<body>
<h1 id="logo" style="text-align: center">
<img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
- <br /> Version 2.8.4
+ <br /> Version 2.8.5
</h1>
<p style="text-align: center">Semantic Personal Publishing Platform</p>
<h1>Upgrading</h1>
<p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
-<h2>Upgrading from any previous WordPress to 2.8.4:</h2>
+<h2>Upgrading from any previous WordPress to 2.8.5:</h2>
<ol>
<li>Delete your old WP files, saving ones you've modified.</li>
<li>Upload the new files.</li>
<?php
} // end if ( have_posts() )
?>
-
+++ /dev/null
-<?php
-/**
- * BunnyTags Plugin Tag Importer
- *
- * @package WordPress
- * @subpackage Importer
- */
-
-/**
- * BunnyTags Plugin tag converter
- *
- * This will process the BunnyTags plugin tags and convert them to the WordPress
- * 2.3 taxonomy.
- *
- * @since unknown
- */
-class BunnyTags_Import {
-
- function header() {
- echo '<div class="wrap">';
- screen_icon();
- echo '<h2>'.__('Import Bunny’s Technorati Tags').'</h2>';
- echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'<br /><br /></p>';
- }
-
- function footer() {
- echo '</div>';
- }
-
- function greet() {
- echo '<div class="narrow">';
- echo '<p>'.__('Howdy! This imports tags from Bunny’s Technorati Tags into WordPress tags.').'</p>';
- echo '<p>'.__('This is suitable for Bunny’s Technorati Tags version 0.6.').'</p>';
- echo '<p><strong>'.__('All existing Bunny’s Technorati Tags will be removed after import.').'</strong></p>';
- echo '<p><strong>'.__('Don’t be stupid - backup your database before proceeding!').'</strong></p>';
- echo '<form action="admin.php?import=btt&step=1" method="post">';
- wp_nonce_field('import-btt');
- echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Tags').'" /></p>';
- echo '</form>';
- echo '</div>';
- }
-
- function dispatch() {
- if ( empty($_GET['step']) )
- $step = 0;
- else
- $step = absint($_GET['step']);
-
- // load the header
- $this->header();
-
- switch ( $step ) {
- case 0 :
- $this->greet();
- break;
- case 1 :
- check_admin_referer('import-btt');
- $this->check_post_keyword( true );
- break;
- case 2 :
- check_admin_referer('import-btt');
- $this->check_post_keyword( false );
- break;
- case 3:
- $this->done();
- break;
- }
-
- // load the footer
- $this->footer();
- }
-
- function check_post_keyword($precheck = true) {
- global $wpdb;
-
- echo '<div class="narrow">';
- echo '<p><h3>'.__('Reading Bunny’s Technorati Tags…').'</h3></p>';
-
- // import Bunny's Keywords tags
- $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'tags'");
- if ( !is_array($metakeys)) {
- echo '<p>' . __('No Tags Found!') . '</p>';
- return false;
- } else {
- $count = count($metakeys);
- echo '<p>' . sprintf( _n('Done! <strong>%s</strong> post with tags were read.', 'Done! <strong>%s</strong> posts with tags were read.', $count), $count ) . '<br /></p>';
- echo '<ul>';
- foreach ( $metakeys as $post_meta ) {
- if ( $post_meta->meta_value != '' ) {
- $post_keys = explode(' ', $post_meta->meta_value);
- foreach ( $post_keys as $keyword ) {
- $keyword = addslashes(trim(str_replace('+',' ',$keyword)));
- if ( '' != $keyword ) {
- echo '<li>' . $post_meta->post_id . ' - ' . $keyword . '</li>';
- if ( !$precheck )
- wp_add_post_tags($post_meta->post_id, $keyword);
- }
- }
- }
- if ( !$precheck )
- delete_post_meta($post_meta->post_id, 'tags');
- }
- echo '</ul>';
- }
-
- echo '<form action="admin.php?import=btt&step='.($precheck? 2:3).'" method="post">';
- wp_nonce_field('import-btt');
- echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
- echo '</form>';
- echo '</div>';
- }
-
- function done() {
- echo '<div class="narrow">';
- echo '<p><h3>'.__('Import Complete!').'</h3></p>';
- echo '</div>';
- }
-
- function BunnyTags_Import() {
- }
-
-}
-
-// create the import object
-$btt_import = new BunnyTags_Import();
-
-// add it to the import page!
