@@ -1229,23 +1299,23 @@ function get_inline_data($post) {
' . $post->ping_status . '
' . $post->post_status . '
-
' . mysql2date( 'd', $post->post_date ) . '
-
' . mysql2date( 'm', $post->post_date ) . '
-
' . mysql2date( 'Y', $post->post_date ) . '
-
' . mysql2date( 'H', $post->post_date ) . '
-
' . mysql2date( 'i', $post->post_date ) . '
-
' . mysql2date( 's', $post->post_date ) . '
-
' . wp_specialchars($post->post_password, 1) . '
';
+
' . mysql2date( 'd', $post->post_date, false ) . '
+
' . mysql2date( 'm', $post->post_date, false ) . '
+
' . mysql2date( 'Y', $post->post_date, false ) . '
+
' . mysql2date( 'H', $post->post_date, false ) . '
+
' . mysql2date( 'i', $post->post_date, false ) . '
+
' . mysql2date( 's', $post->post_date, false ) . '
+
' . esc_html( $post->post_password ) . '
';
if( $post->post_type == 'page' )
echo '
' . $post->post_parent . '
-
' . wp_specialchars(get_post_meta( $post->ID, '_wp_page_template', true ), 1) . '
+
' . esc_html( get_post_meta( $post->ID, '_wp_page_template', true ) ) . '
';
if( $post->post_type == 'post' )
echo '
-
' . wp_specialchars( str_replace( ',', ', ', get_tags_to_edit($post->ID) ), 1) . '
+
' . esc_html( str_replace( ',', ', ', get_tags_to_edit($post->ID) ) ) . '
' . implode( ',', wp_get_post_categories( $post->ID ) ) . '
' . (is_sticky($post->ID) ? 'sticky' : '') . '
';
@@ -1262,7 +1332,7 @@ function get_inline_data($post) {
function post_rows( $posts = array() ) {
global $wp_query, $post, $mode;
- add_filter('the_title','wp_specialchars');
+ add_filter('the_title','esc_html');
// Create array of post IDs.
$post_ids = array();
@@ -1332,6 +1402,7 @@ function _post_row($a_post, $pending_comments, $mode) {
case 'date':
if ( '0000-00-00 00:00:00' == $post->post_date && 'date' == $column_name ) {
$t_time = $h_time = __('Unpublished');
+ $time_diff = 0;
} else {
$t_time = get_the_time(__('Y/m/d g:i:s A'));
$m_time = $post->post_date;
@@ -1339,20 +1410,10 @@ function _post_row($a_post, $pending_comments, $mode) {
$time_diff = time() - $time;
- if ( ( 'future' == $post->post_status) ) {
- if ( $time_diff <= 0 ) {
- $h_time = sprintf( __('%s from now'), human_time_diff( $time ) );
- } else {
- $h_time = $t_time;
- $missed = true;
- }
- } else {
-
- if ( $time_diff > 0 && $time_diff < 24*60*60 )
- $h_time = sprintf( __('%s ago'), human_time_diff( $time ) );
- else
- $h_time = mysql2date(__('Y/m/d'), $m_time);
- }
+ if ( $time_diff > 0 && $time_diff < 24*60*60 )
+ $h_time = sprintf( __('%s ago'), human_time_diff( $time ) );
+ else
+ $h_time = mysql2date(__('Y/m/d'), $m_time);
}
echo '
';
@@ -1364,7 +1425,7 @@ function _post_row($a_post, $pending_comments, $mode) {
if ( 'publish' == $post->post_status ) {
_e('Published');
} elseif ( 'future' == $post->post_status ) {
- if ( isset($missed) )
+ if ( $time_diff > 0 )
echo '' . __('Missed schedule') . ' ';
else
_e('Scheduled');
@@ -1377,23 +1438,24 @@ function _post_row($a_post, $pending_comments, $mode) {
case 'title':
$attributes = 'class="post-title column-title"' . $style;
?>
- >ID ) ) { ?>">
+ >ID ) ) { ?>
ID) ) {
- $actions['edit'] = '' . __('Edit') . ' ';
- $actions['inline hide-if-no-js'] = '' . __('Quick Edit') . ' ';
- $actions['delete'] = "ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . " ";
+ $actions['edit'] = '' . __('Edit') . ' ';
+ $actions['inline hide-if-no-js'] = '' . __('Quick Edit') . ' ';
+ $actions['delete'] = "ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . " ";
}
if ( in_array($post->post_status, array('pending', 'draft')) ) {
if ( current_user_can('edit_post', $post->ID) )
- $actions['view'] = '' . __('Preview') . ' ';
+ $actions['view'] = '' . __('Preview') . ' ';
} else {
- $actions['view'] = '' . __('View') . ' ';
