WordPress.org

Make WordPress Core


Ignore:
Location:
branches/2.8
Files:
2 deleted
24 edited

Legend:

Unmodified
Added
Removed
  • branches/2.8/readme.html

    r11806 r12077  
    99<h1 id="logo" style="text-align: center">
    1010    <img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
    11     <br /> Version 2.8.4
     11    <br /> Version 2.8.5
    1212</h1>
    1313<p style="text-align: center">Semantic Personal Publishing Platform</p>
     
    3030<h1>Upgrading</h1>
    3131<p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
    32 <h2>Upgrading from any previous WordPress to 2.8.4:</h2>
     32<h2>Upgrading from any previous WordPress to 2.8.5:</h2>
    3333<ol>
    3434    <li>Delete your old WP files, saving ones you've modified.</li>
  • branches/2.8/wp-admin/edit-attachment-rows.php

    r11806 r12077  
    210210} // end if ( have_posts() )
    211211?>
    212 
  • branches/2.8/wp-admin/import/wordpress.php

    r11806 r12077  
    685685
    686686    function is_valid_meta_key($key) {
    687         // skip _wp_attached_file metadata since we'll regenerate it from scratch
    688         if ( $key == '_wp_attached_file' )
     687        // skip attachment metadata since we'll regenerate it from scratch
     688        if ( $key == '_wp_attached_file' || $key == '_wp_attachment_metadata' )
    689689            return false;
    690690        return $key;
  • branches/2.8/wp-admin/includes/post.php

    r11806 r12077  
    247247    if ( isset($post_data['post_category']) ) {
    248248        if ( is_array($post_data['post_category']) && ! empty($post_data['post_category']) )
    249             $new_cats = array_map( absint, $post_data['post_category'] );
     249            $new_cats = array_map( 'absint', $post_data['post_category'] );
    250250        else
    251251            unset($post_data['post_category']);
     
    10581058    if ( !add_post_meta( $post->ID, '_edit_last', $current_user->ID, true ) )
    10591059        update_post_meta( $post->ID, '_edit_last', $current_user->ID );
     1060}
     1061
     1062/**
     1063 * Outputs the notice message to say that someone else is editing this post at the moment.
     1064 *
     1065 * @since 2.8.5
     1066 * @return none
     1067 */
     1068function _admin_notice_post_locked() {
     1069    global $post;
     1070    $last_user = get_userdata( get_post_meta( $post->ID, '_edit_last', true ) );
     1071    $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
     1072   
     1073    switch ($post->post_type) {
     1074        case 'post':
     1075            $message = __( 'Warning: %s is currently editing this post' );
     1076            break;
     1077        case 'page':
     1078            $message = __( 'Warning: %s is currently editing this page' );
     1079            break;
     1080        default:
     1081            $message = __( 'Warning: %s is currently editing this.' );
     1082    }
     1083   
     1084    $message = sprintf( $message, esc_html( $last_user_name ) );
     1085    echo "<div class='error'><p>$message</p></div>";   
    10601086}
    10611087
  • branches/2.8/wp-admin/includes/update-core.php

    r11806 r12077  
    127127'wp-admin/execute-pings.php',
    128128'wp-admin/import/b2.php',
     129'wp-admin/import/btt.php',
     130'wp-admin/import/jkw.php',
    129131'wp-admin/inline-uploading.php',
    130132'wp-admin/link-categories.php',
  • branches/2.8/wp-admin/install.php

    r11806 r12077  
    5050
    5151function display_setup_form( $error = null ) {
     52    // Ensure that Blogs appear in search engines by default
     53    $blog_public = 1;
     54    if ( isset($_POST) && !empty($_POST) ) {
     55        $blog_public = isset($_POST['blog_public']);
     56    }
     57   
    5258    if ( ! is_null( $error ) ) {
    5359?>
     
