Wordpress 2.8.5

author Edward Z. Yang <ezyang@mit.edu>

Sat, 21 Nov 2009 02:06:25 +0000 (21:06 -0500)

committer Edward Z. Yang <ezyang@mit.edu>

Sat, 21 Nov 2009 02:06:25 +0000 (21:06 -0500)
author Edward Z. Yang <ezyang@mit.edu>
Sat, 21 Nov 2009 02:06:25 +0000 (21:06 -0500)
committer Edward Z. Yang <ezyang@mit.edu>
Sat, 21 Nov 2009 02:06:25 +0000 (21:06 -0500)
diff --git a/readme.html b/readme.html

index 95e1c1720bf20cbcc7927c7a932b7ae28842139d..fa7071c64120af41291093e5715f90b0296c162d 100644 (file)
--- a/readme.html
+++ b/readme.html
@@ -8,7 +8,7 @@
  <body>
  <h1 id="logo" style="text-align: center">
         <img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
  <body>
  <h1 id="logo" style="text-align: center">
         <img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
-       <br /> Version 2.8.4
+       <br /> Version 2.8.5
  </h1>
  <p style="text-align: center">Semantic Personal Publishing Platform</p>
  
  </h1>
  <p style="text-align: center">Semantic Personal Publishing Platform</p>
  
@@ -29,7 +29,7 @@
  
  <h1>Upgrading</h1>
  <p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
  
  <h1>Upgrading</h1>
  <p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
-<h2>Upgrading from any previous WordPress to 2.8.4:</h2>
+<h2>Upgrading from any previous WordPress to 2.8.5:</h2>
  <ol>
         <li>Delete your old WP files, saving ones you've modified.</li>
         <li>Upload the new files.</li>
  <ol>
         <li>Delete your old WP files, saving ones you've modified.</li>
         <li>Upload the new files.</li>
diff --git a/wp-admin/edit-attachment-rows.php b/wp-admin/edit-attachment-rows.php

index 3842a6cce2c778b58220515027e0336545e342c6..4922eed2dd912f3d94c6bc23deb9ad8d4efb3fa3 100644 (file)
--- a/wp-admin/edit-attachment-rows.php
+++ b/wp-admin/edit-attachment-rows.php
@@ -209,4 +209,3 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
  <?php
  } // end if ( have_posts() )
  ?>
  <?php
  } // end if ( have_posts() )
  ?>
-
diff --git a/wp-admin/import/btt.php b/wp-admin/import/btt.php

deleted file mode 100644 (file)

index a2aab3f..0000000
--- a/wp-admin/import/btt.php
+++ /dev/null
@@ -1,130 +0,0 @@
-<?php
-/**
- * BunnyTags Plugin Tag Importer
- *
- * @package WordPress
- * @subpackage Importer
- */
-
-/**
- * BunnyTags Plugin tag converter
- *
- * This will process the BunnyTags plugin tags and convert them to the WordPress
- * 2.3 taxonomy.
- *
- * @since unknown
- */
-class BunnyTags_Import {
-
-       function header() {
-               echo '<div class="wrap">';
-               screen_icon();
-               echo '<h2>'.__('Import Bunny&#8217;s Technorati Tags').'</h2>';
-               echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'<br /><br /></p>';
-       }
-
-       function footer() {
-               echo '</div>';
-       }
-
-       function greet() {
-               echo '<div class="narrow">';
-               echo '<p>'.__('Howdy! This imports tags from Bunny&#8217;s Technorati Tags into WordPress tags.').'</p>';
-               echo '<p>'.__('This is suitable for Bunny&#8217;s Technorati Tags version 0.6.').'</p>';
-               echo '<p><strong>'.__('All existing Bunny&#8217;s Technorati Tags will be removed after import.').'</strong></p>';
-               echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
-               echo '<form action="admin.php?import=btt&amp;step=1" method="post">';
-               wp_nonce_field('import-btt');
-               echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Tags').'" /></p>';
-               echo '</form>';
-               echo '</div>';
-       }
-
-       function dispatch() {
-               if ( empty($_GET['step']) )
-                       $step = 0;
-               else
-                       $step = absint($_GET['step']);
-
-               // load the header
-               $this->header();
-
-               switch ( $step ) {
-                       case 0 :
-                               $this->greet();
-                               break;
-                       case 1 :
-                               check_admin_referer('import-btt');
-                               $this->check_post_keyword( true );
-                               break;
-                       case 2 :
-                               check_admin_referer('import-btt');
-                               $this->check_post_keyword( false );
-                               break;
-                       case 3:
-                               $this->done();
-                               break;
-               }
-
-               // load the footer
-               $this->footer();
-       }
-
-       function check_post_keyword($precheck = true) {
-               global $wpdb;
-
-               echo '<div class="narrow">';
-               echo '<p><h3>'.__('Reading Bunny&#8217;s Technorati Tags&#8230;').'</h3></p>';
-
-               // import Bunny's Keywords tags
-               $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'tags'");
-               if ( !is_array($metakeys)) {
-                       echo '<p>' . __('No Tags Found!') . '</p>';
-                       return false;
-               } else {
-                       $count = count($metakeys);
-                       echo '<p>' . sprintf( _n('Done! <strong>%s</strong> post with tags were read.', 'Done! <strong>%s</strong> posts with tags were read.', $count), $count ) . '<br /></p>';
-                       echo '<ul>';
-                       foreach ( $metakeys as $post_meta ) {
-                               if ( $post_meta->meta_value != '' ) {
-                                       $post_keys = explode(' ', $post_meta->meta_value);
-                                       foreach ( $post_keys as $keyword ) {
-                                               $keyword = addslashes(trim(str_replace('+',' ',$keyword)));
-                                               if ( '' != $keyword ) {
-                                                       echo '<li>' . $post_meta->post_id . '&nbsp;-&nbsp;' . $keyword . '</li>';
-                                                       if ( !$precheck )
-                                                               wp_add_post_tags($post_meta->post_id, $keyword);
-                                               }
-                                       }
-                               }
-                               if ( !$precheck )
-                                       delete_post_meta($post_meta->post_id, 'tags');
-                       }
-                       echo '</ul>';
-               }
-
-               echo '<form action="admin.php?import=btt&amp;step='.($precheck? 2:3).'" method="post">';
-               wp_nonce_field('import-btt');
-               echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
-               echo '</form>';
-               echo '</div>';
-       }
-
-       function done() {
-               echo '<div class="narrow">';
-               echo '<p><h3>'.__('Import Complete!').'</h3></p>';
-               echo '</div>';
-       }
-
-       function BunnyTags_Import() {
-       }
-
-}
-
-// create the import object
-$btt_import = new BunnyTags_Import();
-
-// add it to the import page!
-register_importer('btt', 'Bunny&#8217;s Technorati Tags', __('Import Bunny&#8217;s Technorati Tags into WordPress tags.'), array($btt_import, 'dispatch'));
-
-?>
diff --git a/wp-admin/import/jkw.php b/wp-admin/import/jkw.php

deleted file mode 100644 (file)

