Ticket #10729: 10729.2.patch
| File 10729.2.patch, 4.7 KB (added by , 16 years ago) |
|---|
-
wp-admin/page.php
112 112 $last_user_name = $last_user ? $last_user->display_name : __('Somebody'); 113 113 $message = sprintf( __( 'Warning: %s is currently editing this page' ), esc_html( $last_user_name ) ); 114 114 $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" ); 115 add_action('admin_notices', create_function( '', "echo '$message';") );115 add_action('admin_notices', create_function( "\$message = '$message'", 'echo $message;' ) ); 116 116 } else { 117 117 wp_set_post_lock( $post->ID ); 118 118 wp_enqueue_script('autosave'); -
wp-admin/post.php
147 147 $last_user_name = $last_user ? $last_user->display_name : __('Somebody'); 148 148 $message = sprintf( __( 'Warning: %s is currently editing this post' ), esc_html( $last_user_name ) ); 149 149 $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" ); 150 add_action('admin_notices', create_function( '', "echo '$message';") );150 add_action('admin_notices', create_function( "\$html = '$message'", 'echo $html;' ) ); 151 151 } else { 152 152 wp_set_post_lock( $post->ID ); 153 153 wp_enqueue_script('autosave'); -
wp-includes/pomo/po.php
146 146 * @param string $with prepend lines with this string 147 147 */ 148 148 function prepend_each_line($string, $with) { 149 // FIXME codeinjection is possible here, this needs to be changed 149 150 $php_with = var_export($with, true); 150 151 $lines = explode("\n", $string); 151 152 // do not prepend the string on the last empty line, artefact by explode 152 153 if ("\n" == substr($string, -1)) unset($lines[count($lines) - 1]); 153 $res = implode("\n", array_map(create_function('$x', "return $php_with.\$x;"), $lines)); 154 // FIXME codeinjection is done actually here 155 $res = implode("\n", array_map(create_function('$x, $pre = ""', "return $php_with.\$x;"), $lines)); 154 156 // give back the empty line, we ignored above 155 157 if ("\n" == substr($string, -1)) $res .= "\n"; 156 158 return $res; -
wp-includes/formatting.php
2620 2620 function links_add_base_url( $content, $base, $attrs = array('src', 'href') ) { 2621 2621 $attrs = implode('|', (array)$attrs); 2622 2622 return preg_replace_callback("!($attrs)=(['\"])(.+?)\\2!i", 2623 create_function('$m ', 'return _links_add_base($m, "' . $base . '");'),2623 create_function('$m, $base = ". $base ."', 'return _links_add_base($m, $base);'), 2624 2624 $content); 2625 2625 } 2626 2626 … … 2661 2661 function links_add_target( $content, $target = '_blank', $tags = array('a') ) { 2662 2662 $tags = implode('|', (array)$tags); 2663 2663 return preg_replace_callback("!<($tags)(.+?)>!i", 2664 create_function('$m ', 'return _links_add_target($m, "' . $target . '");'),2664 create_function('$m, $target="' . $target . '"', 'return _links_add_target($m, $target);'), 2665 2665 $content); 2666 2666 } 2667 2667 /** -
wp-includes/gettext.php
346 346 $func_body = " 347 347 \$plural = ($expression); 348 348 return (\$plural <= $nplurals)? \$plural : \$plural - 1;"; 349 // FIXME might be prone to code injection 349 350 $this->select_string_function = create_function('$n', $func_body); 350 351 } 351 352 return call_user_func($this->select_string_function, $n); -
wp-includes/theme.php
886 886 if ( validate_file($_GET['template']) ) 887 887 return; 888 888 889 add_filter( 'template', create_function( '', "return '{$_GET['template']}';") );889 add_filter( 'template', create_function("\$template = '{$_GET['template']}'", "return $template;") ); 890 890 891 891 if ( isset($_GET['stylesheet']) ) { 892 892 $_GET['stylesheet'] = preg_replace('|[^a-z0-9_./-]|i', '', $_GET['stylesheet']); 893 893 if ( validate_file($_GET['stylesheet']) ) 894 894 return; 895 add_filter( 'stylesheet', create_function( '', "return '{$_GET['stylesheet']}';") );895 add_filter( 'stylesheet', create_function("\$stylesheet = '{$_GET['stylesheet']}'", "return $stylesheet;") ); 896 896 } 897 897 898 898 // Prevent theme mods to current theme being used on theme being previewed