-register_importer('btt', 'Bunny’s Technorati Tags', __('Import Bunny’s Technorati Tags into WordPress tags.'), array($btt_import, 'dispatch'));
-
-?>
+++ /dev/null
-<?php
-/**
- * Jeromes Keyword Plugin Importer
- *
- * @package WordPress
- * @subpackage Importer
- */
-
-/**
- * Jeromes Keyword Plugin Importer class
- *
- * Will convert Jeromes Keyword Plugin tags to WordPress taxonomy tags.
- *
- * @since 2.3
- */
-class JeromesKeyword_Import {
-
- function header() {
- echo '<div class="wrap">';
- screen_icon();
- echo '<h2>'.__('Import Jerome’s Keywords').'</h2>';
- echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'<br /><br /></p>';
- }
-
- function footer() {
- echo '</div>';
- }
-
- function greet() {
- echo '<div class="narrow">';
- echo '<p>'.__('Howdy! This imports tags from Jerome’s Keywords into WordPress tags.').'</p>';
- echo '<p>'.__('This is suitable for Jerome’s Keywords version 1.x and 2.0a.').'</p>';
- echo '<p><strong>'.__('All existing Jerome’s Keywords will be removed after import.').'</strong></p>';
- echo '<p><strong>'.__('Don’t be stupid - backup your database before proceeding!').'</strong></p>';
- echo '<form action="admin.php?import=jkw&step=1" method="post">';
- wp_nonce_field('import-jkw');
- echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 1.x').'" /></p>';
- echo '</form>';
- echo '<form action="admin.php?import=jkw&step=3" method="post">';
- wp_nonce_field('import-jkw');
- echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 2.0a').'" /></p>';
- echo '</form>';
- echo '</div>';
- }
-
- function dispatch() {
- if ( empty($_GET['step']) )
- $step = 0;
- else
- $step = absint($_GET['step']);
-
- // load the header
- $this->header();
-
- switch ( $step ) {
- case 0 :
- $this->greet();
- break;
- case 1 :
- check_admin_referer('import-jkw');
- $this->check_V1_post_keyword( true );
- break;
- case 2 :
- check_admin_referer('import-jkw');
- $this->check_V1_post_keyword( false );
- break;
- case 3 :
- check_admin_referer('import-jkw');
- $this->check_V2_post_keyword( true );
- break;
- case 4 :
- check_admin_referer('import-jkw');
- $this->check_V2_post_keyword( false );
- break;
- case 5:
- check_admin_referer('import-jkw');
- $this->cleanup_V2_import();
- break;
- case 6:
- $this->done();
- break;
- }
-
- // load the footer
- $this->footer();
- }
-
- function check_V1_post_keyword($precheck = true) {
- global $wpdb;
-
- echo '<div class="narrow">';
- echo '<p><h3>'.__('Reading Jerome’s Keywords Tags…').'</h3></p>';
-
- // import Jerome's Keywords tags
- $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'keywords'");
- if ( !is_array($metakeys)) {
- echo '<p>' . __('No Tags Found!') . '</p>';
- return false;
- } else {
- $count = count($metakeys);
- echo '<p>' . sprintf( _n('Done! <strong>%s</strong> post with tags were read.', 'Done! <strong>%s</strong> posts with tags were read.', $count), $count ) . '<br /></p>';
- echo '<ul>';
- foreach ( $metakeys as $post_meta ) {
- if ( $post_meta->meta_value != '' ) {
- $post_keys = explode(',', $post_meta->meta_value);
- foreach ( $post_keys as $keyword ) {
- $keyword = addslashes(trim($keyword));
- if ( '' != $keyword ) {
- echo '<li>' . $post_meta->post_id . ' - ' . $keyword . '</li>';
- if ( !$precheck )
- wp_add_post_tags($post_meta->post_id, $keyword);
- }
- }
- }
- if ( !$precheck )
- delete_post_meta($post_meta->post_id, 'keywords');
- }
- echo '</ul>';
- }
-
- echo '<form action="admin.php?import=jkw&step='.($precheck? 2:6).'" method="post">';
- wp_nonce_field('import-jkw');
- echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
- echo '</form>';
- echo '</div>';
- }
-
- function check_V2_post_keyword($precheck = true) {
