diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-06-13 17:21:00 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-06-13 17:21:00 +0000 |
commit | 12de05107e4c8b006bde6ee8916f34eb476d08da (patch) | |
tree | 123ee54ecd1f3f777373b7df54a4604012d43640 /wp-admin/includes | |
parent | e51c7a9ca4bfdb45fa3ec7334bd33871e78c68b1 (diff) | |
download | wordpress-mu-12de05107e4c8b006bde6ee8916f34eb476d08da.tar.gz wordpress-mu-12de05107e4c8b006bde6ee8916f34eb476d08da.tar.xz wordpress-mu-12de05107e4c8b006bde6ee8916f34eb476d08da.zip |
WP Merge with revision 8075
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1328 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin/includes')
-rw-r--r-- | wp-admin/includes/bookmark.php | 19 | ||||
-rw-r--r-- | wp-admin/includes/class-wp-filesystem-base.php | 158 | ||||
-rw-r--r-- | wp-admin/includes/class-wp-filesystem-direct.php | 190 | ||||
-rw-r--r-- | wp-admin/includes/class-wp-filesystem-ftpext.php | 248 | ||||
-rw-r--r-- | wp-admin/includes/class-wp-filesystem-ftpsockets.php | 270 | ||||
-rw-r--r-- | wp-admin/includes/comment.php | 4 | ||||
-rw-r--r-- | wp-admin/includes/dashboard.php | 7 | ||||
-rw-r--r-- | wp-admin/includes/export.php | 7 | ||||
-rw-r--r-- | wp-admin/includes/file.php | 159 | ||||
-rw-r--r-- | wp-admin/includes/media.php | 173 | ||||
-rw-r--r-- | wp-admin/includes/plugin.php | 122 | ||||
-rw-r--r-- | wp-admin/includes/post.php | 265 | ||||
-rw-r--r-- | wp-admin/includes/schema.php | 26 | ||||
-rw-r--r-- | wp-admin/includes/taxonomy.php | 2 | ||||
-rw-r--r-- | wp-admin/includes/template.php | 100 | ||||
-rw-r--r-- | wp-admin/includes/theme.php | 2 | ||||
-rw-r--r-- | wp-admin/includes/update.php | 70 | ||||
-rw-r--r-- | wp-admin/includes/upgrade.php | 95 | ||||
-rw-r--r-- | wp-admin/includes/user.php | 37 | ||||
-rw-r--r-- | wp-admin/includes/widgets.php | 14 |
20 files changed, 1040 insertions, 928 deletions
diff --git a/wp-admin/includes/bookmark.php b/wp-admin/includes/bookmark.php index 2cae3b5..b48d313 100644 --- a/wp-admin/includes/bookmark.php +++ b/wp-admin/includes/bookmark.php @@ -47,7 +47,7 @@ function wp_delete_link($link_id) { wp_delete_object_term_relationships($link_id, 'link_category'); - $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'"); + $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_id = %d", $link_id) ); do_action('deleted_link', $link_id); @@ -73,7 +73,7 @@ function wp_insert_link($linkdata) { $linkdata = wp_parse_args($linkdata, $defaults); $linkdata = sanitize_bookmark($linkdata, 'db'); - extract($linkdata, EXTR_SKIP); + extract(stripslashes_deep($linkdata), EXTR_SKIP); $update = false; @@ -119,15 +119,14 @@ function wp_insert_link($linkdata) { } if ( $update ) { - $wpdb->query("UPDATE $wpdb->links SET link_url='$link_url', - link_name='$link_name', link_image='$link_image', - link_target='$link_target', - link_visible='$link_visible', link_description='$link_description', - link_rating='$link_rating', link_rel='$link_rel', - link_notes='$link_notes', link_rss = '$link_rss' - WHERE link_id='$link_id'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_url = %s, + link_name = %s, link_image = %s, link_target = %s, + link_visible = %s, link_description = %s, link_rating = %s, + link_rel = %s, link_notes = %s, link_rss = %s + WHERE link_id = %s", $link_url, $link_name, $link_image, $link_target, $link_visible, $link_description, $link_rating, $link_rel, $link_notes, $link_rss, $link_id) ); } else { - $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", + $link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss) ); $link_id = (int) $wpdb->insert_id; } diff --git a/wp-admin/includes/class-wp-filesystem-base.php b/wp-admin/includes/class-wp-filesystem-base.php new file mode 100644 index 0000000..7bb6217 --- /dev/null +++ b/wp-admin/includes/class-wp-filesystem-base.php @@ -0,0 +1,158 @@ +<?php +class WP_Filesystem_Base{ + var $verbose = true; + var $cache = array(); + + var $method = ''; + + function abspath() { + if ( defined('FTP_BASE') && strpos($this->method, 'ftp') !== false ) + return FTP_BASE; + return $this->find_folder(ABSPATH); + } + function wp_content_dir() { + if ( defined('FTP_CONTENT_DIR') && strpos($this->method, 'ftp') !== false ) + return FTP_CONTENT_DIR; + return $this->find_folder(WP_CONTENT_DIR); + } + function wp_plugins_dir() { + if ( defined('FTP_PLUGIN_DIR') && strpos($this->method, 'ftp') !== false ) + return FTP_PLUGIN_DIR; + return $this->find_folder(WP_PLUGIN_DIR); + } + function wp_themes_dir() { + return $this->wp_content_dir() . '/themes'; + } + //Back compat: use abspath() or wp_*_dir + function find_base_dir($base = '.', $echo = false) { + $this->verbose = $echo; + return $this->abspath(); + } + //Back compat: use ::abspath() or ::wp_*_dir + function get_base_dir($base = '.', $echo = false) { + $this->verbose = $echo; + return $this->abspath(); + } + + function find_folder($folder) { + $folder = str_replace('\\', '/', $folder); //Windows Sanitiation + if ( isset($this->cache[ $folder ] ) ) + return $this->cache[ $folder ]; + + if ( $this->exists($folder) ) { //Folder exists at that absolute path. + $this->cache[ $folder ] = $folder; + return $folder; + } + if( $return = $this->search_for_folder($folder) ) + $this->cache[ $folder ] = $return; + return $return; + } + + // Assumes $folder is windows sanitized; + // Assumes that the drive letter is safe to be stripped off, Should not be a problem for windows servers. + function search_for_folder($folder, $base = '.', $loop = false ) { + if ( empty( $base ) || '.' == $base ) + $base = trailingslashit($this->cwd()); + + $folder = preg_replace('|^([a-z]{1}):|i', '', $folder); //Strip out windows driveletter if its there. + + $folder_parts = explode('/', $folder); + $last_path = $folder_parts[ count($folder_parts) - 1 ]; + + $files = $this->dirlist( $base ); + + foreach ( $folder_parts as $key ) { + if ( $key == $last_path ) + continue; //We want this to be caught by the next code block. + + //Working from /home/ to /user/ to /wordpress/ see if that file exists within the current folder, + // If its found, change into it and follow through looking for it. + // If it cant find WordPress down that route, it'll continue onto the next folder level, and see if that matches, and so on. + // If it reaches the end, and still cant find it, it'll return false for the entire function. + if( isset($files[ $key ]) ){ + //Lets try that folder: + $newdir = trailingslashit(path_join($base, $key)); + if( $this->verbose ) + printf( __('Changing to %s') . '<br/>', $newdir ); + if( $ret = $this->search_for_folder( $folder, $newdir, $loop) ) + return $ret; + } + } + + //Only check this as a last resort, to prevent locating the incorrect install. All above proceeedures will fail quickly if this is the right branch to take. + if(isset( $files[ $last_path ] ) ) { + if( $this->verbose ) + printf( __('Found %s') . '<br/>', $base . $last_path ); + return $base . $last_path; + } + if( $loop ) + return false;//Prevent tihs function looping again. + //As an extra last resort, Change back to / if the folder wasnt found. This comes into effect when the CWD is /home/user/ but WP is at /var/www/.... mainly dedicated setups. + return $this->search_for_folder($folder, '/', true); + + } + + //Common Helper functions. + function gethchmod($file){ + //From the PHP.net page for ...? + $perms = $this->getchmod($file); + if (($perms & 0xC000) == 0xC000) // Socket + $info = 's'; + elseif (($perms & 0xA000) == 0xA000) // Symbolic Link + $info = 'l'; + elseif (($perms & 0x8000) == 0x8000) // Regular + $info = '-'; + elseif (($perms & 0x6000) == 0x6000) // Block special + $info = 'b'; + elseif (($perms & 0x4000) == 0x4000) // Directory + $info = 'd'; + elseif (($perms & 0x2000) == 0x2000) // Character special + $info = 'c'; + elseif (($perms & 0x1000) == 0x1000)// FIFO pipe + $info = 'p'; + else // Unknown + $info = 'u'; + + // Owner + $info .= (($perms & 0x0100) ? 'r' : '-'); + $info .= (($perms & 0x0080) ? 'w' : '-'); + $info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); + + // Group + $info .= (($perms & 0x0020) ? 'r' : '-'); + $info .= (($perms & 0x0010) ? 'w' : '-'); + $info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); + + // World + $info .= (($perms & 0x0004) ? 'r' : '-'); + $info .= (($perms & 0x0002) ? 'w' : '-'); + $info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); + return $info; + } + function getnumchmodfromh($mode) { + $realmode = ""; + $legal = array("", "w", "r", "x", "-"); + $attarray = preg_split("//", $mode); + + for($i=0; $i < count($attarray); $i++) + if($key = array_search($attarray[$i], $legal)) + $realmode .= $legal[$key]; + + $mode = str_pad($realmode, 9, '-'); + $trans = array('-'=>'0', 'r'=>'4', 'w'=>'2', 'x'=>'1'); + $mode = strtr($mode,$trans); + + $newmode = ''; + $newmode .= $mode[0] + $mode[1] + $mode[2]; + $newmode .= $mode[3] + $mode[4] + $mode[5]; + $newmode .= $mode[6] + $mode[7] + $mode[8]; + return $newmode; + } +} +?>
\ No newline at end of file diff --git a/wp-admin/includes/class-wp-filesystem-direct.php b/wp-admin/includes/class-wp-filesystem-direct.php index 45972a3..77a7582 100644 --- a/wp-admin/includes/class-wp-filesystem-direct.php +++ b/wp-admin/includes/class-wp-filesystem-direct.php @@ -1,51 +1,46 @@ <?php -class WP_Filesystem_Direct{ +class WP_Filesystem_Direct extends WP_Filesystem_Base { var $permission = null; var $errors = array(); - function WP_Filesystem_Direct($arg){ + function WP_Filesystem_Direct($arg) { + $this->method = 'direct'; $this->errors = new WP_Error(); $this->permission = umask(); } - function connect(){ + function connect() { return true; } - function setDefaultPermissions($perm){ + function setDefaultPermissions($perm) { $this->permission = $perm; } - function find_base_dir($base = '.', $echo = false){ - return str_replace('\\','/',ABSPATH); - } - function get_base_dir($base = '.', $echo = false){ - return $this->find_base_dir($base, $echo); - } - function get_contents($file){ + function get_contents($file) { return @file_get_contents($file); } - function get_contents_array($file){ + function get_contents_array($file) { return @file($file); } - function put_contents($file,$contents,$mode=false,$type=''){ - if ( ! ($fp = @fopen($file,'w'.$type)) ) + function put_contents($file, $contents, $mode = false, $type = '') { + if ( ! ($fp = @fopen($file, 'w' . $type)) ) return false; - @fwrite($fp,$contents); + @fwrite($fp, $contents); @fclose($fp); $this->chmod($file,$mode); return true; } - function cwd(){ + function cwd() { return @getcwd(); } - function chdir($dir){ + function chdir($dir) { return @chdir($dir); } - function chgrp($file,$group,$recursive=false){ + function chgrp($file, $group, $recursive = false) { if( ! $this->exists($file) ) return false; if( ! $recursive ) - return @chgrp($file,$group); + return @chgrp($file, $group); if( ! $this->is_dir($file) ) - return @chgrp($file,$group); + return @chgrp($file, $group); //Is a directory, and we want recursive $file = trailingslashit($file); $filelist = $this->dirlist($file); @@ -54,7 +49,7 @@ class WP_Filesystem_Direct{ return true; } - function chmod($file,$mode=false,$recursive=false){ + function chmod($file, $mode = false, $recursive = false) { if( ! $mode ) $mode = $this->permission; if( ! $this->exists($file) ) @@ -62,7 +57,7 @@ class WP_Filesystem_Direct{ if( ! $recursive ) return @chmod($file,$mode); if( ! $this->is_dir($file) ) - return @chmod($file,$mode); + return @chmod($file, $mode); //Is a directory, and we want recursive $file = trailingslashit($file); $filelist = $this->dirlist($file); @@ -71,120 +66,51 @@ class WP_Filesystem_Direct{ return true; } - function chown($file,$owner,$recursive=false){ + function chown($file, $owner, $recursive = false) { if( ! $this->exists($file) ) return false; if( ! $recursive ) - return @chown($file,$owner); + return @chown($file, $owner); if( ! $this->is_dir($file) ) - return @chown($file,$owner); + return @chown($file, $owner); //Is a directory, and we want recursive $filelist = $this->dirlist($file); foreach($filelist as $filename){ - $this->chown($file.'/'.$filename,$owner,$recursive); + $this->chown($file . '/' . $filename, $owner, $recursive); } return true; } - function owner($file){ + function owner($file) { $owneruid = @fileowner($file); if( ! $owneruid ) return false; - if( !function_exists('posix_getpwuid') ) + if( ! function_exists('posix_getpwuid') ) return $owneruid; $ownerarray = posix_getpwuid($owneruid); return $ownerarray['name']; } - function getchmod($file){ + function getchmod($file) { return @fileperms($file); } - function gethchmod($file){ - //From the PHP.net page for ...? - $perms = $this->getchmod($file); - if (($perms & 0xC000) == 0xC000) { - // Socket - $info = 's'; - } elseif (($perms & 0xA000) == 0xA000) { - // Symbolic Link - $info = 'l'; - } elseif (($perms & 0x8000) == 0x8000) { - // Regular - $info = '-'; - } elseif (($perms & 0x6000) == 0x6000) { - // Block special - $info = 'b'; - } elseif (($perms & 0x4000) == 0x4000) { - // Directory - $info = 'd'; - } elseif (($perms & 0x2000) == 0x2000) { - // Character special - $info = 'c'; - } elseif (($perms & 0x1000) == 0x1000) { - // FIFO pipe - $info = 'p'; - } else { - // Unknown - $info = 'u'; - } - - // Owner - $info .= (($perms & 0x0100) ? 'r' : '-'); - $info .= (($perms & 0x0080) ? 'w' : '-'); - $info .= (($perms & 0x0040) ? - (($perms & 0x0800) ? 's' : 'x' ) : - (($perms & 0x0800) ? 'S' : '-')); - - // Group - $info .= (($perms & 0x0020) ? 'r' : '-'); - $info .= (($perms & 0x0010) ? 'w' : '-'); - $info .= (($perms & 0x0008) ? - (($perms & 0x0400) ? 's' : 'x' ) : - (($perms & 0x0400) ? 'S' : '-')); - - // World - $info .= (($perms & 0x0004) ? 'r' : '-'); - $info .= (($perms & 0x0002) ? 'w' : '-'); - $info .= (($perms & 0x0001) ? - (($perms & 0x0200) ? 't' : 'x' ) : - (($perms & 0x0200) ? 'T' : '-')); - return $info; - } - function getnumchmodfromh($mode) { - $realmode = ""; - $legal = array("","w","r","x","-"); - $attarray = preg_split("//",$mode); - for($i=0;$i<count($attarray);$i++){ - if($key = array_search($attarray[$i],$legal)){ - $realmode .= $legal[$key]; - } - } - $mode = str_pad($realmode,9,'-'); - $trans = array('-'=>'0','r'=>'4','w'=>'2','x'=>'1'); - $mode = strtr($mode,$trans); - $newmode = ''; - $newmode .= $mode[0]+$mode[1]+$mode[2]; - $newmode .= $mode[3]+$mode[4]+$mode[5]; - $newmode .= $mode[6]+$mode[7]+$mode[8]; - return $newmode; - } - function group($file){ + function group($file) { $gid = @filegroup($file); if( ! $gid ) return false; - if( !function_exists('posix_getgrgid') ) + if( ! function_exists('posix_getgrgid') ) return $gid; $grouparray = posix_getgrgid($gid); return $grouparray['name']; } - function copy($source,$destination,$overwrite=false){ + function copy($source, $destination, $overwrite = false) { if( ! $overwrite && $this->exists($destination) ) return false; - return copy($source,$destination); + return copy($source, $destination); } - function move($source,$destination,$overwrite=false){ + function move($source, $destination, $overwrite = false) { //Possible to use rename()? - if( $this->copy($source,$destination,$overwrite) && $this->exists($destination) ){ + if( $this->copy($source, $destination, $overwrite) && $this->exists($destination) ){ $this->delete($source); return true; } else { @@ -192,12 +118,12 @@ class WP_Filesystem_Direct{ } } - function delete($file, $recursive=false){ - $file = str_replace('\\','/',$file); //for win32, occasional problems deleteing files otherwise + function delete($file, $recursive = false) { + $file = str_replace('\\', '/', $file); //for win32, occasional problems deleteing files otherwise if( $this->is_file($file) ) return @unlink($file); - if( !