaults, $r);
         extract($r);
+        extract($r, EXTR_SKIP);
         if ( is_wp_error($id) ) {

branches/2.2/wp-includes/comment-template.php

                       r58146
 function trackback_rdf($timezone = 0) {
     global $id;
     if (strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false) {
+    if (stripos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') === false) {
         echo '<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
                 xmlns:dc="http://purl.org/dc/elements/1.1/"
 …
     $req = get_option('require_name_email');
     $commenter = wp_get_current_commenter();
     extract($commenter);
+    extract($commenter, EXTR_SKIP);
     // TODO: Use API instead of SELECTs.

branches/2.2/wp-includes/comment.php

                       r58146
 function wp_allow_comment($commentdata) {
     global $wpdb;
     extract($commentdata);
+    extract($commentdata, EXTR_SKIP);
     // Simple duplicate check
 …
 function wp_insert_comment($commentdata) {
     global $wpdb;
     extract($commentdata);
+    extract($commentdata, EXTR_SKIP);
     if ( ! isset($comment_author_IP) )
 …
     // Now extract the merged array.
     extract($commentarr);
+    extract($commentarr, EXTR_SKIP);
     $comment_content = apply_filters('comment_save_pre', $comment_content);
 …
     $pingback_href_original_pos = 27;
     extract(parse_url($url));
+    extract(parse_url($url), EXTR_SKIP);
     if ( !isset($host) ) // Not an URL. This should never happen.

branches/2.2/wp-includes/default-filters.php

r58146	r58146
130	130	add_filter('sanitize_title', 'sanitize_title_with_dashes');
131	131
	132	add_filter('wp_title', 'wp_specialchars');
	133
132	134	// RSS filters
133	135	add_filter('the_title_rss', 'strip_tags');

branches/2.2/wp-includes/feed-atom-comments.php

                       r58146
     <generator uri="http://wordpress.org/" version="<?php bloginfo('version'); ?>">WordPress</generator>
     <link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" content="<?php bloginfo_rss('home'); ?>" />
+    <link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php bloginfo_rss('home'); ?>" />
     <link rel="self" type="application/atom+xml" href="<?php bloginfo_rss('comments_atom_url'); ?>" />
     <id><?php bloginfo_rss('comments_atom_url'); ?></id>
 …
+            }
         ?></title>
         <link rel="alternate" href="<?php comment_link(); ?>" type="<?php bloginfo_rss('content_type'); ?>" />
+        <link rel="alternate" href="<?php comment_link(); ?>" type="<?php bloginfo_rss('html_type'); ?>" />
         <author>
 …
         <id><?php comment_link(); ?></id>
         <updated><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></updated>
         <published><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></published>
+        <updated><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_comment_time('Y-m-d H:i:s', true), false); ?></updated>
+        <published><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_comment_time('Y-m-d H:i:s', true), false); ?></published>
 <?php if (!empty($comment_post->post_password) && $_COOKIE['wp-postpass'] != $comment_post->post_password) : ?>
         <content type="html" xml:base="<?php comment_link(); ?>"><![CDATA[<?php echo get_the_password_form(); ?>]]></content>

branches/2.2/wp-includes/feed-rss2-comments.php

                       r58146
 <!-- generator="wordpress/<?php echo $wp_version ?>" -->
 <rss version="2.0"
+    xmlns:content="http://purl.org/rss/1.0/modules/content/">
+    xmlns:content="http://purl.org/rss/1.0/modules/content/"
+    xmlns:dc="http://purl.org/dc/elements/1.1/"
+    >
 <channel>
     <title><?php
 …
         ?></title>
         <link><?php comment_link() ?></link>
         <author><?php echo get_comment_author_rss() ?></author>
+        <dc:creator><?php echo get_comment_author_rss() ?></dc:creator>
         <pubDate><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></pubDate>
         <guid><?php comment_link() ?></guid>

branches/2.2/wp-includes/feed.php

                       r58146
     $the_list = '';
     foreach ( (array) $categories as $category ) {
         $category->cat_name = convert_chars($category->cat_name);
+        $cat_name = convert_chars($category->cat_name);
         if ( 'rdf' == $type )
             $the_list .= "\n\t\t<dc:subject><![CDATA[$category->cat_name]]></dc:subject>\n";
+            $the_list .= "\n\t\t<dc:subject><![CDATA[$cat_name]]></dc:subject>\n";
         if ( 'atom' == $type )
             $the_list .= "<category scheme='$home' term='$category->cat_name' />";
+            $the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', attribute_escape( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attribute_escape( $category->cat_name ) );
         else
             $the_list .= "\n\t\t<category><![CDATA[$category->cat_name]]></category>\n";
+            $the_list .= "\n\t\t<category><![CDATA[$cat_name]]></category>\n";
+    }
     return apply_filters('the_category_rss', $the_list, $type);

