Changes from branches/2.2/wp-admin/admin-functions.php at r5453 to trunk/wp-admin/admin-functions.php at r4760

File:

• trunk/wp-admin/admin-functions.php (modified) (44 diffs)

trunk/wp-admin/admin-functions.php

@@ -23 +23 @@
 
     // Check for autosave collisions
-    $temp_id = false;
     if ( isset($_POST['temp_ID']) ) {
         $temp_id = (int) $_POST['temp_ID'];
@@ -35 +34 @@
             $_POST['post_ID'] = $draft_ids[$temp_id];
             unset($_POST['temp_ID']);
+            relocate_children( $temp_id, $_POST['post_ID'] );
             update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
             return edit_post();
@@ -113 +113 @@
 
     // Reunite any orphaned attachments with their parent
-    if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
-        $draft_ids = array();
-    if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
-        relocate_children( $draft_temp_id, $post_ID );
-    if ( $temp_id && $temp_id != $draft_temp_id )
-        relocate_children( $temp_id, $post_ID );
-
     // Update autosave collision detection
     if ( $temp_id ) {
+        relocate_children( $temp_id, $post_ID );
         $draft_ids[$temp_id] = $post_ID;
         update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
@@ -146 +140 @@
     $post = & get_post( $post_ID, ARRAY_A );
 
-    $search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie";
+    $search = "#<a[^>]+rel=('|\" )[^'\"]*attachment[^>]*>#ie";
 
     // See if we have any rel="attachment" links
@@ -153 +147 @@
 
     $i = 0;
-    $search = "#[\s]+rel=(\"|')(.*?)wp-att-(\d+)\\1#i";
+    $search = "#[\s]+rel=(\"|' )(.*? )wp-att-(\d+ )\\1#i";
     foreach ( $anchor_matches[0] as $anchor ) {
         if ( 0 == preg_match( $search, $anchor, $id_matches ) )
             continue;
 
-        $id = (int) $id_matches[3];
+        $id = $id_matches[3];
 
         // While we have the attachment ID, let's adopt any orphans.
@@ -286 +280 @@
     add_meta( $post_ID );
 
-    wp_update_post( $_POST );
-
-    // Reunite any orphaned attachments with their parent
-    if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
-        $draft_ids = array();
-    if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
-        relocate_children( $draft_temp_id, $post_ID );
+    wp_update_post( $_POST);
 
     // Now that we have an ID we can fix any attachment anchor hrefs
@@ -371 +359 @@
         $text       = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
         $text       = funky_javascript_fix( $text);
-        $popupurl   = clean_url($_REQUEST['popupurl']);
+        $popupurl   = attribute_escape($_REQUEST['popupurl']);
         $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
     }
@@ -430 +418 @@
     $user->user_login   = attribute_escape($user->user_login);
     $user->user_email   = attribute_escape($user->user_email);
-    $user->user_url     = clean_url($user->user_url);
+    $user->user_url     = attribute_escape($user->user_url);
     $user->first_name   = attribute_escape($user->first_name);
     $user->last_name    = attribute_escape($user->last_name);
@@ -448 +436 @@
     if ( func_num_args() ) { // The hackiest hack that ever did hack
         global $current_user, $wp_roles;
-        $user_id = (int) func_get_arg( 0 );
+        $user_id = func_get_arg( 0 );
 
         if ( isset( $_POST['role'] ) ) {
@@ -466 +454 @@
     if ( $user_id != 0 ) {
         $update = true;
-        $user->ID = (int) $user_id;
+        $user->ID = $user_id;
         $userdata = get_userdata( $user_id );
         $user->user_login = $wpdb->escape( $userdata->user_login );
@@ -491 +479 @@
         $user->user_email = wp_specialchars( trim( $_POST['email'] ));
     if ( isset( $_POST['url'] ) ) {
-        $user->user_url = clean_url( trim( $_POST['url'] ));
+        $user->user_url = wp_specialchars( trim( $_POST['url'] ));
         $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
     }
@@ -575 +563 @@
     $link = get_link( $link_id );
 