index d21d79a..0000000
--- a/wp-admin/import/jkw.php
+++ /dev/null
@@ -1,192 +0,0 @@
-<?php
-/**
- * Jeromes Keyword Plugin Importer
- *
- * @package WordPress
- * @subpackage Importer
- */
-
-/**
- * Jeromes Keyword Plugin Importer class
- *
- * Will convert Jeromes Keyword Plugin tags to WordPress taxonomy tags.
- *
- * @since 2.3
- */
-class JeromesKeyword_Import {
-
-       function header() {
-               echo '<div class="wrap">';
-               screen_icon();
-               echo '<h2>'.__('Import Jerome&#8217;s Keywords').'</h2>';
-               echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'<br /><br /></p>';
-       }
-
-       function footer() {
-               echo '</div>';
-       }
-
-       function greet() {
-               echo '<div class="narrow">';
-               echo '<p>'.__('Howdy! This imports tags from Jerome&#8217;s Keywords into WordPress tags.').'</p>';
-               echo '<p>'.__('This is suitable for Jerome&#8217;s Keywords version 1.x and 2.0a.').'</p>';
-               echo '<p><strong>'.__('All existing Jerome&#8217;s Keywords will be removed after import.').'</strong></p>';
-               echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
-               echo '<form action="admin.php?import=jkw&amp;step=1" method="post">';
-               wp_nonce_field('import-jkw');
-               echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 1.x').'" /></p>';
-               echo '</form>';
-               echo '<form action="admin.php?import=jkw&amp;step=3" method="post">';
-               wp_nonce_field('import-jkw');
-               echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 2.0a').'" /></p>';
-               echo '</form>';
-               echo '</div>';
-       }
-
-       function dispatch() {
-               if ( empty($_GET['step']) )
-                       $step = 0;
-               else
-                       $step = absint($_GET['step']);
-
-               // load the header
-               $this->header();
-
-               switch ( $step ) {
-                       case 0 :
-                               $this->greet();
-                               break;
-                       case 1 :
-                               check_admin_referer('import-jkw');
-                               $this->check_V1_post_keyword( true );
-                               break;
-                       case 2 :
-                               check_admin_referer('import-jkw');
-                               $this->check_V1_post_keyword( false );
-                               break;
-                       case 3 :
-                               check_admin_referer('import-jkw');
-                               $this->check_V2_post_keyword( true );
-                               break;
-                       case 4 :
-                               check_admin_referer('import-jkw');
-                               $this->check_V2_post_keyword( false );
-                               break;
-                       case 5:
-                               check_admin_referer('import-jkw');
-                               $this->cleanup_V2_import();
-                               break;
-                       case 6:
-                               $this->done();
-                               break;
-               }
-
-               // load the footer
-               $this->footer();
-       }
-
-       function check_V1_post_keyword($precheck = true) {
-               global $wpdb;
-
-               echo '<div class="narrow">';
-               echo '<p><h3>'.__('Reading Jerome&#8217;s Keywords Tags&#8230;').'</h3></p>';
-
-               // import Jerome's Keywords tags
-               $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'keywords'");
-               if ( !is_array($metakeys)) {
-                       echo '<p>' . __('No Tags Found!') . '</p>';
-                       return false;
-               } else {
-                       $count = count($metakeys);
-                       echo '<p>' . sprintf( _n('Done! <strong>%s</strong> post with tags were read.', 'Done! <strong>%s</strong> posts with tags were read.', $count), $count ) . '<br /></p>';
-                       echo '<ul>';
-                       foreach ( $metakeys as $post_meta ) {
-                               if ( $post_meta->meta_value != '' ) {
-                                       $post_keys = explode(',', $post_meta->meta_value);
-                                       foreach ( $post_keys as $keyword ) {
-                                               $keyword = addslashes(trim($keyword));
-                                               if ( '' != $keyword ) {
-                                                       echo '<li>' . $post_meta->post_id . '&nbsp;-&nbsp;' . $keyword . '</li>';
-                                                       if ( !$precheck )
-                                                               wp_add_post_tags($post_meta->post_id, $keyword);
-                                               }
-                                       }
-                               }
-                               if ( !$precheck )
-                                       delete_post_meta($post_meta->post_id, 'keywords');
-                       }
-                       echo '</ul>';
-               }
-
-               echo '<form action="admin.php?import=jkw&amp;step='.($precheck? 2:6).'" method="post">';
-               wp_nonce_field('import-jkw');
-               echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
-               echo '</form>';
-               echo '</div>';
-       }
-
-       function check_V2_post_keyword($precheck = true) {
-               global $wpdb;
-
-               echo '<div class="narrow">';
-               echo '<p><h3>'.__('Reading Jerome&#8217;s Keywords Tags&#8230;').'</h3></p>';
-
-               // import Jerome's Keywords tags
-               $tablename = $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1);
-               $metakeys = $wpdb->get_results("SELECT post_id, tag_name FROM $tablename");
-               if ( !is_array($metakeys) ) {
-                       echo '<p>' . __('No Tags Found!') . '</p>';
-                       return false;
-               } else {
-                       $count = count($metakeys);
-                       echo '<p>' . sprintf( _n('Done! <strong>%s</strong> tag were read.', 'Done! <strong>%s</strong> tags were read.', $count), $count ) . '<br /></p>';
-                       echo '<ul>';
-                       foreach ( $metakeys as $post_meta ) {
-                               $keyword = addslashes(trim($post_meta->tag_name));
-                               if ( $keyword != '' ) {
-                                       echo '<li>' . $post_meta->post_id . '&nbsp;-&nbsp;' . $keyword . '</li>';
-                                       if ( !$precheck )
-                                               wp_add_post_tags($post_meta->post_id, $keyword);
-                               }
-                       }
-               echo '</ul>';
-               }
-               echo '<form action="admin.php?import=jkw&amp;step='.($precheck? 4:5).'" method="post">';
-               wp_nonce_field('import-jkw');
-               echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
-               echo '</form>';
-               echo '</div>';
-       }
-
-       function cleanup_V2_import() {
-               global $wpdb;
-
-               /* options from V2.0a (jeromes-keywords.php) */
-               $options = array('version', 'keywords_table', 'query_varname', 'template', 'meta_always_include', 'meta_includecats', 'meta_autoheader', 'search_strict', 'use_feed_cats', 'post_linkformat', 'post_tagseparator', 'post_includecats', 'post_notagstext', 'cloud_linkformat', 'cloud_tagseparator', 'cloud_includecats', 'cloud_sortorder', 'cloud_displaymax', 'cloud_displaymin', 'cloud_scalemax', 'cloud_scalemin');
-
-               $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1));
-
-               foreach ( $options as $o )
-                       delete_option('jkeywords_' . $o);
-
-               $this->done();
-       }
-
-       function done() {
-               echo '<div class="narrow">';
-               echo '<p><h3>'.__('Import Complete!').'</h3></p>';
-               echo '</div>';
-       }
-
-       function JeromesKeyword_Import() {
-       }
-
-}
-
-// create the import object
-$jkw_import = new JeromesKeyword_Import();
-
-// add it to the import page!
-register_importer('jkw', 'Jerome&#8217;s Keywords', __('Import Jerome&#8217;s Keywords into WordPress tags.'), array($jkw_import, 'dispatch'));
-
-?>
diff --git a/wp-admin/import/wordpress.php b/wp-admin/import/wordpress.php

index 99903487f7af31c49414a5cd827e50ecf6fa6c2a..388b1b6d315a1ad4832e0b8a050658962a5515bc 100644 (file)
--- a/wp-admin/import/wordpress.php
+++ b/wp-admin/import/wordpress.php
@@ -684,8 +684,8 @@ class WP_Import {
         }
  
         function is_valid_meta_key($key) {
         }
  
         function is_valid_meta_key($key) {
-               // skip _wp_attached_file metadata since we'll regenerate it from scratch
-               if ( $key == '_wp_attached_file' )
+               // skip attachment metadata since we'll regenerate it from scratch
+               if ( $key == '_wp_attached_file' || $key == '_wp_attachment_metadata' )
                         return false;
                 return $key;
         }
                         return false;
                 return $key;
         }
diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php

index c7acf91563f9eec5b57c62aa1a54054e84d6c5fc..51bb136c0df345f42a36b19df70a7755134fc205 100644 (file)
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -246,7 +246,7 @@ function bulk_edit_posts( $post_data = null ) {
  
         if ( isset($post_data['post_category']) ) {
                 if ( is_array($post_data['post_category']) && ! empty($post_data['post_category']) )
  
         if ( isset($post_data['post_category']) ) {
                 if ( is_array($post_data['post_category']) && ! empty($post_data['post_category']) )
-                       $new_cats = array_map( absint, $post_data['post_category'] );
+                       $new_cats = array_map( 'absint', $post_data['post_category'] );
                 else
                         unset($post_data['post_category']);
         }
                 else
                         unset($post_data['post_category']);
         }
@@ -1059,6 +1059,32 @@ function wp_set_post_lock( $post_id ) {
                 update_post_meta( $post->ID, '_edit_last', $current_user->ID );
  }
  
