Wordpress 3.1.4

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>

diff --git a/readme.html b/readme.html
index 0939107c56462d72bc139c385931608e217991bb..4b4f36ce6b961cd4556146f5fa5d32ad7869c7e9 100644 (file)
--- a/readme.html
+++ b/readme.html
@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo">
        <a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" width="250" height="68" /></a>
 <body>
 <h1 id="logo">
        <a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" width="250" height="68" /></a>

-       <br /> Version 3.1.3
+       <br /> Version 3.1.4

 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 

diff --git a/wp-admin/custom-header.php b/wp-admin/custom-header.php
index bf5f415793e1482af5b98b38789e15f5d75b8da5..cdd58fa9c71d8db1bbad4d77f1b22b99d4b535a7 100644 (file)
--- a/wp-admin/custom-header.php
+++ b/wp-admin/custom-header.php
@@ -596,7 +596,8 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?>
                'post_content' => $url,
                'post_mime_type' => $type,
                'guid' => $url,
                'post_content' => $url,
                'post_mime_type' => $type,
                'guid' => $url,

-               'context' => 'custom-header');
+               'context' => 'custom-header'
+               );

 
                // Save the data
                $id = wp_insert_attachment($object, $file);
 
                // Save the data
                $id = wp_insert_attachment($object, $file);

diff --git a/wp-admin/includes/deprecated.php b/wp-admin/includes/deprecated.php
index b91c64fc771aa42d67288d991ac1ab084334cae0..a318f0ee7977c77bbe59c5fefc409b73a00d7d8b 100644 (file)
--- a/wp-admin/includes/deprecated.php
+++ b/wp-admin/includes/deprecated.php
@@ -454,7 +454,7 @@ class WP_User_Search {
        function WP_User_Search ($search_term = '', $page = '', $role = '') {
                _deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' );
 
        function WP_User_Search ($search_term = '', $page = '', $role = '') {
                _deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' );
 

-               $this->search_term = $search_term;
+               $this->search_term = stripslashes( $search_term );

                $this->raw_page = ( '' == $page ) ? false : (int) $page;
                $this->page = (int) ( '' == $page ) ? 1 : $page;
                $this->role = $role;
                $this->raw_page = ( '' == $page ) ? false : (int) $page;
                $this->page = (int) ( '' == $page ) ? 1 : $page;
                $this->role = $role;


@@ -485,7 +485,7 @@ class WP_User_Search {
                        $searches = array();
                        $search_sql = 'AND (';
                        foreach ( array('user_login', 'user_nicename', 'user_email', 'user_url', 'display_name') as $col )
                        $searches = array();
                        $search_sql = 'AND (';
                        foreach ( array('user_login', 'user_nicename', 'user_email', 'user_url', 'display_name') as $col )

-                               $searches[] = $col . " LIKE '%$this->search_term%'";
+                               $searches[] = $wpdb->prepare( $col . ' LIKE %s', '%' . like_escape($this->search_term) . '%' );

                        $search_sql .= implode(' OR ', $searches);
                        $search_sql .= ')';
                }
                        $search_sql .= implode(' OR ', $searches);
                        $search_sql .= ')';
                }

diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index 7e27ded13399e4d837adeb0b3a041be4dacfb62d..99deac5a330bb5b7cfd640d34dfe9525245f5e43 100644 (file)
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -228,6 +228,10 @@ function media_handle_upload($file_id, $post_id, $post_data = array(), $override
                'post_content' => $content,
        ), $post_data );
 
                'post_content' => $content,
        ), $post_data );
 

+       // This should never be set as it would then overwrite an existing attachment.
+       if ( isset( $attachment['ID'] ) )
+               unset( $attachment['ID'] );
+

        // Save the data
        $id = wp_insert_attachment($attachment, $file, $post_id);
        if ( !is_wp_error($id) ) {
        // Save the data
        $id = wp_insert_attachment($attachment, $file, $post_id);
        if ( !is_wp_error($id) ) {


@@ -281,6 +285,10 @@ function media_handle_sideload($file_array, $post_id, $desc = null, $post_data =
                'post_content' => $content,
        ), $post_data );
 
                'post_content' => $content,
        ), $post_data );
 

+       // This should never be set as it would then overwrite an existing attachment.
+       if ( isset( $attachment['ID'] ) )
+               unset( $attachment['ID'] );
+

        // Save the attachment metadata
        $id = wp_insert_attachment($attachment, $file, $post_id);
        if ( !is_wp_error($id) )
        // Save the attachment metadata
        $id = wp_insert_attachment($attachment, $file, $post_id);
        if ( !is_wp_error($id) )


@@ -419,6 +427,11 @@ function media_upload_form_handler() {
 
        if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
                $post = $_post = get_post($attachment_id, ARRAY_A);
 
        if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
                $post = $_post = get_post($attachment_id, ARRAY_A);

