WordPress.org

Make WordPress Core


Ignore:
Location:
branches/2.2
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • branches/2.2/wp-admin/admin-functions.php

    r5828 r5841  
    902902    global $wpdb;
    903903
    904     $start = (int) $start;
     904    $start = abs( (int) $start );
    905905    $num = (int) $num;
    906906
  • branches/2.2/wp-admin/edit-comments.php

    r5828 r5841  
    7777
    7878if ( isset( $_GET['apage'] ) )
    79     $page = (int) $_GET['apage'];
     79    $page = abs( (int) $_GET['apage'] );
    8080else
    8181    $page = 1;
  • branches/2.2/wp-admin/link-import.php

    r5828 r5841  
    7474<h2><?php _e('Importing...') ?></h2>
    7575<?php
    76         $cat_id = $_POST['cat_id'];
    77         if ( $cat_id == '' || $cat_id == 0 )
     76        $cat_id = abs( (int) $_POST['cat_id'] );
     77        if ( $cat_id < 1 )
    7878            $cat_id  = 1;
    7979
  • branches/2.2/wp-admin/options.php

    r5828 r5841  
    128128foreach ( (array) $options as $option) :
    129129    $disabled = '';
     130    $option->option_name = attribute_escape($option->option_name);
    130131    if ( is_serialized($option->option_value) ) {
    131132        if ( is_serialized_string($option->option_value) ) {
    132133            // this is a serialized string, so we should display it
    133             $value = wp_specialchars(maybe_unserialize($option->option_value), 'single');
     134            $value = maybe_unserialize($option->option_value);
    134135            $options_to_update[] = $option->option_name;
    135136            $class = 'all-options';
     
    140141        }
    141142    } else {
    142         $value = wp_specialchars($option->option_value, 'single');
     143        $value = $option->option_value;
    143144        $options_to_update[] = $option->option_name;
    144145        $class = 'all-options';
     
    149150<td>";
    150151
    151     if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";
    152     else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />";
     152    if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
     153    else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />";
    153154
    154155    echo "</td>
     
    159160  </table>
    160161<?php $options_to_update = implode(',', $options_to_update); ?>
    161 <p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
     162<p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
    162163  </form>
    163164</div>
  • branches/2.2/wp-admin/upload-functions.php

    r5828 r5841  
    108108    $post_id = (int) $post_id;
    109109?>
    110     <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style) . '&amp;tab=upload&amp;post_id=' . $post_id; ?>">
     110    <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style . '&amp;tab=upload&amp;post_id=' . $post_id); ?>">
    111111<?php
    112112    if ( $id ) :
     
    203203        if ( !current_user_can( 'upload_files' ) )
    204204            wp_die( __('You are not allowed to upload files.')
    205                 . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=browse-all&amp;post_id=$post_id'>"
     205                . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=browse-all&amp;post_id=$post_id") . "'>"
    206206                . __('Browse Files') . '</a>'
    207207            );
     
    213213        if ( isset($file['error']) )
    214214            wp_die($file['error'] . "<br /><a href='" . get_option('siteurl')
    215             . "/wp-admin/upload.php?style=$style&amp;tab=$from_tab&amp;post_id=$post_id'>" . __('Back to Image Uploading') . '</a>'
     215            . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=$from_tab&amp;post_id=$post_id") . "'>" . __('Back to Image Uploading') . '</a>'
    216216        );
    217217
     
    260260        if ( !current_user_can('edit_post', (int) $ID) )
    261261            wp_die( __('You are not allowed to delete this attachment.')
    262                 . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=$from_tab&amp;post_id=$post_id'>"
     262                . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=$from_tab&amp;post_id=$post_id") . "'>"
    263263                . __('Go back') . '</a>'
    264264            );
  • branches/2.2/wp-includes/functions.php

    r5828 r5841  
    204204/* Options functions */
    205205
     206// expects $setting to already be SQL-escaped
    206207function get_option($setting) {
    207208    global $wpdb;
     
    303304}
    304305
     306// expects $option_name to NOT be SQL-escaped
    305307function update_option($option_name, $newvalue) {
    306308    global $wpdb;
     
    308310    wp_protect_special_option($option_name);
    309311
     312    $safe_option_name = $wpdb->escape($option_name);
     313
    310314    if ( is_string($newvalue) )
    311315        $newvalue = trim($newvalue);
    312316
    313317    // If the new and old values are the same, no need to update.
    314     $oldvalue = get_option($option_name);
     318    $oldvalue = get_option($safe_option_name);
    315319    if ( $newvalue === $oldvalue ) {
    316320        return false;
     
    350354
    351355// thx Alex Stapleton, http://alex.vort-x.net/blog/
     356// expects $name to NOT be SQL-escaped
    352357function add_option($name, $value = '', $description = '', $autoload = 'yes') {
    353358    global $wpdb;
    354359
    355360    wp_protect_special_option($name);
     361    $safe_name = $wpdb->escape($name);
    356362
    357363    // Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query
    358364    $notoptions = wp_cache_get('notoptions', 'options');
    359365    if ( !is_array($notoptions) || !isset($notoptions[$name]) )
    360         if ( false !== get_option($name) )
     366        if ( false !== get_option($safe_name) )
    361367            return;
    362368
Note: See TracChangeset for help on using the changeset viewer.