WordPress.org

Make WordPress Core

Changes from tags/2.2 at r49757 to tags/2.2.1 at r49757


Ignore:
Location:
tags/2.2.1
Files:
2 added
41 edited

Legend:

Unmodified
Added
Removed
  • tags/2.2.1/wp-admin/admin-db.php

    r49757 r49757  
    8383    global $wpdb;
    8484
    85     extract($catarr);
     85    extract($catarr, EXTR_SKIP);
    8686
    8787    if( trim( $cat_name ) == '' )
     
    298298    global $wpdb, $current_user;
    299299
    300     extract($linkdata);
     300    extract($linkdata, EXTR_SKIP);
    301301
    302302    $update = false;
  • tags/2.2.1/wp-admin/admin-functions.php

    r49757 r49757  
    348348
    349349    $post->post_password = format_to_edit( $post->post_password );
     350   
     351    $post->menu_order = (int) $post->menu_order;
    350352
    351353    if ( $post->post_type == 'page' )
     
    397399function get_comment_to_edit( $id ) {
    398400    $comment = get_comment( $id );
    399 
    400     $comment->comment_content = format_to_edit( $comment->comment_content, user_can_richedit() );
     401   
     402    $comment->comment_ID = (int) $comment->comment_ID;
     403    $comment->comment_post_ID = (int) $comment->comment_post_ID;
     404
     405    $comment->comment_content = format_to_edit( $comment->comment_content );
    401406    $comment->comment_content = apply_filters( 'comment_edit_pre', $comment->comment_content);
    402407
    403408    $comment->comment_author = format_to_edit( $comment->comment_author );
    404409    $comment->comment_author_email = format_to_edit( $comment->comment_author_email );
     410    $comment->comment_author_url = clean_url($comment->comment_author_url);
    405411    $comment->comment_author_url = format_to_edit( $comment->comment_author_url );
    406412
     
    410416function get_category_to_edit( $id ) {
    411417    $category = get_category( $id );
     418   
     419    $category->term_id = (int) $category->term_id;
     420    $category->parent = (int) $category->parent;
    412421
    413422    return $category;
     
    936945if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
    937946    echo " <a href='comment.php?action=editcomment&amp;c=".$comment->comment_ID."'>" .  __('Edit') . '</a>';
    938     echo ' | <a href="' . wp_nonce_url('ocomment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
     947    echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
    939948    if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
    940949        echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
     
    10271036        $entry['meta_key']   = attribute_escape($entry['meta_key']);
    10281037        $entry['meta_value'] = attribute_escape($entry['meta_value']);
     1038        $entry['meta_id'] = (int) $entry['meta_id'];
    10291039        $r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>";
    10301040        $r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>";
     
    10791089
    10801090    foreach ( $keys as $key ) {
    1081         $key = attribute_escape( $key);
     1091        $key = attribute_escape( $key );
    10821092        echo "\n\t<option value='$key'>$key</option>";
    10831093    }
     
    11001110    $post_ID = (int) $post_ID;
    11011111
     1112    $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
     1113
    11021114    $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
    11031115    $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
     
    11141126        if ( $metakeyinput)
    11151127            $metakey = $metakeyinput; // default
     1128
     1129        if ( in_array($metakey, $protected) )
     1130            return false;
    11161131
    11171132        $result = $wpdb->query( "
     
    11341149function update_meta( $mid, $mkey, $mvalue ) {
    11351150    global $wpdb;
     1151
     1152    $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
     1153
     1154    if ( in_array($mkey, $protected) )
     1155        return false;
     1156
    11361157    $mvalue = maybe_serialize( stripslashes( $mvalue ));
    11371158    $mvalue = $wpdb->escape( $mvalue );
  • tags/2.2.1/wp-admin/comment.php

    r49757 r49757  
    4040    $nonce_action .= $comment;
    4141
    42     if ( ! $comment = get_comment($comment) )
     42    if ( ! $comment = get_comment_to_edit($comment) )
    4343        wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));
    4444
     
    9797<tr>
    9898<th scope="row" valign="top"><p><?php _e('Comment:'); ?></p></th>
    99 <td><?php echo apply_filters( 'comment_text', $comment->comment_content ); ?></td>
     99<td><?php echo $comment->comment_content; ?></td>
    100100</tr>
    101101</table>
     
    156156        wp_redirect(wp_get_referer());
    157157    } else {
    158         wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments');
     158        wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments');
    159159    }
    160160    exit();
     
    186186        wp_redirect(wp_get_referer());
    187187    } else {
    188         wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments');
     188        wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments');
    189189    }
    190190    exit();
  • tags/2.2.1/wp-admin/edit-comments.php

    r49757 r49757  
    8080else
    8181    $page = 1;
     82
    8283$start = $offset = ( $page - 1 ) * 20;
    8384
     
    8889
    8990$page_links = paginate_links( array(
    90     'base' => 'edit-comments.php?%_%',
    91     'format' => 'apage=%#%',
     91    'base' => add_query_arg( 'apage', '%#%' ),
     92    'format' => '',
    9293    'total' => ceil($total / 20),
    9394    'current' => $page
  • tags/2.2.1/wp-admin/edit-form-advanced.php

    r49757 r49757  
    11<?php
     2if ( isset($_GET['message']) )
     3      $_GET['message'] = (int) $_GET['message'];
    24$messages[1] = __('Post updated');
    35$messages[2] = __('Custom field updated');
     
    57?>
    68<?php if (isset($_GET['message'])) : ?>
    7 <div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>
     9<div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div>
    810<?php endif; ?>
    911
     
    2224    wp_nonce_field('add-post');
    2325} else {
     26    $post_ID = (int) $post_ID;
    2427    $form_action = 'editpost';
    2528    $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
     
    2730}
    2831
    29 $form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
    30 
    31 $form_prevstatus = '<input type="hidden" name="prev_status" value="' . $post->post_status . '" />';
    32 
    33 $form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $post->to_ping) .'" />';
     32$form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />';
     33
     34$form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />';
     35
     36$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';
    3437
    3538if ('' != $post->pinged) {
     
    4245}
    4346
    44 $saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . __('Save and Continue Editing') . '" />';
     47$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape( __('Save and Continue Editing') ) . '" />';
    4548
    4649if (empty($post->post_status)) $post->post_status = 'draft';
     
    4851?>
    4952
    50 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
     53<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
    5154<input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" />
    5255<input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
    53 <input type="hidden" name="post_author" value="<?php echo $post->post_author ?>" />
     56<input type="hidden" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
    5457<input type="hidden" id="post_type" name="post_type" value="post" />
    5558
     
    8992<fieldset id="passworddiv" class="dbx-box">
    9093<h3 class="dbx-handle"><?php _e('Post Password') ?></h3>
    91 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
     94<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div>
    9295</fieldset>
    9396
    9497<fieldset id="slugdiv" class="dbx-box">
    9598<h3 class="dbx-handle"><?php _e('Post Slug') ?></h3>
    96 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
     99<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div>
    97100</fieldset>
    98101
     
    126129if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
    127130else $selected = '';
    128 echo "<option value='$o->ID' $selected>$o->display_name</option>";
     131echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars( $o->display_name ) . "</option>";
    129132endforeach;
    130133?>
     
    141144<fieldset id="titlediv">
    142145    <legend><?php _e('Title') ?></legend>
    143     <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
     146    <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
    144147</fieldset>
    145148
     
