X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/80b7979fccf09a75af3f4c111fa27060ae6dbf85..4713a14935b83517997f3c88f808eb41da55033d:/wp-admin/press-this.php
diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php
index facae8a8..1becc48f 100644
--- a/wp-admin/press-this.php
+++ b/wp-admin/press-this.php
@@ -9,18 +9,16 @@
define('IFRAME_REQUEST' , true);
/** WordPress Administration Bootstrap */
-require_once('./admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
-if ( ! current_user_can('edit_posts') )
+if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) )
wp_die( __( 'Cheatin’ uh?' ) );
/**
* Press It form handler.
*
- * @package WordPress
- * @subpackage Press_This
* @since 2.6.0
*
* @return int Post ID
@@ -91,11 +89,11 @@ if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) {
}
// Set Variables
-$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
+$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
$selection = '';
if ( !empty($_GET['s']) ) {
- $selection = str_replace(''', "'", stripslashes($_GET['s']));
+ $selection = str_replace(''', "'", wp_unslash($_GET['s']));
$selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) );
}
@@ -110,7 +108,7 @@ $image = isset($_GET['i']) ? $_GET['i'] : '';
if ( !empty($_REQUEST['ajax']) ) {
switch ($_REQUEST['ajax']) {
case 'video': ?>
-