Changes in branches/3.1 [17716:18044]
- Location:
- branches/3.1
- Files:
-
- 26 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.1/readme.html
r17716 r18044 9 9 <h1 id="logo"> 10 10 <a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" width="250" height="68" /></a> 11 <br /> Version 3.1. 211 <br /> Version 3.1.3 12 12 </h1> 13 13 <p style="text-align: center">Semantic Personal Publishing Platform</p> -
branches/3.1/wp-admin/admin-ajax.php
r17716 r18044 397 397 die('1'); 398 398 399 if ( !current_user_can( 'edit_post', $meta->post_id ) )399 if ( !current_user_can( 'edit_post', $meta->post_id ) || is_protected_meta( $meta->meta_key ) ) 400 400 die('-1'); 401 401 if ( delete_meta( $meta->meta_id ) ) … … 856 856 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 857 857 die('-1'); 858 if ( is_protected_meta( $meta->meta_key ) ) 859 die('-1'); 858 860 if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) { 859 861 if ( !$u = update_meta( $mid, $key, $value ) ) -
branches/3.1/wp-admin/custom-background.php
r17716 r18044 338 338 'post_content' => $url, 339 339 'post_mime_type' => $type, 340 'guid' => $url 340 'guid' => $url, 341 'context' => 'custom-background' 341 342 ); 342 343 -
branches/3.1/wp-admin/custom-header.php
r17716 r18044 596 596 'post_content' => $url, 597 597 'post_mime_type' => $type, 598 'guid' => $url); 598 'guid' => $url, 599 'context' => 'custom-header'); 599 600 600 601 // Save the data … … 688 689 'post_content' => $url, 689 690 'post_mime_type' => 'image/jpeg', 690 'guid' => $url 691 'guid' => $url, 692 'context' => 'custom-header' 691 693 ); 692 694 -
branches/3.1/wp-admin/includes/class-wp-plugins-list-table.php
r17716 r18044 196 196 } 197 197 198 function display_tablenav( $which ) {199 global $status;200 201 if ( !in_array( $status, array( 'mustuse', 'dropins' ) ) )202 parent::display_tablenav( $which );203 }204 205 198 function get_views() { 206 199 global $totals, $status; … … 287 280 global $status; 288 281 289 if ( 'recently_activated' == $status ) { ?> 290 <div class="alignleft actions"> 291 <?php submit_button( __( 'Clear List' ), 'secondary', 'clear-recent-list', false ); ?> 292 </div> 293 <?php } 282 if ( ! in_array($status, array('recently_activated', 'mustuse', 'dropins') ) ) 283 return; 284 285 echo '<div class="alignleft actions">'; 286 287 if ( 'recently_activated' == $status ) 288 submit_button( __( 'Clear List' ), 'secondary', 'clear-recent-list', false ); 289 elseif ( 'top' == $which && 'mustuse' == $status ) 290 echo '<p>' . __( 'Files in the <code>/wp-content/mu-plugins</code> directory are executed automatically.' ) . '</p>'; 291 elseif ( 'top' == $which && 'dropins' == $status ) 292 echo '<p>' . __( 'Drop-ins are advanced plugins in the <code>/wp-content</code> directory that replace WordPress functionality when present.' ) . '</p>'; 293 294 echo '</div>'; 294 295 } 295 296 -
branches/3.1/wp-admin/includes/import.php
r17716 r18044 81 81 'post_content' => $url, 82 82 'post_mime_type' => $type, 83 'guid' => $url 83 'guid' => $url, 84 'context' => 'import', 85 'post_status' => 'private' 84 86 ); 85 87 … … 87 89 $id = wp_insert_attachment( $object, $file ); 88 90 91 // schedule a cleanup for one day from now in case of failed import or missing wp_import_cleanup() call 92 wp_schedule_single_event( time() + 86400, 'importer_scheduled_cleanup', array( $id ) ); 93 89 94 return array( 'file' => $file, 'id' => $id ); 90 95 } -
branches/3.1/wp-admin/includes/media.php
r17716 r18044 1193 1193 $toggle_off = __( 'Hide' ); 1194 1194 1195 $filename = basename( $post->guid);1195 $filename = esc_html( basename( $post->guid ) ); 1196 1196 $title = esc_attr( $post->post_title ); 1197 1197 -
