Changeset 5405
- Timestamp:
- 05/07/2007 03:57:15 PM (18 years ago)
- Location:
- branches/2.2/wp-admin
- Files:
-
- 9 edited
-
admin-functions.php (modified) (1 diff)
-
import/blogger.php (modified) (2 diffs)
-
import/dotclear.php (modified) (12 diffs)
-
import/greymatter.php (modified) (3 diffs)
-
import/livejournal.php (modified) (1 diff)
-
import/mt.php (modified) (2 diffs)
-
import/rss.php (modified) (1 diff)
-
import/textpattern.php (modified) (11 diffs)
-
import/wordpress.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/2.2/wp-admin/admin-functions.php
r5289 r5405 2003 2003 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>"> 2004 2004 <p> 2005 <?php wp_nonce_field('import-upload'); ?> 2005 2006 <label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> ) 2006 2007 <input type="file" id="upload" name="import" size="25" /> -
branches/2.2/wp-admin/import/blogger.php
r5087 r5405 744 744 // Step 9: Congratulate the user 745 745 function congrats() { 746 $blog = (int) $_GET['blog']; 746 747 echo '<h1>'.__('Congratulations!').'</h1><p>'.__('Now that you have imported your Blogger blog into WordPress, what are you going to do? Here are some suggestions:').'</p><ul><li>'.__('That was hard work! Take a break.').'</li>'; 747 748 if ( count($this->import['blogs']) > 1 ) 748 749 echo '<li>'.__('In case you haven\'t done it already, you can import the posts from your other blogs:'). $this->show_blogs() . '</li>'; 749 if ( $n = count($this->import['blogs'][$ _GET['blog']]['newusers']) )750 if ( $n = count($this->import['blogs'][$blog]['newusers']) ) 750 751 echo '<li>'.sprintf(__('Go to <a href="%s" target="%s">Authors & Users</a>, where you can modify the new user(s) or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.'), 'users.php', '_parent').'</li>'; 751 752 echo '<li>'.__('For security, click the link below to reset this importer.').'</li>'; … … 766 767 if ( isset( $_REQUEST['blog'] ) ) { 767 768 $blog = is_array($_REQUEST['blog']) ? array_shift( array_keys( $_REQUEST['blog'] ) ) : $_REQUEST['blog']; 769 $blog = (int) $blog; 768 770 $this->import_blog( $blog ); 769 771 } elseif ( isset($_GET['token']) ) -
branches/2.2/wp-admin/import/dotclear.php
r5087 r5405 148 148 echo '<p>'.__('Your DotClear Configuration settings are as follows:').'</p>'; 149 149 echo '<form action="admin.php?import=dotclear&step=1" method="post">'; 150 wp_nonce_field('import-dotclear'); 150 151 $this->db_form(); 151 echo '<p class="submit"><input type="submit" name="submit" value="'. __('Import Categories').' »" /></p>';152 echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories »')).'" /></p>'; 152 153 echo '</form></div>'; 153 154 } … … 559 560 560 561 echo '<form action="admin.php?import=dotclear&step=2" method="post">'; 561 printf('<input type="submit" name="submit" value="%s" />', __('Import Users')); 562 wp_nonce_field('import-dotclear'); 563 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users'))); 562 564 echo '</form>'; 563 565 … … 571 573 572 574 echo '<form action="admin.php?import=dotclear&step=3" method="post">'; 573 printf('<input type="submit" name="submit" value="%s" />', __('Import Posts')); 575 wp_nonce_field('import-dotclear'); 576 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts'))); 574 577 echo '</form>'; 575 578 } … … 582 585 583 586 echo '<form action="admin.php?import=dotclear&step=4" method="post">'; 584 printf('<input type="submit" name="submit" value="%s" />', __('Import Comments')); 587 wp_nonce_field('import-dotclear'); 588 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments'))); 585 589 echo '</form>'; 586 590 } … … 593 597 594 598 echo '<form action="admin.php?import=dotclear&step=5" method="post">'; 595 printf('<input