$recursive && $this->is_dir($file) ) + if( ! $recursive && $this->is_dir($file) ) return @rmdir($file); //At this point its a folder, and we're in recursive mode @@ -206,7 +132,7 @@ class WP_Filesystem_Direct{ $retval = true; if( is_array($filelist) ) //false if no files, So check first. - foreach($filelist as $filename=>$fileinfo) + foreach($filelist as $filename => $fileinfo) if( ! $this->delete($file . $filename, $recursive) ) $retval = false; @@ -215,34 +141,34 @@ class WP_Filesystem_Direct{ return $retval; } - function exists($file){ + function exists($file) { return @file_exists($file); } - function is_file($file){ + function is_file($file) { return @is_file($file); } - function is_dir($path){ + function is_dir($path) { return @is_dir($path); } - function is_readable($file){ + function is_readable($file) { return @is_readable($file); } - function is_writable($file){ + function is_writable($file) { return @is_writable($file); } - function atime($file){ + function atime($file) { return @fileatime($file); } - function mtime($file){ + function mtime($file) { return @filemtime($file); } - function size($file){ + function size($file) { return @filesize($file); } @@ -251,38 +177,38 @@ class WP_Filesystem_Direct{ $time = time(); if($atime == 0) $atime = time(); - return @touch($file,$time,$atime); + return @touch($file, $time, $atime); } function mkdir($path, $chmod = false, $chown = false, $chgrp = false){ if( ! $chmod) $chmod = $this->permission; - if( !@mkdir($path,$chmod) ) + if( ! @mkdir($path, $chmod) ) return false; if( $chown ) - $this->chown($path,$chown); + $this->chown($path, $chown); if( $chgrp ) - $this->chgrp($path,$chgrp); + $this->chgrp($path, $chgrp); return true; } - function rmdir($path,$recursive=false){ + function rmdir($path, $recursive = false) { //Currently unused and untested, Use delete() instead. if( ! $recursive ) return @rmdir($path); //recursive: $filelist = $this->dirlist($path); - foreach($filelist as $filename=>$det){ - if ( '/' == substr($filename,-1,1) ) - $this->rmdir($path.'/'.$filename,$recursive); + foreach($filelist as $filename => $det) { + if ( '/' == substr($filename, -1, 1) ) + $this->rmdir($path . '/' . $filename, $recursive); @rmdir($filename); } return @rmdir($path); } - function dirlist($path,$incdot=false,$recursive=false){ - if( $this->is_file($path) ){ + function dirlist($path, $incdot = false, $recursive = false) { + if( $this->is_file($path) ) { $limitFile = basename($path); $path = dirname($path); } else { @@ -293,9 +219,9 @@ class WP_Filesystem_Direct{ $ret = array(); $dir = dir($path); - while (false !== ($entry = $dir->read())) { + while (false !== ($entry = $dir->read()) ) { $struc = array(); - $struc['name'] = $entry; + $struc['name'] = $entry; if( '.' == $struc['name'] || '..' == $struc['name'] ) continue; //Do not care about these folders. @@ -315,9 +241,9 @@ class WP_Filesystem_Direct{ $struc['time'] = date('h:i:s',$struc['lastmodunix']); $struc['type'] = $this->is_dir($path.'/'.$entry) ? 'd' : 'f'; - if ('d' == $struc['type'] ){ + if ( 'd' == $struc['type'] ) { if( $recursive ) - $struc['files'] = $this->dirlist($path.'/'.$struc['name'], $incdot, $recursive); + $struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive); else $struc['files'] = array(); } @@ -328,9 +254,5 @@ class WP_Filesystem_Direct{ unset($dir); return $ret; } - - function __destruct(){ - return; - } } ?> diff --git a/wp-admin/includes/class-wp-filesystem-ftpext.php b/wp-admin/includes/class-wp-filesystem-ftpext.php index 32ccd07..2069935 100644 --- a/wp-admin/includes/class-wp-filesystem-ftpext.php +++ b/wp-admin/includes/class-wp-filesystem-ftpext.php @@ -1,11 +1,10 @@ <?php -class WP_Filesystem_FTPext{ +class WP_Filesystem_FTPext extends WP_Filesystem_Base{ var $link; var $timeout = 5; var $errors = array(); var $options = array(); - var $wp_base = ''; var $permission = null; var $filetypes = array( @@ -24,6 +23,7 @@ class WP_Filesystem_FTPext{ ); function WP_Filesystem_FTPext($opt='') { + $this->method = 'ftpext'; $this->errors = new WP_Error(); //Check if possible to use ftp functions. @@ -60,12 +60,11 @@ class WP_Filesystem_FTPext{ $this->options['ssl'] = ( !empty($opt['ssl']) ); } - function connect(){ - if ( $this->options['ssl'] && function_exists('ftp_ssl_connect') ) { + function connect() { + if ( $this->options['ssl'] && function_exists('ftp_ssl_connect') ) $this->link = @ftp_ssl_connect($this->options['hostname'], $this->options['port'],$this->timeout); - } else { + else $this->link = @ftp_connect($this->options['hostname'], $this->options['port'],$this->timeout); - } if ( ! $this->link ) { $this->errors->add('connect', sprintf(__('Failed to connect to FTP Server %1$s:%2$s'), $this->options['hostname'], $this->options['port'])); @@ -80,76 +79,11 @@ class WP_Filesystem_FTPext{ return true; } - function setDefaultPermissions($perm){ + function setDefaultPermissions($perm) { $this->permission = $perm; } - - function find_base_dir($base = '.',$echo = false, $loop = false) { - //Sanitize the Windows path formats, This allows easier conparison and aligns it to FTP output. - $abspath = str_replace('\\','/',ABSPATH); //windows: Straighten up the paths.. - if( strpos($abspath, ':') ){ //Windows, Strip out the driveletter - if( preg_match("|.{1}\:(.+)|i", $abspath, $mat) ) - $abspath = $mat[1]; - } - //Set up the base directory (Which unless specified, is the current one) - if( empty( $base ) || '.' == $base ) $base = $this->cwd(); - $base = trailingslashit($base); - - //Can we see the Current directory as part of the ABSPATH? - $location = strpos($abspath, $base); - if( false !== $location ) { - $newbase = path_join($base, substr($abspath, $location + strlen($base))); - - if( false !== $this->chdir($newbase) ){ //chdir sometimes returns null under certain circumstances, even when its changed correctly, FALSE will be returned if it doesnt change correctly. - if($echo) printf( __('Changing to %s') . '<br/>', $newbase ); - //Check to see if it exists in that folder. - if( $this->exists($newbase . 'wp-settings.php') ){ - if($echo) printf( __('Found %s'), $newbase . 'wp-settings.php<br/>' ); - return $newbase; - } - } - } - - //Ok, Couldnt do a magic location from that particular folder level - - //Get a list of the files in the current directory, See if we can locate where we are in the folder stucture. - $files = $this->dirlist($base); - - $arrPath = explode('/', $abspath); - foreach($arrPath as $key){ - //Working from /home/ to /user/ to /wordpress/ see if that file exists within the current folder, - // If its found, change into it and follow through looking for it. - // If it cant find WordPress down that route, it'll continue onto the next folder level, and see if that matches, and so on. - // If it reaches the end, and still cant find it, it'll return false for the entire function. - if( isset($files[ $key ]) ){ - //Lets try that folder: - $folder = path_join($base, $key); - if($echo) printf( __('Changing to %s') . '<br/>', $folder ); - $ret = $this->find_base_dir( $folder, $echo, $loop); - if( $ret ) - return $ret; - } - } - //Only check this as a last resort, to prevent locating the incorrect install. All above proceeedures will fail quickly if this is the right branch to take. - if(isset( $files[ 'wp-settings.php' ]) ){ - if($echo) printf( __('Found %s'), $base . 'wp-settings.php<br/>' ); - return $base; - } - if( $loop ) - return false;//Prevent tihs function looping again. - //As an extra last resort, Change back to / if the folder wasnt found. This comes into effect when the CWD is /home/user/ but WP is at /var/www/.... mainly dedicated setups. - return $this->find_base_dir('/', $echo, true); - } - - function get_base_dir($base = '.', $echo = false){ - if( defined('FTP_BASE') ) - $this->wp_base = FTP_BASE; - if( empty($this->wp_base) ) - $this->wp_base = $this->find_base_dir($base,$echo); - return $this->wp_base; - } - function get_contents($file,$type='',$resumepos=0){ + function get_contents($file, $type = '', $resumepos = 0 ){ if( empty($type) ){ $extension = substr(strrchr($file, "."), 1); $type = isset($this->filetypes[ $extension ]) ? $this->filetypes[ $extension ] : FTP_ASCII; @@ -157,7 +91,7 @@ class WP_Filesystem_FTPext{ $temp = tmpfile(); if ( ! $temp ) return false; - if( ! @ftp_fget($this->link,$temp,$file,$type,$resumepos) ) + if( ! @ftp_fget($this->link, $temp, $file, $type, $resumepos) ) return false; fseek($temp, 0); //Skip back to the start of the file being written to $contents = ''; @@ -167,202 +101,132 @@ class WP_Filesystem_FTPext{ fclose($temp); return $contents; } - function get_contents_array($file){ - return explode("\n",$this->get_contents($file)); + function get_contents_array($file) { + return explode("\n", $this->get_contents($file)); } - function put_contents($file,$contents,$type=''){ - if( empty($type) ){ + function put_contents($file, $contents, $type = '' ) { + if( empty($type) ) { $extension = substr(strrchr($file, "."), 1); $type = isset($this->filetypes[ $extension ]) ? $this->filetypes[ $extension ] : FTP_ASCII; } $temp = tmpfile(); if ( ! $temp ) return false; - fwrite($temp,$contents); + fwrite($temp, $contents); fseek($temp, 0); //Skip back to the start of the file being written to - $ret = @ftp_fput($this->link,$file,$temp,$type); + $ret = @ftp_fput($this->link, $file, $temp, $type); fclose($temp); return $ret; } - function cwd(){ + function cwd() { $cwd = ftp_pwd($this->link); if( $cwd ) $cwd = trailingslashit($cwd); return $cwd; } - function chdir($dir){ + function chdir($dir) { return @ftp_chdir($dir); } - function chgrp($file,$group,$recursive=false){ + function chgrp($file, $group, $recursive = false ) { return false; } - function chmod($file,$mode=false,$recursive=false){ + function chmod($file, $mode = false, $recursive = false) { if( ! $mode ) $mode = $this->permission; if( ! $mode ) return false; if ( ! $this->exists($file) ) return false; - if ( ! $recursive || ! $this->is_dir($file) ){ - if (!function_exists('ftp_chmod')) + if ( ! $recursive || ! $this->is_dir($file) ) { + if ( ! function_exists('ftp_chmod') ) return @ftp_site($this->link, sprintf('CHMOD %o %s', $mode, $file)); - return @ftp_chmod($this->link,$mode,$file); + return @ftp_chmod($this->link, $mode, $file); } //Is a directory, and we want recursive $filelist = $this->dirlist($file); foreach($filelist as $filename){ - $this->chmod($file.'/'.$filename,$mode,$recursive); + $this->chmod($file . '/' . $filename, $mode, $recursive); } return true; } - function chown($file,$owner,$recursive=false){ + function chown($file, $owner, $recursive = false ) { return false; } - function owner($file){ + function owner($file) { $dir = $this->dirlist($file); return $dir[$file]['owner']; } - function getchmod($file){ + function getchmod($file) { $dir = $this->dirlist($file); return $dir[$file]['permsn']; } - function gethchmod($file){ - //From the PHP.net page for ...? - $perms = $this->getchmod($file); - if (($perms & 0xC000) == 0xC000) { - // Socket - $info = 's'; - } elseif (($perms & 0xA000) == 0xA000) { - // Symbolic Link - $info = 'l'; - } elseif (($perms & 0x8000) == 0x8000) { - // Regular - $info = '-'; - } elseif (($perms & 0x6000) == 0x6000) { - // Block special - $info = 'b'; - } elseif (($perms & 0x4000) == 0x4000) { - // Directory - $info = 'd'; - } elseif (($perms & 0x2000) == 0x2000) { - // Character special - $info = 'c'; - } elseif (($perms & 0x1000) == 0x1000) { - // FIFO pipe - $info = 'p'; - } else { - // Unknown - $info = 'u'; - } - - // Owner - $info .= (($perms & 0x0100) ? 'r' : '-'); - $info .= (($perms & 0x0080) ? 'w' : '-'); - $info .= (($perms & 0x0040) ? - (($perms & 0x0800) ? 's' : 'x' ) : - (($perms & 0x0800) ? 'S' : '-')); - - // Group - $info .= (($perms & 0x0020) ? 'r' : '-'); - $info .= (($perms & 0x0010) ? 'w' : '-'); - $info .= (($perms & 0x0008) ? - (($perms & 0x0400) ? 's' : 'x' ) : - (($perms & 0x0400) ? 'S' : '-')); - - // World - $info .= (($perms & 0x0004) ? 'r' : '-'); - $info .= (($perms & 0x0002) ? 'w' : '-'); - $info .= (($perms & 0x0001) ? - (($perms & 0x0200) ? 't' : 'x' ) : - (($perms & 0x0200) ? 'T' : '-')); - return $info; - } - function getnumchmodfromh($mode) { - $realmode = ""; - $legal = array("","w","r","x","-"); - $attarray = preg_split("//",$mode); - for($i=0;$i<count($attarray);$i++){ - if($key = array_search($attarray[$i],$legal)){ - $realmode .= $legal[$key]; - } - } - $mode = str_pad($realmode,9,'-'); - $trans = array('-'=>'0','r'=>'4','w'=>'2','x'=>'1'); - $mode = strtr($mode,$trans); - $newmode = ''; - $newmode .= $mode[0]+$mode[1]+$mode[2]; - $newmode .= $mode[3]+$mode[4]+$mode[5]; - $newmode .= $mode[6]+$mode[7]+$mode[8]; - return $newmode; - } - function group($file){ + function group($file) { $dir = $this->dirlist($file); return $dir[$file]['group']; } - function copy($source,$destination,$overwrite=false){ + function copy($source, $destination, $overwrite = false ) { if( ! $overwrite && $this->exists($destination) ) return false; $content = $this->get_contents($source); if( false === $content) return false; - return $this->put_contents($destination,$content); + return $this->put_contents($destination, $content); } - function move($source,$destination,$overwrite=false){ - return ftp_rename($this->link,$source,$destination); + function move($source, $destination, $overwrite = false) { + return ftp_rename($this->link, $source, $destination); } function delete($file,$recursive=false) { if ( $this->is_file($file) ) - return @ftp_delete($this->link,$file); + return @ftp_delete($this->link, $file); if ( !$recursive ) - return @ftp_rmdir($this->link,$file); + return @ftp_rmdir($this->link, $file); $filelist = $this->dirlist($file); foreach ((array) $filelist as $filename => $fileinfo) { - $this->delete($file.'/'.$filename,$recursive); + $this->delete($file . '/' . $filename, $recursive); } - return @ftp_rmdir($this->link,$file); + return @ftp_rmdir($this->link, $file); } - function exists($file){ - $list = ftp_rawlist($this->link,$file,false); + function exists($file) { + $list = ftp_rawlist($this->link, $file, false); if( ! $list ) return false; return count($list) == 1 ? true : false; } - function is_file($file){ + function is_file($file) { return $this->is_dir($file) ? false : true; } - function is_dir($path){ + function is_dir($path) { $cwd = $this->cwd(); $result = @ftp_chdir($this->link, $path); - if( $result && $path == $this->cwd() || - $this->cwd() != $cwd ) { + if( $result && $path == $this->cwd() || $this->cwd() != $cwd ) { @ftp_chdir($this->link, $cwd); return true; } return false; } - function is_readable($file){ + function is_readable($file) { //Get dir list, Check if the file is writable by the current user?? return true; } - function is_writable($file){ + function is_writable($file) { //Get dir list, Check if the file is writable by the current user?? return true; } - function atime($file){ + function atime($file) { return false; } - function mtime($file){ + function mtime($file) { return ftp_mdtm($this->link, $file); } - function size($file){ + function size($file) { return ftp_size($this->link, $file); } - function touch($file,$time=0,$atime=0){ + function touch($file, $time = 0, $atime = 0) { return false; } - function mkdir($path,$chmod=false,$chown=false,$chgrp=false){ + function mkdir($path, $chmod = false, $chown = false, $chgrp = false) { if( !@ftp_mkdir($this->link, $path) ) return false; if( $chmod ) @@ -373,7 +237,7 @@ class WP_Filesystem_FTPext{ $this->chgrp($path, $chgrp); return true; } - function rmdir($path,$recursive=false){ + function rmdir($path, $recursive = false) { if( ! $recursive ) return @ftp_rmdir($this->link, $path); @@ -385,9 +249,9 @@ class WP_Filesystem_FTPext{ function parselisting($line) { $is_windows = ($this->OS_remote == FTP_OS_Windows); - if ($is_windows && preg_match("/([0-9]{2})-([0-9]{2})-([0-9]{2}) +([0-9]{2}):([0-9]{2})(AM|PM) +([0-9]+|<DIR>) +(.+)/",$line,$lucifer)) { + if ($is_windows && preg_match("/([0-9]{2})-([0-9]{2})-([0-9]{2}) +([0-9]{2}):([0-9]{2})(AM|PM) +([0-9]+|<DIR>) +(.+)/", $line, $lucifer)) { $b = array(); - if ($lucifer[3]<70) { $lucifer[3]+=2000; } else { $lucifer[3]+=1900; } // 4digit year fix + if ($lucifer[3]<70) { $lucifer[3] +=2000; } else { $lucifer[3]+=1900; } // 4digit year fix $b['isdir'] = ($lucifer[7]=="<DIR>"); if ( $b['isdir'] ) $b['type'] = 'd'; @@ -445,15 +309,15 @@ class WP_Filesystem_FTPext{ return $b; } - function dirlist($path='.',$incdot=false,$recursive=false){ - if( $this->is_file($path) ){ + function dirlist($path = '.', $incdot = false, $recursive = false) { + if( $this->is_file($path) ) { $limitFile = basename($path); $path = dirname($path) . '/'; } else { $limitFile = false; } - $list = @ftp_rawlist($this->link , '-a ' . $path, false); + $list = @ftp_rawlist($this->link, '-a ' . $path, false); if ( $list === false ) return false; @@ -464,10 +328,10 @@ class WP_Filesystem_FTPext{ if ( empty($entry) ) continue; - if ( $entry["name"]=="." or $entry["name"]==".." ) + if ( '.' == $entry["name"] || '..' == $entry["name"] ) continue; - $dirlist[$entry['name']] = $entry; + $dirlist[ $entry['name'] ] = $entry; } if ( ! $dirlist ) @@ -485,11 +349,11 @@ class WP_Filesystem_FTPext{ //We're including the doted starts if( '.' != $struc['name'] && '..' != $struc['name'] ){ //Ok, It isnt a special folder if ($recursive) - $struc['files'] = $this->dirlist($path.'