Wordpress 2.0.11 wordpress-2.0.11
authorEdward Z. Yang <ezyang@mit.edu>
Fri, 20 Nov 2009 21:54:34 +0000 (16:54 -0500)
committerEdward Z. Yang <ezyang@mit.edu>
Fri, 20 Nov 2009 21:54:34 +0000 (16:54 -0500)
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
89 files changed:
readme.html
wp-admin/admin-db.php
wp-admin/admin-footer.php
wp-admin/admin-functions.php
wp-admin/bookmarklet.php
wp-admin/categories.php
wp-admin/edit-comments.php
wp-admin/edit-form-advanced.php
wp-admin/edit-form-comment.php
wp-admin/edit-form.php
wp-admin/edit-link-form.php
wp-admin/edit-page-form.php
wp-admin/edit-pages.php
wp-admin/edit.php
wp-admin/import/blogger.php
wp-admin/import/dotclear.php
wp-admin/import/greymatter.php
wp-admin/import/livejournal.php
wp-admin/import/mt.php
wp-admin/import/rss.php
wp-admin/import/textpattern.php
wp-admin/index.php
wp-admin/inline-uploading.php
wp-admin/install.php
wp-admin/link-categories.php
wp-admin/link-import.php
wp-admin/link-manager.php
wp-admin/menu.php
wp-admin/moderation.php
wp-admin/options-discussion.php
wp-admin/options-general.php
wp-admin/options-misc.php
wp-admin/options-permalink.php
wp-admin/options.php
wp-admin/page-new.php
wp-admin/plugins.php
wp-admin/post.php
wp-admin/profile.php
wp-admin/templates.php
wp-admin/theme-editor.php
wp-admin/upgrade-schema.php
wp-admin/upgrade.php
wp-admin/user-edit.php
wp-admin/users.php
wp-admin/wp-admin.css
wp-comments-post.php
wp-content/plugins/akismet/akismet.gif [new file with mode: 0644]
wp-content/plugins/akismet/akismet.php
wp-content/plugins/wp-db-backup.php
wp-content/themes/classic/comments-popup.php
wp-content/themes/classic/sidebar.php
wp-content/themes/default/comments-popup.php
wp-content/themes/default/functions.php
wp-content/themes/default/searchform.php
wp-includes/cache.php
wp-includes/class-snoopy.php
wp-includes/classes.php
wp-includes/comment-functions.php
wp-includes/default-filters.php
wp-includes/feed-functions.php
wp-includes/functions-formatting.php
wp-includes/functions-post.php
wp-includes/functions.php
wp-includes/gettext.php
wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js [deleted file]
wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin_src.js [deleted file]
wp-includes/js/tinymce/plugins/inlinepopups/readme.txt [deleted file]
wp-includes/js/tinymce/tiny_mce_gzip.php
wp-includes/js/tinymce/wp-mce-help.php
wp-includes/kses.php
wp-includes/links.php
wp-includes/pluggable-functions.php
wp-includes/registration-functions.php
wp-includes/rss-functions.php
wp-includes/template-functions-author.php
wp-includes/template-functions-category.php
wp-includes/template-functions-general.php
wp-includes/template-functions-links.php
wp-includes/template-functions-post.php
wp-includes/version.php
wp-includes/wp-db.php
wp-links-opml.php
wp-login.php
wp-mail.php
wp-register.php
wp-rss2.php
wp-settings.php
wp-trackback.php
xmlrpc.php

index 2a630165aa30955ea94d99f019d85ca11a20fdb4..ae746367d6a73f0f1400a7b4055eee6e791b13cc 100644 (file)
@@ -80,7 +80,7 @@
        <dt><a href="http://wordpress.org/support/">WordPress Support Forums</a></dt>
        <dd>If you've looked everywhere and still can't find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible. </dd>
        <dt><a href="http://codex.wordpress.org/IRC">WordPress IRC Channel</a></dt>
        <dt><a href="http://wordpress.org/support/">WordPress Support Forums</a></dt>
        <dd>If you've looked everywhere and still can't find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible. </dd>
        <dt><a href="http://codex.wordpress.org/IRC">WordPress IRC Channel</a></dt>
-       <dd>Finally, there is an online chat channel that is used for discussion amoung people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpresss) </dd>
+       <dd>Finally, there is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpress) </dd>
 </dl>
 
 <h1 id="requirements">System Recommendations</h1>
 </dl>
 
 <h1 id="requirements">System Recommendations</h1>
index d81b6b845a36e5e3a0bf7aa872f6ccac58737ad1..d909ee67cb630aaf07f64f278c1d2721a4dc7c3d 100644 (file)
@@ -34,7 +34,7 @@ function get_editable_authors( $user_id ) {
                return false;
        } else {
                $editable = join(',', $editable);
                return false;
        } else {
                $editable = join(',', $editable);
-               $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable)" );
+               $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable) ORDER BY display_name" );
        }
 
        return apply_filters('get_editable_authors', $authors);
        }
 
        return apply_filters('get_editable_authors', $authors);
@@ -110,7 +110,7 @@ function wp_insert_category($catarr) {
 
        if (!$update) {
                $wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, category_description, category_parent) VALUES ('0', '$cat_name', '$category_nicename', '$category_description', '$category_parent')");
 
        if (!$update) {
                $wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, category_description, category_parent) VALUES ('0', '$cat_name', '$category_nicename', '$category_description', '$category_parent')");
-               $cat_ID = $wpdb->insert_id;
+               $cat_ID = (int) $wpdb->insert_id;
        } else {
                $wpdb->query ("UPDATE $wpdb->categories SET cat_name = '$cat_name', category_nicename = '$category_nicename', category_description = '$category_description', category_parent = '$category_parent' WHERE cat_ID = '$cat_ID'");
        }
        } else {
                $wpdb->query ("UPDATE $wpdb->categories SET cat_name = '$cat_name', category_nicename = '$category_nicename', category_description = '$category_description', category_parent = '$category_parent' WHERE cat_ID = '$cat_ID'");
        }
@@ -207,7 +207,7 @@ function category_exists($cat_name) {
        if (!$category_nicename = sanitize_title($cat_name))
                return 0;
 
        if (!$category_nicename = sanitize_title($cat_name))
                return 0;
 
-       return $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'");
+       return (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'");
 }
 
 function wp_delete_user($id, $reassign = 'novalue') {
 }
 
 function wp_delete_user($id, $reassign = 'novalue') {
@@ -266,23 +266,57 @@ function wp_insert_link($linkdata) {
        extract($linkdata);
 
        $update = false;
        extract($linkdata);
 
        $update = false;
+
        if ( !empty($link_id) )
                $update = true;
 
        if ( !empty($link_id) )
                $update = true;
 
+       $link_id = (int) $link_id;
+
+       if( trim( $link_name ) == '' )
+               return 0;
+       $link_name = apply_filters('pre_link_name', $link_name);
+
+       if( trim( $link_url ) == '' )
+               return 0;
+       $link_url = apply_filters('pre_link_url', $link_url);
+
        if ( empty($link_rating) )
                $link_rating = 0;       
        if ( empty($link_rating) )
                $link_rating = 0;       
+       else
+               $link_rating = (int) $link_rating;
+
+       if ( empty($link_image) )
+               $link_image = '';
+       $link_image = apply_filters('pre_link_image', $link_image);
 
        if ( empty($link_target) )
                $link_target = '';      
 
        if ( empty($link_target) )
                $link_target = '';      
+       $link_target = apply_filters('pre_link_target', $link_target);
 
        if ( empty($link_visible) )
                $link_visible = 'Y';
 
        if ( empty($link_visible) )
                $link_visible = 'Y';
-               
+       $link_visibile = preg_replace('/[^YNyn]/', '', $link_visible);
+
        if ( empty($link_owner) )
                $link_owner = $current_user->id;
        if ( empty($link_owner) )
                $link_owner = $current_user->id;
+       else
+               $link_owner = (int) $link_owner;
 
        if ( empty($link_notes) )
                $link_notes = '';
 
        if ( empty($link_notes) )
                $link_notes = '';
+       $link_notes = apply_filters('pre_link_notes', $link_notes);
+
+       if ( empty($link_description) )
+               $link_description = '';
+       $link_description = apply_filters('pre_link_description', $link_description);
+
+       if ( empty($link_rss) )
+               $link_rss = '';
+       $link_rss = apply_filters('pre_link_rss', $link_rss);
+
+       if ( empty($link_rel) )
+               $link_rel = '';
+       $link_rel = apply_filters('pre_link_rel', $link_rel);
 
        if ( $update ) {
                $wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
 
        if ( $update ) {
                $wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
@@ -294,7 +328,7 @@ function wp_insert_link($linkdata) {
                        WHERE link_id='$link_id'");
        } else {
                $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_category, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_category', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')");
                        WHERE link_id='$link_id'");
        } else {
                $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_category, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_category', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')");
-               $link_id = $wpdb->insert_id;
+               $link_id = (int) $wpdb->insert_id;
        }
        
        if ( $update )
        }
        
        if ( $update )
index e660be287f81940c91077131415a34e2eac4f5d7..88e69ae4838e4ca68ab50bd56ec08404dc59e5ed 100644 (file)
@@ -2,7 +2,7 @@
 <div id="footer"><p><a href="http://wordpress.org/" id="wordpress-logo"><img src="images/wordpress-logo.png" alt="WordPress" /></a></p>
 <p>
 <a href="http://codex.wordpress.org/"><?php _e('Documentation'); ?></a> &#8212; <a href="http://wordpress.org/support/"><?php _e('Support Forums'); ?></a> <br />
 <div id="footer"><p><a href="http://wordpress.org/" id="wordpress-logo"><img src="images/wordpress-logo.png" alt="WordPress" /></a></p>
 <p>
 <a href="http://codex.wordpress.org/"><?php _e('Documentation'); ?></a> &#8212; <a href="http://wordpress.org/support/"><?php _e('Support Forums'); ?></a> <br />
-<?php bloginfo('version'); ?> &#8212; <?php printf(__('%s seconds'), number_format(timer_stop(), 2)); ?>
+<?php bloginfo('version'); ?> &#8212; <?php printf(__('%s seconds'), timer_stop(0, 2)); ?>
 </p>
 
 </div>
 </p>
 
 </div>
index 6b9be7541bd285ffde44e2c27ca76f576a522518..641ed1e2274ff48ed0a614b6f697031eed61b1ee 100644 (file)
@@ -265,6 +265,8 @@ function get_post_to_edit($id) {
        $post->post_title = format_to_edit($post->post_title);
        $post->post_title = apply_filters('title_edit_pre', $post->post_title);
 
        $post->post_title = format_to_edit($post->post_title);
        $post->post_title = apply_filters('title_edit_pre', $post->post_title);
 
+    $post->post_password = format_to_edit($post->post_password); 
+
        if ($post->post_status == 'static')
                $post->page_template = get_post_meta($id, '_wp_page_template', true);
 
        if ($post->post_status == 'static')
                $post->page_template = get_post_meta($id, '_wp_page_template', true);
 
@@ -287,7 +289,7 @@ function get_default_post_to_edit() {
        else if ( !empty($post_title) ) {
                $text       = wp_specialchars(stripslashes(urldecode($_REQUEST['text'])));
                $text       = funky_javascript_fix($text);
        else if ( !empty($post_title) ) {
                $text       = wp_specialchars(stripslashes(urldecode($_REQUEST['text'])));
                $text       = funky_javascript_fix($text);
-               $popupurl   = wp_specialchars($_REQUEST['popupurl']);
+               $popupurl   = clean_url(stripslashes($_REQUEST['popupurl']));
         $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
     }
 
         $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
     }
 
@@ -317,11 +319,15 @@ function get_comment_to_edit($id) {
 
        $comment = get_comment($id);
 
 
        $comment = get_comment($id);
 
-       $comment->comment_content = format_to_edit($comment->comment_content, $richedit);
+       $comment->comment_ID = (int) $comment->comment_ID;
+       $comment->comment_post_ID = (int) $comment->comment_post_ID;
+
+       $comment->comment_content = format_to_edit($comment->comment_content);
        $comment->comment_content = apply_filters('comment_edit_pre', $comment->comment_content);
 
        $comment->comment_author = format_to_edit($comment->comment_author);
        $comment->comment_author_email = format_to_edit($comment->comment_author_email);
        $comment->comment_content = apply_filters('comment_edit_pre', $comment->comment_content);
 
        $comment->comment_author = format_to_edit($comment->comment_author);
        $comment->comment_author_email = format_to_edit($comment->comment_author_email);
+       $comment->comment_author_url = clean_url($comment->comment_author_url);
        $comment->comment_author_url = format_to_edit($comment->comment_author_url);
 
        return $comment;
        $comment->comment_author_url = format_to_edit($comment->comment_author_url);
 
        return $comment;
@@ -333,6 +339,23 @@ function get_category_to_edit($id) {
        return $category;
 }
 
        return $category;
 }
 
+function get_user_to_edit($user_id) {
+       $user = new WP_User($user_id);
+       $user->user_login   = attribute_escape($user->user_login);
+       $user->user_email   = attribute_escape($user->user_email);
+       $user->user_url     = clean_url($user->user_url);
+       $user->first_name   = attribute_escape($user->first_name);
+       $user->last_name    = attribute_escape($user->last_name);
+       $user->display_name = attribute_escape($user->display_name);
+       $user->nickname     = attribute_escape($user->nickname);
+       $user->aim          = attribute_escape($user->aim);
+       $user->yim          = attribute_escape($user->yim);
+       $user->jabber       = attribute_escape($user->jabber);
+       $user->description  =  wp_specialchars($user->description);
+
+       return $user;
+}
+
 // Creates a new user from the "Users" form using $_POST information.
 
 function add_user() {
 // Creates a new user from the "Users" form using $_POST information.
 
 function add_user() {
@@ -344,7 +367,7 @@ function edit_user($user_id = 0) {
 
        if ($user_id != 0) {
                $update = true;
 
        if ($user_id != 0) {
                $update = true;
-               $user->ID = $user_id;
+               $user->ID = (int) $user_id;
                $userdata = get_userdata($user_id);
                $user->user_login = $wpdb->escape($userdata->user_login);
        } else {
                $userdata = get_userdata($user_id);
                $user->user_login = $wpdb->escape($userdata->user_login);
        } else {
@@ -369,7 +392,7 @@ function edit_user($user_id = 0) {
        if (isset ($_POST['email']))
                $user->user_email = wp_specialchars(trim($_POST['email']));
        if (isset ($_POST['url'])) {
        if (isset ($_POST['email']))
                $user->user_email = wp_specialchars(trim($_POST['email']));
        if (isset ($_POST['url'])) {
-               $user->user_url = wp_specialchars(trim($_POST['url']));
+               $user->user_url = clean_url(trim($_POST['url']));
                $user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
        }
        if (isset ($_POST['first_name']))
                $user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
        }
        if (isset ($_POST['first_name']))
@@ -381,7 +404,7 @@ function edit_user($user_id = 0) {
        if (isset ($_POST['display_name']))
                $user->display_name = wp_specialchars(trim($_POST['display_name']));
        if (isset ($_POST['description']))
        if (isset ($_POST['display_name']))
                $user->display_name = wp_specialchars(trim($_POST['display_name']));
        if (isset ($_POST['description']))
-               $user->description = wp_specialchars(trim($_POST['description']));
+               $user->description = trim($_POST['description']);
        if (isset ($_POST['jabber']))
                $user->jabber = wp_specialchars(trim($_POST['jabber']));
        if (isset ($_POST['aim']))
        if (isset ($_POST['jabber']))
                $user->jabber = wp_specialchars(trim($_POST['jabber']));
        if (isset ($_POST['aim']))
@@ -447,24 +470,27 @@ function edit_user($user_id = 0) {
 
 function get_link_to_edit($link_id) {
        $link = get_link($link_id);
 
 function get_link_to_edit($link_id) {
        $link = get_link($link_id);
-       
-       $link->link_url = wp_specialchars($link->link_url, 1);
-       $link->link_name = wp_specialchars($link->link_name, 1);
-       $link->link_description = wp_specialchars($link->link_description);
-       $link->link_notes = wp_specialchars($link->link_notes);
-       $link->link_rss = wp_specialchars($link->link_rss);
-       
+
+       $link->link_url         =        clean_url($link->link_url);
+       $link->link_name        = attribute_escape($link->link_name);
+       $link->link_image       = attribute_escape($link->link_image);
+       $link->link_description = attribute_escape($link->link_description);
+       $link->link_rss         =        clean_url($link->link_rss);
+       $link->link_rel         = attribute_escape($link->link_rel);
+       $link->link_notes       =  wp_specialchars($link->link_notes);
+       $link->post_category    = $link->link_category;
+
        return $link;
 }
 
 function get_default_link_to_edit() {
        if ( isset($_GET['linkurl']) )
        return $link;
 }
 
 function get_default_link_to_edit() {
        if ( isset($_GET['linkurl']) )
-               $link->link_url = wp_specialchars($_GET['linkurl'], 1);
+               $link->link_url = clean_url($_GET['linkurl']);
        else
                $link->link_url = '';
        
        if ( isset($_GET['name']) )
        else
                $link->link_url = '';
        
        if ( isset($_GET['name']) )
-               $link->link_name = wp_specialchars($_GET['name'], 1);
+               $link->link_name = attribute_escape($_GET['name']);
        else
                $link->link_name = '';
                
        else
                $link->link_name = '';
                
@@ -480,10 +506,10 @@ function edit_link($link_id = '') {
                die(__("Cheatin' uh ?"));
 
        $_POST['link_url'] = wp_specialchars($_POST['link_url']);
                die(__("Cheatin' uh ?"));
 
        $_POST['link_url'] = wp_specialchars($_POST['link_url']);
-       $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
+       $_POST['link_url'] = clean_url($_POST['link_url']);
        $_POST['link_name'] = wp_specialchars($_POST['link_name']);
        $_POST['link_image'] = wp_specialchars($_POST['link_image']);
        $_POST['link_name'] = wp_specialchars($_POST['link_name']);
        $_POST['link_image'] = wp_specialchars($_POST['link_image']);
-       $_POST['link_rss'] = wp_specialchars($_POST['link_rss']);
+       $_POST['link_rss'] = clean_url($_POST['link_rss']);
        $auto_toggle = get_autotoggle($_POST['link_category']);
        
        // if we are in an auto toggle category and this one is visible then we
        $auto_toggle = get_autotoggle($_POST['link_category']);
        
        // if we are in an auto toggle category and this one is visible then we
@@ -826,12 +852,27 @@ function list_meta($meta) {
                        $style = '';
                if ('_' == $entry['meta_key'] { 0 })
                        $style .= ' hidden';
                        $style = '';
                if ('_' == $entry['meta_key'] { 0 })
                        $style .= ' hidden';
+
+               if ( is_serialized($entry['meta_value']) ) {
+                       if ( is_serialized_string($entry['meta_value']) ) {
+                               // this is a serialized string, so we should display it
+                               $entry['meta_value'] = maybe_unserialize($entry['meta_value']);
+                       } else {
+                               // this is a serialized array/object so we should NOT display it
+                               --$count;
+                               continue;
+                       }
+               }
+
+               $entry['meta_key'] = attribute_escape( $entry['meta_key']);
+               $entry['meta_value'] = attribute_escape( $entry['meta_value']);
+               $entry['meta_id'] = (int) $entry['meta_id'];
                echo "
                        <tr class='$style'>
                                <td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>
                                <td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>
                echo "
                        <tr class='$style'>
                                <td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>
                                <td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>
-                               <td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".__('Update')."' /><br />
-                               <input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='".__('Delete')."' /></td>
+                               <td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".attribute_escape(__('Update'))."' /><br />
+                               <input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='".attribute_escape(__('Delete'))."' /></td>
                        </tr>
                ";
        }
                        </tr>
                ";
        }
@@ -876,6 +917,7 @@ function meta_form() {
 <?php
 
        foreach ($keys as $key) {
 <?php
 
        foreach ($keys as $key) {
+               $key = attribute_escape($key);
                echo "\n\t<option value='$key'>$key</option>";
        }
 ?>
                echo "\n\t<option value='$key'>$key</option>";
        }
 ?>
@@ -894,10 +936,14 @@ function meta_form() {
 
 function add_meta($post_ID) {
        global $wpdb;
 
 function add_meta($post_ID) {
        global $wpdb;
+       $post_ID = (int) $post_ID;
+
+       $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
 
