X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/177fd6fefd2e3d5a0ea6591c71d660cabdb3c1a4..61343b82c4f0da4c68e4c6373daafff4a81efdd1:/wp-admin/includes/bookmark.php

diff --git a/wp-admin/includes/bookmark.php b/wp-admin/includes/bookmark.php
index 908d6b86..0897fdc5 100644
--- a/wp-admin/includes/bookmark.php
+++ b/wp-admin/includes/bookmark.php
@@ -1,37 +1,66 @@
 <?php
-
+/**
+ * WordPress Bookmark Administration API
+ *
+ * @package WordPress
+ * @subpackage Administration
+ */
+
+/**
+ * Add a link to using values provided in $_POST.
+ *
+ * @since 2.0.0
+ *
+ * @return int|WP_Error Value 0 or WP_Error on failure. The link ID on success.
+ */
 function add_link() {
 	return edit_link();
 }
 
-function edit_link( $link_id = '' ) {
-	if (!current_user_can( 'manage_links' ))
-		wp_die( __( 'Cheatin&#8217; uh?' ));
-
-	$_POST['link_url'] = wp_specialchars( $_POST['link_url'] );
-	$_POST['link_url'] = clean_url($_POST['link_url']);
-	$_POST['link_name'] = wp_specialchars( $_POST['link_name'] );
-	$_POST['link_image'] = wp_specialchars( $_POST['link_image'] );
-	$_POST['link_rss'] = clean_url($_POST['link_rss']);
-	if ( 'N' != $_POST['link_visible'] )
+/**
+ * Update or insert a link using values provided in $_POST.
+ *
+ * @since 2.0.0
+ *
+ * @param int $link_id Optional. ID of the link to edit.
+ * @return int|WP_Error Value 0 or WP_Error on failure. The link ID on success.
+ */
+function edit_link( $link_id = 0 ) {
+	if ( !current_user_can( 'manage_links' ) )
+		wp_die( __( 'Cheatin&#8217; uh?' ) );
+
+	$_POST['link_url'] = esc_html( $_POST['link_url'] );
+	$_POST['link_url'] = esc_url($_POST['link_url']);
+	$_POST['link_name'] = esc_html( $_POST['link_name'] );
+	$_POST['link_image'] = esc_html( $_POST['link_image'] );
+	$_POST['link_rss'] = esc_url($_POST['link_rss']);
+	if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] )
 		$_POST['link_visible'] = 'Y';
 
 	if ( !empty( $link_id ) ) {
 		$_POST['link_id'] = $link_id;
-		return wp_update_link( $_POST);
+		return wp_update_link( $_POST );
 	} else {
-		return wp_insert_link( $_POST);
+		return wp_insert_link( $_POST );
 	}
 }
 
+/**
+ * Retrieve the default link for editing.
+ *
+ * @since 2.0.0
+ *
+ * @return object Default link
+ */
 function get_default_link_to_edit() {
+	$link = new stdClass;
 	if ( isset( $_GET['linkurl'] ) )
-		$link->link_url = clean_url( $_GET['linkurl']);
+		$link->link_url = esc_url( wp_unslash( $_GET['linkurl'] ) );
 	else
 		$link->link_url = '';
 
 	if ( isset( $_GET['name'] ) )
-		$link->link_name = attribute_escape( $_GET['name']);
+		$link->link_name = esc_attr( wp_unslash( $_GET['name'] ) );
 	else
 		$link->link_name = '';
 
@@ -40,138 +69,222 @@ function get_default_link_to_edit() {
 	return $link;
 }
 
-function wp_delete_link($link_id) {
+/**
+ * Delete link specified from database
+ *
+ * @since 2.0.0
+ *
+ * @param int $link_id ID of the link to delete
+ * @return bool True
+ */
+function wp_delete_link( $link_id ) {
 	global $wpdb;
 
-	do_action('delete_link', $link_id);
+	do_action( 'delete_link', $link_id );
+
+	wp_delete_object_term_relationships( $link_id, 'link_category' );
 
-	wp_delete_object_term_relationships($link_id, 'link_category');
+	$wpdb->delete( $wpdb->links, array( 'link_id' => $link_id ) );
 
-	$wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
+	do_action( 'deleted_link', $link_id );
 
-	do_action('deleted_link', $link_id);
+	clean_bookmark_cache( $link_id );
 
 	return true;
 }
 
-function wp_get_link_cats($link_id = 0) {
+/**
+ * Retrieves the link categories associated with the link specified.
+ *
+ * @since 2.1.0
+ *
+ * @param int $link_id Link ID to look up
+ * @return array The requested link's categories
+ */
+function wp_get_link_cats( $link_id = 0 ) {
 