type="submit" name="submit" value="%s" />', __('Import Links')); 599 wp_nonce_field('import-dotclear'); 600 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links'))); 596 601 echo '</form>'; 597 602 } … … 605 610 606 611 echo '<form action="admin.php?import=dotclear&step=6" method="post">'; 607 printf('<input type="submit" name="submit" value="%s" />', __('Finish')); 612 wp_nonce_field('import-dotclear'); 613 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish'))); 608 614 echo '</form>'; 609 615 } … … 668 674 if ( $step > 0 ) 669 675 { 676 check_admin_referer('import-dotclear'); 677 670 678 if($_POST['dbuser']) 671 679 { 672 680 if(get_option('dcuser')) 673 681 delete_option('dcuser'); 674 add_option('dcuser', $_POST['dbuser']);682 add_option('dcuser', sanitize_user($_POST['dbuser'], true)); 675 683 } 676 684 if($_POST['dbpass']) … … 678 686 if(get_option('dcpass')) 679 687 delete_option('dcpass'); 680 add_option('dcpass', $_POST['dbpass']);688 add_option('dcpass', sanitize_user($_POST['dbpass'], true)); 681 689 } 682 690 … … 685 693 if(get_option('dcname')) 686 694 delete_option('dcname'); 687 add_option('dcname', $_POST['dbname']);695 add_option('dcname', sanitize_user($_POST['dbname'], true)); 688 696 } 689 697 if($_POST['dbhost']) … … 691 699 if(get_option('dchost')) 692 700 delete_option('dchost'); 693 add_option('dchost', $_POST['dbhost']);701 add_option('dchost', sanitize_user($_POST['dbhost'], true)); 694 702 } 695 703 if($_POST['dccharset']) … … 697 705 if(get_option('dccharset')) 698 706 delete_option('dccharset'); 699 add_option('dccharset', $_POST['dccharset']);707 add_option('dccharset', sanitize_user($_POST['dccharset'], true)); 700 708 } 701 709 if($_POST['dbprefix']) … … 703 711 if(get_option('dcdbprefix')) 704 712 delete_option('dcdbprefix'); 705 add_option('dcdbprefix', $_POST['dbprefix']);713 add_option('dcdbprefix', sanitize_user($_POST['dbprefix'], true)); 706 714 } 707 715 -
branches/2.2/wp-admin/import/greymatter.php
r4953 r5405 35 35 <input type="hidden" name="import" value="greymatter" /> 36 36 <input type="hidden" name="step" value="1" /> 37 <?php wp_nonce_field('import-greymatter'); ?> 37 38 <h3><?php _e('Second step: GreyMatter details:') ?></h3> 38 39 <p><table cellpadding="0"> … … 88 89 89 90 if (!chdir($archivespath)) 90 wp_die( sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $archivespath));91 wp_die(__("Wrong path, the path to the GM entries does not exist on the server")); 91 92 92 93 if (!chdir($gmpath)) 93 wp_die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $gmpath)); 94 wp_die(__("Wrong path, the path to the GM files does not exist on the server")); 95 96 $lastentry = (int) $lastentry; 94 97 95 98 $this->header(); … … 298 301 break; 299 302 case 1: 303 check_admin_referer('import-greymatter'); 300 304 $this->import(); 301 305 break; -
branches/2.2/wp-admin/import/livejournal.php
r5087 r5405 154 154 break; 155 155 case 1 : 156 check_admin_referer('import-upload'); 156 157 $this->import(); 157 158 break; -
branches/2.2/wp-admin/import/mt.php
r5087 r5405 148 148 echo '<ol id="authors">'; 149 149 echo '<form action="?import=mt&step=2&id=' . $this->id . '" method="post">'; 150 wp_nonce_field('import-mt'); 150 151 $j = -1; 151 152 foreach ($authors as $author) { … … 418 419 break; 419 420 case 1 : 421 check_admin_referer('import-upload'); 420 422 $this->select_authors(); 421 423 break; 422 424 case 2: 425 check_admin_referer('import-mt'); 423 426 $this->import(); 424 427 break; -
branches/2.2/wp-admin/import/rss.php
r4608 r5405 157 157 break; 158 158 case 1 : 159 check_admin_referer('import-upload'); 159 160 $this->import(); 160 161 break; -
branches/2.2/wp-admin/import/textpattern.php