/'.$struc['name'],$incdot,$recursive); + $struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive); } } else { //No dots if ($recursive) - $struc['files'] = $this->dirlist($path.'/'.$struc['name'],$incdot,$recursive); + $struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive); } } //File diff --git a/wp-admin/includes/class-wp-filesystem-ftpsockets.php b/wp-admin/includes/class-wp-filesystem-ftpsockets.php index 5365623..3b6cdcc 100644 --- a/wp-admin/includes/class-wp-filesystem-ftpsockets.php +++ b/wp-admin/includes/class-wp-filesystem-ftpsockets.php @@ -1,29 +1,29 @@ <?php -class WP_Filesystem_ftpsockets{ +class WP_Filesystem_ftpsockets extends WP_Filesystem_Base { var $ftp = false; var $timeout = 5; var $errors; var $options = array(); - var $wp_base = ''; var $permission = null; var $filetypes = array( - 'php'=>FTP_ASCII, - 'css'=>FTP_ASCII, - 'txt'=>FTP_ASCII, - 'js'=>FTP_ASCII, - 'html'=>FTP_ASCII, - 'htm'=>FTP_ASCII, - 'xml'=>FTP_ASCII, - - 'jpg'=>FTP_BINARY, - 'png'=>FTP_BINARY, - 'gif'=>FTP_BINARY, - 'bmp'=>FTP_BINARY + 'php' => FTP_ASCII, + 'css' => FTP_ASCII, + 'txt' => FTP_ASCII, + 'js' => FTP_ASCII, + 'html'=> FTP_ASCII, + 'htm' => FTP_ASCII, + 'xml' => FTP_ASCII, + + 'jpg' => FTP_BINARY, + 'png' => FTP_BINARY, + 'gif' => FTP_BINARY, + 'bmp' => FTP_BINARY ); function WP_Filesystem_ftpsockets($opt='') { + $this->method = 'ftpsockets'; $this->errors = new WP_Error(); //Check if possible to use ftp functions. @@ -86,241 +86,109 @@ class WP_Filesystem_ftpsockets{ $this->permission = $perm; } - function find_base_dir($base = '.',$echo = false, $loop = false) { - //Sanitize the Windows path formats, This allows easier conparison and aligns it to FTP output. - $abspath = str_replace('\\','/',ABSPATH); //windows: Straighten up the paths.. - if( strpos($abspath, ':') ){ //Windows, Strip out the driveletter - if( preg_match("|.{1}\:(.+)|i", $abspath, $mat) ) - $abspath = $mat[1]; - } - - //Set up the base directory (Which unless specified, is the current one) - if( empty( $base ) || '.' == $base ) $base = $this->cwd(); - $base = trailingslashit($base); - - //Can we see the Current directory as part of the ABSPATH? - $location = strpos($abspath, $base); - if( false !== $location ) { - $newbase = path_join($base, substr($abspath, $location + strlen($base))); - - if( false !== $this->chdir($newbase) ){ //chdir sometimes returns null under certain circumstances, even when its changed correctly, FALSE will be returned if it doesnt change correctly. - if($echo) printf( __('Changing to %s') . '<br/>', $newbase ); - //Check to see if it exists in that folder. - if( $this->exists($newbase . 'wp-settings.php') ){ - if($echo) printf( __('Found %s'), $newbase . 'wp-settings.php<br/>' ); - return $newbase; - } - } - } - - //Ok, Couldnt do a magic location from that particular folder level - - //Get a list of the files in the current directory, See if we can locate where we are in the folder stucture. - $files = $this->dirlist($base); - - $arrPath = explode('/', $abspath); - foreach($arrPath as $key){ - //Working from /home/ to /user/ to /wordpress/ see if that file exists within the current folder, - // If its found, change into it and follow through looking for it. - // If it cant find WordPress down that route, it'll continue onto the next folder level, and see if that matches, and so on. - // If it reaches the end, and still cant find it, it'll return false for the entire function. - if( isset($files[ $key ]) ){ - //Lets try that folder: - $folder = path_join($base, $key); - if($echo) printf( __('Changing to %s') . '<br/>', $folder ); - $ret = $this->find_base_dir( $folder, $echo, $loop); - if( $ret ) - return $ret; - } - } - //Only check this as a last resort, to prevent locating the incorrect install. All above proceeedures will fail quickly if this is the right branch to take. - if(isset( $files[ 'wp-settings.php' ]) ){ - if($echo) printf( __('Found %s'), $base . 'wp-settings.php<br/>' ); - return $base; - } - if( $loop ) - return false;//Prevent tihs function looping again. - //As an extra last resort, Change back to / if the folder wasnt found. This comes into effect when the CWD is /home/user/ but WP is at /var/www/.... mainly dedicated setups. - return $this->find_base_dir('/', $echo, true); - } - - function get_base_dir($base = '.', $echo = false){ - if( defined('FTP_BASE') ) - $this->wp_base = FTP_BASE; - if( empty($this->wp_base) ) - $this->wp_base = $this->find_base_dir($base, $echo); - return $this->wp_base; - } - - function get_contents($file,$type='',$resumepos=0){ + function get_contents($file, $type = '', $resumepos = 0){ if( ! $this->exists($file) ) return false; if( empty($type) ){ - $extension = substr(strrchr($file, "."), 1); + $extension = substr(strrchr($file, '.'), 1); $type = isset($this->filetypes[ $extension ]) ? $this->filetypes[ $extension ] : FTP_AUTOASCII; } $this->ftp->SetType($type); - $temp = tmpfile(); - if ( ! $temp ) + $temp = wp_tempnam( $file ); + if ( ! $temphandle = fopen($temp, 'w+') ) return false; - if ( ! $this->ftp->fget($temp, $file) ) { - fclose($temp); + if ( ! $this->ftp->fget($temphandle, $file) ) { + fclose($temphandle); + unlink($temp); return ''; //Blank document, File does exist, Its just blank. } - fseek($temp, 0); //Skip back to the start of the file being written to + fseek($temphandle, 0); //Skip back to the start of the file being written to $contents = ''; - while ( !feof($temp) ) - $contents .= fread($temp, 8192); - fclose($temp); + while ( ! feof($temphandle) ) + $contents .= fread($temphandle, 8192); + fclose($temphandle); + unlink($temp); return $contents; } function get_contents_array($file){ - return explode("\n",$this->get_contents($file)); + return explode("\n", $this->get_contents($file) ); } - function put_contents($file,$contents,$type=''){ + function put_contents($file, $contents, $type = '' ) { if( empty($type) ){ - $extension = substr(strrchr($file, "."), 1); - $type = isset($this->filetypes[ $extension ]) ? $this->filetypes[ $extension ] : FTP_ASCII; + $extension = substr(strrchr($file, '.'), 1); + $type = isset($this->filetypes[ $extension ]) ? $this->filetypes[ $extension ] : FTP_AUTOASCII; } $this->ftp->SetType($type); - $temp = tmpfile(); - if ( ! $temp ) + $temp = wp_tempnam( $file ); + if ( ! $temphandle = fopen($temp, 'w+') ){ + unlink($temp); return false; - fwrite($temp,$contents); - fseek($temp, 0); //Skip back to the start of the file being written to - $ret = $this->ftp->fput($file, $temp); - fclose($temp); + } + fwrite($temphandle, $contents); + fseek($temphandle, 0); //Skip back to the start of the file being written to + $ret = $this->ftp->fput($file, $temphandle); + fclose($temphandle); + unlink($temp); return $ret; } - function cwd(){ + function cwd() { $cwd = $this->ftp->pwd(); if( $cwd ) $cwd = trailingslashit($cwd); return $cwd; } - function chdir($file){ + function chdir($file) { return $this->ftp->chdir($file); } - function chgrp($file,$group,$recursive=false){ + function chgrp($file, $group, $recursive = false ) { return false; } - function chmod($file,$mode=false,$recursive=false){ + function chmod($file, $mode = false, $recursive = false ){ if( ! $mode ) $mode = $this->permission; if( ! $mode ) return false; //if( ! $this->exists($file) ) // return false; - if( ! $recursive || ! $this->is_dir($file) ){ + if( ! $recursive || ! $this->is_dir($file) ) { return $this->ftp->chmod($file,$mode); } //Is a directory, and we want recursive $filelist = $this->dirlist($file); foreach($filelist as $filename){ - $this->chmod($file.'/'.$filename,$mode,$recursive); + $this->chmod($file . '/' . $filename, $mode, $recursive); } return true; } - function chown($file,$owner,$recursive=false){ + function chown($file, $owner, $recursive = false ) { return false; } - function owner($file){ + function owner($file) { $dir = $this->dirlist($file); return $dir[$file]['owner']; } - function getchmod($file){ + function getchmod($file) { $dir = $this->dirlist($file); return $dir[$file]['permsn']; } - function gethchmod($file){ - //From the PHP.net page for ...? - $perms = $this->getchmod($file); - if (($perms & 0xC000) == 0xC000) { - // Socket - $info = 's'; - } elseif (($perms & 0xA000) == 0xA000) { - // Symbolic Link - $info = 'l'; - } elseif (($perms & 0x8000) == 0x8000) { - // Regular - $info = '-'; - } elseif (($perms & 0x6000) == 0x6000) { - // Block special - $info = 'b'; - } elseif (($perms & 0x4000) == 0x4000) { - // Directory - $info = 'd'; - } elseif (($perms & 0x2000) == 0x2000) { - // Character special - $info = 'c'; - } elseif (($perms & 0x1000) == 0x1000) { - // FIFO pipe - $info = 'p'; - } else { - // Unknown - $info = 'u'; - } - - // Owner - $info .= (($perms & 0x0100) ? 'r' : '-'); - $info .= (($perms & 0x0080) ? 'w' : '-'); - $info .= (($perms & 0x0040) ? - (($perms & 0x0800) ? 's' : 'x' ) : - (($perms & 0x0800) ? 'S' : '-')); - - // Group - $info .= (($perms & 0x0020) ? 'r' : '-'); - $info .= (($perms & 0x0010) ? 'w' : '-'); - $info .= (($perms & 0x0008) ? - (($perms & 0x0400) ? 's' : 'x' ) : - (($perms & 0x0400) ? 'S' : '-')); - - // World - $info .= (($perms & 0x0004) ? 'r' : '-'); - $info .= (($perms & 0x0002) ? 'w' : '-'); - $info .= (($perms & 0x0001) ? - (($perms & 0x0200) ? 't' : 'x' ) : - (($perms & 0x0200) ? 'T' : '-')); - return $info; - } - - function getnumchmodfromh($mode) { - $realmode = ""; - $legal = array("","w","r","x","-"); - $attarray = preg_split("//",$mode); - for($i=0;$i<count($attarray);$i++){ - if($key = array_search($attarray[$i],$legal)){ - $realmode .= $legal[$key]; - } - } - $mode = str_pad($realmode,9,'-'); - $trans = array('-'=>'0','r'=>'4','w'=>'2','x'=>'1'); - $mode = strtr($mode,$trans); - $newmode = ''; - $newmode .= $mode[0]+$mode[1]+$mode[2]; - $newmode .= $mode[3]+$mode[4]+$mode[5]; - $newmode .= $mode[6]+$mode[7]+$mode[8]; - return $newmode; - } - - function group($file){ + function group($file) { $dir = $this->dirlist($file); return $dir[$file]['group']; } - function copy($source,$destination,$overwrite=false){ + function copy($source, $destination, $overwrite = false ) { if( ! $overwrite && $this->exists($destination) ) return false; @@ -328,14 +196,14 @@ class WP_Filesystem_ftpsockets{ if ( false === $content ) return false; - return $this->put_contents($destination,$content); + return $this->put_contents($destination, $content); } - function move($source,$destination,$overwrite=false){ - return $this->ftp->rename($source,$destination); + function move($source, $destination, $overwrite = false ) { + return $this->ftp->rename($source, $destination); } - function delete($file,$recursive=false) { + function delete($file, $recursive = false ) { if ( $this->is_file($file) ) return $this->ftp->delete($file); if ( !$recursive ) @@ -344,15 +212,15 @@ class WP_Filesystem_ftpsockets{ return $this->ftp->mdel($file); } - function exists($file){ + function exists($file) { return $this->ftp->is_exists($file); } - function is_file($file){ + function is_file($file) { return $this->is_dir($file) ? false : true; } - function is_dir($path){ + function is_dir($path) { $cwd = $this->cwd(); if ( $this->chdir($path) ) { $this->chdir($cwd); @@ -361,33 +229,33 @@ class WP_Filesystem_ftpsockets{ return false; } - function is_readable($file){ + function is_readable($file) { //Get dir list, Check if the file is writable by the current user?? return true; } - function is_writable($file){ + function is_writable($file) { //Get dir list, Check if the file is writable by the current user?? return true; } - function atime($file){ + function atime($file) { return false; } - function mtime($file){ + function mtime($file) { return $this->ftp->mdtm($file); } - function size($file){ + function size($file) { return $this->ftp->filesize($file); } - function touch($file,$time=0,$atime=0){ + function touch($file, $time = 0, $atime = 0 ){ return false; } - function mkdir($path,$chmod=false,$chown=false,$chgrp=false){ + function mkdir($path, $chmod = false, $chown = false, $chgrp = false ) { if( ! $this->ftp->mkdir($path) ) return false; if( $chmod ) @@ -399,15 +267,15 @@ class WP_Filesystem_ftpsockets{ return true; } - function rmdir($path,$recursive=false){ + function rmdir($path, $recursive = false ) { if( ! $recursive ) return $this->ftp->rmdir($path); return $this->ftp->mdel($path); } - function dirlist($path='.',$incdot=false,$recursive=false){ - if( $this->is_file($path) ){ + function dirlist($path = '.', $incdot = false, $recursive = false ) { + if( $this->is_file($path) ) { $limitFile = basename($path); $path = dirname($path) . '/'; } else { @@ -430,11 +298,11 @@ class WP_Filesystem_ftpsockets{ //We're including the doted starts if( '.' != $struc['name'] && '..' != $struc['name'] ){ //Ok, It isnt a special folder if ($recursive) - $struc['files'] = $this->dirlist($path.'/'.$struc['name'],$incdot,$recursive); + $struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive); } } else { //No dots if ($recursive) - $struc['files'] = $this->dirlist($path.'/'.$struc['name'],$incdot,$recursive); + $struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive); } } //File diff --git a/wp-admin/includes/comment.php b/wp-admin/includes/comment.php index 0f2aa61..8a47fe6 100644 --- a/wp-admin/includes/comment.php +++ b/wp-admin/includes/comment.php @@ -3,8 +3,8 @@ function comment_exists($comment_author, $comment_date) { global $wpdb; - return $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments - WHERE comment_author = '$comment_author' AND comment_date = '$comment_date'"); + return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments + WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) ); } function edit_comment() { diff --git a/wp-admin/includes/dashboard.php b/wp-admin/includes/dashboard.php index 97fd26a..1b4f86e 100644 --- a/wp-admin/includes/dashboard.php +++ b/wp-admin/includes/dashboard.php @@ -225,7 +225,7 @@ function wp_dashboard_dynamic_sidebar_params( $params ) { } if ( $widget_feed_link ) - $links[] = '<img class="rss-icon" src="' . get_option( 'siteurl' ) . '/' . WPINC . '/images/rss.png" alt="' . __( 'rss icon' ) . '" /> <a href="' . clean_url( $widget_feed_link ) . '">' . __( 'RSS' ) . '</a>'; + $links[] = '<img class="rss-icon" src="' . includes_url('images/rss.png') . '" alt="' . __( 'rss icon' ) . '" /> <a href="' . clean_url( $widget_feed_link ) . '">' . __( 'RSS' ) . '</a>'; $links = apply_filters( "wp_dashboard_widget_links_$widget_id", $links ); @@ -269,7 +269,7 @@ function wp_dashboard_recent_comments( $sidebar_args ) { $lambda = create_function( '', 'return 5;' ); add_filter( 'option_posts_per_rss', $lambda ); // hack - comments query doesn't accept per_page parameter - $comments_query = new WP_Query('feed=rss2&withcomments=1'); + $comments_query = new WP_Query(array('feed' => 'rss2', 'withcomments' => 1)); remove_filter( 'option_posts_per_rss', $lambda ); $is_first = true; @@ -389,8 +389,7 @@ function wp_dashboard_secondary_output() { $rss->items = array_slice($rss->items, 0, $items); foreach ($rss->items as $item ) { $title = wp_specialchars($item['title']); - $author = preg_replace( '|(.+?):.+|s', '$1', $item['title'] ); - $post = preg_replace( '|.+?:(.+)|s', '$1', $item['title'] ); + list($author,$post) = explode( ':', $title, 2 ); $link = clean_url($item['link']); echo "\t<li><a href='$link'><span class='post'>$post</span><span class='hidden'> - </span><cite>$author</cite></a></li>\n"; diff --git a/wp-admin/includes/export.php b/wp-admin/includes/export.php index 5590826..00201fa 100644 --- a/wp-admin/includes/export.php +++ b/wp-admin/includes/export.php @@ -17,7 +17,7 @@ header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true); $where = ''; if ( $author and $author != 'all' ) { $author_id = (int) $author; - $where = " WHERE post_author = '$author_id' "; + $where = $wpdb->prepare(" WHERE post_author = %d ", $author_id); } // grab a snapshot of post IDs, just in case it changes during the export @@ -201,6 +201,7 @@ echo '<?xml version="1.0" encoding="' . get_bloginfo('charset') . '"?' . ">\n"; <guid isPermaLink="false"><?php the_guid(); ?></guid> <description></description> <content:encoded><?php echo wxr_cdata( apply_filters('the_content_export', $post->post_content) ); ?