Changeset 4112
- Timestamp:
- 08/24/2006 10:33:16 PM (18 years ago)
- Location:
- trunk
- Files:
-
- 13 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-db.php
r4041 r4112 294 294 295 295 $update = false; 296 296 297 if ( !empty($link_id) ) 297 298 $update = true; 298 299 300 if( trim( $link_name ) == '' ) 301 return 0; 302 $link_name = apply_filters('pre_link_name', $link_name); 303 304 if( trim( $link_url ) == '' ) 305 return 0; 306 $link_url = apply_filters('pre_link_url', $link_url); 307 299 308 if ( empty($link_rating) ) 300 309 $link_rating = 0; 310 else 311 $link_rating = (int) $link_rating; 312 313 if ( empty($link_image) ) 314 $link_image = ''; 315 $link_image = apply_filters('pre_link_image', $link_image); 301 316 302 317 if ( empty($link_target) ) 303 318 $link_target = ''; 319 $link_target = apply_filters('pre_link_target', $link_target); 304 320 305 321 if ( empty($link_visible) ) 306 322 $link_visible = 'Y'; 323 $link_visibile = preg_replace('/[^YNyn]/', '', $link_visible); 307 324 308 325 if ( empty($link_owner) ) 309 326 $link_owner = $current_user->id; 327 else 328 $link_owner = (int) $link_owner; 310 329 311 330 if ( empty($link_notes) ) 312 331 $link_notes = ''; 332 $link_notes = apply_filters('pre_link_notes', $link_notes); 333 334 if ( empty($link_description) ) 335 $link_description = ''; 336 $link_description = apply_filters('pre_link_description', $link_description); 337 338 if ( empty($link_rss) ) 339 $link_rss = ''; 340 $link_rss = apply_filters('pre_link_rss', $link_rss); 341 342 if ( empty($link_rel) ) 343 $link_rel = ''; 344 $link_rel = apply_filters('pre_link_rel', $link_rel); 313 345 314 346 // Make sure we set a valid category -
trunk/wp-admin/admin-functions.php
r4100 r4112 302 302 $post->post_title = apply_filters('title_edit_pre', $post->post_title); 303 303 304 $post->post_password = format_to_edit($post->post_password); 305 304 306 if ($post->post_type == 'page') 305 307 $post->page_template = get_post_meta($id, '_wp_page_template', true); … … 381 383 } 382 384 385 386 function get_user_to_edit($user_id) { 387 $user = new WP_User($user_id); 388 $user->user_login = wp_specialchars($user->user_login, 1); 389 $user->user_email = wp_specialchars($user->user_email, 1); 390 $user->user_url = wp_specialchars($user->user_url, 1); 391 $user->first_name = wp_specialchars($user->first_name, 1); 392 $user->last_name = wp_specialchars($user->last_name, 1); 393 $user->display_name = wp_specialchars($user->display_name, 1); 394 $user->nickname = wp_specialchars($user->nickname, 1); 395 $user->aim = wp_specialchars($user->aim, 1); 396 $user->yim = wp_specialchars($user->yim, 1); 397 $user->jabber = wp_specialchars($user->jabber, 1); 398 $user->description = wp_specialchars($user->description); 399 400 return $user; 401 } 383 402 384 403 // Creates a new user from the "Users" form using $_POST information. … … 510 529 $link->link_url = wp_specialchars($link->link_url, 1); 511 530 $link->link_name = wp_specialchars($link->link_name, 1); 512 $link->link_description = wp_specialchars($link->link_description); 531 $link->link_image = wp_specialchars($link->link_image, 1); 532 $link->link_description = wp_specialchars($link->link_description, 1); 513 533 $link->link_notes = wp_specialchars($link->link_notes); 514 $link->link_rss = wp_specialchars($link->link_rss); 534 $link->link_rss = wp_specialchars($link->link_rss, 1); 535 $link->link_rel = wp_specialchars($link->link_rel, 1); 515 536 $link->post_category = $link->link_category; 516 537 … … 960 981 if ('_' == $entry['meta_key'] { 0 }) 961 982 $style .= ' hidden'; 962 $key_js = addslashes(wp_specialchars( $entry['meta_key'], 'double' ));983 $key_js = js_escape($entry['meta_key']); 963 984 $entry['meta_key'] = wp_specialchars( $entry['meta_key'], true ); 964 985 $entry['meta_value'] = wp_specialchars( $entry['meta_value'], true ); … … 1012 1033 1013 1034 foreach ($keys as $key) { 1035 $key = wp_specialchars($key, 1); 1014 1036 echo "\n\t<option value='$key'>$key</option>"; 1015 1037 } -
trunk/wp-admin/edit-form-advanced.php
