else
$update = false;
- $cat_name = wp_specialchars($cat_name);
-
+ $cat_name = apply_filters('pre_category_name', $cat_name);
+
if (empty ($category_nicename))
$category_nicename = sanitize_title($cat_name);
else
$category_nicename = sanitize_title($category_nicename);
+ $category_nicename = apply_filters('pre_category_nicename', $category_nicename);
if (empty ($category_description))
$category_description = '';
+ $category_description = apply_filters('pre_category_description', $category_description);
+ $category_parent = (int) $category_parent;
if (empty ($category_parent))
$category_parent = 0;
$cat_ID = (int) $cat_ID;
// Don't delete the default cat.
- if (1 == $cat_ID)
+ if ($cat_ID == get_option('default_category'))
return 0;
$category = get_category($cat_ID);
$wpdb->query("UPDATE $wpdb->categories SET category_parent = '$parent' WHERE category_parent = '$cat_ID'");
// TODO: Only set categories to general if they're not in another category already
- $wpdb->query("UPDATE $wpdb->post2cat SET category_id='1' WHERE category_id='$cat_ID'");
+ $default_cat = get_option('default_category');
+ $wpdb->query("UPDATE $wpdb->post2cat SET category_id='$default_cat' WHERE category_id='$cat_ID'");
wp_cache_delete($cat_ID, 'category');
wp_cache_delete('all_category_ids', 'category');
if (isset ($_POST['pass2']))
$pass2 = $_POST['pass2'];
- if (isset ($_POST['role'])) {
+ if (isset ($_POST['role']) && current_user_can('edit_users')) {
if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
$user->role = $_POST['role'];
}
function return_categories_list($parent = 0) {
global $wpdb;
- return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC LIMIT 100");
+ return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC");
}
function sort_cats($cat1, $cat2) {
if ( current_user_can('manage_categories') ) {
$edit = "<a href='categories.php?action=edit&cat_ID=$category->cat_ID' class='edit'>".__('Edit')."</a></td>";
$default_cat_id = get_option('default_category');
-
+
if ($category->cat_ID != $default_cat_id)
- $edit .= "<td><a href='categories.php?action=delete&cat_ID=$category->cat_ID' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '".sprintf(__("You are about to delete the category "%s". All of its posts will go to the default category.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."</a>";
+ $edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s". All of its posts will go to the default category.\\n"OK" to delete, "Cancel" to stop."), js_escape($category->cat_name))."' );\" class='delete'>".__('Delete')."</a>";
else
$edit .= "<td style='text-align:center'>".__("Default");
}
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
- <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
+ <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
</tr>
<?php
global $pagenow;
global $menu;
global $submenu;
+ global $plugin_page;
$parent = get_admin_page_parent();
}
if (isset ($submenu[$parent])) {
- foreach ($submenu[$parent] as $submenu_array) {
+ if ( isset($plugin_page) ) {
+ foreach ($submenu[$parent] as $submenu_array) {
+ if ( $submenu_array[2] == $plugin_page ) {
+ if (!current_user_can($submenu_array[1]))
+ return false;
+ }
+ }
+ }
+
+ foreach ($submenu[$parent] as $submenu_array) {
if ($submenu_array[2] == $pagenow) {
- if (!current_user_can($submenu_array[1])) {
+ if (!current_user_can($submenu_array[1]))
return false;
- } else {
+ else
return true;
- }
}
}
}
preg_match("|Author:(.*)|i", $plugin_data, $author_name);
preg_match("|Author URI:(.*)|i", $plugin_data, $author_uri);
if (preg_match("|Version:(.*)|i", $plugin_data, $version))
- $version = $version[1];
+ $version = trim($version[1]);
else
$version = '';
- $description = wptexturize($description[1]);
+ $description = wptexturize(trim($description[1]));
$name = $plugin_name[1];
$name = trim($name);
$plugin = $name;
if ('' != $plugin_uri[1] && '' != $name) {
- $plugin = '<a href="'.$plugin_uri[1].'" title="'.__('Visit plugin homepage').'">'.$plugin.'</a>';
+ $plugin = '<a href="' . trim($plugin_uri[1]) . '" title="'.__('Visit plugin homepage').'">'.$plugin.'</a>';
}
if ('' == $author_uri[1]) {
- $author = $author_name[1];
+ $author = trim($author_name[1]);
} else {
- $author = '<a href="'.$author_uri[1].'" title="'.__('Visit author homepage').'">'.$author_name[1].'</a>';
+ $author = '<a href="' . trim($author_uri[1]) . '" title="'.__('Visit author homepage').'">' . trim($author_name[1]) . '</a>';
}
return array ('Name' => $name, 'Title' => $plugin, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1]);
__("Missing a temporary folder."),
__("Failed to write file to disk."));
- // Accepted MIME types are set here as PCRE. Override with $override['mimes'].
- $mimes = apply_filters('upload_mimes', array (
- 'jpg|jpeg|jpe' => 'image/jpeg',
- 'gif' => 'image/gif',
- 'png' => 'image/png',
- 'bmp' => 'image/bmp',
- 'tif|tiff' => 'image/tiff',
- 'ico' => 'image/x-icon',
- 'asf|asx|wax|wmv|wmx' => 'video/asf',
- 'avi' => 'video/avi',
- 'mov|qt' => 'video/quicktime',
- 'mpeg|mpg|mpe' => 'video/mpeg',
- 'txt|c|cc|h' => 'text/plain',
- 'rtx' => 'text/richtext',
- 'css' => 'text/css',
- 'htm|html' => 'text/html',
- 'mp3|mp4' => 'audio/mpeg',
- 'ra|ram' => 'audio/x-realaudio',
- 'wav' => 'audio/wav',
- 'ogg' => 'audio/ogg',
- 'mid|midi' => 'audio/midi',
- 'wma' => 'audio/wma',
- 'rtf' => 'application/rtf',
- 'js' => 'application/javascript',
- 'pdf' => 'application/pdf',
- 'doc' => 'application/msword',
- 'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
- 'wri' => 'application/vnd.ms-write',
- 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
- 'mdb' => 'application/vnd.ms-access',
- 'mpp' => 'application/vnd.ms-project',
- 'swf' => 'application/x-shockwave-flash',
- 'class' => 'application/java',
- 'tar' => 'application/x-tar',
- 'zip' => 'application/zip',
- 'gz|gzip' => 'application/x-gzip',
- 'exe' => 'application/x-msdownload'
- ));
-
// All tests are on by default. Most can be turned off by $override[{test_name}] = false;
$test_form = true;
$test_size = true;
if (! @ is_uploaded_file($file['tmp_name']) )
return $upload_error_handler($file, __('Specified file failed upload test.'));
- // A correct MIME type will pass this test.
+ // A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter.
if ( $test_type ) {
- $type = false;
- $ext = false;
- foreach ($mimes as $ext_preg => $mime_match) {
- $ext_preg = '![^.]\.(' . $ext_preg . ')$!i';
- if ( preg_match($ext_preg, $file['name'], $ext_matches) ) {
- $type = $mime_match;
- $ext = $ext_matches[1];
- }
- }
+ $wp_filetype = wp_check_filetype($file['name'], $mimes);
+
+ extract($wp_filetype);
if ( !$type || !$ext )
return $upload_error_handler($file, __('File type does not meet security guidelines. Try another.'));
else
$filename = str_replace("$number$ext", ++$number . $ext, $filename);
}
+ $filename = str_replace($ext, '', $filename);
+ $filename = sanitize_title_with_dashes($filename) . $ext;
}
// Move the file to the uploads dir
o.submit();
}
</script>
-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo $action ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo $action ?>">
<label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" />
<input type="hidden" name="action" value="save" />
<div id="buttons">
update_category_cache();
-get_currentuserinfo();
+wp_get_current_user();
$posts_per_page = get_settings('posts_per_page');
$what_to_show = get_settings('what_to_show');
$xfn_js = $sack_js = $list_js = $cat_js = $dbx_js = $editing = false;
-require(ABSPATH . '/wp-admin/menu.php');
-
-// Handle plugin admin pages.
if (isset($_GET['page'])) {
$plugin_page = stripslashes($_GET['page']);
$plugin_page = plugin_basename($plugin_page);
+}
+
+require(ABSPATH . '/wp-admin/menu.php');
+
+// Handle plugin admin pages.
+if (isset($plugin_page)) {
$page_hook = get_plugin_page_hook($plugin_page, $pagenow);
if ( $page_hook ) {
$importer = $_GET['import'];
+ if ( ! current_user_can('import') )
+ wp_die(__('You are not allowed to import.'));
+
if ( validate_file($importer) ) {
die(__('Invalid importer.'));
}
var split_cats = new Array(1);
var catString = '';
- catString = 'ajaxnewcat=' + encodeURIComponent(newcat.value);
+ catString = ajaxCat.encVar('ajaxnewcat', newcat.value) + '&' + ajaxCat.encVar('cookie', document.cookie);
ajaxCat.requestFile = 'edit-form-ajax-cat.php';
- ajaxCat.method = 'GET';
+ ajaxCat.method = 'POST';
ajaxCat.onLoading = newCatLoading;
ajaxCat.onLoaded = newCatLoaded;
ajaxCat.onInteractive = newCatInteractive;
if ( currentElement != "" )
fixedExplode[count] = currentElement;
return fixedExplode;
-}
\ No newline at end of file
+}
case 'addcat':
+ check_admin_referer('add-category');
+
if ( !current_user_can('manage_categories') )
die (__('Cheatin’ uh?'));
wp_insert_category($_POST);
- header('Location: categories.php?message=1#addcat');
+ wp_redirect('categories.php?message=1#addcat');
break;
case 'delete':
-
- check_admin_referer();
+ $cat_ID = (int) $_GET['cat_ID'];
+ check_admin_referer('delete-category_' . $cat_ID);
if ( !current_user_can('manage_categories') )
die (__('Cheatin’ uh?'));
- $cat_ID = (int) $_GET['cat_ID'];
$cat_name = get_catname($cat_ID);
- if ( 1 == $cat_ID )
+ // Don't delete the default cats.
+ if ( $cat_ID == get_option('default_category') )
die(sprintf(__("Can't delete the <strong>%s</strong> category: this is the default one"), $cat_name));
wp_delete_category($cat_ID);
- header('Location: categories.php?message=2');
+ wp_redirect('categories.php?message=2');
break;
<div class="wrap">
<h2><?php _e('Edit Category') ?></h2>
<form name="editcat" action="categories.php" method="post">
+ <?php wp_nonce_field('update-category_' . $category->cat_ID); ?>
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
<tr>
<th width="33%" scope="row"><?php _e('Category name:') ?></th>
break;
case 'editedcat':
+ $cat_ID = (int) $_POST['cat_ID'];
+ check_admin_referer('update-category_' . $cat_ID);
+
if ( !current_user_can('manage_categories') )
die (__('Cheatin’ uh?'));
wp_update_category($_POST);
- header('Location: categories.php?message=3');
+ wp_redirect('categories.php?message=3');
break;
default:
<div class="wrap">
<h2><?php _e('Add New Category') ?></h2>
<form name="addcat" id="addcat" action="categories.php" method="post">
-
+ <?php wp_nonce_field('add-category'); ?>
<p><?php _e('Name:') ?><br />
<input type="text" name="cat_name" value="" /></p>
<p><?php _e('Category parent:') ?><br />
<p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
<?php
if ( !empty( $_POST['delete_comments'] ) ) :
+ check_admin_referer('bulk-comments');
+
$i = 0;
foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
$comment = (int) $comment;
<p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
echo " | <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
- echo " | <a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars( $comment->comment_author, 1 )) . "' );\">" . __('Delete Comment') . "</a> — ";
+ echo ' | <a href="' . wp_nonce_url('post.php?action=deletecomment&p=' . $comment->comment_post_ID . '&comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "' );\">" . __('Delete Comment') . '</a> ';
} // end if any comments to show
// Get post title
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
$post_title = $wpdb->get_var("SELECT post_title FROM $wpdb->posts WHERE ID = $comment->comment_post_ID");
$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
- ?> <a href="post.php?action=edit&post=<?php echo $comment->comment_post_ID; ?>"><?php printf(__('Edit Post “%s”'), stripslashes($post_title)); ?></a>
+ ?>
| <a href="post.php?action=edit&post=<?php echo $comment->comment_post_ID; ?>"><?php printf(__('Edit Post “%s”'), stripslashes($post_title)); ?></a>
<?php } ?>
| <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a></p>
</li>
} elseif ('edit' == $mode) {
if ($comments) {
- echo '<form name="deletecomments" id="deletecomments" action="" method="post">
- <table width="100%" cellpadding="3" cellspacing="3">
+ echo '<form name="deletecomments" id="deletecomments" action="" method="post"> ';
+ wp_nonce_field('bulk-comments');
+ echo '<table width="100%" cellpadding="3" cellspacing="3">
<tr>
<th scope="col">*</th>
<th scope="col">' . __('Name') . '</th>
<td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
echo "<a href='post.php?action=editcomment&comment=$comment->comment_ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
<td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
- echo "<a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), $comment->comment_author) . "')\" class='delete'>" . __('Delete') . "</a>"; } ?></td>
+ echo "<a href=\"" . wp_nonce_url("post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return confirm('" . __("You are about to delete this comment.\\n \'Cancel\' to stop, \'OK\' to delete.") . "')\" class='delete'>" . __('Delete') . "</a>"; } ?></td>
</tr>
<?php
} // end foreach
?></table>
<p><a href="javascript:;" onclick="checkAll(document.getElementById('deletecomments')); return false; "><?php _e('Invert Checkbox Selection') ?></a></p>
- <p class="submit"><input type="submit" name="Submit" value="<?php _e('Delete Checked Comments') ?> »" onclick="return confirm('<?php _e("You are about to delete these comments permanently \\n \'Cancel\' to stop, \'OK\' to delete.") ?>')" /> </p>
+ <p class="submit"><input type="submit" name="Submit" value="<?php _e('Delete Checked Comments') ?> »" onclick="return confirm('<?php _e("You are about to delete these comments permanently.\\n \'Cancel\' to stop, \'OK\' to delete.") ?>')" /> </p>
</form>
<?php
} else {
$form_action = 'post';
$temp_ID = -1 * time();
$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
+ wp_nonce_field('add-post');
} else {
$form_action = 'editpost';
$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
+ wp_nonce_field('update-post_' . $post_ID);
}
$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
</fieldset>
<script type="text/javascript">
-<!--
+// <![CDATA[
edCanvas = document.getElementById('content');
<?php if ( user_can_richedit() ) : ?>
// This code is meant to allow tabbing from Title to Post (TinyMCE).
}
}
<?php endif; ?>
-//-->
+// ]]>
</script>
<?php echo $form_pingback ?>
<input name="referredby" type="hidden" id="referredby" value="<?php
if ( !empty($_REQUEST['popupurl']) )
echo wp_specialchars($_REQUEST['popupurl']);
-else if ( url_to_postid($_SERVER['HTTP_REFERER']) == $post_ID )
+else if ( url_to_postid(wp_get_referer()) == $post_ID )
echo 'redo';
else
- echo wp_specialchars($_SERVER['HTTP_REFERER']);
+ echo wp_specialchars(wp_get_referer());
?>" /></p>
<?php do_action('edit_form_advanced'); ?>
<?php
if (current_user_can('upload_files')) {
$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
- $uploading_iframe_src = "inline-uploading.php?action=view&post=$uploading_iframe_ID";
+ $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading');
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
if ( false != $uploading_iframe_src )
echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
<div id="advancedstuff" class="dbx-group" >
+<div class="dbx-box-wrapper">
<fieldset id="postexcerpt" class="dbx-box">
+<div class="dbx-handle-wrapper">
<h3 class="dbx-handle"><?php _e('Optional Excerpt') ?></h3>
+</div>
+<div class="dbx-content-wrapper">
<div class="dbx-content"><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea></div>
+</div>
</fieldset>
+</div>
+<div class="dbx-box-wrapper">
<fieldset class="dbx-box">
+<div class="dbx-handle-wrapper">
<h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3>
+</div>
+<div class="dbx-content-wrapper">
<div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>)
<?php
if ( ! empty($pings) )
echo $pings;
?>
</div>
+</div>
</fieldset>
+</div>
+<div class="dbx-box-wrapper">
<fieldset id="postcustom" class="dbx-box">
+<div class="dbx-handle-wrapper">
<h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
+</div>
+<div class="dbx-content-wrapper">
<div id="postcustomstuff" class="dbx-content">
<?php
if($metadata = has_meta($post_ID)) {
?>
</div>
</fieldset>
+</div>
<?php do_action('dbx_post_advanced'); ?>
</div>
-<?php if ('edit' == $action) : ?>
-<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "')\""; ?> />
+<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
+<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
<?php endif; ?>
</div>
require_once('admin-functions.php');
require_once('admin-db.php');
-get_currentuserinfo();
-
if ( !current_user_can('manage_categories') )
die('-1');
+if ( !check_ajax_referer() )
+ die('-1');
function get_out_now() { exit; }
add_action('shutdown', 'get_out_now', -1);
-$names = explode(',', rawurldecode($_GET['ajaxnewcat']) );
+$names = explode(',', rawurldecode($_POST['ajaxnewcat']) );
$ids = array();
foreach ($names as $cat_name) {
die( (string) $return );
-?>
\ No newline at end of file
+?>
?>
<form name="post" action="post.php" method="post" id="post">
+<?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
<div class="wrap">
<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
</script>
<p class="submit"><input type="submit" name="editcomment" id="editcomment" value="<?php echo $submitbutton_text ?>" style="font-weight: bold;" tabindex="6" />
- <input name="referredby" type="hidden" id="referredby" value="<?php echo $_SERVER['HTTP_REFERER']; ?>" />
+ <input name="referredby" type="hidden" id="referredby" value="<?php echo wp_get_referer(); ?>" />
</p>
</div>
<?php if ('bookmarklet' != $mode) {
echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' . __('Advanced Editing »') . '" />';
} ?>
- <input name="referredby" type="hidden" id="referredby" value="<?php if (isset($_SERVER['HTTP_REFERER'])) echo urlencode($_SERVER['HTTP_REFERER']); ?>" />
+ <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />
</p>
<?php do_action('simple_edit_form', ''); ?>
$heading = __('Edit a link:');
$submit_text = __('Save Changes »');
$form = '<form action="" method="post" name="editlink" id="editlink">';
+ $nonce_action = 'update-bookmark_' . $link_id;
} else {
$editing = false;
$heading = __('<strong>Add</strong> a link:');
$submit_text = __('Add Link »');
$form = '<form name="addlink" method="post" action="link-manager.php">';
+ $nonce_action = 'add-bookmark';
}
function xfn_check($class, $value = '', $type = 'check') {
<div class="wrap">
<?php echo $form ?>
+ <?php wp_nonce_field($nonce_action); ?>
<h2><?php echo $heading ?></h2>
<fieldset class="options">
<legend><?php _e('Basics') ?></legend>
<input class="valinp" type="radio" name="friendship" value="contact" id="contact" <?php xfn_check('friendship', 'contact', 'radio'); ?> /> <?php _e('contact') ?></label>
<label for="acquaintance">
<input class="valinp" type="radio" name="friendship" value="acquaintance" id="acquaintance" <?php xfn_check('friendship', 'acquaintance', 'radio'); ?> /> <?php _e('acquaintance') ?></label>
- <label id="friend">
+ <label for="friend">
<input class="valinp" type="radio" name="friendship" value="friend" id="friend" <?php xfn_check('friendship', 'friend', 'radio'); ?> /> <?php _e('friend') ?></label>
<label for="friendship">
<input name="friendship" type="radio" class="valinp" value="" id="friendship" <?php xfn_check('friendship', '', 'radio'); ?> /> <?php _e('none') ?></label>
<?php
if (0 == $post_ID) {
$form_action = 'post';
+ $nonce_action = 'add-post';
$temp_ID = -1 * time();
$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
} else {
$form_action = 'editpost';
- $form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
+ $nonce_action = 'update-post_' . $post_ID;
+ $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
}
-$sendto = $_SERVER['HTTP_REFERER'];
+$sendto = wp_get_referer();
if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
$sendto = 'redo';
<form name="post" action="post.php" method="post" id="post">
<?php
+wp_nonce_field($nonce_action);
+
if (isset($mode) && 'bookmarklet' == $mode) {
echo '<input type="hidden" name="mode" value="bookmarklet" />';
}
?>
<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
-<input type="hidden" name="action" value='<?php echo $form_action ?>' />
+<input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' />
<?php echo $form_extra ?>
<input type="hidden" name="post_status" value="static" />
<script type="text/javascript">
-<!--
+// <![CDATA[
function focusit() { // focus on first input field
document.post.title.focus();
}
addLoadEvent(focusit);
-//-->
+// ]]>
</script>
<div id="poststuff">
</fieldset>
<?php if ( 0 != count( get_page_templates() ) ) { ?>
-<fieldset id="pageparent" class="dbx-box">
+<fieldset id="pagetemplate" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Page Template:') ?></h3>
<div class="dbx-content"><p><select name="page_template">
<option value='default'><?php _e('Default Template'); ?></option>
<?php
if (current_user_can('upload_files')) {
$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
- $uploading_iframe_src = "inline-uploading.php?action=view&post=$uploading_iframe_ID";
+ $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading');
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
if ( false != $uploading_iframe_src )
echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
meta_form();
?>
</div>
+<div id="ajax-response"></div>
</fieldset>
<?php do_action('dbx_page_advanced'); ?>
</div>
-<?php if ('edit' == $action) : ?>
- <input name="deletepost" class="delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), $wpdb->escape($post->post_title) ) . "')\""; ?> />
+<?php if ('edit' == $action) :
+ $delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); ?>
+ <input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
<?php endif; ?>
</form>
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
- <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&post=$post->ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
+ <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title('','',0))) . "' );\">" . __('Delete') . "</a>"; } ?></td>
</tr>
<?php
endforeach;
case 'control_delete':
?>
- <td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
+ <td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td>
<?php
break;
<?php
if ( current_user_can('edit_post', $post->ID) ) {
echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
- echo " - <a href=\"post.php?action=deletecomment&p=".$post->ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> ";
+ echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "');\">" . __('Delete') . '</a> ';
+
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
if ('approved' == wp_get_comment_status($comment->comment_ID)) {
- echo " - <a href=\"post.php?action=unapprovecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> ";
+ echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> ';
} else {
- echo " - <a href=\"post.php?action=approvecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Approve') . "</a> ";
+ echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '">' . __('Approve') . '</a> ';
}
}
echo "]";
$style = '';
foreach ($importers as $id => $data) {
$style = ('class="alternate"' == $style || 'class="alternate active"' == $style) ? '' : 'alternate';
- $action = "<a href='admin.php?import=$id' title='{$data[1]}'>{$data[0]}</a>";
+ $action = "<a href='admin.php?import=$id' title='".wptexturize(strip_tags($data[1]))."'>{$data[0]}</a>";
if ($style != '')
$style = 'class="'.$style.'"';
// Deletes saved data and redirect.
