Navigation

← Previous Changeset
Next Changeset →

Changeset 920

Timestamp:

03/19/07 13:04:29 (2 years ago)

Author:

donncha

Message:

WP Merge to rev 5061

Files:

trunk/wp-admin/admin-functions.php (modified) (7 diffs)
trunk/wp-admin/admin-header.php (modified) (1 diff)
trunk/wp-admin/bookmarklet.php (modified) (1 diff)
trunk/wp-admin/categories.php (modified) (1 diff)
trunk/wp-admin/edit-comments.php (modified) (6 diffs)
trunk/wp-admin/edit-form-advanced.php (modified) (1 diff)
trunk/wp-admin/edit-page-form.php (modified) (1 diff)
trunk/wp-admin/import/b2.php (deleted)
trunk/wp-admin/import/blogger.php (modified) (4 diffs)
trunk/wp-admin/link-manager.php (modified) (1 diff)
trunk/wp-admin/options-head.php (modified) (1 diff)
trunk/wp-admin/page.php (modified) (1 diff)
trunk/wp-admin/post.php (modified) (1 diff)
trunk/wp-admin/upgrade.php (modified) (2 diffs)
trunk/wp-admin/upload-functions.php (modified) (2 diffs)
trunk/wp-admin/upload.php (modified) (1 diff)
trunk/wp-admin/user-edit.php (modified) (1 diff)
trunk/wp-comments-post.php (modified) (1 diff)
trunk/wp-includes/bookmark-template.php (modified) (2 diffs)
trunk/wp-includes/classes.php (modified) (1 diff)
trunk/wp-includes/comment-template.php (modified) (1 diff)
trunk/wp-includes/comment.php (modified) (1 diff)
trunk/wp-includes/default-filters.php (modified) (1 diff)
trunk/wp-includes/functions.php (modified) (4 diffs)
trunk/wp-includes/general-template.php (modified) (5 diffs)
trunk/wp-includes/link-template.php (modified) (5 diffs)
trunk/wp-includes/post-template.php (modified) (1 diff)
trunk/wp-includes/script-loader.php (modified) (1 diff)
trunk/wp-includes/user.php (modified) (1 diff)
trunk/xmlrpc.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/wp-admin/admin-functions.php

r915	r920
371	371	$text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
372	372	$text = funky_javascript_fix( $text);
373		$popupurl = ~~attribute_escape~~($_REQUEST['popupurl']);
	373	$popupurl = clean_url($_REQUEST['popupurl']);
374	374	$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
375	375	}
…	…
430	430	$user->user_login = attribute_escape($user->user_login);
431	431	$user->user_email = attribute_escape($user->user_email);
432		$user->user_url = ~~attribute_escape~~($user->user_url);
	432	$user->user_url = clean_url($user->user_url);
433	433	$user->first_name = attribute_escape($user->first_name);
434	434	$user->last_name = attribute_escape($user->last_name);
…	…
575	575	$link = get_link( $link_id );
576	576
577		$link->link_url = ~~attribute_escape~~($link->link_url);
	577	$link->link_url = clean_url($link->link_url);
578	578	$link->link_name = attribute_escape($link->link_name);
579	579	$link->link_image = attribute_escape($link->link_image);
580	580	$link->link_description = attribute_escape($link->link_description);
581		$link->link_rss = ~~attribute_escape~~($link->link_rss);
	581	$link->link_rss = clean_url($link->link_rss);
582	582	$link->link_rel = attribute_escape($link->link_rel);
583	583	$link->link_notes = wp_specialchars($link->link_notes);
…	…
589	589	function get_default_link_to_edit() {
590	590	if ( isset( $_GET['linkurl'] ) )
591		$link->link_url = ~~attribute_escape~~( $_GET['linkurl']);
	591	$link->link_url = clean_url( $_GET['linkurl']);
592	592	else
593	593	$link->link_url = '';
…	…
808	808
809	809	if ( ($category->cat_ID != $default_cat_id ) && ($category->cat_ID != $default_link_cat_id ) )
810		$edit .= "<td><a href='" . wp_nonce_url( "categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . js_escape(sprintf( __("You are about to delete the category '%s'.\nAll ~~of its posts will go into the default category of '%s'\nAll of its bookmarks will go into the default category of '%s'~~.\n'OK' to delete, 'Cancel' to stop." ), $category->cat_name, get_catname( $default_cat_id ), get_catname( $default_link_cat_id ) )) . "' );\" class='delete'>".__( 'Delete' )."</a>";
	810	$edit .= "<td><a href='" . wp_nonce_url( "categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . js_escape(sprintf( __("You are about to delete the category '%s'.\nAll posts that were only assigned to this category will be assigned to the '%s' category.\nAll links that were only assigned to this category will be assigned to the '%s' category.\n'OK' to delete, 'Cancel' to stop." ), $category->cat_name, get_catname( $default_cat_id ), get_catname( $default_link_cat_id ) )) . "' );\" class='delete'>".__( 'Delete' )."</a>";
811	811	else
812	812	$edit .= "<td style='text-align:center'>".__( "Default" );
…	…
892	892	$r .= "</td>\n\t\t<td>";
893	893	if ( ( is_site_admin() \|\| $current_user->ID == $user_object->ID ) && current_user_can( 'edit_user', $user_object->ID ) ) {
894		$edit_link = ~~attribute_escape~~( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
	894	$edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
895	895	$r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>";
896	896	}
…	…
2101	2101	}
2102	2102
2103		imageantialias( $dst, true );
	2103	if (function_exists('imageantialias'))
	2104	imageantialias( $dst, true );
	2105
2104	2106	imagecopyresampled( $dst, $src, 0, 0, $src_x, $src_y, $dst_w, $dst_h, $src_w, $src_h );
2105	2107