-	$cats = wp_get_object_terms($link_id, 'link_category', 'fields=ids');
+	$cats = wp_get_object_terms( $link_id, 'link_category', array('fields' => 'ids') );
 
-	return array_unique($cats);
+	return array_unique( $cats );
 }
 
+/**
+ * Retrieve link data based on ID.
+ *
+ * @since 2.0.0
+ *
+ * @param int $link_id ID of link to retrieve
+ * @return object Link for editing
+ */
 function get_link_to_edit( $link_id ) {
 	return get_bookmark( $link_id, OBJECT, 'edit' );
 }
 
-function wp_insert_link($linkdata) {
-	global $wpdb, $current_user;
+/**
+ * This function inserts/updates links into/in the database.
+ *
+ * @since 2.0.0
+ *
+ * @param array $linkdata Elements that make up the link to insert.
+ * @param bool $wp_error Optional. If true return WP_Error object on failure.
+ * @return int|WP_Error Value 0 or WP_Error on failure. The link ID on success.
+ */
+function wp_insert_link( $linkdata, $wp_error = false ) {
+	global $wpdb;
 
-	$defaults = array('link_id' => 0, 'link_name' => '', 'link_url' => '', 'link_rating' => 0 );
+	$defaults = array( 'link_id' => 0, 'link_name' => '', 'link_url' => '', 'link_rating' => 0 );
 
-	$linkdata = wp_parse_args($linkdata, $defaults);
-	$linkdata = sanitize_bookmark($linkdata, 'db');
+	$linkdata = wp_parse_args( $linkdata, $defaults );
+	$linkdata = sanitize_bookmark( $linkdata, 'db' );
 
-	extract($linkdata, EXTR_SKIP);
+	extract( wp_unslash( $linkdata ), EXTR_SKIP );
 
 	$update = false;
 
-	if ( !empty($link_id) )
+	if ( !empty( $link_id ) )
 		$update = true;
 
-	if ( trim( $link_name ) == '' )
-		return 0;
+	if ( trim( $link_name ) == '' ) {
+		if ( trim( $link_url ) != '' ) {
+			$link_name = $link_url;
+		} else {
+			return 0;
+		}
+	}
 
 	if ( trim( $link_url ) == '' )
 		return 0;
 
-	if ( empty($link_rating) )
+	if ( empty( $link_rating ) )
 		$link_rating = 0;
 
-	if ( empty($link_image) )
+	if ( empty( $link_image ) )
 		$link_image = '';
 
-	if ( empty($link_target) )
+	if ( empty( $link_target ) )
 		$link_target = '';
 
-	if ( empty($link_visible) )
+	if ( empty( $link_visible ) )
 		$link_visible = 'Y';
 
-	if ( empty($link_owner) )
-		$link_owner = $current_user->id;
+	if ( empty( $link_owner ) )
+		$link_owner = get_current_user_id();
 
-	if ( empty($link_notes) )
+	if ( empty( $link_notes ) )
 		$link_notes = '';
 
-	if ( empty($link_description) )
+	if ( empty( $link_description ) )
 		$link_description = '';
 
-	if ( empty($link_rss) )
+	if ( empty( $link_rss ) )
 		$link_rss = '';
 
-	if ( empty($link_rel) )
+	if ( empty( $link_rel ) )
 		$link_rel = '';
 
 	// Make sure we set a valid category
-	if (0 == count($link_category) || !is_array($link_category)) {
-		$link_category = array(get_option('default_link_category'));
+	if ( ! isset( $link_category ) || 0 == count( $link_category ) || !is_array( $link_category ) ) {
+		$link_category = array( get_option( 'default_link_category' ) );
 	}
 
 	if ( $update ) {
-		$wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
-			link_name='$link_name', link_image='$link_image',
-			link_target='$link_target',
-			link_visible='$link_visible', link_description='$link_description',
-			link_rating='$link_rating', link_rel='$link_rel',
-			link_notes='$link_notes', link_rss = '$link_rss'
-			WHERE link_id='$link_id'");
+		if ( false === $wpdb->update( $wpdb->links, compact('link_url', 'link_name', 'link_image', 'link_target', 'link_description', 'link_visible', 'link_rating', 'link_rel', 'link_notes', 'link_rss'), compact('link_id') ) ) {
+			if ( $wp_error )
+				return new WP_Error( 'db_update_error', __( 'Could not update link in the database' ), $wpdb->last_error );
+			else
+				return 0;
+		}
 	} else {
-		$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')");
+		if ( false === $wpdb->insert( $wpdb->links, compact('link_url', 'link_name', 'link_image', 'link_target', 'link_description', 'link_visible', 'link_owner', 'link_rating', 'link_rel', 'link_notes', 'link_rss') ) ) {
+			if ( $wp_error )
+				return new WP_Error( 'db_insert_error', __( 'Could not insert link into the database' ), $wpdb->last_error );
+			else
+				return 0;
+		}
 		$link_id = (int) $wpdb->insert_id;
 	}
 
