diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-08-06 09:35:24 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-08-06 09:35:24 +0000 |
| commit | d407afd2cf84fa1d87be4dd387cdb6539aac3112 (patch) | |
| tree | 3b87936604a68a81cfcca74af607c5108d535142 /wp-admin | |
| parent | f7904d143986a96e6f209b51b380ad1ee640cad5 (diff) | |
| download | wordpress-mu-d407afd2cf84fa1d87be4dd387cdb6539aac3112.tar.gz wordpress-mu-d407afd2cf84fa1d87be4dd387cdb6539aac3112.tar.xz wordpress-mu-d407afd2cf84fa1d87be4dd387cdb6539aac3112.zip | |
Sync for WP 2.2.2
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1013 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin')
| -rw-r--r-- | wp-admin/admin-db.php | 4 | ||||
| -rw-r--r-- | wp-admin/admin-functions.php | 2 | ||||
| -rw-r--r-- | wp-admin/edit-comments.php | 2 | ||||
| -rw-r--r-- | wp-admin/link-import.php | 4 | ||||
| -rw-r--r-- | wp-admin/options.php | 11 | ||||
| -rw-r--r-- | wp-admin/upload-functions.php | 9 |
6 files changed, 18 insertions, 14 deletions
diff --git a/wp-admin/admin-db.php b/wp-admin/admin-db.php index 6d18c96..d296e74 100644 --- a/wp-admin/admin-db.php +++ b/wp-admin/admin-db.php @@ -423,9 +423,11 @@ function wp_delete_link($link_id) { } $wpdb->query("DELETE FROM $wpdb->link2cat WHERE link_id = '$link_id'"); - return $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'"); + $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'"); do_action('deleted_link', $link_id); + + return true; } function wp_get_link_cats($link_ID = 0) { diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index dce1350..f23f3ce 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -914,7 +914,7 @@ function user_row( $user_object, $style = '' ) { function _wp_get_comment_list( $s = false, $start, $num ) { global $wpdb; - $start = (int) $start; + $start = abs( (int) $start ); $num = (int) $num; if ( $s ) { diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index 85b2a6e..ea718b9 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -76,7 +76,7 @@ if ( !empty( $_POST['delete_comments'] ) ) : endif; if ( isset( $_GET['apage'] ) ) - $page = (int) $_GET['apage']; + $page = abs( (int) $_GET['apage'] ); else $page = 1; diff --git a/wp-admin/link-import.php b/wp-admin/link-import.php index 8502ed8..e20a464 100644 --- a/wp-admin/link-import.php +++ b/wp-admin/link-import.php @@ -73,8 +73,8 @@ foreach ($categories as $category) { <h2><?php _e('Importing...') ?></h2> <?php - $cat_id = $_POST['cat_id']; - if ( $cat_id == '' || $cat_id == 0 ) + $cat_id = abs( (int) $_POST['cat_id'] ); + if ( $cat_id < 1 ) $cat_id = 1; $opml_url = $_POST['opml_url']; diff --git a/wp-admin/options.php b/wp-admin/options.php index db3c88e..466c8be 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -146,10 +146,11 @@ $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name foreach ( (array) $options as $option) : $disabled = ''; + $option->option_name = attribute_escape($option->option_name); if ( is_serialized($option->option_value) ) { if ( is_serialized_string($option->option_value) ) { // this is a serialized string, so we should display it - $value = wp_specialchars(maybe_unserialize($option->option_value), 'single'); + $value = maybe_unserialize($option->option_value); $options_to_update[] = $option->option_name; $class = 'all-options'; } else { @@ -158,7 +159,7 @@ foreach ( (array) $options as $option) : $class = 'all-options disabled'; } } else { - $value = wp_specialchars($option->option_value, 'single'); + $value = $option->option_value; $options_to_update[] = $option->option_name; $class = 'all-options'; } @@ -167,8 +168,8 @@ foreach ( (array) $options as $option) : <th scope='row'><label for='$option->option_name'>$option->option_name</label></th> <td>"; - if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>"; - else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />"; + if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>"; + else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />"; echo "</td> <td>$option->option_description</td> @@ -177,7 +178,7 @@ endforeach; ?> </table> <?php $options_to_update = implode(',', $options_to_update); ?> -<p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p> +<p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p> </form> </div> diff --git a/wp-admin/upload-functions.php b/wp-admin/upload-functions.php index 31965bc..e2d734d 100644 --- a/wp-admin/upload-functions.php +++ b/wp-admin/upload-functions.php @@ -105,8 +105,9 @@ function wp_upload_form() { $id = get_the_ID(); global $post_id, $tab, $style; $enctype = $id ? '' : ' enctype="multipart/form-data"'; + $post_id = (int) $post_id; ?> - <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&tab=upload&post_id=$post_id"; ?>"> + <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style . '&tab=upload&post_id=' . $post_id); ?>"> <?php if ( $id ) : $attachment = get_post_to_edit( $id ); @@ -201,7 +202,7 @@ function wp_upload_tab_upload_action() { if ( !current_user_can( 'upload_files' ) ) wp_die( __('You are not allowed to upload files.') - . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&tab=browse-all&post_id=$post_id'>" + . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&tab=browse-all&post_id=$post_id") . "'>" . __('Browse Files') . '</a>' ); @@ -211,7 +212,7 @@ function wp_upload_tab_upload_action() { if ( isset($file['error']) ) wp_die($file['error'] . "<br /><a href='" . get_option('siteurl') - . "/wp-admin/upload.php?style=$style&tab=$from_tab&post_id=$post_id'>" . __('Back to Image Uploading') . '</a>' + . "/wp-admin/upload.php?style=" . attribute_escape($style . "&tab=$from_tab&post_id=$post_id") . "'>" . __('Back to Image Uploading') . '</a>' ); $url = $file['url']; @@ -258,7 +259,7 @@ function wp_upload_tab_upload_action() { if ( !current_user_can('edit_post', (int) $ID) ) wp_die( __('You are not allowed to delete this attachment.') - . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&tab=$from_tab&post_id=$post_id'>" + . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&tab=$from_tab&post_id=$post_id") . "'>" . __('Go back') . '</a>' ); |