branches/2.2/wp-includes/formatting.php

                       r58146
     if ( isset($wp_cockneyreplace) ) {
         $cockney = array_keys($wp_cockneyreplace);
         $cockney_replace = array_values($wp_cockneyreplace);
+        $cockneyreplace = array_values($wp_cockneyreplace);
     } else {
         $cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause");
 …
     // This is a pre save filter, so text is already escaped.
     $text = stripslashes($text);
     $text = preg_replace('|<a (.+?)>|ie', "'<a ' . str_replace(' rel=\"nofollow\"','',stripslashes('$1')) . ' rel=\"nofollow\">'", $text);
+    $text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text);
     $text = $wpdb->escape($text);
     return $text;
+}
+function wp_rel_nofollow_callback( $matches ) {
+    $text = $matches[1];
+    $text = str_replace(array(' rel="nofollow"', " rel='nofollow'"), '', $text);
+    return "<a $text rel=\"nofollow\">";
+}
 …
 function js_escape($text) {
     $safe_text = wp_specialchars($text, 'double');
     $safe_text = str_replace('&#039;', "'", $safe_text);
+    $safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text));
     $safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text));
     return apply_filters('js_escape', $safe_text, $text);
 …
+}
+function sanitize_option($option, $value) { // Remember to call stripslashes!
+    switch ($option) {
+        case 'admin_email':
+            $value = sanitize_email($value);
+            break;
+        case 'default_post_edit_rows':
+        case 'mailserver_port':
+        case 'comment_max_links':
+        case 'page_on_front':
+        case 'rss_excerpt_length':
+        case 'default_category':
+        case 'default_email_category':
+        case 'default_link_category':
+            $value = abs((int) $value);
+            break;
+        case 'posts_per_page':
+        case 'posts_per_rss':
+            $value = (int) $value;
+            if ( empty($value) ) $value = 1;
+            if ( $value < -1 ) $value = abs($value);
+            break;
+        case 'default_ping_status':
+        case 'default_comment_status':
+            // Options that if not there have 0 value but need to be something like "closed"
+            if ( $value == '0' || $value == '')
+                $value = 'closed';
+            break;
+        case 'blogdescription':
+        case 'blogname':
+            $value = addslashes($value);
+            $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
+            $value = stripslashes($value);
+            $value = wp_specialchars( $value );
+            break;
+        case 'blog_charset':
+            $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes
+            break;
+        case 'date_format':
+        case 'time_format':
+        case 'mailserver_url':
+        case 'mailserver_login':
+        case 'mailserver_pass':
+        case 'ping_sites':
+        case 'upload_path':
+            $value = strip_tags($value);
+            $value = addslashes($value);
+            $value = wp_filter_kses($value); // calls stripslashes then addslashes
+            $value = stripslashes($value);
+            break;
+        case 'gmt_offset':
+            $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes
+            break;
+        case 'siteurl':
+        case 'home':
+            $value = stripslashes($value);
+            $value = clean_url($value);
+            break;
+        default :
+            break;
+    }
+    return $value;
+}
+function wp_parse_str( $string, &$array ) {
+    parse_str( $string, $array );
+    if ( get_magic_quotes_gpc() )
+        $array = stripslashes_deep( $array ); // parse_str() adds slashes if magicquotes is on.  See: http://php.net/parse_str
+    $array = apply_filters( 'wp_parse_str', $array );
+}
 ?>

branches/2.2/wp-includes/functions.php

                       r58146
 /* Options functions */
+// expects $setting to already be SQL-escaped
 function get_option($setting) {
     global $wpdb;
 …
+}
+// expects $option_name to NOT be SQL-escaped
 function update_option($option_name, $newvalue) {
     global $wpdb;
 …
     wp_protect_special_option($option_name);
+    $safe_option_name = $wpdb->escape($option_name);
+    $newvalue = sanitize_option($option_name, $newvalue);
     if ( is_string($newvalue) )
         $newvalue = trim($newvalue);
     // If the new and old values are the same, no need to update.
     $oldvalue = get_option($option_name);
+    $oldvalue = get_option($safe_option_name);
     if ( $newvalue === $oldvalue ) {
         return false;
 …
     $notoptions = wp_cache_get('notoptions', 'options');
     if ( isset($notoptions[$option_name]) ) {
+    if ( is_array($notoptions) && isset($notoptions[$option_name]) ) {
         unset($notoptions[$option_name]);
         wp_cache_set('notoptions', $notoptions, 'options');
 …
 // thx Alex Stapleton, http://alex.vort-x.net/blog/
+// expects $name to NOT be SQL-escaped
 function add_option($name, $value = '', $description = '', $autoload = 'yes') {
     global $wpdb;
     wp_protect_special_option($name);
+    // Make sure the option doesn't already exist we can check the cache before we ask for a db query
+    $safe_name = $wpdb->escape($name);
+    // Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query
     $notoptions = wp_cache_get('notoptions', 'options');
+    if ( isset($notoptions[$name]) ) {
+        unset($notoptions[$name]);
+        wp_cache_set('notoptions', $notoptions, 'options');
+    } elseif ( false !== get_option($name) ) {
+    if ( !is_array($notoptions) || !isset($notoptions[$name]) )
+        if ( false !== get_option($safe_name) )
             return;
+    }
     $value = maybe_serialize($value);
+    $autoload = ( 'no' === $autoload ) ? 'no' : 'yes';
     if ( 'yes' == $autoload ) {
 …
     } else {
         wp_cache_set($name, $value, 'options');
+    }
+    // This option exists now
+    $notoptions = wp_cache_get('notoptions', 'options'); // yes, again... we need it to be fresh
+    if ( is_array($notoptions) && isset($notoptions[$name]) ) {
+        unset($notoptions[$name]);
+        wp_cache_set('notoptions', $notoptions, 'options');
+    }
 …
     $ret = '';
     if ( is_array(func_get_arg(0)) ) {
         if ( @func_num_args() < 2 || '' == @func_get_arg(1) )
+        if ( @func_num_args() < 2 || false === @func_get_arg(1) )
             $uri = $_SERVER['REQUEST_URI'];
         else
             $uri = @func_get_arg(1);
     } else {
         if ( @func_num_args() < 3 || '' == @func_get_arg(2) )
+        if ( @func_num_args() < 3 || false === @func_get_arg(2) )
             $uri = $_SERVER['REQUEST_URI'];
         else
 …
+    }
+    parse_str($query, $qs);
+    if ( get_magic_quotes_gpc() )
+        $qs = stripslashes_deep($qs); // parse_str() adds slashes if magicquotes is on.  See: http://php.net/parse_str
+    wp_parse_str($query, $qs);
     $qs = urlencode_deep($qs);
     if ( is_array(func_get_arg(0)) ) {
 …
     $ret = trim($ret, '?');
     $ret = $protocol . $base . $ret . $frag;
     $ret = trim($ret, '?');
+    $ret = rtrim($ret, '?');
     return $ret;
+}
 …
 */
 function remove_query_arg($key, $query='') {
+function remove_query_arg($key, $query=FALSE) {
     if ( is_array($key) ) { // removing multiple keys
         foreach ( (array) $key as $k )
 …
     global $wp_locale;
     if ( is_wp_error( $message ) ) {
+    if ( function_exists( 'is_wp_error' ) && is_wp_error( $message ) ) {
         if ( empty($title) ) {
             $error_data = $message->get_error_data();
 …
 function wp_parse_args( $args, $defaults = '' ) {
     if ( is_array($args) ) :
+    if ( is_array( $args ) )
         $r =& $args;
+    else :
+        parse_str( $args, $r );
+        if ( get_magic_quotes_gpc() )
+            $r = stripslashes_deep( $r );
+    endif;
+    if ( is_array($defaults) ) :
+        extract($defaults);
+        extract($r);
+        return compact(array_keys($defaults)); // only those options defined in $defaults
+    else :
+    else
+        wp_parse_str( $args, $r );
+    if ( is_array( $defaults ) )
+        return array_merge( $defaults, $r );
+    else
         return $r;
-    endif;
+}
 …
 function wp_widgets_add_menu() {
     global $submenu;
     $submenu['themes.php'][7] = array( __( 'Widgets' ), 'edit_themes', 'widgets.php' );
+    $submenu['themes.php'][7] = array( __( 'Widgets' ), 'switch_themes', 'widgets.php' );
     ksort($submenu['themes.php'], SORT_NUMERIC);
+}