    169172?>
    170173<?php if ( current_user_can('publish_posts') ) : ?>
    171     <input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" />
     174    <input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish'); ?>" />
    172175<?php endif; ?>
    173176<?php
     
    187190<?php
    188191if (current_user_can('upload_files')) {
    189     $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
     192    $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID);
    190193    $uploading_iframe_src = wp_nonce_url("upload.php?style=inline&amp;tab=upload&amp;post_id=$uploading_iframe_ID", 'inlineuploading');
    191194    $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
  • tags/2.2.1/wp-admin/edit-form-comment.php

    r49757 r49757  
    33$toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
    44$form_action = 'editedcomment';
    5 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='".$comment->comment_post_ID;
     5$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='" . $comment->comment_post_ID;
    66?>
    77
     
    99<?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
    1010<div class="wrap">
    11 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
     11<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
    1212<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
    1313
     
    2121    <legend><label for="name"><?php _e('Name:') ?></label></legend>
    2222    <div>
    23       <input type="text" name="newcomment_author" size="25" value="<?php echo $comment->comment_author ?>" tabindex="1" id="name" />
     23      <input type="text" name="newcomment_author" size="25" value="<?php echo attribute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" />
    2424    </div>
    2525</fieldset>
     
    2727        <legend><label for="email"><?php _e('E-mail:') ?></label></legend>
    2828        <div>
    29           <input type="text" name="newcomment_author_email" size="20" value="<?php echo $comment->comment_author_email ?>" tabindex="2" id="email" />
     29          <input type="text" name="newcomment_author_email" size="20" value="<?php echo attribute_escape( $comment->comment_author_email ); ?>" tabindex="2" id="email" />
    3030    </div>
    3131</fieldset>
     
    3333        <legend><label for="newcomment_author_url"><?php _e('URL:') ?></label></legend>
    3434        <div>
    35           <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url ?>" tabindex="3" />
     35          <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape( $comment->comment_author_url ); ?>" tabindex="3" />
    3636    </div>
    3737</fieldset>
  • tags/2.2.1/wp-admin/edit-form.php

    r49757 r49757  
    77<input type="hidden" name="mode" value="bookmarklet" />
    88<?php endif; ?>
    9 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
     9<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
    1010<input type="hidden" name="action" value='post' />
    1111
     
    2222    <fieldset id="titlediv">
    2323      <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend>
    24       <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
     24      <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div>
    2525    </fieldset>
    2626
     
    5050</script>
    5151
    52 <input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />
     52<input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" />
    5353
    5454<p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Locator">URL</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Locator">URL</abbr>s with spaces.)'), 'http://wordpress.org/docs/reference/post/#trackback'); echo '<br />'; ?>
     
    6565        echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />';
    6666    } ?>
    67     <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />
     67    <input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" />
    6868</p>
    6969
  • tags/2.2.1/wp-admin/edit-page-form.php

    r49757 r49757  
    33<h2 id="write-post"><?php _e('Write Page'); ?></h2>
    44<?php
     5
    56if (0 == $post_ID) {
    67    $form_action = 'post';
     
    910    $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
    1011} else {
     12    $post_ID = (int) $post_ID;
    1113    $form_action = 'editpost';
    1214    $nonce_action = 'update-page_' . $post_ID;
    1315    $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
    1416}
     17
     18$temp_ID = (int) $temp_ID;
     19$user_ID = (int) $user_ID;
    1520
    1621$sendto = clean_url(stripslashes(wp_get_referer()));
     
    6974<fieldset id="passworddiv" class="dbx-box">
    7075<h3 class="dbx-handle"><?php _e('Page Password') ?></h3>
    71 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
     76<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div>
    7277</fieldset>
    7378
     
    9499<fieldset id="slugdiv" class="dbx-box">
    95100<h3 class="dbx-handle"><?php _e('Page Slug') ?></h3>
    96 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
     101<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div>
    97102</fieldset>
    98103
     
    107112if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
    108113else $selected = '';
     114$o->ID = (int) $o->ID;
     115$o->display_name = wp_specialchars( $o->display_name );
    109116echo "<option value='$o->ID' $selected>$o->display_name</option>";
    110117endforeach;
     
    127134<fieldset id="titlediv">
    128135  <legend><?php _e('Page Title') ?></legend>
    129   <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
     136  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div>
    130137</fieldset>
    131138
  • tags/2.2.1/wp-admin/export.php

    r49757 r49757  
    148148-->
    149149
    150 <!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H:m'); ?>"-->
     150<!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H:i'); ?>"-->
    151151<rss version="2.0"
    152152    xmlns:content="http://purl.org/rss/1.0/modules/content/"
  • tags/2.2.1/wp-admin/install.php

    r49757 r49757  
    8383<?php
    8484    $result = wp_install($weblog_title, 'admin', $admin_email, $public);
    85     extract($result);
     85    extract($result, EXTR_SKIP);
    8686?>
    8787
  • tags/2.2.1/wp-admin/user-edit.php

    r49757 r49757  
    7777<?php wp_nonce_field('update-user_' . $user_id) ?>
    7878<?php if ( $wp_http_referer ) : ?>
    79     <input type="hidden" name="wp_http_referer" value="<?php echo wp_specialchars($wp_http_referer); ?>" />
     79    <input type="hidden" name="wp_http_referer" value="<?php echo clean_url($wp_http_referer); ?>" />
    8080<?php endif; ?>
    8181<p>
  • tags/2.2.1/wp-admin/users.php

    r49757 r49757  
    382382    <th colspan="7"><h3><?php echo $wp_roles->role_names[$role]; ?></h3></th>
    383383<?php else : ?>
    384     <th colspan="7"><h3><em><?php _e('No role for this blog'); ?></h3></th>
     384    <th colspan="7"><h3><em><?php _e('No role for this blog'); ?></em></h3></th>
    385385<?php endif; ?>
    386386</tr>
  • tags/2.2.1/wp-admin/widgets.css

    r49757 r49757  
    8585
    8686.placematt {
    87     position: absolute;
    8887    cursor: default;
    8988    margin: 10px 0 0;
    9089    padding: 0;
    9190    width: 238px;
     91    float:left;
    9292    background-color: #ffe;
    9393}
     
    107107}
    108108
     109
    109110#palettediv {
    110111    border: 1px solid #bbb;
    111112    background-color: #f0f8ff;
    112     height: 180px;
     113    height:auto;
    113114    margin-top: 10px;
    114115}
  • tags/2.2.1/wp-admin/widgets.php

    r49757 r49757  
    33require_once 'admin.php';
    44
    5 if ( ! current_user_can('edit_themes') )
     5if ( ! current_user_can('switch_themes') )
    66    wp_die( __( 'Cheatin&#8217; uh?' ));
    77
     
    1616?>
    1717    <link rel="stylesheet" href="widgets.css?version=<?php bloginfo('version'); ?>" type="text/css" />
     18    <!--[if IE 7]>
     19    <style type="text/css">
     20    #palette {float:left;}
     21    </style>
     22    <![endif]-->
    1823    <style type="text/css">
    1924        .dropzone ul { height: <?php echo constant( 'WP_WIDGETS_HEIGHT' ); ?>px; }
     