></content:encoded> +<excerpt:encoded><?php echo wxr_cdata( apply_filters('the_excerpt_export', $post->post_excerpt) ); ?></excerpt:encoded> <wp:post_id><?php echo $post->ID; ?></wp:post_id> <wp:post_date><?php echo $post->post_date; ?></wp:post_date> <wp:post_date_gmt><?php echo $post->post_date_gmt; ?></wp:post_date_gmt> @@ -217,7 +218,7 @@ if ($post->post_type == 'attachment') { ?> <wp:attachment_url><?php echo wp_get_attachment_url($post->ID); ?></wp:attachment_url> <?php } ?> <?php -$postmeta = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE post_id = $post->ID"); +$postmeta = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) ); if ( $postmeta ) { ?> <?php foreach( $postmeta as $meta ) { ?> @@ -228,7 +229,7 @@ if ( $postmeta ) { <?php } ?> <?php } ?> <?php -$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post->ID"); +$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) ); if ( $comments ) { foreach ( $comments as $c ) { ?> <wp:comment> <wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id> diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index 01da1d0..29609b2 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -34,9 +34,9 @@ function get_home_path() { function get_real_file_to_edit( $file ) { if ('index.php' == $file || '.htaccess' == $file ) { - $real_file = get_home_path().$file; + $real_file = get_home_path() . $file; } else { - $real_file = ABSPATH.$file; + $real_file = WP_CONTENT_DIR . $file; } return $real_file; @@ -46,7 +46,7 @@ function get_temp_dir() { if ( defined('WP_TEMP_DIR') ) return trailingslashit(WP_TEMP_DIR); - $temp = ABSPATH . 'wp-content/'; + $temp = WP_CONTENT_DIR . '/'; if ( is_dir($temp) && is_writable($temp) ) return $temp; @@ -56,6 +56,18 @@ function get_temp_dir() { return '/tmp/'; } +function wp_tempnam($filename = '', $dir = ''){ + if ( empty($dir) ) + $dir = get_temp_dir(); + $filename = basename($filename); + if ( empty($filename) ) + $filename = time(); + + $filename = $dir . wp_unique_filename($dir, $filename); + touch($filename); + return $filename; +} + function validate_file_to_edit( $file, $allowed_files = '' ) { $file = stripslashes( $file ); @@ -174,6 +186,98 @@ function wp_handle_upload( &$file, $overrides = false ) { return $return; } +// Pass this function an array similar to that of a $_FILES POST array. +function wp_handle_sideload( &$file, $overrides = false ) { + // The default error handler. + if (! function_exists( 'wp_handle_upload_error' ) ) { + function wp_handle_upload_error( &$file, $message ) { + return array( 'error'=>$message ); + } + } + + // You may define your own function and pass the name in $overrides['upload_error_handler'] + $upload_error_handler = 'wp_handle_upload_error'; + + // $_POST['action'] must be set and its value must equal $overrides['action'] or this: + $action = 'wp_handle_sideload'; + + // Courtesy of php.net, the strings that describe the error indicated in $_FILES[{form field}]['error']. + $upload_error_strings = array( false, + __( "The file exceeds the <code>upload_max_filesize</code> directive in <code>php.ini</code>." ), + __( "The file exceeds the <em>MAX_FILE_SIZE</em> directive that was specified in the HTML form." ), + __( "The file was only partially uploaded." ), + __( "No file was sent." ), + __( "Missing a temporary folder." ), + __( "Failed to write file to disk." )); + + // All tests are on by default. Most can be turned off by $override[{test_name}] = false; + $test_form = true; + $test_size = true; + + // If you override this, you must provide $ext and $type!!!! + $test_type = true; + $mimes = false; + + // Install user overrides. Did we mention that this voids your warranty? + if ( is_array( $overrides ) ) + extract( $overrides, EXTR_OVERWRITE ); + + // A correct form post will pass this test. + if ( $test_form && (!isset( $_POST['action'] ) || ($_POST['action'] != $action ) ) ) + return $upload_error_handler( $file, __( 'Invalid form submission.' )); + + // A successful upload will pass this test. It makes no sense to override this one. + if ( $file['error'] > 0 ) + return $upload_error_handler( $file, $upload_error_strings[$file['error']] ); + + // A non-empty file will pass this test. + if ( $test_size && !(filesize($file['tmp_name']) > 0 ) ) + return $upload_error_handler( $file, __( 'File is empty. Please upload something more substantial. This error could also be caused by uploads being disabled in your php.ini.' )); + + // A properly uploaded file will pass this test. There should be no reason to override this one. + if (! @ is_file( $file['tmp_name'] ) ) + return $upload_error_handler( $file, __( 'Specified file does not exist.' )); + + // A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter. + if ( $test_type ) { + $wp_filetype = wp_check_filetype( $file['name'], $mimes ); + + extract( $wp_filetype ); + + if ( ( !$type || !$ext ) && !current_user_can( 'unfiltered_upload' ) ) + return $upload_error_handler( $file, __( 'File type does not meet security guidelines. Try another.' )); + + if ( !$ext ) + $ext = ltrim(strrchr($file['name'], '.'), '.'); + + if ( !$type ) + $type = $file['type']; + } + + // A writable uploads dir will pass this test. Again, there's no point overriding this one. + if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) ) + return $upload_error_handler( $file, $uploads['error'] ); + + $filename = wp_unique_filename( $uploads['path'], $file['name'], $unique_filename_callback ); + + // Move the file to the uploads dir + $new_file = $uploads['path'] . "/$filename"; + if ( false === @ rename( $file['tmp_name'], $new_file ) ) { + return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ) ); + } + + // Set correct file permissions + $stat = stat( dirname( $new_file )); + $perms = $stat['mode'] & 0000666; + @ chmod( $new_file, $perms ); + + // Compute the URL + $url = $uploads['url'] . "/$filename"; + + $return = apply_filters( 'wp_handle_upload', array( 'file' => $new_file, 'url' => $url, 'type' => $type ) ); + + return $return; +} /** * Downloads a url to a local file using the Snoopy HTTP Class @@ -186,7 +290,7 @@ function download_url( $url ) { if( ! $url ) return new WP_Error('http_no_url', __('Invalid URL Provided')); - $tmpfname = tempnam(get_temp_dir(), 'wpupdate'); + $tmpfname = wp_tempnam($url); if( ! $tmpfname ) return new WP_Error('http_no_file', __('Could not create Temporary file')); @@ -246,13 +350,13 @@ function unzip_file($file, $to) { $tmppath .= $path[$j] . '/'; if ( ! $fs->is_dir($to . $tmppath) ) if ( !$fs->mkdir($to . $tmppath, 0755) ) - return new WP_Error('mkdir_failed', __('Could not create directory')); + return new WP_Error('mkdir_failed', __('Could not create directory'), $to . $tmppath); } // We've made sure the folders are there, so let's extract the file now: if ( ! $file['folder'] ) if ( !$fs->put_contents( $to . $file['filename'], $file['content']) ) - return new WP_Error('copy_failed', __('Could not copy file')); + return new WP_Error('copy_failed', __('Could not copy file'), $to . $file['filename']); $fs->chmod($to . $file['filename'], 0644); } @@ -270,27 +374,33 @@ function copy_dir($from, $to) { foreach ( (array) $dirlist as $filename => $fileinfo ) { if ( 'f' == $fileinfo['type'] ) { if ( ! $wp_filesystem->copy($from . $filename, $to . $filename, true) ) - return false; + return new WP_Error('copy_failed', __('Could not copy file'), $to . $filename); $wp_filesystem->chmod($to . $filename, 0644); } elseif ( 'd' == $fileinfo['type'] ) { if ( !$wp_filesystem->mkdir($to . $filename, 0755) ) - return false; - if ( !copy_dir($from . $filename, $to . $filename) ) - return false; + return new WP_Error('mkdir_failed', __('Could not create directory'), $to . $filename); + $result = copy_dir($from . $filename, $to . $filename); + if ( is_wp_error($result) ) + return $result; } } - - return true; } -function WP_Filesystem( $args = false, $preference = false ) { +function WP_Filesystem( $args = false ) { global $wp_filesystem; - $method = get_filesystem_method($preference); + require_once(ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php'); + + $method = get_filesystem_method(); + if ( ! $method ) return false; - require_once('class-wp-filesystem-'.$method.'.php'); + $abstraction_file = apply_filters('filesystem_method_file', ABSPATH . 'wp-admin/includes/class-wp-filesystem-'.$method.'.php', $method); + if( ! file_exists($abstraction_file) ) + return; + + require_once($abstraction_file); $method = "WP_Filesystem_$method"; $wp_filesystem = new $method($args); @@ -305,18 +415,17 @@ function WP_Filesystem( $args = false, $preference = false ) { } function get_filesystem_method() { - $tempFile = tempnam(get_temp_dir(), 'WPU'); - - if ( getmyuid() == fileowner($tempFile) ) { - unlink($tempFile); - return 'direct'; - } else { - unlink($tempFile); + $method = false; + if( function_exists('getmyuid') && function_exists('fileowner') ){ + $temp_file = wp_tempnam(); + if ( getmyuid() == fileowner($temp_file) ) + $method = 'direct'; + unlink($temp_file); } - if ( extension_loaded('ftp') ) return 'ftpext'; - if ( extension_loaded('sockets') || function_exists('fsockopen') ) return 'ftpsockets'; //Sockets: Socket extension; PHP Mode: FSockopen / fwrite / fread - return false; + if ( ! $method && extension_loaded('ftp') ) $method = 'ftpext'; + if ( ! $method && ( extension_loaded('sockets') || function_exists('fsockopen') ) ) $method = 'ftpsockets'; //Sockets: Socket extension; PHP Mode: FSockopen / fwrite / fread + return apply_filters('filesystem_method', $method); } ?> diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index 0fb84bb..4d42def 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -116,6 +116,83 @@ function media_handle_upload($file_id, $post_id, $post_data = array()) { } +function media_sideload_image($file, $post_id, $desc = null) { + + if (!empty($file) ) { + // Upload File button was clicked + + $file_array['name'] = basename($file); + $file_array['tmp_name'] = download_url($file); + $desc = @$desc; + + $sideload = media_handle_sideload($file_array, $post_id, $desc); + + $id = $sideload['id']; + $src = $sideload['src']; + + unset($file_array['tmp_name']); + unset($file_array); + + if ( is_wp_error($id) ) { + $errors['upload_error'] = $id; + $id = false; + } + } + + if ( !empty($src) && !strpos($src, '://') ) + + $src = "http://$src"; + $alt = @$desc; + + if ( !empty($src) ) + $html = "<img src='$src' alt='$alt' />"; + return $html; + +} + +function media_handle_sideload($file_array, $post_id, $desc = null, $post_data = array()) { + $overrides = array('test_form'=>false); + $file = wp_handle_sideload($file_array, $overrides); + + if ( isset($file['error']) ) + return new wp_error( 'upload_error', $file['error'] ); + + $url = $file['url']; + $type = $file['type']; + $file = $file['file']; + $title = preg_replace('/\.[^.]+$/', '', basename($file)); + $content = ''; + + // use image exif/iptc data for title and caption defaults if possible + if ( $image_meta = @wp_read_image_metadata($file) ) { + if ( trim($image_meta['title']) ) + $title = $image_meta['title']; + if ( trim($image_meta['caption']) ) + $content = $image_meta['caption']; + } + + $title = @$desc; + + // Construct the attachment array + $attachment = array_merge( array( + 'post_mime_type' => $type, + 'guid' => $url, + 'post_parent' => $post_id, + 'post_title' => $title, + 'post_content' => $content, + ), $post_data ); + + // Save the data + $id = wp_insert_attachment($attachment, $file, $post_parent); + if ( !is_wp_error($id) ) { + wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) ); + } + + return array('id' => $id, 'src' => $url); + +} + + // wrap iframe content (produced by $content_func) in a doctype, html head/body etc // any additional function args will be passed to content_func function wp_iframe($content_func /* ... */) { @@ -126,9 +203,12 @@ function wp_iframe($content_func /* ... */) { <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_option('blog_charset'); ?>" /> <title><?php bloginfo('name') ?> › <?php _e('Uploads'); ?> — <?php _e('WordPress'); ?></title> <?php -wp_admin_css( 'css/global' ); -wp_admin_css(); -wp_admin_css( 'css/colors' ); +wp_enqueue_style( 'global' ); +wp_enqueue_style( 'wp-admin' ); +wp_enqueue_style( 'colors' ); +if ( 0 === strpos( $content_func, 'media' ) ) + wp_enqueue_style( 'media' ); + ?> <script type="text/javascript"> //<![CDATA[ @@ -136,6 +216,7 @@ function addLoadEvent(func) {if ( typeof wpOnload!='function'){wpOnload=func;}el //]]> </script> <?php +do_action('admin_print_styles'); do_action('admin_print_scripts'); do_action('admin_head'); if ( is_string($content_func) ) @@ -167,39 +248,15 @@ function media_buttons() { $audio_title = __('Add Audio'); $out = <<<EOF - <a href="{$image_upload_iframe_src}&TB_iframe=true&height=500&width=640" class="thickbox" title='$image_title'><img src='images/media-button-image.gif' alt='$image_title' /></a> - <a href="{$video_upload_iframe_src}&TB_iframe=true&height=500&width=640" class="thickbox" title='$video_title'><img src='images/media-button-video.gif' alt='$video_title' /></a> - <a href="{$audio_upload_iframe_src}&TB_iframe=true&height=500&width=640" class="thickbox" title='$audio_title'><img src='images/media-button-music.gif' alt='$audio_title' /></a> - <a href="{$media_upload_iframe_src}&TB_iframe=true&height=500&width=640" class="thickbox" title='$media_title'><img src='images/media-button-other.gif' alt='$media_title' /></a> + <a href="{$image_upload_iframe_src}&TB_iframe=true" class="thickbox" title='$image_title'><img src='images/media-button-image.gif' alt='$image_title' /></a> + <a href="{$video_upload_iframe_src}&TB_iframe=true" class="thickbox" title='$video_title'><img src='images/media-button-video.gif' alt='$video_title' /></a> + <a href="{$audio_upload_iframe_src}&TB_iframe=true" class="thickbox" title='$audio_title'><img src='images/media-button-music.gif' alt='$audio_title' /></a> + <a href="{$media_upload_iframe_src}&TB_iframe=true" class="thickbox" title='$media_title'><img src='images/media-button-other.gif' alt='$media_title' /></a> EOF; printf($context, $out); } add_action( 'media_buttons', 'media_buttons' ); - -function media_buttons_head() { -$siteurl = get_option('siteurl'); -echo "<style type='text/css' media='all'> - @import '{$siteurl}/wp-includes/js/thickbox/thickbox.css?ver=20080430'; - div#TB_title { - background-color: #222222; - color: #cfcfcf; - } - div#TB_title a, div#TB_title a:visited { - color: #cfcfcf; - } - #TB_window { - top: 20px; - } -</style>\n"; -} - -add_action( 'admin_print_scripts', 'media_buttons_head' ); - -function media_admin_css() { - wp_admin_css('css/media'); -} - add_action('media_upload_media', 'media_upload_handler'); function media_upload_form_handler() { @@ -213,6 +270,8 @@ function media_upload_form_handler() { $post['post_title'] = $attachment['post_title']; if ( isset($attachment['post_excerpt']) ) $post['post_excerpt'] = $attachment['post_excerpt']; + if ( isset($attachment['menu_order']) ) + $post['menu_order'] = $attachment['menu_order']; $post = apply_filters('attachment_fields_to_save', $post, $attachment); @@ -413,6 +472,7 @@ function media_upload_gallery() { $errors = $return; } + wp_enqueue_script('admin-gallery'); return wp_iframe( 'media_upload_gallery_form', $errors ); } @@ -549,6 +609,10 @@ function get_attachment_fields_to_edit($post, $errors = null) { </script>\n", 'helps' => __('Enter a link URL or click above for presets.'), ), + 'menu_order' => array( + 'label' => __('Order'), + 'value' => $edit_post->menu_order + ), ); foreach ( get_attachment_taxonomies($post) as $taxonomy ) { @@ -586,7 +650,7 @@ function get_media_items( $post_id, $errors ) { if ( $post && $post->post_type == 'attachment' ) $attachments = array($post->ID => $post); else - $attachments = get_children("post_parent=$post_id&post_type=attachment&orderby=menu_order ASC, ID&order=DESC"); + $attachments = get_children( array( 'post_parent' => $post_id, 'post_type' => 'attachment', 'orderby' => 'menu_order ASC, ID', 'order' => 'DESC') ); } else { if ( is_array($GLOBALS['wp_the_query']->posts) ) foreach ( $GLOBALS['wp_the_query']->posts as $attachment ) @@ -679,9 +743,11 @@ function get_media_item( $attachment_id, $args = null ) { if ( $send ) $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attribute_escape( __( 'Insert into Post' ) ) . "' />"; if ( $delete ) - $delete = "<a href='$delete_href' id='del[$attachment_id]' disabled='disabled' class='delete'>" . __('Delete') . "</button>"; + $delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a>"; if ( ( $send || $delete ) && !isset($form_fields['buttons']) ) - $form_fields['buttons'] = array('tr' => "\t\t<tr class='submit'><td></td><td class='savesend'>$send $delete</td></tr>\n"); + $form_fields['buttons'] = array('tr' => "\t\t<tr class='submit'><td></td><td class='savesend'>$send $delete + <div id=\"del_attachment_$attachment_id\" class=\"del-attachment\" style=\"display:none;\">" . sprintf(__("You are about to delete <strong>%s</strong>."), $filename) . " <a href=\"$delete_href\" id=\"del[$attachment_id]\" class=\"delete\">" . __('Continue') . "</a> + <a href=\"#\" class=\"del-link\" onclick=\"this.parentNode.style.display='none';return false;\">" . __('Cancel') . "</a></div></td></tr>\n"); $hidden_fields = array(); @@ -703,6 +769,7 @@ function get_media_item( $attachment_id, $args = null ) { } $required = $field['required'] ? '<abbr title="required" class="required">*</abbr>' : ''; + $aria_required = $field['required'] ? " aria-required='true' " : ''; $class = $id; $class .