+               $post_type_object = get_post_type_object( $post[ 'post_type' ] );
+
+               if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
+                       continue;
+

                if ( isset($attachment['post_content']) )
                        $post['post_content'] = $attachment['post_content'];
                if ( isset($attachment['post_title']) )
                if ( isset($attachment['post_content']) )
                        $post['post_content'] = $attachment['post_content'];
                if ( isset($attachment['post_title']) )

diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php
index bb6f469fccaa362587f22e24784bf18936ae04f5..3f4d6f1136ff1504fbee0205515842795a5ba06c 100644 (file)
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -135,6 +135,9 @@ function edit_post( $post_data = null ) {
        if ( empty($post_data) )
                $post_data = &$_POST;
 
        if ( empty($post_data) )
                $post_data = &$_POST;
 

+       // Clear out any data in internal vars.
+       unset( $post_data['filter'] );
+

        $post_ID = (int) $post_data['post_ID'];
        $post = get_post( $post_ID );
        $post_data['post_type'] = $post->post_type;
        $post_ID = (int) $post_data['post_ID'];
        $post = get_post( $post_ID );
        $post_data['post_type'] = $post->post_type;


@@ -341,7 +344,8 @@ function bulk_edit_posts( $post_data = null ) {
                        continue;
                }
 
                        continue;
                }
 

-               $tax_names = get_object_taxonomies( get_post($post_ID) );
+               $post = get_post( $post_ID );
+               $tax_names = get_object_taxonomies( $post );

                foreach ( $tax_names as $tax_name ) {
                        $taxonomy_obj = get_taxonomy($tax_name);
                        if (  isset( $tax_input[$tax_name]) && current_user_can( $taxonomy_obj->cap->assign_terms ) )
                foreach ( $tax_names as $tax_name ) {
                        $taxonomy_obj = get_taxonomy($tax_name);
                        if (  isset( $tax_input[$tax_name]) && current_user_can( $taxonomy_obj->cap->assign_terms ) )


@@ -363,6 +367,9 @@ function bulk_edit_posts( $post_data = null ) {
                        unset( $post_data['tax_input']['category'] );
                }
 
                        unset( $post_data['tax_input']['category'] );
                }
 

+               $post_data['post_mime_type'] = $post->post_mime_type;
+               $post_data['guid'] = $post->guid;
+

                $post_data['ID'] = $post_ID;
                $updated[] = wp_update_post( $post_data );
 
                $post_data['ID'] = $post_ID;
                $updated[] = wp_update_post( $post_data );
 


@@ -534,6 +541,9 @@ function wp_write_post() {
 
        $_POST['post_mime_type'] = '';
 
 
        $_POST['post_mime_type'] = '';
 

+       // Clear out any data in internal vars.
+       unset( $_POST['filter'] );
+

        // Check for autosave collisions
        // Does this need to be updated? ~ Mark
        $temp_id = false;
        // Check for autosave collisions
        // Does this need to be updated? ~ Mark
        $temp_id = false;


@@ -553,6 +563,15 @@ function wp_write_post() {
                }
        }
 
                }
        }
 

+       // Edit don't write if we have a post id.
+       if ( isset( $_POST['ID'] ) ) {
+               $_POST['post_ID'] = $_POST['ID'];
+               unset ( $_POST['ID'] );
+       }
+       if ( isset( $_POST['post_ID'] ) ) {
+               return edit_post();
+       }
+

        $translated = _wp_translate_postdata( false );
        if ( is_wp_error($translated) )
                return $translated;
        $translated = _wp_translate_postdata( false );
        if ( is_wp_error($translated) )
                return $translated;


@@ -997,9 +1016,9 @@ function wp_edit_attachments_query( $q = false ) {
        $q['cat'] = isset( $q['cat'] ) ? (int) $q['cat'] : 0;
        $q['post_type'] = 'attachment';
        $post_type = get_post_type_object( 'attachment' );
        $q['cat'] = isset( $q['cat'] ) ? (int) $q['cat'] : 0;
        $q['post_type'] = 'attachment';
        $post_type = get_post_type_object( 'attachment' );

-       $states = array( 'inherit' );
+       $states = 'inherit';

        if ( current_user_can( $post_type->cap->read_private_posts ) )
        if ( current_user_can( $post_type->cap->read_private_posts ) )

-               $states[] = 'private';
+               $states .= ',private';

 
        $q['post_status'] = isset( $q['status'] ) && 'trash' == $q['status'] ? 'trash' : $states;
        $media_per_page = (int) get_user_option( 'upload_per_page' );
 
