Changeset 1005
- Timestamp:
- 06/21/07 16:41:02 (1 year ago)
- Files:
-
- trunk/wp-admin/admin-db.php (modified) (4 diffs)
- trunk/wp-admin/admin-footer.php (modified) (1 diff)
- trunk/wp-admin/admin-functions.php (modified) (12 diffs)
- trunk/wp-admin/categories.php (modified) (1 diff)
- trunk/wp-admin/comment.php (modified) (4 diffs)
- trunk/wp-admin/edit-comments.php (modified) (1 diff)
- trunk/wp-admin/edit-form-advanced.php (modified) (11 diffs)
- trunk/wp-admin/edit-form-comment.php (modified) (5 diffs)
- trunk/wp-admin/edit-form.php (modified) (4 diffs)
- trunk/wp-admin/edit-link-form.php (modified) (1 diff)
- trunk/wp-admin/edit-page-form.php (modified) (7 diffs)
- trunk/wp-admin/edit-pages.php (modified) (1 diff)
- trunk/wp-admin/edit.php (modified) (2 diffs)
- trunk/wp-admin/export.php (modified) (1 diff)
- trunk/wp-admin/import/livejournal.php (modified) (1 diff)
- trunk/wp-admin/import/textpattern.php (modified) (2 diffs)
- trunk/wp-admin/index.php (modified) (2 diffs)
- trunk/wp-admin/link-manager.php (modified) (1 diff)
- trunk/wp-admin/moderation.php (modified) (3 diffs)
- trunk/wp-admin/options-reading.php (modified) (1 diff)
- trunk/wp-admin/plugins.php (modified) (1 diff)
- trunk/wp-admin/post-new.php (modified) (2 diffs)
- trunk/wp-admin/upgrade-functions.php (modified) (2 diffs)
- trunk/wp-admin/user-edit.php (modified) (1 diff)
- trunk/wp-admin/users.php (modified) (1 diff)
- trunk/wp-admin/widgets.php (modified) (1 diff)
- trunk/wp-admin/wp-admin.css (modified) (7 diffs)
- trunk/wp-config-sample.php (modified) (1 diff)
- trunk/wp-content/themes/classic/style.css (modified) (5 diffs)
- trunk/wp-content/themes/default/archive.php (modified) (1 diff)
- trunk/wp-content/themes/default/functions.php (modified) (1 diff)
- trunk/wp-content/themes/default/sidebar.php (modified) (1 diff)
- trunk/wp-includes/author-template.php (modified) (1 diff)
- trunk/wp-includes/bookmark-template.php (modified) (3 diffs)
- trunk/wp-includes/bookmark.php (modified) (1 diff)
- trunk/wp-includes/category-template.php (modified) (3 diffs)
- trunk/wp-includes/category.php (modified) (7 diffs)
- trunk/wp-includes/class-phpmailer.php (modified) (1 diff)
- trunk/wp-includes/class-snoopy.php (modified) (1 diff)
- trunk/wp-includes/classes.php (modified) (2 diffs)
- trunk/wp-includes/comment-template.php (modified) (2 diffs)
- trunk/wp-includes/comment.php (modified) (12 diffs)
- trunk/wp-includes/compat.php (modified) (1 diff)
- trunk/wp-includes/deprecated.php (modified) (1 diff)
- trunk/wp-includes/feed-atom-comments.php (modified) (1 diff)
- trunk/wp-includes/feed.php (modified) (1 diff)
- trunk/wp-includes/formatting.php (modified) (2 diffs)
- trunk/wp-includes/functions.php (modified) (8 diffs)
- trunk/wp-includes/general-template.php (modified) (8 diffs)
- trunk/wp-includes/js/prototype.js (modified) (52 diffs)
- trunk/wp-includes/js/scriptaculous/builder.js (modified) (5 diffs)
- trunk/wp-includes/js/scriptaculous/controls.js (modified) (12 diffs)
- trunk/wp-includes/js/scriptaculous/dragdrop.js (modified) (10 diffs)
- trunk/wp-includes/js/scriptaculous/effects.js (modified) (18 diffs)
- trunk/wp-includes/js/scriptaculous/scriptaculous.js (modified) (3 diffs)
- trunk/wp-includes/js/scriptaculous/slider.js (modified) (2 diffs)
- trunk/wp-includes/js/scriptaculous/sound.js (deleted)
- trunk/wp-includes/js/scriptaculous/unittest.js (modified) (1 diff)
- trunk/wp-includes/js/tinymce/plugins/wordpress/langs/en.js (modified) (2 diffs)
- trunk/wp-includes/js/tinymce/tiny_mce_config.php (modified) (1 diff)
- trunk/wp-includes/js/tinymce/tiny_mce_popup.js (modified) (1 diff)
- trunk/wp-includes/kses.php (modified) (3 diffs)
- trunk/wp-includes/link-template.php (modified) (4 diffs)
- trunk/wp-includes/locale.php (modified) (1 diff)
- trunk/wp-includes/pluggable.php (modified) (3 diffs)
- trunk/wp-includes/plugin.php (modified) (2 diffs)
- trunk/wp-includes/post-template.php (modified) (3 diffs)