    6672        </tr>
    6773        <tr>
    68             <td colspan="2"><label><input type="checkbox" name="blog_public" value="1"<?php if( isset($_POST) && ! empty($_POST) && isset( $_POST['blog_public'] ) ) : ?> checked="checked"<?php endif; ?> /> <?php _e('Allow my blog to appear in search engines like Google and Technorati.'); ?></label></td>
     74            <td colspan="2"><label><input type="checkbox" name="blog_public" value="1" <?php checked($blog_public); ?> /> <?php _e('Allow my blog to appear in search engines like Google and Technorati.'); ?></label></td>
    6975        </tr>
    7076    </table>
  • branches/2.8/wp-admin/page.php

    r11806 r12077  
    9999    if ( current_user_can('edit_page', $page_ID) ) {
    100100        if ( $last = wp_check_post_lock( $post->ID ) ) {
    101             $last_user = get_userdata( $last );
    102             $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
    103             $message = sprintf( __( 'Warning: %s is currently editing this page' ), esc_html( $last_user_name ) );
    104             $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
    105             add_action('admin_notices', create_function( '', "echo '$message';" ) );
     101            add_action('admin_notices', '_admin_notice_post_locked' );
    106102        } else {
    107103            wp_set_post_lock( $post->ID );
  • branches/2.8/wp-admin/post.php

    r11806 r12077  
    134134    if ( current_user_can('edit_post', $post_ID) ) {
    135135        if ( $last = wp_check_post_lock( $post->ID ) ) {
    136             $last_user = get_userdata( $last );
    137             $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
    138             $message = sprintf( __( 'Warning: %s is currently editing this post' ), esc_html( $last_user_name ) );
    139             $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
    140             add_action('admin_notices', create_function( '', "echo '$message';" ) );
     136            add_action('admin_notices', '_admin_notice_post_locked' );
    141137        } else {
    142138            wp_set_post_lock( $post->ID );
  • branches/2.8/wp-app.php

    r11806 r12077  
    781781
    782782        $location = get_post_meta($entry['ID'], '_wp_attached_file', true);
     783        $location = get_option ('upload_path') . '/' . $location;
    783784        $filetype = wp_check_filetype($location);
    784785
     
    790791        header('Connection: close');
    791792
    792         $fp = fopen($location, "rb");
    793         while(!feof($fp)) {
    794             echo fread($fp, 4096);
    795         }
    796         fclose($fp);
     793        if ($fp = fopen($location, "rb")) {
     794            status_header('200');
     795            header('Content-Type: ' . $entry['post_mime_type']);
     796            header('Connection: close');
     797
     798            while(!feof($fp)) {
     799                echo fread($fp, 4096);
     800            }
     801
     802            fclose($fp);
     803        } else {
     804            status_header ('404');
     805        }
    797806
    798807        log_app('function',"get_file($postID)");
  • branches/2.8/wp-includes/author-template.php

    r11806 r12077  
    133133function the_author_link() {
    134134    if ( get_the_author_meta('url') ) {
    135         echo '<a href="' . get_the_author_meta('url') . '" title="' . sprintf(__("Visit %s&#8217;s website"), get_the_author()) . '" rel="external">' . get_the_author() . '</a>';
     135        echo '<a href="' . get_the_author_meta('url') . '" title="' . esc_attr( sprintf(__("Visit %s&#8217;s website"), get_the_author()) ) . '" rel="external">' . get_the_author() . '</a>';
    136136    } else {
    137137        the_author();
     
    182182        '<a href="%1$s" title="%2$s">%3$s</a>',
    183183        get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
    184         sprintf( __( 'Posts by %s' ), esc_attr( get_the_author() ) ),
     184        esc_attr( sprintf( __( 'Posts by %s' ), get_the_author() ) ),
    185185        get_the_author()
    186186    );
     
    293293                $link = $name;
    294294        } else {
    295             $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), esc_attr($author->display_name)) . '">' . $name . '</a>';
     295            $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . esc_attr( sprintf(__("Posts by %s"), $author->display_name) ) . '">' . $name . '</a>';
    296296
    297297            if ( (! empty($feed_image)) || (! empty($feed)) ) {
     