- global $wpdb;
-
- echo '<div class="narrow">';
- echo '<p><h3>'.__('Reading Jerome’s Keywords Tags…').'</h3></p>';
-
- // import Jerome's Keywords tags
- $tablename = $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1);
- $metakeys = $wpdb->get_results("SELECT post_id, tag_name FROM $tablename");
- if ( !is_array($metakeys) ) {
- echo '<p>' . __('No Tags Found!') . '</p>';
- return false;
- } else {
- $count = count($metakeys);
- echo '<p>' . sprintf( _n('Done! <strong>%s</strong> tag were read.', 'Done! <strong>%s</strong> tags were read.', $count), $count ) . '<br /></p>';
- echo '<ul>';
- foreach ( $metakeys as $post_meta ) {
- $keyword = addslashes(trim($post_meta->tag_name));
- if ( $keyword != '' ) {
- echo '<li>' . $post_meta->post_id . ' - ' . $keyword . '</li>';
- if ( !$precheck )
- wp_add_post_tags($post_meta->post_id, $keyword);
- }
- }
- echo '</ul>';
- }
- echo '<form action="admin.php?import=jkw&step='.($precheck? 4:5).'" method="post">';
- wp_nonce_field('import-jkw');
- echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
- echo '</form>';
- echo '</div>';
- }
-
- function cleanup_V2_import() {
- global $wpdb;
-
- /* options from V2.0a (jeromes-keywords.php) */
- $options = array('version', 'keywords_table', 'query_varname', 'template', 'meta_always_include', 'meta_includecats', 'meta_autoheader', 'search_strict', 'use_feed_cats', 'post_linkformat', 'post_tagseparator', 'post_includecats', 'post_notagstext', 'cloud_linkformat', 'cloud_tagseparator', 'cloud_includecats', 'cloud_sortorder', 'cloud_displaymax', 'cloud_displaymin', 'cloud_scalemax', 'cloud_scalemin');
-
- $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1));
-
- foreach ( $options as $o )
- delete_option('jkeywords_' . $o);
-
- $this->done();
- }
-
- function done() {
- echo '<div class="narrow">';
- echo '<p><h3>'.__('Import Complete!').'</h3></p>';
- echo '</div>';
- }
-
- function JeromesKeyword_Import() {
- }
-
-}
-
-// create the import object
-$jkw_import = new JeromesKeyword_Import();
-
-// add it to the import page!
-register_importer('jkw', 'Jerome’s Keywords', __('Import Jerome’s Keywords into WordPress tags.'), array($jkw_import, 'dispatch'));
-
-?>
}
function is_valid_meta_key($key) {
- // skip _wp_attached_file metadata since we'll regenerate it from scratch
- if ( $key == '_wp_attached_file' )
+ // skip attachment metadata since we'll regenerate it from scratch
+ if ( $key == '_wp_attached_file' || $key == '_wp_attachment_metadata' )
return false;
return $key;
}
if ( isset($post_data['post_category']) ) {
if ( is_array($post_data['post_category']) && ! empty($post_data['post_category']) )
- $new_cats = array_map( absint, $post_data['post_category'] );
+ $new_cats = array_map( 'absint', $post_data['post_category'] );
else
unset($post_data['post_category']);
}
update_post_meta( $post->ID, '_edit_last', $current_user->ID );
}
+/**
+ * Outputs the notice message to say that someone else is editing this post at the moment.
+ *
+ * @since 2.8.5
+ * @return none
+ */
+function _admin_notice_post_locked() {
+ global $post;
+ $last_user = get_userdata( get_post_meta( $post->ID, '_edit_last', true ) );
+ $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
+
+ switch ($post->post_type) {
+ case 'post':
+ $message = __( 'Warning: %s is currently editing this post' );
+ break;
+ case 'page':
+ $message = __( 'Warning: %s is currently editing this page' );
+ break;
+ default:
+ $message = __( 'Warning: %s is currently editing this.' );
+ }
+
+ $message = sprintf( $message, esc_html( $last_user_name ) );
+ echo "<div class='error'><p>$message</p></div>";
+}
+
/**
* Creates autosave data for the specified post from $_POST data.
