Upgrading from any previous WordPress to 2.8.5:

Delete your old WP files, saving ones you've modified.

Upload the new files.

diff --git a/wp-admin/edit-attachment-rows.php b/wp-admin/edit-attachment-rows.php index 3842a6cc..4922eed2 100644 --- a/wp-admin/edit-attachment-rows.php +++ b/wp-admin/edit-attachment-rows.php @@ -209,4 +209,3 @@ foreach ($posts_columns as $column_name => $column_display_name ) { - diff --git a/wp-admin/import/btt.php b/wp-admin/import/btt.php deleted file mode 100644 index a2aab3ff..00000000 --- a/wp-admin/import/btt.php +++ /dev/null @@ -1,130 +0,0 @@ -'; - screen_icon(); - echo '

'.__('Import Bunny’s Technorati Tags').'

'; - echo '

'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'

'; - } - - function footer() { - echo ''; - } - - function greet() { - echo '

'; - echo '

'.__('Howdy! This imports tags from Bunny’s Technorati Tags into WordPress tags.').'

'; - echo '

'.__('This is suitable for Bunny’s Technorati Tags version 0.6.').'

'; - echo '

'.__('All existing Bunny’s Technorati Tags will be removed after import.').'

'; - echo '

'.__('Don’t be stupid - backup your database before proceeding!').'

'; - echo ''; - echo '

'; - echo '

'.__('Reading Bunny’s Technorati Tags…').'

'; - - // import Bunny's Keywords tags - $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'tags'"); - if ( !is_array($metakeys)) { - echo '

' . __('No Tags Found!') . '

'; - return false; - } else { - $count = count($metakeys); - echo '

' . sprintf( _n('Done! %s post with tags were read.', 'Done! %s posts with tags were read.', $count), $count ) . '

'; - echo '

' . $post_meta->post_id . ' - ' . $keyword . '

'; - } - - echo ''; - echo '

'; - } - - function done() { - echo '

'; - echo '

'.__('Import Complete!').'

'; - echo '

'; - } - - function BunnyTags_Import() { - } - -} - -// create the import object -$btt_import = new BunnyTags_Import(); - -// add it to the import page! -register_importer('btt', 'Bunny’s Technorati Tags', __('Import Bunny’s Technorati Tags into WordPress tags.'), array($btt_import, 'dispatch')); - -?> diff --git a/wp-admin/import/jkw.php b/wp-admin/import/jkw.php deleted file mode 100644 index d21d79a3..00000000 --- a/wp-admin/import/jkw.php +++ /dev/null @@ -1,192 +0,0 @@ -'; - screen_icon(); - echo '

'.__('Import Jerome’s Keywords').'

'; - echo '

'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'

'; - } - - function footer() { - echo ''; - } - - function greet() { - echo '

'; - echo '

'.__('Howdy! This imports tags from Jerome’s Keywords into WordPress tags.').'

'; - echo '

'.__('This is suitable for Jerome’s Keywords version 1.x and 2.0a.').'

'; - echo '

'.__('All existing Jerome’s Keywords will be removed after import.').'

'; - echo '

'.__('Don’t be stupid - backup your database before proceeding!').'

'; - echo ''; - echo ''; - echo '

'; - } - - function dispatch() { - if ( empty($_GET['step']) ) - $step = 0; - else - $step = absint($_GET['step']); - - // load the header - $this->header(); - - switch ( $step ) { - case 0 : - $this->greet(); - break; - case 1 : - check_admin_referer('import-jkw'); - $this->check_V1_post_keyword( true ); - break; - case 2 : - check_admin_referer('import-jkw'); - $this->check_V1_post_keyword( false ); - break; - case 3 : - check_admin_referer('import-jkw'); - $this->check_V2_post_keyword( true ); - break; - case 4 : - check_admin_referer('import-jkw'); - $this->check_V2_post_keyword( false ); - break; - case 5: - check_admin_referer('import-jkw'); - $this->cleanup_V2_import(); - break; - case 6: - $this->done(); - break; - } - - // load the footer - $this->footer(); - } - - function check_V1_post_keyword($precheck = true) { - global $wpdb; - - echo '

'; - echo '

'.__('Reading Jerome’s Keywords Tags…').'