    302302
    303303                if ( !empty($feed) ) {
    304                     $title = ' title="' . $feed . '"';
    305                     $alt = ' alt="' . $feed . '"';
     304                    $title = ' title="' . esc_attr($feed) . '"';
     305                    $alt = ' alt="' . esc_attr($feed) . '"';
    306306                    $name = $feed;
    307307                    $link .= $title;
     
    311311
    312312                if ( !empty($feed_image) )
    313                     $link .= "<img src=\"$feed_image\" style=\"border: none;\"$alt$title" . ' />';
     313                    $link .= "<img src=\"" . esc_url($feed_image) . "\" style=\"border: none;\"$alt$title" . ' />';
    314314                else
    315315                    $link .= $name;
  • branches/2.8/wp-includes/bookmark-template.php

    r11806 r12077  
    9191        $rel = $bookmark->link_rel;
    9292        if ( '' != $rel )
    93             $rel = ' rel="' . $rel . '"';
     93            $rel = ' rel="' . esc_attr($rel) . '"';
    9494
    9595        $target = $bookmark->link_target;
  • branches/2.8/wp-includes/capabilities.php

    r11806 r12077  
    901901            $caps[] = 'read_private_pages';
    902902        break;
     903    case 'unfiltered_upload':
     904        if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS == true )
     905            $caps[] = $cap;
     906        else
     907            $caps[] = 'do_not_allow';
     908        break;
    903909    default:
    904910        // If no meta caps match, return the original cap.
  • branches/2.8/wp-includes/category-template.php

    r11806 r12077  
    6969
    7070    if ( $link )
    71         $chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $parent->cat_name ) . '">'.$name.'</a>' . $separator;
     71        $chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $parent->cat_name ) ) . '">'.$name.'</a>' . $separator;
    7272    else
    7373        $chain .= $name.$separator;
     
    191191                    if ( $category->parent )
    192192                        $thelist .= get_category_parents( $category->parent, true, $separator );
    193                     $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->name.'</a></li>';
     193                    $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a></li>';
    194194                    break;
    195195                case 'single':
    196                     $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>';
     196                    $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
    197197                    if ( $category->parent )
    198198                        $thelist .= get_category_parents( $category->parent, false, $separator );
     
    201201                case '':
    202202                default:
    203                     $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
     203                    $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
    204204            }
    205205        }
     
    214214                    if ( $category->parent )
    215215                        $thelist .= get_category_parents( $category->parent, true, $separator );
    216                     $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->cat_name.'</a>';
     216                    $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->cat_name.'</a>';
    217217                    break;
    218218                case 'single':
    219                     $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>';
     219                    $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
    220220                    if ( $category->parent )
    221221                        $thelist .= get_category_parents( $category->parent, false, $separator );
     
    224224                case '':
    225225                default:
    226                     $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->name.'</a>';
     226                    $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a>';
    227227            }
    228228            ++$i;
     
    353353
    354354    $categories = get_categories( $r );
     355    $name = esc_attr($name);
     356    $class = esc_attr($class);
    355357
    356358    $output = '';
  • branches/2.8/wp-includes/classes.php

    r11806 r12077  
    215215                    // Trim the query of everything up to the '?'.
    216216                    $query = preg_replace("!^.+\?!", '', $query);
    217 
     217                                       
    218218                    // Substitute the substring matches into the query.
    219                     eval("@\$query = \"" . addslashes($query) . "\";");
     219                    $query = addslashes(WP_MatchesMapRegex::apply($query, $matches));
    220220
    221221                    $this->matched_query = $query;
     