    6267        widgets.map(function(o) {o='widgetprefix-'+o; Position.absolutize(o); Position.relativize(o);} );
    6368        $A(Draggables.drags).map(function(o) {o.startDrag(null); o.finishDrag(null);});
    64         for ( var n in Draggables.drags ) {
    65             if ( Draggables.drags[n].element.id == 'lastmodule' ) {
    66                 Draggables.drags[n].destroy();
    67                 break;
     69        //for ( var n in Draggables.drags ) {
     70        for ( n=0; n<=Draggables.drags.length; n++ ) {
     71            if ( parseInt( n ) ) {
     72                if ( Draggables.drags[n].element.id == 'lastmodule' ) {
     73                    Draggables.drags[n].destroy();
     74                    break;
     75                }
    6876            }
    6977        }
     
    146154            if ( $(o).childNodes.length == 0 ) {
    147155                pm.style.display = 'block';
    148                 Position.absolutize(o+'placematt');
     156                //Position.absolutize(o+'placematt');
    149157            } else {
    150158                pm.style.display = 'none';
     
    294302       
    295303        <form id="sbadmin" method="post" onsubmit="serializeAll();">
     304            <p class="submit">
     305                <input type="submit" value="<?php _e( 'Save Changes &raquo;' ); ?>" />
     306            </p>
    296307            <div id="zones">
    297308            <?php
     
    303314                    <h3><?php echo $sidebar['name']; ?></h3>
    304315                   
    305                     <div id="<?php echo $index; ?>placematt" class="module placematt">
     316                    <div id="<?php echo $index; ?>placematt" class="module placemat">
    306317                        <span class="handle">
    307318                            <h4><?php _e( 'Default Sidebar' ); ?></h4>
  • tags/2.2.1/wp-content/themes/default/functions.php

    r49757 r49757  
    385385        </div>
    386386        <div id="jsForm">
    387             <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
     387            <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attribute_escape($_SERVER['REQUEST_URI']); ?>">
    388388                <?php wp_nonce_field('kubrick-header'); ?>
    389389    <input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php echo attribute_escape(__('Font Color')); ?>"></input>
  • tags/2.2.1/wp-includes/author-template.php

    r49757 r49757  
    184184        'feed' => '', 'feed_image' => '');
    185185    $r = array_merge($defaults, $r);
    186     extract($r);
     186    extract($r, EXTR_SKIP);
    187187   
    188188    // TODO:  Move select to get_authors().
  • tags/2.2.1/wp-includes/bookmark-template.php

    r49757 r49757  
    254254        'after' => '</li>', 'between' => "\n");
    255255    $r = array_merge($defaults, $r);
    256     extract($r);
     256    extract($r, EXTR_SKIP);
    257257
    258258    foreach ( (array) $bookmarks as $bookmark ) {
     
    332332        'category_before' => '<li id="%id" class="%class">', 'category_after' => '</li>');
    333333    $r = array_merge($defaults, $r);
    334     extract($r);
     334    extract($r, EXTR_SKIP);
    335335
    336336    $output = '';
  • tags/2.2.1/wp-includes/bookmark.php

    r49757 r49757  
    3535        'category_name' => '', 'hide_invisible' => 1, 'show_updated' => 0, 'include' => '', 'exclude' => '');
    3636    $r = array_merge($defaults, $r);
    37     extract($r);
     37    extract($r, EXTR_SKIP);
    3838
    3939    $key = md5( serialize( $r ) );
  • tags/2.2.1/wp-includes/category-template.php

    r49757 r49757  
    8282function _get_the_category_usort($a, $b) {
    8383    return strcmp($a->category_name, $b->category_name);
     84}
     85
     86function _get_the_category_usort_by_ID($a, $b) {
     87    if ( $a->cat_ID > $b->cat_ID )
     88        return 1;
     89    elseif ( $a->cat_ID < $b->cat_ID )
     90        return -1;
     91    else
     92        return 0;
    8493}
    8594
     
    183192    $r = array_merge($defaults, $r);
    184193    $r['include_last_update_time'] = $r['show_last_update'];
    185     extract($r);
     194    extract($r, EXTR_SKIP);
    186195
    187196    $categories = get_categories($r);
     
    234243    if ( isset($r['show_date']) )
    235244        $r['include_last_update_time'] = $r['show_date'];
    236     extract($r);
     245    extract($r, EXTR_SKIP);
    237246
    238247    $categories = get_categories($r);
  • tags/2.2.1/wp-includes/category.php

    r49757 r49757  
    2929        $r['orderby'] = "cat_" . $r['orderby'];  // restricts order by to cat_ID and cat_name fields
    3030    $r['number'] = (int) $r['number'];
    31     extract($r);
     31    extract($r, EXTR_SKIP);
    3232
    3333    $key = md5( serialize( $r ) );
  • tags/2.2.1/wp-includes/class-phpmailer.php

    r49757 r49757  
    391391    function SendmailSend($header, $body) {
    392392        if ($this->Sender != "")
    393             $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
     393            $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, escapeshellarg($this->Sender));
    394394        else
    395395            $sendmail = sprintf("%s -oi -t", $this->Sendmail);
  • tags/2.2.1/wp-includes/classes.php

    r49757 r49757  
    507507        if ( $depth )
    508508            $indent = str_repeat("\t", $depth);
    509         extract($args);
     509        extract($args, EXTR_SKIP);
    510510        $css_class = 'page_item';
    511511        $_current_page = get_page( $current_page );
     
    697697
    698698        $r = array_merge($defaults, $r);
    699         extract($r);
     699        extract($r, EXTR_SKIP);
    700700
    701701        if ( is_wp_error($id) ) {
  • tags/2.2.1/wp-includes/comment-template.php

    r49757 r49757  
    240240function trackback_rdf($timezone = 0) {
    241241    global $id;
    242     if (strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false) {
     242    if (stripos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') === false) {
    243243        echo '<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    244244                xmlns:dc="http://purl.org/dc/elements/1.1/"
     
    286286    $req = get_option('require_name_email');
    287287    $commenter = wp_get_current_commenter();
    288     extract($commenter);
     288    extract($commenter, EXTR_SKIP);
    289289
    290290    // TODO: Use API instead of SELECTs.
  • tags/2.2.1/wp-includes/comment.php

    r49757 r49757  
    179179function wp_allow_comment($commentdata) {
    180180    global $wpdb;
    181     extract($commentdata);
     181    extract($commentdata, EXTR_SKIP);
    182182
    183183    // Simple duplicate check
     
    326326function wp_insert_comment($commentdata) {
    327327    global $wpdb;
    328     extract($commentdata);
     328    extract($commentdata, EXTR_SKIP);
    329329
    330330    if ( ! isset($comment_author_IP) )
     
    458458
    459459    // Now extract the merged array.
    460     extract($commentarr);
     460    extract($commentarr, EXTR_SKIP);
    461461
    462462    $comment_content = apply_filters('comment_save_pre', $comment_content);
     
    518518    $pingback_href_original_pos = 27;
    519519
    520     extract(parse_url($url));
     520    extract(parse_url($url), EXTR_SKIP);
    521521
    522522    if ( !isset($host) ) // Not an URL. This should never happen.
  • tags/2.2.1/wp-includes/feed-atom-comments.php

    r49757 r49757  
    2121    <generator uri="http://wordpress.org/" version="<?php bloginfo('version'); ?>">WordPress</generator>
    2222
    23     <link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" content="<?php bloginfo_rss('home'); ?>" />
     23    <link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php bloginfo_rss('home'); ?>" />
    2424    <link rel="self" type="application/atom+xml" href="<?php bloginfo_rss('comments_atom_url'); ?>" />
    2525    <id><?php bloginfo_rss('comments_atom_url'); ?></id>
     
