WordPress.org

Make WordPress Core

Changeset 4229


Ignore:
Timestamp:
09/25/2006 02:09:08 AM (15 years ago)
Author:
ryan
Message:

Make those chars feel special.

Location:
branches/2.0
Files:
10 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-admin/admin-db.php

    r4032 r4229  
    267267
    268268    $update = false;
     269
    269270    if ( !empty($link_id) )
    270271        $update = true;
    271272
     273    if( trim( $link_name ) == '' )
     274        return 0;
     275    $link_name = apply_filters('pre_link_name', $link_name);
     276
     277    if( trim( $link_url ) == '' )
     278        return 0;
     279    $link_url = apply_filters('pre_link_url', $link_url);
     280
    272281    if ( empty($link_rating) )
    273282        $link_rating = 0;   
     283    else
     284        $link_rating = (int) $link_rating;
     285
     286    if ( empty($link_image) )
     287        $link_image = '';
     288    $link_image = apply_filters('pre_link_image', $link_image);
    274289
    275290    if ( empty($link_target) )
    276291        $link_target = ''; 
     292    $link_target = apply_filters('pre_link_target', $link_target);
    277293
    278294    if ( empty($link_visible) )
    279295        $link_visible = 'Y';
    280        
     296    $link_visibile = preg_replace('/[^YNyn]/', '', $link_visible);
     297
    281298    if ( empty($link_owner) )
    282299        $link_owner = $current_user->id;
     300    else
     301        $link_owner = (int) $link_owner;
    283302
    284303    if ( empty($link_notes) )
    285304        $link_notes = '';
     305    $link_notes = apply_filters('pre_link_notes', $link_notes);
     306
     307    if ( empty($link_description) )
     308        $link_description = '';
     309    $link_description = apply_filters('pre_link_description', $link_description);
     310
     311    if ( empty($link_rss) )
     312        $link_rss = '';
     313    $link_rss = apply_filters('pre_link_rss', $link_rss);
     314
     315    if ( empty($link_rel) )
     316        $link_rel = '';
     317    $link_rel = apply_filters('pre_link_rel', $link_rel);
     318
     319    // Make sure we set a valid category
     320    if (0 == count($link_category) || !is_array($link_category)) {
     321        $link_category = array(get_option('default_link_category'));
     322    }
    286323
    287324    if ( $update ) {
  • branches/2.0/wp-admin/admin-functions.php

    r4051 r4229  
    266266    $post->post_title = apply_filters('title_edit_pre', $post->post_title);
    267267
     268    $post->post_password = format_to_edit($post->post_password);
     269
    268270    if ($post->post_status == 'static')
    269271        $post->page_template = get_post_meta($id, '_wp_page_template', true);
     
    332334
    333335    return $category;
     336}
     337
     338function get_user_to_edit($user_id) {
     339    $user = new WP_User($user_id);
     340    $user->user_login = wp_specialchars($user->user_login, 1);
     341    $user->user_email = wp_specialchars($user->user_email, 1);
     342    $user->user_url = wp_specialchars($user->user_url, 1);
     343    $user->first_name = wp_specialchars($user->first_name, 1);
     344    $user->last_name = wp_specialchars($user->last_name, 1);
     345    $user->display_name = wp_specialchars($user->display_name, 1);
     346    $user->nickname = wp_specialchars($user->nickname, 1);
     347    $user->aim = wp_specialchars($user->aim, 1);
     348    $user->yim = wp_specialchars($user->yim, 1);
     349    $user->jabber = wp_specialchars($user->jabber, 1);
     350    $user->description = wp_specialchars($user->description);
     351
     352    return $user;
    334353}
    335354
     