        $metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
        $metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
 
        $metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
        $metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
-       $metavalue = $wpdb->escape(stripslashes(trim($_POST['metavalue'])));
+       $metavalue = maybe_serialize(stripslashes((trim($_POST['metavalue']))));
+       $metavalue = $wpdb->escape($metavalue);
 
        if ( ('0' === $metavalue || !empty ($metavalue)) && ((('#NONE#' != $metakeyselect) && !empty ($metakeyselect)) || !empty ($metakeyinput)) ) {
                // We have a key/value pair. If both the select and the 
 
        if ( ('0' === $metavalue || !empty ($metavalue)) && ((('#NONE#' != $metakeyselect) && !empty ($metakeyselect)) || !empty ($metakeyinput)) ) {
                // We have a key/value pair. If both the select and the 
@@ -909,6 +955,9 @@ function add_meta($post_ID) {
                if ($metakeyinput)
                        $metakey = $metakeyinput; // default
 
                if ($metakeyinput)
                        $metakey = $metakeyinput; // default
 
+               if ( in_array($metakey, $protected) )
+                       return false;
+
                $result = $wpdb->query("
                                                INSERT INTO $wpdb->postmeta 
                                                (post_id,meta_key,meta_value) 
                $result = $wpdb->query("
                                                INSERT INTO $wpdb->postmeta 
                                                (post_id,meta_key,meta_value) 
@@ -919,6 +968,7 @@ function add_meta($post_ID) {
 
 function delete_meta($mid) {
        global $wpdb;
 
 function delete_meta($mid) {
        global $wpdb;
+       $mid = (int) $mid;
 
        $result = $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'");
 }
 
        $result = $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'");
 }
@@ -926,6 +976,14 @@ function delete_meta($mid) {
 function update_meta($mid, $mkey, $mvalue) {
        global $wpdb;
 
 function update_meta($mid, $mkey, $mvalue) {
        global $wpdb;
 
+       $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
+
+       if ( in_array($mkey, $protected) )
+               return false;
+
+       $mvalue = maybe_serialize(stripslashes($mvalue));
+       $mvalue = $wpdb->escape($mvalue);
+       $mid = (int) $mid;
        return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'");
 }
 
        return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'");
 }
 
@@ -1081,15 +1139,13 @@ function save_mod_rewrite_rules() {
 }
 
 function the_quicktags() {
 }
 
 function the_quicktags() {
-       // Browser detection sucks, but until Safari supports the JS needed for this to work people just assume it's a bug in WP
-       if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Safari'))
                echo '
                <div id="quicktags">
                        <script src="../wp-includes/js/quicktags.js" type="text/javascript"></script>
                        <script type="text/javascript">if ( typeof tinyMCE == "undefined" || tinyMCE.configs.length < 1 ) edToolbar();</script>
                </div>
 ';
                echo '
                <div id="quicktags">
                        <script src="../wp-includes/js/quicktags.js" type="text/javascript"></script>
                        <script type="text/javascript">if ( typeof tinyMCE == "undefined" || tinyMCE.configs.length < 1 ) edToolbar();</script>
                </div>
 ';
-       else echo '
+       echo '
 <script type="text/javascript">
 function edInsertContent(myField, myValue) {
        //IE support
 <script type="text/javascript">
 function edInsertContent(myField, myValue) {
        //IE support
@@ -1547,25 +1603,23 @@ function get_plugins() {
                }
        }
 
                }
        }
 
-       if (!$plugins_dir || !$plugin_files) {
+       if ( !$plugins_dir || !$plugin_files )
                return $wp_plugins;
                return $wp_plugins;
-       }
 
 
-       sort($plugin_files);
-
-       foreach ($plugin_files as $plugin_file) {
+       foreach ( $plugin_files as $plugin_file ) {
                if ( !is_readable("$plugin_root/$plugin_file"))
                        continue;
 
                $plugin_data = get_plugin_data("$plugin_root/$plugin_file");
 
                if ( !is_readable("$plugin_root/$plugin_file"))
                        continue;
 
                $plugin_data = get_plugin_data("$plugin_root/$plugin_file");
 
-               if (empty ($plugin_data['Name'])) {
+               if ( empty ($plugin_data['Name']) )
                        continue;
                        continue;
-               }
 
                $wp_plugins[plugin_basename($plugin_file)] = $plugin_data;
        }
 
 
                $wp_plugins[plugin_basename($plugin_file)] = $plugin_data;
        }
 
+       uasort($wp_plugins, create_function('$a, $b', 'return strnatcasecmp($a["Name"], $b["Name"]);'));
+
        return $wp_plugins;
 }
 
        return $wp_plugins;
 }
 
@@ -1774,7 +1828,8 @@ o.action.value = 'view';
 o.submit();
 }
 </script>
 o.submit();
 }
 </script>
-<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo $action ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo attribute_escape($action) ?>">
+<?php wp_nonce_field('import-upload'); ?>
 <label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" />
 <input type="hidden" name="action" value="save" />
 <div id="buttons">
 <label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" />
 <input type="hidden" name="action" value="save" />
 <div id="buttons">
index 195e35ccf1e69860b34b7aeec0467d95880ca2d1..2fa3c842b7c62fe864b55077b1f12f49cb09a450 100644 (file)
@@ -37,7 +37,7 @@ else
        
   
 $content  = wp_specialchars($_REQUEST['content']);
        
   
 $content  = wp_specialchars($_REQUEST['content']);
-$popupurl = wp_specialchars($_REQUEST['popupurl']);
+$popupurl = clean_url(stripslashes($_REQUEST['popupurl']));
     if ( !empty($content) ) {
         $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
     } else {
     if ( !empty($content) ) {
         $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
     } else {
index 30d37c8b4b58dd0bc2ce821297b787ceb80a270f..d26a847bbbc38b8ab61dd5107fe5354cb4af7653 100644 (file)
@@ -33,6 +33,7 @@ case 'addcat':
        wp_insert_category($_POST);
 
        wp_redirect('categories.php?message=1#addcat');
        wp_insert_category($_POST);
 
        wp_redirect('categories.php?message=1#addcat');
+       exit;
 break;
 
 case 'delete':
 break;
 
 case 'delete':
@@ -51,7 +52,7 @@ case 'delete':
        wp_delete_category($cat_ID);
 
        wp_redirect('categories.php?message=2');
        wp_delete_category($cat_ID);
 
        wp_redirect('categories.php?message=2');
-
+       exit;
 break;
 
 case 'edit':
 break;
 
 case 'edit':
@@ -68,12 +69,12 @@ case 'edit':
          <table class="editform" width="100%" cellspacing="2" cellpadding="5">
                <tr>
                  <th width="33%" scope="row"><?php _e('Category name:') ?></th>
          <table class="editform" width="100%" cellspacing="2" cellpadding="5">
                <tr>
                  <th width="33%" scope="row"><?php _e('Category name:') ?></th>
-                 <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
+                 <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
 <input type="hidden" name="cat_ID" value="<?php echo $category->cat_ID ?>" /></td>
                </tr>
                <tr>
                        <th scope="row"><?php _e('Category slug:') ?></th>
 <input type="hidden" name="cat_ID" value="<?php echo $category->cat_ID ?>" /></td>
                </tr>
                <tr>
                        <th scope="row"><?php _e('Category slug:') ?></th>
-                       <td><input name="category_nicename" type="text" value="<?php echo wp_specialchars($category->category_nicename); ?>" size="40" /></td>
+                       <td><input name="category_nicename" type="text" value="<?php echo attribute_escape($category->category_nicename); ?>" size="40" /></td>
                </tr>
                <tr>
                        <th scope="row"><?php _e('Category parent:') ?></th>
                </tr>
                <tr>
                        <th scope="row"><?php _e('Category parent:') ?></th>
@@ -85,7 +86,7 @@ case 'edit':
                </tr>
                <tr>
                        <th scope="row"><?php _e('Description:') ?></th>
                </tr>
                <tr>
                        <th scope="row"><?php _e('Description:') ?></th>
-                       <td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description, 1); ?></textarea></td>
+                       <td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description); ?></textarea></td>
                </tr>
                </table>
          <p class="submit"><input type="submit" name="submit" value="<?php _e('Edit category') ?> &raquo;" /></p>
                </tr>
                </table>
          <p class="submit"><input type="submit" name="submit" value="<?php _e('Edit category') ?> &raquo;" /></p>
@@ -106,6 +107,7 @@ case 'editedcat':
        wp_update_category($_POST);
 
        wp_redirect('categories.php?message=3');
        wp_update_category($_POST);
 
        wp_redirect('categories.php?message=3');
+       exit;
 break;
 
 default:
 break;
 
 default:
index 88e672a7185714c09e8b1c8cbdabef9c19f9b876..ab0f0a8e46e538f8183d6304d987de7380f13718 100644 (file)
@@ -7,7 +7,7 @@ $list_js = true;
 
 require_once('admin-header.php');
 if (empty($_GET['mode'])) $mode = 'view';
 
 require_once('admin-header.php');
 if (empty($_GET['mode'])) $mode = 'view';
-else $mode = wp_specialchars($_GET['mode'], 1);
+else $mode = attribute_escape($_GET['mode']);
 ?>
 
 <script type="text/javascript">
 ?>
 
 <script type="text/javascript">
@@ -30,7 +30,7 @@ function checkAll(form)
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Show Comments That Contain...') ?></legend> 
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Show Comments That Contain...') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  />  
   <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
   <?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  />  
   <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
   <?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
@@ -44,7 +44,7 @@ if ( !empty( $_POST['delete_comments'] ) ) :
        $i = 0;
        foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
                $comment = (int) $comment;
        $i = 0;
        foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
                $comment = (int) $comment;
-               $post_id = $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
+               $post_id = (int) $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
                $authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
                if ( current_user_can('edit_post', $post_id) ) :
                        wp_set_comment_status($comment, "delete");
                $authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
                if ( current_user_can('edit_post', $post_id) ) :
                        wp_set_comment_status($comment, "delete");
index 7ac1eecda8278d888f72e83d97cb5c0f19881c8f..e7490fe25c1b385da5000a24b2152fc14917be9a 100644 (file)
@@ -1,10 +1,12 @@
 <?php
 <?php
+if ( isset($_GET['message']) )
+       $_GET['message'] = (int) $_GET['message'];
 $messages[1] = __('Post updated');
 $messages[2] = __('Custom field updated');
 $messages[3] = __('Custom field deleted.');
 ?>
 <?php if (isset($_GET['message'])) : ?>
 $messages[1] = __('Post updated');
 $messages[2] = __('Custom field updated');
 $messages[3] = __('Custom field deleted.');
 ?>
 <?php if (isset($_GET['message'])) : ?>
-<div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>
+<div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div>
 <?php endif; ?>
 
 <form name="post" action="post.php" method="post" id="post">
 <?php endif; ?>
 
 <form name="post" action="post.php" method="post" id="post">
@@ -24,35 +26,36 @@ if (0 == $post_ID) {
        $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
        wp_nonce_field('add-post');
 } else {
        $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
        wp_nonce_field('add-post');
 } else {
+       $post_ID = (int) $post_ID;
        $form_action = 'editpost';
        $form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
        wp_nonce_field('update-post_' .  $post_ID);
 }
 
        $form_action = 'editpost';
        $form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
        wp_nonce_field('update-post_' .  $post_ID);
 }
 
-$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
+$form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />'; 
 
 
-$form_prevstatus = '<input type="hidden" name="prev_status" value="' . $post->post_status . '" />';
+$form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />'; 
 
 
-$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $post->to_ping) .'" />';
+$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';
 
 if ('' != $post->pinged) {
        $pings = '<p>'. __('Already pinged:') . '</p><ul>';
        $already_pinged = explode("\n", trim($post->pinged));
        foreach ($already_pinged as $pinged_url) {
 
 if ('' != $post->pinged) {
        $pings = '<p>'. __('Already pinged:') . '</p><ul>';
        $already_pinged = explode("\n", trim($post->pinged));
        foreach ($already_pinged as $pinged_url) {
-               $pings .= "\n\t<li>$pinged_url</li>";
+               $pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
        }
        $pings .= '</ul>';
 }
 
        }
        $pings .= '</ul>';
 }
 
-$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . __('Save and Continue Editing') . '" />';
+$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape(__('Save and Continue Editing')) . '" />';
 
 if (empty($post->post_status)) $post->post_status = 'draft';
 
 ?>
 
 
 if (empty($post->post_status)) $post->post_status = 'draft';
 
 ?>
 
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value="<?php echo $form_action ?>" />
 <input type="hidden" name="action" value="<?php echo $form_action ?>" />
-<input type="hidden" name="post_author" value="<?php echo $post->post_author ?>" />
+<input type="hidden" name="post_author" value="<?php echo attribute_escape($post->post_author) ?>" />
 
 <?php echo $form_extra ?>
 <?php if (isset($_GET['message']) && 2 > $_GET['message']) : ?>
 
 <?php echo $form_extra ?>
 <?php if (isset($_GET['message']) && 2 > $_GET['message']) : ?>
@@ -82,12 +85,12 @@ addLoadEvent(focusit);
 
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3> 
 
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3> 
-<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password) ?>" /></div>
 </fieldset>
 
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post slug') ?></h3> 
 </fieldset>
 
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post slug') ?></h3> 
-<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name) ?>" /></div>
 </fieldset>
 
 <fieldset id="categorydiv" class="dbx-box">
 </fieldset>
 
 <fieldset id="categorydiv" class="dbx-box">
@@ -97,7 +100,7 @@ addLoadEvent(focusit);
 <div id="categorychecklist"><?php dropdown_categories(get_settings('default_category')); ?></div></div>
 </fieldset>
 
 <div id="categorychecklist"><?php dropdown_categories(get_settings('default_category')); ?></div></div>
 </fieldset>
 
-<fieldset class="dbx-box">
+<fieldset id="poststatusdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Status') ?></h3> 
 <div class="dbx-content"><?php if ( current_user_can('publish_posts') ) : ?>
 <label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post->post_status, 'publish'); ?> /> <?php _e('Published') ?></label>
 <h3 class="dbx-handle"><?php _e('Post Status') ?></h3> 
 <div class="dbx-content"><?php if ( current_user_can('publish_posts') ) : ?>
 <label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post->post_status, 'publish'); ?> /> <?php _e('Published') ?></label>
@@ -107,7 +110,7 @@ addLoadEvent(focusit);
 </fieldset>
 
 <?php if ( current_user_can('edit_posts') ) : ?>
 </fieldset>
 
 <?php if ( current_user_can('edit_posts') ) : ?>
-<fieldset class="dbx-box">
+<fieldset id="posttimestampdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3>
 <div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div>
 </fieldset>
 <h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3>
 <div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div>
 </fieldset>
@@ -123,7 +126,7 @@ foreach ($authors as $o) :
 $o = get_userdata( $o->ID );
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
 $o = get_userdata( $o->ID );
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
-echo "<option value='$o->ID' $selected>$o->display_name</option>";
+echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars($o->display_name) . "</option>";
 endforeach;
 ?>
 </select>
 endforeach;
 ?>
 </select>
@@ -138,7 +141,7 @@ endforeach;
 
 <fieldset id="titlediv">
   <legend><?php _e('Title') ?></legend> 
 
 <fieldset id="titlediv">
   <legend><?php _e('Title') ?></legend> 
-  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
 </fieldset>
 
 <fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
 </fieldset>
 
 <fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
@@ -210,44 +213,44 @@ if ('publish' != $post->post_status || 0 == $post_ID) {
 ?>
 <input name="referredby" type="hidden" id="referredby" value="<?php 
 if ( !empty($_REQUEST['popupurl']) )
 ?>
 <input name="referredby" type="hidden" id="referredby" value="<?php 
 if ( !empty($_REQUEST['popupurl']) )
-       echo wp_specialchars($_REQUEST['popupurl']);
-else if ( url_to_postid(wp_get_referer()) == $post_ID )
+       echo attribute_escape(stripslashes($_REQUEST['popupurl']));
+else if ( url_to_postid(stripslashes(wp_get_referer())) == $post_ID )
        echo 'redo';
 else
        echo 'redo';
 else
-       echo wp_specialchars(wp_get_referer());
+       echo attribute_escape(stripslashes(wp_get_referer()));
 ?>" /></p>
 
 <?php do_action('edit_form_advanced'); ?>
 
 <?php
 if (current_user_can('upload_files')) {
 ?>" /></p>
 
 <?php do_action('edit_form_advanced'); ?>
 
 <?php
 if (current_user_can('upload_files')) {
-       $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
+       $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID);
        $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
        $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
        if ( false != $uploading_iframe_src )
        $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
        $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
        if ( false != $uploading_iframe_src )
-               echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+               echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
 }
 ?>
 
 <div id="advancedstuff" class="dbx-group" >
 
 }
 ?>
 
 <div id="advancedstuff" class="dbx-group" >
 
-<div class="dbx-box-wrapper">
+<div class="dbx-b-ox-wrapper">
 <fieldset id="postexcerpt" class="dbx-box">
 <fieldset id="postexcerpt" class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Optional Excerpt') ?></h3>
 </div>
 <h3 class="dbx-handle"><?php _e('Optional Excerpt') ?></h3>
 </div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
 <div class="dbx-content"><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea></div>
 </div>
 </fieldset>
 </div>
 
 <div class="dbx-content"><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea></div>
 </div>
 </fieldset>
 </div>
 
-<div class="dbx-box-wrapper">
-<fieldset class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-b-ox-wrapper">
+<fieldset id="trackbacksdiv" class="dbx-box">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3>
 </div>
 <h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3>
 </div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
 <div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>)
 <?php 
 if ( ! empty($pings) )
 <div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>)
 <?php 
 if ( ! empty($pings) )
@@ -258,12 +261,12 @@ if ( ! empty($pings) )
 </fieldset>
 </div>
 
 </fieldset>
 </div>
 
-<div class="dbx-box-wrapper">
+<div class="dbx-b-ox-wrapper">
 <fieldset id="postcustom" class="dbx-box">
 <fieldset id="postcustom" class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
 </div>
 <h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
 </div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
 <div id="postcustomstuff" class="dbx-content">
 <?php 
 if($metadata = has_meta($post_ID)) {
 <div id="postcustomstuff" class="dbx-content">
 <?php 
 if($metadata = has_meta($post_ID)) {
@@ -276,6 +279,7 @@ if($metadata = has_meta($post_ID)) {
        meta_form();
 ?>
 </div>
        meta_form();
 ?>
 </div>
+</div>
 </fieldset>
 </div>
 
 </fieldset>
 </div>
 
index 2695c51c9b7f2b5b9794b2fd53aac964b02d0de9..7a09960724d4e7b5427dea83b61685d9cb0588cd 100644 (file)
@@ -8,7 +8,7 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment-
 <form name="post" action="post.php" method="post" id="post">
 <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
 <div class="wrap">
 <form name="post" action="post.php" method="post" id="post">
 <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
 <div class="wrap">
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
 
 <script type="text/javascript">
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
 
 <script type="text/javascript">
@@ -20,19 +20,19 @@ addLoadEvent(focusit);
 <fieldset id="namediv">
     <legend><?php _e('Name:') ?></legend>
        <div>
 <fieldset id="namediv">
     <legend><?php _e('Name:') ?></legend>
        <div>
-         <input type="text" name="newcomment_author" size="22" value="<?php echo $comment->comment_author ?>" tabindex="1" id="name" />
+         <input type="text" name="newcomment_author" size="22" value="<?php echo attribute_escape($comment->comment_author); ?>" tabindex="1" id="name" />
     </div>
 </fieldset>
 <fieldset id="emaildiv">
         <legend><?php _e('E-mail:') ?></legend>
                <div>
     </div>
 </fieldset>
 <fieldset id="emaildiv">
         <legend><?php _e('E-mail:') ?></legend>
                <div>
-                 <input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email ?>" tabindex="2" id="email" />
+                 <input type="text" name="newcomment_author_email" size="30" value="<?php echo attribute_escape($comment->comment_author_email); ?>" tabindex="2" id="email" />
     </div>
 </fieldset>
 <fieldset id="uridiv">
         <legend><?php _e('URI:') ?></legend>
                <div>
     </div>
 </fieldset>
 <fieldset id="uridiv">
         <legend><?php _e('URI:') ?></legend>
                <div>
-                 <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url ?>" tabindex="3" id="URL" />
+                 <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape($comment->comment_author_url); ?>" tabindex="3" id="URL" />
     </div>
 </fieldset>
 