    4141            }
    4242        ?></title>
    43         <link rel="alternate" href="<?php comment_link(); ?>" type="<?php bloginfo_rss('content_type'); ?>" />
     43        <link rel="alternate" href="<?php comment_link(); ?>" type="<?php bloginfo_rss('html_type'); ?>" />
    4444
    4545        <author>
     
    5050
    5151        <id><?php comment_link(); ?></id>
    52         <updated><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></updated>
    53         <published><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></published>
     52        <updated><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_comment_time('Y-m-d H:i:s', true), false); ?></updated>
     53        <published><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_comment_time('Y-m-d H:i:s', true), false); ?></published>
    5454<?php if (!empty($comment_post->post_password) && $_COOKIE['wp-postpass'] != $comment_post->post_password) : ?>
    5555        <content type="html" xml:base="<?php comment_link(); ?>"><![CDATA[<?php echo get_the_password_form(); ?>]]></content>
  • tags/2.2.1/wp-includes/feed.php

    r49757 r49757  
    152152    $the_list = '';
    153153    foreach ( (array) $categories as $category ) {
    154         $category->cat_name = convert_chars($category->cat_name);
     154        $cat_name = convert_chars($category->cat_name);
    155155        if ( 'rdf' == $type )
    156             $the_list .= "\n\t\t<dc:subject><![CDATA[$category->cat_name]]></dc:subject>\n";
     156            $the_list .= "\n\t\t<dc:subject><![CDATA[$cat_name]]></dc:subject>\n";
    157157        if ( 'atom' == $type )
    158             $the_list .= "<category scheme='$home' term='$category->cat_name' />";
     158            $the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', attribute_escape( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attribute_escape( $category->cat_name ) );
    159159        else
    160             $the_list .= "\n\t\t<category><![CDATA[$category->cat_name]]></category>\n";
     160            $the_list .= "\n\t\t<category><![CDATA[$cat_name]]></category>\n";
    161161    }
    162162    return apply_filters('the_category_rss', $the_list, $type);
  • tags/2.2.1/wp-includes/formatting.php

    r49757 r49757  
    11041104function js_escape($text) {
    11051105    $safe_text = wp_specialchars($text, 'double');
    1106     $safe_text = str_replace('&#039;', "'", $safe_text);
     1106    $safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text));
    11071107    $safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text));
    11081108    return apply_filters('js_escape', $safe_text, $text);
     
    11191119}
    11201120
     1121function wp_parse_str( $string, &$array ) {
     1122    parse_str( $string, $array );
     1123    if ( get_magic_quotes_gpc() )
     1124        $array = stripslashes_deep( $array ); // parse_str() adds slashes if magicquotes is on.  See: http://php.net/parse_str
     1125    $array = apply_filters( 'wp_parse_str', $array );
     1126}
     1127
    11211128?>
  • tags/2.2.1/wp-includes/functions.php

    r49757 r49757  
    323323
    324324    $notoptions = wp_cache_get('notoptions', 'options');
    325     if ( isset($notoptions[$option_name]) ) {
     325    if ( is_array($notoptions) && isset($notoptions[$option_name]) ) {
    326326        unset($notoptions[$option_name]);
    327327        wp_cache_set('notoptions', $notoptions, 'options');
     
    357357    // Make sure the option doesn't already exist we can check the cache before we ask for a db query
    358358    $notoptions = wp_cache_get('notoptions', 'options');
    359     if ( isset($notoptions[$name]) ) {
     359    if ( is_array($notoptions) && isset($notoptions[$name]) ) {
    360360        unset($notoptions[$name]);
    361361        wp_cache_set('notoptions', $notoptions, 'options');
     
    762762    $ret = '';
    763763    if ( is_array(func_get_arg(0)) ) {
    764         if ( @func_num_args() < 2 || '' == @func_get_arg(1) )
     764        if ( @func_num_args() < 2 || false === @func_get_arg(1) )
    765765            $uri = $_SERVER['REQUEST_URI'];
    766766        else
    767767            $uri = @func_get_arg(1);
    768768    } else {
    769         if ( @func_num_args() < 3 || '' == @func_get_arg(2) )
     769        if ( @func_num_args() < 3 || false === @func_get_arg(2) )
    770770            $uri = $_SERVER['REQUEST_URI'];
    771771        else
     
    802802    }
    803803
    804     parse_str($query, $qs);
    805     if ( get_magic_quotes_gpc() )
    806         $qs = stripslashes_deep($qs); // parse_str() adds slashes if magicquotes is on.  See: http://php.net/parse_str
     804    wp_parse_str($query, $qs);
    807805    $qs = urlencode_deep($qs);
    808806    if ( is_array(func_get_arg(0)) ) {
     
    825823    $ret = trim($ret, '?');
    826824    $ret = $protocol . $base . $ret . $frag;
    827     $ret = trim($ret, '?');
     825    $ret = rtrim($ret, '?');
    828826    return $ret;
    829827}
     
    839837*/
    840838
    841 function remove_query_arg($key, $query='') {
     839function remove_query_arg($key, $query=FALSE) {
    842840    if ( is_array($key) ) { // removing multiple keys
    843841        foreach ( (array) $key as $k )
     
    13181316    global $wp_locale;
    13191317
    1320     if ( is_wp_error( $message ) ) {
     1318    if ( function_exists( 'is_wp_error' ) && is_wp_error( $message ) ) {
    13211319        if ( empty($title) ) {
    13221320            $error_data = $message->get_error_data();
     
    14821480
    14831481function wp_parse_args( $args, $defaults = '' ) {
    1484     if ( is_array($args) ) :
     1482    if ( is_array( $args ) )
    14851483        $r =& $args;
    1486     else :
    1487         parse_str( $args, $r );
    1488         if ( get_magic_quotes_gpc() )
    1489             $r = stripslashes_deep( $r );
    1490     endif;
    1491 
    1492     if ( is_array($defaults) ) :
    1493         extract($defaults);
    1494         extract($r);
    1495         return compact(array_keys($defaults)); // only those options defined in $defaults
    1496     else :
     1484    else
     1485        wp_parse_str( $args, $r );
     1486
     1487    if ( is_array( $defaults ) )
     1488        return array_merge( $defaults, $r );
     1489    else
    14971490        return $r;
    1498     endif;
    14991491}
    15001492
     
    15081500function wp_widgets_add_menu() {
    15091501    global $submenu;
    1510     $submenu['themes.php'][7] = array( __( 'Widgets' ), 'edit_themes', 'widgets.php' );
     1502    $submenu['themes.php'][7] = array( __( 'Widgets' ), 'switch_themes', 'widgets.php' );
    15111503    ksort($submenu['themes.php'], SORT_NUMERIC);
    15121504}
  • tags/2.2.1/wp-includes/general-template.php

    r49757 r49757  
    6464   
    6565    // Don't filter URL's.
    66     if (strpos($show, 'url') === false ||
    67         strpos($show, 'directory') === false ||
     66    if (strpos($show, 'url') === false &&
     67        strpos($show, 'directory') === false &&
    6868        strpos($show, 'home') === false) {
    6969        $info = apply_filters('bloginfo', $info, $show);
     
    110110        case 'comments_atom_url':
    111111            $output = get_feed_link('comments_atom');
     112            break;
    112113        case 'comments_rss2_url':
    113114            $output = get_feed_link('comments_rss2');
     
    218219    if ( is_single() || is_page() ) {
    219220        $post = $wp_query->get_queried_object();
    220         $title = apply_filters('single_post_title', $title);
    221         $title = strip_tags($post->post_title);
     221        $title = strip_tags( apply_filters( 'single_post_title', $post->post_title ) );
    222222    }
    223223
     