*
'wp-admin/edit-form-ajax-cat.php',
'wp-admin/execute-pings.php',
'wp-admin/import/b2.php',
+'wp-admin/import/btt.php',
+'wp-admin/import/jkw.php',
'wp-admin/inline-uploading.php',
'wp-admin/link-categories.php',
'wp-admin/list-manipulation.js',
}//end function display_header();
function display_setup_form( $error = null ) {
+ // Ensure that Blogs appear in search engines by default
+ $blog_public = 1;
+ if ( isset($_POST) && !empty($_POST) ) {
+ $blog_public = isset($_POST['blog_public']);
+ }
+
if ( ! is_null( $error ) ) {
?>
<p><?php printf( __('<strong>ERROR</strong>: %s'), $error); ?></p>
<?php _e('Double-check your email address before continuing.'); ?>
</tr>
<tr>
- <td colspan="2"><label><input type="checkbox" name="blog_public" value="1"<?php if( isset($_POST) && ! empty($_POST) && isset( $_POST['blog_public'] ) ) : ?> checked="checked"<?php endif; ?> /> <?php _e('Allow my blog to appear in search engines like Google and Technorati.'); ?></label></td>
+ <td colspan="2"><label><input type="checkbox" name="blog_public" value="1" <?php checked($blog_public); ?> /> <?php _e('Allow my blog to appear in search engines like Google and Technorati.'); ?></label></td>
</tr>
</table>
<p class="step"><input type="submit" name="Submit" value="<?php esc_attr_e('Install WordPress'); ?>" class="button" /></p>
if ( current_user_can('edit_page', $page_ID) ) {
if ( $last = wp_check_post_lock( $post->ID ) ) {
- $last_user = get_userdata( $last );
- $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
- $message = sprintf( __( 'Warning: %s is currently editing this page' ), esc_html( $last_user_name ) );
- $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
- add_action('admin_notices', create_function( '', "echo '$message';" ) );
+ add_action('admin_notices', '_admin_notice_post_locked' );
} else {
wp_set_post_lock( $post->ID );
wp_enqueue_script('autosave');
if ( current_user_can('edit_post', $post_ID) ) {
if ( $last = wp_check_post_lock( $post->ID ) ) {
- $last_user = get_userdata( $last );
- $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
- $message = sprintf( __( 'Warning: %s is currently editing this post' ), esc_html( $last_user_name ) );
- $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
- add_action('admin_notices', create_function( '', "echo '$message';" ) );
+ add_action('admin_notices', '_admin_notice_post_locked' );
} else {
wp_set_post_lock( $post->ID );
wp_enqueue_script('autosave');
}
$location = get_post_meta($entry['ID'], '_wp_attached_file', true);
+ $location = get_option ('upload_path') . '/' . $location;
$filetype = wp_check_filetype($location);
if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
header('Content-Type: ' . $entry['post_mime_type']);
header('Connection: close');
- $fp = fopen($location, "rb");
- while(!feof($fp)) {
- echo fread($fp, 4096);
+ if ($fp = fopen($location, "rb")) {
+ status_header('200');
+ header('Content-Type: ' . $entry['post_mime_type']);
+ header('Connection: close');
+
+ while(!feof($fp)) {
+ echo fread($fp, 4096);
+ }
+
+ fclose($fp);
+ } else {
+ status_header ('404');
}
- fclose($fp);
log_app('function',"get_file($postID)");
exit;
return $response;
}
+// filter handler used to return a spam result to pre_comment_approved
+function akismet_result_spam( $approved ) {
+ // bump the counter here instead of when the filter is added to reduce the possibility of overcounting
+ update_option( 'akismet_spam_count', get_option('akismet_spam_count') + 1 );
+ return 'spam';
+}
+
function akismet_auto_check_comment( $comment ) {
global $akismet_api_host, $akismet_api_port;
$response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);
if ( 'true' == $response[1] ) {
- add_filter('pre_comment_approved', create_function('$a', 'return \'spam\';'));
- update_option( 'akismet_spam_count', get_option('akismet_spam_count') + 1 );
+ // akismet_spam_count will be incremented later by akismet_result_spam()
+ add_filter('pre_comment_approved', 'akismet_result_spam');
do_action( 'akismet_spam_caught' );
$last_updated = strtotime( $post->post_modified_gmt );
$diff = time() - $last_updated;
$diff = $diff / 86400;
-
- if ( $post->post_type == 'post' && $diff > 30 && get_option( 'akismet_discard_month' ) == 'true' )
+
+ if ( $post->post_type == 'post' && $diff > 30 && get_option( 'akismet_discard_month' ) == 'true' ) {
+ // akismet_result_spam() won't be called so bump the counter here
+ update_option( 'akismet_spam_count', get_option('akismet_spam_count') + 1 );
die;
+ }
}
akismet_delete_old();
return $comment;
Contributors: matt, ryan, andy, mdawaffe, tellyworth
Tags: akismet, comments, spam
Requires at least: 2.0
-Tested up to: 2.8.2
+Tested up to: 2.8.4
Akismet checks your comments against the Akismet web service to see if they look like spam or not.
