Navigation

← Previous Changeset
Next Changeset →

Changeset 828

Timestamp:

12/22/06 12:54:24 (2 years ago)

Author:

donncha

Message:

WP Merge to rev 4661

Files:

trunk/wp-admin/admin-ajax.php (modified) (2 diffs)
trunk/wp-admin/admin-functions.php (modified) (14 diffs)
trunk/wp-admin/bookmarklet.php (modified) (1 diff)
trunk/wp-admin/categories.php (modified) (1 diff)
trunk/wp-admin/edit-category-form.php (modified) (2 diffs)
trunk/wp-admin/edit-comments.php (modified) (4 diffs)
trunk/wp-admin/edit-form-advanced.php (modified) (2 diffs)
trunk/wp-admin/edit-form-comment.php (modified) (1 diff)
trunk/wp-admin/edit-form.php (modified) (1 diff)
trunk/wp-admin/edit-link-form.php (modified) (1 diff)
trunk/wp-admin/edit-page-form.php (modified) (9 diffs)
trunk/wp-admin/edit-pages.php (modified) (1 diff)
trunk/wp-admin/edit.php (modified) (4 diffs)
trunk/wp-admin/export.php (modified) (1 diff)
trunk/wp-admin/index.php (modified) (8 diffs)
trunk/wp-admin/link-add.php (modified) (1 diff)
trunk/wp-admin/link-manager.php (modified) (5 diffs)
trunk/wp-admin/moderation.php (modified) (2 diffs)
trunk/wp-admin/options-discussion.php (modified) (1 diff)
trunk/wp-admin/options-misc.php (modified) (1 diff)
trunk/wp-admin/options-permalink.php (modified) (2 diffs)
trunk/wp-admin/options.php (modified) (1 diff)
trunk/wp-admin/page.php (modified) (1 diff)
trunk/wp-admin/plugins.php (modified) (1 diff)
trunk/wp-admin/post.php (modified) (1 diff)
trunk/wp-admin/profile-update.php (modified) (1 diff)
trunk/wp-admin/templates.php (modified) (1 diff)
trunk/wp-admin/theme-editor.php (modified) (1 diff)
trunk/wp-admin/upgrade.php (modified) (2 diffs)
trunk/wp-admin/upload-functions.php (modified) (3 diffs)
trunk/wp-admin/upload-js.php (modified) (4 diffs)
trunk/wp-admin/upload.php (modified) (1 diff)
trunk/wp-admin/user-edit.php (modified) (1 diff)
trunk/wp-admin/users.php (modified) (5 diffs)
trunk/wp-content/themes/classic/comments-popup.php (modified) (1 diff)
trunk/wp-content/themes/default/comments-popup.php (modified) (1 diff)
trunk/wp-includes/author-template.php (modified) (2 diffs)
trunk/wp-includes/bookmark-template.php (modified) (2 diffs)
trunk/wp-includes/classes.php (modified) (2 diffs)
trunk/wp-includes/comment-template.php (modified) (1 diff)
trunk/wp-includes/comment.php (modified) (4 diffs)
trunk/wp-includes/formatting.php (modified) (2 diffs)
trunk/wp-includes/functions.php (modified) (4 diffs)
trunk/wp-includes/general-template.php (modified) (5 diffs)
trunk/wp-includes/kses.php (modified) (2 diffs)
trunk/wp-includes/post-template.php (modified) (3 diffs)
trunk/wp-includes/registration.php (modified) (2 diffs)
trunk/wp-links-opml.php (modified) (2 diffs)
trunk/wp-login.php (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/wp-admin/admin-ajax.php

r819	r828
14	14
15	15	function wp_ajax_meta_row( $pid, $mid, $key, $value ) {
16		$value = ~~wp_specialchars($value, tr~~ue);
	16	$value = attribute_escape($value);
17	17	$key_js = addslashes(wp_specialchars($key, 'double'));
18		$key = ~~wp_specialchars($key, true~~);
	18	$key = attribute_escape($key);
19	19	$r .= "<tr id='meta-$mid'><td valign='top'>";
20	20	$r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater('meta','meta-$mid');\",event);' type='text' size='20' value='$key' />";
…	…
142	142	$level++;
143	143	}
144		$cat_full_name = ~~wp_specialchars( $cat_full_name, 1~~ );
	144	$cat_full_name = attribute_escape($cat_full_name);
145	145
146	146	$x = new WP_Ajax_Response( array(