function restart() {
delete_option('import-blogger');
- header("Location: admin.php?import=blogger");
+ wp_redirect("admin.php?import=blogger");
die();
}
// Redirects to next step
function do_next_step() {
- header("Location: admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
+ wp_redirect("admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
die();
}
);
}
update_option('import-blogger', $this->import);
- header("Location: admin.php?import=blogger&noheader=true&step=1");
+ wp_redirect("admin.php?import=blogger&noheader=true&step=1");
}
die();
}
function db_form()
{
echo '<ul>';
- printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" /></li>', __('Dotclear Database User:'));
- printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" /></li>', __('Dotclear Database Password:'));
- printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" /></li>', __('Dotclear Database Name:'));
- printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" value="localhost" /></li>', __('Dotclear Database Host:'));
+ printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Dotclear Database User:'));
+ printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Dotclear Database Password:'));
+ printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" id="dbname" /></li>', __('Dotclear Database Name:'));
+ printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" id="dbhost" value="localhost" /></li>', __('Dotclear Database Host:'));
/* printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" /></li>', __('Dotclear Table prefix (if any):')); */
- printf('<li><label for="dccharset">%s</label> <input type="text" name="dccharset" value="ISO-8859-15"/></li>', __('Originating character set:'));
+ printf('<li><label for="dccharset">%s</label> <input type="text" id="dccharset" name="dccharset" value="ISO-8859-15"/></li>', __('Originating character set:'));
echo '</ul>';
}
// We want the excerpt
preg_match("|-----\nEXCERPT:(.*)|s", $post, $excerpt);
- $excerpt = $wpdb->escape(trim($excerpt[1]));
+ $post_excerpt = $wpdb->escape(trim($excerpt[1]));
$post = preg_replace("|(-----\nEXCERPT:.*)|s", '', $post);
// We're going to put extended body into main body with a more tag
function db_form()
{
echo '<ul>';
- printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" /></li>', __('Textpattern Database User:'));
- printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" /></li>', __('Textpattern Database Password:'));
- printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" /></li>', __('Textpattern Database Name:'));
- printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" value="localhost" /></li>', __('Textpattern Database Host:'));
- printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" /></li>', __('Textpattern Table prefix (if any):'));
+ printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Textpattern Database User:'));
+ printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Textpattern Database Password:'));
+ printf('<li><label for="dbname">%s</label> <input type="text" id="dbname" name="dbname" /></li>', __('Textpattern Database Name:'));
+ printf('<li><label for="dbhost">%s</label> <input type="text" id="dbhost" name="dbhost" value="localhost" /></li>', __('Textpattern Database Host:'));
+ printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" id="dbprefix" /></li>', __('Textpattern Table prefix (if any):'));
echo '</ul>';
}
<?php if ( $numcomments ) : ?>
<p><strong><a href="moderation.php"><?php echo sprintf(__('Comments in moderation (%s)'), number_format($numcomments) ); ?> »</a></strong></p>
<?php endif; ?>
-</div>
<ul>
<?php
}
?>
</ul>
-
+</div>
<?php endif; ?>
+
<?php
if ( $recentposts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'publish' AND post_date_gmt < '$today' ORDER BY post_date DESC LIMIT 5") ) :
?>
case 'delete':
+check_admin_referer('inlineuploading');
+
if ( !current_user_can('edit_post', (int) $attachment) )
die(__('You are not allowed to delete this attachment.').' <a href="'.basename(__FILE__)."?post=$post&all=$all&action=upload\">".__('Go back').'</a>');
wp_delete_attachment($attachment);
-header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=$start");
+wp_redirect(basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start");
die;
case 'save':
+check_admin_referer('inlineuploading');
+
$overrides = array('action'=>'save');
$file = wp_handle_upload($_FILES['image'], $overrides);
add_post_meta($id, '_wp_attachment_metadata', array());
}
-header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=0");
+wp_redirect(basename(__FILE__) . "?post=$post&all=$all&action=view&start=0");
die();
case 'upload':
$attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_status = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A);
if ( count($attachments) == 0 ) {
- header("Location: ".basename(__FILE__)."?post=$post&action=upload");
+ wp_redirect( basename(__FILE__) ."?post=$post&action=upload" );
die;
} elseif ( count($attachments) > $num ) {
$next = $start + count($attachments) - $num;
</noscript>
";
$send_delete_cancel = "<a onclick=\"sendToEditor({$ID});return false;\" href=\"javascript:void()\">$__send_to_editor</a>
-<a onclick=\"return confirm('$__confirmdelete')\" href=\"".basename(__FILE__)."?action=delete&attachment={$ID}&all=$all&start=$start&post=$post\">$__delete</a>
+<a onclick=\"return confirm('$__confirmdelete')\" href=\"" . wp_nonce_url( basename(__FILE__) . "?action=delete&attachment={$ID}&all=$all&start=$start&post=$post", inlineuploading) . "\">$__delete</a>
<a onclick=\"popup.style.display='none';return false;\" href=\"javascript:void()\">$__close</a>
";
$uwidth_sum += 128;
$xpadding = (128 - $image['uwidth']) / 2;
$ypadding = (96 - $image['uheight']) / 2;
$style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
- $title = htmlentities($image['post_title'], ENT_QUOTES);
+ $title = wp_specialchars($image['post_title'], ENT_QUOTES);
$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
</div>
";
} else {
- $title = htmlentities($attachment['post_title'], ENT_QUOTES);
+ $title = wp_specialchars($attachment['post_title'], ENT_QUOTES);
$filename = basename($attachment['guid']);
$icon = get_attachment_icon($ID);
$toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_settings('blog_charset'); ?>" />
+<title></title>
<meta http-equiv="imagetoolbar" content="no" />
<script type="text/javascript">
+// <![CDATA[
/* Define any variables we'll need, such as alternate URLs. */
<?php echo $script; ?>
function htmldecode(st) {
else
win.edInsertContent(win.edCanvas, h);
}
+// ]]>
</script>
<style type="text/css">
<?php if ( $action == 'links' ) : ?>
</head>
<body>
<ul id="upload-menu">
-<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__); ?>?action=upload&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $start; ?>"><?php _e('Upload'); ?></a></li>
+<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__) . "?action=upload&post=$post&all=$all&start=$start"; ?>"><?php _e('Upload'); ?></a></li>
<?php if ( $attachments = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE post_parent = '$post'") ) { ?>
-<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&post=<?php echo $post; ?>&all=false"><?php _e('Browse'); ?></a></li>
+<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__) . "?action=view&post=$post&all=false"; ?>"><?php _e('Browse'); ?></a></li>
<?php } ?>
<?php if ($wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'attachment'")) { ?>
-<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&post=<?php echo $post; ?>&all=true"><?php _e('Browse All'); ?></a></li>
+<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__) . "?action=view&post=$post&all=true"; ?>"><?php _e('Browse All'); ?></a></li>
<?php } ?>
<li> </li>
<?php if ( $action == 'view' ) { ?>
<?php if ( false !== $back ) : ?>
-<li class="spacer"><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=0" title="<?php _e('First'); ?>">|«</a></li>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $back; ?>"">« <?php _e('Back'); ?></a></li>
+<li class="spacer"><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=0"; ?>" title="<?php _e('First'); ?>">|«</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=$back"; ?>">« <?php _e('Back'); ?></a></li>
<?php else : ?>
<li class="inactive spacer">|«</li>
<li class="inactive">« <?php _e('Back'); ?></li>
<?php endif; ?>
<?php if ( false !== $next ) : ?>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $next; ?>"><?php _e('Next'); ?> »</a></li>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&last=true" title="<?php _e('Last'); ?>">»|</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=$next"; ?>"><?php _e('Next »'); ?></a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&last=true"; ?>" title="<?php _e('Last'); ?>">»|</a></li>
<?php else : ?>
<li class="inactive"><?php _e('Next'); ?> »</li>
<li class="inactive">»|</li>
</div>
<?php elseif ( $action == 'upload' ) : ?>
<div class="tip"></div>
-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo basename(__FILE__); ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo basename(__FILE__); ?>">
<table style="width:99%;">
<tr>
<th scope="row" align="right"><label for="upload"><?php _e('File:'); ?></label></th>
<input type="hidden" name="post" value="<?php echo $post; ?>" />
<input type="hidden" name="all" value="<?php echo $all; ?>" />
<input type="hidden" name="start" value="<?php echo $start; ?>" />
+<?php wp_nonce_field( 'inlineuploading' ); ?>
<div id="submit">
<input type="submit" value="<?php _e('Upload'); ?>" />
<?php if ( !empty($all) ) : ?>
</td>
</tr>
</table>
-</div>
</form>
<?php elseif ( $action == 'links' ) : ?>
<div id="links">
switch ($action) {
case 'addcat':
{
+ check_admin_referer('add-link-category');
+
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
" '$show_rating', '$show_updated', '$sort_order', '$sort_desc', '$text_before_link', '$text_after_link', \n" .
" '$text_after_all', $list_limit)");
- header('Location: link-categories.php');
+ wp_redirect('link-categories.php');
break;
} // end addcat
case 'Delete':
{
- $cat_id = (int) $_GET['cat_id'];
+ $cat_id = (int) $_GET['cat_id'];
+ check_admin_referer('delete-link-category_' . $cat_id);
+
$cat_name=get_linkcatname($cat_id);
if ($cat_id=="1")
$wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$cat_id'");
$wpdb->query("UPDATE $wpdb->links SET link_category=1 WHERE link_category='$cat_id'");
- header('Location: link-categories.php');
+ wp_redirect('link-categories.php');
break;
} // end delete
case 'Edit':
<h2><?php printf(__('Edit “%s” Category'), wp_specialchars($row->cat_name)); ?></h2>
<form name="editcat" method="post">
+ <?php wp_nonce_field('update-link-category_' . $row->cat_id) ?>
<input type="hidden" name="action" value="editedcat" />
<input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" />
<fieldset class="options">
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
<tr>
<th width="33%" scope="row"><?php _e('Before Link:') ?></th>
- <td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link)?>" /></td>
+ <td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link,'double')?>" /></td>
</tr>
<tr>
<th scope="row"><?php _e('Between Link and Description:') ?></th>
-<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link)?>" /></td>
+<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link,'double')?>" /></td>
</tr>
<tr>
<th scope="row"><?php _e('After Link:') ?></th>
-<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all)?>"/></td>
+<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all,'double')?>"/></td>
</tr>
</table>
</fieldset>
} // end Edit
case "editedcat":
{
+ $cat_id = (int)$_POST["cat_id"];
+ check_admin_referer('update-link-category_' . $cat_id);
+
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
$submit=$_POST["submit"];
if (isset($submit)) {
- $cat_id = (int)$_POST["cat_id"];
-
$cat_name= wp_specialchars($_POST["cat_name"]);
$auto_toggle = $_POST["auto_toggle"];
if ($auto_toggle != 'Y') {
} // end if save
- header("Location: link-categories.php");
+ wp_redirect("link-categories.php");
break;
} // end editcat
default:
<td><?php echo $row->show_updated == 'Y' ? __('Yes') : __('No') ?></td>
<td><?php echo $row->sort_order ?></td>
<td><?php echo $row->sort_desc == 'Y' ? __('Yes') : __('No') ?></td>
- <td nowrap="nowrap"><?php echo htmlentities($row->text_before_link)?> </td>
- <td nowrap="nowrap"><?php echo htmlentities($row->text_after_link)?> </td>
- <td nowrap="nowrap"><?php echo htmlentities($row->text_after_all)?></td>
+ <td nowrap="nowrap"><?php echo wp_specialchars($row->text_before_link)?> </td>
+ <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_link)?> </td>
+ <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_all)?></td>
<td><?php echo $row->list_limit ?></td>
<td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Edit" class="edit"><?php _e('Edit') ?></a></td>
- <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Delete" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
+ <td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
</tr>
<?php
++$i;
</div>
<div class="wrap">
- <form name="addcat" method="post">
+ <form name="addcat" method="post" action="">
+ <?php wp_nonce_field('add-link-category'); ?>
<input type="hidden" name="action" value="addcat" />
<h2><?php _e('Add a Link Category:') ?></h2>
<fieldset class="options">
<div class="wrap">
<h2><?php _e('Import your blogroll from another system') ?> </h2>
<form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
+<?php wp_nonce_field('import-bookmarks') ?>
<p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?>
<div style="width: 70%; margin: auto; height: 8em;">
} // end case 0
case 1: {
+ check_admin_referer('import-bookmarks');
+
include_once('admin-header.php');
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
switch ($action) {
case 'assign':
{
- check_admin_referer();
+ check_admin_referer('bulk-bookmarks');
// check the current user's level first.
if ( !current_user_can('manage_links') )
//userlevel of the owner of the link then we can proceed.
if (count($linkcheck) == 0) {
- header('Location: ' . $this_file);
+ wp_redirect($this_file);
exit;
}
$all_links = join(',', $linkcheck);
$all_links = join(',', $ids_to_change);
$q = $wpdb->query("update $wpdb->links SET link_owner='$newowner' WHERE link_id IN ($all_links)");
- header('Location: ' . $this_file);
+ wp_redirect($this_file);
break;
}
case 'visibility':
{
- check_admin_referer();
+ check_admin_referer('bulk-bookmarks');
// check the current user's level first.
if ( !current_user_can('manage_links') )
//for each link id (in $linkcheck[]): toggle the visibility
if (count($linkcheck) == 0) {
- header('Location: ' . $this_file);
+ wp_redirect($this_file);
exit;
}
$all_links = join(',', $linkcheck);
$q = $wpdb->query("update $wpdb->links SET link_visible='Y' WHERE link_id IN ($all_linkson)");
}
- header('Location: ' . $this_file);
+ wp_redirect($this_file);
break;
}
case 'move':
{
- check_admin_referer();
+ check_admin_referer('bulk-bookmarks');
// check the current user's level first.