- trunk/wp-includes/post.php (modified) (9 diffs)
- trunk/wp-includes/registration.php (modified) (1 diff)
- trunk/wp-includes/rewrite.php (modified) (3 diffs)
- trunk/wp-includes/rss.php (modified) (2 diffs)
- trunk/wp-includes/script-loader.php (modified) (5 diffs)
- trunk/wp-includes/theme.php (modified) (2 diffs)
- trunk/wp-includes/user.php (modified) (1 diff)
- trunk/wp-includes/vars.php (modified) (1 diff)
- trunk/wp-includes/widgets.php (modified) (9 diffs)
- trunk/wp-settings.php (modified) (1 diff)
- trunk/xmlrpc.php (modified) (15 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/wp-admin/admin-db.php
r987 r1005 84 84 global $wpdb; 85 85 86 extract($catarr );86 extract($catarr, EXTR_SKIP); 87 87 88 88 if( trim( $cat_name ) == '' ) … … 125 125 else 126 126 $links_private = 0; 127 128 129 // Let's check if we have this category already, if so just do an update130 if ( !$update && $cat_ID = category_object_exists( $category_nicename ) )131 $update = true;132 127 133 128 if (!$update) { … … 256 251 } 257 252 258 function category_object_exists($cat_name) {259 global $wpdb;260 if (!$category_nicename = sanitize_title($cat_name))261 return 0;262 263 return (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'");264 }265 266 253 function category_exists($cat_name) { 267 254 global $wpdb; … … 315 302 global $wpdb, $current_user; 316 303 317 extract($linkdata );304 extract($linkdata, EXTR_SKIP); 318 305 319 306 $update = false; trunk/wp-admin/admin-footer.php
r972 r1005 3 3 <p class="logo"><a href="http://wordpress.org/" id="wordpress-logo"><img src="images/wordpress-logo.png" alt="WordPress" /></a></p> 4 4 <p class="docs"><?php _e('<a href="http://codex.wordpress.org/">Documentation</a>'); ?> — <?php _e('<a href="http://wordpress.org/support/">Support Forums</a>'); ?><br /> 5 <?php printf( __('Version %s'), get_bloginfo('version')); ?></p>5 <?php bloginfo('version'); ?> — <?php printf(__('%s seconds'), timer_stop(0, 2)); ?></p> 6 6 </div> 7 7 <?php do_action('admin_footer', ''); ?> trunk/wp-admin/admin-functions.php
r989 r1005 348 348 349 349 $post->post_password = format_to_edit( $post->post_password ); 350 351 $post->menu_order = (int) $post->menu_order; 350 352 351 353 if ( $post->post_type == 'page' ) … … 397 399 function get_comment_to_edit( $id ) { 398 400 $comment = get_comment( $id ); 399 400 $comment->comment_content = format_to_edit( $comment->comment_content, user_can_richedit() ); 401 402 $comment->comment_ID = (int) $comment->comment_ID; 403 $comment->comment_post_ID = (int) $comment->comment_post_ID; 404 405 $comment->comment_content = format_to_edit( $comment->comment_content ); 401 406 $comment->comment_content = apply_filters( 'comment_edit_pre', $comment->comment_content); 402 407 403 408 $comment->comment_author = format_to_edit( $comment->comment_author ); 404 409 $comment->comment_author_email = format_to_edit( $comment->comment_author_email ); 410 $comment->comment_author_url = clean_url($comment->comment_author_url); 405 411 $comment->comment_author_url = format_to_edit( $comment->comment_author_url ); 406 412 … … 410 416 function get_category_to_edit( $id ) { 411 417 $category = get_category( $id ); 418 419 $category->term_id = (int) $category->term_id; 420 $category->parent = (int) $category->parent; 412 421 413 422 return $category; … … 820 829 $class = ( ( defined( 'DOING_AJAX' ) && DOING_AJAX ) || " class='alternate'" == $class ) ? '' : " class='alternate'"; 821 830 822 $category->category_count = number_format _i18n( $category->category_count );823 $category->link_count = number_format _i18n( $category->link_count );831 $category->category_count = number_format( $category->category_count ); 832 $category->link_count = number_format( $category->link_count ); 824 833 $posts_count = ( $category->category_count > 0 ) ? "<a href='edit.php?cat=$category->cat_ID'>$category->category_count</a>" : $category->category_count; 825 834 return "<tr id='cat-$category->cat_ID'$class> … … 949 958 if ( current_user_can('edit_post', $comment->comment_post_ID) ) { 950 959 echo " <a href='comment.php?action=editcomment&c=".