From: Edward Z. Yang <ezyang@mit.edu>
Date: Thu, 5 Nov 2009 06:41:46 +0000 (-0500)
Subject: Wordpress 2.0.4-scripts
X-Git-Tag: wordpress-2.0.4-scripts
X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/commitdiff_plain/54fb5972b908f9c2b16cd82cee580bcf61565873?hp=-c

Wordpress 2.0.4-scripts

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
---

54fb5972b908f9c2b16cd82cee580bcf61565873
diff --combined wp-admin/admin-functions.php
index a39c12fa,6b9be754..3a4c3a0b
--- a/wp-admin/admin-functions.php
+++ b/wp-admin/admin-functions.php
@@@ -361,7 -361,7 +361,7 @@@ function edit_user($user_id = 0) 
  	if (isset ($_POST['pass2']))
  		$pass2 = $_POST['pass2'];
  
- 	if (isset ($_POST['role'])) {
+ 	if (isset ($_POST['role']) && current_user_can('edit_users')) {
  		if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
  			$user->role = $_POST['role'];
  	}
@@@ -523,7 -523,7 +523,7 @@@ function checked($checked, $current) 
  
  function return_categories_list($parent = 0) {
  	global $wpdb;
- 	return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC LIMIT 100");
+ 	return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC");
  }
  
  function sort_cats($cat1, $cat2) {
@@@ -597,9 -597,9 +597,9 @@@ function cat_rows($parent = 0, $level 
  				if ( current_user_can('manage_categories') ) {
  					$edit = "<a href='categories.php?action=edit&amp;cat_ID=$category->cat_ID' class='edit'>".__('Edit')."</a></td>";
  					$default_cat_id = get_option('default_category');
- 					
+ 
  					if ($category->cat_ID != $default_cat_id)
- 						$edit .= "<td><a href='categories.php?action=delete&amp;cat_ID=$category->cat_ID' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '".sprintf(__("You are about to delete the category &quot;%s&quot;.  All of its posts will go to the default category.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."</a>";
+ 						$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category &quot;%s&quot;.  All of its posts will go to the default category.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape($category->cat_name))."' );\" class='delete'>".__('Delete')."</a>";
  					else
  						$edit .= "<td style='text-align:center'>".__("Default");
  				}
@@@ -643,7 -643,7 +643,7 @@@ function page_rows($parent = 0, $level 
      <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 
  	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
      <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
-     <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
+     <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $id) .  "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
    </tr> 
  
  <?php
@@@ -990,7 -990,6 +990,7 @@@ function insert_with_markers($filename
  		}
  
  		$f = fopen($filename, 'w');
 +		chmod($filename, 0777);
  		$foundit = false;
  		if ($markerdata) {
  			$state = true;
@@@ -1215,6 -1214,7 +1215,7 @@@ function user_can_access_admin_page() 
  	global $pagenow;
  	global $menu;
  	global $submenu;
+ 	global $plugin_page;
  
  	$parent = get_admin_page_parent();
  
@@@ -1230,13 -1230,21 +1231,21 @@@
  	}
  
  	if (isset ($submenu[$parent])) {
- 		foreach ($submenu[$parent] as $submenu_array) {
+ 		if ( isset($plugin_page) ) {
+ 			foreach ($submenu[$parent] as $submenu_array) {
+ 				if ( $submenu_array[2] == $plugin_page ) {
+ 					if (!current_user_can($submenu_array[1]))
+ 						return false;
+ 				}
+ 			}
+ 		}
+ 
+ 		foreach ($submenu[$parent] as $submenu_array) {		
  			if ($submenu_array[2] == $pagenow) {
- 				if (!current_user_can($submenu_array[1])) {
+ 				if (!current_user_can($submenu_array[1]))
  					return false;
- 				} else {
+ 				else
  					return true;
- 				}
  			}
  		}
  	}
@@@ -1483,23 -1491,23 +1492,23 @@@ function get_plugin_data($plugin_file) 
  	preg_match("|Author:(.*)|i", $plugin_data, $author_name);
  	preg_match("|Author URI:(.*)|i", $plugin_data, $author_uri);
  	if (preg_match("|Version:(.*)|i", $plugin_data, $version))
- 		$version = $version[1];
+ 		$version = trim($version[1]);
  	else
  		$version = '';
  
- 	$description = wptexturize($description[1]);
+ 	$description = wptexturize(trim($description[1]));
  
