diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-09-10 18:26:30 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-09-10 18:26:30 +0000 |
commit | b658e546840b8f23e2a1e413f6510104d73ea91f (patch) | |
tree | 1cd6bbbda247b5ae6cfff42f2cea731b4d8b667f /wp-includes | |
parent | 305d7e7228e097a26a98abdb45eb8283df7d5603 (diff) | |
download | wordpress-mu-b658e546840b8f23e2a1e413f6510104d73ea91f.tar.gz wordpress-mu-b658e546840b8f23e2a1e413f6510104d73ea91f.tar.xz wordpress-mu-b658e546840b8f23e2a1e413f6510104d73ea91f.zip |
Sync with WP 2.2.3
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1051 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-includes')
-rw-r--r-- | wp-includes/default-filters.php | 4 | ||||
-rw-r--r-- | wp-includes/feed-rss2-comments.php | 6 | ||||
-rw-r--r-- | wp-includes/formatting.php | 75 | ||||
-rw-r--r-- | wp-includes/pluggable.php | 18 | ||||
-rw-r--r-- | wp-includes/plugin.php | 36 | ||||
-rw-r--r-- | wp-includes/query.php | 21 | ||||
-rw-r--r-- | wp-includes/rewrite.php | 9 | ||||
-rw-r--r-- | wp-includes/rss.php | 4 | ||||
-rw-r--r-- | wp-includes/vars.php | 23 | ||||
-rw-r--r-- | wp-includes/version.php | 4 | ||||
-rw-r--r-- | wp-includes/widgets.php | 4 |
11 files changed, 167 insertions, 37 deletions
diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php index 0861361..1613b33 100644 --- a/wp-includes/default-filters.php +++ b/wp-includes/default-filters.php @@ -129,6 +129,8 @@ add_filter('get_the_excerpt', 'wp_trim_excerpt'); add_filter('sanitize_title', 'sanitize_title_with_dashes'); +add_filter('wp_title', 'wp_specialchars'); + // RSS filters add_filter('the_title_rss', 'strip_tags'); add_filter('the_title_rss', 'ent2ncr', 8); @@ -176,4 +178,4 @@ add_action('init', 'smilies_init', 5); add_action( 'plugins_loaded', 'wp_maybe_load_widgets', 0 ); add_action( 'shutdown', 'wp_ob_end_flush_all', 1); -?>
\ No newline at end of file +?> diff --git a/wp-includes/feed-rss2-comments.php b/wp-includes/feed-rss2-comments.php index 50f5e3d..adb2930 100644 --- a/wp-includes/feed-rss2-comments.php +++ b/wp-includes/feed-rss2-comments.php @@ -5,7 +5,9 @@ echo '<?xml version="1.0" encoding="'.get_option('blog_charset').'"?'.'>'; ?> <!-- generator="wordpress/<?php echo $wp_version ?>" --> <rss version="2.0" - xmlns:content="http://purl.org/rss/1.0/modules/content/"> + xmlns:content="http://purl.org/rss/1.0/modules/content/" + xmlns:dc="http://purl.org/dc/elements/1.1/" + > <channel> <title><?php if ( is_singular() ) @@ -37,7 +39,7 @@ if ( have_comments() ) : while ( have_comments() ) : the_comment(); } ?></title> <link><?php comment_link() ?></link> - <author><?php echo get_comment_author_rss() ?></author> + <dc:creator><?php echo get_comment_author_rss() ?></dc:creator> <pubDate><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></pubDate> <guid><?php comment_link() ?></guid> <?php if (!empty($comment_post->post_password) && $_COOKIE['wp-postpass'] != $comment_post->post_password) : ?> diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index b251b6e..cb8b372 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -11,7 +11,7 @@ function wptexturize($text) { // if a plugin has provided an autocorrect array, use it if ( isset($wp_cockneyreplace) ) { $cockney = array_keys($wp_cockneyreplace); - $cockney_replace = array_values($wp_cockneyreplace); + $cockneyreplace = array_values($wp_cockneyreplace); } else { $cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause"); $cockneyreplace = array("’tain’t","’twere","’twas","’tis","’twill","’til","’bout","’nuff","’round","’cause"); @@ -1118,6 +1118,79 @@ function wp_make_link_relative( $link ) { return preg_replace('|https?://[^/]+(/.