        $q['post_status'] = isset( $q['status'] ) && 'trash' == $q['status'] ? 'trash' : $states;
        $media_per_page = (int) get_user_option( 'upload_per_page' );

diff --git a/wp-admin/includes/update-core.php b/wp-admin/includes/update-core.php
index 0673363b857f7148d00534020ba7d69f9e30a3ea..6fceb8bd709292b90066b95d0e6613d06be49fe4 100644 (file)
--- a/wp-admin/includes/update-core.php
+++ b/wp-admin/includes/update-core.php
@@ -294,7 +294,7 @@ function update_core($from, $to) {
        $mysql_version  = $wpdb->db_version();
        $required_php_version = '4.3';
        $required_mysql_version = '4.1.2';
        $mysql_version  = $wpdb->db_version();
        $required_php_version = '4.3';
        $required_mysql_version = '4.1.2';

-       $wp_version = '3.1.3';
+       $wp_version = '3.1.4';

        $php_compat     = version_compare( $php_version, $required_php_version, '>=' );
        $mysql_compat   = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );
 
        $php_compat     = version_compare( $php_version, $required_php_version, '>=' );
        $mysql_compat   = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );
 

diff --git a/wp-admin/js/user-profile.dev.js b/wp-admin/js/user-profile.dev.js
index 4a2f39d618e537131a86f8900a26b2db160b20db..adffa95191d7a1e7983579ba1c8aa3916d705244 100644 (file)
--- a/wp-admin/js/user-profile.dev.js
+++ b/wp-admin/js/user-profile.dev.js
@@ -29,37 +29,39 @@
                }
        }
 
                }
        }
 

-       $(document).ready( function() {
+       $(document).ready(function() {

                $('#pass1').val('').keyup( check_pass_strength );
                $('#pass2').val('').keyup( check_pass_strength );
                $('#pass-strength-result').show();
                $('#pass1').val('').keyup( check_pass_strength );
                $('#pass2').val('').keyup( check_pass_strength );
                $('#pass-strength-result').show();

-               $('.color-palette').click(function(){$(this).siblings('input[name=admin_color]').attr('checked', 'checked')});
-               $('#nickname').blur(function(){
-                       var str = $(this).val() || $('#user_login').val();
-                       var select = $('#display_name');
-                       var sel = select.children('option:selected').attr('id');
-                       select.children('#display_nickname').remove();
-                       if ( ! select.children('option[value=' + str + ']').length )
-                               select.append('<option id="display_nickname" value="' + str + '">' + str + '</option>');
-                       $('#'+sel).attr('selected', 'selected');
-               });
-               $('#first_name, #last_name').blur(function(){
-                       var select = $('#display_name');
-                       var first = $('#first_name').val(), last = $('#last_name').val();
-                       var sel = select.children('option:selected').attr('id');
-                       $('#display_firstname, #display_lastname, #display_firstlast, #display_lastfirst').remove();
-                       if ( first && ! select.children('option[value=' + first + ']').length )
-                               select.append('<option id="display_firstname" value="' + first + '">' + first + '</option>');
-                       if ( last && ! select.children('option[value=' + last + ']').length )
-                               select.append('<option id="display_lastname" value="' + last + '">' + last + '</option>');
-                       if ( first && last ) {
-                               if ( ! select.children('option[value=' + first + ' ' + last + ']').length )
-                                       select.append('<option id="display_firstlast" value="' + first + ' ' + last + '">' + first + ' ' + last + '</option>');
-                               if ( ! select.children('option[value=' + last + ' ' + first + ']').length )
-                                       select.append('<option id="display_lastfirst" value="' + last + ' ' + first + '">' + last + ' ' + first + '</option>');
+               $('.color-palette').click(function(){$(this).siblings('input[name="admin_color"]').prop('checked', true)});
+               $('#first_name, #last_name, #nickname').blur(function(){
+                       var select = $('#display_name'), current = select.find('option:selected').attr('id'), dub = [],
+                               inputs = {
+                                       display_nickname : $('#nickname').val(),
+                                       display_username : $('#user_login').val(),
+                                       display_firstname : $('#first_name').val(),
+                                       display_lastname : $('#last_name').val()
+                               };
+
+                       if ( inputs.display_firstname && inputs.display_lastname ) {
+                               inputs['display_firstlast'] = inputs.display_firstname + ' ' + inputs.display_lastname;
+                               inputs['display_lastfirst'] = inputs.display_lastname + ' ' + inputs.display_firstname;

                        }
                        }

-                       $('#'+sel).attr('selected', 'selected');
+
+                       $('option', select).remove();
+                       $.each(inputs, function( id, value ) {
+                               var val = value.replace(/<\/?[a-z][^>]*>/gi, ''); 
+
+                               if ( inputs[id].length && $.inArray( val, dub ) == -1 ) {
+                                       dub.push(val);
+                                       $('<option />', {
+                                               'id': id,
+                                               'text': val,
+                                               'selected': (id == current)
+                                       }).appendTo( select );
+                               }
+                       });