  	$name = $plugin_name[1];
  	$name = trim($name);
  	$plugin = $name;
  	if ('' != $plugin_uri[1] && '' != $name) {
- 		$plugin = '<a href="'.$plugin_uri[1].'" title="'.__('Visit plugin homepage').'">'.$plugin.'</a>';
+ 		$plugin = '<a href="' . trim($plugin_uri[1]) . '" title="'.__('Visit plugin homepage').'">'.$plugin.'</a>';
  	}
  
  	if ('' == $author_uri[1]) {
- 		$author = $author_name[1];
+ 		$author = trim($author_name[1]);
  	} else {
- 		$author = '<a href="'.$author_uri[1].'" title="'.__('Visit author homepage').'">'.$author_name[1].'</a>';
+ 		$author = '<a href="' . trim($author_uri[1]) . '" title="'.__('Visit author homepage').'">' . trim($author_name[1]) . '</a>';
  	}
  
  	return array ('Name' => $name, 'Title' => $plugin, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1]);
@@@ -1665,45 -1673,6 +1674,6 @@@ function wp_handle_upload(&$file, $over
  		__("Missing a temporary folder."),
  		__("Failed to write file to disk."));
  
- 	// Accepted MIME types are set here as PCRE. Override with $override['mimes'].
- 	$mimes = apply_filters('upload_mimes', array (
- 		'jpg|jpeg|jpe' => 'image/jpeg',
- 		'gif' => 'image/gif',
- 		'png' => 'image/png',
- 		'bmp' => 'image/bmp',
- 		'tif|tiff' => 'image/tiff',
- 		'ico' => 'image/x-icon',
- 		'asf|asx|wax|wmv|wmx' => 'video/asf',
- 		'avi' => 'video/avi',
- 		'mov|qt' => 'video/quicktime',
- 		'mpeg|mpg|mpe' => 'video/mpeg',
- 		'txt|c|cc|h' => 'text/plain',
- 		'rtx' => 'text/richtext',
- 		'css' => 'text/css',
- 		'htm|html' => 'text/html',
- 		'mp3|mp4' => 'audio/mpeg',
- 		'ra|ram' => 'audio/x-realaudio',
- 		'wav' => 'audio/wav',
- 		'ogg' => 'audio/ogg',
- 		'mid|midi' => 'audio/midi',
- 		'wma' => 'audio/wma',
- 		'rtf' => 'application/rtf',
- 		'js' => 'application/javascript',
- 		'pdf' => 'application/pdf',
- 		'doc' => 'application/msword',
- 		'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
- 		'wri' => 'application/vnd.ms-write',
- 		'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
- 		'mdb' => 'application/vnd.ms-access',
- 		'mpp' => 'application/vnd.ms-project',
- 		'swf' => 'application/x-shockwave-flash',
- 		'class' => 'application/java',
- 		'tar' => 'application/x-tar',
- 		'zip' => 'application/zip',
- 		'gz|gzip' => 'application/x-gzip',
- 		'exe' => 'application/x-msdownload'
- 	));
- 
  	// All tests are on by default. Most can be turned off by $override[{test_name}] = false;
  	$test_form = true;
  	$test_size = true;
@@@ -1731,17 -1700,11 +1701,11 @@@
  	if (! @ is_uploaded_file($file['tmp_name']) )
  		return $upload_error_handler($file, __('Specified file failed upload test.'));
  
- 	// A correct MIME type will pass this test.
+ 	// A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter.
  	if ( $test_type ) {
- 		$type = false;
- 		$ext = false;
- 		foreach ($mimes as $ext_preg => $mime_match) {
- 			$ext_preg = '![^.]\.(' . $ext_preg . ')$!i';
- 			if ( preg_match($ext_preg, $file['name'], $ext_matches) ) {
- 				$type = $mime_match;
- 				$ext = $ext_matches[1];
- 			}
- 		}
+ 		$wp_filetype = wp_check_filetype($file['name'], $mimes);
+ 
+ 		extract($wp_filetype);
  
  		if ( !$type || !$ext )
  			return $upload_error_handler($file, __('File type does not meet security guidelines. Try another.'));
@@@ -1768,6 -1731,8 +1732,8 @@@
  			else
  				$filename = str_replace("$number$ext", ++$number . $ext, $filename);
  		}
+ 		$filename = str_replace($ext, '', $filename);
+ 		$filename = sanitize_title_with_dashes($filename) . $ext;
  	}
  
  	// Move the file to the uploads dir
@@@ -1809,7 -1774,7 +1775,7 @@@ o.action.value = 'view'
  o.submit();
  }
  </script>
- <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo $action ?>">
+ <form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo $action ?>">
  <label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" />
  <input type="hidden" name="action" value="save" />
  <div id="buttons">