r4094 r4112 40 40 $already_pinged = explode("\n", trim($post->pinged)); 41 41 foreach ($already_pinged as $pinged_url) { 42 $pings .= "\n\t<li> $pinged_url</li>";42 $pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>"; 43 43 } 44 44 $pings .= '</ul>'; -
trunk/wp-admin/options-misc.php
r3759 r4112 18 18 <tr valign="top"> 19 19 <th scope="row"><?php _e('Store uploads in this folder'); ?>:</th> 20 <td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo str_replace(ABSPATH, '', get_settings('upload_path')); ?>" size="40" />20 <td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo wp_specialchars(str_replace(ABSPATH, '', get_settings('upload_path')), 1); ?>" size="40" /> 21 21 <br /> 22 22 <?php _e('Default is <code>wp-content/uploads</code>'); ?> -
trunk/wp-admin/options-permalink.php
r3759 r4112 149 149 <br /> 150 150 </p> 151 <p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo $permalink_structure; ?>" size="50" /></p>151 <p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo wp_specialchars($permalink_structure, 1); ?>" size="50" /></p> 152 152 153 153 <h3><?php _e('Optional'); ?></h3> … … 158 158 <?php endif; ?> 159 159 <p> 160 <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo $category_base; ?>" size="30" />160 <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo wp_specialchars($category_base, 1); ?>" size="30" /> 161 161 </p> 162 162 <p class="submit"> -
trunk/wp-admin/options.php
r4006 r4112 10 10 if ( !current_user_can('manage_options') ) 11 11 wp_die(__('Cheatin’ uh?')); 12 13 function sanitize_option($option, $value) { 14 15 switch ($option) { 16 case 'admin_email': 17 $value = sanitize_email($value); 18 break; 19 20 case 'default_post_edit_rows': 21 case 'mailserver_port': 22 case 'comment_max_links': 23 $value = abs((int) $value); 24 break; 25 26 case 'posts_per_page': 27 case 'posts_per_rss': 28 $value = (int) $value; 29 if ( empty($value) ) $value = 1; 30 if ( $value < -1 ) $value = abs($value); 31 break; 32 33 case 'default_ping_status': 34 case 'default_comment_status': 35 // Options that if not there have 0 value but need to be something like "closed" 36 if ( $value == '0' || $value == '') 37 $value = 'closed'; 38 break; 39 40 case 'blogdescription': 41 case 'blogname': 42 if (current_user_can('unfiltered_html') == false) 43 $value = wp_filter_post_kses( $value ); 44 break; 45 46 case 'blog_charset': 47 $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); 48 break; 49 50 case 'date_format': 51 case 'time_format': 52 case 'mailserver_url': 53 case 'mailserver_login': 54 case 'mailserver_pass': 55 case 'ping_sites': 56 case 'upload_path': 57 $value = strip_tags($value); 58 $value = wp_filter_kses($value); 59 break; 60 61 case 'gmt_offset': 62 $value = preg_replace('/[^0-9:.-]/', '', $value); 63 break; 64 65 case 'siteurl': 66 case 'home': 67 $value = clean_url($value); 68 break; 69 } 70 71 return $value; 72 } 12 73 13 74 switch($action) { … … 30 91 $old_home = get_settings('home'); 31 92 32 // HACK33 // Options that if not there have 0 value but need to be something like "closed"34 $nonbools = array('default_ping_status', 'default_comment_status');35 93 if ($options) { 36 94 foreach ($options as $option) { 37 95 $option = trim($option); 38 96 $value = trim(stripslashes($_POST[$option])); 39 if( in_array($option, $nonbools) && ( $value == '0' || $value == '') ) 40 $value = 'closed'; 41 42 if( $option == 'blogdescription' || $option == 'blogname' ) 43 if (current_user_can('unfiltered_html') == false) 44 $value = wp_filter_post_kses( $value ); 97 $value = sanitize_option($option, $value); 45 98 46 99 if (update_option($option, $value) ) { -
trunk/wp-admin/profile.php
r4079 r4112 9 9 $parent_file = 'profile.php'; 10 10 include_once('admin-header.php'); 11 $profileuser = new WP_User($user_ID);11 $profileuser = get_user_to_edit($user_ID); 12 12 13 13 $bookmarklet_height= 440; -
trunk/wp-admin/user-edit.php
r3946 r4112 41 41 include ('admin-header.php'); 42 42 43 $profileuser = new WP_User($user_id);43 $profileuser = get_user_to_edit($user_id); 44 44 45 45 if ( !current_user_can('edit_user', $user_id) ) -
trunk/wp-admin/users.php