    323323    $defaults = array('type' => 'monthly', 'limit' => '', 'format' => 'html', 'before' => '', 'after' => '', 'show_post_count' => false);
    324324    $r = array_merge($defaults, $r);
    325     extract($r);
     325    extract($r, EXTR_SKIP);
    326326
    327327    if ( '' == $type )
     
    900900    edCanvas = document.getElementById('<?php echo $id; ?>');
    901901    <?php if ( $prev_id && user_can_richedit() ) : ?>
     902    // If tinyMCE is defined.
     903    if ( typeof tinyMCE != 'undefined' ) {
    902904    // This code is meant to allow tabbing from Title to Post (TinyMCE).
    903     if ( tinyMCE.isMSIE )
    904         document.getElementById('<?php echo $prev_id; ?>').onkeydown = function (e)
    905             {
     905        if ( tinyMCE.isMSIE ) {
     906            document.getElementById('<?php echo $prev_id; ?>').onkeydown = function (e) {
    906907                e = e ? e : window.event;
    907908                if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
     
    916917                }
    917918            }
    918     else
    919         document.getElementById('<?php echo $prev_id; ?>').onkeypress = function (e)
    920             {
     919        } else {
     920            document.getElementById('<?php echo $prev_id; ?>').onkeypress = function (e) {
    921921                e = e ? e : window.event;
    922922                if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
     
    931931                }
    932932            }
     933        }
     934    }
    933935    <?php endif; ?>
    934936    //-->
     
    956958}
    957959
    958 function paginate_links( $arg = '' ) {
    959     if ( is_array($arg) )
    960         $a = &$arg;
    961     else
    962         parse_str($arg, $a);
    963 
    964     // Defaults
    965     $base = '%_%'; // http://example.com/all_posts.php%_% : %_% is replaced by format (below)
    966     $format = '?page=%#%'; // ?page=%#% : %#% is replaced by the page number
    967     $total = 1;
    968     $current = 0;
    969     $show_all = false;
    970     $prev_next = true;
    971     $prev_text = __('&laquo; Previous');
    972     $next_text = __('Next &raquo;');
    973     $end_size = 1; // How many numbers on either end including the end
    974     $mid_size = 2; // How many numbers to either side of current not including current
    975     $type = 'plain';
    976     $add_args = false; // array of query args to aadd
    977 
    978     extract($a);
     960function paginate_links( $args = '' ) {
     961    $defaults = array(
     962        'base' => '%_%', // http://example.com/all_posts.php%_% : %_% is replaced by format (below)
     963        'format' => '?page=%#%', // ?page=%#% : %#% is replaced by the page number
     964        'total' => 1,
     965        'current' => 0,
     966        'show_all' => false,
     967        'prev_next' => true,
     968        'prev_text' => __('&laquo; Previous'),
     969        'next_text' => __('Next &raquo;'),
     970        'end_size' => 1, // How many numbers on either end including the end
     971        'mid_size' => 2, // How many numbers to either side of current not including current
     972        'type' => 'plain',
     973        'add_args' => false // array of query args to aadd
     974    );
     975
     976    $args = wp_parse_args( $args, $defaults );
     977    extract($args, EXTR_SKIP);
    979978
    980979    // Who knows what else people pass in $args
  • tags/2.2.1/wp-includes/js/tinymce/themes/advanced/color_picker.htm

    r49757 r49757  
    33    <title>{$lang_theme_colorpicker_title}</title>
    44    <script language="javascript" type="text/javascript" src="../../tiny_mce_popup.js"></script>
     5    <script language="javascript" type="text/javascript" src="../../utils/mctabs.js"></script>
    56    <script language="javascript" type="text/javascript" src="jscripts/color_picker.js"></script>
     7    <link href="css/colorpicker.css" rel="stylesheet" type="text/css" />
    68    <base target="_self" />
    79</head>
    8 <body onload="tinyMCEPopup.executeOnLoad('init();');" style="margin: 3px; display: none">
    9     <div align="center">
    10        <script language="javascript" type="text/javascript">renderColorMap();</script>
     10<body onload="tinyMCEPopup.executeOnLoad('init();');" style="display: none">
     11    <div class="tabs">
     12        <ul>
     13            <li id="picker_tab" class="current"><span><a href="javascript:mcTabs.displayTab('picker_tab','picker_panel');" onmousedown="return false;">{$lang_color_picker_tab}</a></span></li>
     14            <li id="rgb_tab"><span><a href="#" onclick="generateWebColors();mcTabs.displayTab('rgb_tab','rgb_panel');" onmousedown="return false;">{$lang_web_colors_tab}</a></span></li>
     15            <li id="named_tab"><span><a  href="#" onclick="generateNamedColors();javascript:mcTabs.displayTab('named_tab','named_panel');" onmousedown="return false;">{$lang_named_colors_tab}</a></span></li>
     16        </ul>
     17    </div>
     18
     19    <div class="panel_wrapper">
     20        <div id="picker_panel" class="panel current">
     21            <fieldset>
     22                <legend>{$lang_color_picker}</legend>
     23                <div id="picker">
     24                    <img id="colorpicker" src="images/colors.jpg" onclick="computeColor(event)" onmousedown="isMouseDown = true;return false;" onmouseup="isMouseDown = false;" onmousemove="if (isMouseDown && isMouseOver) computeColor(event); return false;" onmouseover="isMouseOver=true;" onmouseout="isMouseOver=false;" />
     25
     26                    <div id="light">
     27                        <!-- Will be filled with divs -->
     28                    </div>
     29
     30                    <br style="clear: both" />
     31                </div>
     32            </fieldset>
     33        </div>
     34
     35        <div id="rgb_panel" class="panel">
     36            <fieldset>
     37                <legend>{$lang_web_colors}</legend>
     38                <div id="webcolors">
     39                    <!-- Gets filled with web safe colors-->
     40                </div>
     41
     42                <br style="clear: both" />
     43            </fieldset>
     44        </div>
     45
     46        <div id="named_panel" class="panel">
     47            <fieldset>
     48                <legend>{$lang_named_colors}</legend>
     49                <div id="namedcolors">
     50                    <!-- Gets filled with named colors-->
     51                </div>
     52
     53                <br style="clear: both" />
     54
     55                <div id="colornamecontainer">
     56                    {$lang_color_name} <span id="colorname"></span>
     57                </div>
     58            </fieldset>
     59        </div>
     60    </div>
     61
     62    <div class="mceActionPanel">
     63        <div style="float: left">
     64            <input type="button" id="insert" name="insert" value="{$lang_theme_colorpicker_apply}" onclick="insertAction();" />
     65        </div>
     66
     67        <div id="preview"></div>
     68
     69        <div id="previewblock">
     70            <label for="color">{$lang_color}</label> <input id="color" type="text" size="8" maxlength="8" class="text" />
     71        </div>
    1172    </div>
    1273</body>
  • tags/2.2.1/wp-includes/js/wp-ajax.js

    r49757 r49757  
    2828    },
    2929    addArg: function(key, value) {
    30         var a = [];
     30        var a = $H();
    3131        a[encodeURIComponent(key)] = encodeURIComponent(value);
    32         this.options.parameters = $H(this.options.parameters).merge($H(a));
     32        this.options.parameters = $H(this.options.parameters).merge(a);
    3333    },
    3434    getResponseElement: function(r) {
  • tags/2.2.1/wp-includes/link-template.php

    r49757 r49757  
    7878        if (strpos($permalink, '%category%') !== false) {
    7979            $cats = get_the_category($post->ID);
     80            if ( $cats )
     81                usort($cats, '_get_the_category_usort_by_ID'); // order by ID
    8082            $category = $cats[0]->category_nicename;
    8183            if ( $parent=$cats[0]->category_parent )
     
