Make WordPress Core

Changeset 6184


Ignore:
Timestamp:
10/03/2007 04:26:16 PM (17 years ago)
Author:
ryan
Message:

Add page sanitization. Props xknown. fixes #5135 for 2.3

Location:
branches/2.3
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/2.3/wp-admin/includes/template.php

    r6089 r6184  
    494494                $current = '';
    495495
    496             echo "\n\t<option value='$item->ID'$current>$pad $item->post_title</option>";
     496            echo "\n\t<option value='$item->ID'$current>$pad " . wp_specialchars($item->post_title) . "</option>";
    497497            parent_dropdown( $default, $item->ID, $level +1 );
    498498        }
  • branches/2.3/wp-includes/post.php

    r6155 r6184  
    103103    } elseif ( is_object($post) ) {
    104104        if ( 'page' == $post->post_type )
    105             return get_page($post, $output);
     105            return get_page($post, $output, $filter);
    106106        if ( !isset($post_cache[$blog_id][$post->ID]) )
    107107            $post_cache[$blog_id][$post->ID] = &$post;
     
    112112            $_post = & $post_cache[$blog_id][$post];
    113113        elseif ( $_post = wp_cache_get($post, 'pages') )
    114             return get_page($_post, $output);
     114            return get_page($_post, $output, $filter);
    115115        else {
    116116            $query = "SELECT * FROM $wpdb->posts WHERE ID = '$post' LIMIT 1";
    117117            $_post = & $wpdb->get_row($query);
    118118            if ( 'page' == $_post->post_type )
    119                 return get_page($_post, $output);
     119                return get_page($_post, $output, $filter);
    120120            $post_cache[$blog_id][$post] = & $_post;
    121121        }
     
    973973// Retrieves page data given a page ID or page object.
    974974// Handles page caching.
    975 function &get_page(&$page, $output = OBJECT) {
     975function &get_page(&$page, $output = OBJECT, $filter = 'raw') {
    976976    global $wpdb, $blog_id;
    977977
     
    986986    } elseif ( is_object($page) ) {
    987987        if ( 'post' == $page->post_type )
    988             return get_post($page, $output);
     988            return get_post($page, $output, $filter);
    989989        wp_cache_add($page->ID, $page, 'pages');
    990990        $_page = $page;
     
    999999                wp_cache_add($_page->ID, $_page, 'pages');
    10001000            } elseif ( isset($GLOBALS['post_cache'][$blog_id][$page]) ) { // it's actually a page, and is cached
    1001                 return get_post($page, $output);
     1001                return get_post($page, $output, $filter);
    10021002            } else { // it's not in any caches, so off to the DB we go
    10031003                // Why are we using assignment for this query?
    10041004                $_page = & $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID= '$page' LIMIT 1");
    10051005                if ( 'post' == $_page->post_type )
    1006                     return get_post($_page, $output);
     1006                    return get_post($_page, $output, $filter);
    10071007                // Potential issue: we're not checking to see if the post_type = 'page'
    10081008                // So all non-'post' posts will get cached as pages.
     
    10111011        }
    10121012    }
     1013
     1014    $_page = sanitize_post($_page, $filter);
    10131015
    10141016    // at this point, one way or another, $_post contains the page object
Note: See TracChangeset for help on using the changeset viewer.