trunk/wp-admin/admin-header.php

r909	r920
3	3	if (!isset($_GET["page"])) require_once('admin.php');
4	4	if ( $editing ) {
5		wp_enqueue_script( array(~~"dbx-admin-key?pagenow=$pagenow"~~,'admin-custom-fields') );
	5	wp_enqueue_script( array('dbx-admin-key?pagenow=' . attribute_escape($pagenow),'admin-custom-fields') );
6	6	if ( current_user_can('manage_categories') )
7	7	wp_enqueue_script( 'ajaxcat' );

trunk/wp-admin/bookmarklet.php

r828	r920
38	38
39	39	$content = wp_specialchars($_REQUEST['content']);
40		$popupurl = ~~attribute_escape~~($_REQUEST['popupurl']);
	40	$popupurl = clean_url($_REQUEST['popupurl']);
41	41	if ( !empty($content) ) {
42	42	$post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );

trunk/wp-admin/categories.php

r915	r920
115	115	<?php if ( current_user_can('manage_categories') ) : ?>
116	116	<div class="wrap">
117		<p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete the posts and links in that category. ~~Instead, posts in the deleted category are set to the category <strong>%s</strong> and links~~ are set to <strong>%s</strong>.'), apply_filters('the_category', get_catname(get_option('default_category'))), apply_filters('the_category', get_catname(get_option('default_link_category')))) ?></p>
	117	<p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete the posts and links in that category. Instead, posts that were only assigned to the deleted category are set to the category <strong>%s</strong> and links that were only assigned to the deleted category are set to <strong>%s</strong>.'), apply_filters('the_category', get_catname(get_option('default_category'))), apply_filters('the_category', get_catname(get_option('default_link_category')))) ?></p>
118	118	</div>
119	119

trunk/wp-admin/edit-comments.php

r915	r920
102	102	if ( 1 < $page ) {
103	103	$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
104		$r .= '<a class="prev" href="' . ~~attribute_escape~~(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";
	104	$r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";
105	105	}
106	106	if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
…	…
112	112	if ( $page_num < 3 \|\| ( $page_num >= $page - 3 && $page_num <= $page + 3 ) \|\| $page_num > $total_pages - 3 ) :
113	113	$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
114		$r .= '<a class="page-numbers" href="' . ~~attribute_escape~~(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
	114	$r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
115	115	$in = true;
116	116	elseif ( $in == true ) :
…	…
123	123	if ( ( $page ) * 20 < $total \|\| -1 == $total ) {
124	124	$args['apage'] = $page + 1;
125		$r .= '<a class="next" href="' . ~~attribute_escape~~(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";
	125	$r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";
126	126	}
127	127	echo "<p class='pagenav'>$r</p>";
…	…
249	249	if ( 1 < $page ) {
250	250	$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
251		$r .= '<a class="prev" href="' . ~~attribute_escape~~(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";
	251	$r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";
252	252	}
253	253	if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
…	…
259	259	if ( $page_num < 3 \|\| ( $page_num >= $page - 3 && $page_num <= $page + 3 ) \|\| $page_num > $total_pages - 3 ) :
260	260	$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
261		$r .= '<a class="page-numbers" href="' . ~~attribute_escape~~(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
	261	$r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
262	262	$in = true;
263	263	elseif ( $in == true ) :
…	…
270	270	if ( ( $page ) * 20 < $total \|\| -1 == $total ) {
271	271	$args['apage'] = $page + 1;
272		$r .= '<a class="next" href="' . ~~attribute_escape~~(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";
	272	$r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";
273	273	}
274	274	echo "<p class='pagenav'>$r</p>";