branches/3.1/wp-admin/includes/post.php
r17716 r18044 139 139 $post = get_post( $post_ID ); 140 140 $post_data['post_type'] = $post->post_type; 141 $post_data['post_mime_type'] = $post->post_mime_type; 141 142 142 143 $ptype = get_post_type_object($post_data['post_type']); … … 200 201 if ( $meta->post_id != $post_ID ) 201 202 continue; 203 if ( is_protected_meta( $value['key'] ) ) 204 continue; 202 205 update_meta( $key, $value['key'], $value['value'] ); 203 206 } … … 209 212 continue; 210 213 if ( $meta->post_id != $post_ID ) 214 continue; 215 if ( is_protected_meta( $meta->meta_key ) ) 211 216 continue; 212 217 delete_meta( $key ); … … 528 533 } 529 534 535 $_POST['post_mime_type'] = ''; 536 530 537 // Check for autosave collisions 531 538 // Does this need to be updated? ~ Mark … … 633 640 $post_ID = (int) $post_ID; 634 641 635 $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );636 637 642 $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : ''; 638 643 $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : ''; … … 651 656 $metakey = $metakeyinput; // default 652 657 653 if ( i n_array($metakey, $protected) )658 if ( is_protected_meta( $metakey ) ) 654 659 return false; 655 660 … … 757 762 global $wpdb; 758 763 759 $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );760 761 764 $meta_key = stripslashes($meta_key); 762 765 763 if ( i n_array($meta_key, $protected) )766 if ( is_protected_meta( $meta_key ) ) 764 767 return false; 765 768 … … 994 997 $q['cat'] = isset( $q['cat'] ) ? (int) $q['cat'] : 0; 995 998 $q['post_type'] = 'attachment'; 996 $q['post_status'] = isset( $q['status'] ) && 'trash' == $q['status'] ? 'trash' : 'inherit'; 999 $post_type = get_post_type_object( 'attachment' ); 1000 $states = array( 'inherit' ); 1001 if ( current_user_can( $post_type->cap->read_private_posts ) ) 1002 $states[] = 'private'; 1003 1004 $q['post_status'] = isset( $q['status'] ) && 'trash' == $q['status'] ? 'trash' : $states; 997 1005 $media_per_page = (int) get_user_option( 'upload_per_page' ); 998 1006 if ( empty( $media_per_page ) || $media_per_page < 1 ) -
branches/3.1/wp-admin/includes/template.php
r17716 r18044 466 466 function _list_meta_row( $entry, &$count ) { 467 467 static $update_nonce = false; 468 469 if ( is_protected_meta( $entry['meta_key'] ) ) 470 return; 471 468 472 if ( !$update_nonce ) 469 473 $update_nonce = wp_create_nonce( 'add-meta' ); -
branches/3.1/wp-admin/includes/update-core.php
r17716 r18044 295 295 $required_php_version = '4.3'; 296 296 $required_mysql_version = '4.1.2'; 297 $wp_version = '3.1. 2';297 $wp_version = '3.1.3'; 298 298 $php_compat = version_compare( $php_version, $required_php_version, '>=' ); 299 299 $mysql_compat = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' ); -
branches/3.1/wp-admin/ms-delete-site.php
r17716 r18044 35 35 36 36 if ( isset( $_POST['action'] ) && $_POST['action'] == 'deleteblog' && isset( $_POST['confirmdelete'] ) && $_POST['confirmdelete'] == '1' ) { 37 check_admin_referer( 'delete-blog' ); 38 37 39 $hash = wp_generate_password( 20, false ); 38 40 update_option( 'delete_blog_hash', $hash ); … … 69 71 70 72 <form method="post" name="deletedirect"> 73 <?php wp_nonce_field( 'delete-blog' ) ?> 71 74 <input type="hidden" name="action" value="deleteblog" /> 72 75 <p><input id="confirmdelete" type="checkbox" name="confirmdelete" value="1" /> <label for="confirmdelete"><strong><?php printf( __( "I'm sure I want to permanently disable my site, and I am aware I can never get it back or use %s again." ), is_subdomain_install() ? $current_blog->domain : $current_blog->domain . $current_blog->path ); ?></strong></label></p> 73 76 <?php submit_button( __( 'Delete My Site Permanently' ) ); ?> 74 77 </form> 75 <?php78 <?php 76 79 } 77 80 echo '</div>'; -
