$post->post_title = format_to_edit($post->post_title);
$post->post_title = apply_filters('title_edit_pre', $post->post_title);
+ $post->post_password = format_to_edit($post->post_password);
+
if ($post->post_status == 'static')
$post->page_template = get_post_meta($id, '_wp_page_template', true);
else if ( !empty($post_title) ) {
$text = wp_specialchars(stripslashes(urldecode($_REQUEST['text'])));
$text = funky_javascript_fix($text);
- $popupurl = wp_specialchars($_REQUEST['popupurl']);
+ $popupurl = clean_url(stripslashes($_REQUEST['popupurl']));
$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
}
$comment = get_comment($id);
- $comment->comment_content = format_to_edit($comment->comment_content, $richedit);
+ $comment->comment_ID = (int) $comment->comment_ID;
+ $comment->comment_post_ID = (int) $comment->comment_post_ID;
+
+ $comment->comment_content = format_to_edit($comment->comment_content);
$comment->comment_content = apply_filters('comment_edit_pre', $comment->comment_content);
$comment->comment_author = format_to_edit($comment->comment_author);
$comment->comment_author_email = format_to_edit($comment->comment_author_email);
+ $comment->comment_author_url = clean_url($comment->comment_author_url);
$comment->comment_author_url = format_to_edit($comment->comment_author_url);
return $comment;
return $category;
}
+function get_user_to_edit($user_id) {
+ $user = new WP_User($user_id);
+ $user->user_login = attribute_escape($user->user_login);
+ $user->user_email = attribute_escape($user->user_email);
+ $user->user_url = clean_url($user->user_url);
+ $user->first_name = attribute_escape($user->first_name);
+ $user->last_name = attribute_escape($user->last_name);
+ $user->display_name = attribute_escape($user->display_name);
+ $user->nickname = attribute_escape($user->nickname);
+ $user->aim = attribute_escape($user->aim);
+ $user->yim = attribute_escape($user->yim);
+ $user->jabber = attribute_escape($user->jabber);
+ $user->description = wp_specialchars($user->description);
+
+ return $user;
+}
+
// Creates a new user from the "Users" form using $_POST information.
function add_user() {
if ($user_id != 0) {
$update = true;
- $user->ID = $user_id;
+ $user->ID = (int) $user_id;
$userdata = get_userdata($user_id);
$user->user_login = $wpdb->escape($userdata->user_login);
} else {
if (isset ($_POST['pass2']))
$pass2 = $_POST['pass2'];
- if (isset ($_POST['role'])) {
+ if (isset ($_POST['role']) && current_user_can('edit_users')) {
if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
$user->role = $_POST['role'];
}
if (isset ($_POST['email']))
$user->user_email = wp_specialchars(trim($_POST['email']));
if (isset ($_POST['url'])) {
- $user->user_url = wp_specialchars(trim($_POST['url']));
+ $user->user_url = clean_url(trim($_POST['url']));
$user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
}
if (isset ($_POST['first_name']))
if (isset ($_POST['display_name']))
$user->display_name = wp_specialchars(trim($_POST['display_name']));
if (isset ($_POST['description']))
- $user->description = wp_specialchars(trim($_POST['description']));
+ $user->description = trim($_POST['description']);
if (isset ($_POST['jabber']))
$user->jabber = wp_specialchars(trim($_POST['jabber']));
if (isset ($_POST['aim']))
function get_link_to_edit($link_id) {
$link = get_link($link_id);
-
- $link->link_url = wp_specialchars($link->link_url, 1);
- $link->link_name = wp_specialchars($link->link_name, 1);
- $link->link_description = wp_specialchars($link->link_description);
- $link->link_notes = wp_specialchars($link->link_notes);
- $link->link_rss = wp_specialchars($link->link_rss);
-
+
+ $link->link_url = clean_url($link->link_url);
+ $link->link_name = attribute_escape($link->link_name);
+ $link->link_image = attribute_escape($link->link_image);
+ $link->link_description = attribute_escape($link->link_description);
+ $link->link_rss = clean_url($link->link_rss);
+ $link->link_rel = attribute_escape($link->link_rel);
+ $link->link_notes = wp_specialchars($link->link_notes);
+ $link->post_category = $link->link_category;
+
return $link;
}
function get_default_link_to_edit() {
if ( isset($_GET['linkurl']) )
- $link->link_url = wp_specialchars($_GET['linkurl'], 1);
+ $link->link_url = clean_url($_GET['linkurl']);
else
$link->link_url = '';
if ( isset($_GET['name']) )
- $link->link_name = wp_specialchars($_GET['name'], 1);
+ $link->link_name = attribute_escape($_GET['name']);
else
$link->link_name = '';
die(__("Cheatin' uh ?"));
$_POST['link_url'] = wp_specialchars($_POST['link_url']);
- $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
+ $_POST['link_url'] = clean_url($_POST['link_url']);
$_POST['link_name'] = wp_specialchars($_POST['link_name']);
$_POST['link_image'] = wp_specialchars($_POST['link_image']);
- $_POST['link_rss'] = wp_specialchars($_POST['link_rss']);