trunk/wp-admin/admin-functions.php

r824	r828
41	41	if ( 'page' == $_POST['post_type'] ) {
42	42	if ( !current_user_can( 'edit_others_pages' ) )
43		return new WP_Error( 'edit_others_pages', __( 'You ~~cannot~~ create pages as this user.' ) );
	43	return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
44	44	} else {
45	45	if ( !current_user_can( 'edit_others_posts' ) )
46		return new WP_Error( 'edit_others_posts', __( 'You ~~cannot~~ post as this user.' ) );
	46	return new WP_Error( 'edit_others_posts', __( 'You are not allowed to post as this user.' ) );
47	47
48	48	}
…	…
185	185	if ( 'page' == $_POST['post_type'] ) {
186	186	if ( !current_user_can( 'edit_others_pages' ) )
187		wp_die( __('You ~~cannot~~ edit pages as this user.' ));
	187	wp_die( __('You are not allowed to edit pages as this user.' ));
188	188	} else {
189	189	if ( !current_user_can( 'edit_others_posts' ) )
190		wp_die( __('You ~~cannot~~ edit posts as this user.' ));
	190	wp_die( __('You are not allowed to edit posts as this user.' ));
191	191
192	192	}
…	…
324	324	$text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
325	325	$text = funky_javascript_fix( $text);
326		$popupurl = ~~wp_specialchars( $_REQUEST['popupurl']~~ );
	326	$popupurl = attribute_escape($_REQUEST['popupurl']);
327	327	$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
328	328	}
…	…
381	381	function get_user_to_edit( $user_id ) {
382	382	$user = new WP_User( $user_id );
383		$user->user_login ~~= wp_specialchars( $user->user_login, 1~~ );
384		$user->user_email ~~= wp_specialchars( $user->user_email, 1~~ );
385		$user->user_url ~~= wp_specialchars( $user->user_url, 1~~ );
386		$user->first_name ~~= wp_specialchars( $user->first_name, 1~~ );
387		$user->last_name ~~= wp_specialchars( $user->last_name, 1~~ );
388		$user->display_name = ~~wp_specialchars( $user->display_name, 1~~ );
389		$user->nickname ~~= wp_specialchars( $user->nickname, 1~~ );
390		$user->aim ~~= wp_specialchars( $user->aim, 1~~ );
391		$user->yim ~~= wp_specialchars( $user->yim, 1~~ );
392		$user->jabber ~~= wp_specialchars( $user->jabber, 1~~ );
393		$user->description ~~= wp_specialchars( $user->description~~ );
	383	$user->user_login = attribute_escape($user->user_login);
	384	$user->user_email = attribute_escape($user->user_email);
	385	$user->user_url = attribute_escape($user->user_url);
	386	$user->first_name = attribute_escape($user->first_name);
	387	$user->last_name = attribute_escape($user->last_name);
	388	$user->display_name = attribute_escape($user->display_name);
	389	$user->nickname = attribute_escape($user->nickname);
	390	$user->aim = attribute_escape($user->aim);
	391	$user->yim = attribute_escape($user->yim);
	392	$user->jabber = attribute_escape($user->jabber);
	393	$user->description = wp_specialchars($user->description);
394	394
395	395	return $user;
…	…
463	463	if ( isset( $_POST['yim'] ))
464	464	$user->yim = wp_specialchars( trim( $_POST['yim'] ));
	465	if ( !$update )
	466	$user->rich_editing = 'true'; // Default to true for new users.
	467	else if ( isset( $_POST['rich_editing'] ) )
	468	$user->rich_editing = $_POST['rich_editing'];
	469	else
	470	$user->rich_editing = 'false';
465	471
466	472	$errors = new WP_Error();
…	…
522	528	$link = get_link( $link_id );
523	529
524		$link->link_url ~~= wp_specialchars( $link->link_url, 1~~ );
525		$link->link_name ~~= wp_specialchars( $link->link_name, 1~~ );
526		$link->link_image ~~= wp_specialchars( $link->link_image, 1~~ );
527		$link->link_description = ~~wp_specialchars( $link->link_description, 1~~ );
528		$link->link_~~notes = wp_specialchars( $link->link_notes~~ );
529		$link->link_r~~ss = wp_specialchars( $link->link_rss, 1~~ );
530		$link->link_~~rel = wp_specialchars( $link->link_rel, 1~~ );
531		$link->post_category = $link->link_category;
	530	$link->link_url = attribute_escape($link->link_url);
	531	$link->link_name = attribute_escape($link->link_name);
	532	$link->link_image = attribute_escape($link->link_image);