'; - - // import Jerome's Keywords tags - $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'keywords'"); - if ( !is_array($metakeys)) { - echo '

' . __('No Tags Found!') . '

'; - return false; - } else { - $count = count($metakeys); - echo '

' . sprintf( _n('Done! %s post with tags were read.', 'Done! %s posts with tags were read.', $count), $count ) . '

'; - echo '

' . $post_meta->post_id . ' - ' . $keyword . '

'; - } - - echo ''; - echo '

'; - } - - function check_V2_post_keyword($precheck = true) { - global $wpdb; - - echo '

'; - echo '

'.__('Reading Jerome’s Keywords Tags…').'

'; - - // import Jerome's Keywords tags - $tablename = $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1); - $metakeys = $wpdb->get_results("SELECT post_id, tag_name FROM $tablename"); - if ( !is_array($metakeys) ) { - echo '

' . __('No Tags Found!') . '

'; - return false; - } else { - $count = count($metakeys); - echo '

' . sprintf( _n('Done! %s tag were read.', 'Done! %s tags were read.', $count), $count ) . '

'; - echo '

' . $post_meta->post_id . ' - ' . $keyword . '

'; - } - echo ''; - echo '

'; - } - - function cleanup_V2_import() { - global $wpdb; - - /* options from V2.0a (jeromes-keywords.php) */ - $options = array('version', 'keywords_table', 'query_varname', 'template', 'meta_always_include', 'meta_includecats', 'meta_autoheader', 'search_strict', 'use_feed_cats', 'post_linkformat', 'post_tagseparator', 'post_includecats', 'post_notagstext', 'cloud_linkformat', 'cloud_tagseparator', 'cloud_includecats', 'cloud_sortorder', 'cloud_displaymax', 'cloud_displaymin', 'cloud_scalemax', 'cloud_scalemin'); - - $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1)); - - foreach ( $options as $o ) - delete_option('jkeywords_' . $o); - - $this->done(); - } - - function done() { - echo '

'; - echo '

'.__('Import Complete!').'

'; - echo '

'; - } - - function JeromesKeyword_Import() { - } - -} - -// create the import object -$jkw_import = new JeromesKeyword_Import(); - -// add it to the import page! -register_importer('jkw', 'Jerome’s Keywords', __('Import Jerome’s Keywords into WordPress tags.'), array($jkw_import, 'dispatch')); - -?> diff --git a/wp-admin/import/wordpress.php b/wp-admin/import/wordpress.php index 99903487..388b1b6d 100644 --- a/wp-admin/import/wordpress.php +++ b/wp-admin/import/wordpress.php @@ -684,8 +684,8 @@ class WP_Import { } function is_valid_meta_key($key) { - // skip _wp_attached_file metadata since we'll regenerate it from scratch - if ( $key == '_wp_attached_file' ) + // skip attachment metadata since we'll regenerate it from scratch + if ( $key == '_wp_attached_file' || $key == '_wp_attachment_metadata' ) return false; return $key; } diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index c7acf915..51bb136c 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -246,7 +246,7 @@ function bulk_edit_posts( $post_data = null ) { if ( isset($post_data['post_category']) ) { if ( is_array($post_data['post_category']) && ! empty($post_data['post_category']) ) - $new_cats = array_map( absint, $post_data['post_category'] ); + $new_cats = array_map( 'absint', $post_data['post_category'] ); else unset($post_data['post_category']); } @@ -1059,6 +1059,32 @@ function wp_set_post_lock( $post_id ) { update_post_meta( $post->ID, '_edit_last', $current_user->ID ); } +/** + * Outputs the notice message to say that someone else is editing this post at the moment. + * + * @since 2.8.5 + * @return none + */ +function _admin_notice_post_locked() { + global $post; + $last_user = get_userdata( get_post_meta( $post->ID, '_edit_last', true ) ); + $last_user_name = $last_user ? $last_user->display_name : __('Somebody'); + + switch ($post->post_type) { + case 'post': + $message = __( 'Warning: %s is currently editing this post' ); + break; + case 'page': + $message = __( 'Warning: %s is currently editing this page' ); + break; + default: + $message = __( 'Warning: %s is currently editing this.' ); + } + + $message = sprintf( $message, esc_html( $last_user_name ) ); + echo "

$message

"; +} + /** * Creates autosave data for the specified post from $_POST data. * diff --git a/wp-admin/includes/update-core.php b/wp-admin/includes/update-core.php index 5abee757..f9661962 100644 --- a/wp-admin/includes/update-core.php +++ b/wp-admin/includes/update-core.php @@ -126,6 +126,8 @@ $_old_files = array( 'wp-admin/edit-form-ajax-cat.php', 'wp-admin/execute-pings.php', 'wp-admin/import/b2.php', +'wp-admin/import/btt.php', +'wp-admin/import/jkw.php', 'wp-admin/inline-uploading.php', 'wp-admin/link-categories.php', 'wp-admin/list-manipulation.js', diff --git a/wp-admin/install.php b/wp-admin/install.php index a9579ff4..4e97f02f 100644 --- a/wp-admin/install.php +++ b/wp-admin/install.php @@ -49,6 +49,12 @@ header( 'Content-Type: text/html; charset=utf-8' ); }//end function display_header(); function display_setup_form( $error = null ) { + // Ensure that Blogs appear in search engines by default + $blog_public = 1; + if ( isset($_POST) && !empty($_POST) ) { + $blog_public = isset($_POST['blog_public']); + } + if ( ! is_null( $error ) ) { ?>

ERROR: %s'), $error); ?>

@@ -65,7 +71,7 @@ function display_setup_form( $error = null ) { - checked="checked" /> + />

diff --git a/wp-admin/page.php b/wp-admin/page.php index 68a66902..9e5eef68 100644 --- a/wp-admin/page.php +++ b/wp-admin/page.php @@ -98,11 +98,7 @@ case 'edit': if ( current_user_can('edit_page', $page_ID) ) { if ( $last = wp_check_post_lock( $post->ID ) ) { - $last_user = get_userdata( $last ); - $last_user_name = $last_user ? $last_user->display_name : __('Somebody'); - $message = sprintf( __( 'Warning: %s is currently editing this page' ), esc_html( $last_user_name ) ); - $message = str_replace( "'", "\'", "

$message

" ); - add_action('admin_notices', create_function( '', "echo '$message';" ) ); + add_action('admin_notices', '_admin_notice_post_locked' ); } else { wp_set_post_lock( $post->ID ); wp_enqueue_script('autosave'); diff --git a/wp-app.php b/wp-app.php index 0ada250e..11f4ec77 100644 --- a/wp-app.php +++ b/wp-app.php @@ -780,6 +780,7 @@ EOD; } $location = get_post_meta($entry['ID'], '_wp_attached_file', true); + $location = get_option ('upload_path') . '/' . $location; $filetype = wp_check_filetype($location); if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext'])) @@ -789,11 +790,19 @@ EOD; header('Content-Type: ' . $entry['post_mime_type']); header('Connection: close'); - $fp = fopen($location, "rb"); - while(!feof($fp)) { - echo fread($fp, 4096); + if ($fp = fopen($location, "rb")) { + status_header('200'); + header('Content-Type: ' . $entry['post_mime_type']); + header('Connection: close'); + + while(!feof($fp)) { + echo fread($fp, 4096); + } + + fclose($fp); + } else { + status_header ('404'); } - fclose($fp); log_app('function',"get_file($postID)"); exit; diff --git a/wp-content/plugins/akismet/akismet.php b/wp-content/plugins/akismet/akismet.php index 92bbae2d..a2402a10 100644 --- a/wp-content/plugins/akismet/akismet.php +++ b/wp-content/plugins/akismet/akismet.php @@ -400,6 +400,13 @@ function akismet_http_post($request, $host, $path, $port = 80, $ip=null) { return $response; } +// filter handler used to return a spam result to pre_comment_approved +function akismet_result_spam( $approved ) { + // bump the counter here instead of when the filter is added to reduce the possibility of overcounting + update_option( 'akismet_spam_count', get_option('akismet_spam_count') + 1 ); + return 'spam'; +} + function akismet_auto_check_comment( $comment ) { global $akismet_api_host, $akismet_api_port; @@ -423,8 +430,8 @@ function akismet_auto_check_comment( $comment ) { $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port); if ( 'true' == $response[1] ) { - add_filter('pre_comment_approved', create_function('$a', 'return \'spam\';')); - update_option( 'akismet_spam_count', get_option('akismet_spam_count') + 1 ); + // akismet_spam_count will be incremented later by akismet_result_spam() + add_filter('pre_comment_approved', 'akismet_result_spam'); do_action( 'akismet_spam_caught' ); @@ -432,9 +439,12 @@ function akismet_auto_check_comment( $comment ) { $last_updated = strtotime( $post->post_modified_gmt ); $diff = time() - $last_updated; $diff = $diff / 86400; - - if ( $post->post_type == 'post' && $diff > 30 && get_option( 'akismet_discard_month' ) == 'true' ) + + if ( $post->post_type == 'post' && $diff > 30 && get_option( 'akismet_discard_month' ) == 'true' ) { + // akismet_result_spam() won't be called so bump the counter here + update_option( 'akismet_spam_count', get_option('akismet_spam_count') + 1 ); die; + } } akismet_delete_old(); return $comment; diff --git a/wp-content/plugins/akismet/readme.txt b/wp-content/plugins/akismet/readme.txt index af87370f..9b2241d8 100644 --- a/wp-content/plugins/akismet/readme.txt +++ b/wp-content/plugins/akismet/readme.txt @@ -2,7 +2,7 @@ Contributors: matt, ryan, andy, mdawaffe, tellyworth Tags: akismet, comments, spam Requires at least: 2.0 -Tested up to: 2.8.2 +Tested up to: 2.8.4 Akismet checks your comments against the Akismet web service to see if they look like spam or not. diff --git a/wp-includes/author-template.php b/wp-includes/author-template.php index 19e7b868..908e2335 100644 --- a/wp-includes/author-template.php +++ b/wp-includes/author-template.php @@ -132,7 +132,7 @@ function the_author_meta($field = '', $user_id = false) { */ function the_author_link() { if ( get_the_author_meta('url') ) { - echo '' . get_the_author() . ''; + echo '' . get_the_author() . ''; } else { the_author(); } @@ -181,7 +181,7 @@ function the_author_posts_link($deprecated = '') { printf( '%3$s', get_author_posts_url( $authordata->ID, $authordata->user_nicename ), - sprintf( __( 'Posts by %s' ), esc_attr( get_the_author() ) ), + esc_attr( sprintf( __( 'Posts by %s' ), get_the_author() ) ), get_the_author() ); } @@ -292,7 +292,7 @@ function wp_list_authors($args = '') { if ( ! $hide_empty ) $link = $name; } else { - $link = 'display_name)) . '">' . $name . ''; + $link = 'display_name) ) . '">' . $name . ''; if ( (! empty($feed_image)) || (! empty($feed)) ) { $link .= ' '; @@ -301,8 +301,8 @@ function wp_list_authors($args = '') { $link .= ''; + $link .= "