                });
                });

-    });
+       });

 
 })(jQuery);
 
 })(jQuery);

diff --git a/wp-admin/js/user-profile.js b/wp-admin/js/user-profile.js
index e04139a131b1371fc5a61b2f66fa4aaad2466977..9f36f78febb8a5d5f96395491d8d408b2c2948ad 100644 (file)
--- a/wp-admin/js/user-profile.js
+++ b/wp-admin/js/user-profile.js
@@ -1 +1 @@
-(function(a){function b(){var e=a("#pass1").val(),d=a("#user_login").val(),c=a("#pass2").val(),f;a("#pass-strength-result").removeClass("short bad good strong");if(!e){a("#pass-strength-result").html(pwsL10n.empty);return}f=passwordStrength(e,d,c);switch(f){case 2:a("#pass-strength-result").addClass("bad").html(pwsL10n.bad);break;case 3:a("#pass-strength-result").addClass("good").html(pwsL10n.good);break;case 4:a("#pass-strength-result").addClass("strong").html(pwsL10n.strong);break;case 5:a("#pass-strength-result").addClass("short").html(pwsL10n.mismatch);break;default:a("#pass-strength-result").addClass("short").html(pwsL10n["short"])}}a(document).ready(function(){a("#pass1").val("").keyup(b);a("#pass2").val("").keyup(b);a("#pass-strength-result").show();a(".color-palette").click(function(){a(this).siblings("input[name=admin_color]").attr("checked","checked")});a("#nickname").blur(function(){var e=a(this).val()||a("#user_login").val();var c=a("#display_name");var d=c.children("option:selected").attr("id");c.children("#display_nickname").remove();if(!c.children("option[value="+e+"]").length){c.append('<option id="display_nickname" value="'+e+'">'+e+"</option>")}a("#"+d).attr("selected","selected")});a("#first_name, #last_name").blur(function(){var c=a("#display_name");var f=a("#first_name").val(),d=a("#last_name").val();var e=c.children("option:selected").attr("id");a("#display_firstname, #display_lastname, #display_firstlast, #display_lastfirst").remove();if(f&&!c.children("option[value="+f+"]").length){c.append('<option id="display_firstname" value="'+f+'">'+f+"</option>")}if(d&&!c.children("option[value="+d+"]").length){c.append('<option id="display_lastname" value="'+d+'">'+d+"</option>")}if(f&&d){if(!c.children("option[value="+f+" "+d+"]").length){c.append('<option id="display_firstlast" value="'+f+" "+d+'">'+f+" "+d+"</option>")}if(!c.children("option[value="+d+" "+f+"]").length){c.append('<option id="display_lastfirst" value="'+d+" "+f+'">'+d+" "+f+"</option>")}}a("#"+e).attr("selected","selected")})})})(jQuery);
\ No newline at end of file
+(function(a){function b(){var e=a("#pass1").val(),d=a("#user_login").val(),c=a("#pass2").val(),f;a("#pass-strength-result").removeClass("short bad good strong");if(!e){a("#pass-strength-result").html(pwsL10n.empty);return}f=passwordStrength(e,d,c);switch(f){case 2:a("#pass-strength-result").addClass("bad").html(pwsL10n.bad);break;case 3:a("#pass-strength-result").addClass("good").html(pwsL10n.good);break;case 4:a("#pass-strength-result").addClass("strong").html(pwsL10n.strong);break;case 5:a("#pass-strength-result").addClass("short").html(pwsL10n.mismatch);break;default:a("#pass-strength-result").addClass("short").html(pwsL10n["short"])}}a(document).ready(function(){a("#pass1").val("").keyup(b);a("#pass2").val("").keyup(b);a("#pass-strength-result").show();a(".color-palette").click(function(){a(this).siblings('input[name="admin_color"]').prop("checked",true)});a("#first_name, #last_name, #nickname").blur(function(){var c=a("#display_name"),e=c.find("option:selected").attr("id"),f=[],d={display_nickname:a("#nickname").val(),display_username:a("#user_login").val(),display_firstname:a("#first_name").val(),display_lastname:a("#last_name").val()};if(d.display_firstname&&d.display_lastname){d.display_firstlast=d.display_firstname+" "+d.display_lastname;d.display_lastfirst=d.display_lastname+" "+d.display_firstname}a("option",c).remove();a.each(d,function(i,g){var h=g.replace(/<\/?[a-z][^>]*>/gi,"");if(d[i].length&&a.inArray(h,f)==-1){f.push(h);a("<option />",{id:i,text:h,selected:(i==e)}).appendTo(c)}})})})})(jQuery);
\ No newline at end of file

diff --git a/wp-admin/options-general.php b/wp-admin/options-general.php
index 57a1b149ae6989d0f120ff26a4d166acb0f2914d..83679901efcd4b97ed84ab909f7ff79df69460fd 100644 (file)
--- a/wp-admin/options-general.php
+++ b/wp-admin/options-general.php
@@ -127,7 +127,7 @@ include('./admin-header.php');
 $new_admin_email = get_option( 'new_admin_email' );
 if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?>
 <div class="updated inline">
 $new_admin_email = get_option( 'new_admin_email' );
 if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?>
 <div class="updated inline">