$comment->comment_ID."'>" . __('Edit') . '</a>'; 951 echo ' | <a href="' . wp_nonce_url(' ocomment.php?action=deletecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';960 echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> '; 952 961 if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { 953 962 echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>'; … … 1040 1049 $entry['meta_key'] = attribute_escape($entry['meta_key']); 1041 1050 $entry['meta_value'] = attribute_escape($entry['meta_value']); 1051 $entry['meta_id'] = (int) $entry['meta_id']; 1042 1052 $r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>"; 1043 1053 $r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>"; … … 1092 1102 1093 1103 foreach ( $keys as $key ) { 1094 $key = attribute_escape( $key );1104 $key = attribute_escape( $key ); 1095 1105 echo "\n\t<option value='$key'>$key</option>"; 1096 1106 } … … 1113 1123 $post_ID = (int) $post_ID; 1114 1124 1125 $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); 1126 1115 1127 $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) ); 1116 1128 $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) ); … … 1127 1139 if ( $metakeyinput) 1128 1140 $metakey = $metakeyinput; // default 1141 1142 if ( in_array($metakey, $protected) ) 1143 return false; 1129 1144 1130 1145 $result = $wpdb->query( " … … 1147 1162 function update_meta( $mid, $mkey, $mvalue ) { 1148 1163 global $wpdb; 1164 1165 $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); 1166 1167 if ( in_array($mkey, $protected) ) 1168 return false; 1169 1149 1170 $mvalue = maybe_serialize( stripslashes( $mvalue )); 1150 1171 $mvalue = $wpdb->escape( $mvalue ); … … 1346 1367 function page_template_dropdown( $default = '' ) { 1347 1368 $templates = get_page_templates(); 1348 ksort( $templates );1349 1369 foreach (array_keys( $templates ) as $template ) 1350 1370 : if ( $default == $templates[$template] ) … … 1946 1966 extract( $wp_filetype ); 1947 1967 1948 if ( ( !$type || !$ext ) && !current_user_can( 'unfiltered_upload' ))1968 if ( !$type || !$ext ) 1949 1969 return $upload_error_handler( $file, __( 'File type does not meet security guidelines. Try another.' )); 1950 1951 if ( !$ext )1952 $ext = strrchr($file['name'], '.');1953 1970 } 1954 1971 trunk/wp-admin/categories.php
r972 r1005 119 119 120 120 <?php include('edit-category-form.php'); ?> 121 122 121 <?php endif; ?> 123 122 trunk/wp-admin/comment.php
r972 r1005 40 40 $nonce_action .= $comment; 41 41 42 if ( ! $comment = get_comment ($comment) )42 if ( ! $comment = get_comment_to_edit($comment) ) 43 43 wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php')); 44 44 … … 92 92 <tr> 93 93 <th scope="row"><?php _e('URL:'); ?></th> 94 <td><?php echo "<a href='$comment->comment_author_url'>$comment->comment_author_url</a>"; ?></td>94 <td><?php echo $comment->comment_author_url; ?></td> 95 95 </tr> 96 96 <?php } ?> 97 97 <tr> 98 98 <th scope="row" valign="top"><p><?php _e('Comment:'); ?></p></th> 99 <td><?php echo apply_filters( 'comment_text', $comment->comment_content ); ?></td>99 <td><?php echo $comment->comment_content; ?></td> 100 100 </tr> 101 101 </table> … … 156 156 wp_redirect(wp_get_referer()); 157 157 } else { 158 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. $comment->comment_post_ID.'&c=1#comments');158 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments'); 159 159 } 160 160 exit(); … … 186 186 wp_redirect(wp_get_referer()); 187 187 } else { 188 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. $comment->comment_post_ID.'&c=1#comments');188 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments'); 189 189 } 190 190 exit(); trunk/wp-admin/edit-comments.php