'; else $link .= $name; diff --git a/wp-includes/bookmark-template.php b/wp-includes/bookmark-template.php index bb4f6ef3..cf24da6c 100644 --- a/wp-includes/bookmark-template.php +++ b/wp-includes/bookmark-template.php @@ -90,7 +90,7 @@ function _walk_bookmarks($bookmarks, $args = '' ) { $rel = $bookmark->link_rel; if ( '' != $rel ) - $rel = ' rel="' . $rel . '"'; + $rel = ' rel="' . esc_attr($rel) . '"'; $target = $bookmark->link_target; if ( '' != $target ) diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php index cccd68da..2b4fd79c 100644 --- a/wp-includes/capabilities.php +++ b/wp-includes/capabilities.php @@ -900,6 +900,12 @@ function map_meta_cap( $cap, $user_id ) { else $caps[] = 'read_private_pages'; break; + case 'unfiltered_upload': + if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS == true ) + $caps[] = $cap; + else + $caps[] = 'do_not_allow'; + break; default: // If no meta caps match, return the original cap. $caps[] = $cap; diff --git a/wp-includes/category-template.php b/wp-includes/category-template.php index 61f2faf1..52b42baf 100644 --- a/wp-includes/category-template.php +++ b/wp-includes/category-template.php @@ -68,7 +68,7 @@ function get_category_parents( $id, $link = false, $separator = '/', $nicename = } if ( $link ) - $chain .= 'cat_name ) . '">'.$name.'' . $separator; + $chain .= 'cat_name ) ) . '">'.$name.'' . $separator; else $chain .= $name.$separator; return $chain; @@ -190,17 +190,17 @@ function get_the_category_list( $separator = '', $parents='', $post_id = false ) case 'multiple': if ( $category->parent ) $thelist .= get_category_parents( $category->parent, true, $separator ); - $thelist .= 'name ) . '" ' . $rel . '>' . $category->name.''; + $thelist .= 'name ) ) . '" ' . $rel . '>' . $category->name.''; break; case 'single': - $thelist .= 'name ) . '" ' . $rel . '>'; + $thelist .= 'name ) ) . '" ' . $rel . '>'; if ( $category->parent ) $thelist .= get_category_parents( $category->parent, false, $separator ); $thelist .= $category->name.''; break; case '': default: - $thelist .= 'name ) . '" ' . $rel . '>' . $category->cat_name.''; + $thelist .= 'name ) ) . '" ' . $rel . '>' . $category->cat_name.''; } } $thelist .= ''; @@ -213,17 +213,17 @@ function get_the_category_list( $separator = '', $parents='', $post_id = false ) case 'multiple': if ( $category->parent ) $thelist .= get_category_parents( $category->parent, true, $separator ); - $thelist .= 'name ) . '" ' . $rel . '>' . $category->cat_name.''; + $thelist .= 'name ) ) . '" ' . $rel . '>' . $category->cat_name.''; break; case 'single': - $thelist .= 'name ) . '" ' . $rel . '>'; + $thelist .= 'name ) ) . '" ' . $rel . '>'; if ( $category->parent ) $thelist .= get_category_parents( $category->parent, false, $separator ); $thelist .= "$category->cat_name"; break; case '': default: - $thelist .= 'name ) . '" ' . $rel . '>' . $category->name.''; + $thelist .= 'name ) ) . '" ' . $rel . '>' . $category->name.''; } ++$i; } @@ -352,6 +352,8 @@ function wp_dropdown_categories( $args = '' ) { $tab_index_attribute = " tabindex=\"$tab_index\""; $categories = get_categories( $r ); + $name = esc_attr($name); + $class = esc_attr($class); $output = ''; if ( ! empty( $categories ) ) { diff --git a/wp-includes/classes.php b/wp-includes/classes.php index 29c37535..0fcb60ea 100644 --- a/wp-includes/classes.php +++ b/wp-includes/classes.php @@ -214,9 +214,9 @@ class WP { // Trim the query of everything up to the '?'. $query = preg_replace("!^.+\?!", '', $query); - + // Substitute the substring matches into the query. - eval("@\$query = \"" . addslashes($query) . "\";"); + $query = addslashes(WP_MatchesMapRegex::apply($query, $matches)); $this->matched_query = $query; @@ -1592,4 +1592,94 @@ class WP_Ajax_Response { } } +/** + * Helper class to remove the need to use eval to replace $matches[] in query strings. + * + * @since 2.9.0 + */ +class WP_MatchesMapRegex { + /** + * store for matches + * + * @access private + * @var array + */ + var $_matches; + + /** + * store for mapping result + * + * @access public + * @var string + */ + var $output; + + /** + * subject to perform mapping on (query string containing $matches[] references + * + * @access private + * @var string + */ + var $_subject; + + /** + * regexp pattern to match $matches[] references + * + * @var string + */ + var $_pattern = '(\$matches\[[1-9]+[0-9]*\])'; // magic number + + /** + * constructor + * + * @param string $subject subject if regex + * @param array $matches data to use in map + * @return self + */ + function WP_MatchesMapRegex($subject, $matches) { + $this->_subject = $subject; + $this->_matches = $matches; + $this->output = $this->_map(); + } + + /** + * Substitute substring matches in subject. + * + * static helper function to ease use + * + * @access public + * @param string $subject subject + * @param array $matches data used for subsitution + * @return string + */ + function apply($subject, $matches) { + $oSelf =& new WP_MatchesMapRegex($subject, $matches); + return $oSelf->output; + } + + /** + * do the actual mapping + * + * @access private + * @return string + */ + function _map() { + $callback = array(&$this, 'callback'); + return preg_replace_callback($this->_pattern, $callback, $this->_subject); + } + + /** + * preg_replace_callback hook + * + * @access public + * @param array $matches preg_replace regexp matches + * @return string + */ + function callback($matches) { + $index = intval(substr($matches[0], 9, -1)); + return ( isset( $this->_matches[$index] ) ? $this->_matches[$index] : '' ); + } + +} + ?> diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index e87801b6..a5ebcd16 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -338,6 +338,8 @@ function get_comment_class( $class = '', $comment_id = null, $post_id = null ) { $classes = array_merge($classes, $class); } + $classes = array_map('esc_attr', $classes); + return apply_filters('comment_class', $classes, $class, $comment_id, $post_id); } @@ -940,7 +942,7 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c $number = get_comments_number( $id ); if ( 0 == $number && !comments_open() && !pings_open() ) { - echo '' . $none . ''; + echo '' . $none . ''; return; } @@ -972,7 +974,7 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c echo apply_filters( 'comments_popup_link_attributes', '' ); - echo ' title="' . sprintf( __('Comment on %s'), $title ) . '">'; + echo ' title="' . esc_attr( sprintf( __('Comment on %s'), $title ) ) . '">'; comments_number( $zero, $one, $more, $number ); echo ''; } diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 53cfeeae..37b75229 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -600,7 +600,7 @@ function remove_accents($string) { */ function sanitize_file_name( $filename ) { $filename_raw = $filename; - $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}"); + $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0)); $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw); $filename = str_replace($special_chars, '', $filename); $filename = preg_replace('/[\s-]+/', '-', $filename); @@ -1452,18 +1452,20 @@ function wp_iso_descrambler($string) { * Returns a date in the GMT equivalent. * * Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the - * value of the 'gmt_offset' option. + * value of the 'gmt_offset' option. Return format can be overridden using the + * $format parameter * * @since 1.2.0 * * @uses get_option() to retrieve the the value of 'gmt_offset'. * @param string $string The date to be converted. + * @param string $format The format string for the returned date (default is Y-m-d H:i:s) * @return string GMT version of the date provided. */ -function get_gmt_from_date($string) { +function get_gmt_from_date($string, $format = 'Y-m-d H:i:s') { preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches); $string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]); - $string_gmt = gmdate('Y-m-d H:i:s', $string_time - get_option('gmt_offset') * 3600); + $string_gmt = gmdate($format, $string_time - get_option('gmt_offset') * 3600); return $string_gmt; } @@ -1471,17 +1473,18 @@ function get_gmt_from_date($string) { * Converts a GMT date into the correct format for the blog. * * Requires and returns in the Y-m-d H:i:s format. Simply adds the value of - * gmt_offset. + * gmt_offset.Return format can be overridden using the $format parameter * * @since 1.2.0 * * @param string $string The date to be converted. + * @param string $format The format string for the returned date (default is Y-m-d H:i:s) * @return string Formatted date relative to the GMT offset. */ -function get_date_from_gmt($string) { +function get_date_from_gmt($string, $format = 'Y-m-d H:i:s') { preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches); $string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]); - $string_localtime = gmdate('Y-m-d H:i:s', $string_time + get_option('gmt_offset')*3600); + $string_localtime = gmdate($format, $string_time + get_option('gmt_offset')*3600); return $string_localtime; } diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php index 68c73ced..ff52097c 100644 --- a/wp-includes/general-template.php +++ b/wp-includes/general-template.php @@ -1023,7 +1023,7 @@ function get_calendar($initial = true) { /* translators: Calendar caption: 1: month name, 2: 4-digit year */ $calendar_caption = _x('%1$s %2$s', 'calendar caption'); - echo ' + echo ''; @@ -1036,6 +1036,7 @@ function get_calendar($initial = true) { foreach ( $myweek as $wd ) { $day_name = (true == $initial) ? $wp_locale->get_weekday_initial($wd) : $wp_locale->get_weekday_abbrev($wd); + $wd = esc_attr($wd); echo "\n\t\t"; } @@ -1058,8 +1059,8 @@ function get_calendar($initial = true) { if ( $next ) { echo "\n\t\t".''; + get_month_link($next->year, $next->month) . '" title="' . esc_attr( sprintf(__('View posts for %1$s %2$s'), $wp_locale->get_month($next->month) , + date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) ) . '">' . $wp_locale->get_month_abbrev($wp_locale->get_month($next->month)) . ' »'; } else { echo "\n\t\t".''; } @@ -1116,7 +1117,7 @@ function get_calendar($initial = true) { // See how much we should pad in the beginning $pad = calendar_week_mod(date('w', $unixmonth)-$week_begins); if ( 0 != $pad ) - echo "\n\t\t".''; + echo "\n\t\t".''; $daysinmonth = intval(date('t', $unixmonth)); for ( $day = 1; $day <= $daysinmonth; ++$day ) { @@ -1130,7 +1131,7 @@ function get_calendar($initial = true) { echo ''; @@ -1141,7 +1142,7 @@ function get_calendar($initial = true) { $pad = 7 - calendar_week_mod(date('w', mktime(0, 0 , 0, $thismonth, $day, $thisyear))-$week_begins); if ( $pad != 0 && $pad != 7 ) - echo "\n\t\t".''; + echo "\n\t\t".''; echo "\n\t\n\t\n\t

"; diff --git a/wp-includes/media.php b/wp-includes/media.php index 7f349638..22e67819 100644 --- a/wp-includes/media.php +++ b/wp-includes/media.php @@ -591,9 +591,9 @@ function img_caption_shortcode($attr, $content = null) { if ( 1 > (int) $width || empty($caption) ) return $content; - if ( $id ) $id = 'id="' . $id . '" '; + if ( $id ) $id = 'id="' . esc_attr($id) . '" '; - return '

' + return '

' . do_shortcode( $content ) . '

' . $caption . '

'; } diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php index 35a7caa9..c473bdcc 100644 --- a/wp-includes/post-template.php +++ b/wp-includes/post-template.php @@ -342,6 +342,8 @@ function get_post_class( $class = '', $post_id = null ) { $classes = array_merge($classes, $class); } + $classes = array_map('esc_attr', $classes); + return apply_filters('post_class', $classes, $class, $post_id); } @@ -478,6 +480,8 @@ function get_body_class( $class = '' ) { $classes = array_merge($classes, $class); } + $classes = array_map('esc_attr', $classes); + return apply_filters('body_class', $classes, $class); } @@ -706,6 +710,7 @@ function wp_dropdown_pages($args = '') { $pages = get_pages($r); $output = ''; + $name = esc_attr($name); if ( ! empty($pages) ) { $output = "

-
Version 2.8.4 +
Version 2.8.5

Upgrading

Upgrading from any previous WordPress to 2.8.4:

Upgrading from any previous WordPress to 2.8.5:

'.__('Import Bunny’s Technorati Tags').'

'.__('Reading Bunny’s Technorati Tags…').'

'.__('Import Complete!').'

'.__('Import Jerome’s Keywords').'

'.__('Reading Jerome’s Keywords Tags…').'

'.__('Reading Jerome’s Keywords Tags…').'

'.__('Import Complete!').'

- Version 2.8.4 + Version 2.8.5

Upgrading

Upgrading from any previous WordPress to 2.8.4:

Upgrading from any previous WordPress to 2.8.5:

'.__('Import Bunny’s Technorati Tags').'

'.__('Reading Bunny’s Technorati Tags…').'

'.__('Import Complete!').'

'.__('Import Jerome’s Keywords').'

'.__('Reading Jerome’s Keywords Tags…').'

'.__('Reading Jerome’s Keywords Tags…').'

'.__('Import Complete!').'

-
Version 2.8.4 +
Version 2.8.5