-<p><?php printf( __('There is a pending change of the admin e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_admin_email, esc_url( admin_url( 'options.php?dismiss=new_admin_email' ) ) ); ?></p>
+<p><?php printf( __('There is a pending change of the admin e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), esc_html( $new_admin_email ), esc_url( admin_url( 'options.php?dismiss=new_admin_email' ) ) ); ?></p>

 </div>
 <?php endif; ?>
 </td>
 </div>
 <?php endif; ?>
 </td>

diff --git a/wp-content/themes/twentyten/languages/twentyten.pot b/wp-content/themes/twentyten/languages/twentyten.pot
index 33093f4550696cff36aa131789016aee708558fa..98db9df15ef821615be82c6ef5e218b617c9f3be 100644 (file)
--- a/wp-content/themes/twentyten/languages/twentyten.pot
+++ b/wp-content/themes/twentyten/languages/twentyten.pot
@@ -4,7 +4,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Twenty Ten 1.2\n"
 "Report-Msgid-Bugs-To: http://wordpress.org/tag/twentyten\n"
 msgstr ""
 "Project-Id-Version: Twenty Ten 1.2\n"
 "Report-Msgid-Bugs-To: http://wordpress.org/tag/twentyten\n"

-"POT-Creation-Date: 2011-02-22 08:27:35+00:00\n"
+"POT-Creation-Date: 2011-06-13 13:27:47+00:00\n"

 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"


@@ -16,6 +16,7 @@ msgstr ""
 msgid "Return to %s"
 msgstr ""
 
 msgid "Return to %s"
 msgstr ""
 

+#. translators: %s - title of parent post

 #: loop-attachment.php:23
 msgid "<span class=\"meta-nav\">&larr;</span> %s"
 msgstr ""
 #: loop-attachment.php:23
 msgid "<span class=\"meta-nav\">&larr;</span> %s"
 msgstr ""


@@ -186,34 +187,42 @@ msgstr ""
 msgid "Primary Navigation"
 msgstr ""
 
 msgid "Primary Navigation"
 msgstr ""
 

+#. translators: header image description

 #: functions.php:140
 msgid "Berries"
 msgstr ""
 
 #: functions.php:140
 msgid "Berries"
 msgstr ""
 

+#. translators: header image description

 #: functions.php:146
 msgid "Cherry Blossoms"
 msgstr ""
 
 #: functions.php:146
 msgid "Cherry Blossoms"
 msgstr ""
 

+#. translators: header image description

 #: functions.php:152
 msgid "Concave"
 msgstr ""
 
 #: functions.php:152
 msgid "Concave"
 msgstr ""
 

+#. translators: header image description

 #: functions.php:158
 msgid "Fern"
 msgstr ""
 
 #: functions.php:158
 msgid "Fern"
 msgstr ""
 

+#. translators: header image description

 #: functions.php:164
 msgid "Forest Floor"
 msgstr ""
 
 #: functions.php:164
 msgid "Forest Floor"
 msgstr ""
 

+#. translators: header image description

 #: functions.php:170
 msgid "Inkwell"
 msgstr ""
 
 #: functions.php:170
 msgid "Inkwell"
 msgstr ""
 

+#. translators: header image description

 #: functions.php:176
 msgid "Path"
 msgstr ""
 
 #: functions.php:176
 msgid "Path"
 msgstr ""
 

+#. translators: header image description

 #: functions.php:182
 msgid "Sunset"
 msgstr ""
 #: functions.php:182
 msgid "Sunset"
 msgstr ""


@@ -226,6 +235,7 @@ msgstr ""
 msgid "Your comment is awaiting moderation."
 msgstr ""
 
 msgid "Your comment is awaiting moderation."
 msgstr ""
 

+#. translators: 1: date, 2: time

 #: functions.php:340
 msgid "%1$s at %2$s"
 msgstr ""
 #: functions.php:340
 msgid "%1$s at %2$s"
 msgstr ""

diff --git a/wp-includes/bookmark.php b/wp-includes/bookmark.php
index 8b0fe487475ddd64e80fe03a581b52806dbaddd2..e1184231c445ddab03756e9a53ad1e96c5edcb15 100644 (file)
--- a/wp-includes/bookmark.php
+++ b/wp-includes/bookmark.php
@@ -213,22 +213,32 @@ function get_bookmarks($args = '') {
 