r976 r1005 158 158 ?> 159 159 <tr id="comment-<?php echo $comment->comment_ID; ?>" class='<?php echo $class; ?>'> 160 <td style="text-align: center"><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { ?><input type="checkbox" name="delete_comments[]" value="<?php echo $comment->comment_ID; ?>" /><?php } ?></td>160 <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { ?><input type="checkbox" name="delete_comments[]" value="<?php echo $comment->comment_ID; ?>" /><?php } ?></td> 161 161 <td><?php comment_author_link() ?></td> 162 162 <td><?php comment_author_email_link() ?></td> trunk/wp-admin/edit-form-advanced.php
r972 r1005 1 1 <?php 2 if ( isset($_GET['message']) ) 3 $_GET['message'] = (int) $_GET['message']; 2 4 $messages[1] = __('Post updated'); 3 5 $messages[2] = __('Custom field updated'); … … 5 7 ?> 6 8 <?php if (isset($_GET['message'])) : ?> 7 <div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>9 <div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div> 8 10 <?php endif; ?> 9 11 … … 22 24 wp_nonce_field('add-post'); 23 25 } else { 26 $post_ID = (int) $post_ID; 24 27 $form_action = 'editpost'; 25 28 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; … … 27 30 } 28 31 29 $form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';30 31 $form_prevstatus = '<input type="hidden" name="prev_status" value="' . $post->post_status. '" />';32 33 $form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $post->to_ping) .'" />';32 $form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />'; 33 34 $form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />'; 35 36 $form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />'; 34 37 35 38 if ('' != $post->pinged) { … … 42 45 } 43 46 44 $saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . __('Save and Continue Editing') . '" />';47 $saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape( __('Save and Continue Editing') ) . '" />'; 45 48 46 49 if (empty($post->post_status)) $post->post_status = 'draft'; … … 48 51 ?> 49 52 50 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />53 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 51 54 <input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" /> 52 55 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" /> 53 <input type="hidden" name="post_author" value="<?php echo $post->post_author?>" />56 <input type="hidden" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" /> 54 57 <input type="hidden" id="post_type" name="post_type" value="post" /> 55 58 … … 89 92 <fieldset id="passworddiv" class="dbx-box"> 90 93 <h3 class="dbx-handle"><?php _e('Post Password') ?></h3> 91 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password?>" /></div>94 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div> 92 95 </fieldset> 93 96 94 97 <fieldset id="slugdiv" class="dbx-box"> 95 98 <h3 class="dbx-handle"><?php _e('Post Slug') ?></h3> 96 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name?>" /></div>99 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div> 97 100 </fieldset> 98 101 … … 126 129 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; 127 130 else $selected = ''; 128 echo "<option value=' $o->ID' $selected>$o->display_name</option>";131 echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars( $o->display_name ) . "</option>"; 129 132 endforeach; 130 133 ?> … … 141 144 <fieldset id="titlediv"> 142 145 <legend><?php _e('Title') ?></legend> 143 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>146 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div> 144 147 </fieldset> 145 148 … … 169 172 ?> 170 173 <?php if ( current_user_can('publish_posts') ) : ?> 171 <input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" />174 <input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish'); ?>" /> 172 175 <?php endif; ?> 173 176 <?php … … 187 190 <?php 188 191 if (current_user_can('upload_files')) { 189 $uploading_iframe_ID = ( 0 == $post_ID ? $temp_ID : $post_ID);192 $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID); 190 193 $uploading_iframe_src = wp_nonce_url("upload.php?style=inline&tab=upload&post_id=$uploading_iframe_ID", 'inlineuploading'); 191 194 $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src); 192 195 if ( false != $uploading_iframe_src ) 193 echo '<iframe id="uploading" name="uploading"frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';196 echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>'; 194 197 } 195 198 ?> trunk/wp-admin/edit-form-comment.php
