Changes in branches/2.2 [5841:5828]
- Location:
- branches/2.2
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.2/wp-admin/admin-functions.php
r5841 r5828 902 902 global $wpdb; 903 903 904 $start = abs( (int) $start );904 $start = (int) $start; 905 905 $num = (int) $num; 906 906 -
branches/2.2/wp-admin/edit-comments.php
r5841 r5828 77 77 78 78 if ( isset( $_GET['apage'] ) ) 79 $page = abs( (int) $_GET['apage'] );79 $page = (int) $_GET['apage']; 80 80 else 81 81 $page = 1; -
branches/2.2/wp-admin/link-import.php
r5841 r5828 74 74 <h2><?php _e('Importing...') ?></h2> 75 75 <?php 76 $cat_id = abs( (int) $_POST['cat_id'] );77 if ( $cat_id < 1)76 $cat_id = $_POST['cat_id']; 77 if ( $cat_id == '' || $cat_id == 0 ) 78 78 $cat_id = 1; 79 79 -
branches/2.2/wp-admin/options.php
r5841 r5828 128 128 foreach ( (array) $options as $option) : 129 129 $disabled = ''; 130 $option->option_name = attribute_escape($option->option_name);131 130 if ( is_serialized($option->option_value) ) { 132 131 if ( is_serialized_string($option->option_value) ) { 133 132 // this is a serialized string, so we should display it 134 $value = maybe_unserialize($option->option_value);133 $value = wp_specialchars(maybe_unserialize($option->option_value), 'single'); 135 134 $options_to_update[] = $option->option_name; 136 135 $class = 'all-options'; … … 141 140 } 142 141 } else { 143 $value = $option->option_value;142 $value = wp_specialchars($option->option_value, 'single'); 144 143 $options_to_update[] = $option->option_name; 145 144 $class = 'all-options'; … … 150 149 <td>"; 151 150 152 if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'> " . wp_specialchars($value) . "</textarea>";153 else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value). "'$disabled />";151 if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>"; 152 else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />"; 154 153 155 154 echo "</td> … … 160 159 </table> 161 160 <?php $options_to_update = implode(',', $options_to_update); ?> 162 <p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p>161 <p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p> 163 162 </form> 164 163 </div> -
branches/2.2/wp-admin/upload-functions.php
r5841 r5828 108 108 $post_id = (int) $post_id; 109 109 ?> 110 <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style . '&tab=upload&post_id=' . $post_id); ?>">110 <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style) . '&tab=upload&post_id=' . $post_id; ?>"> 111 111 <?php 112 112 if ( $id ) : … … 203 203 if ( !current_user_can( 'upload_files' ) ) 204 204 wp_die( __('You are not allowed to upload files.') 205 . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style= " . attribute_escape($style . "&tab=browse-all&post_id=$post_id") . "'>"205 . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&tab=browse-all&post_id=$post_id'>" 206 206 . __('Browse Files') . '</a>' 207 207 ); … … 213 213 if ( isset($file['error']) ) 214 214 wp_die($file['error'] . "<br /><a href='" . get_option('siteurl') 215 . "/wp-admin/upload.php?style= " . attribute_escape($style . "&tab=$from_tab&post_id=$post_id") . "'>" . __('Back to Image Uploading') . '</a>'215 . "/wp-admin/upload.php?style=$style&tab=$from_tab&post_id=$post_id'>" . __('Back to Image Uploading') . '</a>' 216 216 ); 217 217 … … 260 260 if ( !current_user_can('edit_post', (int) $ID) ) 261 261 wp_die( __('You are not allowed to delete this attachment.') 262 . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style= " . attribute_escape($style . "&tab=$from_tab&post_id=$post_id") . "'>"262 . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&tab=$from_tab&post_id=$post_id'>" 263 263 . __('Go back') . '</a>' 264 264 ); -
branches/2.2/wp-includes/functions.php
r5841 r5828 204 204 /* Options functions */ 205 205 206 // expects $setting to already be SQL-escaped207 206 function get_option($setting) { 208 207 global $wpdb; … … 304 303 } 305 304 306 // expects $option_name to NOT be SQL-escaped307 305 function update_option($option_name, $newvalue) { 308 306 global $wpdb; … … 310 308 wp_protect_special_option($option_name); 311 309 312 $safe_option_name = $wpdb->escape($option_name);313 314 310 if ( is_string($newvalue) ) 315 311 $newvalue = trim($newvalue); 316 312 317 313 // If the new and old values are the same, no need to update. 318 $oldvalue = get_option($ safe_option_name);314 $oldvalue = get_option($option_name); 319 315 if ( $newvalue === $oldvalue ) { 320 316 return false; … … 354 350 355 351 // thx Alex Stapleton, http://alex.vort-x.net/blog/ 356 // expects $name to NOT be SQL-escaped357 352 function add_option($name, $value = '', $description = '', $autoload = 'yes') { 358 353 global $wpdb; 359 354 360 355 wp_protect_special_option($name); 361 $safe_name = $wpdb->escape($name);362 356 363 357 // Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query 364 358 $notoptions = wp_cache_get('notoptions', 'options'); 365 359 if ( !is_array($notoptions) || !isset($notoptions[$name]) ) 366 if ( false !== get_option($ safe_name) )360 if ( false !== get_option($name) ) 367 361 return; 368 362
Note: See TracChangeset
for help on using the changeset viewer.