trunk/wp-admin/edit-form-advanced.php

r909	r920
169	169	<input name="referredby" type="hidden" id="referredby" value="<?php
170	170	if ( !empty($_REQUEST['popupurl']) )
171		echo ~~attribute_escape~~(stripslashes($_REQUEST['popupurl']));
	171	echo clean_url(stripslashes($_REQUEST['popupurl']));
172	172	else if ( url_to_postid(wp_get_referer()) == $post_ID )
173	173	echo 'redo';
174	174	else
175		echo ~~attribute_escape~~(stripslashes(wp_get_referer()));
	175	echo clean_url(stripslashes(wp_get_referer()));
176	176	?>" /></p>
177	177

trunk/wp-admin/edit-page-form.php

r865	r920
14	14	}
15	15
16		$sendto = ~~attribute_escape~~(stripslashes(wp_get_referer()));
	16	$sendto = clean_url(stripslashes(wp_get_referer()));
17	17
18	18	if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )

trunk/wp-admin/import/blogger.php

r909	r920
85	85	$headers = array(
86	86	"GET /feeds/default/blogs HTTP/1.0",
87		"Host: www.blogger.com",
	87	"Host: www2.blogger.com",
88	88	"Authorization: AuthSub token=\"$this->token\""
89	89	);
…	…
548	548
549	549	$comment_post_ID = $this->blogs[$importing_blog]['posts'][$entry->old_post_permalink];
550		$comment_author = addslashes( $this->no_apos( strip_tags( $entry->author ) ) );
	550	preg_match('#<name>(.+?)</name>.*(?:\<uri>(.+?)</uri>)?#', $entry->author, $matches);
	551	$comment_author = addslashes( $this->no_apos( strip_tags( (string) $matches[1] ) ) );
	552	$comment_author_url = addslashes( $this->no_apos( strip_tags( (string) $matches[2] ) ) );
551	553	$comment_date = $this->convert_date( $entry->updated );
552	554	$comment_content = addslashes( $this->no_apos( html_entity_decode( $entry->content ) ) );
…	…
564	566	++$this->blogs[$importing_blog]['comments_skipped'];
565	567	} else {
566		$comment = compact('comment_post_ID', 'comment_author', 'comment_date', 'comment_content');
	568	$comment = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_date', 'comment_content');
567	569
568	570	$comment_id = wp_insert_comment($comment);
…	…
673	675	}
674	676
675		function _get_blogger_sock($host = 'www.blogger.com') {
	677	function _get_blogger_sock($host = 'www2.blogger.com') {
676	678	if ( !$sock = @ fsockopen($host, 80, $errno, $errstr) ) {
677	679	$this->uh_oh(

trunk/wp-admin/link-manager.php

r915	r920
134	134	$link->link_name = attribute_escape(apply_filters('link_title', $link->link_name));
135	135	$link->link_description = wp_specialchars(apply_filters('link_description', $link->link_description));
136		$link->link_url = ~~attribute_escape~~($link->link_url);
	136	$link->link_url = clean_url($link->link_url);
137	137	$link->link_category = wp_get_link_cats($link->link_id);
138	138	$short_url = str_replace('http://', '', $link->link_url);

trunk/wp-admin/options-head.php

r636	r920
1	1	<?php wp_reset_vars(array('action', 'standalone', 'option_group_id')); ?>
2
3		~~<br clear="all" />~~
4	2
5	3	<?php if (isset($_GET['updated'])) : ?>

trunk/wp-admin/page.php

r909	r920
66	66	<div id='preview' class='wrap'>
67	67	<h2 id="preview-post"><?php _e('Page Preview (updated when page is saved)'); ?></h2>
68		<iframe src="<?php echo ~~attribute_escape~~(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
	68	<iframe src="<?php echo clean_url(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
69	69	</div>
70	70	<?php