r972 r1005 3 3 $toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID); 4 4 $form_action = 'editedcomment'; 5 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='" .$comment->comment_post_ID;5 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='" . $comment->comment_post_ID; 6 6 ?> 7 7 … … 9 9 <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?> 10 10 <div class="wrap"> 11 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />11 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 12 12 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' /> 13 13 … … 21 21 <legend><label for="name"><?php _e('Name:') ?></label></legend> 22 22 <div> 23 <input type="text" name="newcomment_author" size="25" value="<?php echo $comment->comment_author?>" tabindex="1" id="name" />23 <input type="text" name="newcomment_author" size="25" value="<?php echo attribute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" /> 24 24 </div> 25 25 </fieldset> … … 27 27 <legend><label for="email"><?php _e('E-mail:') ?></label></legend> 28 28 <div> 29 <input type="text" name="newcomment_author_email" size="20" value="<?php echo $comment->comment_author_email?>" tabindex="2" id="email" />29 <input type="text" name="newcomment_author_email" size="20" value="<?php echo attribute_escape( $comment->comment_author_email ); ?>" tabindex="2" id="email" /> 30 30 </div> 31 31 </fieldset> … … 33 33 <legend><label for="newcomment_author_url"><?php _e('URL:') ?></label></legend> 34 34 <div> 35 <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url?>" tabindex="3" />35 <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape( $comment->comment_author_url ); ?>" tabindex="3" /> 36 36 </div> 37 37 </fieldset> trunk/wp-admin/edit-form.php
r828 r1005 7 7 <input type="hidden" name="mode" value="bookmarklet" /> 8 8 <?php endif; ?> 9 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />9 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 10 10 <input type="hidden" name="action" value='post' /> 11 11 … … 22 22 <fieldset id="titlediv"> 23 23 <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend> 24 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>24 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div> 25 25 </fieldset> 26 26 … … 50 50 </script> 51 51 52 <input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />52 <input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" /> 53 53 54 54 <p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Locator">URL</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Locator">URL</abbr>s with spaces.)'), 'http://wordpress.org/docs/reference/post/#trackback'); echo '<br />'; ?> … … 65 65 echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' . __('Advanced Editing »') . '" />'; 66 66 } ?> 67 <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />67 <input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" /> 68 68 </p> 69 69 trunk/wp-admin/edit-link-form.php