    481483    if ( $permalink )
    482484        $qstr = user_trailingslashit($qstr, 'paged');
    483     $qstr = preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', trailingslashit( get_option('home') ) . $qstr );
    484485
    485486    // showing /page/1/ or ?paged=1 is redundant
     
    489490        $qstr = remove_query_arg('paged', $qstr); // for query style
    490491    }
     492
     493    $qstr = preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', trailingslashit( get_option('home') ) . $qstr );
     494
    491495    return $qstr;
    492496}
  • tags/2.2.1/wp-includes/pluggable.php

    r49757 r49757  
    157157endif;
    158158
    159 if ( !function_exists('wp_mail') ) :
     159if ( !function_exists( 'wp_mail' ) ) :
    160160function wp_mail($to, $subject, $message, $headers = '') {
    161161    global $phpmailer;
     
    169169    $mail = compact('to', 'subject', 'message', 'headers');
    170170    $mail = apply_filters('wp_mail', $mail);
    171     extract($mail);
     171    extract($mail, EXTR_SKIP);
    172172
    173173    if ( $headers == '' ) {
     
    224224function wp_login($username, $password, $already_md5 = false) {
    225225    global $wpdb, $error;
     226
     227    $username = sanitize_user($username);
    226228
    227229    if ( '' == $username )
  • tags/2.2.1/wp-includes/post-template.php

    r49757 r49757  
    142142            'previouspagelink' => __('Previous page'), 'pagelink' => '%', 'more_file' => '', 'echo' => 1);
    143143    $r = array_merge($defaults, $r);
    144     extract($r);
     144    extract($r, EXTR_SKIP);
    145145
    146146    global $id, $page, $numpages, $multipage, $more, $pagenow;
     
    256256        'name' => 'page_id', 'show_option_none' => '');
    257257    $r = array_merge($defaults, $r);
    258     extract($r);
     258    extract($r, EXTR_SKIP);
    259259
    260260    $pages = get_pages($r);
  • tags/2.2.1/wp-includes/post.php

    r49757 r49757  
    183183        'meta_key' => '', 'meta_value' =>'', 'post_type' => 'post', 'post_status' => 'publish', 'post_parent' => 0);
    184184    $r = array_merge($defaults, $r);
    185     extract($r);
     185    extract($r, EXTR_SKIP);
    186186    $numberposts = (int) $numberposts;
    187187    $offset = (int) $offset;
     
    491491
    492492    // export array as variables
    493     extract($postarr);
     493    extract($postarr, EXTR_SKIP);
    494494
    495495    // Are we updating or creating?
     
    882882
    883883        // import postdata as variables
    884         extract($postdata);
     884        extract($postdata, EXTR_SKIP);
    885885
    886886        // form an excerpt
     
    10681068                'hierarchical' => 1, 'exclude' => '', 'include' => '', 'meta_key' => '', 'meta_value' => '', 'authors' => '');
    10691069    $r = array_merge($defaults, $r);
    1070     extract($r);
     1070    extract($r, EXTR_SKIP);
    10711071
    10721072    $key = md5( serialize( $r ) );
     
    12221222
    12231223    // Export array as variables
    1224     extract($object);
     1224    extract($object, EXTR_SKIP);
    12251225
    12261226    // Get the basics.
  • tags/2.2.1/wp-includes/registration.php

    r49757 r49757  
    3333    global $wpdb;
    3434
    35     extract($userdata);
     35    extract($userdata, EXTR_SKIP);
    3636
    3737    // Are we updating or creating?
  • tags/2.2.1/wp-includes/theme.php

    r49757 r49757  
    8787    }
    8888
    89     return array( 'Name' => $name, 'Title' => $theme, 'URI' => $theme_uri, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1], 'Status' => $status );
     89    return array( 'Name' => $name, 'Title' => $theme, 'URI' => $theme_uri, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template, 'Status' => $status );
    9090}
    9191
  • tags/2.2.1/wp-includes/version.php

    r49757 r49757  
    33// This holds the version number in a separate file so we can bump it without cluttering the SVN
    44
    5 $wp_version = '2.2';
     5$wp_version = '2.2.1';
    66$wp_db_version = 5183;
    77
  • tags/2.2.1/wp-includes/widgets.php

    r49757 r49757  
    7676    $id = sanitize_title($name);
    7777    $options = array();
    78     if ( !empty($classname) )
     78    if ( !empty($classname) && is_string($classname) )
    7979        $options['classname'] = $classname;
    80     $params = array_slice(func_get_args(), 3);
     80    $params = array_slice(func_get_args(), 2);
    8181    $args = array($id, $name, $output_callback, $options);
    8282    if ( !empty($params) )
     
    327327/* Default Widgets */
    328328
    329 function wp_widget_pages($args) {
    330     extract($args);
    331     $options = get_option('widget_pages');
    332     $title = empty($options['title']) ? __('Pages') : $options['title'];
    333     echo $before_widget . $before_title . $title . $after_title . "<ul>\n";
    334     wp_list_pages("title_li=");
    335     echo "</ul>\n" . $after_widget;
     329function wp_widget_pages( $args ) {
     330    extract( $args );
     331    $options = get_option( 'widget_pages' );
     332   
     333    $title = empty( $options['title'] ) ? __( 'Pages' ) : $options['title'];
     334    $sortby = empty( $options['sortby'] ) ? 'menu_order' : $options['sortby'];
     335    $exclude = empty( $options['exclude'] ) ? '' : '&exclude=' . $options['exclude'];
     336   
     337    if ( $sortby == 'menu_order' ) {
     338        $sortby = 'menu_order, post_title';
     339    }
     340   
     341    $out = wp_list_pages( 'title_li=&echo=0&sort_column=' . $sortby . $exclude );
     342   
     343    if ( !empty( $out ) ) {
     344?>
     345    <?php echo $before_widget; ?>
     346        <?php echo $before_title . $title . $after_title; ?>
     347        <ul>
     348            <?php echo $out; ?>
     349        </ul>
     350    <?php echo $after_widget; ?>
     351<?php
     352    }
    336353}
    337354
    338355function wp_widget_pages_control() {
    339356    $options = $newoptions = get_option('widget_pages');
    340     if ( $_POST["pages-submit"] ) {
    341         $newoptions['title'] = strip_tags(stripslashes($_POST["pages-title"]));
     357    if ( $_POST['pages-submit'] ) {
     358        $newoptions['title'] = strip_tags(stripslashes($_POST['pages-title']));
     359       
     360        $sortby = stripslashes( $_POST['pages-sortby'] );
     361       
     362        if ( in_array( $sortby, array( 'post_title', 'menu_order', 'ID' ) ) ) {
     363            $newoptions['sortby'] = $sortby;
     364        } else {
     365            $newoptions['sortby'] = 'menu_order';
     366        }
     367       
     368        $newoptions['exclude'] = strip_tags( stripslashes( $_POST['pages-exclude'] ) );
    342369    }
    343370    if ( $options != $newoptions ) {
     