if ( !current_user_can('manage_links') )
//for each link id (in $linkcheck[]) change category to selected value
if (count($linkcheck) == 0) {
- header('Location: ' . $this_file);
+ wp_redirect($this_file);
exit;
}
$all_links = join(',', $linkcheck);
// should now have an array of links we can change
$q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)");
- header('Location: ' . $this_file);
+ wp_redirect($this_file);
break;
}
case 'Add':
{
- check_admin_referer();
+ check_admin_referer('add-bookmark');
add_link();
- header('Location: ' . $_SERVER['HTTP_REFERER'] . '?added=true');
+ wp_redirect(wp_get_referer() . '?added=true');
break;
} // end Add
case 'editlink':
{
-
- check_admin_referer();
+ $link_id = (int) $_POST['link_id'];
+ check_admin_referer('update-bookmark_' . $link_id);
if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
$cat_id = $links_show_cat_id;
}
$links_show_cat_id = $cat_id;
- $link_id = (int) $_POST['link_id'];
edit_link($link_id);
setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
break;
} // end Save
- case 'Delete':
+ case 'delete':
{
- check_admin_referer();
+ $link_id = (int) $_GET['link_id'];
+ check_admin_referer('delete-bookmark_' . $link_id);
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
- $link_id = (int) $_GET['link_id'];
-
wp_delete_link($link_id);
if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
<form name="links" id="links" method="post" action="">
<div class="wrap">
+ <?php wp_nonce_field('bulk-bookmarks') ?>
<input type="hidden" name="link_id" value="" />
<input type="hidden" name="action" value="" />
<input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
if ($show_buttons) {
echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=linkedit" class="edit">' . __('Edit') . '</a></td>';
- echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=Delete"' . " onclick=\"return deleteSomething( 'link', $link->link_id , '" . sprintf(__("You are about to delete the "%s" link to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name,1), wp_specialchars($link->link_url)) . '\' );" class="delete">' . __('Delete') . '</a></td>';
+ echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), js_escape($link->link_name), js_escape($link->link_url)).'\' );">'.__('Delete').'</a></td>';
echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>';
} else {
echo "<td> </td><td> </td><td> </td>\n";
}
+
echo "\n </tr>\n";
}
}
ajaxDel.onLoaded = function() { ajaxDel.myResponseElement.innerHTML = 'Data Sent...'; };
ajaxDel.onInteractive = function() { ajaxDel.myResponseElement.innerHTML = 'Processing Data...'; };
ajaxDel.onCompletion = function() { removeThisItem( what + '-' + id ); };
- ajaxDel.runAJAX('action=delete-' + what + '&id=' + id);
+ ajaxDel.runAJAX('action=delete-' + what + '&id=' + id + '&' + ajaxDel.encVar('cookie', document.cookie));
return false;
}
function removeThisItem(id) {
var response = ajaxDel.response;
- if ( isNaN(response) ) { alert(response); }
+ if ( isNaN(response) ) { ajaxDel.myResponseElement.innerHTML = response; return false; }
response = parseInt(response, 10);
if ( -1 == response ) { ajaxDel.myResponseElement.innerHTML = "You don't have permission to do that."; }
else if ( 0 == response ) { ajaxDel.myResponseElement.interHTML = "Something odd happened. Try refreshing the page? Either that or what you tried to delete never existed in the first place."; }
require_once('../wp-config.php');
require_once('admin-functions.php');
require_once('admin-db.php');
+header("Content-type: text/plain", true);
-get_currentuserinfo();
if ( !is_user_logged_in() )
die('-1');
+if ( !check_ajax_referer() )
+ die('-1');
function grab_results() {
global $ajax_results;
function get_out_now() { exit; }
add_action('shutdown', 'get_out_now', -1);
-// check_admin_referer();
-
switch ( $_POST['action'] ) :
case 'delete-link' :
$id = (int) $_POST['id'];
case 'update':
+ check_admin_referer('moderate-comments');
+
if ( ! current_user_can('moderate_comments') )
die('<p>'.__('Your level is not high enough to moderate comments.').'</p>');
}
$file = basename(__FILE__);
- header("Location: $file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved&spam=$item_spam");
+ wp_redirect("$file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved&spam=$item_spam");
exit();
break;
?>
<h2><?php _e('Moderation Queue') ?></h2>
<form name="approval" action="moderation.php" method="post">
+ <?php wp_nonce_field('moderate-comments') ?>
<input type="hidden" name="action" value="update" />
<ol id="the-list" class="commentlist">
<?php
echo '<a href="post.php?action=editcomment&comment='.$comment->comment_ID.'">' . __('Edit') . '</a> | ';?>
<a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a> |
<?php
-echo " <a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($comment->comment_author, 1)) . "' );\">" . __('Delete just this comment') . "</a> | "; ?> <?php _e('Bulk action:') ?>
- <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
- <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
- <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>
- <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-nothing" value="later" checked="checked" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-nothing"><?php _e('Defer until later') ?></label>
+echo " <a href=\"" . wp_nonce_url("post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "' );\">" . __('Delete just this comment') . "</a> | "; ?> <?php _e('Bulk action:') ?>
+ <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
+ <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
+ <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>
+ <input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-nothing"><?php _e('Defer until later') ?></label>
</p>
</li>
<div class="wrap">
<h2><?php _e('Discussion Options') ?></h2>
<form method="post" action="options.php">
+<?php wp_nonce_field('update-options') ?>
<fieldset class="options">
<legend><?php _e('Usual settings for an article:<br /><small><em>(These settings may be overridden for individual articles.)</em></small>') ?></legend>
<ul>
<div class="wrap">
<h2><?php _e('General Options') ?></h2>
<form method="post" action="options.php">
+<?php wp_nonce_field('update-options') ?>
<table class="optiontable">
<tr valign="top">
<th scope="row"><?php _e('Weblog title:') ?></th>
<div class="wrap">
<h2><?php _e('Miscellaneous Options') ?></h2>
<form method="post" action="options.php">
-
+<?php wp_nonce_field('update-options') ?>
<fieldset class="options">
<legend><?php _e('Uploading'); ?></legend>
<table class="editform optiontable">
$home_path = get_home_path();
-if ( isset($_POST) ) {
+if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) {
+ check_admin_referer('update-permalink');
+
if ( isset($_POST['permalink_structure']) ) {
$permalink_structure = $_POST['permalink_structure'];
if (! empty($permalink_structure) )
);
?>
<form name="form" action="options-permalink.php" method="post">
+<?php wp_nonce_field('update-permalink') ?>
<h3><?php _e('Common options:'); ?></h3>
<p>
<label>
<?php if ( $permalink_structure && !$usingpi && !$writable ) : ?>
<p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Make_a_Directory_Writable">writable</a>, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
<form action="options-permalink.php" method="post">
+<?php wp_nonce_field('update-permalink') ?>
<p>
<textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?>
</textarea>
<div class="wrap">
<h2><?php _e('Reading Options') ?></h2>
-<form name="form1" method="post" action="options.php">
+<form name="form1" method="post" action="options.php">
+<?php wp_nonce_field('update-options') ?>
+
<fieldset class="options">
<legend><?php _e('Blog Pages') ?></legend>
<table width="100%" cellspacing="2" cellpadding="5" class="editform">
<div class="wrap">
<h2><?php _e('Writing Options') ?></h2>
<form method="post" action="options.php">
+<?php wp_nonce_field('update-options') ?>
<table width="100%" cellspacing="2" cellpadding="5" class="editform">
<tr valign="top">
<th width="33%" scope="row"> <?php _e('Size of the post box:') ?></th>
case 'update':
$any_changed = 0;
- check_admin_referer();
+ check_admin_referer('update-options');
if (!$_POST['page_options']) {
foreach ($_POST as $key => $value) {
if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) {
// If home changed, write rewrite rules to new location.
$wp_rewrite->flush_rules();
- // Get currently logged in user and password.
- get_currentuserinfo();
// Clear cookies for old paths.
wp_clearcookie();
// Set cookies for new paths.
//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
}
- $referred = remove_query_arg('updated' , $_SERVER['HTTP_REFERER']);
- $goback = add_query_arg('updated', 'true', $_SERVER['HTTP_REFERER']);
+ $referred = remove_query_arg('updated' , wp_get_referer());
+ $goback = add_query_arg('updated', 'true', wp_get_referer());
$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
wp_redirect($goback);
break;
<div class="wrap">
<h2><?php _e('All options'); ?></h2>
<form name="form" action="options.php" method="post">
+ <?php wp_nonce_field('update-options') ?>
<input type="hidden" name="action" value="update" />
<table width="98%">
<?php
<?php
if ( current_user_can('edit_pages') ) {
$action = 'post';
- get_currentuserinfo();
-
$post = get_default_post_to_edit();
$post->post_status = 'static';
case 'update':
+ check_admin_referer('edit-plugin_' . $file);
+
if ( !current_user_can('edit_plugins') )
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
$f = fopen($real_file, 'w+');
fwrite($f, $newcontent);
fclose($f);
- header("Location: plugin-editor.php?file=$file&a=te");
+ wp_redirect("plugin-editor.php?file=$file&a=te");
} else {
- header("Location: plugin-editor.php?file=$file");
+ wp_redirect("plugin-editor.php?file=$file");
}
exit();
</div>
<?php if (!$error) { ?>
<form name="template" id="template" action="plugin-editor.php" method="post">
+ <?php wp_nonce_field('edit-plugin_' . $file) ?>
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo $file ?>" />
require_once('admin.php');
if ( isset($_GET['action']) ) {
- check_admin_referer();
-
if ('activate' == $_GET['action']) {
+ check_admin_referer('activate-plugin_' . $_GET['plugin']);
$current = get_settings('active_plugins');
if (!in_array($_GET['plugin'], $current)) {
$current[] = trim( $_GET['plugin'] );
include(ABSPATH . 'wp-content/plugins/' . trim( $_GET['plugin'] ));
do_action('activate_' . trim( $_GET['plugin'] ));
}
- header('Location: plugins.php?activate=true');
+ wp_redirect('plugins.php?activate=true');
} else if ('deactivate' == $_GET['action']) {
+ check_admin_referer('deactivate-plugin_' . $_GET['plugin']);
$current = get_settings('active_plugins');
array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
update_option('active_plugins', $current);
do_action('deactivate_' . trim( $_GET['plugin'] ));
- header('Location: plugins.php?deactivate=true');
+ wp_redirect('plugins.php?deactivate=true');
}
exit;
}
$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';
if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
- $action = "<a href='plugins.php?action=deactivate&plugin=$plugin_file' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
+ $action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin_' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
$plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
$style .= $style == 'alternate' ? ' active' : 'active';
} else {
- $action = "<a href='plugins.php?action=activate&plugin=$plugin_file' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
+ $action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
}
$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
if ($style != '') $style = 'class="' . $style . '"';
switch($action) {
case 'post':
- check_admin_referer();
+ check_admin_referer('add-post');
$post_ID = write_post();
if ( isset($_POST['save']) )
$location = "post.php?action=edit&post=$post_ID";
- header("Location: $location");
+ wp_redirect($location);
exit();
break;
break;
case 'editattachment':
- check_admin_referer();
-
$post_id = (int) $_POST['post_ID'];
+ check_admin_referer('update-attachment_' . $post_id);
+
// Don't let these be changed
unset($_POST['guid']);
$_POST['post_status'] = 'attachment';
add_post_meta($post_id, '_wp_attachment_metadata', $newmeta);
case 'editpost':
- check_admin_referer();
+ $post_ID = (int) $_POST['post_ID'];
+ check_admin_referer('update-post_' . $post_ID);
$post_ID = edit_post();
+ $referredby = '';
+ if ( !empty($_POST['referredby']) )
+ $referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
+ $referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
+
if ($_POST['save']) {
- $location = $_SERVER['HTTP_REFERER'];
+ $location = wp_get_referer();
} elseif ($_POST['updatemeta']) {
- $location = $_SERVER['HTTP_REFERER'] . '&message=2#postcustom';
+ $location = wp_get_referer() . '&message=2#postcustom';
} elseif ($_POST['deletemeta']) {
- $location = $_SERVER['HTTP_REFERER'] . '&message=3#postcustom';
- } elseif (isset($_POST['referredby']) && $_POST['referredby'] != $_SERVER['HTTP_REFERER']) {
+ $location = wp_get_referer() . '&message=3#postcustom';
+ } elseif (!empty($referredby) && $referredby != $referer) {
$location = $_POST['referredby'];
if ( $_POST['referredby'] == 'redo' )
$location = get_permalink( $post_ID );
} else {
$location = 'post.php';
}
- header ('Location: ' . $location); // Send user on their way while we keep working
+
+ wp_redirect($location); // Send user on their way while we keep working
exit();
break;
case 'delete':
- check_admin_referer();
-
$post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']);
+ check_admin_referer('delete-post_' . $post_id);
$post = & get_post($post_id);
die( __('Error in deleting...') );
}
- $sendback = $_SERVER['HTTP_REFERER'];
+ $sendback = wp_get_referer();
if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php';
$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
- header ('Location: ' . $sendback);
+ wp_redirect($sendback);
break;
case 'editcomment':
echo "<input type='hidden' name='p' value='$p' />\n";
echo "<input type='hidden' name='comment' value='{$comment->comment_ID}' />\n";
echo "<input type='hidden' name='noredir' value='1' />\n";
+ wp_nonce_field('delete-comment_' . $comment->comment_ID);
echo "<input type='submit' value='" . __('Yes') . "' />";
echo " ";
echo "<input type='button' value='" . __('No') . "' onclick=\"self.location='". get_settings('siteurl') ."/wp-admin/edit.php?p=$p&c=1#comments';\" />\n";
break;
case 'deletecomment':
-
- check_admin_referer();
-
$comment = (int) $_GET['comment'];
+ check_admin_referer('delete-comment_' . $comment);
+
$p = (int) $_GET['p'];
if (isset($_GET['noredir'])) {
$noredir = true;
wp_set_comment_status($comment->comment_ID, "delete");
do_action('delete_comment', $comment->comment_ID);
- if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
- header('Location: ' . $_SERVER['HTTP_REFERER']);
+ if ((wp_get_referer() != "") && (false == $noredir)) {
+ wp_redirect(wp_get_referer());
} else {
- header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+ wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
}
break;
case 'unapprovecomment':
-
- check_admin_referer();
-
$comment = (int) $_GET['comment'];
+ check_admin_referer('unapprove-comment_' . $comment);
+
$p = (int) $_GET['p'];
if (isset($_GET['noredir'])) {
$noredir = true;
wp_set_comment_status($comment->comment_ID, "hold");
- if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
- header('Location: ' . $_SERVER['HTTP_REFERER']);
+ if ((wp_get_referer() != "") && (false == $noredir)) {
+ wp_redirect(wp_get_referer());
} else {
- header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+ wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
}
break;
case 'mailapprovecomment':
-
$comment = (int) $_GET['comment'];
+ check_admin_referer('approve-comment_' . $comment);
if ( ! $comment = get_comment($comment) )
die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
wp_notify_postauthor($comment->comment_ID);
}
- header('Location: ' . get_option('siteurl') . '/wp-admin/moderation.php?approved=1');
+ wp_redirect(get_option('siteurl') . '/wp-admin/moderation.php?approved=1');
break;
case 'approvecomment':
-
$comment = (int) $_GET['comment'];
+ check_admin_referer('approve-comment_' . $comment);
+
$p = (int) $_GET['p'];
if (isset($_GET['noredir'])) {
$noredir = true;
}
- if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
- header('Location: ' . $_SERVER['HTTP_REFERER']);
+ if ((wp_get_referer() != "") && (false == $noredir)) {
+ wp_redirect(wp_get_referer());
} else {
- header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+ wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
}
break;
case 'editedcomment':
+ $comment_ID = (int) $_POST['comment_ID'];
+ $comment_post_ID = (int) $_POST['comment_post_ID'];
+
+ check_admin_referer('update-comment_' . $comment_ID);
+
edit_comment();
$referredby = $_POST['referredby'];
if (!empty($referredby)) {
- header('Location: ' . $referredby);
+ wp_redirect($referredby);
} else {
- header ("Location: edit.php?p=$comment_post_ID&c=1#comments");
+ wp_redirect("edit.php?p=$comment_post_ID&c=1#comments");
}
break;
require_once('admin.php');
-check_admin_referer();
+check_admin_referer('update-profile_' . $user_ID);
if ( !$_POST )
die( __('No post?') );
<div class="wrap">
<h2><?php _e('Your Profile and Personal Options'); ?></h2>
<form name="profile" id="your-profile" action="profile-update.php" method="post">
+<?php wp_nonce_field('update-profile_' . $user_ID) ?>
<p>
<input type="hidden" name="from" value="profile" />
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
<?php
define('WP_INSTALLING', true);
-if (file_exists('../wp-config.php'))
- die("The file 'wp-config.php' already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try <a href='install.php'>installing now</a>.");
-
if (!file_exists('../wp-config-sample.php'))
die('Sorry, I need a wp-config-sample.php file to work from. Please re-upload this file from your WordPress installation.');
+
$configFile = file('../wp-config-sample.php');
if (!is_writable('../')) die("Sorry, I can't write to the directory. You'll have to either change the permissions on your WordPress directory or create your wp-config.php manually.");
-$step = 0;
-if(isset($_GET['step'])) $step = $_GET['step'];
+
+if (isset($_GET['step']))
+ $step = $_GET['step'];
+else
+ $step = 0;
header( 'Content-Type: text/html; charset=utf-8' );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<title>WordPress › Setup Configuration File</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style media="screen" type="text/css">
- <!--
+ <!--
+ html {
+ background: #eee;
+ }
body {
+ background: #fff;
+ color: #000;
font-family: Georgia, "Times New Roman", Times, serif;
- margin-left: 15%;
- margin-right: 15%;
+ margin-left: 20%;
+ margin-right: 20%;
+ padding: .2em 2em;
+ }
+
+ h1 {
+ color: #006;
+ font-size: 18px;
+ font-weight: lighter;
+ }
+
+ h2 {
+ font-size: 16px;
+ }
+
+ p, li, dt {
+ line-height: 140%;
+ padding-bottom: 2px;
+ }
+
+ ul, ol {
+ padding: 5px 5px 5px 20px;
}
#logo {
- margin: 0;
- padding: 0;
- background-image: url(http://wordpress.org/images/logo.png);
- background-repeat: no-repeat;
- height: 60px;
- border-bottom: 4px solid #333;
+ margin-bottom: 2em;
}
- #logo a {
- display: block;
- height: 60px;
+ .step a, .step input {
+ font-size: 2em;
}
- #logo a span {
- display: none;
+ td input {
+ font-size: 1.5em;
}
- p, li {
- line-height: 140%;
+ .step, th {
+ text-align: right;
+ }
+ #footer {
+ text-align: center;
+ border-top: 1px solid #ccc;
+ padding-top: 1em;
+ font-style: italic;
}
- -->
+ -->
</style>
</head>
-<body>
-<h1 id="logo"><a href="http://wordpress.org/"><span>WordPress</span></a></h1>
+<body>
+<h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1>
<?php
+// Check if wp-config.php has been created
+if (file_exists('../wp-config.php'))
+ die("<p>The file 'wp-config.php' already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try <a href='install.php'>installing now</a>.</p></body></html>");
switch($step) {
case 0:
?>
+
<p>Welcome to WordPress. Before getting started, we need some information on the database. You will need to know the following items before proceeding.</p>
<ol>
<li>Database name</li>
<li>Database username</li>
- <li>Database password</li>
+ <li>Database password</li>
<li>Database host</li>
<li>Table prefix (if you want to run more than one WordPress in a single database) </li>
</ol>
case 1:
?>
</p>
-<form method="post" action="setup-config.php?step=2">
+<form method="post" action="setup-config.php?step=2">
<p>Below you should enter your database connection details. If you're not sure about these, contact your host. </p>
<table>
<tr>
<th scope="row">Database Name</th>
- <td><input name="dbname" type="text" size="45" value="wordpress" /></td>
+ <td><input name="dbname" type="text" size="25" value="wordpress" /></td>
<td>The name of the database you want to run WP in. </td>
</tr>
<tr>
<th scope="row">User Name</th>
- <td><input name="uname" type="text" size="45" value="username" /></td>
+ <td><input name="uname" type="text" size="25" value="username" /></td>
<td>Your MySQL username</td>
</tr>
<tr>
<th scope="row">Password</th>
- <td><input name="pwd" type="text" size="45" value="password" /></td>
+ <td><input name="pwd" type="text" size="25" value="password" /></td>
<td>...and MySQL password.</td>
</tr>
<tr>
<th scope="row">Database Host</th>
- <td><input name="dbhost" type="text" size="45" value="localhost" /></td>
+ <td><input name="dbhost" type="text" size="25" value="localhost" /></td>
<td>99% chance you won't need to change this value.</td>
</tr>
<tr>
<th scope="row">Table Prefix</th>
- <td><input name="prefix" type="text" id="prefix" value="wp_" size="45" /></td>
+ <td><input name="prefix" type="text" id="prefix" value="wp_" size="25" /></td>
<td>If you want to run multiple WordPress installations in a single database, change this.</td>
</tr>
- </table>
- <input name="submit" type="submit" value="Submit" />
+ </table>
+ <h2 class="step">
+ <input name="submit" type="submit" value="Submit" />
+ </h2>
</form>
<?php
break;
-
+
case 2:
$dbname = trim($_POST['dbname']);
$uname = trim($_POST['uname']);
<p>All right sparky! You've made it through this part of the installation. WordPress can now communicate with your database. If you are ready, time now to <a href="install.php">run the install!</a></p>
<?php
break;
-
}
-?>
+?>
+<p id="footer"><a href="http://wordpress.org/">WordPress</a>, personal publishing platform.</p>
</body>
</html>
</head>
<body id="sidebar">
<h1 id="wphead"><a href="http://wordpress.org/" rel="external">WordPress</a></h1>
