<dt><a href="http://wordpress.org/support/">WordPress Support Forums</a></dt>
<dd>If you've looked everywhere and still can't find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible. </dd>
<dt><a href="http://codex.wordpress.org/IRC">WordPress IRC Channel</a></dt>
- <dd>Finally, there is an online chat channel that is used for discussion amoung people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpresss) </dd>
+ <dd>Finally, there is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpress) </dd>
</dl>
<h1 id="requirements">System Recommendations</h1>
return false;
} else {
$editable = join(',', $editable);
- $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable)" );
+ $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable) ORDER BY display_name" );
}
return apply_filters('get_editable_authors', $authors);
if (!$update) {
$wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, category_description, category_parent) VALUES ('0', '$cat_name', '$category_nicename', '$category_description', '$category_parent')");
- $cat_ID = $wpdb->insert_id;
+ $cat_ID = (int) $wpdb->insert_id;
} else {
$wpdb->query ("UPDATE $wpdb->categories SET cat_name = '$cat_name', category_nicename = '$category_nicename', category_description = '$category_description', category_parent = '$category_parent' WHERE cat_ID = '$cat_ID'");
}
if (!$category_nicename = sanitize_title($cat_name))
return 0;
- return $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'");
+ return (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'");
}
function wp_delete_user($id, $reassign = 'novalue') {
extract($linkdata);
$update = false;
+
if ( !empty($link_id) )
$update = true;
+ $link_id = (int) $link_id;
+
+ if( trim( $link_name ) == '' )
+ return 0;
+ $link_name = apply_filters('pre_link_name', $link_name);
+
+ if( trim( $link_url ) == '' )
+ return 0;
+ $link_url = apply_filters('pre_link_url', $link_url);
+
if ( empty($link_rating) )
$link_rating = 0;
+ else
+ $link_rating = (int) $link_rating;
+
+ if ( empty($link_image) )
+ $link_image = '';
+ $link_image = apply_filters('pre_link_image', $link_image);
if ( empty($link_target) )
$link_target = '';
+ $link_target = apply_filters('pre_link_target', $link_target);
if ( empty($link_visible) )
$link_visible = 'Y';
-
+ $link_visibile = preg_replace('/[^YNyn]/', '', $link_visible);
+
if ( empty($link_owner) )
$link_owner = $current_user->id;
+ else
+ $link_owner = (int) $link_owner;
if ( empty($link_notes) )
$link_notes = '';
+ $link_notes = apply_filters('pre_link_notes', $link_notes);
+
+ if ( empty($link_description) )
+ $link_description = '';
+ $link_description = apply_filters('pre_link_description', $link_description);
+
+ if ( empty($link_rss) )
+ $link_rss = '';
+ $link_rss = apply_filters('pre_link_rss', $link_rss);
+
+ if ( empty($link_rel) )
+ $link_rel = '';
+ $link_rel = apply_filters('pre_link_rel', $link_rel);
if ( $update ) {
$wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
WHERE link_id='$link_id'");
} else {
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_category, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_category', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')");
- $link_id = $wpdb->insert_id;
+ $link_id = (int) $wpdb->insert_id;
}
if ( $update )
<div id="footer"><p><a href="http://wordpress.org/" id="wordpress-logo"><img src="images/wordpress-logo.png" alt="WordPress" /></a></p>
<p>
<a href="http://codex.wordpress.org/"><?php _e('Documentation'); ?></a> — <a href="http://wordpress.org/support/"><?php _e('Support Forums'); ?></a> <br />
-<?php bloginfo('version'); ?> — <?php printf(__('%s seconds'), number_format(timer_stop(), 2)); ?>
+<?php bloginfo('version'); ?> — <?php printf(__('%s seconds'), timer_stop(0, 2)); ?>
</p>
</div>
$post->post_title = format_to_edit($post->post_title);
$post->post_title = apply_filters('title_edit_pre', $post->post_title);
+ $post->post_password = format_to_edit($post->post_password);
+
if ($post->post_status == 'static')
$post->page_template = get_post_meta($id, '_wp_page_template', true);
else if ( !empty($post_title) ) {
$text = wp_specialchars(stripslashes(urldecode($_REQUEST['text'])));
$text = funky_javascript_fix($text);
- $popupurl = wp_specialchars($_REQUEST['popupurl']);
+ $popupurl = clean_url(stripslashes($_REQUEST['popupurl']));
$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
}
$comment = get_comment($id);
- $comment->comment_content = format_to_edit($comment->comment_content, $richedit);
+ $comment->comment_ID = (int) $comment->comment_ID;
+ $comment->comment_post_ID = (int) $comment->comment_post_ID;
+
+ $comment->comment_content = format_to_edit($comment->comment_content);
$comment->comment_content = apply_filters('comment_edit_pre', $comment->comment_content);
$comment->comment_author = format_to_edit($comment->comment_author);
$comment->comment_author_email = format_to_edit($comment->comment_author_email);
+ $comment->comment_author_url = clean_url($comment->comment_author_url);
$comment->comment_author_url = format_to_edit($comment->comment_author_url);
return $comment;
return $category;
}
+function get_user_to_edit($user_id) {
+ $user = new WP_User($user_id);
+ $user->user_login = attribute_escape($user->user_login);
+ $user->user_email = attribute_escape($user->user_email);
+ $user->user_url = clean_url($user->user_url);
+ $user->first_name = attribute_escape($user->first_name);
+ $user->last_name = attribute_escape($user->last_name);
+ $user->display_name = attribute_escape($user->display_name);
+ $user->nickname = attribute_escape($user->nickname);
+ $user->aim = attribute_escape($user->aim);
+ $user->yim = attribute_escape($user->yim);
+ $user->jabber = attribute_escape($user->jabber);
+ $user->description = wp_specialchars($user->description);
+
+ return $user;
+}
+
// Creates a new user from the "Users" form using $_POST information.
function add_user() {
if ($user_id != 0) {
$update = true;
- $user->ID = $user_id;
+ $user->ID = (int) $user_id;
$userdata = get_userdata($user_id);
$user->user_login = $wpdb->escape($userdata->user_login);
} else {
if (isset ($_POST['email']))
$user->user_email = wp_specialchars(trim($_POST['email']));
if (isset ($_POST['url'])) {
- $user->user_url = wp_specialchars(trim($_POST['url']));
+ $user->user_url = clean_url(trim($_POST['url']));
$user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
}
if (isset ($_POST['first_name']))
if (isset ($_POST['display_name']))
$user->display_name = wp_specialchars(trim($_POST['display_name']));
if (isset ($_POST['description']))
- $user->description = wp_specialchars(trim($_POST['description']));
+ $user->description = trim($_POST['description']);
if (isset ($_POST['jabber']))
$user->jabber = wp_specialchars(trim($_POST['jabber']));
if (isset ($_POST['aim']))
function get_link_to_edit($link_id) {
$link = get_link($link_id);
-
- $link->link_url = wp_specialchars($link->link_url, 1);
- $link->link_name = wp_specialchars($link->link_name, 1);
- $link->link_description = wp_specialchars($link->link_description);
- $link->link_notes = wp_specialchars($link->link_notes);
- $link->link_rss = wp_specialchars($link->link_rss);
-
+
+ $link->link_url = clean_url($link->link_url);
+ $link->link_name = attribute_escape($link->link_name);
+ $link->link_image = attribute_escape($link->link_image);
+ $link->link_description = attribute_escape($link->link_description);
+ $link->link_rss = clean_url($link->link_rss);
+ $link->link_rel = attribute_escape($link->link_rel);
+ $link->link_notes = wp_specialchars($link->link_notes);
+ $link->post_category = $link->link_category;
+
return $link;
}
function get_default_link_to_edit() {
if ( isset($_GET['linkurl']) )
- $link->link_url = wp_specialchars($_GET['linkurl'], 1);
+ $link->link_url = clean_url($_GET['linkurl']);
else
$link->link_url = '';
if ( isset($_GET['name']) )
- $link->link_name = wp_specialchars($_GET['name'], 1);
+ $link->link_name = attribute_escape($_GET['name']);
else
$link->link_name = '';
die(__("Cheatin' uh ?"));
$_POST['link_url'] = wp_specialchars($_POST['link_url']);
- $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
+ $_POST['link_url'] = clean_url($_POST['link_url']);
$_POST['link_name'] = wp_specialchars($_POST['link_name']);
$_POST['link_image'] = wp_specialchars($_POST['link_image']);
- $_POST['link_rss'] = wp_specialchars($_POST['link_rss']);
+ $_POST['link_rss'] = clean_url($_POST['link_rss']);
$auto_toggle = get_autotoggle($_POST['link_category']);
// if we are in an auto toggle category and this one is visible then we
$style = '';
if ('_' == $entry['meta_key'] { 0 })
$style .= ' hidden';
+
+ if ( is_serialized($entry['meta_value']) ) {
+ if ( is_serialized_string($entry['meta_value']) ) {
+ // this is a serialized string, so we should display it
+ $entry['meta_value'] = maybe_unserialize($entry['meta_value']);
+ } else {
+ // this is a serialized array/object so we should NOT display it
+ --$count;
+ continue;
+ }
+ }
+
+ $entry['meta_key'] = attribute_escape( $entry['meta_key']);
+ $entry['meta_value'] = attribute_escape( $entry['meta_value']);
+ $entry['meta_id'] = (int) $entry['meta_id'];
echo "
<tr class='$style'>
<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>
<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>
- <td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".__('Update')."' /><br />
- <input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='".__('Delete')."' /></td>
+ <td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".attribute_escape(__('Update'))."' /><br />
+ <input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='".attribute_escape(__('Delete'))."' /></td>
</tr>
";
}
<?php
foreach ($keys as $key) {
+ $key = attribute_escape($key);
echo "\n\t<option value='$key'>$key</option>";
}
?>
function add_meta($post_ID) {
global $wpdb;
+ $post_ID = (int) $post_ID;
+
+ $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
$metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
$metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
- $metavalue = $wpdb->escape(stripslashes(trim($_POST['metavalue'])));
+ $metavalue = maybe_serialize(stripslashes((trim($_POST['metavalue']))));
+ $metavalue = $wpdb->escape($metavalue);
if ( ('0' === $metavalue || !empty ($metavalue)) && ((('#NONE#' != $metakeyselect) && !empty ($metakeyselect)) || !empty ($metakeyinput)) ) {
// We have a key/value pair. If both the select and the
if ($metakeyinput)
$metakey = $metakeyinput; // default
+ if ( in_array($metakey, $protected) )
+ return false;
+
$result = $wpdb->query("
INSERT INTO $wpdb->postmeta
(post_id,meta_key,meta_value)
function delete_meta($mid) {
global $wpdb;
+ $mid = (int) $mid;
$result = $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'");
}
function update_meta($mid, $mkey, $mvalue) {
global $wpdb;
+ $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
+
+ if ( in_array($mkey, $protected) )
+ return false;
+
+ $mvalue = maybe_serialize(stripslashes($mvalue));
+ $mvalue = $wpdb->escape($mvalue);
+ $mid = (int) $mid;
return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'");
}
}
function the_quicktags() {
- // Browser detection sucks, but until Safari supports the JS needed for this to work people just assume it's a bug in WP
- if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Safari'))
echo '
<div id="quicktags">
<script src="../wp-includes/js/quicktags.js" type="text/javascript"></script>
<script type="text/javascript">if ( typeof tinyMCE == "undefined" || tinyMCE.configs.length < 1 ) edToolbar();</script>
</div>
';
- else echo '
+ echo '
<script type="text/javascript">
function edInsertContent(myField, myValue) {
//IE support
}
}
- if (!$plugins_dir || !$plugin_files) {
+ if ( !$plugins_dir || !$plugin_files )
return $wp_plugins;
- }
- sort($plugin_files);
-
- foreach ($plugin_files as $plugin_file) {
+ foreach ( $plugin_files as $plugin_file ) {
if ( !is_readable("$plugin_root/$plugin_file"))
continue;
$plugin_data = get_plugin_data("$plugin_root/$plugin_file");
- if (empty ($plugin_data['Name'])) {
+ if ( empty ($plugin_data['Name']) )
continue;
- }
$wp_plugins[plugin_basename($plugin_file)] = $plugin_data;
}
+ uasort($wp_plugins, create_function('$a, $b', 'return strnatcasecmp($a["Name"], $b["Name"]);'));
+
return $wp_plugins;
}
o.submit();
}
</script>
-<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo $action ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo attribute_escape($action) ?>">
+<?php wp_nonce_field('import-upload'); ?>
<label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" />
<input type="hidden" name="action" value="save" />
<div id="buttons">
$content = wp_specialchars($_REQUEST['content']);
-$popupurl = wp_specialchars($_REQUEST['popupurl']);
+$popupurl = clean_url(stripslashes($_REQUEST['popupurl']));
if ( !empty($content) ) {
$post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
} else {
wp_insert_category($_POST);
wp_redirect('categories.php?message=1#addcat');
+ exit;
break;
case 'delete':
wp_delete_category($cat_ID);
wp_redirect('categories.php?message=2');
-
+ exit;
break;
case 'edit':
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
<tr>
<th width="33%" scope="row"><?php _e('Category name:') ?></th>
- <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
+ <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
<input type="hidden" name="cat_ID" value="<?php echo $category->cat_ID ?>" /></td>
</tr>
<tr>
<th scope="row"><?php _e('Category slug:') ?></th>
- <td><input name="category_nicename" type="text" value="<?php echo wp_specialchars($category->category_nicename); ?>" size="40" /></td>
+ <td><input name="category_nicename" type="text" value="<?php echo attribute_escape($category->category_nicename); ?>" size="40" /></td>
</tr>
<tr>
<th scope="row"><?php _e('Category parent:') ?></th>
</tr>
<tr>
<th scope="row"><?php _e('Description:') ?></th>
- <td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description, 1); ?></textarea></td>
+ <td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description); ?></textarea></td>
</tr>
</table>
<p class="submit"><input type="submit" name="submit" value="<?php _e('Edit category') ?> »" /></p>
wp_update_category($_POST);
wp_redirect('categories.php?message=3');
+ exit;
break;
default:
require_once('admin-header.php');
if (empty($_GET['mode'])) $mode = 'view';
-else $mode = wp_specialchars($_GET['mode'], 1);
+else $mode = attribute_escape($_GET['mode']);
?>
<script type="text/javascript">
<form name="searchform" action="" method="get">
<fieldset>
<legend><?php _e('Show Comments That Contain...') ?></legend>
- <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" />
+ <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" />
<input type="submit" name="submit" value="<?php _e('Search') ?>" />
<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
<?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
$i = 0;
foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
$comment = (int) $comment;
- $post_id = $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
+ $post_id = (int) $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
$authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
if ( current_user_can('edit_post', $post_id) ) :
wp_set_comment_status($comment, "delete");
<?php
+if ( isset($_GET['message']) )
+ $_GET['message'] = (int) $_GET['message'];
$messages[1] = __('Post updated');
$messages[2] = __('Custom field updated');
$messages[3] = __('Custom field deleted.');
?>
<?php if (isset($_GET['message'])) : ?>
-<div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>
+<div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div>
<?php endif; ?>
<form name="post" action="post.php" method="post" id="post">
$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
wp_nonce_field('add-post');
} else {
+ $post_ID = (int) $post_ID;
$form_action = 'editpost';
$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
wp_nonce_field('update-post_' . $post_ID);
}
-$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
+$form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />';
-$form_prevstatus = '<input type="hidden" name="prev_status" value="' . $post->post_status . '" />';
+$form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />';
-$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $post->to_ping) .'" />';
+$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';
if ('' != $post->pinged) {
$pings = '<p>'. __('Already pinged:') . '</p><ul>';
$already_pinged = explode("\n", trim($post->pinged));
foreach ($already_pinged as $pinged_url) {
- $pings .= "\n\t<li>$pinged_url</li>";
+ $pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
}
$pings .= '</ul>';
}
-$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . __('Save and Continue Editing') . '" />';
+$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape(__('Save and Continue Editing')) . '" />';
if (empty($post->post_status)) $post->post_status = 'draft';
?>
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
<input type="hidden" name="action" value="<?php echo $form_action ?>" />
-<input type="hidden" name="post_author" value="<?php echo $post->post_author ?>" />
+<input type="hidden" name="post_author" value="<?php echo attribute_escape($post->post_author) ?>" />
<?php echo $form_extra ?>
<?php if (isset($_GET['message']) && 2 > $_GET['message']) : ?>
<fieldset id="passworddiv" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3>
-<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password) ?>" /></div>
</fieldset>
<fieldset id="slugdiv" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Post slug') ?></h3>
-<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name) ?>" /></div>
</fieldset>
<fieldset id="categorydiv" class="dbx-box">
<div id="categorychecklist"><?php dropdown_categories(get_settings('default_category')); ?></div></div>
</fieldset>
-<fieldset class="dbx-box">
+<fieldset id="poststatusdiv" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Post Status') ?></h3>
<div class="dbx-content"><?php if ( current_user_can('publish_posts') ) : ?>
<label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post->post_status, 'publish'); ?> /> <?php _e('Published') ?></label>
</fieldset>
<?php if ( current_user_can('edit_posts') ) : ?>
-<fieldset class="dbx-box">
+<fieldset id="posttimestampdiv" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3>
<div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div>
</fieldset>
$o = get_userdata( $o->ID );
if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
else $selected = '';
-echo "<option value='$o->ID' $selected>$o->display_name</option>";
+echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars($o->display_name) . "</option>";
endforeach;
?>
</select>
<fieldset id="titlediv">
<legend><?php _e('Title') ?></legend>
- <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+ <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
</fieldset>
<fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
?>
<input name="referredby" type="hidden" id="referredby" value="<?php
if ( !empty($_REQUEST['popupurl']) )
- echo wp_specialchars($_REQUEST['popupurl']);
-else if ( url_to_postid(wp_get_referer()) == $post_ID )
+ echo attribute_escape(stripslashes($_REQUEST['popupurl']));
+else if ( url_to_postid(stripslashes(wp_get_referer())) == $post_ID )
echo 'redo';
else
- echo wp_specialchars(wp_get_referer());
+ echo attribute_escape(stripslashes(wp_get_referer()));
?>" /></p>
<?php do_action('edit_form_advanced'); ?>
<?php
if (current_user_can('upload_files')) {
- $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
+ $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID);
$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading');
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
if ( false != $uploading_iframe_src )
- echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+ echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
}
?>
<div id="advancedstuff" class="dbx-group" >
-<div class="dbx-box-wrapper">
+<div class="dbx-b-ox-wrapper">
<fieldset id="postexcerpt" class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-h-andle-wrapper">
<h3 class="dbx-handle"><?php _e('Optional Excerpt') ?></h3>
</div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
<div class="dbx-content"><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea></div>
</div>
</fieldset>
</div>
-<div class="dbx-box-wrapper">
-<fieldset class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-b-ox-wrapper">
+<fieldset id="trackbacksdiv" class="dbx-box">
+<div class="dbx-h-andle-wrapper">
<h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3>
</div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
<div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>)
<?php
if ( ! empty($pings) )
</fieldset>
</div>
-<div class="dbx-box-wrapper">
+<div class="dbx-b-ox-wrapper">
<fieldset id="postcustom" class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-h-andle-wrapper">
<h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
</div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
<div id="postcustomstuff" class="dbx-content">
<?php
if($metadata = has_meta($post_ID)) {
meta_form();
?>
</div>
+</div>
</fieldset>
</div>
<form name="post" action="post.php" method="post" id="post">
<?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
<div class="wrap">
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
<script type="text/javascript">
<fieldset id="namediv">
<legend><?php _e('Name:') ?></legend>
<div>
- <input type="text" name="newcomment_author" size="22" value="<?php echo $comment->comment_author ?>" tabindex="1" id="name" />
+ <input type="text" name="newcomment_author" size="22" value="<?php echo attribute_escape($comment->comment_author); ?>" tabindex="1" id="name" />
</div>
</fieldset>
<fieldset id="emaildiv">
<legend><?php _e('E-mail:') ?></legend>
<div>
- <input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email ?>" tabindex="2" id="email" />
+ <input type="text" name="newcomment_author_email" size="30" value="<?php echo attribute_escape($comment->comment_author_email); ?>" tabindex="2" id="email" />
</div>
</fieldset>
<fieldset id="uridiv">
<legend><?php _e('URI:') ?></legend>
<div>
- <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url ?>" tabindex="3" id="URL" />
+ <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape($comment->comment_author_url); ?>" tabindex="3" id="URL" />
</div>
</fieldset>
<?php if (isset($mode) && 'bookmarklet' == $mode) : ?>
<input type="hidden" name="mode" value="bookmarklet" />
<?php endif; ?>
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
<input type="hidden" name="action" value='post' />
<script type="text/javascript">
<div id="poststuff">
<fieldset id="titlediv">
<legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend>
- <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+ <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
</fieldset>
<fieldset id="categorydiv">
//-->
</script>
-<input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />
+<input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" />
<p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Identifier">URI</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Identifier">URI</abbr>s with spaces.)<br />'), 'http://wordpress.org/docs/reference/post/#trackback') ?>
<input type="text" name="trackback_url" style="width: 360px" id="trackback" tabindex="7" /></p>
<?php if ('bookmarklet' != $mode) {
echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' . __('Advanced Editing »') . '" />';
} ?>
- <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />
+ <input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" />
</p>
<?php do_action('simple_edit_form', ''); ?>
<?php if ( $editing ) : ?>
<input type="hidden" name="action" value="editlink" />
<input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
- <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+ <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
<?php else: ?>
<input type="hidden" name="action" value="Add" />
$temp_ID = -1 * time();
$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
} else {
+ $post_ID = (int) $post_ID;
$form_action = 'editpost';
$nonce_action = 'update-post_' . $post_ID;
$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
}
-$sendto = wp_get_referer();
+$temp_ID = (int) $temp_ID;
+$user_ID = (int) $user_ID;
+
+$sendto = attribute_escape(wp_get_referer());
if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
$sendto = 'redo';
-$sendto = wp_specialchars( $sendto );
?>
<fieldset id="passworddiv" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3>
-<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /></div>
</fieldset>
<fieldset id="pageparent" class="dbx-box">
<fieldset id="slugdiv" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Post slug') ?></h3>
-<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name); ?>" /></div>
</fieldset>
<?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
$o = get_userdata( $o->ID );
if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
else $selected = '';
+$o->ID = (int) $o->ID;
+$o->display_name = wp_specialchars( $o->display_name );
echo "<option value='$o->ID' $selected>$o->display_name</option>";
endforeach;
?>
<fieldset id="titlediv">
<legend><?php _e('Page Title') ?></legend>
- <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+ <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
</fieldset>
$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading');
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
if ( false != $uploading_iframe_src )
- echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+ echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
}
?>
$delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); ?>
<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
<?php endif; ?>
-</form>
-
</div>
+</form>
+
</div>
<form name="searchform" action="" method="get">
<fieldset>
<legend><?php _e('Search Pages…') ?></legend>
- <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" />
+ <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" />
<input type="submit" name="submit" value="<?php _e('Search') ?>" />
</fieldset>
</form>
<form name="searchform" action="" method="get" style="float: left; width: 16em; margin-right: 3em;">
<fieldset>
<legend><?php _e('Search Posts…') ?></legend>
- <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" />
+ <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" />
<input type="submit" name="submit" value="<?php _e('Search') ?>" />
</fieldset>
</form>
// Shows the welcome screen and the magic iframe.
function greet() {
- $title = __('Import Blogger');
- $welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.');
+ $title = __('Import Old Blogger');
+ $welcome = __('Howdy! This importer allows you to import posts and comments from your Old Blogger account into your WordPress blog.');
$noiframes = __('This feature requires iframe support.');
$warning = __('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?');
$reset = __('Reset this importer');
$incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.');
echo "<div class='wrap'><h2>$title</h2><p>$welcome</p>";
+ echo "<p>" . __('Please note that this importer <em>does not work with Blogger (using your Google account)</em>.') . "</p>";
if ( function_exists('curl_init') )
echo "<iframe src='admin.php?import=blogger&noheader=true' height='350px' width = '99%'>$noiframes</iframe><p><a href='admin.php?import=blogger&restart=true&noheader=true' onclick='return confirm(\"$warning\")'>$reset</a></p>";
else
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
if ($header) curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$response = curl_exec ($ch);
-
+
if ($parse) {
$response = $this->parse_response($response);
$response['url'] = $url;
return $response;
}
-
+
return $response;
}
$this->import['blogs'][$_GET['blog']]['nextstep'] = $step;
update_option('import-blogger', $this->import);
}
-
+
// Redirects to next step
function do_next_step() {
wp_redirect("admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
if ( ! ( $_POST['user'] && $_POST['pass'] ) ) {
$this->login_form(__('The script will log into your Blogger account, change some settings so it can read your blog, and restore the original settings when it\'s done. Here\'s what you do:').'</p><ol><li>'.__('Back up your Blogger template.').'</li><li>'.__('Back up any other Blogger settings you might need later.').'</li><li>'.__('Log out of Blogger').'</li><li>'.__('Log in <em>here</em> with your Blogger username and password.').'</li><li>'.__('On the next screen, click one of your Blogger blogs.').'</li><li>'.__('Do not close this window or navigate away until the process is complete.').'</li></ol>');
}
-
- // Try logging in. If we get an array of cookies back, we at least connected.
+
+ // Try logging in. If we get an array of cookies back, we at least connected.
$this->import['cookies'] = $this->login_blogger($_POST['user'], $_POST['pass']);
if ( !is_array( $this->import['cookies'] ) ) {
$this->login_form(__('Login failed. Please enter your credentials again.'));
}
-
+
// Save the password so we can log the browser in when it's time to publish.
$this->import['pass'] = $_POST['pass'];
$this->import['user'] = $_POST['user'];
$form = "<div style='height:0px;width:0px;overflow:hidden;'>";
$form.= $body;
$form.= "</div><script type='text/javascript'>forms=document.getElementsByTagName('form');for(i=0;i<forms.length;i++){if(forms[i].action.search('{$blog_opt}')){forms[i].submit();break;}}</script>";
- $output.= '<p>'.sprintf('<strong>%s</strong> in progress, please wait...', $blog_opt)."</p>\n";
+ $output.= '<p>'.sprintf(__('<strong>%s</strong> in progress, please wait...'), $blog_opt)."</p>\n";
} else {
$output.= "<p>$blog_opt</p>\n";
}
update_option('import-blogger', $import);
$archive = $this->get_blogger($url);
if ( $archive['code'] > 200 )
- continue;
+ continue;
$posts = explode('<wordpresspost>', $archive['body']);
for ($i = 1; $i < count($posts); $i = $i + 1) {
$postparts = explode('<wordpresscomment>', $posts[$i]);
$post_title = ( $postinfo[4] != '' ) ? $postinfo[4] : $postinfo[3];
$post_author_name = $wpdb->escape(trim($postinfo[1]));
$post_author_email = $postinfo[5] ? $postinfo[5] : 'user@wordpress.org';
-
+
if ( $this->lump_authors ) {
// Ignore Blogger authors. Use the current user_ID for all posts imported.
$post_author = $GLOBALS['user_ID'];
$user_email = $wpdb->escape($post_author_email);
$user_password = substr(md5(uniqid(microtime())), 0, 6);
$result = wp_create_user( $user_login, $user_password, $user_email );
- $status.= sprintf('Registered user <strong>%s</strong>.', $user_login);
+ $status.= sprintf(__('Registered user <strong>%s</strong>.'), $user_login);
$this->import['blogs'][$_GET['blog']]['newusers'][] = $user_login;
}
$userdata = get_userdatabylogin( $post_author_name );
$posthour = zeroise($post_date_His[0], 2);
$postminute = zeroise($post_date_His[1], 2);
$postsecond = zeroise($post_date_His[2], 2);
-
+
if (($post_date[2] == 'PM') && ($posthour != '12'))
$posthour = $posthour + 12;
else if (($post_date[2] == 'AM') && ($posthour == '12'))
$posthour = '00';
-
+
$post_date = "$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
-
+
$post_content = addslashes($post_content);
$post_content = str_replace(array('<br>','<BR>','<br/>','<BR/>','<br />','<BR />'), "\n", $post_content); // the XHTML touch... ;)
-
+
$post_title = addslashes($post_title);
-
+
$post_status = 'publish';
-
+
if ( $ID = post_exists($post_title, '', $post_date) ) {
$post_array[$i]['ID'] = $ID;
$skippedpostcount++;
}
}
$status = sprintf(__('%s post(s) parsed, %s skipped...'), $postcount, $skippedpostcount).' '.
- sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcoun, $skippedcommentcount).' '.
+ sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcount, $skippedcommentcount).' '.
