<body>
<h1 id="logo">
<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" width="250" height="68" /></a>
- <br /> Version 3.0.5
+ <br /> Version 3.0.6
</h1>
<p style="text-align: center">Semantic Personal Publishing Platform</p>
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
$mysql_version = $wpdb->db_version();
$required_php_version = '4.3';
$required_mysql_version = '4.1.2';
- $wp_version = '3.0.5';
+ $wp_version = '3.0.6';
$php_compat = version_compare( $php_version, $required_php_version, '>=' );
$mysql_compat = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );
$errors = array();
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
}
}
// set the post_content and status
- $quick['post_status'] = isset($_POST['publish']) ? 'publish' : 'draft';
+ if ( isset( $_POST['publish'] ) && current_user_can( 'publish_posts' ) )
+ $quick['post_status'] = 'publish';
+ elseif ( isset( $_POST['review'] ) )
+ $quick['post_status'] = 'pending';
+ else
+ $quick['post_status'] = 'draft';
$quick['post_content'] = $content;
// error handling for media_sideload
if ( is_wp_error($upload) ) {
wp_upgrade();
$backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
- $backto = esc_url_raw( $backto );
+ $backto = esc_url( $backto );
$backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
?>
<h2><?php _e( 'Upgrade Complete' ); ?></h2>
}
// Kses only for textarea admin displays
-foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) {
+foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
add_filter( $filter, 'wp_kses_data' );
}
+if ( is_admin() )
+ add_filter( 'comment_text', 'wp_kses_post' );
// Email saves
foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) {
if ( empty( $shortlink ) )
return;
- echo "<link rel='shortlink' href='" . esc_url_raw( $shortlink ) . "' />\n";
+ echo "<link rel='shortlink' href='" . esc_url( $shortlink ) . "' />\n";
}
/**
*
* @global string $wp_version
*/
-$wp_version = '3.0.5';
+$wp_version = '3.0.6';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.