diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-03-08 12:34:20 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-03-08 12:34:20 +0000 |
| commit | 702aa40642ac52e5c61f949456315aad49664fac (patch) | |
| tree | 948be76000079e42cc27ed9416195665c9ece962 /wp-inst | |
| parent | 359ec6f7109409ea4398b0b30f09a78ef2dac6e8 (diff) | |
| download | wordpress-mu-702aa40642ac52e5c61f949456315aad49664fac.tar.gz wordpress-mu-702aa40642ac52e5c61f949456315aad49664fac.tar.xz wordpress-mu-702aa40642ac52e5c61f949456315aad49664fac.zip | |
WP Merge
Remove unfiltered_html cap so plugins don't accidently allow unsafe html through
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@539 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-inst')
| -rw-r--r-- | wp-inst/wp-admin/upgrade-schema.php | 2 | ||||
| -rw-r--r-- | wp-inst/wp-content/mu-plugins/misc.php | 13 | ||||
| -rw-r--r-- | wp-inst/wp-includes/default-filters.php | 2 | ||||
| -rw-r--r-- | wp-inst/wp-includes/functions-formatting.php | 4 |
4 files changed, 17 insertions, 4 deletions
diff --git a/wp-inst/wp-admin/upgrade-schema.php b/wp-inst/wp-admin/upgrade-schema.php index daab9c2..1e7c201 100644 --- a/wp-inst/wp-admin/upgrade-schema.php +++ b/wp-inst/wp-admin/upgrade-schema.php @@ -325,7 +325,6 @@ function populate_roles_160() { $role->add_cap('manage_links'); $role->add_cap('upload_files'); $role->add_cap('import'); - $role->add_cap('unfiltered_html'); $role->add_cap('edit_posts'); $role->add_cap('edit_others_posts'); $role->add_cap('edit_published_posts'); @@ -350,7 +349,6 @@ function populate_roles_160() { $role->add_cap('manage_categories'); $role->add_cap('manage_links'); $role->add_cap('upload_files'); - $role->add_cap('unfiltered_html'); $role->add_cap('edit_posts'); $role->add_cap('edit_others_posts'); $role->add_cap('edit_published_posts'); diff --git a/wp-inst/wp-content/mu-plugins/misc.php b/wp-inst/wp-content/mu-plugins/misc.php index a256bf7..33d1415 100644 --- a/wp-inst/wp-content/mu-plugins/misc.php +++ b/wp-inst/wp-content/mu-plugins/misc.php @@ -78,4 +78,17 @@ function update_pages_last_updated( $post_id ) { update_option( "pages_last_updated", time() ); } add_action( "save_post", "update_pages_last_updated" ); + +function remove_unfiltered_html() { + $role = get_role('administrator'); + if( $role->capabilities[ 'unfiltered_html' ] ) { + $role->remove_cap('unfiltered_html'); + } + $role = get_role('editor'); + if( $role->capabilities[ 'unfiltered_html' ] ) { + $role->remove_cap('unfiltered_html'); + } +} +add_action( "init", "remove_unfiltered_html" ); + ?> diff --git a/wp-inst/wp-includes/default-filters.php b/wp-inst/wp-includes/default-filters.php index fcf0f3c..3d398c0 100644 --- a/wp-inst/wp-includes/default-filters.php +++ b/wp-inst/wp-includes/default-filters.php @@ -24,10 +24,8 @@ add_filter('pre_comment_author_url', 'strip_tags'); add_filter('pre_comment_author_url', 'trim'); add_filter('pre_comment_author_url', 'clean_url'); -add_filter('pre_comment_content', 'stripslashes', 1); add_filter('pre_comment_content', 'wp_rel_nofollow', 15); add_filter('pre_comment_content', 'balanceTags', 30); -add_filter('pre_comment_content', 'addslashes', 50); add_filter('pre_comment_author_name', 'wp_filter_kses'); add_filter('pre_comment_author_email', 'wp_filter_kses'); diff --git a/wp-inst/wp-includes/functions-formatting.php b/wp-inst/wp-includes/functions-formatting.php index c593bc8..feae447 100644 --- a/wp-inst/wp-includes/functions-formatting.php +++ b/wp-inst/wp-includes/functions-formatting.php @@ -579,7 +579,11 @@ function make_clickable($ret) { } function wp_rel_nofollow( $text ) { + global $wpdb; + // This is a pre save filter, so text is already escaped. + $text = stripslashes($text); $text = preg_replace('|<a (.+?)>|i', '<a $1 rel="nofollow">', $text); + $text = $wpdb->escape($text); return $text; } |