= $field['required'] ? ' form-required' : ''; @@ -710,9 +777,9 @@ function get_media_item( $attachment_id, $args = null ) { if ( !empty($field[$field['input']]) ) $item .= $field[$field['input']]; elseif ( $field['input'] == 'textarea' ) { - $item .= "<textarea type='text' id='$name' name='$name'>" . attribute_escape( $field['value'] ) . "</textarea>"; + $item .= "<textarea type='text' id='$name' name='$name'>" . attribute_escape( $field['value'] ) . $aria_required . "</textarea>"; } else { - $item .= "<input type='text' id='$name' name='$name' value='" . attribute_escape( $field['value'] ) . "' />"; + $item .= "<input type='text' id='$name' name='$name' value='" . attribute_escape( $field['value'] ) . "'" . $aria_required . "/>"; } if ( !empty($field['helps']) ) $item .= "<p class='help'>" . join( "</p>\n<p class='help'>", array_unique((array) $field['helps']) ) . '</p>'; @@ -757,7 +824,7 @@ function media_upload_header() { function media_upload_form( $errors = null ) { global $type, $tab; - $flash_action_url = get_option('siteurl') . "/wp-admin/async-upload.php"; + $flash_action_url = admin_url('async-upload.php'); // If Mac and mod_security, no Flash. :( $flash = true; @@ -788,7 +855,7 @@ function media_upload_form( $errors = null ) { jQuery(function($){ swfu = new SWFUpload({ upload_url : "<?php echo attribute_escape( $flash_action_url ); ?>", - flash_url : "<?php echo get_option('siteurl').'/wp-includes/js/swfupload/swfupload_f9.swf'; ?>", + flash_url : "<?php echo includes_url('js/swfupload/swfupload_f9.swf'); ?>", file_post_name: "async-upload", file_types: "<?php echo apply_filters('upload_file_glob', '*.*'); ?>", post_params : { @@ -819,12 +886,11 @@ jQuery(function($){ //--> </script> - <div id="flash-upload-ui"> <?php do_action('pre-flash-upload-ui'); ?> <p><input id="flash-browse-button" type="button" value="<?php echo attribute_escape( __( 'Choose files to upload' ) ); ?>" class="button" /></p> <?php do_action('post-flash-upload-ui'); ?> - <p><?php _e('After a file has been uploaded, you can add titles and descriptions.'); ?></p> + <p class="howto"><?php _e('After a file has been uploaded, you can add titles and descriptions.'); ?></p> </div> <?php endif; // $flash ?> @@ -850,7 +916,8 @@ function media_upload_type_form($type = 'file', $errors = null, $id = null) { $post_id = intval($_REQUEST['post_id']); - $form_action_url = get_option('siteurl') . "/wp-admin/media-upload.php?type=$type&tab=type&post_id=$post_id"; + $form_action_url = admin_url("media-upload.php?type=$type&tab=type&post_id=$post_id"); + $form_action_url = apply_filters('media_upload_form_url', $form_action_url, $type); $callback = "type_form_$type"; ?> @@ -900,7 +967,7 @@ function media_upload_gallery_form($errors) { $post_id = intval($_REQUEST['post_id']); - $form_action_url = get_option('siteurl') . "/wp-admin/media-upload.php?type={$GLOBALS['type']}&tab=gallery&post_id=$post_id"; + $form_action_url = admin_url("media-upload.php?type={$GLOBALS['type']}&tab=gallery&post_id=$post_id"); ?> @@ -939,7 +1006,7 @@ function media_upload_library_form($errors) { $post_id = intval($_REQUEST['post_id']); - $form_action_url = get_option('siteurl') . "/wp-admin/media-upload.php?type={$GLOBALS['type']}&tab=library&post_id=$post_id"; + $form_action_url = admin_url("media-upload.php?type={$GLOBALS['type']}&tab=library&post_id=$post_id"); $_GET['paged'] = intval($_GET['paged']); if ( $_GET['paged'] < 1 ) @@ -960,6 +1027,7 @@ function media_upload_library_form($errors) { <input type="hidden" name="post_mime_type" value="<?php echo attribute_escape( $_GET['post_mime_type'] ); ?>" /> <div id="search-filter"> + <label class="hidden" for="post-search-input"><?php _e('Search Media');?>:</label> <input type="text" id="post-search-input" name="s" value="<?php the_search_query(); ?>" /> <input type="submit" value="<?php echo attribute_escape( __( 'Search Media' ) ); ?>" class="button" /> </div> @@ -1085,14 +1153,14 @@ function type_form_image() { <span class="alignleft"><label for="insertonly[src]">' . __('Image URL') . '</label></span> <span class="alignright"><abbr title="required" class="required">*</abbr></span> </th> - <td class="field"><input id="insertonly[src]" name="insertonly[src]" value="" type="text"></td> + <td class="field"><input id="insertonly[src]" name="insertonly[src]" value="" type="text" aria-required="true"></td> </tr> <tr> <th valign="top" scope="row" class="label"> <span class="alignleft"><label for="insertonly[alt]">' . __('Description') . '</label></span> <span class="alignright"><abbr title="required" class="required">*</abbr></span> </th> - <td class="field"><input id="insertonly[alt]" name="insertonly[alt]" value="" type="text"></td> + <td class="field"><input id="insertonly[alt]" name="insertonly[alt]" value="" type="text" aria-required="true"></td> </tr> <tr><td></td><td class="help">' . __('Alternate text, e.g. "The Mona Lisa"') . '</td></tr> <tr class="align"> @@ -1126,14 +1194,14 @@ function type_form_audio() { <span class="alignleft"><label for="insertonly[href]">' . __('Audio File URL') . '</label></span> <span class="alignright"><abbr title="required" class="required">*</abbr></span> </th> - <td class="field"><input id="insertonly[href]" name="insertonly[href]" value="" type="text"></td> + <td class="field"><input id="insertonly[href]" name="insertonly[href]" value="" type="text" aria-required="true"></td> </tr> <tr> <th valign="top" scope="row" class="label"> <span class="alignleft"><label for="insertonly[title]">' . __('Title') . '</label></span> <span class="alignright"><abbr title="required" class="required">*</abbr></span> </th> - <td class="field"><input id="insertonly[title]" name="insertonly[title]" value="" type="text"></td> + <td class="field"><input id="insertonly[title]" name="insertonly[title]" value="" type="text" aria-required="true"></td> </tr> <tr><td></td><td class="help">' . __('Link text, e.g. "Still Alive by Jonathan Coulton"') . '</td></tr> <tr> @@ -1154,14 +1222,14 @@ function type_form_video() { <span class="alignleft"><label for="insertonly[href]">' . __('Video URL') . '</label></span> <span class="alignright"><abbr title="required" class="required">*</abbr></span> </th> - <td class="field"><input id="insertonly[href]" name="insertonly[href]" value="" type="text"></td> + <td class="field"><input id="insertonly[href]" name="insertonly[href]" value="" type="text" aria-required="true"></td> </tr> <tr> <th valign="top" scope="row" class="label"> <span class="alignleft"><label for="insertonly[title]">' . __('Title') . '</label></span> <span class="alignright"><abbr title="required" class="required">*</abbr></span> </th> - <td class="field"><input id="insertonly[title]" name="insertonly[title]" value="" type="text"></td> + <td class="field"><input id="insertonly[title]" name="insertonly[title]" value="" type="text" aria-required="true"></td> </tr> <tr><td></td><td class="help">' . __('Link text, e.g. "Lucy on YouTube"') . '</td></tr> <tr> @@ -1182,14 +1250,14 @@ function type_form_file() { <span class="alignleft"><label for="insertonly[href]">' . __('URL') . '</label></span> <span class="alignright"><abbr title="required" class="required">*</abbr></span> </th> - <td class="field"><input id="insertonly[href]" name="insertonly[href]" value="" type="text"></td> + <td class="field"><input id="insertonly[href]" name="insertonly[href]" value="" type="text" aria-required="true"></td> </tr> <tr> <th valign="top" scope="row" class="label"> <span class="alignleft"><label for="insertonly[title]">' . __('Title') . '</label></span> <span class="alignright"><abbr title="required" class="required">*</abbr></span> </th> - <td class="field"><input id="insertonly[title]" name="insertonly[title]" value="" type="text"></td> + <td class="field"><input id="insertonly[title]" name="insertonly[title]" value="" type="text" aria-required="true"></td> </tr> <tr><td></td><td class="help">' . __('Link text, e.g. "Ransom Demands (PDF)"') . '</td></tr> <tr> @@ -1211,12 +1279,9 @@ add_action('media_upload_image', 'media_upload_image'); add_action('media_upload_audio', 'media_upload_audio'); add_action('media_upload_video', 'media_upload_video'); add_action('media_upload_file', 'media_upload_file'); -add_action('admin_head_media_upload_type_form', 'media_admin_css'); add_filter('media_upload_gallery', 'media_upload_gallery'); -add_action('admin_head_media_upload_gallery_form', 'media_admin_css'); add_filter('media_upload_library', 'media_upload_library'); -add_action('admin_head_media_upload_library_form', 'media_admin_css'); ?> diff --git a/wp-admin/includes/plugin.php b/wp-admin/includes/plugin.php index a862c51..3afaed9 100644 --- a/wp-admin/includes/plugin.php +++ b/wp-admin/includes/plugin.php @@ -32,14 +32,15 @@ function get_plugin_data( $plugin_file ) { } function get_plugins($plugin_folder = '') { - global $wp_plugins; - - if ( isset( $wp_plugins ) ) { - return $wp_plugins; - } - + + if ( ! $cache_plugins = wp_cache_get('plugins', 'plugins') ) + $cached_plugins = array(); + + if ( isset($cache_plugins[ $plugin_folder ]) ) + return $cache_plugins[ $plugin_folder ]; + $wp_plugins = array (); - $plugin_root = ABSPATH . PLUGINDIR; + $plugin_root = WP_PLUGIN_DIR; if( !empty($plugin_folder) ) $plugin_root .= $plugin_folder; @@ -85,6 +86,9 @@ function get_plugins($plugin_folder = '') { uasort( $wp_plugins, create_function( '$a, $b', 'return strnatcasecmp( $a["Name"], $b["Name"] );' )); + $cache_plugins[ $plugin_folder ] = $wp_plugins; + wp_cache_set('plugins', $cache_plugins, 'plugins'); + return $wp_plugins; } @@ -104,7 +108,7 @@ function activate_plugin($plugin, $redirect = '') { if ( !empty($redirect) ) wp_redirect(add_query_arg('_error_nonce', wp_create_nonce('plugin-activation-error_' . $plugin), $redirect)); // we'll override this later if the plugin can be included without fatal error ob_start(); - @include(ABSPATH . PLUGINDIR . '/' . $plugin); + @include(WP_PLUGIN_DIR . '/' . $plugin); $current[] = $plugin; sort($current); update_option('active_plugins', $current); @@ -132,37 +136,97 @@ function deactivate_plugins($plugins, $silent= false) { update_option('active_plugins', $current); } -function deactivate_all_plugins() { - $current = get_option('active_plugins'); - if ( empty($current) ) - return; +//Replaces reactivate_all_plugins() / deactivate_all_plugins() = 'deactivated_plugins' is now useless +function activate_plugins($plugins, $redirect = '') { + if ( !is_array($plugins) ) + $plugins = array($plugins); - deactivate_plugins($current); + $errors = array(); + foreach ( (array) $plugins as $plugin ) { + if ( !empty($redirect) ) + $redirect = add_query_arg('plugin', $plugin, $redirect); + $result = activate_plugin($plugin, $redirect); + if ( is_wp_error($result) ) + $errors[$plugin] = $result; + } - update_option('deactivated_plugins', $current); + if ( !empty($errors) ) + return new WP_Error('plugins_invalid', __('One of the plugins is invalid.'), $errors); + + return true; } -function reactivate_all_plugins($redirect = '') { - $plugins = get_option('deactivated_plugins'); +function delete_plugins($plugins, $redirect = '' ) { + global $wp_filesystem; - if ( empty($plugins) ) + if( empty($plugins) ) + return false; + + $checked = array(); + foreach( $plugins as $plugin ) + $checked[] = 'checked[]=' . $plugin; + + ob_start(); + $url = wp_nonce_url('plugins.php?action=delete-selected&' . implode('&', $checked), 'mass-manage-plugins'); + if ( false === ($credentials = request_filesystem_credentials($url)) ) { + $data = ob_get_contents(); + ob_end_clean(); + if( ! empty($data) ){ + include_once( ABSPATH . 'wp-admin/admin-header.php'); + echo $data; + include( ABSPATH . 'wp-admin/admin-footer.php'); + exit; + } return; + } - if ( !empty($redirect) ) - wp_redirect(add_query_arg('_error_nonce', wp_create_nonce('plugin-activation-error_' . $plugin), $redirect)); + if ( ! WP_Filesystem($credentials) ) { + request_filesystem_credentials($url, '', true); //Failed to connect, Error and request again + $data = ob_get_contents(); + ob_end_clean(); + if( ! empty($data) ){ + include_once( ABSPATH . 'wp-admin/admin-header.php'); + echo $data; + include( ABSPATH . 'wp-admin/admin-footer.php'); + exit; + } + return; + } - $errors = array(); - foreach ( (array) $plugins as $plugin ) { - $result = activate_plugin($plugin); - if ( is_wp_error($result) ) - $errors[$plugin] = $result; + if ( $wp_filesystem->errors->get_error_code() ) { + return $wp_filesystem->errors; } - delete_option('deactivated_plugins'); + if ( ! is_object($wp_filesystem) ) + return new WP_Error('fs_unavailable', __('Could not access filesystem.')); - if ( !empty($errors) ) - return new WP_Error('plugins_invalid', __('One of the plugins is invalid.'), $errors); + if ( $wp_filesystem->errors->get_error_code() ) + return new WP_Error('fs_error', __('Filesystem error'), $wp_filesystem->errors); + + //Get the base plugin folder + $plugins_dir = $wp_filesystem->wp_plugins_dir(); + if ( empty($plugins_dir) ) + return new WP_Error('fs_no_plugins_dir', __('Unable to locate WordPress Plugin directory.')); + + $plugins_dir = trailingslashit( $plugins_dir ); + $errors = array(); + + foreach( $plugins as $plugin_file ) { + $this_plugin_dir = trailingslashit( dirname($plugins_dir . $plugin_file) ); + // If plugin is in its own directory, recursively delete the directory. + if ( strpos($plugin_file, '/') && $this_plugin_dir != $plugins_dir ) //base check on if plugin includes directory seperator AND that its not the root plugin folder + $deleted = $wp_filesystem->delete($this_plugin_dir, true); + else + $deleted = $wp_filesystem->delete($plugins_dir . $plugin_file); + + if ( ! $deleted ) + $errors[] = $plugin_file; + } + + if( ! empty($errors) ) + return new WP_Error('could_not_remove_plugin', sprintf(__('Could not fully remove the plugin(s) %s'), implode(', ', $errors)) ); + return true; } @@ -179,7 +243,7 @@ function validate_active_plugins() { // If a plugin file does not exist, remove it from the list of active // plugins. foreach ( $check_plugins as $check_plugin ) { - if ( !file_exists(ABSPATH . PLUGINDIR . '/' . $check_plugin) ) { + if ( !file_exists(WP_PLUGIN_DIR . '/' . $check_plugin) ) { $current = get_option('active_plugins'); $key = array_search($check_plugin, $current); if ( false !== $key && NULL !