	533	$link->link_description = attribute_escape($link->link_description);
	534	$link->link_rss = attribute_escape($link->link_rss);
	535	$link->link_rel = attribute_escape($link->link_rel);
	536	$link->link_notes = wp_specialchars($link->link_notes);
	537	$link->post_category = $link->link_category;
532	538
533	539	return $link;
…	…
536	542	function get_default_link_to_edit() {
537	543	if ( isset( $_GET['linkurl'] ) )
538		$link->link_url = ~~wp_specialchars( $_GET['linkurl'], 1~~ );
	544	$link->link_url = attribute_escape( $_GET['linkurl']);
539	545	else
540	546	$link->link_url = '';
541	547
542	548	if ( isset( $_GET['name'] ) )
543		$link->link_name = ~~wp_specialchars( $_GET['name'], 1~~ );
	549	$link->link_name = attribute_escape( $_GET['name']);
544	550	else
545	551	$link->link_name = '';
…	…
556	562	function edit_link( $link_id = '' ) {
557	563	if (!current_user_can( 'manage_links' ))
558		wp_die( __(~~"Cheatin' uh ?"~~ ));
	564	wp_die( __( 'Cheatin&8217; uh?' ));
559	565
560	566	$_POST['link_url'] = wp_specialchars( $_POST['link_url'] );
…	…
765	771	$category->category_count = number_format( $category->category_count );
766	772	$category->link_count = number_format( $category->link_count );
	773	$posts_count = ( $category->category_count > 0 ) ? "<a href='edit.php?cat=$category->cat_ID'>$category->category_count</a>" : $category->category_count;
767	774	return "<tr id='cat-$category->cat_ID'$class>
768	775	<th scope='row' style='text-align: center'>$category->cat_ID</th>
769	776	<td>" . ( $name_override ? $name_override : $pad . ' ' . $category->cat_name ) . "</td>
770	777	<td>$category->category_description</td>
771		<td align='center'>~~<a href='edit.php?cat=$category->cat_ID'>$category->category_count</a>~~</td>
	778	<td align='center'>$posts_count</td>
772	779	<td align='center'>$category->link_count</td>
773	780	<td>$edit</td>\n\t</tr>\n";
…	…
833	840	if ( $numposts > 0 ) {
834	841	$r .= "<a href='edit.php?author=$user_object->ID' title='" . __( 'View posts by this author' ) . "' class='edit'>";
835		$r .= sprintf( ~~__('View %1$s %2$s' ), $numposts, __ngettext( 'post', 'posts', $numposts )~~);
	842	$r .= sprintf(__ngettext( 'View %s post', 'View %s posts', $numposts ), $numposts);
836	843	$r .= '</a>';
837	844	}
838	845	$r .= "</td>\n\t\t<td>";
839	846	if ( ( is_site_admin() \|\| $current_user->ID == $user_object->ID ) && current_user_can( 'edit_user', $user_object->ID ) ) {
840		$edit_link = ~~wp_specialchars( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" )~~ );
	847	$edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
841	848	$r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>";
842	849	}
…	…
918	925
919	926	$key_js = js_escape( $entry['meta_key'] );
920		$entry['meta_key'] ~~= wp_specialchars( $entry['meta_key'], true~~ );
921		$entry['meta_value'] = ~~wp_specialchars( $entry['meta_value'], true~~ );
	927	$entry['meta_key'] = attribute_escape($entry['meta_key']);
	928	$entry['meta_value'] = attribute_escape($entry['meta_value']);
922	929	$r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>";
923	930	$r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>";
…	…
972	979
973	980	foreach ( $keys as $key ) {
974		$key = ~~wp_specialchars( $key, 1~~ );
	981	$key = attribute_escape( $key);
975	982	echo "\n\t<option value='$key'>$key</option>";
976	983	}
…	…
1076	1083	<?php
1077	1084	if ( $edit ) {
1078		_e( 'Existing timestamp' );
1079		//echo ': ' . $wp_locale->get_month( $mm ) . "$jj, $aa @ $hh:$mn";
1080		echo sprintf( __(': %1$s %2$s, %3$s @ %4$s:%5$s' ), $wp_locale->get_month( $mm ), $jj, $aa, $hh, $mn );
	1085	printf( __('Existing timestamp: %1$s %2$s, %3$s @ %4$s:%5$s' ), $wp_locale->get_month( $mm ), $jj, $aa, $hh, $mn );
1081	1086	}
1082	1087	?>
…	…
2000	2005	function wp_remember_old_slug() {
2001	2006	global $post;
2002		$name = ~~wp_specialchars~~($post->post_name); // just in case
	2007	$name = attribute_escape($post->post_name); // just in case
2003	2008	if ( strlen($name) )
2004	2009	echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />';