     </div>
 </fieldset>
 
index fd5efcea9b3a2daf38b3f9602ad3ec8375690f3a..de5937e38ef634040f8a13f219a483c125aa1e0f 100644 (file)
@@ -6,7 +6,7 @@
 <?php if (isset($mode) && 'bookmarklet' == $mode) : ?>
 <input type="hidden" name="mode" value="bookmarklet" />
 <?php endif; ?>
 <?php if (isset($mode) && 'bookmarklet' == $mode) : ?>
 <input type="hidden" name="mode" value="bookmarklet" />
 <?php endif; ?>
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='post' />
 
 <script type="text/javascript">
 <input type="hidden" name="action" value='post' />
 
 <script type="text/javascript">
@@ -21,7 +21,7 @@ addLoadEvent(focusit);
 <div id="poststuff">
     <fieldset id="titlediv">
       <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend> 
 <div id="poststuff">
     <fieldset id="titlediv">
       <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend> 
-         <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+         <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
     </fieldset>
 
     <fieldset id="categorydiv">
     </fieldset>
 
     <fieldset id="categorydiv">
@@ -49,7 +49,7 @@ edCanvas = document.getElementById('content');
 //-->
 </script>
 
 //-->
 </script>
 
-<input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />
+<input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" />
 
 <p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Identifier">URI</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Identifier">URI</abbr>s with spaces.)<br />'), 'http://wordpress.org/docs/reference/post/#trackback') ?>
        <input type="text" name="trackback_url" style="width: 360px" id="trackback" tabindex="7" /></p>
 
 <p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Identifier">URI</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Identifier">URI</abbr>s with spaces.)<br />'), 'http://wordpress.org/docs/reference/post/#trackback') ?>
        <input type="text" name="trackback_url" style="width: 360px" id="trackback" tabindex="7" /></p>
@@ -64,7 +64,7 @@ edCanvas = document.getElementById('content');
 <?php if ('bookmarklet' != $mode) {
       echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />';
   } ?>
 <?php if ('bookmarklet' != $mode) {
       echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />';
   } ?>
-  <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />
+  <input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" />
 </p>
 
 <?php do_action('simple_edit_form', ''); ?>
 </p>
 
 <?php do_action('simple_edit_form', ''); ?>
index fe5b6349aadbc043afe7ac6a76b420a33ddb6508..5111c0b86b9b30003ca23d6c91d1d9b3cb13081b 100644 (file)
@@ -230,7 +230,7 @@ function xfn_check($class, $value = '', $type = 'check') {
 <?php if ( $editing ) : ?>
           <input type="hidden" name="action" value="editlink" />
           <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
 <?php if ( $editing ) : ?>
           <input type="hidden" name="action" value="editlink" />
           <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
-          <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+          <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
           <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
 <?php else: ?>
                <input type="hidden" name="action" value="Add" />
           <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
 <?php else: ?>
                <input type="hidden" name="action" value="Add" />
index c9b7ef5b305eb4b2b568c92c802895636eeb23e4..b0e603e0061265d7b2988d9503bca308507e11c8 100644 (file)
@@ -9,16 +9,19 @@ if (0 == $post_ID) {
        $temp_ID = -1 * time();
        $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
 } else {
        $temp_ID = -1 * time();
        $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
 } else {
+       $post_ID = (int) $post_ID;
        $form_action = 'editpost';
        $nonce_action = 'update-post_' . $post_ID;
        $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }
 
        $form_action = 'editpost';
        $nonce_action = 'update-post_' . $post_ID;
        $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }
 
-$sendto = wp_get_referer();
+$temp_ID = (int) $temp_ID;
+$user_ID = (int) $user_ID;
+
+$sendto = attribute_escape(wp_get_referer());
 
 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
        $sendto = 'redo';
 
 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
        $sendto = 'redo';
-$sendto = wp_specialchars( $sendto );
 
 ?>
 
 
 ?>
 
@@ -61,7 +64,7 @@ addLoadEvent(focusit);
 
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3> 
 
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3> 
-<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /></div>
 </fieldset>
 
 <fieldset id="pageparent" class="dbx-box">
 </fieldset>
 
 <fieldset id="pageparent" class="dbx-box">
@@ -86,7 +89,7 @@ addLoadEvent(focusit);
 
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post slug') ?></h3> 
 
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post slug') ?></h3> 
-<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name); ?>" /></div>
 </fieldset>
 
 <?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
 </fieldset>
 
 <?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
@@ -99,6 +102,8 @@ foreach ($authors as $o) :
 $o = get_userdata( $o->ID );
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
 $o = get_userdata( $o->ID );
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
+$o->ID = (int) $o->ID;
+$o->display_name = wp_specialchars( $o->display_name );
 echo "<option value='$o->ID' $selected>$o->display_name</option>";
 endforeach;
 ?>
 echo "<option value='$o->ID' $selected>$o->display_name</option>";
 endforeach;
 ?>
@@ -119,7 +124,7 @@ endforeach;
 
 <fieldset id="titlediv">
   <legend><?php _e('Page Title') ?></legend> 
 
 <fieldset id="titlediv">
   <legend><?php _e('Page Title') ?></legend> 
-  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
 </fieldset>
 
 
 </fieldset>
 
 
@@ -193,7 +198,7 @@ if (current_user_can('upload_files')) {
        $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
        $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
        if ( false != $uploading_iframe_src )
        $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
        $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
        if ( false != $uploading_iframe_src )
-               echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+               echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
 }
 ?>
 
 }
 ?>
 
@@ -224,8 +229,8 @@ if($metadata = has_meta($post_ID)) {
        $delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); ?>
        <input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>
        $delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); ?>
        <input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>
-</form>
-
 </div>
 
 </div>
 
+</form>
+
 </div>
 </div>
index 9dc89d78275615a3ae75d3571702f14b292e5be7..e108407d3b4c299b7a49b07f5bfaf94e97194e79 100644 (file)
@@ -13,7 +13,7 @@ require_once('admin-header.php');
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Search Pages&hellip;') ?></legend>
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Search Pages&hellip;') ?></legend>
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
   </fieldset>
 </form>
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
   </fieldset>
 </form>
index eb67c80a6e36fbed184c42dcd2ca7121ea23de8c..df86317e387b6bfbcfda2abc09b05fe8ff142180 100644 (file)
@@ -79,7 +79,7 @@ if ( is_month() ) {
 <form name="searchform" action="" method="get" style="float: left; width: 16em; margin-right: 3em;"> 
   <fieldset> 
   <legend><?php _e('Search Posts&hellip;') ?></legend> 
 <form name="searchform" action="" method="get" style="float: left; width: 16em; margin-right: 3em;"> 
   <fieldset> 
   <legend><?php _e('Search Posts&hellip;') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
   </fieldset>
 </form>
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
   </fieldset>
 </form>
index d35f84219c83731d405ada2e15b5af95d517b17a..0772eb1db20aef146f0372ed7aca55f8dcc8703d 100644 (file)
@@ -7,14 +7,15 @@ class Blogger_Import {
 
        // Shows the welcome screen and the magic iframe.
        function greet() {
 
        // Shows the welcome screen and the magic iframe.
        function greet() {
-               $title = __('Import Blogger');
-               $welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.');
+               $title = __('Import Old Blogger');
+               $welcome = __('Howdy! This importer allows you to import posts and comments from your Old Blogger account into your WordPress blog.');
                $noiframes = __('This feature requires iframe support.');
                $warning = __('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?');
                $reset = __('Reset this importer');
                $incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.');
 
                echo "<div class='wrap'><h2>$title</h2><p>$welcome</p>";
                $noiframes = __('This feature requires iframe support.');
                $warning = __('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?');
                $reset = __('Reset this importer');
                $incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.');
 
                echo "<div class='wrap'><h2>$title</h2><p>$welcome</p>";
+               echo "<p>" . __('Please note that this importer <em>does not work with Blogger (using your Google account)</em>.') . "</p>";
                if ( function_exists('curl_init') )
                        echo "<iframe src='admin.php?import=blogger&amp;noheader=true' height='350px' width = '99%'>$noiframes</iframe><p><a href='admin.php?import=blogger&amp;restart=true&amp;noheader=true' onclick='return confirm(\"$warning\")'>$reset</a></p>";
                else
                if ( function_exists('curl_init') )
                        echo "<iframe src='admin.php?import=blogger&amp;noheader=true' height='350px' width = '99%'>$noiframes</iframe><p><a href='admin.php?import=blogger&amp;restart=true&amp;noheader=true' onclick='return confirm(\"$warning\")'>$reset</a></p>";
                else
@@ -135,13 +136,13 @@ class Blogger_Import {
                curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
                if ($header) curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
                $response = curl_exec ($ch);
                curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
                if ($header) curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
                $response = curl_exec ($ch);
-       
+
                if ($parse) {
                        $response = $this->parse_response($response);
                        $response['url'] = $url;
                        return $response;
                }
                if ($parse) {
                        $response = $this->parse_response($response);
                        $response['url'] = $url;
                        return $response;
                }
-       
+
                return $response;
        }
 
                return $response;
        }
 
@@ -210,7 +211,7 @@ class Blogger_Import {
                $this->import['blogs'][$_GET['blog']]['nextstep'] = $step;
                update_option('import-blogger', $this->import);
        }
                $this->import['blogs'][$_GET['blog']]['nextstep'] = $step;
                update_option('import-blogger', $this->import);
        }
-       
+
        // Redirects to next step
        function do_next_step() {
                wp_redirect("admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
        // Redirects to next step
        function do_next_step() {
                wp_redirect("admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
@@ -224,13 +225,13 @@ class Blogger_Import {
                        if ( ! ( $_POST['user'] && $_POST['pass'] ) ) {
                                $this->login_form(__('The script will log into your Blogger account, change some settings so it can read your blog, and restore the original settings when it\'s done. Here\'s what you do:').'</p><ol><li>'.__('Back up your Blogger template.').'</li><li>'.__('Back up any other Blogger settings you might need later.').'</li><li>'.__('Log out of Blogger').'</li><li>'.__('Log in <em>here</em> with your Blogger username and password.').'</li><li>'.__('On the next screen, click one of your Blogger blogs.').'</li><li>'.__('Do not close this window or navigate away until the process is complete.').'</li></ol>');
                        }
                        if ( ! ( $_POST['user'] && $_POST['pass'] ) ) {
                                $this->login_form(__('The script will log into your Blogger account, change some settings so it can read your blog, and restore the original settings when it\'s done. Here\'s what you do:').'</p><ol><li>'.__('Back up your Blogger template.').'</li><li>'.__('Back up any other Blogger settings you might need later.').'</li><li>'.__('Log out of Blogger').'</li><li>'.__('Log in <em>here</em> with your Blogger username and password.').'</li><li>'.__('On the next screen, click one of your Blogger blogs.').'</li><li>'.__('Do not close this window or navigate away until the process is complete.').'</li></ol>');
                        }
-               
-                       // Try logging in. If we get an array of cookies back, we at least connected.           
+
+                       // Try logging in. If we get an array of cookies back, we at least connected.
                        $this->import['cookies'] = $this->login_blogger($_POST['user'], $_POST['pass']);
                        if ( !is_array( $this->import['cookies'] ) ) {
                                $this->login_form(__('Login failed. Please enter your credentials again.'));
                        }
                        $this->import['cookies'] = $this->login_blogger($_POST['user'], $_POST['pass']);
                        if ( !is_array( $this->import['cookies'] ) ) {
                                $this->login_form(__('Login failed. Please enter your credentials again.'));
                        }
-                       
+
                        // Save the password so we can log the browser in when it's time to publish.
                        $this->import['pass'] = $_POST['pass'];
                        $this->import['user'] = $_POST['user'];
                        // Save the password so we can log the browser in when it's time to publish.
                        $this->import['pass'] = $_POST['pass'];
                        $this->import['user'] = $_POST['user'];
@@ -341,7 +342,7 @@ class Blogger_Import {
                                $form = "<div style='height:0px;width:0px;overflow:hidden;'>";
                                $form.= $body;
                                $form.= "</div><script type='text/javascript'>forms=document.getElementsByTagName('form');for(i=0;i<forms.length;i++){if(forms[i].action.search('{$blog_opt}')){forms[i].submit();break;}}</script>";
                                $form = "<div style='height:0px;width:0px;overflow:hidden;'>";
                                $form.= $body;
                                $form.= "</div><script type='text/javascript'>forms=document.getElementsByTagName('form');for(i=0;i<forms.length;i++){if(forms[i].action.search('{$blog_opt}')){forms[i].submit();break;}}</script>";
-                               $output.= '<p>'.sprintf('<strong>%s</strong> in progress, please wait...', $blog_opt)."</p>\n";
+                               $output.= '<p>'.sprintf(__('<strong>%s</strong> in progress, please wait...'), $blog_opt)."</p>\n";
                        } else {
                                $output.= "<p>$blog_opt</p>\n";
                        }
                        } else {
                                $output.= "<p>$blog_opt</p>\n";
                        }
@@ -395,7 +396,7 @@ class Blogger_Import {
                                update_option('import-blogger', $import);
                                $archive = $this->get_blogger($url);
                                if ( $archive['code'] > 200 )
                                update_option('import-blogger', $import);
                                $archive = $this->get_blogger($url);
                                if ( $archive['code'] > 200 )
-                                       continue;       
+                                       continue;
                                $posts = explode('<wordpresspost>', $archive['body']);
                                for ($i = 1; $i < count($posts); $i = $i + 1) {
                                        $postparts = explode('<wordpresscomment>', $posts[$i]);
                                $posts = explode('<wordpresspost>', $archive['body']);
                                for ($i = 1; $i < count($posts); $i = $i + 1) {
                                        $postparts = explode('<wordpresscomment>', $posts[$i]);
@@ -409,7 +410,7 @@ class Blogger_Import {
                                        $post_title = ( $postinfo[4] != '' ) ? $postinfo[4] : $postinfo[3];
                                        $post_author_name = $wpdb->escape(trim($postinfo[1]));
                                        $post_author_email = $postinfo[5] ? $postinfo[5] : 'user@wordpress.org';
                                        $post_title = ( $postinfo[4] != '' ) ? $postinfo[4] : $postinfo[3];
                                        $post_author_name = $wpdb->escape(trim($postinfo[1]));
                                        $post_author_email = $postinfo[5] ? $postinfo[5] : 'user@wordpress.org';
-       
+
                                        if ( $this->lump_authors ) {
                                                // Ignore Blogger authors. Use the current user_ID for all posts imported.
                                                $post_author = $GLOBALS['user_ID'];
                                        if ( $this->lump_authors ) {
                                                // Ignore Blogger authors. Use the current user_ID for all posts imported.
                                                $post_author = $GLOBALS['user_ID'];
@@ -420,7 +421,7 @@ class Blogger_Import {
                                                        $user_email = $wpdb->escape($post_author_email);
                                                        $user_password = substr(md5(uniqid(microtime())), 0, 6);
                                                        $result = wp_create_user( $user_login, $user_password, $user_email );
                                                        $user_email = $wpdb->escape($post_author_email);
                                                        $user_password = substr(md5(uniqid(microtime())), 0, 6);
                                                        $result = wp_create_user( $user_login, $user_password, $user_email );
-                                                       $status.= sprintf('Registered user <strong>%s</strong>.', $user_login);
+                                                       $status.= sprintf(__('Registered user <strong>%s</strong>.'), $user_login);
                                                        $this->import['blogs'][$_GET['blog']]['newusers'][] = $user_login;
                                                }
                                                $userdata = get_userdatabylogin( $post_author_name );
                                                        $this->import['blogs'][$_GET['blog']]['newusers'][] = $user_login;
                                                }
                                                $userdata = get_userdatabylogin( $post_author_name );
@@ -435,21 +436,21 @@ class Blogger_Import {
                                        $posthour = zeroise($post_date_His[0], 2);
                                        $postminute = zeroise($post_date_His[1], 2);
                                        $postsecond = zeroise($post_date_His[2], 2);
                                        $posthour = zeroise($post_date_His[0], 2);
                                        $postminute = zeroise($post_date_His[1], 2);
                                        $postsecond = zeroise($post_date_His[2], 2);
-       
+
                                        if (($post_date[2] == 'PM') && ($posthour != '12'))
                                                $posthour = $posthour + 12;
                                        else if (($post_date[2] == 'AM') && ($posthour == '12'))
                                                $posthour = '00';
                                        if (($post_date[2] == 'PM') && ($posthour != '12'))
                                                $posthour = $posthour + 12;
                                        else if (($post_date[2] == 'AM') && ($posthour == '12'))
                                                $posthour = '00';
-       
+
                                        $post_date = "$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
                                        $post_date = "$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
-       
+
                                        $post_content = addslashes($post_content);
                                        $post_content = str_replace(array('<br>','<BR>','<br/>','<BR/>','<br />','<BR />'), "\n", $post_content); // the XHTML touch... ;)
                                        $post_content = addslashes($post_content);
                                        $post_content = str_replace(array('<br>','<BR>','<br/>','<BR/>','<br />','<BR />'), "\n", $post_content); // the XHTML touch... ;)
-       
+
                                        $post_title = addslashes($post_title);
                                        $post_title = addslashes($post_title);
-                       
+
                                        $post_status = 'publish';
                                        $post_status = 'publish';
-       
+
                                        if ( $ID = post_exists($post_title, '', $post_date) ) {
                                                $post_array[$i]['ID'] = $ID;
                                                $skippedpostcount++;
                                        if ( $ID = post_exists($post_title, '', $post_date) ) {
                                                $post_array[$i]['ID'] = $ID;
                                                $skippedpostcount++;
@@ -509,7 +510,7 @@ class Blogger_Import {
                                        }
                                }
                                $status = sprintf(__('%s post(s) parsed, %s skipped...'), $postcount,  $skippedpostcount).' '.
                                        }
                                }
                                $status = sprintf(__('%s post(s) parsed, %s skipped...'), $postcount,  $skippedpostcount).' '.
-                                       sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcoun, $skippedcommentcount).' '.
+                                       sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcount, $skippedcommentcount).' '.
                                        ' <strong>'.__('Done').'</strong>';
                                $import = $this->import;
                                $import['blogs'][$_GET['blog']]['archives']["$url"] = $status;
                                        ' <strong>'.__('Done').'</strong>';
                                $import = $this->import;
                                $import['blogs'][$_GET['blog']]['archives']["$url"] = $status;
@@ -546,7 +547,7 @@ class Blogger_Import {
                                                $response = $this->get_blogger("http://www.blogger.com/blog-publishing.g?blogID={$_GET['blog']}&publishMode={$optary['backup']['publishMode']}", $headers);
                                                sleep(2);
                                                if ( $response['code'] >= 400 )
                                                $response = $this->get_blogger("http://www.blogger.com/blog-publishing.g?blogID={$_GET['blog']}&publishMode={$optary['backup']['publishMode']}", $headers);
                                                sleep(2);
                                                if ( $response['code'] >= 400 )
-                                                       die('<h1>Error restoring publishMode.</h1><p>Please tell the devs.</p>' . addslashes(print_r($response, 1)) );
+                                                       die('<h1>'.__('Error restoring publishMode').'</h1><p>'.__('Please tell the devs.').'</p>' . addslashes(print_r($response, 1)) );
                                        }
                                }
                                if ( $optary['backup'] != $optary['modify'] ) {
                                        }
                                }
                                if ( $optary['backup'] != $optary['modify'] ) {
@@ -597,11 +598,11 @@ class Blogger_Import {
                if ( $_GET['restart'] == 'true' ) {
                        $this->restart();
                }
                if ( $_GET['restart'] == 'true' ) {
                        $this->restart();
                }
-               
+
                if ( isset($_GET['noheader']) ) {
                        header('Content-Type: text/html; charset=utf-8');
 
                if ( isset($_GET['noheader']) ) {
                        header('Content-Type: text/html; charset=utf-8');
 
-                       $this->import = get_settings('import-blogger');
+                       $this->import = get_option('import-blogger');
 