== $key ) { @@ -193,7 +257,7 @@ function validate_active_plugins() { function validate_plugin($plugin) { if ( validate_file($plugin) ) return new WP_Error('plugin_invalid', __('Invalid plugin.')); - if ( ! file_exists(ABSPATH . PLUGINDIR . '/' . $plugin) ) + if ( ! file_exists(WP_PLUGIN_DIR . '/' . $plugin) ) return new WP_Error('plugin_not_found', __('Plugin file does not exist.')); return 0; diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index aa1e833..f98b9de 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -1,30 +1,19 @@ <?php -// Update an existing post with values provided in $_POST. -function edit_post() { - - $post_ID = (int) $_POST['post_ID']; - - if ( 'page' == $_POST['post_type'] ) { - if ( !current_user_can( 'edit_page', $post_ID ) ) - wp_die( __('You are not allowed to edit this page.' )); - } else { - if ( !current_user_can( 'edit_post', $post_ID ) ) - wp_die( __('You are not allowed to edit this post.' )); - } - - // Autosave shouldn't save too soon after a real save - if ( 'autosave' == $_POST['action'] ) { - $post =& get_post( $post_ID ); - $now = time(); - $then = strtotime($post->post_date_gmt . ' +0000'); - $delta = AUTOSAVE_INTERVAL / 2; - if ( ($now - $then) < $delta ) - return $post_ID; - } - - // Rename. - $_POST['ID'] = (int) $_POST['post_ID']; +/** + * _wp_translate_postdata() - Rename $_POST data from form names to DB post columns. + * + * Manipulates $_POST directly. + * + * @package WordPress + * @since 2.6 + * + * @param bool $update Are we updating a pre-existing post? + * @return object|bool WP_Error on failure, true on success. + */ +function _wp_translate_postdata( $update = false ) { + if ( $update ) + $_POST['ID'] = (int) $_POST['post_ID']; $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_parent'] = isset($_POST['parent_id'])? $_POST['parent_id'] : ''; @@ -32,21 +21,29 @@ function edit_post() { if (!empty ( $_POST['post_author_override'] ) ) { $_POST['post_author'] = (int) $_POST['post_author_override']; - } else + } else { if (!empty ( $_POST['post_author'] ) ) { $_POST['post_author'] = (int) $_POST['post_author']; } else { $_POST['post_author'] = (int) $_POST['user_ID']; } + } if ( $_POST['post_author'] != $_POST['user_ID'] ) { if ( 'page' == $_POST['post_type'] ) { - if ( !current_user_can( 'edit_others_pages' ) ) - wp_die( __('You are not allowed to edit pages as this user.' )); + if ( !current_user_can( 'edit_others_pages' ) ) { + return new WP_Error( 'edit_others_pages', $update ? + __( 'You are not allowed to edit pages as this user.' ) : + __( 'You are not allowed to create pages as this user.' ) + ); + } } else { - if ( !current_user_can( 'edit_others_posts' ) ) - wp_die( __('You are not allowed to edit posts as this user.' )); - + if ( !current_user_can( 'edit_others_posts' ) ) { + return new WP_Error( 'edit_others_posts', $update ? + __( 'You are not allowed to edit posts as this user.' ) : + __( 'You are not allowed to post as this user.' ) + ); + } } } @@ -60,12 +57,20 @@ function edit_post() { if ( isset($_POST['advanced']) && '' != $_POST['advanced'] ) $_POST['post_status'] = 'draft'; + $previous_status = get_post_field('post_status', $_POST['ID']); + + // Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published. + // Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts. if ( 'page' == $_POST['post_type'] ) { - if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' )) - $_POST['post_status'] = 'pending'; + if ( 'publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ) ) + if ( $previous_status != 'publish' OR !current_user_can( 'edit_published_pages') ) + $_POST['post_status'] = 'pending'; } else { - if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' )) - $_POST['post_status'] = 'pending'; + if ( 'publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ) ) : + // Stop attempts to publish new posts, but allow already published posts to be saved if appropriate. + if ( $previous_status != 'publish' OR !current_user_can( 'edit_published_posts') ) + $_POST['post_status'] = 'pending'; + endif; } if (!isset( $_POST['comment_status'] )) @@ -74,14 +79,14 @@ function edit_post() { if (!isset( $_POST['ping_status'] )) $_POST['ping_status'] = 'closed'; - foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { + foreach ( array('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) { $_POST['edit_date'] = '1'; break; } } - if (!empty ( $_POST['edit_date'] ) ) { + if ( !empty( $_POST['edit_date'] ) ) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; @@ -92,10 +97,41 @@ function edit_post() { $hh = ($hh > 23 ) ? $hh -24 : $hh; $mn = ($mn > 59 ) ? $mn -60 : $mn; $ss = ($ss > 59 ) ? $ss -60 : $ss; - $_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; - $_POST['post_date_gmt'] = get_gmt_from_date( "$aa-$mm-$jj $hh:$mn:$ss" ); + $_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss ); + $_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] ); + } + + return true; +} + + +// Update an existing post with values provided in $_POST. +function edit_post() { + + $post_ID = (int) $_POST['post_ID']; + + if ( 'page' == $_POST['post_type'] ) { + if ( !current_user_can( 'edit_page', $post_ID ) ) + wp_die( __('You are not allowed to edit this page.' )); + } else { + if ( !current_user_can( 'edit_post', $post_ID ) ) + wp_die( __('You are not allowed to edit this post.' )); } + // Autosave shouldn't save too soon after a real save + if ( 'autosave' == $_POST['action'] ) { + $post =& get_post( $post_ID ); + $now = time(); + $then = strtotime($post->post_date_gmt . ' +0000'); + $delta = AUTOSAVE_INTERVAL / 2; + if ( ($now - $then) < $delta ) + return $post_ID; + } + + $translated = _wp_translate_postdata( true ); + if ( is_wp_error($translated) ) + wp_die( $translated->get_error_message() ); + // Meta Stuff if ( isset($_POST['meta']) && $_POST['meta'] ) { foreach ( $_POST['meta'] as $key => $value ) @@ -194,13 +230,13 @@ function post_exists($title, $content = '', $post_date = '') { global $wpdb; if (!empty ($post_date)) - $post_date = "AND post_date = '$post_date'"; + $post_date = $wpdb->prepare("AND post_date = %s", $post_date); if (!empty ($title)) - return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date"); + return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) ); else if (!empty ($content)) - return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date"); + return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) ); return 0; } @@ -236,79 +272,9 @@ function wp_write_post() { } } - // Rename. - $_POST['post_content'] = $_POST['content']; - $_POST['post_excerpt'] = $_POST['excerpt']; - $_POST['post_parent'] = isset($_POST['parent_id'])? $_POST['parent_id'] : ''; - $_POST['to_ping'] = $_POST['trackback_url']; - - if (!empty ( $_POST['post_author_override'] ) ) { - $_POST['post_author'] = (int) $_POST['post_author_override']; - } else { - if (!empty ( $_POST['post_author'] ) ) { - $_POST['post_author'] = (int) $_POST['post_author']; - } else { - $_POST['post_author'] = (int) $_POST['user_ID']; - } - - } - - if ( $_POST['post_author'] != $_POST['user_ID'] ) { - if ( 'page' == $_POST['post_type'] ) { - if ( !current_user_can( 'edit_others_pages' ) ) - return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) ); - } else { - if ( !current_user_can( 'edit_others_posts' ) ) - return new WP_Error( 'edit_others_posts', __( 'You are not allowed to post as this user.' ) ); - - } - } - - // What to do based on which button they pressed - if ( isset($_POST['saveasdraft']) && '' != $_POST['saveasdraft'] ) - $_POST['post_status'] = 'draft'; - if ( isset($_POST['saveasprivate']) && '' != $_POST['saveasprivate'] ) - $_POST['post_status'] = 'private'; - if ( isset($_POST['publish']) && ( '' != $_POST['publish'] ) && ( $_POST['post_status'] != 'private' ) ) - $_POST['post_status'] = 'publish'; - if ( isset($_POST['advanced']) && '' != $_POST['advanced'] ) - $_POST['post_status'] = 'draft'; - - if ( 'page' == $_POST['post_type'] ) { - if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ) ) - $_POST['post_status'] = 'pending'; - } else { - if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ) ) - $_POST['post_status'] = 'pending'; - } - - if (!isset( $_POST['comment_status'] )) - $_POST['comment_status'] = 'closed'; - - if (!isset( $_POST['ping_status'] )) - $_POST['ping_status'] = 'closed'; - - foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { - if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) { - $_POST['edit_date'] = '1'; - break; - } - } - - if (!empty ( $_POST['edit_date'] ) ) { - $aa = $_POST['aa']; - $mm = $_POST['mm']; - $jj = $_POST['jj']; - $hh = $_POST['hh']; - $mn = $_POST['mn']; - $ss = $_POST['ss']; - $jj = ($jj > 31 ) ? 31 : $jj; - $hh = ($hh > 23 ) ? $hh -24 : $hh; - $mn = ($mn > 59 ) ? $mn -60 : $mn; - $ss = ($ss > 59 ) ? $ss -60 : $ss; - $_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss ); - $_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] ); - } + $translated = _wp_translate_postdata( false ); + if ( is_wp_error($translated) ) + return $translated; // Create the post. $post_ID = wp_insert_post( $_POST ); @@ -380,11 +346,9 @@ function add_meta( $post_ID ) { wp_cache_delete($post_ID, 'post_meta'); - $wpdb->query( " - INSERT INTO $wpdb->postmeta - (post_id,meta_key,meta_value ) - VALUES ('$post_ID','$metakey','$metavalue' ) - " ); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta + (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)", + $post_ID, $metakey, $metavalue) ); return $wpdb->insert_id; } return false; @@ -394,10 +358,10 @@ function delete_meta( $mid ) { global $wpdb; $mid = (int) $mid; - $post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'"); + $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); wp_cache_delete($post_id, 'post_meta'); - return $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'" ); + return $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); } // Get a list of previously defined keys @@ -417,7 +381,7 @@ function get_post_meta_by_id( $mid ) { global $wpdb; $mid = (int) $mid; - $meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" ); + $meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); if ( is_serialized_string( $meta->meta_value ) ) $meta->meta_value = maybe_unserialize( $meta->meta_value ); return $meta; @@ -427,29 +391,30 @@ function get_post_meta_by_id( $mid ) { function has_meta( $postid ) { global $wpdb; - return $wpdb->get_results( " - SELECT meta_key, meta_value, meta_id, post_id - FROM $wpdb->postmeta - WHERE post_id = '$postid' - ORDER BY meta_key,meta_id", ARRAY_A ); + return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id + FROM $wpdb->postmeta WHERE post_id = %d + ORDER BY meta_key,meta_id", $postid), ARRAY_A ); } -function update_meta( $mid, $mkey, $mvalue ) { +function update_meta( $meta_id, $meta_key, $meta_value ) { global $wpdb; $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); - if ( in_array($mkey, $protected) ) + if ( in_array($meta_key, $protected) ) return false; - $post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'"); + $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $meta_id) ); wp_cache_delete($post_id, 'post_meta'); - $mvalue = maybe_serialize( stripslashes( $mvalue )); - $mvalue = $wpdb->escape( $mvalue ); - $mid = (int) $mid; - return $wpdb->query( "UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'" ); + $meta_value = maybe_serialize( stripslashes( $meta_value )); + $meta_id = (int) $meta_id; + + $data = compact( 'meta_key', 'meta_value' ); + $where = compact( 'meta_id' ); + + return $wpdb->update( $wpdb->postmeta, $data, $where ); } // @@ -502,7 +467,7 @@ function _relocate_children( $old_ID, $new_ID ) { global $wpdb; $old_ID = (int) $old_ID; $new_ID = (int) $new_ID; - return $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID" ); + return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) ); } function get_available_post_statuses($type = 'post') { @@ -631,7 +596,7 @@ function get_sample_permalink($id, $title=null, $name = null) { $permalink = str_replace('%pagename%', "${uri}%pagename%", $permalink); } - $permalink = array($permalink, $post->post_name); + $permalink = array($permalink, apply_filters('editable_slug', $post->post_name)); $post->post_status = $original_status; $post->post_date = $original_date; $post->post_name = $original_name; @@ -691,4 +656,28 @@ function wp_set_post_lock( $post_id ) { update_post_meta( $post->ID, '_edit_last', $current_user->ID ); } -?> +/** + * wp_create_post_autosave() - creates autosave data for the specified post from $_POST data + * + * @package WordPress + * @subpackage Post Revisions + * @since 2.6 + * + * @uses _wp_translate_postdata() + * @uses _wp_post_revision_fields() + */ +function wp_create_post_autosave( $post_id ) { + $translated = _wp_translate_postdata( true ); + if ( is_wp_error( $translated ) ) + return $translated; + + // Only store one autosave. If there is already an autosave, overwrite it. + if ( $old_autosave = wp_get_post_autosave( $post_id ) ) { + $new_autosave = _wp_post_revision_fields( $_POST, true ); + $new_autosave['ID'] = $old_autosave->ID; + return wp_update_post( $new_autosave ); + } + + // Otherwise create the new autosave as a special post revision + return _wp_put_post_revision( $_POST, true ); +} diff --git a/wp-admin/includes/schema.php b/wp-admin/includes/schema.php index 2d5ddcf..1e59f0e 100644 --- a/wp-admin/includes/schema.php +++ b/wp-admin/includes/schema.php @@ -227,10 +227,13 @@ CREATE TABLE IF NOT EXISTS $wpdb->signups ( "; function populate_options() { - global $wpdb, $wp_db_version, $wpblog, $current_site; + global $wpdb, $wp_db_version, $current_site; $schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://'; $guessurl = preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); + + do_action('populate_options'); + add_option('siteurl', $guessurl); add_option('blogname', __('My Blog')); add_option('blogdescription', sprintf(__('Just another %s weblog'), $current_site->site_name ) ); @@ -299,10 +302,10 @@ function populate_options() { if ( ini_get('safe_mode') ) { // Safe mode screws up mkdir(), so we must use a flat structure. add_option('uploads_use_yearmonth_folders', 0); - add_option('upload_path', 'wp-content'); + add_option('upload_path', WP_CONTENT_DIR); } else { add_option('uploads_use_yearmonth_folders', 1); - add_option('upload_path', 'wp-content/uploads'); + add_option('upload_path', WP_CONTENT_DIR . '/uploads'); } // 2.0.3 @@ -326,8 +329,11 @@ function populate_options() { add_option('medium_size_w', 300); add_option('medium_size_h', 300); + // 2.6 + add_option('avatar_default', 'mystery'); + // Delete unused options - $unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update', 'action', 'rich_editing', 'autosave_interval'); + $unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update', 'action', 'rich_editing', 'autosave_interval', 'deactivated_plugins'); foreach ($unusedoptions as $option) : delete_option($option); endforeach; @@ -344,6 +350,7 @@ function populate_roles() { populate_roles_210(); populate_roles_230(); populate_roles_250(); + populate_roles_260(); } function populate_roles_160() { @@ -499,4 +506,15 @@ function populate_roles_250() { } } +function populate_roles_260() { + /* + $role = get_role( 'administrator' ); + + if ( !empty( $role ) ) { + $role->add_cap( 'update_plugins' ); + $role->add_cap( 'delete_plugins' ); + } + */ +} + ?> diff --git a/wp-admin/includes/taxonomy.php b/wp-admin/includes/taxonomy.php index b490ed6..f3c5fcf 100644 --- a/wp-admin/includes/taxonomy.php +++ b/wp-admin/includes/taxonomy.php @@ -47,7 +47,7 @@ function wp_delete_category($cat_ID) { if ( $cat_ID == $default ) return 0; - return wp_delete_term($cat_ID, 'category', "default=$default"); + return wp_delete_term($cat_ID, 'category', array('default' => $default)); } function wp_insert_category($catarr, $wp_error = false) { diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index 19f11f6..c348e7f 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -302,7 +302,7 @@ function tag_rows( $page = 1, $pagesize = 20, $searchterms = '' ) { // define the columns to display, the syntax is 'internal name' => 'display name' function wp_manage_posts_columns() { $posts_columns = array(); - $posts_columns['cb'] = '<input type="checkbox" onclick="checkAll(document.getElementById(\'posts-filter\'));" />'; + $posts_columns['cb'] = '<input type="checkbox" />'; if ( 'draft' === $_GET['post_status'] ) $posts_columns['modified'] = __('Modified'); elseif ( 'pending' === $_GET['post_status'] ) @@ -324,7 +324,7 @@ function wp_manage_posts_columns() { // define the columns to display, the syntax is 'internal name' => 'display name' function wp_manage_media_columns() { $posts_columns = array(); - $posts_columns['cb'] = '<input type="checkbox" onclick="checkAll(document.getElementById(\'posts-filter\'));" />'; + $posts_columns['cb'] = '<input type="checkbox" />'; $posts_columns['icon'] = ''; $posts_columns['media'] = _c('Media|media column header'); $posts_columns['desc'] = _c('Description|media column header'); @@ -339,7 +339,7 @@ function wp_manage_media_columns() { function wp_manage_pages_columns() { $posts_columns = array(); - $posts_columns['cb'] = '<input type="checkbox" onclick="checkAll(document.getElementById(\'posts-filter\'));" />'; + $posts_columns['cb'] = '<input type="checkbox" />'; if ( 'draft' === $_GET['post_status'] ) $posts_columns['modified'] = __('Modified'); elseif ( 'pending' === $_GET['post_status'] ) @@ -505,7 +505,7 @@ foreach ($posts_columns as $column_name=>$column_display_name) { */ function page_rows( $pages ) { if ( ! $pages ) - $pages = get_pages( 'sort_column=menu_order' ); + $pages = get_pages( array('sort_column' => 'menu_order') ); if ( ! $pages ) return false; @@ -717,7 +717,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true function wp_dropdown_cats( $currentcat = 0, $currentparent = 0, $parent = 0, $level = 0, $categories = 0 ) { if (!