*/
function the_author_link() {
if ( get_the_author_meta('url') ) {
- echo '<a href="' . get_the_author_meta('url') . '" title="' . sprintf(__("Visit %s’s website"), get_the_author()) . '" rel="external">' . get_the_author() . '</a>';
+ echo '<a href="' . get_the_author_meta('url') . '" title="' . esc_attr( sprintf(__("Visit %s’s website"), get_the_author()) ) . '" rel="external">' . get_the_author() . '</a>';
} else {
the_author();
}
printf(
'<a href="%1$s" title="%2$s">%3$s</a>',
get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
- sprintf( __( 'Posts by %s' ), esc_attr( get_the_author() ) ),
+ esc_attr( sprintf( __( 'Posts by %s' ), get_the_author() ) ),
get_the_author()
);
}
if ( ! $hide_empty )
$link = $name;
} else {
- $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), esc_attr($author->display_name)) . '">' . $name . '</a>';
+ $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . esc_attr( sprintf(__("Posts by %s"), $author->display_name) ) . '">' . $name . '</a>';
if ( (! empty($feed_image)) || (! empty($feed)) ) {
$link .= ' ';
$link .= '<a href="' . get_author_feed_link($author->ID) . '"';
if ( !empty($feed) ) {
- $title = ' title="' . $feed . '"';
- $alt = ' alt="' . $feed . '"';
+ $title = ' title="' . esc_attr($feed) . '"';
+ $alt = ' alt="' . esc_attr($feed) . '"';
$name = $feed;
$link .= $title;
}
$link .= '>';
if ( !empty($feed_image) )
- $link .= "<img src=\"$feed_image\" style=\"border: none;\"$alt$title" . ' />';
+ $link .= "<img src=\"" . esc_url($feed_image) . "\" style=\"border: none;\"$alt$title" . ' />';
else
$link .= $name;
$rel = $bookmark->link_rel;
if ( '' != $rel )
- $rel = ' rel="' . $rel . '"';
+ $rel = ' rel="' . esc_attr($rel) . '"';
$target = $bookmark->link_target;
if ( '' != $target )
else
$caps[] = 'read_private_pages';
break;
+ case 'unfiltered_upload':
+ if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS == true )
+ $caps[] = $cap;
+ else
+ $caps[] = 'do_not_allow';
+ break;
default:
// If no meta caps match, return the original cap.
$caps[] = $cap;
}
if ( $link )
- $chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $parent->cat_name ) . '">'.$name.'</a>' . $separator;
+ $chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $parent->cat_name ) ) . '">'.$name.'</a>' . $separator;
else
$chain .= $name.$separator;
return $chain;
case 'multiple':
if ( $category->parent )
$thelist .= get_category_parents( $category->parent, true, $separator );
- $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->name.'</a></li>';
+ $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a></li>';
break;
case 'single':
- $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>';
+ $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
if ( $category->parent )
$thelist .= get_category_parents( $category->parent, false, $separator );
$thelist .= $category->name.'</a></li>';
break;
case '':
default:
- $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
+ $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
}
}
$thelist .= '</ul>';
case 'multiple':
if ( $category->parent )
$thelist .= get_category_parents( $category->parent, true, $separator );
- $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->cat_name.'</a>';
+ $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->cat_name.'</a>';
break;
case 'single':
- $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>';
+ $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
if ( $category->parent )
$thelist .= get_category_parents( $category->parent, false, $separator );
$thelist .= "$category->cat_name</a>";
break;
case '':
default:
- $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->name.'</a>';
+ $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a>';
}
++$i;
}
$tab_index_attribute = " tabindex=\"$tab_index\"";
$categories = get_categories( $r );
+ $name = esc_attr($name);
+ $class = esc_attr($class);
$output = '';
if ( ! empty( $categories ) ) {
// Trim the query of everything up to the '?'.
$query = preg_replace("!^.+\?!", '', $query);
-
+
// Substitute the substring matches into the query.
- eval("@\$query = \"" . addslashes($query) . "\";");
+ $query = addslashes(WP_MatchesMapRegex::apply($query, $matches));
$this->matched_query = $query;
}
}
+/**
+ * Helper class to remove the need to use eval to replace $matches[] in query strings.