-<form name="post" action="post.php" method="POST">
+<form name="post" action="post.php" method="post">
<div><input type="hidden" name="action" value="post" />
<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
<input type="hidden" name="mode" value="sidebar" />
case 'update':
+ check_admin_referer('edit-file_' . $file);
+
if ( ! current_user_can('edit_files') )
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
if ( $f ) {
fwrite($f, $newcontent);
fclose($f);
- header("Location: templates.php?file=$file&a=te");
+ wp_redirect("templates.php?file=$file&a=te");
} else {
- header("Location: templates.php?file=$file&a=err");
+ wp_redirect("templates.php?file=$file&a=err");
}
} else {
- header("Location: templates.php?file=$file&a=err");
+ wp_redirect("templates.php?file=$file&a=err");
}
exit();
</div>
<?php if (!$error) { ?>
<form name="template" id="template" action="templates.php" method="post">
+ <?php wp_nonce_field('edit-file_' . $file) ?>
<div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo $file ?>" />
case 'update':
+ check_admin_referer('edit-theme_' . $file . $theme);
+
if ( !current_user_can('edit_themes') )
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
$f = fopen($real_file, 'w+');
fwrite($f, $newcontent);
fclose($f);
- header("Location: theme-editor.php?file=$file&theme=$theme&a=te");
+ wp_redirect("theme-editor.php?file=$file&theme=$theme&a=te");
} else {
- header("Location: theme-editor.php?file=$file&theme=$theme");
+ wp_redirect("theme-editor.php?file=$file&theme=$theme");
}
exit();
if (!$error) {
?>
<form name="template" id="template" action="theme-editor.php" method="post">
+ <?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo $file ?>" />
require_once('admin.php');
if ( isset($_GET['action']) ) {
- check_admin_referer();
+ check_admin_referer('switch-theme_' . $_GET['template']);
if ('activate' == $_GET['action']) {
if ( isset($_GET['template']) )
do_action('switch_theme', get_current_theme());
- header('Location: themes.php?activated=true');
+ wp_redirect('themes.php?activated=true');
exit;
}
}
$author = $themes[$theme_name]['Author'];
$screenshot = $themes[$theme_name]['Screenshot'];
$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
- $activate_link = "themes.php?action=activate&template=$template&stylesheet=$stylesheet";
+ $activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme_' . $template);
?>
<div class="available-theme">
<h3><a href="<?php echo $activate_link; ?>"><?php echo "$title $version"; ?></a></h3>
$http_request .= $query_string;
$response = '';
-if( false !== ( $fs = fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) {
+if ( false !== ( $fs = @fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) {
fwrite($fs, $http_request);
while ( !feof($fs) )
$response .= fgets($fs, 1160); // One TCP-IP packet
add_option('page_uris');
add_option('blacklist_keys');
add_option('comment_registration', 0);
- add_option('open_proxy_check', 1);
+ add_option('open_proxy_check', 0);
add_option('rss_language', 'en');
add_option('html_type', 'text/html');
// 1.5.1
add_option('uploads_use_yearmonth_folders', 1);
add_option('upload_path', 'wp-content/uploads');
}
+
+ // 2.0.3
+ add_option('secret', md5(uniqid(microtime())));
// Delete unused options
$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog');
switch($step) {
case 0:
- $goback = wp_specialchars($_SERVER['HTTP_REFERER'], 1);
+ $goback = wp_specialchars(wp_get_referer());
?>
<p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p>
<h2 class="step"><a href="upgrade.php?step=1&backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress »'); ?></a></h2>
break;
case 1:
- wp_cache_flush();
- make_db_current_silent();
- upgrade_all();
- wp_cache_flush();
+ $wp_current_db_version = __get_option('db_version');
+ if ( $wp_db_version != $wp_current_db_version ) {
+ wp_cache_flush();
+ make_db_current_silent();
+ upgrade_all();
+ wp_cache_flush();
+ }
if ( empty( $_GET['backto'] ) )
$backto = __get_option('home');
case 'update':
-check_admin_referer();
+check_admin_referer('update-user_' . $user_id);
$errors = array();
$errors = edit_user($user_id);
if(count($errors) == 0) {
- header("Location: user-edit.php?user_id=$user_id&updated=true");
+ wp_redirect("user-edit.php?user_id=$user_id&updated=true");
exit;
}
<h2><?php _e('Edit User'); ?></h2>
<form name="profile" id="your-profile" action="user-edit.php" method="post">
+<?php wp_nonce_field('update-user_' . $user_id) ?>
<p>
<input type="hidden" name="from" value="profile" />
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
switch ($action) {
case 'promote':
- check_admin_referer();
+ check_admin_referer('bulk-users');
if (empty($_POST['users'])) {
- header('Location: users.php');
+ wp_redirect('users.php');
}
if ( !current_user_can('edit_users') )
$user->set_role($_POST['new_role']);
}
- header('Location: users.php?update=' . $update);
+ wp_redirect('users.php?update=' . $update);
break;
case 'dodelete':
- check_admin_referer();
+ check_admin_referer('delete-users');
if ( empty($_POST['users']) ) {
- header('Location: users.php');
+ wp_redirect('users.php');
}
if ( !current_user_can('edit_users') )
}
}
- header('Location: users.php?update=' . $update);
+ wp_redirect('users.php?update=' . $update);
break;
case 'delete':
- check_admin_referer();
+ check_admin_referer('bulk-users');
- if (empty($_POST['users'])) {
- header('Location: users.php');
- }
+ if ( empty($_POST['users']) )
+ wp_redirect('users.php');
if ( !current_user_can('edit_users') )
$error['edit_users'] = __('You can’t delete users.');
include ('admin-header.php');
?>
<form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('delete-users') ?>
<div class="wrap">
<h2><?php _e('Delete Users'); ?></h2>
<p><?php _e('You have specified these users for deletion:'); ?></p>
break;
case 'adduser':
- check_admin_referer();
+ check_admin_referer('add-user');
$errors = add_user();
if(count($errors) == 0) {
- header('Location: users.php?update=add');
+ wp_redirect('users.php?update=add');
die();
}
?>
<form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('bulk-users') ?>
<div class="wrap">
<h2><?php _e('User List by Role'); ?></h2>
<table cellpadding="3" cellspacing="3" width="100%">
<h2><?php _e('Add New User') ?></h2>
<?php echo '<p>'.sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'</p>'; ?>
<form action="" method="post" name="adduser" id="adduser">
+ <?php wp_nonce_field('add-user') ?>
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
<tr>
<th scope="row" width="33%"><?php _e('Nickname') ?>
padding-right: 2px;
}
+#moremeta fieldset.dbx-box-closed {
+ background: url(images/box-butt.gif) no-repeat bottom;
+ padding-bottom: 9px;
+}
+
/* handles */
.dbx-handle {
background: url(images/box-bg.gif) repeat-y right;
}
+#advancedstuff h3.dbx-handle {
+ margin-left: 7px;
+ margin-bottom: -7px;
+ padding: 6px 1em 0 3px;
+ background: #2685af url(images/box-head-right.gif) no-repeat top right;
+}
+
+#advancedstuff div.dbx-handle-wrapper {
+ margin: 0 0 0 -7px;
+ background: #fff url(images/box-head-left.gif) no-repeat top left;
+}
+
+#advancedstuff div.dbx-content {
+ margin-left: 8px;
+ background: url(images/box-bg-right.gif) repeat-y right;
+ padding: 10px 10px 15px 0px;
+}
+
+#postexcerpt div.dbx-content {
+ margin-right: 0;
+ padding-right: 17px;
+}
+
+#advancedstuff div.dbx-content-wrapper {
+ margin-left: -7px;
+ margin-right: 0;
+ background: url(images/box-bg-left.gif) repeat-y left;
+}
+
+#advancedstuff fieldset.dbx-box {
+ padding-bottom: 9px;
+ margin-left: 6px;
+ background: url(images/box-butt-right.gif) no-repeat bottom right;
+}
+
+#advancedstuff div.dbx-box-wrapper {
+ background: url(images/box-butt-left.gif) no-repeat bottom left;
+}
+
+#advancedstuff .dbx-box-closed div.dbx-content-wrapper {
+ padding-bottom: 2px;
+ background: url(images/box-butt-left.gif) no-repeat bottom left;
+}
+
+#advancedstuff .dbx-box {
+ background: url(images/box-butt-right.gif) no-repeat bottom right;
+}
+
+
/* handle cursors */
.dbx-handle-cursor {
cursor: move;
#advancedstuff a.dbx-toggle, #advancedstuff a.dbx-toggle-open:visited {
height: 22px;
width: 22px;
+ top: 3px;
+ right: 5px;
background-position: 0 -3px;
}
#advancedstuff a.dbx-toggle-open, #advancedstuff a.dbx-toggle-open:visited {
height: 22px;
width: 22px;
+ top: 3px;
+ right: 5px;
background-position: 0 -28px;
}
$comment_content = trim($_POST['comment']);
// If the user is logged in
-get_currentuserinfo();
-if ( $user_ID ) :
- $comment_author = $wpdb->escape($user_identity);
- $comment_author_email = $wpdb->escape($user_email);
- $comment_author_url = $wpdb->escape($user_url);
+$user = wp_get_current_user();
+if ( $user->ID ) :
+ $comment_author = $wpdb->escape($user->display_name);
+ $comment_author_email = $wpdb->escape($user->user_email);
+ $comment_author_url = $wpdb->escape($user->user_url);
else :
if ( get_option('comment_registration') )
die( __('Sorry, you must be logged in to post a comment.') );
$comment_type = '';
-if ( get_settings('require_name_email') && !$user_ID ) {
+if ( get_settings('require_name_email') && !$user->ID ) {
if ( 6 > strlen($comment_author_email) || '' == $comment_author )
die( __('Error: please fill the required fields (name, email).') );
elseif ( !is_email($comment_author_email))
$comment_id = wp_new_comment( $commentdata );
-if ( !$user_ID ) :
+if ( !$user->ID ) :
$comment = get_comment($comment_id);
setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
Plugin URI: http://akismet.com/
Description: Akismet checks your comments against the Akismet web serivce to see if they look like spam or not. You need a <a href="http://wordpress.com/api-keys/">WordPress.com API key</a> to use this service. You can review the spam it catches under "Manage" and it automatically deletes old spam after 15 days. Hat tip: <a href="http://ioerror.us/">Michael Hampton</a> and <a href="http://chrisjdavis.org/">Chris J. Davis</a> for help with the plugin.
Author: Matt Mullenweg
-Version: 1.14
+Version: 1.15
Author URI: http://photomatt.net/
*/
add_action('admin_menu', 'ksd_config_page');
+if ( ! function_exists('wp_nonce_field') ) {
+ function akismet_nonce_field($action = -1) {
+ return;
+ }
+ $akismet_nonce = -1;
+} else {
+ function akismet_nonce_field($action = -1) {
+ return wp_nonce_field($action);
+ }
+ $akismet_nonce = 'akismet-update-key';
+}
+
function ksd_config_page() {
global $wpdb;
if ( function_exists('add_submenu_page') )
- add_submenu_page('plugins.php', __('Akismet Configuration'), __('Akismet Configuration'), 1, __FILE__, 'akismet_conf');
+ add_submenu_page('plugins.php', __('Akismet Configuration'), __('Akismet Configuration'), 'manage_options', __FILE__, 'akismet_conf');
}
function akismet_conf() {
+ global $akismet_nonce;
if ( isset($_POST['submit']) ) {
- check_admin_referer();
+ if ( !current_user_can('manage_options') )
+ die(__('Cheatin’ uh?'));
+
+ check_admin_referer($akismet_nonce);
$key = preg_replace('/[^a-h0-9]/i', '', $_POST['key']);
if ( akismet_verify_key( $key ) )
update_option('wordpress_api_key', $key);
<p><?php printf(__('For many people, <a href="%1$s">Akismet</a> will greatly reduce or even completely eliminate the comment and trackback spam you get on your site. If one does happen to get through, simply mark it as "spam" on the moderation screen and Akismet will learn from the mistakes. If you don\'t have a WordPress.com account yet, you can get one at <a href="%2$s">WordPress.com</a>.'), 'http://akismet.com/', 'http://wordpress.com/api-keys/'); ?></p>
<form action="" method="post" id="akismet-conf" style="margin: auto; width: 25em; ">
+<?php akismet_nonce_field($akismet_nonce) ?>
<h3><label for="key"><?php _e('WordPress.com API Key'); ?></label></h3>
<?php if ( $invalid_key ) { ?>
<p style="padding: .5em; background-color: #f33; color: #fff; font-weight: bold;"><?php _e('Your key appears invalid. Double-check it.'); ?></p>
$ksd_api_host = get_option('wordpress_api_key') . '.rest.akismet.com';
$ksd_api_port = 80;
-$ksd_user_agent = "WordPress/$wp_version | Akismet/1.14";
+$ksd_user_agent = "WordPress/$wp_version | Akismet/1.15";
// Returns array with headers in $response[0] and entity in $response[1]
function ksd_http_post($request, $host, $path, $port = 80) {
$http_request .= $request;
$response = '';
- if( false !== ( $fs = @fsockopen($host, $port, $errno, $errstr, 3) ) ) {
+ if( false !== ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {
fwrite($fs, $http_request);
while ( !feof($fs) )
function ksd_auto_check_comment( $comment ) {
global $auto_comment_approved, $ksd_api_host, $ksd_api_port;
- $comment['user_ip'] = $_SERVER['REMOTE_ADDR'];
+ $comment['user_ip'] = preg_replace( '/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR'] );
$comment['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$comment['referrer'] = $_SERVER['HTTP_REFERER'];
$comment['blog'] = get_option('home');
global $wpdb;
$count = sprintf(__('Akismet Spam (%s)'), ksd_spam_count());
if ( function_exists('add_management_page') )
- add_management_page(__('Akismet Spam'), $count, 1, __FILE__, 'ksd_caught');
+ add_management_page(__('Akismet Spam'), $count, 'moderate_comments', __FILE__, 'ksd_caught');
}
function ksd_caught() {
global $wpdb, $comment;
if (isset($_POST['submit']) && 'recover' == $_POST['action'] && ! empty($_POST['not_spam'])) {
+ if ( ! current_user_can('moderate_comments') )
+ die(__('You do not have sufficient permission to moderate comments.'));
+
$i = 0;
foreach ($_POST['not_spam'] as $comment):
$comment = (int) $comment;
echo '<div class="updated"><p>' . sprintf(__('%1$s comments recovered.'), $i) . "</p></div>";
}
if ('delete' == $_POST['action']) {
+ if ( ! current_user_can('moderate_comments') )
+ die(__('You do not have sufficient permission to moderate comments.'));
+
$delete_time = addslashes( $_POST['display_time'] );
$nuked = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" );
if (isset($nuked)) {
$count = get_option('akismet_spam_count');
if ( $count ) {
?>
-<p><?php printf(__('Akismet has caught <strong>%1$s</strong> spam for you since you installed it.'), number_format($count) ); ?></p>
+<p><?php printf(__('Akismet has caught <strong>%1$s spam</strong> for you since you first installed it.'), number_format($count) ); ?></p>
<?php
}
$spam_count = ksd_spam_count();
</form>
</div>
<div class="wrap">
-<h2><?php _e('Last 15 days'); ?></h2>
+<h2><?php _e('Latest Spam'); ?></h2>
<?php echo '<p>'.__('These are the latest comments identified as spam by Akismet. If you see any mistakes, simply mark the comment as "not spam" and Akismet will learn from the submission. If you wish to recover a comment from spam, simply select the comment, and click Not Spam. After 15 days we clean out the junk for you.').'</p>'; ?>
<?php
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = 'spam' ORDER BY comment_date DESC LIMIT 150");
?>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<input type="hidden" name="action" value="recover" />
-<ol id="spam-list" class="commentlist">
+<ul id="spam-list" class="commentlist" style="list-style: none; margin: 0; padding: 0;">
<?php
$i = 0;
foreach($comments as $comment) {
else $class = '';
echo "\n\t<li id='comment-$comment->comment_ID' $class>";
?>
- <p><strong><?php _e('Name:') ?></strong> <?php comment_author_link() ?> <?php if ($comment->comment_author_email) { ?>| <strong><?php _e('E-mail:') ?></strong> <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_url && 'http://' != $comment->comment_author_url) { ?> | <strong><?php _e('URI:') ?></strong> <?php comment_author_url_link() ?> <?php } ?>| <strong><?php _e('IP:') ?></strong> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a> | <strong><?php _e('Date:') ?></strong> <?php comment_date(); ?></p>
+
+<p><strong><?php comment_author() ?></strong> <?php if ($comment->comment_author_email) { ?>| <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_url && 'http://' != $comment->comment_author_url) { ?> | <?php comment_author_url_link() ?> <?php } ?>| <?php _e('IP:') ?> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></p>
+
<?php comment_text() ?>
-<label for="spam-<?php echo $comment->comment_ID; ?>">
+
+<p><label for="spam-<?php echo $comment->comment_ID; ?>">
<input type="checkbox" id="spam-<?php echo $comment->comment_ID; ?>" name="not_spam[]" value="<?php echo $comment->comment_ID; ?>" />
-<?php _e('Not Spam') ?></label>
+<?php _e('Not Spam') ?></label> — <?php comment_date('M j, g:i A'); ?> — [
+<?php
+$post = get_post($comment->comment_post_ID);
+$post_title = wp_specialchars( $post->post_title, 'double' );
+$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
+?>
+ <a href="<?php echo get_permalink($comment->comment_post_ID); ?>" title="<?php echo $post_title; ?>"><?php _e('View Post') ?></a> ] </p>
+
+
<?php
}
}
?>
-</ol>
+</ul>
<p class="submit">
-<input type="submit" name="submit" value="<?php _e('Not Spam »'); ?>" />
+<input type="submit" name="submit" value="<?php _e('De-spam marked comments »'); ?>" />
</p>
+<p><?php _e('Comments you de-spam will be submitted to Akismet as mistakes so it can learn and get better.'); ?></p>
+</form>
+<form method="post" action="">
+<p><input type="hidden" name="action" value="delete" />
+<?php printf(__('There are currently %1$s comments identified as spam.'), $spam_count); ?> <input type="submit" name="Submit" value="<?php _e('Delete all'); ?>" />
+<input type="hidden" name="display_time" value="<?php echo current_time('mysql', 1); ?>" /></p>
</form>
</div>
<?php
}
function wpdbBackup() {
-
add_action('wp_cron_daily', array(&$this, 'wp_cron_daily'));
$this->backup_dir = trailingslashit($this->backup_dir);
$this->basename = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', __FILE__);
if (isset($_POST['do_backup'])) {
+ if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
switch($_POST['do_backup']) {
case 'backup':
$this->perform_backup();
break;
}
} elseif (isset($_GET['fragment'] )) {
+ if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
add_action('init', array(&$this, 'init'));
} elseif (isset($_GET['backup'] )) {
+ if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
add_action('init', array(&$this, 'init'));
} else {
add_action('admin_menu', array(&$this, 'admin_menu'));
}
function init() {
- global $user_level;
- get_currentuserinfo();
-
- if ($user_level < 9) die(__('Need higher user level.'));
+ if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
if (isset($_GET['backup'])) {
$via = isset($_GET['via']) ? $_GET['via'] : 'http';
$core_tables = $_POST['core_tables'];
$this->backup_file = $this->db_backup($core_tables, $also_backup);
- if (FALSE !== $backup_file) {
+ if (FALSE !== $this->backup_file) {
if ('smtp' == $_POST['deliver']) {
$this->deliver_backup ($this->backup_file, $_POST['deliver'], $_POST['backup_recipient']);
} elseif ('http' == $_POST['deliver']) {
///////////////////////////////
function admin_menu() {
- add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu'));
+ add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu'));
}
function fragment_menu() {
- add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script'));
+ add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script'));
}
/////////////////////////////////////////////////////////
} // wp_cron_db_backup
}
-$mywpdbbackup = new wpdbBackup();
+function wpdbBackup_init() {
+ global $mywpdbbackup;
+
+ if ( !current_user_can('import') ) return;
+
+ $mywpdbbackup = new wpdbBackup();
+}
+
+add_action('plugins_loaded', 'wpdbBackup_init');
?>
<?php
// this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
$comments = get_approved_comments($id);
$commentstatus = get_post($id);
if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $commentstatus->post_password) { // and it doesn't match the cookie
<?php if (have_posts()) : ?>
<?php $post = $posts[0]; // Hack. Set $post so that the_date() works. ?>
-<?php /* If this is a category archive */ if (is_category()) { ?>
+<?php /* If this is a category archive */ if (is_category()) { ?>
<h2 class="pagetitle">Archive for the '<?php echo single_cat_title(); ?>' Category</h2>
-
+
<?php /* If this is a daily archive */ } elseif (is_day()) { ?>
<h2 class="pagetitle">Archive for <?php the_time('F jS, Y'); ?></h2>
-
+
<?php /* If this is a monthly archive */ } elseif (is_month()) { ?>
<h2 class="pagetitle">Archive for <?php the_time('F, Y'); ?></h2>
<?php /* If this is a yearly archive */ } elseif (is_year()) { ?>
<h2 class="pagetitle">Archive for <?php the_time('Y'); ?></h2>
-
+
<?php /* If this is a search */ } elseif (is_search()) { ?>
<h2 class="pagetitle">Search Results</h2>
-
+
<?php /* If this is an author archive */ } elseif (is_author()) { ?>
<h2 class="pagetitle">Author Archive</h2>
<div class="post">
<h3 id="post-<?php the_ID(); ?>"><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h3>
<small><?php the_time('l, F jS, Y') ?></small>
-
+
<div class="entry">
<?php the_content() ?>
</div>
-
+
<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?> <?php comments_popup_link('No Comments »', '1 Comment »', '% Comments »'); ?></p>
</div>
-
+
<?php endwhile; ?>
<div class="navigation">
<div class="alignleft"><?php next_posts_link('« Previous Entries') ?></div>
<div class="alignright"><?php previous_posts_link('Next Entries »') ?></div>
</div>
-
+
<?php else : ?>
<h2 class="center">Not Found</h2>
<?php include (TEMPLATEPATH . '/searchform.php'); ?>
<?php endif; ?>
-
+
</div>
<?php get_sidebar(); ?>
<?php wp_list_cats(); ?>
</ul>
-</div>
+</div>
<?php get_footer(); ?>
<?php get_header(); ?>
<div id="content" class="widecolumn">
-
+
<?php if (have_posts()) : while (have_posts()) : the_post(); ?>
-
+
<div class="navigation">
<div class="alignleft"> </div>
<div class="alignright"> </div>
<?php $_post = &get_post($post->ID); $classname = ($_post->iconsize[0] <= 128 ? 'small' : '') . 'attachment'; // This lets us style narrow icons specially ?>
<div class="post" id="post-<?php the_ID(); ?>">
<h2><a href="<?php echo get_permalink($post->post_parent); ?>" rev="attachment"><?php echo get_the_title($post->post_parent); ?></a> » <a href="<?php echo get_permalink() ?>" rel="bookmark" title="Permanent Link: <?php the_title(); ?>"><?php the_title(); ?></a></h2>
- <div class="entrytext">
+ <div class="entry">
<p class="<?php echo $classname; ?>"><?php echo $attachment_link; ?><br /><?php echo basename($post->guid); ?></p>
<?php the_content('<p class="serif">Read the rest of this entry »</p>'); ?>
-
+
<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
-
+
<p class="postmetadata alt">
<small>
This entry was posted
on <?php the_time('l, F jS, Y') ?> at <?php the_time() ?>
and is filed under <?php the_category(', ') ?>.