                        if ( false === $this->import ) {
                                $step = 0;
 
                        if ( false === $this->import ) {
                                $step = 0;
@@ -649,7 +650,7 @@ class Blogger_Import {
                                        break;
                        }
                        die;
                                        break;
                        }
                        die;
-                       
+
                } else {
                        $this->greet();
                }
                } else {
                        $this->greet();
                }
@@ -662,6 +663,6 @@ class Blogger_Import {
 
 $blogger_import = new Blogger_Import();
 
 
 $blogger_import = new Blogger_Import();
 
-register_importer('blogger', 'Blogger', __('Import posts and comments from a Blogger account'), array ($blogger_import, 'start'));
+register_importer('blogger', __('Old Blogger'), __('Import <strong>posts and comments</strong> from your Old Blogger account'), array ($blogger_import, 'start'));
 
 ?>
 
 ?>
index b4f2cd34400c1fab2ee9b7b0efe6d2b1ab298b2e..fd4f2d65cf3c07421184ad90be35f423b0ebf495 100644 (file)
@@ -1,16 +1,21 @@
 <?php
 <?php
+/*
+ * DotClear import plugin
+ * by Thomas Quinot - http://thomas.quinot.org/
+ */
+
 /**
        Add These Functions to make our lives easier
 **/
 if(!function_exists('get_catbynicename'))
 {
 /**
        Add These Functions to make our lives easier
 **/
 if(!function_exists('get_catbynicename'))
 {
-       function get_catbynicename($category_nicename) 
+       function get_catbynicename($category_nicename)
        {
        global $wpdb;
        {
        global $wpdb;
-       
+
        $cat_id -= 0;   // force numeric
        $name = $wpdb->get_var('SELECT cat_ID FROM '.$wpdb->categories.' WHERE category_nicename="'.$category_nicename.'"');
        $cat_id -= 0;   // force numeric
        $name = $wpdb->get_var('SELECT cat_ID FROM '.$wpdb->categories.' WHERE category_nicename="'.$category_nicename.'"');
-       
+
        return $name;
        }
 }
        return $name;
        }
 }
@@ -55,57 +60,58 @@ if(!function_exists('link_exists'))
 //
 //    This cries out for a C-implementation to be included in PHP core
 //
 //
 //    This cries out for a C-implementation to be included in PHP core
 //
-   function valid_1byte($char) {
-       if(!is_int($char)) return false;
-       return ($char & 0x80) == 0x00;
-   }
-  
-   function valid_2byte($char) {
-       if(!is_int($char)) return false;
-       return ($char & 0xE0) == 0xC0;
-   }
-
-   function valid_3byte($char) {
-       if(!is_int($char)) return false;
-       return ($char & 0xF0) == 0xE0;
-   }
-
-   function valid_4byte($char) {
-       if(!is_int($char)) return false;
-       return ($char & 0xF8) == 0xF0;
-   }
-  
-   function valid_nextbyte($char) {
-       if(!is_int($char)) return false;
-       return ($char & 0xC0) == 0x80;
-   }
-  
-   function valid_utf8($string) {
-       $len = strlen($string);
-       $i = 0;   
-       while( $i < $len ) {
-           $char = ord(substr($string, $i++, 1));
-           if(valid_1byte($char)) {    // continue
-               continue;
-           } else if(valid_2byte($char)) { // check 1 byte
-               if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-                   return false;
-           } else if(valid_3byte($char)) { // check 2 bytes
-               if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-                   return false;
-               if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-                   return false;
-           } else if(valid_4byte($char)) { // check 3 bytes
-               if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-                   return false;
-               if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-                   return false;
-               if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-                   return false;
-           } // goto next char
-       }
-       return true; // done
-   }
+
+function valid_1byte($char) {
+       if(!is_int($char)) return false;
+               return ($char & 0x80) == 0x00;
+}
+
+function valid_2byte($char) {
+       if(!is_int($char)) return false;
+               return ($char & 0xE0) == 0xC0;
+}
+
+function valid_3byte($char) {
+       if(!is_int($char)) return false;
+               return ($char & 0xF0) == 0xE0;
+}
+
+function valid_4byte($char) {
+       if(!is_int($char)) return false;
+               return ($char & 0xF8) == 0xF0;
+}
+
+function valid_nextbyte($char) {
+       if(!is_int($char)) return false;
+               return ($char & 0xC0) == 0x80;
+}
+
+function valid_utf8($string) {
+       $len = strlen($string);
+       $i = 0;
+       while( $i < $len ) {
+               $char = ord(substr($string, $i++, 1));
+               if(valid_1byte($char)) {    // continue
+                       continue;
+               } else if(valid_2byte($char)) { // check 1 byte
+                       if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+                               return false;
+               } else if(valid_3byte($char)) { // check 2 bytes
+                       if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+                               return false;
+                       if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+                               return false;
+               } else if(valid_4byte($char)) { // check 3 bytes
+                       if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+                               return false;
+                       if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+                               return false;
+                       if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+                               return false;
+               } // goto next char
+       }
+       return true; // done
+}
 
 function csc ($s) {
        if (valid_utf8 ($s)) {
 
 function csc ($s) {
        if (valid_utf8 ($s)) {
@@ -127,7 +133,7 @@ class Dotclear_Import {
        function header() 
        {
                echo '<div class="wrap">';
        function header() 
        {
                echo '<div class="wrap">';
-               echo '<h2>'.__('Import Dotclear').'</h2>';
+               echo '<h2>'.__('Import DotClear').'</h2>';
                echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'</p>';
        }
 
                echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'</p>';
        }
 
@@ -135,78 +141,79 @@ class Dotclear_Import {
        {
                echo '</div>';
        }
        {
                echo '</div>';
        }
-       
+
        function greet() 
        {
        function greet() 
        {
-               echo '<p>'.__('Howdy! This importer allows you to extract posts from a Dotclear database into your blog.  Mileage may vary.').'</p>';
-               echo '<p>'.__('Your Dotclear Configuration settings are as follows:').'</p>';
+               echo '<div class="narrow"><p>'.__('Howdy! This importer allows you to extract posts from a DotClear database into your blog.  Mileage may vary.').'</p>';
+               echo '<p>'.__('Your DotClear Configuration settings are as follows:').'</p>';
                echo '<form action="admin.php?import=dotclear&amp;step=1" method="post">';
                echo '<form action="admin.php?import=dotclear&amp;step=1" method="post">';
+               wp_nonce_field('import-dotclear');
                $this->db_form();
                $this->db_form();
-               echo '<input type="submit" name="submit" value="'.__('Import Categories').'" />';
-               echo '</form>';
+               echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories &raquo;')).'" /></p>';
+               echo '</form></div>';
        }
 
        }
 
-       function get_dc_cats() 
+       function get_dc_cats()
        {
                global $wpdb;
                // General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
        {
                global $wpdb;
                // General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
-               $prefix = get_option('tpre');
-               
+               $dbprefix = get_option('dcdbprefix');
+
                // Get Categories
                // Get Categories
-               return $dcdb->get_results('SELECT * FROM dc_categorie', ARRAY_A);
+               return $dcdb->get_results('SELECT * FROM '.$dbprefix.'categorie', ARRAY_A);
        }
        }
-       
+
        function get_dc_users()
        {
                global $wpdb;
                // General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
        function get_dc_users()
        {
                global $wpdb;
                // General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
-               $prefix = get_option('tpre');
-               
+               $dbprefix = get_option('dcdbprefix');
+
                // Get Users
                // Get Users
-               
-               return $dcdb->get_results('SELECT * FROM dc_user', ARRAY_A);
+
+               return $dcdb->get_results('SELECT * FROM '.$dbprefix.'user', ARRAY_A);
        }
        }
-       
+
        function get_dc_posts()
        {
                // General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
        function get_dc_posts()
        {
                // General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
-               $prefix = get_option('tpre');
-               
+               $dbprefix = get_option('dcdbprefix');
+
                // Get Posts
                // Get Posts
-               return $dcdb->get_results('SELECT dc_post.*, dc_categorie.cat_libelle_url AS post_cat_name
-                                               FROM dc_post INNER JOIN dc_categorie
-                                                 ON dc_post.cat_id = dc_categorie.cat_id', ARRAY_A);
+               return $dcdb->get_results('SELECT '.$dbprefix.'post.*, '.$dbprefix.'categorie.cat_libelle_url AS post_cat_name
+                                               FROM '.$dbprefix.'post INNER JOIN '.$dbprefix.'categorie
+                                               ON '.$dbprefix.'post.cat_id = '.$dbprefix.'categorie.cat_id', ARRAY_A);
        }
        }
-       
+
        function get_dc_comments()
        {
                global $wpdb;
                // General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
        function get_dc_comments()
        {
                global $wpdb;
                // General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
-               $prefix = get_option('tpre');
-               
+               $dbprefix = get_option('dcdbprefix');
+
                // Get Comments
                // Get Comments
-               return $dcdb->get_results('SELECT * FROM dc_comment', ARRAY_A);
+               return $dcdb->get_results('SELECT * FROM '.$dbprefix.'comment', ARRAY_A);
        }
        }
-       
+
        function get_dc_links()
        {
                //General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
        function get_dc_links()
        {
                //General Housekeeping
                $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
                set_magic_quotes_runtime(0);
-               $prefix = get_option('tpre');
+               $dbprefix = get_option('dcdbprefix');
 
 
-               return $dcdb->get_results('SELECT * FROM dc_link ORDER BY position', ARRAY_A);
+               return $dcdb->get_results('SELECT * FROM '.$dbprefix.'link ORDER BY position', ARRAY_A);
        }
        }
-       
-       function cat2wp($categories='') 
+
+       function cat2wp($categories='')
        {
                // General Housekeeping
                global $wpdb;
        {
                // General Housekeeping
                global $wpdb;
@@ -216,11 +223,11 @@ class Dotclear_Import {
                if(is_array($categories))
                {
                        echo '<p>'.__('Importing Categories...').'<br /><br /></p>';
                if(is_array($categories))
                {
                        echo '<p>'.__('Importing Categories...').'<br /><br /></p>';
-                       foreach ($categories as $category) 
+                       foreach ($categories as $category)
                        {
                                $count++;
                                extract($category);
                        {
                                $count++;
                                extract($category);
-                               
+
                                // Make Nice Variables
                                $name = $wpdb->escape($cat_libelle_url);
                                $title = $wpdb->escape(csc ($cat_libelle));
                                // Make Nice Variables
                                $name = $wpdb->escape($cat_libelle_url);
                                $title = $wpdb->escape(csc ($cat_libelle));
@@ -236,7 +243,7 @@ class Dotclear_Import {
                                }
                                $dccat2wpcat[$id] = $ret_id;
                        }
                                }
                                $dccat2wpcat[$id] = $ret_id;
                        }
-                       
+
                        // Store category translation for future use
                        add_option('dccat2wpcat',$dccat2wpcat);
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> categories imported.'), $count).'<br /><br /></p>';
                        // Store category translation for future use
                        add_option('dccat2wpcat',$dccat2wpcat);
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> categories imported.'), $count).'<br /><br /></p>';
@@ -245,14 +252,14 @@ class Dotclear_Import {
                echo __('No Categories to Import!');
                return false;
        }
                echo __('No Categories to Import!');
                return false;
        }
-       
+
        function users2wp($users='')
        {
                // General Housekeeping
                global $wpdb;
                $count = 0;
                $dcid2wpid = array();
        function users2wp($users='')
        {
                // General Housekeeping
                global $wpdb;
                $count = 0;
                $dcid2wpid = array();
-               
+
                // Midnight Mojo
                if(is_array($users))
                {
                // Midnight Mojo
                if(is_array($users))
                {
@@ -261,14 +268,14 @@ class Dotclear_Import {
                        {
                                $count++;
                                extract($user);
                        {
                                $count++;
                                extract($user);
-                               
+
                                // Make Nice Variables
                                $name = $wpdb->escape(csc ($name));
                                $RealName = $wpdb->escape(csc ($user_pseudo));
                                // Make Nice Variables
                                $name = $wpdb->escape(csc ($name));
                                $RealName = $wpdb->escape(csc ($user_pseudo));
-                               
+
                                if($uinfo = get_userdatabylogin($name))
                                {
                                if($uinfo = get_userdatabylogin($name))
                                {
-                                       
+
                                        $ret_id = wp_insert_user(array(
                                                                'ID'            => $uinfo->ID,
                                                                'user_login'    => $user_id,
                                        $ret_id = wp_insert_user(array(
                                                                'ID'            => $uinfo->ID,
                                                                'user_login'    => $user_id,
@@ -278,7 +285,7 @@ class Dotclear_Import {
                                                                'display_name'  => $Realname)
                                                                );
                                }
                                                                'display_name'  => $Realname)
                                                                );
                                }
-                               else 
+                               else
                                {
                                        $ret_id = wp_insert_user(array(
                                                                'user_login'    => $user_id,
                                {
                                        $ret_id = wp_insert_user(array(
                                                                'user_login'    => $user_id,
@@ -289,9 +296,9 @@ class Dotclear_Import {
                                                                );
                                }
                                $dcid2wpid[$user_id] = $ret_id;
                                                                );
                                }
                                $dcid2wpid[$user_id] = $ret_id;
-                               
-                               // Set Dotclear-to-WordPress permissions translation
-                               
+
+                               // Set DotClear-to-WordPress permissions translation
+
                                // Update Usermeta Data
                                $user = new WP_User($ret_id);
                                $wp_perms = $user_level + 1;
                                // Update Usermeta Data
                                $user = new WP_User($ret_id);
                                $wp_perms = $user_level + 1;
@@ -302,26 +309,26 @@ class Dotclear_Import {
                                else if(3  <= $wp_perms) { $user->set_role('contributor'); }
                                else if(2  <= $wp_perms) { $user->set_role('contributor'); }
                                else                     { $user->set_role('subscriber'); }
                                else if(3  <= $wp_perms) { $user->set_role('contributor'); }
                                else if(2  <= $wp_perms) { $user->set_role('contributor'); }
                                else                     { $user->set_role('subscriber'); }
-                               
+
                                update_usermeta( $ret_id, 'wp_user_level', $wp_perms);
                                update_usermeta( $ret_id, 'rich_editing', 'false');
                                update_usermeta( $ret_id, 'first_name', csc ($user_prenom));
                                update_usermeta( $ret_id, 'last_name', csc ($user_nom));
                        }// End foreach($users as $user)
                                update_usermeta( $ret_id, 'wp_user_level', $wp_perms);
                                update_usermeta( $ret_id, 'rich_editing', 'false');
                                update_usermeta( $ret_id, 'first_name', csc ($user_prenom));
                                update_usermeta( $ret_id, 'last_name', csc ($user_nom));
                        }// End foreach($users as $user)
-                       
+
                        // Store id translation array for future use
                        add_option('dcid2wpid',$dcid2wpid);
                        // Store id translation array for future use
                        add_option('dcid2wpid',$dcid2wpid);
-                       
-                       
+
+
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> users imported.'), $count).'<br /><br /></p>';
                        return true;
                }// End if(is_array($users)
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> users imported.'), $count).'<br /><br /></p>';
                        return true;
                }// End if(is_array($users)
-               
+
                echo __('No Users to Import!');
                return false;
                echo __('No Users to Import!');
                return false;
-               
+
        }// End function user2wp()
        }// End function user2wp()
-       
+
        function posts2wp($posts='')
        {
                // General Housekeeping
        function posts2wp($posts='')
        {
                // General Housekeeping
@@ -338,17 +345,18 @@ class Dotclear_Import {
                        {
                                $count++;
                                extract($post);
                        {
                                $count++;
                                extract($post);
-                               
-                               // Set Dotclear-to-WordPress status translation
+
+                               // Set DotClear-to-WordPress status translation
                                $stattrans = array(0 => 'draft', 1 => 'publish');
                                $comment_status_map = array (0 => 'closed', 1 => 'open');
                                $stattrans = array(0 => 'draft', 1 => 'publish');
                                $comment_status_map = array (0 => 'closed', 1 => 'open');
-                               
+
                                //Can we do this more efficiently?
                                $uinfo = ( get_userdatabylogin( $user_id ) ) ? get_userdatabylogin( $user_id ) : 1;
                                $authorid = ( is_object( $uinfo ) ) ? $uinfo->ID : $uinfo ;
 
                                $Title = $wpdb->escape(csc ($post_titre));
                                $post_content = textconv ($post_content);
                                //Can we do this more efficiently?
                                $uinfo = ( get_userdatabylogin( $user_id ) ) ? get_userdatabylogin( $user_id ) : 1;
                                $authorid = ( is_object( $uinfo ) ) ? $uinfo->ID : $uinfo ;
 