r4608 r5405 57 57 echo '<p>'.__('Your Textpattern Configuration settings are as follows:').'</p>'; 58 58 echo '<form action="admin.php?import=textpattern&step=1" method="post">'; 59 wp_nonce_field('import-textpattern'); 59 60 $this->db_form(); 60 echo '<p class="submit"><input type="submit" name="submit" value="'. __('Import Categories').' »" /></p>';61 echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories »')).'" /></p>'; 61 62 echo '</form>'; 62 63 echo '</div>'; … … 484 485 485 486 echo '<form action="admin.php?import=textpattern&step=2" method="post">'; 486 printf('<input type="submit" name="submit" value="%s" />', __('Import Users')); 487 wp_nonce_field('import-textpattern'); 488 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users'))); 487 489 echo '</form>'; 488 490 … … 496 498 497 499 echo '<form action="admin.php?import=textpattern&step=3" method="post">'; 498 printf('<input type="submit" name="submit" value="%s" />', __('Import Posts')); 500 wp_nonce_field('import-textpattern'); 501 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts'))); 499 502 echo '</form>'; 500 503 } … … 507 510 508 511 echo '<form action="admin.php?import=textpattern&step=4" method="post">'; 509 printf('<input type="submit" name="submit" value="%s" />', __('Import Comments')); 512 wp_nonce_field('import-textpattern'); 513 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments'))); 510 514 echo '</form>'; 511 515 } … … 518 522 519 523 echo '<form action="admin.php?import=textpattern&step=5" method="post">'; 520 printf('<input type="submit" name="submit" value="%s" />', __('Import Links')); 524 wp_nonce_field('import-textpattern'); 525 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links'))); 521 526 echo '</form>'; 522 527 } … … 530 535 531 536 echo '<form action="admin.php?import=textpattern&step=6" method="post">'; 532 printf('<input type="submit" name="submit" value="%s" />', __('Finish')); 537 wp_nonce_field('import-textpattern'); 538 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish'))); 533 539 echo '</form>'; 534 540 } … … 591 597 if ( $step > 0 ) 592 598 { 599 check_admin_referer('import-textpattern'); 600 593 601 if($_POST['dbuser']) 594 602 { 595 603 if(get_option('txpuser')) 596 604 delete_option('txpuser'); 597 add_option('txpuser', $_POST['dbuser']);605 add_option('txpuser', sanitize_user($_POST['dbuser'], true)); 598 606 } 599 607 if($_POST['dbpass']) … … 601 609 if(get_option('txppass')) 602 610 delete_option('txppass'); 603 add_option('txppass', $_POST['dbpass']);611 add_option('txppass', sanitize_user($_POST['dbpass'], true)); 604 612 } 605 613 … … 608 616 if(get_option('txpname')) 609 617 delete_option('txpname'); 610 add_option('txpname', $_POST['dbname']);618 add_option('txpname', sanitize_user($_POST['dbname'], true)); 611 619 } 612 620 if($_POST['dbhost']) … … 614 622 if(get_option('txphost')) 615 623 delete_option('txphost'); 616 add_option('txphost', $_POST['dbhost']);624 add_option('txphost', sanitize_user($_POST['dbhost'], true)); 617 625 } 618 626 if($_POST['dbprefix']) … … 620 628 if(get_option('tpre')) 621 629 delete_option('tpre'); 622 add_option('tpre', $_POST['dbprefix']);630 add_option('tpre', sanitize_user($_POST['dbprefix'])); 623 631 } 624 632 -
branches/2.2/wp-admin/import/wordpress.php
r5252 r5405 160 160 echo '<ol id="authors">'; 161 161 echo '<form action="?import=wordpress&step=2&id=' . $this->id . '" method="post">'; 162 wp_nonce_field('import-wordpress'); 162 163 $j = -1; 163 164 foreach ($authors as $author) { … … 364 365 break; 365 366 case 1 : 367 check_admin_referer('import-upload'); 366 368 $this->select_authors(); 367 369 break; 368 370 case 2: 371 check_admin_referer('import-wordpress'); 369 372 $this->import(); 370 373 break;
Note: See TracChangeset
for help on using the changeset viewer.