*)|i', '$1', $link ); } +function sanitize_option($option, $value) { // Remember to call stripslashes! + + switch ($option) { + case 'admin_email': + $value = sanitize_email($value); + break; + + case 'default_post_edit_rows': + case 'mailserver_port': + case 'comment_max_links': + case 'page_on_front': + case 'rss_excerpt_length': + case 'default_category': + case 'default_email_category': + case 'default_link_category': + $value = abs((int) $value); + break; + + case 'posts_per_page': + case 'posts_per_rss': + $value = (int) $value; + if ( empty($value) ) $value = 1; + if ( $value < -1 ) $value = abs($value); + break; + + case 'default_ping_status': + case 'default_comment_status': + // Options that if not there have 0 value but need to be something like "closed" + if ( $value == '0' || $value == '') + $value = 'closed'; + break; + + case 'blogdescription': + case 'blogname': + $value = addslashes($value); + $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes + $value = stripslashes($value); + $value = wp_specialchars( $value ); + break; + + case 'blog_charset': + $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes + break; + + case 'date_format': + case 'time_format': + case 'mailserver_url': + case 'mailserver_login': + case 'mailserver_pass': + case 'ping_sites': + case 'upload_path': + $value = strip_tags($value); + $value = addslashes($value); + $value = wp_filter_kses($value); // calls stripslashes then addslashes + $value = stripslashes($value); + break; + + case 'gmt_offset': + $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes + break; + + case 'siteurl': + case 'home': + $value = stripslashes($value); + $value = clean_url($value); + break; + default : + break; + } + + return $value; +} + function wp_parse_str( $string, &$array ) { parse_str( $string, $array ); if ( get_magic_quotes_gpc() ) diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 3668635..3774f50 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -327,8 +327,18 @@ function wp_redirect($location, $status = 302) { $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location); $location = wp_kses_no_null($location); + // remove %0d and %0a from location $strip = array('%0d', '%0a'); - $location = str_replace($strip, '', $location); + $found = true; + while($found) { + $found = false; + foreach($strip as $val) { + while(strpos($location, $val) !== false) { + $found = true; + $location = str_replace($val, '', $location); + } + } + } if ( $is_IIS ) { header("Refresh: 0;url=$location"); @@ -436,14 +446,14 @@ function wp_notify_postauthor($comment_id, $comment_type='') { $notify_message .= sprintf( __('Delete it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&c=$comment_id" ) . "\r\n"; $notify_message .= sprintf( __('Spam it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&dt=spam&c=$comment_id" ) . "\r\n"; - $admin_email = get_option('admin_email'); + $wp_email = get_option('admin_email'); if ( '' == $comment->comment_author ) { - $from = "From: \"$blogname\" <$admin_email>"; + $from = "From: \"$blogname\" <$wp_email>"; if ( '' != $comment->comment_author_email ) $reply_to = "Reply-To: $comment->comment_author_email"; } else { - $from = "From: \"$comment->comment_author\" <$admin_email>"; + $from = "From: \"$comment->comment_author\" <$wp_email>"; if ( '' != $comment->comment_author_email ) $reply_to = "Reply-To: \"$comment->comment_author_email\" <$comment->comment_author_email>"; } diff --git a/wp-includes/plugin.php b/wp-includes/plugin.php index c573ec1..050c544 100644 --- a/wp-includes/plugin.php +++ b/wp-includes/plugin.php @@ -19,7 +19,7 @@ function add_filter($tag, $function_to_add, $priority = 10, $accepted_args = 1) global $wp_filter, $merged_filters; // So the format is wp_filter['tag']['array of priorities']['array of functions serialized']['array of ['array (functions, accepted_args)]'] - $wp_filter[$tag][$priority][serialize($function_to_add)] = array('function' => $function_to_add, 'accepted_args' => $accepted_args); + $wp_filter[$tag][$priority][_wp_filter_build_unique_id($tag, $function_to_add, $priority)] = array('function' => $function_to_add, 'accepted_args' => $accepted_args); unset( $merged_filters[ $tag ] ); return true; } @@ -98,8 +98,8 @@ function merge_filters($tag) { */ function remove_filter($tag, $function_to_remove, $priority = 10, $accepted_args = 1) { global $wp_filter, $merged_filters; - - unset($GLOBALS['wp_filter'][$tag][$priority][serialize($function_to_remove)]); + + unset($GLOBALS['wp_filter'][$tag][$priority][_wp_filter_build_unique_id($tag, $function_to_remove, $priority)]); unset( $merged_filters[ $tag ] ); return true; @@ -235,8 +235,9 @@ function remove_action($tag, $function_to_remove, $priority = 10, $accepted_args * @return string The name of a plugin. */ function plugin_basename($file) { - $file = preg_replace('|\\\\+|', '\\\\', $file); - $file = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', $file); + $file = str_replace('\\','/',$file); // sanitize for Win32 installs + $file = preg_replace('|/+|','/', $file); // remove any duplicate slash + $file = preg_replace('|^.*/wp-content/plugins/|','',$file); // get relative path from plugins dir return $file; } @@ -278,4 +279,29 @@ function register_deactivation_hook($file, $function) { add_action('deactivate_' . $file, $function); } +function _wp_filter_build_unique_id($tag, $function, $priority = 10) +{ + global $wp_filter; + + // If function then just skip all of the tests and not overwrite the following. + if( is_string($function) ) + return $function; + // Object Class Calling + else if(is_object($function[0]) ) + { + $obj_idx = get_class($function[0]).$function[1]; + if( is_null($function[0]->wp_filter_id) ) { + $count = count((array)$wp_filter[$tag][$priority]); + $function[0]->wp_filter_id = $count; + $obj_idx .= $count; + unset($count); + } else + $obj_idx .= $function[0]->wp_filter_id; + return $obj_idx; + } + // Static Calling + else if( is_string($function[0]) ) + return $function[0].$function[1]; +} + ?> diff --git a/wp-includes/query.php b/wp-includes/query.php index 05dc692..a079211 100644 --- a/wp-includes/query.php +++ b/wp-includes/query.php @@ -413,18 +413,8 @@ class WP_Query { $this->query_vars = $this->fill_query_vars($this->query_vars);
$qv = &$this->query_vars;
- if ( ! empty($qv['robots']) ) {
+ if ( ! empty($qv['robots']) )
$this->is_robots = true;
- return;
- }
-
- if ('404' == $qv['error']) {
- $this->is_404 = true;
- if ( !empty($query) ) {
- do_action_ref_array('parse_query', array(&$this));
- }
- return;
- }
$qv['p'] = (int) $qv['p'];
$qv['page_id'] = (int) $qv['page_id'];
@@ -606,12 +596,21 @@ class WP_Query { }
}
+ if ( !empty($qv['post_type']) )
+ $qv['post_type'] = sanitize_user($qv['post_type'], true);
+
+ if ( !empty($qv['post_status']) )
+ $qv['post_status'] = sanitize_user($qv['post_status'], true);
+
if ( $this->is_posts_page && !$qv['withcomments'] )
$this->is_comment_feed = false;
$this->is_singular = $this->is_single || $this->is_page || $this->is_attachment;
// Done correcting is_* for page_on_front and page_for_posts
+ if ('404' == $qv['error'])
+ $this->set_404();
+
if ( !empty($query) )
do_action_ref_array('parse_query', array(&$this));
}