                 update_post_meta( $post->ID, '_edit_last', $current_user->ID );
  }
  
+/**
+ * Outputs the notice message to say that someone else is editing this post at the moment.
+ * 
+ * @since 2.8.5
+ * @return none
+ */
+function _admin_notice_post_locked() {
+       global $post;
+       $last_user = get_userdata( get_post_meta( $post->ID, '_edit_last', true ) );
+       $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
+       
+       switch ($post->post_type) {
+               case 'post':
+                       $message = __( 'Warning: %s is currently editing this post' );
+                       break;
+               case 'page':
+                       $message = __( 'Warning: %s is currently editing this page' );
+                       break;
+               default:
+                       $message = __( 'Warning: %s is currently editing this.' );
+       }
+       
+       $message = sprintf( $message, esc_html( $last_user_name ) );
+       echo "<div class='error'><p>$message</p></div>";        
+}
+
  /**
   * Creates autosave data for the specified post from $_POST data.
   *
  /**
   * Creates autosave data for the specified post from $_POST data.
   *
diff --git a/wp-admin/includes/update-core.php b/wp-admin/includes/update-core.php

index 5abee7573a120e82e8a896aad543afbd24d42f0a..f9661962ff5db37ccf6d1d1757cbe1e441833a65 100644 (file)
--- a/wp-admin/includes/update-core.php
+++ b/wp-admin/includes/update-core.php
@@ -126,6 +126,8 @@ $_old_files = array(
  'wp-admin/edit-form-ajax-cat.php',
  'wp-admin/execute-pings.php',
  'wp-admin/import/b2.php',
  'wp-admin/edit-form-ajax-cat.php',
  'wp-admin/execute-pings.php',
  'wp-admin/import/b2.php',
+'wp-admin/import/btt.php',
+'wp-admin/import/jkw.php',
  'wp-admin/inline-uploading.php',
  'wp-admin/link-categories.php',
  'wp-admin/list-manipulation.js',
  'wp-admin/inline-uploading.php',
  'wp-admin/link-categories.php',
  'wp-admin/list-manipulation.js',
diff --git a/wp-admin/install.php b/wp-admin/install.php

index a9579ff4dec8eaf5420c501fe585bb1ece0ec11c..4e97f02fe7b0fbb5cce0c0b36f8f933fb2f40925 100644 (file)
--- a/wp-admin/install.php
+++ b/wp-admin/install.php
@@ -49,6 +49,12 @@ header( 'Content-Type: text/html; charset=utf-8' );
  }//end function display_header();
  
  function display_setup_form( $error = null ) {
  }//end function display_header();
  
  function display_setup_form( $error = null ) {
+       // Ensure that Blogs appear in search engines by default
+       $blog_public = 1;
+       if ( isset($_POST) && !empty($_POST) ) {
+               $blog_public = isset($_POST['blog_public']);
+       }
+       
         if ( ! is_null( $error ) ) {
  ?>
  <p><?php printf( __('<strong>ERROR</strong>: %s'), $error); ?></p>
         if ( ! is_null( $error ) ) {
  ?>
  <p><?php printf( __('<strong>ERROR</strong>: %s'), $error); ?></p>
@@ -65,7 +71,7 @@ function display_setup_form( $error = null ) {
                         <?php _e('Double-check your email address before continuing.'); ?>
                 </tr>
                 <tr>
                         <?php _e('Double-check your email address before continuing.'); ?>
                 </tr>
                 <tr>
-                       <td colspan="2"><label><input type="checkbox" name="blog_public" value="1"<?php if( isset($_POST) && ! empty($_POST) && isset( $_POST['blog_public'] ) ) : ?> checked="checked"<?php endif; ?> /> <?php _e('Allow my blog to appear in search engines like Google and Technorati.'); ?></label></td>
+                       <td colspan="2"><label><input type="checkbox" name="blog_public" value="1" <?php checked($blog_public); ?> /> <?php _e('Allow my blog to appear in search engines like Google and Technorati.'); ?></label></td>
                 </tr>
         </table>
         <p class="step"><input type="submit" name="Submit" value="<?php esc_attr_e('Install WordPress'); ?>" class="button" /></p>
                 </tr>
         </table>
         <p class="step"><input type="submit" name="Submit" value="<?php esc_attr_e('Install WordPress'); ?>" class="button" /></p>
diff --git a/wp-admin/page.php b/wp-admin/page.php

index 68a669020135b4591b2302393a2f4212f2f256eb..9e5eef6871e42ba2c9c593a72299c6e07d96e38e 100644 (file)
--- a/wp-admin/page.php
+++ b/wp-admin/page.php
@@ -98,11 +98,7 @@ case 'edit':
  
         if ( current_user_can('edit_page', $page_ID) ) {
                 if ( $last = wp_check_post_lock( $post->ID ) ) {
  
         if ( current_user_can('edit_page', $page_ID) ) {
                 if ( $last = wp_check_post_lock( $post->ID ) ) {
-                       $last_user = get_userdata( $last );
-                       $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
-                       $message = sprintf( __( 'Warning: %s is currently editing this page' ), esc_html( $last_user_name ) );
-                       $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
-                       add_action('admin_notices', create_function( '', "echo '$message';" ) );
+                       add_action('admin_notices', '_admin_notice_post_locked' );
                 } else {
                         wp_set_post_lock( $post->ID );
                         wp_enqueue_script('autosave');
                 } else {
                         wp_set_post_lock( $post->ID );
                         wp_enqueue_script('autosave');
diff --git a/wp-admin/post.php b/wp-admin/post.php

index 008778faeb2409b081f87685557a665464b6a7b5..cc8e06c7779829dab339689febaafdb5ee134d67 100644 (file)
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -133,11 +133,7 @@ case 'edit':
  
         if ( current_user_can('edit_post', $post_ID) ) {
                 if ( $last = wp_check_post_lock( $post->ID ) ) {
  
         if ( current_user_can('edit_post', $post_ID) ) {
                 if ( $last = wp_check_post_lock( $post->ID ) ) {
-                       $last_user = get_userdata( $last );
-                       $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
-                       $message = sprintf( __( 'Warning: %s is currently editing this post' ), esc_html( $last_user_name ) );
-                       $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
-                       add_action('admin_notices', create_function( '', "echo '$message';" ) );
+                       add_action('admin_notices', '_admin_notice_post_locked' );
                 } else {
                         wp_set_post_lock( $post->ID );
                         wp_enqueue_script('autosave');
                 } else {
                         wp_set_post_lock( $post->ID );
                         wp_enqueue_script('autosave');
diff --git a/wp-app.php b/wp-app.php

index 0ada250e3aa73de4d81e303ea007474035aa811e..11f4ec77883fe647602531b68f7bb8519be28238 100644 (file)
--- a/wp-app.php
+++ b/wp-app.php
@@ -780,6 +780,7 @@ EOD;
                 }
  
                 $location = get_post_meta($entry['ID'], '_wp_attached_file', true);
                 }
  
                 $location = get_post_meta($entry['ID'], '_wp_attached_file', true);
+               $location = get_option ('upload_path') . '/' . $location; 
                 $filetype = wp_check_filetype($location);
  
                 if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
                 $filetype = wp_check_filetype($location);
  
                 if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
@@ -789,11 +790,19 @@ EOD;
                 header('Content-Type: ' . $entry['post_mime_type']);
                 header('Connection: close');
  
                 header('Content-Type: ' . $entry['post_mime_type']);
                 header('Connection: close');
  