+ $actions['view'] = '' . __('View') . ' ';
}
+ $actions = apply_filters('post_row_actions', $actions, $post);
$action_count = count($actions);
$i = 0;
echo '';
@@ -1417,7 +1479,7 @@ function _post_row($a_post, $pending_comments, $mode) {
if ( !empty( $categories ) ) {
$out = array();
foreach ( $categories as $c )
- $out[] = "
" . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'category', 'display')) . " ";
+ $out[] = "
" . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'category', 'display')) . " ";
echo join( ', ', $out );
} else {
_e('Uncategorized');
@@ -1433,7 +1495,7 @@ function _post_row($a_post, $pending_comments, $mode) {
if ( !empty( $tags ) ) {
$out = array();
foreach ( $tags as $c )
- $out[] = "
" . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . " ";
+ $out[] = "
" . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . " ";
echo join( ', ', $out );
} else {
_e('No Tags');
@@ -1449,7 +1511,7 @@ function _post_row($a_post, $pending_comments, $mode) {
$pending_phrase = sprintf( __('%s pending'), number_format( $pending_comments ) );
if ( $pending_comments )
echo '
';
- comments_number(" ', " ', " ');
+ comments_number(" ', " ', " ');
if ( $pending_comments )
echo ' ';
?>
@@ -1459,7 +1521,7 @@ function _post_row($a_post, $pending_comments, $mode) {
case 'author':
?>
-
>
+
>
post_title = wp_specialchars( $page->post_title );
+ if ( 0 == $level && (int)$page->post_parent > 0 ) {
+ //sent level 0 by accident, by default, or because we don't know the actual level
+ $find_main_page = (int)$page->post_parent;
+ while ( $find_main_page > 0 ) {
+ $parent = get_page($find_main_page);
+
+ if ( is_null($parent) )
+ break;
+
+ $level++;
+ $find_main_page = (int)$parent->post_parent;
+
+ if ( !isset($parent_name) )
+ $parent_name = $parent->post_title;
+ }
+ }
+
+ $page->post_title = esc_html( $page->post_title );
$pad = str_repeat( '— ', $level );
$id = (int) $page->ID;
$rowclass = 'alternate' == $rowclass ? '' : 'alternate';
@@ -1543,47 +1622,53 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
case 'date':
if ( '0000-00-00 00:00:00' == $page->post_date && 'date' == $column_name ) {
$t_time = $h_time = __('Unpublished');
+ $time_diff = 0;
} else {
$t_time = get_the_time(__('Y/m/d g:i:s A'));
$m_time = $page->post_date;
$time = get_post_time('G', true);
- if ( ( abs(time() - $time) ) < 86400 ) {
- if ( ( 'future' == $page->post_status) )
- $h_time = sprintf( __('%s from now'), human_time_diff( $time ) );
- else
- $h_time = sprintf( __('%s ago'), human_time_diff( $time ) );
- } else {
+ $time_diff = time() - $time;
+
+ if ( $time_diff > 0 && $time_diff < 24*60*60 )
+ $h_time = sprintf( __('%s ago'), human_time_diff( $time ) );
+ else
$h_time = mysql2date(__('Y/m/d'), $m_time);
- }
}
echo '
';
echo '' . apply_filters('post_date_column_time', $h_time, $page, $column_name, '') . ' ';
echo ' ';
- if ( 'publish' == $page->post_status || 'future' == $page->post_status )
+ if ( 'publish' == $page->post_status ) {
_e('Published');
- else
+ } elseif ( 'future' == $page->post_status ) {
+ if ( $time_diff > 0 )
+ echo '' . __('Missed schedule') . ' ';
+ else
+ _e('Scheduled');
+ } else {
_e('Last Modified');
+ }
echo ' ';
break;
case 'title':
$attributes = 'class="post-title page-title column-title"' . $style;
$edit_link = get_edit_post_link( $page->ID );
?>
-
>ID ) ) { ?>">
+ >ID ) ) { ?>
ID) ) {
- $actions['edit'] = '' . __('Edit') . ' ';
+ $actions['edit'] = '' . __('Edit') . ' ';
$actions['inline'] = '' . __('Quick Edit') . ' ';
- $actions['delete'] = "ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . " ";
+ $actions['delete'] = "ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . " ";
}