You can follow any responses to this entry through the <?php comments_rss_link('RSS 2.0'); ?> feed.
-
+
<?php if (('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
// Both Comments and Pings are open ?>
You can <a href="#respond">leave a response</a>, or <a href="<?php trackback_url(true); ?>" rel="trackback">trackback</a> from your own site.
-
+
<?php } elseif (!('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
// Only Pings are Open ?>
Responses are currently closed, but you can <a href="<?php trackback_url(true); ?> " rel="trackback">trackback</a> from your own site.
-
+
<?php } elseif (('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
// Comments are open, Pings are not ?>
You can skip to the end and leave a response. Pinging is currently not allowed.
-
+
<?php } elseif (!('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
// Neither Comments, nor Pings are open ?>
- Both comments and pings are currently closed.
-
+ Both comments and pings are currently closed.
+
<?php } edit_post_link('Edit this entry.','',''); ?>
-
+
</small>
</p>
-
+
</div>
</div>
-
+
<?php comments_template(); ?>
-
+
<?php endwhile; else: ?>
-
+
<p>Sorry, no attachments matched your criteria.</p>
-
+
<?php endif; ?>
-
+
</div>
<?php get_footer(); ?>
<?php
// this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
$comments = get_approved_comments($id);
$post = get_post($id);
if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie
<?php // Seen at http://www.mijnkopthee.nl/log2/archive/2003/05/28/esc(18) ?>
<script type="text/javascript">
<!--
-document.onkeypress = function esc(e) {
+document.onkeypress = function esc(e) {
if(typeof(e) == "undefined") { e=event; }
if (e.keyCode == 27) { self.close(); }
}
if (!empty($post->post_password)) { // if there's a password
if ($_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie
?>
-
+
<p class="nocomments">This post is password protected. Enter the password to view comments.<p>
-
+
<?php
return;
}
</li>
- <?php /* Changes every other comment to a different class */
+ <?php /* Changes every other comment to a different class */
if ('alt' == $oddcomment) $oddcomment = '';
else $oddcomment = 'alt';
?>
<?php if ('open' == $post->comment_status) : ?>
<!-- If comments are open, but there are no comments. -->
-
+
<?php else : // comments are closed ?>
<!-- If comments are closed. -->
<p class="nocomments">Comments are closed.</p>
-
+
<?php endif; ?>
<?php endif; ?>
<hr />
<div id="footer">
+<!-- If you'd like to support WordPress, having the "powered by" link someone on your blog is the best way, it's our only promotion or advertising. -->
<p>
<?php bloginfo('name'); ?> is proudly powered by
<a href="http://wordpress.org/">WordPress</a>
$color = kubrick_header_color();\r
if ( false === $color )\r
return 'white';\r
- \r
+\r
return $color;\r
}\r
\r
}\r
}\r
} else {\r
- \r
+\r
if ( isset($_REQUEST['headerimage']) ) {\r
if ( '' == $_REQUEST['headerimage'] )\r
delete_option('kubrick_header_image');\r
else\r
update_option('kubrick_header_image', $_REQUEST['headerimage']);\r
}\r
- \r
+\r
if ( isset($_REQUEST['fontcolor']) ) {\r
if ( '' == $_REQUEST['fontcolor'] )\r
delete_option('kubrick_header_color');\r
else\r
update_option('kubrick_header_color', $_REQUEST['fontcolor']);\r
}\r
- \r
+\r
if ( isset($_REQUEST['fontdisplay']) ) {\r
if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] )\r
delete_option('kubrick_header_display');\r
}\r
}\r
//print_r($_REQUEST);\r
- header("Location: themes.php?page=functions.php&saved=true");\r
+ wp_redirect("themes.php?page=functions.php&saved=true");\r
die;\r
}\r
add_action('admin_head', 'kubrick_theme_page_head');\r
?>\r
<script type="text/javascript" src="../wp-includes/js/colorpicker.js"></script>\r
<script type='text/javascript'>\r
+// <![CDATA[\r
function pickColor(color) {\r
ColorPicker_targetInput.value = color;\r
kUpdate(ColorPicker_targetInput.id);\r
document.getElementById('nonJsForm').style.display = 'none';\r
}\r
addLoadEvent(kInit);\r
+// ]]>\r
</script>\r
<style type='text/css'>\r
#headwrap {\r
font-family: 'Lucida Grande', Verdana, Arial, Sans-Serif;\r
font-size: 1.2em;\r
text-align: center;\r
- } \r
+ }\r
#kubrick-header #header {\r
text-decoration: none;\r
color: <?php echo kubrick_header_color_string(); ?>;\r
</div>\r
<br />\r
<div id="nonJsForm">\r
- <form method="POST">\r
+ <form method="post" action="">\r
<div class="zerosize"><input type="submit" name="defaultsubmit" value="Save" /></div>\r
<label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo kubrick_header_color(); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br />\r
<label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo kubrick_upper_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />\r
<label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo kubrick_lower_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />\r
<input type="hidden" name="hi" id="hi" value="<?php echo kubrick_header_image(); ?>" />\r
- <label> </label><input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />\r
+ <input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />\r
<input type="submit" name="defaults" value="Use Defaults" />\r
<input type="submit" class="defbutton" name="submitform" value=" Save " />\r
<input type="hidden" name="action" value="save" />\r
</form>\r
<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>\r
<div id="advanced">\r
- <form id="jsAdvanced" style="display:none;">\r
+ <form id="jsAdvanced" style="display:none;" action="">\r
<label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo kubrick_header_color(); ?>" /><br />\r
<label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo kubrick_upper_color(); ?>" /><br />\r
<label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo kubrick_lower_color(); ?>" /><br />\r
<link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />
<style type="text/css" media="screen">
-/* To accomodate differing install paths of WordPress, images are referred only here,
- and not in the wp-layout.css file. If you prefer to use only CSS for colors and what
- not, then go right ahead and delete the following lines, and the image files. */
-
- body { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgcolor.jpg"); }
-<?php /* Checks to see whether it needs a sidebar or not */ if ((! $withcomments) && (! is_single())) { ?>
+
+<?php
+// Checks to see whether it needs a sidebar or not
+if ( !$withcomments && !is_single() ) {
+?>
#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbg.jpg") repeat-y top; border: none; }
<?php } else { // No sidebar ?>
#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgwide.jpg") repeat-y top; border: none; }
<?php } ?>
- #header { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickheader.jpg") no-repeat bottom center; }
- #footer { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickfooter.jpg") no-repeat bottom; border: none;}
-
-/* Because the template is slightly different, size-wise, with images, this needs to be set here
- If you don't want to use the template's images, you can also delete the following two lines. */
-
- #header { margin: 0 !important; margin: 0 0 0 1px; padding: 1px; height: 198px; width: 758px; }
- #headerimg { margin: 7px 9px 0; height: 192px; width: 740px; }
-
-/* To ease the insertion of a personal header image, I have done it in such a way,
- that you simply drop in an image called 'personalheader.jpg' into your /images/
- directory. Dimensions should be at least 760px x 200px. Anything above that will
- get cropped off of the image. */
- /*
- #headerimg { background: url('<?php bloginfo('stylesheet_directory'); ?>/images/personalheader.jpg') no-repeat top;}
- */
+
</style>
<?php wp_head(); ?>
<div id="content" class="narrowcolumn">
<?php if (have_posts()) : ?>
-
+
<?php while (have_posts()) : the_post(); ?>
-
+
<div class="post" id="post-<?php the_ID(); ?>">
<h2><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h2>
<small><?php the_time('F jS, Y') ?> <!-- by <?php the_author() ?> --></small>
-
+
<div class="entry">
<?php the_content('Read the rest of this entry »'); ?>
</div>
-
+
<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?> <?php comments_popup_link('No Comments »', '1 Comment »', '% Comments »'); ?></p>
</div>
-
+
<?php endwhile; ?>
<div class="navigation">
<div class="alignleft"><?php next_posts_link('« Previous Entries') ?></div>
<div class="alignright"><?php previous_posts_link('Next Entries »') ?></div>
</div>
-
+
<?php else : ?>
<h2 class="center">Not Found</h2>
<?php get_links_list(); ?>
</ul>
-</div>
+</div>
<?php get_footer(); ?>
<?php if (have_posts()) : while (have_posts()) : the_post(); ?>
<div class="post" id="post-<?php the_ID(); ?>">
<h2><?php the_title(); ?></h2>
- <div class="entrytext">
+ <div class="entry">
<?php the_content('<p class="serif">Read the rest of this page »</p>'); ?>
-
+
<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
-
+
</div>
</div>
<?php endwhile; endif; ?>
<?php if (have_posts()) : ?>
<h2 class="pagetitle">Search Results</h2>
-
+
<div class="navigation">
<div class="alignleft"><?php next_posts_link('« Previous Entries') ?></div>
<div class="alignright"><?php previous_posts_link('Next Entries »') ?></div>
<?php while (have_posts()) : the_post(); ?>
-
+
<div class="post">
<h3 id="post-<?php the_ID(); ?>"><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h3>
<small><?php the_time('l, F jS, Y') ?></small>
-
+
<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?> <?php comments_popup_link('No Comments »', '1 Comment »', '% Comments »'); ?></p>
</div>
-
+
<?php endwhile; ?>
<div class="navigation">
<div class="alignleft"><?php next_posts_link('« Previous Entries') ?></div>
<div class="alignright"><?php previous_posts_link('Next Entries »') ?></div>
</div>
-
+
<?php else : ?>
<h2 class="center">No posts found. Try a different search?</h2>
<?php include (TEMPLATEPATH . '/searchform.php'); ?>
<?php endif; ?>
-
+
</div>
<?php get_sidebar(); ?>
<div id="sidebar">
<ul>
-
+
<li>
<?php include (TEMPLATEPATH . '/searchform.php'); ?>
</li>
<?php /* If this is a 404 page */ if (is_404()) { ?>
<?php /* If this is a category archive */ } elseif (is_category()) { ?>
<p>You are currently browsing the archives for the <?php single_cat_title(''); ?> category.</p>
-
+
<?php /* If this is a yearly archive */ } elseif (is_day()) { ?>
<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
for the day <?php the_time('l, F jS, Y'); ?>.</p>
-
+
<?php /* If this is a monthly archive */ } elseif (is_month()) { ?>
<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
for <?php the_time('F, Y'); ?>.</p>
<?php /* If this is a yearly archive */ } elseif (is_year()) { ?>
<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
for the year <?php the_time('Y'); ?>.</p>
-
+
<?php /* If this is a monthly archive */ } elseif (is_search()) { ?>
<p>You have searched the <a href="<?php echo bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
for <strong>'<?php echo wp_specialchars($s); ?>'</strong>. If you are unable to find anything in these search results, you can try one of these links.</p>
</ul>
</li>
- <?php /* If this is the frontpage */ if ( is_home() || is_page() ) { ?>
+ <?php /* If this is the frontpage */ if ( is_home() || is_page() ) { ?>
<?php get_links_list(); ?>
-
+
<li><h2>Meta</h2>
<ul>
<?php wp_register(); ?>
</ul>
</li>
<?php } ?>
-
+
</ul>
</div>
<?php get_header(); ?>
<div id="content" class="widecolumn">
-
+
<?php if (have_posts()) : while (have_posts()) : the_post(); ?>
-
+
<div class="navigation">
<div class="alignleft"><?php previous_post_link('« %link') ?></div>
<div class="alignright"><?php next_post_link('%link »') ?></div>
</div>
-
+
<div class="post" id="post-<?php the_ID(); ?>">
<h2><a href="<?php echo get_permalink() ?>" rel="bookmark" title="Permanent Link: <?php the_title(); ?>"><?php the_title(); ?></a></h2>
-
- <div class="entrytext">
+
+ <div class="entry">
<?php the_content('<p class="serif">Read the rest of this entry »</p>'); ?>
-
+
<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
-
+
<p class="postmetadata alt">
<small>
This entry was posted
on <?php the_time('l, F jS, Y') ?> at <?php the_time() ?>
and is filed under <?php the_category(', ') ?>.
You can follow any responses to this entry through the <?php comments_rss_link('RSS 2.0'); ?> feed.
-
+
<?php if (('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
// Both Comments and Pings are open ?>
You can <a href="#respond">leave a response</a>, or <a href="<?php trackback_url(true); ?>" rel="trackback">trackback</a> from your own site.
-
+
<?php } elseif (!('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
// Only Pings are Open ?>
Responses are currently closed, but you can <a href="<?php trackback_url(true); ?> " rel="trackback">trackback</a> from your own site.
-
+
<?php } elseif (('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
// Comments are open, Pings are not ?>
You can skip to the end and leave a response. Pinging is currently not allowed.
-
+
<?php } elseif (!('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
// Neither Comments, nor Pings are open ?>
- Both comments and pings are currently closed.
-
+ Both comments and pings are currently closed.
+
<?php } edit_post_link('Edit this entry.','',''); ?>
-
+
</small>
</p>
-
+
</div>
</div>
-
+
<?php comments_template(); ?>
-
+
<?php endwhile; else: ?>
-
+
<p>Sorry, no posts matched your criteria.</p>
-
+
<?php endif; ?>
-
+
</div>
<?php get_footer(); ?>
Theme Name: WordPress Default
Theme URI: http://wordpress.org/
Description: The default WordPress theme based on the famous <a href="http://binarybonsai.com/kubrick/">Kubrick</a>.
-Version: 1.5
+Version: 1.6
Author: Michael Heilemann
Author URI: http://binarybonsai.com/
The CSS, XHTML and design is released under GPL:
http://www.opensource.org/licenses/gpl-license.php
-
- *** REGARDING IMAGES ***
- All CSS that involves the use of images, can be found in the 'index.php' file.
- This is to ease installation inside subdirectories of a server.
-
- Have fun, and don't be afraid to contact me if you have questions.
*/
body {
font-size: 62.5%; /* Resets 1em to 10px */
font-family: 'Lucida Grande', Verdana, Arial, Sans-Serif;
- background-color: #d5d6d7;
+ background: #d5d6d7 url('images/kubrickbgcolor.jpg');
color: #333;
text-align: center;
}
}
#header {
- background-color: #73a0c5;
+ background: #73a0c5 url('images/kubrickheader.jpg') no-repeat bottom center;
}
+#headerimg {
+ margin: 7px 9px 0;
+ height: 192px;
+ width: 740px;
+ }
+
#content {
font-size: 1.2em
}
.widecolumn {
line-height: 1.6em;
}
-
+
.narrowcolumn .postmetadata {
text-align: center;
}
}
#footer {
- background-color: #eee;
+ background: #eee url('images/kubrickfooter.jpg') no-repeat top;
+ border: none;
}
small {
.commentlist li, #commentform input, #commentform textarea {
font: 0.9em 'Lucida Grande', Verdana, Arial, Sans-Serif;
}
-
+
.commentlist li {
font-weight: bold;
}
small, #sidebar ul ul li, #sidebar ul ol li, .nocomments, .postmetadata, blockquote, strike {
color: #777;
}
-
+
code {
font: 1.1em 'Courier New', Courier, Fixed;
}
color: #147;
text-decoration: underline;
}
-
+
#wp-calendar #prev a {
font-size: 9pt;
}
/* Begin Structure */
body {
- margin: 0;
+ margin: 0 0 20px 0;
padding: 0;
}
width: 760px;
border: 1px solid #959596;
}
-
+
#header {
- padding: 0;
- margin: 0 auto;
- height: 200px;
- width: 100%;
background-color: #73a0c5;
+ margin: 0 0 0 1px;
+ padding: 0;
+ height: 200px;
+ width: 758px;
}
#headerimg {
margin: 5px 0 0 150px;
width: 450px;
}
-
+
.post {
margin: 0 0 40px;
text-align: justify;
}
#footer {
- padding: 0 0 0 1px;
+ padding: 0;
margin: 0 auto;
width: 760px;
clear: both;
thought?!) align the image to the right. And using 'class="centered',
will of course center the image. This is much better than using
align="center", being much more futureproof (and valid) */
-
+
img.centered {
display: block;
margin-left: auto;
margin-right: auto;
}
-
+
img.alignright {
padding: 4px;
margin: 0 0 2px 7px;
.alignright {
float: right;
}
-
+
.alignleft {
float: left
}
list-style-type: none;
list-style-image: none;
}
-
+
#sidebar ul, #sidebar ul ol {
margin: 0;
padding: 0;
}
#sidebar #searchform #s {
- width: 115px;
+ width: 108px;
padding: 2px;
}
return $wp_object_cache->set($key, $data, $flag, $expire);
}
-define('CACHE_SERIAL_HEADER', "<?php\n//");
-define('CACHE_SERIAL_FOOTER', "\n?".">");
+define('CACHE_SERIAL_HEADER', "<?php\n/*");
+define('CACHE_SERIAL_FOOTER', "*/\n?".">");
class WP_Object_Cache {
var $cache_dir;
var $cold_cache_hits = 0;
var $warm_cache_hits = 0;
var $cache_misses = 0;
+ var $secret = '';
function acquire_lock() {
// Acquire a write lock.
if ( ! $this->acquire_lock() )
return false;
-
+
$this->rm_cache_dir();
$this->cache = array ();
$this->dirty_objects = array ();
return false;
}
- $cache_file = $this->cache_dir.$this->get_group_dir($group)."/".md5($id.DB_PASSWORD).'.php';
+ $cache_file = $this->cache_dir.$this->get_group_dir($group)."/".$this->hash($id).'.php';
if (!file_exists($cache_file)) {
$this->non_existant_objects[$group][$id] = true;
$this->cache_misses += 1;
return false;
}
- $this->cache[$group][$id] = unserialize(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER)));
+ $this->cache[$group][$id] = unserialize(base64_decode(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER))));
if (false === $this->cache[$group][$id])
$this->cache[$group][$id] = '';
return "{$this->blog_id}/$group";
}
+ function hash($data) {
+ if ( function_exists('hash_hmac') ) {
+ return hash_hmac('md5', $data, $this->secret);
+ } else {
+ return md5($data . $this->secret);
+ }
+ }
+
function load_group_from_db($group) {
global $wpdb;
$ids = array_unique($ids);
foreach ($ids as $id) {
- $cache_file = $group_dir.md5($id.DB_PASSWORD).'.php';
+ $cache_file = $group_dir.$this->hash($id).'.php';
// Remove the cache file if the key is not set.
if (!isset ($this->cache[$group][$id])) {
}
$temp_file = tempnam($group_dir, 'tmp');
- $serial = CACHE_SERIAL_HEADER.serialize($this->cache[$group][$id]).CACHE_SERIAL_FOOTER;
+ $serial = CACHE_SERIAL_HEADER.base64_encode(serialize($this->cache[$group][$id])).CACHE_SERIAL_FOOTER;
$fd = @fopen($temp_file, 'w');
if ( false === $fd ) {
$errors++;
if (defined('DISABLE_CACHE'))
return;
+ if ( ! defined('ENABLE_CACHE') )
+ return;
+
// Disable the persistent cache if safe_mode is on.