                                $Title = $wpdb->escape(csc ($post_titre));
                                $post_content = textconv ($post_content);
+                               $post_excerpt = "";
                                if ($post_chapo != "") {
                                        $post_excerpt = textconv ($post_chapo);
                                        $post_content = $post_excerpt ."\n<!--more-->\n".$post_content;
                                if ($post_chapo != "") {
                                        $post_excerpt = textconv ($post_chapo);
                                        $post_content = $post_excerpt ."\n<!--more-->\n".$post_content;
@@ -356,9 +364,9 @@ class Dotclear_Import {
                                $post_excerpt = $wpdb->escape ($post_excerpt);
                                $post_content = $wpdb->escape ($post_content);
                                $post_status = $stattrans[$post_pub];
                                $post_excerpt = $wpdb->escape ($post_excerpt);
                                $post_content = $wpdb->escape ($post_content);
                                $post_status = $stattrans[$post_pub];
-                               
+
                                // Import Post data into WordPress
                                // Import Post data into WordPress
-                               
+
                                if($pinfo = post_exists($Title,$post_content))
                                {
                                        $ret_id = wp_insert_post(array(
                                if($pinfo = post_exists($Title,$post_content))
                                {
                                        $ret_id = wp_insert_post(array(
@@ -378,7 +386,7 @@ class Dotclear_Import {
                                                        'comment_count'         => $post_nb_comment + $post_nb_trackback)
                                                        );
                                }
                                                        'comment_count'         => $post_nb_comment + $post_nb_trackback)
                                                        );
                                }
-                               else 
+                               else
                                {
                                        $ret_id = wp_insert_post(array(
                                                        'post_author'           => $authorid,
                                {
                                        $ret_id = wp_insert_post(array(
                                                        'post_author'           => $authorid,
@@ -397,7 +405,7 @@ class Dotclear_Import {
                                                        );
                                }
                                $dcposts2wpposts[$post_id] = $ret_id;
                                                        );
                                }
                                $dcposts2wpposts[$post_id] = $ret_id;
-                               
+
                                // Make Post-to-Category associations
                                $cats = array();
                                if($cat1 = get_catbynicename($post_cat_name)) { $cats[1] = $cat1; }
                                // Make Post-to-Category associations
                                $cats = array();
                                if($cat1 = get_catbynicename($post_cat_name)) { $cats[1] = $cat1; }
@@ -407,11 +415,11 @@ class Dotclear_Import {
                }
                // Store ID translation for later use
                add_option('dcposts2wpposts',$dcposts2wpposts);
                }
                // Store ID translation for later use
                add_option('dcposts2wpposts',$dcposts2wpposts);
-               
+
                echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> posts imported.'), $count).'<br /><br /></p>';
                echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> posts imported.'), $count).'<br /><br /></p>';
-               return true;    
+               return true;
        }
        }
-       
+
        function comments2wp($comments='')
        {
                // General Housekeeping
        function comments2wp($comments='')
        {
                // General Housekeeping
@@ -419,7 +427,7 @@ class Dotclear_Import {
                $count = 0;
                $dccm2wpcm = array();
                $postarr = get_option('dcposts2wpposts');
                $count = 0;
                $dccm2wpcm = array();
                $postarr = get_option('dcposts2wpposts');
-               
+
                // Magic Mojo
                if(is_array($comments))
                {
                // Magic Mojo
                if(is_array($comments))
                {
@@ -428,16 +436,16 @@ class Dotclear_Import {
                        {
                                $count++;
                                extract($comment);
                        {
                                $count++;
                                extract($comment);
-                               
+
                                // WordPressify Data
                                // WordPressify Data
-                               $comment_ID = ltrim($comment_id, '0');
-                               $comment_post_ID = $postarr[$post_id];
+                               $comment_ID = (int) ltrim($comment_id, '0');
+                               $comment_post_ID = (int) $postarr[$post_id];
                                $comment_approved = "$comment_pub";
                                $name = $wpdb->escape(csc ($comment_auteur));
                                $email = $wpdb->escape($comment_email);
                                $web = "http://".$wpdb->escape($comment_site);
                                $message = $wpdb->escape(textconv ($comment_content));
                                $comment_approved = "$comment_pub";
                                $name = $wpdb->escape(csc ($comment_auteur));
                                $email = $wpdb->escape($comment_email);
                                $web = "http://".$wpdb->escape($comment_site);
                                $message = $wpdb->escape(textconv ($comment_content));
-                               
+
                                if($cinfo = comment_exists($name, $comment_dt))
                                {
                                        // Update comments
                                if($cinfo = comment_exists($name, $comment_dt))
                                {
                                        // Update comments
@@ -454,7 +462,7 @@ class Dotclear_Import {
                                                        'comment_approved'      => $comment_approved)
                                                        );
                                }
                                                        'comment_approved'      => $comment_approved)
                                                        );
                                }
-                               else 
+                               else
                                {
                                        // Insert comments
                                        $ret_id = wp_insert_comment(array(
                                {
                                        // Insert comments
                                        $ret_id = wp_insert_comment(array(
@@ -472,25 +480,25 @@ class Dotclear_Import {
                                $dccm2wpcm[$comment_ID] = $ret_id;
                        }
                        // Store Comment ID translation for future use
                                $dccm2wpcm[$comment_ID] = $ret_id;
                        }
                        // Store Comment ID translation for future use
-                       add_option('dccm2wpcm', $dccm2wpcm);                    
-                       
+                       add_option('dccm2wpcm', $dccm2wpcm);
+
                        // Associate newly formed categories with posts
                        get_comment_count($ret_id);
                        // Associate newly formed categories with posts
                        get_comment_count($ret_id);
-                       
-                       
+
+
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> comments imported.'), $count).'<br /><br /></p>';
                        return true;
                }
                echo __('No Comments to Import!');
                return false;
        }
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> comments imported.'), $count).'<br /><br /></p>';
                        return true;
                }
                echo __('No Comments to Import!');
                return false;
        }
-       
+
        function links2wp($links='')
        {
                // General Housekeeping
                global $wpdb;
                $count = 0;
        function links2wp($links='')
        {
                // General Housekeeping
                global $wpdb;
                $count = 0;
-               
+
                // Deal with the links
                if(is_array($links))
                {
                // Deal with the links
                if(is_array($links))
                {
@@ -499,7 +507,7 @@ class Dotclear_Import {
                        {
                                $count++;
                                extract($link);
                        {
                                $count++;
                                extract($link);
-                               
+
                                if ($title != "") {
                                        if ($cinfo = link_cat_exists (csc ($title))) {
                                                $category = $cinfo;
                                if ($title != "") {
                                        if ($cinfo = link_cat_exists (csc ($title))) {
                                                $category = $cinfo;
@@ -511,7 +519,7 @@ class Dotclear_Import {
                                } else {
                                        $linkname = $wpdb->escape(csc ($label));
                                        $description = $wpdb->escape(csc ($title));
                                } else {
                                        $linkname = $wpdb->escape(csc ($label));
                                        $description = $wpdb->escape(csc ($title));
-                               
+
                                        if($linfo = link_exists($linkname)) {
                                                $ret_id = wp_insert_link(array(
                                                                        'link_id'               => $linfo,
                                        if($linfo = link_exists($linkname)) {
                                                $ret_id = wp_insert_link(array(
                                                                        'link_id'               => $linfo,
@@ -540,70 +548,75 @@ class Dotclear_Import {
                echo __('No Links to Import!');
                return false;
        }
                echo __('No Links to Import!');
                return false;
        }
-               
-       function import_categories() 
-       {       
-               // Category Import      
+
+       function import_categories()
+       {
+               // Category Import
                $cats = $this->get_dc_cats();
                $this->cat2wp($cats);
                add_option('dc_cats', $cats);
                $cats = $this->get_dc_cats();
                $this->cat2wp($cats);
                add_option('dc_cats', $cats);
-               
-               
-                       
+
+
+
                echo '<form action="admin.php?import=dotclear&amp;step=2" method="post">';
                echo '<form action="admin.php?import=dotclear&amp;step=2" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
+               wp_nonce_field('import-dotclear');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
                echo '</form>';
 
        }
                echo '</form>';
 
        }
-       
+
        function import_users()
        {
                // User Import
        function import_users()
        {
                // User Import
-               $users = $this->get_dc_users(); 
+               $users = $this->get_dc_users();
                $this->users2wp($users);
                $this->users2wp($users);
-               
+
                echo '<form action="admin.php?import=dotclear&amp;step=3" method="post">';
                echo '<form action="admin.php?import=dotclear&amp;step=3" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
+               wp_nonce_field('import-dotclear');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
                echo '</form>';
        }
                echo '</form>';
        }
-       
+
        function import_posts()
        {
                // Post Import
                $posts = $this->get_dc_posts();
                $this->posts2wp($posts);
        function import_posts()
        {
                // Post Import
                $posts = $this->get_dc_posts();
                $this->posts2wp($posts);
-               
+
                echo '<form action="admin.php?import=dotclear&amp;step=4" method="post">';
                echo '<form action="admin.php?import=dotclear&amp;step=4" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
+               wp_nonce_field('import-dotclear');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
                echo '</form>';
        }
                echo '</form>';
        }
-       
+
        function import_comments()
        {
                // Comment Import
                $comments = $this->get_dc_comments();
                $this->comments2wp($comments);
        function import_comments()
        {
                // Comment Import
                $comments = $this->get_dc_comments();
                $this->comments2wp($comments);
-               
+
                echo '<form action="admin.php?import=dotclear&amp;step=5" method="post">';
                echo '<form action="admin.php?import=dotclear&amp;step=5" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
+               wp_nonce_field('import-dotclear');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
                echo '</form>';
        }
                echo '</form>';
        }
-       
+
        function import_links()
        {
                //Link Import
                $links = $this->get_dc_links();
                $this->links2wp($links);
                add_option('dc_links', $links);
        function import_links()
        {
                //Link Import
                $links = $this->get_dc_links();
                $this->links2wp($links);
                add_option('dc_links', $links);
-               
+
                echo '<form action="admin.php?import=dotclear&amp;step=6" method="post">';
                echo '<form action="admin.php?import=dotclear&amp;step=6" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
+               wp_nonce_field('import-dotclear');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
                echo '</form>';
        }
                echo '</form>';
        }
-       
+
        function cleanup_dcimport()
        {
        function cleanup_dcimport()
        {
-               delete_option('tpre');
+               delete_option('dcdbprefix');
                delete_option('dc_cats');
                delete_option('dcid2wpid');
                delete_option('dccat2wpcat');
                delete_option('dc_cats');
                delete_option('dcid2wpid');
                delete_option('dccat2wpcat');
@@ -617,39 +630,39 @@ class Dotclear_Import {
                delete_option('dccharset');
                $this->tips();
        }
                delete_option('dccharset');
                $this->tips();
        }
-       
+
        function tips()
        {
        function tips()
        {
-               echo '<p>'.__('Welcome to WordPress.  We hope (and expect!) that you will find this platform incredibly rewarding!  As a new WordPress user coming from Dotclear, there are some things that we would like to point out.  Hopefully, they will help your transition go as smoothly as possible.').'</p>';
+               echo '<p>'.__('Welcome to WordPress.  We hope (and expect!) that you will find this platform incredibly rewarding!  As a new WordPress user coming from DotClear, there are some things that we would like to point out.  Hopefully, they will help your transition go as smoothly as possible.').'</p>';
                echo '<h3>'.__('Users').'</h3>';
                echo '<h3>'.__('Users').'</h3>';
-               echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password.  Forget it.  You didn\'t have that login in Dotclear, why should you have it here?  Instead we have taken care to import all of your users into our system.  Unfortunately there is one downside.  Because both WordPress and Dotclear uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users.  <strong>Every user has the same username, but their passwords are reset to password123.</strong>  So <a href="%1$s">Login</a> and change it.'), '/wp-login.php').'</p>';
+               echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password.  Forget it.  You didn\'t have that login in DotClear, why should you have it here?  Instead we have taken care to import all of your users into our system.  Unfortunately there is one downside.  Because both WordPress and DotClear uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users.  <strong>Every user has the same username, but their passwords are reset to password123.</strong>  So <a href="%1$s">Login</a> and change it.'), '/wp-login.php').'</p>';
                echo '<h3>'.__('Preserving Authors').'</h3>';
                echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
                echo '<h3>'.__('Textile').'</h3>';
                echo '<h3>'.__('Preserving Authors').'</h3>';
                echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
                echo '<h3>'.__('Textile').'</h3>';
-               echo '<p>'.__('Also, since you\'re coming from Dotclear, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/2004/04/19/wordpress-plugin-textile-20/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
+               echo '<p>'.__('Also, since you\'re coming from DotClear, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
                echo '<h3>'.__('WordPress Resources').'</h3>';
                echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
                echo '<ul>';
                echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
                echo '<h3>'.__('WordPress Resources').'</h3>';
                echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
                echo '<ul>';
                echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
-               echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums').'</li>';
+               echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
                echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
                echo '</ul>';
                echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
                echo '</ul>';
-               echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
+               echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '../wp-login.php').'</p>';
        }
        }
-       
+
        function db_form()
        {
        function db_form()
        {
-               echo '<ul>';
-               printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Dotclear Database User:'));
-               printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Dotclear Database Password:'));
-               printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" id="dbname" /></li>', __('Dotclear Database Name:'));
-               printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" id="dbhost" value="localhost" /></li>', __('Dotclear Database Host:'));
-               /* printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" /></li>', __('Dotclear Table prefix (if any):')); */
-               printf('<li><label for="dccharset">%s</label> <input type="text" id="dccharset" name="dccharset" value="ISO-8859-15"/></li>', __('Originating character set:'));
-               echo '</ul>';
+               echo '<table class="editform">';
+               printf('<tr><th><label for="dbuser">%s</label></th><td><input type="text" name="dbuser" id="dbuser" /></td></tr>', __('DotClear Database User:'));
+               printf('<tr><th><label for="dbpass">%s</label></th><td><input type="password" name="dbpass" id="dbpass" /></td></tr>', __('DotClear Database Password:'));
+               printf('<tr><th><label for="dbname">%s</label></th><td><input type="text" name="dbname" id="dbname" /></td></tr>', __('DotClear Database Name:'));
+               printf('<tr><th><label for="dbhost">%s</label></th><td><input type="text" name="dbhost" nameid="dbhost" value="localhost" /></td></tr>', __('DotClear Database Host:'));
+               printf('<tr><th><label for="dbprefix">%s</label></th><td><input type="text" name="dbprefix" id="dbprefix" value="dc_"/></td></tr>', __('DotClear Table prefix:'));
+               printf('<tr><th><label for="dccharset">%s</label></th><td><input type="text" name="dccharset" id="dccharset" value="ISO-8859-15"/></td></tr>', __('Originating character set:'));
+               echo '</table>';
        }
        }
-       
-       function dispatch() 
+
+       function dispatch()
        {
 
                if (empty ($_GET['step']))
        {
 
                if (empty ($_GET['step']))
@@ -657,51 +670,53 @@ class Dotclear_Import {
                else
                        $step = (int) $_GET['step'];
                $this->header();
                else
                        $step = (int) $_GET['step'];
                $this->header();
-               
-               if ( $step > 0 ) 
+
+               if ( $step > 0 )
                {
                {
+                       check_admin_referer('import-dotclear');
+
                        if($_POST['dbuser'])
                        {
                                if(get_option('dcuser'))
                        if($_POST['dbuser'])
                        {
                                if(get_option('dcuser'))
-                                       delete_option('dcuser');        
-                               add_option('dcuser',$_POST['dbuser']);
+                                       delete_option('dcuser');
+                               add_option('dcuser', sanitize_user($_POST['dbuser'], true));
                        }
                        if($_POST['dbpass'])
                        {
                                if(get_option('dcpass'))
                        }
                        if($_POST['dbpass'])
                        {
                                if(get_option('dcpass'))
-                                       delete_option('dcpass');        
-                               add_option('dcpass',$_POST['dbpass']);
+                                       delete_option('dcpass');
+                               add_option('dcpass', sanitize_user($_POST['dbpass'], true));
                        }
                        }
-                       
+
                        if($_POST['dbname'])
                        {
                                if(get_option('dcname'))
                        if($_POST['dbname'])
                        {
                                if(get_option('dcname'))
-                                       delete_option('dcname');        
-                               add_option('dcname',$_POST['dbname']);
+                                       delete_option('dcname');
+                               add_option('dcname', sanitize_user($_POST['dbname'], true));
                        }
                        if($_POST['dbhost'])
                        {
                                if(get_option('dchost'))
                                        delete_option('dchost');
                        }
                        if($_POST['dbhost'])
                        {
                                if(get_option('dchost'))
                                        delete_option('dchost');
-                               add_option('dchost',$_POST['dbhost']); 
+                               add_option('dchost', sanitize_user($_POST['dbhost'], true));
                        }
                        if($_POST['dccharset'])
                        {
                                if(get_option('dccharset'))
                                        delete_option('dccharset');
                        }
                        if($_POST['dccharset'])
                        {
                                if(get_option('dccharset'))
                                        delete_option('dccharset');
-                               add_option('dccharset',$_POST['dccharset']); 
-                       }                       
+                               add_option('dccharset', sanitize_user($_POST['dccharset'], true));
+                       }
                        if($_POST['dbprefix'])
                        {
                        if($_POST['dbprefix'])
                        {
-                               if(get_option('tpre'))
-                                       delete_option('tpre');
-                               add_option('tpre',$_POST['dbprefix']); 
-                       }                       
+                               if(get_option('dcdbprefix'))
+                                       delete_option('dcdbprefix');
+                               add_option('dcdbprefix', sanitize_user($_POST['dbprefix'], true));
+                       }
 
 
                }
 
 
 
                }
 
-               switch ($step) 
+               switch ($step)
                {
                        default:
                        case 0 :
                {
                        default:
                        case 0 :
@@ -726,16 +741,16 @@ class Dotclear_Import {
                                $this->cleanup_dcimport();
                                break;
                }
                                $this->cleanup_dcimport();
                                break;
                }
-               
+
                $this->footer();
        }
 
                $this->footer();
        }
 
-       function Dotclear_Import() 
+       function Dotclear_Import()
        {
        {
-               // Nothing.     
+               // Nothing.
        }
 }
 
