From: Edward Z. Yang Date: Fri, 20 Nov 2009 21:54:34 +0000 (-0500) Subject: Wordpress 2.0.11 X-Git-Tag: wordpress-2.0.11 X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/commitdiff_plain/refs/tags/wordpress-2.0.11 Wordpress 2.0.11 Signed-off-by: Edward Z. Yang --- diff --git a/readme.html b/readme.html index 2a630165..ae746367 100644 --- a/readme.html +++ b/readme.html @@ -80,7 +80,7 @@
WordPress Support Forums
If you've looked everywhere and still can't find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible.
WordPress IRC Channel
-
Finally, there is an online chat channel that is used for discussion amoung people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpresss)
+
Finally, there is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpress)

System Recommendations

diff --git a/wp-admin/admin-db.php b/wp-admin/admin-db.php index d81b6b84..d909ee67 100644 --- a/wp-admin/admin-db.php +++ b/wp-admin/admin-db.php @@ -34,7 +34,7 @@ function get_editable_authors( $user_id ) { return false; } else { $editable = join(',', $editable); - $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable)" ); + $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable) ORDER BY display_name" ); } return apply_filters('get_editable_authors', $authors); @@ -110,7 +110,7 @@ function wp_insert_category($catarr) { if (!$update) { $wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, category_description, category_parent) VALUES ('0', '$cat_name', '$category_nicename', '$category_description', '$category_parent')"); - $cat_ID = $wpdb->insert_id; + $cat_ID = (int) $wpdb->insert_id; } else { $wpdb->query ("UPDATE $wpdb->categories SET cat_name = '$cat_name', category_nicename = '$category_nicename', category_description = '$category_description', category_parent = '$category_parent' WHERE cat_ID = '$cat_ID'"); } @@ -207,7 +207,7 @@ function category_exists($cat_name) { if (!$category_nicename = sanitize_title($cat_name)) return 0; - return $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'"); + return (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'"); } function wp_delete_user($id, $reassign = 'novalue') { @@ -266,23 +266,57 @@ function wp_insert_link($linkdata) { extract($linkdata); $update = false; + if ( !empty($link_id) ) $update = true; + $link_id = (int) $link_id; + + if( trim( $link_name ) == '' ) + return 0; + $link_name = apply_filters('pre_link_name', $link_name); + + if( trim( $link_url ) == '' ) + return 0; + $link_url = apply_filters('pre_link_url', $link_url); + if ( empty($link_rating) ) $link_rating = 0; + else + $link_rating = (int) $link_rating; + + if ( empty($link_image) ) + $link_image = ''; + $link_image = apply_filters('pre_link_image', $link_image); if ( empty($link_target) ) $link_target = ''; + $link_target = apply_filters('pre_link_target', $link_target); if ( empty($link_visible) ) $link_visible = 'Y'; - + $link_visibile = preg_replace('/[^YNyn]/', '', $link_visible); + if ( empty($link_owner) ) $link_owner = $current_user->id; + else + $link_owner = (int) $link_owner; if ( empty($link_notes) ) $link_notes = ''; + $link_notes = apply_filters('pre_link_notes', $link_notes); + + if ( empty($link_description) ) + $link_description = ''; + $link_description = apply_filters('pre_link_description', $link_description); + + if ( empty($link_rss) ) + $link_rss = ''; + $link_rss = apply_filters('pre_link_rss', $link_rss); + + if ( empty($link_rel) ) + $link_rel = ''; + $link_rel = apply_filters('pre_link_rel', $link_rel); if ( $update ) { $wpdb->query("UPDATE $wpdb->links SET link_url='$link_url', @@ -294,7 +328,7 @@ function wp_insert_link($linkdata) { WHERE link_id='$link_id'"); } else { $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_category, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_category', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')"); - $link_id = $wpdb->insert_id; + $link_id = (int) $wpdb->insert_id; } if ( $update ) diff --git a/wp-admin/admin-footer.php b/wp-admin/admin-footer.php index e660be28..88e69ae4 100644 --- a/wp-admin/admin-footer.php +++ b/wp-admin/admin-footer.php @@ -2,7 +2,7 @@ diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index 6b9be754..641ed1e2 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -265,6 +265,8 @@ function get_post_to_edit($id) { $post->post_title = format_to_edit($post->post_title); $post->post_title = apply_filters('title_edit_pre', $post->post_title); + $post->post_password = format_to_edit($post->post_password); + if ($post->post_status == 'static') $post->page_template = get_post_meta($id, '_wp_page_template', true); @@ -287,7 +289,7 @@ function get_default_post_to_edit() { else if ( !empty($post_title) ) { $text = wp_specialchars(stripslashes(urldecode($_REQUEST['text']))); $text = funky_javascript_fix($text); - $popupurl = wp_specialchars($_REQUEST['popupurl']); + $popupurl = clean_url(stripslashes($_REQUEST['popupurl'])); $post_content = ''.$post_title.''."\n$text"; } @@ -317,11 +319,15 @@ function get_comment_to_edit($id) { $comment = get_comment($id); - $comment->comment_content = format_to_edit($comment->comment_content, $richedit); + $comment->comment_ID = (int) $comment->comment_ID; + $comment->comment_post_ID = (int) $comment->comment_post_ID; + + $comment->comment_content = format_to_edit($comment->comment_content); $comment->comment_content = apply_filters('comment_edit_pre', $comment->comment_content); $comment->comment_author = format_to_edit($comment->comment_author); $comment->comment_author_email = format_to_edit($comment->comment_author_email); + $comment->comment_author_url = clean_url($comment->comment_author_url); $comment->comment_author_url = format_to_edit($comment->comment_author_url); return $comment; @@ -333,6 +339,23 @@ function get_category_to_edit($id) { return $category; } +function get_user_to_edit($user_id) { + $user = new WP_User($user_id); + $user->user_login = attribute_escape($user->user_login); + $user->user_email = attribute_escape($user->user_email); + $user->user_url = clean_url($user->user_url); + $user->first_name = attribute_escape($user->first_name); + $user->last_name = attribute_escape($user->last_name); + $user->display_name = attribute_escape($user->display_name); + $user->nickname = attribute_escape($user->nickname); + $user->aim = attribute_escape($user->aim); + $user->yim = attribute_escape($user->yim); + $user->jabber = attribute_escape($user->jabber); + $user->description = wp_specialchars($user->description); + + return $user; +} + // Creates a new user from the "Users" form using $_POST information. function add_user() { @@ -344,7 +367,7 @@ function edit_user($user_id = 0) { if ($user_id != 0) { $update = true; - $user->ID = $user_id; + $user->ID = (int) $user_id; $userdata = get_userdata($user_id); $user->user_login = $wpdb->escape($userdata->user_login); } else { @@ -369,7 +392,7 @@ function edit_user($user_id = 0) { if (isset ($_POST['email'])) $user->user_email = wp_specialchars(trim($_POST['email'])); if (isset ($_POST['url'])) { - $user->user_url = wp_specialchars(trim($_POST['url'])); + $user->user_url = clean_url(trim($_POST['url'])); $user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; } if (isset ($_POST['first_name'])) @@ -381,7 +404,7 @@ function edit_user($user_id = 0) { if (isset ($_POST['display_name'])) $user->display_name = wp_specialchars(trim($_POST['display_name'])); if (isset ($_POST['description'])) - $user->description = wp_specialchars(trim($_POST['description'])); + $user->description = trim($_POST['description']); if (isset ($_POST['jabber'])) $user->jabber = wp_specialchars(trim($_POST['jabber'])); if (isset ($_POST['aim'])) @@ -447,24 +470,27 @@ function edit_user($user_id = 0) { function get_link_to_edit($link_id) { $link = get_link($link_id); - - $link->link_url = wp_specialchars($link->link_url, 1); - $link->link_name = wp_specialchars($link->link_name, 1); - $link->link_description = wp_specialchars($link->link_description); - $link->link_notes = wp_specialchars($link->link_notes); - $link->link_rss = wp_specialchars($link->link_rss); - + + $link->link_url = clean_url($link->link_url); + $link->link_name = attribute_escape($link->link_name); + $link->link_image = attribute_escape($link->link_image); + $link->link_description = attribute_escape($link->link_description); + $link->link_rss = clean_url($link->link_rss); + $link->link_rel = attribute_escape($link->link_rel); + $link->link_notes = wp_specialchars($link->link_notes); + $link->post_category = $link->link_category; + return $link; } function get_default_link_to_edit() { if ( isset($_GET['linkurl']) ) - $link->link_url = wp_specialchars($_GET['linkurl'], 1); + $link->link_url = clean_url($_GET['linkurl']); else $link->link_url = ''; if ( isset($_GET['name']) ) - $link->link_name = wp_specialchars($_GET['name'], 1); + $link->link_name = attribute_escape($_GET['name']); else $link->link_name = ''; @@ -480,10 +506,10 @@ function edit_link($link_id = '') { die(__("Cheatin' uh ?")); $_POST['link_url'] = wp_specialchars($_POST['link_url']); - $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url']; + $_POST['link_url'] = clean_url($_POST['link_url']); $_POST['link_name'] = wp_specialchars($_POST['link_name']); $_POST['link_image'] = wp_specialchars($_POST['link_image']); - $_POST['link_rss'] = wp_specialchars($_POST['link_rss']); + $_POST['link_rss'] = clean_url($_POST['link_rss']); $auto_toggle = get_autotoggle($_POST['link_category']); // if we are in an auto toggle category and this one is visible then we @@ -826,12 +852,27 @@ function list_meta($meta) { $style = ''; if ('_' == $entry['meta_key'] { 0 }) $style .= ' hidden'; + + if ( is_serialized($entry['meta_value']) ) { + if ( is_serialized_string($entry['meta_value']) ) { + // this is a serialized string, so we should display it + $entry['meta_value'] = maybe_unserialize($entry['meta_value']); + } else { + // this is a serialized array/object so we should NOT display it + --$count; + continue; + } + } + + $entry['meta_key'] = attribute_escape( $entry['meta_key']); + $entry['meta_value'] = attribute_escape( $entry['meta_value']); + $entry['meta_id'] = (int) $entry['meta_id']; echo " -
- +
+ "; } @@ -876,6 +917,7 @@ function meta_form() { $key"; } ?> @@ -894,10 +936,14 @@ function meta_form() { function add_meta($post_ID) { global $wpdb; + $post_ID = (int) $post_ID; + + $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); $metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect']))); $metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput']))); - $metavalue = $wpdb->escape(stripslashes(trim($_POST['metavalue']))); + $metavalue = maybe_serialize(stripslashes((trim($_POST['metavalue'])))); + $metavalue = $wpdb->escape($metavalue); if ( ('0' === $metavalue || !empty ($metavalue)) && ((('#NONE#' != $metakeyselect) && !empty ($metakeyselect)) || !empty ($metakeyinput)) ) { // We have a key/value pair. If both the select and the @@ -909,6 +955,9 @@ function add_meta($post_ID) { if ($metakeyinput) $metakey = $metakeyinput; // default + if ( in_array($metakey, $protected) ) + return false; + $result = $wpdb->query(" INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) @@ -919,6 +968,7 @@ function add_meta($post_ID) { function delete_meta($mid) { global $wpdb; + $mid = (int) $mid; $result = $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'"); } @@ -926,6 +976,14 @@ function delete_meta($mid) { function update_meta($mid, $mkey, $mvalue) { global $wpdb; + $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); + + if ( in_array($mkey, $protected) ) + return false; + + $mvalue = maybe_serialize(stripslashes($mvalue)); + $mvalue = $wpdb->escape($mvalue); + $mid = (int) $mid; return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'"); } @@ -1081,15 +1139,13 @@ function save_mod_rewrite_rules() { } function the_quicktags() { - // Browser detection sucks, but until Safari supports the JS needed for this to work people just assume it's a bug in WP - if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Safari')) echo '
'; - else echo ' + echo ' -
+ +
diff --git a/wp-admin/bookmarklet.php b/wp-admin/bookmarklet.php index 195e35cc..2fa3c842 100644 --- a/wp-admin/bookmarklet.php +++ b/wp-admin/bookmarklet.php @@ -37,7 +37,7 @@ else $content = wp_specialchars($_REQUEST['content']); -$popupurl = wp_specialchars($_REQUEST['popupurl']); +$popupurl = clean_url(stripslashes($_REQUEST['popupurl'])); if ( !empty($content) ) { $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) ); } else { diff --git a/wp-admin/categories.php b/wp-admin/categories.php index 30d37c8b..d26a847b 100644 --- a/wp-admin/categories.php +++ b/wp-admin/categories.php @@ -33,6 +33,7 @@ case 'addcat': wp_insert_category($_POST); wp_redirect('categories.php?message=1#addcat'); + exit; break; case 'delete': @@ -51,7 +52,7 @@ case 'delete': wp_delete_category($cat_ID); wp_redirect('categories.php?message=2'); - + exit; break; case 'edit': @@ -68,12 +69,12 @@ case 'edit': - - + @@ -85,7 +86,7 @@ case 'edit': - +
+