diff --git a/wp-includes/rewrite.php b/wp-includes/rewrite.php index 2f440ab..19d5224 100644 --- a/wp-includes/rewrite.php +++ b/wp-includes/rewrite.php @@ -135,6 +135,15 @@ function url_to_postid($url) { // Substitute the substring matches into the query. eval("\$query = \"$query\";"); + // Filter out non-public query vars + global $wp; + parse_str($query, $query_vars); + $query = array(); + foreach ( $query_vars as $key => $value ) { + if ( in_array($key, $wp->public_query_vars) ) + $query[$key] = $value; + } + // Do the query $query = new WP_Query($query); if ( $query->is_single || $query->is_page ) return $query->post->ID; diff --git a/wp-includes/rss.php b/wp-includes/rss.php index 44005a7..72b7bb1 100644 --- a/wp-includes/rss.php +++ b/wp-includes/rss.php @@ -9,7 +9,7 @@ define('RSS', 'RSS'); define('ATOM', 'Atom'); -define('MAGPIE_USER_AGENT', 'WordPressMU/' . $wp_version); +define('MAGPIE_USER_AGENT', 'WordPressMU/' . $GLOBALS['wp_version']); class MagpieRSS { var $parser; @@ -591,7 +591,7 @@ function init () { } if ( !defined('MAGPIE_USER_AGENT') ) { - $ua = 'WordPress/' . $wp_version; + $ua = 'WordPress/' . $GLOBALS['wp_version']; if ( MAGPIE_CACHE_ON ) { $ua = $ua . ')'; diff --git a/wp-includes/vars.php b/wp-includes/vars.php index 0f749be..a8b4897 100644 --- a/wp-includes/vars.php +++ b/wp-includes/vars.php @@ -1,15 +1,24 @@ <?php // On which page are we ? -if ( preg_match('#([^/]+\.php)$#', $PHP_SELF, $self_matches) ) { +if ( is_admin() ) { + // wp-admin pages are checked more carefully + preg_match('#/wp-admin/?(.*?)$#i', $PHP_SELF, $self_matches); $pagenow = $self_matches[1]; -} elseif ( strpos($PHP_SELF, '?') !== false ) { - $pagenow = explode('/', $PHP_SELF); - $pagenow = trim($pagenow[(sizeof($pagenow)-1)]); - $pagenow = explode('?', $pagenow); - $pagenow = $pagenow[0]; + $pagenow = preg_replace('#\?.*?$#', '', $pagenow); + if ( '' === $pagenow || 'index' === $pagenow || 'index.php' === $pagenow ) { + $pagenow = 'index.php'; + } else { + preg_match('#(.*?)(/|$)#', $pagenow, $self_matches); + $pagenow = strtolower($self_matches[1]); + if ( '.php' !== substr($pagenow, -4, 4) ) + $pagenow .= '.php'; // for Options +Multiviews: /wp-admin/themes/index.php (themes.php is queried) + } } else { - $pagenow = 'index.php'; + if ( preg_match('#([^/]+\.php)([?/].*?)?$#i', $PHP_SELF, $self_matches) ) + $pagenow = strtolower($self_matches[1]); + else + $pagenow = 'index.php'; } // Simple browser detection diff --git a/wp-includes/version.php b/wp-includes/version.php index fb8e714..13c05a4 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -2,8 +2,8 @@ // This holds the version number in a separate file so we can bump it without cluttering the SVN -$wp_version = 'wordpress-mu-1.2.4'; -$wporg_version = 'wordpress-2.2.2'; +$wp_version = 'wordpress-mu-1.2.5'; +$wporg_version = 'wordpress-2.2.3'; $wp_db_version = 5200; ?> diff --git a/wp-includes/widgets.php b/wp-includes/widgets.php index 52f0a0e..b2ec69e 100644 --- a/wp-includes/widgets.php +++ b/wp-includes/widgets.php @@ -332,13 +332,13 @@ function wp_widget_pages( $args ) { $title = empty( $options['title'] ) ? __( 'Pages' ) : $options['title']; $sortby = empty( $options['sortby'] ) ? 'menu_order' : $options['sortby']; - $exclude = empty( $options['exclude'] ) ? '' : '&exclude=' . $options['exclude']; + $exclude = empty( $options['exclude'] ) ? '' : $options['exclude']; if ( $sortby == 'menu_order' ) { $sortby = 'menu_order, post_title'; } - $out = wp_list_pages( 'title_li=&echo=0&sort_column=' . $sortby . $exclude ); + $out = wp_list_pages( array('title_li' => '', 'echo' => 0, 'sort_column' => $sortby, 'exclude' => $exclude) ); if ( !empty( $out ) ) { ?> |