$categories ) - $categories = get_categories( 'hide_empty=0' ); + $categories = get_categories( array('hide_empty' => 0) ); if ( $categories ) { foreach ( $categories as $category ) { @@ -790,8 +790,8 @@ function _list_meta_row( $entry, &$count ) { $delete_nonce = wp_create_nonce( 'delete-meta_' . $entry['meta_id'] ); $r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>"; - $r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>"; - $r .= "\n\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>"; + $r .= "\n\t\t<td valign='top'><label class='hidden' for='meta[{$entry['meta_id']}][key]'>" . __( 'Key' ) . "</label><input name='meta[{$entry['meta_id']}][key]' id='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>"; + $r .= "\n\t\t<td><label class='hidden' for='meta[{$entry['meta_id']}][value]'>" . __( 'Value' ) . "</label><textarea name='meta[{$entry['meta_id']}][value]' id='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>"; $r .= "\n\t\t<td style='text-align: center;'><input name='updatemeta' type='submit' tabindex='6' value='".attribute_escape(__( 'Update' ))."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /><br />"; $r .= "\n\t\t<input name='deletemeta[{$entry['meta_id']}]' type='submit' "; $r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attribute_escape(__( 'Delete' ))."' />"; @@ -816,8 +816,8 @@ function meta_form() { <p><strong><?php _e( 'Add a new custom field:' ) ?></strong></p> <table id="newmeta" cellspacing="3" cellpadding="3"> <tr> -<th colspan="2"><?php _e( 'Key' ) ?></th> -<th><?php _e( 'Value' ) ?></th> +<th colspan="2"><label <?php if ( $keys ) : ?> for="metakeyselect" <?php else : ?> for="metakeyinput" <?php endif; ?>><?php _e( 'Key' ) ?></label></th> +<th><label for="metavalue"><?php _e( 'Value' ) ?></label></th> </tr> <tr valign="top"> <td style="width: 18%;" class="textright"> @@ -831,7 +831,7 @@ function meta_form() { echo "\n\t<option value='$key'>$key</option>"; } ?> -</select> <?php _e( 'or' ); ?> +</select> <label for="metakeyinput"><?php _e( 'or' ); ?></label> <?php endif; ?> </td> <td><input type="text" id="metakeyinput" name="metakeyinput" tabindex="7" /></td> @@ -904,7 +904,7 @@ function page_template_dropdown( $default = '' ) { function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) { global $wpdb, $post_ID; - $items = $wpdb->get_results( "SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = $parent AND post_type = 'page' ORDER BY menu_order" ); + $items = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' ORDER BY menu_order", $parent) ); if ( $items ) { foreach ( $items as $item ) { @@ -1057,10 +1057,12 @@ function wp_remember_old_slug() { * @param string $callback Function that fills the box with the desired content. The function should echo its output. * @param string $page The type of edit page on which to show the box (post, page, link) * @param string $context The context within the page where the boxes should show ('normal', 'advanced') + * @param string $priority The priority within the context where the boxes should show ('high', 'low') */ -function add_meta_box($id, $title, $callback, $page, $context = 'advanced') { +function add_meta_box($id, $title, $callback, $page, $context = 'advanced', $priority = 'default') { global $wp_meta_boxes; + if ( !isset($wp_meta_boxes) ) $wp_meta_boxes = array(); if ( !isset($wp_meta_boxes[$page]) ) @@ -1068,23 +1070,81 @@ function add_meta_box($id, $title, $callback, $page, $context = 'advanced') { if ( !isset($wp_meta_boxes[$page][$context]) ) $wp_meta_boxes[$page][$context] = array(); - $wp_meta_boxes[$page][$context][$id] = array('id' => $id, 'title' => $title, 'callback' => $callback); + foreach ( array('high', 'core', 'default', 'low') as $a_priority ) { + if ( !isset($wp_meta_boxes[$page][$context][$a_priority][$id]) ) + continue; + // If a core box was previously added or removed by a plugin, don't add. + if ( 'core' == $priority ) { + // If core box previously deleted, don't add + if ( false === $wp_meta_boxes[$page][$context][$a_priority][$id] ) + return; + // If box was added with default priority, give it core priority to maintain sort order + if ( 'default' == $a_priority ) { + $wp_meta_boxes[$page][$context]['core'][$id] = $wp_meta_boxes[$page][$context]['default'][$id]; + unset($wp_meta_boxes[$page][$context]['default'][$id]); + } + return; + } + // If no priority given and id already present, use existing priority + if ( empty($priority) ) + $priority = $a_priority; + // An id can be in only one priority + if ( $priority != $a_priority ) + unset($wp_meta_boxes[$page][$context][$a_priority][$id]); + } + + if ( empty($priority) ) + $priority = low; + + if ( !isset($wp_meta_boxes[$page][$context][$priority]) ) + $wp_meta_boxes[$page][$context][$priority] = array(); + + $wp_meta_boxes[$page][$context][$priority][$id] = array('id' => $id, 'title' => $title, 'callback' => $callback); } function do_meta_boxes($page, $context, $object) { global $wp_meta_boxes; + do_action('do_meta_boxes', $page, $context, $object); + if ( !isset($wp_meta_boxes) || !isset($wp_meta_boxes[$page]) || !isset($wp_meta_boxes[$page][$context]) ) return; - foreach ( (array) $wp_meta_boxes[$page][$context] as $box ) { - echo '<div id="' . $box['id'] . '" class="postbox ' . postbox_classes($box['id'], $page) . '">' . "\n"; - echo "<h3>{$box['title']}</h3>\n"; - echo '<div class="inside">' . "\n"; - call_user_func($box['callback'], $object, $box); - echo "</div>\n"; - echo "</div>\n"; + foreach ( array('high', 'core', 'default', 'low') as $priority ) { + foreach ( (array) $wp_meta_boxes[$page][$context][$priority] as $box ) { + if ( false === $box ) + continue; + echo '<div id="' . $box['id'] . '" class="postbox ' . postbox_classes($box['id'], $page) . '">' . "\n"; + echo "<h3>{$box['title']}</h3>\n"; + echo '<div class="inside">' . "\n"; + call_user_func($box['callback'], $object, $box); + echo "</div>\n"; + echo "</div>\n"; + } } } +/** + * remove_meta_box() - Remove a meta box from an edit form + * + * @since 2.6 + * + * @param string $id String for use in the 'id' attribute of tags. + * @param string $page The type of edit page on which to show the box (post, page, link) + * @param string $context The context within the page where the boxes should show ('normal', 'advanced') + */ +function remove_meta_box($id, $page, $context) { + global $wp_meta_boxes; + + if ( !isset($wp_meta_boxes) ) + $wp_meta_boxes = array(); + if ( !isset($wp_meta_boxes[$page]) ) + $wp_meta_boxes[$page] = array(); + if ( !isset($wp_meta_boxes[$page][$context]) ) + $wp_meta_boxes[$page][$context] = array(); + + foreach ( array('high', 'core', 'default', 'low') as $priority ) + $wp_meta_boxes[$page][$context][$priority][$id] = false; +} + ?> diff --git a/wp-admin/includes/theme.php b/wp-admin/includes/theme.php index 7dae5be..ec670ce 100644 --- a/wp-admin/includes/theme.php +++ b/wp-admin/includes/theme.php @@ -33,7 +33,7 @@ function get_page_templates() { if ( is_array( $templates ) ) { foreach ( $templates as $template ) { - $template_data = implode( '', file( ABSPATH.$template )); + $template_data = implode( '', file( WP_CONTENT_DIR.$template )); preg_match( '|Template Name:(.*)$|mi', $template_data, $name ); preg_match( '|Description:(.*)$|mi', $template_data, $description ); diff --git a/wp-admin/includes/update.php b/wp-admin/includes/update.php index 70d1441..d17298f 100644 --- a/wp-admin/includes/update.php +++ b/wp-admin/includes/update.php @@ -119,25 +119,24 @@ function wp_update_plugins() { } add_action( 'load-plugins.php', 'wp_update_plugins' ); -function wp_plugin_update_row( $file ) { - global $plugin_data; +function wp_plugin_update_row( $file, $plugin_data ) { $current = get_option( 'update_plugins' ); if ( !isset( $current->response[ $file ] ) ) return false; $r = $current->response[ $file ]; - echo "<tr><td colspan='5' class='plugin-update'>"; - if ( !current_user_can('edit_plugins') ) + echo '<tr><td colspan="5" class="plugin-update">'; + if ( ! current_user_can('update_plugins') ) printf( __('There is a new version of %1$s available. <a href="%2$s">Download version %3$s here</a>.'), $plugin_data['Name'], $r->url, $r->new_version); else if ( empty($r->package) ) printf( __('There is a new version of %1$s available. <a href="%2$s">Download version %3$s here</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_data['Name'], $r->url, $r->new_version); else - printf( __('There is a new version of %1$s available. <a href="%2$s">Download version %3$s here</a> or <a href="%4$s">upgrade automatically</a>.'), $plugin_data['Name'], $r->url, $r->new_version, wp_nonce_url("update.php?action=upgrade-plugin&plugin=$file", 'upgrade-plugin_' . $file) ); + printf( __('There is a new version of %1$s available. <a href="%2$s">Download version %3$s here</a> or <a href="%4$s">upgrade automatically</a>.'), $plugin_data['Name'], $r->url, $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) ); - echo "</td></tr>"; + echo '</td></tr>'; } -add_action( 'after_plugin_row', 'wp_plugin_update_row' ); +add_action( 'after_plugin_row', 'wp_plugin_update_row', 10, 2 ); function wp_update_plugin($plugin, $feedback = '') { global $wp_filesystem; @@ -151,7 +150,7 @@ function wp_update_plugin($plugin, $feedback = '') { return new WP_Error('up_to_date', __('The plugin is at the latest version.')); // Is a filesystem accessor setup? - if ( ! $wp_filesystem || !is_object($wp_filesystem) ) + if ( ! $wp_filesystem || ! is_object($wp_filesystem) ) WP_Filesystem(); if ( ! is_object($wp_filesystem) ) @@ -160,11 +159,18 @@ function wp_update_plugin($plugin, $feedback = '') { if ( $wp_filesystem->errors->get_error_code() ) return new WP_Error('fs_error', __('Filesystem error'), $wp_filesystem->errors); - //Get the Base folder - $base = $wp_filesystem->get_base_dir(); + //Get the base plugin folder + $plugins_dir = $wp_filesystem->wp_plugins_dir(); + if ( empty($plugins_dir) ) + return new WP_Error('fs_no_plugins_dir', __('Unable to locate WordPress Plugin directory.')); + + //And the same for the Content directory. + $content_dir = $wp_filesystem->wp_content_dir(); + if( empty($content_dir) ) + return new WP_Error('fs_no_content_dir', __('Unable to locate WordPress Content directory (wp-content).')); - if ( empty($base) ) - return new WP_Error('fs_nowordpress', __('Unable to locate WordPress directory.')); + $plugins_dir = trailingslashit( $plugins_dir ); + $content_dir = trailingslashit( $content_dir ); // Get the URL to the zip file $r = $current->response[ $plugin ]; @@ -175,12 +181,12 @@ function wp_update_plugin($plugin, $feedback = '') { // Download the package $package = $r->package; apply_filters('update_feedback', sprintf(__('Downloading update from %s'), $package)); - $file = download_url($package); + $download_file = download_url($package); - if ( is_wp_error($file) ) - return new WP_Error('download_failed', __('Download failed.'), $file->get_error_message()); + if ( is_wp_error($download_file) ) + return new WP_Error('download_failed', __('Download failed.'), $download_file->get_error_message()); - $working_dir = $base . 'wp-content/upgrade/' . basename($plugin, '.php'); + $working_dir = $content_dir . 'upgrade/' . basename($plugin, '.php'); // Clean up working directory if ( $wp_filesystem->is_dir($working_dir) ) @@ -188,16 +194,16 @@ function wp_update_plugin($plugin, $feedback = '') { apply_filters('update_feedback', __('Unpacking the update')); // Unzip package to working directory - $result = unzip_file($file, $working_dir); + $result = unzip_file($download_file, $working_dir); + + // Once extracted, delete the package + unlink($download_file); + if ( is_wp_error($result) ) { - unlink($file); $wp_filesystem->delete($working_dir, true); return $result; } - // Once extracted, delete the package - unlink($file); - if ( is_plugin_active($plugin) ) { //Deactivate the plugin silently, Prevent deactivation hooks from running. apply_filters('update_feedback', __('Deactivating the plugin')); @@ -206,25 +212,25 @@ function wp_update_plugin($plugin, $feedback = '') { // Remove the existing plugin. apply_filters('update_feedback', __('Removing the old version of the plugin')); - $plugin_dir = dirname($base . PLUGINDIR . "/$plugin"); - $plugin_dir = trailingslashit($plugin_dir); + $this_plugin_dir = trailingslashit( dirname($plugins_dir . $plugin) ); // If plugin is in its own directory, recursively delete the directory. - if ( strpos($plugin, '/') && $plugin_dir != $base . PLUGINDIR . '/' ) //base check on if plugin includes directory seperator AND that its not the root plugin folder - $deleted = $wp_filesystem->delete($plugin_dir, true); + if ( strpos($plugin, '/') && $this_plugin_dir != $plugins_dir ) //base check on if plugin includes directory seperator AND that its not the root plugin folder + $deleted = $wp_filesystem->delete($this_plugin_dir, true); else - $deleted = $wp_filesystem->delete($base . PLUGINDIR . "/$plugin"); + $deleted = $wp_filesystem->delete($plugins_dir . $plugin); - if ( !$deleted ) { + if ( ! $deleted ) { $wp_filesystem->delete($working_dir, true); return new WP_Error('delete_failed', __('Could not remove the old plugin')); } apply_filters('update_feedback', __('Installing the latest version')); // Copy new version of plugin into place. - if ( !copy_dir($working_dir, $base . PLUGINDIR) ) { + $result = copy_dir($working_dir, $plugins_dir); + if ( is_wp_error($result) ) { //$wp_filesystem->delete($working_dir, true); //TODO: Uncomment? This DOES mean that the new files are available in the upgrade folder if it fails. - return new WP_Error('install_failed', __('Installation failed')); + return $result; } //Get a list of the directories in the working directory before we delete it, We need to know the new folder for the plugin @@ -237,13 +243,13 @@ function wp_update_plugin($plugin, $feedback = '') { delete_option('update_plugins'); if( empty($filelist) ) - return false; //We couldnt find any files in the working dir + return false; //We couldnt find any files in the working dir, therefor no plugin installed? Failsafe backup. $folder = $filelist[0]; - $plugin = get_plugins('/' . $folder); //Pass it with a leading slash, search out the plugins in the folder, + $plugin = get_plugins('/' . $folder); //Ensure to pass with leading slash $pluginfiles = array_keys($plugin); //Assume the requested plugin is the first in the list - return $folder . '/' . $pluginfiles[0]; //Pass it without a leading slash as WP requires + return $folder . '/' . $pluginfiles[0]; } */ diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php index 800a86d..1b15aae 100644 --- a/wp-admin/includes/upgrade.php +++ b/wp-admin/includes/upgrade.php @@ -1,7 +1,7 @@ <?php -if ( file_exists(ABSPATH . 'wp-content/install.php') ) - require (ABSPATH . 'wp-content/install.php'); +if ( file_exists(WP_CONTENT_DIR . '/install.php') ) + require (WP_CONTENT_DIR . '/install.php'); require_once(ABSPATH . 'wp-admin/includes/admin.php'); require_once(ABSPATH . 'wp-admin/includes/schema.php'); @@ -208,6 +208,9 @@ function upgrade_all() { if ( $wp_current_db_version < 7935 ) upgrade_252(); + if ( $wp_current_db_version < 8000 ) + upgrade_260(); + maybe_disable_automattic_widgets(); $wp_rewrite->flush_rules(); @@ -224,7 +227,7 @@ function upgrade_100() { foreach($posts as $post) { if ('' == $post->post_name) { $newtitle = sanitize_title($post->post_title); - $wpdb->query("UPDATE $wpdb->posts SET post_name = '$newtitle' WHERE ID = '$post->ID'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $newtitle, $post->ID) ); } } } @@ -233,7 +236,7 @@ function upgrade_100() { foreach ($categories as $category) { if ('' == $category->category_nicename) { $newtitle = sanitize_title($category->cat_name); - $wpdb->query("UPDATE $wpdb->categories SET category_nicename = '$newtitle' WHERE cat_ID = '$category->cat_ID'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->categories SET category_nicename = %s WHERE cat_ID = %d", $newtitle, $category->cat_ID) ); } } @@ -256,14 +259,12 @@ function upgrade_100() { if ($allposts) : foreach ($allposts as $post) { // Check to see if it's already been imported - $cat = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post->ID AND category_id = $post->post_category"); + $cat = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category) ); if (!