-    $link->link_url         = clean_url($link->link_url);
+    $link->link_url         = attribute_escape($link->link_url);
     $link->link_name        = attribute_escape($link->link_name);
     $link->link_image       = attribute_escape($link->link_image);
     $link->link_description = attribute_escape($link->link_description);
-    $link->link_rss         = clean_url($link->link_rss);
+    $link->link_rss         = attribute_escape($link->link_rss);
     $link->link_rel         = attribute_escape($link->link_rel);
     $link->link_notes       =  wp_specialchars($link->link_notes);
@@ -589 +577 @@
 function get_default_link_to_edit() {
     if ( isset( $_GET['linkurl'] ) )
-        $link->link_url = clean_url( $_GET['linkurl']);
+        $link->link_url = attribute_escape( $_GET['linkurl']);
     else
         $link->link_url = '';
@@ -612 +600 @@
 
     $_POST['link_url'] = wp_specialchars( $_POST['link_url'] );
-    $_POST['link_url'] = clean_url($_POST['link_url']);
+    $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
     $_POST['link_name'] = wp_specialchars( $_POST['link_name'] );
     $_POST['link_image'] = wp_specialchars( $_POST['link_image'] );
-    $_POST['link_rss'] = clean_url($_POST['link_rss']);
+    $_POST['link_rss'] = wp_specialchars( $_POST['link_rss'] );
     $_POST['link_category'] = $_POST['post_category'];
 
@@ -682 +670 @@
             // No selected categories, strange
             $checked_categories[] = $default;
-        }
+        }   
     } else {
         $checked_categories[] = $default;
@@ -706 +694 @@
 function write_nested_categories( $categories ) {
     foreach ( $categories as $category ) {
-        echo '<li id="category-', $category['cat_ID'], '"><label for="in-category-', $category['cat_ID'], '" class="selectit"><input value="', $category['cat_ID'], '" type="checkbox" name="post_category[]" id="in-category-', $category['cat_ID'], '"', ($category['checked'] ? ' checked="checked"' : "" ), '/> ', wp_specialchars( apply_filters('the_category', $category['cat_name'] )), "</label></li>";
+        echo '<li id="category-', $category['cat_ID'], '"><label for="in-category-', $category['cat_ID'], '" class="selectit"><input value="', $category['cat_ID'], '" type="checkbox" name="post_category[]" id="in-category-', $category['cat_ID'], '"', ($category['checked'] ? ' checked="checked"' : "" ), '/> ', wp_specialchars( $category['cat_name'] ), "</label></li>";
 
         if ( $category['children'] ) {
@@ -738 +726 @@
             // No selected categories, strange
             $checked_categories[] = $default;
-        }
+        }   
     } else {
         $checked_categories[] = $default;
@@ -769 +757 @@
         $categories = get_categories( 'hide_empty=0' );
 
-    $children = _get_category_hierarchy();
-
     if ( $categories ) {
         ob_start();
@@ -776 +762 @@
             if ( $category->category_parent == $parent) {
                 echo "\t" . _cat_row( $category, $level );
-                if ( isset($children[$category->cat_ID]) )
-                    cat_rows( $category->cat_ID, $level +1, $categories );
+                cat_rows( $category->cat_ID, $level +1, $categories );
             }
         }
         $output = ob_get_contents();
         ob_end_clean();
-
+        
         $output = apply_filters('cat_rows', $output);
 
@@ -797 +782 @@
     if ( current_user_can( 'manage_categories' ) ) {
         $edit = "<a href='categories.php?action=edit&amp;cat_ID=$category->cat_ID' class='edit'>".__( 'Edit' )."</a></td>";
-        $default_cat_id = (int) get_option( 'default_category' );
-        $default_link_cat_id = (int) get_option( 'default_link_category' );
+        $default_cat_id = get_option( 'default_category' );
+        $default_link_cat_id = get_option( 'default_link_category' );
 