branches/2.2/wp-includes/general-template.php

                       r58146
     // Don't filter URL's.
     if (strpos($show, 'url') === false ||
         strpos($show, 'directory') === false ||
+    if (strpos($show, 'url') === false &&
+        strpos($show, 'directory') === false &&
         strpos($show, 'home') === false) {
         $info = apply_filters('bloginfo', $info, $show);
 …
         case 'comments_atom_url':
             $output = get_feed_link('comments_atom');
+            break;
         case 'comments_rss2_url':
             $output = get_feed_link('comments_rss2');
 …
     if ( is_single() || is_page() ) {
         $post = $wp_query->get_queried_object();
+        $title = apply_filters('single_post_title', $title);
+        $title = strip_tags($post->post_title);
+        $title = strip_tags( apply_filters( 'single_post_title', $post->post_title ) );
+    }
 …
     $defaults = array('type' => 'monthly', 'limit' => '', 'format' => 'html', 'before' => '', 'after' => '', 'show_post_count' => false);
     $r = array_merge($defaults, $r);
     extract($r);
+    extract($r, EXTR_SKIP);
     if ( '' == $type )
 …
         if ( get_user_option( 'rich_editing' ) == 'true' &&
             ( ( preg_match( '!AppleWebKit/(\d+)!', $_SERVER['HTTP_USER_AGENT'], $match ) && intval($match[1]) >= 420 ) ||
+                !preg_match( '!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT'] ) ) ) {
+                !preg_match( '!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT'] ) )
+                && 'comment.php' != $pagenow ) {
             $wp_rich_edit = true;
         } else {
 …
     edCanvas = document.getElementById('<?php echo $id; ?>');
     <?php if ( $prev_id && user_can_richedit() ) : ?>
+    // If tinyMCE is defined.
+    if ( typeof tinyMCE != 'undefined' ) {
     // This code is meant to allow tabbing from Title to Post (TinyMCE).
+    if ( tinyMCE.isMSIE )
+        document.getElementById('<?php echo $prev_id; ?>').onkeydown = function (e)
+            {
+        if ( tinyMCE.isMSIE ) {
+            document.getElementById('<?php echo $prev_id; ?>').onkeydown = function (e) {
                 e = e ? e : window.event;
                 if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
 …
+                }
+            }
+    else
+        document.getElementById('<?php echo $prev_id; ?>').onkeypress = function (e)
+            {
+        } else {
+            document.getElementById('<?php echo $prev_id; ?>').onkeypress = function (e) {
                 e = e ? e : window.event;
                 if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
 …
+                }
+            }
+        }
+    }
     <?php endif; ?>
     //-->
 …
+}
+function paginate_links( $arg = '' ) {
+    if ( is_array($arg) )
+        $a = &$arg;
+    else
+        parse_str($arg, $a);
+    // Defaults
+    $base = '%_%'; // http://example.com/all_posts.php%_% : %_% is replaced by format (below)
+    $format = '?page=%#%'; // ?page=%#% : %#% is replaced by the page number
+    $total = 1;
+    $current = 0;
+    $show_all = false;
+    $prev_next = true;
+    $prev_text = __('&laquo; Previous');
+    $next_text = __('Next &raquo;');
+    $end_size = 1; // How many numbers on either end including the end
+    $mid_size = 2; // How many numbers to either side of current not including current
+    $type = 'plain';
+    $add_args = false; // array of query args to aadd
+    extract($a);
+function paginate_links( $args = '' ) {
+    $defaults = array(
+        'base' => '%_%', // http://example.com/all_posts.php%_% : %_% is replaced by format (below)
+        'format' => '?page=%#%', // ?page=%#% : %#% is replaced by the page number
+        'total' => 1,
+        'current' => 0,
+        'show_all' => false,
+        'prev_next' => true,
+        'prev_text' => __('&laquo; Previous'),
+        'next_text' => __('Next &raquo;'),
+        'end_size' => 1, // How many numbers on either end including the end
+        'mid_size' => 2, // How many numbers to either side of current not including current
+        'type' => 'plain',
+        'add_args' => false // array of query args to aadd
+    );
+    $args = wp_parse_args( $args, $defaults );
+    extract($args, EXTR_SKIP);
     // Who knows what else people pass in $args

