return;
if ( ! $user = wp_validate_auth_cookie() ) {
- if ( empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
+ if ( is_admin() || empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
wp_set_current_user(0);
return false;
}
return false;
}
+ if ( $expiration < time() ) // AJAX/POST grace period set above
+ $GLOBALS['login_grace_period'] = 1;
+
do_action('auth_cookie_valid', $cookie_elements, $user);
return $user->ID;
}
}
- if ( $user_id = wp_validate_auth_cookie() ) {
+ if ( $user_id = wp_validate_auth_cookie( '', apply_filters( 'auth_redirect_scheme', '' ) ) ) {
do_action('auth_redirect', $user_id);
// If the user wants ssl but the session is not ssl, redirect.
if ( $query_arg )
$nonce = $_REQUEST[$query_arg];
else
- $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
+ $nonce = isset($_REQUEST['_ajax_nonce']) ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
$result = wp_verify_nonce( $nonce, $action );
} else {
if ( php_sapi_name() != 'cgi-fcgi' )
status_header($status); // This causes problems on IIS and some FastCGI setups
- header("Location: $location");
+ header("Location: $location", true, $status);
}
}
endif;
if ('' == $user->user_email) return false; // If there's no email to send the comment to
$comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
-
- $blogname = get_option('blogname');
+
+ // The blogname option is escaped with esc_html on the way into the database in sanitize_option
+ // we want to reverse this for the plain text arena of emails.
+ $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
if ( empty( $comment_type ) ) $comment_type = 'comment';
$notify_message .= sprintf( __('URL : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n";
- /* translators: 1: blog name, 2: post title */
+ /* translators: 1: blog name, 2: post title */
$subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title );
} elseif ('pingback' == $comment_type) {
/* translators: 1: post id, 2: post title */
$subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );
}
$notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
- $notify_message .= sprintf( __('Delete it: %s'), admin_url("comment.php?action=cdc&c=$comment_id") ) . "\r\n";
- $notify_message .= sprintf( __('Spam it: %s'), admin_url("comment.php?action=cdc&dt=spam&c=$comment_id") ) . "\r\n";
+ if ( EMPTY_TRASH_DAYS )
+ $notify_message .= sprintf( __('Trash it: %s'), admin_url("comment.php?action=trash&c=$comment_id") ) . "\r\n";
+ else
+ $notify_message .= sprintf( __('Delete it: %s'), admin_url("comment.php?action=delete&c=$comment_id") ) . "\r\n";
+ $notify_message .= sprintf( __('Spam it: %s'), admin_url("comment.php?action=spam&c=$comment_id") ) . "\r\n";
$wp_email = 'wordpress@' . preg_replace('#^www\.#', '', strtolower($_SERVER['SERVER_NAME']));
$comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
-
+
+ // The blogname option is escaped with esc_html on the way into the database in sanitize_option
+ // we want to reverse this for the plain text arena of emails.
+ $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
+
switch ($comment->comment_type)
{
case 'trackback':
break;
}
- $notify_message .= sprintf( __('Approve it: %s'), admin_url("comment.php?action=mac&c=$comment_id") ) . "\r\n";
- $notify_message .= sprintf( __('Delete it: %s'), admin_url("comment.php?action=cdc&c=$comment_id") ) . "\r\n";
- $notify_message .= sprintf( __('Spam it: %s'), admin_url("comment.php?action=cdc&dt=spam&c=$comment_id") ) . "\r\n";
+ $notify_message .= sprintf( __('Approve it: %s'), admin_url("comment.php?action=approve&c=$comment_id") ) . "\r\n";
+ if ( EMPTY_TRASH_DAYS )
+ $notify_message .= sprintf( __('Trash it: %s'), admin_url("comment.php?action=trash&c=$comment_id") ) . "\r\n";
+ else
+ $notify_message .= sprintf( __('Delete it: %s'), admin_url("comment.php?action=delete&c=$comment_id") ) . "\r\n";
+ $notify_message .= sprintf( __('Spam it: %s'), admin_url("comment.php?action=spam&c=$comment_id") ) . "\r\n";
$notify_message .= sprintf( _n('Currently %s comment is waiting for approval. Please visit the moderation panel:',
'Currently %s comments are waiting for approval. Please visit the moderation panel:', $comments_waiting), number_format_i18n($comments_waiting) ) . "\r\n";
$notify_message .= admin_url("edit-comments.php?comment_status=moderated") . "\r\n";
- $subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_option('blogname'), $post->post_title );
+ $subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), $blogname, $post->post_title );
$admin_email = get_option('admin_email');
$message_headers = '';
// but check to see if it's the admin whose password we're changing, and skip this
if ( $user->user_email != get_option('admin_email') ) {
$message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n";
- wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), get_option('blogname')), $message);
+ // The blogname option is escaped with esc_html on the way into the database in sanitize_option
+ // we want to reverse this for the plain text arena of emails.
+ $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
+ wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), $blogname), $message);
}
}
endif;
$user_login = stripslashes($user->user_login);
$user_email = stripslashes($user->user_email);
+
+ // The blogname option is escaped with esc_html on the way into the database in sanitize_option
+ // we want to reverse this for the plain text arena of emails.
+ $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
- $message = sprintf(__('New user registration on your blog %s:'), get_option('blogname')) . "\r\n\r\n";
+ $message = sprintf(__('New user registration on your blog %s:'), $blogname) . "\r\n\r\n";
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
$message .= sprintf(__('E-mail: %s'), $user_email) . "\r\n";
- @wp_mail(get_option('admin_email'), sprintf(__('[%s] New User Registration'), get_option('blogname')), $message);
+ @wp_mail(get_option('admin_email'), sprintf(__('[%s] New User Registration'), $blogname), $message);
if ( empty($plaintext_pass) )
return;
$message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n";
$message .= wp_login_url() . "\r\n";
- wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_option('blogname')), $message);
+ wp_mail($user_email, sprintf(__('[%s] Your username and password'), $blogname), $message);
}
endif;
}
endif;
-?>