         if ( ($category->cat_ID != $default_cat_id ) && ($category->cat_ID != $default_link_cat_id ) )
-            $edit .= "<td><a href='" . wp_nonce_url( "categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . js_escape(sprintf( __("You are about to delete the category '%s'.\nAll posts that were only assigned to this category will be assigned to the '%s' category.\nAll links that were only assigned to this category will be assigned to the '%s' category.\n'OK' to delete, 'Cancel' to stop." ), $category->cat_name, get_catname( $default_cat_id ), get_catname( $default_link_cat_id ) )) . "' );\" class='delete'>".__( 'Delete' )."</a>";
+            $edit .= "<td><a href='" . wp_nonce_url( "categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . js_escape(sprintf( __("You are about to delete the category '%s'.\nAll of its posts will go into the default category of '%s'\nAll of its bookmarks will go into the default category of '%s'.\n'OK' to delete, 'Cancel' to stop." ), $category->cat_name, get_catname( $default_cat_id ), get_catname( $default_link_cat_id ) )) . "' );\" class='delete'>".__( 'Delete' )."</a>";
         else
             $edit .= "<td style='text-align:center'>".__( "Default" );
@@ -837 +822 @@
         $post->post_title = wp_specialchars( $post->post_title );
         $pad = str_repeat( '&#8212; ', $level );
-        $id = (int) $post->ID;
+        $id = $post->ID;
         $class = ('alternate' == $class ) ? '' : 'alternate';
 ?>
@@ -846 +831 @@
     </td> 
     <td><?php the_author() ?></td>
-    <td><?php if ( '0000-00-00 00:00:00' ==$post->post_modified ) _e('Unpublished'); else echo mysql2date( __('Y-m-d g:i a'), $post->post_modified ); ?></td> 
+    <td><?php if ( '0000-00-00 00:00:00' ==$post->post_modified ) _e('Unpublished'); else echo mysql2date( 'Y-m-d g:i a', $post->post_modified ); ?></td> 
     <td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e( 'View' ); ?></a></td>
     <td><?php if ( current_user_can( 'edit_page', $id ) ) { echo "<a href='page.php?action=edit&amp;post=$id' class='edit'>" . __( 'Edit' ) . "</a>"; } ?></td> 
@@ -883 +868 @@
     $r .= "</td>\n\t\t<td>";
     if ( current_user_can( 'edit_user', $user_object->ID ) ) {
-        $edit_link = add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" );
+        $edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
         $r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>";
     }
     $r .= "</td>\n\t</tr>";
     return $r;
-}
-
-function _wp_get_comment_list( $s = false, $start, $num ) {
-    global $wpdb;
-
-    $start = (int) $start;
-    $num = (int) $num;
-
-    if ( $s ) {
-        $s = $wpdb->escape($s);
-        $comments = $wpdb->get_results("SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->comments WHERE
-            (comment_author LIKE '%$s%' OR
-            comment_author_email LIKE '%$s%' OR
-            comment_author_url LIKE ('%$s%') OR
-            comment_author_IP LIKE ('%$s%') OR
-            comment_content LIKE ('%$s%') ) AND
-            comment_approved != 'spam'
-            ORDER BY comment_date DESC LIMIT $start, $num");
-    } else {
-        $comments = $wpdb->get_results( "SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->comments WHERE comment_approved = '0' OR comment_approved = '1' ORDER BY comment_date DESC LIMIT $start, $num" );
-    }
-
-    $total = $wpdb->get_var( "SELECT FOUND_ROWS()" );
-
-    return array($comments, $total);
-}
-
-function _wp_comment_list_item( $id, $alt = 0 ) {
-    global $authordata, $comment, $wpdb;
-    $id = (int) $id;
-    $comment =& get_comment( $id );
-    $class = '';
-    $authordata = get_userdata($wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $comment->comment_post_ID"));
-    $comment_status = wp_get_comment_status($comment->comment_ID);
-    if ( 'unapproved' == $comment_status )
-        $class .= ' unapproved';
-    if ( $alt % 2 )
-        $class .= ' alternate';
-    echo "<li id='comment-$comment->comment_ID' class='$class'>";
-?>
-<p><strong><?php comment_author(); ?></strong> <?php if ($comment->comment_author_email) { ?>| <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_url && 'http://' != $comment->comment_author_url) { ?> | <?php comment_author_url_link() ?> <?php } ?>| <?php _e('IP:') ?> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></p>
-
-<?php comment_text() ?>
-
-<p><?php comment_date(__('M j, g:i A'));  ?> &#8212; [
-<?php
-if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
-    echo " <a href='comment.php?action=editcomment&amp;c=".$comment->comment_ID."'>" .  __('Edit') . '</a>';
-    echo ' | <a href="' . wp_nonce_url('ocomment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
-    if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
-        echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
-        echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
-    }
-    echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=" . $comment->comment_post_ID . "&amp;c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), $comment->comment_author))  . "', theCommentList );\">" . __('Spam') . "</a> ";
-}
-$post = get_post($comment->comment_post_ID);
-$post_title = wp_specialchars( $post->post_title, 'double' );
-$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
-?>
- ] &#8212; <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php echo $post_title; ?></a></p>
-        </li>
-<?php
 }
 