@@ -106,6 +107,7 @@ case 'editedcat': wp_update_category($_POST); wp_redirect('categories.php?message=3'); + exit; break; default: diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index 88e672a7..ab0f0a8e 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -7,7 +7,7 @@ $list_js = true; require_once('admin-header.php'); if (empty($_GET['mode'])) $mode = 'view'; -else $mode = wp_specialchars($_GET['mode'], 1); +else $mode = attribute_escape($_GET['mode']); ?> - +

(Separate multiple URIs with spaces.)
'), 'http://wordpress.org/docs/reference/post/#trackback') ?>

@@ -64,7 +64,7 @@ edCanvas = document.getElementById('content'); '; } ?> - +

diff --git a/wp-admin/edit-link-form.php b/wp-admin/edit-link-form.php index fe5b6349..5111c0b8 100644 --- a/wp-admin/edit-link-form.php +++ b/wp-admin/edit-link-form.php @@ -230,7 +230,7 @@ function xfn_check($class, $value = '', $type = 'check') { - + diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php index c9b7ef5b..b0e603e0 100644 --- a/wp-admin/edit-page-form.php +++ b/wp-admin/edit-page-form.php @@ -9,16 +9,19 @@ if (0 == $post_ID) { $temp_ID = -1 * time(); $form_extra = ""; } else { + $post_ID = (int) $post_ID; $form_action = 'editpost'; $nonce_action = 'update-post_' . $post_ID; $form_extra = ""; } -$sendto = wp_get_referer(); +$temp_ID = (int) $temp_ID; +$user_ID = (int) $user_ID; + +$sendto = attribute_escape(wp_get_referer()); if ( 0 != $post_ID && $sendto == get_permalink($post_ID) ) $sendto = 'redo'; -$sendto = wp_specialchars( $sendto ); ?> @@ -61,7 +64,7 @@ addLoadEvent(focusit);

-
+
@@ -86,7 +89,7 @@ addLoadEvent(focusit);

-
+
id ) ) : // TODO: ROLE SYSTEM ?> @@ -99,6 +102,8 @@ foreach ($authors as $o) : $o = get_userdata( $o->ID ); if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; else $selected = ''; +$o->ID = (int) $o->ID; +$o->display_name = wp_specialchars( $o->display_name ); echo ""; endforeach; ?> @@ -119,7 +124,7 @@ endforeach;
-
+
@@ -193,7 +198,7 @@ if (current_user_can('upload_files')) { $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading'); $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src); if ( false != $uploading_iframe_src ) - echo ''; + echo ''; } ?> @@ -224,8 +229,8 @@ if($metadata = has_meta($post_ID)) { $delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); ?> post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> /> - -
+ + diff --git a/wp-admin/edit-pages.php b/wp-admin/edit-pages.php index 9dc89d78..e108407d 100644 --- a/wp-admin/edit-pages.php +++ b/wp-admin/edit-pages.php @@ -13,7 +13,7 @@ require_once('admin-header.php');
- +
diff --git a/wp-admin/edit.php b/wp-admin/edit.php index eb67c80a..df86317e 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -79,7 +79,7 @@ if ( is_month() ) {
- +
diff --git a/wp-admin/import/blogger.php b/wp-admin/import/blogger.php index d35f8421..0772eb1d 100644 --- a/wp-admin/import/blogger.php +++ b/wp-admin/import/blogger.php @@ -7,14 +7,15 @@ class Blogger_Import { // Shows the welcome screen and the magic iframe. function greet() { - $title = __('Import Blogger'); - $welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.'); + $title = __('Import Old Blogger'); + $welcome = __('Howdy! This importer allows you to import posts and comments from your Old Blogger account into your WordPress blog.'); $noiframes = __('This feature requires iframe support.'); $warning = __('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?'); $reset = __('Reset this importer'); $incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.'); echo "

$title

$welcome

"; + echo "

" . __('Please note that this importer does not work with Blogger (using your Google account).') . "

"; if ( function_exists('curl_init') ) echo "

$reset

"; else @@ -135,13 +136,13 @@ class Blogger_Import { curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); if ($header) curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $response = curl_exec ($ch); - + if ($parse) { $response = $this->parse_response($response); $response['url'] = $url; return $response; } - + return $response; } @@ -210,7 +211,7 @@ class Blogger_Import { $this->import['blogs'][$_GET['blog']]['nextstep'] = $step; update_option('import-blogger', $this->import); } - + // Redirects to next step function do_next_step() { wp_redirect("admin.php?import=blogger&noheader=true&blog={$_GET['blog']}"); @@ -224,13 +225,13 @@ class Blogger_Import { if ( ! ( $_POST['user'] && $_POST['pass'] ) ) { $this->login_form(__('The script will log into your Blogger account, change some settings so it can read your blog, and restore the original settings when it\'s done. Here\'s what you do:').'

  1. '.__('Back up your Blogger template.').'
  2. '.__('Back up any other Blogger settings you might need later.').'
  3. '.__('Log out of Blogger').'
  4. '.__('Log in here with your Blogger username and password.').'
  5. '.__('On the next screen, click one of your Blogger blogs.').'
  6. '.__('Do not close this window or navigate away until the process is complete.').'
'); } - - // Try logging in. If we get an array of cookies back, we at least connected. + + // Try logging in. If we get an array of cookies back, we at least connected. $this->import['cookies'] = $this->login_blogger($_POST['user'], $_POST['pass']); if ( !is_array( $this->import['cookies'] ) ) { $this->login_form(__('Login failed. Please enter your credentials again.')); } - + // Save the password so we can log the browser in when it's time to publish. $this->import['pass'] = $_POST['pass']; $this->import['user'] = $_POST['user']; @@ -341,7 +342,7 @@ class Blogger_Import { $form = "
"; $form.= $body; $form.= "
"; - $output.= '

'.sprintf('%s in progress, please wait...', $blog_opt)."

\n"; + $output.= '

'.sprintf(__('%s in progress, please wait...'), $blog_opt)."

\n"; } else { $output.= "

$blog_opt

\n"; } @@ -395,7 +396,7 @@ class Blogger_Import { update_option('import-blogger', $import); $archive = $this->get_blogger($url); if ( $archive['code'] > 200 ) - continue; + continue; $posts = explode('', $archive['body']); for ($i = 1; $i < count($posts); $i = $i + 1) { $postparts = explode('', $posts[$i]); @@ -409,7 +410,7 @@ class Blogger_Import { $post_title = ( $postinfo[4] != '' ) ? $postinfo[4] : $postinfo[3]; $post_author_name = $wpdb->escape(trim($postinfo[1])); $post_author_email = $postinfo[5] ? $postinfo[5] : 'user@wordpress.org'; - + if ( $this->lump_authors ) { // Ignore Blogger authors. Use the current user_ID for all posts imported. $post_author = $GLOBALS['user_ID']; @@ -420,7 +421,7 @@ class Blogger_Import { $user_email = $wpdb->escape($post_author_email); $user_password = substr(md5(uniqid(microtime())), 0, 6); $result = wp_create_user( $user_login, $user_password, $user_email ); - $status.= sprintf('Registered user %s.', $user_login); + $status.= sprintf(__('Registered user %s.'), $user_login); $this->import['blogs'][$_GET['blog']]['newusers'][] = $user_login; } $userdata = get_userdatabylogin( $post_author_name ); @@ -435,21 +436,21 @@ class Blogger_Import { $posthour = zeroise($post_date_His[0], 2); $postminute = zeroise($post_date_His[1], 2); $postsecond = zeroise($post_date_His[2], 2); - + if (($post_date[2] == 'PM') && ($posthour != '12')) $posthour = $posthour + 12; else if (($post_date[2] == 'AM') && ($posthour == '12')) $posthour = '00'; - + $post_date = "$postyear-$postmonth-$postday $posthour:$postminute:$postsecond"; - + $post_content = addslashes($post_content); $post_content = str_replace(array('
','
','
','
','
','
'), "\n", $post_content); // the XHTML touch... ;) - + $post_title = addslashes($post_title); - + $post_status = 'publish'; - + if ( $ID = post_exists($post_title, '', $post_date) ) { $post_array[$i]['ID'] = $ID; $skippedpostcount++; @@ -509,7 +510,7 @@ class Blogger_Import { } } $status = sprintf(__('%s post(s) parsed, %s skipped...'), $postcount, $skippedpostcount).' '. - sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcoun, $skippedcommentcount).' '. + sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcount, $skippedcommentcount).' '. ' '.__('Done').''; $import = $this->import; $import['blogs'][$_GET['blog']]['archives']["$url"] = $status; @@ -546,7 +547,7 @@ class Blogger_Import { $response = $this->get_blogger("http://www.blogger.com/blog-publishing.g?blogID={$_GET['blog']}&publishMode={$optary['backup']['publishMode']}", $headers); sleep(2); if ( $response['code'] >= 400 ) - die('

Error restoring publishMode.

Please tell the devs.

' . addslashes(print_r($response, 1)) ); + die('

'.__('Error restoring publishMode').'

'.__('Please tell the devs.').'

' . addslashes(print_r($response, 1)) ); } } if ( $optary['backup'] != $optary['modify'] ) { @@ -597,11 +598,11 @@ class Blogger_Import { if ( $_GET['restart'] == 'true' ) { $this->restart(); } - + if ( isset($_GET['noheader']) ) { header('Content-Type: text/html; charset=utf-8'); - $this->import = get_settings('import-blogger'); + $this->import = get_option('import-blogger'); if ( false === $this->import ) { $step = 0; @@ -649,7 +650,7 @@ class Blogger_Import { break; } die; - + } else { $this->greet(); } @@ -662,6 +663,6 @@ class Blogger_Import { $blogger_import = new Blogger_Import(); -register_importer('blogger', 'Blogger', __('Import posts and comments from a Blogger account'), array ($blogger_import, 'start')); +register_importer('blogger', __('Old Blogger'), __('Import posts and comments from your Old Blogger account'), array ($blogger_import, 'start')); ?> diff --git a/wp-admin/import/dotclear.php b/wp-admin/import/dotclear.php index b4f2cd34..fd4f2d65 100644 --- a/wp-admin/import/dotclear.php +++ b/wp-admin/import/dotclear.php @@ -1,16 +1,21 @@ get_var('SELECT cat_ID FROM '.$wpdb->categories.' WHERE category_nicename="'.$category_nicename.'"'); - + return $name; } } @@ -55,57 +60,58 @@ if(!function_exists('link_exists')) // // This cries out for a C-implementation to be included in PHP core // - function valid_1byte($char) { - if(!is_int($char)) return false; - return ($char & 0x80) == 0x00; - } - - function valid_2byte($char) { - if(!is_int($char)) return false; - return ($char & 0xE0) == 0xC0; - } - - function valid_3byte($char) { - if(!is_int($char)) return false; - return ($char & 0xF0) == 0xE0; - } - - function valid_4byte($char) { - if(!is_int($char)) return false; - return ($char & 0xF8) == 0xF0; - } - - function valid_nextbyte($char) { - if(!is_int($char)) return false; - return ($char & 0xC0) == 0x80; - } - - function valid_utf8($string) { - $len = strlen($string); - $i = 0; - while( $i < $len ) { - $char = ord(substr($string, $i++, 1)); - if(valid_1byte($char)) { // continue - continue; - } else if(valid_2byte($char)) { // check 1 byte - if(!valid_nextbyte(ord(substr($string, $i++, 1)))) - return false; - } else if(valid_3byte($char)) { // check 2 bytes - if(!valid_nextbyte(ord(substr($string, $i++, 1)))) - return false; - if(!valid_nextbyte(ord(substr($string, $i++, 1)))) - return false; - } else if(valid_4byte($char)) { // check 3 bytes - if(!valid_nextbyte(ord(substr($string, $i++, 1)))) - return false; - if(!valid_nextbyte(ord(substr($string, $i++, 1)))) - return false; - if(!valid_nextbyte(ord(substr($string, $i++, 1)))) - return false; - } // goto next char - } - return true; // done - } + +function valid_1byte($char) { + if(!is_int($char)) return false; + return ($char & 0x80) == 0x00; +} + +function valid_2byte($char) { + if(!is_int($char)) return false; + return ($char & 0xE0) == 0xC0; +} + +function valid_3byte($char) { + if(!is_int($char)) return false; + return ($char & 0xF0) == 0xE0; +} + +function valid_4byte($char) { + if(!is_int($char)) return false; + return ($char & 0xF8) == 0xF0; +} + +function valid_nextbyte($char) { + if(!is_int($char)) return false; + return ($char & 0xC0) == 0x80; +} + +function valid_utf8($string) { + $len = strlen($string); + $i = 0; + while( $i < $len ) { + $char = ord(substr($string, $i++, 1)); + if(valid_1byte($char)) { // continue + continue; + } else if(valid_2byte($char)) { // check 1 byte + if(!valid_nextbyte(ord(substr($string, $i++, 1)))) + return false; + } else if(valid_3byte($char)) { // check 2 bytes + if(!valid_nextbyte(ord(substr($string, $i++, 1)))) + return false; + if(!valid_nextbyte(ord(substr($string, $i++, 1)))) + return false; + } else if(valid_4byte($char)) { // check 3 bytes + if(!valid_nextbyte(ord(substr($string, $i++, 1)))) + return false; + if(!valid_nextbyte(ord(substr($string, $i++, 1)))) + return false; + if(!valid_nextbyte(ord(substr($string, $i++, 1)))) + return false; + } // goto next char + } + return true; // done +} function csc ($s) { if (valid_utf8 ($s)) { @@ -127,7 +133,7 @@ class Dotclear_Import { function header() { echo '
'; - echo '

'.__('Import Dotclear').'

'; + echo '

'.__('Import DotClear').'

'; echo '

'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'

'; } @@ -135,78 +141,79 @@ class Dotclear_Import { { echo '
'; } - + function greet() { - echo '

'.__('Howdy! This importer allows you to extract posts from a Dotclear database into your blog. Mileage may vary.').'

'; - echo '

'.__('Your Dotclear Configuration settings are as follows:').'

'; + echo '

'.__('Howdy! This importer allows you to extract posts from a DotClear database into your blog. Mileage may vary.').'

'; + echo '

'.__('Your DotClear Configuration settings are as follows:').'

'; echo '
'; + wp_nonce_field('import-dotclear'); $this->db_form(); - echo ''; - echo '
'; + echo '

'; + echo '
'; } - function get_dc_cats() + function get_dc_cats() { global $wpdb; // General Housekeeping $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost')); set_magic_quotes_runtime(0); - $prefix = get_option('tpre'); - + $dbprefix = get_option('dcdbprefix'); + // Get Categories - return $dcdb->get_results('SELECT * FROM dc_categorie', ARRAY_A); + return $dcdb->get_results('SELECT * FROM '.$dbprefix.'categorie', ARRAY_A); } - + function get_dc_users() { global $wpdb; // General Housekeeping $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost')); set_magic_quotes_runtime(0); - $prefix = get_option('tpre'); - + $dbprefix = get_option('dcdbprefix'); + // Get Users - - return $dcdb->get_results('SELECT * FROM dc_user', ARRAY_A); + + return $dcdb->get_results('SELECT * FROM '.$dbprefix.'user', ARRAY_A); } - + function get_dc_posts() { // General Housekeeping $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost')); set_magic_quotes_runtime(0); - $prefix = get_option('tpre'); - + $dbprefix = get_option('dcdbprefix'); + // Get Posts - return $dcdb->get_results('SELECT dc_post.*, dc_categorie.cat_libelle_url AS post_cat_name - FROM dc_post INNER JOIN dc_categorie - ON dc_post.cat_id = dc_categorie.cat_id', ARRAY_A); + return $dcdb->get_results('SELECT '.$dbprefix.'post.*, '.$dbprefix.'categorie.cat_libelle_url AS post_cat_name + FROM '.$dbprefix.'post INNER JOIN '.$dbprefix.'categorie + ON '.$dbprefix.'post.cat_id = '.$dbprefix.'categorie.cat_id', ARRAY_A); } - + function get_dc_comments() { global $wpdb; // General Housekeeping $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost')); set_magic_quotes_runtime(0); - $prefix = get_option('tpre'); - + $dbprefix = get_option('dcdbprefix'); + // Get Comments - return $dcdb->get_results('SELECT * FROM dc_comment', ARRAY_A); + return $dcdb->get_results('SELECT * FROM '.$dbprefix.'comment', ARRAY_A); } - + function get_dc_links() { //General Housekeeping $dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost')); set_magic_quotes_runtime(0); - $prefix = get_option('tpre'); + $dbprefix = get_option('dcdbprefix'); - return $dcdb->get_results('SELECT * FROM dc_link ORDER BY position', ARRAY_A); + return $dcdb->get_results('SELECT * FROM '.$dbprefix.'link ORDER BY position', ARRAY_A); } - - function cat2wp($categories='') + + function cat2wp($categories='') { // General Housekeeping global $wpdb; @@ -216,11 +223,11 @@ class Dotclear_Import { if(is_array($categories)) { echo '

'.__('Importing Categories...').'

'; - foreach ($categories as $category) + foreach ($categories as $category) { $count++; extract($category); - + // Make Nice Variables $name = $wpdb->escape($cat_libelle_url); $title = $wpdb->escape(csc ($cat_libelle)); @@ -236,7 +243,7 @@ class Dotclear_Import { } $dccat2wpcat[$id] = $ret_id; } - + // Store category translation for future use add_option('dccat2wpcat',$dccat2wpcat); echo '

'.sprintf(__('Done! %1$s categories imported.'), $count).'

'; @@ -245,14 +252,14 @@ class Dotclear_Import { echo __('No Categories to Import!'); return false; } - + function users2wp($users='') { // General Housekeeping global $wpdb; $count = 0; $dcid2wpid = array(); - + // Midnight Mojo if(is_array($users)) { @@ -261,14 +268,14 @@ class Dotclear_Import { { $count++; extract($user); - + // Make Nice Variables $name = $wpdb->escape(csc ($name)); $RealName = $wpdb->escape(csc ($user_pseudo)); - + if($uinfo = get_userdatabylogin($name)) { - + $ret_id = wp_insert_user(array( 'ID' => $uinfo->ID, 'user_login' => $user_id, @@ -278,7 +285,7 @@ class Dotclear_Import { 'display_name' => $Realname) ); } - else + else { $ret_id = wp_insert_user(array( 'user_login' => $user_id, @@ -289,9 +296,9 @@ class Dotclear_Import { ); } $dcid2wpid[$user_id] = $ret_id; - - // Set Dotclear-to-WordPress permissions translation - + + // Set DotClear-to-WordPress permissions translation + // Update Usermeta Data $user = new WP_User($ret_id); $wp_perms = $user_level + 1; @@ -302,26 +309,26 @@ class Dotclear_Import { else if(3 <= $wp_perms) { $user->set_role('contributor'); } else if(2 <= $wp_perms) { $user->set_role('contributor'); } else { $user->set_role('subscriber'); } - + update_usermeta( $ret_id, 'wp_user_level', $wp_perms); update_usermeta( $ret_id, 'rich_editing', 'false'); update_usermeta( $ret_id, 'first_name', csc ($user_prenom)); update_usermeta( $ret_id, 'last_name', csc ($user_nom)); }// End foreach($users as $user) - + // Store id translation array for future use add_option('dcid2wpid',$dcid2wpid); - - + + echo '

'.sprintf(__('Done! %1$s users imported.'), $count).'

'; return true; }// End if(is_array($users) - + echo __('No Users to Import!'); return false; - + }// End function user2wp() - + function posts2wp($posts='') { // General Housekeeping @@ -338,17 +345,18 @@ class Dotclear_Import { { $count++; extract($post); - - // Set Dotclear-to-WordPress status translation + + // Set DotClear-to-WordPress status translation $stattrans = array(0 => 'draft', 1 => 'publish'); $comment_status_map = array (0 => 'closed', 1 => 'open'); - + //Can we do this more efficiently? $uinfo = ( get_userdatabylogin( $user_id ) ) ? get_userdatabylogin( $user_id ) : 1; $authorid = ( is_object( $uinfo ) ) ? $uinfo->ID : $uinfo ; $Title = $wpdb->escape(csc ($post_titre)); $post_content = textconv ($post_content); + $post_excerpt = ""; if ($post_chapo != "") { $post_excerpt = textconv ($post_chapo); $post_content = $post_excerpt ."\n\n".$post_content; @@ -356,9 +364,9 @@ class Dotclear_Import { $post_excerpt = $wpdb->escape ($post_excerpt); $post_content = $wpdb->escape ($post_content); $post_status = $stattrans[$post_pub]; - + // Import Post data into WordPress - + if($pinfo = post_exists($Title,$post_content)) { $ret_id = wp_insert_post(array( @@ -378,7 +386,7 @@ class Dotclear_Import { 'comment_count' => $post_nb_comment + $post_nb_trackback) ); } - else + else { $ret_id = wp_insert_post(array( 'post_author' => $authorid, @@ -397,7 +405,7 @@ class Dotclear_Import { ); } $dcposts2wpposts[$post_id] = $ret_id; - + // Make Post-to-Category associations $cats = array(); if($cat1 = get_catbynicename($post_cat_name)) { $cats[1] = $cat1; } @@ -407,11 +415,11 @@ class Dotclear_Import { } // Store ID translation for later use add_option('dcposts2wpposts',$dcposts2wpposts); - + echo '

'.sprintf(__('Done! %1$s posts imported.'), $count).'

'; - return true; + return true; } - + function comments2wp($comments='') { // General Housekeeping @@ -419,7 +427,7 @@ class Dotclear_Import { $count = 0; $dccm2wpcm = array(); $postarr = get_option('dcposts2wpposts'); - + // Magic Mojo if(is_array($comments)) { @@ -428,16 +436,16 @@ class Dotclear_Import { { $count++; extract($comment); - + // WordPressify Data - $comment_ID = ltrim($comment_id, '0'); - $comment_post_ID = $postarr[$post_id]; + $comment_ID = (int) ltrim($comment_id, '0'); + $comment_post_ID = (int) $postarr[$post_id]; $comment_approved = "$comment_pub"; $name = $wpdb->escape(csc ($comment_auteur)); $email = $wpdb->escape($comment_email); $web = "http://".$wpdb->escape($comment_site); $message = $wpdb->escape(textconv ($comment_content)); - + if($cinfo = comment_exists($name, $comment_dt)) { // Update comments @@ -454,7 +462,7 @@ class Dotclear_Import { 'comment_approved' => $comment_approved) ); } - else + else { // Insert comments $ret_id = wp_insert_comment(array( @@ -472,25 +480,25 @@ class Dotclear_Import { $dccm2wpcm[$comment_ID] = $ret_id; } // Store Comment ID translation for future use - add_option('dccm2wpcm', $dccm2wpcm); - + add_option('dccm2wpcm', $dccm2wpcm); + // Associate newly formed categories with posts get_comment_count($ret_id); - - + + echo '

'.sprintf(__('Done! %1$s comments imported.'), $count).'

'; return true; } echo __('No Comments to Import!'); return false; } - + function links2wp($links='') { // General Housekeeping global $wpdb; $count = 0; - + // Deal with the links if(is_array($links)) { @@ -499,7 +507,7 @@ class Dotclear_Import { { $count++; extract($link); - + if ($title != "") { if ($cinfo = link_cat_exists (csc ($title))) { $category = $cinfo; @@ -511,7 +519,7 @@ class Dotclear_Import { } else { $linkname = $wpdb->escape(csc ($label)); $description = $wpdb->escape(csc ($title)); - + if($linfo = link_exists($linkname)) { $ret_id = wp_insert_link(array( 'link_id' => $linfo, @@ -540,70 +548,75 @@ class Dotclear_Import { echo __('No Links to Import!'); return false; } - - function import_categories() - { - // Category Import + + function import_categories() + { + // Category Import $cats = $this->get_dc_cats(); $this->cat2wp($cats); add_option('dc_cats', $cats); - - - + + + echo '
'; - printf('', __('Import Users')); + wp_nonce_field('import-dotclear'); + printf('', attribute_escape(__('Import Users'))); echo '
'; } - + function import_users() { // User Import - $users = $this->get_dc_users(); + $users = $this->get_dc_users(); $this->users2wp($users); - + echo '
'; - printf('', __('Import Posts')); + wp_nonce_field('import-dotclear'); + printf('', attribute_escape(__('Import Posts'))); echo '
'; } - + function import_posts() { // Post Import $posts = $this->get_dc_posts(); $this->posts2wp($posts); - + echo '
'; - printf('', __('Import Comments')); + wp_nonce_field('import-dotclear'); + printf('', attribute_escape(__('Import Comments'))); echo '
'; } - + function import_comments() { // Comment Import $comments = $this->get_dc_comments(); $this->comments2wp($comments); - + echo '
'; - printf('', __('Import Links')); + wp_nonce_field('import-dotclear'); + printf('', attribute_escape(__('Import Links'))); echo '
'; } - + function import_links() { //Link Import $links = $this->get_dc_links(); $this->links2wp($links); add_option('dc_links', $links); - + echo '
'; - printf('', __('Finish')); + wp_nonce_field('import-dotclear'); + printf('', attribute_escape(__('Finish'))); echo '
'; } - + function cleanup_dcimport() { - delete_option('tpre'); + delete_option('dcdbprefix'); delete_option('dc_cats'); delete_option('dcid2wpid'); delete_option('dccat2wpcat'); @@ -617,39 +630,39 @@ class Dotclear_Import { delete_option('dccharset'); $this->tips(); } - + function tips() { - echo '

'.__('Welcome to WordPress. We hope (and expect!) that you will find this platform incredibly rewarding! As a new WordPress user coming from Dotclear, there are some things that we would like to point out. Hopefully, they will help your transition go as smoothly as possible.').'

'; + echo '

'.__('Welcome to WordPress. We hope (and expect!) that you will find this platform incredibly rewarding! As a new WordPress user coming from DotClear, there are some things that we would like to point out. Hopefully, they will help your transition go as smoothly as possible.').'

'; echo '

'.__('Users').'

'; - echo '

'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password. Forget it. You didn\'t have that login in Dotclear, why should you have it here? Instead we have taken care to import all of your users into our system. Unfortunately there is one downside. Because both WordPress and Dotclear uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users. Every user has the same username, but their passwords are reset to password123. So Login and change it.'), '/wp-login.php').'

'; + echo '

'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password. Forget it. You didn\'t have that login in DotClear, why should you have it here? Instead we have taken care to import all of your users into our system. Unfortunately there is one downside. Because both WordPress and DotClear uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users. Every user has the same username, but their passwords are reset to password123. So Login and change it.'), '/wp-login.php').'

'; echo '

'.__('Preserving Authors').'

'; echo '

'.__('Secondly, we have attempted to preserve post authors. If you are the only author or contributor to your blog, then you are safe. In most cases, we are successful in this preservation endeavor. However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'

'; echo '

'.__('Textile').'

'; - echo '

'.__('Also, since you\'re coming from Dotclear, you probably have been using Textile to format your comments and posts. If this is the case, we recommend downloading and installing Textile for WordPress. Trust me... You\'ll want it.').'

'; + echo '

'.__('Also, since you\'re coming from DotClear, you probably have been using Textile to format your comments and posts. If this is the case, we recommend downloading and installing Textile for WordPress. Trust me... You\'ll want it.').'

'; echo '

'.__('WordPress Resources').'

'; echo '

'.__('Finally, there are numerous WordPress resources around the internet. Some of them are:').'

'; echo ''; - echo '

'.sprintf(__('That\'s it! What are you waiting for? Go login!'), '/wp-login.php').'

'; + echo '

'.sprintf(__('That\'s it! What are you waiting for? Go login!'), '../wp-login.php').'

'; } - + function db_form() { - echo '
    '; - printf('
    • ', __('Dotclear Database User:')); - printf('
    • ', __('Dotclear Database Password:')); - printf('
    • ', __('Dotclear Database Name:')); - printf('
    • ', __('Dotclear Database Host:')); - /* printf('
    • ', __('Dotclear Table prefix (if any):')); */ - printf('
    • ', __('Originating character set:')); - echo '
'; + echo ''; + printf('', __('DotClear Database User:')); + printf('', __('DotClear Database Password:')); + printf('', __('DotClear Database Name:')); + printf('', __('DotClear Database Host:')); + printf('', __('DotClear Table prefix:')); + printf('', __('Originating character set:')); + echo '
'; } - - function dispatch() + + function dispatch() { if (empty ($_GET['step'])) @@ -657,51 +670,53 @@ class Dotclear_Import { else $step = (int) $_GET['step']; $this->header(); - - if ( $step > 0 ) + + if ( $step > 0 ) { + check_admin_referer('import-dotclear'); + if($_POST['dbuser']) { if(get_option('dcuser')) - delete_option('dcuser'); - add_option('dcuser',$_POST['dbuser']); + delete_option('dcuser'); + add_option('dcuser', sanitize_user($_POST['dbuser'], true)); } if($_POST['dbpass']) { if(get_option('dcpass')) - delete_option('dcpass'); - add_option('dcpass',$_POST['dbpass']); + delete_option('dcpass'); + add_option('dcpass', sanitize_user($_POST['dbpass'], true)); } - + if($_POST['dbname']) { if(get_option('dcname')) - delete_option('dcname'); - add_option('dcname',$_POST['dbname']); + delete_option('dcname'); + add_option('dcname', sanitize_user($_POST['dbname'], true)); } if($_POST['dbhost']) { if(get_option('dchost')) delete_option('dchost'); - add_option('dchost',$_POST['dbhost']); + add_option('dchost', sanitize_user($_POST['dbhost'], true)); } if($_POST['dccharset']) { if(get_option('dccharset')) delete_option('dccharset'); - add_option('dccharset',$_POST['dccharset']); - } + add_option('dccharset', sanitize_user($_POST['dccharset'], true)); + } if($_POST['dbprefix']) { - if(get_option('tpre')) - delete_option('tpre'); - add_option('tpre',$_POST['dbprefix']); - } + if(get_option('dcdbprefix')) + delete_option('dcdbprefix'); + add_option('dcdbprefix', sanitize_user($_POST['dbprefix'], true)); + } } - switch ($step) + switch ($step) { default: case 0 : @@ -726,16 +741,16 @@ class Dotclear_Import { $this->cleanup_dcimport(); break; } - + $this->footer(); } - function Dotclear_Import() + function Dotclear_Import() { - // Nothing. + // Nothing. } } $dc_import = new Dotclear_Import(); -register_importer('dotclear', 'Dotclear', __('Import posts from a Dotclear Blog'), array ($dc_import, 'dispatch')); +register_importer('dotclear', __('DotClear'), __('Import categories, users, posts, comments, and links from a DotClear blog'), array ($dc_import, 'dispatch')); ?> diff --git a/wp-admin/import/greymatter.php b/wp-admin/import/greymatter.php index e69de29b..4305cd18 100644 --- a/wp-admin/import/greymatter.php +++ b/wp-admin/import/greymatter.php @@ -0,0 +1,317 @@ +'; + echo '

'.__('Import GreyMatter').'

'; + } + + function footer() { + echo '
'; + } + + function greet() { + $this->header(); +?> +

+

+ +

+ +

 

+ +
+ + + +

+

+ + + + + + + + + + + + + + + +

so you need to enter the number of the last GM post here.
(if you don't know that number, just log into your FTP and look it out
in the entries' folder)") ?>
+

+

+
+

 

+footer(); + } + + + + function gm2autobr($string) { // transforms GM's |*| into b2's
\n + $string = str_replace("|*|","
\n",$string); + return($string); + } + + function import() { + global $wpdb; + + $wpvarstoreset = array('gmpath', 'archivespath', 'lastentry'); + for ($i=0; $iheader(); +?> +

+
    +
    • escape($userdata[0]); + $pass1=$wpdb->escape($userdata[1]); + $user_nickname=$wpdb->escape($userdata[0]); + $user_email=$wpdb->escape($userdata[2]); + $user_url=$wpdb->escape($userdata[3]); + $user_joindate=$wpdb->escape($user_joindate); + + $user_id = username_exists($user_login); + if ($user_id) { + printf('
    • '.__('user %s').''.__('Already exists').'
      • ', "$user_login"); + $this->gmnames[$userdata[0]] = $user_id; + continue; + } + + $user_info = array("user_login"=>"$user_login", "user_pass"=>"$pass1", "user_nickname"=>"$user_nickname", "user_email"=>"$user_email", "user_url"=>"$user_url", "user_ip"=>"$user_ip", "user_domain"=>"$user_domain", "user_browser"=>"$user_browser", "dateYMDhour"=>"$user_joindate", "user_level"=>"1", "user_idmode"=>"nickname"); + $user_id = wp_insert_user($user_info); + $this->gmnames[$userdata[0]] = $user_id; + + printf('
    • '.__('user %s...').' '.__('Done').'
      • ', "$user_login"); + } + +?>
    • +

    • gm2autobr($entry[2]); + $postmorecontent=$this->gm2autobr($entry[3]); + + $post_author=trim($wpdb->escape($postinfo[1])); + + $post_title=$this->gm2autobr($postinfo[2]); + printf('
    • '.__('entry # %s : %s : by %s'), $entryfile, $post_title, $postinfo[1]); + $post_title=$wpdb->escape($post_title); + + $postyear=$postinfo[6]; + $postmonth=zeroise($postinfo[4],2); + $postday=zeroise($postinfo[5],2); + $posthour=zeroise($postinfo[7],2); + $postminute=zeroise($postinfo[8],2); + $postsecond=zeroise($postinfo[9],2); + + if (($postinfo[10]=="PM") && ($posthour!="12")) + $posthour=$posthour+12; + + $post_date="$postyear-$postmonth-$postday $posthour:$postminute:$postsecond"; + + $post_content=$postmaincontent; + if (strlen($postmorecontent)>3) + $post_content .= "

      ".$postmorecontent; + $post_content=$wpdb->escape($post_content); + + $post_karma=$postinfo[12]; + + $post_status = 'publish'; //in greymatter, there are no drafts + $comment_status = 'open'; + $ping_status = 'closed'; + + if ($post_ID = post_exists($post_title, '', $post_date)) { + echo ' '; + _e('(already exists)'); + } else { + //just so that if a post already exists, new users are not created by checkauthor + // we'll check the author is registered, or if it's a deleted author + $user_id = username_exists($post_author); + if (!$user_id) { // if deleted from GM, we register the author as a level 0 user + $user_ip="127.0.0.1"; + $user_domain="localhost"; + $user_browser="server"; + $user_joindate="1979-06-06 00:41:00"; + $user_login=$wpdb->escape($post_author); + $pass1=$wpdb->escape("password"); + $user_nickname=$wpdb->escape($post_author); + $user_email=$wpdb->escape("user@deleted.com"); + $user_url=$wpdb->escape(""); + $user_joindate=$wpdb->escape($user_joindate); + + $user_info = array("user_login"=>$user_login, "user_pass"=>$pass1, "user_nickname"=>$user_nickname, "user_email"=>$user_email, "user_url"=>$user_url, "user_ip"=>$user_ip, "user_domain"=>$user_domain, "user_browser"=>$user_browser, "dateYMDhour"=>$user_joindate, "user_level"=>0, "user_idmode"=>"nickname"); + $user_id = wp_insert_user($user_info); + $this->gmnames[$postinfo[1]] = $user_id; + + echo ': '; + printf(__('registered deleted user %s at level 0 '), "$user_login"); + } + + if (array_key_exists($postinfo[1], $this->gmnames)) { + $post_author = $this->gmnames[$postinfo[1]]; + } else { + $post_author = $user_id; + } + + $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt'); + $post_ID = wp_insert_post($postdata); + } + + $c=count($entry); + if ($c>4) { + $numAddedComments = 0; + $numComments = 0; + for ($j=4;$j<$c;$j++) { + $entry[$j]=$this->gm2autobr($entry[$j]); + $commentinfo=explode("|",$entry[$j]); + $comment_post_ID=$post_ID; + $comment_author=$wpdb->escape($commentinfo[0]); + $comment_author_email=$wpdb->escape($commentinfo[2]); + $comment_author_url=$wpdb->escape($commentinfo[3]); + $comment_author_IP=$wpdb->escape($commentinfo[1]); + + $commentyear=$commentinfo[7]; + $commentmonth=zeroise($commentinfo[5],2); + $commentday=zeroise($commentinfo[6],2); + $commenthour=zeroise($commentinfo[8],2); + $commentminute=zeroise($commentinfo[9],2); + $commentsecond=zeroise($commentinfo[10],2); + if (($commentinfo[11]=="PM") && ($commenthour!="12")) + $commenthour=$commenthour+12; + $comment_date="$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond"; + + $comment_content=$wpdb->escape($commentinfo[12]); + + if (!comment_exists($comment_author, $comment_date)) { + $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_content', 'comment_approved'); + $commentdata = wp_filter_comment($commentdata); + wp_insert_comment($commentdata); + $numAddedComments++; + } + $numComments++; + } + if ($numAddedComments > 0) { + echo ': '; + printf(__('imported %d comment(s)'), $numAddedComments); + } + $preExisting = $numComments - numAddedComments; + if ($preExisting > 0) { + echo ' '; + printf(__('ignored %d pre-existing comments'), $preExisting); + } + } + echo '... '.__('Done').'
      • '; + } + } + ?> +
+

 

+

+footer(); + } + + function dispatch() { + if (empty ($_GET['step'])) + $step = 0; + else + $step = (int) $_GET['step']; + + switch ($step) { + case 0 : + $this->greet(); + break; + case 1: + check_admin_referer('import-greymatter'); + $this->import(); + break; + } + } + + function GM_Import() { + // Nothing. + } +} + +$gm_import = new GM_Import(); + +register_importer('greymatter', __('GreyMatter'), __('Import users, posts, and comments from a Greymatter blog'), array ($gm_import, 'dispatch')); +?> diff --git a/wp-admin/import/livejournal.php b/wp-admin/import/livejournal.php index e8c48c4a..3c9cdab7 100644 --- a/wp-admin/import/livejournal.php +++ b/wp-admin/import/livejournal.php @@ -80,7 +80,7 @@ class LJ_Import { $comments = $comments[1]; if ( $comments ) { - $comment_post_ID = $post_id; + $comment_post_ID = (int) $post_id; $num_comments = 0; foreach ($comments as $comment) { preg_match('|(.*?)|is', $comment, $comment_content); @@ -153,6 +153,7 @@ class LJ_Import { $this->greet(); break; case 1 : + check_admin_referer('import-upload'); $this->import(); break; } @@ -167,5 +168,5 @@ class LJ_Import { $livejournal_import = new LJ_Import(); -register_importer('livejournal', 'LiveJournal', __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch')); +register_importer('livejournal', __('LiveJournal'), __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch')); ?> diff --git a/wp-admin/import/mt.php b/wp-admin/import/mt.php index e5b66261..f02b0697 100644 --- a/wp-admin/import/mt.php +++ b/wp-admin/import/mt.php @@ -11,7 +11,7 @@ class MT_Import { function header() { echo '
'; - echo '

'.__('Import Movable Type').'

'; + echo '

'.__('Import Movable Type and Typepad').'

'; } function footer() { @@ -32,7 +32,7 @@ class MT_Import { global $wpdb, $testing; $users = $wpdb->get_results("SELECT * FROM $wpdb->users ORDER BY ID"); ?>'; + echo '
  • '.__('Current author:').' '.$author.'
    '.sprintf(__('Create user %1$s or map to existing'), '
    '); $this->users_form($j); echo '
    • '; } - echo ''.'
    '; + echo ''.'
    '; echo ''; - echo ''; + echo '
    '; - flush(); } function select_authors() { $file = wp_import_handle_upload(); if ( isset($file['error']) ) { - echo $file['error']; + $this->header(); + echo '

    '.__('Sorry, there has been an error').'.

    '; + echo '

    ' . $file['error'] . '

    '; + $this->footer(); return; } $this->file = $file['file']; - $this->id = $file['id']; + $this->id = (int) $file['id']; $this->get_entries(); $this->mt_authors_form(); @@ -174,7 +179,7 @@ class MT_Import { function process_posts() { global $wpdb; $i = -1; - echo "
      "; + echo "
        "; foreach ($this->posts as $post) { if ('' != trim($post)) { ++ $i; @@ -289,7 +294,7 @@ class MT_Import { } } - $comment_post_ID = $post_id; + $comment_post_ID = (int) $post_id; $comment_approved = 1; // Now for comments @@ -330,7 +335,7 @@ class MT_Import { } } if ( $num_comments ) - printf(__('(%s comments)'), $num_comments); + printf(' '.__('(%s comments)'), $num_comments); // Finally the pings // fix the double newline on the first one @@ -378,22 +383,22 @@ class MT_Import { } } if ( $num_pings ) - printf(__('(%s pings)'), $num_pings); - + printf(' '.__('(%s pings)'), $num_pings); + echo ""; } - flush(); } echo '
      '; wp_import_cleanup($this->id); - echo '

      '.sprintf(__('All done. Have fun!'), get_option('home')).'

      '; + echo '

      '.sprintf(__('All done. Have fun!'), get_option('home')).'

      '; } function import() { $this->id = (int) $_GET['id']; + $this->file = get_attached_file($this->id); $this->get_authors_from_post(); $this->get_entries(); @@ -411,20 +416,22 @@ class MT_Import { $this->greet(); break; case 1 : + check_admin_referer('import-upload'); $this->select_authors(); break; case 2: + check_admin_referer('import-mt'); $this->import(); break; } } function MT_Import() { - // Nothing. + // Nothing. } } $mt_import = new MT_Import(); -register_importer('mt', 'Movable Type', __('Import posts and comments from your Movable Type blog'), array ($mt_import, 'dispatch')); +register_importer('mt', __('Movable Type and Typepad'), __('Imports posts and comments from your Movable Type or Typepad blog'), array ($mt_import, 'dispatch')); ?> diff --git a/wp-admin/import/rss.php b/wp-admin/import/rss.php index e4a81673..187c8ac2 100644 --- a/wp-admin/import/rss.php +++ b/wp-admin/import/rss.php @@ -38,21 +38,22 @@ class RSS_Import { $index = 0; foreach ($this->posts as $post) { preg_match('|(.*?)|is', $post, $post_title); - $post_title = $wpdb->escape(trim($post_title[1])); + $post_title = str_replace(array(''), '', $wpdb->escape( trim($post_title[1]) )); - preg_match('|(.*?)|is', $post, $post_date); + preg_match('|(.*?)|is', $post, $post_date_gmt); - if ($post_date) { - $post_date = strtotime($post_date[1]); + if ($post_date_gmt) { + $post_date_gmt = strtotime($post_date_gmt[1]); } else { // if we don't already have something from pubDate - preg_match('|(.*?)|is', $post, $post_date); - $post_date = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date[1]); - $post_date = str_replace('T', ' ', $post_date); - $post_date = strtotime($post_date); + preg_match('|(.*?)|is', $post, $post_date_gmt); + $post_date_gmt = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date_gmt[1]); + $post_date_gmt = str_replace('T', ' ', $post_date_gmt); + $post_date_gmt = strtotime($post_date_gmt); } - $post_date = gmdate('Y-m-d H:i:s', $post_date); + $post_date_gmt = gmdate('Y-m-d H:i:s', $post_date_gmt); + $post_date = get_date_from_gmt( $post_date_gmt ); preg_match_all('|(.*?)|is', $post, $categories); $categories = $categories[1]; @@ -90,7 +91,7 @@ class RSS_Import { $post_author = 1; $post_status = 'publish'; - $this->posts[$index] = compact('post_author', 'post_date', 'post_content', 'post_title', 'post_status', 'guid', 'categories'); + $this->posts[$index] = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_status', 'guid', 'categories'); $index++; } } @@ -153,6 +154,7 @@ class RSS_Import { $this->greet(); break; case 1 : + check_admin_referer('import-upload'); $this->import(); break; } @@ -167,5 +169,5 @@ class RSS_Import { $rss_import = new RSS_Import(); -register_importer('rss', 'RSS', __('Import posts from an RSS feed'), array ($rss_import, 'dispatch')); +register_importer('rss', __('RSS'), __('Import posts from an RSS feed'), array ($rss_import, 'dispatch')); ?> diff --git a/wp-admin/import/textpattern.php b/wp-admin/import/textpattern.php index 44b0fc36..2d2b145e 100644 --- a/wp-admin/import/textpattern.php +++ b/wp-admin/import/textpattern.php @@ -4,13 +4,13 @@ **/ if(!function_exists('get_catbynicename')) { - function get_catbynicename($category_nicename) + function get_catbynicename($category_nicename) { global $wpdb; - + $cat_id -= 0; // force numeric $name = $wpdb->get_var('SELECT cat_ID FROM '.$wpdb->categories.' WHERE category_nicename="'.$category_nicename.'"'); - + return $name; } } @@ -49,15 +49,18 @@ class Textpattern_Import { { echo ''; } - - function greet() - { - echo '

      '.__('Howdy! This importer allows you to extract posts from any Textpattern 4.0.2+ into your blog. This has not been tested on previous versions of Textpattern. Mileage may vary.').'

      '; + + function greet() { + echo '
      '; + echo '

      '.__('Howdy! This imports categories, users, posts, comments, and links from any Textpattern 4.0.2+ into this blog.').'

      '; + echo '

      '.__('This has not been tested on previous versions of Textpattern. Mileage may vary.').'

      '; echo '

      '.__('Your Textpattern Configuration settings are as follows:').'

      '; echo '
      '; + wp_nonce_field('import-textpattern'); $this->db_form(); - echo ''; + echo '

      '; echo '
      '; + echo '
      '; } function get_txp_cats() @@ -67,17 +70,17 @@ class Textpattern_Import { $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost')); set_magic_quotes_runtime(0); $prefix = get_option('tpre'); - + // Get Categories - return $txpdb->get_results('SELECT - id, - name, - title - FROM '.$prefix.'txp_category - WHERE type = "article"', - ARRAY_A); + return $txpdb->get_results('SELECT + id, + name, + title + FROM '.$prefix.'txp_category + WHERE type = "article"', + ARRAY_A); } - + function get_txp_users() { global $wpdb; @@ -85,44 +88,44 @@ class Textpattern_Import { $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost')); set_magic_quotes_runtime(0); $prefix = get_option('tpre'); - + // Get Users - + return $txpdb->get_results('SELECT - user_id, - name, - RealName, - email, - privs - FROM '.$prefix.'txp_users', ARRAY_A); + user_id, + name, + RealName, + email, + privs + FROM '.$prefix.'txp_users', ARRAY_A); } - + function get_txp_posts() { // General Housekeeping $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost')); set_magic_quotes_runtime(0); $prefix = get_option('tpre'); - + // Get Posts - return $txpdb->get_results('SELECT - ID, - Posted, - AuthorID, - LastMod, - Title, - Body, - Excerpt, - Category1, - Category2, - Status, - Keywords, - url_title, - comments_count - FROM '.$prefix.'textpattern - ', ARRAY_A); + return $txpdb->get_results('SELECT + ID, + Posted, + AuthorID, + LastMod, + Title, + Body, + Excerpt, + Category1, + Category2, + Status, + Keywords, + url_title, + comments_count + FROM '.$prefix.'textpattern + ', ARRAY_A); } - + function get_txp_comments() { global $wpdb; @@ -130,30 +133,30 @@ class Textpattern_Import { $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost')); set_magic_quotes_runtime(0); $prefix = get_option('tpre'); - + // Get Comments return $txpdb->get_results('SELECT * FROM '.$prefix.'txp_discuss', ARRAY_A); } - + function get_txp_links() { //General Housekeeping $txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost')); set_magic_quotes_runtime(0); $prefix = get_option('tpre'); - - return $txpdb->get_results('SELECT - id, - date, - category, - url, - linkname, - description - FROM '.$prefix.'txp_link', - ARRAY_A); + + return $txpdb->get_results('SELECT + id, + date, + category, + url, + linkname, + description + FROM '.$prefix.'txp_link', + ARRAY_A); } - - function cat2wp($categories='') + + function cat2wp($categories='') { // General Housekeeping global $wpdb; @@ -163,16 +166,16 @@ class Textpattern_Import { if(is_array($categories)) { echo '

      '.__('Importing Categories...').'

      '; - foreach ($categories as $category) + foreach ($categories as $category) { $count++; extract($category); - - + + // Make Nice Variables $name = $wpdb->escape($name); $title = $wpdb->escape($title); - + if($cinfo = category_exists($name)) { $ret_id = wp_insert_category(array('cat_ID' => $cinfo, 'category_nicename' => $name, 'cat_name' => $title)); @@ -183,7 +186,7 @@ class Textpattern_Import { } $txpcat2wpcat[$id] = $ret_id; } - + // Store category translation for future use add_option('txpcat2wpcat',$txpcat2wpcat); echo '

      '.sprintf(__('Done! %1$s categories imported.'), $count).'

      '; @@ -192,14 +195,14 @@ class Textpattern_Import { echo __('No Categories to Import!'); return false; } - + function users2wp($users='') { // General Housekeeping global $wpdb; $count = 0; $txpid2wpid = array(); - + // Midnight Mojo if(is_array($users)) { @@ -208,14 +211,14 @@ class Textpattern_Import { { $count++; extract($user); - + // Make Nice Variables $name = $wpdb->escape($name); $RealName = $wpdb->escape($RealName); - + if($uinfo = get_userdatabylogin($name)) { - + $ret_id = wp_insert_user(array( 'ID' => $uinfo->ID, 'user_login' => $name, @@ -225,7 +228,7 @@ class Textpattern_Import { 'display_name' => $name) ); } - else + else { $ret_id = wp_insert_user(array( 'user_login' => $name, @@ -236,10 +239,10 @@ class Textpattern_Import { ); } $txpid2wpid[$user_id] = $ret_id; - + // Set Textpattern-to-WordPress permissions translation $transperms = array(1 => '10', 2 => '9', 3 => '5', 4 => '4', 5 => '3', 6 => '2', 7 => '0'); - + // Update Usermeta Data $user = new WP_User($ret_id); if('10' == $transperms[$privs]) { $user->set_role('administrator'); } @@ -249,24 +252,24 @@ class Textpattern_Import { if('3' == $transperms[$privs]) { $user->set_role('contributor'); } if('2' == $transperms[$privs]) { $user->set_role('contributor'); } if('0' == $transperms[$privs]) { $user->set_role('subscriber'); } - + update_usermeta( $ret_id, 'wp_user_level', $transperms[$privs] ); update_usermeta( $ret_id, 'rich_editing', 'false'); }// End foreach($users as $user) - + // Store id translation array for future use add_option('txpid2wpid',$txpid2wpid); - - + + echo '

      '.sprintf(__('Done! %1$s users imported.'), $count).'

      '; return true; }// End if(is_array($users) - + echo __('No Users to Import!'); return false; - + }// End function user2wp() - + function posts2wp($posts='') { // General Housekeeping @@ -283,10 +286,10 @@ class Textpattern_Import { { $count++; extract($post); - + // Set Textpattern-to-WordPress status translation $stattrans = array(1 => 'draft', 2 => 'private', 3 => 'draft', 4 => 'publish', 5 => 'publish'); - + //Can we do this more efficiently? $uinfo = ( get_userdatabylogin( $AuthorID ) ) ? get_userdatabylogin( $AuthorID ) : 1; $authorid = ( is_object( $uinfo ) ) ? $uinfo->ID : $uinfo ; @@ -295,59 +298,59 @@ class Textpattern_Import { $Body = $wpdb->escape($Body); $Excerpt = $wpdb->escape($Excerpt); $post_status = $stattrans[$Status]; - + // Import Post data into WordPress - + if($pinfo = post_exists($Title,$Body)) { $ret_id = wp_insert_post(array( - 'ID' => $pinfo, - 'post_date' => $Posted, - 'post_date_gmt' => $post_date_gmt, - 'post_author' => $authorid, - 'post_modified' => $LastMod, - 'post_modified_gmt' => $post_modified_gmt, - 'post_title' => $Title, - 'post_content' => $Body, - 'post_excerpt' => $Excerpt, - 'post_status' => $post_status, - 'post_name' => $url_title, - 'comment_count' => $comments_count) - ); + 'ID' => $pinfo, + 'post_date' => $Posted, + 'post_date_gmt' => $post_date_gmt, + 'post_author' => $authorid, + 'post_modified' => $LastMod, + 'post_modified_gmt' => $post_modified_gmt, + 'post_title' => $Title, + 'post_content' => $Body, + 'post_excerpt' => $Excerpt, + 'post_status' => $post_status, + 'post_name' => $url_title, + 'comment_count' => $comments_count) + ); } - else + else { $ret_id = wp_insert_post(array( - 'post_date' => $Posted, - 'post_date_gmt' => $post_date_gmt, - 'post_author' => $authorid, - 'post_modified' => $LastMod, - 'post_modified_gmt' => $post_modified_gmt, - 'post_title' => $Title, - 'post_content' => $Body, - 'post_excerpt' => $Excerpt, - 'post_status' => $post_status, - 'post_name' => $url_title, - 'comment_count' => $comments_count) - ); + 'post_date' => $Posted, + 'post_date_gmt' => $post_date_gmt, + 'post_author' => $authorid, + 'post_modified' => $LastMod, + 'post_modified_gmt' => $post_modified_gmt, + 'post_title' => $Title, + 'post_content' => $Body, + 'post_excerpt' => $Excerpt, + 'post_status' => $post_status, + 'post_name' => $url_title, + 'comment_count' => $comments_count) + ); } $txpposts2wpposts[$ID] = $ret_id; - + // Make Post-to-Category associations $cats = array(); if($cat1 = get_catbynicename($Category1)) { $cats[1] = $cat1; } if($cat2 = get_catbynicename($Category2)) { $cats[2] = $cat2; } - if(!empty($cats)) { wp_set_post_cats('', $ret_id, $cats); } + if(!empty($cats)) { wp_set_post_categories($ret_id, $cats); } } } // Store ID translation for later use add_option('txpposts2wpposts',$txpposts2wpposts); - + echo '

      '.sprintf(__('Done! %1$s posts imported.'), $count).'

      '; - return true; + return true; } - + function comments2wp($comments='') { // General Housekeeping @@ -355,7 +358,7 @@ class Textpattern_Import { $count = 0; $txpcm2wpcm = array(); $postarr = get_option('txpposts2wpposts'); - + // Magic Mojo if(is_array($comments)) { @@ -364,7 +367,7 @@ class Textpattern_Import { { $count++; extract($comment); - + // WordPressify Data $comment_ID = ltrim($discussid, '0'); $comment_post_ID = $postarr[$parentid]; @@ -373,57 +376,57 @@ class Textpattern_Import { $email = $wpdb->escape($email); $web = $wpdb->escape($web); $message = $wpdb->escape($message); - + if($cinfo = comment_exists($name, $posted)) { // Update comments $ret_id = wp_update_comment(array( - 'comment_ID' => $cinfo, - 'comment_post_ID' => $comment_post_ID, - 'comment_author' => $name, - 'comment_author_email' => $email, - 'comment_author_url' => $web, - 'comment_date' => $posted, - 'comment_content' => $message, - 'comment_approved' => $comment_approved) - ); + 'comment_ID' => $cinfo, + 'comment_post_ID' => $comment_post_ID, + 'comment_author' => $name, + 'comment_author_email' => $email, + 'comment_author_url' => $web, + 'comment_date' => $posted, + 'comment_content' => $message, + 'comment_approved' => $comment_approved) + ); } - else + else { // Insert comments $ret_id = wp_insert_comment(array( - 'comment_post_ID' => $comment_post_ID, - 'comment_author' => $name, - 'comment_author_email' => $email, - 'comment_author_url' => $web, - 'comment_author_IP' => $ip, - 'comment_date' => $posted, - 'comment_content' => $message, - 'comment_approved' => $comment_approved) - ); + 'comment_post_ID' => $comment_post_ID, + 'comment_author' => $name, + 'comment_author_email' => $email, + 'comment_author_url' => $web, + 'comment_author_IP' => $ip, + 'comment_date' => $posted, + 'comment_content' => $message, + 'comment_approved' => $comment_approved) + ); } $txpcm2wpcm[$comment_ID] = $ret_id; } // Store Comment ID translation for future use - add_option('txpcm2wpcm', $txpcm2wpcm); - + add_option('txpcm2wpcm', $txpcm2wpcm); + // Associate newly formed categories with posts get_comment_count($ret_id); - - + + echo '

      '.sprintf(__('Done! %1$s comments imported.'), $count).'

