WordPress.org

Make WordPress Core

Ticket #4333: Fix_22.patch

File Fix_22.patch, 17.5 KB (added by g30rg3x, 11 years ago)

Patch for milestone 2.2, based on trunk chageset #5543

  • wp-admin/admin-functions.php

     
    347347        $post->post_title = apply_filters( 'title_edit_pre', $post->post_title );
    348348
    349349        $post->post_password = format_to_edit( $post->post_password );
     350       
     351        $post->menu_order = (int) $post->menu_order;
    350352
    351353        if ( $post->post_type == 'page' )
    352354                $post->page_template = get_post_meta( $id, '_wp_page_template', true );
     
    396398
    397399function get_comment_to_edit( $id ) {
    398400        $comment = get_comment( $id );
     401       
     402        $comment->comment_ID = (int) $comment->comment_ID;
     403        $comment->comment_post_ID = (int) $comment->comment_post_ID;
    399404
    400405        $comment->comment_content = format_to_edit( $comment->comment_content, user_can_richedit() );
    401406        $comment->comment_content = apply_filters( 'comment_edit_pre', $comment->comment_content);
     407        $comment->comment_content = apply_filters( 'comment_text', $comment->comment_content );
    402408
    403409        $comment->comment_author = format_to_edit( $comment->comment_author );
    404410        $comment->comment_author_email = format_to_edit( $comment->comment_author_email );
     411        $comment->comment_author_url = clean_url($comment->comment_author_url);
    405412        $comment->comment_author_url = format_to_edit( $comment->comment_author_url );
    406413
    407414        return $comment;
     
    409416
    410417function get_category_to_edit( $id ) {
    411418        $category = get_category( $id );
     419       
     420        $category->term_id = (int) $category->term_id;
     421        $category->parent = (int) $category->parent;
    412422
    413423        return $category;
    414424}
     
    10261036                $key_js = js_escape( $entry['meta_key'] );
    10271037                $entry['meta_key']   = attribute_escape($entry['meta_key']);
    10281038                $entry['meta_value'] = attribute_escape($entry['meta_value']);
     1039                $entry['meta_id'] = (int) $entry['meta_id'];
    10291040                $r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>";
    10301041                $r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>";
    10311042                $r .= "\n\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>";
     
    10781089<?php
    10791090
    10801091        foreach ( $keys as $key ) {
    1081                 $key = attribute_escape( $key);
     1092                $key = attribute_escape( $key );
    10821093                echo "\n\t<option value='$key'>$key</option>";
    10831094        }
    10841095?>
  • wp-admin/comment.php

     
    3939        $nonce_action = 'cdc' == $action ? 'delete-comment_' : 'approve-comment_';
    4040        $nonce_action .= $comment;
    4141
    42         if ( ! $comment = get_comment($comment) )
     42        if ( ! $comment = get_comment_to_edit($comment) )
    4343                wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));
    4444
    4545        if ( !current_user_can('edit_post', $comment->comment_post_ID) )
     
    9696<?php } ?>
    9797<tr>
    9898<th scope="row" valign="top"><p><?php _e('Comment:'); ?></p></th>
    99 <td><?php echo apply_filters( 'comment_text', $comment->comment_content ); ?></td>
     99<td><?php echo $comment->comment_content; ?></td>
    100100</tr>
    101101</table>
    102102
     
    155155        if ((wp_get_referer() != "") && (false == $noredir)) {
    156156                wp_redirect(wp_get_referer());
    157157        } else {
    158                 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments');
     158                wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments');
    159159        }
    160160        exit();
    161161        break;
     
    185185        if ((wp_get_referer() != "") && (false == $noredir)) {
    186186                wp_redirect(wp_get_referer());
    187187        } else {
    188                 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments');
     188                wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments');
    189189        }
    190190        exit();
    191191        break;
  • wp-admin/edit-form-advanced.php

     
    11<?php
     2if ( isset($_GET['message']) )
     3          $_GET['message'] = (int) $_GET['message'];
    24$messages[1] = __('Post updated');
    35$messages[2] = __('Custom field updated');
    46$messages[3] = __('Custom field deleted.');
    57?>
    68<?php if (isset($_GET['message'])) : ?>
    7 <div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>
     9<div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div>
    810<?php endif; ?>
    911
    1012<form name="post" action="post.php" method="post" id="post">
     