branches/3.1/wp-admin/plugins.php
r17716 r18044 408 408 <input type="hidden" name="paged" value="<?php echo esc_attr($page) ?>" /> 409 409 410 <?php411 if ( 'mustuse' == $status )412 echo '<br class="clear" /><p>' . __( 'Files in the <code>/wp-content/mu-plugins</code> directory are executed automatically.' ) . '</p>';413 elseif ( 'dropins' == $status )414 echo '<br class="clear" /><p>' . __( 'Drop-ins are advanced plugins in the <code>/wp-content</code> directory that replace WordPress functionality when present.' ) . '</p>';415 ?>416 417 410 <?php $wp_list_table->display(); ?> 418 411 </form> -
branches/3.1/wp-admin/press-this.php
r17716 r18044 226 226 else 227 227 $src = 'http://'.str_replace('//','/', $host['host'].'/'.dirname($host['path']).'/'.$src); 228 $sources[] = esc_ attr($src);228 $sources[] = esc_url($src); 229 229 } 230 230 return "'" . implode("','", $sources) . "'"; -
branches/3.1/wp-app.php
r17716 r18044 608 608 $slug = ''; 609 609 if ( isset( $_SERVER['HTTP_SLUG'] ) ) 610 $slug = sanitize_file_name( $_SERVER['HTTP_SLUG'] );610 $slug = $_SERVER['HTTP_SLUG']; 611 611 elseif ( isset( $_SERVER['HTTP_TITLE'] ) ) 612 $slug = sanitize_file_name( $_SERVER['HTTP_TITLE'] );612 $slug = $_SERVER['HTTP_TITLE']; 613 613 elseif ( empty( $slug ) ) // just make a random name 614 614 $slug = substr( md5( uniqid( microtime() ) ), 0, 7); 615 615 $ext = preg_replace( '|.*/([a-z0-9]+)|', '$1', $_SERVER['CONTENT_TYPE'] ); 616 $slug = "$slug.$ext";616 $slug = sanitize_file_name( "$slug.$ext" ); 617 617 $file = wp_upload_bits( $slug, NULL, $bits); 618 618 -
branches/3.1/wp-includes/canonical.php
r17716 r18044 142 142 } elseif ( is_author() && !empty($_GET['author']) && preg_match( '|^[0-9]+$|', $_GET['author'] ) ) { 143 143 $author = get_userdata(get_query_var('author')); 144 if ( false !== $author && $redirect_url = get_author_posts_url($author->ID, $author->user_nicename) ) 145 $redirect['query'] = remove_query_arg('author', $redirect['query']); 144 if ( ( false !== $author ) && $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE $wpdb->posts.post_author = %d AND $wpdb->posts.post_status = 'publish' LIMIT 1", $author->ID ) ) ) { 145 if ( $redirect_url = get_author_posts_url($author->ID, $author->user_nicename) ) 146 $redirect['query'] = remove_query_arg('author', $redirect['query']); 147 } 146 148 } elseif ( is_category() || is_tag() || is_tax() ) { // Terms (Tags/categories) 147 149 -
branches/3.1/wp-includes/class-oembed.php
r17716 r18044 166 166 $args = wp_parse_args( $args, wp_embed_defaults() ); 167 167 168 $provider = add_query_arg( 'maxwidth', $args['width'], $provider );169 $provider = add_query_arg( 'maxheight', $args['height'], $provider );168 $provider = add_query_arg( 'maxwidth', (int) $args['width'], $provider ); 169 $provider = add_query_arg( 'maxheight', (int) $args['height'], $provider ); 170 170 $provider = add_query_arg( 'url', urlencode($url), $provider ); 171 171 -
branches/3.1/wp-includes/default-filters.php
r17716 r18044 59 59 // Save URL 60 60 foreach ( array( 'pre_comment_author_url', 'pre_user_url', 'pre_link_url', 'pre_link_image', 61 'pre_link_rss' ) as $filter ) {61 'pre_link_rss', 'pre_post_guid' ) as $filter ) { 62 62 add_filter( $filter, 'wp_strip_all_tags' ); 63 63 add_filter( $filter, 'esc_url_raw' ); … … 66 66 67 67 // Display URL 68 foreach ( array( 'user_url', 'link_url', 'link_image', 'link_rss', 'comment_url' ) as $filter ) {68 foreach ( array( 'user_url', 'link_url', 'link_image', 'link_rss', 'comment_url', 'post_guid' ) as $filter ) { 69 69 if ( is_admin() ) 70 70 add_filter( $filter, 