branches/2.2/wp-includes/js/tinymce/themes/advanced/color_picker.htm

                       r58146
     <title>{$lang_theme_colorpicker_title}</title>
     <script language="javascript" type="text/javascript" src="../../tiny_mce_popup.js"></script>
+    <script language="javascript" type="text/javascript" src="../../utils/mctabs.js"></script>
     <script language="javascript" type="text/javascript" src="jscripts/color_picker.js"></script>
+    <link href="css/colorpicker.css" rel="stylesheet" type="text/css" />
     <base target="_self" />
 </head>
+<body onload="tinyMCEPopup.executeOnLoad('init();');" style="margin: 3px; display: none">
+    <div align="center">
+       <script language="javascript" type="text/javascript">renderColorMap();</script>
+<body onload="tinyMCEPopup.executeOnLoad('init();');" style="display: none">
+    <div class="tabs">
+        <ul>
+            <li id="picker_tab" class="current"><span><a href="javascript:mcTabs.displayTab('picker_tab','picker_panel');" onmousedown="return false;">{$lang_color_picker_tab}</a></span></li>
+            <li id="rgb_tab"><span><a href="#" onclick="generateWebColors();mcTabs.displayTab('rgb_tab','rgb_panel');" onmousedown="return false;">{$lang_web_colors_tab}</a></span></li>
+            <li id="named_tab"><span><a  href="#" onclick="generateNamedColors();javascript:mcTabs.displayTab('named_tab','named_panel');" onmousedown="return false;">{$lang_named_colors_tab}</a></span></li>
+        </ul>
+    </div>
+    <div class="panel_wrapper">
+        <div id="picker_panel" class="panel current">
+            <fieldset>
+                <legend>{$lang_color_picker}</legend>
+                <div id="picker">
+                    <img id="colorpicker" src="images/colors.jpg" onclick="computeColor(event)" onmousedown="isMouseDown = true;return false;" onmouseup="isMouseDown = false;" onmousemove="if (isMouseDown && isMouseOver) computeColor(event); return false;" onmouseover="isMouseOver=true;" onmouseout="isMouseOver=false;" />
+                    <div id="light">
+                        <!-- Will be filled with divs -->
+                    </div>
+                    <br style="clear: both" />
+                </div>
+            </fieldset>
+        </div>
+        <div id="rgb_panel" class="panel">
+            <fieldset>
+                <legend>{$lang_web_colors}</legend>
+                <div id="webcolors">
+                    <!-- Gets filled with web safe colors-->
+                </div>
+                <br style="clear: both" />
+            </fieldset>
+        </div>
+        <div id="named_panel" class="panel">
+            <fieldset>
+                <legend>{$lang_named_colors}</legend>
+                <div id="namedcolors">
+                    <!-- Gets filled with named colors-->
+                </div>
+                <br style="clear: both" />
+                <div id="colornamecontainer">
+                    {$lang_color_name} <span id="colorname"></span>
+                </div>
+            </fieldset>
+        </div>
+    </div>
+    <div class="mceActionPanel">
+        <div style="float: left">
+            <input type="button" id="insert" name="insert" value="{$lang_theme_colorpicker_apply}" onclick="insertAction();" />
+        </div>
+        <div id="preview"></div>
+        <div id="previewblock">
+            <label for="color">{$lang_color}</label> <input id="color" type="text" size="8" maxlength="8" class="text" />
+        </div>
     </div>
 </body>

branches/2.2/wp-includes/js/wp-ajax.js

                       r58146
     },
     addArg: function(key, value) {
         var a = [];
+        var a = $H();
         a[encodeURIComponent(key)] = encodeURIComponent(value);
         this.options.parameters = $H(this.options.parameters).merge($H(a));
+        this.options.parameters = $H(this.options.parameters).merge(a);
     },
     getResponseElement: function(r) {

branches/2.2/wp-includes/link-template.php

                       r58146
         if (strpos($permalink, '%category%') !== false) {
             $cats = get_the_category($post->ID);
+            if ( $cats )
+                usort($cats, '_get_the_category_usort_by_ID'); // order by ID
             $category = $cats[0]->category_nicename;
             if ( $parent=$cats[0]->category_parent )
 …
     if ( $permalink )
         $qstr = user_trailingslashit($qstr, 'paged');
-    $qstr = preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', trailingslashit( get_option('home') ) . $qstr );
     // showing /page/1/ or ?paged=1 is redundant
 …
         $qstr = remove_query_arg('paged', $qstr); // for query style
+    }
+    $qstr = preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', trailingslashit( get_option('home') ) . $qstr );
     return $qstr;
+}

branches/2.2/wp-includes/pluggable.php

                       r58146
 endif;
 if ( !function_exists('wp_mail') ) :
+if ( !function_exists( 'wp_mail' ) ) :
 function wp_mail($to, $subject, $message, $headers = '') {
     global $phpmailer;
 …
     $mail = compact('to', 'subject', 'message', 'headers');
     $mail = apply_filters('wp_mail', $mail);
     extract($mail);
+    extract($mail, EXTR_SKIP);
     if ( $headers == '' ) {
 …
     global $wpdb, $error;
+    $username = sanitize_user($username);
     if ( '' == $username )
         return false;
 …
     $location = wp_kses_no_null($location);
+    // remove %0d and %0a from location
     $strip = array('%0d', '%0a');
+    $location = str_replace($strip, '', $location);
+    $found = true;
+    while($found) {
+        $found = false;
+        foreach($strip as $val) {
+            while(strpos($location, $val) !== false) {
+                $found = true;
+                $location = str_replace($val, '', $location);
+            }
+        }
+    }
     if ( $is_IIS ) {

branches/2.2/wp-includes/plugin.php

                       r58146
     // So the format is wp_filter['tag']['array of priorities']['array of functions serialized']['array of ['array (functions, accepted_args)]']
     $wp_filter[$tag][$priority][serialize($function_to_add)] = array('function' => $function_to_add, 'accepted_args' => $accepted_args);
+    $wp_filter[$tag][$priority][_wp_filter_build_unique_id($tag, $function_to_add, $priority)] = array('function' => $function_to_add, 'accepted_args' => $accepted_args);
     unset( $merged_filters[ $tag ] );
     return true;
 …
 function remove_filter($tag, $function_to_remove, $priority = 10, $accepted_args = 1) {
     global $wp_filter, $merged_filters;
     unset($GLOBALS['wp_filter'][$tag][$priority][serialize($function_to_remove)]);
+    unset($GLOBALS['wp_filter'][$tag][$priority][_wp_filter_build_unique_id($tag, $function_to_remove, $priority)]);
     unset( $merged_filters[ $tag ] );
 …
  */
 function plugin_basename($file) {
+    $file = preg_replace('|\\\\+|', '\\\\', $file);
+    $file = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', $file);
+    $file = str_replace('\\','/',$file); // sanitize for Win32 installs
+    $file = preg_replace('|/+|','/', $file); // remove any duplicate slash
+    $file = preg_replace('|^.*/wp-content/plugins/|','',$file); // get relative path from plugins dir
     return $file;
+}
 …
+}
+function _wp_filter_build_unique_id($tag, $function, $priority = 10)
+{
+    global $wp_filter;
+    // If function then just skip all of the tests and not overwrite the following.
+    if( is_string($function) )
+        return $function;
+    // Object Class Calling
+    else if(is_object($function[0]) )
+    {
+        $obj_idx = get_class($function[0]).$function[1];
+        if( is_null($function[0]->wp_filter_id) ) {
+            $count = count((array)$wp_filter[$tag][$priority]);
+            $function[0]->wp_filter_id = $count;
+            $obj_idx .= $count;
+            unset($count);
+        } else
+            $obj_idx .= $function[0]->wp_filter_id;
+        return $obj_idx;
+    }
+    // Static Calling
+    else if( is_string($function[0]) )
+        return $function[0].$function[1];
+}
 ?>