r972 r1005 81 81 <tr> 82 82 <th scope="row" valign="top"><label for="link_name"><?php _e('Name:') ?></label></th> 83 <td><input type="text" name="link_name" id="link_name"value="<?php echo $link->link_name; ?>" style="width: 95%" /></td>83 <td><input type="text" name="link_name" value="<?php echo $link->link_name; ?>" style="width: 95%" /></td> 84 84 </tr> 85 85 <tr> 86 86 <th width="20%" scope="row" valign="top"><label for="link_url"><?php _e('Address:') ?></label></th> 87 <td width="80%"><input type="text" name="link_url" id="link_url"value="<?php echo $link->link_url; if ( empty( $link->link_url ) ) echo 'http://'; ?>" style="width: 95%" /></td>87 <td width="80%"><input type="text" name="link_url" value="<?php echo $link->link_url; if ( empty( $link->link_url ) ) echo 'http://'; ?>" style="width: 95%" /></td> 88 88 </tr> 89 89 <tr> 90 90 <th scope="row" valign="top"><label for="link_description"><?php _e('Description:') ?></label></th> 91 <td><input type="text" name="link_description" id="link_description"value="<?php echo $link->link_description; ?>" style="width: 95%" /></td>91 <td><input type="text" name="link_description" value="<?php echo $link->link_description; ?>" style="width: 95%" /></td> 92 92 </tr> 93 93 </table> trunk/wp-admin/edit-page-form.php
r972 r1005 3 3 <h2 id="write-post"><?php _e('Write Page'); ?></h2> 4 4 <?php 5 5 6 if (0 == $post_ID) { 6 7 $form_action = 'post'; … … 9 10 $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />"; 10 11 } else { 12 $post_ID = (int) $post_ID; 11 13 $form_action = 'editpost'; 12 14 $nonce_action = 'update-page_' . $post_ID; 13 15 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 14 16 } 17 18 $temp_ID = (int) $temp_ID; 19 $user_ID = (int) $user_ID; 15 20 16 21 $sendto = clean_url(stripslashes(wp_get_referer())); … … 69 74 <fieldset id="passworddiv" class="dbx-box"> 70 75 <h3 class="dbx-handle"><?php _e('Page Password') ?></h3> 71 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password?>" /></div>76 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div> 72 77 </fieldset> 73 78 … … 94 99 <fieldset id="slugdiv" class="dbx-box"> 95 100 <h3 class="dbx-handle"><?php _e('Page Slug') ?></h3> 96 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name?>" /></div>101 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div> 97 102 </fieldset> 98 103 … … 107 112 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; 108 113 else $selected = ''; 114 $o->ID = (int) $o->ID; 115 $o->display_name = wp_specialchars( $o->display_name ); 109 116 echo "<option value='$o->ID' $selected>$o->display_name</option>"; 110 117 endforeach; … … 127 134 <fieldset id="titlediv"> 128 135 <legend><?php _e('Page Title') ?></legend> 129 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>136 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div> 130 137 </fieldset> 131 138 … … 164 171 $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src); 165 172 if ( false != $uploading_iframe_src ) 166 echo '<iframe id="uploading" name="uploading"frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';173 echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>'; 167 174 } 168 175 ?> trunk/wp-admin/edit-pages.php
r972 r1005 11 11 <p><?php _e('Pages are like posts except they live outside of the normal blog chronology and can be hierarchical. You can use pages to organize and manage any amount of content.'); ?> <a href="page-new.php"><?php _e('Create a new page »'); ?></a></p> 12 12 13 <form name="searchform" id="searchform"action="" method="get">13 <form name="searchform" action="" method="get"> 14 14 <fieldset> 15 15 <legend><?php _e('Search Pages…') ?></legend> 16 <input type="text" name="s" id="s"value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" />16 <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 17 17 <input type="submit" name="submit" value="<?php _e('Search') ?>" /> 18 18 </fieldset> 19 19 </form> 20 21 <br style="clear:both;" />22 20 23 21 <?php trunk/wp-admin/edit.php
r972 r1005 77 77 <fieldset> 78 78 <legend><?php _e('Search Posts…') ?></legend> 79 <input type="text" name="s" id="s"value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" />79 <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> 80 80 <input type="submit" name="submit" value="<?php _e('Search') ?>" class="button" /> 81 81 </fieldset> … … 197 197 ?> 198 198 <td style="text-align: center"> 199 <?php comments_number( "<a href='edit.php?p=$id&c=1'>" . __('0') . '</a>', "<a href='edit.php?p=$id&c=1'>" . __('1') . '</a>', "<a href='edit.php?p=$id&c=1'>" . __('%') . '</a>') ?>199 <?php comments_number(__('0'), "<a href='edit.php?p=$id&c=1'>" . __('1') . '</a>', "<a href='edit.php?p=$id&c=1'>" . __('%') . '</a>') ?> 200 200 </td> 201 201 <?php trunk/wp-admin/export.php
