Make WordPress Core

Ticket #9402: more_more_validation_fixes.patch

File more_more_validation_fixes.patch, 5.8 KB (added by simek, 16 years ago)
  • includes/plugin-install.php

     
    138138        $tags = array();
    139139        foreach ( (array)$api_tags as $tag )
    140140                $tags[ $tag['name'] ] = (object) array(
    141                                                                 'link' => clean_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ),
     141                                                                'link' => clean_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ),
    142142                                                                'name' => $tag['name'],
    143143                                                                'id' => sanitize_title_with_dashes($tag['name']),
    144144                                                                'count' => $tag['count'] );
  • includes/plugin.php

     
    406406                $checked[] = 'checked[]=' . $plugin;
    407407
    408408        ob_start();
    409         $url = wp_nonce_url('plugins.php?action=delete-selected&verify-delete=1&' . implode('&', $checked), 'bulk-manage-plugins');
     409        $url = wp_nonce_url('plugins.php?action=delete-selected&verify-delete=1&' . implode('&', $checked), 'bulk-manage-plugins');
    410410        if ( false === ($credentials = request_filesystem_credentials($url)) ) {
    411411                $data = ob_get_contents();
    412412                ob_end_clean();
  • includes/post.php

     
    800800
    801801        $post_status_q = '';
    802802        if ( isset($q['post_status']) && in_array( $q['post_status'], array_keys($post_stati) ) ) {
    803                 $post_status_q = '&post_status=' . $q['post_status'];
    804                 $post_status_q .= '&perm=readable';
     803                $post_status_q = '&post_status=' . $q['post_status'];
     804                $post_status_q .= '&perm=readable';
    805805        }
    806806
    807807        if ( isset($q['post_status']) && 'pending' === $q['post_status'] ) {
     
    820820                $posts_per_page = 15;
    821821        $posts_per_page = apply_filters('edit_posts_per_page', $posts_per_page);
    822822
    823         wp("post_type=post&what_to_show=posts$post_status_q&posts_per_page=$posts_per_page&order=$order&orderby=$orderby");
     823        wp("post_type=post&what_to_show=posts$post_status_q&posts_per_page=$posts_per_page&order=$order&orderby=$orderby");
    824824
    825825        return array($post_stati, $avail_post_stati);
    826826}
     
    13541354
    13551355<?php
    13561356        if ( $concatenate_scripts )
    1357                 echo "<script type='text/javascript' src='$baseurl/wp-tinymce.php?c=$zip&ver=$ver'></script>\n";
     1357                echo "<script type='text/javascript' src='$baseurl/wp-tinymce.php?c=$zip&amp;ver=$ver'></script>\n";
    13581358        else
    13591359                echo "<script type='text/javascript' src='$baseurl/tiny_mce.js?ver=$ver'></script>\n";
    13601360
  • includes/template.php

     
    501501                $args['popular_cats'] = get_terms( 'category', array( 'fields' => 'ids', 'orderby' => 'count', 'order' => 'DESC', 'number' => 10, 'hierarchical' => false ) );
    502502
    503503        if ( $descendants_and_self ) {
    504                 $categories = get_categories( "child_of=$descendants_and_self&hierarchical=0&hide_empty=0" );
     504                $categories = get_categories( "child_of=$descendants_and_self&amp;hierarchical=0&amp;hide_empty=0" );
    505505                $self = get_category( $descendants_and_self );
    506506                array_unshift( $categories, $self );
    507507        } else {
     
    598598                $checked_categories[] = $default;
    599599        }
    600600
    601         $categories = get_terms('link_category', 'orderby=count&hide_empty=0');
     601        $categories = get_terms('link_category', 'orderby=count&amp;hide_empty=0');
    602602
    603603        if ( empty($categories) )
    604604                return;
     
    20602060        else
    20612061                $ptime = mysql2date(__('Y/m/d \a\t g:i A'), $comment->comment_date );
    20622062
    2063         $delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
    2064         $approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
    2065         $unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
    2066         $spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
     2063        $delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&amp;p=$post->ID&amp;c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
     2064        $approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&amp;p=$post->ID&amp;c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
     2065        $unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&amp;p=$post->ID&amp;c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
     2066        $spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&amp;dt=spam&amp;p=$post->ID&amp;c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
    20672067
    20682068        echo "<tr id='comment-$comment->comment_ID' class='$the_comment_status'>";
    20692069        $columns = get_column_headers('edit-comments');
  • includes/theme-install.php

     
    154154        $tags = array();
    155155        foreach ( (array)$api_tags as $tag ) {
    156156                $tags[ $tag['name'] ] = (object) array(
    157                                                                 'link' => clean_url( admin_url('theme-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ),
     157                                                                'link' => clean_url( admin_url('theme-install.php?tab=search&amp;type=tag&amp;s=' . urlencode($tag['name'])) ),
    158158                                                                'name' => $tag['name'],
    159159                                                                'id' => sanitize_title_with_dashes($tag['name']),
    160160                                                                'count' => $tag['count'] );