    15931593}
    15941594
     1595/**
     1596 * Helper class to remove the need to use eval to replace $matches[] in query strings.
     1597 *
     1598 * @since 2.9.0
     1599 */
     1600class WP_MatchesMapRegex {
     1601    /**
     1602     * store for matches
     1603     *
     1604     * @access private
     1605     * @var array
     1606     */
     1607    var $_matches;
     1608   
     1609    /**
     1610     * store for mapping result
     1611     *
     1612     * @access public
     1613     * @var string
     1614     */
     1615    var $output;
     1616   
     1617    /**
     1618     * subject to perform mapping on (query string containing $matches[] references
     1619     *
     1620     * @access private
     1621     * @var string
     1622     */
     1623    var $_subject;
     1624   
     1625    /**
     1626     * regexp pattern to match $matches[] references
     1627     *
     1628     * @var string
     1629     */
     1630    var $_pattern = '(\$matches\[[1-9]+[0-9]*\])'; // magic number
     1631   
     1632    /**
     1633     * constructor
     1634     *
     1635     * @param string $subject subject if regex
     1636     * @param array  $matches data to use in map
     1637     * @return self
     1638     */                     
     1639    function WP_MatchesMapRegex($subject, $matches) {
     1640        $this->_subject = $subject;
     1641        $this->_matches = $matches;
     1642        $this->output = $this->_map();             
     1643    }
     1644   
     1645    /**
     1646     * Substitute substring matches in subject.
     1647     *
     1648     * static helper function to ease use
     1649     *
     1650     * @access public
     1651     * @param string $subject subject
     1652     * @param array  $matches data used for subsitution
     1653     * @return string
     1654     */
     1655    function apply($subject, $matches) {
     1656        $oSelf =& new WP_MatchesMapRegex($subject, $matches);
     1657        return $oSelf->output;                                                             
     1658    }
     1659   
     1660    /**
     1661     * do the actual mapping
     1662     *
     1663     * @access private
     1664     * @return string
     1665     */
     1666    function _map() {
     1667        $callback = array(&$this, 'callback');
     1668        return preg_replace_callback($this->_pattern, $callback, $this->_subject);
     1669    }
     1670   
     1671    /**
     1672     * preg_replace_callback hook
     1673     *
     1674     * @access public
     1675     * @param  array $matches preg_replace regexp matches
     1676     * @return string
     1677     */
     1678    function callback($matches) {
     1679        $index = intval(substr($matches[0], 9, -1));
     1680        return ( isset( $this->_matches[$index] ) ? $this->_matches[$index] : '' );
     1681    }
     1682   
     1683}
     1684
    15951685?>
  • branches/2.8/wp-includes/comment-template.php

    r11806 r12077  
    338338        $classes = array_merge($classes, $class);
    339339    }
     340
     341    $classes = array_map('esc_attr', $classes);
    340342
    341343    return apply_filters('comment_class', $classes, $class, $comment_id, $post_id);
     
    941943
    942944    if ( 0 == $number && !comments_open() && !pings_open() ) {
    943         echo '<span' . ((!empty($css_class)) ? ' class="' . $css_class . '"' : '') . '>' . $none . '</span>';
     945        echo '<span' . ((!empty($css_class)) ? ' class="' . esc_attr( $css_class ) . '"' : '') . '>' . $none . '</span>';
    944946        return;
    945947    }
     
    973975    echo apply_filters( 'comments_popup_link_attributes', '' );
    974976
    975     echo ' title="' . sprintf( __('Comment on %s'), $title ) . '">';
     977    echo ' title="' . esc_attr( sprintf( __('Comment on %s'), $title ) ) . '">';
    976978    comments_number( $zero, $one, $more, $number );
    977979    echo '</a>';
  • branches/2.8/wp-includes/formatting.php

    r11806 r12077  
    601601function sanitize_file_name( $filename ) {
    602602    $filename_raw = $filename;
    603     $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}");
     603    $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
    604604    $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
    605605    $filename = str_replace($special_chars, '', $filename);
     
