// Get the basics.
$post_content = apply_filters('content_save_pre', $post_content);
+ $post_content_filtered = apply_filters('content_filtered_save_pre', $post_content_filtered);
$post_excerpt = apply_filters('excerpt_save_pre', $post_excerpt);
$post_title = apply_filters('title_save_pre', $post_title);
$post_category = apply_filters('category_save_pre', $post_category);
// Get the post ID.
if ( $update )
- $post_ID = $ID;
+ $post_ID = (int) $ID;
// Create a valid post name. Drafts are allowed to have an empty
// post name.
// Get the basics.
$post_content = apply_filters('content_save_pre', $post_content);
+ $post_content_filtered = apply_filters('content_filtered_save_pre', $post_content_filtered);
$post_excerpt = apply_filters('excerpt_save_pre', $post_excerpt);
$post_title = apply_filters('title_save_pre', $post_title);
$post_category = apply_filters('category_save_pre', $post_category);
post_date = '$post_date',
post_date_gmt = '$post_date_gmt',
post_content = '$post_content',
+ post_content_filtered = '$post_content_filtered',
post_title = '$post_title',
post_excerpt = '$post_excerpt',
post_status = '$post_status',
} else {
$wpdb->query(
"INSERT INTO $wpdb->posts
- (post_author, post_date, post_date_gmt, post_content, post_title, post_excerpt, post_status, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
+ (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
VALUES
- ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_title', '$post_excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
+ ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
$post_ID = $wpdb->insert_id;
}
global $wpdb;
$postid = (int) $postid;
- if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
+ if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
return $post;
if ( 'attachment' != $post->post_status )
$meta = get_post_meta($postid, '_wp_attachment_metadata', true);
$file = get_post_meta($postid, '_wp_attached_file', true);
- $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
+ $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");
- $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
+ $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");
- $wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid");
+ $wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'");
- $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
+ $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");
if ( ! empty($meta['thumb']) ) {
// Don't delete the thumb if another attachment uses it
- if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid"))
+ if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'"))
@ unlink(str_replace(basename($file), $meta['thumb'], $file));
}
global $wpdb;
// Set the limit clause, if we got a limit
+ $num = (int) $num;
if ($num) {
$limit = "LIMIT $num";
}
function wp_get_post_cats($blogid = '1', $post_ID = 0) {
global $wpdb;
+ $post_ID = (int) $post_ID;
+
$sql = "SELECT category_id
FROM $wpdb->post2cat
- WHERE post_id = $post_ID
+ WHERE post_id = '$post_ID'
ORDER BY category_id";
$result = $wpdb->get_col($sql);
function wp_set_post_cats($blogid = '1', $post_ID = 0, $post_categories = array()) {
global $wpdb;
+
+ $post_ID = (int) $post_ID;
+
// If $post_categories isn't already an array, make it one:
if (!is_array($post_categories) || 0 == count($post_categories))
$post_categories = array(get_option('default_category'));
$old_categories = $wpdb->get_col("
SELECT category_id
FROM $wpdb->post2cat
- WHERE post_id = $post_ID");
+ WHERE post_id = '$post_ID'");
if (!$old_categories) {
$old_categories = array();
foreach ($delete_cats as $del) {
$wpdb->query("
DELETE FROM $wpdb->post2cat
- WHERE category_id = $del
- AND post_id = $post_ID
+ WHERE category_id = '$del'
+ AND post_id = '$post_ID'
");
}
}
if ($add_cats) {
foreach ($add_cats as $new_cat) {
- $wpdb->query("
- INSERT INTO $wpdb->post2cat (post_id, category_id)
- VALUES ($post_ID, $new_cat)");
+ $new_cat = (int) $new_cat;
+ if ( !empty($new_cat) )
+ $wpdb->query("
+ INSERT INTO $wpdb->post2cat (post_id, category_id)
+ VALUES ('$post_ID', '$new_cat')");
}
}
-
+
// Update category counts.
$all_affected_cats = array_unique(array_merge($post_categories, $old_categories));
foreach ( $all_affected_cats as $cat_id ) {
if ( 'static' == $post->post_status )
$wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_status = 'static'");
+ $wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_status = 'attachment'");
+
$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
function wp_proxy_check($ipnum) {
if ( get_option('open_proxy_check') && isset($ipnum) ) {
+ $ipnum = preg_replace( '/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/', '$1', $ipnum );
$rev_ip = implode( '.', array_reverse( explode( '.', $ipnum ) ) );
- $lookup = $rev_ip . '.opm.blitzed.org.';
+ $lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
if ( $lookup != gethostbyname( $lookup ) )
return true;
}
function wp_upload_bits($name, $type, $bits) {
if ( empty($name) )
- return array('error' => "Empty filename");
+ return array('error' => __("Empty filename"));
+
+ $wp_filetype = wp_check_filetype($name);
+ if ( !$wp_filetype['ext'] )
+ return array('error' => __("Invalid file type"));
$upload = wp_upload_dir();
return array('file' => $new_file, 'url' => $url, 'error' => false);
}
+function wp_check_filetype($filename, $mimes = null) {
+ // Accepted MIME types are set here as PCRE unless provided.
+ $mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array (
+ 'jpg|jpeg|jpe' => 'image/jpeg',
+ 'gif' => 'image/gif',
+ 'png' => 'image/png',
+ 'bmp' => 'image/bmp',
+ 'tif|tiff' => 'image/tiff',
+ 'ico' => 'image/x-icon',
+ 'asf|asx|wax|wmv|wmx' => 'video/asf',
+ 'avi' => 'video/avi',
+ 'mov|qt' => 'video/quicktime',
+ 'mpeg|mpg|mpe' => 'video/mpeg',
+ 'txt|c|cc|h' => 'text/plain',
+ 'rtx' => 'text/richtext',
+ 'css' => 'text/css',
+ 'htm|html' => 'text/html',
+ 'mp3|mp4' => 'audio/mpeg',
+ 'ra|ram' => 'audio/x-realaudio',
+ 'wav' => 'audio/wav',
+ 'ogg' => 'audio/ogg',
+ 'mid|midi' => 'audio/midi',
+ 'wma' => 'audio/wma',
+ 'rtf' => 'application/rtf',
+ 'js' => 'application/javascript',
+ 'pdf' => 'application/pdf',
+ 'doc' => 'application/msword',
+ 'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
+ 'wri' => 'application/vnd.ms-write',
+ 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
+ 'mdb' => 'application/vnd.ms-access',
+ 'mpp' => 'application/vnd.ms-project',
+ 'swf' => 'application/x-shockwave-flash',
+ 'class' => 'application/java',
+ 'tar' => 'application/x-tar',
+ 'zip' => 'application/zip',
+ 'gz|gzip' => 'application/x-gzip',
+ 'exe' => 'application/x-msdownload'
+ ));
+
+ $type = false;
+ $ext = false;
+
+ foreach ($mimes as $ext_preg => $mime_match) {
+ $ext_preg = '!\.(' . $ext_preg . ')$!i';
+ if ( preg_match($ext_preg, $filename, $ext_matches) ) {
+ $type = $mime_match;
+ $ext = $ext_matches[1];
+ break;
+ }
+ }
+
+ return compact('ext', 'type');
+}
+
?>