diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-06-21 16:41:02 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-06-21 16:41:02 +0000 |
commit | a5fe68e002632c190ffbd85167671ed4d4961135 (patch) | |
tree | ae57f94603111507c50cb3c212a03bedf8f7dc5a /wp-admin/admin-functions.php | |
parent | 4e38776b5b68c61a4593a84340f4654200f7568e (diff) | |
download | wordpress-mu-a5fe68e002632c190ffbd85167671ed4d4961135.tar.gz wordpress-mu-a5fe68e002632c190ffbd85167671ed4d4961135.tar.xz wordpress-mu-a5fe68e002632c190ffbd85167671ed4d4961135.zip |
WP Merge to WP 2.2.1
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1005 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin/admin-functions.php')
-rw-r--r-- | wp-admin/admin-functions.php | 37 |
1 files changed, 27 insertions, 10 deletions
diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index 592c242..dce1350 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -347,6 +347,8 @@ function get_post_to_edit( $id ) { $post->post_title = apply_filters( 'title_edit_pre', $post->post_title ); $post->post_password = format_to_edit( $post->post_password ); + + $post->menu_order = (int) $post->menu_order; if ( $post->post_type == 'page' ) $post->page_template = get_post_meta( $id, '_wp_page_template', true ); @@ -396,12 +398,16 @@ function get_default_post_to_edit() { function get_comment_to_edit( $id ) { $comment = get_comment( $id ); + + $comment->comment_ID = (int) $comment->comment_ID; + $comment->comment_post_ID = (int) $comment->comment_post_ID; - $comment->comment_content = format_to_edit( $comment->comment_content, user_can_richedit() ); + $comment->comment_content = format_to_edit( $comment->comment_content ); $comment->comment_content = apply_filters( 'comment_edit_pre', $comment->comment_content); $comment->comment_author = format_to_edit( $comment->comment_author ); $comment->comment_author_email = format_to_edit( $comment->comment_author_email ); + $comment->comment_author_url = clean_url($comment->comment_author_url); $comment->comment_author_url = format_to_edit( $comment->comment_author_url ); return $comment; @@ -409,6 +415,9 @@ function get_comment_to_edit( $id ) { function get_category_to_edit( $id ) { $category = get_category( $id ); + + $category->term_id = (int) $category->term_id; + $category->parent = (int) $category->parent; return $category; } @@ -819,8 +828,8 @@ function _cat_row( $category, $level, $name_override = false ) { $class = ( ( defined( 'DOING_AJAX' ) && DOING_AJAX ) || " class='alternate'" == $class ) ? '' : " class='alternate'"; - $category->category_count = number_format_i18n( $category->category_count ); - $category->link_count = number_format_i18n( $category->link_count ); + $category->category_count = number_format( $category->category_count ); + $category->link_count = number_format( $category->link_count ); $posts_count = ( $category->category_count > 0 ) ? "<a href='edit.php?cat=$category->cat_ID'>$category->category_count</a>" : $category->category_count; return "<tr id='cat-$category->cat_ID'$class> <th scope='row' style='text-align: center'>$category->cat_ID</th> @@ -948,7 +957,7 @@ function _wp_comment_list_item( $id, $alt = 0 ) { <?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { echo " <a href='comment.php?action=editcomment&c=".$comment->comment_ID."'>" . __('Edit') . '</a>'; - echo ' | <a href="' . wp_nonce_url('ocomment.php?action=deletecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> '; + echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> '; if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>'; echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>'; @@ -1039,6 +1048,7 @@ function list_meta( $meta ) { $key_js = js_escape( $entry['meta_key'] ); $entry['meta_key'] = attribute_escape($entry['meta_key']); $entry['meta_value'] = attribute_escape($entry['meta_value']); + $entry['meta_id'] = (int) $entry['meta_id']; $r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>"; $r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>"; $r .= "\n\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>"; @@ -1091,7 +1101,7 @@ function meta_form() { <?php foreach ( $keys as $key ) { - $key = attribute_escape( $key); + $key = attribute_escape( $key ); echo "\n\t<option value='$key'>$key</option>"; } ?> @@ -1112,6 +1122,8 @@ function add_meta( $post_ID ) { global $wpdb; $post_ID = (int) $post_ID; + $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); + $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) ); $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) ); $metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) )); @@ -1127,6 +1139,9 @@ function add_meta( $post_ID ) { if ( $metakeyinput) $metakey = $metakeyinput; // default + if ( in_array($metakey, $protected) ) + return false; + $result = $wpdb->query( " INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value ) @@ -1146,6 +1161,12 @@ function delete_meta( $mid ) { function update_meta( $mid, $mkey, $mvalue ) { global $wpdb; + + $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); + + if ( in_array($mkey, $protected) ) + return false; + $mvalue = maybe_serialize( stripslashes( $mvalue )); $mvalue = $wpdb->escape( $mvalue ); $mid = (int) $mid; @@ -1345,7 +1366,6 @@ function get_page_templates() { function page_template_dropdown( $default = '' ) { $templates = get_page_templates(); - ksort( $templates ); foreach (array_keys( $templates ) as $template ) : if ( $default == $templates[$template] ) $selected = " selected='selected'"; @@ -1945,11 +1965,8 @@ function wp_handle_upload( &$file, $overrides = false ) { extract( $wp_filetype ); - if ( ( !$type || !$ext ) && !current_user_can( 'unfiltered_upload' ) ) + if ( !$type || !$ext ) return $upload_error_handler( $file, __( 'File type does not meet security guidelines. Try another.' )); - - if ( !$ext ) - $ext = strrchr($file['name'], '.'); } // A writable uploads dir will pass this test. Again, there's no point overriding this one. |