    14531453 *
    14541454 * Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the
    1455  * value of the 'gmt_offset' option.
     1455 * value of the 'gmt_offset' option. Return format can be overridden using the
     1456 * $format parameter
    14561457 *
    14571458 * @since 1.2.0
     
    14591460 * @uses get_option() to retrieve the the value of 'gmt_offset'.
    14601461 * @param string $string The date to be converted.
     1462 * @param string $format The format string for the returned date (default is Y-m-d H:i:s)
    14611463 * @return string GMT version of the date provided.
    14621464 */
    1463 function get_gmt_from_date($string) {
     1465function get_gmt_from_date($string, $format = 'Y-m-d H:i:s') {
    14641466    preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
    14651467    $string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
    1466     $string_gmt = gmdate('Y-m-d H:i:s', $string_time - get_option('gmt_offset') * 3600);
     1468    $string_gmt = gmdate($format, $string_time - get_option('gmt_offset') * 3600);
    14671469    return $string_gmt;
    14681470}
     
    14721474 *
    14731475 * Requires and returns in the Y-m-d H:i:s format. Simply adds the value of
    1474  * gmt_offset.
     1476 * gmt_offset.Return format can be overridden using the $format parameter
    14751477 *
    14761478 * @since 1.2.0
    14771479 *
    14781480 * @param string $string The date to be converted.
     1481 * @param string $format The format string for the returned date (default is Y-m-d H:i:s)
    14791482 * @return string Formatted date relative to the GMT offset.
    14801483 */
    1481 function get_date_from_gmt($string) {
     1484function get_date_from_gmt($string, $format = 'Y-m-d H:i:s') {
    14821485    preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
    14831486    $string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
    1484     $string_localtime = gmdate('Y-m-d H:i:s', $string_time + get_option('gmt_offset')*3600);
     1487    $string_localtime = gmdate($format, $string_time + get_option('gmt_offset')*3600);
    14851488    return $string_localtime;
    14861489}
  • branches/2.8/wp-includes/general-template.php

    r11806 r12077  
    10241024    /* translators: Calendar caption: 1: month name, 2: 4-digit year */
    10251025    $calendar_caption = _x('%1$s %2$s', 'calendar caption');
    1026     echo '<table id="wp-calendar" summary="' . __('Calendar') . '">
     1026    echo '<table id="wp-calendar" summary="' . esc_attr__('Calendar') . '">
    10271027    <caption>' . sprintf($calendar_caption, $wp_locale->get_month($thismonth), date('Y', $unixmonth)) . '</caption>
    10281028    <thead>
     
    10371037    foreach ( $myweek as $wd ) {
    10381038        $day_name = (true == $initial) ? $wp_locale->get_weekday_initial($wd) : $wp_locale->get_weekday_abbrev($wd);
     1039        $wd = esc_attr($wd);
    10391040        echo "\n\t\t<th abbr=\"$wd\" scope=\"col\" title=\"$wd\">$day_name</th>";
    10401041    }
     
    10591060    if ( $next ) {
    10601061        echo "\n\t\t".'<td abbr="' . $wp_locale->get_month($next->month) . '" colspan="3" id="next"><a href="' .
    1061         get_month_link($next->year, $next->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $wp_locale->get_month($next->month),
    1062             date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) . '">' . $wp_locale->get_month_abbrev($wp_locale->get_month($next->month)) . ' &raquo;</a></td>';
     1062        get_month_link($next->year, $next->month) . '" title="' . esc_attr( sprintf(__('View posts for %1$s %2$s'), $wp_locale->get_month($next->month) ,
     1063            date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) ) . '">' . $wp_locale->get_month_abbrev($wp_locale->get_month($next->month)) . ' &raquo;</a></td>';
    10631064    } else {
    10641065        echo "\n\t\t".'<td colspan="3" id="next" class="pad">&nbsp;</td>';
     