r972 r1005 149 149 --> 150 150 151 <!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H: m'); ?>"-->151 <!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H:i'); ?>"--> 152 152 <rss version="2.0" 153 153 xmlns:content="http://purl.org/rss/1.0/modules/content/" trunk/wp-admin/import/livejournal.php
r972 r1005 50 50 preg_match('|<eventtime>(.*?)</eventtime>|is', $post, $post_date); 51 51 $post_date = strtotime($post_date[1]); 52 $post_date = date('Y-m-d H:i:s', $post_date);52 $post_date = gmdate('Y-m-d H:i:s', $post_date); 53 53 54 54 preg_match('|<event>(.*?)</event>|is', $post, $post_content); trunk/wp-admin/import/textpattern.php
r972 r1005 560 560 echo '<p>'.__('Welcome to WordPress. We hope (and expect!) that you will find this platform incredibly rewarding! As a new WordPress user coming from Textpattern, there are some things that we would like to point out. Hopefully, they will help your transition go as smoothly as possible.').'</p>'; 561 561 echo '<h3>'.__('Users').'</h3>'; 562 echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password. Forget it. You didn ’t have that login in Textpattern, why should you have it here? Instead we have taken care to import all of your users into our system. Unfortunately there is one downside. Because both WordPress and Textpattern uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users. <strong>Every user has the same username, but their passwords are reset to password123.</strong> So <a href="%1$s">Login</a> and change it.'), get_bloginfo( 'wpurl' ) .'/wp-login.php').'</p>';562 echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password. Forget it. You didn\'t have that login in Textpattern, why should you have it here? Instead we have taken care to import all of your users into our system. Unfortunately there is one downside. Because both WordPress and Textpattern uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users. <strong>Every user has the same username, but their passwords are reset to password123.</strong> So <a href="%1$s">Login</a> and change it.'), '/wp-login.php').'</p>'; 563 563 echo '<h3>'.__('Preserving Authors').'</h3>'; 564 564 echo '<p>'.__('Secondly, we have attempted to preserve post authors. If you are the only author or contributor to your blog, then you are safe. In most cases, we are successful in this preservation endeavor. However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>'; 565 565 echo '<h3>'.__('Textile').'</h3>'; 566 echo '<p>'.__('Also, since you ’re coming from Textpattern, you probably have been using Textile to format your comments and posts. If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>. Trust me... You’ll want it.').'</p>';566 echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts. If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>. Trust me... You\'ll want it.').'</p>'; 567 567 echo '<h3>'.__('WordPress Resources').'</h3>'; 568 568 echo '<p>'.__('Finally, there are numerous WordPress resources around the internet. Some of them are:').'</p>'; … … 572 572 echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>'; 573 573 echo '</ul>'; 574 echo '<p>'.sprintf(__('That ’s it! What are you waiting for? Go <a href="%1$s">login</a>!'), get_bloginfo( 'wpurl' ) .'/wp-login.php').'</p>';574 echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>'; 575 575 } 576 576 trunk/wp-admin/index.php