branches/2.2/wp-includes/post-template.php

                       r58146
             'previouspagelink' => __('Previous page'), 'pagelink' => '%', 'more_file' => '', 'echo' => 1);
     $r = array_merge($defaults, $r);
     extract($r);
+    extract($r, EXTR_SKIP);
     global $id, $page, $numpages, $multipage, $more, $pagenow;
 …
         'name' => 'page_id', 'show_option_none' => '');
     $r = array_merge($defaults, $r);
     extract($r);
+    extract($r, EXTR_SKIP);
     $pages = get_pages($r);

branches/2.2/wp-includes/post.php

                       r58146
         'meta_key' => '', 'meta_value' =>'', 'post_type' => 'post', 'post_status' => 'publish', 'post_parent' => 0);
     $r = array_merge($defaults, $r);
     extract($r);
+    extract($r, EXTR_SKIP);
     $numberposts = (int) $numberposts;
     $offset = (int) $offset;
 …
     // export array as variables
     extract($postarr);
+    extract($postarr, EXTR_SKIP);
     // Are we updating or creating?
 …
         // import postdata as variables
         extract($postdata);
+        extract($postdata, EXTR_SKIP);
         // form an excerpt
 …
                 'hierarchical' => 1, 'exclude' => '', 'include' => '', 'meta_key' => '', 'meta_value' => '', 'authors' => '');
     $r = array_merge($defaults, $r);
     extract($r);
+    extract($r, EXTR_SKIP);
     $key = md5( serialize( $r ) );
 …
     // Export array as variables
     extract($object);
+    extract($object, EXTR_SKIP);
     // Get the basics.

branches/2.2/wp-includes/query.php

                       r58146
         $qv = &$this->query_vars;
         if ( ! empty($qv['robots']) ) {
+        if ( ! empty($qv['robots']) )
             $this->is_robots = true;
-            return;
+        }
-        if ('404' == $qv['error']) {
-            $this->is_404 = true;
-            if ( !empty($query) ) {
-                do_action_ref_array('parse_query', array(&$this));
+            }
-            return;
+        }
         $qv['p'] =  (int) $qv['p'];
 …
+        }
+        if ( !empty($qv['post_type']) )
+            $qv['post_type'] = sanitize_user($qv['post_type'], true);
+        if ( !empty($qv['post_status']) )
+            $qv['post_status'] = sanitize_user($qv['post_status'], true);
         if ( $this->is_posts_page && !$qv['withcomments'] )
             $this->is_comment_feed = false;
 …
         $this->is_singular = $this->is_single || $this->is_page || $this->is_attachment;
         // Done correcting is_* for page_on_front and page_for_posts
+        if ('404' == $qv['error'])
+            $this->set_404();
         if ( !empty($query) )

branches/2.2/wp-includes/registration.php

r58146	r58146
33	33	global $wpdb;
34	34
35		extract($userdata);
	35	extract($userdata, EXTR_SKIP);
36	36
37	37	// Are we updating or creating?

branches/2.2/wp-includes/rewrite.php

                       r58146
             // Substitute the substring matches into the query.
             eval("\$query = \"$query\";");
+            // Filter out non-public query vars
+            global $wp;
+            parse_str($query, $query_vars);
+            $query = array();
+            foreach ( $query_vars as $key => $value ) {
+                if ( in_array($key, $wp->public_query_vars) )
+                    $query[$key] = $value;
+            }
+            // Do the query
             $query = new WP_Query($query);
             if ( $query->is_single || $query->is_page )

branches/2.2/wp-includes/rss.php

                       r58146
 define('RSS', 'RSS');
 define('ATOM', 'Atom');
 define('MAGPIE_USER_AGENT', 'WordPress/' . $wp_version);
+define('MAGPIE_USER_AGENT', 'WordPress/' . $GLOBALS['wp_version']);
 class MagpieRSS {
 …
     if ( !defined('MAGPIE_USER_AGENT') ) {
         $ua = 'WordPress/' . $wp_version;
+        $ua = 'WordPress/' . $GLOBALS['wp_version'];
         if ( MAGPIE_CACHE_ON ) {

branches/2.2/wp-includes/theme.php

                       r58146
     $theme = $name;
     $theme_uri = trim( $theme_uri[1] );
+    $template = trim( $template[1] );
     if ( '' == $author_uri[1] ) {
 …
+    }
     return array( 'Name' => $name, 'Title' => $theme, 'URI' => $theme_uri, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1], 'Status' => $status );
+    return array( 'Name' => $name, 'Title' => $theme, 'URI' => $theme_uri, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template, 'Status' => $status );
+}