$cat && 0 != $post->post_category) { // If there's no result - $wpdb->query(" - INSERT INTO $wpdb->post2cat + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->post2cat (post_id, category_id) - VALUES - ('$post->ID', '$post->post_category') - "); + VALUES (%s, %s) + ", $post->ID, $post->post_category) ); } } endif; @@ -291,7 +292,7 @@ function upgrade_110() { foreach ($users as $user) { if ('' == $user->user_nicename) { $newname = sanitize_title($user->user_nickname); - $wpdb->query("UPDATE $wpdb->users SET user_nicename = '$newname' WHERE ID = '$user->ID'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET user_nicename = %s WHERE ID = %d", $newname, $user->ID) ); } } @@ -407,7 +408,7 @@ function upgrade_130() { foreach ( $options as $option ) { if ( 1 != $option->dupes ) { // Could this be done in the query? $limit = $option->dupes - 1; - $dupe_ids = $wpdb->get_col("SELECT option_id FROM $wpdb->options WHERE option_name = '$option->option_name' LIMIT $limit"); + $dupe_ids = $wpdb->get_col( $wpdb->prepare("SELECT option_id FROM $wpdb->options WHERE option_name = %s LIMIT %d", $option->option_name, $limit) ); $dupe_ids = join($dupe_ids, ','); $wpdb->query("DELETE FROM $wpdb->options WHERE option_id IN ($dupe_ids)"); } @@ -451,8 +452,7 @@ function upgrade_160_helper( $users ) { if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname; if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname; if (!$idmode) $id = $user->user_nickname; - $id = $wpdb->escape( $id ); - $wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET display_name = %s WHERE ID = %d", $id, $user->ID) ); endif; // FIXME: RESET_CAPS is temporary code to reset roles and caps if flag is set. @@ -482,7 +482,7 @@ function upgrade_160() { $comments = $wpdb->get_results( "SELECT comment_post_ID, COUNT(*) as c FROM $wpdb->comments WHERE comment_approved = '1' GROUP BY comment_post_ID" ); if( is_array( $comments ) ) { foreach ($comments as $comment) { - $wpdb->query( "UPDATE $wpdb->posts SET comment_count = $comment->c WHERE ID = '$comment->comment_post_ID'" ); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $comment->c, $comment->comment_post_ID) ); } } @@ -491,10 +491,10 @@ function upgrade_160() { if ( $wp_current_db_version > 2541 && $wp_current_db_version <= 3091 ) { $objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'"); foreach ($objects as $object) { - $wpdb->query("UPDATE $wpdb->posts SET post_status = 'attachment', - post_mime_type = '$object->post_type', + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = 'attachment', + post_mime_type = %s, post_type = '' - WHERE ID = $object->ID"); + WHERE ID = %d", $object->post_type, $object->ID) ); $meta = get_post_meta($object->ID, 'imagedata', true); if ( ! empty($meta['file']) ) @@ -522,7 +522,7 @@ function upgrade_210() { $type = 'attachment'; } - $wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = %s, post_type = %s WHERE ID = %d", $status, $type, $post->ID) ); } } @@ -555,45 +555,42 @@ function upgrade_230() { $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_ID"); foreach ($categories as $category) { $term_id = (int) $category->cat_ID; - $name = $wpdb->escape($category->cat_name); - $description = $wpdb->escape($category->category_description); - $slug = $wpdb->escape($category->category_nicename); - $parent = $wpdb->escape($category->category_parent); $term_group = 0; // Associate terms with the same slug in a term group and make slugs unique. - if ( $exists = $wpdb->get_results("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$slug'") ) { + if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) { $term_group = $exists[0]->term_group; $id = $exists[0]->term_id; $num = 2; do { $alt_slug = $slug . "-$num"; $num++; - $slug_check = $wpdb->get_var("SELECT slug FROM $wpdb->terms WHERE slug = '$alt_slug'"); + $slug_check = $wpdb->get_var( $wpdb->prepare("SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug) ); } while ( $slug_check ); $slug = $alt_slug; if ( empty( $term_group ) ) { $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1; - $wpdb->query("UPDATE $wpdb->terms SET term_group = '$term_group' WHERE term_id = '$id'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $id) ); } } - $wpdb->query("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES ('$term_id', '$name', '$slug', '$term_group')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES + (%d, %s, %s, %d)", $term_id, $name, $slug, $term_group) ); $count = 0; if ( !empty($category->category_count) ) { $count = (int) $category->category_count; $taxonomy = 'category'; - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } if ( !empty($category->link_count) ) { $count = (int) $category->link_count; $taxonomy = 'link_category'; - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } @@ -601,14 +598,14 @@ function upgrade_230() { $have_tags = true; $count = (int) $category->tag_count; $taxonomy = 'post_tag'; - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } if ( empty($count) ) { $count = 0; $taxonomy = 'category'; - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } } @@ -628,7 +625,7 @@ function upgrade_230() { if ( empty($tt_id) ) continue; - $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post_id', '$tt_id')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $post_id, $tt_id) ); } // < 3570 we used linkcategories. >= 3570 we used categories and link2cat. @@ -647,20 +644,20 @@ function upgrade_230() { $term_group = 0; // Associate terms with the same slug in a term group and make slugs unique. - if ( $exists = $wpdb->get_results("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$slug'") ) { + if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) { $term_group = $exists[0]->term_group; $term_id = $exists[0]->term_id; } if ( empty($term_id) ) { - $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$name', '$slug', '$term_group')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES (%s, %s, %d)", $name, $slug, $term_group) ); $term_id = (int) $wpdb->insert_id; } $link_cat_id_map[$cat_id] = $term_id; $default_link_cat = $term_id; - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', 'link_category', '', '0', '0')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES (%d, 'link_category', '', '0', '0')", $term_id) ); $tt_ids[$term_id] = (int) $wpdb->insert_id; } @@ -676,7 +673,7 @@ function upgrade_230() { if ( empty($tt_id) ) continue; - $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$link->link_id', '$tt_id')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link->link_id, $tt_id) ); } // Set default to the last category we grabbed during the upgrade loop. @@ -691,7 +688,7 @@ function upgrade_230() { if ( empty($tt_id) ) continue; - $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$link_id', '$tt_id')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link_id, $tt_id) ); } } @@ -704,10 +701,10 @@ function upgrade_230() { $terms = $wpdb->get_results("SELECT term_taxonomy_id, taxonomy FROM $wpdb->term_taxonomy"); foreach ( (array) $terms as $term ) { if ( ('post_tag' == $term->taxonomy) || ('category' == $term->taxonomy) ) - $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = '$term->term_taxonomy_id'"); + $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id) ); else - $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = '$term->term_taxonomy_id'"); - $wpdb->query("UPDATE $wpdb->term_taxonomy SET count = '$count' WHERE term_taxonomy_id = '$term->term_taxonomy_id'"); + $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term->term_taxonomy_id) ); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_taxonomy_id = %d", $count, $term->term_taxonomy_id) ); } } @@ -756,6 +753,10 @@ function upgrade_252() { $wpdb->query("UPDATE $wpdb->users SET user_activation_key = ''"); } +function upgrade_260() { + populate_roles_260(); +} + // The functions we use to actually do stuff // General @@ -850,7 +851,7 @@ function __get_option($setting) { return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) ); } - $option = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting'"); + $option = $wpdb->get_var( $wpdb->prepare("SELECT option_value FROM $wpdb->options WHERE option_name = %s", $setting) ); if ( 'home' == $setting && '' == $option ) return __get_option('siteurl'); @@ -1100,7 +1101,7 @@ function make_db_current_silent() { function make_site_theme_from_oldschool($theme_name, $template) { $home_path = get_home_path(); - $site_dir = ABSPATH . "wp-content/themes/$template"; + $site_dir = WP_CONTENT_DIR . "/themes/$template"; if (! file_exists("$home_path/index.php")) return false; @@ -1119,7 +1120,7 @@ function make_site_theme_from_oldschool($theme_name, $template) { if ($oldfile == 'index.php') { // Check to make sure it's not a new index $index = implode('', file("$oldpath/$oldfile")); if (strpos($index, 'WP_USE_THEMES') !== false) { - if (! @copy(ABSPATH . 'wp-content/themes/default/index.php', "$site_dir/$newfile")) + if (! @copy(WP_CONTENT_DIR . '/themes/default/index.php', "$site_dir/$newfile")) return false; continue; // Don't copy anything } @@ -1167,8 +1168,8 @@ function make_site_theme_from_oldschool($theme_name, $template) { } function make_site_theme_from_default($theme_name, $template) { - $site_dir = ABSPATH . "wp-content/themes/$template"; - $default_dir = ABSPATH . 'wp-content/themes/default'; + $site_dir = WP_CONTENT_DIR . "/themes/$template"; + $default_dir = WP_CONTENT_DIR . '/themes/default'; // Copy files from the default theme to the site theme. //$files = array('index.php', 'comments.php', 'comments-popup.php', 'footer.php', 'header.php', 'sidebar.php', 'style.css'); @@ -1226,7 +1227,7 @@ function make_site_theme() { // Name the theme after the blog. $theme_name = __get_option('blogname'); $template = sanitize_title($theme_name); - $site_dir = ABSPATH . "wp-content/themes/$template"; + $site_dir = WP_CONTENT_DIR . "/themes/$template"; // If the theme already exists, nothing to do. if ( is_dir($site_dir)) { @@ -1234,7 +1235,7 @@ function make_site_theme() { } // We must be able to write to the themes dir. - if (! is_writable(ABSPATH . "wp-content/themes")) { + if (! is_writable(WP_CONTENT_DIR . "/themes")) { return false; } diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php index d25404f..4c02592 100644 --- a/wp-admin/includes/user.php +++ b/wp-admin/includes/user.php @@ -140,12 +140,8 @@ function edit_user( $user_id = 0 ) { function get_author_user_ids() { global $wpdb; - // wpmu site admins don't have user_levels - $level_key = $wpdb->prefix . 'capabilities'; - - $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value != '0'"; - - return $wpdb->get_col( $query ); + $level_key = $wpdb->prefix . 'capabilities'; // wpmu site admins don't have user_levels + return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0'", $level_key) ); } function get_editable_authors( $user_id ) { @@ -175,10 +171,9 @@ function get_editable_user_ids( $user_id, $exclude_zeros = true ) { return false; } - // wpmu site admins don't have user_levels - $level_key = $wpdb->prefix . 'capabilities'; + $level_key = $wpdb->prefix . 'capabilities'; // wpmu site admins don't have user_levels - $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key'"; + $query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key); if ( $exclude_zeros ) $query .= " AND meta_value != 'a:1:{s:10:\"subscriber\";b:1;}'"; @@ -187,12 +182,9 @@ function get_editable_user_ids( $user_id, $exclude_zeros = true ) { function get_nonauthor_user_ids() { global $wpdb; - // wpmu site admins don't have user_levels - $level_key = $wpdb->prefix . 'capabilities'; + $level_key = $wpdb->prefix . 'capabilities'; // wpmu site admins don't have user_levels - $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value = '0'"; - - return $wpdb->get_col( $query ); + return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0'", $level_key) ); } function get_others_unpublished_posts($user_id, $type='any') { @@ -211,7 +203,7 @@ function get_others_unpublished_posts($user_id, $type='any') { $other_unpubs = ''; } else { $editable = join(',', $editable); - $other_unpubs = $wpdb->get_results("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != '$user_id' ORDER BY post_modified $dir"); + $other_unpubs = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != %d ORDER BY post_modified $dir", $user_id) ); } return apply_filters('get_others_drafts', $other_unpubs); @@ -244,8 +236,7 @@ function get_user_to_edit( $user_id ) { function get_users_drafts( $user_id ) { global $wpdb; - $user_id = (int) $user_id; - $query = "SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = $user_id ORDER BY post_modified DESC"; + $query = $wpdb->prepare("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id); $query = apply_filters('get_users_drafts', $query); return $wpdb->get_results( $query ); } @@ -256,7 +247,7 @@ function wp_delete_user($id, $reassign = 'novalue') { $id = (int) $id; if ($reassign == 'novalue') { - $post_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_author = $id"); + $post_ids = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) ); if ($post_ids) { foreach ($post_ids as $post_id) @@ -264,11 +255,11 @@ function wp_delete_user($id, $reassign = 'novalue') { } // Clean links - $wpdb->query("DELETE FROM $wpdb->links WHERE link_owner = $id"); + $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_owner = %d", $id) ); } else { $reassign = (int) $reassign; - $wpdb->query("UPDATE $wpdb->posts SET post_author = {$reassign} WHERE post_author = {$id}"); - $wpdb->query("UPDATE $wpdb->links SET link_owner = {$reassign} WHERE link_owner = {$id}"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) ); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d}", $reassign, $id) ); } // FINALLY, delete user @@ -325,7 +316,7 @@ class WP_User_Search { function prepare_query() { global $wpdb; $this->first_user = ($this->page - 1) * $this->users_per_page; - $this->query_limit = ' LIMIT ' . $this->first_user . ',' . $this->users_per_page; + $this->query_limit = $wpdb->prepare(" LIMIT %d, %d", $this->first_user, $this->users_per_page); $this->query_sort = ' ORDER BY user_login'; $search_sql = ''; if ( $this->search_term ) { @@ -339,7 +330,7 @@ class WP_User_Search { $this->query_from_where = "FROM $wpdb->users"; if ( $this->role ) - $this->query_from_where .= " INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE '%$this->role%'"; + $this->query_from_where .= $wpdb->prepare(" INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE %s", '%' . $this->role . '%'); else $this->query_from_where .= ", $wpdb->usermeta WHERE $wpdb->users.ID = $wpdb->usermeta.user_id AND meta_key = '{$wpdb->prefix}capabilities'"; $this->query_from_where .= " $search_sql"; diff --git a/wp-admin/includes/widgets.php b/wp-admin/includes/widgets.php index 09936b7..79a4f1a 100644 --- a/wp-admin/includes/widgets.php +++ b/wp-admin/includes/widgets.php @@ -102,7 +102,7 @@ function wp_list_widgets( $show = 'all', $_search = false ) { <li id="widget-list-item-<?php echo attribute_escape( $widget['id'] ); ?>" class="widget-list-item"> <h4 class="widget-title widget-draggable"> - <?php echo $widget_title; ?> + <span><?php echo $widget_title; ?></span> <?php if ( 'add' == $action ) : ?> @@ -116,6 +116,8 @@ function wp_list_widgets( $show = 'all', $_search = false ) { <?php endif; ?> + <br class="clear" /> + </h4> @@ -228,7 +230,7 @@ function wp_widget_control( $sidebar_args ) { echo $sidebar_args['before_widget']; ?> <div class="widget-top"> - <h4 class="widget-title"><?php echo $widget_title ?> + <h4 class="widget-title"><span><?php echo $widget_title ?></span> <?php if ( $edit ) : ?> @@ -240,6 +242,8 @@ function wp_widget_control( $sidebar_args ) { <?php endif; ?> + <br class="clear" /> + </h4></div> <div class="widget-control"<?php if ( $edit ) echo ' style="display: block;"'; ?>> @@ -282,10 +286,4 @@ function wp_widget_control_ob_filter( $string ) { return trim( wp_specialchars( strip_tags( $string ) ) ); } -function widget_css() { - wp_admin_css( 'css/widgets' ); -} - -add_action( 'admin_head', 'widget_css' ); - ?> |