-               $fp = fopen($location, "rb");
-               while(!feof($fp)) {
-                       echo fread($fp, 4096);
+               if ($fp = fopen($location, "rb")) { 
+                       status_header('200'); 
+                       header('Content-Type: ' . $entry['post_mime_type']); 
+                       header('Connection: close');
+
+                       while(!feof($fp)) {
+                               echo fread($fp, 4096);
+                       }
+
+                       fclose($fp);
+               } else {
+                       status_header ('404');
                 }
                 }
-               fclose($fp);
  
                 log_app('function',"get_file($postID)");
                 exit;
  
                 log_app('function',"get_file($postID)");
                 exit;
diff --git a/wp-content/plugins/akismet/akismet.php b/wp-content/plugins/akismet/akismet.php

index 92bbae2d4ef6f64d67bda2cd37f5e26cda542d60..a2402a1066e719b4fcb62bfe22c212b5fc9009cc 100644 (file)
--- a/wp-content/plugins/akismet/akismet.php
+++ b/wp-content/plugins/akismet/akismet.php
@@ -400,6 +400,13 @@ function akismet_http_post($request, $host, $path, $port = 80, $ip=null) {
         return $response;
  }
  
         return $response;
  }
  
+// filter handler used to return a spam result to pre_comment_approved
+function akismet_result_spam( $approved ) {
+       // bump the counter here instead of when the filter is added to reduce the possibility of overcounting
+       update_option( 'akismet_spam_count', get_option('akismet_spam_count') + 1 );
+       return 'spam';
+}
+
  function akismet_auto_check_comment( $comment ) {
         global $akismet_api_host, $akismet_api_port;
  
  function akismet_auto_check_comment( $comment ) {
         global $akismet_api_host, $akismet_api_port;
  
@@ -423,8 +430,8 @@ function akismet_auto_check_comment( $comment ) {
  
         $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);
         if ( 'true' == $response[1] ) {
  
         $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);
         if ( 'true' == $response[1] ) {
-               add_filter('pre_comment_approved', create_function('$a', 'return \'spam\';'));
-               update_option( 'akismet_spam_count', get_option('akismet_spam_count') + 1 );
+               // akismet_spam_count will be incremented later by akismet_result_spam()
+               add_filter('pre_comment_approved', 'akismet_result_spam');
  
                 do_action( 'akismet_spam_caught' );
  
  
                 do_action( 'akismet_spam_caught' );
  
@@ -432,9 +439,12 @@ function akismet_auto_check_comment( $comment ) {
                 $last_updated = strtotime( $post->post_modified_gmt );
                 $diff = time() - $last_updated;
                 $diff = $diff / 86400;
                 $last_updated = strtotime( $post->post_modified_gmt );
                 $diff = time() - $last_updated;
                 $diff = $diff / 86400;
-
-               if ( $post->post_type == 'post' && $diff > 30 && get_option( 'akismet_discard_month' ) == 'true' )
+               
+               if ( $post->post_type == 'post' && $diff > 30 && get_option( 'akismet_discard_month' ) == 'true' ) {
+                       // akismet_result_spam() won't be called so bump the counter here
+                       update_option( 'akismet_spam_count', get_option('akismet_spam_count') + 1 );
                         die;
                         die;
+               }
         }
         akismet_delete_old();
         return $comment;
         }
         akismet_delete_old();
         return $comment;
diff --git a/wp-content/plugins/akismet/readme.txt b/wp-content/plugins/akismet/readme.txt

index af87370fea988dd375cf324a5a6a0def959871fc..9b2241d88e0251e26bf832d8cb91792c619ad717 100644 (file)
--- a/wp-content/plugins/akismet/readme.txt
+++ b/wp-content/plugins/akismet/readme.txt
@@ -2,7 +2,7 @@
  Contributors: matt, ryan, andy, mdawaffe, tellyworth
  Tags: akismet, comments, spam
  Requires at least: 2.0
  Contributors: matt, ryan, andy, mdawaffe, tellyworth
  Tags: akismet, comments, spam
  Requires at least: 2.0
-Tested up to: 2.8.2
+Tested up to: 2.8.4
  
  Akismet checks your comments against the Akismet web service to see if they look like spam or not.
  
  
  Akismet checks your comments against the Akismet web service to see if they look like spam or not.
  
diff --git a/wp-includes/author-template.php b/wp-includes/author-template.php

index 19e7b8680606f0cd108367239a032dbb00998d0d..908e233543816c9e4633023a465823aa4c79a38a 100644 (file)
--- a/wp-includes/author-template.php
+++ b/wp-includes/author-template.php
@@ -132,7 +132,7 @@ function the_author_meta($field = '', $user_id = false) {
   */
  function the_author_link() {
         if ( get_the_author_meta('url') ) {
   */
  function the_author_link() {
         if ( get_the_author_meta('url') ) {
-               echo '<a href="' . get_the_author_meta('url') . '" title="' . sprintf(__("Visit %s&#8217;s website"), get_the_author()) . '" rel="external">' . get_the_author() . '</a>';
+               echo '<a href="' . get_the_author_meta('url') . '" title="' . esc_attr( sprintf(__("Visit %s&#8217;s website"), get_the_author()) ) . '" rel="external">' . get_the_author() . '</a>';
         } else {
                 the_author();
         }
         } else {
                 the_author();
         }
@@ -181,7 +181,7 @@ function the_author_posts_link($deprecated = '') {
         printf(
                 '<a href="%1$s" title="%2$s">%3$s</a>',
                 get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
         printf(
                 '<a href="%1$s" title="%2$s">%3$s</a>',
                 get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
-               sprintf( __( 'Posts by %s' ), esc_attr( get_the_author() ) ),
+               esc_attr( sprintf( __( 'Posts by %s' ), get_the_author() ) ),
                 get_the_author()
         );
  }
                 get_the_author()
         );
  }
@@ -292,7 +292,7 @@ function wp_list_authors($args = '') {
                         if ( ! $hide_empty )
                                 $link = $name;
                 } else {
                         if ( ! $hide_empty )
                                 $link = $name;
                 } else {
-                       $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), esc_attr($author->display_name)) . '">' . $name . '</a>';
+                       $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . esc_attr( sprintf(__("Posts by %s"), $author->display_name) ) . '">' . $name . '</a>';
  
                         if ( (! empty($feed_image)) || (! empty($feed)) ) {
                                 $link .= ' ';
  
                         if ( (! empty($feed_image)) || (! empty($feed)) ) {
                                 $link .= ' ';
@@ -301,8 +301,8 @@ function wp_list_authors($args = '') {
                                 $link .= '<a href="' . get_author_feed_link($author->ID) . '"';
  
                                 if ( !empty($feed) ) {
                                 $link .= '<a href="' . get_author_feed_link($author->ID) . '"';
  
                                 if ( !empty($feed) ) {
-                                       $title = ' title="' . $feed . '"';
-                                       $alt = ' alt="' . $feed . '"';
+                                       $title = ' title="' . esc_attr($feed) . '"';
+                                       $alt = ' alt="' . esc_attr($feed) . '"';
                                         $name = $feed;
                                         $link .= $title;
                                 }
                                         $name = $feed;
                                         $link .= $title;
                                 }
@@ -310,7 +310,7 @@ function wp_list_authors($args = '') {
                                 $link .= '>';
  
                                 if ( !empty($feed_image) )
                                 $link .= '>';
  
                                 if ( !empty($feed_image) )
-                                       $link .= "<img src=\"$feed_image\" style=\"border: none;\"$alt$title" . ' />';
+                                       $link .= "<img src=\"" . esc_url($feed_image) . "\" style=\"border: none;\"$alt$title" . ' />';
                                 else
                                         $link .= $name;
  
                                 else
                                         $link .= $name;
  
diff --git a/wp-includes/bookmark-template.php b/wp-includes/bookmark-template.php

index bb4f6ef37aacb19c02d5b2b60152c5de81c97744..cf24da6c9b373ce8ae4bb283a187363860f3f5e2 100644 (file)
--- a/wp-includes/bookmark-template.php
+++ b/wp-includes/bookmark-template.php
@@ -90,7 +90,7 @@ function _walk_bookmarks($bookmarks, $args = '' ) {
  
                 $rel = $bookmark->link_rel;
                 if ( '' != $rel )
  
                 $rel = $bookmark->link_rel;
                 if ( '' != $rel )
-                       $rel = ' rel="' . $rel . '"';
+                       $rel = ' rel="' . esc_attr($rel) . '"';
  
                 $target = $bookmark->link_target;
                 if ( '' != $target )
  