        $orderby = strtolower($orderby);
        $length = '';
 
        $orderby = strtolower($orderby);
        $length = '';

-       switch ($orderby) {
+       switch ( $orderby ) {

                case 'length':
                        $length = ", CHAR_LENGTH(link_name) AS length";
                        break;
                case 'rand':
                        $orderby = 'rand()';
                        break;
                case 'length':
                        $length = ", CHAR_LENGTH(link_name) AS length";
                        break;
                case 'rand':
                        $orderby = 'rand()';
                        break;

+               case 'link_id':
+                       $orderby = "$wpdb->links.link_id";
+                       break;

                default:
                        $orderparams = array();
                default:
                        $orderparams = array();

-                       foreach ( explode(',', $orderby) as $ordparam )
-                               $orderparams[] = 'link_' . trim($ordparam);
+                       foreach ( explode(',', $orderby) as $ordparam ) {
+                               $ordparam = trim($ordparam);
+                               if ( in_array( $ordparam, array( 'name', 'url', 'visible', 'rating', 'owner', 'updated' ) ) )
+                                       $orderparams[] = 'link_' . $ordparam;
+                       }

                        $orderby = implode(',', $orderparams);
        }
 
                        $orderby = implode(',', $orderparams);
        }
 

-       if ( 'link_id' == $orderby )
-               $orderby = "$wpdb->links.link_id";
+       if ( empty( $orderby ) )
+               $orderby = 'link_name';
+
+       $order = strtoupper( $order );
+       if ( '' !== $order && !in_array( $order, array( 'ASC', 'DESC' ) ) )
+               $order = 'ASC';

 
        $visible = '';
        if ( $hide_invisible )
 
        $visible = '';
        if ( $hide_invisible )

diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index 6c53f8631455252fb7c80193c38c3adaf7362f2c..92aae26d38f3df5ab5f8d52144abd5f2b6aa207d 100644 (file)
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -2440,7 +2440,14 @@ function sanitize_option($option, $value) {
                                        add_settings_error('admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.'));
                        }
                        break;
                                        add_settings_error('admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.'));
                        }
                        break;

-
+               case 'new_admin_email':
+                       $value = sanitize_email($value);
+                       if ( !is_email($value) ) {
+                               $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
+                               if ( function_exists('add_settings_error') )
+                                       add_settings_error('new_admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.'));
+                       }
+                       break;

                case 'thumbnail_size_w':
                case 'thumbnail_size_h':
                case 'medium_size_w':
                case 'thumbnail_size_w':
                case 'thumbnail_size_h':
                case 'medium_size_w':


@@ -2534,6 +2541,11 @@ function sanitize_option($option, $value) {
                                        add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.'));
                        }
                        break;
                                        add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.'));
                        }
                        break;

+               case 'WPLANG':
+                       $allowed = get_available_languages();
+                       if ( ! in_array( $value, $allowed ) && ! empty( $value ) )
+                               $value = get_option( $option );
+                       break;

 
                default :
                        $value = apply_filters("sanitize_option_{$option}", $value, $option);
 
                default :
                        $value = apply_filters("sanitize_option_{$option}", $value, $option);


@@ -2912,7 +2924,7 @@ function capital_P_dangit( $text ) {
  * @return string Sanitized mime type
  */
 function sanitize_mime_type( $mime_type ) {
  * @return string Sanitized mime type
  */
 function sanitize_mime_type( $mime_type ) {

-       $sani_mime_type = preg_replace( '/[^-*.a-zA-Z0-9\/]/', '', $mime_type );
+       $sani_mime_type = preg_replace( '/[^-+*.a-zA-Z0-9\/]/', '', $mime_type );

        return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type );
 }
 
        return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type );
 }
 

diff --git a/wp-includes/post.php b/wp-includes/post.php
index d859473b482b788590afd6bc687c23ac1d0ee1e1..b28a415cf6a43e122674e8df02d2c5916ce95add 100644 (file)
--- a/wp-includes/post.php
+++ b/wp-includes/post.php
@@ -2410,6 +2410,9 @@ function wp_insert_post($postarr, $wp_error = false) {
                'post_content' => '', 'post_title' => '');
 
        $postarr = wp_parse_args($postarr, $defaults);
                'post_content' => '', 'post_title' => '');
 
        $postarr = wp_parse_args($postarr, $defaults);

+
+       unset( $postarr[ 'filter' ] );
+

        $postarr = sanitize_post($postarr, 'db');
 
        // export array as variables
        $postarr = sanitize_post($postarr, 'db');
 
        // export array as variables


@@ -3421,6 +3424,43 @@ function &get_pages($args = '') {
 
        $where_post_type = $wpdb->prepare( "post_type = '%s' AND post_status = '%s'", $post_type, $post_status );
 