branches/2.2/wp-includes/vars.php

                       r58146
 // On which page are we ?
+if ( preg_match('#([^/]+\.php)$#', $PHP_SELF, $self_matches) ) {
+if ( is_admin() ) {
+    // wp-admin pages are checked more carefully
+    preg_match('#/wp-admin/?(.*?)$#i', $PHP_SELF, $self_matches);
     $pagenow = $self_matches[1];
+} elseif ( strpos($PHP_SELF, '?') !== false ) {
+    $pagenow = explode('/', $PHP_SELF);
+    $pagenow = trim($pagenow[(sizeof($pagenow)-1)]);
+    $pagenow = explode('?', $pagenow);
+    $pagenow = $pagenow[0];
+    $pagenow = preg_replace('#\?.*?$#', '', $pagenow);
+    if ( '' === $pagenow || 'index' === $pagenow || 'index.php' === $pagenow ) {
+        $pagenow = 'index.php';
+    } else {
+        preg_match('#(.*?)(/|$)#', $pagenow, $self_matches);
+        $pagenow = strtolower($self_matches[1]);
+        if ( '.php' !== substr($pagenow, -4, 4) )
+            $pagenow .= '.php'; // for Options +Multiviews: /wp-admin/themes/index.php (themes.php is queried)
+    }
 } else {
+    $pagenow = 'index.php';
+    if ( preg_match('#([^/]+\.php)([?/].*?)?$#i', $PHP_SELF, $self_matches) )
+        $pagenow = strtolower($self_matches[1]);
+    else
+        $pagenow = 'index.php';
+}

branches/2.2/wp-includes/version.php

r58146	r58146
3	3	// This holds the version number in a separate file so we can bump it without cluttering the SVN
4	4
5		$wp_version = '2.2';
	5	$wp_version = '2.2.3';
6	6	$wp_db_version = 5183;
7	7

branches/2.2/wp-includes/widgets.php

                       r58146
     $id = sanitize_title($name);
     $options = array();
     if ( !empty($classname) )
+    if ( !empty($classname) && is_string($classname) )
         $options['classname'] = $classname;
     $params = array_slice(func_get_args(), 3);
+    $params = array_slice(func_get_args(), 2);
     $args = array($id, $name, $output_callback, $options);
     if ( !empty($params) )
 …
 /* Default Widgets */
+function wp_widget_pages($args) {
+    extract($args);
+    $options = get_option('widget_pages');
+    $title = empty($options['title']) ? __('Pages') : $options['title'];
+    echo $before_widget . $before_title . $title . $after_title . "<ul>\n";
+    wp_list_pages("title_li=");
+    echo "</ul>\n" . $after_widget;
+function wp_widget_pages( $args ) {
+    extract( $args );
+    $options = get_option( 'widget_pages' );
+    $title = empty( $options['title'] ) ? __( 'Pages' ) : $options['title'];
+    $sortby = empty( $options['sortby'] ) ? 'menu_order' : $options['sortby'];
+    $exclude = empty( $options['exclude'] ) ? '' : $options['exclude'];
+    if ( $sortby == 'menu_order' ) {
+        $sortby = 'menu_order, post_title';
+    }
+    $out = wp_list_pages( array('title_li' => '', 'echo' => 0, 'sort_column' => $sortby, 'exclude' => $exclude) );
+    if ( !empty( $out ) ) {
+?>
+    <?php echo $before_widget; ?>
+        <?php echo $before_title . $title . $after_title; ?>
+        <ul>
+            <?php echo $out; ?>
+        </ul>
+    <?php echo $after_widget; ?>
+<?php
+    }
+}
 function wp_widget_pages_control() {
     $options = $newoptions = get_option('widget_pages');
+    if ( $_POST["pages-submit"] ) {
+        $newoptions['title'] = strip_tags(stripslashes($_POST["pages-title"]));
+    if ( $_POST['pages-submit'] ) {
+        $newoptions['title'] = strip_tags(stripslashes($_POST['pages-title']));
+        $sortby = stripslashes( $_POST['pages-sortby'] );
+        if ( in_array( $sortby, array( 'post_title', 'menu_order', 'ID' ) ) ) {
+            $newoptions['sortby'] = $sortby;
+        } else {
+            $newoptions['sortby'] = 'menu_order';
+        }
+        $newoptions['exclude'] = strip_tags( stripslashes( $_POST['pages-exclude'] ) );
+    }
     if ( $options != $newoptions ) {
 …
+    }
     $title = attribute_escape($options['title']);
+    $exclude = attribute_escape( $options['exclude'] );
 ?>
             <p><label for="pages-title"><?php _e('Title:'); ?> <input style="width: 250px;" id="pages-title" name="pages-title" type="text" value="<?php echo $title; ?>" /></label></p>
+            <p><label for="pages-sortby"><?php _e( 'Sort by:' ); ?>
+                <select name="pages-sortby" id="pages-sortby">
+                    <option value="post_title"<?php selected( $options['sortby'], 'post_title' ); ?>><?php _e('Page title'); ?></option>
+                    <option value="menu_order"<?php selected( $options['sortby'], 'menu_order' ); ?>><?php _e('Page order'); ?></option>
+                    <option value="ID"<?php selected( $options['sortby'], 'ID' ); ?>><?php _e( 'Page ID' ); ?></option>
+                </select></label></p>
+            <p><label for="pages-exclude"><?php _e( 'Exclude:' ); ?> <input type="text" value="<?php echo $exclude; ?>" name="pages-exclude" id="pages-exclude" style="width: 180px;" /></label><br />
+            <small><?php _e( 'Page IDs, separated by commas.' ); ?></small></p>
             <input type="hidden" id="pages-submit" name="pages-submit" value="1" />
 <?php
 …
 function wp_widget_links($args) {
     global $wp_db_version;
     extract($args);
+    extract($args, EXTR_SKIP);
     if ( $wp_db_version < 3582 ) {
         // This ONLY works with li/h2 sidebars.
 …
     $options = get_option('widget_text');
     $title = $options[$number]['title'];
+    if ( empty($title) )
+        $title = '&nbsp;';
+    $text = $options[$number]['text'];
+    $text = apply_filters( 'widget_text', $options[$number]['text'] );
 ?>
         <?php echo $before_widget; ?>
             <?php $title ? print($before_title . $title . $after_title) : null; ?>
+            <?php if ( !empty( $title ) ) { echo $before_title . $title . $after_title; } ?>
             <div class="textwidget"><?php echo $text; ?></div>
         <?php echo $after_widget; ?>
 …
+    }
     $title = attribute_escape($options[$number]['title']);
     $text = attribute_escape($options[$number]['text']);
 ?>
             <input style="width: 450px;" id="text-title-<?php echo "$number"; ?>" name="text-title-<?php echo "$number"; ?>" type="text" value="<?php echo $title; ?>" />
             <textarea style="width: 450px; height: 280px;" id="text-text-<?php echo "$number"; ?>" name="text-text-<?php echo "$number"; ?>"><?php echo $text; ?></textarea>
+    $text = format_to_edit($options[$number]['text']);
+?>
+            <input style="width: 450px;" id="text-title-<?php echo $number; ?>" name="text-title-<?php echo $number; ?>" type="text" value="<?php echo $title; ?>" />
+            <textarea style="width: 450px; height: 280px;" id="text-text-<?php echo $number; ?>" name="text-text-<?php echo $number; ?>"><?php echo $text; ?></textarea>
             <input type="hidden" id="text-submit-<?php echo "$number"; ?>" name="text-submit-<?php echo "$number"; ?>" value="1" />
 <?php
 …
     function onCatChange() {
         if ( dropdown.options[dropdown.selectedIndex].value > 0 ) {
             location.href = "<?php echo get_option('siteurl'); ?>/?cat="+dropdown.options[dropdown.selectedIndex].value;
+            location.href = "<?php echo get_option('home'); ?>/?cat="+dropdown.options[dropdown.selectedIndex].value;
+        }
+    }
 …
 function wp_widget_rss($args, $number = 1) {
     require_once(ABSPATH . WPINC . '/rss.php');
     extract($args);
+    extract($args, EXTR_SKIP);
     $options = get_option('widget_rss');
     if ( isset($options['error']) && $options['error'] )
 …
+        }
     } else {
         echo __('<li>An error has occured; the feed is probably down. Try again later.</li>');
+        echo '<li>' . __( 'An error has occurred; the feed is probably down. Try again later.' ) . '</li>';
+    }
 ?>
 …
     $class = array('classname' => 'widget_pages');
     wp_register_sidebar_widget('pages', __('Pages'), 'wp_widget_pages', $class);
     wp_register_widget_control('pages', __('Pages'), 'wp_widget_pages_control', $dims90);
+    wp_register_widget_control('pages', __('Pages'), 'wp_widget_pages_control', $dims150);
     $class['classname'] = 'widget_calendar';
     wp_register_sidebar_widget('calendar', __('Calendar'), 'wp_widget_calendar', $class);