trunk/wp-admin/post.php

r909	r920
70	70	<div id='preview' class='wrap'>
71	71	<h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?></h2>
72		<iframe src="<?php echo ~~attribute_escape~~(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
	72	<iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
73	73	</div>
74	74	<?php

trunk/wp-admin/upgrade.php

r888	r920
36	36	switch($step) :
37	37	case 0:
38		$goback = ~~attribute_escape~~(stripslashes(wp_get_referer()));
	38	$goback = clean_url(stripslashes(wp_get_referer()));
39	39	?>
40	40	<h2><?php _e('Database Upgrade Required'); ?></h2>
…	…
50	50	$backto = __get_option('home') . '/';
51	51	else
52		$backto = ~~attribute_escape~~(stripslashes($_GET['backto']));
	52	$backto = clean_url(stripslashes($_GET['backto']));
53	53	if( $wpdb->get_row( "SELECT blog_id FROM wp_blog_versions WHERE blog_id = '{$wpdb->blogid}'" ) ) {
54	54	$wpdb->query( "UPDATE wp_blog_versions SET db_version = '{$wp_db_version}' WHERE blog_id = '{$wpdb->blogid}'" );

trunk/wp-admin/upload-functions.php

r909	r920
84	84	echo '<a href="' . get_permalink() . '">' . __('view') . '</a>';
85	85	echo ' \| ';
86		echo '<a href="' . ~~attribute_escape~~(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>';
	86	echo '<a href="' . clean_url(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>';
87	87	echo ' \| ';
88		echo '<a href="' . ~~attribute_escape~~(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';
	88	echo '<a href="' . clean_url(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';
89	89	echo ' ]'; ?></span>
90	90	</div>
…	…
124	124	echo '<a href="' . get_permalink() . '">' . __('view') . '</a>';
125	125	echo ' \| ';
126		echo '<a href="' . ~~attribute_escape~~(add_query_arg('action', 'view')) . '">' . __('links') . '</a>';
	126	echo '<a href="' . clean_url(add_query_arg('action', 'view')) . '">' . __('links') . '</a>';
127	127	echo ' \| ';
128		echo '<a href="' . ~~attribute_escape~~(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';
	128	echo '<a href="' . clean_url(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';
129	129	echo ' ]'; ?></span>
130	130	</div>

trunk/wp-admin/upload.php

r835	r920
91	91	if ( isset($tab_array[4]) && is_array($tab_array[4]) )
92	92	add_query_arg( $tab_array[4], $href );
93		$_href = ~~attribute_escape~~( $href);
	93	$_href = clean_url( $href);
94	94	$page_links = '';
95	95	$class = 'upload-tab alignleft';

trunk/wp-admin/user-edit.php

r850	r920
62	62	<p><strong><?php _e('User updated.') ?></strong></p>
63	63	<?php if ( $wp_http_referer ) : ?>
64		<p><a href="<?php echo ~~attribute_escape~~($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p>
	64	<p><a href="<?php echo clean_url($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p>
65	65	<?php endif; ?>
66	66	</div>

trunk/wp-comments-post.php

r900	r920
26	26	// If the user is logged in
27	27	$user = wp_get_current_user();
28		if ( $user->ID ) :
	28	if ( $user->ID ) {
29	29	$comment_author = $wpdb->escape($user->display_name);
30	30	$comment_author_email = $wpdb->escape($user->user_email);
31	31	$comment_author_url = $wpdb->escape($user->user_url);
32		else :
	32	if ( current_user_can('unfiltered_html') ) {
	33	if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
	34	kses_remove_filters(); // start with a clean slate
	35	kses_init_filters(); // set up the filters
	36	}
	37	}
	38	} else {
33	39	if ( get_option('comment_registration') )
34	40	wp_die( __('Sorry, you must be logged in to post a comment.') );
35		endif;
	41	}
36	42
37	43	$comment_type = '';

trunk/wp-includes/bookmark-template.php

r915	r920
97	97	$the_link = '#';
98	98	if ( !empty($row->link_url) )
99		$the_link = ~~wp_specialchars~~($row->link_url);
	99	$the_link = clean_url($row->link_url);
100	100	$rel = $row->link_rel;
101	101	if ( '' != $rel )
…	…
261	261	$the_link = '#';
262	262	if ( !empty($bookmark->link_url) )
263		$the_link = ~~wp_specialchars~~($bookmark->link_url);
	263	$the_link = clean_url($bookmark->link_url);
264	264
265	265	$rel = $bookmark->link_rel;