+ $_POST['link_rss'] = clean_url($_POST['link_rss']);
$auto_toggle = get_autotoggle($_POST['link_category']);
// if we are in an auto toggle category and this one is visible then we
function return_categories_list($parent = 0) {
global $wpdb;
- return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC LIMIT 100");
+ return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC");
}
function sort_cats($cat1, $cat2) {
if ( current_user_can('manage_categories') ) {
$edit = "<a href='categories.php?action=edit&cat_ID=$category->cat_ID' class='edit'>".__('Edit')."</a></td>";
$default_cat_id = get_option('default_category');
-
+
if ($category->cat_ID != $default_cat_id)
- $edit .= "<td><a href='categories.php?action=delete&cat_ID=$category->cat_ID' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '".sprintf(__("You are about to delete the category "%s". All of its posts will go to the default category.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."</a>";
+ $edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s". All of its posts will go to the default category.\\n"OK" to delete, "Cancel" to stop."), js_escape($category->cat_name))."' );\" class='delete'>".__('Delete')."</a>";
else
$edit .= "<td style='text-align:center'>".__("Default");
}
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
- <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
+ <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
</tr>
<?php
$style = '';
if ('_' == $entry['meta_key'] { 0 })
$style .= ' hidden';
+
+ if ( is_serialized($entry['meta_value']) ) {
+ if ( is_serialized_string($entry['meta_value']) ) {
+ // this is a serialized string, so we should display it
+ $entry['meta_value'] = maybe_unserialize($entry['meta_value']);
+ } else {
+ // this is a serialized array/object so we should NOT display it
+ --$count;
+ continue;
+ }
+ }
+
+ $entry['meta_key'] = attribute_escape( $entry['meta_key']);
+ $entry['meta_value'] = attribute_escape( $entry['meta_value']);
+ $entry['meta_id'] = (int) $entry['meta_id'];
echo "
<tr class='$style'>
<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>
<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>
- <td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".__('Update')."' /><br />
- <input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='".__('Delete')."' /></td>
+ <td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".attribute_escape(__('Update'))."' /><br />
+ <input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='".attribute_escape(__('Delete'))."' /></td>
</tr>
";
}
<?php
foreach ($keys as $key) {
+ $key = attribute_escape($key);
echo "\n\t<option value='$key'>$key</option>";
}
?>
function add_meta($post_ID) {
global $wpdb;
+ $post_ID = (int) $post_ID;
+
+ $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
$metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
$metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
- $metavalue = $wpdb->escape(stripslashes(trim($_POST['metavalue'])));
+ $metavalue = maybe_serialize(stripslashes((trim($_POST['metavalue']))));
+ $metavalue = $wpdb->escape($metavalue);
if ( ('0' === $metavalue || !empty ($metavalue)) && ((('#NONE#' != $metakeyselect) && !empty ($metakeyselect)) || !empty ($metakeyinput)) ) {
// We have a key/value pair. If both the select and the
if ($metakeyinput)
$metakey = $metakeyinput; // default
+ if ( in_array($metakey, $protected) )
+ return false;
+
$result = $wpdb->query("
INSERT INTO $wpdb->postmeta
(post_id,meta_key,meta_value)
function delete_meta($mid) {
global $wpdb;
+ $mid = (int) $mid;
$result = $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'");
}
function update_meta($mid, $mkey, $mvalue) {
global $wpdb;
+ $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
+
+ if ( in_array($mkey, $protected) )
+ return false;
+
+ $mvalue = maybe_serialize(stripslashes($mvalue));
+ $mvalue = $wpdb->escape($mvalue);
+ $mid = (int) $mid;
return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'");
}
}
function the_quicktags() {
- // Browser detection sucks, but until Safari supports the JS needed for this to work people just assume it's a bug in WP
- if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Safari'))
echo '
<div id="quicktags">
<script src="../wp-includes/js/quicktags.js" type="text/javascript"></script>
<script type="text/javascript">if ( typeof tinyMCE == "undefined" || tinyMCE.configs.length < 1 ) edToolbar();</script>
</div>
';
- else echo '
+ echo '
<script type="text/javascript">
function edInsertContent(myField, myValue) {
//IE support
global $pagenow;
global $menu;
global $submenu;
+ global $plugin_page;
$parent = get_admin_page_parent();
}
if (isset ($submenu[$parent])) {
- foreach ($submenu[$parent] as $submenu_array) {
+ if ( isset($plugin_page) ) {
+ foreach ($submenu[$parent] as $submenu_array) {