    346373    }
    347374    $title = attribute_escape($options['title']);
     375    $exclude = attribute_escape( $options['exclude'] );
    348376?>
    349377            <p><label for="pages-title"><?php _e('Title:'); ?> <input style="width: 250px;" id="pages-title" name="pages-title" type="text" value="<?php echo $title; ?>" /></label></p>
     378            <p><label for="pages-sortby"><?php _e( 'Sort by:' ); ?>
     379                <select name="pages-sortby" id="pages-sortby">
     380                    <option value="post_title"<?php selected( $options['sortby'], 'post_title' ); ?>><?php _e('Page title'); ?></option>
     381                    <option value="menu_order"<?php selected( $options['sortby'], 'menu_order' ); ?>><?php _e('Page order'); ?></option>
     382                    <option value="ID"<?php selected( $options['sortby'], 'ID' ); ?>><?php _e( 'Page ID' ); ?></option>
     383                </select></label></p>
     384            <p><label for="pages-exclude"><?php _e( 'Exclude:' ); ?> <input type="text" value="<?php echo $exclude; ?>" name="pages-exclude" id="pages-exclude" style="width: 180px;" /></label><br />
     385            <small><?php _e( 'Page IDs, separated by commas.' ); ?></small></p>
    350386            <input type="hidden" id="pages-submit" name="pages-submit" value="1" />
    351387<?php
     
    354390function wp_widget_links($args) {
    355391    global $wp_db_version;
    356     extract($args);
     392    extract($args, EXTR_SKIP);
    357393    if ( $wp_db_version < 3582 ) {
    358394        // This ONLY works with li/h2 sidebars.
     
    494530    $options = get_option('widget_text');
    495531    $title = $options[$number]['title'];
    496     if ( empty($title) )
    497         $title = '&nbsp;';
    498     $text = $options[$number]['text'];
     532    $text = apply_filters( 'widget_text', $options[$number]['text'] );
    499533?>
    500534        <?php echo $before_widget; ?>
    501             <?php $title ? print($before_title . $title . $after_title) : null; ?>
     535            <?php if ( !empty( $title ) ) { echo $before_title . $title . $after_title; } ?>
    502536            <div class="textwidget"><?php echo $text; ?></div>
    503537        <?php echo $after_widget; ?>
     
    520554    }
    521555    $title = attribute_escape($options[$number]['title']);
    522     $text = attribute_escape($options[$number]['text']);
    523 ?>
    524             <input style="width: 450px;" id="text-title-<?php echo "$number"; ?>" name="text-title-<?php echo "$number"; ?>" type="text" value="<?php echo $title; ?>" />
    525             <textarea style="width: 450px; height: 280px;" id="text-text-<?php echo "$number"; ?>" name="text-text-<?php echo "$number"; ?>"><?php echo $text; ?></textarea>
     556    $text = format_to_edit($options[$number]['text']);
     557?>
     558            <input style="width: 450px;" id="text-title-<?php echo $number; ?>" name="text-title-<?php echo $number; ?>" type="text" value="<?php echo $title; ?>" />
     559            <textarea style="width: 450px; height: 280px;" id="text-text-<?php echo $number; ?>" name="text-text-<?php echo $number; ?>"><?php echo $text; ?></textarea>
    526560            <input type="hidden" id="text-submit-<?php echo "$number"; ?>" name="text-submit-<?php echo "$number"; ?>" value="1" />
    527561<?php
     
    772806function wp_widget_rss($args, $number = 1) {
    773807    require_once(ABSPATH . WPINC . '/rss.php');
    774     extract($args);
     808    extract($args, EXTR_SKIP);
    775809    $options = get_option('widget_rss');
    776810    if ( isset($options['error']) && $options['error'] )
     
    827861        }
    828862    } else {
    829         echo __('<li>An error has occured; the feed is probably down. Try again later.</li>');
     863        echo '<li>' . __( 'An error has occurred; the feed is probably down. Try again later.' ) . '</li>';
    830864    }
    831865?>
     
    929963    $class = array('classname' => 'widget_pages');
    930964    wp_register_sidebar_widget('pages', __('Pages'), 'wp_widget_pages', $class);
    931     wp_register_widget_control('pages', __('Pages'), 'wp_widget_pages_control', $dims90);
     965    wp_register_widget_control('pages', __('Pages'), 'wp_widget_pages_control', $dims150);
    932966    $class['classname'] = 'widget_calendar';
    933967    wp_register_sidebar_widget('calendar', __('Calendar'), 'wp_widget_calendar', $class);
  • tags/2.2.1/wp-settings.php

    r49757 r49757  
    8282// For an advanced caching plugin to use, static because you would only want one
    8383if ( defined('WP_CACHE') )
    84     require (ABSPATH . 'wp-content/advanced-cache.php');
     84    @include ABSPATH . 'wp-content/advanced-cache.php';
    8585
    8686define('WPINC', 'wp-includes');
  • tags/2.2.1/xmlrpc.php

    r49757 r49757  
    2929    <homePageLink><?php bloginfo_rss('url') ?></homePageLink>
    3030    <apis>
    31       <api name="WordPress" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('url') ?>/xmlrpc.php" />
    32       <api name="Movable Type" blogID="1" preferred="true" apiLink="<?php bloginfo_rss('url') ?>/xmlrpc.php" />
    33       <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('url') ?>/xmlrpc.php" />
    34       <api name="Blogger" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('url') ?>/xmlrpc.php" />
     31      <api name="WordPress" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
     32      <api name="Movable Type" blogID="1" preferred="true" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
     33      <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
     34      <api name="Blogger" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
    3535    </apis>
    3636  </service>
     
    209209
    210210            // Format page date.
    211             $page_date = mysql2date("Ymd\TH:i:s", $page->post_date_gmt);
     211            $page_date = mysql2date("Ymd\TH:i:s\Z", $page->post_date_gmt);
    212212
    213213            // Pull the categories info together.
     
    439439        $num_pages = count($page_list);
    440440        for($i = 0; $i < $num_pages; $i++) {
    441             $post_date = mysql2date("Ymd\TH:i:s", $page_list[$i]->post_date_gmt);
     441            $post_date = mysql2date("Ymd\TH:i:s\Z", $page_list[$i]->post_date_gmt);
    442442            $page_list[$i]->dateCreated = new IXR_Date($post_date);
    443443
     
    539539        $password               = $args[2];
    540540        $category               = $args[3];
    541         $max_results            = $args[4];
     541        $max_results            = (int) $args[4];
    542542
    543543        if(!$this->login_pass_ok($username, $password)) {
     
    850850        return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
    851851
    852       extract($actual_post);
     852      extract($actual_post, EXTR_SKIP);
    853853
    854854      if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
     
    930930      }
    931931
     932      $cap = ($publish) ? 'publish_posts' : 'edit_posts';
    932933      $user = set_current_user(0, $user_login);
    933       if ( !current_user_can('publish_posts') )
     934      if ( !current_user_can($cap) )
    934935        return new IXR_Error(401, __('Sorry, you can not post on this weblog or category.'));
    935936
     