+ *
+ * @since 2.9.0
+ */
+class WP_MatchesMapRegex {
+ /**
+ * store for matches
+ *
+ * @access private
+ * @var array
+ */
+ var $_matches;
+
+ /**
+ * store for mapping result
+ *
+ * @access public
+ * @var string
+ */
+ var $output;
+
+ /**
+ * subject to perform mapping on (query string containing $matches[] references
+ *
+ * @access private
+ * @var string
+ */
+ var $_subject;
+
+ /**
+ * regexp pattern to match $matches[] references
+ *
+ * @var string
+ */
+ var $_pattern = '(\$matches\[[1-9]+[0-9]*\])'; // magic number
+
+ /**
+ * constructor
+ *
+ * @param string $subject subject if regex
+ * @param array $matches data to use in map
+ * @return self
+ */
+ function WP_MatchesMapRegex($subject, $matches) {
+ $this->_subject = $subject;
+ $this->_matches = $matches;
+ $this->output = $this->_map();
+ }
+
+ /**
+ * Substitute substring matches in subject.
+ *
+ * static helper function to ease use
+ *
+ * @access public
+ * @param string $subject subject
+ * @param array $matches data used for subsitution
+ * @return string
+ */
+ function apply($subject, $matches) {
+ $oSelf =& new WP_MatchesMapRegex($subject, $matches);
+ return $oSelf->output;
+ }
+
+ /**
+ * do the actual mapping
+ *
+ * @access private
+ * @return string
+ */
+ function _map() {
+ $callback = array(&$this, 'callback');
+ return preg_replace_callback($this->_pattern, $callback, $this->_subject);
+ }
+
+ /**
+ * preg_replace_callback hook
+ *
+ * @access public
+ * @param array $matches preg_replace regexp matches
+ * @return string
+ */
+ function callback($matches) {
+ $index = intval(substr($matches[0], 9, -1));
+ return ( isset( $this->_matches[$index] ) ? $this->_matches[$index] : '' );
+ }
+
+}
+
?>
$classes = array_merge($classes, $class);
}
+ $classes = array_map('esc_attr', $classes);
+
return apply_filters('comment_class', $classes, $class, $comment_id, $post_id);
}
$number = get_comments_number( $id );
if ( 0 == $number && !comments_open() && !pings_open() ) {
- echo '<span' . ((!empty($css_class)) ? ' class="' . $css_class . '"' : '') . '>' . $none . '</span>';
+ echo '<span' . ((!empty($css_class)) ? ' class="' . esc_attr( $css_class ) . '"' : '') . '>' . $none . '</span>';
return;
}
echo apply_filters( 'comments_popup_link_attributes', '' );
- echo ' title="' . sprintf( __('Comment on %s'), $title ) . '">';
+ echo ' title="' . esc_attr( sprintf( __('Comment on %s'), $title ) ) . '">';
comments_number( $zero, $one, $more, $number );
echo '</a>';
}
*/
function sanitize_file_name( $filename ) {
$filename_raw = $filename;
- $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}");
+ $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
$special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
$filename = str_replace($special_chars, '', $filename);
$filename = preg_replace('/[\s-]+/', '-', $filename);
* Returns a date in the GMT equivalent.
*
* Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the
- * value of the 'gmt_offset' option.
+ * value of the 'gmt_offset' option. Return format can be overridden using the
+ * $format parameter
*
* @since 1.2.0
*
* @uses get_option() to retrieve the the value of 'gmt_offset'.
* @param string $string The date to be converted.
+ * @param string $format The format string for the returned date (default is Y-m-d H:i:s)
* @return string GMT version of the date provided.
*/
-function get_gmt_from_date($string) {
+function get_gmt_from_date($string, $format = 'Y-m-d H:i:s') {
preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
$string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
- $string_gmt = gmdate('Y-m-d H:i:s', $string_time - get_option('gmt_offset') * 3600);
+ $string_gmt = gmdate($format, $string_time - get_option('gmt_offset') * 3600);
return $string_gmt;
}
* Converts a GMT date into the correct format for the blog.
*
* Requires and returns in the Y-m-d H:i:s format. Simply adds the value of
- * gmt_offset.
+ * gmt_offset.Return format can be overridden using the $format parameter
*
* @since 1.2.0
*
* @param string $string The date to be converted.
+ * @param string $format The format string for the returned date (default is Y-m-d H:i:s)
* @return string Formatted date relative to the GMT offset.