    448467function get_link_to_edit($link_id) {
    449468    $link = get_link($link_id);
    450    
     469
    451470    $link->link_url = wp_specialchars($link->link_url, 1);
    452471    $link->link_name = wp_specialchars($link->link_name, 1);
    453     $link->link_description = wp_specialchars($link->link_description);
     472    $link->link_image = wp_specialchars($link->link_image, 1);
     473    $link->link_description = wp_specialchars($link->link_description, 1);
    454474    $link->link_notes = wp_specialchars($link->link_notes);
    455     $link->link_rss = wp_specialchars($link->link_rss);
    456    
     475    $link->link_rss = wp_specialchars($link->link_rss, 1);
     476    $link->link_rel = wp_specialchars($link->link_rel, 1);
     477    $link->post_category = $link->link_category;
     478
    457479    return $link;
    458480}
     
    877899
    878900    foreach ($keys as $key) {
     901        $key = wp_specialchars($key, 1);
    879902        echo "\n\t<option value='$key'>$key</option>";
    880903    }
  • branches/2.0/wp-admin/edit-form-advanced.php

    r4223 r4229  
    4040    $already_pinged = explode("\n", trim($post->pinged));
    4141    foreach ($already_pinged as $pinged_url) {
    42         $pings .= "\n\t<li>$pinged_url</li>";
     42        $pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
    4343    }
    4444    $pings .= '</ul>';
  • branches/2.0/wp-admin/options-misc.php

    r3771 r4229  
    1818<tr valign="top">
    1919<th scope="row"><?php _e('Store uploads in this folder'); ?>:</th>
    20 <td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo str_replace(ABSPATH, '', get_settings('upload_path')); ?>" size="40" />
     20<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo wp_specialchars(str_replace(ABSPATH, '', get_settings('upload_path')), 1); ?>" size="40" />
    2121<br />
    2222<?php _e('Default is <code>wp-content/uploads</code>'); ?>
  • branches/2.0/wp-admin/options-permalink.php

    r3771 r4229  
    149149<br />
    150150</p>
    151 <p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo $permalink_structure; ?>" size="50" /></p>
     151<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo wp_specialchars($permalink_structure, 1); ?>" size="50" /></p>
    152152
    153153<h3><?php _e('Optional'); ?></h3>
     
    158158<?php endif; ?>
    159159    <p>
    160   <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo $category_base; ?>" size="30" />
     160  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo wp_specialchars($category_base, 1); ?>" size="30" />
    161161     </p>
    162162    <p class="submit">
  • branches/2.0/wp-admin/options.php

    r3909 r4229  
    2525    die ( __('Cheatin&#8217; uh?') );
    2626
     27function sanitize_option($option, $value) {
     28
     29    switch ($option) {
     30        case 'admin_email':
     31            $value = sanitize_email($value);
     32            break;
     33
     34        case 'default_post_edit_rows':
     35        case 'mailserver_port':
     36        case 'comment_max_links':
     37            $value = abs((int) $value);
     38            break;
     39
     40        case 'posts_per_page':
     41        case 'posts_per_rss':
     42            $value = (int) $value;
     43            if ( empty($value) ) $value = 1;
     44            if ( $value < -1 ) $value = abs($value);
     45            break;
     46
     47        case 'default_ping_status':
     48        case 'default_comment_status':
     49            // Options that if not there have 0 value but need to be something like "closed"
     50            if ( $value == '0' || $value == '')
     51                $value = 'closed';
     52            break;
     53
     54        case 'blogdescription':
     55        case 'blogname':
     56            if (current_user_can('unfiltered_html') == false)
     57                $value = wp_filter_post_kses( $value );
     58            break;
     59
     60        case 'blog_charset':
     61            $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
     62            break;
     63
     64        case 'date_format':
     65        case 'time_format':
     66        case 'mailserver_url':
     67        case 'mailserver_login':
     68        case 'mailserver_pass':
     69        case 'ping_sites':
     70        case 'upload_path':
     71            $value = strip_tags($value);
     72            $value = wp_filter_kses($value);
     73            break;
     74
     75        case 'gmt_offset':
     76            $value = preg_replace('/[^0-9:.-]/', '', $value);
     77            break;
     78
     79        case 'siteurl':
     80        case 'home':
     81            $value = clean_url($value);
     82            break;
     83    }
     84
     85    return $value; 
     86}
     87
    2788switch($action) {
    2889
     