-	wp_set_link_cats($link_id, $link_category);
+	wp_set_link_cats( $link_id, $link_category );
 
 	if ( $update )
-		do_action('edit_link', $link_id);
+		do_action( 'edit_link', $link_id );
 	else
-		do_action('add_link', $link_id);
+		do_action( 'add_link', $link_id );
+
+	clean_bookmark_cache( $link_id );
 
 	return $link_id;
 }
 
-function wp_set_link_cats($link_id = 0, $link_categories = array()) {
+/**
+ * Update link with the specified link categories.
+ *
+ * @since 2.1.0
+ *
+ * @param int $link_id ID of link to update
+ * @param array $link_categories Array of categories to
+ */
+function wp_set_link_cats( $link_id = 0, $link_categories = array() ) {
 	// If $link_categories isn't already an array, make it one:
-	if (!is_array($link_categories) || 0 == count($link_categories))
-		$link_categories = array(get_option('default_link_category'));
+	if ( !is_array( $link_categories ) || 0 == count( $link_categories ) )
+		$link_categories = array( get_option( 'default_link_category' ) );
+
+	$link_categories = array_map( 'intval', $link_categories );
+	$link_categories = array_unique( $link_categories );
 
-	$link_categories = array_map('intval', $link_categories);
-	$link_categories = array_unique($link_categories);
+	wp_set_object_terms( $link_id, $link_categories, 'link_category' );
 
-	wp_set_object_terms($link_id, $link_categories, 'link_category');
-}	// wp_set_link_cats()
+	clean_bookmark_cache( $link_id );
+}
 
-function wp_update_link($linkdata) {
+/**
+ * Update a link in the database.
+ *
+ * @since 2.0.0
+ *
+ * @param array $linkdata Link data to update.
+ * @return int|WP_Error Value 0 or WP_Error on failure. The updated link ID on success.
+ */
+function wp_update_link( $linkdata ) {
 	$link_id = (int) $linkdata['link_id'];
 
-	$link = get_link($link_id, ARRAY_A);
+	$link = get_bookmark( $link_id, ARRAY_A );
 
 	// Escape data pulled from DB.
-	$link = add_magic_quotes($link);
+	$link = wp_slash( $link );
 
 	// Passed link category list overwrites existing category list if not empty.
-	if ( isset($linkdata['link_category']) && is_array($linkdata['link_category'])
-			 && 0 != count($linkdata['link_category']) )
+	if ( isset( $linkdata['link_category'] ) && is_array( $linkdata['link_category'] )
+			 && 0 != count( $linkdata['link_category'] ) )
 		$link_cats = $linkdata['link_category'];
 	else
 		$link_cats = $link['link_category'];
 
 	// Merge old and new fields with new fields overwriting old ones.
-	$linkdata = array_merge($link, $linkdata);
+	$linkdata = array_merge( $link, $linkdata );
 	$linkdata['link_category'] = $link_cats;
 
-	return wp_insert_link($linkdata);
+	return wp_insert_link( $linkdata );
 }
 
-?>
\ No newline at end of file
+/**
+ * @since 3.5.0
+ * @access private
+ */
+function wp_link_manager_disabled_message() {
+	global $pagenow;
+	if ( 'link-manager.php' != $pagenow && 'link-add.php' != $pagenow && 'link.php' != $pagenow )
+		return;
+
+	add_filter( 'pre_option_link_manager_enabled', '__return_true', 100 );
+	$really_can_manage_links = current_user_can( 'manage_links' );
+	remove_filter( 'pre_option_link_manager_enabled', '__return_true', 100 );
+
+	if ( $really_can_manage_links && current_user_can( 'install_plugins' ) ) {
+		$link = network_admin_url( 'plugin-install.php?tab=search&amp;s=Link+Manager' );
+		wp_die( sprintf( __( 'If you are looking to use the link manager, please install the <a href="%s">Link Manager</a> plugin.' ), $link ) );
+	}
+
+	wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) );
+}
+add_action( 'admin_page_access_denied', 'wp_link_manager_disabled_message' );