    11171118    $pad = calendar_week_mod(date('w', $unixmonth)-$week_begins);
    11181119    if ( 0 != $pad )
    1119         echo "\n\t\t".'<td colspan="'.$pad.'" class="pad">&nbsp;</td>';
     1120        echo "\n\t\t".'<td colspan="'. esc_attr($pad) .'" class="pad">&nbsp;</td>';
    11201121
    11211122    $daysinmonth = intval(date('t', $unixmonth));
     
    11311132
    11321133        if ( in_array($day, $daywithpost) ) // any posts today?
    1133                 echo '<a href="' . get_day_link($thisyear, $thismonth, $day) . "\" title=\"$ak_titles_for_day[$day]\">$day</a>";
     1134                echo '<a href="' . get_day_link($thisyear, $thismonth, $day) . "\" title=\"" . esc_attr($ak_titles_for_day[$day]) . "\">$day</a>";
    11341135        else
    11351136            echo $day;
     
    11421143    $pad = 7 - calendar_week_mod(date('w', mktime(0, 0 , 0, $thismonth, $day, $thisyear))-$week_begins);
    11431144    if ( $pad != 0 && $pad != 7 )
    1144         echo "\n\t\t".'<td class="pad" colspan="'.$pad.'">&nbsp;</td>';
     1145        echo "\n\t\t".'<td class="pad" colspan="'. esc_attr($pad) .'">&nbsp;</td>';
    11451146
    11461147    echo "\n\t</tr>\n\t</tbody>\n\t</table>";
  • branches/2.8/wp-includes/media.php

    r11806 r12077  
    592592        return $content;
    593593
    594     if ( $id ) $id = 'id="' . $id . '" ';
    595 
    596     return '<div ' . $id . 'class="wp-caption ' . $align . '" style="width: ' . (10 + (int) $width) . 'px">'
     594    if ( $id ) $id = 'id="' . esc_attr($id) . '" ';
     595
     596    return '<div ' . $id . 'class="wp-caption ' . esc_attr($align) . '" style="width: ' . (10 + (int) $width) . 'px">'
    597597    . do_shortcode( $content ) . '<p class="wp-caption-text">' . $caption . '</p></div>';
    598598}
  • branches/2.8/wp-includes/post-template.php

    r11806 r12077  
    342342        $classes = array_merge($classes, $class);
    343343    }
     344
     345    $classes = array_map('esc_attr', $classes);
    344346
    345347    return apply_filters('post_class', $classes, $class, $post_id);
     
    478480        $classes = array_merge($classes, $class);
    479481    }
     482
     483    $classes = array_map('esc_attr', $classes);
    480484
    481485    return apply_filters('body_class', $classes, $class);
     
    707711    $pages = get_pages($r);
    708712    $output = '';
     713    $name = esc_attr($name);
    709714
    710715    if ( ! empty($pages) ) {
     
    843848        $menu = '<ul>' . $menu . '</ul>';
    844849
    845     $menu = '<div class="' . $args['menu_class'] . '">' . $menu . "</div>\n";
     850    $menu = '<div class="' . esc_attr($args['menu_class']) . '">' . $menu . "</div>\n";
    846851    $menu = apply_filters( 'wp_page_menu', $menu, $args );
    847852    if ( $args['echo'] )
  • branches/2.8/wp-includes/rewrite.php

    r11806 r12077  
    300300
    301301            // Substitute the substring matches into the query.
    302             eval("\$query = \"" . addslashes($query) . "\";");
     302            $query = addslashes(WP_MatchesMapRegex::apply($query, $matches));
    303303            // Filter out non-public query vars
    304304            global $wp;
  • branches/2.8/wp-includes/theme.php

    r11806 r12077  
    876876        return;
    877877
    878     add_filter( 'template', create_function('', "return '{$_GET['template']}';") );
     878    add_filter( 'template', '_preview_theme_template_filter' );
    879879
    880880    if ( isset($_GET['stylesheet']) ) {
     