                 $target = $bookmark->link_target;
                 if ( '' != $target )
diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php

index cccd68daba7441ab92637656a1bc043d13661054..2b4fd79ce74873ec9a5e0d24f0180730e8092b3f 100644 (file)
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -900,6 +900,12 @@ function map_meta_cap( $cap, $user_id ) {
                 else
                         $caps[] = 'read_private_pages';
                 break;
                 else
                         $caps[] = 'read_private_pages';
                 break;
+       case 'unfiltered_upload':
+               if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS == true )
+                       $caps[] = $cap;
+               else
+                       $caps[] = 'do_not_allow';
+               break;
         default:
                 // If no meta caps match, return the original cap.
                 $caps[] = $cap;
         default:
                 // If no meta caps match, return the original cap.
                 $caps[] = $cap;
diff --git a/wp-includes/category-template.php b/wp-includes/category-template.php

index 61f2faf1aa53ece138c28a4b9ffc0824fe7dc5d7..52b42baf01279bed2b57119e5c880823db372c1e 100644 (file)
--- a/wp-includes/category-template.php
+++ b/wp-includes/category-template.php
@@ -68,7 +68,7 @@ function get_category_parents( $id, $link = false, $separator = '/', $nicename =
         }
  
         if ( $link )
         }
  
         if ( $link )
-               $chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $parent->cat_name ) . '">'.$name.'</a>' . $separator;
+               $chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $parent->cat_name ) ) . '">'.$name.'</a>' . $separator;
         else
                 $chain .= $name.$separator;
         return $chain;
         else
                 $chain .= $name.$separator;
         return $chain;
@@ -190,17 +190,17 @@ function get_the_category_list( $separator = '', $parents='', $post_id = false )
                                 case 'multiple':
                                         if ( $category->parent )
                                                 $thelist .= get_category_parents( $category->parent, true, $separator );
                                 case 'multiple':
                                         if ( $category->parent )
                                                 $thelist .= get_category_parents( $category->parent, true, $separator );
-                                       $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->name.'</a></li>';
+                                       $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a></li>';
                                         break;
                                 case 'single':
                                         break;
                                 case 'single':
-                                       $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>';
+                                       $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
                                         if ( $category->parent )
                                                 $thelist .= get_category_parents( $category->parent, false, $separator );
                                         $thelist .= $category->name.'</a></li>';
                                         break;
                                 case '':
                                 default:
                                         if ( $category->parent )
                                                 $thelist .= get_category_parents( $category->parent, false, $separator );
                                         $thelist .= $category->name.'</a></li>';
                                         break;
                                 case '':
                                 default:
-                                       $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
+                                       $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
                         }
                 }
                 $thelist .= '</ul>';
                         }
                 }
                 $thelist .= '</ul>';
@@ -213,17 +213,17 @@ function get_the_category_list( $separator = '', $parents='', $post_id = false )
                                 case 'multiple':
                                         if ( $category->parent )
                                                 $thelist .= get_category_parents( $category->parent, true, $separator );
                                 case 'multiple':
                                         if ( $category->parent )
                                                 $thelist .= get_category_parents( $category->parent, true, $separator );
-                                       $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->cat_name.'</a>';
+                                       $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->cat_name.'</a>';
                                         break;
                                 case 'single':
                                         break;
                                 case 'single':
-                                       $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>';
+                                       $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
                                         if ( $category->parent )
                                                 $thelist .= get_category_parents( $category->parent, false, $separator );
                                         $thelist .= "$category->cat_name</a>";
                                         break;
                                 case '':
                                 default:
                                         if ( $category->parent )
                                                 $thelist .= get_category_parents( $category->parent, false, $separator );
                                         $thelist .= "$category->cat_name</a>";
                                         break;
                                 case '':
                                 default:
-                                       $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->name.'</a>';
+                                       $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a>';
                         }
                         ++$i;
                 }
                         }
                         ++$i;
                 }
@@ -352,6 +352,8 @@ function wp_dropdown_categories( $args = '' ) {
                 $tab_index_attribute = " tabindex=\"$tab_index\"";
  
         $categories = get_categories( $r );
                 $tab_index_attribute = " tabindex=\"$tab_index\"";
  
         $categories = get_categories( $r );
+       $name = esc_attr($name);
+       $class = esc_attr($class);
  
         $output = '';
         if ( ! empty( $categories ) ) {
  
         $output = '';
         if ( ! empty( $categories ) ) {
diff --git a/wp-includes/classes.php b/wp-includes/classes.php

index 29c37535a7cd6e2142932e59f927885ca3bcd425..0fcb60ea808b75a08eab3570cefb36c3c0996a7e 100644 (file)
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -214,9 +214,9 @@ class WP {
  
                                         // Trim the query of everything up to the '?'.
                                         $query = preg_replace("!^.+\?!", '', $query);
  
                                         // Trim the query of everything up to the '?'.
                                         $query = preg_replace("!^.+\?!", '', $query);
-
+                                                                               
                                         // Substitute the substring matches into the query.
                                         // Substitute the substring matches into the query.
-                                       eval("@\$query = \"" . addslashes($query) . "\";");
+                                       $query = addslashes(WP_MatchesMapRegex::apply($query, $matches));
  
                                         $this->matched_query = $query;
  
  
                                         $this->matched_query = $query;
  
@@ -1592,4 +1592,94 @@ class WP_Ajax_Response {
         }
  }
  
         }
  }
  
+/**
+ * Helper class to remove the need to use eval to replace $matches[] in query strings.
+ * 
+ * @since 2.9.0
+ */
+class WP_MatchesMapRegex {
+       /**
+        * store for matches
+        * 
+        * @access private
+        * @var array
+        */
+       var $_matches;
+       
+       /**
+        * store for mapping result
+        * 
+        * @access public
+        * @var string
+        */
+       var $output;
+       
+       /**
+        * subject to perform mapping on (query string containing $matches[] references
+        * 
+        * @access private
+        * @var string
+        */
+       var $_subject;
+       
+       /**
+        * regexp pattern to match $matches[] references 
+        * 
+        * @var string
+        */
+       var $_pattern = '(\$matches\[[1-9]+[0-9]*\])'; // magic number
+       
+       /**
+        * constructor
+        * 
+        * @param string $subject subject if regex
+        * @param array  $matches data to use in map
+        * @return self
+        */                                             
+       function WP_MatchesMapRegex($subject, $matches) {
+               $this->_subject = $subject;
+               $this->_matches = $matches;
+               $this->output = $this->_map();                          
+       }
+       
+       /**
+        * Substitute substring matches in subject.
+        * 
+        * static helper function to ease use
+        * 
+        * @access public
+        * @param string $subject subject
+        * @param array  $matches data used for subsitution
+        * @return string
+        */
+       function apply($subject, $matches) {
+               $oSelf =& new WP_MatchesMapRegex($subject, $matches);
+               return $oSelf->output;                                                                                                                          
+       }
+       
+       /**
+        * do the actual mapping 
+        * 
+        * @access private
+        * @return string
+        */
+       function _map() {
+               $callback = array(&$this, 'callback');
+               return preg_replace_callback($this->_pattern, $callback, $this->_subject);
+       }
+       
+       /**
+        * preg_replace_callback hook
+        * 
+        * @access public
+        * @param  array $matches preg_replace regexp matches
+        * @return string
+        */
+       function callback($matches) {
+               $index = intval(substr($matches[0], 9, -1));
+               return ( isset( $this->_matches[$index] ) ? $this->_matches[$index] : '' );
+       }
+       
+}
+
  ?>
  ?>
diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php

index e87801b6d6a9e2c2ddfd3015f1cf7560d3c88949..a5ebcd166837c553da9d837763c9e2bafda34256 100644 (file)
--- a/wp-includes/comment-template.php
+++ b/wp-includes/comment-template.php
@@ -338,6 +338,8 @@ function get_comment_class( $class = '', $comment_id = null, $post_id = null ) {
                 $classes = array_merge($classes, $class);
         }
  
                 $classes = array_merge($classes, $class);
         }
  
+       $classes = array_map('esc_attr', $classes);
+
         return apply_filters('comment_class', $classes, $class, $comment_id, $post_id);
  }
  
         return apply_filters('comment_class', $classes, $class, $comment_id, $post_id);
  }
  