'wp_strip_all_tags' ); … … 86 86 add_filter( $filter, 'sanitize_key' ); 87 87 } 88 89 // Mime types 90 add_filter( 'pre_post_mime_type', 'sanitize_mime_type' ); 91 add_filter( 'post_mime_type', 'sanitize_mime_type' ); 88 92 89 93 // Places to balance tags on input … … 219 223 add_action( 'login_head', 'wp_print_head_scripts', 9 ); 220 224 add_action( 'login_footer', 'wp_print_footer_scripts' ); 225 add_action( 'login_init', 'send_frame_options_header', 10, 0 ); 221 226 222 227 // Feed Generator Tags … … 250 255 add_action( 'comment_form', 'wp_comment_form_unfiltered_html_nonce' ); 251 256 add_action( 'wp_scheduled_delete', 'wp_scheduled_delete' ); 257 add_action( 'admin_init', 'send_frame_options_header', 10, 0 ); 258 add_action( 'importer_scheduled_cleanup', 'wp_delete_attachment' ); 252 259 253 260 // Navigation menu actions -
branches/3.1/wp-includes/formatting.php
r17716 r18044 719 719 $allowed = false; 720 720 foreach ( $mimes as $ext_preg => $mime_match ) { 721 $ext_preg = '! (^' . $ext_preg . ')$!i';721 $ext_preg = '!^(' . $ext_preg . ')$!i'; 722 722 if ( preg_match( $ext_preg, $part ) ) { 723 723 $allowed = true; … … 2904 2904 } 2905 2905 2906 /** 2907 * Sanitize a mime type 2908 * 2909 * @since 3.1.3 2910 * 2911 * @param string $mime_type Mime type 2912 * @return string Sanitized mime type 2913 */ 2914 function sanitize_mime_type( $mime_type ) { 2915 $sani_mime_type = preg_replace( '/[^-*.a-zA-Z0-9\/]/', '', $mime_type ); 2916 return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type ); 2917 } 2918 2906 2919 ?> -
branches/3.1/wp-includes/functions.php
r17716 r18044 4483 4483 } 4484 4484 4485 /** 4486 * Send a HTTP header to limit rendering of pages to same origin iframes. 4487 * 4488 * @link https://developer.mozilla.org/en/the_x-frame-options_response_header 4489 * 4490 * @since 3.1.3 4491 * @return none 4492 */ 4493 function send_frame_options_header() { 4494 @header( 'X-Frame-Options: SAMEORIGIN' ); 4495 } 4496 4485 4497 ?> -
branches/3.1/wp-includes/meta.php
r17716 r18044 46 46 $meta_key = stripslashes($meta_key); 47 47 $meta_value = stripslashes_deep($meta_value); 48 $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); 48 49 49 50 $check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique ); … … 114 115 $meta_key = stripslashes($meta_key); 115 116 $meta_value = stripslashes_deep($meta_value); 117 $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); 116 118 117 119 $check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value ); … … 489 491 return $wpdb->$table_name; 490 492 } 493 494 /** 495 * Determine whether a meta key is protected 496 * 497 * @since 3.1.3 498 * 499 * @param string $meta_key Meta key 500 * @return bool True if the key is protected, false otherwise. 501 */ 502 function is_protected_meta( $meta_key, $meta_type = null ) { 503 $protected = ( '_' == $meta_key[0] ); 504 505 return apply_filters( 'is_protected_meta', $protected, $meta_key, $meta_type ); 506 } 507 508 /** 509 * Sanitize meta value 510 * 511 * @since 3.1.3 512 * 513 * @param string $meta_key Meta key 514 * @param mixed $meta_value Meta value to sanitize 515 * @param string $meta_type Type of meta 516 * @return mixed Sanitized $meta_value 517 */ 518 function sanitize_meta( $meta_key, $meta_value, $meta_type = null ) { 519 return apply_filters( 'sanitize_meta', $meta_value, $meta_key, $meta_type ); 520 } 521 491 522 ?> -
branches/3.1/wp-includes/post.php