+ if ( $submenu_array[2] == $plugin_page ) {
+ if (!current_user_can($submenu_array[1]))
+ return false;
+ }
+ }
+ }
+
+ foreach ($submenu[$parent] as $submenu_array) {
if ($submenu_array[2] == $pagenow) {
- if (!current_user_can($submenu_array[1])) {
+ if (!current_user_can($submenu_array[1]))
return false;
- } else {
+ else
return true;
- }
}
}
}
preg_match("|Author:(.*)|i", $plugin_data, $author_name);
preg_match("|Author URI:(.*)|i", $plugin_data, $author_uri);
if (preg_match("|Version:(.*)|i", $plugin_data, $version))
- $version = $version[1];
+ $version = trim($version[1]);
else
$version = '';
- $description = wptexturize($description[1]);
+ $description = wptexturize(trim($description[1]));
$name = $plugin_name[1];
$name = trim($name);
$plugin = $name;
if ('' != $plugin_uri[1] && '' != $name) {
- $plugin = '<a href="'.$plugin_uri[1].'" title="'.__('Visit plugin homepage').'">'.$plugin.'</a>';
+ $plugin = '<a href="' . trim($plugin_uri[1]) . '" title="'.__('Visit plugin homepage').'">'.$plugin.'</a>';
}
if ('' == $author_uri[1]) {
- $author = $author_name[1];
+ $author = trim($author_name[1]);
} else {
- $author = '<a href="'.$author_uri[1].'" title="'.__('Visit author homepage').'">'.$author_name[1].'</a>';
+ $author = '<a href="' . trim($author_uri[1]) . '" title="'.__('Visit author homepage').'">' . trim($author_name[1]) . '</a>';
}
return array ('Name' => $name, 'Title' => $plugin, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1]);
}
}
- if (!$plugins_dir || !$plugin_files) {
+ if ( !$plugins_dir || !$plugin_files )
return $wp_plugins;
- }
- sort($plugin_files);
-
- foreach ($plugin_files as $plugin_file) {
+ foreach ( $plugin_files as $plugin_file ) {
if ( !is_readable("$plugin_root/$plugin_file"))
continue;
$plugin_data = get_plugin_data("$plugin_root/$plugin_file");
- if (empty ($plugin_data['Name'])) {
+ if ( empty ($plugin_data['Name']) )
continue;
- }
$wp_plugins[plugin_basename($plugin_file)] = $plugin_data;
}
+ uasort($wp_plugins, create_function('$a, $b', 'return strnatcasecmp($a["Name"], $b["Name"]);'));
+
return $wp_plugins;
}
__("Missing a temporary folder."),
__("Failed to write file to disk."));
- // Accepted MIME types are set here as PCRE. Override with $override['mimes'].
- $mimes = apply_filters('upload_mimes', array (
- 'jpg|jpeg|jpe' => 'image/jpeg',
- 'gif' => 'image/gif',
- 'png' => 'image/png',
- 'bmp' => 'image/bmp',
- 'tif|tiff' => 'image/tiff',
- 'ico' => 'image/x-icon',
- 'asf|asx|wax|wmv|wmx' => 'video/asf',
- 'avi' => 'video/avi',
- 'mov|qt' => 'video/quicktime',
- 'mpeg|mpg|mpe' => 'video/mpeg',
- 'txt|c|cc|h' => 'text/plain',
- 'rtx' => 'text/richtext',
- 'css' => 'text/css',
- 'htm|html' => 'text/html',
- 'mp3|mp4' => 'audio/mpeg',
- 'ra|ram' => 'audio/x-realaudio',
- 'wav' => 'audio/wav',
- 'ogg' => 'audio/ogg',
- 'mid|midi' => 'audio/midi',
- 'wma' => 'audio/wma',
- 'rtf' => 'application/rtf',
- 'js' => 'application/javascript',
- 'pdf' => 'application/pdf',
- 'doc' => 'application/msword',
- 'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
- 'wri' => 'application/vnd.ms-write',
- 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
- 'mdb' => 'application/vnd.ms-access',
- 'mpp' => 'application/vnd.ms-project',
- 'swf' => 'application/x-shockwave-flash',
- 'class' => 'application/java',
- 'tar' => 'application/x-tar',
- 'zip' => 'application/zip',
- 'gz|gzip' => 'application/x-gzip',
- 'exe' => 'application/x-msdownload'
- ));
-
// All tests are on by default. Most can be turned off by $override[{test_name}] = false;
$test_form = true;
$test_size = true;
if (! @ is_uploaded_file($file['tmp_name']) )
return $upload_error_handler($file, __('Specified file failed upload test.'));
- // A correct MIME type will pass this test.
+ // A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter.
if ( $test_type ) {
- $type = false;
- $ext = false;
- foreach ($mimes as $ext_preg => $mime_match) {
- $ext_preg = '![^.]\.(' . $ext_preg . ')$!i';
- if ( preg_match($ext_preg, $file['name'], $ext_matches) ) {
- $type = $mime_match;
- $ext = $ext_matches[1];
- }
- }
+ $wp_filetype = wp_check_filetype($file['name'], $mimes);
+
+ extract($wp_filetype);
if ( !$type || !$ext )
return $upload_error_handler($file, __('File type does not meet security guidelines. Try another.'));
else
$filename = str_replace("$number$ext", ++$number . $ext, $filename);
}
+ $filename = str_replace($ext, '', $filename);
+ $filename = sanitize_title_with_dashes($filename) . $ext;
}
// Move the file to the uploads dir
o.submit();
}
</script>
-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo $action ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo attribute_escape($action) ?>">
+<?php wp_nonce_field('import-upload'); ?>
<label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" />
<input type="hidden" name="action" value="save" />
<div id="buttons">