*/
-function get_date_from_gmt($string) {
+function get_date_from_gmt($string, $format = 'Y-m-d H:i:s') {
preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
$string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
- $string_localtime = gmdate('Y-m-d H:i:s', $string_time + get_option('gmt_offset')*3600);
+ $string_localtime = gmdate($format, $string_time + get_option('gmt_offset')*3600);
return $string_localtime;
}
/* translators: Calendar caption: 1: month name, 2: 4-digit year */
$calendar_caption = _x('%1$s %2$s', 'calendar caption');
- echo '<table id="wp-calendar" summary="' . __('Calendar') . '">
+ echo '<table id="wp-calendar" summary="' . esc_attr__('Calendar') . '">
<caption>' . sprintf($calendar_caption, $wp_locale->get_month($thismonth), date('Y', $unixmonth)) . '</caption>
<thead>
<tr>';
foreach ( $myweek as $wd ) {
$day_name = (true == $initial) ? $wp_locale->get_weekday_initial($wd) : $wp_locale->get_weekday_abbrev($wd);
+ $wd = esc_attr($wd);
echo "\n\t\t<th abbr=\"$wd\" scope=\"col\" title=\"$wd\">$day_name</th>";
}
if ( $next ) {
echo "\n\t\t".'<td abbr="' . $wp_locale->get_month($next->month) . '" colspan="3" id="next"><a href="' .
- get_month_link($next->year, $next->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $wp_locale->get_month($next->month),
- date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) . '">' . $wp_locale->get_month_abbrev($wp_locale->get_month($next->month)) . ' »</a></td>';
+ get_month_link($next->year, $next->month) . '" title="' . esc_attr( sprintf(__('View posts for %1$s %2$s'), $wp_locale->get_month($next->month) ,
+ date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) ) . '">' . $wp_locale->get_month_abbrev($wp_locale->get_month($next->month)) . ' »</a></td>';
} else {
echo "\n\t\t".'<td colspan="3" id="next" class="pad"> </td>';
}
// See how much we should pad in the beginning
$pad = calendar_week_mod(date('w', $unixmonth)-$week_begins);
if ( 0 != $pad )
- echo "\n\t\t".'<td colspan="'.$pad.'" class="pad"> </td>';
+ echo "\n\t\t".'<td colspan="'. esc_attr($pad) .'" class="pad"> </td>';
$daysinmonth = intval(date('t', $unixmonth));
for ( $day = 1; $day <= $daysinmonth; ++$day ) {
echo '<td>';
if ( in_array($day, $daywithpost) ) // any posts today?
- echo '<a href="' . get_day_link($thisyear, $thismonth, $day) . "\" title=\"$ak_titles_for_day[$day]\">$day</a>";
+ echo '<a href="' . get_day_link($thisyear, $thismonth, $day) . "\" title=\"" . esc_attr($ak_titles_for_day[$day]) . "\">$day</a>";
else
echo $day;
echo '</td>';
$pad = 7 - calendar_week_mod(date('w', mktime(0, 0 , 0, $thismonth, $day, $thisyear))-$week_begins);
if ( $pad != 0 && $pad != 7 )
- echo "\n\t\t".'<td class="pad" colspan="'.$pad.'"> </td>';
+ echo "\n\t\t".'<td class="pad" colspan="'. esc_attr($pad) .'"> </td>';
echo "\n\t</tr>\n\t</tbody>\n\t</table>";
if ( 1 > (int) $width || empty($caption) )
return $content;
- if ( $id ) $id = 'id="' . $id . '" ';
+ if ( $id ) $id = 'id="' . esc_attr($id) . '" ';
- return '<div ' . $id . 'class="wp-caption ' . $align . '" style="width: ' . (10 + (int) $width) . 'px">'
+ return '<div ' . $id . 'class="wp-caption ' . esc_attr($align) . '" style="width: ' . (10 + (int) $width) . 'px">'
. do_shortcode( $content ) . '<p class="wp-caption-text">' . $caption . '</p></div>';
}
$classes = array_merge($classes, $class);
}
+ $classes = array_map('esc_attr', $classes);
+
return apply_filters('post_class', $classes, $class, $post_id);
}
$classes = array_merge($classes, $class);
}
+ $classes = array_map('esc_attr', $classes);
+
return apply_filters('body_class', $classes, $class);
}
$pages = get_pages($r);
$output = '';
+ $name = esc_attr($name);
if ( ! empty($pages) ) {
$output = "<select name=\"$name\" id=\"$name\">\n";
if ( $menu )
$menu = '<ul>' . $menu . '</ul>';
- $menu = '<div class="' . $args['menu_class'] . '">' . $menu . "</div>\n";
+ $menu = '<div class="' . esc_attr($args['menu_class']) . '">' . $menu . "</div>\n";
$menu = apply_filters( 'wp_page_menu', $menu, $args );
if ( $args['echo'] )
echo $menu;
$query = preg_replace("!^.+\?!", '', $query);
// Substitute the substring matches into the query.