if ( in_array($post->post_status, array('pending', 'draft')) ) {
if ( current_user_can('edit_page', $page->ID) )
- $actions['view'] = '' . __('Preview') . ' ';
+ $actions['view'] = '' . __('Preview') . ' ';
} else {
- $actions['view'] = '' . __('View') . ' ';
+ $actions['view'] = '' . __('View') . ' ';
}
+ $actions = apply_filters('page_row_actions', $actions, $page);
$action_count = count($actions);
$i = 0;
@@ -1607,7 +1692,7 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
$pending_phrase = sprintf( __('%s pending'), number_format( $left ) );
if ( $left )
echo '';
- comments_number(" ', " ', " ');
+ comments_number(" ', " ', " ');
if ( $left )
echo ' ';
?>
@@ -1617,7 +1702,7 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
case 'author':
?>
- >
+
>
35 )
$short_url = substr( $short_url, 0, 32 ).'...';
$numposts = get_usernumposts( $user_object->ID );
+ $checkbox = '';
+ // Check if the user for this row is editable
if ( current_user_can( 'edit_user', $user_object->ID ) ) {
+ // Set up the user editing link
+ // TODO: make profile/user-edit determination a seperate function
if ($current_user->ID == $user_object->ID) {
$edit_link = 'profile.php';
} else {
- $edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) );
+ $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) );
}
$edit = "
$user_object->user_login ";
+
+ // Set up the hover actions for this user
$actions = array();
$actions['edit'] = '
' . __('Edit') . ' ';
if ( $current_user->ID != $user_object->ID )
$actions['delete'] = "
" . __('Delete') . " ";
+ $actions = apply_filters('user_row_actions', $actions, $user_object);
$action_count = count($actions);
$i = 0;
$edit .= '
';
@@ -1825,14 +1917,18 @@ function user_row( $user_object, $style = '', $role = '' ) {
$edit .= "$link$sep ";
}
$edit .= '
';
+
+ // Set up the checkbox (because the user is editable, otherwise its empty)
+ $checkbox = "
";
+
} else {
$edit = '
' . $user_object->user_login . ' ';
}
- $role_name = isset($wp_roles->role_names[$role]) ? translate_with_context($wp_roles->role_names[$role]) : __('None');
+ $role_name = isset($wp_roles->role_names[$role]) ? translate_user_role($wp_roles->role_names[$role] ) : __('None');
$r = "
";
$columns = get_column_headers('users');
$hidden = get_hidden_columns('users');
- $avatar = get_avatar( $user_object->user_email, 32 );
+ $avatar = get_avatar( $user_object->ID, 32 );
foreach ( $columns as $column_name => $column_display_name ) {
$class = "class=\"$column_name column-$column_name\"";
@@ -1844,7 +1940,7 @@ function user_row( $user_object, $style = '', $role = '' ) {
switch ($column_name) {
case 'cb':
- $r .= " ";
+ $r .= "$checkbox ";
break;
case 'username':
$r .= "$avatar $edit ";
@@ -1869,6 +1965,11 @@ function user_row( $user_object, $style = '', $role = '' ) {
$r .= 0;
}
$r .= "";
+ break;
+ default:
+ $r .= "";
+ $r .= apply_filters('manage_users_custom_column', '', $column_name, $user_object->ID);
+ $r .= " ";
}
}
$r .= ' ';
@@ -1895,17 +1996,26 @@ function _wp_get_comment_list( $status = '', $s = false, $start, $num, $post = 0
$start = abs( (int) $start );
$num = (int) $num;
$post = (int) $post;
+ $count = wp_count_comments();
+ $index = '';
- if ( 'moderated' == $status )
+ if ( 'moderated' == $status ) {
$approved = "comment_approved = '0'";
- elseif ( 'approved' == $status )
+ $total = $count->moderated;
+ } elseif ( 'approved' == $status ) {
$approved = "comment_approved = '1'";
- elseif ( 'spam' == $status )
+ $total = $count->approved;
+ } elseif ( 'spam' == $status ) {
$approved = "comment_approved = 'spam'";
- else
+ $total = $count->spam;
+ } else {
$approved = "( comment_approved = '0' OR comment_approved = '1' )";
+ $total = $count->moderated + $count->approved;