@@ -1209 +1132 @@
             $state = true;
             foreach ( $markerdata as $n => $markerline ) {
-                if (strpos($markerline, '# BEGIN ' . $marker) !== false)
+                if ( strstr( $markerline, "# BEGIN {$marker}" ))
                     $state = false;
                 if ( $state ) {
@@ -1217 +1140 @@
                         fwrite( $f, "{$markerline}" );
                 }
-                if (strpos($markerline, '# END ' . $marker) !== false) {
+                if ( strstr( $markerline, "# END {$marker}" ) ) {
                     fwrite( $f, "# BEGIN {$marker}\n" );
                     if ( is_array( $insertion ))
@@ -1255 +1178 @@
         $state = false;
         foreach ( $markerdata as $markerline ) {
-            if (strpos($markerline, '# END ' . $marker) !== false)
+            if ( strstr( $markerline, "# END {$marker}" ))
                 $state = false;
             if ( $state )
                 $result[] = $markerline;
-            if (strpos($markerline, '# BEGIN ' . $marker) !== false)
+            if ( strstr( $markerline, "# BEGIN {$marker}" ))
                 $state = true;
         }
@@ -1347 +1270 @@
     if ( $items ) {
         foreach ( $items as $item ) {
-            // A page cannot be its own parent.
+            // A page cannot be it's own parent.
             if (!empty ( $post_ID ) ) {
                 if ( $item->ID == $post_ID ) {
@@ -1382 +1305 @@
     if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
         return false;
-
+    
     if ( empty( $parent) ) {
         if ( isset( $_wp_menu_nopriv[$pagenow] ) )
@@ -1394 +1317 @@
                 return false;
             if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$key][$plugin_page] ) )
-            return false;
+            return false;   
         }
         return true;
@@ -1516 +1439 @@
                     $parent_file = $_wp_real_parent_file[$parent_file];
             return $parent_file;
-        }
+        }           
     }
 
@@ -1523 +1446 @@
         if ( isset( $_wp_real_parent_file[$parent_file] ) )
             $parent_file = $_wp_real_parent_file[$parent_file];
-        return $parent_file;
+        return $parent_file;        
     }
 
@@ -1611 +1534 @@
 }
 
-function add_users_page( $page_title, $menu_title, $access_level, $file, $function = '' ) {
-    if ( current_user_can('edit_users') )
-        $parent = 'users.php';
-    else
-        $parent = 'profile.php';
-    return add_submenu_page( $parent, $page_title, $menu_title, $access_level, $file, $function );
-}
-
 function validate_file( $file, $allowed_files = '' ) {
     if ( false !== strpos( $file, './' ))
@@ -1688 +1603 @@
     elseif ( file_exists( ABSPATH . $file ) && is_file( ABSPATH . $file ) ) {
         $template_data = implode( '', file( ABSPATH . $file ) );
-        if ( preg_match( "|Template Name:(.*)|i", $template_data, $name ))
+        if ( preg_match( "|Template Name:(.* )|i", $template_data, $name ))
             return $name[1];
     }
@@ -1737 +1652 @@
     }
 
-    return array('Name' => $name, 'Title' => $plugin, 'Description' => $description, 'Author' => $author, 'Version' => $version);
+    return array ('Name' => $name, 'Title' => $plugin, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1] );
 }
 
@@ -1754 +1669 @@
     if ( $plugins_dir ) {
         while (($file = $plugins_dir->read() ) !== false ) {
-            if ( substr($file, 0, 1) == '.' )
+            if ( preg_match( '|^\.+$|', $file ))
                 continue;
             if ( is_dir( $plugin_root.'/'.$file ) ) {
@@ -1760 +1675 @@
                 if ( $plugins_subdir ) {
                     while (($subfile = $plugins_subdir->read() ) !== false ) {
-                        if ( substr($subfile, 0, 1) == '.' )
+                        if ( preg_match( '|^\.+$|', $subfile ))
                             continue;
-                        if ( substr($subfile, -4) == '.php' )
+                        if ( preg_match( '|\.php$|', $subfile ))
                             $plugin_files[] = "$file/$subfile";
                     }
                 }
             } else {
-                if ( substr($file, -4) == '.php' )
+                if ( preg_match( '|\.php$|', $file ))
                     $plugin_files[] = $file;
             }
@@ -1832 +1747 @@
         ';
 }
-
-if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)
+if ( strstr( $_SERVER['HTTP_USER_AGENT'], 'MSIE' ))
     add_action( 'admin_footer', 'browse_happy' );
 
@@ -1848 +1762 @@
 function get_importers() {
     global $wp_importers;
-    uasort($wp_importers, create_function('$a, $b', 'return strcmp($a[0], $b[0]);'));
+
     return $wp_importers;
 }
@@ -1972 +1886 @@
     // Compute the URL
     $url = $uploads['url'] . "/$filename";
-
+    
     $return = apply_filters( 'wp_handle_upload', array( 'file' => $new_file, 'url' => $url, 'type' => $type ) );
 
@@ -1994 +1908 @@
     $size = strtolower( ini_get( 'upload_max_filesize' ) );
     $bytes = 0;
-    if (strpos($size, 'k') !== false)
+    if ( strstr( $size, 'k' ) )
         $bytes = $size * 1024;
-    if (strpos($size, 'm') !== false)
+    if ( strstr( $size, 'm' ) )
         $bytes = $size * 1024 * 1024;
-    if (strpos($size, 'g') !== false)
+    if ( strstr( $size, 'g' ) )
         $bytes = $size * 1024 * 1024 * 1024;
 ?>
-<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
+<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo $action ?>">
 <p>
-<?php wp_nonce_field('import-upload'); ?>
 <label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
 <input type="file" id="upload" name="import" size="25" />
@@ -2132 +2045 @@
     wp_clearcookie();
     // Set cookies for new paths.
-    wp_setcookie( $user_login, $user_pass_md5, true, get_option( 'home' ), get_option( 'siteurl' ));
+    wp_setcookie( $user_login, $user_pass_md5, true, get_option( 'home' ), get_option( 'siteurl' ));    
 }
 
@@ -2154 +2067 @@
     }
 
-    if (function_exists('imageantialias'))
-        imageantialias( $dst, true );
-    
+    imageantialias( $dst, true );
     imagecopyresampled( $dst, $src, 0, 0, $src_x, $src_y, $dst_w, $dst_h, $src_w, $src_h );
 
@@ -2276 +2187 @@
             // If no filters change the filename, we'll do a default transformation.
             if ( basename( $file ) == $thumb = apply_filters( 'thumbnail_filename', basename( $file ) ) )
-                $thumb = preg_replace( '!(\.[^.]+)?$!', '.thumbnail' . '$1', basename( $file ), 1 );
+                $thumb = preg_replace( '!(\.[^.]+)?$!', __( '.thumbnail' ).'$1', basename( $file ), 1 );
 
             $thumbpath = str_replace( basename( $file ), $thumb, $file );
 
-            // move the thumbnail to its final destination
+            // move the thumbnail to it's final destination
             if ( $type[2] == 1 ) {
                 if (!imagegif( $thumbnail, $thumbpath ) ) {
@@ -2305 +2216 @@
         return $error;
     } else {
-        return apply_filters( 'wp_create_thumbnail', $thumbpath );
+        apply_filters( 'wp_create_thumbnail', $thumbpath );
+        return $thumbpath;
     }
 }