 
        $where_post_type = $wpdb->prepare( "post_type = '%s' AND post_status = '%s'", $post_type, $post_status );
 

+       $orderby_array = array();
+       $allowed_keys = array('author', 'post_author', 'date', 'post_date', 'title', 'post_title', 'modified',
+                                                 'post_modified', 'modified_gmt', 'post_modified_gmt', 'menu_order', 'parent', 'post_parent',
+                                                 'ID', 'rand', 'comment_count');
+       foreach ( explode( ',', $sort_column ) as $orderby ) {
+               $orderby = trim( $orderby );
+               if ( !in_array( $orderby, $allowed_keys ) )
+                       continue;
+
+               switch ( $orderby ) {
+                       case 'menu_order':
+                               break;
+                       case 'ID':
+                               $orderby = "$wpdb->posts.ID";
+                               break;
+                       case 'rand':
+                               $orderby = 'RAND()';
+                               break;
+                       case 'comment_count':
+                               $orderby = "$wpdb->posts.comment_count";
+                               break;
+                       default:
+                               if ( 0 === strpos( $orderby, 'post_' ) )
+                                       $orderby = "$wpdb->posts." . $orderby;
+                               else
+                                       $orderby = "$wpdb->posts.post_" . $orderby;
+               }
+
+               $orderby_array[] = $orderby;
+
+       }
+       $sort_column = ! empty( $orderby_array ) ? implode( ',', $orderby_array ) : "$wpdb->posts.post_title";
+
+       $sort_order = strtoupper( $sort_order );
+       if ( '' !== $sort_order && !in_array( $sort_order, array( 'ASC', 'DESC' ) ) )
+               $sort_order = 'ASC';
+

        $query = "SELECT * FROM $wpdb->posts $join WHERE ($where_post_type) $where ";
        $query .= $author_query;
        $query .= " ORDER BY " . $sort_column . " " . $sort_order ;
        $query = "SELECT * FROM $wpdb->posts $join WHERE ($where_post_type) $where ";
        $query .= $author_query;
        $query .= " ORDER BY " . $sort_column . " " . $sort_order ;


@@ -3547,6 +3587,8 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
        if ( !empty($parent) )
                $object['post_parent'] = $parent;
 
        if ( !empty($parent) )
                $object['post_parent'] = $parent;
 

+       unset( $object[ 'filter' ] );
+

        $object = sanitize_post($object, 'db');
 
        // export array as variables
        $object = sanitize_post($object, 'db');
 
        // export array as variables

diff --git a/wp-includes/query.php b/wp-includes/query.php
index 14942d94ec5af7c80dd19cf89cc8581e205385d5..6c0bd38d60eeb05a62c834d9bda4828e1c4eeb67 100644 (file)
--- a/wp-includes/query.php
+++ b/wp-includes/query.php
@@ -1625,8 +1625,12 @@ class WP_Query {
                                $qv['post_type'] = sanitize_key($qv['post_type']);
                }
 
                                $qv['post_type'] = sanitize_key($qv['post_type']);
                }
 

-               if ( !empty($qv['post_status']) )
-                       $qv['post_status'] = preg_replace('|[^a-z0-9_,-]|', '', $qv['post_status']);
+               if ( ! empty( $qv['post_status'] ) ) {
+                       if ( is_array( $qv['post_status'] ) )
+                               $qv['post_status'] = array_map('sanitize_key', $qv['post_status']);
+                       else
+                               $qv['post_status'] = preg_replace('|[^a-z0-9_,-]|', '', $qv['post_status']);
+               }

 
                if ( $this->is_posts_page && ( ! isset($qv['withcomments']) || ! $qv['withcomments'] ) )
                        $this->is_comment_feed = false;
 
                if ( $this->is_posts_page && ( ! isset($qv['withcomments']) || ! $qv['withcomments'] ) )
                        $this->is_comment_feed = false;


@@ -2385,13 +2389,15 @@ class WP_Query {
                        $read_private_cap = 'read_private_' . $post_type_cap . 's';
                }
 
                        $read_private_cap = 'read_private_' . $post_type_cap . 's';
                }
 

-               if ( isset($q['post_status']) && '' != $q['post_status'] ) {
+               if ( ! empty( $q['post_status'] ) ) {

                        $statuswheres = array();
                        $statuswheres = array();

-                       $q_status = explode(',', $q['post_status']);
+                       $q_status = $q['post_status'];
+                       if ( ! is_array( $q_status ) )
+                               $q_status = explode(',', $q_status);

                        $r_status = array();
                        $p_status = array();
                        $e_status = array();
                        $r_status = array();
                        $p_status = array();
                        $e_status = array();