+ $index = 'USE INDEX (comment_date_gmt)';
+ }
if ( $post ) {
+ $total = '';
$post = " AND comment_post_ID = '$post'";
$orderby = "ORDER BY comment_date_gmt ASC LIMIT $start, $num";
} else {
@@ -1924,24 +2034,29 @@ function _wp_get_comment_list( $status = '', $s = false, $start, $num, $post = 0
else
$typesql = '';
+ if ( !empty($type) )
+ $total = '';
+
if ( $s ) {
+ $total = '';
$s = $wpdb->escape($s);
- $comments = $wpdb->get_results("SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->comments WHERE
+ $query = "FROM $wpdb->comments WHERE
(comment_author LIKE '%$s%' OR
comment_author_email LIKE '%$s%' OR
comment_author_url LIKE ('%$s%') OR
comment_author_IP LIKE ('%$s%') OR
comment_content LIKE ('%$s%') ) AND
$approved
- $typesql
- $orderby");
+ $typesql";
} else {
- $comments = $wpdb->get_results( "SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->comments WHERE $approved $post $typesql $orderby" );
+ $query = "FROM $wpdb->comments $index WHERE $approved $post $typesql";
}
- update_comment_cache($comments);
+ $comments = $wpdb->get_results("SELECT * $query $orderby");
+ if ( '' === $total )
+ $total = $wpdb->get_var("SELECT COUNT(comment_ID) $query");
- $total = $wpdb->get_var( "SELECT FOUND_ROWS()" );
+ update_comment_cache($comments);
return array($comments, $total);
}
@@ -1961,6 +2076,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
$comment = get_comment( $comment_id );
$post = get_post($comment->comment_post_ID);
$the_comment_status = wp_get_comment_status($comment->comment_ID);
+ $user_can = current_user_can('edit_post', $post->ID);
$author_url = get_comment_author_url();
if ( 'http://' == $author_url )
@@ -1977,10 +2093,10 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
else
$ptime = mysql2date(__('Y/m/d \a\t g:i A'), $comment->comment_date );
- $delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
- $approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
- $unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
- $spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
+ $delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
+ $approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
+ $unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
+ $spam_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
echo "\n";
@@ -2170,7 +2294,7 @@ function wp_comment_reply($position = '1', $checkbox = false, $mode = 'single',
-
+
@@ -2182,7 +2306,7 @@ function wp_comment_reply($position = '1', $checkbox = false, $mode = 'single',
-
+
@@ -2214,7 +2338,7 @@ function wp_dropdown_cats( $currentcat = 0, $currentparent = 0, $parent = 0, $le
foreach ( $categories as $category ) {
if ( $currentcat != $category->term_id && $parent == $category->parent) {
$pad = str_repeat( '– ', $level );
- $category->name = wp_specialchars( $category->name );
+ $category->name = esc_html( $category->name );
echo "\n\t
term_id )
echo " selected='selected'";
@@ -2304,22 +2428,22 @@ function _list_meta_row( $entry, &$count ) {
}
}
- $entry['meta_key'] = attribute_escape($entry['meta_key']);
+ $entry['meta_key'] = esc_attr($entry['meta_key']);
$entry['meta_value'] = htmlspecialchars($entry['meta_value']); // using a
$entry['meta_id'] = (int) $entry['meta_id'];
$delete_nonce = wp_create_nonce( 'delete-meta_' . $entry['meta_id'] );
$r .= "\n\t";
- $r .= "\n\t\t" . __( 'Key' ) . " ";
+ $r .= "\n\t\t" . __( 'Key' ) . " ";
$r .= "\n\t\t ";
- $r .= "\n\t\t
";
+ $r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='". esc_attr__( 'Delete' ) ."' />";
+ $r .= "\n\t\t ";
$r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false );
$r .= " ";
- $r .= "\n\t\t" . __( 'Value' ) . " \n\t ";
+ $r .= "\n\t\t" . __( 'Value' ) . " \n\t