r972 r1005 44 44 45 45 <?php if ( $numcomments ) : ?> 46 <p><strong><a href="moderation.php"><?php echo sprintf(__('Comments in moderation (%s)'), number_format _i18n($numcomments) ); ?> »</a></strong></p>46 <p><strong><a href="moderation.php"><?php echo sprintf(__('Comments in moderation (%s)'), number_format($numcomments) ); ?> »</a></strong></p> 47 47 <?php endif; ?> 48 48 … … 104 104 $numcats = (int) $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->categories"); 105 105 106 $post_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Posts">post</a>', '%1$s <a href="%2$s" title="Posts">posts</a>', $numposts), number_format _i18n($numposts), 'edit.php');107 $comm_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Comments">comment</a>', '%1$s <a href="%2$s" title="Comments">comments</a>', $numcomms), number_format _i18n($numcomms), 'edit-comments.php');108 $cat_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Categories">category</a>', '%1$s <a href="%2$s" title="Categories">categories</a>', $numcats), number_format _i18n($numcats), 'categories.php');106 $post_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Posts">post</a>', '%1$s <a href="%2$s" title="Posts">posts</a>', $numposts), number_format($numposts), 'edit.php'); 107 $comm_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Comments">comment</a>', '%1$s <a href="%2$s" title="Comments">comments</a>', $numcomms), number_format($numcomms), 'edit-comments.php'); 108 $cat_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Categories">category</a>', '%1$s <a href="%2$s" title="Categories">categories</a>', $numcats), number_format($numcats), 'categories.php'); 109 109 ?> 110 110 trunk/wp-admin/link-manager.php
r972 r1005 200 200 201 201 <?php } ?> 202 <?php203 if( wp_cache_get( "checked_bookmarks_table", "options" ) == false ) {204 $results = $wpdb->get_results( "SELECT link_id, category_id, count( * ) AS c FROM {$wpdb->link2cat} GROUP BY link_id, category_id" );205 if( $results != null ) {206 foreach( $results as $link ) {207 if( $link->c > 1 ) {208 $wpdb->query( "DELETE FROM {$wpdb->link2cat} WHERE link_id='{$link->link_id}' AND category_id='{$link->category_id}'" );209 $wpdb->query( "INSERT INTO {$wpdb->link2cat} VALUES ( 0, '{$link->link_id}', '{$link->category_id}' )" );210 }211 }212 }213 wp_cache_set( "checked_bookmarks_table", "1", "options" );214 } ?>215 202 216 203 </div> trunk/wp-admin/moderation.php
r972 r1005 124 124 <p><?php comment_date(__('M j, g:i A')); ?> — [ <?php 125 125 echo '<a href="comment.php?action=editcomment&c='.$comment->comment_ID.'">' . __('Edit') . '</a> | '; 126 echo " <a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author )) . "', theCommentList );\">" . __('Delete') . "</a> "; ?> ] —126 echo " <a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author )) . "', theCommentList );\">" . __('Delete') . "</a> | "; ?> 127 127 <?php 128 128 $post = get_post($comment->comment_post_ID); … … 130 130 $post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title; 131 131 ?> 132 <a href="<?php echo get_permalink($comment->comment_post_ID); ?>" ><?php echo $post_title; ?></a></p>133 <p><?php _e('Bulk action:') ?>132 <a href="<?php echo get_permalink($comment->comment_post_ID); ?>" title="<?php echo $post_title; ?>"><?php _e('View Post') ?></a> ] — 133 <?php _e('Bulk action:') ?> 134 134 <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment-<?php echo $comment->comment_ID; ?>-approve"><?php _e('Approve') ?></label> 135 135 <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment-<?php echo $comment->comment_ID; ?>-spam"><?php _e('Spam') ?></label> … … 183 183 <noscript> 184 184 <p> 185 <input name="feelinglucky" type="checkbox" id="feelinglucky" value="true" /> <label for="feelinglucky"><?php _e('Delete every comment marked “defer.”<strong>Warning: This can’t be undone.</strong>'); ?></label>185 <input name="feelinglucky" type="checkbox" id="feelinglucky" value="true" /> <label for="feelinglucky"><?php _e('Delete every comment marked "defer." <strong>Warning: This can’t be undone.</strong>'); ?></label> 186 186 </p> 187 187 </noscript> trunk/wp-admin/options-reading.php
r873