    44105    $old_home = get_settings('home');
    45106
    46     // HACK
    47     // Options that if not there have 0 value but need to be something like "closed"
    48     $nonbools = array('default_ping_status', 'default_comment_status');
    49107    if ($options) {
    50108        foreach ($options as $option) {
    51109            $option = trim($option);
    52110            $value = trim(stripslashes($_POST[$option]));
    53                 if( in_array($option, $nonbools) && ( $value == '0' || $value == '') )
    54                 $value = 'closed';
    55            
    56             if( $option == 'blogdescription' || $option == 'blogname' )
    57                 if (current_user_can('unfiltered_html') == false)
    58                     $value = wp_filter_post_kses( $value );
     111            $value = sanitize_option($option, $value);
    59112           
    60113            if (update_option($option, $value) ) {
  • branches/2.0/wp-admin/profile.php

    r3805 r4229  
    66$parent_file = 'profile.php';
    77include_once('admin-header.php');
    8 $profileuser = new WP_User($user_ID);
     8$profileuser = get_user_to_edit($user_ID);
    99
    1010$bookmarklet_height= 440;
  • branches/2.0/wp-admin/user-edit.php

    r3937 r4229  
    5050include ('admin-header.php');
    5151
    52 $profileuser = new WP_User($user_id);
     52$profileuser = get_user_to_edit($user_id);
    5353
    5454if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.');
  • branches/2.0/wp-includes/default-filters.php

    r4044 r4229  
    5858add_filter('pre_category_description', 'wp_filter_kses');
    5959
     60//Links
     61add_filter('pre_link_name', 'strip_tags');
     62add_filter('pre_link_name', 'trim');
     63add_filter('pre_link_name', 'wp_filter_kses');
     64add_filter('pre_link_name', 'wp_specialchars', 30);
     65add_filter('pre_link_description', 'wp_filter_kses');
     66add_filter('pre_link_notes', 'wp_filter_kses');
     67add_filter('pre_link_url', 'strip_tags');
     68add_filter('pre_link_url', 'trim');
     69add_filter('pre_link_url', 'clean_url');
     70add_filter('pre_link_image', 'strip_tags');
     71add_filter('pre_link_image', 'trim');
     72add_filter('pre_link_image', 'clean_url');
     73add_filter('pre_link_rss', 'strip_tags');
     74add_filter('pre_link_rss', 'trim');
     75add_filter('pre_link_rss', 'clean_url');
     76add_filter('pre_link_target', 'strip_tags');
     77add_filter('pre_link_target', 'trim');
     78add_filter('pre_link_target', 'wp_filter_kses');
     79add_filter('pre_link_target', 'wp_specialchars', 30);
     80add_filter('pre_link_rel', 'strip_tags');
     81add_filter('pre_link_rel', 'trim');
     82add_filter('pre_link_rel', 'wp_filter_kses');
     83add_filter('pre_link_rel', 'wp_specialchars', 30);
     84
    6085// Users
    6186add_filter('pre_user_display_name', 'strip_tags');
     
    116141add_filter('the_author', 'ent2ncr', 8);
    117142
     143<<<<<<< .working
     144=======
     145// Misc filters
     146add_filter('option_ping_sites', 'privacy_ping_filter');
     147add_filter('option_blog_charset', 'wp_specialchars');
     148
     149>>>>>>> .merge-right.r4112
    118150// Actions
    119151add_action('publish_post', 'generic_ping');
  • branches/2.0/wp-includes/functions.php

    r4048 r4229  
    322322
    323323function form_option($option) {
    324     echo htmlspecialchars( get_option($option), ENT_QUOTES );
     324    echo wp_specialchars( get_option($option), 1 );
    325325}
    326326
Note: See TracChangeset for help on using the changeset viewer.