r17716 r18044 558 558 return false; 559 559 560 // Unattached attachments are assumed to be published. 561 if ( ('attachment' == $post->post_type) && ('inherit' == $post->post_status) && ( 0 == $post->post_parent) ) 562 return 'publish'; 563 564 if ( ('attachment' == $post->post_type) && $post->post_parent && ($post->ID != $post->post_parent) ) 565 return get_post_status($post->post_parent); 560 if ( 'attachment' == $post->post_type ) { 561 if ( 'private' == $post->post_status ) 562 return 'private'; 563 564 // Unattached attachments are assumed to be published 565 if ( ( 'inherit' == $post->post_status ) && ( 0 == $post->post_parent) ) 566 return 'publish'; 567 568 // Inherit status from the parent 569 if ( $post->post_parent && ( $post->ID != $post->post_parent ) ) 570 return get_post_status($post->post_parent); 571 } 566 572 567 573 return $post->post_status; … … 3533 3539 global $wpdb, $user_ID; 3534 3540 3535 $defaults = array('post_status' => ' draft', 'post_type' => 'post', 'post_author' => $user_ID,3541 $defaults = array('post_status' => 'inherit', 'post_type' => 'post', 'post_author' => $user_ID, 3536 3542 'ping_status' => get_option('default_ping_status'), 'post_parent' => 0, 3537 3543 'menu_order' => 0, 'to_ping' => '', 'pinged' => '', 'post_password' => '', 3538 'guid' => '', 'post_content_filtered' => '', 'post_excerpt' => '', 'import_id' => 0 );3544 'guid' => '', 'post_content_filtered' => '', 'post_excerpt' => '', 'import_id' => 0, 'context' => ''); 3539 3545 3540 3546 $object = wp_parse_args($object, $defaults); … … 3551 3557 3552 3558 $post_type = 'attachment'; 3553 $post_status = 'inherit'; 3559 3560 if ( ! in_array( $post_status, array( 'inherit', 'private' ) ) ) 3561 $post_status = 'inherit'; 3554 3562 3555 3563 // Make sure we set a valid category. … … 3653 3661 if ( isset($post_parent) && $post_parent < 0 ) 3654 3662 add_post_meta($post_ID, '_wp_attachment_temp_parent', $post_parent, true); 3663 3664 if ( ! empty( $context ) ) 3665 add_post_meta( $post_ID, '_wp_attachment_context', $context, true ); 3655 3666 3656 3667 if ( $update) { -
branches/3.1/wp-includes/query.php
r17716 r18044 2232 2232 } 2233 2233 2234 if ( !empty( $this->tax_query->queries ) || !empty( $q['meta_key'] ) ) {2235 $groupby = "{$wpdb->posts}.ID";2236 }2237 2238 2234 // Author/user stuff 2239 2235 … … 2479 2475 $join .= $clauses['join']; 2480 2476 $where .= $clauses['where']; 2477 } 2478 2479 if ( ! empty( $this->tax_query->queries ) || ! empty( $q['meta_query'] ) ) { 2480 $groupby = "{$wpdb->posts}.ID"; 2481 2481 } 2482 2482 -
branches/3.1/wp-includes/taxonomy.php
r17716 r18044 1256 1256 } 1257 1257 1258 if ( !empty($name__like) ) 1259 $where .= " AND t.name LIKE '" . like_escape( $name__like ) . "%'"; 1258 if ( !empty($name__like) ) { 1259 $name__like = like_escape( $name__like ); 1260 $where .= $wpdb->prepare( " AND t.name LIKE %s", $name__like . '%' ); 1261 } 1260 1262 1261 1263 if ( '' !== $parent ) { … … 1279 1281 if ( !empty($search) ) { 1280 1282 $search = like_escape($search); 1281 $where .= " AND (t.name LIKE '%$search%')";1283 $where .= $wpdb->prepare( " AND (t.name LIKE %s)", '%' . $search . '%'); 1282 1284 } 1283 1285 -
branches/3.1/wp-includes/theme.php
r17716 r18044 1436 1436 $url = str_replace( 'https://', 'http://', $url ); 1437 1437 1438 return $url;1438 return esc_url_raw( $url ); 1439 1439 } 1440 1440 -
branches/3.1/wp-includes/version.php
r17716 r18044 23 23 * @global string $wp_version 24 24 */ 25 $wp_version = '3.1. 2';25 $wp_version = '3.1.3'; 26 26 27 27 /** -
branches/3.1/wp-login.php
r17716 r18044 369 369 370 370 // allow plugins to override the default actions, and to add extra actions if they want 371 do_action('login_form_' . $action); 371 do_action( 'login_init' ); 372 do_action( 'login_form_' . $action ); 372 373 373 374 $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
Note: See TracChangeset
for help on using the changeset viewer.