- eval("\$query = \"" . addslashes($query) . "\";");
+ $query = addslashes(WP_MatchesMapRegex::apply($query, $matches));
// Filter out non-public query vars
global $wp;
parse_str($query, $query_vars);
if ( validate_file($_GET['template']) )
return;
- add_filter( 'template', create_function('', "return '{$_GET['template']}';") );
+ add_filter( 'template', '_preview_theme_template_filter' );
if ( isset($_GET['stylesheet']) ) {
$_GET['stylesheet'] = preg_replace('|[^a-z0-9_./-]|i', '', $_GET['stylesheet']);
if ( validate_file($_GET['stylesheet']) )
return;
- add_filter( 'stylesheet', create_function('', "return '{$_GET['stylesheet']}';") );
+ add_filter( 'stylesheet', '_preview_theme_stylesheet_filter' );
}
// Prevent theme mods to current theme being used on theme being previewed
}
add_action('setup_theme', 'preview_theme');
+/**
+ * Private function to modify the current template when previewing a theme
+ *
+ * @return string
+ */
+function _preview_theme_template_filter() {
+ return isset($_GET['template']) ? $_GET['template'] : '';
+}
+
+/**
+ * Private function to modify the current stylesheet when previewing a theme
+ *
+ * @return string
+ */
+function _preview_theme_stylesheet_filter() {
+ return isset($_GET['stylesheet']) ? $_GET['stylesheet'] : '';
+}
+
/**
* Callback function for ob_start() to capture all links in the theme.
*
*
* @global string $wp_version
*/
-$wp_version = '2.8.4';
+$wp_version = '2.8.5';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
$blog_name = stripslashes($_POST['blog_name']);
if ($charset)
- $charset = strtoupper( trim($charset) );
+ $charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
else
$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
$page_date = mysql2date("Ymd\TH:i:s", $page->post_date, false);
$page_date_gmt = mysql2date("Ymd\TH:i:s", $page->post_date_gmt, false);
+ // For drafts use the GMT version of the date
+ if ( $page->post_status == 'draft' ) {
+ $page_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $page->post_date ), 'Ymd\TH:i:s' );
+ }
+
// Pull the categories info together.
$categories = array();
foreach(wp_get_post_categories($page->ID) as $cat_id) {
post_title page_title,
post_parent page_parent_id,
post_date_gmt,
- post_date
+ post_date,
+ post_status
FROM {$wpdb->posts}
WHERE post_type = 'page'
ORDER BY ID
$page_list[$i]->dateCreated = new IXR_Date($post_date);
$page_list[$i]->date_created_gmt = new IXR_Date($post_date_gmt);
+ // For drafts use the GMT version of the date
+ if ( $page_list[$i]->post_status == 'draft' ) {
+ $page_list[$i]->date_created_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $page_list[$i]->post_date ), 'Ymd\TH:i:s' );
+ $page_list[$i]->date_created_gmt = new IXR_Date( $page_list[$i]->date_created_gmt );
+ }
+
unset($page_list[$i]->post_date_gmt);
unset($page_list[$i]->post_date);
+ unset($page_list[$i]->post_status);
}
return($page_list);
// For drafts use the GMT version of the post date
if ( $postdata['post_status'] == 'draft' ) {
- $post_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $postdata['post_date'] ) );
- $post_date_gmt = preg_replace( '|\-|', '', $post_date_gmt );
- $post_date_gmt = preg_replace( '| |', 'T', $post_date_gmt );
+ $post_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $postdata['post_date'] ), 'Ymd\TH:i:s' );
}
$categories = array();
$post_date = mysql2date('Ymd\TH:i:s', $entry['post_date'], false);
$post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt'], false);
+ // For drafts use the GMT version of the date
+ if ( $entry['post_status'] == 'draft' ) {
+ $post_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $entry['post_date'] ), 'Ymd\TH:i:s' );
+ }
+
$categories = array();
$catids = wp_get_post_categories($entry['ID']);
foreach($catids as $catid) {
$post_date = mysql2date('Ymd\TH:i:s', $entry['post_date'], false);
$post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt'], false);
+ // For drafts use the GMT version of the date
+ if ( $entry['post_status'] == 'draft' ) {
+ $post_date_gmt = get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $entry['post_date'] ), 'Ymd\TH:i:s' );
+ }
+
$struct[] = array(
'dateCreated' => new IXR_Date($post_date),
'userid' => $entry['post_author'],