-                       if ( $q['post_status'] == 'any' ) {
+                       if ( in_array('any', $q_status) ) {

                                foreach ( get_post_stati( array('exclude_from_search' => true) ) as $status )
                                        $e_status[] = "$wpdb->posts.post_status <> '$status'";
                        } else {
                                foreach ( get_post_stati( array('exclude_from_search' => true) ) as $status )
                                        $e_status[] = "$wpdb->posts.post_status <> '$status'";
                        } else {

diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php
index 87c4393ca98516383a300f1c716735b6704c8378..ecb353949ea1a07b671d104c67aa40f8523ff594 100644 (file)
--- a/wp-includes/script-loader.php
+++ b/wp-includes/script-loader.php
@@ -259,7 +259,7 @@ function wp_default_scripts( &$scripts ) {
                'l10n_print_after' => 'try{convertEntities(pwsL10n);}catch(e){};'
        ) );
 
                'l10n_print_after' => 'try{convertEntities(pwsL10n);}catch(e){};'
        ) );
 

-       $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter' ), '20110113' );
+       $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter' ), '20110628' );

        $scripts->add_data( 'user-profile', 'group', 1 );
 
        $scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", false, '20110131' );
        $scripts->add_data( 'user-profile', 'group', 1 );
 
        $scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", false, '20110131' );

diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php
index d9ae2d5a8b40603db843ceee24db3c5c64960400..9e9d24aeea6065ef76268702321bc9f8d7caad23 100644 (file)
--- a/wp-includes/taxonomy.php
+++ b/wp-includes/taxonomy.php
@@ -1194,6 +1194,8 @@ function &get_terms($taxonomies, $args = '') {
                $orderby = '';
        elseif ( empty($_orderby) || 'id' == $_orderby )
                $orderby = 't.term_id';
                $orderby = '';
        elseif ( empty($_orderby) || 'id' == $_orderby )
                $orderby = 't.term_id';

+       else
+               $orderby = 't.name';

 
        $orderby = apply_filters( 'get_terms_orderby', $orderby, $args );
 
 
        $orderby = apply_filters( 'get_terms_orderby', $orderby, $args );
 


@@ -1202,6 +1204,10 @@ function &get_terms($taxonomies, $args = '') {
        else
                $order = '';
 
        else
                $order = '';
 

+       $order = strtoupper( $order );
+       if ( '' !== $order && !in_array( $order, array( 'ASC', 'DESC' ) ) )
+               $order = 'ASC';
+

        $where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";
        $inclusions = '';
        if ( !empty($include) ) {
        $where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";
        $inclusions = '';
        if ( !empty($include) ) {

diff --git a/wp-includes/version.php b/wp-includes/version.php
index aefcfeb210c88815f4cfa904f0e7deeb65ee4310..c0e30f1a64358fda7a658d31c85b8894dd1d5e2e 100644 (file)
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -22,7 +22,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  *
  * @global string $wp_version
  */
  *
  * @global string $wp_version
  */

-$wp_version = '3.1.3';
+$wp_version = '3.1.4';

 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php
index d9e70865819f165f888c23bb7ccc2dd42f705ffd..a90c2814d01ba7ed0e97df0c1e5a7fc540bd979f 100644 (file)
--- a/wp-includes/wp-db.php
+++ b/wp-includes/wp-db.php
@@ -644,6 +644,7 @@ class wpdb {
                if ( is_multisite() ) {
                        if ( null === $blog_id )
                                $blog_id = $this->blogid;
                if ( is_multisite() ) {
                        if ( null === $blog_id )
                                $blog_id = $this->blogid;

+                       $blog_id = (int) $blog_id;

                        if ( defined( 'MULTISITE' ) && ( 0 == $blog_id || 1 == $blog_id ) )
                                return $this->base_prefix;
                        else
                        if ( defined( 'MULTISITE' ) && ( 0 == $blog_id || 1 == $blog_id ) )
                                return $this->base_prefix;
                        else

diff --git a/wp-settings.php b/wp-settings.php
index 2cd12c1c122001b7db11c4b2c0425566c5013337..77fc4614c173ffbd096188ccd8a5af0f1d1d7d7e 100644 (file)
--- a/wp-settings.php
+++ b/wp-settings.php
@@ -258,7 +258,7 @@ load_default_textdomain();
 // Find the blog locale.
 $locale = get_locale();
 $locale_file = WP_LANG_DIR . "/$locale.php";
 // Find the blog locale.
 $locale = get_locale();
 $locale_file = WP_LANG_DIR . "/$locale.php";

-if ( is_readable( $locale_file ) )
+if ( ( 0 === validate_file( $locale ) ) && is_readable( $locale_file ) )

        require( $locale_file );
 unset($locale_file);
 
        require( $locale_file );
 unset($locale_file);