 $dc_import = new Dotclear_Import();
        }
 }
 
 $dc_import = new Dotclear_Import();
-register_importer('dotclear', 'Dotclear', __('Import posts from a Dotclear Blog'), array ($dc_import, 'dispatch'));
+register_importer('dotclear', __('DotClear'), __('Import categories, users, posts, comments, and links from a DotClear blog'), array ($dc_import, 'dispatch'));
 ?>
 ?>
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4305cd18ce18bc472b1ee2c95c10b52ed41f6b75 100644 (file)
@@ -0,0 +1,317 @@
+<?php
+
+class GM_Import {
+
+       var $gmnames = array ();
+
+       function header() {
+               echo '<div class="wrap">';
+               echo '<h2>'.__('Import GreyMatter').'</h2>';
+       }
+
+       function footer() {
+               echo '</div>';
+       }
+
+       function greet() {
+               $this->header();
+?>
+<p><?php _e('This is a basic GreyMatter to WordPress import script.') ?></p>
+<p><?php _e('What it does:') ?></p>
+<ul>
+<li><?php _e('Parses gm-authors.cgi to import (new) authors. Everyone is imported at level 1.') ?></li>
+<li><?php _e('Parses the entries cgi files to import posts, comments, and karma on posts (although karma is not used on WordPress yet).<br />If authors are found not to be in gm-authors.cgi, imports them at level 0.') ?></li>
+<li><?php _e("Detects duplicate entries or comments. If you don't import everything the first time, or this import should fail in the middle, duplicate entries will not be made when you try again.") ?></li>
+</ul>
+<p><?php _e('What it does not:') ?></p>
+<ul>
+<li><?php _e('Parse gm-counter.cgi, gm-banlist.cgi, gm-cplog.cgi (you can make a CP log hack if you really feel like it, but I question the need of a CP log).') ?></li>
+<li><?php _e('Import gm-templates.') ?></li>
+<li><?php _e("Doesn't keep entries on top.")?></li>
+</ul>
+<p>&nbsp;</p>
+
+<form name="stepOne" method="get">
+<input type="hidden" name="import" value="greymatter" />
+<input type="hidden" name="step" value="1" />
+<?php wp_nonce_field('import-greymatter'); ?>
+<h3><?php _e('Second step: GreyMatter details:') ?></h3>
+<p><table cellpadding="0">
+<tr>
+<td><?php _e('Path to GM files:') ?></td>
+<td><input type="text" style="width:300px" name="gmpath" value="/home/my/site/cgi-bin/greymatter/" /></td>
+</tr>
+<tr>
+<td><?php _e('Path to GM entries:') ?></td>
+<td><input type="text" style="width:300px" name="archivespath" value="/home/my/site/cgi-bin/greymatter/archives/" /></td>
+</tr>
+<tr>
+<td colspan="2"><br /><?php _e("This importer will search for files 00000001.cgi to 000-whatever.cgi,<br />so you need to enter the number of the last GM post here.<br />(if you don't know that number, just log into your FTP and look it out<br />in the entries' folder)") ?></td>
+</tr>
+<tr>
+<td><?php _e("Last entry's number:") ?></td>
+<td><input type="text" name="lastentry" value="00000001" /></td>
+</tr>
+</table>
+</p>
+<p><?php _e("When you're ready, click OK to start importing: ") ?><input type="submit" name="submit" value="<?php _e('OK') ?>" class="search" /></p>
+</form>
+<p>&nbsp</p>
+<?php
+               $this->footer();
+       }
+
+
+
+       function gm2autobr($string) { // transforms GM's |*| into b2's <br />\n
+               $string = str_replace("|*|","<br />\n",$string);
+               return($string);
+       }
+
+       function import() {
+               global $wpdb;
+
+               $wpvarstoreset = array('gmpath', 'archivespath', 'lastentry');
+               for ($i=0; $i<count($wpvarstoreset); $i += 1) {
+                       $wpvar = $wpvarstoreset[$i];
+                       if (!isset($$wpvar)) {
+                               if (empty($_POST["$wpvar"])) {
+                                       if (empty($_GET["$wpvar"])) {
+                                               $$wpvar = '';
+                                       } else {
+                                               $$wpvar = $_GET["$wpvar"];
+                                       }
+                               } else {
+                                       $$wpvar = $_POST["$wpvar"];
+                               }
+                       }
+               }
+
+               if (!chdir($archivespath))
+                       wp_die(__("Wrong path, the path to the GM entries does not exist on the server"));
+
+               if (!chdir($gmpath))
+                       wp_die(__("Wrong path, the path to the GM files does not exist on the server"));
+
+               $lastentry = (int) $lastentry;
+
+               $this->header();
+?>
+<p><?php _e('The importer is running...') ?></p>
+<ul>
+<li><?php _e('importing users...') ?><ul><?php
+
+       chdir($gmpath);
+       $userbase = file("gm-authors.cgi");
+
+       foreach($userbase as $user) {
+               $userdata=explode("|", $user);
+
+               $user_ip="127.0.0.1";
+               $user_domain="localhost";
+               $user_browser="server";
+
+               $s=$userdata[4];
+               $user_joindate=substr($s,6,4)."-".substr($s,0,2)."-".substr($s,3,2)." 00:00:00";
+
+               $user_login=$wpdb->escape($userdata[0]);
+               $pass1=$wpdb->escape($userdata[1]);
+               $user_nickname=$wpdb->escape($userdata[0]);
+               $user_email=$wpdb->escape($userdata[2]);
+               $user_url=$wpdb->escape($userdata[3]);
+               $user_joindate=$wpdb->escape($user_joindate);
+
+               $user_id = username_exists($user_login);
+               if ($user_id) {
+                       printf('<li>'.__('user %s').'<strong>'.__('Already exists').'</strong></li>', "<em>$user_login</em>");
+                       $this->gmnames[$userdata[0]] = $user_id;
+                       continue;
+               }
+
+               $user_info = array("user_login"=>"$user_login", "user_pass"=>"$pass1", "user_nickname"=>"$user_nickname", "user_email"=>"$user_email", "user_url"=>"$user_url", "user_ip"=>"$user_ip", "user_domain"=>"$user_domain", "user_browser"=>"$user_browser", "dateYMDhour"=>"$user_joindate", "user_level"=>"1", "user_idmode"=>"nickname");
+               $user_id = wp_insert_user($user_info);
+               $this->gmnames[$userdata[0]] = $user_id;
+
+               printf('<li>'.__('user %s...').' <strong>'.__('Done').'</strong></li>', "<em>$user_login</em>");
+       }
+
+?></ul><strong><?php _e('Done') ?></strong></li>
+<li><?php _e('importing posts, comments, and karma...') ?><br /><ul><?php
+
+       chdir($archivespath);
+
+       for($i = 0; $i <= $lastentry; $i = $i + 1) {
+
+               $entryfile = "";
+
+               if ($i<10000000) {
+                       $entryfile .= "0";
+                       if ($i<1000000) {
+                               $entryfile .= "0";
+                               if ($i<100000) {
+                                       $entryfile .= "0";
+                                       if ($i<10000) {
+                                               $entryfile .= "0";
+                                               if ($i<1000) {
+                                                       $entryfile .= "0";
+                                                       if ($i<100) {
+                                                               $entryfile .= "0";
+                                                               if ($i<10) {
+                                                                       $entryfile .= "0";
+               }}}}}}}
+
+               $entryfile .= "$i";
+
+               if (is_file($entryfile.".cgi")) {
+
+                       $entry=file($entryfile.".cgi");
+                       $postinfo=explode("|",$entry[0]);
+                       $postmaincontent=$this->gm2autobr($entry[2]);
+                       $postmorecontent=$this->gm2autobr($entry[3]);
+
+                       $post_author=trim($wpdb->escape($postinfo[1]));
+
+                       $post_title=$this->gm2autobr($postinfo[2]);
+                       printf('<li>'.__('entry # %s : %s : by %s'), $entryfile, $post_title, $postinfo[1]);
+                       $post_title=$wpdb->escape($post_title);
+
+                       $postyear=$postinfo[6];
+                       $postmonth=zeroise($postinfo[4],2);
+                       $postday=zeroise($postinfo[5],2);
+                       $posthour=zeroise($postinfo[7],2);
+                       $postminute=zeroise($postinfo[8],2);
+                       $postsecond=zeroise($postinfo[9],2);
+
+                       if (($postinfo[10]=="PM") && ($posthour!="12"))
+                               $posthour=$posthour+12;
+
+                       $post_date="$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
+
+                       $post_content=$postmaincontent;
+                       if (strlen($postmorecontent)>3)
+                               $post_content .= "<!--more--><br /><br />".$postmorecontent;
+                       $post_content=$wpdb->escape($post_content);
+
+                       $post_karma=$postinfo[12];
+
+                       $post_status = 'publish'; //in greymatter, there are no drafts
+                       $comment_status = 'open';
+                       $ping_status = 'closed';
+
+                       if ($post_ID = post_exists($post_title, '', $post_date)) {
+                               echo ' ';
+                               _e('(already exists)');
+                       } else {
+                               //just so that if a post already exists, new users are not created by checkauthor
+                               // we'll check the author is registered, or if it's a deleted author
+                               $user_id = username_exists($post_author);
+                               if (!$user_id) {        // if deleted from GM, we register the author as a level 0 user
+                                       $user_ip="127.0.0.1";
+                                       $user_domain="localhost";
+                                       $user_browser="server";
+                                       $user_joindate="1979-06-06 00:41:00";
+                                       $user_login=$wpdb->escape($post_author);
+                                       $pass1=$wpdb->escape("password");
+                                       $user_nickname=$wpdb->escape($post_author);
+                                       $user_email=$wpdb->escape("user@deleted.com");
+                                       $user_url=$wpdb->escape("");
+                                       $user_joindate=$wpdb->escape($user_joindate);
+
+                                       $user_info = array("user_login"=>$user_login, "user_pass"=>$pass1, "user_nickname"=>$user_nickname, "user_email"=>$user_email, "user_url"=>$user_url, "user_ip"=>$user_ip, "user_domain"=>$user_domain, "user_browser"=>$user_browser, "dateYMDhour"=>$user_joindate, "user_level"=>0, "user_idmode"=>"nickname");
+                                       $user_id = wp_insert_user($user_info);
+                                       $this->gmnames[$postinfo[1]] = $user_id;
+
+                                       echo ': ';
+                                       printf(__('registered deleted user %s at level 0 '), "<em>$user_login</em>");
+                               }
+
+                               if (array_key_exists($postinfo[1], $this->gmnames)) {
+                                       $post_author = $this->gmnames[$postinfo[1]];
+                               } else {
+                                       $post_author = $user_id;
+                               }
+
+                               $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt');
+                               $post_ID = wp_insert_post($postdata);
+                       }
+
+                       $c=count($entry);
+                       if ($c>4) {
+                               $numAddedComments = 0;
+                               $numComments = 0;
+                               for ($j=4;$j<$c;$j++) {
+                                       $entry[$j]=$this->gm2autobr($entry[$j]);
+                                       $commentinfo=explode("|",$entry[$j]);
+                                       $comment_post_ID=$post_ID;
+                                       $comment_author=$wpdb->escape($commentinfo[0]);
+                                       $comment_author_email=$wpdb->escape($commentinfo[2]);
+                                       $comment_author_url=$wpdb->escape($commentinfo[3]);
+                                       $comment_author_IP=$wpdb->escape($commentinfo[1]);
+
+                                       $commentyear=$commentinfo[7];
+                                       $commentmonth=zeroise($commentinfo[5],2);
+                                       $commentday=zeroise($commentinfo[6],2);
+                                       $commenthour=zeroise($commentinfo[8],2);
+                                       $commentminute=zeroise($commentinfo[9],2);
+                                       $commentsecond=zeroise($commentinfo[10],2);
+                                       if (($commentinfo[11]=="PM") && ($commenthour!="12"))
+                                               $commenthour=$commenthour+12;
+                                       $comment_date="$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond";
+
+                                       $comment_content=$wpdb->escape($commentinfo[12]);
+
+                                       if (!comment_exists($comment_author, $comment_date)) {
+                                               $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_content', 'comment_approved');
+                                               $commentdata = wp_filter_comment($commentdata);
+                                               wp_insert_comment($commentdata);
+                                               $numAddedComments++;
+                                       }
+                                       $numComments++;
+                               }
+                               if ($numAddedComments > 0) {
+                                       echo ': ';
+                                       printf(__('imported %d comment(s)'), $numAddedComments);
+                               }
+                               $preExisting = $numComments - numAddedComments;
+                               if ($preExisting > 0) {
+                                       echo ' ';
+                                       printf(__('ignored %d pre-existing comments'), $preExisting);
+                               }
+                       }
+                       echo '... <strong>'.__('Done').'</strong></li>';
+               }
+       }
+       ?>
+</ul><strong><?php _e('Done') ?></strong></li></ul>
+<p>&nbsp;</p>
+<p><?php _e('Completed GreyMatter import!') ?></p>
+<?php
+       $this->footer();
+       }
+
+       function dispatch() {
+               if (empty ($_GET['step']))
+                       $step = 0;
+               else
+                       $step = (int) $_GET['step'];
+
+               switch ($step) {
+                       case 0 :
+                               $this->greet();
+                               break;
+                       case 1:
+                               check_admin_referer('import-greymatter');
+                               $this->import();
+                               break;
+               }
+       }
+
+       function GM_Import() {
+               // Nothing.
+       }
+}
+
+$gm_import = new GM_Import();
+
+register_importer('greymatter', __('GreyMatter'), __('Import users, posts, and comments from a Greymatter blog'), array ($gm_import, 'dispatch'));
+?>
index e8c48c4ad93b4e8b87948b4115dcc96a3f0c9e83..3c9cdab76ac61ac6a521dc26d59c9c6cb90136fe 100644 (file)
@@ -80,7 +80,7 @@ class LJ_Import {
                        $comments = $comments[1];
                        
                        if ( $comments ) {
                        $comments = $comments[1];
                        
                        if ( $comments ) {
-                               $comment_post_ID = $post_id;
+                               $comment_post_ID = (int) $post_id;
                                $num_comments = 0;
                                foreach ($comments as $comment) {
                                        preg_match('|<event>(.*?)</event>|is', $comment, $comment_content);
                                $num_comments = 0;
                                foreach ($comments as $comment) {
                                        preg_match('|<event>(.*?)</event>|is', $comment, $comment_content);
@@ -153,6 +153,7 @@ class LJ_Import {
                                $this->greet();
                                break;
                        case 1 :
                                $this->greet();
                                break;
                        case 1 :
+                               check_admin_referer('import-upload');
                                $this->import();
                                break;
                }
                                $this->import();
                                break;
                }
@@ -167,5 +168,5 @@ class LJ_Import {
 
 $livejournal_import = new LJ_Import();
 
 
 $livejournal_import = new LJ_Import();
 
-register_importer('livejournal', 'LiveJournal', __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch'));
+register_importer('livejournal', __('LiveJournal'), __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch'));
 ?>
 ?>
index e5b6626122989deb7846f5ea4842dc438d236d0b..f02b06976457396856e099db001a56e14643c840 100644 (file)
@@ -11,7 +11,7 @@ class MT_Import {
 
        function header() {
                echo '<div class="wrap">';
 
        function header() {
                echo '<div class="wrap">';
-               echo '<h2>'.__('Import Movable Type').'</h2>';
+               echo '<h2>'.__('Import Movable Type and Typepad').'</h2>';
        }
 
        function footer() {
        }
 
        function footer() {
@@ -32,7 +32,7 @@ class MT_Import {
                global $wpdb, $testing;
                $users = $wpdb->get_results("SELECT * FROM $wpdb->users ORDER BY ID");
 ?><select name="userselect[<?php echo $n; ?>]">
                global $wpdb, $testing;
                $users = $wpdb->get_results("SELECT * FROM $wpdb->users ORDER BY ID");
 ?><select name="userselect[<?php echo $n; ?>]">
-       <option value="#NONE#">- Select -</option>
+       <option value="#NONE#"><?php _e('- Select -') ?></option>
        <?php
 
 
        <?php
 
 
@@ -134,6 +134,8 @@ class MT_Import {
 
        function mt_authors_form() {
 ?>
 
        function mt_authors_form() {
 ?>
+<div class="wrap">
+<h2><?php _e('Assign Authors'); ?></h2>
 <p><?php _e('To make it easier for you to edit and save the imported posts and drafts, you may want to change the name of the author of the posts. For example, you may want to import all the entries as <code>admin</code>s entries.'); ?></p>
 <p><?php _e('Below, you can see the names of the authors of the MovableType posts in <i>italics</i>. For each of these names, you can either pick an author in your WordPress installation from the menu, or enter a name for the author in the textbox.'); ?></p>
 <p><?php _e('If a new user is created by WordPress, the password will be set, by default, to "changeme". Quite suggestive, eh? ;)'); ?></p>
 <p><?php _e('To make it easier for you to edit and save the imported posts and drafts, you may want to change the name of the author of the posts. For example, you may want to import all the entries as <code>admin</code>s entries.'); ?></p>
 <p><?php _e('Below, you can see the names of the authors of the MovableType posts in <i>italics</i>. For each of these names, you can either pick an author in your WordPress installation from the menu, or enter a name for the author in the textbox.'); ?></p>
 <p><?php _e('If a new user is created by WordPress, the password will be set, by default, to "changeme". Quite suggestive, eh? ;)'); ?></p>
@@ -143,29 +145,32 @@ class MT_Import {
                $authors = $this->get_mt_authors();
                echo '<ol id="authors">';
                echo '<form action="?import=mt&amp;step=2&amp;id=' . $this->id . '" method="post">';
                $authors = $this->get_mt_authors();
                echo '<ol id="authors">';
                echo '<form action="?import=mt&amp;step=2&amp;id=' . $this->id . '" method="post">';
+               wp_nonce_field('import-mt');
                $j = -1;
                foreach ($authors as $author) {
                        ++ $j;
                $j = -1;
                foreach ($authors as $author) {
                        ++ $j;
-                       echo '<li><i>'.$author.'</i><br />'.'<input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30">';
+                       echo '<li>'.__('Current author:').' <strong>'.$author.'</strong><br />'.sprintf(__('Create user %1$s or map to existing'), ' <input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30"> <br />');
                        $this->users_form($j);
                        echo '</li>';
                }
 
                        $this->users_form($j);
                        echo '</li>';
                }
 
-               echo '<input type="submit" value="Submit">'.'<br/>';
+               echo '<input type="submit" value="'.__('Submit').'">'.'<br/>';
                echo '</form>';
                echo '</form>';
-               echo '</ol>';
+               echo '</ol></div>';
 
 
-               flush();
        }
 
        function select_authors() {
                $file = wp_import_handle_upload();
                if ( isset($file['error']) ) {
        }
 
        function select_authors() {
                $file = wp_import_handle_upload();
                if ( isset($file['error']) ) {
-                       echo $file['error'];
+                       $this->header();
+                       echo '<p>'.__('Sorry, there has been an error').'.</p>';
+                       echo '<p><strong>' . $file['error'] . '</strong></p>';
+                       $this->footer();
                        return;
                }
                $this->file = $file['file'];
                        return;
                }
                $this->file = $file['file'];
-               $this->id = $file['id'];
+               $this->id = (int) $file['id'];
 
                $this->get_entries();
                $this->mt_authors_form();
 
                $this->get_entries();
                $this->mt_authors_form();
@@ -174,7 +179,7 @@ class MT_Import {
        function process_posts() {
                global $wpdb;
                $i = -1;
        function process_posts() {
                global $wpdb;
                $i = -1;
-               echo "<ol>";
+               echo "<div class='wrap'><ol>";
                foreach ($this->posts as $post) {
                        if ('' != trim($post)) {
                                ++ $i;
                foreach ($this->posts as $post) {
                        if ('' != trim($post)) {
                                ++ $i;
@@ -289,7 +294,7 @@ class MT_Import {
                                        }
                                }
 
                                        }
                                }
 
-                               $comment_post_ID = $post_id;
+                               $comment_post_ID = (int) $post_id;
                                $comment_approved = 1;
 
                                // Now for comments
                                $comment_approved = 1;
 
                                // Now for comments
@@ -330,7 +335,7 @@ class MT_Import {
                                        }
                                }
                                if ( $num_comments )
                                        }
                                }
                                if ( $num_comments )
-                                       printf(__('(%s comments)'), $num_comments);
+                                       printf(' '.__('(%s comments)'), $num_comments);
 
                                // Finally the pings
                                // fix the double newline on the first one
 
                                // Finally the pings
                                // fix the double newline on the first one
@@ -378,22 +383,22 @@ class MT_Import {
                                        }
                                }
                                if ( $num_pings )
                                        }
                                }
                                if ( $num_pings )
-                                       printf(__('(%s pings)'), $num_pings);
-                               
+                                       printf(' '.__('(%s pings)'), $num_pings);
+
                                echo "</li>";
                        }
                                echo "</li>";
                        }
-                       flush();
                }
 
                echo '</ol>';
 
                wp_import_cleanup($this->id);
 
                }
 
                echo '</ol>';
 
                wp_import_cleanup($this->id);
 
-               echo '<h3>'.sprintf(__('All done. <a href="%s">Have fun!</a>'), get_option('home')).'</h3>';
+               echo '<h3>'.sprintf(__('All done. <a href="%s">Have fun!</a>'), get_option('home')).'</h3></div>';
        }
 
        function import() {
                $this->id = (int) $_GET['id'];
        }
 
        function import() {
                $this->id = (int) $_GET['id'];
+               
                $this->file = get_attached_file($this->id);
                $this->get_authors_from_post();
                $this->get_entries();
                $this->file = get_attached_file($this->id);
                $this->get_authors_from_post();
                $this->get_entries();
@@ -411,20 +416,22 @@ class MT_Import {
                                $this->greet();
                                break;
                        case 1 :
                                $this->greet();
                                break;
                        case 1 :
+                               check_admin_referer('import-upload');
                                $this->select_authors();
                                break;
                        case 2:
                                $this->select_authors();
                                break;
                        case 2:
+                               check_admin_referer('import-mt');
                                $this->import();
                                break;
                }
        }
 
        function MT_Import() {
                                $this->import();
                                break;
                }
        }
 
        function MT_Import() {
-               // Nothing.     
+               // Nothing.
        }
 }
 
 $mt_import = new MT_Import();
 
        }
 }
 
 $mt_import = new MT_Import();
 
-register_importer('mt', 'Movable Type', __('Import posts and comments from your Movable Type blog'), array ($mt_import, 'dispatch'));
+register_importer('mt', __('Movable Type and Typepad'), __('Imports <strong>posts and comments</strong> from your Movable Type or Typepad blog'), array ($mt_import, 'dispatch'));
 ?>
 ?>
index e4a81673df676a6b6a54dc331efb9e32a597b19f..187c8ac2459135f04d88c30ad8638533c36a751c 100644 (file)
@@ -38,21 +38,22 @@ class RSS_Import {
                $index = 0;
                foreach ($this->posts as $post) {
                        preg_match('|<title>(.*?)</title>|is', $post, $post_title);
                $index = 0;
                foreach ($this->posts as $post) {
                        preg_match('|<title>(.*?)</title>|is', $post, $post_title);
-                       $post_title = $wpdb->escape(trim($post_title[1]));
+                       $post_title = str_replace(array('<![CDATA[', ']]>'), '', $wpdb->escape( trim($post_title[1]) ));
 
 
-                       preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $post_date);
+                       preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $post_date_gmt);
 
 
-                       if ($post_date) {
-                               $post_date = strtotime($post_date[1]);
+                       if ($post_date_gmt) {
+                               $post_date_gmt = strtotime($post_date_gmt[1]);
                        } else {
                                // if we don't already have something from pubDate
                        } else {
                                // if we don't already have something from pubDate
-                               preg_match('|<dc:date>(.*?)</dc:date>|is', $post, $post_date);
-                               $post_date = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date[1]);
-                               $post_date = str_replace('T', ' ', $post_date);
-                               $post_date = strtotime($post_date);
+                               preg_match('|<dc:date>(.*?)</dc:date>|is', $post, $post_date_gmt);
+                               $post_date_gmt = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date_gmt[1]);
+                               $post_date_gmt = str_replace('T', ' ', $post_date_gmt);
+                               $post_date_gmt = strtotime($post_date_gmt);
                        }
 
                        }
 
-                       $post_date = gmdate('Y-m-d H:i:s', $post_date);
+                       $post_date_gmt = gmdate('Y-m-d H:i:s', $post_date_gmt);
+                       $post_date = get_date_from_gmt( $post_date_gmt );
 
                        preg_match_all('|<category>(.*?)</category>|is', $post, $categories);
                        $categories = $categories[1];
 
                        preg_match_all('|<category>(.*?)</category>|is', $post, $categories);
                        $categories = $categories[1];
@@ -90,7 +91,7 @@ class RSS_Import {
 
                        $post_author = 1;
                        $post_status = 'publish';
 
                        $post_author = 1;
                        $post_status = 'publish';
-                       $this->posts[$index] = compact('post_author', 'post_date', 'post_content', 'post_title', 'post_status', 'guid', 'categories');
+                       $this->posts[$index] = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_status', 'guid', 'categories');
                        $index++;
                }
        }
                        $index++;
                }
        }
@@ -153,6 +154,7 @@ class RSS_Import {
                                $this->greet();
                                break;
                        case 1 :
                                $this->greet();
                                break;
                        case 1 :
+                               check_admin_referer('import-upload');
                                $this->import();
                                break;
                }
                                $this->import();
                                break;
                }
@@ -167,5 +169,5 @@ class RSS_Import {
 
 $rss_import = new RSS_Import();
 
 
 $rss_import = new RSS_Import();
 