@@ -940,7 +942,7 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c
         $number = get_comments_number( $id );
  
         if ( 0 == $number && !comments_open() && !pings_open() ) {
         $number = get_comments_number( $id );
  
         if ( 0 == $number && !comments_open() && !pings_open() ) {
-               echo '<span' . ((!empty($css_class)) ? ' class="' . $css_class . '"' : '') . '>' . $none . '</span>';
+               echo '<span' . ((!empty($css_class)) ? ' class="' . esc_attr( $css_class ) . '"' : '') . '>' . $none . '</span>';
                 return;
         }
  
                 return;
         }
  
@@ -972,7 +974,7 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c
  
         echo apply_filters( 'comments_popup_link_attributes', '' );
  
  
         echo apply_filters( 'comments_popup_link_attributes', '' );
  
-       echo ' title="' . sprintf( __('Comment on %s'), $title ) . '">';
+       echo ' title="' . esc_attr( sprintf( __('Comment on %s'), $title ) ) . '">';
         comments_number( $zero, $one, $more, $number );
         echo '</a>';
  }
         comments_number( $zero, $one, $more, $number );
         echo '</a>';
  }
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php

index 53cfeeae89dba67a91d811145fb6dffc6dcc3fb8..37b75229e396b4a2d298086bfad0735b4c54e523 100644 (file)
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -600,7 +600,7 @@ function remove_accents($string) {
   */
  function sanitize_file_name( $filename ) {
         $filename_raw = $filename;
   */
  function sanitize_file_name( $filename ) {
         $filename_raw = $filename;
-       $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}");
+       $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
         $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
         $filename = str_replace($special_chars, '', $filename);
         $filename = preg_replace('/[\s-]+/', '-', $filename);
         $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
         $filename = str_replace($special_chars, '', $filename);
         $filename = preg_replace('/[\s-]+/', '-', $filename);
@@ -1452,18 +1452,20 @@ function wp_iso_descrambler($string) {
   * Returns a date in the GMT equivalent.
   *
   * Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the
   * Returns a date in the GMT equivalent.
   *
   * Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the
- * value of the 'gmt_offset' option.
+ * value of the 'gmt_offset' option. Return format can be overridden using the
+ * $format parameter
   *
   * @since 1.2.0
   *
   * @uses get_option() to retrieve the the value of 'gmt_offset'.
   * @param string $string The date to be converted.
   *
   * @since 1.2.0
   *
   * @uses get_option() to retrieve the the value of 'gmt_offset'.
   * @param string $string The date to be converted.
+ * @param string $format The format string for the returned date (default is Y-m-d H:i:s)
   * @return string GMT version of the date provided.
   */
   * @return string GMT version of the date provided.
   */
-function get_gmt_from_date($string) {
+function get_gmt_from_date($string, $format = 'Y-m-d H:i:s') {
         preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
         $string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
         preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
         $string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
-       $string_gmt = gmdate('Y-m-d H:i:s', $string_time - get_option('gmt_offset') * 3600);
+       $string_gmt = gmdate($format, $string_time - get_option('gmt_offset') * 3600);
         return $string_gmt;
  }
  
         return $string_gmt;
  }
  
@@ -1471,17 +1473,18 @@ function get_gmt_from_date($string) {
   * Converts a GMT date into the correct format for the blog.
   *
   * Requires and returns in the Y-m-d H:i:s format. Simply adds the value of
   * Converts a GMT date into the correct format for the blog.
   *
   * Requires and returns in the Y-m-d H:i:s format. Simply adds the value of
- * gmt_offset.
+ * gmt_offset.Return format can be overridden using the $format parameter
   *
   * @since 1.2.0
   *
   * @param string $string The date to be converted.
   *
   * @since 1.2.0
   *
   * @param string $string The date to be converted.
+ * @param string $format The format string for the returned date (default is Y-m-d H:i:s)
   * @return string Formatted date relative to the GMT offset.
   */
   * @return string Formatted date relative to the GMT offset.
   */
-function get_date_from_gmt($string) {
+function get_date_from_gmt($string, $format = 'Y-m-d H:i:s') {
         preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
         $string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
         preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
         $string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
-       $string_localtime = gmdate('Y-m-d H:i:s', $string_time + get_option('gmt_offset')*3600);
+       $string_localtime = gmdate($format, $string_time + get_option('gmt_offset')*3600);
         return $string_localtime;
  }
  
         return $string_localtime;
  }
  
diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php

index 68c73cedaaf2bb70b6f0dce82c8370efbc3ca1d3..ff52097c5fd131cacad9c4995fecb930ea661d2c 100644 (file)
--- a/wp-includes/general-template.php
+++ b/wp-includes/general-template.php
@@ -1023,7 +1023,7 @@ function get_calendar($initial = true) {
  
         /* translators: Calendar caption: 1: month name, 2: 4-digit year */
         $calendar_caption = _x('%1$s %2$s', 'calendar caption');
  
         /* translators: Calendar caption: 1: month name, 2: 4-digit year */
         $calendar_caption = _x('%1$s %2$s', 'calendar caption');
-       echo '<table id="wp-calendar" summary="' . __('Calendar') . '">
+       echo '<table id="wp-calendar" summary="' . esc_attr__('Calendar') . '">
         <caption>' . sprintf($calendar_caption, $wp_locale->get_month($thismonth), date('Y', $unixmonth)) . '</caption>
         <thead>
         <tr>';
         <caption>' . sprintf($calendar_caption, $wp_locale->get_month($thismonth), date('Y', $unixmonth)) . '</caption>
         <thead>
         <tr>';
@@ -1036,6 +1036,7 @@ function get_calendar($initial = true) {
  
         foreach ( $myweek as $wd ) {
                 $day_name = (true == $initial) ? $wp_locale->get_weekday_initial($wd) : $wp_locale->get_weekday_abbrev($wd);
  
         foreach ( $myweek as $wd ) {
                 $day_name = (true == $initial) ? $wp_locale->get_weekday_initial($wd) : $wp_locale->get_weekday_abbrev($wd);
+               $wd = esc_attr($wd);
                 echo "\n\t\t<th abbr=\"$wd\" scope=\"col\" title=\"$wd\">$day_name</th>";
         }
  
                 echo "\n\t\t<th abbr=\"$wd\" scope=\"col\" title=\"$wd\">$day_name</th>";
         }
  
@@ -1058,8 +1059,8 @@ function get_calendar($initial = true) {
  
         if ( $next ) {
                 echo "\n\t\t".'<td abbr="' . $wp_locale->get_month($next->month) . '" colspan="3" id="next"><a href="' .
  
         if ( $next ) {
                 echo "\n\t\t".'<td abbr="' . $wp_locale->get_month($next->month) . '" colspan="3" id="next"><a href="' .
-               get_month_link($next->year, $next->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $wp_locale->get_month($next->month),
-                       date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) . '">' . $wp_locale->get_month_abbrev($wp_locale->get_month($next->month)) . ' &raquo;</a></td>';
+               get_month_link($next->year, $next->month) . '" title="' . esc_attr( sprintf(__('View posts for %1$s %2$s'), $wp_locale->get_month($next->month) ,
+                       date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) ) . '">' . $wp_locale->get_month_abbrev($wp_locale->get_month($next->month)) . ' &raquo;</a></td>';
         } else {
                 echo "\n\t\t".'<td colspan="3" id="next" class="pad">&nbsp;</td>';
         }
         } else {
                 echo "\n\t\t".'<td colspan="3" id="next" class="pad">&nbsp;</td>';
         }
@@ -1116,7 +1117,7 @@ function get_calendar($initial = true) {
         // See how much we should pad in the beginning
         $pad = calendar_week_mod(date('w', $unixmonth)-$week_begins);
         if ( 0 != $pad )
         // See how much we should pad in the beginning
         $pad = calendar_week_mod(date('w', $unixmonth)-$week_begins);
         if ( 0 != $pad )
-               echo "\n\t\t".'<td colspan="'.$pad.'" class="pad">&nbsp;</td>';
+               echo "\n\t\t".'<td colspan="'. esc_attr($pad) .'" class="pad">&nbsp;</td>';
  
         $daysinmonth = intval(date('t', $unixmonth));
         for ( $day = 1; $day <= $daysinmonth; ++$day ) {
  