branches/2.2/wp-mail.php

                       r58146
             if (preg_match('/From: /', $line) | preg_match('/Reply-To: /', $line))  {
                 $author=trim($line);
+            if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) {
+                $author = $regs[1];
+                echo "Author = {$author} <p>";
+                $author = $wpdb->escape($author);
+                $result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1");
+                if (!$result)
+                if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) {
+                    $author = $regs[1];
+                    echo "Author = {$author} <p>";
+                    $author = $wpdb->escape($author);
+                    $result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1");
+                    if (!$result)
+                        $post_author = 1;
+                    else
+                        $post_author = $result->ID;
+                } else
                     $post_author = 1;
-                else
-                    $post_author = $result->ID;
-            } else
-                $post_author = 1;
+            }

branches/2.2/wp-settings.php

                       r58146
     $_SERVER['PHP_SELF'] = $PHP_SELF = preg_replace("/(\?.*)?$/",'',$_SERVER["REQUEST_URI"]);
 if ( !(phpversion() >= '4.1') )
     die( 'Your server is running PHP version ' . phpversion() . ' but WordPress requires at least 4.1' );
+if ( !(phpversion() >= '4.2') )
+    die( 'Your server is running PHP version ' . phpversion() . ' but WordPress requires at least 4.2.' );
 if ( !extension_loaded('mysql') && !file_exists(ABSPATH . 'wp-content/db.php') )
 …
 // For an advanced caching plugin to use, static because you would only want one
 if ( defined('WP_CACHE') )
     require (ABSPATH . 'wp-content/advanced-cache.php');
+    @include ABSPATH . 'wp-content/advanced-cache.php';
 define('WPINC', 'wp-includes');