trunk/wp-admin/bookmarklet.php

r810	r828
38	38
39	39	$content = wp_specialchars($_REQUEST['content']);
40		$popupurl = ~~wp_specialchars~~($_REQUEST['popupurl']);
	40	$popupurl = attribute_escape($_REQUEST['popupurl']);
41	41	if ( !empty($content) ) {
42	42	$post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );

trunk/wp-admin/categories.php

r810	r828
35	35	// Don't delete the default cats.
36	36	if ( $cat_ID == get_option('default_category') )
37		wp_die(sprintf(__("Can't delete the <strong>%s</strong> category: this is the default one"), $cat_name));
	37	wp_die(sprintf(__("Can&8217;t delete the <strong>%s</strong> category: this is the default one"), $cat_name));
38	38
39	39	if ( $cat_ID == get_option('default_link_category') )
40		wp_die(sprintf(__("Can't delete the <strong>%s</strong> category: this is the default one for links"), $cat_name));
	40	wp_die(sprintf(__("Can&8217;t delete the <strong>%s</strong> category: this is the default one for links"), $cat_name));
41	41
42	42	wp_delete_category($cat_ID);

trunk/wp-admin/edit-category-form.php

r819	r828
27	27	<table class="editform" width="100%" cellspacing="2" cellpadding="5">
28	28	<tr>
29		<th width="33%" scope="row" valign="top"><label for="cat_name"><?php _e('Category name:') ?></label></th>
30		~~<td width="67%"><input type="text" id="cat_name" name="cat_name" value="<?php echo wp_specialchars~~($category->cat_name); ?>" size="40" /><div id="searchresults" class="autocomplete"></div></td>
	29	<th width="33%" scope="row" valign="top"><label for="cat_name"><?php _e('Category name:') ?></label></th>
	30	<td width="67%"><input name="cat_name" id="cat_name" type="text" value="<?php echo attribute_escape($category->cat_name); ?>" size="40" /><div id="searchresults" class="autocomplete"></div></td>
31	31	</tr>
32	32	<tr>
…	…
38	38	<tr>
39	39	<th scope="row" valign="top"><label for="category_description"><?php _e('Description: (optional)') ?></label></th>
40		<td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description~~, 1~~); ?></textarea></td>
	40	<td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description); ?></textarea></td>
41	41	</tr>
42	42	</table>

trunk/wp-admin/edit-comments.php

r826	r828
8	8	require_once('admin-header.php');
9	9	if (empty($_GET['mode'])) $mode = 'view';
10		else $mode = ~~wp_specialchars($_GET['mode'], 1~~);
	10	else $mode = attribute_escape($_GET['mode']);
11	11	?>
12	12
…	…
43	43	<fieldset>
44	44	<legend><?php _e('Show Comments That Contain...') ?></legend>
45		<input type="text" name="s" value="<?php if (isset($_GET['s'])) echo ~~wp_specialchars($_GET['s'], 1~~); ?>" size="17" />
	45	<input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" />
46	46	<input type="submit" name="submit" value="<?php _e('Search') ?>" />
47	47	<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
…	…
68	68	endforeach;
69	69	echo '<div style="background-color: rgb(207, 235, 247);" id="message" class="updated fade"><p>';
70		if ( !empty( $_POST['spam_button'] ) )
71		printf(__('%s comments marked as spam.'), $i);
72		else
73		printf(__('%s comments deleted.'), $i);
	70	if ( !empty( $_POST['spam_button'] ) ) {
	71	printf(__ngettext('%s comment marked as spam', '%s comments marked as spam.', $i), $i);
	72	} else {
	73	printf(__ngettext('%s comment deleted.', '%s comments deleted.', $i), $i);
	74	}
74	75	echo '</p></div>';
75	76	endif;
…	…
157	158	if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
158	159	echo " <a href='comment.php?action=editcomment&c=".$comment->comment_ID."'>" . __('Edit') . '</a>';
159		echo ' \| <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
	160	echo ' \| <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by "%s".\n"Cancel" to stop, "OK" to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
160	161	if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
161	162	echo '<span class="unapprove"> \| <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
162	163	echo '<span class="approve"> \| <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
163	164	}
164		echo " \| <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&dt=spam&p=" . $comment->comment_post_ID . "&c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ";
	165	echo " \| <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&dt=spam&p=" . $comment->comment_post_ID . "&c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by "%s".\n"Cancel" to stop, "OK" to mark as spam."), $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ";
165	166	}
166	167	$post = get_post($comment->comment_post_ID);

trunk/wp-admin/edit-form-advanced.php

r821	r828
174	174	<input name="referredby" type="hidden" id="referredby" value="<?php
175	175	if ( !empty($_REQUEST['popupurl']) )
176		echo ~~wp_specialchars($_REQUEST['popupurl']~~);
	176	echo attribute_escape(stripslashes($_REQUEST['popupurl']));
177	177	else if ( url_to_postid(wp_get_referer()) == $post_ID )
178	178	echo 'redo';
179	179	else
180		echo ~~wp_specialchars(wp_get_referer(~~));
	180	echo attribute_escape(stripslashes(wp_get_referer()));
181	181	?>" /></p>
182	182
…	…
212	212	</div>
213	213	<div class="dbx-c-ontent-wrapper">
214		<div class="dbx-content"><?php _e('Send trackbacks to~~'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URI~~s with spaces'); ?>)
	214	<div class="dbx-content"><?php _e('Send trackbacks to:'); ?> <?php echo $form_trackback; ?> (<?php _e('Separate multiple URLs with spaces'); ?>)
215	215	<?php
216	216	if ( ! empty($pings) )

trunk/wp-admin/edit-form-comment.php

r819	r828
68	68	<tr>
69	69	<th scope="row" valign="top"><?php _e('Delete'); $delete_nonce = wp_create_nonce( 'delete-comment_' . $comment->comment_ID ); ?>:</th>
70		<td><input name="deletecomment" class="button delete" type="submit" id="deletecomment" tabindex="10" value="<?php _e('Delete this comment') ?>" <?php echo "onclick=\"if ( confirm('" . ~~__("You are about to delete this comment \\n \'Cancel\' to stop, \'OK\' to delete."~~) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true; } return false;\""; ?> />
	70	<td><input name="deletecomment" class="button delete" type="submit" id="deletecomment" tabindex="10" value="<?php _e('Delete this comment') ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n 'Cancel' to stop, 'OK' to delete.")) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true; } return false;\""; ?> />
71	71	<input type="hidden" name="c" value="<?php echo $comment->comment_ID ?>" />
72	72	<input type="hidden" name="p" value="<?php echo $comment->comment_post_ID ?>" />

trunk/wp-admin/edit-form.php

r810	r828
52	52	<input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />
53	53
54		<p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Locator">URL</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Locator">URL</abbr>s with spaces.)~~<br />'), 'http://wordpress.org/docs/reference/post/#trackback')~~ ?>
	54	<p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Locator">URL</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Locator">URL</abbr>s with spaces.)'), 'http://wordpress.org/docs/reference/post/#trackback'); echo '<br />'; ?>
55	55	<input type="text" name="trackback_url" style="width: 360px" id="trackback" tabindex="7" /></p>
56	56

trunk/wp-admin/edit-link-form.php

r810	r828
253	253	<input type="hidden" name="action" value="save" />
254	254	<input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
255		<input type="hidden" name="order_by" value="<?php echo ~~wp_specialchars($order_by, 1~~); ?>" />
	255	<input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
256	256	<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
257	257	<?php else: ?>

trunk/wp-admin/edit-page-form.php

r816	r828
14	14	}
15	15
16		$sendto = ~~wp_get_referer(~~);
	16	$sendto = attribute_escape(stripslashes(wp_get_referer()));
17	17
18	18	if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
19	19	$sendto = 'redo';
20		~~$sendto = wp_specialchars( $sendto );~~
21
22	20	?>
23	21
…	…
55	53	<label for="comment_status" class="selectit">
56	54	<input name="comment_status" type="checkbox" id="comment_status" value="open" <?php checked($post->comment_status, 'open'); ?> />
57		<?php _e('Allow Comments') ?></label>
	55	<?php _e('Allow Comments') ?></label>
58	56	<label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($post->ping_status, 'open'); ?> /> <?php _e('Allow Pings') ?></label>
59	57	</div>
…	…
61	59
62	60	<fieldset class="dbx-box">
63		<h3 class="dbx-handle"><?php _e('Page Status') ?></h3>
	61	<h3 class="dbx-handle"><?php _e('Page Status') ?></h3>
64	62	<div class="dbx-content"><?php if ( current_user_can('publish_pages') ) : ?>
65	63	<label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post->post_status, 'publish'); checked($post->post_status, 'future'); ?> /> <?php _e('Published') ?></label>
…	…
70	68
71	69	<fieldset id="passworddiv" class="dbx-box">
72		<h3 class="dbx-handle"><?php _e('Page Password') ?></h3>
	70	<h3 class="dbx-handle"><?php _e('Page Password') ?></h3>
73	71	<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
74	72	</fieldset>
75	73
76	74	<fieldset id="pageparent" class="dbx-box">
77		<h3 class="dbx-handle"><?php _e('Page Parent') ?></h3>
	75	<h3 class="dbx-handle"><?php _e('Page Parent') ?></h3>
78	76	<div class="dbx-content"><p><select name="parent_id">
79	77	<option value='0'><?php _e('Main Page (no parent)'); ?></option>
…	…
85	83	<?php if ( 0 != count( get_page_templates() ) ) { ?>
86	84	<fieldset id="pagetemplate" class="dbx-box">
87		<h3 class="dbx-handle"><?php _e('Page Template~~:') ?></h3>~~
	85	<h3 class="dbx-handle"><?php _e('Page Template') ?></h3>
88	86	<div class="dbx-content"><p><select name="page_template">
89	87	<option value='default'><?php _e('Default Template'); ?></option>
…	…
95	93
96	94	<fieldset id="slugdiv" class="dbx-box">
97		<h3 class="dbx-handle"><?php _e('Page Slug') ?></h3>
	95	<h3 class="dbx-handle"><?php _e('Page Slug') ?></h3>
98	96	<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
99	97	</fieldset>
…	…
128	126
129	127	<fieldset id="titlediv">
130		<legend><?php _e('Page Title') ?></legend>
	128	<legend><?php _e('Page Title') ?></legend>
131	129	<div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
132	130	</fieldset>
…	…
141	139	<span id="autosave"></span>
142	140	<input name="save" type="submit" id="save" tabindex="3" value="<?php _e('Save and Continue Editing'); ?>" />
143		<input type="submit" name="submit" value="<?php _e('Save') ?>" style="font-weight: bold;" tabindex="4" />
144		<?php
	141	<input type="submit" name="submit" value="<?php _e('Save') ?>" style="font-weight: bold;" tabindex="4" />
	142	<?php
145	143	if ('publish' != $post->post_status \|\| 0 == $post_ID):
146	144	?>
147	145	<?php if ( current_user_can('publish_pages') ) : ?>
148		<input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" />
	146	<input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" />
149	147	<?php endif; endif;?>
150	148	<input name="referredby" type="hidden" id="referredby" value="<?php echo $sendto; ?>" />
…	…
189	187	$delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID );
190	188	if ( current_user_can('delete_page', $post->ID) ) ?>
191		<input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(sprintf(__("You are about to delete this page ~~\'%s\'\\n \'Cancel\' to stop, \'OK\~~' to delete."), $post->post_title )) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
	189	<input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(sprintf(__("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
192	190	<?php endif; ?>
193	191	</div>