-register_importer('rss', 'RSS', __('Import posts from an RSS feed'), array ($rss_import, 'dispatch'));
+register_importer('rss', __('RSS'), __('Import posts from an RSS feed'), array ($rss_import, 'dispatch'));
 ?>
 ?>
index 44b0fc36755f16a41a411adcf9bc56f6966fa272..2d2b145e9e5577b7b07252afd2f9090ecf1951cf 100644 (file)
@@ -4,13 +4,13 @@
 **/
 if(!function_exists('get_catbynicename'))
 {
 **/
 if(!function_exists('get_catbynicename'))
 {
-       function get_catbynicename($category_nicename) 
+       function get_catbynicename($category_nicename)
        {
        global $wpdb;
        {
        global $wpdb;
-       
+
        $cat_id -= 0;   // force numeric
        $name = $wpdb->get_var('SELECT cat_ID FROM '.$wpdb->categories.' WHERE category_nicename="'.$category_nicename.'"');
        $cat_id -= 0;   // force numeric
        $name = $wpdb->get_var('SELECT cat_ID FROM '.$wpdb->categories.' WHERE category_nicename="'.$category_nicename.'"');
-       
+
        return $name;
        }
 }
        return $name;
        }
 }
@@ -49,15 +49,18 @@ class Textpattern_Import {
        {
                echo '</div>';
        }
        {
                echo '</div>';
        }
-       
-       function greet() 
-       {
-               echo '<p>'.__('Howdy! This importer allows you to extract posts from any Textpattern 4.0.2+ into your blog. This has not been tested on previous versions of Textpattern.  Mileage may vary.').'</p>';
+
+       function greet() {
+               echo '<div class="narrow">';
+               echo '<p>'.__('Howdy! This imports categories, users, posts, comments, and links from any Textpattern 4.0.2+ into this blog.').'</p>';
+               echo '<p>'.__('This has not been tested on previous versions of Textpattern.  Mileage may vary.').'</p>';
                echo '<p>'.__('Your Textpattern Configuration settings are as follows:').'</p>';
                echo '<form action="admin.php?import=textpattern&amp;step=1" method="post">';
                echo '<p>'.__('Your Textpattern Configuration settings are as follows:').'</p>';
                echo '<form action="admin.php?import=textpattern&amp;step=1" method="post">';
+               wp_nonce_field('import-textpattern');
                $this->db_form();
                $this->db_form();
-               echo '<input type="submit" name="submit" value="'.__('Import Categories').'" />';
+               echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories &raquo;')).'" /></p>';
                echo '</form>';
                echo '</form>';
+               echo '</div>';
        }
 
        function get_txp_cats()
        }
 
        function get_txp_cats()
@@ -67,17 +70,17 @@ class Textpattern_Import {
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
-               
+
                // Get Categories
                // Get Categories
-               return $txpdb->get_results('SELECT 
-                                                                               id,
-                                                                               name,
-                                                                               title
-                                                                        FROM '.$prefix.'txp_category 
-                                                                        WHERE type = "article"', 
-                                                                        ARRAY_A);
+               return $txpdb->get_results('SELECT
+                       id,
+                       name,
+                       title
+                       FROM '.$prefix.'txp_category
+                       WHERE type = "article"',
+                       ARRAY_A);
        }
        }
-       
+
        function get_txp_users()
        {
                global $wpdb;
        function get_txp_users()
        {
                global $wpdb;
@@ -85,44 +88,44 @@ class Textpattern_Import {
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
-               
+
                // Get Users
                // Get Users
-               
+
                return $txpdb->get_results('SELECT
                return $txpdb->get_results('SELECT
-                                                                               user_id,
-                                                                               name,
-                                                                               RealName,
-                                                                               email,
-                                                                               privs
-                                                                       FROM '.$prefix.'txp_users', ARRAY_A);
+                       user_id,
+                       name,
+                       RealName,
+                       email,
+                       privs
+                       FROM '.$prefix.'txp_users', ARRAY_A);
        }
        }
-       
+
        function get_txp_posts()
        {
                // General Housekeeping
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
        function get_txp_posts()
        {
                // General Housekeeping
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
-               
+
                // Get Posts
                // Get Posts
-               return $txpdb->get_results('SELECT 
-                                                                               ID,
-                                                                               Posted,
-                                                                               AuthorID,
-                                                                               LastMod,
-                                                                               Title,
-                                                                               Body,
-                                                                               Excerpt,
-                                                                               Category1,
-                                                                               Category2,
-                                                                               Status,
-                                                                               Keywords,
-                                                                               url_title,
-                                                                               comments_count
-                                                                       FROM '.$prefix.'textpattern
-                                                                       ', ARRAY_A);
+               return $txpdb->get_results('SELECT
+                       ID,
+                       Posted,
+                       AuthorID,
+                       LastMod,
+                       Title,
+                       Body,
+                       Excerpt,
+                       Category1,
+                       Category2,
+                       Status,
+                       Keywords,
+                       url_title,
+                       comments_count
+                       FROM '.$prefix.'textpattern
+                       ', ARRAY_A);
        }
        }
-       
+
        function get_txp_comments()
        {
                global $wpdb;
        function get_txp_comments()
        {
                global $wpdb;
@@ -130,30 +133,30 @@ class Textpattern_Import {
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
-               
+
                // Get Comments
                return $txpdb->get_results('SELECT * FROM '.$prefix.'txp_discuss', ARRAY_A);
        }
                // Get Comments
                return $txpdb->get_results('SELECT * FROM '.$prefix.'txp_discuss', ARRAY_A);
        }
-       
+
                function get_txp_links()
        {
                //General Housekeeping
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
                function get_txp_links()
        {
                //General Housekeeping
                $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
                set_magic_quotes_runtime(0);
                $prefix = get_option('tpre');
-               
-               return $txpdb->get_results('SELECT 
-                                                                               id,
-                                                                               date,
-                                                                               category,
-                                                                               url,
-                                                                               linkname,
-                                                                               description
-                                                                         FROM '.$prefix.'txp_link', 
-                                                                         ARRAY_A);                                               
+
+               return $txpdb->get_results('SELECT
+                       id,
+                       date,
+                       category,
+                       url,
+                       linkname,
+                       description
+                       FROM '.$prefix.'txp_link',
+                       ARRAY_A);
        }
        }
-       
-       function cat2wp($categories='') 
+
+       function cat2wp($categories='')
        {
                // General Housekeeping
                global $wpdb;
        {
                // General Housekeeping
                global $wpdb;
@@ -163,16 +166,16 @@ class Textpattern_Import {
                if(is_array($categories))
                {
                        echo '<p>'.__('Importing Categories...').'<br /><br /></p>';
                if(is_array($categories))
                {
                        echo '<p>'.__('Importing Categories...').'<br /><br /></p>';
-                       foreach ($categories as $category) 
+                       foreach ($categories as $category)
                        {
                                $count++;
                                extract($category);
                        {
                                $count++;
                                extract($category);
-                               
-                               
+
+
                                // Make Nice Variables
                                $name = $wpdb->escape($name);
                                $title = $wpdb->escape($title);
                                // Make Nice Variables
                                $name = $wpdb->escape($name);
                                $title = $wpdb->escape($title);
-                               
+
                                if($cinfo = category_exists($name))
                                {
                                        $ret_id = wp_insert_category(array('cat_ID' => $cinfo, 'category_nicename' => $name, 'cat_name' => $title));
                                if($cinfo = category_exists($name))
                                {
                                        $ret_id = wp_insert_category(array('cat_ID' => $cinfo, 'category_nicename' => $name, 'cat_name' => $title));
@@ -183,7 +186,7 @@ class Textpattern_Import {
                                }
                                $txpcat2wpcat[$id] = $ret_id;
                        }
                                }
                                $txpcat2wpcat[$id] = $ret_id;
                        }
-                       
+
                        // Store category translation for future use
                        add_option('txpcat2wpcat',$txpcat2wpcat);
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> categories imported.'), $count).'<br /><br /></p>';
                        // Store category translation for future use
                        add_option('txpcat2wpcat',$txpcat2wpcat);
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> categories imported.'), $count).'<br /><br /></p>';
@@ -192,14 +195,14 @@ class Textpattern_Import {
                echo __('No Categories to Import!');
                return false;
        }
                echo __('No Categories to Import!');
                return false;
        }
-       
+
        function users2wp($users='')
        {
                // General Housekeeping
                global $wpdb;
                $count = 0;
                $txpid2wpid = array();
        function users2wp($users='')
        {
                // General Housekeeping
                global $wpdb;
                $count = 0;
                $txpid2wpid = array();
-               
+
                // Midnight Mojo
                if(is_array($users))
                {
                // Midnight Mojo
                if(is_array($users))
                {
@@ -208,14 +211,14 @@ class Textpattern_Import {
                        {
                                $count++;
                                extract($user);
                        {
                                $count++;
                                extract($user);
-                               
+
                                // Make Nice Variables
                                $name = $wpdb->escape($name);
                                $RealName = $wpdb->escape($RealName);
                                // Make Nice Variables
                                $name = $wpdb->escape($name);
                                $RealName = $wpdb->escape($RealName);
-                               
+
                                if($uinfo = get_userdatabylogin($name))
                                {
                                if($uinfo = get_userdatabylogin($name))
                                {
-                                       
+
                                        $ret_id = wp_insert_user(array(
                                                                'ID'                    => $uinfo->ID,
                                                                'user_login'    => $name,
                                        $ret_id = wp_insert_user(array(
                                                                'ID'                    => $uinfo->ID,
                                                                'user_login'    => $name,
@@ -225,7 +228,7 @@ class Textpattern_Import {
                                                                'display_name'  => $name)
                                                                );
                                }
                                                                'display_name'  => $name)
                                                                );
                                }
-                               else 
+                               else
                                {
                                        $ret_id = wp_insert_user(array(
                                                                'user_login'    => $name,
                                {
                                        $ret_id = wp_insert_user(array(
                                                                'user_login'    => $name,
@@ -236,10 +239,10 @@ class Textpattern_Import {
                                                                );
                                }
                                $txpid2wpid[$user_id] = $ret_id;
                                                                );
                                }
                                $txpid2wpid[$user_id] = $ret_id;
-                               
+
                                // Set Textpattern-to-WordPress permissions translation
                                $transperms = array(1 => '10', 2 => '9', 3 => '5', 4 => '4', 5 => '3', 6 => '2', 7 => '0');
                                // Set Textpattern-to-WordPress permissions translation
                                $transperms = array(1 => '10', 2 => '9', 3 => '5', 4 => '4', 5 => '3', 6 => '2', 7 => '0');
-                               
+
                                // Update Usermeta Data
                                $user = new WP_User($ret_id);
                                if('10' == $transperms[$privs]) { $user->set_role('administrator'); }
                                // Update Usermeta Data
                                $user = new WP_User($ret_id);
                                if('10' == $transperms[$privs]) { $user->set_role('administrator'); }
@@ -249,24 +252,24 @@ class Textpattern_Import {
                                if('3'  == $transperms[$privs]) { $user->set_role('contributor'); }
                                if('2'  == $transperms[$privs]) { $user->set_role('contributor'); }
                                if('0'  == $transperms[$privs]) { $user->set_role('subscriber'); }
                                if('3'  == $transperms[$privs]) { $user->set_role('contributor'); }
                                if('2'  == $transperms[$privs]) { $user->set_role('contributor'); }
                                if('0'  == $transperms[$privs]) { $user->set_role('subscriber'); }
-                               
+
                                update_usermeta( $ret_id, 'wp_user_level', $transperms[$privs] );
                                update_usermeta( $ret_id, 'rich_editing', 'false');
                        }// End foreach($users as $user)
                                update_usermeta( $ret_id, 'wp_user_level', $transperms[$privs] );
                                update_usermeta( $ret_id, 'rich_editing', 'false');
                        }// End foreach($users as $user)
-                       
+
                        // Store id translation array for future use
                        add_option('txpid2wpid',$txpid2wpid);
                        // Store id translation array for future use
                        add_option('txpid2wpid',$txpid2wpid);
-                       
-                       
+
+
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> users imported.'), $count).'<br /><br /></p>';
                        return true;
                }// End if(is_array($users)
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> users imported.'), $count).'<br /><br /></p>';
                        return true;
                }// End if(is_array($users)
-               
+
                echo __('No Users to Import!');
                return false;
                echo __('No Users to Import!');
                return false;
-               
+
        }// End function user2wp()
        }// End function user2wp()
-       
+
        function posts2wp($posts='')
        {
                // General Housekeeping
        function posts2wp($posts='')
        {
                // General Housekeeping
@@ -283,10 +286,10 @@ class Textpattern_Import {
                        {
                                $count++;
                                extract($post);
                        {
                                $count++;
                                extract($post);
-                               
+
                                // Set Textpattern-to-WordPress status translation
                                $stattrans = array(1 => 'draft', 2 => 'private', 3 => 'draft', 4 => 'publish', 5 => 'publish');
                                // Set Textpattern-to-WordPress status translation
                                $stattrans = array(1 => 'draft', 2 => 'private', 3 => 'draft', 4 => 'publish', 5 => 'publish');
-                               
+
                                //Can we do this more efficiently?
                                $uinfo = ( get_userdatabylogin( $AuthorID ) ) ? get_userdatabylogin( $AuthorID ) : 1;
                                $authorid = ( is_object( $uinfo ) ) ? $uinfo->ID : $uinfo ;
                                //Can we do this more efficiently?
                                $uinfo = ( get_userdatabylogin( $AuthorID ) ) ? get_userdatabylogin( $AuthorID ) : 1;
                                $authorid = ( is_object( $uinfo ) ) ? $uinfo->ID : $uinfo ;
@@ -295,59 +298,59 @@ class Textpattern_Import {
                                $Body = $wpdb->escape($Body);
                                $Excerpt = $wpdb->escape($Excerpt);
                                $post_status = $stattrans[$Status];
                                $Body = $wpdb->escape($Body);
                                $Excerpt = $wpdb->escape($Excerpt);
                                $post_status = $stattrans[$Status];
-                               
+
                                // Import Post data into WordPress
                                // Import Post data into WordPress
-                               
+
                                if($pinfo = post_exists($Title,$Body))
                                {
                                        $ret_id = wp_insert_post(array(
                                if($pinfo = post_exists($Title,$Body))
                                {
                                        $ret_id = wp_insert_post(array(
-                                                       'ID'                            => $pinfo,
-                                                       'post_date'                     => $Posted,
-                                                       'post_date_gmt'         => $post_date_gmt,
-                                                       'post_author'           => $authorid,
-                                                       'post_modified'         => $LastMod,
-                                                       'post_modified_gmt' => $post_modified_gmt,
-                                                       'post_title'            => $Title,
-                                                       'post_content'          => $Body,
-                                                       'post_excerpt'          => $Excerpt,
-                                                       'post_status'           => $post_status,
-                                                       'post_name'                     => $url_title,
-                                                       'comment_count'         => $comments_count)
-                                                       );
+                                               'ID'                            => $pinfo,
+                                               'post_date'                     => $Posted,
+                                               'post_date_gmt'         => $post_date_gmt,
+                                               'post_author'           => $authorid,
+                                               'post_modified'         => $LastMod,
+                                               'post_modified_gmt' => $post_modified_gmt,
+                                               'post_title'            => $Title,
+                                               'post_content'          => $Body,
+                                               'post_excerpt'          => $Excerpt,
+                                               'post_status'           => $post_status,
+                                               'post_name'                     => $url_title,
+                                               'comment_count'         => $comments_count)
+                                               );
                                }
                                }
-                               else 
+                               else
                                {
                                        $ret_id = wp_insert_post(array(
                                {
                                        $ret_id = wp_insert_post(array(
-                                                       'post_date'                     => $Posted,
-                                                       'post_date_gmt'         => $post_date_gmt,
-                                                       'post_author'           => $authorid,
-                                                       'post_modified'         => $LastMod,
-                                                       'post_modified_gmt' => $post_modified_gmt,
-                                                       'post_title'            => $Title,
-                                                       'post_content'          => $Body,
-                                                       'post_excerpt'          => $Excerpt,
-                                                       'post_status'           => $post_status,
-                                                       'post_name'                     => $url_title,
-                                                       'comment_count'         => $comments_count)
-                                                       );
+                                               'post_date'                     => $Posted,
+                                               'post_date_gmt'         => $post_date_gmt,
+                                               'post_author'           => $authorid,
+                                               'post_modified'         => $LastMod,
+                                               'post_modified_gmt' => $post_modified_gmt,
+                                               'post_title'            => $Title,
+                                               'post_content'          => $Body,
+                                               'post_excerpt'          => $Excerpt,
+                                               'post_status'           => $post_status,
+                                               'post_name'                     => $url_title,
+                                               'comment_count'         => $comments_count)
+                                               );
                                }
                                $txpposts2wpposts[$ID] = $ret_id;
                                }
                                $txpposts2wpposts[$ID] = $ret_id;
-                               
+
                                // Make Post-to-Category associations
                                $cats = array();
                                if($cat1 = get_catbynicename($Category1)) { $cats[1] = $cat1; }
                                if($cat2 = get_catbynicename($Category2)) { $cats[2] = $cat2; }
 
                                // Make Post-to-Category associations
                                $cats = array();
                                if($cat1 = get_catbynicename($Category1)) { $cats[1] = $cat1; }
                                if($cat2 = get_catbynicename($Category2)) { $cats[2] = $cat2; }
 