trunk/wp-includes/classes.php

r918	r920
150	150	$this->query_vars[$wpvar] = $perma_query_vars[$wpvar];
151	151
152		if~~( empty( $this->query_vars[$wpvar] ) == false~~ )
	152	if ( !empty( $this->query_vars[$wpvar] ) )
153	153	$this->query_vars[$wpvar] = (string) $this->query_vars[$wpvar];
154	154	}

trunk/wp-includes/comment-template.php

r915	r920
272	272	}
273	273
	274	function wp_comment_form_unfiltered_html_nonce() {
	275	global $post;
	276	if ( current_user_can('unfiltered_html') )
	277	wp_nonce_field('unfiltered-html-comment_' . $post->ID, '_wp_unfiltered_html_comment', false);
	278	}
	279
274	280	function comments_template( $file = '/comments.php' ) {
275	281	global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;

trunk/wp-includes/comment.php

r835	r920
170	170	$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
171	171	$comment_author_url = stripslashes($comment_author_url);
172		$comment_author_url = ~~attribute_escape~~($comment_author_url);
	172	$comment_author_url = clean_url($comment_author_url);
173	173	$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
174	174	}

trunk/wp-includes/default-filters.php

r916	r920
31	31	add_filter('pre_comment_author_email', 'wp_filter_kses');
32	32	add_filter('pre_comment_author_url', 'wp_filter_kses');
	33
	34	add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce');
33	35
34	36	// Default filters for these functions

trunk/wp-includes/functions.php

r916	r920
1020	1020	}
1021	1021
1022		function wp_nonce_field($action = -1) {
1023		echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
1024		wp_referer_field();
	1022	function wp_nonce_field($action = -1, $name = "_wpnonce", $referer = true) {
	1023	$name = attribute_escape($name);
	1024	echo '<input type="hidden" name="' . $name . '" value="' . wp_create_nonce($action) . '" />';
	1025	if ( $referer )
	1026	wp_referer_field();
1025	1027	}
1026	1028
…	…
1290	1292	$adminurl = get_option('siteurl') . '/wp-admin';
1291	1293	if ( wp_get_referer() )
1292		$adminurl = ~~attribute_escape~~(wp_get_referer());
	1294	$adminurl = clean_url(wp_get_referer());
1293	1295
1294	1296	$title = __('WordPress Confirmation');
…	…
1298	1300	$q = http_build_query($_POST);
1299	1301	$q = explode( ini_get('arg_separator.output'), $q);
1300		$html .= "\t<form method='post' action='~~$pagenow~~'>\n";
	1302	$html .= "\t<form method='post' action='" . attribute_escape($pagenow) . "'>\n";
1301	1303	foreach ( (array) $q as $a ) {
1302	1304	$v = substr(strstr($a, '='), 1);
…	…
1307	1309	$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
1308	1310	} else {
1309		$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . ~~attribute_escape~~(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
	1311	$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
1310	1312	}
1311	1313	$html .= "</body>\n</html>";

trunk/wp-includes/general-template.php

r915	r920
298	298	$text = wptexturize($text);
299	299	$title_text = attribute_escape($text);
	300	$url = clean_url($url);
300	301
301	302	if ('link' == $format)
…	…
416	417	} elseif ( ( 'postbypost' == $type ) \|\| ('alpha' == $type) ) {
417	418	('alpha' == $type) ? $orderby = "post_title ASC " : $orderby = "post_date DESC ";
418		$arcresults = $wpdb->get_results("SELECT * FROM $wpdb->posts $join $where $orderby $limit");
	419	$arcresults = $wpdb->get_results("SELECT * FROM $wpdb->posts $join $where ORDER BY $orderby $limit");
419	420	if ( $arcresults ) {
420	421	foreach ( $arcresults as $arcresult ) {
…	…
987	988	if ( $add_args )
988	989	$link = add_query_arg( $add_args, $link );
989		$page_links[] = "<a class='prev page-numbers' href='" . ~~attribute_escape~~($link) . "'>$prev_text</a>";
	990	$page_links[] = "<a class='prev page-numbers' href='" . clean_url($link) . "'>$prev_text</a>";
990	991	endif;
991	992	for ( $n = 1; $n <= $total; $n++ ) :
…	…
999	1000	if ( $add_args )
1000	1001	$link = add_query_arg( $add_args, $link );
1001		$page_links[] = "<a class='page-numbers' href='" . ~~attribute_escape~~($link) . "'>$n</a>";
	1002	$page_links[] = "<a class='page-numbers' href='" . clean_url($link) . "'>$n</a>";
1002	1003	$dots = true;
1003	1004	elseif ( $dots && !$show_all ) :
…	…
1012	1013	if ( $add_args )
1013	1014	$link = add_query_arg( $add_args, $link );
1014		$page_links[] = "<a class='next page-numbers' href='" . ~~attribute_escape~~($link) . "'>$next_text</a>";
	1015	$page_links[] = "<a class='next page-numbers' href='" . clean_url($link) . "'>$next_text</a>";
1015	1016	endif;
1016	1017	switch ( $type ) :