trunk/wp-admin/edit-pages.php

r810	r828
14	14	<fieldset>
15	15	<legend><?php _e('Search Pages…') ?></legend>
16		<input type="text" name="s" value="<?php if (isset($_GET['s'])) echo ~~wp_specialchars($_GET['s'], 1~~); ?>" size="17" />
	16	<input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" />
17	17	<input type="submit" name="submit" value="<?php _e('Search') ?>" />
18	18	</fieldset>

trunk/wp-admin/edit.php

r819	r828
77	77	<fieldset>
78	78	<legend><?php _e('Search Posts…') ?></legend>
79		<input type="text" name="s" value="<?php if (isset($s)) echo ~~wp_specialchars($s, 1~~); ?>" size="17" />
	79	<input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" />
80	80	<input type="submit" name="submit" value="<?php _e('Search') ?>" class="button" />
81	81	</fieldset>
…	…
196	196	case 'comments':
197	197	?>
198		<td style="text-align: center">~~<a href="edit.php?p=<?php echo $id ?>&c=1">~~
199		<?php comments_number(__('0'), ~~__('1'), __('%')~~) ?>
200		</~~a></~~td>
	198	<td style="text-align: center">
	199	<?php comments_number(__('0'), "<a href='edit.php?p=$id&c=1'>" . __('1') . '</a>', "<a href='edit.php?p=$id&c=1'>" . __('%') . '</a>') ?>
	200	</td>
201	201	<?php
202	202	break;
…	…
222	222	case 'control_delete':
223	223	?>
224		<td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . ~~sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title())~~ ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
	224	<td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . js_escape(sprintf(__("You are about to delete this post '%s'.\n'OK' to delete, 'Cancel' to stop."), get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td>
225	225	<?php
226	226	break;
…	…
284	284	if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
285	285	echo " <a href='comment.php?action=editcomment&c=".$comment->comment_ID."'>" . __('Edit') . '</a>';
286		echo ' \| <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by ~~"%s".\\n"Cancel" to stop, "OK"~~ to delete."), js_escape($comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
	286	echo ' \| <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), js_escape($comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
287	287	if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
288	288	echo '<span class="unapprove"> \| <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
289	289	echo '<span class="approve"> \| <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
290	290	}
291		echo " \| <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&dt=spam&p=".$comment->comment_post_ID."&c=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by ~~"%s".\\n"Cancel" to stop, "OK"~~ to mark as spam."), js_escape( $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ]";
	291	echo " \| <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&dt=spam&p=".$comment->comment_post_ID."&c=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), js_escape( $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ]";
292	292	} // end if any comments to show
293	293	?>

trunk/wp-admin/export.php

r819	r828
15	15	<p><?php _e('When you click the button below WordPress will create an XML file for you to save to your computer.'); ?></p>
16	16	<p><?php _e('This format, which we call WordPress eXtended RSS or WXR, will contain your posts, comments, custom fields, and categories.'); ?></p>
17		<p><?php _e('Once you\'ve saved the download file, you can use the Import function on another WordPress blog to import this blog.'); ?></p>
	17	<p><?php _e('Once you&8217;ve saved the download file, you can use the Import function on another WordPress blog to import this blog.'); ?></p>
18	18	<form action="" method="get">
19	19	<h3><?php _e('Optional options'); ?></h3>