    2123        $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
    2224        wp_nonce_field('add-post');
    2325} else {
     26        $post_ID = (int) $post_ID;
    2427        $form_action = 'editpost';
    2528        $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
    2629        wp_nonce_field('update-post_' .  $post_ID);
    2730}
    2831
    29 $form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
     32$form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />';
    3033
    31 $form_prevstatus = '<input type="hidden" name="prev_status" value="' . $post->post_status . '" />';
     34$form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />';
    3235
    33 $form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $post->to_ping) .'" />';
     36$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';
    3437
    3538if ('' != $post->pinged) {
    3639        $pings = '<p>'. __('Already pinged:') . '</p><ul>';
     
    4144        $pings .= '</ul>';
    4245}
    4346
    44 $saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . __('Save and Continue Editing') . '" />';
     47$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape( __('Save and Continue Editing') ) . '" />';
    4548
    4649if (empty($post->post_status)) $post->post_status = 'draft';
    4750
    4851?>
    4952
    50 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
     53<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
    5154<input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" />
    5255<input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
    53 <input type="hidden" name="post_author" value="<?php echo $post->post_author ?>" />
     56<input type="hidden" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
    5457<input type="hidden" id="post_type" name="post_type" value="post" />
    5558
    5659<?php echo $form_extra ?>
     
    8891
    8992<fieldset id="passworddiv" class="dbx-box">
    9093<h3 class="dbx-handle"><?php _e('Post Password') ?></h3>
    91 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
     94<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div>
    9295</fieldset>
    9396
    9497<fieldset id="slugdiv" class="dbx-box">
    9598<h3 class="dbx-handle"><?php _e('Post Slug') ?></h3>
    96 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
     99<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div>
    97100</fieldset>
    98101
    99102<fieldset id="poststatusdiv" class="dbx-box">
     
    125128$o = get_userdata( $o->ID );
    126129if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
    127130else $selected = '';
    128 echo "<option value='$o->ID' $selected>$o->display_name</option>";
     131echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars( $o->display_name ) . "</option>";
    129132endforeach;
    130133?>
    131134</select>
     
    140143
    141144<fieldset id="titlediv">
    142145        <legend><?php _e('Title') ?></legend>
    143         <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
     146        <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
    144147</fieldset>
    145148
    146149<fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
     
    168171if ('publish' != $post->post_status || 0 == $post_ID) {
    169172?>
    170173<?php if ( current_user_can('publish_posts') ) : ?>
    171         <input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" />
     174        <input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish'); ?>" />
    172175<?php endif; ?>
    173176<?php
    174177}
     
    186189
    187190<?php
    188191if (current_user_can('upload_files')) {
    189         $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
     192        $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID);
    190193        $uploading_iframe_src = wp_nonce_url("upload.php?style=inline&amp;tab=upload&amp;post_id=$uploading_iframe_ID", 'inlineuploading');
    191194        $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
    192195        if ( false != $uploading_iframe_src )
  • wp-admin/edit-form-comment.php

     
    22$submitbutton_text = __('Edit Comment &raquo;');
    33$toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
    44$form_action = 'editedcomment';
    5 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='".$comment->comment_post_ID;
     5$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='" . $comment->comment_post_ID;
    66?>
    77
    88<form name="post" action="comment.php" method="post" id="post">
    99<?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
    1010<div class="wrap">
    11 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
     11<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
    1212<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
    1313
    1414<script type="text/javascript">
     
    2020<fieldset id="namediv">
    2121    <legend><label for="name"><?php _e('Name:') ?></label></legend>
    2222        <div>
    23           <input type="text" name="newcomment_author" size="25" value="<?php echo $comment->comment_author ?>" tabindex="1" id="name" />
     23          <input type="text" name="newcomment_author" size="25" value="<?php echo attribute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" />
    2424    </div>
    2525</fieldset>
    2626<fieldset id="emaildiv">
    2727        <legend><label for="email"><?php _e('E-mail:') ?></label></legend>
    2828                <div>
    29                   <input type="text" name="newcomment_author_email" size="20" value="<?php echo $comment->comment_author_email ?>" tabindex="2" id="email" />
     29                  <input type="text" name="newcomment_author_email" size="20" value="<?php echo attribute_escape( $comment->comment_author_email ); ?>" tabindex="2" id="email" />
    3030    </div>
    3131</fieldset>
    3232<fieldset id="uridiv">
    3333        <legend><label for="newcomment_author_url"><?php _e('URL:') ?></label></legend>
    3434                <div>
    35                   <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url ?>" tabindex="3" />
     35                  <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape( $comment->comment_author_url ); ?>" tabindex="3" />
    3636    </div>
    3737</fieldset>
    3838
  • wp-admin/edit-form.php