' <strong>'.__('Done').'</strong>';
$import = $this->import;
$import['blogs'][$_GET['blog']]['archives']["$url"] = $status;
$response = $this->get_blogger("http://www.blogger.com/blog-publishing.g?blogID={$_GET['blog']}&publishMode={$optary['backup']['publishMode']}", $headers);
sleep(2);
if ( $response['code'] >= 400 )
- die('<h1>Error restoring publishMode.</h1><p>Please tell the devs.</p>' . addslashes(print_r($response, 1)) );
+ die('<h1>'.__('Error restoring publishMode').'</h1><p>'.__('Please tell the devs.').'</p>' . addslashes(print_r($response, 1)) );
}
}
if ( $optary['backup'] != $optary['modify'] ) {
if ( $_GET['restart'] == 'true' ) {
$this->restart();
}
-
+
if ( isset($_GET['noheader']) ) {
header('Content-Type: text/html; charset=utf-8');
- $this->import = get_settings('import-blogger');
+ $this->import = get_option('import-blogger');
if ( false === $this->import ) {
$step = 0;
break;
}
die;
-
+
} else {
$this->greet();
}
$blogger_import = new Blogger_Import();
-register_importer('blogger', 'Blogger', __('Import posts and comments from a Blogger account'), array ($blogger_import, 'start'));
+register_importer('blogger', __('Old Blogger'), __('Import <strong>posts and comments</strong> from your Old Blogger account'), array ($blogger_import, 'start'));
?>
<?php
+/*
+ * DotClear import plugin
+ * by Thomas Quinot - http://thomas.quinot.org/
+ */
+
/**
Add These Functions to make our lives easier
**/
if(!function_exists('get_catbynicename'))
{
- function get_catbynicename($category_nicename)
+ function get_catbynicename($category_nicename)
{
global $wpdb;
-
+
$cat_id -= 0; // force numeric
$name = $wpdb->get_var('SELECT cat_ID FROM '.$wpdb->categories.' WHERE category_nicename="'.$category_nicename.'"');
-
+
return $name;
}
}
//
// This cries out for a C-implementation to be included in PHP core
//
- function valid_1byte($char) {
- if(!is_int($char)) return false;
- return ($char & 0x80) == 0x00;
- }
-
- function valid_2byte($char) {
- if(!is_int($char)) return false;
- return ($char & 0xE0) == 0xC0;
- }
-
- function valid_3byte($char) {
- if(!is_int($char)) return false;
- return ($char & 0xF0) == 0xE0;
- }
-
- function valid_4byte($char) {
- if(!is_int($char)) return false;
- return ($char & 0xF8) == 0xF0;
- }
-
- function valid_nextbyte($char) {
- if(!is_int($char)) return false;
- return ($char & 0xC0) == 0x80;
- }
-
- function valid_utf8($string) {
- $len = strlen($string);
- $i = 0;
- while( $i < $len ) {
- $char = ord(substr($string, $i++, 1));
- if(valid_1byte($char)) { // continue
- continue;
- } else if(valid_2byte($char)) { // check 1 byte
- if(!valid_nextbyte(ord(substr($string, $i++, 1))))
- return false;
- } else if(valid_3byte($char)) { // check 2 bytes
- if(!valid_nextbyte(ord(substr($string, $i++, 1))))
- return false;
- if(!valid_nextbyte(ord(substr($string, $i++, 1))))
- return false;
- } else if(valid_4byte($char)) { // check 3 bytes
- if(!valid_nextbyte(ord(substr($string, $i++, 1))))
- return false;
- if(!valid_nextbyte(ord(substr($string, $i++, 1))))
- return false;
- if(!valid_nextbyte(ord(substr($string, $i++, 1))))
- return false;
- } // goto next char
- }
- return true; // done
- }
+
+function valid_1byte($char) {
+ if(!is_int($char)) return false;
+ return ($char & 0x80) == 0x00;
+}
+
+function valid_2byte($char) {
+ if(!is_int($char)) return false;
+ return ($char & 0xE0) == 0xC0;
+}
+
+function valid_3byte($char) {
+ if(!is_int($char)) return false;
+ return ($char & 0xF0) == 0xE0;
+}
+
+function valid_4byte($char) {
+ if(!is_int($char)) return false;
+ return ($char & 0xF8) == 0xF0;
+}
+
+function valid_nextbyte($char) {
+ if(!is_int($char)) return false;
+ return ($char & 0xC0) == 0x80;
+}
+
+function valid_utf8($string) {
+ $len = strlen($string);
+ $i = 0;
+ while( $i < $len ) {
+ $char = ord(substr($string, $i++, 1));
+ if(valid_1byte($char)) { // continue
+ continue;
+ } else if(valid_2byte($char)) { // check 1 byte
+ if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+ return false;
+ } else if(valid_3byte($char)) { // check 2 bytes
+ if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+ return false;
+ if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+ return false;
+ } else if(valid_4byte($char)) { // check 3 bytes
+ if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+ return false;
+ if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+ return false;
+ if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+ return false;
+ } // goto next char
+ }
+ return true; // done
+}
function csc ($s) {
if (valid_utf8 ($s)) {
function header()
{
echo '<div class="wrap">';
- echo '<h2>'.__('Import Dotclear').'</h2>';
+ echo '<h2>'.__('Import DotClear').'</h2>';
echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'</p>';
}
{
echo '</div>';
}
-
+
function greet()
{
- echo '<p>'.__('Howdy! This importer allows you to extract posts from a Dotclear database into your blog. Mileage may vary.').'</p>';
- echo '<p>'.__('Your Dotclear Configuration settings are as follows:').'</p>';
+ echo '<div class="narrow"><p>'.__('Howdy! This importer allows you to extract posts from a DotClear database into your blog. Mileage may vary.').'</p>';
+ echo '<p>'.__('Your DotClear Configuration settings are as follows:').'</p>';
echo '<form action="admin.php?import=dotclear&step=1" method="post">';
+ wp_nonce_field('import-dotclear');
$this->db_form();
- echo '<input type="submit" name="submit" value="'.__('Import Categories').'" />';
- echo '</form>';
+ echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories »')).'" /></p>';
+ echo '</form></div>';
}
- function get_dc_cats()
+ function get_dc_cats()
{
global $wpdb;
// General Housekeeping
$dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
set_magic_quotes_runtime(0);
- $prefix = get_option('tpre');
-
+ $dbprefix = get_option('dcdbprefix');
+
// Get Categories
- return $dcdb->get_results('SELECT * FROM dc_categorie', ARRAY_A);
+ return $dcdb->get_results('SELECT * FROM '.$dbprefix.'categorie', ARRAY_A);
}
-
+
function get_dc_users()
{
global $wpdb;
// General Housekeeping
$dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
set_magic_quotes_runtime(0);
- $prefix = get_option('tpre');
-
+ $dbprefix = get_option('dcdbprefix');
+
// Get Users
-
- return $dcdb->get_results('SELECT * FROM dc_user', ARRAY_A);
+
+ return $dcdb->get_results('SELECT * FROM '.$dbprefix.'user', ARRAY_A);
}
-
+
function get_dc_posts()
{
// General Housekeeping
$dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
set_magic_quotes_runtime(0);
- $prefix = get_option('tpre');
-
+ $dbprefix = get_option('dcdbprefix');
+
// Get Posts
- return $dcdb->get_results('SELECT dc_post.*, dc_categorie.cat_libelle_url AS post_cat_name
- FROM dc_post INNER JOIN dc_categorie
- ON dc_post.cat_id = dc_categorie.cat_id', ARRAY_A);
+ return $dcdb->get_results('SELECT '.$dbprefix.'post.*, '.$dbprefix.'categorie.cat_libelle_url AS post_cat_name
+ FROM '.$dbprefix.'post INNER JOIN '.$dbprefix.'categorie
+ ON '.$dbprefix.'post.cat_id = '.$dbprefix.'categorie.cat_id', ARRAY_A);
}
-
+
function get_dc_comments()
{
global $wpdb;
// General Housekeeping
$dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
set_magic_quotes_runtime(0);
- $prefix = get_option('tpre');
-
+ $dbprefix = get_option('dcdbprefix');
+
// Get Comments
- return $dcdb->get_results('SELECT * FROM dc_comment', ARRAY_A);
+ return $dcdb->get_results('SELECT * FROM '.$dbprefix.'comment', ARRAY_A);
}
-
+
function get_dc_links()
{
//General Housekeeping
$dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
set_magic_quotes_runtime(0);
- $prefix = get_option('tpre');
+ $dbprefix = get_option('dcdbprefix');
- return $dcdb->get_results('SELECT * FROM dc_link ORDER BY position', ARRAY_A);
+ return $dcdb->get_results('SELECT * FROM '.$dbprefix.'link ORDER BY position', ARRAY_A);
}
-
- function cat2wp($categories='')
+
+ function cat2wp($categories='')
{
// General Housekeeping
global $wpdb;
if(is_array($categories))
{
echo '<p>'.__('Importing Categories...').'<br /><br /></p>';
- foreach ($categories as $category)
+ foreach ($categories as $category)
{
$count++;
extract($category);
-
+
// Make Nice Variables
$name = $wpdb->escape($cat_libelle_url);
$title = $wpdb->escape(csc ($cat_libelle));
}
$dccat2wpcat[$id] = $ret_id;
}
-
+
// Store category translation for future use
add_option('dccat2wpcat',$dccat2wpcat);
echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> categories imported.'), $count).'<br /><br /></p>';
echo __('No Categories to Import!');
return false;
}
-
+
function users2wp($users='')
{
// General Housekeeping
global $wpdb;
$count = 0;
$dcid2wpid = array();
-
+
// Midnight Mojo
if(is_array($users))
{
{
$count++;
extract($user);
-
+
// Make Nice Variables
$name = $wpdb->escape(csc ($name));
$RealName = $wpdb->escape(csc ($user_pseudo));
-
+
if($uinfo = get_userdatabylogin($name))
{
-
+
$ret_id = wp_insert_user(array(
'ID' => $uinfo->ID,
'user_login' => $user_id,
'display_name' => $Realname)
);
}
- else
+ else
{
$ret_id = wp_insert_user(array(
'user_login' => $user_id,
);
}
$dcid2wpid[$user_id] = $ret_id;
-
- // Set Dotclear-to-WordPress permissions translation
-
+
+ // Set DotClear-to-WordPress permissions translation
+
// Update Usermeta Data
$user = new WP_User($ret_id);
$wp_perms = $user_level + 1;
else if(3 <= $wp_perms) { $user->set_role('contributor'); }
else if(2 <= $wp_perms) { $user->set_role('contributor'); }
else { $user->set_role('subscriber'); }
-
+
update_usermeta( $ret_id, 'wp_user_level', $wp_perms);
update_usermeta( $ret_id, 'rich_editing', 'false');
update_usermeta( $ret_id, 'first_name', csc ($user_prenom));
update_usermeta( $ret_id, 'last_name', csc ($user_nom));
}// End foreach($users as $user)
-
+
// Store id translation array for future use
add_option('dcid2wpid',$dcid2wpid);
-
-
+
+
echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> users imported.'), $count).'<br /><br /></p>';
return true;
}// End if(is_array($users)
-
+
echo __('No Users to Import!');
return false;
-
+
}// End function user2wp()
-
+
function posts2wp($posts='')
{
// General Housekeeping
{
$count++;
extract($post);
-
- // Set Dotclear-to-WordPress status translation
+
+ // Set DotClear-to-WordPress status translation
$stattrans = array(0 => 'draft', 1 => 'publish');
$comment_status_map = array (0 => 'closed', 1 => 'open');
-
+
//Can we do this more efficiently?
$uinfo = ( get_userdatabylogin( $user_id ) ) ? get_userdatabylogin( $user_id ) : 1;
$authorid = ( is_object( $uinfo ) ) ? $uinfo->ID : $uinfo ;
$Title = $wpdb->escape(csc ($post_titre));
$post_content = textconv ($post_content);
+ $post_excerpt = "";
if ($post_chapo != "") {
$post_excerpt = textconv ($post_chapo);
$post_content = $post_excerpt ."\n<!--more-->\n".$post_content;
$post_excerpt = $wpdb->escape ($post_excerpt);
$post_content = $wpdb->escape ($post_content);
$post_status = $stattrans[$post_pub];
-
+
// Import Post data into WordPress
-
+
if($pinfo = post_exists($Title,$post_content))
{
$ret_id = wp_insert_post(array(
'comment_count' => $post_nb_comment + $post_nb_trackback)
);
}
- else
+ else
{
$ret_id = wp_insert_post(array(
'post_author' => $authorid,
);
}
$dcposts2wpposts[$post_id] = $ret_id;
-
+
// Make Post-to-Category associations
$cats = array();
if($cat1 = get_catbynicename($post_cat_name)) { $cats[1] = $cat1; }
}
// Store ID translation for later use
add_option('dcposts2wpposts',$dcposts2wpposts);
-
+
echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> posts imported.'), $count).'<br /><br /></p>';
- return true;
+ return true;
}
-
+
function comments2wp($comments='')
{
// General Housekeeping
$count = 0;
$dccm2wpcm = array();
$postarr = get_option('dcposts2wpposts');
-
+
// Magic Mojo
if(is_array($comments))
{
{
$count++;
extract($comment);
-
+
// WordPressify Data
- $comment_ID = ltrim($comment_id, '0');
- $comment_post_ID = $postarr[$post_id];
+ $comment_ID = (int) ltrim($comment_id, '0');
+ $comment_post_ID = (int) $postarr[$post_id];
$comment_approved = "$comment_pub";
$name = $wpdb->escape(csc ($comment_auteur));
$email = $wpdb->escape($comment_email);
$web = "http://".$wpdb->escape($comment_site);
$message = $wpdb->escape(textconv ($comment_content));
-
+
if($cinfo = comment_exists($name, $comment_dt))
{
// Update comments
'comment_approved' => $comment_approved)
);
}
- else
+ else
{
// Insert comments
$ret_id = wp_insert_comment(array(
$dccm2wpcm[$comment_ID] = $ret_id;
}
// Store Comment ID translation for future use
- add_option('dccm2wpcm', $dccm2wpcm);
-
+ add_option('dccm2wpcm', $dccm2wpcm);
+
// Associate newly formed categories with posts
get_comment_count($ret_id);
-
-
+
+
echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> comments imported.'), $count).'<br /><br /></p>';
return true;
}
echo __('No Comments to Import!');
return false;
}
-
+
function links2wp($links='')
{
// General Housekeeping
global $wpdb;
$count = 0;
-
+
// Deal with the links
if(is_array($links))
{
{
$count++;
extract($link);
-
+
if ($title != "") {
if ($cinfo = link_cat_exists (csc ($title))) {
$category = $cinfo;
} else {
$linkname = $wpdb->escape(csc ($label));
$description = $wpdb->escape(csc ($title));
-
+
if($linfo = link_exists($linkname)) {
$ret_id = wp_insert_link(array(
'link_id' => $linfo,
echo __('No Links to Import!');
return false;
}
-
- function import_categories()
- {
- // Category Import
+
+ function import_categories()
+ {
+ // Category Import
$cats = $this->get_dc_cats();
$this->cat2wp($cats);
add_option('dc_cats', $cats);
-
-
-
+
+
+
echo '<form action="admin.php?import=dotclear&step=2" method="post">';
- printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
+ wp_nonce_field('import-dotclear');
+ printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
echo '</form>';
}
-
+
function import_users()
{
// User Import
- $users = $this->get_dc_users();
+ $users = $this->get_dc_users();
$this->users2wp($users);
-
+
echo '<form action="admin.php?import=dotclear&step=3" method="post">';
- printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
+ wp_nonce_field('import-dotclear');
+ printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
echo '</form>';
}
-
+
function import_posts()
{
// Post Import
$posts = $this->get_dc_posts();
$this->posts2wp($posts);
-
+
echo '<form action="admin.php?import=dotclear&step=4" method="post">';
- printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
+ wp_nonce_field('import-dotclear');
+ printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
echo '</form>';
}
-
+
function import_comments()
{
// Comment Import
$comments = $this->get_dc_comments();
$this->comments2wp($comments);
-
+
echo '<form action="admin.php?import=dotclear&step=5" method="post">';
- printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
+ wp_nonce_field('import-dotclear');
+ printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
echo '</form>';
}
-
+
function import_links()
{
//Link Import
$links = $this->get_dc_links();
$this->links2wp($links);
add_option('dc_links', $links);
-
+
echo '<form action="admin.php?import=dotclear&step=6" method="post">';
- printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
+ wp_nonce_field('import-dotclear');
+ printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
echo '</form>';
}
-
+
function cleanup_dcimport()
{
- delete_option('tpre');
+ delete_option('dcdbprefix');
delete_option('dc_cats');
delete_option('dcid2wpid');
delete_option('dccat2wpcat');
delete_option('dccharset');
$this->tips();
}
-
+
function tips()
{
- echo '<p>'.__('Welcome to WordPress. We hope (and expect!) that you will find this platform incredibly rewarding! As a new WordPress user coming from Dotclear, there are some things that we would like to point out. Hopefully, they will help your transition go as smoothly as possible.').'</p>';
+ echo '<p>'.__('Welcome to WordPress. We hope (and expect!) that you will find this platform incredibly rewarding! As a new WordPress user coming from DotClear, there are some things that we would like to point out. Hopefully, they will help your transition go as smoothly as possible.').'</p>';
echo '<h3>'.__('Users').'</h3>';
- echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password. Forget it. You didn\'t have that login in Dotclear, why should you have it here? Instead we have taken care to import all of your users into our system. Unfortunately there is one downside. Because both WordPress and Dotclear uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users. <strong>Every user has the same username, but their passwords are reset to password123.</strong> So <a href="%1$s">Login</a> and change it.'), '/wp-login.php').'</p>';
+ echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password. Forget it. You didn\'t have that login in DotClear, why should you have it here? Instead we have taken care to import all of your users into our system. Unfortunately there is one downside. Because both WordPress and DotClear uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users. <strong>Every user has the same username, but their passwords are reset to password123.</strong> So <a href="%1$s">Login</a> and change it.'), '/wp-login.php').'</p>';
echo '<h3>'.__('Preserving Authors').'</h3>';
echo '<p>'.__('Secondly, we have attempted to preserve post authors. If you are the only author or contributor to your blog, then you are safe. In most cases, we are successful in this preservation endeavor. However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
echo '<h3>'.__('Textile').'</h3>';
- echo '<p>'.__('Also, since you\'re coming from Dotclear, you probably have been using Textile to format your comments and posts. If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/2004/04/19/wordpress-plugin-textile-20/">Textile for WordPress</a>. Trust me... You\'ll want it.').'</p>';
+ echo '<p>'.__('Also, since you\'re coming from DotClear, you probably have been using Textile to format your comments and posts. If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>. Trust me... You\'ll want it.').'</p>';
echo '<h3>'.__('WordPress Resources').'</h3>';
echo '<p>'.__('Finally, there are numerous WordPress resources around the internet. Some of them are:').'</p>';
echo '<ul>';
echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
- echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums').'</li>';
+ echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
echo '</ul>';
- echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
+ echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '../wp-login.php').'</p>';
}
-
+
function db_form()
{
- echo '<ul>';
- printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Dotclear Database User:'));
- printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Dotclear Database Password:'));
- printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" id="dbname" /></li>', __('Dotclear Database Name:'));
- printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" id="dbhost" value="localhost" /></li>', __('Dotclear Database Host:'));
- /* printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" /></li>', __('Dotclear Table prefix (if any):')); */
- printf('<li><label for="dccharset">%s</label> <input type="text" id="dccharset" name="dccharset" value="ISO-8859-15"/></li>', __('Originating character set:'));
- echo '</ul>';
+ echo '<table class="editform">';
+ printf('<tr><th><label for="dbuser">%s</label></th><td><input type="text" name="dbuser" id="dbuser" /></td></tr>', __('DotClear Database User:'));
+ printf('<tr><th><label for="dbpass">%s</label></th><td><input type="password" name="dbpass" id="dbpass" /></td></tr>', __('DotClear Database Password:'));
+ printf('<tr><th><label for="dbname">%s</label></th><td><input type="text" name="dbname" id="dbname" /></td></tr>', __('DotClear Database Name:'));
+ printf('<tr><th><label for="dbhost">%s</label></th><td><input type="text" name="dbhost" nameid="dbhost" value="localhost" /></td></tr>', __('DotClear Database Host:'));
+ printf('<tr><th><label for="dbprefix">%s</label></th><td><input type="text" name="dbprefix" id="dbprefix" value="dc_"/></td></tr>', __('DotClear Table prefix:'));
+ printf('<tr><th><label for="dccharset">%s</label></th><td><input type="text" name="dccharset" id="dccharset" value="ISO-8859-15"/></td></tr>', __('Originating character set:'));
+ echo '</table>';
}
-
- function dispatch()
+
+ function dispatch()
{
if (empty ($_GET['step']))
else
$step = (int) $_GET['step'];
$this->header();
-
- if ( $step > 0 )
+
+ if ( $step > 0 )
{
+ check_admin_referer('import-dotclear');
+
if($_POST['dbuser'])
{
if(get_option('dcuser'))
- delete_option('dcuser');
- add_option('dcuser',$_POST['dbuser']);
+ delete_option('dcuser');
+ add_option('dcuser', sanitize_user($_POST['dbuser'], true));
}
if($_POST['dbpass'])
{
if(get_option('dcpass'))
- delete_option('dcpass');
- add_option('dcpass',$_POST['dbpass']);
+ delete_option('dcpass');
+ add_option('dcpass', sanitize_user($_POST['dbpass'], true));
}
-
+
if($_POST['dbname'])
{
if(get_option('dcname'))
- delete_option('dcname');
- add_option('dcname',$_POST['dbname']);
+ delete_option('dcname');
+ add_option('dcname', sanitize_user($_POST['dbname'], true));
}
if($_POST['dbhost'])
{
if(get_option('dchost'))
delete_option('dchost');
- add_option('dchost',$_POST['dbhost']);
+ add_option('dchost', sanitize_user($_POST['dbhost'], true));
}
if($_POST['dccharset'])
{
if(get_option('dccharset'))
delete_option('dccharset');
- add_option('dccharset',$_POST['dccharset']);
- }
+ add_option('dccharset', sanitize_user($_POST['dccharset'], true));
+ }
if($_POST['dbprefix'])
{
- if(get_option('tpre'))
- delete_option('tpre');
- add_option('tpre',$_POST['dbprefix']);
- }
+ if(get_option('dcdbprefix'))
+ delete_option('dcdbprefix');
+ add_option('dcdbprefix', sanitize_user($_POST['dbprefix'], true));
+ }
}
- switch ($step)
+ switch ($step)
{
default:
case 0 :
$this->cleanup_dcimport();
break;
}
-
+
$this->footer();
}
- function Dotclear_Import()
+ function Dotclear_Import()
{
- // Nothing.
+ // Nothing.
}
}
$dc_import = new Dotclear_Import();
-register_importer('dotclear', 'Dotclear', __('Import posts from a Dotclear Blog'), array ($dc_import, 'dispatch'));
+register_importer('dotclear', __('DotClear'), __('Import categories, users, posts, comments, and links from a DotClear blog'), array ($dc_import, 'dispatch'));
?>
+<?php
+
+class GM_Import {
+
+ var $gmnames = array ();
+
+ function header() {
+ echo '<div class="wrap">';
+ echo '<h2>'.__('Import GreyMatter').'</h2>';
+ }
+
+ function footer() {
+ echo '</div>';
+ }
+
+ function greet() {
+ $this->header();
+?>
+<p><?php _e('This is a basic GreyMatter to WordPress import script.') ?></p>
+<p><?php _e('What it does:') ?></p>
+<ul>
+<li><?php _e('Parses gm-authors.cgi to import (new) authors. Everyone is imported at level 1.') ?></li>
+<li><?php _e('Parses the entries cgi files to import posts, comments, and karma on posts (although karma is not used on WordPress yet).<br />If authors are found not to be in gm-authors.cgi, imports them at level 0.') ?></li>
+<li><?php _e("Detects duplicate entries or comments. If you don't import everything the first time, or this import should fail in the middle, duplicate entries will not be made when you try again.") ?></li>
+</ul>
+<p><?php _e('What it does not:') ?></p>
+<ul>
+<li><?php _e('Parse gm-counter.cgi, gm-banlist.cgi, gm-cplog.cgi (you can make a CP log hack if you really feel like it, but I question the need of a CP log).') ?></li>
+<li><?php _e('Import gm-templates.') ?></li>
+<li><?php _e("Doesn't keep entries on top.")?></li>
+</ul>
+<p> </p>
+
+<form name="stepOne" method="get">
+<input type="hidden" name="import" value="greymatter" />
+<input type="hidden" name="step" value="1" />
+<?php wp_nonce_field('import-greymatter'); ?>
+<h3><?php _e('Second step: GreyMatter details:') ?></h3>
+<p><table cellpadding="0">
+<tr>
+<td><?php _e('Path to GM files:') ?></td>
+<td><input type="text" style="width:300px" name="gmpath" value="/home/my/site/cgi-bin/greymatter/" /></td>
+</tr>
+<tr>
+<td><?php _e('Path to GM entries:') ?></td>
+<td><input type="text" style="width:300px" name="archivespath" value="/home/my/site/cgi-bin/greymatter/archives/" /></td>
+</tr>
+<tr>
+<td colspan="2"><br /><?php _e("This importer will search for files 00000001.cgi to 000-whatever.cgi,<br />so you need to enter the number of the last GM post here.<br />(if you don't know that number, just log into your FTP and look it out<br />in the entries' folder)") ?></td>
+</tr>
+<tr>
+<td><?php _e("Last entry's number:") ?></td>
+<td><input type="text" name="lastentry" value="00000001" /></td>
+</tr>
+</table>
+</p>
+<p><?php _e("When you're ready, click OK to start importing: ") ?><input type="submit" name="submit" value="<?php _e('OK') ?>" class="search" /></p>
+</form>
+<p> </p>
+<?php
+ $this->footer();
+ }
+
+
+
+ function gm2autobr($string) { // transforms GM's |*| into b2's <br />\n
+ $string = str_replace("|*|","<br />\n",$string);
+ return($string);
+ }
+
+ function import() {
+ global $wpdb;
+
+ $wpvarstoreset = array('gmpath', 'archivespath', 'lastentry');
+ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
+ $wpvar = $wpvarstoreset[$i];
+ if (!isset($$wpvar)) {
+ if (empty($_POST["$wpvar"])) {
+ if (empty($_GET["$wpvar"])) {
+ $$wpvar = '';
+ } else {
+ $$wpvar = $_GET["$wpvar"];
+ }
+ } else {
+ $$wpvar = $_POST["$wpvar"];
+ }
+ }
+ }
+
+ if (!chdir($archivespath))
+ wp_die(__("Wrong path, the path to the GM entries does not exist on the server"));
+
+ if (!chdir($gmpath))
+ wp_die(__("Wrong path, the path to the GM files does not exist on the server"));
+
+ $lastentry = (int) $lastentry;
+
+ $this->header();
+?>
+<p><?php _e('The importer is running...') ?></p>
+<ul>
+<li><?php _e('importing users...') ?><ul><?php
+
+ chdir($gmpath);
+ $userbase = file("gm-authors.cgi");
+
+ foreach($userbase as $user) {
+ $userdata=explode("|", $user);
+
+ $user_ip="127.0.0.1";
+ $user_domain="localhost";
+ $user_browser="server";
+
+ $s=$userdata[4];
+ $user_joindate=substr($s,6,4)."-".substr($s,0,2)."-".substr($s,3,2)." 00:00:00";
+
+ $user_login=$wpdb->escape($userdata[0]);
+ $pass1=$wpdb->escape($userdata[1]);
+ $user_nickname=$wpdb->escape($userdata[0]);
+ $user_email=$wpdb->escape($userdata[2]);
+ $user_url=$wpdb->escape($userdata[3]);
+ $user_joindate=$wpdb->escape($user_joindate);
+
+ $user_id = username_exists($user_login);
+ if ($user_id) {
+ printf('<li>'.__('user %s').'<strong>'.__('Already exists').'</strong></li>', "<em>$user_login</em>");
+ $this->gmnames[$userdata[0]] = $user_id;
+ continue;
+ }
+
+ $user_info = array("user_login"=>"$user_login", "user_pass"=>"$pass1", "user_nickname"=>"$user_nickname", "user_email"=>"$user_email", "user_url"=>"$user_url", "user_ip"=>"$user_ip", "user_domain"=>"$user_domain", "user_browser"=>"$user_browser", "dateYMDhour"=>"$user_joindate", "user_level"=>"1", "user_idmode"=>"nickname");
+ $user_id = wp_insert_user($user_info);
+ $this->gmnames[$userdata[0]] = $user_id;
+
+ printf('<li>'.__('user %s...').' <strong>'.__('Done').'</strong></li>', "<em>$user_login</em>");
+ }
+
+?></ul><strong><?php _e('Done') ?></strong></li>
+<li><?php _e('importing posts, comments, and karma...') ?><br /><ul><?php
+
+ chdir($archivespath);
+
+ for($i = 0; $i <= $lastentry; $i = $i + 1) {
+
+ $entryfile = "";
+
+ if ($i<10000000) {
+ $entryfile .= "0";
+ if ($i<1000000) {
+ $entryfile .= "0";
+ if ($i<100000) {
+ $entryfile .= "0";
+ if ($i<10000) {
+ $entryfile .= "0";
+ if ($i<1000) {
+ $entryfile .= "0";
+ if ($i<100) {
+ $entryfile .= "0";
+ if ($i<10) {
+ $entryfile .= "0";
+ }}}}}}}
+
+ $entryfile .= "$i";
+
+ if (is_file($entryfile.".cgi")) {
+
+ $entry=file($entryfile.".cgi");
+ $postinfo=explode("|",$entry[0]);
+ $postmaincontent=$this->gm2autobr($entry[2]);
+ $postmorecontent=$this->gm2autobr($entry[3]);
+
+ $post_author=trim($wpdb->escape($postinfo[1]));
+
+ $post_title=$this->gm2autobr($postinfo[2]);
+ printf('<li>'.__('entry # %s : %s : by %s'), $entryfile, $post_title, $postinfo[1]);
+ $post_title=$wpdb->escape($post_title);
+
+ $postyear=$postinfo[6];
+ $postmonth=zeroise($postinfo[4],2);
+ $postday=zeroise($postinfo[5],2);
+ $posthour=zeroise($postinfo[7],2);
+ $postminute=zeroise($postinfo[8],2);
+ $postsecond=zeroise($postinfo[9],2);
+
+ if (($postinfo[10]=="PM") && ($posthour!="12"))
+ $posthour=$posthour+12;
+
+ $post_date="$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
+
+ $post_content=$postmaincontent;
+ if (strlen($postmorecontent)>3)
+ $post_content .= "<!--more--><br /><br />".$postmorecontent;
+ $post_content=$wpdb->escape($post_content);
+
+ $post_karma=$postinfo[12];
+
+ $post_status = 'publish'; //in greymatter, there are no drafts
+ $comment_status = 'open';
+ $ping_status = 'closed';
+
+ if ($post_ID = post_exists($post_title, '', $post_date)) {
+ echo ' ';
+ _e('(already exists)');
+ } else {
+ //just so that if a post already exists, new users are not created by checkauthor
+ // we'll check the author is registered, or if it's a deleted author
+ $user_id = username_exists($post_author);
+ if (!$user_id) { // if deleted from GM, we register the author as a level 0 user
+ $user_ip="127.0.0.1";
+ $user_domain="localhost";
+ $user_browser="server";
+ $user_joindate="1979-06-06 00:41:00";
+ $user_login=$wpdb->escape($post_author);
+ $pass1=$wpdb->escape("password");
+ $user_nickname=$wpdb->escape($post_author);
+ $user_email=$wpdb->escape("user@deleted.com");
+ $user_url=$wpdb->escape("");
+ $user_joindate=$wpdb->escape($user_joindate);
+
+ $user_info = array("user_login"=>$user_login, "user_pass"=>$pass1, "user_nickname"=>$user_nickname, "user_email"=>$user_email, "user_url"=>$user_url, "user_ip"=>$user_ip, "user_domain"=>$user_domain, "user_browser"=>$user_browser, "dateYMDhour"=>$user_joindate, "user_level"=>0, "user_idmode"=>"nickname");
+ $user_id = wp_insert_user($user_info);
+ $this->gmnames[$postinfo[1]] = $user_id;
+
+ echo ': ';
+ printf(__('registered deleted user %s at level 0 '), "<em>$user_login</em>");
+ }
+
+ if (array_key_exists($postinfo[1], $this->gmnames)) {
+ $post_author = $this->gmnames[$postinfo[1]];
+ } else {
+ $post_author = $user_id;
+ }
+
+ $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt');
+ $post_ID = wp_insert_post($postdata);
+ }
+
+ $c=count($entry);
+ if ($c>4) {
+ $numAddedComments = 0;
+ $numComments = 0;
+ for ($j=4;$j<$c;$j++) {
+ $entry[$j]=$this->gm2autobr($entry[$j]);
+ $commentinfo=explode("|",$entry[$j]);
+ $comment_post_ID=$post_ID;
+ $comment_author=$wpdb->escape($commentinfo[0]);
+ $comment_author_email=$wpdb->escape($commentinfo[2]);
+ $comment_author_url=$wpdb->escape($commentinfo[3]);
+ $comment_author_IP=$wpdb->escape($commentinfo[1]);
+
+ $commentyear=$commentinfo[7];
+ $commentmonth=zeroise($commentinfo[5],2);
+ $commentday=zeroise($commentinfo[6],2);
+ $commenthour=zeroise($commentinfo[8],2);
+ $commentminute=zeroise($commentinfo[9],2);
+ $commentsecond=zeroise($commentinfo[10],2);
+ if (($commentinfo[11]=="PM") && ($commenthour!="12"))
+ $commenthour=$commenthour+12;
+ $comment_date="$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond";
+
+ $comment_content=$wpdb->escape($commentinfo[12]);
+
+ if (!comment_exists($comment_author, $comment_date)) {
+ $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_content', 'comment_approved');
+ $commentdata = wp_filter_comment($commentdata);
+ wp_insert_comment($commentdata);
+ $numAddedComments++;
+ }
+ $numComments++;
+ }
+ if ($numAddedComments > 0) {
+ echo ': ';
+ printf(__('imported %d comment(s)'), $numAddedComments);
+ }
+ $preExisting = $numComments - numAddedComments;
+ if ($preExisting > 0) {
+ echo ' ';
+ printf(__('ignored %d pre-existing comments'), $preExisting);
+ }
+ }
+ echo '... <strong>'.__('Done').'</strong></li>';
+ }
+ }
+ ?>
+</ul><strong><?php _e('Done') ?></strong></li></ul>
+<p> </p>
+<p><?php _e('Completed GreyMatter import!') ?></p>
+<?php
+ $this->footer();
+ }
+
+ function dispatch() {
+ if (empty ($_GET['step']))
+ $step = 0;
+ else
+ $step = (int) $_GET['step'];
+
+ switch ($step) {
+ case 0 :
+ $this->greet();
+ break;
+ case 1:
+ check_admin_referer('import-greymatter');
+ $this->import();
+ break;
+ }
+ }
+
+ function GM_Import() {
+ // Nothing.
+ }
+}
+
+$gm_import = new GM_Import();
+
+register_importer('greymatter', __('GreyMatter'), __('Import users, posts, and comments from a Greymatter blog'), array ($gm_import, 'dispatch'));
+?>
$comments = $comments[1];
if ( $comments ) {
- $comment_post_ID = $post_id;
+ $comment_post_ID = (int) $post_id;
$num_comments = 0;
foreach ($comments as $comment) {
preg_match('|<event>(.*?)</event>|is', $comment, $comment_content);
$this->greet();
break;
case 1 :
+ check_admin_referer('import-upload');
$this->import();
break;
}
$livejournal_import = new LJ_Import();
-register_importer('livejournal', 'LiveJournal', __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch'));
+register_importer('livejournal', __('LiveJournal'), __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch'));
?>
function header() {
echo '<div class="wrap">';
- echo '<h2>'.__('Import Movable Type').'</h2>';
+ echo '<h2>'.__('Import Movable Type and Typepad').'</h2>';
}
function footer() {
global $wpdb, $testing;
$users = $wpdb->get_results("SELECT * FROM $wpdb->users ORDER BY ID");
?><select name="userselect[<?php echo $n; ?>]">
- <option value="#NONE#">- Select -</option>
+ <option value="#NONE#"><?php _e('- Select -') ?></option>
<?php
function mt_authors_form() {
?>
+<div class="wrap">
+<h2><?php _e('Assign Authors'); ?></h2>
<p><?php _e('To make it easier for you to edit and save the imported posts and drafts, you may want to change the name of the author of the posts. For example, you may want to import all the entries as <code>admin</code>s entries.'); ?></p>
<p><?php _e('Below, you can see the names of the authors of the MovableType posts in <i>italics</i>. For each of these names, you can either pick an author in your WordPress installation from the menu, or enter a name for the author in the textbox.'); ?></p>
<p><?php _e('If a new user is created by WordPress, the password will be set, by default, to "changeme". Quite suggestive, eh? ;)'); ?></p>
$authors = $this->get_mt_authors();
echo '<ol id="authors">';
echo '<form action="?import=mt&step=2&id=' . $this->id . '" method="post">';
+ wp_nonce_field('import-mt');
$j = -1;
foreach ($authors as $author) {
++ $j;
- echo '<li><i>'.$author.'</i><br />'.'<input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30">';
+ echo '<li>'.__('Current author:').' <strong>'.$author.'</strong><br />'.sprintf(__('Create user %1$s or map to existing'), ' <input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30"> <br />');
$this->users_form($j);
echo '</li>';
}
- echo '<input type="submit" value="Submit">'.'<br/>';
+ echo '<input type="submit" value="'.__('Submit').'">'.'<br/>';
echo '</form>';
- echo '</ol>';
+ echo '</ol></div>';
- flush();
}
function select_authors() {
$file = wp_import_handle_upload();
if ( isset($file['error']) ) {
- echo $file['error'];
+ $this->header();
+ echo '<p>'.__('Sorry, there has been an error').'.</p>';
+ echo '<p><strong>' . $file['error'] . '</strong></p>';
+ $this->footer();
return;
}
$this->file = $file['file'];
- $this->id = $file['id'];
+ $this->id = (int) $file['id'];
$this->get_entries();
$this->mt_authors_form();
function process_posts() {
global $wpdb;
$i = -1;
- echo "<ol>";
+ echo "<div class='wrap'><ol>";
foreach ($this->posts as $post) {
if ('' != trim($post)) {
++ $i;
}
}
- $comment_post_ID = $post_id;
+ $comment_post_ID = (int) $post_id;
$comment_approved = 1;
// Now for comments
}
}
if ( $num_comments )
- printf(__('(%s comments)'), $num_comments);
+ printf(' '.__('(%s comments)'), $num_comments);
// Finally the pings
// fix the double newline on the first one
}
}
if ( $num_pings )
- printf(__('(%s pings)'), $num_pings);
-
+ printf(' '.__('(%s pings)'), $num_pings);
+
echo "</li>";
}
- flush();
}
echo '</ol>';
wp_import_cleanup($this->id);
- echo '<h3>'.sprintf(__('All done. <a href="%s">Have fun!</a>'), get_option('home')).'</h3>';
+ echo '<h3>'.sprintf(__('All done. <a href="%s">Have fun!</a>'), get_option('home')).'</h3></div>';
}
function import() {
$this->id = (int) $_GET['id'];
+
$this->file = get_attached_file($this->id);
$this->get_authors_from_post();
$this->get_entries();
$this->greet();
break;
case 1 :
+ check_admin_referer('import-upload');
$this->select_authors();
break;
case 2:
+ check_admin_referer('import-mt');
$this->import();
break;
}
}
function MT_Import() {
- // Nothing.
+ // Nothing.
}
}
$mt_import = new MT_Import();
-register_importer('mt', 'Movable Type', __('Import posts and comments from your Movable Type blog'), array ($mt_import, 'dispatch'));
+register_importer('mt', __('Movable Type and Typepad'), __('Imports <strong>posts and comments</strong> from your Movable Type or Typepad blog'), array ($mt_import, 'dispatch'));
?>
$index = 0;
foreach ($this->posts as $post) {
preg_match('|<title>(.*?)</title>|is', $post, $post_title);
- $post_title = $wpdb->escape(trim($post_title[1]));
+ $post_title = str_replace(array('<![CDATA[', ']]>'), '', $wpdb->escape( trim($post_title[1]) ));
- preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $post_date);
+ preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $post_date_gmt);
- if ($post_date) {
- $post_date = strtotime($post_date[1]);
+ if ($post_date_gmt) {
+ $post_date_gmt = strtotime($post_date_gmt[1]);
} else {
// if we don't already have something from pubDate
- preg_match('|<dc:date>(.*?)</dc:date>|is', $post, $post_date);
- $post_date = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date[1]);
- $post_date = str_replace('T', ' ', $post_date);
- $post_date = strtotime($post_date);
+ preg_match('|<dc:date>(.*?)</dc:date>|is', $post, $post_date_gmt);
+ $post_date_gmt = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date_gmt[1]);
+ $post_date_gmt = str_replace('T', ' ', $post_date_gmt);
+ $post_date_gmt = strtotime($post_date_gmt);
}
- $post_date = gmdate('Y-m-d H:i:s', $post_date);
+ $post_date_gmt = gmdate('Y-m-d H:i:s', $post_date_gmt);
+ $post_date = get_date_from_gmt( $post_date_gmt );
preg_match_all('|<category>(.*?)</category>|is', $post, $categories);
$categories = $categories[1];
$post_author = 1;
$post_status = 'publish';
- $this->posts[$index] = compact('post_author', 'post_date', 'post_content', 'post_title', 'post_status', 'guid', 'categories');
+ $this->posts[$index] = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_status', 'guid', 'categories');
$index++;
}
}
$this->greet();
break;
case 1 :
+ check_admin_referer('import-upload');
$this->import();
break;
}
$rss_import = new RSS_Import();
-register_importer('rss', 'RSS', __('Import posts from an RSS feed'), array ($rss_import, 'dispatch'));
+register_importer('rss', __('RSS'), __('Import posts from an RSS feed'), array ($rss_import, 'dispatch'));
?>
**/
if(!function_exists('get_catbynicename'))
{
- function get_catbynicename($category_nicename)
+ function get_catbynicename($category_nicename)
{
global $wpdb;
-
+
$cat_id -= 0; // force numeric
$name = $wpdb->get_var('SELECT cat_ID FROM '.$wpdb->categories.' WHERE category_nicename="'.$category_nicename.'"');
-
+
return $name;
}
}
{
echo '</div>';
}
-
- function greet()
- {
- echo '<p>'.__('Howdy! This importer allows you to extract posts from any Textpattern 4.0.2+ into your blog. This has not been tested on previous versions of Textpattern. Mileage may vary.').'</p>';
+
+ function greet() {
+ echo '<div class="narrow">';
+ echo '<p>'.__('Howdy! This imports categories, users, posts, comments, and links from any Textpattern 4.0.2+ into this blog.').'</p>';
+ echo '<p>'.__('This has not been tested on previous versions of Textpattern. Mileage may vary.').'</p>';
echo '<p>'.__('Your Textpattern Configuration settings are as follows:').'</p>';
echo '<form action="admin.php?import=textpattern&step=1" method="post">';
+ wp_nonce_field('import-textpattern');
$this->db_form();
- echo '<input type="submit" name="submit" value="'.__('Import Categories').'" />';
+ echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories »')).'" /></p>';
echo '</form>';
+ echo '</div>';
}
function get_txp_cats()
$txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
set_magic_quotes_runtime(0);
$prefix = get_option('tpre');
-
+
// Get Categories
- return $txpdb->get_results('SELECT
- id,
- name,
- title
- FROM '.$prefix.'txp_category
- WHERE type = "article"',
- ARRAY_A);
+ return $txpdb->get_results('SELECT
+ id,
+ name,
+ title
+ FROM '.$prefix.'txp_category
+ WHERE type = "article"',
+ ARRAY_A);
}
-
+
function get_txp_users()
{
global $wpdb;
$txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
set_magic_quotes_runtime(0);
$prefix = get_option('tpre');
-
+
// Get Users
-
+
return $txpdb->get_results('SELECT
- user_id,
- name,
- RealName,
- email,
- privs
- FROM '.$prefix.'txp_users', ARRAY_A);
+ user_id,
+ name,
+ RealName,
+ email,
+ privs
+ FROM '.$prefix.'txp_users', ARRAY_A);
}
-
+
function get_txp_posts()
{
// General Housekeeping
$txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
set_magic_quotes_runtime(0);
$prefix = get_option('tpre');
-
+
// Get Posts
- return $txpdb->get_results('SELECT
- ID,
- Posted,
- AuthorID,
- LastMod,
- Title,
- Body,
- Excerpt,
- Category1,
- Category2,
- Status,
- Keywords,
- url_title,
- comments_count
- FROM '.$prefix.'textpattern
- ', ARRAY_A);
+ return $txpdb->get_results('SELECT
+ ID,
+ Posted,
+ AuthorID,
+ LastMod,
+ Title,
+ Body,
+ Excerpt,
+ Category1,
+ Category2,
+ Status,
+ Keywords,
+ url_title,
+ comments_count
+ FROM '.$prefix.'textpattern
+ ', ARRAY_A);
}
-
+
function get_txp_comments()
{
global $wpdb;
$txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
set_magic_quotes_runtime(0);
$prefix = get_option('tpre');
-
+
// Get Comments
return $txpdb->get_results('SELECT * FROM '.$prefix.'txp_discuss', ARRAY_A);
}
-
+
function get_txp_links()
{
//General Housekeeping
$txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
set_magic_quotes_runtime(0);
$prefix = get_option('tpre');
-
- return $txpdb->get_results('SELECT
- id,
- date,
- category,
- url,
- linkname,
- description
- FROM '.$prefix.'txp_link',
- ARRAY_A);
+
+ return $txpdb->get_results('SELECT
+ id,
+ date,
+ category,
+ url,
+ linkname,
+ description
+ FROM '.$prefix.'txp_link',
+ ARRAY_A);
}
-
- function cat2wp($categories='')
+
+ function cat2wp($categories='')
{
// General Housekeeping
global $wpdb;
if(is_array($categories))
{
echo '<p>'.__('Importing Categories...').'<br /><br /></p>';
- foreach ($categories as $category)
+ foreach ($categories as $category)
{
$count++;
extract($category);
-
-
+
+
// Make Nice Variables
$name = $wpdb->escape($name);
$title = $wpdb->escape($title);
-
+
if($cinfo = category_exists($name))
{
$ret_id = wp_insert_category(array('cat_ID' => $cinfo, 'category_nicename' => $name, 'cat_name' => $title));
}
$txpcat2wpcat[$id] = $ret_id;
}
-
+
// Store category translation for future use
add_option('txpcat2wpcat',$txpcat2wpcat);
echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> categories imported.'), $count).'<br /><br /></p>';
echo __('No Categories to Import!');
return false;
}
-
+
function users2wp($users='')
{
// General Housekeeping
global $wpdb;
$count = 0;
$txpid2wpid = array();
-
+
// Midnight Mojo
if(is_array($users))
{
{
$count++;
extract($user);
-
+
// Make Nice Variables
$name = $wpdb->escape($name);
$RealName = $wpdb->escape($RealName);
-
+
if($uinfo = get_userdatabylogin($name))
{
-
+
$ret_id = wp_insert_user(array(
'ID' => $uinfo->ID,
'user_login' => $name,
'display_name' => $name)
);
}
- else
+ else
{
$ret_id = wp_insert_user(array(
'user_login' => $name,
);
}
$txpid2wpid[$user_id] = $ret_id;
-
+
// Set Textpattern-to-WordPress permissions translation
$transperms = array(1 => '10', 2 => '9', 3 => '5', 4 => '4', 5 => '3', 6 => '2', 7 => '0');
-
+
// Update Usermeta Data
$user = new WP_User($ret_id);
if('10' == $transperms[$privs]) { $user->set_role('administrator'); }
if('3' == $transperms[$privs]) { $user->set_role('contributor'); }
if('2' == $transperms[$privs]) { $user->set_role('contributor'); }
if('0' == $transperms[$privs]) { $user->set_role('subscriber'); }
-
+
update_usermeta( $ret_id, 'wp_user_level', $transperms[$privs] );
update_usermeta( $ret_id, 'rich_editing', 'false');
}// End foreach($users as $user)
-
+
// Store id translation array for future use
add_option('txpid2wpid',$txpid2wpid);
-
-
+
+
echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> users imported.'), $count).'<br /><br /></p>';
return true;
}// End if(is_array($users)
-
+
echo __('No Users to Import!');
return false;
-
+
}// End function user2wp()
-
+
function posts2wp($posts='')
{
// General Housekeeping
{
$count++;
extract($post);
-
+
// Set Textpattern-to-WordPress status translation
$stattrans = array(1 => 'draft', 2 => 'private', 3 => 'draft', 4 => 'publish', 5 => 'publish');
-
+
//Can we do this more efficiently?
$uinfo = ( get_userdatabylogin( $AuthorID ) ) ? get_userdatabylogin( $AuthorID ) : 1;
$authorid = ( is_object( $uinfo ) ) ? $uinfo->ID : $uinfo ;
$Body = $wpdb->escape($Body);
$Excerpt = $wpdb->escape($Excerpt);
$post_status = $stattrans[$Status];
-
+
// Import Post data into WordPress
-
+
if($pinfo = post_exists($Title,$Body))
{
$ret_id = wp_insert_post(array(
- 'ID' => $pinfo,
- 'post_date' => $Posted,
- 'post_date_gmt' => $post_date_gmt,
- 'post_author' => $authorid,
- 'post_modified' => $LastMod,
- 'post_modified_gmt' => $post_modified_gmt,
- 'post_title' => $Title,
- 'post_content' => $Body,
- 'post_excerpt' => $Excerpt,
- 'post_status' => $post_status,
- 'post_name' => $url_title,
- 'comment_count' => $comments_count)
- );
+ 'ID' => $pinfo,
+ 'post_date' => $Posted,
+ 'post_date_gmt' => $post_date_gmt,
+ 'post_author' => $authorid,
+ 'post_modified' => $LastMod,
+ 'post_modified_gmt' => $post_modified_gmt,
+ 'post_title' => $Title,
+ 'post_content' => $Body,
+ 'post_excerpt' => $Excerpt,
+ 'post_status' => $post_status,
+ 'post_name' => $url_title,
+ 'comment_count' => $comments_count)
+ );
}
- else
+ else
{
$ret_id = wp_insert_post(array(
- 'post_date' => $Posted,
- 'post_date_gmt' => $post_date_gmt,
- 'post_author' => $authorid,
- 'post_modified' => $LastMod,
- 'post_modified_gmt' => $post_modified_gmt,
- 'post_title' => $Title,
- 'post_content' => $Body,
- 'post_excerpt' => $Excerpt,
- 'post_status' => $post_status,
- 'post_name' => $url_title,
- 'comment_count' => $comments_count)
- );
+ 'post_date' => $Posted,
+ 'post_date_gmt' => $post_date_gmt,
+ 'post_author' => $authorid,
+ 'post_modified' => $LastMod,
+ 'post_modified_gmt' => $post_modified_gmt,
+ 'post_title' => $Title,
+ 'post_content' => $Body,
+ 'post_excerpt' => $Excerpt,
+ 'post_status' => $post_status,
+ 'post_name' => $url_title,
+ 'comment_count' => $comments_count)
+ );
}
$txpposts2wpposts[$ID] = $ret_id;
-
+
// Make Post-to-Category associations
$cats = array();
if($cat1 = get_catbynicename($Category1)) { $cats[1] = $cat1; }
if($cat2 = get_catbynicename($Category2)) { $cats[2] = $cat2; }
- if(!empty($cats)) { wp_set_post_cats('', $ret_id, $cats); }
+ if(!empty($cats)) { wp_set_post_categories($ret_id, $cats); }
}
}
// Store ID translation for later use
add_option('txpposts2wpposts',$txpposts2wpposts);
-
+
echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> posts imported.'), $count).'<br /><br /></p>';
- return true;
+ return true;
}
-
+
function comments2wp($comments='')
{
// General Housekeeping
$count = 0;
$txpcm2wpcm = array();
$postarr = get_option('txpposts2wpposts');
-
+
// Magic Mojo
if(is_array($comments))
{
{
$count++;
extract($comment);
-
+
// WordPressify Data
$comment_ID = ltrim($discussid, '0');
$comment_post_ID = $postarr[$parentid];
$email = $wpdb->escape($email);
$web = $wpdb->escape($web);
$message = $wpdb->escape($message);
-
+
if($cinfo = comment_exists($name, $posted))
{
// Update comments
$ret_id = wp_update_comment(array(
- 'comment_ID' => $cinfo,
- 'comment_post_ID' => $comment_post_ID,
- 'comment_author' => $name,
- 'comment_author_email' => $email,
- 'comment_author_url' => $web,
- 'comment_date' => $posted,
- 'comment_content' => $message,
- 'comment_approved' => $comment_approved)
- );
+ 'comment_ID' => $cinfo,
+ 'comment_post_ID' => $comment_post_ID,
+ 'comment_author' => $name,
+ 'comment_author_email' => $email,
+ 'comment_author_url' => $web,
+ 'comment_date' => $posted,
+ 'comment_content' => $message,
+ 'comment_approved' => $comment_approved)
+ );
}
- else
+ else
{
// Insert comments
$ret_id = wp_insert_comment(array(
- 'comment_post_ID' => $comment_post_ID,
- 'comment_author' => $name,
- 'comment_author_email' => $email,
- 'comment_author_url' => $web,
- 'comment_author_IP' => $ip,
- 'comment_date' => $posted,
- 'comment_content' => $message,
- 'comment_approved' => $comment_approved)
- );
+ 'comment_post_ID' => $comment_post_ID,
+ 'comment_author' => $name,
+ 'comment_author_email' => $email,
+ 'comment_author_url' => $web,
+ 'comment_author_IP' => $ip,
+ 'comment_date' => $posted,
+ 'comment_content' => $message,
+ 'comment_approved' => $comment_approved)
+ );
}
$txpcm2wpcm[$comment_ID] = $ret_id;
}
// Store Comment ID translation for future use
- add_option('txpcm2wpcm', $txpcm2wpcm);
-
+ add_option('txpcm2wpcm', $txpcm2wpcm);
+
// Associate newly formed categories with posts
get_comment_count($ret_id);
-
-
+
+
echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> comments imported.'), $count).'<br /><br /></p>';
return true;
}
echo __('No Comments to Import!');
return false;
}
-
+
function links2wp($links='')
{
// General Housekeeping
global $wpdb;
$count = 0;
-
+
// Deal with the links
if(is_array($links))
{
{
$count++;
extract($link);
-
+
// Make nice vars
$category = $wpdb->escape($category);
$linkname = $wpdb->escape($linkname);
$description = $wpdb->escape($description);
-
+
if($linfo = link_exists($linkname))
{
$ret_id = wp_insert_link(array(
'link_updated' => $date)
);
}
- else
+ else
{
$ret_id = wp_insert_link(array(
'link_url' => $url,
echo __('No Links to Import!');
return false;
}
-
- function import_categories()
- {
- // Category Import
+
+ function import_categories()
+ {
+ // Category Import
$cats = $this->get_txp_cats();
$this->cat2wp($cats);
add_option('txp_cats', $cats);
-
-
-
+
+
+
echo '<form action="admin.php?import=textpattern&step=2" method="post">';
- printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
+ wp_nonce_field('import-textpattern');
+ printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
echo '</form>';
}
-
+
function import_users()
{
// User Import
- $users = $this->get_txp_users();
+ $users = $this->get_txp_users();
$this->users2wp($users);
-
+
echo '<form action="admin.php?import=textpattern&step=3" method="post">';
- printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
+ wp_nonce_field('import-textpattern');
+ printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
echo '</form>';
}
-
+
function import_posts()
{
// Post Import
$posts = $this->get_txp_posts();
$this->posts2wp($posts);
-
+
echo '<form action="admin.php?import=textpattern&step=4" method="post">';
- printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
+ wp_nonce_field('import-textpattern');
+ printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
echo '</form>';
}
-
+
function import_comments()
{
// Comment Import
$comments = $this->get_txp_comments();
$this->comments2wp($comments);
-
+
echo '<form action="admin.php?import=textpattern&step=5" method="post">';
- printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
+ wp_nonce_field('import-textpattern');
+ printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
echo '</form>';
}
-
+
function import_links()
{
//Link Import
$links = $this->get_txp_links();
$this->links2wp($links);
add_option('txp_links', $links);
-
+
echo '<form action="admin.php?import=textpattern&step=6" method="post">';
- printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
+ wp_nonce_field('import-textpattern');
+ printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
echo '</form>';
}
-
+
function cleanup_txpimport()
{
delete_option('tpre');
delete_option('txphost');
$this->tips();
}
-
+
function tips()
{
echo '<p>'.__('Welcome to WordPress. We hope (and expect!) that you will find this platform incredibly rewarding! As a new WordPress user coming from Textpattern, there are some things that we would like to point out. Hopefully, they will help your transition go as smoothly as possible.').'</p>';
echo '<h3>'.__('Preserving Authors').'</h3>';
echo '<p>'.__('Secondly, we have attempted to preserve post authors. If you are the only author or contributor to your blog, then you are safe. In most cases, we are successful in this preservation endeavor. However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
echo '<h3>'.__('Textile').'</h3>';
- echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts. If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/2004/04/19/wordpress-plugin-textile-20/">Textile for WordPress</a>. Trust me... You\'ll want it.').'</p>';
+ echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts. If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>. Trust me... You\'ll want it.').'</p>';
echo '<h3>'.__('WordPress Resources').'</h3>';
echo '<p>'.__('Finally, there are numerous WordPress resources around the internet. Some of them are:').'</p>';
echo '<ul>';
echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
- echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums').'</li>';
+ echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
echo '</ul>';
echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
}
-
+
function db_form()
{
- echo '<ul>';
- printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Textpattern Database User:'));
- printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Textpattern Database Password:'));
- printf('<li><label for="dbname">%s</label> <input type="text" id="dbname" name="dbname" /></li>', __('Textpattern Database Name:'));
- printf('<li><label for="dbhost">%s</label> <input type="text" id="dbhost" name="dbhost" value="localhost" /></li>', __('Textpattern Database Host:'));
- printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" id="dbprefix" /></li>', __('Textpattern Table prefix (if any):'));
- echo '</ul>';
+ echo '<table class="editform">';
+ printf('<tr><th scope="row"><label for="dbuser">%s</label></th><td><input type="text" name="dbuser" id="dbuser" /></td></tr>', __('Textpattern Database User:'));
+ printf('<tr><th scope="row"><label for="dbpass">%s</label></th><td><input type="password" name="dbpass" id="dbpass" /></td></tr>', __('Textpattern Database Password:'));
+ printf('<tr><th scope="row"><label for="dbname">%s</label></th><td><input type="text" id="dbname" name="dbname" /></td></tr>', __('Textpattern Database Name:'));
+ printf('<tr><th scope="row"><label for="dbhost">%s</label></th><td><input type="text" id="dbhost" name="dbhost" value="localhost" /></td></tr>', __('Textpattern Database Host:'));
+ printf('<tr><th scope="row"><label for="dbprefix">%s</label></th><td><input type="text" name="dbprefix" id="dbprefix" /></td></tr>', __('Textpattern Table prefix (if any):'));
+ echo '</table>';
}
-
- function dispatch()
+
+ function dispatch()
{
if (empty ($_GET['step']))
else
$step = (int) $_GET['step'];
$this->header();
-
- if ( $step > 0 )
+
+ if ( $step > 0 )
{
+ check_admin_referer('import-textpattern');
+
if($_POST['dbuser'])
{
if(get_option('txpuser'))
- delete_option('txpuser');
- add_option('txpuser',$_POST['dbuser']);
+ delete_option('txpuser');
+ add_option('txpuser', sanitize_user($_POST['dbuser'], true));
}
if($_POST['dbpass'])
{
if(get_option('txppass'))
- delete_option('txppass');
- add_option('txppass',$_POST['dbpass']);
+ delete_option('txppass');
+ add_option('txppass', sanitize_user($_POST['dbpass'], true));
}
-
+
if($_POST['dbname'])
{
if(get_option('txpname'))
- delete_option('txpname');
- add_option('txpname',$_POST['dbname']);
+ delete_option('txpname');
+ add_option('txpname', sanitize_user($_POST['dbname'], true));
}
if($_POST['dbhost'])
{
if(get_option('txphost'))
delete_option('txphost');
- add_option('txphost',$_POST['dbhost']);
+ add_option('txphost', sanitize_user($_POST['dbhost'], true));
}
if($_POST['dbprefix'])
{
if(get_option('tpre'))
delete_option('tpre');
- add_option('tpre',$_POST['dbprefix']);
- }
+ add_option('tpre', sanitize_user($_POST['dbprefix']));
+ }
}
- switch ($step)
+ switch ($step)
{
default:
case 0 :
$this->cleanup_txpimport();
break;
}
-
+
$this->footer();
}
- function Textpattern_Import()
+ function Textpattern_Import()
{
- // Nothing.
+ // Nothing.
}
}
$txp_import = new Textpattern_Import();
-register_importer('textpattern', 'Textpattern', __('Import posts from a Textpattern Blog'), array ($txp_import, 'dispatch'));
+register_importer('textpattern', __('Textpattern'), __('Import categories, users, posts, comments, and links from a Textpattern blog'), array ($txp_import, 'dispatch'));
?>
$rss->items = array_slice($rss->items, 0, 10);
foreach ($rss->items as $item ) {
?>
- <li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wp_specialchars($item['title']); ?></a></li>
+ <li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wptexturize(wp_specialchars($item['title'])); ?></a></li>
<?php } ?>
</ul>
</div>
}
}
+$all = ( 'true' == $all ) ? 'true' : 'false';
+$start = (int) $start;
$post = (int) $post;
$images_width = 1;
$xpadding = (128 - $image['uwidth']) / 2;
$ypadding = (96 - $image['uheight']) / 2;
$style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
- $title = wp_specialchars($image['post_title'], ENT_QUOTES);
+ $title = attribute_escape($image['post_title']);
$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
</div>
";
} else {
- $title = wp_specialchars($attachment['post_title'], ENT_QUOTES);
+ $title = attribute_escape($attachment['post_title']);
$filename = basename($attachment['guid']);
$icon = get_attachment_icon($ID);
$toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
function sendToEditor(n) {
o = document.getElementById('div'+n);
h = o.innerHTML.replace(new RegExp('^\\s*(.*?)\\s*$', ''), '$1'); // Trim
- h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)( |/|>)', 'g'), ' $1="$2"$3'); // Enclose attribs in quotes
+ h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)(?=( |/|>))', 'g'), ' $1="$2"'); // Enclose attribs in quotes
h = h.replace(new RegExp(' (width|height)=".*?"', 'g'), ''); // Drop size constraints
h = h.replace(new RegExp(' on(click|mousedown)="[^"]*"', 'g'), ''); // Drop menu events
h = h.replace(new RegExp('<(/?)A', 'g'), '<$1a'); // Lowercase tagnames
$wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );
// Default comment
-$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
+$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in and view the post's comments. There you will have the option to edit or delete them.'))."')");
// First Page
-
$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status, to_ping, pinged, post_content_filtered) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt', 'static', '', '', '')");
$wp_rewrite->flush_rules();
$admin_caps = serialize(array('administrator' => true));
$wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES ({$wpdb->insert_id}, '{$table_prefix}capabilities', '{$admin_caps}');");
-$message_headers = 'From: ' . $weblog_title . ' <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
+$message_headers = 'From: "' . $weblog_title . '" <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
$message = sprintf(__("Your new WordPress blog has been successfully set up at:
%1\$s
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
<tr>
<th width="33%" scope="row"><?php _e('Name:') ?></th>
- <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($row->cat_name)?>" size="30" /></td>
+ <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($row->cat_name)?>" size="30" /></td>
</tr>
<tr>
<th scope="row"><?php _e('Show:') ?></th>
. " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
. " text_after_all, list_limit FROM $wpdb->linkcategories ORDER BY cat_id");
$i = 1;
-foreach ($results as $row) {
+foreach ( (array) $results as $row) {
if ($row->list_limit == -1) {
$row->list_limit = __('none');
}
<td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_all)?></td>
<td><?php echo $row->list_limit ?></td>
<td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Edit" class="edit"><?php _e('Edit') ?></a></td>
- <td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
- </tr>
+ <td>
+ <?php if (1 == $row->cat_id ) {
+ _e('Default');
+ } else { ?>
+ <a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a>
+ <?php } ?>
+ </td>
+ </tr>
<?php
++$i;
}
<form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
<?php wp_nonce_field('import-bookmarks') ?>
-<p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?>
+<p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?></p>
<div style="width: 70%; margin: auto; height: 8em;">
<input type="hidden" name="step" value="1" />
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
<h2><?php _e('Importing...') ?></h2>
<?php
- $cat_id = $_POST['cat_id'];
- if (($cat_id == '') || ($cat_id == 0)) {
- $cat_id = 1;
- }
+ $cat_id = abs( (int) $_POST['cat_id'] );
+ if ( $cat_id < 1 )
+ $cat_id = 1;
$opml_url = $_POST['opml_url'];
if (isset($opml_url) && $opml_url != '' && $opml_url != 'http://') {
$q = $wpdb->query("update $wpdb->links SET link_owner='$newowner' WHERE link_id IN ($all_links)");
wp_redirect($this_file);
+ exit;
break;
}
case 'visibility':
}
wp_redirect($this_file);
+ exit;
break;
}
case 'move':
$q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)");
wp_redirect($this_file);
+ exit();
break;
}
add_link();
wp_redirect(wp_get_referer() . '?added=true');
+ exit;
break;
} // end Add
setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
wp_redirect($this_file);
+ exit;
break;
} // end Save
$links_show_cat_id = $cat_id;
setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
wp_redirect($this_file);
+ exit;
break;
} // end Delete
<?php wp_nonce_field('bulk-bookmarks') ?>
<input type="hidden" name="link_id" value="" />
<input type="hidden" name="action" value="" />
- <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+ <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
<table id="the-list-x" width="100%" cellpadding="3" cellspacing="3">
<tr>
$links = $wpdb->get_results($sql);
if ($links) {
foreach ($links as $link) {
- $link->link_name = wp_specialchars($link->link_name);
+ $link->link_name = attribute_escape($link->link_name);
$link->link_category = wp_specialchars($link->link_category);
$link->link_description = wp_specialchars($link->link_description);
- $link->link_url = wp_specialchars($link->link_url);
+ $link->link_url = attribute_escape($link->link_url);
$short_url = str_replace('http://', '', $link->link_url);
$short_url = str_replace('www.', '', $short_url);
if ('/' == substr($short_url, -1))
}
do_action('admin_menu', '');
-ksort($menu); // make it all pretty
+uksort($menu, "strnatcasecmp"); // make it all pretty
if (! user_can_access_admin_page()) {
die( __('You do not have sufficient permissions to access this page.') );
<a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a> |
<?php
echo " <a href=\"" . wp_nonce_url("post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "' );\">" . __('Delete just this comment') . "</a> | "; ?> <?php _e('Bulk action:') ?>
- <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
- <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
- <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>
- <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-nothing"><?php _e('Defer until later') ?></label>
+ <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment-<?php echo $comment->comment_ID; ?>-approve"><?php _e('Approve') ?></label>
+ <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment-<?php echo $comment->comment_ID; ?>-spam"><?php _e('Spam') ?></label>
+ <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment-<?php echo $comment->comment_ID; ?>-delete"><?php _e('Delete') ?></label>
+ <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment-<?php echo $comment->comment_ID; ?>-nothing"><?php _e('Defer until later') ?></label>
</p>
</li>
</fieldset>
<fieldset class="options">
<legend><?php _e('Comment Moderation') ?></legend>
-<p><?php printf(__('Hold a comment in the queue if it contains more than %s links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" size="3" value="' . get_settings('comment_max_links'). '" />' ) ?></p>
+<p><?php printf(__('Hold a comment in the queue if it contains %s or more links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" size="3" value="' . get_settings('comment_max_links'). '" />' ) ?></p>
<p><?php _e('When a comment contains any of these words in its content, name, URI, e-mail, or IP, hold it in the moderation queue: (Separate multiple words with new lines.) <a href="http://codex.wordpress.org/Spam_Words">Common spam words</a>.') ?></p>
<p>
</tr>
<tr>
<th scope="row"> </th>
-<td><?php _e('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Save option to update sample output.') ?> </td>
+<td><?php _e('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Click "Update options" to update sample output.') ?> </td>
</tr>
<tr>
<th scope="row"><?php _e('Weeks in the calendar should start on:') ?></th>
<table class="editform optiontable">
<tr valign="top">
<th scope="row"><?php _e('Store uploads in this folder'); ?>:</th>
-<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo str_replace(ABSPATH, '', get_settings('upload_path')); ?>" size="40" />
+<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo attribute_escape(str_replace(ABSPATH, '', get_settings('upload_path'))); ?>" size="40" />
<br />
<?php _e('Default is <code>wp-content/uploads</code>'); ?>
</td>
</label>
<br />
</p>
-<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo $permalink_structure; ?>" size="50" /></p>
+<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo attribute_escape($permalink_structure); ?>" size="50" /></p>
<h3><?php _e('Optional'); ?></h3>
<?php if ($is_apache) : ?>
<p><?php _e('If you like, you may enter a custom prefix for your category URIs here. For example, <code>/index.php/taxonomy/tags</code> would make your category links like <code>http://example.org/index.php/taxonomy/tags/uncategorized/</code>. If you leave this blank the default will be used.') ?></p>
<?php endif; ?>
<p>
- <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo $category_base; ?>" size="30" />
+ <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo attribute_escape($category_base); ?>" size="30" />
</p>
<p class="submit">
<input type="submit" name="submit" value="<?php _e('Update Permalink Structure »') ?>" />
<form action="options-permalink.php" method="post">
<?php wp_nonce_field('update-permalink') ?>
<p>
-<textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?>
+<textarea rows="5" style="width: 98%;" name="rules"><?php echo wp_specialchars($wp_rewrite->mod_rewrite_rules()); ?>
</textarea>
</p>
</form>
if ( !current_user_can('manage_options') )
die ( __('Cheatin’ uh?') );
+function sanitize_option($option, $value) {
+
+ switch ($option) {
+ case 'admin_email':
+ $value = sanitize_email($value);
+ break;
+
+ case 'default_post_edit_rows':
+ case 'mailserver_port':
+ case 'comment_max_links':
+ $value = abs((int) $value);
+ break;
+
+ case 'posts_per_page':
+ case 'posts_per_rss':
+ $value = (int) $value;
+ if ( empty($value) ) $value = 1;
+ if ( $value < -1 ) $value = abs($value);
+ break;
+
+ case 'default_ping_status':
+ case 'default_comment_status':
+ // Options that if not there have 0 value but need to be something like "closed"
+ if ( $value == '0' || $value == '')
+ $value = 'closed';
+ break;
+
+ case 'blogdescription':
+ case 'blogname':
+ if (current_user_can('unfiltered_html') == false)
+ $value = wp_filter_post_kses( $value );
+ break;
+
+ case 'blog_charset':
+ $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
+ break;
+
+ case 'date_format':
+ case 'time_format':
+ case 'mailserver_url':
+ case 'mailserver_login':
+ case 'mailserver_pass':
+ case 'ping_sites':
+ case 'upload_path':
+ $value = strip_tags($value);
+ $value = wp_filter_kses($value);
+ break;
+
+ case 'gmt_offset':
+ $value = preg_replace('/[^0-9:.-]/', '', $value);
+ break;
+
+ case 'siteurl':
+ case 'home':
+ $value = clean_url($value);
+ break;
+ }
+
+ return $value;
+}
+
switch($action) {
case 'update':
check_admin_referer('update-options');
- if (!$_POST['page_options']) {
- foreach ($_POST as $key => $value) {
- $options[] = $key;
+ if ( !$_POST['page_options'] ) {
+ foreach ( (array) $_POST as $key => $value) {
+ if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
+ $options[] = $key;
}
} else {
$options = explode(',', stripslashes($_POST['page_options']));
$old_siteurl = get_settings('siteurl');
$old_home = get_settings('home');
- // HACK
- // Options that if not there have 0 value but need to be something like "closed"
- $nonbools = array('default_ping_status', 'default_comment_status');
if ($options) {
foreach ($options as $option) {
$option = trim($option);
$value = trim(stripslashes($_POST[$option]));
- if( in_array($option, $nonbools) && ( $value == '0' || $value == '') )
- $value = 'closed';
-
- if( $option == 'blogdescription' || $option == 'blogname' )
- if (current_user_can('unfiltered_html') == false)
- $value = wp_filter_post_kses( $value );
+ $value = sanitize_option($option, $value);
if (update_option($option, $value) ) {
$any_changed++;
include('admin-header.php'); ?>
<div class="wrap">
- <h2><?php _e('All options'); ?></h2>
- <form name="form" action="options.php" method="post">
+ <h2><?php _e('All Options'); ?></h2>
+ <form name="form" action="options.php" method="post" id="all-options">
<?php wp_nonce_field('update-options') ?>
<input type="hidden" name="action" value="update" />
<table width="98%">
<?php
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
-foreach ($options as $option) :
- $value = wp_specialchars($option->option_value);
+foreach ( (array) $options as $option) :
+ $disabled = '';
+ $option->option_name = attribute_escape($option->option_name);
+ if ( is_serialized($option->option_value) ) {
+ if ( is_serialized_string($option->option_value) ) {
+ // this is a serialized string, so we should display it
+ $value = maybe_unserialize($option->option_value);
+ $options_to_update[] = $option->option_name;
+ $class = 'all-options';
+ } else {
+ $value = 'SERIALIZED DATA';
+ $disabled = ' disabled="disabled"';
+ $class = 'all-options disabled';
+ }
+ } else {
+ $value = $option->option_value;
+ $options_to_update[] = $option->option_name;
+ $class = 'all-options';
+ }
echo "
<tr>
<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
- <td><input type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "' /></td>
+<td>";
+
+ if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
+ else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />";
+
+ echo "</td>
<td>$option->option_description</td>
</tr>";
endforeach;
?>
</table>
-<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Settings »') ?>" /></p>
+<?php $options_to_update = implode(',', $options_to_update); ?>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p>
</form>
</div>
?>
<?php if ( isset($_GET['saved']) ) : ?>
-<div id="message" class="updated fade"><p><strong><?php _e('Page saved.') ?> <a href="edit-pages.php"><?php _e('Manage pages'); ?> »</a></strong></p></div>
+<div id="message" class="updated fade"><p><strong><?php _e('Page saved.') ?></strong> <a href="edit-pages.php"><?php _e('Manage pages'); ?></a> | <a href="<?php echo get_page_link( $_GET['saved'] ); ?>"><?php _e('View page'); ?> »</a></p></div>
<?php endif; ?>
<?php
}
?>
-<?php include('admin-footer.php'); ?>
\ No newline at end of file
+<?php include('admin-footer.php'); ?>
<?php
$style = '';
- function sort_plugins($plug1, $plug2) {
- return strnatcasecmp($plug1['Name'], $plug2['Name']);
- }
-
- uksort($plugins, 'sort_plugins');
-
foreach($plugins as $plugin_file => $plugin_data) {
$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';
break;
}
} else {
- $location = 'post.php?posted=true';
+ $location = "post.php?posted=$post_ID";
}
if ( 'static' == $_POST['post_status'] )
- $location = "page-new.php?saved=true";
+ $location = "page-new.php?saved=$post_ID";
if ( isset($_POST['save']) )
$location = "post.php?action=edit&post=$post_ID";
?>
<div id='preview' class='wrap'>
<h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?> <small class="quickjump"><a href="#write-post"><?php _e('edit ↑'); ?></a></small></h2>
- <iframe src="<?php echo add_query_arg('preview', 'true', get_permalink($post->ID)); ?>" width="100%" height="600" ></iframe>
+ <iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
</div>
<?php
break;
case 'delete':
$post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']);
- check_admin_referer('delete-post_' . $post_id);
$post = & get_post($post_id);
-
+ if ( 'static' == $post->post_status )
+ check_admin_referer('delete-page_' . $post_id);
+ else
+ check_admin_referer('delete-post_' . $post_id);
+
if ( !current_user_can('edit_post', $post_id) )
die( __('You are not allowed to delete this post.') );
}
$sendback = wp_get_referer();
- if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
- elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php';
- $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
+ if ( 'static' == $post->post_status )
+ $sendback = get_option('siteurl') . '/wp-admin/edit-pages.php';
+ elseif ( strstr($sendback, 'post.php') )
+ $sendback = get_option('siteurl') .'/wp-admin/post.php';
+ elseif ( strstr($sendback, 'attachments.php') )
+ $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
wp_redirect($sendback);
break;
$comment = (int) $_GET['comment'];
$p = (int) $_GET['p'];
- if ( ! $comment = get_comment($comment) )
+ if ( ! $comment = get_comment_to_edit($comment) )
die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
if ( !current_user_can('edit_post', $comment->comment_post_ID) )
edit_comment();
- $referredby = $_POST['referredby'];
- if (!empty($referredby)) {
- wp_redirect($referredby);
- } else {
- wp_redirect("edit.php?p=$comment_post_ID&c=1#comments");
- }
-
+ $location = ( empty($_POST['referredby']) ? "edit.php?p=$comment_post_ID&c=1" : $_POST['referredby'] ) . '#comment-' . $comment_ID;
+ $location = apply_filters('comment_edit_redirect', $location, $comment_ID);
+ wp_redirect($location);
+ exit();
break;
default:
require_once ('./admin-header.php');
?>
<?php if ( isset($_GET['posted']) ) : ?>
-<div id="message" class="updated fade"><p><?php printf(__('Post saved. <a href="%s">View site »</a>'), get_bloginfo('home') . '/'); ?></p></div>
+<div id="message" class="updated fade"><p><strong><?php _e('Post saved.'); ?></strong> <a href="<?php echo get_permalink( $_GET['posted'] ); ?>"><?php _e('View post'); ?> »</a></p></div>
<?php endif; ?>
<?php
if ( current_user_can('edit_posts') ) {
include('edit-form-advanced.php');
?>
-<div class="wrap">
+<div id="wp-bookmarklet" class="wrap">
<?php echo '<h3>'.__('WordPress bookmarklet').'</h3>
<p>'.__('Right click on the following link and choose "Add to favorites" to create a posting shortcut.').'</p>'; ?>
<p>
$parent_file = 'profile.php';
include_once('admin-header.php');
-$profileuser = new WP_User($user_ID);
+$profileuser = get_user_to_edit($user_ID);
$bookmarklet_height= 440;
?>
update_recently_edited($file);
- if (!is_file($real_file))
+ if ( !is_file($real_file) ) {
$error = true;
-
- if (!$error) {
+ } else {
$f = @ fopen($real_file, 'r');
if ( $f ) {
- $content = fread($f, filesize($real_file));
- $content = htmlspecialchars($content);
+ if ( filesize($real_file ) > 0 ) {
+ $content = fread($f, filesize($real_file));
+ $content = htmlspecialchars($content);
+ } else {
+ $content = '';
+ }
} else {
$error = true;
}
<?php
echo '<ol>';
foreach ($recents as $recent) :
- echo "<li><a href='templates.php?file=$recent'>" . get_file_description(basename($recent)) . "</a></li>";
+ echo "<li><a href='templates.php?file=" . attribute_escape($recent) . "'>" . wp_specialchars(get_file_description(basename($recent))) . "</a></li>";
endforeach;
echo '</ol>';
endif;
$f = fopen($real_file, 'w+');
fwrite($f, $newcontent);
fclose($f);
- wp_redirect("theme-editor.php?file=$file&theme=$theme&a=te");
+ $location = "theme-editor.php?file=$file&theme=$theme&a=te";
} else {
- wp_redirect("theme-editor.php?file=$file&theme=$theme");
+ $location = "theme-editor.php?file=$file&theme=$theme";
}
+ $location = wp_kses_no_null($location);
+ $strip = array('%0d', '%0a');
+ $location = str_replace($strip, '', $location);
+ header("Location: $location");
exit();
break;
$theme_name = $a_theme['Name'];
if ($theme_name == $theme) $selected = " selected='selected'";
else $selected = '';
- $theme_name = wp_specialchars($theme_name, true);
+ $theme_name = attribute_escape($theme_name);
echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>";
}
?>
post_mime_type varchar(100) NOT NULL default '',
comment_count bigint(20) NOT NULL default '0',
PRIMARY KEY (ID),
- KEY post_name (post_name)
+ KEY post_name (post_name),
+ KEY post_status (post_status)
);
CREATE TABLE $wpdb->users (
ID bigint(20) unsigned NOT NULL auto_increment,
switch($step) {
case 0:
- $goback = wp_specialchars(wp_get_referer());
+ $goback = clean_url(stripslashes(wp_get_referer()));
?>
<p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p>
<h2 class="step"><a href="upgrade.php?step=1&backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress »'); ?></a></h2>
if ( empty( $_GET['backto'] ) )
$backto = __get_option('home');
else
- $backto = wp_specialchars( $_GET['backto'] , 1 );
+ $backto = clean_url(stripslashes($_GET['backto']));
?>
<h2><?php _e('Step 1'); ?></h2>
<p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"), $backto); ?></p>
}
}
+$user_id = (int) $user_id;
+
+if ( !$user_id )
+ die(__('Invalid user ID.'));
+
switch ($action) {
case 'switchposts':
$errors = array();
if (!current_user_can('edit_users'))
- $errors['head'] = __('You do not have permission to edit this user.');
+ die(__('You do not have permission to edit this user.'));
else
$errors = edit_user($user_id);
default:
include ('admin-header.php');
-$profileuser = new WP_User($user_id);
+$profileuser = get_user_to_edit($user_id);
+
+if (!current_user_can('edit_users'))
+ die__('You do not have permission to edit this user.');
-if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.');
?>
<?php if ( isset($_GET['updated']) ) : ?>
<p><label><?php _e('Nickname:') ?><br />
<input type="text" name="nickname" value="<?php echo $profileuser->nickname ?>" /></label></p>
-</p><label><?php _e('Display name publicly as:') ?> <br />
+<p><label><?php _e('Display name publicly as:') ?> <br />
<select name="display_name">
<option value="<?php echo $profileuser->display_name; ?>"><?php echo $profileuser->display_name; ?></option>
<option value="<?php echo $profileuser->nickname ?>"><?php echo $profileuser->nickname ?></option>
if (empty($_POST['users'])) {
wp_redirect('users.php');
+ exit();
}
if ( !current_user_can('edit_users') )
}
wp_redirect('users.php?update=' . $update);
+ exit();
break;
if ( empty($_POST['users']) ) {
wp_redirect('users.php');
+ exit();
}
if ( !current_user_can('edit_users') )
}
wp_redirect('users.php?update=' . $update);
-
+ exit();
break;
case 'delete':
check_admin_referer('bulk-users');
- if ( empty($_POST['users']) )
+ if ( empty($_POST['users']) ) {
wp_redirect('users.php');
+ exit();
+ }
if ( !current_user_can('edit_users') )
$error['edit_users'] = __('You can’t delete users.');
$errors = add_user();
- if(count($errors) == 0) {
+ if ( count($errors) == 0 ) {
wp_redirect('users.php?update=add');
- die();
+ exit();
}
default:
<table cellpadding="3" cellspacing="3" width="100%">
<?php
foreach($roleclasses as $role => $roleclass) {
- ksort($roleclass);
+ uksort($roleclass, "strnatcasecmp");
?>
<tr>
text-align: center;
}
+textarea.all-options, input.all-options {
+ width: 250px;
+}
+
+input.disabled, textarea.disabled {
+ background: #ccc;
+}
+
#adminmenu {
background: #6da6d1;
border-top: 3px solid #448abd;
background: #2685af url(images/box-head-right.gif) no-repeat top right;
}
-#advancedstuff div.dbx-handle-wrapper {
+#advancedstuff div.dbx-h-andle-wrapper {
margin: 0 0 0 -7px;
background: #fff url(images/box-head-left.gif) no-repeat top left;
}
padding-right: 17px;
}
-#advancedstuff div.dbx-content-wrapper {
+#advancedstuff div.dbx-c-ontent-wrapper {
margin-left: -7px;
margin-right: 0;
background: url(images/box-bg-left.gif) repeat-y left;
background: url(images/box-butt-right.gif) no-repeat bottom right;
}
-#advancedstuff div.dbx-box-wrapper {
+#advancedstuff div.dbx-b-ox-wrapper {
background: url(images/box-butt-left.gif) no-repeat bottom left;
}
-#advancedstuff .dbx-box-closed div.dbx-content-wrapper {
+#advancedstuff .dbx-box-closed div.dbx-c-ontent-wrapper {
padding-bottom: 2px;
background: url(images/box-butt-left.gif) no-repeat bottom left;
}
// If the user is logged in
$user = wp_get_current_user();
-if ( $user->ID ) :
+if ( $user->ID ) {
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
-else :
+ if ( current_user_can('unfiltered_html') ) {
+ if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
+ kses_remove_filters(); // start with a clean slate
+ kses_init_filters(); // set up the filters
+ }
+ }
+} else {
if ( get_option('comment_registration') )
die( __('Sorry, you must be logged in to post a comment.') );
-endif;
+}
$comment_type = '';
setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
endif;
-$location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to'];
+$location = ( empty($_POST['redirect_to']) ? get_permalink($comment_post_ID) : $_POST['redirect_to'] ) . '#comment-' . $comment_id;
+$location = apply_filters('comment_post_redirect', $location, $comment);
-wp_redirect( $location );
+wp_redirect($location);
?>
/*
Plugin Name: Akismet
Plugin URI: http://akismet.com/
-Description: Akismet checks your comments against the Akismet web serivce to see if they look like spam or not. You need a <a href="http://wordpress.com/api-keys/">WordPress.com API key</a> to use this service. You can review the spam it catches under "Manage" and it automatically deletes old spam after 15 days. Hat tip: <a href="http://ioerror.us/">Michael Hampton</a> and <a href="http://chrisjdavis.org/">Chris J. Davis</a> for help with the plugin.
+Description: Akismet checks your comments against the Akismet web service to see if they look like spam or not. You need a <a href="http://wordpress.com/api-keys/">WordPress.com API key</a> to use it. You can review the spam it catches under "Comments." To show off your Akismet stats just put <code><?php akismet_counter(); ?></code> in your template.
+Version: 2.0.2
Author: Matt Mullenweg
-Version: 1.15
Author URI: http://photomatt.net/
*/
-add_action('admin_menu', 'ksd_config_page');
+// If you hardcode a WP.com API key here, all key config screens will be hidden
+$wpcom_api_key = '';
-if ( ! function_exists('wp_nonce_field') ) {
- function akismet_nonce_field($action = -1) {
- return;
- }
+function akismet_init() {
+ global $wpcom_api_key, $akismet_api_host, $akismet_api_port;
+
+ if ( $wpcom_api_key )
+ $akismet_api_host = $wpcom_api_key . '.rest.akismet.com';
+ else
+ $akismet_api_host = get_option('wordpress_api_key') . '.rest.akismet.com';
+
+ $akismet_api_port = 80;
+ add_action('admin_menu', 'akismet_config_page');
+}
+add_action('init', 'akismet_init');
+
+if ( !function_exists('wp_nonce_field') ) {
+ function akismet_nonce_field($action = -1) { return; }
$akismet_nonce = -1;
} else {
- function akismet_nonce_field($action = -1) {
- return wp_nonce_field($action);
- }
+ function akismet_nonce_field($action = -1) { return wp_nonce_field($action); }
$akismet_nonce = 'akismet-update-key';
}
-function ksd_config_page() {
- global $wpdb;
+function akismet_config_page() {
if ( function_exists('add_submenu_page') )
- add_submenu_page('plugins.php', __('Akismet Configuration'), __('Akismet Configuration'), 'manage_options', __FILE__, 'akismet_conf');
+ add_submenu_page('plugins.php', __('Akismet Configuration'), __('Akismet Configuration'), 'manage_options', 'akismet-key-config', 'akismet_conf');
}
function akismet_conf() {
- global $akismet_nonce;
+ global $akismet_nonce, $wpcom_api_key;
+
if ( isset($_POST['submit']) ) {
- if ( !current_user_can('manage_options') )
+ if ( function_exists('current_user_can') && !current_user_can('manage_options') )
die(__('Cheatin’ uh?'));
- check_admin_referer($akismet_nonce);
- $key = preg_replace('/[^a-h0-9]/i', '', $_POST['key']);
- if ( akismet_verify_key( $key ) )
+ check_admin_referer( $akismet_nonce );
+ $key = preg_replace( '/[^a-h0-9]/i', '', $_POST['key'] );
+
+ if ( empty($key) ) {
+ $key_status = 'empty';
+ $ms[] = 'new_key_empty';
+ delete_option('wordpress_api_key');
+ } else {
+ $key_status = akismet_verify_key( $key );
+ }
+
+ if ( $key_status == 'valid' ) {
update_option('wordpress_api_key', $key);
+ $ms[] = 'new_key_valid';
+ } else if ( $key_status == 'invalid' ) {
+ $ms[] = 'new_key_invalid';
+ } else if ( $key_status == 'failed' ) {
+ $ms[] = 'new_key_failed';
+ }
+
+ if ( isset( $_POST['akismet_discard_month'] ) )
+ update_option( 'akismet_discard_month', 'true' );
else
- $invalid_key = true;
+ update_option( 'akismet_discard_month', 'false' );
}
- if ( !akismet_verify_key( get_option('wordpress_api_key') ) )
- $invalid_key = true;
-?>
+ if ( $key_status != 'valid' ) {
+ $key = get_option('wordpress_api_key');
+ if ( empty( $key ) ) {
+ if ( $key_status != 'failed' ) {
+ if ( akismet_verify_key( '1234567890ab' ) == 'failed' )
+ $ms[] = 'no_connection';
+ else
+ $ms[] = 'key_empty';
+ }
+ $key_status = 'empty';
+ } else {
+ $key_status = akismet_verify_key( $key );
+ }
+ if ( $key_status == 'valid' ) {
+ $ms[] = 'key_valid';
+ } else if ( $key_status == 'invalid' ) {
+ delete_option('wordpress_api_key');
+ $ms[] = 'key_empty';
+ } else if ( !empty($key) && $key_status == 'failed' ) {
+ $ms[] = 'key_failed';
+ }
+ }
+
+ $messages = array(
+ 'new_key_empty' => array('color' => 'aa0', 'text' => __('Your key has been cleared.')),
+ 'new_key_valid' => array('color' => '2d2', 'text' => __('Your key has been verified. Happy blogging!')),
+ 'new_key_invalid' => array('color' => 'd22', 'text' => __('The key you entered is invalid. Please double-check it.')),
+ 'new_key_failed' => array('color' => 'd22', 'text' => __('The key you entered could not be verified because a connection to akismet.com could not be established. Please check your server configuration.')),
+ 'no_connection' => array('color' => 'd22', 'text' => __('There was a problem connecting to the Akismet server. Please check your server configuration.')),
+ 'key_empty' => array('color' => 'aa0', 'text' => sprintf(__('Please enter an API key. (<a href="%s" style="color:#fff">Get your key.</a>)'), 'http://wordpress.com/profile/')),
+ 'key_valid' => array('color' => '2d2', 'text' => __('This key is valid.')),
+ 'key_failed' => array('color' => 'aa0', 'text' => __('The key below was previously validated but a connection to akismet.com can not be established at this time. Please check your server configuration.')));
+?>
+<?php if ( !empty($_POST ) ) : ?>
+<div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
+<?php endif; ?>
<div class="wrap">
<h2><?php _e('Akismet Configuration'); ?></h2>
+<div class="narrow">
+<form action="" method="post" id="akismet-conf" style="margin: auto; width: 400px; ">
+<?php if ( !$wpcom_api_key ) { ?>
<p><?php printf(__('For many people, <a href="%1$s">Akismet</a> will greatly reduce or even completely eliminate the comment and trackback spam you get on your site. If one does happen to get through, simply mark it as "spam" on the moderation screen and Akismet will learn from the mistakes. If you don\'t have a WordPress.com account yet, you can get one at <a href="%2$s">WordPress.com</a>.'), 'http://akismet.com/', 'http://wordpress.com/api-keys/'); ?></p>
-<form action="" method="post" id="akismet-conf" style="margin: auto; width: 25em; ">
<?php akismet_nonce_field($akismet_nonce) ?>
<h3><label for="key"><?php _e('WordPress.com API Key'); ?></label></h3>
+<?php foreach ( $ms as $m ) : ?>
+ <p style="padding: .5em; background-color: #<?php echo $messages[$m]['color']; ?>; color: #fff; font-weight: bold;"><?php echo $messages[$m]['text']; ?></p>
+<?php endforeach; ?>
+<p><input id="key" name="key" type="text" size="15" maxlength="12" value="<?php echo get_option('wordpress_api_key'); ?>" style="font-family: 'Courier New', Courier, mono; font-size: 1.5em;" /> (<?php _e('<a href="http://faq.wordpress.com/2005/10/19/api-key/">What is this?</a>'); ?>)</p>
<?php if ( $invalid_key ) { ?>
- <p style="padding: .5em; background-color: #f33; color: #fff; font-weight: bold;"><?php _e('Your key appears invalid. Double-check it.'); ?></p>
+<h3><?php _e('Why might my key be invalid?'); ?></h3>
+<p><?php _e('This can mean one of two things, either you copied the key wrong or that the plugin is unable to reach the Akismet servers, which is most often caused by an issue with your web host around firewalls or similar.'); ?></p>
<?php } ?>
-<p><input id="key" name="key" type="text" size="15" maxlength="12" value="<?php echo get_option('wordpress_api_key'); ?>" style="font-family: 'Courier New', Courier, mono; font-size: 1.5em;" /> (<?php _e('<a href="http://faq.wordpress.com/2005/10/19/api-key/">What is this?</a>'); ?>)</p>
- <p class="submit"><input type="submit" name="submit" value="<?php _e('Update API Key »'); ?>" /></p>
+<?php } ?>
+<p><label><input name="akismet_discard_month" id="akismet_discard_month" value="true" type="checkbox" <?php if ( get_option('akismet_discard_month') == 'true' ) echo ' checked="checked" '; ?> /> <?php _e('Automatically discard spam comments on posts older than a month.'); ?></label></p>
+ <p class="submit"><input type="submit" name="submit" value="<?php _e('Update options »'); ?>" /></p>
</form>
</div>
+</div>
<?php
}
function akismet_verify_key( $key ) {
- global $auto_comment_approved, $ksd_api_host, $ksd_api_port;
+ global $akismet_api_host, $akismet_api_port, $wpcom_api_key;
$blog = urlencode( get_option('home') );
- $response = ksd_http_post("key=$key&blog=$blog", 'rest.akismet.com', '/1.1/verify-key', $ksd_api_port);
- if ( 'valid' == $response[1] )
- return true;
- else
- return false;
+ if ( $wpcom_api_key )
+ $key = $wpcom_api_key;
+ $response = akismet_http_post("key=$key&blog=$blog", 'rest.akismet.com', '/1.1/verify-key', $akismet_api_port);
+ if ( !is_array($response) || !isset($response[1]) || $response[1] != 'valid' && $response[1] != 'invalid' )
+ return 'failed';
+ return $response[1];
}
-if ( !get_option('wordpress_api_key') && !isset($_POST['submit']) ) {
+if ( !get_option('wordpress_api_key') && !$wpcom_api_key && !isset($_POST['submit']) ) {
function akismet_warning() {
- $path = plugin_basename(__FILE__);
echo "
- <div id='akismet-warning' class='updated fade-ff0000'><p><strong>".__('Akismet is not active.')."</strong> ".sprintf(__('You must <a href="%1$s">enter your WordPress.com API key</a> for it to work.'), "plugins.php?page=$path")."</p></div>
+ <div id='akismet-warning' class='updated fade-ff0000'><p><strong>".__('Akismet is not active.')."</strong> ".sprintf(__('You must <a href="%1$s">enter your WordPress.com API key</a> for it to work.'), "plugins.php?page=akismet-key-config")."</p></div>
<style type='text/css'>
#adminmenu { margin-bottom: 5em; }
#akismet-warning { position: absolute; top: 7em; }
return;
}
-$ksd_api_host = get_option('wordpress_api_key') . '.rest.akismet.com';
-$ksd_api_port = 80;
-$ksd_user_agent = "WordPress/$wp_version | Akismet/1.15";
-
-// Returns array with headers in $response[0] and entity in $response[1]
-function ksd_http_post($request, $host, $path, $port = 80) {
- global $ksd_user_agent;
+// Returns array with headers in $response[0] and body in $response[1]
+function akismet_http_post($request, $host, $path, $port = 80) {
+ global $wp_version;
$http_request = "POST $path HTTP/1.0\r\n";
$http_request .= "Host: $host\r\n";
- $http_request .= "Content-Type: application/x-www-form-urlencoded; charset=" . get_settings('blog_charset') . "\r\n";
+ $http_request .= "Content-Type: application/x-www-form-urlencoded; charset=" . get_option('blog_charset') . "\r\n";
$http_request .= "Content-Length: " . strlen($request) . "\r\n";
- $http_request .= "User-Agent: $ksd_user_agent\r\n";
+ $http_request .= "User-Agent: WordPress/$wp_version | Akismet/2.0\r\n";
$http_request .= "\r\n";
$http_request .= $request;
$response = '';
- if( false !== ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {
+ if( false != ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {
fwrite($fs, $http_request);
while ( !feof($fs) )
return $response;
}
-function ksd_auto_check_comment( $comment ) {
- global $auto_comment_approved, $ksd_api_host, $ksd_api_port;
+function akismet_auto_check_comment( $comment ) {
+ global $akismet_api_host, $akismet_api_port;
+
$comment['user_ip'] = preg_replace( '/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR'] );
$comment['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$comment['referrer'] = $_SERVER['HTTP_REFERER'];
foreach ( $comment as $key => $data )
$query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
- $response = ksd_http_post($query_string, $ksd_api_host, '/1.1/comment-check', $ksd_api_port);
+ $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);
if ( 'true' == $response[1] ) {
- $auto_comment_approved = 'spam';
+ add_filter('pre_comment_approved', create_function('$a', 'return \'spam\';'));
update_option( 'akismet_spam_count', get_option('akismet_spam_count') + 1 );
+
+ $post = get_post( $comment['comment_post_ID'] );
+ $last_updated = strtotime( $post->post_modified_gmt );
+ $diff = time() - $last_updated;
+ $diff = $diff / 86400;
+
+ if ( $post->post_type == 'post' && $diff > 30 && get_option( 'akismet_discard_month' ) == 'true' )
+ die;
}
akismet_delete_old();
return $comment;
global $wpdb;
$now_gmt = current_time('mysql', 1);
$wpdb->query("DELETE FROM $wpdb->comments WHERE DATE_SUB('$now_gmt', INTERVAL 15 DAY) > comment_date_gmt AND comment_approved = 'spam'");
- $n = mt_rand(1, 5);
- if ( $n % 5 )
+ $n = mt_rand(1, 5000);
+ if ( $n == 11 ) // lucky number
$wpdb->query("OPTIMIZE TABLE $wpdb->comments");
}
-function ksd_auto_approved( $approved ) {
- global $auto_comment_approved;
- if ( 'spam' == $auto_comment_approved )
- $approved = $auto_comment_approved;
- return $approved;
-}
-
-function ksd_submit_nonspam_comment ( $comment_id ) {
- global $wpdb, $ksd_api_host, $ksd_api_port;
+function akismet_submit_nonspam_comment ( $comment_id ) {
+ global $wpdb, $akismet_api_host, $akismet_api_port;
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_id'");
if ( !$comment ) // it was deleted
$query_string = '';
foreach ( $comment as $key => $data )
$query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
- $response = ksd_http_post($query_string, $ksd_api_host, "/1.1/submit-ham", $ksd_api_port);
+ $response = akismet_http_post($query_string, $akismet_api_host, "/1.1/submit-ham", $akismet_api_port);
}
-function ksd_submit_spam_comment ( $comment_id ) {
- global $wpdb, $ksd_api_host, $ksd_api_port;
+function akismet_submit_spam_comment ( $comment_id ) {
+ global $wpdb, $akismet_api_host, $akismet_api_port;
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_id'");
if ( !$comment ) // it was deleted
foreach ( $comment as $key => $data )
$query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
- $response = ksd_http_post($query_string, $ksd_api_host, "/1.1/submit-spam", $ksd_api_port);
+ $response = akismet_http_post($query_string, $akismet_api_host, "/1.1/submit-spam", $akismet_api_port);
}
-add_action('wp_set_comment_status', 'ksd_submit_spam_comment');
-add_action('edit_comment', 'ksd_submit_spam_comment');
-add_action('preprocess_comment', 'ksd_auto_check_comment', 1);
-add_filter('pre_comment_approved', 'ksd_auto_approved');
+add_action('wp_set_comment_status', 'akismet_submit_spam_comment');
+add_action('edit_comment', 'akismet_submit_spam_comment');
+add_action('preprocess_comment', 'akismet_auto_check_comment', 1);
-
-function ksd_spam_count() {
+function akismet_spam_count() {
global $wpdb, $comments;
- $count = $wpdb->get_var("SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_approved = 'spam'");
+ $count = wp_cache_get( 'akismet_spam_count', 'widget' );
+ if ( false === $count ) {
+ $count = $wpdb->get_var("SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_approved = 'spam'");
+ wp_cache_set( 'akismet_spam_count', $count, 'widget', 3600 );
+ }
return $count;
}
-function ksd_manage_page() {
- global $wpdb;
- $count = sprintf(__('Akismet Spam (%s)'), ksd_spam_count());
- if ( function_exists('add_management_page') )
- add_management_page(__('Akismet Spam'), $count, 'moderate_comments', __FILE__, 'ksd_caught');
+function akismet_manage_page() {
+ global $wpdb, $submenu;
+ $count = sprintf(__('Akismet Spam (%s)'), akismet_spam_count());
+ if ( isset( $submenu['edit-comments.php'] ) )
+ add_submenu_page('edit-comments.php', __('Akismet Spam'), $count, 'moderate_comments', 'akismet-admin', 'akismet_caught' );
+ elseif ( function_exists('add_management_page') )
+ add_management_page(__('Akismet Spam'), $count, 'moderate_comments', 'akismet-admin', 'akismet_caught');
}
-function ksd_caught() {
- global $wpdb, $comment;
+function akismet_caught() {
+ global $wpdb, $comment, $akismet_caught, $akismet_nonce;
+ akismet_recheck_queue();
if (isset($_POST['submit']) && 'recover' == $_POST['action'] && ! empty($_POST['not_spam'])) {
- if ( ! current_user_can('moderate_comments') )
+ check_admin_referer( $akismet_nonce );
+ if ( function_exists('current_user_can') && !current_user_can('moderate_comments') )
die(__('You do not have sufficient permission to moderate comments.'));
$i = 0;
wp_set_comment_status($comment, 'approve');
else
$wpdb->query("UPDATE $wpdb->comments SET comment_approved = '1' WHERE comment_ID = '$comment'");
- ksd_submit_nonspam_comment($comment);
+ akismet_submit_nonspam_comment($comment);
++$i;
endforeach;
- echo '<div class="updated"><p>' . sprintf(__('%1$s comments recovered.'), $i) . "</p></div>";
+ $to = add_query_arg( 'recovered', $i, $_SERVER['HTTP_REFERER'] );
+ wp_redirect( $to );
+ exit;
}
if ('delete' == $_POST['action']) {
- if ( ! current_user_can('moderate_comments') )
+ check_admin_referer( $akismet_nonce );
+ if ( function_exists('current_user_can') && !current_user_can('moderate_comments') )
die(__('You do not have sufficient permission to moderate comments.'));
$delete_time = addslashes( $_POST['display_time'] );
$nuked = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" );
- if (isset($nuked)) {
- echo '<div class="updated"><p>';
- if ($nuked) {
- _e('All spam deleted.');
- }
- echo "</p></div>";
- }
+ wp_cache_delete( 'akismet_spam_count', 'widget' );
+ $to = add_query_arg( 'deleted', 'all', $_SERVER['HTTP_REFERER'] );
+ wp_redirect( $to );
+ exit;
}
+
+if ( isset( $_GET['recovered'] ) ) {
+ $i = (int) $_GET['recovered'];
+ echo '<div class="updated"><p>' . sprintf(__('%1$s comments recovered.'), $i) . "</p></div>";
+}
+
+if (isset( $_GET['deleted'] ) )
+ echo '<div class="updated"><p>' . __('All spam deleted.') . '</p></div>';
+
+if ( isset( $GLOBALS['submenu']['edit-comments.php'] ) )
+ $link = 'edit-comments.php';
+else
+ $link = 'edit.php';
?>
<div class="wrap">
<h2><?php _e('Caught Spam') ?></h2>
<p><?php printf(__('Akismet has caught <strong>%1$s spam</strong> for you since you first installed it.'), number_format($count) ); ?></p>
<?php
}
-$spam_count = ksd_spam_count();
+$spam_count = akismet_spam_count();
if (0 == $spam_count) {
echo '<p>'.__('You have no spam currently in the queue. Must be your lucky day. :)').'</p>';
echo '</div>';
} else {
echo '<p>'.__('You can delete all of the spam from your database with a single click. This operation cannot be undone, so you may wish to check to ensure that no legitimate comments got through first. Spam is automatically deleted after 15 days, so don’t sweat it.').'</p>';
?>
-<form method="post" action="">
+<?php if ( !isset( $_POST['s'] ) ) { ?>
+<form method="post" action="<?php echo attribute_escape( add_query_arg( 'noheader', 'true' ) ); ?>">
+<?php akismet_nonce_field($akismet_nonce) ?>
<input type="hidden" name="action" value="delete" />
<?php printf(__('There are currently %1$s comments identified as spam.'), $spam_count); ?> <input type="submit" name="Submit" value="<?php _e('Delete all'); ?>" />
<input type="hidden" name="display_time" value="<?php echo current_time('mysql', 1); ?>" />
</form>
+<?php } ?>
</div>
<div class="wrap">
+<?php if ( isset( $_POST['s'] ) ) { ?>
+<h2><?php _e('Search'); ?></h2>
+<?php } else { ?>
<h2><?php _e('Latest Spam'); ?></h2>
<?php echo '<p>'.__('These are the latest comments identified as spam by Akismet. If you see any mistakes, simply mark the comment as "not spam" and Akismet will learn from the submission. If you wish to recover a comment from spam, simply select the comment, and click Not Spam. After 15 days we clean out the junk for you.').'</p>'; ?>
+<?php } ?>
<?php
-$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = 'spam' ORDER BY comment_date DESC LIMIT 150");
+if ( isset( $_POST['s'] ) ) {
+ $s = $wpdb->escape($_POST['s']);
+ $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE
+ (comment_author LIKE '%$s%' OR
+ comment_author_email LIKE '%$s%' OR
+ comment_author_url LIKE ('%$s%') OR
+ comment_author_IP LIKE ('%$s%') OR
+ comment_content LIKE ('%$s%') ) AND
+ comment_approved = 'spam'
+ ORDER BY comment_date DESC");
+} else {
+ if ( isset( $_GET['apage'] ) )
+ $page = (int) $_GET['apage'];
+ else
+ $page = 1;
+
+ if ( $page < 2 )
+ $page = 1;
+
+ $start = ( $page - 1 ) * 50;
+ $end = $start + 50;
+
+ $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = 'spam' ORDER BY comment_date DESC LIMIT $start, $end");
+ $total = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = 'spam'" );
+}
if ($comments) {
?>
-<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
+
+<?php if ( $total > 50 ) {
+$total_pages = ceil( $total / 50 );
+$r = '';
+if ( 1 < $page ) {
+ $args['apage'] = ( 1 == $page - 1 ) ? '' : $page - 1;
+ $r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";
+}
+if ( ( $total_pages = ceil( $total / 50 ) ) > 1 ) {
+ for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
+ if ( $page == $page_num ) :
+ $r .= "<strong>$page_num</strong>\n";
+ else :
+ $p = false;
+ if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
+ $args['apage'] = ( 1 == $page_num ) ? '' : $page_num;
+ $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
+ $in = true;
+ elseif ( $in == true ) :
+ $r .= "...\n";
+ $in = false;
+ endif;
+ endif;
+ endfor;
+}
+if ( ( $page ) * 50 < $total || -1 == $total ) {
+ $args['apage'] = $page + 1;
+ $r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";
+}
+echo "<p>$r</p>";
+?>
+
+<?php } ?>
+<form method="post" action="<?php echo attribute_escape("$link?page=akismet-admin"); ?>" id="akismetsearch">
+<p> <input type="text" name="s" value="<?php if (isset($_POST['s'])) echo attribute_escape($_POST['s']); ?>" size="17" />
+ <input type="submit" name="submit" value="<?php echo attribute_escape(__('Search')) ?>" /> </p>
+</form>
+<form method="post" action="<?php echo attribute_escape( add_query_arg( 'noheader', 'true' ) ); ?>">
+<?php akismet_nonce_field($akismet_nonce) ?>
<input type="hidden" name="action" value="recover" />
<ul id="spam-list" class="commentlist" style="list-style: none; margin: 0; padding: 0;">
<?php
$i = 0;
foreach($comments as $comment) {
$i++;
- $comment_date = mysql2date(get_settings("date_format") . " @ " . get_settings("time_format"), $comment->comment_date);
+ $comment_date = mysql2date(get_option("date_format") . " @ " . get_option("time_format"), $comment->comment_date);
$post = get_post($comment->comment_post_ID);
$post_title = $post->post_title;
if ($i % 2) $class = 'class="alternate"';
<?php
}
-}
?>
</ul>
+<?php if ( $total > 50 ) {
+$total_pages = ceil( $total / 50 );
+$r = '';
+if ( 1 < $page ) {
+ $args['apage'] = ( 1 == $page - 1 ) ? '' : $page - 1;
+ $r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";
+}
+if ( ( $total_pages = ceil( $total / 50 ) ) > 1 ) {
+ for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
+ if ( $page == $page_num ) :
+ $r .= "<strong>$page_num</strong>\n";
+ else :
+ $p = false;
+ if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
+ $args['apage'] = ( 1 == $page_num ) ? '' : $page_num;
+ $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
+ $in = true;
+ elseif ( $in == true ) :
+ $r .= "...\n";
+ $in = false;
+ endif;
+ endif;
+ endfor;
+}
+if ( ( $page ) * 50 < $total || -1 == $total ) {
+ $args['apage'] = $page + 1;
+ $r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";
+}
+echo "<p>$r</p>";
+}
+?>
<p class="submit">
-<input type="submit" name="submit" value="<?php _e('De-spam marked comments »'); ?>" />
+<input type="submit" name="submit" value="<?php echo attribute_escape(__('De-spam marked comments »')); ?>" />
</p>
<p><?php _e('Comments you de-spam will be submitted to Akismet as mistakes so it can learn and get better.'); ?></p>
</form>
-<form method="post" action="">
+<?php
+} else {
+?>
+<p><?php _e('No results found.'); ?></p>
+<?php } ?>
+
+<?php if ( !isset( $_POST['s'] ) ) { ?>
+<form method="post" action="<?php echo attribute_escape( add_query_arg( 'noheader', 'true' ) ); ?>">
+<?php akismet_nonce_field($akismet_nonce) ?>
<p><input type="hidden" name="action" value="delete" />
-<?php printf(__('There are currently %1$s comments identified as spam.'), $spam_count); ?> <input type="submit" name="Submit" value="<?php _e('Delete all'); ?>" />
+<?php printf(__('There are currently %1$s comments identified as spam.'), $spam_count); ?> <input type="submit" name="Submit" value="<?php echo attribute_escape(__('Delete all')); ?>" />
<input type="hidden" name="display_time" value="<?php echo current_time('mysql', 1); ?>" /></p>
</form>
+<?php } ?>
</div>
<?php
}
}
-add_action('admin_menu', 'ksd_manage_page');
+add_action('admin_menu', 'akismet_manage_page');
function akismet_stats() {
$count = get_option('akismet_spam_count');
return;
$path = plugin_basename(__FILE__);
echo '<h3>'.__('Spam').'</h3>';
- echo '<p>'.sprintf(__('<a href="%1$s">Akismet</a> has protected your site from <a href="%2$s">%3$s spam comments</a>.'), 'http://akismet.com/', "edit.php?page=$path", number_format($count) ).'</p>';
+ global $submenu;
+ if ( isset( $submenu['edit-comments.php'] ) )
+ $link = 'edit-comments.php';
+ else
+ $link = 'edit.php';
+ echo '<p>'.sprintf(__('<a href="%1$s">Akismet</a> has protected your site from <a href="%2$s">%3$s spam comments</a>.'), 'http://akismet.com/', clean_url("$link?page=akismet-admin"), number_format($count) ).'</p>';
}
add_action('activity_box_end', 'akismet_stats');
+
+if ( 'moderation.php' == $pagenow ) {
+ function akismet_recheck_button( $page ) {
+ global $submenu;
+ if ( isset( $submenu['edit-comments.php'] ) )
+ $link = 'edit-comments.php';
+ else
+ $link = 'edit.php';
+ $button = "<a href='$link?page=akismet-admin&recheckqueue=true&noheader=true' style='display: block; width: 100px; position: absolute; right: 7%; padding: 5px; font-size: 14px; text-decoration: underline; background: #fff; border: 1px solid #ccc;'>" . __('Recheck Queue for Spam') . "</a>";
+ $page = str_replace( '<div class="wrap">', '<div class="wrap">' . $button, $page );
+ return $page;
+ }
+
+ if ( $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'" ) )
+ ob_start( 'akismet_recheck_button' );
+}
+
+function akismet_recheck_queue() {
+ global $wpdb, $akismet_api_host, $akismet_api_port;
+
+ if ( !isset( $_GET['recheckqueue'] ) )
+ return;
+
+ $moderation = $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE comment_approved = '0'", ARRAY_A );
+ foreach ( $moderation as $c ) {
+ $c['user_ip'] = $c['comment_author_IP'];
+ $c['user_agent'] = $c['comment_agent'];
+ $c['referrer'] = '';
+ $c['blog'] = get_option('home');
+ $id = $c['comment_ID'];
+
+ $query_string = '';
+ foreach ( $c as $key => $data )
+ $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
+
+ $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);
+ if ( 'true' == $response[1] ) {
+ $wpdb->query( "UPDATE $wpdb->comments SET comment_approved = 'spam' WHERE comment_ID = $id" );
+ }
+ }
+ wp_redirect( $_SERVER['HTTP_REFERER'] );
+ exit;
+}
+
+function akismet_check_db_comment( $id ) {
+ global $wpdb, $akismet_api_host, $akismet_api_port;
+
+ $id = (int) $id;
+ $c = $wpdb->get_row( "SELECT * FROM $wpdb->comments WHERE comment_ID = '$id'", ARRAY_A );
+ if ( !$c )
+ return;
+
+ $c['user_ip'] = $c['comment_author_IP'];
+ $c['user_agent'] = $c['comment_agent'];
+ $c['referrer'] = '';
+ $c['blog'] = get_option('home');
+ $id = $c['comment_ID'];
+
+ $query_string = '';
+ foreach ( $c as $key => $data )
+ $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
+
+ $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);
+ return $response[1];
+}
+
+// This option causes tons of FPs, was removed in 2.1
+function akismet_kill_proxy_check( $option ) { return 0; }
+add_filter('option_open_proxy_check', 'akismet_kill_proxy_check');
+
+// Widget stuff
+function widget_akismet_register() {
+ if ( function_exists('register_sidebar_widget') ) :
+ function widget_akismet($args) {
+ extract($args);
+ $options = get_option('widget_akismet');
+ $count = number_format(get_option('akismet_spam_count'));
+ $text = __('%d spam comments have been blocked by <a href="http://akismet.com">Akismet</a>.');
+ ?>
+ <?php echo $before_widget; ?>
+ <?php echo $before_title . $options['title'] . $after_title; ?>
+ <div id="akismetwrap"><div id="akismetstats"><a id="aka" href="http://akismet.com" title=""><?php printf( __( '%1$s %2$sspam comments%3$s %4$sblocked by%5$s<br />%6$sAkismet%7$s' ), '<div id="akismet1"><span id="akismetcount">' . $count . '</span>', '<span id="akismetsc">', '</span></div>', '<div id="akismet2"><span id="akismetbb">', '</span>', '<span id="akismeta">', '</span></div>' ); ?></a></div></div>
+ <?php echo $after_widget; ?>
+ <?php
+ }
+
+ function widget_akismet_style() {
+ ?>
+<style type="text/css">
+#aka,#aka:link,#aka:hover,#aka:visited,#aka:active{color:#fff;text-decoration:none}
+#aka:hover{border:none;text-decoration:none}
+#aka:hover #akismet1{display:none}
+#aka:hover #akismet2,#akismet1{display:block}
+#akismet2{display:none;padding-top:2px}
+#akismeta{font-size:16px;font-weight:bold;line-height:18px;text-decoration:none}
+#akismetcount{display:block;font:15px Verdana,Arial,Sans-Serif;font-weight:bold;text-decoration:none}
+#akismetwrap #akismetstats{background:url(<?php echo get_option('siteurl'); ?>/wp-content/plugins/akismet/akismet.gif) no-repeat top left;border:none;color:#fff;font:11px 'Trebuchet MS','Myriad Pro',sans-serif;height:40px;line-height:100%;overflow:hidden;padding:8px 0 0;text-align:center;width:120px}
+</style>
+ <?php
+ }
+
+ function widget_akismet_control() {
+ $options = $newoptions = get_option('widget_akismet');
+ if ( $_POST["akismet-submit"] ) {
+ $newoptions['title'] = strip_tags(stripslashes($_POST["akismet-title"]));
+ if ( empty($newoptions['title']) ) $newoptions['title'] = 'Spam Blocked';
+ }
+ if ( $options != $newoptions ) {
+ $options = $newoptions;
+ update_option('widget_akismet', $options);
+ }
+ $title = htmlspecialchars($options['title'], ENT_QUOTES);
+ ?>
+ <p><label for="akismet-title"><?php _e('Title:'); ?> <input style="width: 250px;" id="akismet-title" name="akismet-title" type="text" value="<?php echo $title; ?>" /></label></p>
+ <input type="hidden" id="akismet-submit" name="akismet-submit" value="1" />
+ <?php
+ }
+
+ register_sidebar_widget('Akismet', 'widget_akismet', null, 'akismet');
+ register_widget_control('Akismet', 'widget_akismet_control', 300, 75, 'akismet');
+ if ( is_active_widget('widget_akismet') )
+ add_action('wp_head', 'widget_akismet_style');
+ endif;
+}
+
+add_action('init', 'widget_akismet_register');
+
+// Counter for non-widget users
+function akismet_counter() {
+?>
+<style type="text/css">
+#akismetwrap #aka,#aka:link,#aka:hover,#aka:visited,#aka:active{color:#fff;text-decoration:none}
+#aka:hover{border:none;text-decoration:none}
+#aka:hover #akismet1{display:none}
+#aka:hover #akismet2,#akismet1{display:block}
+#akismet2{display:none;padding-top:2px}
+#akismeta{font-size:16px;font-weight:bold;line-height:18px;text-decoration:none}
+#akismetcount{display:block;font:15px Verdana,Arial,Sans-Serif;font-weight:bold;text-decoration:none}
+#akismetwrap #akismetstats{background:url(<?php echo get_option('siteurl'); ?>/wp-content/plugins/akismet/akismet.gif) no-repeat top left;border:none;color:#fff;font:11px 'Trebuchet MS','Myriad Pro',sans-serif;height:40px;line-height:100%;overflow:hidden;padding:8px 0 0;text-align:center;width:120px}
+</style>
+<?php
+$count = number_format(get_option('akismet_spam_count'));
+?>
+<div id="akismetwrap"><div id="akismetstats"><a id="aka" href="http://akismet.com" title=""><div id="akismet1"><span id="akismetcount"><?php echo $count; ?></span> <span id="akismetsc"><?php _e('spam comments') ?></span></div> <div id="akismet2"><span id="akismetbb"><?php _e('blocked by') ?></span><br /><span id="akismeta">Akismet</span></div></a></div></div>
+<?php
+}
+
?>
Plugin URI: http://www.skippy.net/blog/plugins/
Description: On-demand backup of your WordPress database.
Author: Scott Merrill
-Version: 1.7
+Version: 1.8
Author URI: http://www.skippy.net/
Much of this was modified from Mark Ghosh's One Click Backup, which
$via = isset($_GET['via']) ? $_GET['via'] : 'http';
$this->backup_file = $_GET['backup'];
-
+ $this->validate_file($this->backup_file);
+
switch($via) {
case 'smtp':
case 'email':
}
if (isset($_GET['fragment'] )) {
list($table, $segment, $filename) = explode(':', $_GET['fragment']);
+ $this->validate_file($filename);
$this->backup_fragment($table, $segment, $filename);
}
return;
} // wp_cron_db_backup
+
+ function validate_file($file) {
+ if (false !== strpos($file, '..'))
+ die(__("Cheatin' uh ?"));
+
+ if (false !== strpos($file, './'))
+ die(__("Cheatin' uh ?"));
+
+ if (':' == substr($file, 1, 1))
+ die(__("Cheatin' uh ?"));
+ }
+
}
function wpdbBackup_init() {
<input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
<label for="author"><?php _e("Name"); ?></label>
<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
- <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+ <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
</p>
<p>
</li>
<li id="search">
<label for="s"><?php _e('Search:'); ?></label>
- <form id="searchform" method="get" action="<?php echo $_SERVER['PHP_SELF']; ?>">
+ <form id="searchform" method="get" action="<?php bloginfo('home'); ?>">
<div>
<input type="text" name="s" id="s" size="15" /><br />
<input type="submit" value="<?php _e('Search'); ?>" />
<input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
<label for="author">Name</label>
<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
- <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+ <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
</p>
<p>
-<?php\r
-\r
-function kubrick_head() {\r
- $head = "<style type='text/css'>\n<!--";\r
- $output = '';\r
- if ( kubrick_header_image() ) {\r
- $url = kubrick_header_image_url() ;\r
- $output .= "#header { background: url('$url') no-repeat bottom center; }\n";\r
- }\r
- if ( false !== ( $color = kubrick_header_color() ) ) {\r
- $output .= "#headerimg h1 a, #headerimg h1 a:visited, #headerimg .description { color: $color; }\n";\r
- }\r
- if ( false !== ( $display = kubrick_header_display() ) ) {\r
- $output .= "#headerimg { display: $display }\n";\r
- }\r
- $foot = "--></style>\n";\r
- if ( '' != $output )\r
- echo $head . $output . $foot;\r
-}\r
-\r
-add_action('wp_head', 'kubrick_head');\r
-\r
-function kubrick_header_image() {\r
- return apply_filters('kubrick_header_image', get_settings('kubrick_header_image'));\r
-}\r
-\r
-function kubrick_upper_color() {\r
- if ( strstr( $url = kubrick_header_image_url(), 'header-img.php?' ) ) {\r
- parse_str(substr($url, strpos($url, '?') + 1), $q);\r
- return $q['upper'];\r
- } else\r
- return '69aee7';\r
-}\r
-\r
-function kubrick_lower_color() {\r
- if ( strstr( $url = kubrick_header_image_url(), 'header-img.php?' ) ) {\r
- parse_str(substr($url, strpos($url, '?') + 1), $q);\r
- return $q['lower'];\r
- } else\r
- return '4180b6';\r
-}\r
-\r
-function kubrick_header_image_url() {\r
- if ( $image = kubrick_header_image() )\r
- $url = get_template_directory_uri() . '/images/' . $image;\r
- else\r
- $url = get_template_directory_uri() . '/images/kubrickheader.jpg';\r
-\r
- return $url;\r
-}\r
-\r
-function kubrick_header_color() {\r
- return apply_filters('kubrick_header_color', get_settings('kubrick_header_color'));\r
-}\r
-\r
-function kubrick_header_color_string() {\r
- $color = kubrick_header_color();\r
- if ( false === $color )\r
- return 'white';\r
-\r
- return $color;\r
-}\r
-\r
-function kubrick_header_display() {\r
- return apply_filters('kubrick_header_display', get_settings('kubrick_header_display'));\r
-}\r
-\r
-function kubrick_header_display_string() {\r
- $display = kubrick_header_display();\r
- return $display ? $display : 'inline';\r
-}\r
-\r
-add_action('admin_menu', 'kubrick_add_theme_page');\r
-\r
-function kubrick_add_theme_page() {\r
- if ( $_GET['page'] == basename(__FILE__) ) {\r
- if ( 'save' == $_REQUEST['action'] ) {\r
- if ( isset($_REQUEST['njform']) ) {\r
- if ( isset($_REQUEST['defaults']) ) {\r
- delete_option('kubrick_header_image');\r
- delete_option('kubrick_header_color');\r
- delete_option('kubrick_header_display');\r
- } else {\r
- if ( '' == $_REQUEST['njfontcolor'] )\r
- delete_option('kubrick_header_color');\r
- else\r
- update_option('kubrick_header_color', $_REQUEST['njfontcolor']);\r
-\r
- if ( preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njuppercolor'], $uc) && preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njlowercolor'], $lc) ) {\r
- $uc = ( strlen($uc[0]) == 3 ) ? $uc[0]{0}.$uc[0]{0}.$uc[0]{1}.$uc[0]{1}.$uc[0]{2}.$uc[0]{2} : $uc[0];\r
- $lc = ( strlen($lc[0]) == 3 ) ? $lc[0]{0}.$lc[0]{0}.$lc[0]{1}.$lc[0]{1}.$lc[0]{2}.$lc[0]{2} : $lc[0];\r
- update_option('kubrick_header_image', "header-img.php?upper=$uc&lower=$lc");\r
- }\r
-\r
- if ( isset($_REQUEST['toggledisplay']) ) {\r
- if ( false === get_settings('kubrick_header_display') )\r
- update_option('kubrick_header_display', 'none');\r
- else\r
- delete_option('kubrick_header_display');\r
- }\r
- }\r
- } else {\r
-\r
- if ( isset($_REQUEST['headerimage']) ) {\r
- if ( '' == $_REQUEST['headerimage'] )\r
- delete_option('kubrick_header_image');\r
- else\r
- update_option('kubrick_header_image', $_REQUEST['headerimage']);\r
- }\r
-\r
- if ( isset($_REQUEST['fontcolor']) ) {\r
- if ( '' == $_REQUEST['fontcolor'] )\r
- delete_option('kubrick_header_color');\r
- else\r
- update_option('kubrick_header_color', $_REQUEST['fontcolor']);\r
- }\r
-\r
- if ( isset($_REQUEST['fontdisplay']) ) {\r
- if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] )\r
- delete_option('kubrick_header_display');\r
- else\r
- update_option('kubrick_header_display', 'none');\r
- }\r
- }\r
- //print_r($_REQUEST);\r
- wp_redirect("themes.php?page=functions.php&saved=true");\r
- die;\r
- }\r
- add_action('admin_head', 'kubrick_theme_page_head');\r
- }\r
- add_theme_page('Customize Header', 'Header Image and Color', 'edit_themes', basename(__FILE__), 'kubrick_theme_page');\r
-}\r
-\r
-function kubrick_theme_page_head() {\r
-?>\r
-<script type="text/javascript" src="../wp-includes/js/colorpicker.js"></script>\r
-<script type='text/javascript'>\r
-// <![CDATA[\r
- function pickColor(color) {\r
- ColorPicker_targetInput.value = color;\r
- kUpdate(ColorPicker_targetInput.id);\r
- }\r
- function PopupWindow_populate(contents) {\r
- contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" value="Close Color Picker" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';\r
- this.contents = contents;\r
- this.populated = false;\r
- }\r
- function PopupWindow_hidePopup(magicword) {\r
- if ( magicword != 'prettyplease' )\r
- return false;\r
- if (this.divName != null) {\r
- if (this.use_gebi) {\r
- document.getElementById(this.divName).style.visibility = "hidden";\r
- }\r
- else if (this.use_css) {\r
- document.all[this.divName].style.visibility = "hidden";\r
- }\r
- else if (this.use_layers) {\r
- document.layers[this.divName].visibility = "hidden";\r
- }\r
- }\r
- else {\r
- if (this.popupWindow && !this.popupWindow.closed) {\r
- this.popupWindow.close();\r
- this.popupWindow = null;\r
- }\r
- }\r
- return false;\r
- }\r
- function colorSelect(t,p) {\r
- if ( cp.p == p && document.getElementById(cp.divName).style.visibility != "hidden" )\r
- cp.hidePopup('prettyplease');\r
- else {\r
- cp.p = p;\r
- cp.select(t,p);\r
- }\r
- }\r
- function PopupWindow_setSize(width,height) {\r
- this.width = 162;\r
- this.height = 210;\r
- }\r
-\r
- var cp = new ColorPicker();\r
- function advUpdate(val, obj) {\r
- document.getElementById(obj).value = val;\r
- kUpdate(obj);\r
- }\r
- function kUpdate(oid) {\r
- if ( 'uppercolor' == oid || 'lowercolor' == oid ) {\r
- uc = document.getElementById('uppercolor').value.replace('#', '');\r
- lc = document.getElementById('lowercolor').value.replace('#', '');\r
- hi = document.getElementById('headerimage');\r
- hi.value = 'header-img.php?upper='+uc+'&lower='+lc;\r
- document.getElementById('header').style.background = 'url("<?php echo get_template_directory_uri(); ?>/images/'+hi.value+'") center no-repeat';\r
- document.getElementById('advuppercolor').value = '#'+uc;\r
- document.getElementById('advlowercolor').value = '#'+lc;\r
- }\r
- if ( 'fontcolor' == oid ) {\r
- document.getElementById('header').style.color = document.getElementById('fontcolor').value;\r
- document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value;\r
- }\r
- if ( 'fontdisplay' == oid ) {\r
- document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;\r
- }\r
- }\r
- function toggleDisplay() {\r
- td = document.getElementById('fontdisplay');\r
- td.value = ( td.value == 'none' ) ? 'inline' : 'none';\r
- kUpdate('fontdisplay');\r
- }\r
- function toggleAdvanced() {\r
- a = document.getElementById('jsAdvanced');\r
- if ( a.style.display == 'none' )\r
- a.style.display = 'block';\r
- else\r
- a.style.display = 'none';\r
- }\r
- function kDefaults() {\r
- document.getElementById('headerimage').value = '';\r
- document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#69aee7';\r
- document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#4180b6';\r
- document.getElementById('header').style.background = 'url("<?php echo get_template_directory_uri(); ?>/images/kubrickheader.jpg") center no-repeat';\r
- document.getElementById('header').style.color = '#FFFFFF';\r
- document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '';\r
- document.getElementById('fontdisplay').value = 'inline';\r
- document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;\r
- }\r
- function kRevert() {\r
- document.getElementById('headerimage').value = '<?php echo kubrick_header_image(); ?>';\r
- document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo kubrick_upper_color(); ?>';\r
- document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo kubrick_lower_color(); ?>';\r
- document.getElementById('header').style.background = 'url("<?php echo kubrick_header_image_url(); ?>") center no-repeat';\r
- document.getElementById('header').style.color = '';\r
- document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo kubrick_header_color_string(); ?>';\r
- document.getElementById('fontdisplay').value = '<?php echo kubrick_header_display_string(); ?>';\r
- document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;\r
- }\r
- function kInit() {\r
- document.getElementById('jsForm').style.display = 'block';\r
- document.getElementById('nonJsForm').style.display = 'none';\r
- }\r
- addLoadEvent(kInit);\r
-// ]]>\r
-</script>\r
-<style type='text/css'>\r
- #headwrap {\r
- text-align: center;\r
- }\r
- #kubrick-header {\r
- font-size: 80%;\r
- }\r
- #kubrick-header .hibrowser {\r
- width: 780px;\r
- height: 260px;\r
- overflow: scroll;\r
- }\r
- #kubrick-header #hitarget {\r
- display: none;\r
- }\r
- #kubrick-header #header h1 {\r
- font-family: 'Trebuchet MS', 'Lucida Grande', Verdana, Arial, Sans-Serif;\r
- font-weight: bold;\r
- font-size: 4em;\r
- text-align: center;\r
- padding-top: 70px;\r
- margin: 0;\r
- }\r
-\r
- #kubrick-header #header .description {\r
- font-family: 'Lucida Grande', Verdana, Arial, Sans-Serif;\r
- font-size: 1.2em;\r
- text-align: center;\r
- }\r
- #kubrick-header #header {\r
- text-decoration: none;\r
- color: <?php echo kubrick_header_color_string(); ?>;\r
- padding: 0;\r
- margin: 0;\r
- height: 200px;\r
- text-align: center;\r
- background: url('<?php echo kubrick_header_image_url(); ?>') center no-repeat;\r
- }\r
- #kubrick-header #headerimg {\r
- margin: 0;\r
- height: 200px;\r
- width: 100%;\r
- display: <?php echo kubrick_header_display_string(); ?>;\r
- }\r
- #jsForm {\r
- display: none;\r
- text-align: center;\r
- }\r
- #jsForm input.submit, #jsForm input.button, #jsAdvanced input.button {\r
- padding: 0px;\r
- margin: 0px;\r
- }\r
- #advanced {\r
- text-align: center;\r
- width: 620px;\r
- }\r
- html>body #advanced {\r
- text-align: center;\r
- position: relative;\r
- left: 50%;\r
- margin-left: -380px;\r
- }\r
- #jsAdvanced {\r
- text-align: right;\r
- }\r
- #nonJsForm {\r
- position: relative;\r
- text-align: left;\r
- margin-left: -370px;\r
- left: 50%;\r
- }\r
- #nonJsForm label {\r
- padding-top: 6px;\r
- padding-right: 5px;\r
- float: left;\r
- width: 100px;\r
- text-align: right;\r
- }\r
- .defbutton {\r
- font-weight: bold;\r
- }\r
- .zerosize {\r
- width: 0px;\r
- height: 0px;\r
- overflow: hidden;\r
- }\r
- #colorPickerDiv a, #colorPickerDiv a:hover {\r
- padding: 1px;\r
- text-decoration: none;\r
- border-bottom: 0px;\r
- }\r
-</style>\r
-<?php\r
-}\r
-\r
-function kubrick_theme_page() {\r
- if ( $_REQUEST['saved'] ) echo '<div id="message" class="updated fade"><p><strong>Options saved.</strong></p></div>';\r
-?>\r
-<div class='wrap'>\r
- <div id="kubrick-header">\r
- <h2>Header Image and Color</h2>\r
- <div id="headwrap">\r
- <div id="header">\r
- <div id="headerimg">\r
- <h1><?php bloginfo('name'); ?></h1>\r
- <div class="description"><?php bloginfo('description'); ?></div>\r
- </div>\r
- </div>\r
- </div>\r
- <br />\r
- <div id="nonJsForm">\r
- <form method="post" action="">\r
- <div class="zerosize"><input type="submit" name="defaultsubmit" value="Save" /></div>\r
- <label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo kubrick_header_color(); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br />\r
- <label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo kubrick_upper_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />\r
- <label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo kubrick_lower_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />\r
- <input type="hidden" name="hi" id="hi" value="<?php echo kubrick_header_image(); ?>" />\r
- <input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />\r
- <input type="submit" name="defaults" value="Use Defaults" />\r
- <input type="submit" class="defbutton" name="submitform" value=" Save " />\r
- <input type="hidden" name="action" value="save" />\r
- <input type="hidden" name="njform" value="true" />\r
- </form>\r
- </div>\r
- <div id="jsForm">\r
- <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">\r
- <input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="Font Color"></input>\r
- <input type="button" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="Upper Color"></input>\r
- <input type="button" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="Lower Color"></input>\r
- <input type="button" name="revert" value="Revert" onclick="kRevert()" />\r
- <input type="button" value="Advanced" onclick="toggleAdvanced()" />\r
- <input type="submit" name="submitform" class="defbutton" value="Save" onclick="cp.hidePopup('prettyplease')" />\r
- <input type="hidden" name="action" value="save" />\r
- <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo kubrick_header_display(); ?>" />\r
- <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo kubrick_header_color(); ?>" />\r
- <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo kubrick_upper_color(); ?>" />\r
- <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo kubrick_lower_color(); ?>" />\r
- <input type="hidden" name="headerimage" id="headerimage" value="<?php echo kubrick_header_image(); ?>" />\r
- </form>\r
- <div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>\r
- <div id="advanced">\r
- <form id="jsAdvanced" style="display:none;" action="">\r
- <label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo kubrick_header_color(); ?>" /><br />\r
- <label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo kubrick_upper_color(); ?>" /><br />\r
- <label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo kubrick_lower_color(); ?>" /><br />\r
- <input type="button" name="default" value="Select Default Colors" onclick="kDefaults()" /><br />\r
- <input type="button" onclick="toggleDisplay();return false;" name="pick" id="pick" value="Toggle Text Display"></input><br />\r
- </form>\r
- </div>\r
- </div>\r
- </div>\r
-</div>\r
-<?php } ?>\r
+<?php
+
+function kubrick_head() {
+ $head = "<style type='text/css'>\n<!--";
+ $output = '';
+ if ( kubrick_header_image() ) {
+ $url = kubrick_header_image_url() ;
+ $output .= "#header { background: url('$url') no-repeat bottom center; }\n";
+ }
+ if ( false !== ( $color = kubrick_header_color() ) ) {
+ $output .= "#headerimg h1 a, #headerimg h1 a:visited, #headerimg .description { color: $color; }\n";
+ }
+ if ( false !== ( $display = kubrick_header_display() ) ) {
+ $output .= "#headerimg { display: $display }\n";
+ }
+ $foot = "--></style>\n";
+ if ( '' != $output )
+ echo $head . $output . $foot;
+}
+
+add_action('wp_head', 'kubrick_head');
+
+function kubrick_header_image() {
+ return apply_filters('kubrick_header_image', get_option('kubrick_header_image'));
+}
+
+function kubrick_upper_color() {
+ if (strpos($url = kubrick_header_image_url(), 'header-img.php?') !== false) {
+ parse_str(substr($url, strpos($url, '?') + 1), $q);
+ return $q['upper'];
+ } else
+ return '69aee7';
+}
+
+function kubrick_lower_color() {
+ if (strpos($url = kubrick_header_image_url(), 'header-img.php?') !== false) {
+ parse_str(substr($url, strpos($url, '?') + 1), $q);
+ return $q['lower'];
+ } else
+ return '4180b6';
+}
+
+function kubrick_header_image_url() {
+ if ( $image = kubrick_header_image() )
+ $url = get_template_directory_uri() . '/images/' . $image;
+ else
+ $url = get_template_directory_uri() . '/images/kubrickheader.jpg';
+
+ return $url;
+}
+
+function kubrick_header_color() {
+ return apply_filters('kubrick_header_color', get_option('kubrick_header_color'));
+}
+
+function kubrick_header_color_string() {
+ $color = kubrick_header_color();
+ if ( false === $color )
+ return 'white';
+
+ return $color;
+}
+
+function kubrick_header_display() {
+ return apply_filters('kubrick_header_display', get_option('kubrick_header_display'));
+}
+
+function kubrick_header_display_string() {
+ $display = kubrick_header_display();
+ return $display ? $display : 'inline';
+}
+
+add_action('admin_menu', 'kubrick_add_theme_page');
+
+function kubrick_add_theme_page() {
+ if ( $_GET['page'] == basename(__FILE__) ) {
+ if ( 'save' == $_REQUEST['action'] ) {
+ check_admin_referer('kubrick-header');
+ if ( isset($_REQUEST['njform']) ) {
+ if ( isset($_REQUEST['defaults']) ) {
+ delete_option('kubrick_header_image');
+ delete_option('kubrick_header_color');
+ delete_option('kubrick_header_display');
+ } else {
+ if ( '' == $_REQUEST['njfontcolor'] )
+ delete_option('kubrick_header_color');
+ else {
+ $fontcolor = preg_replace('/^.*(#[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['njfontcolor']);
+ update_option('kubrick_header_color', $fontcolor);
+ }
+ if ( preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njuppercolor'], $uc) && preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njlowercolor'], $lc) ) {
+ $uc = ( strlen($uc[0]) == 3 ) ? $uc[0]{0}.$uc[0]{0}.$uc[0]{1}.$uc[0]{1}.$uc[0]{2}.$uc[0]{2} : $uc[0];
+ $lc = ( strlen($lc[0]) == 3 ) ? $lc[0]{0}.$lc[0]{0}.$lc[0]{1}.$lc[0]{1}.$lc[0]{2}.$lc[0]{2} : $lc[0];
+ update_option('kubrick_header_image', "header-img.php?upper=$uc&lower=$lc");
+ }
+
+ if ( isset($_REQUEST['toggledisplay']) ) {
+ if ( false === get_option('kubrick_header_display') )
+ update_option('kubrick_header_display', 'none');
+ else
+ delete_option('kubrick_header_display');
+ }
+ }
+ } else {
+
+ if ( isset($_REQUEST['headerimage']) ) {
+ check_admin_referer('kubrick-header');
+ if ( '' == $_REQUEST['headerimage'] )
+ delete_option('kubrick_header_image');
+ else {
+ $headerimage = preg_replace('/^.*?(header-img.php\?upper=[0-9a-fA-F]{6}&lower=[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['headerimage']);
+ update_option('kubrick_header_image', $headerimage);
+ }
+ }
+
+ if ( isset($_REQUEST['fontcolor']) ) {
+ check_admin_referer('kubrick-header');
+ if ( '' == $_REQUEST['fontcolor'] )
+ delete_option('kubrick_header_color');
+ else {
+ $fontcolor = preg_replace('/^.*?(#[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['fontcolor']);
+ update_option('kubrick_header_color', $fontcolor);
+ }
+ }
+
+ if ( isset($_REQUEST['fontdisplay']) ) {
+ check_admin_referer('kubrick-header');
+ if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] )
+ delete_option('kubrick_header_display');
+ else
+ update_option('kubrick_header_display', 'none');
+ }
+ }
+ //print_r($_REQUEST);
+ wp_redirect("themes.php?page=functions.php&saved=true");
+ die;
+ }
+ add_action('admin_head', 'kubrick_theme_page_head');
+ }
+ add_theme_page('Customize Header', 'Header Image and Color', 'edit_themes', basename(__FILE__), 'kubrick_theme_page');
+}
+
+function kubrick_theme_page_head() {
+?>
+<script type="text/javascript" src="../wp-includes/js/colorpicker.js"></script>
+<script type='text/javascript'>
+// <![CDATA[
+ function pickColor(color) {
+ ColorPicker_targetInput.value = color;
+ kUpdate(ColorPicker_targetInput.id);
+ }
+ function PopupWindow_populate(contents) {
+ contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" value="Close Color Picker" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';
+ this.contents = contents;
+ this.populated = false;
+ }
+ function PopupWindow_hidePopup(magicword) {
+ if ( magicword != 'prettyplease' )
+ return false;
+ if (this.divName != null) {
+ if (this.use_gebi) {
+ document.getElementById(this.divName).style.visibility = "hidden";
+ }
+ else if (this.use_css) {
+ document.all[this.divName].style.visibility = "hidden";
+ }
+ else if (this.use_layers) {
+ document.layers[this.divName].visibility = "hidden";
+ }
+ }
+ else {
+ if (this.popupWindow && !this.popupWindow.closed) {
+ this.popupWindow.close();
+ this.popupWindow = null;
+ }
+ }
+ return false;
+ }
+ function colorSelect(t,p) {
+ if ( cp.p == p && document.getElementById(cp.divName).style.visibility != "hidden" )
+ cp.hidePopup('prettyplease');
+ else {
+ cp.p = p;
+ cp.select(t,p);
+ }
+ }
+ function PopupWindow_setSize(width,height) {
+ this.width = 162;
+ this.height = 210;
+ }
+
+ var cp = new ColorPicker();
+ function advUpdate(val, obj) {
+ document.getElementById(obj).value = val;
+ kUpdate(obj);
+ }
+ function kUpdate(oid) {
+ if ( 'uppercolor' == oid || 'lowercolor' == oid ) {
+ uc = document.getElementById('uppercolor').value.replace('#', '');
+ lc = document.getElementById('lowercolor').value.replace('#', '');
+ hi = document.getElementById('headerimage');
+ hi.value = 'header-img.php?upper='+uc+'&lower='+lc;
+ document.getElementById('header').style.background = 'url("<?php echo get_template_directory_uri(); ?>/images/'+hi.value+'") center no-repeat';
+ document.getElementById('advuppercolor').value = '#'+uc;
+ document.getElementById('advlowercolor').value = '#'+lc;
+ }
+ if ( 'fontcolor' == oid ) {
+ document.getElementById('header').style.color = document.getElementById('fontcolor').value;
+ document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value;
+ }
+ if ( 'fontdisplay' == oid ) {
+ document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
+ }
+ }
+ function toggleDisplay() {
+ td = document.getElementById('fontdisplay');
+ td.value = ( td.value == 'none' ) ? 'inline' : 'none';
+ kUpdate('fontdisplay');
+ }
+ function toggleAdvanced() {
+ a = document.getElementById('jsAdvanced');
+ if ( a.style.display == 'none' )
+ a.style.display = 'block';
+ else
+ a.style.display = 'none';
+ }
+ function kDefaults() {
+ document.getElementById('headerimage').value = '';
+ document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#69aee7';
+ document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#4180b6';
+ document.getElementById('header').style.background = 'url("<?php echo get_template_directory_uri(); ?>/images/kubrickheader.jpg") center no-repeat';
+ document.getElementById('header').style.color = '#FFFFFF';
+ document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '';
+ document.getElementById('fontdisplay').value = 'inline';
+ document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
+ }
+ function kRevert() {
+ document.getElementById('headerimage').value = '<?php echo js_escape(kubrick_header_image()); ?>';
+ document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo js_escape(kubrick_upper_color()); ?>';
+ document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo js_escape(kubrick_lower_color()); ?>';
+ document.getElementById('header').style.background = 'url("<?php echo js_escape(kubrick_header_image_url()); ?>") center no-repeat';
+ document.getElementById('header').style.color = '';
+ document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo js_escape(kubrick_header_color_string()); ?>';
+ document.getElementById('fontdisplay').value = '<?php echo js_escape(kubrick_header_display_string()); ?>';
+ document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
+ }
+ function kInit() {
+ document.getElementById('jsForm').style.display = 'block';
+ document.getElementById('nonJsForm').style.display = 'none';
+ }
+ addLoadEvent(kInit);
+// ]]>
+</script>
+<style type='text/css'>
+ #headwrap {
+ text-align: center;
+ }
+ #kubrick-header {
+ font-size: 80%;
+ }
+ #kubrick-header .hibrowser {
+ width: 780px;
+ height: 260px;
+ overflow: scroll;
+ }
+ #kubrick-header #hitarget {
+ display: none;
+ }
+ #kubrick-header #header h1 {
+ font-family: 'Trebuchet MS', 'Lucida Grande', Verdana, Arial, Sans-Serif;
+ font-weight: bold;
+ font-size: 4em;
+ text-align: center;
+ padding-top: 70px;
+ margin: 0;
+ }
+
+ #kubrick-header #header .description {
+ font-family: 'Lucida Grande', Verdana, Arial, Sans-Serif;
+ font-size: 1.2em;
+ text-align: center;
+ }
+ #kubrick-header #header {
+ text-decoration: none;
+ color: <?php echo kubrick_header_color_string(); ?>;
+ padding: 0;
+ margin: 0;
+ height: 200px;
+ text-align: center;
+ background: url('<?php echo kubrick_header_image_url(); ?>') center no-repeat;
+ }
+ #kubrick-header #headerimg {
+ margin: 0;
+ height: 200px;
+ width: 100%;
+ display: <?php echo kubrick_header_display_string(); ?>;
+ }
+ #jsForm {
+ display: none;
+ text-align: center;
+ }
+ #jsForm input.submit, #jsForm input.button, #jsAdvanced input.button {
+ padding: 0px;
+ margin: 0px;
+ }
+ #advanced {
+ text-align: center;
+ width: 620px;
+ }
+ html>body #advanced {
+ text-align: center;
+ position: relative;
+ left: 50%;
+ margin-left: -380px;
+ }
+ #jsAdvanced {
+ text-align: right;
+ }
+ #nonJsForm {
+ position: relative;
+ text-align: left;
+ margin-left: -370px;
+ left: 50%;
+ }
+ #nonJsForm label {
+ padding-top: 6px;
+ padding-right: 5px;
+ float: left;
+ width: 100px;
+ text-align: right;
+ }
+ .defbutton {
+ font-weight: bold;
+ }
+ .zerosize {
+ width: 0px;
+ height: 0px;
+ overflow: hidden;
+ }
+ #colorPickerDiv a, #colorPickerDiv a:hover {
+ padding: 1px;
+ text-decoration: none;
+ border-bottom: 0px;
+ }
+</style>
+<?php
+}
+
+function kubrick_theme_page() {
+ if ( $_REQUEST['saved'] ) echo '<div id="message" class="updated fade"><p><strong>Options saved.</strong></p></div>';
+?>
+<div class='wrap'>
+ <div id="kubrick-header">
+ <h2>Header Image and Color</h2>
+ <div id="headwrap">
+ <div id="header">
+ <div id="headerimg">
+ <h1><?php bloginfo('name'); ?></h1>
+ <div class="description"><?php bloginfo('description'); ?></div>
+ </div>
+ </div>
+ </div>
+ <br />
+ <div id="nonJsForm">
+ <form method="post" action="">
+ <?php wp_nonce_field('kubrick-header'); ?>
+ <div class="zerosize"><input type="submit" name="defaultsubmit" value="Save" /></div>
+ <label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br />
+ <label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
+ <label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
+ <input type="hidden" name="hi" id="hi" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
+ <input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />
+ <input type="submit" name="defaults" value="Use Defaults" />
+ <input type="submit" class="defbutton" name="submitform" value=" Save " />
+ <input type="hidden" name="action" value="save" />
+ <input type="hidden" name="njform" value="true" />
+ </form>
+ </div>
+ <div id="jsForm">
+ <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attribute_escape($_SERVER['REQUEST_URI']); ?>">
+ <?php wp_nonce_field('kubrick-header'); ?>
+ <input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="Font Color"></input>
+ <input type="button" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="Upper Color"></input>
+ <input type="button" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="Lower Color"></input>
+ <input type="button" name="revert" value="Revert" onclick="kRevert()" />
+ <input type="button" value="Advanced" onclick="toggleAdvanced()" />
+ <input type="hidden" name="action" value="save" />
+ <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attribute_escape(kubrick_header_display()); ?>" />
+ <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" />
+ <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attribute_escape(kubrick_upper_color()); ?>" />
+ <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attribute_escape(kubrick_lower_color()); ?>" />
+ <input type="hidden" name="headerimage" id="headerimage" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
+ <p class="submit"><input type="submit" name="submitform" class="defbutton" value="<?php _e('Update Header »'); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
+ </form>
+ <div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
+ <div id="advanced">
+ <form id="jsAdvanced" style="display:none;" action="">
+ <?php wp_nonce_field('kubrick-header'); ?>
+ <label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /><br />
+ <label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /><br />
+ <label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /><br />
+ <input type="button" name="default" value="Select Default Colors" onclick="kDefaults()" /><br />
+ <input type="button" onclick="toggleDisplay();return false;" name="pick" id="pick" value="Toggle Text Display"></input><br />
+ </form>
+ </div>
+ </div>
+ </div>
+</div>
+<?php } ?>
<form method="get" id="searchform" action="<?php bloginfo('home'); ?>/">
-<div><input type="text" value="<?php echo wp_specialchars($s, 1); ?>" name="s" id="s" />
+<div><input type="text" value="<?php echo attribute_escape($s); ?>" name="s" id="s" />
<input type="submit" id="searchsubmit" value="Search" />
</div>
</form>
function wp_cache_close() {
global $wp_object_cache;
+ if ( ! isset($wp_object_cache) )
+ return;
return $wp_object_cache->save();
}
}
function wp_cache_init() {
- global $wp_object_cache;
-
- $wp_object_cache = new WP_Object_Cache();
+ $GLOBALS['wp_object_cache'] =& new WP_Object_Cache();
}
function wp_cache_replace($key, $data, $flag = '', $expire = 0) {
}
function WP_Object_Cache() {
+ return $this->__construct();
+ }
+
+ function __construct() {
global $blog_id;
+ register_shutdown_function(array(&$this, "__destruct"));
+
if (defined('DISABLE_CACHE'))
return;
$this->blog_id = $this->hash($blog_id);
}
+
+ function __destruct() {
+ $this->save();
+ return true;
+ }
}
?>
$fp = fopen($file_name, "r");
while (!feof($fp)) {
- $file_content = fread($fp, filesize($file_name));
+ $file_content .= fread($fp, filesize($file_name));
}
fclose($fp);
$base_name = basename($file_name);
// If year, month, day, hour, minute, and second are set, a single
// post is being queried.
$this->is_single = true;
- } elseif ('' != $qv['static'] || '' != $qv['pagename'] || '' != $qv['page_id']) {
+ } elseif ('' != $qv['static'] || '' != $qv['pagename'] || (int) $qv['page_id']) {
$this->is_page = true;
$this->is_single = false;
} elseif (!empty($qv['s'])) {
}
function set_404() {
+ $is_feed = $this->is_feed;
+
$this->init_query_flags();
- $this->is_404 = true;
+ $this->is_404 = true;
+
+ $this->is_feed = $is_feed;
}
function get($query_var) {
}
if ( $this->is_attachment ) {
- $where .= ' AND (post_status = "attachment")';
+ $where .= " AND (post_status = 'attachment')";
} elseif ($this->is_page) {
- $where .= ' AND (post_status = "static")';
+ $where .= " AND (post_status = 'static')";
} elseif ($this->is_single) {
- $where .= ' AND (post_status != "static")';
+ $where .= " AND (post_status != 'static')";
} else {
- $where .= ' AND (post_status = "publish"';
+ $where .= " AND (post_status = 'publish'";
if (isset($user_ID) && ('' != intval($user_ID)))
$where .= " OR post_author = $user_ID AND post_status != 'draft' AND post_status != 'static')";
}
if (! $this->is_attachment )
- $where .= ' AND post_status != "attachment"';
+ $where .= " AND post_status != 'attachment'";
// Apply filters on where and join prior to paging so that any
// manipulations to them are reflected in the paging by day queries.
$list = array_unique( $list );
$this->spam_words = $list;
- $this->comment_list = $wpdb->get_results("SELECT comment_ID AS ID, comment_content AS text, comment_approved AS approved, comment_author_url AS url, comment_author_ip AS ip, comment_author_email AS email FROM $wpdb->comments ORDER BY comment_ID ASC");
+ $this->comment_list = (array) $wpdb->get_results("SELECT comment_ID AS ID, comment_content AS text, comment_approved AS approved, comment_author_url AS url, comment_author_ip AS ip, comment_author_email AS email FROM $wpdb->comments ORDER BY comment_ID ASC");
} // End of class constructor
function move_spam( $id_list ) {
$cnt++;
}
}
- echo "<div class='updated'><p>$cnt comment";
- if ($cnt != 1 ) echo "s";
- echo " moved to the moderation queue.</p></div>\n";
+ echo "<div class='updated'><p> ";
+ printf(__('%d comment(s) moved to the moderation queue.'), $cnt);
+ echo "</p></div>\n";
} // End function move_spam
function find_spam() {
$numfound = count($counters[found]);
$numqueue = $counters[in_queue];
- $body = '<p>' . sprintf(__('Suspected spam comments: <strong>%s</strong>'), $numfound) . '</p>';
+ $body = '<p>' . sprintf(__('Suspected spam comments: %s'), "<strong>$numfound</strong>") . '</p>';
if ( count($counters[found]) > 0 ) {
$id_list = implode( ',', $counters[found] );
$front = $front . 'date/';
break;
}
+ $tok_index++;
}
$this->date_structure = $front . $date_endian;
if (empty($this->permalink_structure)) {
return $rewrite;
}
+ //Default Feed rules - These are require to allow for the direct access files to work with permalink structure starting with %category%
+ $default_feeds = array( 'wp-atom.php$' => $this->index .'?feed=atom',
+ 'wp-rdf.php$' => $this->index .'?feed=rdf',
+ 'wp-rss.php$' => $this->index .'?feed=rss',
+ 'wp-rss2.php$' => $this->index .'?feed=rss2',
+ 'wp-feed.php$' => $this->index .'?feed=feed',
+ 'wp-commentsrss2.php$' => $this->index . '?feed=rss2&withcomments=1');
+
// Post
$post_rewrite = $this->generate_rewrite_rules($this->permalink_structure);
$page_rewrite = apply_filters('page_rewrite_rules', $page_rewrite);
// Put them together.
- $this->rules = array_merge($page_rewrite, $root_rewrite, $comments_rewrite, $search_rewrite, $category_rewrite, $author_rewrite, $date_rewrite, $post_rewrite);
+ $this->rules = array_merge($default_feeds, $page_rewrite, $root_rewrite, $comments_rewrite, $search_rewrite, $category_rewrite, $author_rewrite, $date_rewrite, $post_rewrite);
do_action('generate_rewrite_rules', array(&$this));
$this->rules = apply_filters('rewrite_rules_array', $this->rules);
$pathinfo = $_SERVER['PATH_INFO'];
$pathinfo_array = explode('?', $pathinfo);
- $pathinfo = $pathinfo_array[0];
+ $pathinfo = str_replace("%", "%25", $pathinfo_array[0]);
$req_uri = $_SERVER['REQUEST_URI'];
$req_uri_array = explode('?', $req_uri);
$req_uri = $req_uri_array[0];
$this->query_vars[$wpvar] = $query_vars[$wpvar];
else
$this->query_vars[$wpvar] = '';
+
+ if ( !empty( $this->query_vars[$wpvar] ) )
+ $this->query_vars[$wpvar] = (string) $this->query_vars[$wpvar];
}
if ( isset($error) )
nocache_headers();
if ( !empty($this->query_vars['error']) && '404' == $this->query_vars['error'] ) {
status_header( 404 );
+ if ( !is_user_logged_in() )
+ nocache_headers();
@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
} else if ( empty($this->query_vars['feed']) ) {
@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
@header("ETag: $wp_etag");
// Support for Conditional GET
- if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) $client_etag = stripslashes($_SERVER['HTTP_IF_NONE_MATCH']);
+ if (isset($_SERVER['HTTP_IF_NONE_MATCH']))
+ $client_etag = stripslashes(stripslashes($_SERVER['HTTP_IF_NONE_MATCH']));
else $client_etag = false;
$client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE']);
foreach ($this->public_query_vars as $wpvar) {
if (isset($this->query_vars[$wpvar]) && '' != $this->query_vars[$wpvar]) {
$this->query_string .= (strlen($this->query_string) < 1) ? '' : '&';
+ if ( !is_scalar($this->query_vars[$wpvar]) ) // Discard non-scalars.