trunk/wp-admin/index.php

r793	r828
1	1	<?php
2	2	require_once('admin.php');
	3
	4	function index_js() {
	5	?>
	6	<script type="text/javascript">
	7	Event.observe( window, 'load', dashboard_init, false );
	8	function dashboard_init() {
	9	var update1 = new Ajax.Updater( 'incominglinks', 'index-extra.php?jax=incominglinks' );
	10	var update2 = new Ajax.Updater( 'devnews', 'index-extra.php?jax=devnews' );
	11	var update3 = new Ajax.Updater( 'planetnews', 'index-extra.php?jax=planetnews' );
	12	}
	13	</script>
	14	<?php
	15	}
	16	add_action( 'admin_head', 'index_js' );
	17	wp_enqueue_script('prototype');
	18
3	19	$title = __('Dashboard');
4	20	$parent_file = 'index.php';
5	21	require_once('admin-header.php');
6		~~require_once (ABSPATH . WPINC . '/rss.php');~~
7	22
8	23	$today = current_time('mysql', 1);
…	…
11	26	<div class="wrap">
12	27
13		<h2><?php _e('~~Dashboard~~'); ?></h2>
	28	<h2><?php _e('Welcome to WordPress'); ?></h2>
14	29
15	30	<div id="zeitgeist">
16	31	<h2><?php _e('Latest Activity'); ?></h2>
17	32
18		<?php
19		$rss = @fetch_rss('http://feeds.technorati.com/cosmos/rss/?url='. trailingslashit(get_option('siteurl')) .'&partner=wordpress');
20		if ( isset($rss->items) && 0 != count($rss->items) ) {
21		?>
22		<div id="incominglinks">
23		<h3><?php _e('Incoming Links'); ?> <cite><a href="http://www.technorati.com/search/<?php echo trailingslashit(get_option('siteurl')); ?>?partner=wordpress"><?php _e('More'); ?> »</a></cite></h3>
24		<ul>
25		<?php
26		$rss->items = array_slice($rss->items, 0, 10);
27		foreach ($rss->items as $item ) {
28		?>
29		<li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wptexturize(wp_specialchars($item['title'])); ?></a></li>
30		<?php } ?>
31		</ul>
32		</div>
33		<?php } ?>
	33	<div id="incominglinks"></div>
34	34
35	35	<?php
…	…
47	47
48	48	<ul>
49		<?php
	49	<?php
50	50	if ( $comments ) {
51	51	foreach ($comments as $comment) {
52	52	echo '<li>' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="'. get_permalink($comment->comment_post_ID) . '#comment-' . $comment->comment_ID . '">' . get_the_title($comment->comment_post_ID) . '</a>');
53		edit_comment_link(__("Edit"), ' <small>(', ')</small>');
	53	edit_comment_link(__("Edit"), ' <small>(', ')</small>');
54	54	echo '</li>';
55	55	}
…	…
81	81	<?php
82	82	if ( $scheduled = $wpdb->get_results("SELECT ID, post_title, post_date_gmt FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'future' ORDER BY post_date ASC") ) :
83		?>
	83	?>
84	84	<div>
85	85	<h3><?php _e('Scheduled Entries:') ?></h3>
…	…
91	91	echo "<li>" . sprintf(__('%1$s in %2$s'), "<a href='post.php?action=edit&post=$post->ID' title='" . __('Edit this post') . "'>$post->post_title</a>", human_time_diff( current_time('timestamp', 1), strtotime($post->post_date_gmt. ' GMT') )) . "</li>";
92	92	}
93		?>
	93	?>
94	94	</ul>
95	95	</div>
…	…
100	100	<?php
101	101	$numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'publish'");
102		if (0 < $numposts) $numposts = number_format($numposts);
	102	if (0 < $numposts) $numposts = number_format($numposts);
103	103
104	104	$numcomms = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '1'");
…	…
108	108	if (0 < $numcats) $numcats = number_format($numcats);
109	109	?>
110		<p><?php printf(__('There are currently %1$s <a href="%2$s" title="Posts">posts</a> and %3$s <a href="%4$s" title="Comments">comments</a>, contained within %5$s <a href="%6$s" title="categories">categories</a>.'), $numposts, 'edit.php', $numcomms, 'edit-comments.php', $numcats, 'categories.php'); ?></p>
	110	<p><?php
	111	$post_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Posts">post</a>', '%1$s <a href="%2$s" title="Posts">posts</a>', $numposts), $numposts, 'edit.php');
	112	$comm_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Comments">comment</a>', '%1$s <a href="%2$s" title="Comments">comments</a>', $numcomms), $numcomms, 'edit-comments.php');
	113	$cat_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Categories">category</a>', '%1$s <a href="%2$s" title="Categories">categories</a>', $numcats), $numcats, 'categories.php');
	114
	115	printf(__('There are currently %1$s and %2$s, contained within %3$s.'), $post_str, $comm_str, $cat_str); ?></p>
111	116	</div>
112	117
113	118	<?php do_action('activity_box_end'); ?>
114	119	</div>
115
116		~~<h3><?php _e('Welcome to WordPress MU'); ?></h3>~~
117	120
118	121	<p><?php _e('Use these links to get started:'); ?></p>
…	…
131	134	</ul>
132	135	<p><?php _e("Need help with WordPress? Please see our <a href='http://codex.wordpress.org/'>documentation</a> or visit the <a href='http://wordpress.org/support/'>support forums</a>."); ?></p>
133		~~<?php~~
134		~~$rss = @fetch_rss('http://wordpress.org/development/feed/');~~
135		~~if ( isset($rss->items) && 0 != count($rss->items) ) {~~
136		?>
137		~~<div id="devnews">~~
138		~~<h3><?php _e('WordPress Development Blog'); ?></h3>~~
139		~~<?php~~
140		~~$rss->items = array_slice($rss->items, 0, 3);~~
141		~~foreach ($rss->items as $item ) {~~
142		?>
143		<h4><a href='<?php echo wp_filter_kses($item['link']); ?>'><?php echo wp_specialchars($item['title']); ?></a> — <?php printf(__('%s ago'), human_time_diff(strtotime($item['pubdate'], time() ) ) ); ?></h4>
144		~~<p><?php echo $item['description']; ?></p>~~
145		~~<?php~~
146		}
147		}
148		?>
149		~~</div>~~
150	136
151		<?php
152		$rss = @fetch_rss('http://planet.wordpress.org/feed/');
153		if ( isset($rss->items) && 0 != count($rss->items) ) {
154		?>
155		<div id="planetnews">
156		<h3><?php _e('Other WordPress News'); ?></h3>
157		<ul>
158		<?php
159		$rss->items = array_slice($rss->items, 0, 20);
160		foreach ($rss->items as $item ) {
161		$title = wp_specialchars($item['title']);
162		$author = preg_replace( '\|(.+?):.+\|s', '$1', $item['title'] );
163		$post = preg_replace( '\|.+?:(.+)\|s', '$1', $item['title'] );
164		?>
165		<li><a href='<?php echo wp_filter_kses($item['link']); ?>'><span class="post"><?php echo $post; ?></span><span class="hidden"> - </span><cite><?php echo $author; ?></cite></a></li>
166		<?php
167		}
168		?>
169		</ul>
170		<p class="readmore"><a href="http://planet.wordpress.org/"><?php _e('Read more'); ?> »</a></p>
171		</div>
172		<?php
173		}
174		?>
	137	<div id="devnews"></div>
	138
	139	<div id="planetnews"></div>
	140
175	141	<div style="clear: both">
176	142	<br clear="all" />