     
    66<?php if (isset($mode) && 'bookmarklet' == $mode) : ?>
    77<input type="hidden" name="mode" value="bookmarklet" />
    88<?php endif; ?>
    9 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
     9<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
    1010<input type="hidden" name="action" value='post' />
    1111
    1212<script type="text/javascript">
     
    2121<div id="poststuff">
    2222    <fieldset id="titlediv">
    2323      <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend>
    24           <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
     24          <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div>
    2525    </fieldset>
    2626
    2727    <fieldset id="categorydiv">
     
    4949//-->
    5050</script>
    5151
    52 <input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />
     52<input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" />
    5353
    5454<p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Locator">URL</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Locator">URL</abbr>s with spaces.)'), 'http://wordpress.org/docs/reference/post/#trackback'); echo '<br />'; ?>
    5555        <input type="text" name="trackback_url" style="width: 360px" id="trackback" tabindex="7" /></p>
     
    6464<?php if ('bookmarklet' != $mode) {
    6565                echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />';
    6666        } ?>
    67         <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />
     67        <input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" />
    6868</p>
    6969
    7070<?php do_action('simple_edit_form', ''); ?>
  • wp-admin/edit-page-form.php

     
    22<div class="wrap">
    33<h2 id="write-post"><?php _e('Write Page'); ?></h2>
    44<?php
     5
    56if (0 == $post_ID) {
    67        $form_action = 'post';
    78        $nonce_action = 'add-page';
    89        $temp_ID = -1 * time(); // don't change this formula without looking at wp_write_post()
    910        $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
    1011} else {
     12        $post_ID = (int) $post_ID;
    1113        $form_action = 'editpost';
    1214        $nonce_action = 'update-page_' . $post_ID;
    1315        $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
    1416}
    1517
     18$temp_ID = (int) $temp_ID;
     19$user_ID = (int) $user_ID;
     20
    1621$sendto = clean_url(stripslashes(wp_get_referer()));
    1722
    1823if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
     
    6873
    6974<fieldset id="passworddiv" class="dbx-box">
    7075<h3 class="dbx-handle"><?php _e('Page Password') ?></h3>
    71 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
     76<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div>
    7277</fieldset>
    7378
    7479<fieldset id="pageparent" class="dbx-box">
     
    9398
    9499<fieldset id="slugdiv" class="dbx-box">
    95100<h3 class="dbx-handle"><?php _e('Page Slug') ?></h3>
    96 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
     101<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div>
    97102</fieldset>
    98103
    99104<?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
     
    106111$o = get_userdata( $o->ID );
    107112if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
    108113else $selected = '';
     114$o->ID = (int) $o->ID;
     115$o->display_name = wp_specialchars( $o->display_name );
    109116echo "<option value='$o->ID' $selected>$o->display_name</option>";
    110117endforeach;
    111118?>
     
    126133
    127134<fieldset id="titlediv">
    128135  <legend><?php _e('Page Title') ?></legend>
    129   <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
     136  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div>
    130137</fieldset>
    131138
    132139
  • wp-admin/user-edit.php

     
    7676<form name="profile" id="your-profile" action="user-edit.php" method="post">
    7777<?php wp_nonce_field('update-user_' . $user_id) ?>
    7878<?php if ( $wp_http_referer ) : ?>
    79         <input type="hidden" name="wp_http_referer" value="<?php echo wp_specialchars($wp_http_referer); ?>" />
     79        <input type="hidden" name="wp_http_referer" value="<?php echo clean_url($wp_http_referer); ?>" />
    8080<?php endif; ?>
    8181<p>
    8282<input type="hidden" name="from" value="profile" />