trunk/wp-includes/link-template.php

r915	r920
423	423	global $wp_rewrite;
424	424
425		$qstr = ~~wp_specialchars($_SERVER['REQUEST_URI'])~~;
	425	$qstr = $_SERVER['REQUEST_URI'];
426	426
427	427	$page_querystring = "paged";
…	…
491	491	}
492	492
493		function ~~next_posts($max_page = 0) { // original by cfactor at cooltux.org~~
	493	function get_next_posts_page_link($max_page = 0) {
494	494	global $paged, $pagenow;
495	495
…	…
499	499	$nextpage = intval($paged) + 1;
500	500	if ( !$max_page \|\| $max_page >= $nextpage )
501		echo get_pagenum_link($nextpage);
502		}
	501	return get_pagenum_link($nextpage);
	502	}
	503	}
	504
	505	function next_posts($max_page = 0) {
	506	echo clean_url(get_next_posts_page_link($max_page));
503	507	}
504	508
…	…
518	522	}
519	523
520
521		function previous_posts() { // original by cfactor at cooltux.org
	524	function get_previous_posts_page_link() {
522	525	global $paged, $pagenow;
523	526
…	…
526	529	if ( $nextpage < 1 )
527	530	$nextpage = 1;
528		echo get_pagenum_link($nextpage);
529		}
530		}
531
	531	return get_pagenum_link($nextpage);
	532	}
	533	}
	534
	535	function previous_posts() {
	536	echo clean_url(get_previous_posts_page_link());
	537	}
532	538
533	539	function previous_posts_link($label='« Previous Page') {

trunk/wp-includes/post-template.php

r915	r920
282	282
283	283	$defaults = array('depth' => 0, 'show_date' => '', 'date_format' => get_option('date_format'),
284		'child_of' => 0, 'exclude' => '', 'title_li' => __('Pages'), 'echo' => 1, 'authors' => '');
	284	'child_of' => 0, 'exclude' => '', 'title_li' => __('Pages'), 'echo' => 1, 'authors' => '', 'sort_column' => 'menu_order, post_title');
285	285	$r = array_merge($defaults, $r);
286	286

trunk/wp-includes/script-loader.php

r909	r920
151	151	$src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src;
152	152	$src = add_query_arg('ver', $ver, $src);
153		$src = ~~attribute_escape~~(apply_filters( 'script_loader_src', $src ));
	153	$src = clean_url(apply_filters( 'script_loader_src', $src ));
154	154	echo "<script type='text/javascript' src='$src'></script>\n";
155	155	$this->print_scripts_l10n( $handle );

trunk/wp-includes/user.php

r876	r920
10	10	function get_usernumposts($userid) {
11	11	global $wpdb;
	12	$userid = (int) $userid;
12	13	return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$userid' AND post_type = 'post' AND post_status = 'publish'");
13	14	}

trunk/xmlrpc.php

r915	r920
1429	1429	$upload = wp_upload_bits($name, $type, $bits, $overwrite);
1430	1430	if ( ! empty($upload['error']) ) {
1431		logIO('O', '(MW) Could not write file '.$name);
1432		return new IXR_Error(500, 'Could not write file '.$name);
	1431	$errorString = 'Could not write file ' . $name . ' (' . $upload['error'] . ')';
	1432	logIO('O', '(MW) ' . $errorString);
	1433	return new IXR_Error(500, $errorString);
1433	1434	}
1434	1435	// Construct the attachment array

Navigation

Changeset 920

Legend:

Download in other formats: