From a5227bf01edbe6660486c9f5c0f0ed7b7fea3130 Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Sun, 22 May 2011 10:57:39 +0100 Subject: [PATCH] Wordpress 3.0.6 Signed-off-by: Edward Z. Yang --- readme.html | 2 +- wp-admin/includes/media.php | 4 ++++ wp-admin/includes/update-core.php | 2 +- wp-admin/media-upload.php | 1 + wp-admin/press-this.php | 7 ++++++- wp-admin/upgrade.php | 2 +- wp-includes/default-filters.php | 4 +++- wp-includes/link-template.php | 2 +- wp-includes/version.php | 2 +- 9 files changed, 19 insertions(+), 7 deletions(-) diff --git a/readme.html b/readme.html index 09747ce2..7dc2540c 100644 --- a/readme.html +++ b/readme.html @@ -8,7 +8,7 @@

WordPress -
Version 3.0.5 +
Version 3.0.6

Semantic Personal Publishing Platform

diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index e5c89e07..2bebcc86 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -493,6 +493,7 @@ function media_upload_image() { $id = 0; if ( isset($_POST['html-upload']) && !empty($_FILES) ) { + check_admin_referer('media-form'); // Upload File button was clicked $id = media_handle_upload('async-upload', $_REQUEST['post_id']); unset($_FILES); @@ -598,6 +599,7 @@ function media_upload_audio() { $id = 0; if ( isset($_POST['html-upload']) && !empty($_FILES) ) { + check_admin_referer('media-form'); // Upload File button was clicked $id = media_handle_upload('async-upload', $_REQUEST['post_id']); unset($_FILES); @@ -656,6 +658,7 @@ function media_upload_video() { $id = 0; if ( isset($_POST['html-upload']) && !empty($_FILES) ) { + check_admin_referer('media-form'); // Upload File button was clicked $id = media_handle_upload('async-upload', $_REQUEST['post_id']); unset($_FILES); @@ -714,6 +717,7 @@ function media_upload_file() { $id = 0; if ( isset($_POST['html-upload']) && !empty($_FILES) ) { + check_admin_referer('media-form'); // Upload File button was clicked $id = media_handle_upload('async-upload', $_REQUEST['post_id']); unset($_FILES); diff --git a/wp-admin/includes/update-core.php b/wp-admin/includes/update-core.php index ca2a1ee0..7431d7fd 100644 --- a/wp-admin/includes/update-core.php +++ b/wp-admin/includes/update-core.php @@ -274,7 +274,7 @@ function update_core($from, $to) { $mysql_version = $wpdb->db_version(); $required_php_version = '4.3'; $required_mysql_version = '4.1.2'; - $wp_version = '3.0.5'; + $wp_version = '3.0.6'; $php_compat = version_compare( $php_version, $required_php_version, '>=' ); $mysql_compat = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' ); diff --git a/wp-admin/media-upload.php b/wp-admin/media-upload.php index bd21e4bc..fc3bf325 100644 --- a/wp-admin/media-upload.php +++ b/wp-admin/media-upload.php @@ -35,6 +35,7 @@ if ( isset($_GET['inline']) ) { $errors = array(); if ( isset($_POST['html-upload']) && !empty($_FILES) ) { + check_admin_referer('media-form'); // Upload File button was clicked $id = media_handle_upload('async-upload', $_REQUEST['post_id']); unset($_FILES); diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index 903992cb..04f8d0f5 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -52,7 +52,12 @@ function press_it() { } } // set the post_content and status - $quick['post_status'] = isset($_POST['publish']) ? 'publish' : 'draft'; + if ( isset( $_POST['publish'] ) && current_user_can( 'publish_posts' ) ) + $quick['post_status'] = 'publish'; + elseif ( isset( $_POST['review'] ) ) + $quick['post_status'] = 'pending'; + else + $quick['post_status'] = 'draft'; $quick['post_content'] = $content; // error handling for media_sideload if ( is_wp_error($upload) ) { diff --git a/wp-admin/upgrade.php b/wp-admin/upgrade.php index d0264799..01af6aa1 100644 --- a/wp-admin/upgrade.php +++ b/wp-admin/upgrade.php @@ -86,7 +86,7 @@ switch ( $step ) : wp_upgrade(); $backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/'; - $backto = esc_url_raw( $backto ); + $backto = esc_url( $backto ); $backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/'); ?>

diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php index 3fb31bcf..8898864e 100644 --- a/wp-includes/default-filters.php +++ b/wp-includes/default-filters.php @@ -32,9 +32,11 @@ foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes } // Kses only for textarea admin displays -foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) { +foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) { add_filter( $filter, 'wp_kses_data' ); } +if ( is_admin() ) + add_filter( 'comment_text', 'wp_kses_post' ); // Email saves foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) { diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php index a800da86..3511e909 100644 --- a/wp-includes/link-template.php +++ b/wp-includes/link-template.php @@ -2215,7 +2215,7 @@ function wp_shortlink_wp_head() { if ( empty( $shortlink ) ) return; - echo "\n"; + echo "\n"; } /** diff --git a/wp-includes/version.php b/wp-includes/version.php index 5977122f..7d25e8df 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -22,7 +22,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * * @global string $wp_version */ -$wp_version = '3.0.5'; +$wp_version = '3.0.6'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. -- 2.44.0