         $daysinmonth = intval(date('t', $unixmonth));
         for ( $day = 1; $day <= $daysinmonth; ++$day ) {
@@ -1130,7 +1131,7 @@ function get_calendar($initial = true) {
                         echo '<td>';
  
                 if ( in_array($day, $daywithpost) ) // any posts today?
                         echo '<td>';
  
                 if ( in_array($day, $daywithpost) ) // any posts today?
-                               echo '<a href="' . get_day_link($thisyear, $thismonth, $day) . "\" title=\"$ak_titles_for_day[$day]\">$day</a>";
+                               echo '<a href="' . get_day_link($thisyear, $thismonth, $day) . "\" title=\"" . esc_attr($ak_titles_for_day[$day]) . "\">$day</a>";
                 else
                         echo $day;
                 echo '</td>';
                 else
                         echo $day;
                 echo '</td>';
@@ -1141,7 +1142,7 @@ function get_calendar($initial = true) {
  
         $pad = 7 - calendar_week_mod(date('w', mktime(0, 0 , 0, $thismonth, $day, $thisyear))-$week_begins);
         if ( $pad != 0 && $pad != 7 )
  
         $pad = 7 - calendar_week_mod(date('w', mktime(0, 0 , 0, $thismonth, $day, $thisyear))-$week_begins);
         if ( $pad != 0 && $pad != 7 )
-               echo "\n\t\t".'<td class="pad" colspan="'.$pad.'">&nbsp;</td>';
+               echo "\n\t\t".'<td class="pad" colspan="'. esc_attr($pad) .'">&nbsp;</td>';
  
         echo "\n\t</tr>\n\t</tbody>\n\t</table>";
  
  
         echo "\n\t</tr>\n\t</tbody>\n\t</table>";
  
diff --git a/wp-includes/media.php b/wp-includes/media.php

index 7f34963842d7d62b93ba7de00bcf74945ac28188..22e67819950be97266921c8a898103251f6a95a5 100644 (file)
--- a/wp-includes/media.php
+++ b/wp-includes/media.php
@@ -591,9 +591,9 @@ function img_caption_shortcode($attr, $content = null) {
         if ( 1 > (int) $width || empty($caption) )
                 return $content;
  
         if ( 1 > (int) $width || empty($caption) )
                 return $content;
  
-       if ( $id ) $id = 'id="' . $id . '" ';
+       if ( $id ) $id = 'id="' . esc_attr($id) . '" ';
  
  
-       return '<div ' . $id . 'class="wp-caption ' . $align . '" style="width: ' . (10 + (int) $width) . 'px">'
+       return '<div ' . $id . 'class="wp-caption ' . esc_attr($align) . '" style="width: ' . (10 + (int) $width) . 'px">'
         . do_shortcode( $content ) . '<p class="wp-caption-text">' . $caption . '</p></div>';
  }
  
         . do_shortcode( $content ) . '<p class="wp-caption-text">' . $caption . '</p></div>';
  }
  
diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php

index 35a7caa9fbdd650f6408ff79c2c4d1bfd5100832..c473bdcc59c6971ab71287861012f068784a92cc 100644 (file)
--- a/wp-includes/post-template.php
+++ b/wp-includes/post-template.php
@@ -342,6 +342,8 @@ function get_post_class( $class = '', $post_id = null ) {
                 $classes = array_merge($classes, $class);
         }
  
                 $classes = array_merge($classes, $class);
         }
  
+       $classes = array_map('esc_attr', $classes);
+
         return apply_filters('post_class', $classes, $class, $post_id);
  }
  
         return apply_filters('post_class', $classes, $class, $post_id);
  }
  
@@ -478,6 +480,8 @@ function get_body_class( $class = '' ) {
                 $classes = array_merge($classes, $class);
         }
  
                 $classes = array_merge($classes, $class);
         }
  
+       $classes = array_map('esc_attr', $classes);
+
         return apply_filters('body_class', $classes, $class);
  }
  
         return apply_filters('body_class', $classes, $class);
  }
  
@@ -706,6 +710,7 @@ function wp_dropdown_pages($args = '') {
  
         $pages = get_pages($r);
         $output = '';
  
         $pages = get_pages($r);
         $output = '';
+       $name = esc_attr($name);
  
         if ( ! empty($pages) ) {
                 $output = "<select name=\"$name\" id=\"$name\">\n";
  
         if ( ! empty($pages) ) {
                 $output = "<select name=\"$name\" id=\"$name\">\n";
@@ -842,7 +847,7 @@ function wp_page_menu( $args = array() ) {
         if ( $menu )
                 $menu = '<ul>' . $menu . '</ul>';
  
         if ( $menu )
                 $menu = '<ul>' . $menu . '</ul>';
  
-       $menu = '<div class="' . $args['menu_class'] . '">' . $menu . "</div>\n";
+       $menu = '<div class="' . esc_attr($args['menu_class']) . '">' . $menu . "</div>\n";
         $menu = apply_filters( 'wp_page_menu', $menu, $args );
         if ( $args['echo'] )
                 echo $menu;
         $menu = apply_filters( 'wp_page_menu', $menu, $args );
         if ( $args['echo'] )
                 echo $menu;
diff --git a/wp-includes/rewrite.php b/wp-includes/rewrite.php

index 3486c4a5b464be5d95bd8f0fc8bcc9084ce7abbc..c04c6a7ea1ab321db1d21d7aa7d165c444c99121 100644 (file)
--- a/wp-includes/rewrite.php
+++ b/wp-includes/rewrite.php
@@ -299,7 +299,7 @@ function url_to_postid($url) {
                         $query = preg_replace("!^.+\?!", '', $query);
  
                         // Substitute the substring matches into the query.
                         $query = preg_replace("!^.+\?!", '', $query);
  
                         // Substitute the substring matches into the query.
-                       eval("\$query = \"" . addslashes($query) . "\";");
+                       $query = addslashes(WP_MatchesMapRegex::apply($query, $matches));
                         // Filter out non-public query vars
                         global $wp;
                         parse_str($query, $query_vars);
                         // Filter out non-public query vars
                         global $wp;
                         parse_str($query, $query_vars);
diff --git a/wp-includes/theme.php b/wp-includes/theme.php

index 9d56a6403d0f8a801276a49c8ef9360f3a509c94..2c800535aecc11ed549859d339ef66b98e965c80 100644 (file)
--- a/wp-includes/theme.php
+++ b/wp-includes/theme.php
@@ -875,13 +875,13 @@ function preview_theme() {
         if ( validate_file($_GET['template']) )
                 return;
  
         if ( validate_file($_GET['template']) )
                 return;
  
-       add_filter( 'template', create_function('', "return '{$_GET['template']}';") );
+       add_filter( 'template', '_preview_theme_template_filter' );
  
         if ( isset($_GET['stylesheet']) ) {
                 $_GET['stylesheet'] = preg_replace('|[^a-z0-9_./-]|i', '', $_GET['stylesheet']);
                 if ( validate_file($_GET['stylesheet']) )
                         return;
  
         if ( isset($_GET['stylesheet']) ) {
                 $_GET['stylesheet'] = preg_replace('|[^a-z0-9_./-]|i', '', $_GET['stylesheet']);
                 if ( validate_file($_GET['stylesheet']) )
                         return;
-               add_filter( 'stylesheet', create_function('', "return '{$_GET['stylesheet']}';") );
+               add_filter( 'stylesheet', '_preview_theme_stylesheet_filter' );
         }
  
         // Prevent theme mods to current theme being used on theme being previewed
         }
  
         // Prevent theme mods to current theme being used on theme being previewed
@@ -891,6 +891,24 @@ function preview_theme() {
  }
  add_action('setup_theme', 'preview_theme');
  
  }
  add_action('setup_theme', 'preview_theme');
  