branches/2.2/xmlrpc.php

                       r58146
     <homePageLink><?php bloginfo_rss('url') ?></homePageLink>
     <apis>
       <api name="WordPress" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('url') ?>/xmlrpc.php" />
       <api name="Movable Type" blogID="1" preferred="true" apiLink="<?php bloginfo_rss('url') ?>/xmlrpc.php" />
       <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('url') ?>/xmlrpc.php" />
       <api name="Blogger" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('url') ?>/xmlrpc.php" />
+      <api name="WordPress" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
+      <api name="Movable Type" blogID="1" preferred="true" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
+      <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
+      <api name="Blogger" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
     </apis>
   </service>
 …
             // Format page date.
             $page_date = mysql2date("Ymd\TH:i:s", $page->post_date_gmt);
+            $page_date = mysql2date("Ymd\TH:i:s\Z", $page->post_date_gmt);
             // Pull the categories info together.
 …
         $num_pages = count($page_list);
         for($i = 0; $i < $num_pages; $i++) {
             $post_date = mysql2date("Ymd\TH:i:s", $page_list[$i]->post_date_gmt);
+            $post_date = mysql2date("Ymd\TH:i:s\Z", $page_list[$i]->post_date_gmt);
             $page_list[$i]->dateCreated = new IXR_Date($post_date);
 …
         $password               = $args[2];
         $category               = $args[3];
         $max_results            = $args[4];
+        $max_results            = (int) $args[4];
         if(!$this->login_pass_ok($username, $password)) {
 …
         return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
       extract($actual_post);
+      extract($actual_post, EXTR_SKIP);
       if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
 …
+      }
+      $cap = ($publish) ? 'publish_posts' : 'edit_posts';
       $user = set_current_user(0, $user_login);
       if ( !current_user_can('publish_posts') )
+      if ( !current_user_can($cap) )
         return new IXR_Error(401, __('Sorry, you can not post on this weblog or category.'));
 …
         if(isset($content_struct["mt_allow_comments"])) {
+            switch((int) $content_struct["mt_allow_comments"]) {
+                case 0:
+                    $comment_status = "closed";
+                    break;
+                case 1:
+                    $comment_status = "open";
+                    break;
+                default:
+                    $comment_status = get_option("default_comment_status");
+                    break;
+            if(!is_numeric($content_struct["mt_allow_comments"])) {
+                switch($content_struct["mt_allow_comments"]) {
+                    case "closed":
+                        $comment_status = "closed";
+                        break;
+                    case "open":
+                        $comment_status = "open";
+                        break;
+                    default:
+                        $comment_status = get_option("default_comment_status");
+                        break;
+                }
+            }
+            else {
+                switch((int) $content_struct["mt_allow_comments"]) {
+                    case 0:
+                        $comment_status = "closed";
+                        break;
+                    case 1:
+                        $comment_status = "open";
+                        break;
+                    default:
+                        $comment_status = get_option("default_comment_status");
+                        break;
+                }
+            }
+        }
+        else {
+            $comment_status = get_option("default_comment_status");
+        }
         if(isset($content_struct["mt_allow_pings"])) {
+            switch((int) $content_struct["mt_allow_pings"]) {
+                case 0:
+                    $ping_status = "closed";
+                    break;
+                case 1:
+                    $ping_status = "open";
+                    break;
+                default:
+                    $ping_status = get_option("default_ping_status");
+                    break;
+            if(!is_numeric($content_struct["mt_allow_pings"])) {
+                switch($content_struct["mt_allow_pings"]) {
+                    case "closed":
+                        $ping_status = "closed";
+                        break;
+                    case "open":
+                        $ping_status = "open";
+                        break;
+                    default:
+                        $ping_status = get_option("default_ping_status");
+                        break;
+                }
+            }
+            else {
+                switch((int) $content_struct["mt_allow_pings"]) {
+                    case 0:
+                        $ping_status = "closed";
+                        break;
+                    case 1:
+                        $ping_status = "open";
+                        break;
+                    default:
+                        $ping_status = get_option("default_ping_status");
+                        break;
+                }
+            }
+        }
+        else {
+            $ping_status = get_option("default_ping_status");
+        }
 …
+        }
-      extract($postdata);
         $this->escape($postdata);
+        extract($postdata, EXTR_SKIP);
         // Let WordPress manage slug if none was provided.
 …
+        }
         $post_author = $user->ID;
+        $post_author = $postdata["post_author"];
         // Only set the post_author if one is set.
 …
+        }
+        // Only set ping_status if it was provided.
+        if(isset($content_struct["mt_allow_comments"])) {
+            if(!is_numeric($content_struct["mt_allow_comments"])) {
+                switch($content_struct["mt_allow_comments"]) {
+                    case "closed":
+                        $comment_status = "closed";
+                        break;
+                    case "open":
+                        $comment_status = "open";
+                        break;
+                    default:
+                        $comment_status = get_option("default_comment_status");
+                        break;
+                }
+            }
+            else {
+                switch((int) $content_struct["mt_allow_comments"]) {
+                    case 0:
+                        $comment_status = "closed";
+                        break;
+                    case 1:
+                        $comment_status = "open";
+                        break;
+                    default:
+                        $comment_status = get_option("default_comment_status");
+                        break;
+                }
+            }
+        }
         if(isset($content_struct["mt_allow_pings"])) {
+            switch((int) $content_struct["mt_allow_pings"]) {
+                case 0:
+                    $ping_status = "closed";
+                    break;
+                case 1:
+                    $ping_status = "open";
+                    break;
+            if(!is_numeric($content_struct["mt_allow_pings"])) {
+                switch($content_struct["mt_allow_pings"]) {
+                    case "closed":
+                        $ping_status = "closed";
+                        break;
+                    case "open":
+                        $ping_status = "open";
+                        break;
+                    default:
+                        $ping_status = get_option("default_ping_status");
+                        break;
+                }
+            }
+            else {
+                switch((int) $content_struct["mt_allow_pings"]) {
+                    case 0:
+                        $ping_status = "closed";
+                        break;
+                    case 1:
+                        $ping_status = "open";
+                        break;
+                    default:
+                        $ping_status = get_option("default_ping_status");
+                        break;
+                }
+            }
+        }
 …
         $to_ping = implode(' ', $to_ping);
-      if(isset($content_struct["mt_allow_comments"])) {
-        $comment_status = (int) $content_struct["mt_allow_comments"];
+      }
       // Do some timestamp voodoo
       $dateCreatedd = $content_struct['dateCreated'];
 …
       if ($postdata['post_date'] != '') {
         $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']);
+        $post_date = mysql2date('Ymd\TH:i:s\Z', $postdata['post_date_gmt']);
         $categories = array();
 …
         foreach ($posts_list as $entry) {
             $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt']);
+            $post_date = mysql2date('Ymd\TH:i:s\Z', $entry['post_date_gmt']);
             $categories = array();
             $catids = wp_get_post_categories($entry['ID']);
 …
         $bits = $data['bits'];
+        logIO('O', '(MW) Received '.strlen($bits).' bytes');
+        if ( !$this->login_pass_ok($user_login, $user_pass) )
+            return $this->error;
+        set_current_user(0, $user_login);
+        if ( !current_user_can('upload_files') ) {
+            logIO('O', '(MW) User does not have upload_files capability');
+            $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.'));
+            return $this->error;
+        }
+        if ( $upload_err = apply_filters( "pre_upload_error", false ) )
+            return new IXR_Error(500, $upload_err);
         if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) {
             // Get postmeta info on the object.
 …
             $name = "wpid{$old_file->ID}-{$filename}";
+        }
-        logIO('O', '(MW) Received '.strlen($bits).' bytes');
-        if ( !$this->login_pass_ok($user_login, $user_pass) )
-            return $this->error;
-        set_current_user(0, $user_login);
-        if ( !current_user_can('upload_files') ) {
-            logIO('O', '(MW) User does not have upload_files capability');
-            $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.'));
-            return $this->error;
+        }
-        if ( $upload_err = apply_filters( "pre_upload_error", false ) )
-            return new IXR_Error(500, $upload_err);
         $upload = wp_upload_bits($name, $type, $bits, $overwrite);
 …
         foreach ($posts_list as $entry) {
             $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt']);
+            $post_date = mysql2date('Ymd\TH:i:s\Z', $entry['post_date_gmt']);
             $struct[] = array(

Context Navigation

Changes from tags/2.2 at r58146 to branches/2.2 at r58146

Legend:

Download in other formats: