Wordpress 2.0.11 wordpress-2.0.11
authorEdward Z. Yang <ezyang@mit.edu>
Fri, 20 Nov 2009 21:54:34 +0000 (16:54 -0500)
committerEdward Z. Yang <ezyang@mit.edu>
Fri, 20 Nov 2009 21:54:34 +0000 (16:54 -0500)
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
89 files changed:
readme.html
wp-admin/admin-db.php
wp-admin/admin-footer.php
wp-admin/admin-functions.php
wp-admin/bookmarklet.php
wp-admin/categories.php
wp-admin/edit-comments.php
wp-admin/edit-form-advanced.php
wp-admin/edit-form-comment.php
wp-admin/edit-form.php
wp-admin/edit-link-form.php
wp-admin/edit-page-form.php
wp-admin/edit-pages.php
wp-admin/edit.php
wp-admin/import/blogger.php
wp-admin/import/dotclear.php
wp-admin/import/greymatter.php
wp-admin/import/livejournal.php
wp-admin/import/mt.php
wp-admin/import/rss.php
wp-admin/import/textpattern.php
wp-admin/index.php
wp-admin/inline-uploading.php
wp-admin/install.php
wp-admin/link-categories.php
wp-admin/link-import.php
wp-admin/link-manager.php
wp-admin/menu.php
wp-admin/moderation.php
wp-admin/options-discussion.php
wp-admin/options-general.php
wp-admin/options-misc.php
wp-admin/options-permalink.php
wp-admin/options.php
wp-admin/page-new.php
wp-admin/plugins.php
wp-admin/post.php
wp-admin/profile.php
wp-admin/templates.php
wp-admin/theme-editor.php
wp-admin/upgrade-schema.php
wp-admin/upgrade.php
wp-admin/user-edit.php
wp-admin/users.php
wp-admin/wp-admin.css
wp-comments-post.php
wp-content/plugins/akismet/akismet.gif [new file with mode: 0644]
wp-content/plugins/akismet/akismet.php
wp-content/plugins/wp-db-backup.php
wp-content/themes/classic/comments-popup.php
wp-content/themes/classic/sidebar.php
wp-content/themes/default/comments-popup.php
wp-content/themes/default/functions.php
wp-content/themes/default/searchform.php
wp-includes/cache.php
wp-includes/class-snoopy.php
wp-includes/classes.php
wp-includes/comment-functions.php
wp-includes/default-filters.php
wp-includes/feed-functions.php
wp-includes/functions-formatting.php
wp-includes/functions-post.php
wp-includes/functions.php
wp-includes/gettext.php
wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js [deleted file]
wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin_src.js [deleted file]
wp-includes/js/tinymce/plugins/inlinepopups/readme.txt [deleted file]
wp-includes/js/tinymce/tiny_mce_gzip.php
wp-includes/js/tinymce/wp-mce-help.php
wp-includes/kses.php
wp-includes/links.php
wp-includes/pluggable-functions.php
wp-includes/registration-functions.php
wp-includes/rss-functions.php
wp-includes/template-functions-author.php
wp-includes/template-functions-category.php
wp-includes/template-functions-general.php
wp-includes/template-functions-links.php
wp-includes/template-functions-post.php
wp-includes/version.php
wp-includes/wp-db.php
wp-links-opml.php
wp-login.php
wp-mail.php
wp-register.php
wp-rss2.php
wp-settings.php
wp-trackback.php
xmlrpc.php

index 2a630165aa30955ea94d99f019d85ca11a20fdb4..ae746367d6a73f0f1400a7b4055eee6e791b13cc 100644 (file)
@@ -80,7 +80,7 @@
        <dt><a href="http://wordpress.org/support/">WordPress Support Forums</a></dt>
        <dd>If you've looked everywhere and still can't find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible. </dd>
        <dt><a href="http://codex.wordpress.org/IRC">WordPress IRC Channel</a></dt>
-       <dd>Finally, there is an online chat channel that is used for discussion amoung people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpresss) </dd>
+       <dd>Finally, there is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpress) </dd>
 </dl>
 
 <h1 id="requirements">System Recommendations</h1>
index d81b6b845a36e5e3a0bf7aa872f6ccac58737ad1..d909ee67cb630aaf07f64f278c1d2721a4dc7c3d 100644 (file)
@@ -34,7 +34,7 @@ function get_editable_authors( $user_id ) {
                return false;
        } else {
                $editable = join(',', $editable);
-               $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable)" );
+               $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable) ORDER BY display_name" );
        }
 
        return apply_filters('get_editable_authors', $authors);
@@ -110,7 +110,7 @@ function wp_insert_category($catarr) {
 
        if (!$update) {
                $wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, category_description, category_parent) VALUES ('0', '$cat_name', '$category_nicename', '$category_description', '$category_parent')");
-               $cat_ID = $wpdb->insert_id;
+               $cat_ID = (int) $wpdb->insert_id;
        } else {
                $wpdb->query ("UPDATE $wpdb->categories SET cat_name = '$cat_name', category_nicename = '$category_nicename', category_description = '$category_description', category_parent = '$category_parent' WHERE cat_ID = '$cat_ID'");
        }
@@ -207,7 +207,7 @@ function category_exists($cat_name) {
        if (!$category_nicename = sanitize_title($cat_name))
                return 0;
 
-       return $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'");
+       return (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'");
 }
 
 function wp_delete_user($id, $reassign = 'novalue') {
@@ -266,23 +266,57 @@ function wp_insert_link($linkdata) {
        extract($linkdata);
 
        $update = false;
+
        if ( !empty($link_id) )
                $update = true;
 
+       $link_id = (int) $link_id;
+
+       if( trim( $link_name ) == '' )
+               return 0;
+       $link_name = apply_filters('pre_link_name', $link_name);
+
+       if( trim( $link_url ) == '' )
+               return 0;
+       $link_url = apply_filters('pre_link_url', $link_url);
+
        if ( empty($link_rating) )
                $link_rating = 0;       
+       else
+               $link_rating = (int) $link_rating;
+
+       if ( empty($link_image) )
+               $link_image = '';
+       $link_image = apply_filters('pre_link_image', $link_image);
 
        if ( empty($link_target) )
                $link_target = '';      
+       $link_target = apply_filters('pre_link_target', $link_target);
 
        if ( empty($link_visible) )
                $link_visible = 'Y';
-               
+       $link_visibile = preg_replace('/[^YNyn]/', '', $link_visible);
+
        if ( empty($link_owner) )
                $link_owner = $current_user->id;
+       else
+               $link_owner = (int) $link_owner;
 
        if ( empty($link_notes) )
                $link_notes = '';
+       $link_notes = apply_filters('pre_link_notes', $link_notes);
+
+       if ( empty($link_description) )
+               $link_description = '';
+       $link_description = apply_filters('pre_link_description', $link_description);
+
+       if ( empty($link_rss) )
+               $link_rss = '';
+       $link_rss = apply_filters('pre_link_rss', $link_rss);
+
+       if ( empty($link_rel) )
+               $link_rel = '';
+       $link_rel = apply_filters('pre_link_rel', $link_rel);
 
        if ( $update ) {
                $wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
@@ -294,7 +328,7 @@ function wp_insert_link($linkdata) {
                        WHERE link_id='$link_id'");
        } else {
                $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_category, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_category', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')");
-               $link_id = $wpdb->insert_id;
+               $link_id = (int) $wpdb->insert_id;
        }
        
        if ( $update )
index e660be287f81940c91077131415a34e2eac4f5d7..88e69ae4838e4ca68ab50bd56ec08404dc59e5ed 100644 (file)
@@ -2,7 +2,7 @@
 <div id="footer"><p><a href="http://wordpress.org/" id="wordpress-logo"><img src="images/wordpress-logo.png" alt="WordPress" /></a></p>
 <p>
 <a href="http://codex.wordpress.org/"><?php _e('Documentation'); ?></a> &#8212; <a href="http://wordpress.org/support/"><?php _e('Support Forums'); ?></a> <br />
-<?php bloginfo('version'); ?> &#8212; <?php printf(__('%s seconds'), number_format(timer_stop(), 2)); ?>
+<?php bloginfo('version'); ?> &#8212; <?php printf(__('%s seconds'), timer_stop(0, 2)); ?>
 </p>
 
 </div>
index 6b9be7541bd285ffde44e2c27ca76f576a522518..641ed1e2274ff48ed0a614b6f697031eed61b1ee 100644 (file)
@@ -265,6 +265,8 @@ function get_post_to_edit($id) {
        $post->post_title = format_to_edit($post->post_title);
        $post->post_title = apply_filters('title_edit_pre', $post->post_title);
 
+    $post->post_password = format_to_edit($post->post_password); 
+
        if ($post->post_status == 'static')
                $post->page_template = get_post_meta($id, '_wp_page_template', true);
 
@@ -287,7 +289,7 @@ function get_default_post_to_edit() {
        else if ( !empty($post_title) ) {
                $text       = wp_specialchars(stripslashes(urldecode($_REQUEST['text'])));
                $text       = funky_javascript_fix($text);
-               $popupurl   = wp_specialchars($_REQUEST['popupurl']);
+               $popupurl   = clean_url(stripslashes($_REQUEST['popupurl']));
         $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
     }
 
@@ -317,11 +319,15 @@ function get_comment_to_edit($id) {
 
        $comment = get_comment($id);
 
-       $comment->comment_content = format_to_edit($comment->comment_content, $richedit);
+       $comment->comment_ID = (int) $comment->comment_ID;
+       $comment->comment_post_ID = (int) $comment->comment_post_ID;
+
+       $comment->comment_content = format_to_edit($comment->comment_content);
        $comment->comment_content = apply_filters('comment_edit_pre', $comment->comment_content);
 
        $comment->comment_author = format_to_edit($comment->comment_author);
        $comment->comment_author_email = format_to_edit($comment->comment_author_email);
+       $comment->comment_author_url = clean_url($comment->comment_author_url);
        $comment->comment_author_url = format_to_edit($comment->comment_author_url);
 
        return $comment;
@@ -333,6 +339,23 @@ function get_category_to_edit($id) {
        return $category;
 }
 
+function get_user_to_edit($user_id) {
+       $user = new WP_User($user_id);
+       $user->user_login   = attribute_escape($user->user_login);
+       $user->user_email   = attribute_escape($user->user_email);
+       $user->user_url     = clean_url($user->user_url);
+       $user->first_name   = attribute_escape($user->first_name);
+       $user->last_name    = attribute_escape($user->last_name);
+       $user->display_name = attribute_escape($user->display_name);
+       $user->nickname     = attribute_escape($user->nickname);
+       $user->aim          = attribute_escape($user->aim);
+       $user->yim          = attribute_escape($user->yim);
+       $user->jabber       = attribute_escape($user->jabber);
+       $user->description  =  wp_specialchars($user->description);
+
+       return $user;
+}
+
 // Creates a new user from the "Users" form using $_POST information.
 
 function add_user() {
@@ -344,7 +367,7 @@ function edit_user($user_id = 0) {
 
        if ($user_id != 0) {
                $update = true;
-               $user->ID = $user_id;
+               $user->ID = (int) $user_id;
                $userdata = get_userdata($user_id);
                $user->user_login = $wpdb->escape($userdata->user_login);
        } else {
@@ -369,7 +392,7 @@ function edit_user($user_id = 0) {
        if (isset ($_POST['email']))
                $user->user_email = wp_specialchars(trim($_POST['email']));
        if (isset ($_POST['url'])) {
-               $user->user_url = wp_specialchars(trim($_POST['url']));
+               $user->user_url = clean_url(trim($_POST['url']));
                $user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
        }
        if (isset ($_POST['first_name']))
@@ -381,7 +404,7 @@ function edit_user($user_id = 0) {
        if (isset ($_POST['display_name']))
                $user->display_name = wp_specialchars(trim($_POST['display_name']));
        if (isset ($_POST['description']))
-               $user->description = wp_specialchars(trim($_POST['description']));
+               $user->description = trim($_POST['description']);
        if (isset ($_POST['jabber']))
                $user->jabber = wp_specialchars(trim($_POST['jabber']));
        if (isset ($_POST['aim']))
@@ -447,24 +470,27 @@ function edit_user($user_id = 0) {
 
 function get_link_to_edit($link_id) {
        $link = get_link($link_id);
-       
-       $link->link_url = wp_specialchars($link->link_url, 1);
-       $link->link_name = wp_specialchars($link->link_name, 1);
-       $link->link_description = wp_specialchars($link->link_description);
-       $link->link_notes = wp_specialchars($link->link_notes);
-       $link->link_rss = wp_specialchars($link->link_rss);
-       
+
+       $link->link_url         =        clean_url($link->link_url);
+       $link->link_name        = attribute_escape($link->link_name);
+       $link->link_image       = attribute_escape($link->link_image);
+       $link->link_description = attribute_escape($link->link_description);
+       $link->link_rss         =        clean_url($link->link_rss);
+       $link->link_rel         = attribute_escape($link->link_rel);
+       $link->link_notes       =  wp_specialchars($link->link_notes);
+       $link->post_category    = $link->link_category;
+
        return $link;
 }
 
 function get_default_link_to_edit() {
        if ( isset($_GET['linkurl']) )
-               $link->link_url = wp_specialchars($_GET['linkurl'], 1);
+               $link->link_url = clean_url($_GET['linkurl']);
        else
                $link->link_url = '';
        
        if ( isset($_GET['name']) )
-               $link->link_name = wp_specialchars($_GET['name'], 1);
+               $link->link_name = attribute_escape($_GET['name']);
        else
                $link->link_name = '';
                
@@ -480,10 +506,10 @@ function edit_link($link_id = '') {
                die(__("Cheatin' uh ?"));
 
        $_POST['link_url'] = wp_specialchars($_POST['link_url']);
-       $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
+       $_POST['link_url'] = clean_url($_POST['link_url']);
        $_POST['link_name'] = wp_specialchars($_POST['link_name']);
        $_POST['link_image'] = wp_specialchars($_POST['link_image']);
-       $_POST['link_rss'] = wp_specialchars($_POST['link_rss']);
+       $_POST['link_rss'] = clean_url($_POST['link_rss']);
        $auto_toggle = get_autotoggle($_POST['link_category']);
        
        // if we are in an auto toggle category and this one is visible then we
@@ -826,12 +852,27 @@ function list_meta($meta) {
                        $style = '';
                if ('_' == $entry['meta_key'] { 0 })
                        $style .= ' hidden';
+
+               if ( is_serialized($entry['meta_value']) ) {
+                       if ( is_serialized_string($entry['meta_value']) ) {
+                               // this is a serialized string, so we should display it
+                               $entry['meta_value'] = maybe_unserialize($entry['meta_value']);
+                       } else {
+                               // this is a serialized array/object so we should NOT display it
+                               --$count;
+                               continue;
+                       }
+               }
+
+               $entry['meta_key'] = attribute_escape( $entry['meta_key']);
+               $entry['meta_value'] = attribute_escape( $entry['meta_value']);
+               $entry['meta_id'] = (int) $entry['meta_id'];
                echo "
                        <tr class='$style'>
                                <td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>
                                <td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>
-                               <td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".__('Update')."' /><br />
-                               <input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='".__('Delete')."' /></td>
+                               <td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".attribute_escape(__('Update'))."' /><br />
+                               <input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='".attribute_escape(__('Delete'))."' /></td>
                        </tr>
                ";
        }
@@ -876,6 +917,7 @@ function meta_form() {
 <?php
 
        foreach ($keys as $key) {
+               $key = attribute_escape($key);
                echo "\n\t<option value='$key'>$key</option>";
        }
 ?>
@@ -894,10 +936,14 @@ function meta_form() {
 
 function add_meta($post_ID) {
        global $wpdb;
+       $post_ID = (int) $post_ID;
+
+       $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
 
        $metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
        $metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
-       $metavalue = $wpdb->escape(stripslashes(trim($_POST['metavalue'])));
+       $metavalue = maybe_serialize(stripslashes((trim($_POST['metavalue']))));
+       $metavalue = $wpdb->escape($metavalue);
 
        if ( ('0' === $metavalue || !empty ($metavalue)) && ((('#NONE#' != $metakeyselect) && !empty ($metakeyselect)) || !empty ($metakeyinput)) ) {
                // We have a key/value pair. If both the select and the 
@@ -909,6 +955,9 @@ function add_meta($post_ID) {
                if ($metakeyinput)
                        $metakey = $metakeyinput; // default
 
+               if ( in_array($metakey, $protected) )
+                       return false;
+
                $result = $wpdb->query("
                                                INSERT INTO $wpdb->postmeta 
                                                (post_id,meta_key,meta_value) 
@@ -919,6 +968,7 @@ function add_meta($post_ID) {
 
 function delete_meta($mid) {
        global $wpdb;
+       $mid = (int) $mid;
 
        $result = $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'");
 }
@@ -926,6 +976,14 @@ function delete_meta($mid) {
 function update_meta($mid, $mkey, $mvalue) {
        global $wpdb;
 
+       $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
+
+       if ( in_array($mkey, $protected) )
+               return false;
+
+       $mvalue = maybe_serialize(stripslashes($mvalue));
+       $mvalue = $wpdb->escape($mvalue);
+       $mid = (int) $mid;
        return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'");
 }
 
@@ -1081,15 +1139,13 @@ function save_mod_rewrite_rules() {
 }
 
 function the_quicktags() {
-       // Browser detection sucks, but until Safari supports the JS needed for this to work people just assume it's a bug in WP
-       if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Safari'))
                echo '
                <div id="quicktags">
                        <script src="../wp-includes/js/quicktags.js" type="text/javascript"></script>
                        <script type="text/javascript">if ( typeof tinyMCE == "undefined" || tinyMCE.configs.length < 1 ) edToolbar();</script>
                </div>
 ';
-       else echo '
+       echo '
 <script type="text/javascript">
 function edInsertContent(myField, myValue) {
        //IE support
@@ -1547,25 +1603,23 @@ function get_plugins() {
                }
        }
 
-       if (!$plugins_dir || !$plugin_files) {
+       if ( !$plugins_dir || !$plugin_files )
                return $wp_plugins;
-       }
 
-       sort($plugin_files);
-
-       foreach ($plugin_files as $plugin_file) {
+       foreach ( $plugin_files as $plugin_file ) {
                if ( !is_readable("$plugin_root/$plugin_file"))
                        continue;
 
                $plugin_data = get_plugin_data("$plugin_root/$plugin_file");
 
-               if (empty ($plugin_data['Name'])) {
+               if ( empty ($plugin_data['Name']) )
                        continue;
-               }
 
                $wp_plugins[plugin_basename($plugin_file)] = $plugin_data;
        }
 
+       uasort($wp_plugins, create_function('$a, $b', 'return strnatcasecmp($a["Name"], $b["Name"]);'));
+
        return $wp_plugins;
 }
 
@@ -1774,7 +1828,8 @@ o.action.value = 'view';
 o.submit();
 }
 </script>
-<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo $action ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo attribute_escape($action) ?>">
+<?php wp_nonce_field('import-upload'); ?>
 <label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" />
 <input type="hidden" name="action" value="save" />
 <div id="buttons">
index 195e35ccf1e69860b34b7aeec0467d95880ca2d1..2fa3c842b7c62fe864b55077b1f12f49cb09a450 100644 (file)
@@ -37,7 +37,7 @@ else
        
   
 $content  = wp_specialchars($_REQUEST['content']);
-$popupurl = wp_specialchars($_REQUEST['popupurl']);
+$popupurl = clean_url(stripslashes($_REQUEST['popupurl']));
     if ( !empty($content) ) {
         $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
     } else {
index 30d37c8b4b58dd0bc2ce821297b787ceb80a270f..d26a847bbbc38b8ab61dd5107fe5354cb4af7653 100644 (file)
@@ -33,6 +33,7 @@ case 'addcat':
        wp_insert_category($_POST);
 
        wp_redirect('categories.php?message=1#addcat');
+       exit;
 break;
 
 case 'delete':
@@ -51,7 +52,7 @@ case 'delete':
        wp_delete_category($cat_ID);
 
        wp_redirect('categories.php?message=2');
-
+       exit;
 break;
 
 case 'edit':
@@ -68,12 +69,12 @@ case 'edit':
          <table class="editform" width="100%" cellspacing="2" cellpadding="5">
                <tr>
                  <th width="33%" scope="row"><?php _e('Category name:') ?></th>
-                 <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
+                 <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
 <input type="hidden" name="cat_ID" value="<?php echo $category->cat_ID ?>" /></td>
                </tr>
                <tr>
                        <th scope="row"><?php _e('Category slug:') ?></th>
-                       <td><input name="category_nicename" type="text" value="<?php echo wp_specialchars($category->category_nicename); ?>" size="40" /></td>
+                       <td><input name="category_nicename" type="text" value="<?php echo attribute_escape($category->category_nicename); ?>" size="40" /></td>
                </tr>
                <tr>
                        <th scope="row"><?php _e('Category parent:') ?></th>
@@ -85,7 +86,7 @@ case 'edit':
                </tr>
                <tr>
                        <th scope="row"><?php _e('Description:') ?></th>
-                       <td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description, 1); ?></textarea></td>
+                       <td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description); ?></textarea></td>
                </tr>
                </table>
          <p class="submit"><input type="submit" name="submit" value="<?php _e('Edit category') ?> &raquo;" /></p>
@@ -106,6 +107,7 @@ case 'editedcat':
        wp_update_category($_POST);
 
        wp_redirect('categories.php?message=3');
+       exit;
 break;
 
 default:
index 88e672a7185714c09e8b1c8cbdabef9c19f9b876..ab0f0a8e46e538f8183d6304d987de7380f13718 100644 (file)
@@ -7,7 +7,7 @@ $list_js = true;
 
 require_once('admin-header.php');
 if (empty($_GET['mode'])) $mode = 'view';
-else $mode = wp_specialchars($_GET['mode'], 1);
+else $mode = attribute_escape($_GET['mode']);
 ?>
 
 <script type="text/javascript">
@@ -30,7 +30,7 @@ function checkAll(form)
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Show Comments That Contain...') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  />  
   <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
   <?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
@@ -44,7 +44,7 @@ if ( !empty( $_POST['delete_comments'] ) ) :
        $i = 0;
        foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
                $comment = (int) $comment;
-               $post_id = $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
+               $post_id = (int) $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
                $authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
                if ( current_user_can('edit_post', $post_id) ) :
                        wp_set_comment_status($comment, "delete");
index 7ac1eecda8278d888f72e83d97cb5c0f19881c8f..e7490fe25c1b385da5000a24b2152fc14917be9a 100644 (file)
@@ -1,10 +1,12 @@
 <?php
+if ( isset($_GET['message']) )
+       $_GET['message'] = (int) $_GET['message'];
 $messages[1] = __('Post updated');
 $messages[2] = __('Custom field updated');
 $messages[3] = __('Custom field deleted.');
 ?>
 <?php if (isset($_GET['message'])) : ?>
-<div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>
+<div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div>
 <?php endif; ?>
 
 <form name="post" action="post.php" method="post" id="post">
@@ -24,35 +26,36 @@ if (0 == $post_ID) {
        $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
        wp_nonce_field('add-post');
 } else {
+       $post_ID = (int) $post_ID;
        $form_action = 'editpost';
        $form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
        wp_nonce_field('update-post_' .  $post_ID);
 }
 
-$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
+$form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />'; 
 
-$form_prevstatus = '<input type="hidden" name="prev_status" value="' . $post->post_status . '" />';
+$form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />'; 
 
-$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $post->to_ping) .'" />';
+$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';
 
 if ('' != $post->pinged) {
        $pings = '<p>'. __('Already pinged:') . '</p><ul>';
        $already_pinged = explode("\n", trim($post->pinged));
        foreach ($already_pinged as $pinged_url) {
-               $pings .= "\n\t<li>$pinged_url</li>";
+               $pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
        }
        $pings .= '</ul>';
 }
 
-$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . __('Save and Continue Editing') . '" />';
+$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape(__('Save and Continue Editing')) . '" />';
 
 if (empty($post->post_status)) $post->post_status = 'draft';
 
 ?>
 
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value="<?php echo $form_action ?>" />
-<input type="hidden" name="post_author" value="<?php echo $post->post_author ?>" />
+<input type="hidden" name="post_author" value="<?php echo attribute_escape($post->post_author) ?>" />
 
 <?php echo $form_extra ?>
 <?php if (isset($_GET['message']) && 2 > $_GET['message']) : ?>
@@ -82,12 +85,12 @@ addLoadEvent(focusit);
 
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3> 
-<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password) ?>" /></div>
 </fieldset>
 
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post slug') ?></h3> 
-<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name) ?>" /></div>
 </fieldset>
 
 <fieldset id="categorydiv" class="dbx-box">
@@ -97,7 +100,7 @@ addLoadEvent(focusit);
 <div id="categorychecklist"><?php dropdown_categories(get_settings('default_category')); ?></div></div>
 </fieldset>
 
-<fieldset class="dbx-box">
+<fieldset id="poststatusdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Status') ?></h3> 
 <div class="dbx-content"><?php if ( current_user_can('publish_posts') ) : ?>
 <label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post->post_status, 'publish'); ?> /> <?php _e('Published') ?></label>
@@ -107,7 +110,7 @@ addLoadEvent(focusit);
 </fieldset>
 
 <?php if ( current_user_can('edit_posts') ) : ?>
-<fieldset class="dbx-box">
+<fieldset id="posttimestampdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3>
 <div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div>
 </fieldset>
@@ -123,7 +126,7 @@ foreach ($authors as $o) :
 $o = get_userdata( $o->ID );
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
-echo "<option value='$o->ID' $selected>$o->display_name</option>";
+echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars($o->display_name) . "</option>";
 endforeach;
 ?>
 </select>
@@ -138,7 +141,7 @@ endforeach;
 
 <fieldset id="titlediv">
   <legend><?php _e('Title') ?></legend> 
-  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
 </fieldset>
 
 <fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
@@ -210,44 +213,44 @@ if ('publish' != $post->post_status || 0 == $post_ID) {
 ?>
 <input name="referredby" type="hidden" id="referredby" value="<?php 
 if ( !empty($_REQUEST['popupurl']) )
-       echo wp_specialchars($_REQUEST['popupurl']);
-else if ( url_to_postid(wp_get_referer()) == $post_ID )
+       echo attribute_escape(stripslashes($_REQUEST['popupurl']));
+else if ( url_to_postid(stripslashes(wp_get_referer())) == $post_ID )
        echo 'redo';
 else
-       echo wp_specialchars(wp_get_referer());
+       echo attribute_escape(stripslashes(wp_get_referer()));
 ?>" /></p>
 
 <?php do_action('edit_form_advanced'); ?>
 
 <?php
 if (current_user_can('upload_files')) {
-       $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
+       $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID);
        $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
        $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
        if ( false != $uploading_iframe_src )
-               echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+               echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
 }
 ?>
 
 <div id="advancedstuff" class="dbx-group" >
 
-<div class="dbx-box-wrapper">
+<div class="dbx-b-ox-wrapper">
 <fieldset id="postexcerpt" class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Optional Excerpt') ?></h3>
 </div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
 <div class="dbx-content"><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea></div>
 </div>
 </fieldset>
 </div>
 
-<div class="dbx-box-wrapper">
-<fieldset class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-b-ox-wrapper">
+<fieldset id="trackbacksdiv" class="dbx-box">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3>
 </div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
 <div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>)
 <?php 
 if ( ! empty($pings) )
@@ -258,12 +261,12 @@ if ( ! empty($pings) )
 </fieldset>
 </div>
 
-<div class="dbx-box-wrapper">
+<div class="dbx-b-ox-wrapper">
 <fieldset id="postcustom" class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
 </div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
 <div id="postcustomstuff" class="dbx-content">
 <?php 
 if($metadata = has_meta($post_ID)) {
@@ -276,6 +279,7 @@ if($metadata = has_meta($post_ID)) {
        meta_form();
 ?>
 </div>
+</div>
 </fieldset>
 </div>
 
index 2695c51c9b7f2b5b9794b2fd53aac964b02d0de9..7a09960724d4e7b5427dea83b61685d9cb0588cd 100644 (file)
@@ -8,7 +8,7 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment-
 <form name="post" action="post.php" method="post" id="post">
 <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
 <div class="wrap">
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
 
 <script type="text/javascript">
@@ -20,19 +20,19 @@ addLoadEvent(focusit);
 <fieldset id="namediv">
     <legend><?php _e('Name:') ?></legend>
        <div>
-         <input type="text" name="newcomment_author" size="22" value="<?php echo $comment->comment_author ?>" tabindex="1" id="name" />
+         <input type="text" name="newcomment_author" size="22" value="<?php echo attribute_escape($comment->comment_author); ?>" tabindex="1" id="name" />
     </div>
 </fieldset>
 <fieldset id="emaildiv">
         <legend><?php _e('E-mail:') ?></legend>
                <div>
-                 <input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email ?>" tabindex="2" id="email" />
+                 <input type="text" name="newcomment_author_email" size="30" value="<?php echo attribute_escape($comment->comment_author_email); ?>" tabindex="2" id="email" />
     </div>
 </fieldset>
 <fieldset id="uridiv">
         <legend><?php _e('URI:') ?></legend>
                <div>
-                 <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url ?>" tabindex="3" id="URL" />
+                 <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape($comment->comment_author_url); ?>" tabindex="3" id="URL" />
     </div>
 </fieldset>
 
index fd5efcea9b3a2daf38b3f9602ad3ec8375690f3a..de5937e38ef634040f8a13f219a483c125aa1e0f 100644 (file)
@@ -6,7 +6,7 @@
 <?php if (isset($mode) && 'bookmarklet' == $mode) : ?>
 <input type="hidden" name="mode" value="bookmarklet" />
 <?php endif; ?>
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='post' />
 
 <script type="text/javascript">
@@ -21,7 +21,7 @@ addLoadEvent(focusit);
 <div id="poststuff">
     <fieldset id="titlediv">
       <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend> 
-         <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+         <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
     </fieldset>
 
     <fieldset id="categorydiv">
@@ -49,7 +49,7 @@ edCanvas = document.getElementById('content');
 //-->
 </script>
 
-<input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />
+<input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" />
 
 <p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Identifier">URI</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Identifier">URI</abbr>s with spaces.)<br />'), 'http://wordpress.org/docs/reference/post/#trackback') ?>
        <input type="text" name="trackback_url" style="width: 360px" id="trackback" tabindex="7" /></p>
@@ -64,7 +64,7 @@ edCanvas = document.getElementById('content');
 <?php if ('bookmarklet' != $mode) {
       echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />';
   } ?>
-  <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />
+  <input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" />
 </p>
 
 <?php do_action('simple_edit_form', ''); ?>
index fe5b6349aadbc043afe7ac6a76b420a33ddb6508..5111c0b86b9b30003ca23d6c91d1d9b3cb13081b 100644 (file)
@@ -230,7 +230,7 @@ function xfn_check($class, $value = '', $type = 'check') {
 <?php if ( $editing ) : ?>
           <input type="hidden" name="action" value="editlink" />
           <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
-          <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+          <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
           <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
 <?php else: ?>
                <input type="hidden" name="action" value="Add" />
index c9b7ef5b305eb4b2b568c92c802895636eeb23e4..b0e603e0061265d7b2988d9503bca308507e11c8 100644 (file)
@@ -9,16 +9,19 @@ if (0 == $post_ID) {
        $temp_ID = -1 * time();
        $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
 } else {
+       $post_ID = (int) $post_ID;
        $form_action = 'editpost';
        $nonce_action = 'update-post_' . $post_ID;
        $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }
 
-$sendto = wp_get_referer();
+$temp_ID = (int) $temp_ID;
+$user_ID = (int) $user_ID;
+
+$sendto = attribute_escape(wp_get_referer());
 
 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
        $sendto = 'redo';
-$sendto = wp_specialchars( $sendto );
 
 ?>
 
@@ -61,7 +64,7 @@ addLoadEvent(focusit);
 
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3> 
-<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /></div>
 </fieldset>
 
 <fieldset id="pageparent" class="dbx-box">
@@ -86,7 +89,7 @@ addLoadEvent(focusit);
 
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post slug') ?></h3> 
-<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name); ?>" /></div>
 </fieldset>
 
 <?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
@@ -99,6 +102,8 @@ foreach ($authors as $o) :
 $o = get_userdata( $o->ID );
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
+$o->ID = (int) $o->ID;
+$o->display_name = wp_specialchars( $o->display_name );
 echo "<option value='$o->ID' $selected>$o->display_name</option>";
 endforeach;
 ?>
@@ -119,7 +124,7 @@ endforeach;
 
 <fieldset id="titlediv">
   <legend><?php _e('Page Title') ?></legend> 
-  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
 </fieldset>
 
 
@@ -193,7 +198,7 @@ if (current_user_can('upload_files')) {
        $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
        $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
        if ( false != $uploading_iframe_src )
-               echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+               echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
 }
 ?>
 
@@ -224,8 +229,8 @@ if($metadata = has_meta($post_ID)) {
        $delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); ?>
        <input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>
-</form>
-
 </div>
 
+</form>
+
 </div>
index 9dc89d78275615a3ae75d3571702f14b292e5be7..e108407d3b4c299b7a49b07f5bfaf94e97194e79 100644 (file)
@@ -13,7 +13,7 @@ require_once('admin-header.php');
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Search Pages&hellip;') ?></legend>
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
   </fieldset>
 </form>
index eb67c80a6e36fbed184c42dcd2ca7121ea23de8c..df86317e387b6bfbcfda2abc09b05fe8ff142180 100644 (file)
@@ -79,7 +79,7 @@ if ( is_month() ) {
 <form name="searchform" action="" method="get" style="float: left; width: 16em; margin-right: 3em;"> 
   <fieldset> 
   <legend><?php _e('Search Posts&hellip;') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
   </fieldset>
 </form>
index d35f84219c83731d405ada2e15b5af95d517b17a..0772eb1db20aef146f0372ed7aca55f8dcc8703d 100644 (file)
@@ -7,14 +7,15 @@ class Blogger_Import {
 
        // Shows the welcome screen and the magic iframe.
        function greet() {
-               $title = __('Import Blogger');
-               $welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.');
+               $title = __('Import Old Blogger');
+               $welcome = __('Howdy! This importer allows you to import posts and comments from your Old Blogger account into your WordPress blog.');
                $noiframes = __('This feature requires iframe support.');
                $warning = __('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?');
                $reset = __('Reset this importer');
                $incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.');
 
                echo "<div class='wrap'><h2>$title</h2><p>$welcome</p>";
+               echo "<p>" . __('Please note that this importer <em>does not work with Blogger (using your Google account)</em>.') . "</p>";
                if ( function_exists('curl_init') )
                        echo "<iframe src='admin.php?import=blogger&amp;noheader=true' height='350px' width = '99%'>$noiframes</iframe><p><a href='admin.php?import=blogger&amp;restart=true&amp;noheader=true' onclick='return confirm(\"$warning\")'>$reset</a></p>";
                else
@@ -135,13 +136,13 @@ class Blogger_Import {
                curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
                if ($header) curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
                $response = curl_exec ($ch);
-       
+
                if ($parse) {
                        $response = $this->parse_response($response);
                        $response['url'] = $url;
                        return $response;
                }
-       
+
                return $response;
        }
 
@@ -210,7 +211,7 @@ class Blogger_Import {
                $this->import['blogs'][$_GET['blog']]['nextstep'] = $step;
                update_option('import-blogger', $this->import);
        }
-       
+
        // Redirects to next step
        function do_next_step() {
                wp_redirect("admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
@@ -224,13 +225,13 @@ class Blogger_Import {
                        if ( ! ( $_POST['user'] && $_POST['pass'] ) ) {
                                $this->login_form(__('The script will log into your Blogger account, change some settings so it can read your blog, and restore the original settings when it\'s done. Here\'s what you do:').'</p><ol><li>'.__('Back up your Blogger template.').'</li><li>'.__('Back up any other Blogger settings you might need later.').'</li><li>'.__('Log out of Blogger').'</li><li>'.__('Log in <em>here</em> with your Blogger username and password.').'</li><li>'.__('On the next screen, click one of your Blogger blogs.').'</li><li>'.__('Do not close this window or navigate away until the process is complete.').'</li></ol>');
                        }
-               
-                       // Try logging in. If we get an array of cookies back, we at least connected.           
+
+                       // Try logging in. If we get an array of cookies back, we at least connected.
                        $this->import['cookies'] = $this->login_blogger($_POST['user'], $_POST['pass']);
                        if ( !is_array( $this->import['cookies'] ) ) {
                                $this->login_form(__('Login failed. Please enter your credentials again.'));
                        }
-                       
+
                        // Save the password so we can log the browser in when it's time to publish.
                        $this->import['pass'] = $_POST['pass'];
                        $this->import['user'] = $_POST['user'];
@@ -341,7 +342,7 @@ class Blogger_Import {
                                $form = "<div style='height:0px;width:0px;overflow:hidden;'>";
                                $form.= $body;
                                $form.= "</div><script type='text/javascript'>forms=document.getElementsByTagName('form');for(i=0;i<forms.length;i++){if(forms[i].action.search('{$blog_opt}')){forms[i].submit();break;}}</script>";
-                               $output.= '<p>'.sprintf('<strong>%s</strong> in progress, please wait...', $blog_opt)."</p>\n";
+                               $output.= '<p>'.sprintf(__('<strong>%s</strong> in progress, please wait...'), $blog_opt)."</p>\n";
                        } else {
                                $output.= "<p>$blog_opt</p>\n";
                        }
@@ -395,7 +396,7 @@ class Blogger_Import {
                                update_option('import-blogger', $import);
                                $archive = $this->get_blogger($url);
                                if ( $archive['code'] > 200 )
-                                       continue;       
+                                       continue;
                                $posts = explode('<wordpresspost>', $archive['body']);
                                for ($i = 1; $i < count($posts); $i = $i + 1) {
                                        $postparts = explode('<wordpresscomment>', $posts[$i]);
@@ -409,7 +410,7 @@ class Blogger_Import {
                                        $post_title = ( $postinfo[4] != '' ) ? $postinfo[4] : $postinfo[3];
                                        $post_author_name = $wpdb->escape(trim($postinfo[1]));
                                        $post_author_email = $postinfo[5] ? $postinfo[5] : 'user@wordpress.org';
-       
+
                                        if ( $this->lump_authors ) {
                                                // Ignore Blogger authors. Use the current user_ID for all posts imported.
                                                $post_author = $GLOBALS['user_ID'];
@@ -420,7 +421,7 @@ class Blogger_Import {
                                                        $user_email = $wpdb->escape($post_author_email);
                                                        $user_password = substr(md5(uniqid(microtime())), 0, 6);
                                                        $result = wp_create_user( $user_login, $user_password, $user_email );
-                                                       $status.= sprintf('Registered user <strong>%s</strong>.', $user_login);
+                                                       $status.= sprintf(__('Registered user <strong>%s</strong>.'), $user_login);
                                                        $this->import['blogs'][$_GET['blog']]['newusers'][] = $user_login;
                                                }
                                                $userdata = get_userdatabylogin( $post_author_name );
@@ -435,21 +436,21 @@ class Blogger_Import {
                                        $posthour = zeroise($post_date_His[0], 2);
                                        $postminute = zeroise($post_date_His[1], 2);
                                        $postsecond = zeroise($post_date_His[2], 2);
-       
+
                                        if (($post_date[2] == 'PM') && ($posthour != '12'))
                                                $posthour = $posthour + 12;
                                        else if (($post_date[2] == 'AM') && ($posthour == '12'))
                                                $posthour = '00';
-       
+
                                        $post_date = "$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
-       
+
                                        $post_content = addslashes($post_content);
                                        $post_content = str_replace(array('<br>','<BR>','<br/>','<BR/>','<br />','<BR />'), "\n", $post_content); // the XHTML touch... ;)
-       
+
                                        $post_title = addslashes($post_title);
-                       
+
                                        $post_status = 'publish';
-       
+
                                        if ( $ID = post_exists($post_title, '', $post_date) ) {
                                                $post_array[$i]['ID'] = $ID;
                                                $skippedpostcount++;
@@ -509,7 +510,7 @@ class Blogger_Import {
                                        }
                                }
                                $status = sprintf(__('%s post(s) parsed, %s skipped...'), $postcount,  $skippedpostcount).' '.
-                                       sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcoun, $skippedcommentcount).' '.
+                                       sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcount, $skippedcommentcount).' '.
                                        ' <strong>'.__('Done').'</strong>';
                                $import = $this->import;
                                $import['blogs'][$_GET['blog']]['archives']["$url"] = $status;
@@ -546,7 +547,7 @@ class Blogger_Import {
                                                $response = $this->get_blogger("http://www.blogger.com/blog-publishing.g?blogID={$_GET['blog']}&publishMode={$optary['backup']['publishMode']}", $headers);
                                                sleep(2);
                                                if ( $response['code'] >= 400 )
-                                                       die('<h1>Error restoring publishMode.</h1><p>Please tell the devs.</p>' . addslashes(print_r($response, 1)) );
+                                                       die('<h1>'.__('Error restoring publishMode').'</h1><p>'.__('Please tell the devs.').'</p>' . addslashes(print_r($response, 1)) );
                                        }
                                }
                                if ( $optary['backup'] != $optary['modify'] ) {
@@ -597,11 +598,11 @@ class Blogger_Import {
                if ( $_GET['restart'] == 'true' ) {
                        $this->restart();
                }
-               
+
                if ( isset($_GET['noheader']) ) {
                        header('Content-Type: text/html; charset=utf-8');
 
-                       $this->import = get_settings('import-blogger');
+                       $this->import = get_option('import-blogger');
 
                        if ( false === $this->import ) {
                                $step = 0;
@@ -649,7 +650,7 @@ class Blogger_Import {
                                        break;
                        }
                        die;
-                       
+
                } else {
                        $this->greet();
                }
@@ -662,6 +663,6 @@ class Blogger_Import {
 
 $blogger_import = new Blogger_Import();
 
-register_importer('blogger', 'Blogger', __('Import posts and comments from a Blogger account'), array ($blogger_import, 'start'));
+register_importer('blogger', __('Old Blogger'), __('Import <strong>posts and comments</strong> from your Old Blogger account'), array ($blogger_import, 'start'));
 
 ?>
index b4f2cd34400c1fab2ee9b7b0efe6d2b1ab298b2e..fd4f2d65cf3c07421184ad90be35f423b0ebf495 100644 (file)
@@ -1,16 +1,21 @@
 <?php
+/*
+ * DotClear import plugin
+ * by Thomas Quinot - http://thomas.quinot.org/
+ */
+
 /**
        Add These Functions to make our lives easier
 **/
 if(!function_exists('get_catbynicename'))
 {
-       function get_catbynicename($category_nicename) 
+       function get_catbynicename($category_nicename)
        {
        global $wpdb;
-       
+
        $cat_id -= 0;   // force numeric
        $name = $wpdb->get_var('SELECT cat_ID FROM '.$wpdb->categories.' WHERE category_nicename="'.$category_nicename.'"');
-       
+
        return $name;
        }
 }
@@ -55,57 +60,58 @@ if(!function_exists('link_exists'))
 //
 //    This cries out for a C-implementation to be included in PHP core
 //
-   function valid_1byte($char) {
-       if(!is_int($char)) return false;
-       return ($char & 0x80) == 0x00;
-   }
-  
-   function valid_2byte($char) {
-       if(!is_int($char)) return false;
-       return ($char & 0xE0) == 0xC0;
-   }
-
-   function valid_3byte($char) {
-       if(!is_int($char)) return false;
-       return ($char & 0xF0) == 0xE0;
-   }
-
-   function valid_4byte($char) {
-       if(!is_int($char)) return false;
-       return ($char & 0xF8) == 0xF0;
-   }
-  
-   function valid_nextbyte($char) {
-       if(!is_int($char)) return false;
-       return ($char & 0xC0) == 0x80;
-   }
-  
-   function valid_utf8($string) {
-       $len = strlen($string);
-       $i = 0;   
-       while( $i < $len ) {
-           $char = ord(substr($string, $i++, 1));
-           if(valid_1byte($char)) {    // continue
-               continue;
-           } else if(valid_2byte($char)) { // check 1 byte
-               if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-                   return false;
-           } else if(valid_3byte($char)) { // check 2 bytes
-               if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-                   return false;
-               if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-                   return false;
-           } else if(valid_4byte($char)) { // check 3 bytes
-               if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-                   return false;
-               if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-                   return false;
-               if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-                   return false;
-           } // goto next char
-       }
-       return true; // done
-   }
+
+function valid_1byte($char) {
+       if(!is_int($char)) return false;
+               return ($char & 0x80) == 0x00;
+}
+
+function valid_2byte($char) {
+       if(!is_int($char)) return false;
+               return ($char & 0xE0) == 0xC0;
+}
+
+function valid_3byte($char) {
+       if(!is_int($char)) return false;
+               return ($char & 0xF0) == 0xE0;
+}
+
+function valid_4byte($char) {
+       if(!is_int($char)) return false;
+               return ($char & 0xF8) == 0xF0;
+}
+
+function valid_nextbyte($char) {
+       if(!is_int($char)) return false;
+               return ($char & 0xC0) == 0x80;
+}
+
+function valid_utf8($string) {
+       $len = strlen($string);
+       $i = 0;
+       while( $i < $len ) {
+               $char = ord(substr($string, $i++, 1));
+               if(valid_1byte($char)) {    // continue
+                       continue;
+               } else if(valid_2byte($char)) { // check 1 byte
+                       if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+                               return false;
+               } else if(valid_3byte($char)) { // check 2 bytes
+                       if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+                               return false;
+                       if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+                               return false;
+               } else if(valid_4byte($char)) { // check 3 bytes
+                       if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+                               return false;
+                       if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+                               return false;
+                       if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+                               return false;
+               } // goto next char
+       }
+       return true; // done
+}
 
 function csc ($s) {
        if (valid_utf8 ($s)) {
@@ -127,7 +133,7 @@ class Dotclear_Import {
        function header() 
        {
                echo '<div class="wrap">';
-               echo '<h2>'.__('Import Dotclear').'</h2>';
+               echo '<h2>'.__('Import DotClear').'</h2>';
                echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'</p>';
        }
 
@@ -135,78 +141,79 @@ class Dotclear_Import {
        {
                echo '</div>';
        }
-       
+
        function greet() 
        {
-               echo '<p>'.__('Howdy! This importer allows you to extract posts from a Dotclear database into your blog.  Mileage may vary.').'</p>';
-               echo '<p>'.__('Your Dotclear Configuration settings are as follows:').'</p>';
+               echo '<div class="narrow"><p>'.__('Howdy! This importer allows you to extract posts from a DotClear database into your blog.  Mileage may vary.').'</p>';
+               echo '<p>'.__('Your DotClear Configuration settings are as follows:').'</p>';
                echo '<form action="admin.php?import=dotclear&amp;step=1" method="post">';
+               wp_nonce_field('import-dotclear');
                $this->db_form();
-               echo '<input type="submit" name="submit" value="'.__('Import Categories').'" />';
-               echo '</form>';
+               echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories &raquo;')).'" /></p>';
+               echo '</form></div>';
        }
 
-       function get_dc_cats() 
+       function get_dc_cats()
        {
                global $wpdb;
                // General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
-               $prefix = get_option('tpre');
-               
+               $dbprefix = get_option('dcdbprefix');
+
                // Get Categories
-               return $dcdb->get_results('SELECT * FROM dc_categorie', ARRAY_A);
+               return $dcdb->get_results('SELECT * FROM '.$dbprefix.'categorie', ARRAY_A);
        }
-       
+
        function get_dc_users()
        {
                global $wpdb;
                // General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
-               $prefix = get_option('tpre');
-               
+               $dbprefix = get_option('dcdbprefix');
+
                // Get Users
-               
-               return $dcdb->get_results('SELECT * FROM dc_user', ARRAY_A);
+
+               return $dcdb->get_results('SELECT * FROM '.$dbprefix.'user', ARRAY_A);
        }
-       
+
        function get_dc_posts()
        {
                // General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
-               $prefix = get_option('tpre');
-               
+               $dbprefix = get_option('dcdbprefix');
+
                // Get Posts
-               return $dcdb->get_results('SELECT dc_post.*, dc_categorie.cat_libelle_url AS post_cat_name
-                                               FROM dc_post INNER JOIN dc_categorie
-                                                 ON dc_post.cat_id = dc_categorie.cat_id', ARRAY_A);
+               return $dcdb->get_results('SELECT '.$dbprefix.'post.*, '.$dbprefix.'categorie.cat_libelle_url AS post_cat_name
+                                               FROM '.$dbprefix.'post INNER JOIN '.$dbprefix.'categorie
+                                               ON '.$dbprefix.'post.cat_id = '.$dbprefix.'categorie.cat_id', ARRAY_A);
        }
-       
+
        function get_dc_comments()
        {
                global $wpdb;
                // General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
-               $prefix = get_option('tpre');
-               
+               $dbprefix = get_option('dcdbprefix');
+
                // Get Comments
-               return $dcdb->get_results('SELECT * FROM dc_comment', ARRAY_A);
+               return $dcdb->get_results('SELECT * FROM '.$dbprefix.'comment', ARRAY_A);
        }
-       
+
        function get_dc_links()
        {
                //General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
-               $prefix = get_option('tpre');
+               $dbprefix = get_option('dcdbprefix');
 
-               return $dcdb->get_results('SELECT * FROM dc_link ORDER BY position', ARRAY_A);
+               return $dcdb->get_results('SELECT * FROM '.$dbprefix.'link ORDER BY position', ARRAY_A);
        }
-       
-       function cat2wp($categories='') 
+
+       function cat2wp($categories='')
        {
                // General Housekeeping
                global $wpdb;
@@ -216,11 +223,11 @@ class Dotclear_Import {
                if(is_array($categories))
                {
                        echo '<p>'.__('Importing Categories...').'<br /><br /></p>';
-                       foreach ($categories as $category) 
+                       foreach ($categories as $category)
                        {
                                $count++;
                                extract($category);
-                               
+
                                // Make Nice Variables
                                $name = $wpdb->escape($cat_libelle_url);
                                $title = $wpdb->escape(csc ($cat_libelle));
@@ -236,7 +243,7 @@ class Dotclear_Import {
                                }
                                $dccat2wpcat[$id] = $ret_id;
                        }
-                       
+
                        // Store category translation for future use
                        add_option('dccat2wpcat',$dccat2wpcat);
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> categories imported.'), $count).'<br /><br /></p>';
@@ -245,14 +252,14 @@ class Dotclear_Import {
                echo __('No Categories to Import!');
                return false;
        }
-       
+
        function users2wp($users='')
        {
                // General Housekeeping
                global $wpdb;
                $count = 0;
                $dcid2wpid = array();
-               
+
                // Midnight Mojo
                if(is_array($users))
                {
@@ -261,14 +268,14 @@ class Dotclear_Import {
                        {
                                $count++;
                                extract($user);
-                               
+
                                // Make Nice Variables
                                $name = $wpdb->escape(csc ($name));
                                $RealName = $wpdb->escape(csc ($user_pseudo));
-                               
+
                                if($uinfo = get_userdatabylogin($name))
                                {
-                                       
+
                                        $ret_id = wp_insert_user(array(
                                                                'ID'            => $uinfo->ID,
                                                                'user_login'    => $user_id,
@@ -278,7 +285,7 @@ class Dotclear_Import {
                                                                'display_name'  => $Realname)
                                                                );
                                }
-                               else 
+                               else
                                {
                                        $ret_id = wp_insert_user(array(
                                                                'user_login'    => $user_id,
@@ -289,9 +296,9 @@ class Dotclear_Import {
                                                                );
                                }
                                $dcid2wpid[$user_id] = $ret_id;
-                               
-                               // Set Dotclear-to-WordPress permissions translation
-                               
+
+                               // Set DotClear-to-WordPress permissions translation
+
                                // Update Usermeta Data
                                $user = new WP_User($ret_id);
                                $wp_perms = $user_level + 1;
@@ -302,26 +309,26 @@ class Dotclear_Import {
                                else if(3  <= $wp_perms) { $user->set_role('contributor'); }
                                else if(2  <= $wp_perms) { $user->set_role('contributor'); }
                                else                     { $user->set_role('subscriber'); }
-                               
+
                                update_usermeta( $ret_id, 'wp_user_level', $wp_perms);
                                update_usermeta( $ret_id, 'rich_editing', 'false');
                                update_usermeta( $ret_id, 'first_name', csc ($user_prenom));
                                update_usermeta( $ret_id, 'last_name', csc ($user_nom));
                        }// End foreach($users as $user)
-                       
+
                        // Store id translation array for future use
                        add_option('dcid2wpid',$dcid2wpid);
-                       
-                       
+
+
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> users imported.'), $count).'<br /><br /></p>';
                        return true;
                }// End if(is_array($users)
-               
+
                echo __('No Users to Import!');
                return false;
-               
+
        }// End function user2wp()
-       
+
        function posts2wp($posts='')
        {
                // General Housekeeping
@@ -338,17 +345,18 @@ class Dotclear_Import {
                        {
                                $count++;
                                extract($post);
-                               
-                               // Set Dotclear-to-WordPress status translation
+
+                               // Set DotClear-to-WordPress status translation
                                $stattrans = array(0 => 'draft', 1 => 'publish');
                                $comment_status_map = array (0 => 'closed', 1 => 'open');
-                               
+
                                //Can we do this more efficiently?
                                $uinfo = ( get_userdatabylogin( $user_id ) ) ? get_userdatabylogin( $user_id ) : 1;
                                $authorid = ( is_object( $uinfo ) ) ? $uinfo->ID : $uinfo ;
 
                                $Title = $wpdb->escape(csc ($post_titre));
                                $post_content = textconv ($post_content);
+                               $post_excerpt = "";
                                if ($post_chapo != "") {
                                        $post_excerpt = textconv ($post_chapo);
                                        $post_content = $post_excerpt ."\n<!--more-->\n".$post_content;
@@ -356,9 +364,9 @@ class Dotclear_Import {
                                $post_excerpt = $wpdb->escape ($post_excerpt);
                                $post_content = $wpdb->escape ($post_content);
                                $post_status = $stattrans[$post_pub];
-                               
+
                                // Import Post data into WordPress
-                               
+
                                if($pinfo = post_exists($Title,$post_content))
                                {
                                        $ret_id = wp_insert_post(array(
@@ -378,7 +386,7 @@ class Dotclear_Import {
                                                        'comment_count'         => $post_nb_comment + $post_nb_trackback)
                                                        );
                                }
-                               else 
+                               else
                                {
                                        $ret_id = wp_insert_post(array(
                                                        'post_author'           => $authorid,
@@ -397,7 +405,7 @@ class Dotclear_Import {
                                                        );
                                }
                                $dcposts2wpposts[$post_id] = $ret_id;
-                               
+
                                // Make Post-to-Category associations
                                $cats = array();
                                if($cat1 = get_catbynicename($post_cat_name)) { $cats[1] = $cat1; }
@@ -407,11 +415,11 @@ class Dotclear_Import {
                }
                // Store ID translation for later use
                add_option('dcposts2wpposts',$dcposts2wpposts);
-               
+
                echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> posts imported.'), $count).'<br /><br /></p>';
-               return true;    
+               return true;
        }
-       
+
        function comments2wp($comments='')
        {
                // General Housekeeping
@@ -419,7 +427,7 @@ class Dotclear_Import {
                $count = 0;
                $dccm2wpcm = array();
                $postarr = get_option('dcposts2wpposts');
-               
+
                // Magic Mojo
                if(is_array($comments))
                {
@@ -428,16 +436,16 @@ class Dotclear_Import {
                        {
                                $count++;
                                extract($comment);
-                               
+
                                // WordPressify Data
-                               $comment_ID = ltrim($comment_id, '0');
-                               $comment_post_ID = $postarr[$post_id];
+                               $comment_ID = (int) ltrim($comment_id, '0');
+                               $comment_post_ID = (int) $postarr[$post_id];
                                $comment_approved = "$comment_pub";
                                $name = $wpdb->escape(csc ($comment_auteur));
                                $email = $wpdb->escape($comment_email);
                                $web = "http://".$wpdb->escape($comment_site);
                                $message = $wpdb->escape(textconv ($comment_content));
-                               
+
                                if($cinfo = comment_exists($name, $comment_dt))
                                {
                                        // Update comments
@@ -454,7 +462,7 @@ class Dotclear_Import {
                                                        'comment_approved'      => $comment_approved)
                                                        );
                                }
-                               else 
+                               else
                                {
                                        // Insert comments
                                        $ret_id = wp_insert_comment(array(
@@ -472,25 +480,25 @@ class Dotclear_Import {
                                $dccm2wpcm[$comment_ID] = $ret_id;
                        }
                        // Store Comment ID translation for future use
-                       add_option('dccm2wpcm', $dccm2wpcm);                    
-                       
+                       add_option('dccm2wpcm', $dccm2wpcm);
+
                        // Associate newly formed categories with posts
                        get_comment_count($ret_id);
-                       
-                       
+
+
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> comments imported.'), $count).'<br /><br /></p>';
                        return true;
                }
                echo __('No Comments to Import!');
                return false;
        }
-       
+
        function links2wp($links='')
        {
                // General Housekeeping
                global $wpdb;
                $count = 0;
-               
+
                // Deal with the links
                if(is_array($links))
                {
@@ -499,7 +507,7 @@ class Dotclear_Import {
                        {
                                $count++;
                                extract($link);
-                               
+
                                if ($title != "") {
                                        if ($cinfo = link_cat_exists (csc ($title))) {
                                                $category = $cinfo;
@@ -511,7 +519,7 @@ class Dotclear_Import {
                                } else {
                                        $linkname = $wpdb->escape(csc ($label));
                                        $description = $wpdb->escape(csc ($title));
-                               
+
                                        if($linfo = link_exists($linkname)) {
                                                $ret_id = wp_insert_link(array(
                                                                        'link_id'               => $linfo,
@@ -540,70 +548,75 @@ class Dotclear_Import {
                echo __('No Links to Import!');
                return false;
        }
-               
-       function import_categories() 
-       {       
-               // Category Import      
+
+       function import_categories()
+       {
+               // Category Import
                $cats = $this->get_dc_cats();
                $this->cat2wp($cats);
                add_option('dc_cats', $cats);
-               
-               
-                       
+
+
+
                echo '<form action="admin.php?import=dotclear&amp;step=2" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
+               wp_nonce_field('import-dotclear');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
                echo '</form>';
 
        }
-       
+
        function import_users()
        {
                // User Import
-               $users = $this->get_dc_users(); 
+               $users = $this->get_dc_users();
                $this->users2wp($users);
-               
+
                echo '<form action="admin.php?import=dotclear&amp;step=3" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
+               wp_nonce_field('import-dotclear');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
                echo '</form>';
        }
-       
+
        function import_posts()
        {
                // Post Import
                $posts = $this->get_dc_posts();
                $this->posts2wp($posts);
-               
+
                echo '<form action="admin.php?import=dotclear&amp;step=4" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
+               wp_nonce_field('import-dotclear');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
                echo '</form>';
        }
-       
+
        function import_comments()
        {
                // Comment Import
                $comments = $this->get_dc_comments();
                $this->comments2wp($comments);
-               
+
                echo '<form action="admin.php?import=dotclear&amp;step=5" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
+               wp_nonce_field('import-dotclear');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
                echo '</form>';
        }
-       
+
        function import_links()
        {
                //Link Import
                $links = $this->get_dc_links();
                $this->links2wp($links);
                add_option('dc_links', $links);
-               
+
                echo '<form action="admin.php?import=dotclear&amp;step=6" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
+               wp_nonce_field('import-dotclear');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
                echo '</form>';
        }
-       
+
        function cleanup_dcimport()
        {
-               delete_option('tpre');
+               delete_option('dcdbprefix');
                delete_option('dc_cats');
                delete_option('dcid2wpid');
                delete_option('dccat2wpcat');
@@ -617,39 +630,39 @@ class Dotclear_Import {
                delete_option('dccharset');
                $this->tips();
        }
-       
+
        function tips()
        {
-               echo '<p>'.__('Welcome to WordPress.  We hope (and expect!) that you will find this platform incredibly rewarding!  As a new WordPress user coming from Dotclear, there are some things that we would like to point out.  Hopefully, they will help your transition go as smoothly as possible.').'</p>';
+               echo '<p>'.__('Welcome to WordPress.  We hope (and expect!) that you will find this platform incredibly rewarding!  As a new WordPress user coming from DotClear, there are some things that we would like to point out.  Hopefully, they will help your transition go as smoothly as possible.').'</p>';
                echo '<h3>'.__('Users').'</h3>';
-               echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password.  Forget it.  You didn\'t have that login in Dotclear, why should you have it here?  Instead we have taken care to import all of your users into our system.  Unfortunately there is one downside.  Because both WordPress and Dotclear uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users.  <strong>Every user has the same username, but their passwords are reset to password123.</strong>  So <a href="%1$s">Login</a> and change it.'), '/wp-login.php').'</p>';
+               echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password.  Forget it.  You didn\'t have that login in DotClear, why should you have it here?  Instead we have taken care to import all of your users into our system.  Unfortunately there is one downside.  Because both WordPress and DotClear uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users.  <strong>Every user has the same username, but their passwords are reset to password123.</strong>  So <a href="%1$s">Login</a> and change it.'), '/wp-login.php').'</p>';
                echo '<h3>'.__('Preserving Authors').'</h3>';
                echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
                echo '<h3>'.__('Textile').'</h3>';
-               echo '<p>'.__('Also, since you\'re coming from Dotclear, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/2004/04/19/wordpress-plugin-textile-20/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
+               echo '<p>'.__('Also, since you\'re coming from DotClear, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
                echo '<h3>'.__('WordPress Resources').'</h3>';
                echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
                echo '<ul>';
                echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
-               echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums').'</li>';
+               echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
                echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
                echo '</ul>';
-               echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
+               echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '../wp-login.php').'</p>';
        }
-       
+
        function db_form()
        {
-               echo '<ul>';
-               printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Dotclear Database User:'));
-               printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Dotclear Database Password:'));
-               printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" id="dbname" /></li>', __('Dotclear Database Name:'));
-               printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" id="dbhost" value="localhost" /></li>', __('Dotclear Database Host:'));
-               /* printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" /></li>', __('Dotclear Table prefix (if any):')); */
-               printf('<li><label for="dccharset">%s</label> <input type="text" id="dccharset" name="dccharset" value="ISO-8859-15"/></li>', __('Originating character set:'));
-               echo '</ul>';
+               echo '<table class="editform">';
+               printf('<tr><th><label for="dbuser">%s</label></th><td><input type="text" name="dbuser" id="dbuser" /></td></tr>', __('DotClear Database User:'));
+               printf('<tr><th><label for="dbpass">%s</label></th><td><input type="password" name="dbpass" id="dbpass" /></td></tr>', __('DotClear Database Password:'));
+               printf('<tr><th><label for="dbname">%s</label></th><td><input type="text" name="dbname" id="dbname" /></td></tr>', __('DotClear Database Name:'));
+               printf('<tr><th><label for="dbhost">%s</label></th><td><input type="text" name="dbhost" nameid="dbhost" value="localhost" /></td></tr>', __('DotClear Database Host:'));
+               printf('<tr><th><label for="dbprefix">%s</label></th><td><input type="text" name="dbprefix" id="dbprefix" value="dc_"/></td></tr>', __('DotClear Table prefix:'));
+               printf('<tr><th><label for="dccharset">%s</label></th><td><input type="text" name="dccharset" id="dccharset" value="ISO-8859-15"/></td></tr>', __('Originating character set:'));
+               echo '</table>';
        }
-       
-       function dispatch() 
+
+       function dispatch()
        {
 
                if (empty ($_GET['step']))
@@ -657,51 +670,53 @@ class Dotclear_Import {
                else
                        $step = (int) $_GET['step'];
                $this->header();
-               
-               if ( $step > 0 ) 
+
+               if ( $step > 0 )
                {
+                       check_admin_referer('import-dotclear');
+
                        if($_POST['dbuser'])
                        {
                                if(get_option('dcuser'))
-                                       delete_option('dcuser');        
-                               add_option('dcuser',$_POST['dbuser']);
+                                       delete_option('dcuser');
+                               add_option('dcuser', sanitize_user($_POST['dbuser'], true));
                        }
                        if($_POST['dbpass'])
                        {
                                if(get_option('dcpass'))
-                                       delete_option('dcpass');        
-                               add_option('dcpass',$_POST['dbpass']);
+                                       delete_option('dcpass');
+                               add_option('dcpass', sanitize_user($_POST['dbpass'], true));
                        }
-                       
+
                        if($_POST['dbname'])
                        {
                                if(get_option('dcname'))
-                                       delete_option('dcname');        
-                               add_option('dcname',$_POST['dbname']);
+                                       delete_option('dcname');
+                               add_option('dcname', sanitize_user($_POST['dbname'], true));
                        }
                        if($_POST['dbhost'])
                        {
                                if(get_option('dchost'))
                                        delete_option('dchost');
-                               add_option('dchost',$_POST['dbhost']); 
+                               add_option('dchost', sanitize_user($_POST['dbhost'], true));
                        }
                        if($_POST['dccharset'])
                        {
                                if(get_option('dccharset'))
                                        delete_option('dccharset');
-                               add_option('dccharset',$_POST['dccharset']); 
-                       }                       
+                               add_option('dccharset', sanitize_user($_POST['dccharset'], true));
+                       }
                        if($_POST['dbprefix'])
                        {
-                               if(get_option('tpre'))
-                                       delete_option('tpre');
-                               add_option('tpre',$_POST['dbprefix']); 
-                       }                       
+                               if(get_option('dcdbprefix'))
+                                       delete_option('dcdbprefix');
+                               add_option('dcdbprefix', sanitize_user($_POST['dbprefix'], true));
+                       }
 
 
                }
 
-               switch ($step) 
+               switch ($step)
                {
                        default:
                        case 0 :
@@ -726,16 +741,16 @@ class Dotclear_Import {
                                $this->cleanup_dcimport();
                                break;
                }
-               
+
                $this->footer();
        }
 
-       function Dotclear_Import() 
+       function Dotclear_Import()
        {
-               // Nothing.     
+               // Nothing.
        }
 }
 
 $dc_import = new Dotclear_Import();
-register_importer('dotclear', 'Dotclear', __('Import posts from a Dotclear Blog'), array ($dc_import, 'dispatch'));
+register_importer('dotclear', __('DotClear'), __('Import categories, users, posts, comments, and links from a DotClear blog'), array ($dc_import, 'dispatch'));
 ?>
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4305cd18ce18bc472b1ee2c95c10b52ed41f6b75 100644 (file)
@@ -0,0 +1,317 @@
+<?php
+
+class GM_Import {
+
+       var $gmnames = array ();
+
+       function header() {
+               echo '<div class="wrap">';
+               echo '<h2>'.__('Import GreyMatter').'</h2>';
+       }
+
+       function footer() {
+               echo '</div>';
+       }
+
+       function greet() {
+               $this->header();
+?>
+<p><?php _e('This is a basic GreyMatter to WordPress import script.') ?></p>
+<p><?php _e('What it does:') ?></p>
+<ul>
+<li><?php _e('Parses gm-authors.cgi to import (new) authors. Everyone is imported at level 1.') ?></li>
+<li><?php _e('Parses the entries cgi files to import posts, comments, and karma on posts (although karma is not used on WordPress yet).<br />If authors are found not to be in gm-authors.cgi, imports them at level 0.') ?></li>
+<li><?php _e("Detects duplicate entries or comments. If you don't import everything the first time, or this import should fail in the middle, duplicate entries will not be made when you try again.") ?></li>
+</ul>
+<p><?php _e('What it does not:') ?></p>
+<ul>
+<li><?php _e('Parse gm-counter.cgi, gm-banlist.cgi, gm-cplog.cgi (you can make a CP log hack if you really feel like it, but I question the need of a CP log).') ?></li>
+<li><?php _e('Import gm-templates.') ?></li>
+<li><?php _e("Doesn't keep entries on top.")?></li>
+</ul>
+<p>&nbsp;</p>
+
+<form name="stepOne" method="get">
+<input type="hidden" name="import" value="greymatter" />
+<input type="hidden" name="step" value="1" />
+<?php wp_nonce_field('import-greymatter'); ?>
+<h3><?php _e('Second step: GreyMatter details:') ?></h3>
+<p><table cellpadding="0">
+<tr>
+<td><?php _e('Path to GM files:') ?></td>
+<td><input type="text" style="width:300px" name="gmpath" value="/home/my/site/cgi-bin/greymatter/" /></td>
+</tr>
+<tr>
+<td><?php _e('Path to GM entries:') ?></td>
+<td><input type="text" style="width:300px" name="archivespath" value="/home/my/site/cgi-bin/greymatter/archives/" /></td>
+</tr>
+<tr>
+<td colspan="2"><br /><?php _e("This importer will search for files 00000001.cgi to 000-whatever.cgi,<br />so you need to enter the number of the last GM post here.<br />(if you don't know that number, just log into your FTP and look it out<br />in the entries' folder)") ?></td>
+</tr>
+<tr>
+<td><?php _e("Last entry's number:") ?></td>
+<td><input type="text" name="lastentry" value="00000001" /></td>
+</tr>
+</table>
+</p>
+<p><?php _e("When you're ready, click OK to start importing: ") ?><input type="submit" name="submit" value="<?php _e('OK') ?>" class="search" /></p>
+</form>
+<p>&nbsp</p>
+<?php
+               $this->footer();
+       }
+
+
+
+       function gm2autobr($string) { // transforms GM's |*| into b2's <br />\n
+               $string = str_replace("|*|","<br />\n",$string);
+               return($string);
+       }
+
+       function import() {
+               global $wpdb;
+
+               $wpvarstoreset = array('gmpath', 'archivespath', 'lastentry');
+               for ($i=0; $i<count($wpvarstoreset); $i += 1) {
+                       $wpvar = $wpvarstoreset[$i];
+                       if (!isset($$wpvar)) {
+                               if (empty($_POST["$wpvar"])) {
+                                       if (empty($_GET["$wpvar"])) {
+                                               $$wpvar = '';
+                                       } else {
+                                               $$wpvar = $_GET["$wpvar"];
+                                       }
+                               } else {
+                                       $$wpvar = $_POST["$wpvar"];
+                               }
+                       }
+               }
+
+               if (!chdir($archivespath))
+                       wp_die(__("Wrong path, the path to the GM entries does not exist on the server"));
+
+               if (!chdir($gmpath))
+                       wp_die(__("Wrong path, the path to the GM files does not exist on the server"));
+
+               $lastentry = (int) $lastentry;
+
+               $this->header();
+?>
+<p><?php _e('The importer is running...') ?></p>
+<ul>
+<li><?php _e('importing users...') ?><ul><?php
+
+       chdir($gmpath);
+       $userbase = file("gm-authors.cgi");
+
+       foreach($userbase as $user) {
+               $userdata=explode("|", $user);
+
+               $user_ip="127.0.0.1";
+               $user_domain="localhost";
+               $user_browser="server";
+
+               $s=$userdata[4];
+               $user_joindate=substr($s,6,4)."-".substr($s,0,2)."-".substr($s,3,2)." 00:00:00";
+
+               $user_login=$wpdb->escape($userdata[0]);
+               $pass1=$wpdb->escape($userdata[1]);
+               $user_nickname=$wpdb->escape($userdata[0]);
+               $user_email=$wpdb->escape($userdata[2]);
+               $user_url=$wpdb->escape($userdata[3]);
+               $user_joindate=$wpdb->escape($user_joindate);
+
+               $user_id = username_exists($user_login);
+               if ($user_id) {
+                       printf('<li>'.__('user %s').'<strong>'.__('Already exists').'</strong></li>', "<em>$user_login</em>");
+                       $this->gmnames[$userdata[0]] = $user_id;
+                       continue;
+               }
+
+               $user_info = array("user_login"=>"$user_login", "user_pass"=>"$pass1", "user_nickname"=>"$user_nickname", "user_email"=>"$user_email", "user_url"=>"$user_url", "user_ip"=>"$user_ip", "user_domain"=>"$user_domain", "user_browser"=>"$user_browser", "dateYMDhour"=>"$user_joindate", "user_level"=>"1", "user_idmode"=>"nickname");
+               $user_id = wp_insert_user($user_info);
+               $this->gmnames[$userdata[0]] = $user_id;
+
+               printf('<li>'.__('user %s...').' <strong>'.__('Done').'</strong></li>', "<em>$user_login</em>");
+       }
+
+?></ul><strong><?php _e('Done') ?></strong></li>
+<li><?php _e('importing posts, comments, and karma...') ?><br /><ul><?php
+
+       chdir($archivespath);
+
+       for($i = 0; $i <= $lastentry; $i = $i + 1) {
+
+               $entryfile = "";
+
+               if ($i<10000000) {
+                       $entryfile .= "0";
+                       if ($i<1000000) {
+                               $entryfile .= "0";
+                               if ($i<100000) {
+                                       $entryfile .= "0";
+                                       if ($i<10000) {
+                                               $entryfile .= "0";
+                                               if ($i<1000) {
+                                                       $entryfile .= "0";
+                                                       if ($i<100) {
+                                                               $entryfile .= "0";
+                                                               if ($i<10) {
+                                                                       $entryfile .= "0";
+               }}}}}}}
+
+               $entryfile .= "$i";
+
+               if (is_file($entryfile.".cgi")) {
+
+                       $entry=file($entryfile.".cgi");
+                       $postinfo=explode("|",$entry[0]);
+                       $postmaincontent=$this->gm2autobr($entry[2]);
+                       $postmorecontent=$this->gm2autobr($entry[3]);
+
+                       $post_author=trim($wpdb->escape($postinfo[1]));
+
+                       $post_title=$this->gm2autobr($postinfo[2]);
+                       printf('<li>'.__('entry # %s : %s : by %s'), $entryfile, $post_title, $postinfo[1]);
+                       $post_title=$wpdb->escape($post_title);
+
+                       $postyear=$postinfo[6];
+                       $postmonth=zeroise($postinfo[4],2);
+                       $postday=zeroise($postinfo[5],2);
+                       $posthour=zeroise($postinfo[7],2);
+                       $postminute=zeroise($postinfo[8],2);
+                       $postsecond=zeroise($postinfo[9],2);
+
+                       if (($postinfo[10]=="PM") && ($posthour!="12"))
+                               $posthour=$posthour+12;
+
+                       $post_date="$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
+
+                       $post_content=$postmaincontent;
+                       if (strlen($postmorecontent)>3)
+                               $post_content .= "<!--more--><br /><br />".$postmorecontent;
+                       $post_content=$wpdb->escape($post_content);
+
+                       $post_karma=$postinfo[12];
+
+                       $post_status = 'publish'; //in greymatter, there are no drafts
+                       $comment_status = 'open';
+                       $ping_status = 'closed';
+
+                       if ($post_ID = post_exists($post_title, '', $post_date)) {
+                               echo ' ';
+                               _e('(already exists)');
+                       } else {
+                               //just so that if a post already exists, new users are not created by checkauthor
+                               // we'll check the author is registered, or if it's a deleted author
+                               $user_id = username_exists($post_author);
+                               if (!$user_id) {        // if deleted from GM, we register the author as a level 0 user
+                                       $user_ip="127.0.0.1";
+                                       $user_domain="localhost";
+                                       $user_browser="server";
+                                       $user_joindate="1979-06-06 00:41:00";
+                                       $user_login=$wpdb->escape($post_author);
+                                       $pass1=$wpdb->escape("password");
+                                       $user_nickname=$wpdb->escape($post_author);
+                                       $user_email=$wpdb->escape("user@deleted.com");
+                                       $user_url=$wpdb->escape("");
+                                       $user_joindate=$wpdb->escape($user_joindate);
+
+                                       $user_info = array("user_login"=>$user_login, "user_pass"=>$pass1, "user_nickname"=>$user_nickname, "user_email"=>$user_email, "user_url"=>$user_url, "user_ip"=>$user_ip, "user_domain"=>$user_domain, "user_browser"=>$user_browser, "dateYMDhour"=>$user_joindate, "user_level"=>0, "user_idmode"=>"nickname");
+                                       $user_id = wp_insert_user($user_info);
+                                       $this->gmnames[$postinfo[1]] = $user_id;
+
+                                       echo ': ';
+                                       printf(__('registered deleted user %s at level 0 '), "<em>$user_login</em>");
+                               }
+
+                               if (array_key_exists($postinfo[1], $this->gmnames)) {
+                                       $post_author = $this->gmnames[$postinfo[1]];
+                               } else {
+                                       $post_author = $user_id;
+                               }
+
+                               $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt');
+                               $post_ID = wp_insert_post($postdata);
+                       }
+
+                       $c=count($entry);
+                       if ($c>4) {
+                               $numAddedComments = 0;
+                               $numComments = 0;
+                               for ($j=4;$j<$c;$j++) {
+                                       $entry[$j]=$this->gm2autobr($entry[$j]);
+                                       $commentinfo=explode("|",$entry[$j]);
+                                       $comment_post_ID=$post_ID;
+                                       $comment_author=$wpdb->escape($commentinfo[0]);
+                                       $comment_author_email=$wpdb->escape($commentinfo[2]);
+                                       $comment_author_url=$wpdb->escape($commentinfo[3]);
+                                       $comment_author_IP=$wpdb->escape($commentinfo[1]);
+
+                                       $commentyear=$commentinfo[7];
+                                       $commentmonth=zeroise($commentinfo[5],2);
+                                       $commentday=zeroise($commentinfo[6],2);
+                                       $commenthour=zeroise($commentinfo[8],2);
+                                       $commentminute=zeroise($commentinfo[9],2);
+                                       $commentsecond=zeroise($commentinfo[10],2);
+                                       if (($commentinfo[11]=="PM") && ($commenthour!="12"))
+                                               $commenthour=$commenthour+12;
+                                       $comment_date="$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond";
+
+                                       $comment_content=$wpdb->escape($commentinfo[12]);
+
+                                       if (!comment_exists($comment_author, $comment_date)) {
+                                               $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_content', 'comment_approved');
+                                               $commentdata = wp_filter_comment($commentdata);
+                                               wp_insert_comment($commentdata);
+                                               $numAddedComments++;
+                                       }
+                                       $numComments++;
+                               }
+                               if ($numAddedComments > 0) {
+                                       echo ': ';
+                                       printf(__('imported %d comment(s)'), $numAddedComments);
+                               }
+                               $preExisting = $numComments - numAddedComments;
+                               if ($preExisting > 0) {
+                                       echo ' ';
+                                       printf(__('ignored %d pre-existing comments'), $preExisting);
+                               }
+                       }
+                       echo '... <strong>'.__('Done').'</strong></li>';
+               }
+       }
+       ?>
+</ul><strong><?php _e('Done') ?></strong></li></ul>
+<p>&nbsp;</p>
+<p><?php _e('Completed GreyMatter import!') ?></p>
+<?php
+       $this->footer();
+       }
+
+       function dispatch() {
+               if (empty ($_GET['step']))
+                       $step = 0;
+               else
+                       $step = (int) $_GET['step'];
+
+               switch ($step) {
+                       case 0 :
+                               $this->greet();
+                               break;
+                       case 1:
+                               check_admin_referer('import-greymatter');
+                               $this->import();
+                               break;
+               }
+       }
+
+       function GM_Import() {
+               // Nothing.
+       }
+}
+
+$gm_import = new GM_Import();
+
+register_importer('greymatter', __('GreyMatter'), __('Import users, posts, and comments from a Greymatter blog'), array ($gm_import, 'dispatch'));
+?>
index e8c48c4ad93b4e8b87948b4115dcc96a3f0c9e83..3c9cdab76ac61ac6a521dc26d59c9c6cb90136fe 100644 (file)
@@ -80,7 +80,7 @@ class LJ_Import {
                        $comments = $comments[1];
                        
                        if ( $comments ) {
-                               $comment_post_ID = $post_id;
+                               $comment_post_ID = (int) $post_id;
                                $num_comments = 0;
                                foreach ($comments as $comment) {
                                        preg_match('|<event>(.*?)</event>|is', $comment, $comment_content);
@@ -153,6 +153,7 @@ class LJ_Import {
                                $this->greet();
                                break;
                        case 1 :
+                               check_admin_referer('import-upload');
                                $this->import();
                                break;
                }
@@ -167,5 +168,5 @@ class LJ_Import {
 
 $livejournal_import = new LJ_Import();
 
-register_importer('livejournal', 'LiveJournal', __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch'));
+register_importer('livejournal', __('LiveJournal'), __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch'));
 ?>
index e5b6626122989deb7846f5ea4842dc438d236d0b..f02b06976457396856e099db001a56e14643c840 100644 (file)
@@ -11,7 +11,7 @@ class MT_Import {
 
        function header() {
                echo '<div class="wrap">';
-               echo '<h2>'.__('Import Movable Type').'</h2>';
+               echo '<h2>'.__('Import Movable Type and Typepad').'</h2>';
        }
 
        function footer() {
@@ -32,7 +32,7 @@ class MT_Import {
                global $wpdb, $testing;
                $users = $wpdb->get_results("SELECT * FROM $wpdb->users ORDER BY ID");
 ?><select name="userselect[<?php echo $n; ?>]">
-       <option value="#NONE#">- Select -</option>
+       <option value="#NONE#"><?php _e('- Select -') ?></option>
        <?php
 
 
@@ -134,6 +134,8 @@ class MT_Import {
 
        function mt_authors_form() {
 ?>
+<div class="wrap">
+<h2><?php _e('Assign Authors'); ?></h2>
 <p><?php _e('To make it easier for you to edit and save the imported posts and drafts, you may want to change the name of the author of the posts. For example, you may want to import all the entries as <code>admin</code>s entries.'); ?></p>
 <p><?php _e('Below, you can see the names of the authors of the MovableType posts in <i>italics</i>. For each of these names, you can either pick an author in your WordPress installation from the menu, or enter a name for the author in the textbox.'); ?></p>
 <p><?php _e('If a new user is created by WordPress, the password will be set, by default, to "changeme". Quite suggestive, eh? ;)'); ?></p>
@@ -143,29 +145,32 @@ class MT_Import {
                $authors = $this->get_mt_authors();
                echo '<ol id="authors">';
                echo '<form action="?import=mt&amp;step=2&amp;id=' . $this->id . '" method="post">';
+               wp_nonce_field('import-mt');
                $j = -1;
                foreach ($authors as $author) {
                        ++ $j;
-                       echo '<li><i>'.$author.'</i><br />'.'<input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30">';
+                       echo '<li>'.__('Current author:').' <strong>'.$author.'</strong><br />'.sprintf(__('Create user %1$s or map to existing'), ' <input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30"> <br />');
                        $this->users_form($j);
                        echo '</li>';
                }
 
-               echo '<input type="submit" value="Submit">'.'<br/>';
+               echo '<input type="submit" value="'.__('Submit').'">'.'<br/>';
                echo '</form>';
-               echo '</ol>';
+               echo '</ol></div>';
 
-               flush();
        }
 
        function select_authors() {
                $file = wp_import_handle_upload();
                if ( isset($file['error']) ) {
-                       echo $file['error'];
+                       $this->header();
+                       echo '<p>'.__('Sorry, there has been an error').'.</p>';
+                       echo '<p><strong>' . $file['error'] . '</strong></p>';
+                       $this->footer();
                        return;
                }
                $this->file = $file['file'];
-               $this->id = $file['id'];
+               $this->id = (int) $file['id'];
 
                $this->get_entries();
                $this->mt_authors_form();
@@ -174,7 +179,7 @@ class MT_Import {
        function process_posts() {
                global $wpdb;
                $i = -1;
-               echo "<ol>";
+               echo "<div class='wrap'><ol>";
                foreach ($this->posts as $post) {
                        if ('' != trim($post)) {
                                ++ $i;
@@ -289,7 +294,7 @@ class MT_Import {
                                        }
                                }
 
-                               $comment_post_ID = $post_id;
+                               $comment_post_ID = (int) $post_id;
                                $comment_approved = 1;
 
                                // Now for comments
@@ -330,7 +335,7 @@ class MT_Import {
                                        }
                                }
                                if ( $num_comments )
-                                       printf(__('(%s comments)'), $num_comments);
+                                       printf(' '.__('(%s comments)'), $num_comments);
 
                                // Finally the pings
                                // fix the double newline on the first one
@@ -378,22 +383,22 @@ class MT_Import {
                                        }
                                }
                                if ( $num_pings )
-                                       printf(__('(%s pings)'), $num_pings);
-                               
+                                       printf(' '.__('(%s pings)'), $num_pings);
+
                                echo "</li>";
                        }
-                       flush();
                }
 
                echo '</ol>';
 
                wp_import_cleanup($this->id);
 
-               echo '<h3>'.sprintf(__('All done. <a href="%s">Have fun!</a>'), get_option('home')).'</h3>';
+               echo '<h3>'.sprintf(__('All done. <a href="%s">Have fun!</a>'), get_option('home')).'</h3></div>';
        }
 
        function import() {
                $this->id = (int) $_GET['id'];
+               
                $this->file = get_attached_file($this->id);
                $this->get_authors_from_post();
                $this->get_entries();
@@ -411,20 +416,22 @@ class MT_Import {
                                $this->greet();
                                break;
                        case 1 :
+                               check_admin_referer('import-upload');
                                $this->select_authors();
                                break;
                        case 2:
+                               check_admin_referer('import-mt');
                                $this->import();
                                break;
                }
        }
 
        function MT_Import() {
-               // Nothing.     
+               // Nothing.
        }
 }
 
 $mt_import = new MT_Import();
 
-register_importer('mt', 'Movable Type', __('Import posts and comments from your Movable Type blog'), array ($mt_import, 'dispatch'));
+register_importer('mt', __('Movable Type and Typepad'), __('Imports <strong>posts and comments</strong> from your Movable Type or Typepad blog'), array ($mt_import, 'dispatch'));
 ?>
index e4a81673df676a6b6a54dc331efb9e32a597b19f..187c8ac2459135f04d88c30ad8638533c36a751c 100644 (file)
@@ -38,21 +38,22 @@ class RSS_Import {
                $index = 0;
                foreach ($this->posts as $post) {
                        preg_match('|<title>(.*?)</title>|is', $post, $post_title);
-                       $post_title = $wpdb->escape(trim($post_title[1]));
+                       $post_title = str_replace(array('<![CDATA[', ']]>'), '', $wpdb->escape( trim($post_title[1]) ));
 
-                       preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $post_date);
+                       preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $post_date_gmt);
 
-                       if ($post_date) {
-                               $post_date = strtotime($post_date[1]);
+                       if ($post_date_gmt) {
+                               $post_date_gmt = strtotime($post_date_gmt[1]);
                        } else {
                                // if we don't already have something from pubDate
-                               preg_match('|<dc:date>(.*?)</dc:date>|is', $post, $post_date);
-                               $post_date = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date[1]);
-                               $post_date = str_replace('T', ' ', $post_date);
-                               $post_date = strtotime($post_date);
+                               preg_match('|<dc:date>(.*?)</dc:date>|is', $post, $post_date_gmt);
+                               $post_date_gmt = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date_gmt[1]);
+                               $post_date_gmt = str_replace('T', ' ', $post_date_gmt);
+                               $post_date_gmt = strtotime($post_date_gmt);
                        }
 
-                       $post_date = gmdate('Y-m-d H:i:s', $post_date);
+                       $post_date_gmt = gmdate('Y-m-d H:i:s', $post_date_gmt);
+                       $post_date = get_date_from_gmt( $post_date_gmt );
 
                        preg_match_all('|<category>(.*?)</category>|is', $post, $categories);
                        $categories = $categories[1];
@@ -90,7 +91,7 @@ class RSS_Import {
 
                        $post_author = 1;
                        $post_status = 'publish';
-                       $this->posts[$index] = compact('post_author', 'post_date', 'post_content', 'post_title', 'post_status', 'guid', 'categories');
+                       $this->posts[$index] = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_status', 'guid', 'categories');
                        $index++;
                }
        }
@@ -153,6 +154,7 @@ class RSS_Import {
                                $this->greet();
                                break;
                        case 1 :
+                               check_admin_referer('import-upload');
                                $this->import();
                                break;
                }
@@ -167,5 +169,5 @@ class RSS_Import {
 
 $rss_import = new RSS_Import();
 
-register_importer('rss', 'RSS', __('Import posts from an RSS feed'), array ($rss_import, 'dispatch'));
+register_importer('rss', __('RSS'), __('Import posts from an RSS feed'), array ($rss_import, 'dispatch'));
 ?>
index 44b0fc36755f16a41a411adcf9bc56f6966fa272..2d2b145e9e5577b7b07252afd2f9090ecf1951cf 100644 (file)
@@ -4,13 +4,13 @@
 **/
 if(!function_exists('get_catbynicename'))
 {
-       function get_catbynicename($category_nicename) 
+       function get_catbynicename($category_nicename)
        {
        global $wpdb;
-       
+
        $cat_id -= 0;   // force numeric
        $name = $wpdb->get_var('SELECT cat_ID FROM '.$wpdb->categories.' WHERE category_nicename="'.$category_nicename.'"');
-       
+
        return $name;
        }
 }
@@ -49,15 +49,18 @@ class Textpattern_Import {
        {
                echo '</div>';
        }
-       
-       function greet() 
-       {
-               echo '<p>'.__('Howdy! This importer allows you to extract posts from any Textpattern 4.0.2+ into your blog. This has not been tested on previous versions of Textpattern.  Mileage may vary.').'</p>';
+
+       function greet() {
+               echo '<div class="narrow">';
+               echo '<p>'.__('Howdy! This imports categories, users, posts, comments, and links from any Textpattern 4.0.2+ into this blog.').'</p>';
+               echo '<p>'.__('This has not been tested on previous versions of Textpattern.  Mileage may vary.').'</p>';
                echo '<p>'.__('Your Textpattern Configuration settings are as follows:').'</p>';
                echo '<form action="admin.php?import=textpattern&amp;step=1" method="post">';
+               wp_nonce_field('import-textpattern');
                $this->db_form();
-               echo '<input type="submit" name="submit" value="'.__('Import Categories').'" />';
+               echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories &raquo;')).'" /></p>';
                echo '</form>';
+               echo '</div>';
        }
 
        function get_txp_cats()
@@ -67,17 +70,17 @@ class Textpattern_Import {
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
-               
+
                // Get Categories
-               return $txpdb->get_results('SELECT 
-                                                                               id,
-                                                                               name,
-                                                                               title
-                                                                        FROM '.$prefix.'txp_category 
-                                                                        WHERE type = "article"', 
-                                                                        ARRAY_A);
+               return $txpdb->get_results('SELECT
+                       id,
+                       name,
+                       title
+                       FROM '.$prefix.'txp_category
+                       WHERE type = "article"',
+                       ARRAY_A);
        }
-       
+
        function get_txp_users()
        {
                global $wpdb;
@@ -85,44 +88,44 @@ class Textpattern_Import {
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
-               
+
                // Get Users
-               
+
                return $txpdb->get_results('SELECT
-                                                                               user_id,
-                                                                               name,
-                                                                               RealName,
-                                                                               email,
-                                                                               privs
-                                                                       FROM '.$prefix.'txp_users', ARRAY_A);
+                       user_id,
+                       name,
+                       RealName,
+                       email,
+                       privs
+                       FROM '.$prefix.'txp_users', ARRAY_A);
        }
-       
+
        function get_txp_posts()
        {
                // General Housekeeping
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
-               
+
                // Get Posts
-               return $txpdb->get_results('SELECT 
-                                                                               ID,
-                                                                               Posted,
-                                                                               AuthorID,
-                                                                               LastMod,
-                                                                               Title,
-                                                                               Body,
-                                                                               Excerpt,
-                                                                               Category1,
-                                                                               Category2,
-                                                                               Status,
-                                                                               Keywords,
-                                                                               url_title,
-                                                                               comments_count
-                                                                       FROM '.$prefix.'textpattern
-                                                                       ', ARRAY_A);
+               return $txpdb->get_results('SELECT
+                       ID,
+                       Posted,
+                       AuthorID,
+                       LastMod,
+                       Title,
+                       Body,
+                       Excerpt,
+                       Category1,
+                       Category2,
+                       Status,
+                       Keywords,
+                       url_title,
+                       comments_count
+                       FROM '.$prefix.'textpattern
+                       ', ARRAY_A);
        }
-       
+
        function get_txp_comments()
        {
                global $wpdb;
@@ -130,30 +133,30 @@ class Textpattern_Import {
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
-               
+
                // Get Comments
                return $txpdb->get_results('SELECT * FROM '.$prefix.'txp_discuss', ARRAY_A);
        }
-       
+
                function get_txp_links()
        {
                //General Housekeeping
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
-               
-               return $txpdb->get_results('SELECT 
-                                                                               id,
-                                                                               date,
-                                                                               category,
-                                                                               url,
-                                                                               linkname,
-                                                                               description
-                                                                         FROM '.$prefix.'txp_link', 
-                                                                         ARRAY_A);                                               
+
+               return $txpdb->get_results('SELECT
+                       id,
+                       date,
+                       category,
+                       url,
+                       linkname,
+                       description
+                       FROM '.$prefix.'txp_link',
+                       ARRAY_A);
        }
-       
-       function cat2wp($categories='') 
+
+       function cat2wp($categories='')
        {
                // General Housekeeping
                global $wpdb;
@@ -163,16 +166,16 @@ class Textpattern_Import {
                if(is_array($categories))
                {
                        echo '<p>'.__('Importing Categories...').'<br /><br /></p>';
-                       foreach ($categories as $category) 
+                       foreach ($categories as $category)
                        {
                                $count++;
                                extract($category);
-                               
-                               
+
+
                                // Make Nice Variables
                                $name = $wpdb->escape($name);
                                $title = $wpdb->escape($title);
-                               
+
                                if($cinfo = category_exists($name))
                                {
                                        $ret_id = wp_insert_category(array('cat_ID' => $cinfo, 'category_nicename' => $name, 'cat_name' => $title));
@@ -183,7 +186,7 @@ class Textpattern_Import {
                                }
                                $txpcat2wpcat[$id] = $ret_id;
                        }
-                       
+
                        // Store category translation for future use
                        add_option('txpcat2wpcat',$txpcat2wpcat);
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> categories imported.'), $count).'<br /><br /></p>';
@@ -192,14 +195,14 @@ class Textpattern_Import {
                echo __('No Categories to Import!');
                return false;
        }
-       
+
        function users2wp($users='')
        {
                // General Housekeeping
                global $wpdb;
                $count = 0;
                $txpid2wpid = array();
-               
+
                // Midnight Mojo
                if(is_array($users))
                {
@@ -208,14 +211,14 @@ class Textpattern_Import {
                        {
                                $count++;
                                extract($user);
-                               
+
                                // Make Nice Variables
                                $name = $wpdb->escape($name);
                                $RealName = $wpdb->escape($RealName);
-                               
+
                                if($uinfo = get_userdatabylogin($name))
                                {
-                                       
+
                                        $ret_id = wp_insert_user(array(
                                                                'ID'                    => $uinfo->ID,
                                                                'user_login'    => $name,
@@ -225,7 +228,7 @@ class Textpattern_Import {
                                                                'display_name'  => $name)
                                                                );
                                }
-                               else 
+                               else
                                {
                                        $ret_id = wp_insert_user(array(
                                                                'user_login'    => $name,
@@ -236,10 +239,10 @@ class Textpattern_Import {
                                                                );
                                }
                                $txpid2wpid[$user_id] = $ret_id;
-                               
+
                                // Set Textpattern-to-WordPress permissions translation
                                $transperms = array(1 => '10', 2 => '9', 3 => '5', 4 => '4', 5 => '3', 6 => '2', 7 => '0');
-                               
+
                                // Update Usermeta Data
                                $user = new WP_User($ret_id);
                                if('10' == $transperms[$privs]) { $user->set_role('administrator'); }
@@ -249,24 +252,24 @@ class Textpattern_Import {
                                if('3'  == $transperms[$privs]) { $user->set_role('contributor'); }
                                if('2'  == $transperms[$privs]) { $user->set_role('contributor'); }
                                if('0'  == $transperms[$privs]) { $user->set_role('subscriber'); }
-                               
+
                                update_usermeta( $ret_id, 'wp_user_level', $transperms[$privs] );
                                update_usermeta( $ret_id, 'rich_editing', 'false');
                        }// End foreach($users as $user)
-                       
+
                        // Store id translation array for future use
                        add_option('txpid2wpid',$txpid2wpid);
-                       
-                       
+
+
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> users imported.'), $count).'<br /><br /></p>';
                        return true;
                }// End if(is_array($users)
-               
+
                echo __('No Users to Import!');
                return false;
-               
+
        }// End function user2wp()
-       
+
        function posts2wp($posts='')
        {
                // General Housekeeping
@@ -283,10 +286,10 @@ class Textpattern_Import {
                        {
                                $count++;
                                extract($post);
-                               
+
                                // Set Textpattern-to-WordPress status translation
                                $stattrans = array(1 => 'draft', 2 => 'private', 3 => 'draft', 4 => 'publish', 5 => 'publish');
-                               
+
                                //Can we do this more efficiently?
                                $uinfo = ( get_userdatabylogin( $AuthorID ) ) ? get_userdatabylogin( $AuthorID ) : 1;
                                $authorid = ( is_object( $uinfo ) ) ? $uinfo->ID : $uinfo ;
@@ -295,59 +298,59 @@ class Textpattern_Import {
                                $Body = $wpdb->escape($Body);
                                $Excerpt = $wpdb->escape($Excerpt);
                                $post_status = $stattrans[$Status];
-                               
+
                                // Import Post data into WordPress
-                               
+
                                if($pinfo = post_exists($Title,$Body))
                                {
                                        $ret_id = wp_insert_post(array(
-                                                       'ID'                            => $pinfo,
-                                                       'post_date'                     => $Posted,
-                                                       'post_date_gmt'         => $post_date_gmt,
-                                                       'post_author'           => $authorid,
-                                                       'post_modified'         => $LastMod,
-                                                       'post_modified_gmt' => $post_modified_gmt,
-                                                       'post_title'            => $Title,
-                                                       'post_content'          => $Body,
-                                                       'post_excerpt'          => $Excerpt,
-                                                       'post_status'           => $post_status,
-                                                       'post_name'                     => $url_title,
-                                                       'comment_count'         => $comments_count)
-                                                       );
+                                               'ID'                            => $pinfo,
+                                               'post_date'                     => $Posted,
+                                               'post_date_gmt'         => $post_date_gmt,
+                                               'post_author'           => $authorid,
+                                               'post_modified'         => $LastMod,
+                                               'post_modified_gmt' => $post_modified_gmt,
+                                               'post_title'            => $Title,
+                                               'post_content'          => $Body,
+                                               'post_excerpt'          => $Excerpt,
+                                               'post_status'           => $post_status,
+                                               'post_name'                     => $url_title,
+                                               'comment_count'         => $comments_count)
+                                               );
                                }
-                               else 
+                               else
                                {
                                        $ret_id = wp_insert_post(array(
-                                                       'post_date'                     => $Posted,
-                                                       'post_date_gmt'         => $post_date_gmt,
-                                                       'post_author'           => $authorid,
-                                                       'post_modified'         => $LastMod,
-                                                       'post_modified_gmt' => $post_modified_gmt,
-                                                       'post_title'            => $Title,
-                                                       'post_content'          => $Body,
-                                                       'post_excerpt'          => $Excerpt,
-                                                       'post_status'           => $post_status,
-                                                       'post_name'                     => $url_title,
-                                                       'comment_count'         => $comments_count)
-                                                       );
+                                               'post_date'                     => $Posted,
+                                               'post_date_gmt'         => $post_date_gmt,
+                                               'post_author'           => $authorid,
+                                               'post_modified'         => $LastMod,
+                                               'post_modified_gmt' => $post_modified_gmt,
+                                               'post_title'            => $Title,
+                                               'post_content'          => $Body,
+                                               'post_excerpt'          => $Excerpt,
+                                               'post_status'           => $post_status,
+                                               'post_name'                     => $url_title,
+                                               'comment_count'         => $comments_count)
+                                               );
                                }
                                $txpposts2wpposts[$ID] = $ret_id;
-                               
+
                                // Make Post-to-Category associations
                                $cats = array();
                                if($cat1 = get_catbynicename($Category1)) { $cats[1] = $cat1; }
                                if($cat2 = get_catbynicename($Category2)) { $cats[2] = $cat2; }
 
-                               if(!empty($cats)) { wp_set_post_cats('', $ret_id, $cats); }
+                               if(!empty($cats)) { wp_set_post_categories($ret_id, $cats); }
                        }
                }
                // Store ID translation for later use
                add_option('txpposts2wpposts',$txpposts2wpposts);
-               
+
                echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> posts imported.'), $count).'<br /><br /></p>';
-               return true;    
+               return true;
        }
-       
+
        function comments2wp($comments='')
        {
                // General Housekeeping
@@ -355,7 +358,7 @@ class Textpattern_Import {
                $count = 0;
                $txpcm2wpcm = array();
                $postarr = get_option('txpposts2wpposts');
-               
+
                // Magic Mojo
                if(is_array($comments))
                {
@@ -364,7 +367,7 @@ class Textpattern_Import {
                        {
                                $count++;
                                extract($comment);
-                               
+
                                // WordPressify Data
                                $comment_ID = ltrim($discussid, '0');
                                $comment_post_ID = $postarr[$parentid];
@@ -373,57 +376,57 @@ class Textpattern_Import {
                                $email = $wpdb->escape($email);
                                $web = $wpdb->escape($web);
                                $message = $wpdb->escape($message);
-                               
+
                                if($cinfo = comment_exists($name, $posted))
                                {
                                        // Update comments
                                        $ret_id = wp_update_comment(array(
-                                                       'comment_ID'                    => $cinfo,
-                                                       'comment_post_ID'               => $comment_post_ID,
-                                                       'comment_author'                => $name,
-                                                       'comment_author_email'  => $email,
-                                                       'comment_author_url'    => $web,
-                                                       'comment_date'                  => $posted,
-                                                       'comment_content'               => $message,
-                                                       'comment_approved'              => $comment_approved)
-                                                       );
+                                               'comment_ID'                    => $cinfo,
+                                               'comment_post_ID'               => $comment_post_ID,
+                                               'comment_author'                => $name,
+                                               'comment_author_email'  => $email,
+                                               'comment_author_url'    => $web,
+                                               'comment_date'                  => $posted,
+                                               'comment_content'               => $message,
+                                               'comment_approved'              => $comment_approved)
+                                               );
                                }
-                               else 
+                               else
                                {
                                        // Insert comments
                                        $ret_id = wp_insert_comment(array(
-                                                       'comment_post_ID'               => $comment_post_ID,
-                                                       'comment_author'                => $name,
-                                                       'comment_author_email'  => $email,
-                                                       'comment_author_url'    => $web,
-                                                       'comment_author_IP'             => $ip,
-                                                       'comment_date'                  => $posted,
-                                                       'comment_content'               => $message,
-                                                       'comment_approved'              => $comment_approved)
-                                                       );
+                                               'comment_post_ID'               => $comment_post_ID,
+                                               'comment_author'                => $name,
+                                               'comment_author_email'  => $email,
+                                               'comment_author_url'    => $web,
+                                               'comment_author_IP'             => $ip,
+                                               'comment_date'                  => $posted,
+                                               'comment_content'               => $message,
+                                               'comment_approved'              => $comment_approved)
+                                               );
                                }
                                $txpcm2wpcm[$comment_ID] = $ret_id;
                        }
                        // Store Comment ID translation for future use
-                       add_option('txpcm2wpcm', $txpcm2wpcm);                  
-                       
+                       add_option('txpcm2wpcm', $txpcm2wpcm);
+
                        // Associate newly formed categories with posts
                        get_comment_count($ret_id);
-                       
-                       
+
+
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> comments imported.'), $count).'<br /><br /></p>';
                        return true;
                }
                echo __('No Comments to Import!');
                return false;
        }
-       
+
        function links2wp($links='')
        {
                // General Housekeeping
                global $wpdb;
                $count = 0;
-               
+
                // Deal with the links
                if(is_array($links))
                {
@@ -432,12 +435,12 @@ class Textpattern_Import {
                        {
                                $count++;
                                extract($link);
-                               
+
                                // Make nice vars
                                $category = $wpdb->escape($category);
                                $linkname = $wpdb->escape($linkname);
                                $description = $wpdb->escape($description);
-                               
+
                                if($linfo = link_exists($linkname))
                                {
                                        $ret_id = wp_insert_link(array(
@@ -449,7 +452,7 @@ class Textpattern_Import {
                                                                'link_updated'          => $date)
                                                                );
                                }
-                               else 
+                               else
                                {
                                        $ret_id = wp_insert_link(array(
                                                                'link_url'                      => $url,
@@ -470,67 +473,72 @@ class Textpattern_Import {
                echo __('No Links to Import!');
                return false;
        }
-               
-       function import_categories() 
-       {       
-               // Category Import      
+
+       function import_categories()
+       {
+               // Category Import
                $cats = $this->get_txp_cats();
                $this->cat2wp($cats);
                add_option('txp_cats', $cats);
-               
-               
-                       
+
+
+
                echo '<form action="admin.php?import=textpattern&amp;step=2" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
+               wp_nonce_field('import-textpattern');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
                echo '</form>';
 
        }
-       
+
        function import_users()
        {
                // User Import
-               $users = $this->get_txp_users(); 
+               $users = $this->get_txp_users();
                $this->users2wp($users);
-               
+
                echo '<form action="admin.php?import=textpattern&amp;step=3" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
+               wp_nonce_field('import-textpattern');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
                echo '</form>';
        }
-       
+
        function import_posts()
        {
                // Post Import
                $posts = $this->get_txp_posts();
                $this->posts2wp($posts);
-               
+
                echo '<form action="admin.php?import=textpattern&amp;step=4" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
+               wp_nonce_field('import-textpattern');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
                echo '</form>';
        }
-       
+
        function import_comments()
        {
                // Comment Import
                $comments = $this->get_txp_comments();
                $this->comments2wp($comments);
-               
+
                echo '<form action="admin.php?import=textpattern&amp;step=5" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
+               wp_nonce_field('import-textpattern');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
                echo '</form>';
        }
-       
+
        function import_links()
        {
                //Link Import
                $links = $this->get_txp_links();
                $this->links2wp($links);
                add_option('txp_links', $links);
-               
+
                echo '<form action="admin.php?import=textpattern&amp;step=6" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
+               wp_nonce_field('import-textpattern');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
                echo '</form>';
        }
-       
+
        function cleanup_txpimport()
        {
                delete_option('tpre');
@@ -546,7 +554,7 @@ class Textpattern_Import {
                delete_option('txphost');
                $this->tips();
        }
-       
+
        function tips()
        {
                echo '<p>'.__('Welcome to WordPress.  We hope (and expect!) that you will find this platform incredibly rewarding!  As a new WordPress user coming from Textpattern, there are some things that we would like to point out.  Hopefully, they will help your transition go as smoothly as possible.').'</p>';
@@ -555,29 +563,29 @@ class Textpattern_Import {
                echo '<h3>'.__('Preserving Authors').'</h3>';
                echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
                echo '<h3>'.__('Textile').'</h3>';
-               echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/2004/04/19/wordpress-plugin-textile-20/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
+               echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
                echo '<h3>'.__('WordPress Resources').'</h3>';
                echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
                echo '<ul>';
                echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
-               echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums').'</li>';
+               echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
                echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
                echo '</ul>';
                echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
        }
-       
+
        function db_form()
        {
-               echo '<ul>';
-               printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Textpattern Database User:'));
-               printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Textpattern Database Password:'));
-               printf('<li><label for="dbname">%s</label> <input type="text" id="dbname" name="dbname" /></li>', __('Textpattern Database Name:'));
-               printf('<li><label for="dbhost">%s</label> <input type="text" id="dbhost" name="dbhost" value="localhost" /></li>', __('Textpattern Database Host:'));
-               printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" id="dbprefix"  /></li>', __('Textpattern Table prefix (if any):'));
-               echo '</ul>';
+               echo '<table class="editform">';
+               printf('<tr><th scope="row"><label for="dbuser">%s</label></th><td><input type="text" name="dbuser" id="dbuser" /></td></tr>', __('Textpattern Database User:'));
+               printf('<tr><th scope="row"><label for="dbpass">%s</label></th><td><input type="password" name="dbpass" id="dbpass" /></td></tr>', __('Textpattern Database Password:'));
+               printf('<tr><th scope="row"><label for="dbname">%s</label></th><td><input type="text" id="dbname" name="dbname" /></td></tr>', __('Textpattern Database Name:'));
+               printf('<tr><th scope="row"><label for="dbhost">%s</label></th><td><input type="text" id="dbhost" name="dbhost" value="localhost" /></td></tr>', __('Textpattern Database Host:'));
+               printf('<tr><th scope="row"><label for="dbprefix">%s</label></th><td><input type="text" name="dbprefix" id="dbprefix"  /></td></tr>', __('Textpattern Table prefix (if any):'));
+               echo '</table>';
        }
-       
-       function dispatch() 
+
+       function dispatch()
        {
 
                if (empty ($_GET['step']))
@@ -585,45 +593,47 @@ class Textpattern_Import {
                else
                        $step = (int) $_GET['step'];
                $this->header();
-               
-               if ( $step > 0 ) 
+
+               if ( $step > 0 )
                {
+                       check_admin_referer('import-textpattern');
+
                        if($_POST['dbuser'])
                        {
                                if(get_option('txpuser'))
-                                       delete_option('txpuser');       
-                               add_option('txpuser',$_POST['dbuser']);
+                                       delete_option('txpuser');
+                               add_option('txpuser', sanitize_user($_POST['dbuser'], true));
                        }
                        if($_POST['dbpass'])
                        {
                                if(get_option('txppass'))
-                                       delete_option('txppass');       
-                               add_option('txppass',$_POST['dbpass']);
+                                       delete_option('txppass');
+                               add_option('txppass',  sanitize_user($_POST['dbpass'], true));
                        }
-                       
+
                        if($_POST['dbname'])
                        {
                                if(get_option('txpname'))
-                                       delete_option('txpname');       
-                               add_option('txpname',$_POST['dbname']);
+                                       delete_option('txpname');
+                               add_option('txpname',  sanitize_user($_POST['dbname'], true));
                        }
                        if($_POST['dbhost'])
                        {
                                if(get_option('txphost'))
                                        delete_option('txphost');
-                               add_option('txphost',$_POST['dbhost']); 
+                               add_option('txphost',  sanitize_user($_POST['dbhost'], true));
                        }
                        if($_POST['dbprefix'])
                        {
                                if(get_option('tpre'))
                                        delete_option('tpre');
-                               add_option('tpre',$_POST['dbprefix']); 
-                       }                       
+                               add_option('tpre',  sanitize_user($_POST['dbprefix']));
+                       }
 
 
                }
 
-               switch ($step) 
+               switch ($step)
                {
                        default:
                        case 0 :
@@ -648,16 +658,16 @@ class Textpattern_Import {
                                $this->cleanup_txpimport();
                                break;
                }
-               
+
                $this->footer();
        }
 
-       function Textpattern_Import() 
+       function Textpattern_Import()
        {
-               // Nothing.     
+               // Nothing.
        }
 }
 
 $txp_import = new Textpattern_Import();
-register_importer('textpattern', 'Textpattern', __('Import posts from a Textpattern Blog'), array ($txp_import, 'dispatch'));
+register_importer('textpattern', __('Textpattern'), __('Import categories, users, posts, comments, and links from a Textpattern blog'), array ($txp_import, 'dispatch'));
 ?>
index a951efd863d16109e6e064757521cabeadfcdac5..734b349e64c1518d818392ded300c5569f4c6cd0 100644 (file)
@@ -25,7 +25,7 @@ if ( isset($rss->items) && 0 != count($rss->items) ) {
 $rss->items = array_slice($rss->items, 0, 10);
 foreach ($rss->items as $item ) {
 ?>
-       <li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wp_specialchars($item['title']); ?></a></li>
+       <li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wptexturize(wp_specialchars($item['title'])); ?></a></li>
 <?php } ?>
 </ul>
 </div>
index d0bd82503b9b5977a676df07b7842ad6629f0fd3..212f1159f0ebd9fa49c74a44195ea83fd1031a19 100644 (file)
@@ -24,6 +24,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
        }
 }
 
+$all = ( 'true' == $all ) ? 'true' : 'false';
+$start = (int) $start;
 $post = (int) $post;
 $images_width = 1;
 
@@ -238,7 +240,7 @@ srcb[{$ID}] = '{$image['guid']}';
                        $xpadding = (128 - $image['uwidth']) / 2;
                        $ypadding = (96 - $image['uheight']) / 2;
                        $style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
-                       $title = wp_specialchars($image['post_title'], ENT_QUOTES);
+                       $title = attribute_escape($image['post_title']);
                        $script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
@@ -258,7 +260,7 @@ imgb[{$ID}] = '<img id=\"image{$ID}\" src=\"{$image['guid']}\" alt=\"{$title}\"
 </div>
 ";
                } else {
-                       $title = wp_specialchars($attachment['post_title'], ENT_QUOTES);
+                       $title = attribute_escape($attachment['post_title']);
                        $filename = basename($attachment['guid']);
                        $icon = get_attachment_icon($ID);
                        $toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
@@ -429,7 +431,7 @@ richedit = ( typeof tinyMCE == 'object' && tinyMCE.configs.length > 0 );
 function sendToEditor(n) {
        o = document.getElementById('div'+n);
        h = o.innerHTML.replace(new RegExp('^\\s*(.*?)\\s*$', ''), '$1'); // Trim
-       h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)( |/|>)', 'g'), ' $1="$2"$3'); // Enclose attribs in quotes
+       h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)(?=( |/|>))', 'g'), ' $1="$2"'); // Enclose attribs in quotes
        h = h.replace(new RegExp(' (width|height)=".*?"', 'g'), ''); // Drop size constraints
        h = h.replace(new RegExp(' on(click|mousedown)="[^"]*"', 'g'), ''); // Drop menu events
        h = h.replace(new RegExp('<(/?)A', 'g'), '<$1a'); // Lowercase tagnames
index ffa33ce79b36a0c9587316c0d68ddf5362b65da3..eb635aa206702870f3117932869dcd84a3078546 100644 (file)
@@ -166,10 +166,9 @@ $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, p
 $wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );
 
 // Default comment
-$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
+$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in and view the post&#039;s comments. There you will have the option to edit or delete them.'))."')");
 
 // First Page
-
 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status, to_ping, pinged, post_content_filtered) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt', 'static', '', '', '')");
 $wp_rewrite->flush_rules();
 
@@ -182,7 +181,7 @@ $wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES
 $admin_caps = serialize(array('administrator' => true));
 $wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES ({$wpdb->insert_id}, '{$table_prefix}capabilities', '{$admin_caps}');");
 
-$message_headers = 'From: ' . $weblog_title . ' <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
+$message_headers = 'From: "' . $weblog_title . '" <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
 $message = sprintf(__("Your new WordPress blog has been successfully set up at:
 
 %1\$s
index 0ebf4b255e95782ce245bb5a1d49e62c06eaef80..d3adf7632768fd482d3baa64b914eca3b4b0d874 100644 (file)
@@ -124,7 +124,7 @@ switch ($action) {
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
        <th width="33%" scope="row"><?php _e('Name:') ?></th>
-       <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($row->cat_name)?>" size="30" /></td>
+       <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($row->cat_name)?>" size="30" /></td>
 </tr>
 <tr>
        <th scope="row"><?php _e('Show:') ?></th>
@@ -309,7 +309,7 @@ $results = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle, show_images
          . " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
          . " text_after_all, list_limit FROM $wpdb->linkcategories ORDER BY cat_id");
 $i = 1;
-foreach ($results as $row) {
+foreach ( (array) $results as $row) {
     if ($row->list_limit == -1) {
         $row->list_limit = __('none');
     }
@@ -356,8 +356,14 @@ foreach ($results as $row) {
                 <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_all)?></td>
                 <td><?php echo $row->list_limit ?></td>
                 <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Edit" class="edit"><?php _e('Edit') ?></a></td>
-                <td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
-              </tr>
+                <td>
+                               <?php if (1 == $row->cat_id ) { 
+                                       _e('Default');
+                               } else { ?>
+                                       <a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a>
+                               <?php } ?>
+              </td>
+          </tr>
 <?php
         ++$i;
     }
index 723d1921581f47b0c6683a055c03b17866ecc2b8..c6119e6fda3cd4d2ecb5b0a7c177b8e27a658173 100644 (file)
@@ -26,7 +26,7 @@ switch ($step) {
 <form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
 <?php wp_nonce_field('import-bookmarks') ?>
 
-<p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?>
+<p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?></p>
 <div style="width: 70%; margin: auto; height: 8em;">
 <input type="hidden" name="step" value="1" />
 <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
@@ -74,10 +74,9 @@ foreach ($categories as $category) {
 
      <h2><?php _e('Importing...') ?></h2>
 <?php
-                $cat_id = $_POST['cat_id'];
-                if (($cat_id == '') || ($cat_id == 0)) {
-                    $cat_id  = 1;
-                }
+                               $cat_id = abs( (int) $_POST['cat_id'] );
+                               if ( $cat_id < 1 )
+                                       $cat_id  = 1;
 
                 $opml_url = $_POST['opml_url'];
                 if (isset($opml_url) && $opml_url != '' && $opml_url != 'http://') {
index 4818397941f4bd7e6d238af974fc870eed8485ad..b859ec9e94a83cecfb6d8a0cc37958bd7327f9ca 100644 (file)
@@ -63,6 +63,7 @@ switch ($action) {
     $q = $wpdb->query("update $wpdb->links SET link_owner='$newowner' WHERE link_id IN ($all_links)");
 
     wp_redirect($this_file);
+    exit;
     break;
   }
   case 'visibility':
@@ -100,6 +101,7 @@ switch ($action) {
     }
 
     wp_redirect($this_file);
+    exit;
     break;
   }
   case 'move':
@@ -120,6 +122,7 @@ switch ($action) {
     $q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)");
 
     wp_redirect($this_file);
+    exit();
     break;
   }
 
@@ -130,6 +133,7 @@ switch ($action) {
        add_link();
        
     wp_redirect(wp_get_referer() . '?added=true');
+    exit;
     break;
   } // end Add
 
@@ -151,6 +155,7 @@ switch ($action) {
        
     setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
     wp_redirect($this_file);
+    exit;
     break;
   } // end Save
 
@@ -174,6 +179,7 @@ switch ($action) {
     $links_show_cat_id = $cat_id;
     setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
     wp_redirect($this_file);
+    exit;
     break;
   } // end Delete
 
@@ -321,7 +327,7 @@ function checkAll(form)
     <?php wp_nonce_field('bulk-bookmarks') ?>
     <input type="hidden" name="link_id" value="" />
     <input type="hidden" name="action" value="" />
-    <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+    <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
     <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
   <table id="the-list-x" width="100%" cellpadding="3" cellspacing="3">
     <tr>
@@ -351,10 +357,10 @@ function checkAll(form)
     $links = $wpdb->get_results($sql);
     if ($links) {
         foreach ($links as $link) {
-           $link->link_name = wp_specialchars($link->link_name);
+           $link->link_name = attribute_escape($link->link_name);
            $link->link_category = wp_specialchars($link->link_category);
            $link->link_description = wp_specialchars($link->link_description);
-            $link->link_url = wp_specialchars($link->link_url);
+            $link->link_url = attribute_escape($link->link_url);
             $short_url = str_replace('http://', '', $link->link_url);
             $short_url = str_replace('www.', '', $short_url);
             if ('/' == substr($short_url, -1))
index ed58186c2e1c8e11477f0bd9b8dc9c19275e0f42..c95d60d1e1e3ed57912f0617fafb75c1dc9e51b6 100644 (file)
@@ -55,7 +55,7 @@ foreach ($menu as $menu_page) {
 }
 
 do_action('admin_menu', '');
-ksort($menu); // make it all pretty
+uksort($menu, "strnatcasecmp"); // make it all pretty
 
 if (! user_can_access_admin_page()) {
        die( __('You do not have sufficient permissions to access this page.') );
index 66fd75c6c9ae0f64ade34bfd268e0455820f9eec..065f8bdfc0fcbc5380c1361704eb253cf8b3747d 100644 (file)
@@ -152,10 +152,10 @@ echo '<a href="post.php?action=editcomment&amp;comment='.$comment->comment_ID.'"
 <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a> | 
 <?php 
 echo " <a href=\"" . wp_nonce_url("post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete just this comment') . "</a> | "; ?>  <?php _e('Bulk action:') ?>
-       <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
-       <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
-       <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>
-       <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-nothing"><?php _e('Defer until later') ?></label>
+       <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment-<?php echo $comment->comment_ID; ?>-approve"><?php _e('Approve') ?></label>
+       <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment-<?php echo $comment->comment_ID; ?>-spam"><?php _e('Spam') ?></label>
+       <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment-<?php echo $comment->comment_ID; ?>-delete"><?php _e('Delete') ?></label>
+       <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment-<?php echo $comment->comment_ID; ?>-nothing"><?php _e('Defer until later') ?></label>
        </p>
 
        </li>
index 247c01f071e07e5417b86cf0c0944696a990a17c..fc0aa7410a66f224264036b562dfa5786e7405f8 100644 (file)
@@ -71,7 +71,7 @@ if ($action == 'retrospam') {
 </fieldset>
 <fieldset class="options">
 <legend><?php _e('Comment Moderation') ?></legend>
-<p><?php printf(__('Hold a comment in the queue if it contains more than %s links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" size="3" value="' . get_settings('comment_max_links'). '" />' ) ?></p>
+<p><?php printf(__('Hold a comment in the queue if it contains %s or more links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" size="3" value="' . get_settings('comment_max_links'). '" />' ) ?></p>
 
 <p><?php _e('When a comment contains any of these words in its content, name, URI, e-mail, or IP, hold it in the moderation queue: (Separate multiple words with new lines.) <a href="http://codex.wordpress.org/Spam_Words">Common spam words</a>.') ?></p>
 <p> 
index 664dc3a1b4f451c1f801aa0169e760d999d7f7b3..00d6cf89545c4a45db0c7fe933fff9576fca1b87 100644 (file)
@@ -83,7 +83,7 @@ foreach($wp_roles->role_names as $role => $name) {
 </tr> 
 <tr>
 <th scope="row">&nbsp;</th>
-<td><?php _e('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Save option to update sample output.') ?> </td>
+<td><?php _e('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Click "Update options" to update sample output.') ?> </td>
 </tr>
 <tr>
 <th scope="row"><?php _e('Weeks in the calendar should start on:') ?></th>
index b4ff4efb0036319a0503e49c7309e1b1ba848a39..2b6e33a5dffc74d7b179c5f0e0af326e79d612a1 100644 (file)
@@ -17,7 +17,7 @@ include('admin-header.php');
 <table class="editform optiontable">
 <tr valign="top">
 <th scope="row"><?php _e('Store uploads in this folder'); ?>:</th>
-<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo str_replace(ABSPATH, '', get_settings('upload_path')); ?>" size="40" />
+<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo attribute_escape(str_replace(ABSPATH, '', get_settings('upload_path'))); ?>" size="40" />
 <br />
 <?php _e('Default is <code>wp-content/uploads</code>'); ?>
 </td>
index cf16d89b43f04476525178d7f04de459ef09607d..68c44aaa0d3d43c7090ef49520f6e25134570427 100644 (file)
@@ -148,7 +148,7 @@ checked="checked"
 </label>
 <br />
 </p>
-<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo $permalink_structure; ?>" size="50" /></p>
+<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo attribute_escape($permalink_structure); ?>" size="50" /></p>
 
 <h3><?php _e('Optional'); ?></h3>
 <?php if ($is_apache) : ?>
@@ -157,7 +157,7 @@ checked="checked"
        <p><?php _e('If you like, you may enter a custom prefix for your category URIs here. For example, <code>/index.php/taxonomy/tags</code> would make your category links like <code>http://example.org/index.php/taxonomy/tags/uncategorized/</code>. If you leave this blank the default will be used.') ?></p>
 <?php endif; ?>
        <p> 
-  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo $category_base; ?>" size="30" /> 
+  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo attribute_escape($category_base); ?>" size="30" /> 
      </p> 
     <p class="submit"> 
       <input type="submit" name="submit" value="<?php _e('Update Permalink Structure &raquo;') ?>" /> 
@@ -168,7 +168,7 @@ checked="checked"
 <form action="options-permalink.php" method="post">
 <?php wp_nonce_field('update-permalink') ?>
    <p>
-<textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?>
+<textarea rows="5" style="width: 98%;" name="rules"><?php echo wp_specialchars($wp_rewrite->mod_rewrite_rules()); ?>
 </textarea>
     </p>
 </form>
index 3c5b8dbf4dafcfd30b29d681e52f5d4e97f3210e..bd8b2b0d54e976c5f9629ac8094dbb2739a1153d 100644 (file)
@@ -24,6 +24,67 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 if ( !current_user_can('manage_options') )
        die ( __('Cheatin&#8217; uh?') );
 
+function sanitize_option($option, $value) {
+
+       switch ($option) {
+               case 'admin_email':
+                       $value = sanitize_email($value);
+                       break;
+
+               case 'default_post_edit_rows':
+               case 'mailserver_port':
+               case 'comment_max_links':
+                       $value = abs((int) $value);
+                       break;
+
+               case 'posts_per_page':
+               case 'posts_per_rss':
+                       $value = (int) $value;
+                       if ( empty($value) ) $value = 1;
+                       if ( $value < -1 ) $value = abs($value);
+                       break;
+
+               case 'default_ping_status':
+               case 'default_comment_status':
+                       // Options that if not there have 0 value but need to be something like "closed"
+                       if ( $value == '0' || $value == '')
+                               $value = 'closed';
+                       break;
+
+               case 'blogdescription':
+               case 'blogname':
+                       if (current_user_can('unfiltered_html') == false)
+                               $value = wp_filter_post_kses( $value );
+                       break;
+
+               case 'blog_charset':
+                       $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
+                       break;
+
+               case 'date_format':
+               case 'time_format':
+               case 'mailserver_url':
+               case 'mailserver_login':
+               case 'mailserver_pass':
+               case 'ping_sites':
+               case 'upload_path':
+                       $value = strip_tags($value);
+                       $value = wp_filter_kses($value);
+                       break;
+
+               case 'gmt_offset':
+                       $value = preg_replace('/[^0-9:.-]/', '', $value);
+                       break;
+
+               case 'siteurl':
+               case 'home':
+                       $value = clean_url($value);
+                       break;
+       }
+
+       return $value;  
+}
+
 switch($action) {
 
 case 'update':
@@ -31,9 +92,10 @@ case 'update':
        
        check_admin_referer('update-options');
 
-       if (!$_POST['page_options']) {
-               foreach ($_POST as $key => $value) {
-                       $options[] = $key;
+       if ( !$_POST['page_options'] ) {
+               foreach ( (array) $_POST as $key => $value) {
+                       if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
+                               $options[] = $key;
                }
        } else {
                $options = explode(',', stripslashes($_POST['page_options']));
@@ -43,19 +105,11 @@ case 'update':
        $old_siteurl = get_settings('siteurl');
        $old_home = get_settings('home');
 
-       // HACK
-       // Options that if not there have 0 value but need to be something like "closed"
-       $nonbools = array('default_ping_status', 'default_comment_status');
        if ($options) {
                foreach ($options as $option) {
                        $option = trim($option);
                        $value = trim(stripslashes($_POST[$option]));
-                               if( in_array($option, $nonbools) && ( $value == '0' || $value == '') )
-                               $value = 'closed';
-                       
-                       if( $option == 'blogdescription' || $option == 'blogname' )
-                               if (current_user_can('unfiltered_html') == false)
-                                       $value = wp_filter_post_kses( $value );
+                       $value = sanitize_option($option, $value);
                        
                        if (update_option($option, $value) ) {
                                $any_changed++;
@@ -87,26 +141,49 @@ default:
        include('admin-header.php'); ?>
 
 <div class="wrap">
-  <h2><?php _e('All options'); ?></h2>
-  <form name="form" action="options.php" method="post">
+  <h2><?php _e('All Options'); ?></h2>
+  <form name="form" action="options.php" method="post" id="all-options">
   <?php wp_nonce_field('update-options') ?>
   <input type="hidden" name="action" value="update" />
   <table width="98%">
 <?php
 $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
 
-foreach ($options as $option) :
-       $value = wp_specialchars($option->option_value);
+foreach ( (array) $options as $option) :
+       $disabled = '';
+       $option->option_name = attribute_escape($option->option_name);
+       if ( is_serialized($option->option_value) ) {
+               if ( is_serialized_string($option->option_value) ) {
+                       // this is a serialized string, so we should display it
+                       $value = maybe_unserialize($option->option_value);
+                       $options_to_update[] = $option->option_name;
+                       $class = 'all-options';
+               } else {
+                       $value = 'SERIALIZED DATA';
+                       $disabled = ' disabled="disabled"';
+                       $class = 'all-options disabled';
+               }
+       } else {
+               $value = $option->option_value;
+               $options_to_update[] = $option->option_name;
+               $class = 'all-options';
+       }
        echo "
 <tr>
        <th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
-       <td><input type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "' /></td>
+<td>";
+
+       if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
+       else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />";
+
+       echo "</td>
        <td>$option->option_description</td>
 </tr>";
 endforeach;
 ?>
   </table>
-<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Settings &raquo;') ?>" /></p>
+<?php $options_to_update = implode(',', $options_to_update); ?>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
   </form>
 </div>
 
index 4157e8c6dc28e075a82247cadfedf2fd5947f753..70d76e1df958b301969dbc2e3aede4fe9959e782 100644 (file)
@@ -7,7 +7,7 @@ require_once('admin-header.php');
 ?>
 
 <?php if ( isset($_GET['saved']) ) : ?>
-<div id="message" class="updated fade"><p><strong><?php _e('Page saved.') ?> <a href="edit-pages.php"><?php _e('Manage pages'); ?> &raquo;</a></strong></p></div>
+<div id="message" class="updated fade"><p><strong><?php _e('Page saved.') ?></strong> <a href="edit-pages.php"><?php _e('Manage pages'); ?></a> | <a href="<?php echo get_page_link( $_GET['saved'] ); ?>"><?php _e('View page'); ?> &raquo;</a></p></div>
 <?php endif; ?>
 
 <?php
@@ -20,4 +20,4 @@ if ( current_user_can('edit_pages') ) {
 }
 ?>
 
-<?php include('admin-footer.php'); ?> 
\ No newline at end of file
+<?php include('admin-footer.php'); ?>
index 9424b39826d87868259333f49b232547c304d5e4..21db39d01954e56b263ac62c41d23cdad082c392 100644 (file)
@@ -88,12 +88,6 @@ if (empty($plugins)) {
 <?php
        $style = '';
 
-       function sort_plugins($plug1, $plug2) {
-               return strnatcasecmp($plug1['Name'], $plug2['Name']);
-       }
-       
-       uksort($plugins, 'sort_plugins');
-
        foreach($plugins as $plugin_file => $plugin_data) {
                $style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';
 
index a427d321e2f7bb9430c5b90cab200041ec16921e..44a3ea2dba1705129b211c9a9638edf6f1f3bda9 100644 (file)
@@ -48,11 +48,11 @@ case 'post':
                        break;
                }
        } else {
-               $location = 'post.php?posted=true';
+               $location = "post.php?posted=$post_ID";
        }
 
        if ( 'static' == $_POST['post_status'] )
-               $location = "page-new.php?saved=true";
+               $location = "page-new.php?saved=$post_ID";
 
        if ( isset($_POST['save']) )
                $location = "post.php?action=edit&post=$post_ID";
@@ -81,7 +81,7 @@ case 'edit':
        ?>
        <div id='preview' class='wrap'>
        <h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?> <small class="quickjump"><a href="#write-post"><?php _e('edit &uarr;'); ?></a></small></h2>
-               <iframe src="<?php echo add_query_arg('preview', 'true', get_permalink($post->ID)); ?>" width="100%" height="600" ></iframe>
+               <iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
        </div>
        <?php
        break;
@@ -138,10 +138,13 @@ case 'editpost':
 
 case 'delete':
        $post_id = (isset($_GET['post']))  ? intval($_GET['post']) : intval($_POST['post_ID']);
-       check_admin_referer('delete-post_' . $post_id);
 
        $post = & get_post($post_id);
-       
+       if ( 'static' == $post->post_status )
+               check_admin_referer('delete-page_' . $post_id);
+       else
+               check_admin_referer('delete-post_' . $post_id);
+
        if ( !current_user_can('edit_post', $post_id) ) 
                die( __('You are not allowed to delete this post.') );
 
@@ -154,9 +157,12 @@ case 'delete':
        }
 
        $sendback = wp_get_referer();
-       if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
-       elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php';
-       $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
+       if ( 'static' == $post->post_status )
+               $sendback = get_option('siteurl') . '/wp-admin/edit-pages.php';
+       elseif ( strstr($sendback, 'post.php') )
+               $sendback = get_option('siteurl') .'/wp-admin/post.php';
+       elseif ( strstr($sendback, 'attachments.php') )
+               $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
        wp_redirect($sendback);
        break;
 
@@ -188,7 +194,7 @@ case 'confirmdeletecomment':
        $comment = (int) $_GET['comment'];
        $p = (int) $_GET['p'];
 
-       if ( ! $comment = get_comment($comment) )
+       if ( ! $comment = get_comment_to_edit($comment) )
                die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
 
        if ( !current_user_can('edit_post', $comment->comment_post_ID) )        
@@ -335,13 +341,10 @@ case 'editedcomment':
 
        edit_comment();
 
-       $referredby = $_POST['referredby'];
-       if (!empty($referredby)) {
-               wp_redirect($referredby);
-       } else {
-               wp_redirect("edit.php?p=$comment_post_ID&c=1#comments");
-       }
-
+       $location = ( empty($_POST['referredby']) ? "edit.php?p=$comment_post_ID&c=1" : $_POST['referredby'] ) . '#comment-' . $comment_ID;
+       $location = apply_filters('comment_edit_redirect', $location, $comment_ID);
+       wp_redirect($location);
+       exit();
        break;
 
 default:
@@ -349,7 +352,7 @@ default:
        require_once ('./admin-header.php');
 ?>
 <?php if ( isset($_GET['posted']) ) : ?>
-<div id="message" class="updated fade"><p><?php printf(__('Post saved. <a href="%s">View site &raquo;</a>'), get_bloginfo('home') . '/'); ?></p></div>
+<div id="message" class="updated fade"><p><strong><?php _e('Post saved.'); ?></strong> <a href="<?php echo get_permalink( $_GET['posted'] ); ?>"><?php _e('View post'); ?> &raquo;</a></p></div>
 <?php endif; ?>
 <?php
        if ( current_user_can('edit_posts') ) {
@@ -384,7 +387,7 @@ default:
 
                include('edit-form-advanced.php');
 ?>
-<div class="wrap">
+<div id="wp-bookmarklet" class="wrap">
 <?php echo '<h3>'.__('WordPress bookmarklet').'</h3>
 <p>'.__('Right click on the following link and choose "Add to favorites" to create a posting shortcut.').'</p>'; ?>
 <p>
index 04f2fc492c776454087580c9ac4811cd42a0badd..9f42bb2bf16cca664893bc83a81a5d8cfbd8fe05 100644 (file)
@@ -5,7 +5,7 @@ $title = __('Profile');
 
 $parent_file = 'profile.php';
 include_once('admin-header.php');
-$profileuser = new WP_User($user_ID);
+$profileuser = get_user_to_edit($user_ID);
 
 $bookmarklet_height= 440;
 ?>
index 4631ac42dc113dbafbc7240a39bc17fe489098e1..5f678046aba5b412643638a9a4559018aadcbdbd 100644 (file)
@@ -71,14 +71,17 @@ default:
 
        update_recently_edited($file);
 
-       if (!is_file($real_file))
+       if ( !is_file($real_file) ) {
                $error = true;
-       
-       if (!$error) {
+       } else {
                $f = @ fopen($real_file, 'r');
                if ( $f ) {
-                       $content = fread($f, filesize($real_file));
-                       $content = htmlspecialchars($content);
+                       if ( filesize($real_file ) > 0 ) {
+                               $content = fread($f, filesize($real_file));
+                               $content = htmlspecialchars($content);
+                       } else {
+                               $content = '';
+                       }
                } else {
                        $error = true;
                }
@@ -108,7 +111,7 @@ if ( $recents ) :
 <?php
 echo '<ol>';
 foreach ($recents as $recent) :
-       echo "<li><a href='templates.php?file=$recent'>" . get_file_description(basename($recent)) . "</a></li>";
+       echo "<li><a href='templates.php?file=" . attribute_escape($recent) . "'>" . wp_specialchars(get_file_description(basename($recent))) . "</a></li>";
 endforeach;
 echo '</ol>';
 endif;
index b2788cf3a7490bb544cda73e854a7de3f24a9c04..9aa846bfeed83daaed270682d2c2ced28fd4a9de 100644 (file)
@@ -58,11 +58,15 @@ case 'update':
                $f = fopen($real_file, 'w+');
                fwrite($f, $newcontent);
                fclose($f);
-               wp_redirect("theme-editor.php?file=$file&theme=$theme&a=te");
+               $location = "theme-editor.php?file=$file&theme=$theme&a=te";
        } else {
-               wp_redirect("theme-editor.php?file=$file&theme=$theme");
+               $location = "theme-editor.php?file=$file&theme=$theme";
        }
 
+       $location = wp_kses_no_null($location);
+       $strip = array('%0d', '%0a');
+       $location = str_replace($strip, '', $location);
+       header("Location: $location");
        exit();
 
 break;
@@ -97,7 +101,7 @@ default:
                $theme_name = $a_theme['Name'];
                if ($theme_name == $theme) $selected = " selected='selected'";
                else $selected = '';
-               $theme_name = wp_specialchars($theme_name, true);
+               $theme_name = attribute_escape($theme_name);
                echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>";
        }
 ?>
index 1bcdb45a218b6d97bc00ba2adf818b38bdb15f55..9567960ed3b2a5a55cab84d0e2f565a9a3775fd2 100644 (file)
@@ -123,7 +123,8 @@ CREATE TABLE $wpdb->posts (
   post_mime_type varchar(100) NOT NULL default '',
   comment_count bigint(20) NOT NULL default '0',
   PRIMARY KEY  (ID),
-  KEY post_name (post_name)
+  KEY post_name (post_name),
+  KEY post_status (post_status)
 );
 CREATE TABLE $wpdb->users (
   ID bigint(20) unsigned NOT NULL auto_increment,
index 3c30d940a4c568e07bef1bfb4bef6549fdc9d9c3..aa459514772d6ec5383cc190b5c857927b108ff1 100644 (file)
@@ -67,7 +67,7 @@ text-align: center; border-top: 1px solid #ccc; padding-top: 1em; font-style: it
 switch($step) {
 
        case 0:
-       $goback = wp_specialchars(wp_get_referer());
+       $goback = clean_url(stripslashes(wp_get_referer()));
 ?> 
 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
        <h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
@@ -86,7 +86,7 @@ switch($step) {
        if ( empty( $_GET['backto'] ) )
                $backto = __get_option('home');
        else
-               $backto = wp_specialchars( $_GET['backto'] , 1 );
+               $backto = clean_url(stripslashes($_GET['backto']));
 ?> 
 <h2><?php _e('Step 1'); ?></h2> 
        <p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"),  $backto); ?></p>
index ac6d4d6e7ec97d38c76c6853237ddeb8b410bc02..1d5975872e977a8eb83282f7c9c88ec8b5f1be81 100644 (file)
@@ -21,6 +21,11 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
        }
 }
 
+$user_id = (int) $user_id;
+
+if ( !$user_id )
+       die(__('Invalid user ID.'));
+
 switch ($action) {
 case 'switchposts':
 
@@ -37,7 +42,7 @@ check_admin_referer('update-user_' . $user_id);
 $errors = array();
 
 if (!current_user_can('edit_users'))
-       $errors['head'] = __('You do not have permission to edit this user.');
+       die(__('You do not have permission to edit this user.'));
 else
        $errors = edit_user($user_id);
 
@@ -49,9 +54,11 @@ if(count($errors) == 0) {
 default:
 include ('admin-header.php');
 
-$profileuser = new WP_User($user_id);
+$profileuser = get_user_to_edit($user_id);
+
+if (!current_user_can('edit_users')) 
+       die__('You do not have permission to edit this user.');
 
-if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.');
 ?>
 
 <?php if ( isset($_GET['updated']) ) : ?>
@@ -105,7 +112,7 @@ echo '</select>';
 <p><label><?php _e('Nickname:') ?><br />
 <input type="text" name="nickname" value="<?php echo $profileuser->nickname ?>" /></label></p>
 
-</p><label><?php _e('Display name publicly as:') ?> <br />
+<p><label><?php _e('Display name publicly as:') ?> <br />
 <select name="display_name">
 <option value="<?php echo $profileuser->display_name; ?>"><?php echo $profileuser->display_name; ?></option>
 <option value="<?php echo $profileuser->nickname ?>"><?php echo $profileuser->nickname ?></option>
index 76a00cd443bbbd12f69a8d75264a887fcbe19c1e..fcd4fe03e8a0f3da33775ee3324dee947f27e04c 100644 (file)
@@ -15,6 +15,7 @@ case 'promote':
 
        if (empty($_POST['users'])) {
                wp_redirect('users.php');
+               exit();
        }
 
        if ( !current_user_can('edit_users') )
@@ -34,6 +35,7 @@ case 'promote':
        }
                
        wp_redirect('users.php?update=' . $update);
+       exit();
 
 break;
 
@@ -43,6 +45,7 @@ case 'dodelete':
 
        if ( empty($_POST['users']) ) {
                wp_redirect('users.php');
+               exit();
        }
 
        if ( !current_user_can('edit_users') )
@@ -67,15 +70,17 @@ case 'dodelete':
        }
 
        wp_redirect('users.php?update=' . $update);
-
+       exit();
 break;
 
 case 'delete':
 
        check_admin_referer('bulk-users');
 
-       if ( empty($_POST['users']) )
+       if ( empty($_POST['users']) ) {
                wp_redirect('users.php');
+               exit();
+       }
 
        if ( !current_user_can('edit_users') )
                $error['edit_users'] = __('You can&#8217;t delete users.');
@@ -135,9 +140,9 @@ case 'adduser':
        
        $errors = add_user();
        
-       if(count($errors) == 0) {
+       if ( count($errors) == 0 ) {
                wp_redirect('users.php?update=add');
-               die();
+               exit();
        }
 
 default:
@@ -206,7 +211,7 @@ default:
   <table cellpadding="3" cellspacing="3" width="100%">
        <?php
        foreach($roleclasses as $role => $roleclass) {
-               ksort($roleclass);
+               uksort($roleclass, "strnatcasecmp");
                ?>
 
        <tr>
index abc8959a3af10307021ff242221dfb8f1f87e919..fcfdbdff1cee3d592f965c365b74b4e432826068 100644 (file)
@@ -357,6 +357,14 @@ table .vers, table .name {
        text-align: center;
 }
 
+textarea.all-options, input.all-options {
+       width: 250px;
+}
+
+input.disabled, textarea.disabled {
+       background: #ccc;
+}
+
 #adminmenu {
        background: #6da6d1;
        border-top: 3px solid #448abd;
@@ -880,7 +888,7 @@ table .vers, table .name {
        background: #2685af url(images/box-head-right.gif) no-repeat top right;
 }
 
-#advancedstuff div.dbx-handle-wrapper {
+#advancedstuff div.dbx-h-andle-wrapper {
        margin: 0 0 0 -7px;
        background: #fff url(images/box-head-left.gif) no-repeat top left;
 }
@@ -896,7 +904,7 @@ table .vers, table .name {
        padding-right: 17px;
 }
 
-#advancedstuff div.dbx-content-wrapper {
+#advancedstuff div.dbx-c-ontent-wrapper {
        margin-left: -7px;
        margin-right: 0;
        background: url(images/box-bg-left.gif) repeat-y left;
@@ -908,11 +916,11 @@ table .vers, table .name {
        background: url(images/box-butt-right.gif) no-repeat bottom right;
 }
 
-#advancedstuff div.dbx-box-wrapper {
+#advancedstuff div.dbx-b-ox-wrapper {
        background: url(images/box-butt-left.gif) no-repeat bottom left;
 }
 
-#advancedstuff .dbx-box-closed div.dbx-content-wrapper {
+#advancedstuff .dbx-box-closed div.dbx-c-ontent-wrapper {
        padding-bottom: 2px;
        background: url(images/box-butt-left.gif) no-repeat bottom left;
 }
index 3be6142c62a3ab501f24b2023f41125cdfbf142b..47926c12b873721b3c890d7a69a67a167742563b 100644 (file)
@@ -25,14 +25,20 @@ $comment_content      = trim($_POST['comment']);
 
 // If the user is logged in
 $user = wp_get_current_user();
-if ( $user->ID ) :
+if ( $user->ID ) {
        $comment_author       = $wpdb->escape($user->display_name);
        $comment_author_email = $wpdb->escape($user->user_email);
        $comment_author_url   = $wpdb->escape($user->user_url);
-else :
+       if ( current_user_can('unfiltered_html') ) {
+               if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
+                       kses_remove_filters(); // start with a clean slate
+                       kses_init_filters(); // set up the filters
+               }
+       }
+} else {
        if ( get_option('comment_registration') )
                die( __('Sorry, you must be logged in to post a comment.') );
-endif;
+}
 
 $comment_type = '';
 
@@ -57,8 +63,9 @@ if ( !$user->ID ) :
        setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
 endif;
 
-$location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to']; 
+$location = ( empty($_POST['redirect_to']) ? get_permalink($comment_post_ID) : $_POST['redirect_to'] ) . '#comment-' . $comment_id;
+$location = apply_filters('comment_post_redirect', $location, $comment);
 
-wp_redirect( $location );
+wp_redirect($location);
 
 ?>
diff --git a/wp-content/plugins/akismet/akismet.gif b/wp-content/plugins/akismet/akismet.gif
new file mode 100644 (file)
index 0000000..0b93a89
Binary files /dev/null and b/wp-content/plugins/akismet/akismet.gif differ
index 8d8997aba62e73a54e06c4156b9c441722672b1d..53e9a9fff5eea0e78bebbcc4da0346f8e8819535 100644 (file)
 /*
 Plugin Name: Akismet
 Plugin URI: http://akismet.com/
-Description: Akismet checks your comments against the Akismet web serivce to see if they look like spam or not. You need a <a href="http://wordpress.com/api-keys/">WordPress.com API key</a> to use this service. You can review the spam it catches under "Manage" and it automatically deletes old spam after 15 days. Hat tip: <a href="http://ioerror.us/">Michael Hampton</a> and <a href="http://chrisjdavis.org/">Chris J. Davis</a> for help with the plugin.
+Description: Akismet checks your comments against the Akismet web service to see if they look like spam or not. You need a <a href="http://wordpress.com/api-keys/">WordPress.com API key</a> to use it. You can review the spam it catches under "Comments." To show off your Akismet stats just put <code>&lt;?php akismet_counter(); ?></code> in your template.
+Version: 2.0.2
 Author: Matt Mullenweg
-Version: 1.15
 Author URI: http://photomatt.net/
 */
 
-add_action('admin_menu', 'ksd_config_page');
+// If you hardcode a WP.com API key here, all key config screens will be hidden
+$wpcom_api_key = '';
 
-if ( ! function_exists('wp_nonce_field') ) {
-       function akismet_nonce_field($action = -1) {
-               return; 
-       }
+function akismet_init() {
+       global $wpcom_api_key, $akismet_api_host, $akismet_api_port;
+
+       if ( $wpcom_api_key )
+               $akismet_api_host = $wpcom_api_key . '.rest.akismet.com';
+       else
+               $akismet_api_host = get_option('wordpress_api_key') . '.rest.akismet.com';
+
+       $akismet_api_port = 80;
+       add_action('admin_menu', 'akismet_config_page');
+}
+add_action('init', 'akismet_init');
+
+if ( !function_exists('wp_nonce_field') ) {
+       function akismet_nonce_field($action = -1) { return; }
        $akismet_nonce = -1;
 } else {
-       function akismet_nonce_field($action = -1) {
-               return wp_nonce_field($action);
-       }
+       function akismet_nonce_field($action = -1) { return wp_nonce_field($action); }
        $akismet_nonce = 'akismet-update-key';
 }
 
-function ksd_config_page() {
-       global $wpdb;
+function akismet_config_page() {
        if ( function_exists('add_submenu_page') )
-               add_submenu_page('plugins.php', __('Akismet Configuration'), __('Akismet Configuration'), 'manage_options', __FILE__, 'akismet_conf');
+               add_submenu_page('plugins.php', __('Akismet Configuration'), __('Akismet Configuration'), 'manage_options', 'akismet-key-config', 'akismet_conf');
 }
 
 function akismet_conf() {
-       global $akismet_nonce;
+       global $akismet_nonce, $wpcom_api_key;
+
        if ( isset($_POST['submit']) ) {
-               if ( !current_user_can('manage_options') )
+               if ( function_exists('current_user_can') && !current_user_can('manage_options') )
                        die(__('Cheatin&#8217; uh?'));
 
-               check_admin_referer($akismet_nonce);
-               $key = preg_replace('/[^a-h0-9]/i', '', $_POST['key']);
-               if ( akismet_verify_key( $key ) )
+               check_admin_referer( $akismet_nonce );
+               $key = preg_replace( '/[^a-h0-9]/i', '', $_POST['key'] );
+
+               if ( empty($key) ) {
+                       $key_status = 'empty';
+                       $ms[] = 'new_key_empty';
+                       delete_option('wordpress_api_key');
+               } else {
+                       $key_status = akismet_verify_key( $key );
+               }
+
+               if ( $key_status == 'valid' ) {
                        update_option('wordpress_api_key', $key);
+                       $ms[] = 'new_key_valid';
+               } else if ( $key_status == 'invalid' ) {
+                       $ms[] = 'new_key_invalid';
+               } else if ( $key_status == 'failed' ) {
+                       $ms[] = 'new_key_failed';
+               }
+
+               if ( isset( $_POST['akismet_discard_month'] ) )
+                       update_option( 'akismet_discard_month', 'true' );
                else
-                       $invalid_key = true;
+                       update_option( 'akismet_discard_month', 'false' );
        }
-       if ( !akismet_verify_key( get_option('wordpress_api_key') ) )
-               $invalid_key = true;
-?>
 
+       if ( $key_status != 'valid' ) {
+               $key = get_option('wordpress_api_key');
+               if ( empty( $key ) ) {
+                       if ( $key_status != 'failed' ) {
+                               if ( akismet_verify_key( '1234567890ab' ) == 'failed' )
+                                       $ms[] = 'no_connection';
+                               else
+                                       $ms[] = 'key_empty';
+                       }
+                       $key_status = 'empty';
+               } else {
+                       $key_status = akismet_verify_key( $key );
+               }
+               if ( $key_status == 'valid' ) {
+                       $ms[] = 'key_valid';
+               } else if ( $key_status == 'invalid' ) {
+                       delete_option('wordpress_api_key');
+                       $ms[] = 'key_empty';
+               } else if ( !empty($key) && $key_status == 'failed' ) {
+                       $ms[] = 'key_failed';
+               }
+       }
+
+       $messages = array(
+               'new_key_empty' => array('color' => 'aa0', 'text' => __('Your key has been cleared.')),
+               'new_key_valid' => array('color' => '2d2', 'text' => __('Your key has been verified. Happy blogging!')),
+               'new_key_invalid' => array('color' => 'd22', 'text' => __('The key you entered is invalid. Please double-check it.')),
+               'new_key_failed' => array('color' => 'd22', 'text' => __('The key you entered could not be verified because a connection to akismet.com could not be established. Please check your server configuration.')),
+               'no_connection' => array('color' => 'd22', 'text' => __('There was a problem connecting to the Akismet server. Please check your server configuration.')),
+               'key_empty' => array('color' => 'aa0', 'text' => sprintf(__('Please enter an API key. (<a href="%s" style="color:#fff">Get your key.</a>)'), 'http://wordpress.com/profile/')),
+               'key_valid' => array('color' => '2d2', 'text' => __('This key is valid.')),
+               'key_failed' => array('color' => 'aa0', 'text' => __('The key below was previously validated but a connection to akismet.com can not be established at this time. Please check your server configuration.')));
+?>
+<?php if ( !empty($_POST ) ) : ?>
+<div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
+<?php endif; ?>
 <div class="wrap">
 <h2><?php _e('Akismet Configuration'); ?></h2>
+<div class="narrow">
+<form action="" method="post" id="akismet-conf" style="margin: auto; width: 400px; ">
+<?php if ( !$wpcom_api_key ) { ?>
        <p><?php printf(__('For many people, <a href="%1$s">Akismet</a> will greatly reduce or even completely eliminate the comment and trackback spam you get on your site. If one does happen to get through, simply mark it as "spam" on the moderation screen and Akismet will learn from the mistakes. If you don\'t have a WordPress.com account yet, you can get one at <a href="%2$s">WordPress.com</a>.'), 'http://akismet.com/', 'http://wordpress.com/api-keys/'); ?></p>
 
-<form action="" method="post" id="akismet-conf" style="margin: auto; width: 25em; ">
 <?php akismet_nonce_field($akismet_nonce) ?>
 <h3><label for="key"><?php _e('WordPress.com API Key'); ?></label></h3>
+<?php foreach ( $ms as $m ) : ?>
+       <p style="padding: .5em; background-color: #<?php echo $messages[$m]['color']; ?>; color: #fff; font-weight: bold;"><?php echo $messages[$m]['text']; ?></p>
+<?php endforeach; ?>
+<p><input id="key" name="key" type="text" size="15" maxlength="12" value="<?php echo get_option('wordpress_api_key'); ?>" style="font-family: 'Courier New', Courier, mono; font-size: 1.5em;" /> (<?php _e('<a href="http://faq.wordpress.com/2005/10/19/api-key/">What is this?</a>'); ?>)</p>
 <?php if ( $invalid_key ) { ?>
-       <p style="padding: .5em; background-color: #f33; color: #fff; font-weight: bold;"><?php _e('Your key appears invalid. Double-check it.'); ?></p>
+<h3><?php _e('Why might my key be invalid?'); ?></h3>
+<p><?php _e('This can mean one of two things, either you copied the key wrong or that the plugin is unable to reach the Akismet servers, which is most often caused by an issue with your web host around firewalls or similar.'); ?></p>
 <?php } ?>
-<p><input id="key" name="key" type="text" size="15" maxlength="12" value="<?php echo get_option('wordpress_api_key'); ?>" style="font-family: 'Courier New', Courier, mono; font-size: 1.5em;" /> (<?php _e('<a href="http://faq.wordpress.com/2005/10/19/api-key/">What is this?</a>'); ?>)</p>
-       <p class="submit"><input type="submit" name="submit" value="<?php _e('Update API Key &raquo;'); ?>" /></p>
+<?php } ?>
+<p><label><input name="akismet_discard_month" id="akismet_discard_month" value="true" type="checkbox" <?php if ( get_option('akismet_discard_month') == 'true' ) echo ' checked="checked" '; ?> /> <?php _e('Automatically discard spam comments on posts older than a month.'); ?></label></p>
+       <p class="submit"><input type="submit" name="submit" value="<?php _e('Update options &raquo;'); ?>" /></p>
 </form>
 </div>
+</div>
 <?php
 }
 
 function akismet_verify_key( $key ) {
-       global $auto_comment_approved, $ksd_api_host, $ksd_api_port;
+       global $akismet_api_host, $akismet_api_port, $wpcom_api_key;
        $blog = urlencode( get_option('home') );
-       $response = ksd_http_post("key=$key&blog=$blog", 'rest.akismet.com', '/1.1/verify-key', $ksd_api_port);
-       if ( 'valid' == $response[1] )
-               return true;
-       else
-               return false;
+       if ( $wpcom_api_key )
+               $key = $wpcom_api_key;
+       $response = akismet_http_post("key=$key&blog=$blog", 'rest.akismet.com', '/1.1/verify-key', $akismet_api_port);
+       if ( !is_array($response) || !isset($response[1]) || $response[1] != 'valid' && $response[1] != 'invalid' )
+               return 'failed';
+       return $response[1];
 }
 
-if ( !get_option('wordpress_api_key') && !isset($_POST['submit']) ) {
+if ( !get_option('wordpress_api_key') && !$wpcom_api_key && !isset($_POST['submit']) ) {
        function akismet_warning() {
-       $path = plugin_basename(__FILE__);
                echo "
-               <div id='akismet-warning' class='updated fade-ff0000'><p><strong>".__('Akismet is not active.')."</strong> ".sprintf(__('You must <a href="%1$s">enter your WordPress.com API key</a> for it to work.'), "plugins.php?page=$path")."</p></div>
+               <div id='akismet-warning' class='updated fade-ff0000'><p><strong>".__('Akismet is not active.')."</strong> ".sprintf(__('You must <a href="%1$s">enter your WordPress.com API key</a> for it to work.'), "plugins.php?page=akismet-key-config")."</p></div>
                <style type='text/css'>
                #adminmenu { margin-bottom: 5em; }
                #akismet-warning { position: absolute; top: 7em; }
@@ -87,24 +157,20 @@ if ( !get_option('wordpress_api_key') && !isset($_POST['submit']) ) {
        return;
 }
 
-$ksd_api_host = get_option('wordpress_api_key') . '.rest.akismet.com';
-$ksd_api_port = 80;
-$ksd_user_agent = "WordPress/$wp_version | Akismet/1.15";
-
-// Returns array with headers in $response[0] and entity in $response[1]
-function ksd_http_post($request, $host, $path, $port = 80) {
-       global $ksd_user_agent;
+// Returns array with headers in $response[0] and body in $response[1]
+function akismet_http_post($request, $host, $path, $port = 80) {
+       global $wp_version;
 
        $http_request  = "POST $path HTTP/1.0\r\n";
        $http_request .= "Host: $host\r\n";
-       $http_request .= "Content-Type: application/x-www-form-urlencoded; charset=" . get_settings('blog_charset') . "\r\n";
+       $http_request .= "Content-Type: application/x-www-form-urlencoded; charset=" . get_option('blog_charset') . "\r\n";
        $http_request .= "Content-Length: " . strlen($request) . "\r\n";
-       $http_request .= "User-Agent: $ksd_user_agent\r\n";
+       $http_request .= "User-Agent: WordPress/$wp_version | Akismet/2.0\r\n";
        $http_request .= "\r\n";
        $http_request .= $request;
 
        $response = '';
-       if( false !== ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {
+       if( false != ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {
                fwrite($fs, $http_request);
 
                while ( !feof($fs) )
@@ -115,8 +181,9 @@ function ksd_http_post($request, $host, $path, $port = 80) {
        return $response;
 }
 
-function ksd_auto_check_comment( $comment ) {
-       global $auto_comment_approved, $ksd_api_host, $ksd_api_port;
+function akismet_auto_check_comment( $comment ) {
+       global $akismet_api_host, $akismet_api_port;
+
        $comment['user_ip']    = preg_replace( '/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR'] );
        $comment['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
        $comment['referrer']   = $_SERVER['HTTP_REFERER'];
@@ -132,10 +199,18 @@ function ksd_auto_check_comment( $comment ) {
        foreach ( $comment as $key => $data )
                $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
 
-       $response = ksd_http_post($query_string, $ksd_api_host, '/1.1/comment-check', $ksd_api_port);
+       $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);
        if ( 'true' == $response[1] ) {
-               $auto_comment_approved = 'spam';
+               add_filter('pre_comment_approved', create_function('$a', 'return \'spam\';'));
                update_option( 'akismet_spam_count', get_option('akismet_spam_count') + 1 );
+
+               $post = get_post( $comment['comment_post_ID'] );
+               $last_updated = strtotime( $post->post_modified_gmt );
+               $diff = time() - $last_updated;
+               $diff = $diff / 86400;
+
+               if ( $post->post_type == 'post' && $diff > 30 && get_option( 'akismet_discard_month' ) == 'true' )
+                       die;
        }
        akismet_delete_old();
        return $comment;
@@ -145,20 +220,13 @@ function akismet_delete_old() {
        global $wpdb;
        $now_gmt = current_time('mysql', 1);
        $wpdb->query("DELETE FROM $wpdb->comments WHERE DATE_SUB('$now_gmt', INTERVAL 15 DAY) > comment_date_gmt AND comment_approved = 'spam'");
-       $n = mt_rand(1, 5);
-       if ( $n % 5 )
+       $n = mt_rand(1, 5000);
+       if ( $n == 11 ) // lucky number
                $wpdb->query("OPTIMIZE TABLE $wpdb->comments");
 }
 
-function ksd_auto_approved( $approved ) {
-       global $auto_comment_approved;
-       if ( 'spam' == $auto_comment_approved )
-               $approved = $auto_comment_approved;
-       return $approved;
-}
-
-function ksd_submit_nonspam_comment ( $comment_id ) {
-       global $wpdb, $ksd_api_host, $ksd_api_port;
+function akismet_submit_nonspam_comment ( $comment_id ) {
+       global $wpdb, $akismet_api_host, $akismet_api_port;
 
        $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_id'");
        if ( !$comment ) // it was deleted
@@ -167,11 +235,11 @@ function ksd_submit_nonspam_comment ( $comment_id ) {
        $query_string = '';
        foreach ( $comment as $key => $data )
                $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
-       $response = ksd_http_post($query_string, $ksd_api_host, "/1.1/submit-ham", $ksd_api_port);
+       $response = akismet_http_post($query_string, $akismet_api_host, "/1.1/submit-ham", $akismet_api_port);
 }
 
-function ksd_submit_spam_comment ( $comment_id ) {
-       global $wpdb, $ksd_api_host, $ksd_api_port;
+function akismet_submit_spam_comment ( $comment_id ) {
+       global $wpdb, $akismet_api_host, $akismet_api_port;
 
        $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_id'");
        if ( !$comment ) // it was deleted
@@ -183,32 +251,38 @@ function ksd_submit_spam_comment ( $comment_id ) {
        foreach ( $comment as $key => $data )
                $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
 
-       $response = ksd_http_post($query_string, $ksd_api_host, "/1.1/submit-spam", $ksd_api_port);
+       $response = akismet_http_post($query_string, $akismet_api_host, "/1.1/submit-spam", $akismet_api_port);
 }
 
-add_action('wp_set_comment_status', 'ksd_submit_spam_comment');
-add_action('edit_comment', 'ksd_submit_spam_comment');
-add_action('preprocess_comment', 'ksd_auto_check_comment', 1);
-add_filter('pre_comment_approved', 'ksd_auto_approved');
+add_action('wp_set_comment_status', 'akismet_submit_spam_comment');
+add_action('edit_comment', 'akismet_submit_spam_comment');
+add_action('preprocess_comment', 'akismet_auto_check_comment', 1);
 
-
-function ksd_spam_count() {
+function akismet_spam_count() {
        global $wpdb, $comments;
-       $count = $wpdb->get_var("SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_approved = 'spam'");
+       $count = wp_cache_get( 'akismet_spam_count', 'widget' );
+       if ( false === $count ) {
+               $count = $wpdb->get_var("SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_approved = 'spam'");
+               wp_cache_set( 'akismet_spam_count', $count, 'widget', 3600 );
+       }
        return $count;
 }
 
-function ksd_manage_page() {
-       global $wpdb;
-       $count = sprintf(__('Akismet Spam (%s)'), ksd_spam_count());
-       if ( function_exists('add_management_page') )
-               add_management_page(__('Akismet Spam'), $count, 'moderate_comments', __FILE__, 'ksd_caught');
+function akismet_manage_page() {
+       global $wpdb, $submenu;
+       $count = sprintf(__('Akismet Spam (%s)'), akismet_spam_count());
+       if ( isset( $submenu['edit-comments.php'] ) )
+               add_submenu_page('edit-comments.php', __('Akismet Spam'), $count, 'moderate_comments', 'akismet-admin', 'akismet_caught' );
+       elseif ( function_exists('add_management_page') )
+               add_management_page(__('Akismet Spam'), $count, 'moderate_comments', 'akismet-admin', 'akismet_caught');
 }
 
-function ksd_caught() {
-       global $wpdb, $comment;
+function akismet_caught() {
+       global $wpdb, $comment, $akismet_caught, $akismet_nonce;
+       akismet_recheck_queue();
        if (isset($_POST['submit']) && 'recover' == $_POST['action'] && ! empty($_POST['not_spam'])) {
-               if ( ! current_user_can('moderate_comments') )
+               check_admin_referer( $akismet_nonce );
+               if ( function_exists('current_user_can') && !current_user_can('moderate_comments') )
                        die(__('You do not have sufficient permission to moderate comments.'));
                
                $i = 0;
@@ -218,25 +292,38 @@ function ksd_caught() {
                                wp_set_comment_status($comment, 'approve');
                        else
                                $wpdb->query("UPDATE $wpdb->comments SET comment_approved = '1' WHERE comment_ID = '$comment'");
-                       ksd_submit_nonspam_comment($comment);
+                       akismet_submit_nonspam_comment($comment);
                        ++$i;
                endforeach;
-               echo '<div class="updated"><p>' . sprintf(__('%1$s comments recovered.'), $i) . "</p></div>";
+               $to = add_query_arg( 'recovered', $i, $_SERVER['HTTP_REFERER'] );
+               wp_redirect( $to );
+               exit;
        }
        if ('delete' == $_POST['action']) {
-               if ( ! current_user_can('moderate_comments') )
+               check_admin_referer( $akismet_nonce );
+               if ( function_exists('current_user_can') && !current_user_can('moderate_comments') )
                        die(__('You do not have sufficient permission to moderate comments.'));
 
                $delete_time = addslashes( $_POST['display_time'] );
                $nuked = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" );
-               if (isset($nuked)) {
-                       echo '<div class="updated"><p>';
-                       if ($nuked) {
-                               _e('All spam deleted.');
-                       }
-                       echo "</p></div>";
-               }
+               wp_cache_delete( 'akismet_spam_count', 'widget' );
+               $to = add_query_arg( 'deleted', 'all', $_SERVER['HTTP_REFERER'] );
+               wp_redirect( $to );
+               exit;
        }
+
+if ( isset( $_GET['recovered'] ) ) {
+       $i = (int) $_GET['recovered'];
+       echo '<div class="updated"><p>' . sprintf(__('%1$s comments recovered.'), $i) . "</p></div>";
+}
+
+if (isset( $_GET['deleted'] ) )
+       echo '<div class="updated"><p>' . __('All spam deleted.') . '</p></div>';
+
+if ( isset( $GLOBALS['submenu']['edit-comments.php'] ) )
+       $link = 'edit-comments.php';
+else
+       $link = 'edit.php';
 ?>
 <div class="wrap">
 <h2><?php _e('Caught Spam') ?></h2>
@@ -247,35 +334,104 @@ if ( $count ) {
 <p><?php printf(__('Akismet has caught <strong>%1$s spam</strong> for you since you first installed it.'), number_format($count) ); ?></p>
 <?php
 }
-$spam_count = ksd_spam_count();
+$spam_count = akismet_spam_count();
 if (0 == $spam_count) {
        echo '<p>'.__('You have no spam currently in the queue. Must be your lucky day. :)').'</p>';
        echo '</div>';
 } else {
        echo '<p>'.__('You can delete all of the spam from your database with a single click. This operation cannot be undone, so you may wish to check to ensure that no legitimate comments got through first. Spam is automatically deleted after 15 days, so don&#8217;t sweat it.').'</p>';
 ?>
-<form method="post" action="">
+<?php if ( !isset( $_POST['s'] ) ) { ?>
+<form method="post" action="<?php echo attribute_escape( add_query_arg( 'noheader', 'true' ) ); ?>">
+<?php akismet_nonce_field($akismet_nonce) ?>
 <input type="hidden" name="action" value="delete" />
 <?php printf(__('There are currently %1$s comments identified as spam.'), $spam_count); ?>&nbsp; &nbsp; <input type="submit" name="Submit" value="<?php _e('Delete all'); ?>" />
 <input type="hidden" name="display_time" value="<?php echo current_time('mysql', 1); ?>" />
 </form>
+<?php } ?>
 </div>
 <div class="wrap">
+<?php if ( isset( $_POST['s'] ) ) { ?>
+<h2><?php _e('Search'); ?></h2>
+<?php } else { ?>
 <h2><?php _e('Latest Spam'); ?></h2>
 <?php echo '<p>'.__('These are the latest comments identified as spam by Akismet. If you see any mistakes, simply mark the comment as "not spam" and Akismet will learn from the submission. If you wish to recover a comment from spam, simply select the comment, and click Not Spam. After 15 days we clean out the junk for you.').'</p>'; ?>
+<?php } ?>
 <?php
-$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = 'spam' ORDER BY comment_date DESC LIMIT 150");
+if ( isset( $_POST['s'] ) ) {
+       $s = $wpdb->escape($_POST['s']);
+       $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments  WHERE
+               (comment_author LIKE '%$s%' OR
+               comment_author_email LIKE '%$s%' OR
+               comment_author_url LIKE ('%$s%') OR
+               comment_author_IP LIKE ('%$s%') OR
+               comment_content LIKE ('%$s%') ) AND
+               comment_approved = 'spam'
+               ORDER BY comment_date DESC");
+} else {
+       if ( isset( $_GET['apage'] ) )
+               $page = (int) $_GET['apage'];
+       else
+               $page = 1;
+
+       if ( $page < 2 )
+               $page = 1;
+
+       $start = ( $page - 1 ) * 50;
+       $end = $start + 50;
+
+       $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = 'spam' ORDER BY comment_date DESC LIMIT $start, $end");
+       $total = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = 'spam'" );
+}
 
 if ($comments) {
 ?>
-<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
+
+<?php if ( $total > 50 ) {
+$total_pages = ceil( $total / 50 );
+$r = '';
+if ( 1 < $page ) {
+       $args['apage'] = ( 1 == $page - 1 ) ? '' : $page - 1;
+       $r .=  '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
+}
+if ( ( $total_pages = ceil( $total / 50 ) ) > 1 ) {
+       for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
+               if ( $page == $page_num ) :
+                       $r .=  "<strong>$page_num</strong>\n";
+               else :
+                       $p = false;
+                       if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
+                               $args['apage'] = ( 1 == $page_num ) ? '' : $page_num;
+                               $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
+                               $in = true;
+                       elseif ( $in == true ) :
+                               $r .= "...\n";
+                               $in = false;
+                       endif;
+               endif;
+       endfor;
+}
+if ( ( $page ) * 50 < $total || -1 == $total ) {
+       $args['apage'] = $page + 1;
+       $r .=  '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
+}
+echo "<p>$r</p>";
+?>
+
+<?php } ?>
+<form method="post" action="<?php echo attribute_escape("$link?page=akismet-admin"); ?>" id="akismetsearch">
+<p>  <input type="text" name="s" value="<?php if (isset($_POST['s'])) echo attribute_escape($_POST['s']); ?>" size="17" /> 
+  <input type="submit" name="submit" value="<?php echo attribute_escape(__('Search')) ?>"  />  </p>
+</form>
+<form method="post" action="<?php echo attribute_escape( add_query_arg( 'noheader', 'true' ) ); ?>">
+<?php akismet_nonce_field($akismet_nonce) ?>
 <input type="hidden" name="action" value="recover" />
 <ul id="spam-list" class="commentlist" style="list-style: none; margin: 0; padding: 0;">
 <?php
 $i = 0;
 foreach($comments as $comment) {
        $i++;
-       $comment_date = mysql2date(get_settings("date_format") . " @ " . get_settings("time_format"), $comment->comment_date);
+       $comment_date = mysql2date(get_option("date_format") . " @ " . get_option("time_format"), $comment->comment_date);
        $post = get_post($comment->comment_post_ID);
        $post_title = $post->post_title;
        if ($i % 2) $class = 'class="alternate"';
@@ -300,25 +456,64 @@ $post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
 
 <?php
 }
-}
 ?>
 </ul>
+<?php if ( $total > 50 ) {
+$total_pages = ceil( $total / 50 );
+$r = '';
+if ( 1 < $page ) {
+       $args['apage'] = ( 1 == $page - 1 ) ? '' : $page - 1;
+       $r .=  '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
+}
+if ( ( $total_pages = ceil( $total / 50 ) ) > 1 ) {
+       for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
+               if ( $page == $page_num ) :
+                       $r .=  "<strong>$page_num</strong>\n";
+               else :
+                       $p = false;
+                       if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
+                               $args['apage'] = ( 1 == $page_num ) ? '' : $page_num;
+                               $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
+                               $in = true;
+                       elseif ( $in == true ) :
+                               $r .= "...\n";
+                               $in = false;
+                       endif;
+               endif;
+       endfor;
+}
+if ( ( $page ) * 50 < $total || -1 == $total ) {
+       $args['apage'] = $page + 1;
+       $r .=  '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
+}
+echo "<p>$r</p>";
+}
+?>
 <p class="submit"> 
-<input type="submit" name="submit" value="<?php _e('De-spam marked comments &raquo;'); ?>" />
+<input type="submit" name="submit" value="<?php echo attribute_escape(__('De-spam marked comments &raquo;')); ?>" />
 </p>
 <p><?php _e('Comments you de-spam will be submitted to Akismet as mistakes so it can learn and get better.'); ?></p>
 </form>
-<form method="post" action="">
+<?php
+} else {
+?>
+<p><?php _e('No results found.'); ?></p>
+<?php } ?>
+
+<?php if ( !isset( $_POST['s'] ) ) { ?>
+<form method="post" action="<?php echo attribute_escape( add_query_arg( 'noheader', 'true' ) ); ?>">
+<?php akismet_nonce_field($akismet_nonce) ?>
 <p><input type="hidden" name="action" value="delete" />
-<?php printf(__('There are currently %1$s comments identified as spam.'), $spam_count); ?>&nbsp; &nbsp; <input type="submit" name="Submit" value="<?php _e('Delete all'); ?>" />
+<?php printf(__('There are currently %1$s comments identified as spam.'), $spam_count); ?>&nbsp; &nbsp; <input type="submit" name="Submit" value="<?php echo attribute_escape(__('Delete all')); ?>" />
 <input type="hidden" name="display_time" value="<?php echo current_time('mysql', 1); ?>" /></p>
 </form>
+<?php } ?>
 </div>
 <?php
        }
 }
 