+/**
+ * Private function to modify the current template when previewing a theme
+ * 
+ * @return string
+ */
+function _preview_theme_template_filter() {
+       return isset($_GET['template']) ? $_GET['template'] : '';
+}
+
+/**
+ * Private function to modify the current stylesheet when previewing a theme
+ * 
+ * @return string
+ */
+function _preview_theme_stylesheet_filter() {
+       return isset($_GET['stylesheet']) ? $_GET['stylesheet'] : '';
+}
+
  /**
   * Callback function for ob_start() to capture all links in the theme.
   *
  /**
   * Callback function for ob_start() to capture all links in the theme.
   *
diff --git a/wp-includes/version.php b/wp-includes/version.php

index 22b86360b1408c0b7a8b6f0d391b982023f68bd7..401a3a95982dbe306be1e049da3a7aee8c7ec75b 100644 (file)
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -8,7 +8,7 @@
   *
   * @global string $wp_version
   */
   *
   * @global string $wp_version
   */
-$wp_version = '2.8.4';
+$wp_version = '2.8.5';
  
  /**
   * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
  
  /**
   * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
diff --git a/wp-trackback.php b/wp-trackback.php

index 58886f8dc574c6924766edbc239498d6a6eb56bf..2c45d472c7609fc1ce599e90713c8166851231fb 100644 (file)
--- a/wp-trackback.php
+++ b/wp-trackback.php
@@ -50,7 +50,7 @@ $excerpt   = stripslashes($_POST['excerpt']);
  $blog_name = stripslashes($_POST['blog_name']);
  
  if ($charset)
  $blog_name = stripslashes($_POST['blog_name']);
  
  if ($charset)
-       $charset = strtoupper( trim($charset) );
+       $charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
  else
         $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
  
  else
         $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
  
diff --git a/xmlrpc.php b/xmlrpc.php

index e8d8a2e8357e0f6afed587789fd51c0594fd38b4..6e5848e8c582e28efbcc9e711894baec8c45ac5f 100644 (file)
--- a/xmlrpc.php
+++ b/xmlrpc.php
@@ -526,6 +526,11 @@ class wp_xmlrpc_server extends IXR_Server {
                         $page_date = mysql2date("Ymd\TH:i:s", $page->post_date, false);
                         $page_date_gmt = mysql2date("Ymd\TH:i:s", $page->post_date_gmt, false);
  
                         $page_date = mysql2date("Ymd\TH:i:s", $page->post_date, false);
                         $page_date_gmt = mysql2date("Ymd\TH:i:s", $page->post_date_gmt, false);
  
+                       // For drafts use the GMT version of the date
+                       if ( $page->post_status == 'draft' ) {
+                               $page_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $page->post_date ), 'Ymd\TH:i:s' );
+                       }
+
                         // Pull the categories info together.
                         $categories = array();
                         foreach(wp_get_post_categories($page->ID) as $cat_id) {
                         // Pull the categories info together.
                         $categories = array();
                         foreach(wp_get_post_categories($page->ID) as $cat_id) {
@@ -790,7 +795,8 @@ class wp_xmlrpc_server extends IXR_Server {
                                 post_title page_title,
                                 post_parent page_parent_id,
                                 post_date_gmt,
                                 post_title page_title,
                                 post_parent page_parent_id,
                                 post_date_gmt,
-                               post_date
+                               post_date,
+                               post_status
                         FROM {$wpdb->posts}
                         WHERE post_type = 'page'
                         ORDER BY ID
                         FROM {$wpdb->posts}
                         WHERE post_type = 'page'
                         ORDER BY ID
@@ -805,8 +811,15 @@ class wp_xmlrpc_server extends IXR_Server {
                         $page_list[$i]->dateCreated = new IXR_Date($post_date);
                         $page_list[$i]->date_created_gmt = new IXR_Date($post_date_gmt);
  
                         $page_list[$i]->dateCreated = new IXR_Date($post_date);
                         $page_list[$i]->date_created_gmt = new IXR_Date($post_date_gmt);
  
+                       // For drafts use the GMT version of the date
+                       if ( $page_list[$i]->post_status == 'draft' ) {
+                               $page_list[$i]->date_created_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $page_list[$i]->post_date ), 'Ymd\TH:i:s' );
+                               $page_list[$i]->date_created_gmt = new IXR_Date( $page_list[$i]->date_created_gmt );
+                       }
+
                         unset($page_list[$i]->post_date_gmt);
                         unset($page_list[$i]->post_date);
                         unset($page_list[$i]->post_date_gmt);
                         unset($page_list[$i]->post_date);
+                       unset($page_list[$i]->post_status);
                 }
  
                 return($page_list);
                 }
  
                 return($page_list);
@@ -2576,9 +2589,7 @@ class wp_xmlrpc_server extends IXR_Server {
  
                         // For drafts use the GMT version of the post date
                         if ( $postdata['post_status'] == 'draft' ) {
  
                         // For drafts use the GMT version of the post date
                         if ( $postdata['post_status'] == 'draft' ) {
-                               $post_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $postdata['post_date'] ) );
-                               $post_date_gmt = preg_replace( '|\-|', '', $post_date_gmt );
-                               $post_date_gmt = preg_replace( '| |', 'T', $post_date_gmt );
+                               $post_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $postdata['post_date'] ), 'Ymd\TH:i:s' );
                         }
  
                         $categories = array();
                         }
  
                         $categories = array();
@@ -2697,6 +2708,11 @@ class wp_xmlrpc_server extends IXR_Server {
                         $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date'], false);
                         $post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt'], false);
  
                         $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date'], false);
                         $post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt'], false);
  
+                       // For drafts use the GMT version of the date
+                       if ( $entry['post_status'] == 'draft' ) {
+                               $post_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $entry['post_date'] ), 'Ymd\TH:i:s' );
+                       }
+
                         $categories = array();
                         $catids = wp_get_post_categories($entry['ID']);
                         foreach($catids as $catid) {
                         $categories = array();
                         $catids = wp_get_post_categories($entry['ID']);
                         foreach($catids as $catid) {
@@ -2932,6 +2948,11 @@ class wp_xmlrpc_server extends IXR_Server {
                         $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date'], false);
                         $post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt'], false);
  
                         $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date'], false);
                         $post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt'], false);
  
+                       // For drafts use the GMT version of the date
+                       if ( $entry['post_status'] == 'draft' ) {
+                               $post_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $entry['post_date'] ), 'Ymd\TH:i:s' );
+                       }
+
                         $struct[] = array(
                                 'dateCreated' => new IXR_Date($post_date),
                                 'userid' => $entry['post_author'],
                         $struct[] = array(
                                 'dateCreated' => new IXR_Date($post_date),
                                 'userid' => $entry['post_author'],
author	Edward Z. Yang <ezyang@mit.edu>
	Sat, 21 Nov 2009 02:06:25 +0000 (21:06 -0500)
committer	Edward Z. Yang <ezyang@mit.edu>
	Sat, 21 Nov 2009 02:06:25 +0000 (21:06 -0500)
readme.html		patch \| blob \| history
wp-admin/edit-attachment-rows.php		patch \| blob \| history
wp-admin/import/btt.php	[deleted file]	patch \| blob \| history
wp-admin/import/jkw.php	[deleted file]	patch \| blob \| history
wp-admin/import/wordpress.php		patch \| blob \| history
wp-admin/includes/post.php		patch \| blob \| history
wp-admin/includes/update-core.php		patch \| blob \| history
wp-admin/install.php		patch \| blob \| history
wp-admin/page.php		patch \| blob \| history
wp-admin/post.php		patch \| blob \| history
wp-app.php		patch \| blob \| history
wp-content/plugins/akismet/akismet.php		patch \| blob \| history
wp-content/plugins/akismet/readme.txt		patch \| blob \| history
wp-includes/author-template.php		patch \| blob \| history
wp-includes/bookmark-template.php		patch \| blob \| history
wp-includes/capabilities.php		patch \| blob \| history
wp-includes/category-template.php		patch \| blob \| history
wp-includes/classes.php		patch \| blob \| history
wp-includes/comment-template.php		patch \| blob \| history
wp-includes/formatting.php		patch \| blob \| history
wp-includes/general-template.php		patch \| blob \| history
wp-includes/media.php		patch \| blob \| history
wp-includes/post-template.php		patch \| blob \| history
wp-includes/rewrite.php		patch \| blob \| history
wp-includes/theme.php		patch \| blob \| history
wp-includes/version.php		patch \| blob \| history
wp-trackback.php		patch \| blob \| history
xmlrpc.php		patch \| blob \| history