    10001001
    10011002        if(isset($content_struct["mt_allow_comments"])) {
    1002             switch((int) $content_struct["mt_allow_comments"]) {
    1003                 case 0:
    1004                     $comment_status = "closed";
    1005                     break;
    1006                 case 1:
    1007                     $comment_status = "open";
    1008                     break;
    1009                 default:
    1010                     $comment_status = get_option("default_comment_status");
    1011                     break;
     1003            if(!is_numeric($content_struct["mt_allow_comments"])) {
     1004                switch($content_struct["mt_allow_comments"]) {
     1005                    case "closed":
     1006                        $comment_status = "closed";
     1007                        break;
     1008                    case "open":
     1009                        $comment_status = "open";
     1010                        break;
     1011                    default:
     1012                        $comment_status = get_option("default_comment_status");
     1013                        break;
     1014                }
    10121015            }
     1016            else {
     1017                switch((int) $content_struct["mt_allow_comments"]) {
     1018                    case 0:
     1019                        $comment_status = "closed";
     1020                        break;
     1021                    case 1:
     1022                        $comment_status = "open";
     1023                        break;
     1024                    default:
     1025                        $comment_status = get_option("default_comment_status");
     1026                        break;
     1027                }
     1028            }
     1029        }
     1030        else {
     1031            $comment_status = get_option("default_comment_status");
    10131032        }
    10141033
    10151034        if(isset($content_struct["mt_allow_pings"])) {
    1016             switch((int) $content_struct["mt_allow_pings"]) {
    1017                 case 0:
    1018                     $ping_status = "closed";
    1019                     break;
    1020                 case 1:
    1021                     $ping_status = "open";
    1022                     break;
    1023                 default:
    1024                     $ping_status = get_option("default_ping_status");
    1025                     break;
     1035            if(!is_numeric($content_struct["mt_allow_pings"])) {
     1036                switch($content["mt_allow_pings"]) {
     1037                    case "closed":
     1038                        $ping_status = "closed";
     1039                        break;
     1040                    case "open":
     1041                        $ping_status = "open";
     1042                        break;
     1043                    default:
     1044                        $ping_status = get_option("default_ping_status");
     1045                        break;
     1046                }
    10261047            }
     1048            else {
     1049                switch((int) $content_struct["mt_allow_pings"]) {
     1050                    case 0:
     1051                        $ping_status = "closed";
     1052                        break;
     1053                    case 1:
     1054                        $ping_status = "open";
     1055                        break;
     1056                    default:
     1057                        $ping_status = get_option("default_ping_status");
     1058                        break;
     1059                }
     1060            }
     1061        }
     1062        else {
     1063            $ping_status = get_option("default_ping_status");
    10271064        }
    10281065
     
    11271164        }
    11281165
    1129       extract($postdata);
    11301166        $this->escape($postdata);
     1167        extract($postdata, EXTR_SKIP);
    11311168
    11321169        // Let WordPress manage slug if none was provided.
     
    11511188        }
    11521189
    1153         $post_author = $user->ID;
     1190        $post_author = $postdata["post_author"];
    11541191
    11551192        // Only set the post_author if one is set.
     
    11781215        }
    11791216
    1180         // Only set ping_status if it was provided.
     1217        if(isset($content_struct["mt_allow_comments"])) {
     1218            if(!is_numeric($content_struct["mt_allow_comments"])) {
     1219                switch($content_struct["mt_allow_comments"]) {
     1220                    case "closed":
     1221                        $comment_status = "closed";
     1222                        break;
     1223                    case "open":
     1224                        $comment_status = "open";
     1225                        break;
     1226                    default:
     1227                        $comment_status = get_option("default_comment_status");
     1228                        break;
     1229                }
     1230            }
     1231            else {
     1232                switch((int) $content_struct["mt_allow_comments"]) {
     1233                    case 0:
     1234                        $comment_status = "closed";
     1235                        break;
     1236                    case 1:
     1237                        $comment_status = "open";
     1238                        break;
     1239                    default:
     1240                        $comment_status = get_option("default_comment_status");
     1241                        break;
     1242                }
     1243            }
     1244        }
     1245
    11811246        if(isset($content_struct["mt_allow_pings"])) {
    1182             switch((int) $content_struct["mt_allow_pings"]) {
    1183                 case 0:
    1184                     $ping_status = "closed";
    1185                     break;
    1186                 case 1:
    1187                     $ping_status = "open";
    1188                     break;
     1247            if(!is_numeric($content_struct["mt_allow_pings"])) {
     1248                switch($content["mt_allow_pings"]) {
     1249                    case "closed":
     1250                        $ping_status = "closed";
     1251                        break;
     1252                    case "open":
     1253                        $ping_status = "open";
     1254                        break;
     1255                    default:
     1256                        $ping_status = get_option("default_ping_status");
     1257                        break;
     1258                }
     1259            }
     1260            else {
     1261                switch((int) $content_struct["mt_allow_pings"]) {
     1262                    case 0:
     1263                        $ping_status = "closed";
     1264                        break;
     1265                    case 1:
     1266                        $ping_status = "open";
     1267                        break;
     1268                    default:
     1269                        $ping_status = get_option("default_ping_status");
     1270                        break;
     1271                }
    11891272            }
    11901273        }
     
    12211304        $to_ping = implode(' ', $to_ping);
    12221305
    1223       if(isset($content_struct["mt_allow_comments"])) {
    1224         $comment_status = (int) $content_struct["mt_allow_comments"];
    1225       }
    1226      
    12271306      // Do some timestamp voodoo
    12281307      $dateCreatedd = $content_struct['dateCreated'];
     
    12701349      if ($postdata['post_date'] != '') {
    12711350
    1272         $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']);
     1351        $post_date = mysql2date('Ymd\TH:i:s\Z', $postdata['post_date_gmt']);
    12731352
    12741353        $categories = array();
     
    13381417        foreach ($posts_list as $entry) {
    13391418
    1340             $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt']);
     1419            $post_date = mysql2date('Ymd\TH:i:s\Z', $entry['post_date_gmt']);
    13411420            $categories = array();
    13421421            $catids = wp_get_post_categories($entry['ID']);
     
    14371516        $bits = $data['bits'];
    14381517
     1518        logIO('O', '(MW) Received '.strlen($bits).' bytes');
     1519
     1520        if ( !$this->login_pass_ok($user_login, $user_pass) )
     1521            return $this->error;
     1522
     1523        set_current_user(0, $user_login);
     1524        if ( !current_user_can('upload_files') ) {
     1525            logIO('O', '(MW) User does not have upload_files capability');
     1526            $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.'));
     1527            return $this->error;
     1528        }
     1529
     1530        if ( $upload_err = apply_filters( "pre_upload_error", false ) )
     1531            return new IXR_Error(500, $upload_err);
     1532
    14391533        if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) {
    14401534            // Get postmeta info on the object.
     
    14541548            $name = "wpid{$old_file->ID}-{$filename}";
    14551549        }
    1456 
    1457         logIO('O', '(MW) Received '.strlen($bits).' bytes');
    1458 
    1459         if ( !$this->login_pass_ok($user_login, $user_pass) )
    1460             return $this->error;
    1461 
    1462         set_current_user(0, $user_login);
    1463         if ( !current_user_can('upload_files') ) {
    1464             logIO('O', '(MW) User does not have upload_files capability');
    1465             $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.'));
    1466             return $this->error;
    1467         }
    1468 
    1469         if ( $upload_err = apply_filters( "pre_upload_error", false ) )
    1470             return new IXR_Error(500, $upload_err);
    14711550
    14721551        $upload = wp_upload_bits($name, $type, $bits, $overwrite);
     
    15231602        foreach ($posts_list as $entry) {
    15241603
    1525             $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt']);
     1604            $post_date = mysql2date('Ymd\TH:i:s\Z', $entry['post_date_gmt']);
    15261605
    15271606            $struct[] = array(
Note: See TracChangeset for help on using the changeset viewer.