      '; return true; } echo __('No Comments to Import!'); return false; } - + function links2wp($links='') { // General Housekeeping global $wpdb; $count = 0; - + // Deal with the links if(is_array($links)) { @@ -432,12 +435,12 @@ class Textpattern_Import { { $count++; extract($link); - + // Make nice vars $category = $wpdb->escape($category); $linkname = $wpdb->escape($linkname); $description = $wpdb->escape($description); - + if($linfo = link_exists($linkname)) { $ret_id = wp_insert_link(array( @@ -449,7 +452,7 @@ class Textpattern_Import { 'link_updated' => $date) ); } - else + else { $ret_id = wp_insert_link(array( 'link_url' => $url, @@ -470,67 +473,72 @@ class Textpattern_Import { echo __('No Links to Import!'); return false; } - - function import_categories() - { - // Category Import + + function import_categories() + { + // Category Import $cats = $this->get_txp_cats(); $this->cat2wp($cats); add_option('txp_cats', $cats); - - - + + + echo '
      '; - printf('', __('Import Users')); + wp_nonce_field('import-textpattern'); + printf('', attribute_escape(__('Import Users'))); echo '
      '; } - + function import_users() { // User Import - $users = $this->get_txp_users(); + $users = $this->get_txp_users(); $this->users2wp($users); - + echo '
      '; - printf('', __('Import Posts')); + wp_nonce_field('import-textpattern'); + printf('', attribute_escape(__('Import Posts'))); echo '
      '; } - + function import_posts() { // Post Import $posts = $this->get_txp_posts(); $this->posts2wp($posts); - + echo '
      '; - printf('', __('Import Comments')); + wp_nonce_field('import-textpattern'); + printf('', attribute_escape(__('Import Comments'))); echo '
      '; } - + function import_comments() { // Comment Import $comments = $this->get_txp_comments(); $this->comments2wp($comments); - + echo '
      '; - printf('', __('Import Links')); + wp_nonce_field('import-textpattern'); + printf('', attribute_escape(__('Import Links'))); echo '
      '; } - + function import_links() { //Link Import $links = $this->get_txp_links(); $this->links2wp($links); add_option('txp_links', $links); - + echo '
      '; - printf('', __('Finish')); + wp_nonce_field('import-textpattern'); + printf('', attribute_escape(__('Finish'))); echo '
      '; } - + function cleanup_txpimport() { delete_option('tpre'); @@ -546,7 +554,7 @@ class Textpattern_Import { delete_option('txphost'); $this->tips(); } - + function tips() { echo '

      '.__('Welcome to WordPress. We hope (and expect!) that you will find this platform incredibly rewarding! As a new WordPress user coming from Textpattern, there are some things that we would like to point out. Hopefully, they will help your transition go as smoothly as possible.').'

      '; @@ -555,29 +563,29 @@ class Textpattern_Import { echo '

      '.__('Preserving Authors').'

      '; echo '

      '.__('Secondly, we have attempted to preserve post authors. If you are the only author or contributor to your blog, then you are safe. In most cases, we are successful in this preservation endeavor. However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'

      '; echo '

      '.__('Textile').'

      '; - echo '

      '.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts. If this is the case, we recommend downloading and installing Textile for WordPress. Trust me... You\'ll want it.').'

      '; + echo '

      '.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts. If this is the case, we recommend downloading and installing Textile for WordPress. Trust me... You\'ll want it.').'

      '; echo '

      '.__('WordPress Resources').'

      '; echo '

      '.__('Finally, there are numerous WordPress resources around the internet. Some of them are:').'

      '; echo ''; echo '

      '.sprintf(__('That\'s it! What are you waiting for? Go login!'), '/wp-login.php').'

      '; } - + function db_form() { - echo '
        '; - printf('
        • ', __('Textpattern Database User:')); - printf('
        • ', __('Textpattern Database Password:')); - printf('
        • ', __('Textpattern Database Name:')); - printf('
        • ', __('Textpattern Database Host:')); - printf('
        • ', __('Textpattern Table prefix (if any):')); - echo '
      '; + echo ''; + printf('', __('Textpattern Database User:')); + printf('', __('Textpattern Database Password:')); + printf('', __('Textpattern Database Name:')); + printf('', __('Textpattern Database Host:')); + printf('', __('Textpattern Table prefix (if any):')); + echo '
      '; } - - function dispatch() + + function dispatch() { if (empty ($_GET['step'])) @@ -585,45 +593,47 @@ class Textpattern_Import { else $step = (int) $_GET['step']; $this->header(); - - if ( $step > 0 ) + + if ( $step > 0 ) { + check_admin_referer('import-textpattern'); + if($_POST['dbuser']) { if(get_option('txpuser')) - delete_option('txpuser'); - add_option('txpuser',$_POST['dbuser']); + delete_option('txpuser'); + add_option('txpuser', sanitize_user($_POST['dbuser'], true)); } if($_POST['dbpass']) { if(get_option('txppass')) - delete_option('txppass'); - add_option('txppass',$_POST['dbpass']); + delete_option('txppass'); + add_option('txppass', sanitize_user($_POST['dbpass'], true)); } - + if($_POST['dbname']) { if(get_option('txpname')) - delete_option('txpname'); - add_option('txpname',$_POST['dbname']); + delete_option('txpname'); + add_option('txpname', sanitize_user($_POST['dbname'], true)); } if($_POST['dbhost']) { if(get_option('txphost')) delete_option('txphost'); - add_option('txphost',$_POST['dbhost']); + add_option('txphost', sanitize_user($_POST['dbhost'], true)); } if($_POST['dbprefix']) { if(get_option('tpre')) delete_option('tpre'); - add_option('tpre',$_POST['dbprefix']); - } + add_option('tpre', sanitize_user($_POST['dbprefix'])); + } } - switch ($step) + switch ($step) { default: case 0 : @@ -648,16 +658,16 @@ class Textpattern_Import { $this->cleanup_txpimport(); break; } - + $this->footer(); } - function Textpattern_Import() + function Textpattern_Import() { - // Nothing. + // Nothing. } } $txp_import = new Textpattern_Import(); -register_importer('textpattern', 'Textpattern', __('Import posts from a Textpattern Blog'), array ($txp_import, 'dispatch')); +register_importer('textpattern', __('Textpattern'), __('Import categories, users, posts, comments, and links from a Textpattern blog'), array ($txp_import, 'dispatch')); ?> diff --git a/wp-admin/index.php b/wp-admin/index.php index a951efd8..734b349e 100644 --- a/wp-admin/index.php +++ b/wp-admin/index.php @@ -25,7 +25,7 @@ if ( isset($rss->items) && 0 != count($rss->items) ) { $rss->items = array_slice($rss->items, 0, 10); foreach ($rss->items as $item ) { ?> -
      2. +
      3. diff --git a/wp-admin/inline-uploading.php b/wp-admin/inline-uploading.php index d0bd8250..212f1159 100644 --- a/wp-admin/inline-uploading.php +++ b/wp-admin/inline-uploading.php @@ -24,6 +24,8 @@ for ($i=0; $i'; ab[{$ID}] = ''; imga[{$ID}] = '\"{$title}\"'; @@ -258,7 +260,7 @@ imgb[{$ID}] = '\"{$title}\" "; } else { - $title = wp_specialchars($attachment['post_title'], ENT_QUOTES); + $title = attribute_escape($attachment['post_title']); $filename = basename($attachment['guid']); $icon = get_attachment_icon($ID); $toggle_icon = "$__using_title"; @@ -429,7 +431,7 @@ richedit = ( typeof tinyMCE == 'object' && tinyMCE.configs.length > 0 ); function sendToEditor(n) { o = document.getElementById('div'+n); h = o.innerHTML.replace(new RegExp('^\\s*(.*?)\\s*$', ''), '$1'); // Trim - h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)( |/|>)', 'g'), ' $1="$2"$3'); // Enclose attribs in quotes + h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)(?=( |/|>))', 'g'), ' $1="$2"'); // Enclose attribs in quotes h = h.replace(new RegExp(' (width|height)=".*?"', 'g'), ''); // Drop size constraints h = h.replace(new RegExp(' on(click|mousedown)="[^"]*"', 'g'), ''); // Drop menu events h = h.replace(new RegExp('<(/?)A', 'g'), '<$1a'); // Lowercase tagnames diff --git a/wp-admin/install.php b/wp-admin/install.php index ffa33ce7..eb635aa2 100644 --- a/wp-admin/install.php +++ b/wp-admin/install.php @@ -166,10 +166,9 @@ $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, p $wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" ); // Default comment -$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.
      To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')"); +$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.
      To delete a comment, just log in and view the post's comments. There you will have the option to edit or delete them.'))."')"); // First Page - $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status, to_ping, pinged, post_content_filtered) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt', 'static', '', '', '')"); $wp_rewrite->flush_rules(); @@ -182,7 +181,7 @@ $wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES $admin_caps = serialize(array('administrator' => true)); $wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES ({$wpdb->insert_id}, '{$table_prefix}capabilities', '{$admin_caps}');"); -$message_headers = 'From: ' . $weblog_title . ' '; +$message_headers = 'From: "' . $weblog_title . '" '; $message = sprintf(__("Your new WordPress blog has been successfully set up at: %1\$s diff --git a/wp-admin/link-categories.php b/wp-admin/link-categories.php index 0ebf4b25..d3adf763 100644 --- a/wp-admin/link-categories.php +++ b/wp-admin/link-categories.php @@ -124,7 +124,7 @@ switch ($action) { - + @@ -309,7 +309,7 @@ $results = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle, show_images . " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, " . " text_after_all, list_limit FROM $wpdb->linkcategories ORDER BY cat_id"); $i = 1; -foreach ($results as $row) { +foreach ( (array) $results as $row) { if ($row->list_limit == -1) { $row->list_limit = __('none'); } @@ -356,8 +356,14 @@ foreach ($results as $row) { - - + + -

      +

      @@ -74,10 +74,9 @@ foreach ($categories as $category) {

      query("update $wpdb->links SET link_owner='$newowner' WHERE link_id IN ($all_links)"); wp_redirect($this_file); + exit; break; } case 'visibility': @@ -100,6 +101,7 @@ switch ($action) { } wp_redirect($this_file); + exit; break; } case 'move': @@ -120,6 +122,7 @@ switch ($action) { $q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)"); wp_redirect($this_file); + exit(); break; } @@ -130,6 +133,7 @@ switch ($action) { add_link(); wp_redirect(wp_get_referer() . '?added=true'); + exit; break; } // end Add @@ -151,6 +155,7 @@ switch ($action) { setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600); wp_redirect($this_file); + exit; break; } // end Save @@ -174,6 +179,7 @@ switch ($action) { $links_show_cat_id = $cat_id; setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600); wp_redirect($this_file); + exit; break; } // end Delete @@ -321,7 +327,7 @@ function checkAll(form) - +
      text_after_all)?> list_limit ?> cat_id?>&action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), js_escape($row->cat_name)); ?>' );" class="delete">
      + cat_id ) { + _e('Default'); + } else { ?> + cat_id?>&action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), js_escape($row->cat_name)); ?>' );" class="delete"> + +
      @@ -351,10 +357,10 @@ function checkAll(form) $links = $wpdb->get_results($sql); if ($links) { foreach ($links as $link) { - $link->link_name = wp_specialchars($link->link_name); + $link->link_name = attribute_escape($link->link_name); $link->link_category = wp_specialchars($link->link_category); $link->link_description = wp_specialchars($link->link_description); - $link->link_url = wp_specialchars($link->link_url); + $link->link_url = attribute_escape($link->link_url); $short_url = str_replace('http://', '', $link->link_url); $short_url = str_replace('www.', '', $short_url); if ('/' == substr($short_url, -1)) diff --git a/wp-admin/menu.php b/wp-admin/menu.php index ed58186c..c95d60d1 100644 --- a/wp-admin/menu.php +++ b/wp-admin/menu.php @@ -55,7 +55,7 @@ foreach ($menu as $menu_page) { } do_action('admin_menu', ''); -ksort($menu); // make it all pretty +uksort($menu, "strnatcasecmp"); // make it all pretty if (! user_can_access_admin_page()) { die( __('You do not have sufficient permissions to access this page.') ); diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php index 66fd75c6..065f8bdf 100644 --- a/wp-admin/moderation.php +++ b/wp-admin/moderation.php @@ -152,10 +152,10 @@ echo ' | comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "' );\">" . __('Delete just this comment') . " | "; ?> - - - - + + + +

      diff --git a/wp-admin/options-discussion.php b/wp-admin/options-discussion.php index 247c01f0..fc0aa741 100644 --- a/wp-admin/options-discussion.php +++ b/wp-admin/options-discussion.php @@ -71,7 +71,7 @@ if ($action == 'retrospam') {
      -

      ' ) ?>

      +

      ' ) ?>

      Common spam words.') ?>

      diff --git a/wp-admin/options-general.php b/wp-admin/options-general.php index 664dc3a1..00d6cf89 100644 --- a/wp-admin/options-general.php +++ b/wp-admin/options-general.php @@ -83,7 +83,7 @@ foreach($wp_roles->role_names as $role => $name) {

      - + diff --git a/wp-admin/options-misc.php b/wp-admin/options-misc.php index b4ff4efb..2b6e33a5 100644 --- a/wp-admin/options-misc.php +++ b/wp-admin/options-misc.php @@ -17,7 +17,7 @@ include('admin-header.php');
       Documentation on date formatting. Save option to update sample output.') ?> Documentation on date formatting. Click "Update options" to update sample output.') ?>
      - diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php index cf16d89b..68c44aaa 100644 --- a/wp-admin/options-permalink.php +++ b/wp-admin/options-permalink.php @@ -148,7 +148,7 @@ checked="checked"

      -

      :

      +

      :

      @@ -157,7 +157,7 @@ checked="checked"

      /index.php/taxonomy/tags would make your category links like http://example.org/index.php/taxonomy/tags/uncategorized/. If you leave this blank the default will be used.') ?>

      - : + :

      @@ -168,7 +168,7 @@ checked="checked"

      -

      diff --git a/wp-admin/options.php b/wp-admin/options.php index 3c5b8dbf..bd8b2b0d 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -24,6 +24,67 @@ for ($i=0; $i $value) { - $options[] = $key; + if ( !$_POST['page_options'] ) { + foreach ( (array) $_POST as $key => $value) { + if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) ) + $options[] = $key; } } else { $options = explode(',', stripslashes($_POST['page_options'])); @@ -43,19 +105,11 @@ case 'update': $old_siteurl = get_settings('siteurl'); $old_home = get_settings('home'); - // HACK - // Options that if not there have 0 value but need to be something like "closed" - $nonbools = array('default_ping_status', 'default_comment_status'); if ($options) { foreach ($options as $option) { $option = trim($option); $value = trim(stripslashes($_POST[$option])); - if( in_array($option, $nonbools) && ( $value == '0' || $value == '') ) - $value = 'closed'; - - if( $option == 'blogdescription' || $option == 'blogname' ) - if (current_user_can('unfiltered_html') == false) - $value = wp_filter_post_kses( $value ); + $value = sanitize_option($option, $value); if (update_option($option, $value) ) { $any_changed++; @@ -87,26 +141,49 @@ default: include('admin-header.php'); ?>
      -

      -
      +

      +
      : +
      wp-content/uploads'); ?>
      get_results("SELECT * FROM $wpdb->options ORDER BY option_name"); -foreach ($options as $option) : - $value = wp_specialchars($option->option_value); +foreach ( (array) $options as $option) : + $disabled = ''; + $option->option_name = attribute_escape($option->option_name); + if ( is_serialized($option->option_value) ) { + if ( is_serialized_string($option->option_value) ) { + // this is a serialized string, so we should display it + $value = maybe_unserialize($option->option_value); + $options_to_update[] = $option->option_name; + $class = 'all-options'; + } else { + $value = 'SERIALIZED DATA'; + $disabled = ' disabled="disabled"'; + $class = 'all-options disabled'; + } + } else { + $value = $option->option_value; + $options_to_update[] = $option->option_name; + $class = 'all-options'; + } echo " - +"; endforeach; ?>
      "; + + if (strpos($value, "\n") !== false) echo ""; + else echo ""; + + echo " $option->option_description
      -

      + +

      diff --git a/wp-admin/page-new.php b/wp-admin/page-new.php index 4157e8c6..70d76e1d 100644 --- a/wp-admin/page-new.php +++ b/wp-admin/page-new.php @@ -7,7 +7,7 @@ require_once('admin-header.php'); ?> - +

      | »

      - \ No newline at end of file + diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php index 9424b398..21db39d0 100644 --- a/wp-admin/plugins.php +++ b/wp-admin/plugins.php @@ -88,12 +88,6 @@ if (empty($plugins)) { $plugin_data) { $style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate'; diff --git a/wp-admin/post.php b/wp-admin/post.php index a427d321..44a3ea2d 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -48,11 +48,11 @@ case 'post': break; } } else { - $location = 'post.php?posted=true'; + $location = "post.php?posted=$post_ID"; } if ( 'static' == $_POST['post_status'] ) - $location = "page-new.php?saved=true"; + $location = "page-new.php?saved=$post_ID"; if ( isset($_POST['save']) ) $location = "post.php?action=edit&post=$post_ID"; @@ -81,7 +81,7 @@ case 'edit': ?>

      - +
      post_status ) + check_admin_referer('delete-page_' . $post_id); + else + check_admin_referer('delete-post_' . $post_id); + if ( !current_user_can('edit_post', $post_id) ) die( __('You are not allowed to delete this post.') ); @@ -154,9 +157,12 @@ case 'delete': } $sendback = wp_get_referer(); - if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php'; - elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php'; - $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback); + if ( 'static' == $post->post_status ) + $sendback = get_option('siteurl') . '/wp-admin/edit-pages.php'; + elseif ( strstr($sendback, 'post.php') ) + $sendback = get_option('siteurl') .'/wp-admin/post.php'; + elseif ( strstr($sendback, 'attachments.php') ) + $sendback = get_option('siteurl') .'/wp-admin/attachments.php'; wp_redirect($sendback); break; @@ -188,7 +194,7 @@ case 'confirmdeletecomment': $comment = (int) $_GET['comment']; $p = (int) $_GET['p']; - if ( ! $comment = get_comment($comment) ) + if ( ! $comment = get_comment_to_edit($comment) ) die(sprintf(__('Oops, no comment with this ID. Go back!'), 'edit.php')); if ( !current_user_can('edit_post', $comment->comment_post_ID) ) @@ -335,13 +341,10 @@ case 'editedcomment': edit_comment(); - $referredby = $_POST['referredby']; - if (!empty($referredby)) { - wp_redirect($referredby); - } else { - wp_redirect("edit.php?p=$comment_post_ID&c=1#comments"); - } - + $location = ( empty($_POST['referredby']) ? "edit.php?p=$comment_post_ID&c=1" : $_POST['referredby'] ) . '#comment-' . $comment_ID; + $location = apply_filters('comment_edit_redirect', $location, $comment_ID); + wp_redirect($location); + exit(); break; default: @@ -349,7 +352,7 @@ default: require_once ('./admin-header.php'); ?> -

      View site »'), get_bloginfo('home') . '/'); ?>

      + -
      +
      '.__('WordPress bookmarklet').'

      '.__('Right click on the following link and choose "Add to favorites" to create a posting shortcut.').'

      '; ?>

      diff --git a/wp-admin/profile.php b/wp-admin/profile.php index 04f2fc49..9f42bb2b 100644 --- a/wp-admin/profile.php +++ b/wp-admin/profile.php @@ -5,7 +5,7 @@ $title = __('Profile'); $parent_file = 'profile.php'; include_once('admin-header.php'); -$profileuser = new WP_User($user_ID); +$profileuser = get_user_to_edit($user_ID); $bookmarklet_height= 440; ?> diff --git a/wp-admin/templates.php b/wp-admin/templates.php index 4631ac42..5f678046 100644 --- a/wp-admin/templates.php +++ b/wp-admin/templates.php @@ -71,14 +71,17 @@ default: update_recently_edited($file); - if (!is_file($real_file)) + if ( !is_file($real_file) ) { $error = true; - - if (!$error) { + } else { $f = @ fopen($real_file, 'r'); if ( $f ) { - $content = fread($f, filesize($real_file)); - $content = htmlspecialchars($content); + if ( filesize($real_file ) > 0 ) { + $content = fread($f, filesize($real_file)); + $content = htmlspecialchars($content); + } else { + $content = ''; + } } else { $error = true; } @@ -108,7 +111,7 @@ if ( $recents ) : '; foreach ($recents as $recent) : - echo "

    3. " . get_file_description(basename($recent)) . "
      4. "; + echo "
    4. " . wp_specialchars(get_file_description(basename($recent))) . "
      5. "; endforeach; echo '
    '; endif; diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php index b2788cf3..9aa846bf 100644 --- a/wp-admin/theme-editor.php +++ b/wp-admin/theme-editor.php @@ -58,11 +58,15 @@ case 'update': $f = fopen($real_file, 'w+'); fwrite($f, $newcontent); fclose($f); - wp_redirect("theme-editor.php?file=$file&theme=$theme&a=te"); + $location = "theme-editor.php?file=$file&theme=$theme&a=te"; } else { - wp_redirect("theme-editor.php?file=$file&theme=$theme"); + $location = "theme-editor.php?file=$file&theme=$theme"; } + $location = wp_kses_no_null($location); + $strip = array('%0d', '%0a'); + $location = str_replace($strip, '', $location); + header("Location: $location"); exit(); break; @@ -97,7 +101,7 @@ default: $theme_name = $a_theme['Name']; if ($theme_name == $theme) $selected = " selected='selected'"; else $selected = ''; - $theme_name = wp_specialchars($theme_name, true); + $theme_name = attribute_escape($theme_name); echo "\n\t"; } ?> diff --git a/wp-admin/upgrade-schema.php b/wp-admin/upgrade-schema.php index 1bcdb45a..9567960e 100644 --- a/wp-admin/upgrade-schema.php +++ b/wp-admin/upgrade-schema.php @@ -123,7 +123,8 @@ CREATE TABLE $wpdb->posts ( post_mime_type varchar(100) NOT NULL default '', comment_count bigint(20) NOT NULL default '0', PRIMARY KEY (ID), - KEY post_name (post_name) + KEY post_name (post_name), + KEY post_status (post_status) ); CREATE TABLE $wpdb->users ( ID bigint(20) unsigned NOT NULL auto_increment, diff --git a/wp-admin/upgrade.php b/wp-admin/upgrade.php index 3c30d940..aa459514 100644 --- a/wp-admin/upgrade.php +++ b/wp-admin/upgrade.php @@ -67,7 +67,7 @@ text-align: center; border-top: 1px solid #ccc; padding-top: 1em; font-style: it switch($step) { case 0: - $goback = wp_specialchars(wp_get_referer()); + $goback = clean_url(stripslashes(wp_get_referer())); ?>

    @@ -86,7 +86,7 @@ switch($step) { if ( empty( $_GET['backto'] ) ) $backto = __get_option('home'); else - $backto = wp_specialchars( $_GET['backto'] , 1 ); + $backto = clean_url(stripslashes($_GET['backto'])); ?>

    Have fun!"), $backto); ?>

    diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index ac6d4d6e..1d597587 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -21,6 +21,11 @@ for ($i=0; $i @@ -105,7 +112,7 @@ echo '';

    -