+ continue;
$this->query_string .= $wpvar . '=' . rawurlencode($this->query_vars[$wpvar]);
}
}
if ( (0 == count($wp_query->posts)) && !is_404() && !is_search() && ( $this->did_permalink || (!empty($_SERVER['QUERY_STRING']) && (false === strpos($_SERVER['REQUEST_URI'], '?'))) ) ) {
$wp_query->set_404();
status_header( 404 );
+ nocache_headers();
} elseif( is_404() != true ) {
status_header( 200 );
}
// Template functions
+function wp_comment_form_unfiltered_html_nonce() {
+ global $post;
+ if ( current_user_can('unfiltered_html') )
+ wp_nonce_field('unfiltered-html-comment_' . $post->ID, '_wp_unfiltered_html_comment', false);
+}
+
function comments_template( $file = '/comments.php' ) {
global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;
('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id')
");
- $id = $wpdb->insert_id;
+ $id = (int) $wpdb->insert_id;
if ( $comment_approved == 1) {
$count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_approved = '1'");
global $wpdb;
extract($commentdata);
- $comment_user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($comment_author_IP) );
-
// Simple duplicate check
$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' ";
if ( $comment_author_email )
return true;
}
-function clean_url( $url ) {
- if ('' == $url) return $url;
- $url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $url);
- $url = str_replace(';//', '://', $url);
- $url = (!strstr($url, '://')) ? 'http://'.$url : $url;
- $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
- return $url;
-}
-
function get_comments_number( $post_id = 0 ) {
global $wpdb, $comment_count_cache, $id;
$post_id = (int) $post_id;
if ( !$post_id )
- $post_id = $id;
+ $post_id = (int) $id;
if ( !isset($comment_count_cache[$post_id]) )
$comment_count_cache[$id] = $wpdb->get_var("SELECT comment_count FROM $wpdb->posts WHERE ID = '$post_id'");
if (!empty($CSSclass)) {
echo ' class="'.$CSSclass.'"';
}
- $title = wp_specialchars(apply_filters('the_title', get_the_title()), true);
+ $title = attribute_escape(apply_filters('the_title', get_the_title()));
echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">';
comments_number($zero, $one, $more, $number);
echo '</a>';
if (1 == get_settings('comment_moderation')) return false; // If moderation is set to manual
- if ( (count(explode('http:', $comment)) - 1) >= get_settings('comment_max_links') )
+ if ( preg_match_all("|(href\t*?=\t*?['\"]?)?(https?:)?//|i", $comment, $out) >= get_option('comment_max_links') )
return false; // Check # of external links
$mod_keys = trim( get_settings('moderation_keys') );
if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
$comment_author = stripslashes($comment_author);
- $comment_author = wp_specialchars($comment_author, true);
+ $comment_author = attribute_escape($comment_author);
$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
}
if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
$comment_author_email = stripslashes($comment_author_email);
- $comment_author_email = wp_specialchars($comment_author_email, true);
+ $comment_author_email = attribute_escape($comment_author_email);
$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
}
if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
$comment_author_url = stripslashes($comment_author_url);
- $comment_author_url = wp_specialchars($comment_author_url, true);
+ $comment_author_url = attribute_escape($comment_author_url);
$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
}
}
add_filter('pre_comment_author_email', 'wp_filter_kses');
add_filter('pre_comment_author_url', 'wp_filter_kses');
+add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce');
+
// Default filters for these functions
add_filter('comment_author', 'wptexturize');
add_filter('comment_author', 'convert_chars');
add_filter('pre_category_name', 'wp_specialchars', 30);
add_filter('pre_category_description', 'wp_filter_kses');
+//Links
+add_filter('pre_link_name', 'strip_tags');
+add_filter('pre_link_name', 'trim');
+add_filter('pre_link_name', 'wp_filter_kses');
+add_filter('pre_link_name', 'wp_specialchars', 30);
+add_filter('pre_link_description', 'wp_filter_kses');
+add_filter('pre_link_notes', 'wp_filter_kses');
+add_filter('pre_link_url', 'strip_tags');
+add_filter('pre_link_url', 'trim');
+add_filter('pre_link_url', 'clean_url');
+add_filter('pre_link_image', 'strip_tags');
+add_filter('pre_link_image', 'trim');
+add_filter('pre_link_image', 'clean_url');
+add_filter('pre_link_rss', 'strip_tags');
+add_filter('pre_link_rss', 'trim');
+add_filter('pre_link_rss', 'clean_url');
+add_filter('pre_link_target', 'strip_tags');
+add_filter('pre_link_target', 'trim');
+add_filter('pre_link_target', 'wp_filter_kses');
+add_filter('pre_link_target', 'wp_specialchars', 30);
+add_filter('pre_link_rel', 'strip_tags');
+add_filter('pre_link_rel', 'trim');
+add_filter('pre_link_rel', 'wp_filter_kses');
+add_filter('pre_link_rel', 'wp_specialchars', 30);
+
// Users
add_filter('pre_user_display_name', 'strip_tags');
add_filter('pre_user_display_name', 'trim');
add_filter('bloginfo_rss', 'ent2ncr', 8);
add_filter('the_author', 'ent2ncr', 8);
+// Misc filters
+add_filter('option_blog_charset', 'wp_specialchars');
+
// Actions
add_action('publish_post', 'generic_ping');
add_action('wp_head', 'rsd_link');
foreach ($categories as $category) {
$category->cat_name = convert_chars($category->cat_name);
if ('rdf' == $type) {
- $the_list .= "\n\t<dc:subject>$category->cat_name</dc:subject>";
+ $the_list .= "\n\t\t<dc:subject>$category->cat_name</dc:subject>\n";
} else {
- $the_list .= "\n\t<category>$category->cat_name</category>";
+ $the_list .= "\n\t\t<category>$category->cat_name</category>\n";
}
}
echo apply_filters('the_category_rss', $the_list, $type);
<?php
function wptexturize($text) {
+ global $wp_cockneyreplace;
$output = '';
// Capture tags and everything inside them
$textarr = preg_split("/(<.*>)/Us", $text, -1, PREG_SPLIT_DELIM_CAPTURE);
$curl = str_replace('...', '…', $curl);
$curl = str_replace('``', '“', $curl);
- // This is a hack, look at this more later. It works pretty well though.
- $cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause");
- $cockneyreplace = array("’tain’t","’twere","’twas","’tis","’twill","’til","’bout","’nuff","’round","’cause");
+ // if a plugin has provided an autocorrect array, use it
+ if ( isset($wp_cockneyreplace) ) {
+ $cockney = array_keys($wp_cockneyreplace);
+ $cockney_replace = array_values($wp_cockneyreplace);
+ } else {
+ $cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause");
+ $cockneyreplace = array("’tain’t","’twere","’twas","’tis","’twill","’til","’bout","’nuff","’round","’cause");
+ }
+
$curl = str_replace($cockney, $cockneyreplace, $curl);
$curl = preg_replace("/'s/", '’s', $curl);
$pee = preg_replace('!(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee);
if ($br) $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
$pee = preg_replace('!(</?(?:table|thead|tfoot|caption|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*<br />!', "$1", $pee);
- $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)>)!', '$1', $pee);
+ $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
$pee = preg_replace('!(<pre.*?>)(.*?)</pre>!ise', " stripslashes('$1') . stripslashes(clean_pre('$2')) . '</pre>' ", $pee);
return $pee;
chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
// Euro Sign
- chr(226).chr(130).chr(172) => 'E');
-
+ chr(226).chr(130).chr(172) => 'E',
+ // GBP (Pound) Sign
+ chr(194).chr(163) => '');
+
$string = strtr($string, $chars);
} else {
// Assume ISO-8859-1 if not UTF-8
/*
balanceTags
-
+
Balances Tags of string using a modified stack.
-
+
@param text Text to be balanced
+ @param force Forces balancing, ignoring the value of the option
@return Returns balanced text
@author Leonard Lin (leonard@acm.org)
@version v1.1
@date November 4, 2001
@license GPL v2.0
- @notes
- @changelog
+ @notes
+ @changelog
--- Modified by Scott Reilly (coffee2code) 02 Aug 2004
- 1.2 ***TODO*** Make better - change loop condition to $text
- 1.1 Fixed handling of append/stack pop order of end text
- Added Cleaning Hooks
- 1.0 First Version
+ 1.2 ***TODO*** Make better - change loop condition to $text
+ 1.1 Fixed handling of append/stack pop order of end text
+ Added Cleaning Hooks
+ 1.0 First Version
*/
-function balanceTags($text, $is_comment = 0) {
-
- if ( get_option('use_balanceTags') == 0)
+function balanceTags($text, $force = false) {
+
+ if ( !$force && get_option('use_balanceTags') == 0 )
return $text;
$tagstack = array(); $stacksize = 0; $tagqueue = ''; $newtext = '';
if ($regex[1][0] == "/") { // End Tag
$tag = strtolower(substr($regex[1],1));
// if too many closing tags
- if($stacksize <= 0) {
+ if($stacksize <= 0) {
$tag = '';
//or close to be safe $tag = '/' . $tag;
}
}
$newtext .= substr($text,0,$i) . $tag;
$text = substr($text,$i+$l);
- }
+ }
// Clear Tag Queue
$newtext .= $tagqueue;
}
function force_balance_tags($text) {
- return balanceTags($text, 0, true);
+ return balanceTags($text, true);
}
function format_to_edit($content, $richedit = false) {
function make_clickable($ret) {
$ret = ' ' . $ret;
- $ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='$2' rel='nofollow'>$2</a>", $ret);
- $ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='http://$2' rel='nofollow'>$2</a>", $ret);
- $ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3\">$2@$3</a>", $ret);
- $ret = substr($ret, 1);
+ // in testing, using arrays here was found to be faster
+ $ret = preg_replace(
+ array(
+ '#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is',
+ '#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is',
+ '#([\s>])([a-z0-9\-_.]+)@([^,< \n\r]+)#i'),
+ array(
+ '$1<a href="$2" rel="nofollow">$2</a>',
+ '$1<a href="http://$2" rel="nofollow">$2</a>',
+ '$1<a href="mailto:$2@$3">$2@$3</a>'),$ret);
+ // this one is not in an array because we need it to run last, for cleanup of accidental links within links
+ $ret = preg_replace("#(<a( [^>]+?>|>))<a [^>]+?>([^>]+?)</a></a>#i", "$1$3</a>", $ret);
$ret = trim($ret);
return $ret;
}
function wp_rel_nofollow( $text ) {
- $text = preg_replace('|<a (.+?)>|i', '<a $1 rel="nofollow">', $text);
+ $text = preg_replace('|<a (.+?)>|ie', "'<a ' . str_replace(' rel=\"nofollow\"','',stripslashes('$1')) . ' rel=\"nofollow\">'", $text);
return $text;
}
return apply_filters('richedit_pre', $output);
}
+function clean_url( $url, $protocols = null ) {
+ if ('' == $url) return $url;
+ $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%]|i', '', $url);
+ $strip = array('%0d', '%0a');
+ $url = str_replace($strip, '', $url);
+ $url = str_replace(';//', '://', $url);
+ // Append http unless a relative link starting with / or a php file.
+ if ( strpos($url, '://') === false &&
+ substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9]+?\.php/i', $url) )
+ $url = 'http://' . $url;
+
+ $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
+ if ( !is_array($protocols) )
+ $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
+ if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
+ return '';
+ return $url;
+}
+
// Escape single quotes, specialchar double quotes, and fix line endings.
function js_escape($text) {
- $text = wp_specialchars($text, 'double');
- $text = str_replace(''', "'", $text);
- return preg_replace("/\r?\n/", "\\n", addslashes($text));
+ $safe_text = wp_specialchars($text, 'double');
+ $safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text));
+ $safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text));
+ return apply_filters('js_escape', $safe_text, $text);
}
+
+// Escaping for HTML attributes
+function attribute_escape($text) {
+ $safe_text = wp_specialchars($text, true);
+ return apply_filters('attribute_escape', $safe_text, $text);
+}
+
?>
// Get the basics.
$post_content = apply_filters('content_save_pre', $post_content);
+ $post_content_filtered = apply_filters('content_filtered_save_pre', $post_content_filtered);
$post_excerpt = apply_filters('excerpt_save_pre', $post_excerpt);
$post_title = apply_filters('title_save_pre', $post_title);
$post_category = apply_filters('category_save_pre', $post_category);
// Get the post ID.
if ( $update )
- $post_ID = $ID;
+ $post_ID = (int) $ID;
// Create a valid post name. Drafts are allowed to have an empty
// post name.
// Get the basics.
$post_content = apply_filters('content_save_pre', $post_content);
+ $post_content_filtered = apply_filters('content_filtered_save_pre', $post_content_filtered);
$post_excerpt = apply_filters('excerpt_save_pre', $post_excerpt);
$post_title = apply_filters('title_save_pre', $post_title);
$post_category = apply_filters('category_save_pre', $post_category);
post_date = '$post_date',
post_date_gmt = '$post_date_gmt',
post_content = '$post_content',
+ post_content_filtered = '$post_content_filtered',
post_title = '$post_title',
post_excerpt = '$post_excerpt',
post_status = '$post_status',
} else {
$wpdb->query(
"INSERT INTO $wpdb->posts
- (post_author, post_date, post_date_gmt, post_content, post_title, post_excerpt, post_status, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
+ (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
VALUES
- ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_title', '$post_excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
+ ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
$post_ID = $wpdb->insert_id;
}
global $wpdb;
// Set the limit clause, if we got a limit
+ $num = (int) $num;
if ($num) {
$limit = "LIMIT $num";
}
function wp_set_post_cats($blogid = '1', $post_ID = 0, $post_categories = array()) {
global $wpdb;
+
+ $post_ID = (int) $post_ID;
+
// If $post_categories isn't already an array, make it one:
if (!is_array($post_categories) || 0 == count($post_categories))
$post_categories = array(get_option('default_category'));
$old_categories = $wpdb->get_col("
SELECT category_id
FROM $wpdb->post2cat
- WHERE post_id = $post_ID");
+ WHERE post_id = '$post_ID'");
if (!$old_categories) {
$old_categories = array();
foreach ($delete_cats as $del) {
$wpdb->query("
DELETE FROM $wpdb->post2cat
- WHERE category_id = $del
- AND post_id = $post_ID
+ WHERE category_id = '$del'
+ AND post_id = '$post_ID'
");
}
}
if ($add_cats) {
foreach ($add_cats as $new_cat) {
- $wpdb->query("
- INSERT INTO $wpdb->post2cat (post_id, category_id)
- VALUES ($post_ID, $new_cat)");
+ $new_cat = (int) $new_cat;
+ if ( !empty($new_cat) )
+ $wpdb->query("
+ INSERT INTO $wpdb->post2cat (post_id, category_id)
+ VALUES ('$post_ID', '$new_cat')");
}
}
-
+
// Update category counts.
$all_affected_cats = array_unique(array_merge($post_categories, $old_categories));
foreach ( $all_affected_cats as $cat_id ) {
if ( 'static' == $post->post_status )
$wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_status = 'static'");
+ $wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_status = 'attachment'");
+
$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
function wp_proxy_check($ipnum) {
if ( get_option('open_proxy_check') && isset($ipnum) ) {
+ $ipnum = preg_replace( '/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/', '$1', $ipnum );
$rev_ip = implode( '.', array_reverse( explode( '.', $ipnum ) ) );
$lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
if ( $lookup != gethostbyname( $lookup ) )
function get_usernumposts($userid) {
global $wpdb;
+ $userid = (int) $userid;
return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$userid' AND post_status = 'publish'");
}
function maybe_unserialize($original) {
- if ( false !== $gm = @ unserialize($original) )
- return $gm;
- else
- return $original;
+ if ( is_serialized($original) ) // don't attempt to unserialize data that wasn't serialized going in
+ if ( false !== $gm = @ unserialize($original) )
+ return $gm;
+ return $original;
+}
+
+function maybe_serialize($data) {
+ if ( is_string($data) )
+ $data = trim($data);
+ elseif ( is_array($data) || is_object($data) )
+ return serialize($data);
+ if ( is_serialized($data) )
+ return serialize($data);
+ return $data;
+}
+
+function is_serialized($data) {
+ if ( !is_string($data) ) // if it isn't a string, it isn't serialized
+ return false;
+ $data = trim($data);
+ if ( preg_match("/^[adobis]:[0-9]+:.*[;}]/si",$data) ) // this should fetch all legitimately serialized data
+ return true;
+ return false;
+}
+
+function is_serialized_string($data) {
+ if ( !is_string($data) ) // if it isn't a string, it isn't a serialized string
+ return false;
+ $data = trim($data);
+ if ( preg_match("/^s:[0-9]+:.*[;}]/si",$data) ) // this should fetch all serialized strings
+ return true;
+ return false;
}
/* Options functions */
+// expects $setting to already be SQL-escaped
function get_settings($setting) {
global $wpdb;
}
function form_option($option) {
- echo htmlspecialchars( get_option($option), ENT_QUOTES );
+ echo attribute_escape( get_option($option));
}
function get_alloptions() {
return apply_filters('all_options', $all_options);
}
+// expects $option_name to NOT be SQL-escaped
function update_option($option_name, $newvalue) {
global $wpdb;
+ $safe_option_name = $wpdb->escape($option_name);
+
if ( is_string($newvalue) )
$newvalue = trim($newvalue);
// If the new and old values are the same, no need to update.
- $oldvalue = get_option($option_name);
+ $oldvalue = get_option($safe_option_name);
if ( $newvalue == $oldvalue ) {
return false;
}
}
$_newvalue = $newvalue;
- if ( is_array($newvalue) || is_object($newvalue) )
- $newvalue = serialize($newvalue);
+ $newvalue = maybe_serialize($newvalue);
wp_cache_set($option_name, $newvalue, 'options');
}
// thx Alex Stapleton, http://alex.vort-x.net/blog/
+// expects $name to NOT be SQL-escaped
function add_option($name, $value = '', $description = '', $autoload = 'yes') {
global $wpdb;
+ $safe_name = $wpdb->escape($name);
+
// Make sure the option doesn't already exist
- if ( false !== get_option($name) )
+ if ( false !== get_option($safe_name) )
return;
- if ( is_array($value) || is_object($value) )
- $value = serialize($value);
+ $value = maybe_serialize($value);
wp_cache_set($name, $value, 'options');
function add_post_meta($post_id, $key, $value, $unique = false) {
global $wpdb, $post_meta_cache;
+ $post_id = (int) $post_id;
+
if ( $unique ) {
- if ( $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key
-= '$key' AND post_id = '$post_id'") ) {
+ if ( $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) {
return false;
}
}
- $original = $value;
- if ( is_array($value) || is_object($value) )
- $value = $wpdb->escape(serialize($value));
+ $post_meta_cache[$post_id][$key][] = $value;
- $wpdb->query("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')");
+ $value = maybe_serialize($value);
+ $value = $wpdb->escape($value);
- $post_meta_cache['$post_id'][$key][] = $original;
+ $wpdb->query("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')");
return true;
}
function delete_post_meta($post_id, $key, $value = '') {
global $wpdb, $post_meta_cache;
+ $post_id = (int) $post_id;
+
if ( empty($value) ) {
- $meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE
-post_id = '$post_id' AND meta_key = '$key'");
+ $meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'");
} else {
- $meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE
-post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'");
+ $meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'");
}
if ( !$meta_id )
return false;
if ( empty($value) ) {
- $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id'
-AND meta_key = '$key'");
- unset($post_meta_cache['$post_id'][$key]);
+ $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'");
+ unset($post_meta_cache[$post_id][$key]);
} else {
- $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id'
-AND meta_key = '$key' AND meta_value = '$value'");
- $cache_key = $post_meta_cache['$post_id'][$key];
+ $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'");
+ $cache_key = $post_meta_cache[$post_id][$key];
if ($cache_key) foreach ( $cache_key as $index => $data )
if ( $data == $value )
- unset($post_meta_cache['$post_id'][$key][$index]);
+ unset($post_meta_cache[$post_id][$key][$index]);
}
- unset($post_meta_cache['$post_id'][$key]);
+ unset($post_meta_cache[$post_id][$key]);
return true;
}
function get_post_meta($post_id, $key, $single = false) {
global $wpdb, $post_meta_cache;
+ $post_id = (int) $post_id;
+
if ( isset($post_meta_cache[$post_id][$key]) ) {
if ( $single ) {
return maybe_unserialize( $post_meta_cache[$post_id][$key][0] );
function update_post_meta($post_id, $key, $value, $prev_value = '') {
global $wpdb, $post_meta_cache;
+ $post_id = (int) $post_id;
+
$original_value = $value;
- if ( is_array($value) || is_object($value) )
- $value = $wpdb->escape(serialize($value));
+ $value = maybe_serialize($value);
+ $value = $wpdb->escape($value);
$original_prev = $prev_value;
- if ( is_array($prev_value) || is_object($prev_value) )
- $prev_value = $wpdb->escape(serialize($prev_value));
+ $prev_value = maybe_serialize($prev_value);
+ $prev_value = $wpdb->escape($prev_value);
- if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key
-= '$key' AND post_id = '$post_id'") ) {
+ if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) {
return false;
}
if ( empty($prev_value) ) {
- $wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE
-meta_key = '$key' AND post_id = '$post_id'");
- $cache_key = $post_meta_cache['$post_id'][$key];
+ $wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id'");
+ $cache_key = $post_meta_cache[$post_id][$key];
if ( !empty($cache_key) )
foreach ($cache_key as $index => $data)
- $post_meta_cache['$post_id'][$key][$index] = $original_value;
+ $post_meta_cache[$post_id][$key][$index] = $original_value;
} else {
- $wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE
-meta_key = '$key' AND post_id = '$post_id' AND meta_value = '$prev_value'");
- $cache_key = $post_meta_cache['$post_id'][$key];
+ $wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id' AND meta_value = '$prev_value'");
+ $cache_key = $post_meta_cache[$post_id][$key];
if ( !empty($cache_key) )
foreach ($cache_key as $index => $data)
if ( $data == $original_prev )
- $post_meta_cache['$post_id'][$key][$index] = $original_value;
+ $post_meta_cache[$post_id][$key][$index] = $original_value;
}
return true;
$post_cache[$post->ID] = &$post;
$_post = & $post_cache[$post->ID];
} else {
+ $post = (int) $post;
if ( $_post = wp_cache_get($post, 'pages') )
return get_page($_post, $output);
elseif ( isset($post_cache[$post]) )
wp_cache_add($page->ID, $page, 'pages');
$_page = $page;
} else {
+ $page = (int) $page;
if ( isset($GLOBALS['page']) && ($page == $GLOBALS['page']->ID) ) {
$_page = & $GLOBALS['page'];
wp_cache_add($_page->ID, $_page, 'pages');
wp_cache_add($category->cat_ID, $category, 'category');
$_category = $category;
} else {
+ $category = (int) $category;
if ( ! $_category = wp_cache_get($category, 'category') ) {
$_category = $wpdb->get_row("SELECT * FROM $wpdb->categories WHERE cat_ID = '$category' LIMIT 1");
wp_cache_add($category, $_category, 'category');
$comment_cache[$comment->comment_ID] = &$comment;
$_comment = & $comment_cache[$comment->comment_ID];
} else {
+ $comment = (int) $comment;
if ( !isset($comment_cache[$comment]) ) {
$_comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment' LIMIT 1");
$comment_cache[$comment->comment_ID] = & $_comment;
$mtime = $mtime[1] + $mtime[0];
$timeend = $mtime;
$timetotal = $timeend-$timestart;
+ $r = number_format($timetotal, $precision);
if ( $display )
- echo number_format($timetotal,$precision);
- return $timetotal;
+ echo $r;
+ return $r;
}
function weblog_ping($server = '', $path = '') {
}
if ( isset($wp_filter[$tag]) )
- ksort( $wp_filter[$tag] );
+ uksort( $wp_filter[$tag], "strnatcasecmp" );
}
function apply_filters($tag, $string) {
// Change from flat structure to hierarchical:
$post_meta_cache = array();
foreach ($meta_list as $metarow) {
- $mpid = $metarow['post_id'];
+ $mpid = (int) $metarow['post_id'];
$mkey = $metarow['meta_key'];
$mval = $metarow['meta_value'];
function get_page_template() {
global $wp_query;
- $id = $wp_query->post->ID;
+ $id = (int) $wp_query->post->ID;
$template = get_post_meta($id, '_wp_page_template', true);
if ( 'default' == $template )
$uri = @func_get_arg(2);
}
+ if ( $frag = strstr($uri, '#') )
+ $uri = substr($uri, 0, -strlen($frag));
+ else
+ $frag = '';
+
if ( preg_match('|^https?://|i', $uri, $matches) ) {
$protocol = $matches[0];
$uri = substr($uri, strlen($protocol));
$ret .= "$k=$v";
}
}
- $ret = $protocol . $base . $ret;
+ $ret = $protocol . $base . $ret . $frag;
return trim($ret, '?');
}
return add_query_arg($key, '', $query);
}
-function load_template($file) {
+function load_template($_template_file) {
global $posts, $post, $wp_did_header, $wp_did_template_redirect, $wp_query,
$wp_rewrite, $wpdb;
- extract($wp_query->query_vars);
+ if ( is_array($wp_query->query_vars) )
+ extract($wp_query->query_vars, EXTR_SKIP);
- require_once($file);
+ require_once($_template_file);
}
function add_magic_quotes($array) {
}
function wp_remote_fopen( $uri ) {
+ $timeout = 10;
+ $parsed_url = @parse_url($uri);
+
+ if ( !$parsed_url || !is_array($parsed_url) )
+ return false;
+
+ if ( !isset($parsed_url['scheme']) || !in_array($parsed_url['scheme'], array('http','https')) )
+ $uri = 'http://' . $uri;
+
if ( ini_get('allow_url_fopen') ) {
- $fp = fopen( $uri, 'r' );
+ $fp = @fopen( $uri, 'r' );
if ( !$fp )
return false;
+
+ //stream_set_timeout($fp, $timeout); // Requires php 4.3
$linea = '';
while( $remote_read = fread($fp, 4096) )
$linea .= $remote_read;
curl_setopt ($handle, CURLOPT_URL, $uri);
curl_setopt ($handle, CURLOPT_CONNECTTIMEOUT, 1);
curl_setopt ($handle, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt ($handle, CURLOPT_TIMEOUT, $timeout);
$buffer = curl_exec($handle);
curl_close($handle);
return $buffer;
elseif ( 410 == $header )
$text = 'Gone';
- @header("HTTP/1.1 $header $text");
- @header("Status: $header $text");
+ if ( version_compare(phpversion(), '4.3.0', '>=') )
+ @header("HTTP/1.1 $header $text", true, $header);
+ else
+ @header("HTTP/1.1 $header $text");
}
function nocache_headers() {
$user_id = (int) $user_id;
if ( !empty($meta_key) ) {
- $meta_key = preg_replace('|a-z0-9_|i', '', $meta_key);
+ $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
} else {
$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
return false;
$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
- if ( is_array($meta_value) || is_object($meta_value) )
- $meta_value = serialize($meta_value);
- $meta_value = trim( $meta_value );
+ // FIXME: usermeta data is assumed to be already escaped
+ if ( is_string($meta_value) )
+ $meta_value = stripslashes($meta_value);
+ $meta_value = maybe_serialize($meta_value);
+ $meta_value = $wpdb->escape($meta_value);
if (empty($meta_value)) {
delete_usermeta($user_id, $meta_key);
return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl));
}
-function wp_nonce_field($action = -1) {
- echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
- wp_referer_field();
+function wp_nonce_field($action = -1, $name = "_wpnonce", $referer = true) {
+ $name = attribute_escape($name);
+ echo '<input type="hidden" name="' . $name . '" value="' . wp_create_nonce($action) . '" />';
+ if ( $referer )
+ wp_referer_field();
}
function wp_referer_field() {
- $ref = wp_specialchars($_SERVER['REQUEST_URI']);
+ $ref = attribute_escape(stripslashes($_SERVER['REQUEST_URI']));
echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
if ( wp_get_original_referer() ) {
- $original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+ $original_ref = attribute_escape(stripslashes(wp_get_original_referer()));
echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
}
}
function wp_original_referer_field() {
- echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+ echo '<input type="hidden" name="_wp_original_http_referer" value="' . attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
}
function wp_get_referer() {
}
}
- return __('Are you sure you want to do this');
+ return __('Are you sure you want to do this?');
}
function wp_nonce_ays($action) {
$adminurl = get_settings('siteurl') . '/wp-admin';
if ( wp_get_referer() )
- $adminurl = wp_get_referer();
+ $adminurl = attribute_escape(stripslashes(wp_get_referer()));
$title = __('WordPress Confirmation');
// Remove extra layer of slashes.
foreach ( (array) $q as $a ) {
$v = substr(strstr($a, '='), 1);
$k = substr($a, 0, -(strlen($v)+1));
- $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
+ $html .= "\t\t<input type='hidden' name='" . attribute_escape( urldecode($k)) . "' value='" . attribute_escape( urldecode($v)) . "' />\n";
}
$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
- $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
+ $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
} else {
- $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
+ $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
}
$html .= "</body>\n</html>";
wp_die($html, $title);
die();
}
-?>
\ No newline at end of file
+?>
function readint() {
if ($this->BYTEORDER == 0) {
// low endian
- return array_shift(unpack('V', $this->STREAM->read(4)));
+ $low_end = unpack('V', $this->STREAM->read(4));
+ return array_shift($low_end);
} else {
// big endian
- return array_shift(unpack('N', $this->STREAM->read(4)));
+ $big_end = unpack('N', $this->STREAM->read(4));
+ return array_shift($big_end);
}
}
gzip_compression();
// Output rest of headers
- header("Content-type: text/javascript; charset: UTF-8");
+ header("Content-Type: text/javascript; charset=".get_bloginfo('charset'));
header("Vary: Accept-Encoding"); // Handle proxies
header("Expires: " . gmdate("D, d M Y H:i:s", time() + $expiresOffset) . " GMT");
<?php
require_once('../../../wp-config.php');
+header('Content-Type: text/html; charset='.get_bloginfo('charset'));
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
}
function kses_init_filters() {
- add_filter('pre_comment_author', 'wp_filter_kses');
- add_filter('pre_comment_content', 'wp_filter_kses');
- add_filter('content_save_pre', 'wp_filter_post_kses');
- add_filter('title_save_pre', 'wp_filter_kses');
+ // Normal filtering.