if ( ini_get('safe_mode') && ! defined('ENABLE_CACHE') )
return;
if (defined('CACHE_EXPIRATION_TIME'))
$this->expiration_time = CACHE_EXPIRATION_TIME;
- $this->blog_id = md5($blog_id);
+ if ( defined('WP_SECRET') )
+ $this->secret = WP_SECRET;
+ else
+ $this->secret = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH;
+
+ $this->blog_id = $this->hash($blog_id);
}
}
?>
// Capability checking wrapper around the global $current_user object.
function current_user_can($capability) {
- global $current_user;
+ $current_user = wp_get_current_user();
$args = array_slice(func_get_args(), 1);
$args = array_merge(array($capability), $args);
var $error = ""; // error messages sent here
var $response_code = ""; // response code returned from server
var $headers = array(); // headers returned from server sent here
- var $maxlength = 500000; // max return data length (body)
+ var $maxlength = 8192; // max return data length (body)
var $read_timeout = 0; // timeout on read operations, in seconds
// supported only since PHP 4 Beta 4
// set to 0 to disallow timeouts
chr(176),
chr(39),
chr(128),
- "ä",
- "ö",
- "ü",
- "Ä",
- "Ö",
- "Ü",
- "ß",
+ "ä",
+ "ö",
+ "ü",
+ "Ä",
+ "Ö",
+ "Ü",
+ "ß",
);
$text = preg_replace($search,$replace,$document);
if (!is_readable($file_name)) continue;
$fp = fopen($file_name, "r");
- $file_content = fread($fp, filesize($file_name));
+ while (!feof($fp)) {
+ $file_content = fread($fp, filesize($file_name));
+ }
fclose($fp);
$base_name = basename($file_name);
if (isset($q['page'])) {
$q['page'] = trim($q['page'], '/');
$q['page'] = (int) $q['page'];
+ $q['page'] = abs($q['page']);
}
$add_hours = intval(get_settings('gmt_offset'));
$join = apply_filters('posts_join', $join);
// Paging
- if (empty($q['nopaging']) && ! $this->is_single) {
- $page = $q['paged'];
+ if (empty($q['nopaging']) && ! $this->is_single && ! $this->is_page) {
+ $page = abs(intval($q['paged']));
if (empty($page)) {
$page = 1;
}
if (($q['what_to_show'] == 'posts')) {
- $pgstrt = '';
- $pgstrt = (intval($page) -1) * $q['posts_per_page'] . ', ';
- $limits = 'LIMIT '.$pgstrt.$q['posts_per_page'];
+ $q['offset'] = abs(intval($q['offset']));
+ if ( empty($q['offset']) ) {
+ $pgstrt = '';
+ $pgstrt = (intval($page) -1) * $q['posts_per_page'] . ', ';
+ $limits = 'LIMIT '.$pgstrt.$q['posts_per_page'];
+ } else { // we're ignoring $page and using 'offset'
+ $pgstrt = $q['offset'] . ', ';
+ $limits = 'LIMIT ' . $pgstrt . $q['posts_per_page'];
+ }
} elseif ($q['what_to_show'] == 'days') {
$startrow = $q['posts_per_page'] * (intval($page)-1);
$start_date = $wpdb->get_var("SELECT max(post_date) FROM $wpdb->posts $join WHERE (1=1) $where GROUP BY year(post_date), month(post_date), dayofmonth(post_date) ORDER BY post_date DESC LIMIT $startrow,1");
if ( empty( $word ) )
continue;
$fulltext = strtolower($comment->email.' '.$comment->url.' '.$comment->ip.' '.$comment->text);
- if( strpos( $fulltext, strtolower($word) ) != FALSE ) {
+ if( false !== strpos( $fulltext, strtolower($word) ) ) {
$this->found_comments[] = $comment->ID;
break;
}
}
function send_headers() {
- global $current_user;
@header('X-Pingback: '. get_bloginfo('pingback_url'));
if ( is_user_logged_in() )
nocache_headers();
if ( !empty($this->query_vars['error']) && '404' == $this->query_vars['error'] ) {
status_header( 404 );
+ @header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
} else if ( empty($this->query_vars['feed']) ) {
@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
} else {
}
function init() {
- get_currentuserinfo();
+ wp_get_current_user();
}
function query_posts() {
function comments_template( $file = '/comments.php' ) {
global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;
- if ( is_single() || is_page() || $withcomments ) :
- $req = get_settings('require_name_email');
- $comment_author = '';
- if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
- $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
- $comment_author = stripslashes($comment_author);
- $comment_author = wp_specialchars($comment_author, true);
- }
- $comment_author_email = '';
- if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
- $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
- $comment_author_email = stripslashes($comment_author_email);
- $comment_author_email = wp_specialchars($comment_author_email, true);
- }
- $comment_author_url = '';
- if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
- $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
- $comment_author_url = stripslashes($comment_author_url);
- $comment_author_url = wp_specialchars($comment_author_url, true);
- }
+ if ( ! (is_single() || is_page() || $withcomments) )
+ return;
+
+ $req = get_settings('require_name_email');
+ $commenter = wp_get_current_commenter();
+ extract($commenter);
+ // TODO: Use API instead of SELECTs.
if ( empty($comment_author) ) {
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
} else {
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date");
}
- get_currentuserinfo();
-
define('COMMENTS_TEMPLATE', true);
$include = apply_filters('comments_template', TEMPLATEPATH . $file );
if ( file_exists( $include ) )
require( $include );
else
require( ABSPATH . 'wp-content/themes/default/comments.php');
-
- endif;
}
function wp_new_comment( $commentdata ) {
// Merge old and new fields with new fields overwriting old ones.
$commentarr = array_merge($comment, $commentarr);
+ $commentarr = wp_filter_comment( $commentarr );
+
// Now extract the merged array.
extract($commentarr);
return false;
$post_id = $comment->comment_post_ID;
- if ( $post_id && $comment->comment_approved == 1 )
- $wpdb->query( "UPDATE $wpdb->posts SET comment_count = comment_count - 1 WHERE ID = '$post_id'" );
+ if ( $post_id && $comment->comment_approved == 1 ) {
+ $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1'");
+ $wpdb->query( "UPDATE $wpdb->posts SET comment_count = $count WHERE ID = '$post_id'" );
+ }
do_action('wp_set_comment_status', $comment_id, 'delete');
return true;
if (!empty($CSSclass)) {
echo ' class="'.$CSSclass.'"';
}
- echo ' title="' . sprintf( __('Comment on %s'), $post->post_title ) .'">';
+ $title = wp_specialchars(apply_filters('the_title', get_the_title()), true);
+ echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">';
comments_number($zero, $one, $more, $number);
echo '</a>';
}
function get_approved_comments($post_id) {
global $wpdb;
+
+ $post_id = (int) $post_id;
return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date");
}
+function sanitize_comment_cookies() {
+ if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
+ $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
+ $comment_author = stripslashes($comment_author);
+ $comment_author = wp_specialchars($comment_author, true);
+ $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
+ }
+
+ if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
+ $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
+ $comment_author_email = stripslashes($comment_author_email);
+ $comment_author_email = wp_specialchars($comment_author_email, true);
+ $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
+ }
+
+ if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
+ $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
+ $comment_author_url = stripslashes($comment_author_url);
+ $comment_author_url = wp_specialchars($comment_author_url, true);
+ $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
+ }
+}
+
+function wp_get_current_commenter() {
+ // Cookies should already be sanitized.
+
+ $comment_author = '';
+ if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) )
+ $comment_author = $_COOKIE['comment_author_'.COOKIEHASH];
+
+ $comment_author_email = '';
+ if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) )
+ $comment_author_email = $_COOKIE['comment_author_email_'.COOKIEHASH];
+
+ $comment_author_url = '';
+ if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) )
+ $comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH];
+
+ return compact('comment_author', 'comment_author_email', 'comment_author_url');
+}
+
?>
add_filter('comment_text', 'convert_chars');
add_filter('comment_text', 'make_clickable');
+add_filter('comment_text', 'force_balance_tags', 25);
add_filter('comment_text', 'wpautop', 30);
add_filter('comment_text', 'convert_smilies', 20);
add_filter('comment_excerpt', 'convert_chars');
+// Categories
+add_filter('pre_category_name', 'strip_tags');
+add_filter('pre_category_name', 'trim');
+add_filter('pre_category_name', 'wp_filter_kses');
+add_filter('pre_category_name', 'wp_specialchars', 30);
+add_filter('pre_category_description', 'wp_filter_kses');
+
+// Users
+add_filter('pre_user_display_name', 'strip_tags');
+add_filter('pre_user_display_name', 'trim');
+add_filter('pre_user_display_name', 'wp_filter_kses');
+add_filter('pre_user_display_name', 'wp_specialchars', 30);
+add_filter('pre_user_first_name', 'strip_tags');
+add_filter('pre_user_first_name', 'trim');
+add_filter('pre_user_first_name', 'wp_filter_kses');
+add_filter('pre_user_first_name', 'wp_specialchars', 30);
+add_filter('pre_user_last_name', 'strip_tags');
+add_filter('pre_user_last_name', 'trim');
+add_filter('pre_user_last_name', 'wp_filter_kses');
+add_filter('pre_user_last_name', 'wp_specialchars', 30);
+add_filter('pre_user_nickname', 'strip_tags');
+add_filter('pre_user_nickname', 'trim');
+add_filter('pre_user_nickname', 'wp_filter_kses');
+add_filter('pre_user_nickname', 'wp_specialchars', 30);
+add_filter('pre_user_description', 'trim');
+add_filter('pre_user_description', 'wp_filter_kses');
+add_filter('pre_user_url', 'strip_tags');
+add_filter('pre_user_url', 'trim');
+add_filter('pre_user_url', 'clean_url');
+add_filter('pre_user_email', 'trim');
+add_filter('pre_user_email', 'sanitize_email');
+
// Places to balance tags on input
add_filter('content_save_pre', 'balanceTags', 50);
add_filter('excerpt_save_pre', 'balanceTags', 50);
// RSS filters
add_filter('the_title_rss', 'strip_tags');
add_filter('the_title_rss', 'ent2ncr', 8);
+add_filter('the_title_rss', 'wp_specialchars');
add_filter('the_content_rss', 'ent2ncr', 8);
add_filter('the_excerpt_rss', 'convert_chars');
add_filter('the_excerpt_rss', 'ent2ncr', 8);
add_filter('comment_author_rss', 'ent2ncr', 8);
-add_filter('comment_text_rss', 'htmlspecialchars');
+add_filter('comment_text_rss', 'wp_specialchars');
add_filter('comment_text_rss', 'ent2ncr', 8);
add_filter('bloginfo_rss', 'ent2ncr', 8);
add_filter('the_author', 'ent2ncr', 8);
// Actions
add_action('publish_post', 'generic_ping');
add_action('wp_head', 'rsd_link');
+add_action('sanitize_comment_cookies', 'sanitize_comment_cookies');
-?>
\ No newline at end of file
+?>
* @link http://php.net/function.array_change_key_case
* @author Stephan Schmidt <schst@php.net>
* @author Aidan Lister <aidan@php.net>
- * @version $Revision: 3471 $
+ * @version $Revision: 3771 $
* @since PHP 4.2.0
* @require PHP 4.0.0 (user_error)
*/
}
}
+// From php.net
+if(!function_exists('http_build_query')) {
+ function http_build_query( $formdata, $numeric_prefix = null, $key = null ) {
+ $res = array();
+ foreach ((array)$formdata as $k=>$v) {
+ $tmp_key = urlencode(is_int($k) ? $numeric_prefix.$k : $k);
+ if ($key) $tmp_key = $key.'['.$tmp_key.']';
+ $res[] = ( ( is_array($v) || is_object($v) ) ? http_build_query($v, null, $tmp_key) : $tmp_key."=".urlencode($v) );
+ }
+ $separator = ini_get('arg_separator.output');
+ return implode($separator, $res);
+ }
+}
?>
} else {
$next = true;
}
- $curl = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&$1', $curl);
+ $curl = preg_replace('/&([^#])(?![a-zA-Z1-4]{1,8};)/', '&$1', $curl);
$output .= $curl;
}
return $output;
function wp_specialchars( $text, $quotes = 0 ) {
// Like htmlspecialchars except don't double-encode HTML entities
- $text = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&$1', $text);-
+ $text = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&$1', $text);
$text = str_replace('<', '<', $text);
$text = str_replace('>', '>', $text);
- if ( $quotes ) {
+ if ( 'double' === $quotes ) {
+ $text = str_replace('"', '"', $text);
+ } elseif ( 'single' === $quotes ) {
+ $text = str_replace("'", ''', $text);
+ } elseif ( $quotes ) {
$text = str_replace('"', '"', $text);
$text = str_replace("'", ''', $text);
}
}
function remove_accents($string) {
+ if ( !preg_match('/[\x80-\xff]/', $string) )
+ return $string;
+
if (seems_utf8($string)) {
$chars = array(
// Decompositions for Latin-1 Supplement
// If strict, reduce to ASCII for max portability.
if ( $strict )
- $username = preg_replace('|[^a-z0-9 _.-@]|i', '', $username);
+ $username = preg_replace('|[^a-z0-9 _.\-@]|i', '', $username);
return apply_filters('sanitize_user', $username, $raw_username, $strict);
}
return $newtext;
}
+function force_balance_tags($text) {
+ return balanceTags($text, 0, true);
+}
function format_to_edit($content, $richedit = false) {
$content = apply_filters('format_to_edit', $content);
function zeroise($number,$threshold) { // function to add leading zeros when necessary
return sprintf('%0'.$threshold.'s', $number);
- }
+}
function backslashit($string) {
+ $string = preg_replace('/^([0-9])/', '\\\\\\\\\1', $string);
$string = preg_replace('/([a-z])/i', '\\\\\1', $string);
return $string;
}
}
function make_clickable($ret) {
- $ret = ' ' . $ret . ' ';
- $ret = preg_replace("#([\s>])(https?)://([^\s<>{}()]+[^\s.,<>{}()])#i", "$1<a href='$2://$3' rel='nofollow'>$2://$3</a>", $ret);
- $ret = preg_replace("#(\s)www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^ <>{}()\n\r]*[^., <>{}()\n\r]?)?)#i", "$1<a href='http://www.$2.$3$4' rel='nofollow'>www.$2.$3$4</a>", $ret);
- $ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([a-z0-9\-_.]+)\.([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3.$4\">$2@$3.$4</a>", $ret);
+ $ret = ' ' . $ret;
+ $ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='$2' rel='nofollow'>$2</a>", $ret);
+ $ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='http://$2' rel='nofollow'>$2</a>", $ret);
+ $ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3\">$2@$3</a>", $ret);
+ $ret = substr($ret, 1);
$ret = trim($ret);
return $ret;
}
'♦' => '♦'
);
- foreach ($to_ncr as $entity => $ncr) {
- $text = str_replace($entity, $ncr, $text);
- }
- return $text;
+ return str_replace( array_keys($to_ncr), array_values($to_ncr), $text );
}
function wp_richedit_pre($text) {
return apply_filters('richedit_pre', $output);
}
+// Escape single quotes, specialchar double quotes, and fix line endings.
+function js_escape($text) {
+ $text = wp_specialchars($text, 'double');
+ $text = str_replace(''', "'", $text);
+ return preg_replace("/\r?\n/", "\\n", addslashes($text));
+}
?>
global $wpdb;
$postid = (int) $postid;
- if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
+ if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
return $post;
if ( 'attachment' != $post->post_status )
$meta = get_post_meta($postid, '_wp_attachment_metadata', true);
$file = get_post_meta($postid, '_wp_attached_file', true);
- $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
+ $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");
- $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
+ $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");
- $wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid");
+ $wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'");
- $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
+ $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");
if ( ! empty($meta['thumb']) ) {
// Don't delete the thumb if another attachment uses it
- if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid"))
+ if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'"))
@ unlink(str_replace(basename($file), $meta['thumb'], $file));
}
function wp_get_post_cats($blogid = '1', $post_ID = 0) {
global $wpdb;
+ $post_ID = (int) $post_ID;
+
$sql = "SELECT category_id
FROM $wpdb->post2cat
- WHERE post_id = $post_ID
+ WHERE post_id = '$post_ID'
ORDER BY category_id";
$result = $wpdb->get_col($sql);
function wp_proxy_check($ipnum) {
if ( get_option('open_proxy_check') && isset($ipnum) ) {
$rev_ip = implode( '.', array_reverse( explode( '.', $ipnum ) ) );
- $lookup = $rev_ip . '.opm.blitzed.org.';
+ $lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
if ( $lookup != gethostbyname( $lookup ) )
return true;
}
function wp_upload_bits($name, $type, $bits) {
if ( empty($name) )
- return array('error' => "Empty filename");
+ return array('error' => __("Empty filename"));
+
+ $wp_filetype = wp_check_filetype($name);
+ if ( !$wp_filetype['ext'] )
+ return array('error' => __("Invalid file type"));
$upload = wp_upload_dir();
return array('file' => $new_file, 'url' => $url, 'error' => false);
}
+function wp_check_filetype($filename, $mimes = null) {
+ // Accepted MIME types are set here as PCRE unless provided.
+ $mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array (
+ 'jpg|jpeg|jpe' => 'image/jpeg',
+ 'gif' => 'image/gif',
+ 'png' => 'image/png',
+ 'bmp' => 'image/bmp',
+ 'tif|tiff' => 'image/tiff',
+ 'ico' => 'image/x-icon',
+ 'asf|asx|wax|wmv|wmx' => 'video/asf',
+ 'avi' => 'video/avi',
+ 'mov|qt' => 'video/quicktime',
+ 'mpeg|mpg|mpe' => 'video/mpeg',
+ 'txt|c|cc|h' => 'text/plain',
+ 'rtx' => 'text/richtext',
+ 'css' => 'text/css',
+ 'htm|html' => 'text/html',
+ 'mp3|mp4' => 'audio/mpeg',
+ 'ra|ram' => 'audio/x-realaudio',
+ 'wav' => 'audio/wav',
+ 'ogg' => 'audio/ogg',
+ 'mid|midi' => 'audio/midi',
+ 'wma' => 'audio/wma',
+ 'rtf' => 'application/rtf',
+ 'js' => 'application/javascript',
+ 'pdf' => 'application/pdf',
+ 'doc' => 'application/msword',
+ 'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
+ 'wri' => 'application/vnd.ms-write',
+ 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
+ 'mdb' => 'application/vnd.ms-access',
+ 'mpp' => 'application/vnd.ms-project',
+ 'swf' => 'application/x-shockwave-flash',
+ 'class' => 'application/java',
+ 'tar' => 'application/x-tar',
+ 'zip' => 'application/zip',
+ 'gz|gzip' => 'application/x-gzip',
+ 'exe' => 'application/x-msdownload'
+ ));
+
+ $type = false;
+ $ext = false;
+
+ foreach ($mimes as $ext_preg => $mime_match) {
+ $ext_preg = '!\.(' . $ext_preg . ')$!i';
+ if ( preg_match($ext_preg, $filename, $ext_matches) ) {
+ $type = $mime_match;
+ $ext = $ext_matches[1];
+ break;
+ }
+ }
+
+ return compact('ext', 'type');
+}
+
?>
$dateweekday = $weekday[date('w', $i)];
$dateweekday_abbrev = $weekday_abbrev[$dateweekday];
$dateformatstring = ' '.$dateformatstring;
- $dateformatstring = preg_replace("/([^\\\])D/", "\${1}".backslashit($dateweekday_abbrev), $dateformatstring);
- $dateformatstring = preg_replace("/([^\\\])F/", "\${1}".backslashit($datemonth), $dateformatstring);
- $dateformatstring = preg_replace("/([^\\\])l/", "\${1}".backslashit($dateweekday), $dateformatstring);
- $dateformatstring = preg_replace("/([^\\\])M/", "\${1}".backslashit($datemonth_abbrev), $dateformatstring);
+ $dateformatstring = preg_replace("/([^\\\])D/", "\\1".backslashit($dateweekday_abbrev), $dateformatstring);
+ $dateformatstring = preg_replace("/([^\\\])F/", "\\1".backslashit($datemonth), $dateformatstring);
+ $dateformatstring = preg_replace("/([^\\\])l/", "\\1".backslashit($dateweekday), $dateformatstring);
+ $dateformatstring = preg_replace("/([^\\\])M/", "\\1".backslashit($datemonth_abbrev), $dateformatstring);
$dateformatstring = substr($dateformatstring, 1, strlen($dateformatstring)-1);
}
$j = @date($dateformatstring, $i);
}
function get_user_option( $option, $user = 0 ) {
- global $wpdb, $current_user;
+ global $wpdb;
if ( empty($user) )
- $user = $current_user;
+ $user = wp_get_current_user();
else
$user = get_userdata($user);
return true;
}
+ $_newvalue = $newvalue;
if ( is_array($newvalue) || is_object($newvalue) )
$newvalue = serialize($newvalue);
$option_name = $wpdb->escape($option_name);
$wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'");
if ( $wpdb->rows_affected == 1 ) {
- do_action("update_option_{$option_name}", $oldvalue, $newvalue);
+ do_action("update_option_{$option_name}", array('old'=>$oldvalue, 'new'=>$_newvalue));
return true;
}
return false;
}
}
+ $_category = apply_filters('get_category', $_category);
+
if ( !isset($_category->fullpath) ) {
$_category = set_category_path($_category);
wp_cache_replace($_category->cat_ID, $_category, 'category');
}
function spawn_pinger() {
- global $wpdb;
+ global $wpdb, $wp_version;
$doping = false;
if ( $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE TRIM(to_ping) != '' LIMIT 1") )
$doping = true;
$parts = parse_url($ping_url);
$argyle = @ fsockopen($parts['host'], $_SERVER['SERVER_PORT'], $errno, $errstr, 0.01);
if ( $argyle )
- fputs($argyle, "GET {$parts['path']}?time=".time()." HTTP/1.0\r\nHost: {$_SERVER['HTTP_HOST']}\r\n\r\n");
+ fputs($argyle, "GET {$parts['path']}?time=".time()." HTTP/1.0\r\nHost: {$_SERVER['HTTP_HOST']}\r\nUser-Agent: WordPress/{$wp_version}\r\n\r\n");
}
}
$headers["$key"] = $matches[2][$i];
}
- $code = preg_replace('/.*?(\d{3}).*/i', '$1', $response);
-
- $headers['status_code'] = $code;
-
- if ( '302' == $code || '301' == $code )
- return wp_get_http_headers( $url, ++$red );
-
preg_match('/.*([0-9]{3}).*/', $response, $return);
$headers['response'] = $return[1]; // HTTP response code eg 204, 200, 404
+
+ $code = $headers['response'];
+ if ( ('302' == $code || '301' == $code) && isset($headers['location']) )
+ return wp_get_http_headers( $headers['location'], ++$red );
+
return $headers;
}
return true;
}
+// Setup global user vars. Used by set_current_user() for back compat.
+function setup_userdata($user_id = '') {
+ global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity;
+
+ if ( '' == $user_id )
+ $user = wp_get_current_user();
+ else
+ $user = new WP_User($user_id);
+
+ if ( 0 == $user->ID )
+ return;
+
+ $userdata = $user->data;
+ $user_login = $user->user_login;
+ $user_level = $user->user_level;
+ $user_ID = $user->ID;
+ $user_email = $user->user_email;
+ $user_url = $user->user_url;
+ $user_pass_md5 = md5($user->user_pass);
+ $user_identity = $user->display_name;
+}
+
function is_new_day() {
global $day, $previousday;
if ( $day != $previousday ) {
// rebuild the list of filters
if ( isset($wp_filter[$tag]["$priority"]) ) {
+ $new_function_list = array();
foreach($wp_filter[$tag]["$priority"] as $filter) {
if ( $filter['function'] != $function_to_remove ) {
$new_function_list[] = $filter;
preg_match("|Author URI:(.*)|i", $theme_data, $author_uri);
preg_match("|Template:(.*)|i", $theme_data, $template);
if ( preg_match("|Version:(.*)|i", $theme_data, $version) )
- $version = $version[1];
+ $version = trim($version[1]);
else
$version ='';
if ( preg_match("|Status:(.*)|i", $theme_data, $status) )
- $status = $status[1];
+ $status = trim($status[1]);
else
- $status ='publish';
+ $status = 'publish';
- $description = wptexturize($description[1]);
+ $description = wptexturize(trim($description[1]));
$name = $theme_name[1];
$name = trim($name);
$theme = $name;
if ( '' == $author_uri[1] ) {
- $author = $author_name[1];
+ $author = trim($author_name[1]);
} else {
- $author = '<a href="' . $author_uri[1] . '" title="' . __('Visit author homepage') . '">' . $author_name[1] . '</a>';
+ $author = '<a href="' . trim($author_uri[1]) . '" title="' . __('Visit author homepage') . '">' . trim($author_name[1]) . '</a>';
}
return array('Name' => $name, 'Title' => $theme, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1], 'Status' => $status);
$uri = @func_get_arg(2);
}
+ if ( preg_match('|^https?://|i', $uri, $matches) ) {
+ $protocol = $matches[0];
+ $uri = substr($uri, strlen($protocol));
+ } else {
+ $protocol = '';
+ }
+
if ( strstr($uri, '?') ) {
$parts = explode('?', $uri, 2);
if ( 1 == count($parts) ) {
$base = $parts[0] . '?';
$query = $parts[1];
}
- }
- else if ( strstr($uri, '/') ) {
+ } else if ( !empty($protocol) || strstr($uri, '/') ) {
$base = $uri . '?';
$query = '';
} else {
$ret .= "$k=$v";
}
}
- $ret = $base . $ret;
+ $ret = $protocol . $base . $ret;
return trim($ret, '?');
}
return $wpdb->num_queries;
}
+function wp_nonce_url($actionurl, $action = -1) {
+ return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl));
+}
+
+function wp_nonce_field($action = -1) {
+ echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
+ wp_referer_field();
+}
+
+function wp_referer_field() {
+ $ref = wp_specialchars($_SERVER['REQUEST_URI']);
+ echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
+ if ( wp_get_original_referer() ) {
+ $original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+ echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
+ }
+}
+
+function wp_original_referer_field() {
+ echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+}
+
+function wp_get_referer() {
+ foreach ( array($_REQUEST['_wp_http_referer'], $_SERVER['HTTP_REFERER']) as $ref )
+ if ( !empty($ref) )
+ return $ref;
+ return false;
+}
+
+function wp_get_original_referer() {
+ if ( !empty($_REQUEST['_wp_original_http_referer']) )
+ return $_REQUEST['_wp_original_http_referer'];
+ return false;
+}
+
+function wp_explain_nonce($action) {
+ if ( $action !== -1 && preg_match('/([a-z]+)-([a-z]+)(_(.+))?/', $action, $matches) ) {
+ $verb = $matches[1];
+ $noun = $matches[2];
+
+ $trans = array();
+ $trans['update']['attachment'] = array(__('Are you sure you want to edit this attachment: "%s"?'), 'get_the_title');
+
+ $trans['add']['category'] = array(__('Are you sure you want to add this category?'), false);
+ $trans['delete']['category'] = array(__('Are you sure you want to delete this category: "%s"?'), 'get_catname');
+ $trans['update']['category'] = array(__('Are you sure you want to edit this category: "%s"?'), 'get_catname');
+
+ $trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: "%s"?'), 'use_id');
+ $trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: "%s"?'), 'use_id');
+ $trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: "%s"?'), 'use_id');
+ $trans['update']['comment'] = array(__('Are you sure you want to edit this comment: "%s"?'), 'use_id');
+ $trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false);
+ $trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false);
+
+ $trans['add']['bookmark'] = array(__('Are you sure you want to add this bookmark?'), false);
+ $trans['delete']['bookmark'] = array(__('Are you sure you want to delete this bookmark: "%s"?'), 'use_id');
+ $trans['update']['bookmark'] = array(__('Are you sure you want to edit this bookmark: "%s"?'), 'use_id');
+ $trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify bookmarks?'), false);
+
+ $trans['add']['page'] = array(__('Are you sure you want to add this page?'), false);
+ $trans['delete']['page'] = array(__('Are you sure you want to delete this page: "%s"?'), 'get_the_title');
+ $trans['update']['page'] = array(__('Are you sure you want to edit this page: "%s"?'), 'get_the_title');
+
+ $trans['edit']['plugin'] = array(__('Are you sure you want to edit this plugin file: "%s"?'), 'use_id');
+ $trans['activate']['plugin'] = array(__('Are you sure you want to activate this plugin: "%s"?'), 'use_id');
+ $trans['deactivate']['plugin'] = array(__('Are you sure you want to deactivate this plugin: "%s"?'), 'use_id');
+
+ $trans['add']['post'] = array(__('Are you sure you want to add this post?'), false);
+ $trans['delete']['post'] = array(__('Are you sure you want to delete this post: "%s"?'), 'get_the_title');
+ $trans['update']['post'] = array(__('Are you sure you want to edit this post: "%s"?'), 'get_the_title');
+
+ $trans['add']['user'] = array(__('Are you sure you want to add this user?'), false);
+ $trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false);
+ $trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false);
+ $trans['update']['user'] = array(__('Are you sure you want to edit this user: "%s"?'), 'get_author_name');
+ $trans['update']['profile'] = array(__('Are you sure you want to modify the profile for: "%s"?'), 'get_author_name');
+
+ $trans['update']['options'] = array(__('Are you sure you want to edit your settings?'), false);
+ $trans['update']['permalink'] = array(__('Are you sure you want to change your permalink structure to: %s?'), 'use_id');
+ $trans['edit']['file'] = array(__('Are you sure you want to edit this file: "%s"?'), 'use_id');
+ $trans['edit']['theme'] = array(__('Are you sure you want to edit this theme file: "%s"?'), 'use_id');
+ $trans['switch']['theme'] = array(__('Are you sure you want to switch to this theme: "%s"?'), 'use_id');
+
+ if ( isset($trans[$verb][$noun]) ) {
+ if ( !empty($trans[$verb][$noun][1]) ) {
+ $lookup = $trans[$verb][$noun][1];
+ $object = $matches[4];
+ if ( 'use_id' != $lookup )
+ $object = call_user_func($lookup, $object);
+ return sprintf($trans[$verb][$noun][0], $object);
+ } else {
+ return $trans[$verb][$noun][0];
+ }
+ }
+ }
+
+ return __('Are you sure you want to do this');
+}
+
+function wp_nonce_ays($action) {
+ global $pagenow, $menu, $submenu, $parent_file, $submenu_file;
+
+ $adminurl = get_settings('siteurl') . '/wp-admin';
+ if ( wp_get_referer() )
+ $adminurl = wp_get_referer();
+
+ $title = __('WordPress Confirmation');
+ // Remove extra layer of slashes.
+ $_POST = stripslashes_deep($_POST );
+ if ( $_POST ) {
+ $q = http_build_query($_POST);
+ $q = explode( ini_get('arg_separator.output'), $q);
+ $html .= "\t<form method='post' action='$pagenow'>\n";
+ foreach ( (array) $q as $a ) {
+ $v = substr(strstr($a, '='), 1);
+ $k = substr($a, 0, -(strlen($v)+1));
+ $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
+ }
+ $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
+ $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
+ } else {
+ $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
+ }
+ $html .= "</body>\n</html>";
+ wp_die($html, $title);
+}
+
+function wp_die($message, $title = '') {
+ header('Content-Type: text/html; charset=utf-8');
+
+ if ( empty($title) )
+ $title = __('WordPress › Error');
?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <title><?php echo $title ?></title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <style media="screen" type="text/css">
+ <!--
+ html {
+ background: #eee;
+ }
+ body {
+ background: #fff;
+ color: #000;
+ font-family: Georgia, "Times New Roman", Times, serif;
+ margin-left: 25%;
+ margin-right: 25%;
+ padding: .2em 2em;
+ }
+
+ h1 {
+ color: #006;
+ font-size: 18px;
+ font-weight: lighter;
+ }
+
+ h2 {
+ font-size: 16px;
+ }
+
+ p, li, dt {
+ line-height: 140%;
+ padding-bottom: 2px;
+ }
+
+ ul, ol {
+ padding: 5px 5px 5px 20px;
+ }
+ #logo {
+ margin-bottom: 2em;
+ }
+ -->
+ </style>
+</head>
+<body>
+ <h1 id="logo"><img alt="WordPress" src="<?php echo get_settings('siteurl'); ?>/wp-admin/images/wordpress-logo.png" /></h1>
+ <p><?php echo $message; ?></p>
+</body>
+</html>
+<?php
+
+ die();
+}
+
+?>
\ No newline at end of file
* @return Integer from the Stream
*/
function readint() {
- $stream = $this->STREAM->read(4);
if ($this->BYTEORDER == 0) {
// low endian
- $unpacked = unpack('V',$stream);
- return array_shift($unpacked);
+ return array_shift(unpack('V', $this->STREAM->read(4)));
} else {
// big endian
- $unpacked = unpack('N',$stream);
- return array_shift($unpacked);
+ return array_shift(unpack('N', $this->STREAM->read(4)));
}
}
*/
function gettext_reader($Reader, $enable_cache = true) {
// If there isn't a StreamReader, turn on short circuit mode.
- if (! $Reader) {
+ if (! $Reader || isset($Reader->error) ) {
$this->short_circuit = true;
return;
}
// Caching can be turned off
$this->enable_cache = $enable_cache;
- // $MAGIC1 = (int)0x950412de; //bug in PHP 5
+ // $MAGIC1 = (int)0x950412de; //bug in PHP 5.0.2, see https://savannah.nongnu.org/bugs/?func=detailitem&item_id=10565
$MAGIC1 = (int) - 1794895138;
// $MAGIC2 = (int)0xde120495; //bug
$MAGIC2 = (int) - 569244523;
$this->STREAM = $Reader;
$magic = $this->readint();
- if ($magic == $MAGIC1) {
+ if ($magic == ($MAGIC1 & 0xFFFFFFFF)) { // to make sure it works for 64-bit platforms
$this->BYTEORDER = 0;
- } elseif ($magic == $MAGIC2) {
+ } elseif ($magic == ($MAGIC2 & 0xFFFFFFFF)) {
$this->BYTEORDER = 1;
} else {
$this->error = 1; // not MO file
} else {
$header = $this->get_translation_string(0);
}
- if (eregi("plural-forms: (.*)\n", $header, $regs))
+ if (eregi("plural-forms: ([^\n]*)\n", $header, $regs))
$expr = $regs[1];
else
$expr = "nplurals=2; plural=n == 1 ? 0 : 1;";
$plural = 0;
eval("$string");
- if ($plural >= $total) $plural = 0;
+ if ($plural >= $total) $plural = $total - 1;
return $plural;
}
<?php
// Added wp_ prefix to avoid conflicts with existing kses users
-# kses 0.2.1 - HTML/XHTML filter that only allows some elements and attributes
-# Copyright (C) 2002, 2003 Ulf Harnhammar
+# kses 0.2.2 - HTML/XHTML filter that only allows some elements and attributes
+# Copyright (C) 2002, 2003, 2005 Ulf Harnhammar
# *** CONTACT INFORMATION ***
#
# E-mail: metaur at users dot sourceforge dot net
$elem = $matches[2];
$attrlist = $matches[3];
- if (!@ is_array($allowed_html[strtolower($elem)]))
+ if (!@isset($allowed_html[strtolower($elem)]))
return '';
# They are using a not allowed HTML element
###############################################################################
{
$string = wp_kses_no_null($string);
+ $string = preg_replace('/\xad+/', '', $string); # deals with Opera "feature"
$string2 = $string.'a';
while ($string != $string2) {
function wp_kses_no_null($string)
###############################################################################
-# This function removes any NULL or chr(173) characters in $string.
+# This function removes any NULL characters in $string.
###############################################################################
{
$string = preg_replace('/\0+/', '', $string);
$string2 = wp_kses_decode_entities($string);
$string2 = preg_replace('/\s/', '', $string2);
$string2 = wp_kses_no_null($string2);
+ $string2 = preg_replace('/\xad+/', '', $string2);
+ # deals with Opera "feature"
$string2 = strtolower($string2);
$allowed = false;
}
function kses_init() {
- global $current_user;
-
remove_filter('pre_comment_author', 'wp_filter_kses');
remove_filter('pre_comment_content', 'wp_filter_kses');
remove_filter('content_save_pre', 'wp_filter_post_kses');
remove_filter('title_save_pre', 'wp_filter_kses');
- if (! defined('XMLRPC_REQUEST') )
- get_currentuserinfo();
-
if (current_user_can('unfiltered_html') == false)
kses_init_filters();
}
** uses 0
*/
function get_linkcatname($id = 0) {
+ $id = (int) $id;
global $wpdb;
$cat_name = '';
- if ('' != $id) {
+ if ( !empty($id) ) {
$cat_name = $wpdb->get_var("SELECT cat_name FROM $wpdb->linkcategories WHERE cat_id=$id");
}
return $cat_name;
}
}
-?>
\ No newline at end of file
+?>
if ( !function_exists('set_current_user') ) :
function set_current_user($id, $name = '') {
- global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
+ return wp_set_current_user($id, $name);
+}
+endif;
- $current_user = '';
+if ( !function_exists('wp_set_current_user') ) :
+function wp_set_current_user($id, $name = '') {
+ global $current_user;
- $current_user = new WP_User($id, $name);
+ if ( isset($current_user) && ($id == $current_user->ID) )
+ return $current_user;
- $userdata = get_userdatabylogin($user_login);
+ $current_user = new WP_User($id, $name);
- $user_login = $userdata->user_login;
- $user_level = $userdata->user_level;
- $user_ID = $userdata->ID;
- $user_email = $userdata->user_email;
- $user_url = $userdata->user_url;
- $user_pass_md5 = md5($userdata->user_pass);
- $user_identity = $userdata->display_name;
+ setup_userdata($current_user->ID);
do_action('set_current_user');
}
endif;
+if ( !function_exists('wp_get_current_user') ) :
+function wp_get_current_user() {
+ global $current_user;
+
+ get_currentuserinfo();
+
+ return $current_user;
+}
+endif;
if ( !function_exists('get_currentuserinfo') ) :
function get_currentuserinfo() {
- global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
+ global $current_user;
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
return false;
+ if ( ! empty($current_user) )
+ return;
+
if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ||
!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
- $current_user = new WP_User(0);
+ wp_set_current_user(0);
return false;
}
- $user_login = $_COOKIE[USER_COOKIE];
- $userdata = get_userdatabylogin($user_login);
- $user_level = $userdata->user_level;
- $user_ID = $userdata->ID;
- $user_email = $userdata->user_email;
- $user_url = $userdata->user_url;
- $user_pass_md5 = md5($userdata->user_pass);
- $user_identity = $userdata->display_name;
-
- if ( empty($current_user) )
- $current_user = new WP_User($user_ID);
+
+ $user_login = $_COOKIE[USER_COOKIE];
+ wp_set_current_user(0, $user_login);
}
endif;
if ( !function_exists('is_user_logged_in') ) :
function is_user_logged_in() {
- global $current_user;
+ $user = wp_get_current_user();
- if ( $current_user->id == 0 )
+ if ( $user->id == 0 )
return false;
+
return true;
}
endif;
(empty($_COOKIE[USER_COOKIE])) ) {
nocache_headers();
- header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
+ wp_redirect(get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
exit();
}
}
endif;
if ( !function_exists('check_admin_referer') ) :
-function check_admin_referer() {
+function check_admin_referer($action = -1) {
$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
- $referer = strtolower($_SERVER['HTTP_REFERER']);
- if (!strstr($referer, $adminurl))
- die(__('Sorry, you need to <a href="http://codex.wordpress.org/Enable_Sending_Referrers">enable sending referrers</a> for this feature to work.'));
- do_action('check_admin_referer');
+ $referer = strtolower(wp_get_referer());
+ if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
+ !(-1 == $action && strstr($referer, $adminurl)) ) {
+ wp_nonce_ays($action);
+ die();
+ }
+ do_action('check_admin_referer', $action);
+}
+endif;
+
+if ( !function_exists('check_ajax_referer') ) :
+function check_ajax_referer() {
+ $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
+ foreach ( $cookie as $tasty ) {
+ if ( false !== strpos($tasty, USER_COOKIE) )
+ $user = urldecode(substr(strstr($tasty, '='), 1)); // Nasty double encoding
+ if ( false !== strpos($tasty, PASS_COOKIE) )
+ $pass = urldecode(substr(strstr($tasty, '='), 1));
+ }
+ if ( wp_login( $user, $pass, true ) )
+ return true;
+ return false;
}
endif;
function wp_redirect($location) {
global $is_IIS;
- $location = str_replace( array("\n", "\r"), '', $location);
+ $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
+
+ $strip = array('%0d', '%0a');
+ $location = str_replace($strip, '', $location);
if ($is_IIS)
header("Refresh: 0;url=$location");
}
endif;
+if ( !function_exists('wp_get_cookie_login') ):
+function wp_get_cookie_login() {
+ if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) )
+ return false;
+
+ return array('login' => $_COOKIE[USER_COOKIE], 'password' => $_COOKIE[PASS_COOKIE]);
+}
+
+endif;
+
if ( !function_exists('wp_setcookie') ) :
function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
if ( !$already_md5 )
}
endif;
+if ( !function_exists('wp_verify_nonce') ) :
+function wp_verify_nonce($nonce, $action = -1) {
+ $user = wp_get_current_user();
+ $uid = $user->id;
+
+ $i = ceil(time() / 43200);
+
+ //Allow for expanding range, but only do one check if we can
+ if( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
+ return true;
+ return false;
+}
+endif;
+
+if ( !function_exists('wp_create_nonce') ) :
+function wp_create_nonce($action = -1) {
+ $user = wp_get_current_user();
+ $uid = $user->id;
+
+ $i = ceil(time() / 43200);
+
+ return substr(wp_hash($i . $action . $uid), -12, 10);
+}
+endif;
+
+if ( !function_exists('wp_salt') ) :
+function wp_salt() {
+ $salt = get_option('secret');
+ if ( empty($salt) )
+ $salt = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH;
+
+ return $salt;
+}
+endif;
+
+if ( !function_exists('wp_hash') ) :
+function wp_hash($data) {
+ $salt = wp_salt();
+
+ if ( function_exists('hash_hmac') ) {
+ return hash_hmac('md5', $data, $salt);
+ } else {
+ return md5($data . $salt);
+ }
+}
+endif;
+
?>
// Are we updating or creating?