r4000 r4112 98 98 99 99 function get_results() { 100 return $this->results;100 return (array) $this->results; 101 101 } 102 102 … … 336 336 337 337 <?php if ( $wp_user_search->is_search() ) : ?> 338 <h2><?php printf(__('Users Matching "%s" by Role'), $wp_user_search->search_term); ?></h2>338 <h2><?php printf(__('Users Matching "%s" by Role'), wp_specialchars($wp_user_search->search_term)); ?></h2> 339 339 <?php else : ?> 340 340 <h2><?php _e('User List by Role'); ?></h2> … … 342 342 343 343 <form action="" method="get" name="search" id="search"> 344 <p><input type="text" name="usersearch" id="usersearch" value="<?php echo wp_specialchars($wp_user_search->search_term ); ?>" /> <input type="submit" value="<?php _e('Search for users »'); ?>" /></p>344 <p><input type="text" name="usersearch" id="usersearch" value="<?php echo wp_specialchars($wp_user_search->search_term, 1); ?>" /> <input type="submit" value="<?php _e('Search for users »'); ?>" /></p> 345 345 </form> 346 346 -
trunk/wp-includes/default-filters.php
r4046 r4112 55 55 add_filter('pre_category_name', 'wp_specialchars', 30); 56 56 add_filter('pre_category_description', 'wp_filter_kses'); 57 58 //Links 59 add_filter('pre_link_name', 'strip_tags'); 60 add_filter('pre_link_name', 'trim'); 61 add_filter('pre_link_name', 'wp_filter_kses'); 62 add_filter('pre_link_name', 'wp_specialchars', 30); 63 add_filter('pre_link_description', 'wp_filter_kses'); 64 add_filter('pre_link_notes', 'wp_filter_kses'); 65 add_filter('pre_link_url', 'strip_tags'); 66 add_filter('pre_link_url', 'trim'); 67 add_filter('pre_link_url', 'clean_url'); 68 add_filter('pre_link_image', 'strip_tags'); 69 add_filter('pre_link_image', 'trim'); 70 add_filter('pre_link_image', 'clean_url'); 71 add_filter('pre_link_rss', 'strip_tags'); 72 add_filter('pre_link_rss', 'trim'); 73 add_filter('pre_link_rss', 'clean_url'); 74 add_filter('pre_link_target', 'strip_tags'); 75 add_filter('pre_link_target', 'trim'); 76 add_filter('pre_link_target', 'wp_filter_kses'); 77 add_filter('pre_link_target', 'wp_specialchars', 30); 78 add_filter('pre_link_rel', 'strip_tags'); 79 add_filter('pre_link_rel', 'trim'); 80 add_filter('pre_link_rel', 'wp_filter_kses'); 81 add_filter('pre_link_rel', 'wp_specialchars', 30); 57 82 58 83 // Users … … 116 141 // Misc filters 117 142 add_filter('option_ping_sites', 'privacy_ping_filter'); 143 add_filter('option_blog_charset', 'wp_specialchars'); 118 144 119 145 // Actions -
trunk/wp-includes/functions.php
r4109 r4112 200 200 201 201 function form_option($option) { 202 echo htmlspecialchars( get_option($option), ENT_QUOTES);202 echo wp_specialchars( get_option($option), 1 ); 203 203 } 204 204 -
trunk/wp-includes/link-template.php
r3862 r4112 477 477 478 478 if (isset($max_num_pages)) return $max_num_pages; 479 479 $posts_per = (int) get_option('posts_per_page'); 480 if ( empty($posts_per) ) $posts_per = 1; 481 480 482 if ( 'posts' == get_query_var('what_to_show') ) { 481 483 preg_match('#FROM\s(.*)\sORDER BY#siU', $wp_query->request, $matches); 482 484 $fromwhere = $matches[1]; 483 485 $numposts = $wpdb->get_var("SELECT COUNT(DISTINCT ID) FROM $fromwhere"); 484 $max_num_pages = ceil($numposts / get_option('posts_per_page'));486 $max_num_pages = ceil($numposts / $posts_per); 485 487 } else { 486 488 preg_match('#FROM\s(.*)\sORDER BY#siU', $wp_query->request, $matches); 487 489 $fromwhere = preg_replace('/( AND )?post_date >= (\'|\")(.*?)(\'|\")( AND post_date <= (\'\")(.*?)(\'\"))?/siU', '', $matches[1]); 488 490 $num_days = $wpdb->query("SELECT DISTINCT post_date FROM $fromwhere GROUP BY year(post_date), month(post_date), dayofmonth(post_date)"); 489 $max_num_pages = ceil($num_days / get_option('posts_per_page'));491 $max_num_pages = ceil($num_days / $posts_per); 490 492 } 491 493 -
trunk/wp-includes/query.php
r4096 r4112 552 552 $q['what_to_show'] = 'posts'; 553 553 } 554 $q['posts_per_page'] = (int) $q['posts_per_page']; 555 if ( $q['posts_per_page'] < -1 ) 556 $q['posts_per_page'] = abs($q['posts_per_page']); 557 else if ( $q['posts_per_page'] == 0 ) 558 $q['posts_per_page'] = 1; 554 559 555 560 if ( $this->is_home && (empty($this->query) || $q['preview'] == 'true') && ( 'page' == get_option('show_on_front') ) && get_option('page_on_front') ) {
Note: See TracChangeset
for help on using the changeset viewer.