    882882        if ( validate_file($_GET['stylesheet']) )
    883883            return;
    884         add_filter( 'stylesheet', create_function('', "return '{$_GET['stylesheet']}';") );
     884        add_filter( 'stylesheet', '_preview_theme_stylesheet_filter' );
    885885    }
    886886
     
    891891}
    892892add_action('setup_theme', 'preview_theme');
     893
     894/**
     895 * Private function to modify the current template when previewing a theme
     896 *
     897 * @return string
     898 */
     899function _preview_theme_template_filter() {
     900    return isset($_GET['template']) ? $_GET['template'] : '';
     901}
     902
     903/**
     904 * Private function to modify the current stylesheet when previewing a theme
     905 *
     906 * @return string
     907 */
     908function _preview_theme_stylesheet_filter() {
     909    return isset($_GET['stylesheet']) ? $_GET['stylesheet'] : '';
     910}
    893911
    894912/**
  • branches/2.8/wp-includes/version.php

    r11806 r12077  
    99 * @global string $wp_version
    1010 */
    11 $wp_version = '2.8.4';
     11$wp_version = '2.8.5';
    1212
    1313/**
  • branches/2.8/wp-trackback.php

    r11806 r12077  
    5151
    5252if ($charset)
    53     $charset = strtoupper( trim($charset) );
     53    $charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
    5454else
    5555    $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
  • branches/2.8/xmlrpc.php

    r11806 r12077  
    527527            $page_date_gmt = mysql2date("Ymd\TH:i:s", $page->post_date_gmt, false);
    528528
     529            // For drafts use the GMT version of the date
     530            if ( $page->post_status == 'draft' ) {
     531                $page_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $page->post_date ), 'Ymd\TH:i:s' );
     532            }
     533
    529534            // Pull the categories info together.
    530535            $categories = array();
     
    791796                post_parent page_parent_id,
    792797                post_date_gmt,
    793                 post_date
     798                post_date,
     799                post_status
    794800            FROM {$wpdb->posts}
    795801            WHERE post_type = 'page'
     
    806812            $page_list[$i]->date_created_gmt = new IXR_Date($post_date_gmt);
    807813
     814            // For drafts use the GMT version of the date
     815            if ( $page_list[$i]->post_status == 'draft' ) {
     816                $page_list[$i]->date_created_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $page_list[$i]->post_date ), 'Ymd\TH:i:s' );
     817                $page_list[$i]->date_created_gmt = new IXR_Date( $page_list[$i]->date_created_gmt );
     818            }
     819
    808820            unset($page_list[$i]->post_date_gmt);
    809821            unset($page_list[$i]->post_date);
     822            unset($page_list[$i]->post_status);
    810823        }
    811824
     
    25772590            // For drafts use the GMT version of the post date
    25782591            if ( $postdata['post_status'] == 'draft' ) {
    2579                 $post_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $postdata['post_date'] ) );
    2580                 $post_date_gmt = preg_replace( '|\-|', '', $post_date_gmt );
    2581                 $post_date_gmt = preg_replace( '| |', 'T', $post_date_gmt );
     2592                $post_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $postdata['post_date'] ), 'Ymd\TH:i:s' );
    25822593            }
    25832594
     
    26982709            $post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt'], false);
    26992710
     2711            // For drafts use the GMT version of the date
     2712            if ( $entry['post_status'] == 'draft' ) {
     2713                $post_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $entry['post_date'] ), 'Ymd\TH:i:s' );
     2714            }
     2715
    27002716            $categories = array();
    27012717            $catids = wp_get_post_categories($entry['ID']);
     
    29322948            $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date'], false);
    29332949            $post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt'], false);
     2950
     2951            // For drafts use the GMT version of the date
     2952            if ( $entry['post_status'] == 'draft' ) {
     2953                $post_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $entry['post_date'] ), 'Ymd\TH:i:s' );
     2954            }
    29342955
    29352956            $struct[] = array(
Note: See TracChangeset for help on using the changeset viewer.