if ( !empty($ID) ) {
+ $ID = (int) $ID;
$update = true;
} else {
$update = false;
}
$user_login = sanitize_user($user_login, true);
+ $user_login = apply_filters('pre_user_login', $user_login);
if ( empty($user_nicename) )
$user_nicename = sanitize_title( $user_login );
+ $user_nicename = apply_filters('pre_user_nicename', $user_nicename);
+
+ if ( empty($user_url) )
+ $user_url = '';
+ $user_url = apply_filters('pre_user_url', $user_url);
+
+ if ( empty($user_email) )
+ $user_email = '';
+ $user_email = apply_filters('pre_user_email', $user_email);
if ( empty($display_name) )
$display_name = $user_login;
-
+ $display_name = apply_filters('pre_user_display_name', $display_name);
+
if ( empty($nickname) )
$nickname = $user_login;
-
+ $nickname = apply_filters('pre_user_nickname', $nickname);
+
+ if ( empty($first_name) )
+ $first_name = '';
+ $first_name = apply_filters('pre_user_first_name', $first_name);
+
+ if ( empty($last_name) )
+ $last_name = '';
+ $last_name = apply_filters('pre_user_last_name', $last_name);
+
+ if ( empty($description) )
+ $description = '';
+ $description = apply_filters('pre_user_description', $description);
+
if ( empty($user_registered) )
$user_registered = gmdate('Y-m-d H:i:s');
}
function wp_update_user($userdata) {
- global $wpdb, $current_user;
+ global $wpdb;
$ID = (int) $userdata['ID'];
$user_id = wp_insert_user($userdata);
// Update the cookies if the password changed.
+ $current_user = wp_get_current_user();
if( $current_user->id == $ID ) {
if ( isset($plaintext_pass) ) {
wp_clearcookie();
function read($bytes) {
if ($bytes) {
fseek($this->_fd, $this->_pos);
- $data = fread($this->_fd, $bytes);
+
+ // PHP 5.1.1 does not read more than 8192 bytes in one fread()
+ // the discussions at PHP Bugs suggest it's the intended behaviour
+ while ($bytes > 0) {
+ $chunk = fread($this->_fd, $bytes);
+ $data .= $chunk;
+ $bytes -= strlen($chunk);
+ }
$this->_pos = ftell($this->_fd);
return $data;
echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars(the_author($idmode, false))) . '">' . the_author($idmode, false) . '</a>';
}
-function get_author_link($echo = false, $author_id, $author_nicename) {
+function get_author_link($echo = false, $author_id, $author_nicename = '') {
global $wpdb, $wp_rewrite, $post, $cache_userdata;
$auth_ID = $author_id;
$link = $wp_rewrite->get_author_permastruct();
$file = get_settings('home') . '/';
$link = $file . '?author=' . $auth_ID;
} else {
- if ( '' == $author_nicename )
- $author_nicename = $cache_userdata[$author_id]->user_nicename;
+ if ( '' == $author_nicename ) {
+ $user = get_userdata($author_id);
+ if ( !empty($user->user_nicename) )
+ $author_nicename = $user->user_nicename;
+ }
$link = str_replace('%author%', $author_nicename, $link);
$link = get_settings('home') . trailingslashit($link);
}
function wp_loginout() {
- global $user_ID;
- get_currentuserinfo();
-
- if ('' == $user_ID)
+ if ( ! is_user_logged_in() )
$link = '<a href="' . get_settings('siteurl') . '/wp-login.php">' . __('Login') . '</a>';
else
$link = '<a href="' . get_settings('siteurl') . '/wp-login.php?action=logout">' . __('Logout') . '</a>';
function wp_register( $before = '<li>', $after = '</li>' ) {
- global $user_ID;
-
- get_currentuserinfo();
- if ( '' == $user_ID && get_settings('users_can_register') )
- $link = $before . '<a href="' . get_settings('siteurl') . '/wp-register.php">' . __('Register') . '</a>' . $after;
- elseif ( '' == $user_ID && !get_settings('users_can_register') )
- $link = '';
- else
+ if ( ! is_user_logged_in() ) {
+ if ( get_settings('users_can_register') )
+ $link = $before . '<a href="' . get_settings('siteurl') . '/wp-register.php">' . __('Register') . '</a>' . $after;
+ else
+ $link = '';
+ } else {
$link = $before . '<a href="' . get_settings('siteurl') . '/wp-admin/">' . __('Site Admin') . '</a>' . $after;
+ }
echo apply_filters('register', $link);
}
function bloginfo($show='') {
$info = get_bloginfo($show);
- if ( ! (strstr($info, 'url') || strstr($info, 'directory')) ) {
+ if (!strstr($show, 'url') && //don't filter URLs
+ !strstr($show, 'directory') &&
+ !strstr($show, 'home')) {
$info = apply_filters('bloginfo', $info, $show);
$info = convert_chars($info);
}
function get_calendar($daylength = 1) {
global $wpdb, $m, $monthnum, $year, $timedifference, $month, $month_abbrev, $weekday, $weekday_initial, $weekday_abbrev, $posts;
- // Quick check. If we have no posts at all, abort!
+ $now = current_time('mysql');
+
+ // Quick check. If we have no posts yet published, abort!
if ( !$posts ) {
- $gotsome = $wpdb->get_var("SELECT ID from $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date DESC LIMIT 1");
+ $gotsome = $wpdb->get_var("SELECT ID from $wpdb->posts WHERE post_status = 'publish' AND post_date < '$now' ORDER BY post_date DESC LIMIT 1");
if ( !$gotsome )
return;
}
$next = $wpdb->get_row("SELECT DISTINCT MONTH(post_date) AS month, YEAR(post_date) AS year
FROM $wpdb->posts
WHERE post_date > '$thisyear-$thismonth-01'
+ AND post_date < '$now'
AND MONTH( post_date ) != MONTH( '$thisyear-$thismonth-01' )
AND post_status = 'publish'
ORDER BY post_date ASC
// Get days with posts
$dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date)
- FROM $wpdb->posts WHERE MONTH(post_date) = $thismonth
- AND YEAR(post_date) = $thisyear
+ FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth'
+ AND YEAR(post_date) = '$thisyear'
AND post_status = 'publish'
AND post_date < '" . current_time('mysql') . '\'', ARRAY_N);
if ( $dayswithposts ) {
$authordata = get_userdata($post->post_author);
$author = $authordata->user_nicename;
+ $date = explode(" ",date('Y m d H i s', $unixtime));
$rewritereplace =
array(
- date('Y', $unixtime),
- date('m', $unixtime),
- date('d', $unixtime),
- date('H', $unixtime),
- date('i', $unixtime),
- date('s', $unixtime),
+ $date[0],
+ $date[1],
+ $date[2],
+ $date[3],
+ $date[4],
+ $date[5],
$post->post_name,
$post->ID,
$category,
<?php
// On which page are we ?
-if (preg_match('#([^/]+.php)#', $PHP_SELF, $self_matches)) {
+if (preg_match('#([^/]+\.php)$#', $PHP_SELF, $self_matches)) {
$pagenow = $self_matches[1];
} else if (strstr($PHP_SELF, '?')) {
$pagenow = explode('/', $PHP_SELF);
// Simple browser detection
$is_lynx = 0; $is_gecko = 0; $is_winIE = 0; $is_macIE = 0; $is_opera = 0; $is_NS4 = 0;
-if (!isset($HTTP_USER_AGENT)) {
- $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
-}
-if (preg_match('/Lynx/', $HTTP_USER_AGENT)) {
+
+if (preg_match('/Lynx/', $_SERVER['HTTP_USER_AGENT'])) {
$is_lynx = 1;
-} elseif (preg_match('/Gecko/', $HTTP_USER_AGENT)) {
+} elseif (preg_match('/Gecko/', $_SERVER['HTTP_USER_AGENT'])) {
$is_gecko = 1;
-} elseif ((preg_match('/MSIE/', $HTTP_USER_AGENT)) && (preg_match('/Win/', $HTTP_USER_AGENT))) {
+} elseif ((preg_match('/MSIE/', $_SERVER['HTTP_USER_AGENT'])) && (preg_match('/Win/', $_SERVER['HTTP_USER_AGENT']))) {
$is_winIE = 1;
-} elseif ((preg_match('/MSIE/', $HTTP_USER_AGENT)) && (preg_match('/Mac/', $HTTP_USER_AGENT))) {
+} elseif ((preg_match('/MSIE/', $_SERVER['HTTP_USER_AGENT'])) && (preg_match('/Mac/', $_SERVER['HTTP_USER_AGENT']))) {
$is_macIE = 1;
-} elseif (preg_match('/Opera/', $HTTP_USER_AGENT)) {
+} elseif (preg_match('/Opera/', $_SERVER['HTTP_USER_AGENT'])) {
$is_opera = 1;
-} elseif ((preg_match('/Nav/', $HTTP_USER_AGENT) ) || (preg_match('/Mozilla\/4\./', $HTTP_USER_AGENT))) {
+} elseif ((preg_match('/Nav/', $_SERVER['HTTP_USER_AGENT']) ) || (preg_match('/Mozilla\/4\./', $_SERVER['HTTP_USER_AGENT']))) {
$is_NS4 = 1;
}
$is_IE = (($is_macIE) || ($is_winIE));
// if the config file does not provide the smilies array, let's define it here
if (!isset($wpsmiliestrans)) {
$wpsmiliestrans = array(
- ' :)' => 'icon_smile.gif',
- ' :D' => 'icon_biggrin.gif',
- ' :-D' => 'icon_biggrin.gif',
- ':grin:' => 'icon_biggrin.gif',
- ' :)' => 'icon_smile.gif',
- ' :-)' => 'icon_smile.gif',
- ':smile:' => 'icon_smile.gif',
- ' :(' => 'icon_sad.gif',
- ' :-(' => 'icon_sad.gif',
- ':sad:' => 'icon_sad.gif',
- ' :o' => 'icon_surprised.gif',
- ' :-o' => 'icon_surprised.gif',
- ':eek:' => 'icon_surprised.gif',
- ' 8O' => 'icon_eek.gif',
- ' 8-O' => 'icon_eek.gif',
- ':shock:' => 'icon_eek.gif',
- ' :?' => 'icon_confused.gif',
- ' :-?' => 'icon_confused.gif',
- ' :???:' => 'icon_confused.gif',
- ' 8)' => 'icon_cool.gif',
- ' 8-)' => 'icon_cool.gif',
- ':cool:' => 'icon_cool.gif',
- ':lol:' => 'icon_lol.gif',
- ' :x' => 'icon_mad.gif',
- ' :-x' => 'icon_mad.gif',
- ':mad:' => 'icon_mad.gif',
- ' :P' => 'icon_razz.gif',
- ' :-P' => 'icon_razz.gif',
- ':razz:' => 'icon_razz.gif',
- ':oops:' => 'icon_redface.gif',
- ':cry:' => 'icon_cry.gif',
- ':evil:' => 'icon_evil.gif',
- ':twisted:' => 'icon_twisted.gif',
- ':roll:' => 'icon_rolleyes.gif',
- ':wink:' => 'icon_wink.gif',
- ' ;)' => 'icon_wink.gif',
- ' ;-)' => 'icon_wink.gif',
- ':!:' => 'icon_exclaim.gif',
- ':?:' => 'icon_question.gif',
- ':idea:' => 'icon_idea.gif',
- ':arrow:' => 'icon_arrow.gif',
- ' :|' => 'icon_neutral.gif',
- ' :-|' => 'icon_neutral.gif',
- ':neutral:' => 'icon_neutral.gif',
- ':mrgreen:' => 'icon_mrgreen.gif',
+ ':mrgreen:' => 'icon_mrgreen.gif',
+ ':neutral:' => 'icon_neutral.gif',
+ ':twisted:' => 'icon_twisted.gif',
+ ':arrow:' => 'icon_arrow.gif',
+ ':shock:' => 'icon_eek.gif',
+ ':smile:' => 'icon_smile.gif',
+ ' :???:' => 'icon_confused.gif',
+ ':cool:' => 'icon_cool.gif',
+ ':evil:' => 'icon_evil.gif',
+ ':grin:' => 'icon_biggrin.gif',
+ ':idea:' => 'icon_idea.gif',
+ ':oops:' => 'icon_redface.gif',
+ ':razz:' => 'icon_razz.gif',
+ ':roll:' => 'icon_rolleyes.gif',
+ ':wink:' => 'icon_wink.gif',
+ ':cry:' => 'icon_cry.gif',
+ ':eek:' => 'icon_surprised.gif',
+ ':lol:' => 'icon_lol.gif',
+ ':mad:' => 'icon_mad.gif',
+ ':sad:' => 'icon_sad.gif',
+ ' 8-)' => 'icon_cool.gif',
+ ' 8-O' => 'icon_eek.gif',
+ ' :-(' => 'icon_sad.gif',
+ ' :-)' => 'icon_smile.gif',
+ ' :-?' => 'icon_confused.gif',
+ ' :-D' => 'icon_biggrin.gif',
+ ' :-P' => 'icon_razz.gif',
+ ' :-o' => 'icon_surprised.gif',
+ ' :-x' => 'icon_mad.gif',
+ ' :-|' => 'icon_neutral.gif',
+ ' ;-)' => 'icon_wink.gif',
+ ' 8)' => 'icon_cool.gif',
+ ' 8O' => 'icon_eek.gif',
+ ' :(' => 'icon_sad.gif',
+ ' :)' => 'icon_smile.gif',
+ ' :?' => 'icon_confused.gif',
+ ' :D' => 'icon_biggrin.gif',
+ ' :P' => 'icon_razz.gif',
+ ' :o' => 'icon_surprised.gif',
+ ' :x' => 'icon_mad.gif',
+ ' :|' => 'icon_neutral.gif',
+ ' ;)' => 'icon_wink.gif',
+ ':!:' => 'icon_exclaim.gif',
+ ':?:' => 'icon_question.gif',
);
}
-// sorts the smilies' array
-if (!function_exists('smiliescmp')) {
-function smiliescmp ($a, $b) {
- if (strlen($a) == strlen($b)) {
- return strcmp($a, $b);
- }
- return (strlen($a) > strlen($b)) ? -1 : 1;
- }
-}
-uksort($wpsmiliestrans, 'smiliescmp');
// generates smilies' search & replace arrays
foreach($wpsmiliestrans as $smiley => $img) {
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN
-$wp_version = '2.0.2';
-$wp_db_version = 3437;
+$wp_version = '2.0.4';
+$wp_db_version = 3440;
?>
$EZSQL_ERROR[] =
array ('query' => $this->last_query, 'error_str' => $str);
+ $str = htmlspecialchars($str, ENT_QUOTES);
+ $query = htmlspecialchars($this->last_query, ENT_QUOTES);
// Is error output turned on or not..
if ( $this->show_errors ) {
// If there is an error then take note of it
print "<div id='error'>
<p class='wpdberror'><strong>WordPress database error:</strong> [$str]<br />
- <code>$this->last_query</code></p>
+ <code>$query</code></p>
</div>";
} else {
return false;
$redirect_to = 'wp-login.php';
if ( isset($_REQUEST['redirect_to']) )
- $redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_REQUEST['redirect_to']);
+ $redirect_to = $_REQUEST['redirect_to'];
wp_redirect($redirect_to);
exit();
$redirect_to = 'wp-admin/';
else
$redirect_to = $_REQUEST['redirect_to'];
- $redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $redirect_to);
if( $_POST ) {
$user_login = $_POST['log'];
$user_login = sanitize_user( $user_login );
$user_pass = $_POST['pwd'];
$rememberme = $_POST['rememberme'];
- } elseif ( !empty($_COOKIE) ) {
- if ( !empty($_COOKIE[USER_COOKIE]) )
- $user_login = $_COOKIE[USER_COOKIE];
- if ( !empty($_COOKIE[PASS_COOKIE]) ) {
- $user_pass = $_COOKIE[PASS_COOKIE];
+ } else {
+ $cookie_login = wp_get_cookie_login();
+ if ( ! empty($cookie_login) ) {
$using_cookie = true;
+ $user_login = $cookie_login['login'];
+ $user_pass = $cookie_login['password'];
}
}
if ( $using_cookie )
$error = __('Your session has expired.');
}
+ } else if ( $user_login || $user_pass ) {
+ $error = __('<strong>Error</strong>: The password field is empty.');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php _e('Remember me'); ?></label></p>
<p class="submit">
<input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> »" tabindex="4" />
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
+ <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?>" />
</p>
</form>
<ul>
// 10 days
setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
-wp_redirect($_SERVER['HTTP_REFERER']);
+wp_redirect(wp_get_referer());
?>
\ No newline at end of file
unregister_GLOBALS();
-$HTTP_USER_AGENT = getenv('HTTP_USER_AGENT');
unset( $wp_filter, $cache_userdata, $cache_lastcommentmodified, $cache_lastpostdate, $cache_settings, $category_cache, $cache_categories );
if ( ! isset($blog_id) )
$_COOKIE = add_magic_quotes($_COOKIE);
$_SERVER = add_magic_quotes($_SERVER);
+do_action('sanitize_comment_cookies');
+
$wp_query = new WP_Query();
$wp_rewrite = new WP_Rewrite();
$wp = new WP();
if (empty($title) && empty($tb_url) && empty($blog_name)) {
// If it doesn't look like a trackback at all...
- header('Location: ' . get_permalink($tb_id));
+ wp_redirect(get_permalink($tb_id));
exit;
}
$pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
$original_title = $title;
- $comment_post_ID = $post_ID;
+ $comment_post_ID = (int) $post_ID;
$comment_author = $title;
+ $this->escape($comment_author);
$comment_author_url = $pagelinkedfrom;
$comment_content = $context;
+ $this->escape($comment_content);
$comment_type = 'pingback';
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type');
scripts.mit.edu / autoinstalls / wordpress.git / commitdiff