-                               if(!empty($cats)) { wp_set_post_cats('', $ret_id, $cats); }
+                               if(!empty($cats)) { wp_set_post_categories($ret_id, $cats); }
                        }
                }
                // Store ID translation for later use
                add_option('txpposts2wpposts',$txpposts2wpposts);
                        }
                }
                // Store ID translation for later use
                add_option('txpposts2wpposts',$txpposts2wpposts);
-               
+
                echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> posts imported.'), $count).'<br /><br /></p>';
                echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> posts imported.'), $count).'<br /><br /></p>';
-               return true;    
+               return true;
        }
        }
-       
+
        function comments2wp($comments='')
        {
                // General Housekeeping
        function comments2wp($comments='')
        {
                // General Housekeeping
@@ -355,7 +358,7 @@ class Textpattern_Import {
                $count = 0;
                $txpcm2wpcm = array();
                $postarr = get_option('txpposts2wpposts');
                $count = 0;
                $txpcm2wpcm = array();
                $postarr = get_option('txpposts2wpposts');
-               
+
                // Magic Mojo
                if(is_array($comments))
                {
                // Magic Mojo
                if(is_array($comments))
                {
@@ -364,7 +367,7 @@ class Textpattern_Import {
                        {
                                $count++;
                                extract($comment);
                        {
                                $count++;
                                extract($comment);
-                               
+
                                // WordPressify Data
                                $comment_ID = ltrim($discussid, '0');
                                $comment_post_ID = $postarr[$parentid];
                                // WordPressify Data
                                $comment_ID = ltrim($discussid, '0');
                                $comment_post_ID = $postarr[$parentid];
@@ -373,57 +376,57 @@ class Textpattern_Import {
                                $email = $wpdb->escape($email);
                                $web = $wpdb->escape($web);
                                $message = $wpdb->escape($message);
                                $email = $wpdb->escape($email);
                                $web = $wpdb->escape($web);
                                $message = $wpdb->escape($message);
-                               
+
                                if($cinfo = comment_exists($name, $posted))
                                {
                                        // Update comments
                                        $ret_id = wp_update_comment(array(
                                if($cinfo = comment_exists($name, $posted))
                                {
                                        // Update comments
                                        $ret_id = wp_update_comment(array(
-                                                       'comment_ID'                    => $cinfo,
-                                                       'comment_post_ID'               => $comment_post_ID,
-                                                       'comment_author'                => $name,
-                                                       'comment_author_email'  => $email,
-                                                       'comment_author_url'    => $web,
-                                                       'comment_date'                  => $posted,
-                                                       'comment_content'               => $message,
-                                                       'comment_approved'              => $comment_approved)
-                                                       );
+                                               'comment_ID'                    => $cinfo,
+                                               'comment_post_ID'               => $comment_post_ID,
+                                               'comment_author'                => $name,
+                                               'comment_author_email'  => $email,
+                                               'comment_author_url'    => $web,
+                                               'comment_date'                  => $posted,
+                                               'comment_content'               => $message,
+                                               'comment_approved'              => $comment_approved)
+                                               );
                                }
                                }
-                               else 
+                               else
                                {
                                        // Insert comments
                                        $ret_id = wp_insert_comment(array(
                                {
                                        // Insert comments
                                        $ret_id = wp_insert_comment(array(
-                                                       'comment_post_ID'               => $comment_post_ID,
-                                                       'comment_author'                => $name,
-                                                       'comment_author_email'  => $email,
-                                                       'comment_author_url'    => $web,
-                                                       'comment_author_IP'             => $ip,
-                                                       'comment_date'                  => $posted,
-                                                       'comment_content'               => $message,
-                                                       'comment_approved'              => $comment_approved)
-                                                       );
+                                               'comment_post_ID'               => $comment_post_ID,
+                                               'comment_author'                => $name,
+                                               'comment_author_email'  => $email,
+                                               'comment_author_url'    => $web,
+                                               'comment_author_IP'             => $ip,
+                                               'comment_date'                  => $posted,
+                                               'comment_content'               => $message,
+                                               'comment_approved'              => $comment_approved)
+                                               );
                                }
                                $txpcm2wpcm[$comment_ID] = $ret_id;
                        }
                        // Store Comment ID translation for future use
                                }
                                $txpcm2wpcm[$comment_ID] = $ret_id;
                        }
                        // Store Comment ID translation for future use
-                       add_option('txpcm2wpcm', $txpcm2wpcm);                  
-                       
+                       add_option('txpcm2wpcm', $txpcm2wpcm);
+
                        // Associate newly formed categories with posts
                        get_comment_count($ret_id);
                        // Associate newly formed categories with posts
                        get_comment_count($ret_id);
-                       
-                       
+
+
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> comments imported.'), $count).'<br /><br /></p>';
                        return true;
                }
                echo __('No Comments to Import!');
                return false;
        }
                        echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> comments imported.'), $count).'<br /><br /></p>';
                        return true;
                }
                echo __('No Comments to Import!');
                return false;
        }
-       
+
        function links2wp($links='')
        {
                // General Housekeeping
                global $wpdb;
                $count = 0;
        function links2wp($links='')
        {
                // General Housekeeping
                global $wpdb;
                $count = 0;
-               
+
                // Deal with the links
                if(is_array($links))
                {
                // Deal with the links
                if(is_array($links))
                {
@@ -432,12 +435,12 @@ class Textpattern_Import {
                        {
                                $count++;
                                extract($link);
                        {
                                $count++;
                                extract($link);
-                               
+
                                // Make nice vars
                                $category = $wpdb->escape($category);
                                $linkname = $wpdb->escape($linkname);
                                $description = $wpdb->escape($description);
                                // Make nice vars
                                $category = $wpdb->escape($category);
                                $linkname = $wpdb->escape($linkname);
                                $description = $wpdb->escape($description);
-                               
+
                                if($linfo = link_exists($linkname))
                                {
                                        $ret_id = wp_insert_link(array(
                                if($linfo = link_exists($linkname))
                                {
                                        $ret_id = wp_insert_link(array(
@@ -449,7 +452,7 @@ class Textpattern_Import {
                                                                'link_updated'          => $date)
                                                                );
                                }
                                                                'link_updated'          => $date)
                                                                );
                                }
-                               else 
+                               else
                                {
                                        $ret_id = wp_insert_link(array(
                                                                'link_url'                      => $url,
                                {
                                        $ret_id = wp_insert_link(array(
                                                                'link_url'                      => $url,
@@ -470,67 +473,72 @@ class Textpattern_Import {
                echo __('No Links to Import!');
                return false;
        }
                echo __('No Links to Import!');
                return false;
        }
-               
-       function import_categories() 
-       {       
-               // Category Import      
+
+       function import_categories()
+       {
+               // Category Import
                $cats = $this->get_txp_cats();
                $this->cat2wp($cats);
                add_option('txp_cats', $cats);
                $cats = $this->get_txp_cats();
                $this->cat2wp($cats);
                add_option('txp_cats', $cats);
-               
-               
-                       
+
+
+
                echo '<form action="admin.php?import=textpattern&amp;step=2" method="post">';
                echo '<form action="admin.php?import=textpattern&amp;step=2" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
+               wp_nonce_field('import-textpattern');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
                echo '</form>';
 
        }
                echo '</form>';
 
        }
-       
+
        function import_users()
        {
                // User Import
        function import_users()
        {
                // User Import
-               $users = $this->get_txp_users(); 
+               $users = $this->get_txp_users();
                $this->users2wp($users);
                $this->users2wp($users);
-               
+
                echo '<form action="admin.php?import=textpattern&amp;step=3" method="post">';
                echo '<form action="admin.php?import=textpattern&amp;step=3" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
+               wp_nonce_field('import-textpattern');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
                echo '</form>';
        }
                echo '</form>';
        }
-       
+
        function import_posts()
        {
                // Post Import
                $posts = $this->get_txp_posts();
                $this->posts2wp($posts);
        function import_posts()
        {
                // Post Import
                $posts = $this->get_txp_posts();
                $this->posts2wp($posts);
-               
+
                echo '<form action="admin.php?import=textpattern&amp;step=4" method="post">';
                echo '<form action="admin.php?import=textpattern&amp;step=4" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
+               wp_nonce_field('import-textpattern');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
                echo '</form>';
        }
                echo '</form>';
        }
-       
+
        function import_comments()
        {
                // Comment Import
                $comments = $this->get_txp_comments();
                $this->comments2wp($comments);
        function import_comments()
        {
                // Comment Import
                $comments = $this->get_txp_comments();
                $this->comments2wp($comments);
-               
+
                echo '<form action="admin.php?import=textpattern&amp;step=5" method="post">';
                echo '<form action="admin.php?import=textpattern&amp;step=5" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
+               wp_nonce_field('import-textpattern');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
                echo '</form>';
        }
                echo '</form>';
        }
-       
+
        function import_links()
        {
                //Link Import
                $links = $this->get_txp_links();
                $this->links2wp($links);
                add_option('txp_links', $links);
        function import_links()
        {
                //Link Import
                $links = $this->get_txp_links();
                $this->links2wp($links);
                add_option('txp_links', $links);
-               
+
                echo '<form action="admin.php?import=textpattern&amp;step=6" method="post">';
                echo '<form action="admin.php?import=textpattern&amp;step=6" method="post">';
-               printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
+               wp_nonce_field('import-textpattern');
+               printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
                echo '</form>';
        }
                echo '</form>';
        }
-       
+
        function cleanup_txpimport()
        {
                delete_option('tpre');
        function cleanup_txpimport()
        {
                delete_option('tpre');
@@ -546,7 +554,7 @@ class Textpattern_Import {
                delete_option('txphost');
                $this->tips();
        }
                delete_option('txphost');
                $this->tips();
        }
-       
+
        function tips()
        {
                echo '<p>'.__('Welcome to WordPress.  We hope (and expect!) that you will find this platform incredibly rewarding!  As a new WordPress user coming from Textpattern, there are some things that we would like to point out.  Hopefully, they will help your transition go as smoothly as possible.').'</p>';
        function tips()
        {
                echo '<p>'.__('Welcome to WordPress.  We hope (and expect!) that you will find this platform incredibly rewarding!  As a new WordPress user coming from Textpattern, there are some things that we would like to point out.  Hopefully, they will help your transition go as smoothly as possible.').'</p>';
@@ -555,29 +563,29 @@ class Textpattern_Import {
                echo '<h3>'.__('Preserving Authors').'</h3>';
                echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
                echo '<h3>'.__('Textile').'</h3>';
                echo '<h3>'.__('Preserving Authors').'</h3>';
                echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
                echo '<h3>'.__('Textile').'</h3>';
-               echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/2004/04/19/wordpress-plugin-textile-20/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
+               echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
                echo '<h3>'.__('WordPress Resources').'</h3>';
                echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
                echo '<ul>';
                echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
                echo '<h3>'.__('WordPress Resources').'</h3>';
                echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
                echo '<ul>';
                echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
-               echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums').'</li>';
+               echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
                echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
                echo '</ul>';
                echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
        }
                echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
                echo '</ul>';
                echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
        }
-       
+
        function db_form()
        {
        function db_form()
        {
-               echo '<ul>';
-               printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Textpattern Database User:'));
-               printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Textpattern Database Password:'));
-               printf('<li><label for="dbname">%s</label> <input type="text" id="dbname" name="dbname" /></li>', __('Textpattern Database Name:'));
-               printf('<li><label for="dbhost">%s</label> <input type="text" id="dbhost" name="dbhost" value="localhost" /></li>', __('Textpattern Database Host:'));
-               printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" id="dbprefix"  /></li>', __('Textpattern Table prefix (if any):'));
-               echo '</ul>';
+               echo '<table class="editform">';
+               printf('<tr><th scope="row"><label for="dbuser">%s</label></th><td><input type="text" name="dbuser" id="dbuser" /></td></tr>', __('Textpattern Database User:'));
+               printf('<tr><th scope="row"><label for="dbpass">%s</label></th><td><input type="password" name="dbpass" id="dbpass" /></td></tr>', __('Textpattern Database Password:'));
+               printf('<tr><th scope="row"><label for="dbname">%s</label></th><td><input type="text" id="dbname" name="dbname" /></td></tr>', __('Textpattern Database Name:'));
+               printf('<tr><th scope="row"><label for="dbhost">%s</label></th><td><input type="text" id="dbhost" name="dbhost" value="localhost" /></td></tr>', __('Textpattern Database Host:'));
+               printf('<tr><th scope="row"><label for="dbprefix">%s</label></th><td><input type="text" name="dbprefix" id="dbprefix"  /></td></tr>', __('Textpattern Table prefix (if any):'));
+               echo '</table>';
        }
        }
-       
-       function dispatch() 
+
+       function dispatch()
        {
 
                if (empty ($_GET['step']))
        {
 
                if (empty ($_GET['step']))
@@ -585,45 +593,47 @@ class Textpattern_Import {
                else
                        $step = (int) $_GET['step'];
                $this->header();
                else
                        $step = (int) $_GET['step'];
                $this->header();
-               
-               if ( $step > 0 ) 
+
+               if ( $step > 0 )
                {
                {
+                       check_admin_referer('import-textpattern');
+
                        if($_POST['dbuser'])
                        {
                                if(get_option('txpuser'))
                        if($_POST['dbuser'])
                        {
                                if(get_option('txpuser'))
-                                       delete_option('txpuser');       
-                               add_option('txpuser',$_POST['dbuser']);
+                                       delete_option('txpuser');
+                               add_option('txpuser', sanitize_user($_POST['dbuser'], true));
                        }
                        if($_POST['dbpass'])
                        {
                                if(get_option('txppass'))
                        }
                        if($_POST['dbpass'])
                        {
                                if(get_option('txppass'))
-                                       delete_option('txppass');       
-                               add_option('txppass',$_POST['dbpass']);
+                                       delete_option('txppass');
+                               add_option('txppass',  sanitize_user($_POST['dbpass'], true));
                        }
                        }
-                       
+
                        if($_POST['dbname'])
                        {
                                if(get_option('txpname'))
                        if($_POST['dbname'])
                        {
                                if(get_option('txpname'))
-                                       delete_option('txpname');       
-                               add_option('txpname',$_POST['dbname']);
+                                       delete_option('txpname');
+                               add_option('txpname',  sanitize_user($_POST['dbname'], true));
                        }
                        if($_POST['dbhost'])
                        {
                                if(get_option('txphost'))
                                        delete_option('txphost');
                        }
                        if($_POST['dbhost'])
                        {
                                if(get_option('txphost'))
                                        delete_option('txphost');
-                               add_option('txphost',$_POST['dbhost']); 
+                               add_option('txphost',  sanitize_user($_POST['dbhost'], true));
                        }
                        if($_POST['dbprefix'])
                        {
                                if(get_option('tpre'))
                                        delete_option('tpre');
                        }
                        if($_POST['dbprefix'])
                        {
                                if(get_option('tpre'))
                                        delete_option('tpre');
-                               add_option('tpre',$_POST['dbprefix']); 
-                       }                       
+                               add_option('tpre',  sanitize_user($_POST['dbprefix']));
+                       }
 
 
                }
 
 
 
                }
 
-               switch ($step) 
+               switch ($step)
                {
                        default:
                        case 0 :
                {
                        default:
                        case 0 :
@@ -648,16 +658,16 @@ class Textpattern_Import {
                                $this->cleanup_txpimport();
                                break;
                }
                                $this->cleanup_txpimport();
                                break;
                }
-               
+
                $this->footer();
        }
 
                $this->footer();
        }
 
-       function Textpattern_Import() 
+       function Textpattern_Import()
        {
        {
-               // Nothing.     
+               // Nothing.
        }
 }
 
 $txp_import = new Textpattern_Import();
        }
 }
 
 $txp_import = new Textpattern_Import();
-register_importer('textpattern', 'Textpattern', __('Import posts from a Textpattern Blog'), array ($txp_import, 'dispatch'));
+register_importer('textpattern', __('Textpattern'), __('Import categories, users, posts, comments, and links from a Textpattern blog'), array ($txp_import, 'dispatch'));
 ?>
 ?>
index a951efd863d16109e6e064757521cabeadfcdac5..734b349e64c1518d818392ded300c5569f4c6cd0 100644 (file)
@@ -25,7 +25,7 @@ if ( isset($rss->items) && 0 != count($rss->items) ) {
 $rss->items = array_slice($rss->items, 0, 10);
 foreach ($rss->items as $item ) {
 ?>
 $rss->items = array_slice($rss->items, 0, 10);
 foreach ($rss->items as $item ) {
 ?>
-       <li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wp_specialchars($item['title']); ?></a></li>
+       <li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wptexturize(wp_specialchars($item['title'])); ?></a></li>
 <?php } ?>
 </ul>
 </div>
 <?php } ?>
 </ul>
 </div>
index d0bd82503b9b5977a676df07b7842ad6629f0fd3..212f1159f0ebd9fa49c74a44195ea83fd1031a19 100644 (file)
@@ -24,6 +24,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
        }
 }
 
        }
 }
 
+$all = ( 'true' == $all ) ? 'true' : 'false';
+$start = (int) $start;
 $post = (int) $post;
 $images_width = 1;
 
 $post = (int) $post;
 $images_width = 1;
 
@@ -238,7 +240,7 @@ srcb[{$ID}] = '{$image['guid']}';
                        $xpadding = (128 - $image['uwidth']) / 2;
                        $ypadding = (96 - $image['uheight']) / 2;
                        $style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
                        $xpadding = (128 - $image['uwidth']) / 2;
                        $ypadding = (96 - $image['uheight']) / 2;
                        $style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
-                       $title = wp_specialchars($image['post_title'], ENT_QUOTES);
+                       $title = attribute_escape($image['post_title']);
                        $script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
                        $script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
@@ -258,7 +260,7 @@ imgb[{$ID}] = '<img id=\"image{$ID}\" src=\"{$image['guid']}\" alt=\"{$title}\"
 </div>
 ";
                } else {
 </div>
 ";
                } else {
-                       $title = wp_specialchars($attachment['post_title'], ENT_QUOTES);
+                       $title = attribute_escape($attachment['post_title']);
                        $filename = basename($attachment['guid']);
                        $icon = get_attachment_icon($ID);
                        $toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
                        $filename = basename($attachment['guid']);
                        $icon = get_attachment_icon($ID);
                        $toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
@@ -429,7 +431,7 @@ richedit = ( typeof tinyMCE == 'object' && tinyMCE.configs.length > 0 );
 function sendToEditor(n) {
        o = document.getElementById('div'+n);
        h = o.innerHTML.replace(new RegExp('^\\s*(.*?)\\s*$', ''), '$1'); // Trim
 function sendToEditor(n) {
        o = document.getElementById('div'+n);
        h = o.innerHTML.replace(new RegExp('^\\s*(.*?)\\s*$', ''), '$1'); // Trim
-       h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)( |/|>)', 'g'), ' $1="$2"$3'); // Enclose attribs in quotes
+       h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)(?=( |/|>))', 'g'), ' $1="$2"'); // Enclose attribs in quotes
        h = h.replace(new RegExp(' (width|height)=".*?"', 'g'), ''); // Drop size constraints
        h = h.replace(new RegExp(' on(click|mousedown)="[^"]*"', 'g'), ''); // Drop menu events
        h = h.replace(new RegExp('<(/?)A', 'g'), '<$1a'); // Lowercase tagnames
        h = h.replace(new RegExp(' (width|height)=".*?"', 'g'), ''); // Drop size constraints
        h = h.replace(new RegExp(' on(click|mousedown)="[^"]*"', 'g'), ''); // Drop menu events
        h = h.replace(new RegExp('<(/?)A', 'g'), '<$1a'); // Lowercase tagnames
index ffa33ce79b36a0c9587316c0d68ddf5362b65da3..eb635aa206702870f3117932869dcd84a3078546 100644 (file)
@@ -166,10 +166,9 @@ $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, p
 $wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );
 
 // Default comment
 $wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );
 
 // Default comment
-$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
+$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in and view the post&#039;s comments. There you will have the option to edit or delete them.'))."')");
 
 // First Page
 
 // First Page
-
 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status, to_ping, pinged, post_content_filtered) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt', 'static', '', '', '')");
 $wp_rewrite->flush_rules();
 
 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status, to_ping, pinged, post_content_filtered) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt', 'static', '', '', '')");
 $wp_rewrite->flush_rules();
 
@@ -182,7 +181,7 @@ $wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES
 $admin_caps = serialize(array('administrator' => true));
 $wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES ({$wpdb->insert_id}, '{$table_prefix}capabilities', '{$admin_caps}');");
 
 $admin_caps = serialize(array('administrator' => true));
 $wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES ({$wpdb->insert_id}, '{$table_prefix}capabilities', '{$admin_caps}');");
 
-$message_headers = 'From: ' . $weblog_title . ' <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
+$message_headers = 'From: "' . $weblog_title . '" <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
 $message = sprintf(__("Your new WordPress blog has been successfully set up at:
 
 %1\$s
 $message = sprintf(__("Your new WordPress blog has been successfully set up at:
 
 %1\$s
index 0ebf4b255e95782ce245bb5a1d49e62c06eaef80..d3adf7632768fd482d3baa64b914eca3b4b0d874 100644 (file)
@@ -124,7 +124,7 @@ switch ($action) {
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
        <th width="33%" scope="row"><?php _e('Name:') ?></th>
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
        <th width="33%" scope="row"><?php _e('Name:') ?></th>
-       <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($row->cat_name)?>" size="30" /></td>
+       <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($row->cat_name)?>" size="30" /></td>
 </tr>
 <tr>
        <th scope="row"><?php _e('Show:') ?></th>
 </tr>
 <tr>
        <th scope="row"><?php _e('Show:') ?></th>
@@ -309,7 +309,7 @@ $results = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle, show_images
          . " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
          . " text_after_all, list_limit FROM $wpdb->linkcategories ORDER BY cat_id");
 $i = 1;
          . " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
          . " text_after_all, list_limit FROM $wpdb->linkcategories ORDER BY cat_id");
 $i = 1;
-foreach ($results as $row) {
+foreach ( (array) $results as $row) {
     if ($row->list_limit == -1) {
         $row->list_limit = __('none');
     }
     if ($row->list_limit == -1) {
         $row->list_limit = __('none');
     }
@@ -356,8 +356,14 @@ foreach ($results as $row) {
                 <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_all)?></td>
                 <td><?php echo $row->list_limit ?></td>
                 <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Edit" class="edit"><?php _e('Edit') ?></a></td>
                 <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_all)?></td>
                 <td><?php echo $row->list_limit ?></td>
                 <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Edit" class="edit"><?php _e('Edit') ?></a></td>
-                <td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
-              </tr>
+                <td>
+                               <?php if (1 == $row->cat_id ) { 
+                                       _e('Default');
+                               } else { ?>
+                                       <a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a>
+                               <?php } ?>
+              </td>
+          </tr>
 <?php
         ++$i;
     }
 <?php
         ++$i;
     }
index 723d1921581f47b0c6683a055c03b17866ecc2b8..c6119e6fda3cd4d2ecb5b0a7c177b8e27a658173 100644 (file)
@@ -26,7 +26,7 @@ switch ($step) {
 <form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
 <?php wp_nonce_field('import-bookmarks')&n