+ add_filter('pre_comment_content', 'wp_filter_kses');
+ add_filter('title_save_pre', 'wp_filter_kses');
+
+ // Post filtering
+ add_filter('content_save_pre', 'wp_filter_post_kses');
+ add_filter('excerpt_save_pre', 'wp_filter_post_kses');
+ add_filter('content_filtered_save_pre', 'wp_filter_post_kses');
}
-function kses_init() {
- remove_filter('pre_comment_author', 'wp_filter_kses');
+function kses_remove_filters() {
+ // Normal filtering.
remove_filter('pre_comment_content', 'wp_filter_kses');
- remove_filter('content_save_pre', 'wp_filter_post_kses');
remove_filter('title_save_pre', 'wp_filter_kses');
+ // Post filtering
+ remove_filter('content_save_pre', 'wp_filter_post_kses');
+ remove_filter('excerpt_save_pre', 'wp_filter_post_kses');
+ remove_filter('content_filtered_save_pre', 'wp_filter_post_kses');
+}
+
+function kses_init() {
+ kses_remove_filters();
+
if (current_user_can('unfiltered_html') == false)
kses_init_filters();
}
+
add_action('init', 'kses_init');
add_action('set_current_user', 'kses_init');
?>
$the_link = '#';
if (!empty($row->link_url))
- $the_link = wp_specialchars($row->link_url);
+ $the_link = clean_url($row->link_url);
$rel = $row->link_rel;
if ($rel != '') {
$rel = ' rel="' . $rel . '"';
}
- $desc = wp_specialchars($row->link_description, ENT_QUOTES);
- $name = wp_specialchars($row->link_name, ENT_QUOTES);
+ $desc = attribute_escape($row->link_description);
+ $name = attribute_escape($row->link_name);
$title = $desc;
if ($show_updated) {
if ($metavalues) {
foreach ( $metavalues as $meta ) {
- @ $value = unserialize($meta->meta_value);
- if ($value === FALSE)
- $value = $meta->meta_value;
+ $value = maybe_unserialize($meta->meta_value);
$user->{$meta->meta_key} = $value;
// We need to set user_level from meta, not row
if ( $userdata )
return $userdata;
+ $user_login = $wpdb->escape($user_login);
+
if ( !$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'") )
return false;
if ($metavalues) {
foreach ( $metavalues as $meta ) {
- @ $value = unserialize($meta->meta_value);
- if ($value === FALSE)
- $value = $meta->meta_value;
+ $value = maybe_unserialize($meta->meta_value);
$user->{$meta->meta_key} = $value;
// We need to set user_level from meta, not row
// Cookie safe redirect. Works around IIS Set-Cookie bug.
// http://support.microsoft.com/kb/q176113/
if ( !function_exists('wp_redirect') ) :
-function wp_redirect($location) {
+function wp_redirect($location, $status = 302) {
global $is_IIS;
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
$strip = array('%0d', '%0a');
$location = str_replace($strip, '', $location);
- if ($is_IIS)
+ if ( $is_IIS ) {
header("Refresh: 0;url=$location");
- else
+ } else {
+ if ( php_sapi_name() != 'cgi-fcgi' )
+ status_header($status); // This causes problems on IIS and some FastCGI setups
header("Location: $location");
+ }
}
endif;
if ('' == $user->user_email) return false; // If there's no email to send the comment to
- $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
+ $comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
$blogname = get_settings('blogname');
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
- $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
+ $comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
$notify_message = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n";
if ( !function_exists('wp_verify_nonce') ) :
function wp_verify_nonce($nonce, $action = -1) {
$user = wp_get_current_user();
- $uid = $user->id;
+ $uid = (int) $user->id;
$i = ceil(time() / 43200);
if ( !function_exists('wp_create_nonce') ) :
function wp_create_nonce($action = -1) {
$user = wp_get_current_user();
- $uid = $user->id;
+ $uid = (int) $user->id;
$i = ceil(time() / 43200);
}
endif;
-?>
+?>
\ No newline at end of file
$query = "UPDATE $wpdb->users SET user_pass='$user_pass', user_email='$user_email', user_url='$user_url', user_nicename = '$user_nicename', display_name = '$display_name' WHERE ID = '$ID'";
$query = apply_filters('update_user_query', $query);
$wpdb->query( $query );
- $user_id = $ID;
+ $user_id = (int) $ID;
} else {
$query = "INSERT INTO $wpdb->users
(user_login, user_pass, user_email, user_url, user_registered, user_nicename, display_name)
('$user_login', '$user_pass', '$user_email', '$user_url', '$user_registered', '$user_nicename', '$display_name')";
$query = apply_filters('create_user_query', $query);
$wpdb->query( $query );
- $user_id = $wpdb->insert_id;
+ $user_id = (int) $wpdb->insert_id;
}
update_usermeta( $user_id, 'first_name', $first_name);
return -1;
}
}
-function wp_rss ($url, $num) {
+function wp_rss ($url, $num_items) {
//ini_set("display_errors", false); uncomment to suppress php errors thrown if the feed is not returned.
- $num_items = $num;
$rss = fetch_rss($url);
if ( $rss ) {
echo "<ul>";
}
}
-function get_rss ($uri, $num = 5) { // Like get posts, but for RSS
+function get_rss ($url, $num_items = 5) { // Like get posts, but for RSS
$rss = fetch_rss($url);
if ( $rss ) {
$rss->items = array_slice($rss->items, 0, $num_items);
echo "</a><br />\n";
echo "</li>\n";
}
- return $posts;
} else {
return false;
}
<?php
-function get_the_author($idmode = '') {
+function get_the_author($deprecated = '') {
global $authordata;
return apply_filters('the_author', $authordata->display_name);
}
-function the_author($idmode = '', $echo = true) {
- if ( $echo )
- echo get_the_author($idmode);
- return get_the_author($idmode);
+// Using echo = false is deprecated. Use get_the_author instead.
+function the_author($deprecated = '', $deprecated_echo = true) {
+ if ( $deprecated_echo )
+ echo get_the_author();
+ return get_the_author();
}
function get_the_author_description() {
}
/* the_author_posts_link() requires no get_, use get_author_link() */
-function the_author_posts_link($idmode='') {
+function the_author_posts_link($deprecated = '') {
global $authordata;
- echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars(the_author($idmode, false))) . '">' . the_author($idmode, false) . '</a>';
+ echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape(get_the_author())) . '">' . get_the_author() . '</a>';
}
function get_author_link($echo = false, $author_id, $author_nicename = '') {
global $wpdb, $wp_rewrite, $post, $cache_userdata;
- $auth_ID = $author_id;
+ $auth_ID = (int) $author_id;
$link = $wp_rewrite->get_author_permastruct();
if ( empty($link) ) {
$query = "SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name";
$authors = $wpdb->get_results($query);
- foreach ( $authors as $author ) {
+ foreach ( (array) $authors as $author ) {
$author = get_userdata( $author->ID );
$posts = get_usernumposts($author->ID);
$name = $author->nickname;
if ( !$hide_empty )
$link = $name;
} else {
- $link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars($author->display_name)) . '">' . $name . '</a>';
+ $link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape($author->display_name)) . '">' . $name . '</a>';
if ( (! empty($feed_image)) || (! empty($feed)) ) {
$link .= ' ';
}
}
-?>
\ No newline at end of file
+?>
function get_the_category($id = false) {
global $post, $category_cache;
+ $id = (int) $id;
if ( !$id )
- $id = $post->ID;
+ $id = (int) $post->ID;
if ( !isset($category_cache[$id]) )
update_post_category_cache($id);
$num_found=0;
$thelist = "";
- foreach ( $categories as $category ) {
+ foreach ( (array) $categories as $category ) {
if ( ( intval($hide_empty) == 0 || $category->category_count) && (!$hierarchical || $category->category_parent == $child_of) ) {
$num_found++;
$link = '<a href="'.get_category_link($category->cat_ID).'" ';
if ( $use_desc_for_title == 0 || empty($category->category_description) )
- $link .= 'title="'. sprintf(__("View all posts filed under %s"), wp_specialchars($category->cat_name)) . '"';
+ $link .= 'title="'. sprintf(__("View all posts filed under %s"), attribute_escape($category->cat_name)) . '"';
else
- $link .= 'title="' . wp_specialchars(apply_filters('category_description',$category->category_description,$category)) . '"';
+ $link .= 'title="' . attribute_escape(apply_filters('category_description',$category->category_description,$category)) . '"';
$link .= '>';
$link .= apply_filters('list_cats', $category->cat_name, $category).'</a>';
!strstr($show, 'home')) {
$info = apply_filters('bloginfo', $info, $show);
$info = convert_chars($info);
+ } else {
+ $info = apply_filters('bloginfo_url', $info, $show);
}
echo $info;
function wp_title($sep = '»', $display = true) {
- global $wpdb;
- global $m, $year, $monthnum, $day, $category_name, $month, $posts;
+ global $wpdb, $posts, $month;
$cat = get_query_var('cat');
$p = get_query_var('p');
$category_name = get_query_var('category_name');
$author = get_query_var('author');
$author_name = get_query_var('author_name');
+ $m = (int) get_query_var('m');
+ $year = (int) get_query_var('year');
+ $monthnum = (int) get_query_var('monthnum');
+ $day = (int) get_query_var('day');
+ $title = '';
// If there's a category
if ( !empty($cat) ) {
// category exclusion
if ( !stristr($cat,'-') )
- $title = get_the_category_by_ID($cat);
- }
- if ( !empty($category_name) ) {
+ $title = apply_filters('single_cat_title', get_the_category_by_ID($cat));
+ } elseif ( !empty($category_name) ) {
if ( stristr($category_name,'/') ) {
$category_name = explode('/',$category_name);
if ( $category_name[count($category_name)-1] )
$category_name = $category_name[count($category_name)-2]; // there was a trailling slash
}
$title = $wpdb->get_var("SELECT cat_name FROM $wpdb->categories WHERE category_nicename = '$category_name'");
+ $title = apply_filters('single_cat_title', $title);
}
// If there's an author
}
$prefix = '';
- if ( isset($title) )
+ if ( !empty($title) )
$prefix = " $sep ";
$title = $prefix . $title;
function single_month_title($prefix = '', $display = true ) {
- global $m, $monthnum, $month, $year;
+ global $month;
+
+ $m = (int) get_query_var('m');
+ $year = (int) get_query_var('year');
+ $monthnum = (int) get_query_var('monthnum');
+
if ( !empty($monthnum) && !empty($year) ) {
$my_year = $year;
$my_month = $month[str_pad($monthnum, 2, '0', STR_PAD_LEFT)];
/* link navigation hack by Orien http://icecode.com/ */
function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
$text = wptexturize($text);
- $title_text = wp_specialchars($text, 1);
+ $title_text = attribute_escape($text);
if ('link' == $format)
return "\t<link rel='archives' title='$title_text' href='$url' />\n";
foreach ( $arcresults as $arcresult ) {
$url = get_month_link($arcresult->year, $arcresult->month);
if ( $show_post_count ) {
- $text = sprintf('%s %d', $month[zeroise($arcresult->month,2)], $arcresult->year);
+ $text = sprintf(__('%1$s %2$d'), $month[zeroise($arcresult->month,2)], $arcresult->year);
$after = ' ('.$arcresult->posts.')' . $afterafter;
} else {
- $text = sprintf('%s %d', $month[zeroise($arcresult->month,2)], $arcresult->year);
+ $text = sprintf(__('%1$s %2$d'), $month[zeroise($arcresult->month,2)], $arcresult->year);
}
echo get_archives_link($url, $text, $format, $before, $after);
}
if ( $arcresults ) {
foreach ( $arcresults as $arcresult ) {
$url = get_day_link($arcresult->year, $arcresult->month, $arcresult->dayofmonth);
- $date = sprintf("%d-%02d-%02d 00:00:00", $arcresult->year, $arcresult->month, $arcresult->dayofmonth);
+ $date = sprintf('%1$d-%2$02d-%3$02d 00:00:00', $arcresult->year, $arcresult->month, $arcresult->dayofmonth);
$text = mysql2date($archive_day_date_format, $date);
echo get_archives_link($url, $text, $format, $before, $after);
}
$arc_week = get_weekstartend($arcresult->yyyymmdd, get_settings('start_of_week'));
$arc_week_start = date_i18n($archive_week_start_date_format, $arc_week['start']);
$arc_week_end = date_i18n($archive_week_end_date_format, $arc_week['end']);
- $url = sprintf('%s/%s%sm%s%s%sw%s%d', get_settings('home'), '', '?', '=', $arc_year, '&', '=', $arcresult->week);
+ $url = sprintf('%1$s/%2$s%3$sm%4$s%5$s%6$sw%7$s%8$d', get_settings('home'), '', '?', '=', $arc_year, '&', '=', $arcresult->week);
$text = $arc_week_start . $archive_week_separator . $arc_week_end;
echo get_archives_link($url, $text, $format, $before, $after);
}
else
$thismonth = ''.zeroise(intval(substr($m, 4, 2)), 2);
} else {
- $thisyear = gmdate('Y', current_time('timestamp') + get_settings('gmt_offset') * 3600);
- $thismonth = gmdate('m', current_time('timestamp') + get_settings('gmt_offset') * 3600);
+ $thisyear = gmdate('Y', current_time('timestamp'));
+ $thismonth = gmdate('m', current_time('timestamp'));
}
$unixmonth = mktime(0, 0 , 0, $thismonth, 1, $thisyear);
function get_page_link($id = false) {
global $post, $wp_rewrite;
+ $id = (int) $id;
if ( !$id )
- $id = $post->ID;
+ $id = (int) $post->ID;
$pagestruct = $wp_rewrite->get_page_permastruct();
$link = false;
if (! $id) {
- $id = $post->ID;
+ $id = (int) $post->ID;
}
$object = get_post($id);
function get_pagenum_link($pagenum = 1) {
global $wp_rewrite;
- $qstr = wp_specialchars($_SERVER['REQUEST_URI']);
+ $qstr = $_SERVER['REQUEST_URI'];
$page_querystring = "paged";
$page_modstring = "page/";
return $qstr;
}
-function next_posts($max_page = 0) { // original by cfactor at cooltux.org
+function get_next_posts_page_link($max_page = 0) {
global $paged, $pagenow;
if ( !is_single() ) {
$paged = 1;
$nextpage = intval($paged) + 1;
if ( !$max_page || $max_page >= $nextpage )
- echo get_pagenum_link($nextpage);
+ return get_pagenum_link($nextpage);
}
}
+function next_posts($max_page = 0) {
+ echo clean_url(get_next_posts_page_link($max_page));
+}
+
function next_posts_link($label='Next Page »', $max_page=0) {
global $paged, $result, $request, $posts_per_page, $wpdb, $max_num_pages;
if ( !$max_page ) {
}
}
-
-function previous_posts() { // original by cfactor at cooltux.org
+function get_previous_posts_page_link() {
global $paged, $pagenow;
if ( !is_single() ) {
$nextpage = intval($paged) - 1;
if ( $nextpage < 1 )
$nextpage = 1;
- echo get_pagenum_link($nextpage);
+ return get_pagenum_link($nextpage);
}
}
+function previous_posts() {
+ echo clean_url(get_previous_posts_page_link());
+}
function previous_posts_link($label='« Previous Page') {
global $paged;
else
$file = $pagenow; //$_SERVER['PHP_SELF'];
+ if ( $page > count($pages) ) // if the requested page doesn't exist
+ $page = count($pages); // give them the highest numbered page that DOES exist
+
$content = $pages[$page-1];
$content = explode('<!--more-->', $content, 2);
if ( (preg_match('/<!--noteaser-->/', $post->post_content) && ((!$multipage) || ($page==1))) )
if ( '' == get_settings('permalink_structure') )
echo '<a href="' . get_permalink() . '&page=' . $i . '">';
else
- echo '<a href="' . trailingslashit( get_permalink() ) . $i . '/">';
+ echo '<a href="' . trailingslashit(get_permalink()) . $i . '/">';
}
echo $j;
if ( ($i != $page) || ((!$more) && ($page==1)) )
if ( '' == get_settings('permalink_structure') )
echo '<a href="' . get_permalink() . '&page=' . $i . '">'.$previouspagelink.'</a>';
else
- echo '<a href="' . get_permalink() . $i . '/">'.$previouspagelink.'</a>';
+ echo '<a href="' . get_permalink() . $i . '/">' . $previouspagelink . '</a>';
}
$i = $page + 1;
if ( $i <= $numpages && $more ) {
if ( '' == get_settings('permalink_structure') )
- echo '<a href="'.get_permalink() . '&page=' . $i . '">'.$nextpagelink.'</a>';
+ echo '<a href="' . get_permalink() . '&page=' . $i . '">' . $nextpagelink . '</a>';
else
- echo '<a href="'.get_permalink().$i.'/">'.$nextpagelink.'</a>';
+ echo '<a href="' . trailingslashit(get_permalink()) . $i . '/">' . $nextpagelink . '</a>';
}
echo $after;
}
if ( ! $post_id )
$post_id = $id;
+ $post_id = (int) $post_id;
+
if ( isset($post_meta_cache[$post_id]) )
return $post_meta_cache[$post_id];
// Change from flat structure to hierarchical:
$post_meta_cache = array();
foreach ( $meta_list as $metarow ) {
- $mpid = $metarow['post_id'];
+ $mpid = (int) $metarow['post_id'];
$mkey = $metarow['meta_key'];
$mval = $metarow['meta_value'];
// this will probably change at some point...
function the_meta() {
- global $id, $post_meta_cache;
+ global $id;
if ( $keys = get_post_custom_keys() ) {
echo "<ul class='post-meta'>\n";
foreach ( $keys as $key ) {
+ $keyt = trim($key);
+ if ( '_' == $keyt{0} )
+ continue;
$values = array_map('trim', get_post_custom_values($key));
$value = implode($values,', ');
echo "<li><span class='post-meta-key'>$key:</span> $value</li>\n";
foreach ( $page_tree[$parent]['children'] as $page_id ) {
$cur_page = $page_tree[$page_id];
- $title = $cur_page['title'];
+ $title = attribute_escape($cur_page['title']);
$css_class = 'page_item';
if ( $page_id == $queried_obj->ID )
$css_class .= ' current_page_item';
- $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page_id) . '" title="' . wp_specialchars($title) . '">' . $title . '</a>';
+ $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page_id) . '" title="' . $title . '">' . $title . '</a>';
if ( isset($cur_page['ts']) ) {
$format = get_settings('date_format');
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN
-$wp_version = '2.0.4';
-$wp_db_version = 3440;
+$wp_version = '2.0.11';
+$wp_db_version = 3441;
?>
// DB Constructor - connects to the server and selects a database
function wpdb($dbuser, $dbpassword, $dbname, $dbhost) {
+ return $this->__construct($dbuser, $dbpassword, $dbname, $dbhost);
+ }
+
+ function __construct($dbuser, $dbpassword, $dbname, $dbhost) {
+ register_shutdown_function(array(&$this, "__destruct"));
+
$this->dbh = @mysql_connect($dbhost, $dbuser, $dbpassword);
if (!$this->dbh) {
$this->bail("
$this->select($dbname);
}
+ function __destruct() {
+ return true;
+ }
+
// ==================================================================
// Select a DB (if another one needs to be selected)
// Kill cached query results
function flush() {
- $this->last_result = null;
+ $this->last_result = array();
$this->col_info = null;
$this->last_query = null;
}
// Basic Query - see docs for more detail
function query($query) {
+ // filter the query, if filters are available
+ // NOTE: some queries are made before the plugins have been loaded, and thus cannot be filtered with this method
+ if ( function_exists('apply_filters') )
+ $query = apply_filters('query', $query);
+
// initialise return
$return_val = 0;
$this->flush();
<body>
<?php $sql = "SELECT $wpdb->links.link_url, link_rss, $wpdb->links.link_name, $wpdb->links.link_category, $wpdb->linkcategories.cat_name, link_updated
FROM $wpdb->links
- JOIN $wpdb->linkcategories on $wpdb->links.link_category = $wpdb->linkcategories.cat_id
+ INNER JOIN $wpdb->linkcategories on $wpdb->links.link_category = $wpdb->linkcategories.cat_id
AND $wpdb->links.link_visible = 'Y'
$sql_cat
ORDER BY $wpdb->linkcategories.cat_name, $wpdb->links.link_name \n";
<?php
} // end if not first time
?>
- <outline type="category" title="<?php echo wp_specialchars($result->cat_name); ?>">
+ <outline type="category" title="<?php echo attribute_escape($result->cat_name); ?>">
<?php
$prev_cat_id = $result->link_category;
} // end if new category
?>
- <outline text="<?php echo wp_specialchars($result->link_name); ?>" type="link" xmlUrl="<?php echo wp_specialchars($result->link_rss); ?>" htmlUrl="<?php echo wp_specialchars($result->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $result->link_updated) echo $result->link_updated; ?>" />
+ <outline text="<?php echo attribute_escape($result->link_name); ?>" type="link" xmlUrl="<?php echo attribute_escape($result->link_rss); ?>" htmlUrl="<?php echo attribute_escape($result->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $result->link_updated) echo $result->link_updated; ?>" />
<?php
} // end foreach
?>
case 'resetpass' :
// Generate something random for a password... md5'ing current time with a rand salt
- $key = preg_replace('/a-z0-9/i', '', $_GET['key']);
+ $key = preg_replace('/[^a-z0-9]/i', '', $_GET['key']);
if ( empty($key) )
die( __('Sorry, that key does not appear to be valid.') );
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
$user_login = '';
$user_pass = '';
$using_cookie = false;
- if ( !isset( $_REQUEST['redirect_to'] ) )
+ if ( !isset( $_REQUEST['redirect_to'] ) || is_user_logged_in() )
$redirect_to = 'wp-admin/';
else
$redirect_to = $_REQUEST['redirect_to'];
?>
<form name="loginform" id="loginform" action="wp-login.php" method="post">
-<p><label><?php _e('Username:') ?><br /><input type="text" name="log" id="log" value="<?php echo wp_specialchars(stripslashes($user_login), 1); ?>" size="20" tabindex="1" /></label></p>
+<p><label><?php _e('Username:') ?><br /><input type="text" name="log" id="log" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="1" /></label></p>
<p><label><?php _e('Password:') ?><br /> <input type="password" name="pwd" id="pwd" value="" size="20" tabindex="2" /></label></p>
<p>
<label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="3" />
<?php _e('Remember me'); ?></label></p>
<p class="submit">
<input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> »" tabindex="4" />
- <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?>" />
+ <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" />
</p>
</form>
<ul>
// Set the author using the email address (To or Reply-To, the last used)
// otherwise use the site admin
- if (preg_match('/From: /', $line) | preg_match('Reply-To: /', $line)) {
+ if (preg_match('/From: /', $line) | preg_match('/Reply-To: /', $line)) {
$author=trim($line);
if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) {
$author = $regs[1];
<?php endif; ?>
<form method="post" action="wp-register.php" id="registerform">
<p><input type="hidden" name="action" value="register" />
- <label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo wp_specialchars($user_login); ?>" /><br /></p>
- <p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo wp_specialchars($user_email); ?>" /></p>
+ <label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo attribute_escape($user_login); ?>" /><br /></p>
+ <p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo attribute_escape($user_email); ?>" /></p>
<p><?php _e('A password will be emailed to you.') ?></p>
<p class="submit"><input type="submit" value="<?php _e('Register') ?> »" id="submit" name="submit" /></p>
</form>
<content:encoded><![CDATA[<?php the_excerpt_rss() ?>]]></content:encoded>
<?php endif; ?>
<?php endif; ?>
- <wfw:commentRSS><?php echo comments_rss(); ?></wfw:commentRSS>
+ <wfw:commentRss><?php echo comments_rss(); ?></wfw:commentRss>
<?php rss_enclosure(); ?>
<?php do_action('rss2_item'); ?>
</item>
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
foreach ( $input as $k => $v )
- if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) )
+ if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) ) {
+ $GLOBALS[$k] = NULL;
unset($GLOBALS[$k]);
+ }
}
unregister_GLOBALS();
do_action('sanitize_comment_cookies');
-$wp_query = new WP_Query();
-$wp_rewrite = new WP_Rewrite();
-$wp = new WP();
+$wp_the_query =& new WP_Query();
+$wp_query =& $wp_the_query;
+$wp_rewrite =& new WP_Rewrite();
+$wp =& new WP();
define('TEMPLATEPATH', get_template_directory());
// Everything is loaded and initialized.
do_action('init');
-?>
\ No newline at end of file
+?>
$tb_id = intval( $tb_id[ count($tb_id) - 1 ] );
}
-$tb_url = $_POST['url'];
-$title = $_POST['title'];
-$excerpt = $_POST['excerpt'];
-$blog_name = $_POST['blog_name'];
-$charset = $_POST['charset'];
+$tb_url = $_POST['url'];
+$charset = $_POST['charset'];
+
+// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
+$title = stripslashes($_POST['title']);
+$excerpt = stripslashes($_POST['excerpt']);
+$blog_name = stripslashes($_POST['blog_name']);
if ($charset)
$charset = strtoupper( trim($charset) );
$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
if ( function_exists('mb_convert_encoding') ) { // For international trackbacks
- $title = mb_convert_encoding($title, get_settings('blog_charset'), $charset);
- $excerpt = mb_convert_encoding($excerpt, get_settings('blog_charset'), $charset);
- $blog_name = mb_convert_encoding($blog_name, get_settings('blog_charset'), $charset);
+ $title = mb_convert_encoding($title, get_option('blog_charset'), $charset);
+ $excerpt = mb_convert_encoding($excerpt, get_option('blog_charset'), $charset);
+ $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset);
}
+// Now that mb_convert_encoding() has been given a swing, we need to escape these three
+$title = $wpdb->escape($title);
+$excerpt = $wpdb->escape($excerpt);
+$blog_name = $wpdb->escape($blog_name);
+
if ( is_single() || is_page() )
$tb_id = $posts[0]->ID;
$title = (strlen($title) > 250) ? substr($title, 0, 250) . '...' : $title;
}
- $comment_post_ID = $tb_id;
+ $comment_post_ID = (int) $tb_id;
$comment_author = $blog_name;
$comment_author_email = '';
$comment_author_url = $tb_url;
return str_repeat('*', $i);
}
-logIO("I", $HTTP_RAW_POST_DATA);
-
-
-function mkdir_p($target) {
- // from php.net/mkdir user contributed notes
- if (file_exists($target)) {
- if (!is_dir($target)) {
- return false;
- } else {
- return true;
- }
- }
-
- // Attempting to create the directory may clutter up our display.
- if (@mkdir($target)) {
- return true;
- }
-
- // If the above failed, attempt to create the parent node, then try again.
- if (mkdir_p(dirname($target))) {
- return mkdir_p($target);
- }
-
- return false;
-}
+if ( isset($HTTP_RAW_POST_DATA) )
+ logIO("I", $HTTP_RAW_POST_DATA);
class wp_xmlrpc_server extends IXR_Server {
function escape(&$array) {
global $wpdb;
- foreach ($array as $k => $v) {
+ foreach ( (array) $array as $k => $v ) {
if (is_array($v)) {
$this->escape($array[$k]);
} else if (is_object($v)) {
$this->escape($args);
- $post_ID = $args[1];
- $user_login = $args[2];
- $user_pass = $args[3];
+ $post_ID = (int) $args[1];
+ $user_login = $args[2];
+ $user_pass = $args[3];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $blog_ID = $args[1]; /* though we don't use it yet */
- $user_login = $args[2];
- $user_pass = $args[3];
- $num_posts = $args[4];
+ $blog_ID = (int) $args[1]; /* though we don't use it yet */
+ $user_login = $args[2];
+ $user_pass = $args[3];
+ $num_posts = $args[4];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $blog_ID = $args[1];
+ $blog_ID = (int) $args[1];
$user_login = $args[2];
$user_pass = $args[3];
$template = $args[4]; /* could be 'main' or 'archiveIndex', but we don't use it */
$this->escape($args);
- $blog_ID = $args[1];
+ $blog_ID = (int) $args[1];
$user_login = $args[2];
$user_pass = $args[3];
$content = $args[4];
$this->escape($args);
- $blog_ID = $args[1]; /* though we don't use it yet */
+ $blog_ID = (int) $args[1]; /* though we don't use it yet */
$user_login = $args[2];
$user_pass = $args[3];
$content = $args[4];
$this->escape($args);
- $post_ID = $args[1];
+ $post_ID = (int) $args[1];
$user_login = $args[2];
$user_pass = $args[3];
$content = $args[4];
if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.');
- extract($actual_post);
+ extract($actual_post, EXTR_SKIP);
+
+ if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
+ return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.');
$post_title = xmlrpc_getposttitle($content);
$post_category = xmlrpc_getpostcategory($content);
$this->escape($args);
- $post_ID = $args[1];
+ $post_ID = (int) $args[1];
$user_login = $args[2];
$user_pass = $args[3];
$publish = $args[4];
$this->escape($args);
- $blog_ID = $args[0]; // we will support this in the near future
+ $blog_ID = (int) $args[0]; // we will support this in the near future
$user_login = $args[1];
$user_pass = $args[2];
$content_struct = $args[3];
$post_content = $post_content . "\n<!--more-->\n" . $post_more;
}
- $to_ping = $content_struct['mt_tb_ping_urls'];
+ $to_ping = $content_struct['mt_tb_ping_urls'];
+ if ( is_array($to_ping) )
+ $to_ping = implode(' ', $to_ping);
// Do some timestamp voodoo
$dateCreatedd = $content_struct['dateCreated'];
$this->escape($args);
- $post_ID = $args[0];
+ $post_ID = (int) $args[0];
$user_login = $args[1];
$user_pass = $args[2];
$content_struct = $args[3];
return new IXR_Error(401, 'Sorry, you can not edit this post.');
$postdata = wp_get_single_post($post_ID, ARRAY_A);
- extract($postdata);
$this->escape($postdata);
+ extract($postdata, EXTR_SKIP);
$post_title = $content_struct['title'];
$post_content = apply_filters( 'content_save_pre', $content_struct['description'] );
$post_more = $content_struct['mt_text_more'];
$post_status = $publish ? 'publish' : 'draft';
+
+ if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
+ return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.');
+
if ($post_more) {
$post_content = $post_content . "\n<!--more-->\n" . $post_more;
}
- $to_ping = $content_struct['mt_tb_ping_urls'];
-
+ $to_ping = $content_struct['mt_tb_ping_urls'];
+ if ( is_array($to_ping) )
+ $to_ping = implode(' ', $to_ping);
+
$comment_status = (empty($content_struct['mt_allow_comments'])) ?
get_settings('default_comment_status')
: $content_struct['mt_allow_comments'];
$this->escape($args);
- $post_ID = $args[0];
+ $post_ID = (int) $args[0];
$user_login = $args[1];
$user_pass = $args[2];
$this->escape($args);
- $blog_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
- $num_posts = $args[3];
+ $blog_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
+ $num_posts = (int) $args[3];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $blog_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
+ $blog_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
global $wpdb;
- $blog_ID = $wpdb->escape($args[0]);
+ $blog_ID = (int) $args[0];
$user_login = $wpdb->escape($args[1]);
$user_pass = $wpdb->escape($args[2]);
$data = $args[3];
$this->escape($args);
- $blog_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
- $num_posts = $args[3];
+ $blog_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
+ $num_posts = (int) $args[3];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $blog_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
+ $blog_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $post_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
+ $post_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $post_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
- $categories = $args[3];
+ $post_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
+ $categories = $args[3];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $post_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
+ $post_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
} elseif (preg_match('#p/[0-9]{1,}#', $urltest['path'], $match)) {
// the path defines the post_ID (archives/p/XXXX)
$blah = explode('/', $match[0]);
- $post_ID = $blah[1];
+ $post_ID = (int) $blah[1];
$way = 'from the path';
} elseif (preg_match('#p=[0-9]{1,}#', $urltest['query'], $match)) {
// the querystring defines the post_ID (?p=XXXX)
$blah = explode('=', $match[0]);
- $post_ID = $blah[1];
+ $post_ID = (int) $blah[1];
$way = 'from the querystring';
} elseif (isset($urltest['fragment'])) {
// an #anchor is there, it's either...
if (intval($urltest['fragment'])) {
// ...an integer #XXXX (simpliest case)
- $post_ID = $urltest['fragment'];
+ $post_ID = (int) $urltest['fragment'];
$way = 'from the fragment (numeric)';
} elseif (preg_match('/post-[0-9]+/',$urltest['fragment'])) {
// ...a post id in the form 'post-###'