X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/3f5685912e89eb3b0534acd85aa0946b1ca2bbe3..4f9d63e13cd8c6e275797c75b401b074b82937bc:/wp-admin/press-this.php?ds=sidebyside diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index 4eda788c..a1a6f780 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -7,29 +7,12 @@ */ /** WordPress Administration Bootstrap */ -require_once('admin.php'); +require_once('./admin.php'); header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); if ( ! current_user_can('edit_posts') ) wp_die( __( 'Cheatin’ uh?' ) ); -/** - * Convert characters. - * - * @package WordPress - * @subpackage Press_This - * @since 2.6.0 - * - * @param string $text - * @return string - */ -function aposfix($text) { - $translation_table[chr(34)] = '"'; - $translation_table[chr(38)] = '&'; - $translation_table[chr(39)] = '''; - return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&" , strtr($text, $translation_table)); -} - /** * Press It form handler. * @@ -45,7 +28,7 @@ function press_it() { $quick['post_category'] = isset($_POST['post_category']) ? $_POST['post_category'] : null; $quick['tax_input'] = isset($_POST['tax_input']) ? $_POST['tax_input'] : null; $quick['post_title'] = ( trim($_POST['title']) != '' ) ? $_POST['title'] : ' '; - $quick['post_content'] = isset($_POST['post_content']) ? $_POST['post_content'] : ''; + $quick['post_content'] = isset($_POST['post_content']) ? $_POST['post_content'] : ''; // insert the post with nothing in it, to get an ID $post_ID = wp_insert_post($quick, true); @@ -55,7 +38,7 @@ function press_it() { $content = isset($_POST['content']) ? $_POST['content'] : ''; $upload = false; - if( !empty($_POST['photo_src']) && current_user_can('upload_files') ) { + if ( !empty($_POST['photo_src']) && current_user_can('upload_files') ) { foreach( (array) $_POST['photo_src'] as $key => $image) { // see if files exist in content - we don't want to upload non-used selected files. if ( strpos($_POST['content'], htmlspecialchars($image)) !== false ) { @@ -63,7 +46,7 @@ function press_it() { $upload = media_sideload_image($image, $post_ID, $desc); // Replace the POSTED content with correct uploaded ones. Regex contains fix for Magic Quotes - if( !is_wp_error($upload) ) + if ( !is_wp_error($upload) ) $content = preg_replace('/]*)src=\\\?(\"|\')'.preg_quote(htmlspecialchars($image), '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); } } @@ -92,11 +75,17 @@ if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) { } // Set Variables -$title = isset( $_GET['t'] ) ? trim( strip_tags( aposfix( stripslashes( $_GET['t'] ) ) ) ) : ''; -$selection = isset( $_GET['s'] ) ? trim( htmlspecialchars( html_entity_decode( aposfix( stripslashes( $_GET['s'] ) ) ) ) ) : ''; +$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : ''; + +$selection = ''; +if ( !empty($_GET['s']) ) { + $selection = str_replace(''', "'", stripslashes($_GET['s'])); + $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) ); +} + if ( ! empty($selection) ) { $selection = preg_replace('/(\r?\n|\r)/', '

', $selection); - $selection = '

'.str_replace('

', '', $selection).'

'; + $selection = '

' . str_replace('

', '', $selection) . '

'; } $url = isset($_GET['u']) ? esc_url($_GET['u']) : ''; @@ -195,7 +184,7 @@ if ( !empty($_REQUEST['ajax']) ) { */ function get_images_from_uri($uri) { $uri = preg_replace('/\/#.+?$/','', $uri); - if( preg_match('/\.(jpg|jpe|jpeg|png|gif)$/', $uri) && !strpos($uri,'blogger.com') ) + if ( preg_match('/\.(jpg|jpe|jpeg|png|gif)$/', $uri) && !strpos($uri,'blogger.com') ) return "'" . esc_attr( html_entity_decode($uri) ) . "'"; $content = wp_remote_fopen($uri); if ( false === $content ) @@ -209,9 +198,9 @@ if ( !empty($_REQUEST['ajax']) ) { $sources = array(); foreach ($matches[3] as $src) { // if no http in url - if(strpos($src, 'http') === false) + if (strpos($src, 'http') === false) // if it doesn't have a relative uri - if( strpos($src, '../') === false && strpos($src, './') === false && strpos($src, '/') === 0) + if ( strpos($src, '../') === false && strpos($src, './') === false && strpos($src, '/') === 0) $src = 'http://'.str_replace('//','/', $host['host'].'/'.$src); else $src = 'http://'.str_replace('//','/', $host['host'].'/'.dirname($host['path']).'/'.$src); @@ -410,8 +399,8 @@ var photostorage = false; jQuery('#waiting').hide(); jQuery('#extra-fields').show(); } - jQuery('#extra-fields').before('
'); - + jQuery('#extra-fields').before('
'); + if(photostorage == false) { jQuery.ajax({ type: "GET", @@ -486,35 +475,59 @@ var photostorage = false;

- +

-
-
-
-
-

+ +
+

+

+
-
+ -
    - + -
    - -

    - - 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?> - - - -

    +
    +
      + 'category', 'popular_cats' => $popular_ids ) ) ?> +
    + + cap->assign_terms) ) : ?> +

    + + cap->edit_terms) ) : ?> +
    +

    + + labels->add_new_item ); ?> + +

    +

    + + + + 'category', 'hide_empty' => 0, 'name' => 'newcategory_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '— ' . $tax->labels->parent_item . ' —', 'tab_index' => 3 ) ); ?> + + + +

    +
    + +
@@ -542,7 +555,7 @@ var photostorage = false;
-

| |

+

| |

@@ -558,13 +571,13 @@ var photostorage = false;
  • Add: -<?php _e('Insert an Image'); ?> +<?php _e('Insert an Image'); ?>
  • - <?php _e('Embed a Video'); ?> + <?php _e('Embed a Video'); ?>
    • - +