-add_action('admin_menu', 'ksd_manage_page');
+add_action('admin_menu', 'akismet_manage_page');
 
 function akismet_stats() {
        $count = get_option('akismet_spam_count');
@@ -326,9 +521,161 @@ function akismet_stats() {
                return;
        $path = plugin_basename(__FILE__);
        echo '<h3>'.__('Spam').'</h3>';
-       echo '<p>'.sprintf(__('<a href="%1$s">Akismet</a> has protected your site from <a href="%2$s">%3$s spam comments</a>.'), 'http://akismet.com/', "edit.php?page=$path", number_format($count) ).'</p>';
+       global $submenu;
+       if ( isset( $submenu['edit-comments.php'] ) )
+               $link = 'edit-comments.php';
+       else
+               $link = 'edit.php';
+       echo '<p>'.sprintf(__('<a href="%1$s">Akismet</a> has protected your site from <a href="%2$s">%3$s spam comments</a>.'), 'http://akismet.com/', clean_url("$link?page=akismet-admin"), number_format($count) ).'</p>';
 }
 
 add_action('activity_box_end', 'akismet_stats');
 
+
+if ( 'moderation.php' == $pagenow ) {
+       function akismet_recheck_button( $page ) {
+               global $submenu;
+               if ( isset( $submenu['edit-comments.php'] ) )
+                       $link = 'edit-comments.php';
+               else
+                       $link = 'edit.php';
+               $button = "<a href='$link?page=akismet-admin&amp;recheckqueue=true&amp;noheader=true' style='display: block; width: 100px; position: absolute; right: 7%; padding: 5px; font-size: 14px; text-decoration: underline; background: #fff; border: 1px solid #ccc;'>" . __('Recheck Queue for Spam') . "</a>";
+               $page = str_replace( '<div class="wrap">', '<div class="wrap">' . $button, $page );
+               return $page;
+       }
+
+       if ( $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'" ) )
+               ob_start( 'akismet_recheck_button' );
+}
+
+function akismet_recheck_queue() {
+       global $wpdb, $akismet_api_host, $akismet_api_port;
+
+       if ( !isset( $_GET['recheckqueue'] ) )
+               return;
+
+       $moderation = $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE comment_approved = '0'", ARRAY_A );
+       foreach ( $moderation as $c ) {
+               $c['user_ip']    = $c['comment_author_IP'];
+               $c['user_agent'] = $c['comment_agent'];
+               $c['referrer']   = '';
+               $c['blog']       = get_option('home');
+               $id = $c['comment_ID'];
+               
+               $query_string = '';
+               foreach ( $c as $key => $data )
+               $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
+               
+               $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);
+               if ( 'true' == $response[1] ) {
+                       $wpdb->query( "UPDATE $wpdb->comments SET comment_approved = 'spam' WHERE comment_ID = $id" );
+               }
+       }
+       wp_redirect( $_SERVER['HTTP_REFERER'] );
+       exit;
+}
+
+function akismet_check_db_comment( $id ) {
+       global $wpdb, $akismet_api_host, $akismet_api_port;
+
+       $id = (int) $id;
+       $c = $wpdb->get_row( "SELECT * FROM $wpdb->comments WHERE comment_ID = '$id'", ARRAY_A );
+       if ( !$c )
+               return;
+
+       $c['user_ip']    = $c['comment_author_IP'];
+       $c['user_agent'] = $c['comment_agent'];
+       $c['referrer']   = '';
+       $c['blog']       = get_option('home');
+       $id = $c['comment_ID'];
+       
+       $query_string = '';
+       foreach ( $c as $key => $data )
+       $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
+       
+       $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);
+       return $response[1];
+}
+
+// This option causes tons of FPs, was removed in 2.1
+function akismet_kill_proxy_check( $option ) { return 0; }
+add_filter('option_open_proxy_check', 'akismet_kill_proxy_check');
+
+// Widget stuff
+function widget_akismet_register() {
+       if ( function_exists('register_sidebar_widget') ) :
+       function widget_akismet($args) {
+               extract($args);
+               $options = get_option('widget_akismet');
+               $count = number_format(get_option('akismet_spam_count'));
+               $text = __('%d spam comments have been blocked by <a href="http://akismet.com">Akismet</a>.');
+               ?>
+                       <?php echo $before_widget; ?>
+                               <?php echo $before_title . $options['title'] . $after_title; ?>
+                               <div id="akismetwrap"><div id="akismetstats"><a id="aka" href="http://akismet.com" title=""><?php printf( __( '%1$s %2$sspam comments%3$s %4$sblocked by%5$s<br />%6$sAkismet%7$s' ), '<div id="akismet1"><span id="akismetcount">' . $count . '</span>', '<span id="akismetsc">', '</span></div>', '<div id="akismet2"><span id="akismetbb">', '</span>', '<span id="akismeta">', '</span></div>' ); ?></a></div></div>
+                       <?php echo $after_widget; ?>
+       <?php
+       }
+       
+       function widget_akismet_style() {
+               ?>
+<style type="text/css">
+#aka,#aka:link,#aka:hover,#aka:visited,#aka:active{color:#fff;text-decoration:none}
+#aka:hover{border:none;text-decoration:none}
+#aka:hover #akismet1{display:none}
+#aka:hover #akismet2,#akismet1{display:block}
+#akismet2{display:none;padding-top:2px}
+#akismeta{font-size:16px;font-weight:bold;line-height:18px;text-decoration:none}
+#akismetcount{display:block;font:15px Verdana,Arial,Sans-Serif;font-weight:bold;text-decoration:none}
+#akismetwrap #akismetstats{background:url(<?php echo get_option('siteurl'); ?>/wp-content/plugins/akismet/akismet.gif) no-repeat top left;border:none;color:#fff;font:11px 'Trebuchet MS','Myriad Pro',sans-serif;height:40px;line-height:100%;overflow:hidden;padding:8px 0 0;text-align:center;width:120px}
+</style>
+               <?php
+       }
+
+       function widget_akismet_control() {
+               $options = $newoptions = get_option('widget_akismet');
+               if ( $_POST["akismet-submit"] ) {
+                       $newoptions['title'] = strip_tags(stripslashes($_POST["akismet-title"]));
+                       if ( empty($newoptions['title']) ) $newoptions['title'] = 'Spam Blocked';
+               }
+               if ( $options != $newoptions ) {
+                       $options = $newoptions;
+                       update_option('widget_akismet', $options);
+               }
+               $title = htmlspecialchars($options['title'], ENT_QUOTES);
+       ?>
+                               <p><label for="akismet-title"><?php _e('Title:'); ?> <input style="width: 250px;" id="akismet-title" name="akismet-title" type="text" value="<?php echo $title; ?>" /></label></p>
+                               <input type="hidden" id="akismet-submit" name="akismet-submit" value="1" />
+       <?php
+       }
+
+       register_sidebar_widget('Akismet', 'widget_akismet', null, 'akismet');
+       register_widget_control('Akismet', 'widget_akismet_control', 300, 75, 'akismet');
+       if ( is_active_widget('widget_akismet') )
+               add_action('wp_head', 'widget_akismet_style');
+       endif;
+}
+
+add_action('init', 'widget_akismet_register');
+
+// Counter for non-widget users
+function akismet_counter() {
+?>
+<style type="text/css">
+#akismetwrap #aka,#aka:link,#aka:hover,#aka:visited,#aka:active{color:#fff;text-decoration:none}
+#aka:hover{border:none;text-decoration:none}
+#aka:hover #akismet1{display:none}
+#aka:hover #akismet2,#akismet1{display:block}
+#akismet2{display:none;padding-top:2px}
+#akismeta{font-size:16px;font-weight:bold;line-height:18px;text-decoration:none}
+#akismetcount{display:block;font:15px Verdana,Arial,Sans-Serif;font-weight:bold;text-decoration:none}
+#akismetwrap #akismetstats{background:url(<?php echo get_option('siteurl'); ?>/wp-content/plugins/akismet/akismet.gif) no-repeat top left;border:none;color:#fff;font:11px 'Trebuchet MS','Myriad Pro',sans-serif;height:40px;line-height:100%;overflow:hidden;padding:8px 0 0;text-align:center;width:120px}
+</style>
+<?php
+$count = number_format(get_option('akismet_spam_count'));
+?>
+<div id="akismetwrap"><div id="akismetstats"><a id="aka" href="http://akismet.com" title=""><div id="akismet1"><span id="akismetcount"><?php echo $count; ?></span> <span id="akismetsc"><?php _e('spam comments') ?></span></div> <div id="akismet2"><span id="akismetbb"><?php _e('blocked by') ?></span><br /><span id="akismeta">Akismet</span></div></a></div></div>
+<?php
+}
+
 ?>
index 4c92a7f608b634d22892cd5d1e3b3bfe4d141f25..2a6974c8e5f4a2f8f04f9a54ae37cff241143439 100644 (file)
@@ -4,7 +4,7 @@ Plugin Name: WordPress Database Backup
 Plugin URI: http://www.skippy.net/blog/plugins/
 Description: On-demand backup of your WordPress database.
 Author: Scott Merrill
-Version: 1.7
+Version: 1.8
 Author URI: http://www.skippy.net/
 
 Much of this was modified from Mark Ghosh's One Click Backup, which
@@ -69,7 +69,8 @@ class wpdbBackup {
                        $via = isset($_GET['via']) ? $_GET['via'] : 'http';
                        
                        $this->backup_file = $_GET['backup'];
-                       
+                       $this->validate_file($this->backup_file);
+
                        switch($via) {
                        case 'smtp':
                        case 'email':
@@ -95,6 +96,7 @@ class wpdbBackup {
                }
                if (isset($_GET['fragment'] )) {
                        list($table, $segment, $filename) = explode(':', $_GET['fragment']);
+                       $this->validate_file($filename);
                        $this->backup_fragment($table, $segment, $filename);
                }
 
@@ -881,6 +883,18 @@ class wpdbBackup {
                
                return;
        } // wp_cron_db_backup
+
+       function validate_file($file) {
+               if (false !== strpos($file, '..'))
+                       die(__("Cheatin' uh ?"));
+
+               if (false !== strpos($file, './'))
+                       die(__("Cheatin' uh ?"));
+
+               if (':' == substr($file, 1, 1))
+                       die(__("Cheatin' uh ?"));
+       }
+
 }
 
 function wpdbBackup_init() {
index 0969e730c36404635d548b6c8cd4e152aef1b78e..ef49d42d0b08de84d0fcb300597a659d75646c6e 100644 (file)
@@ -60,7 +60,7 @@ if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH
          <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
           <label for="author"><?php _e("Name"); ?></label>
        <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
-       <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+       <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
        </p>
 
        <p>
index 46dee78461e77c68e01ff9521f41f4ae38a2833e..6788dee90c35771bba48e2441d12d7b2145f10fe 100644 (file)
@@ -12,7 +12,7 @@
  </li>
  <li id="search">
    <label for="s"><?php _e('Search:'); ?></label>      
-   <form id="searchform" method="get" action="<?php echo $_SERVER['PHP_SELF']; ?>">
+   <form id="searchform" method="get" action="<?php bloginfo('home'); ?>">
        <div>
                <input type="text" name="s" id="s" size="15" /><br />
                <input type="submit" value="<?php _e('Search'); ?>" />
index 3cd58a66285ff58e5460e578c062329b4a212318..063a39182d348293d434aef72f867389b25ec0a9 100644 (file)
@@ -60,7 +60,7 @@ if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $pos
          <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
           <label for="author">Name</label>
        <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
-       <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+       <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
        </p>
 
        <p>
index b2c78f656d67dd2521283f4ecd4b66945bfe4ff0..5f10d7f9135484a540c110ed7a33f6b7a9767bf9 100644 (file)
-<?php\r
-\r
-function kubrick_head() {\r
-       $head = "<style type='text/css'>\n<!--";\r
-       $output = '';\r
-       if ( kubrick_header_image() ) {\r
-               $url =  kubrick_header_image_url() ;\r
-               $output .= "#header { background: url('$url') no-repeat bottom center; }\n";\r
-       }\r
-       if ( false !== ( $color = kubrick_header_color() ) ) {\r
-               $output .= "#headerimg h1 a, #headerimg h1 a:visited, #headerimg .description { color: $color; }\n";\r
-       }\r
-       if ( false !== ( $display = kubrick_header_display() ) ) {\r
-               $output .= "#headerimg { display: $display }\n";\r
-       }\r
-       $foot = "--></style>\n";\r
-       if ( '' != $output )\r
-               echo $head . $output . $foot;\r
-}\r
-\r
-add_action('wp_head', 'kubrick_head');\r
-\r
-function kubrick_header_image() {\r
-       return apply_filters('kubrick_header_image', get_settings('kubrick_header_image'));\r
-}\r
-\r
-function kubrick_upper_color() {\r
-       if ( strstr( $url = kubrick_header_image_url(), 'header-img.php?' ) ) {\r
-               parse_str(substr($url, strpos($url, '?') + 1), $q);\r
-               return $q['upper'];\r
-       } else\r
-               return '69aee7';\r
-}\r
-\r
-function kubrick_lower_color() {\r
-       if ( strstr( $url = kubrick_header_image_url(), 'header-img.php?' ) ) {\r
-               parse_str(substr($url, strpos($url, '?') + 1), $q);\r
-               return $q['lower'];\r
-       } else\r
-               return '4180b6';\r
-}\r
-\r
-function kubrick_header_image_url() {\r
-       if ( $image = kubrick_header_image() )\r
-               $url = get_template_directory_uri() . '/images/' . $image;\r
-       else\r
-               $url = get_template_directory_uri() . '/images/kubrickheader.jpg';\r
-\r
-       return $url;\r
-}\r
-\r
-function kubrick_header_color() {\r
-       return apply_filters('kubrick_header_color', get_settings('kubrick_header_color'));\r
-}\r
-\r
-function kubrick_header_color_string() {\r
-       $color = kubrick_header_color();\r
-       if ( false === $color )\r
-               return 'white';\r
-\r
-       return $color;\r
-}\r
-\r
-function kubrick_header_display() {\r
-       return apply_filters('kubrick_header_display', get_settings('kubrick_header_display'));\r
-}\r
-\r
-function kubrick_header_display_string() {\r
-       $display = kubrick_header_display();\r
-       return $display ? $display : 'inline';\r
-}\r
-\r
-add_action('admin_menu', 'kubrick_add_theme_page');\r
-\r
-function kubrick_add_theme_page() {\r
-       if ( $_GET['page'] == basename(__FILE__) ) {\r
-               if ( 'save' == $_REQUEST['action'] ) {\r
-                       if ( isset($_REQUEST['njform']) ) {\r
-                               if ( isset($_REQUEST['defaults']) ) {\r
-                                       delete_option('kubrick_header_image');\r
-                                       delete_option('kubrick_header_color');\r
-                                       delete_option('kubrick_header_display');\r
-                               } else {\r
-                                       if ( '' == $_REQUEST['njfontcolor'] )\r
-                                               delete_option('kubrick_header_color');\r
-                                       else\r
-                                               update_option('kubrick_header_color', $_REQUEST['njfontcolor']);\r
-\r
-                                       if ( preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njuppercolor'], $uc) && preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njlowercolor'], $lc) ) {\r
-                                               $uc = ( strlen($uc[0]) == 3 ) ? $uc[0]{0}.$uc[0]{0}.$uc[0]{1}.$uc[0]{1}.$uc[0]{2}.$uc[0]{2} : $uc[0];\r
-                                               $lc = ( strlen($lc[0]) == 3 ) ? $lc[0]{0}.$lc[0]{0}.$lc[0]{1}.$lc[0]{1}.$lc[0]{2}.$lc[0]{2} : $lc[0];\r
-                                               update_option('kubrick_header_image', "header-img.php?upper=$uc&amp;lower=$lc");\r
-                                       }\r
-\r
-                                       if ( isset($_REQUEST['toggledisplay']) ) {\r
-                                               if ( false === get_settings('kubrick_header_display') )\r
-                                                       update_option('kubrick_header_display', 'none');\r
-                                               else\r
-                                                       delete_option('kubrick_header_display');\r
-                                       }\r
-                               }\r
-                       } else {\r
-\r
-                               if ( isset($_REQUEST['headerimage']) ) {\r
-                                       if ( '' == $_REQUEST['headerimage'] )\r
-                                               delete_option('kubrick_header_image');\r
-                                       else\r
-                                               update_option('kubrick_header_image', $_REQUEST['headerimage']);\r
-                               }\r
-\r
-                               if ( isset($_REQUEST['fontcolor']) ) {\r
-                                       if ( '' == $_REQUEST['fontcolor'] )\r
-                                               delete_option('kubrick_header_color');\r
-                                       else\r
-                                               update_option('kubrick_header_color', $_REQUEST['fontcolor']);\r
-                               }\r
-\r
-                               if ( isset($_REQUEST['fontdisplay']) ) {\r
-                                       if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] )\r
-                                               delete_option('kubrick_header_display');\r
-                                       else\r
-                                               update_option('kubrick_header_display', 'none');\r
-                               }\r
-                       }\r
-                       //print_r($_REQUEST);\r
-                       wp_redirect("themes.php?page=functions.php&saved=true");\r
-                       die;\r
-               }\r
-               add_action('admin_head', 'kubrick_theme_page_head');\r
-       }\r
-       add_theme_page('Customize Header', 'Header Image and Color', 'edit_themes', basename(__FILE__), 'kubrick_theme_page');\r
-}\r
-\r
-function kubrick_theme_page_head() {\r
-?>\r
-<script type="text/javascript" src="../wp-includes/js/colorpicker.js"></script>\r
-<script type='text/javascript'>\r
-// <![CDATA[\r
-       function pickColor(color) {\r
-               ColorPicker_targetInput.value = color;\r
-               kUpdate(ColorPicker_targetInput.id);\r
-       }\r
-       function PopupWindow_populate(contents) {\r
-               contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" value="Close Color Picker" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';\r
-               this.contents = contents;\r
-               this.populated = false;\r
-       }\r
-       function PopupWindow_hidePopup(magicword) {\r
-               if ( magicword != 'prettyplease' )\r
-                       return false;\r
-               if (this.divName != null) {\r
-                       if (this.use_gebi) {\r
-                               document.getElementById(this.divName).style.visibility = "hidden";\r
-                       }\r
-                       else if (this.use_css) {\r
-                               document.all[this.divName].style.visibility = "hidden";\r
-                       }\r
-                       else if (this.use_layers) {\r
-                               document.layers[this.divName].visibility = "hidden";\r
-                       }\r
-               }\r
-               else {\r
-                       if (this.popupWindow && !this.popupWindow.closed) {\r
-                               this.popupWindow.close();\r
-                               this.popupWindow = null;\r
-                       }\r
-               }\r
-               return false;\r
-       }\r
-       function colorSelect(t,p) {\r
-               if ( cp.p == p && document.getElementById(cp.divName).style.visibility != "hidden" )\r
-                       cp.hidePopup('prettyplease');\r
-               else {\r
-                       cp.p = p;\r
-                       cp.select(t,p);\r
-               }\r
-       }\r
-       function PopupWindow_setSize(width,height) {\r
-               this.width = 162;\r
-               this.height = 210;\r
-       }\r
-\r
-       var cp = new ColorPicker();\r
-       function advUpdate(val, obj) {\r
-               document.getElementById(obj).value = val;\r
-               kUpdate(obj);\r
-       }\r
-       function kUpdate(oid) {\r
-               if ( 'uppercolor' == oid || 'lowercolor' == oid ) {\r
-                       uc = document.getElementById('uppercolor').value.replace('#', '');\r
-                       lc = document.getElementById('lowercolor').value.replace('#', '');\r
-                       hi = document.getElementById('headerimage');\r
-                       hi.value = 'header-img.php?upper='+uc+'&lower='+lc;\r
-                       document.getElementById('header').style.background = 'url("<?php echo get_template_directory_uri(); ?>/images/'+hi.value+'") center no-repeat';\r
-                       document.getElementById('advuppercolor').value = '#'+uc;\r
-                       document.getElementById('advlowercolor').value = '#'+lc;\r
-               }\r
-               if ( 'fontcolor' == oid ) {\r
-                       document.getElementById('header').style.color = document.getElementById('fontcolor').value;\r
-                       document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value;\r
-               }\r
-               if ( 'fontdisplay' == oid ) {\r
-                       document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;\r
-               }\r
-       }\r
-       function toggleDisplay() {\r
-               td = document.getElementById('fontdisplay');\r
-               td.value = ( td.value == 'none' ) ? 'inline' : 'none';\r
-               kUpdate('fontdisplay');\r
-       }\r
-       function toggleAdvanced() {\r
-               a = document.getElementById('jsAdvanced');\r
-               if ( a.style.display == 'none' )\r
-                       a.style.display = 'block';\r
-               else\r
-                       a.style.display = 'none';\r
-       }\r
-       function kDefaults() {\r
-               document.getElementById('headerimage').value = '';\r
-               document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#69aee7';\r
-               document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#4180b6';\r
-               document.getElementById('header').style.background = 'url("<?php echo get_template_directory_uri(); ?>/images/kubrickheader.jpg") center no-repeat';\r
-               document.getElementById('header').style.color = '#FFFFFF';\r
-               document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '';\r
-               document.getElementById('fontdisplay').value = 'inline';\r
-               document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;\r
-       }\r
-       function kRevert() {\r
-               document.getElementById('headerimage').value = '<?php echo kubrick_header_image(); ?>';\r
-               document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo kubrick_upper_color(); ?>';\r
-               document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo kubrick_lower_color(); ?>';\r
-               document.getElementById('header').style.background = 'url("<?php echo kubrick_header_image_url(); ?>") center no-repeat';\r
-               document.getElementById('header').style.color = '';\r
-               document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo kubrick_header_color_string(); ?>';\r
-               document.getElementById('fontdisplay').value = '<?php echo kubrick_header_display_string(); ?>';\r
-               document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;\r
-       }\r
-       function kInit() {\r
-               document.getElementById('jsForm').style.display = 'block';\r
-               document.getElementById('nonJsForm').style.display = 'none';\r
-       }\r
-       addLoadEvent(kInit);\r
-// ]]>\r
-</script>\r
-<style type='text/css'>\r
-       #headwrap {\r
-               text-align: center;\r
-       }\r
-       #kubrick-header {\r
-               font-size: 80%;\r
-       }\r
-       #kubrick-header .hibrowser {\r
-               width: 780px;\r
-               height: 260px;\r
-               overflow: scroll;\r
-       }\r
-       #kubrick-header #hitarget {\r
-               display: none;\r
-       }\r
-       #kubrick-header #header h1 {\r
-               font-family: 'Trebuchet MS', 'Lucida Grande', Verdana, Arial, Sans-Serif;\r
-               font-weight: bold;\r
-               font-size: 4em;\r
-               text-align: center;\r
-               padding-top: 70px;\r
-               margin: 0;\r
-       }\r
-\r
-       #kubrick-header #header .description {\r
-               font-family: 'Lucida Grande', Verdana, Arial, Sans-Serif;\r
-               font-size: 1.2em;\r
-               text-align: center;\r
-       }\r
-       #kubrick-header #header {\r
-               text-decoration: none;\r
-               color: <?php echo kubrick_header_color_string(); ?>;\r
-               padding: 0;\r
-               margin: 0;\r
-               height: 200px;\r
-               text-align: center;\r
-               background: url('<?php echo kubrick_header_image_url(); ?>') center no-repeat;\r
-       }\r
-       #kubrick-header #headerimg {\r
-               margin: 0;\r
-               height: 200px;\r
-               width: 100%;\r
-               display: <?php echo kubrick_header_display_string(); ?>;\r
-       }\r
-       #jsForm {\r
-               display: none;\r
-               text-align: center;\r
-       }\r
-       #jsForm input.submit, #jsForm input.button, #jsAdvanced input.button {\r
-               padding: 0px;\r
-               margin: 0px;\r
-       }\r
-       #advanced {\r
-               text-align: center;\r
-               width: 620px;\r
-       }\r
-       html>body #advanced {\r
-               text-align: center;\r
-               position: relative;\r
-               left: 50%;\r
-               margin-left: -380px;\r
-       }\r
-       #jsAdvanced {\r
-               text-align: right;\r
-       }\r
-       #nonJsForm {\r
-               position: relative;\r
-               text-align: left;\r
-               margin-left: -370px;\r
-               left: 50%;\r
-       }\r
-       #nonJsForm label {\r
-               padding-top: 6px;\r
-               padding-right: 5px;\r
-               float: left;\r
-               width: 100px;\r
-               text-align: right;\r
-       }\r
-       .defbutton {\r
-               font-weight: bold;\r
-       }\r
-       .zerosize {\r
-               width: 0px;\r
-               height: 0px;\r
-               overflow: hidden;\r
-       }\r
-       #colorPickerDiv a, #colorPickerDiv a:hover {\r
-               padding: 1px;\r
-   &nbs