trunk/wp-admin/link-add.php

r816	r828
29	29	<div id="wp-link-bookmarklet" class="wrap">
30	30	<h3><?php _e('Add Link Bookmarklet'); ?></h3>
31		<p><?php _e('Right click on the following link and choose "Bookmark This Link..." to create an add link shortcut. Right now this only works on Mozilla or Netscape, but we’re working on it.'); ?></p>
	31	<p><?php _e('Right click on the following link and choose "Bookmark This Link..." to create an add link shortcut. Right now this only works on Mozilla or Netscape, but we&8217;re working on it.'); ?></p>
32	32	<?php printf('<p><a href="%s" title="'.__('Link add bookmarklet').'">'.__('Link This').'</a></p>', "javascript:void(linkmanpopup=window.open('" . get_option('siteurl') . "/wp-admin/link-add.php?action=popup&linkurl='+escape(location.href)+'&name='+escape(document.title),'LinkManager','scrollbars=yes,width=750,height=550,left=15,top=15,status=yes,resizable=yes'));linkmanpopup.focus();window.focus();linkmanpopup.focus();") ?>
33	33	</div>

trunk/wp-admin/link-manager.php

r819	r828
66	66	echo '<div style="background-color: rgb(207, 235, 247);" id="message" class="updated fade"><p>';
67	67	$deleted = (int) $_GET['deleted'];
68		printf(__~~('%s links deleted.'~~), $deleted);
	68	printf(__ngettext('%s link deleted.', '%s links deleted', $deleted), $deleted);
69	69	echo '</p></div>';
70	70	}
…	…
117	117	<input type="hidden" name="link_id" value="" />
118	118	<input type="hidden" name="action" value="" />
119		<input type="hidden" name="order_by" value="<?php echo ~~wp_specialchars($order_by, 1~~); ?>" />
	119	<input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
120	120	<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
121	121	<table class="widefat">
…	…
131	131	<?php
132	132	foreach ($links as $link) {
133		$link->link_name = ~~wp_specialchars~~($link->link_name);
	133