summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--wp-admin/import/blogger.php7
-rw-r--r--wp-admin/options-permalink.php2
-rw-r--r--wp-includes/post.php1
-rw-r--r--wp-trackback.php17
4 files changed, 17 insertions, 10 deletions
diff --git a/wp-admin/import/blogger.php b/wp-admin/import/blogger.php
index 6ba0a16..80a2d11 100644
--- a/wp-admin/import/blogger.php
+++ b/wp-admin/import/blogger.php
@@ -7,14 +7,15 @@ class Blogger_Import {
// Shows the welcome screen and the magic iframe.
function greet() {
- $title = __('Import Blogger or Blogspot');
- $welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.');
+ $title = __('Import Old Blogger');
+ $welcome = __('Howdy! This importer allows you to import posts and comments from your Old Blogger account into your WordPress blog.');
$noiframes = __('This feature requires iframe support.');
$warning = js_escape(__('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?'));
$reset = __('Reset this importer');
$incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.');
echo "<div class='wrap'><h2>$title</h2><p>$welcome</p>";
+ echo "<p>" . __('Please note that this importer <em>does not work with new Blogger (using your Google account)</em>.') . "</p>";
if ( function_exists('curl_init') )
echo "<iframe src='admin.php?import=blogger&amp;noheader=true' height='350px' width = '99%'>$noiframes</iframe><p><a href='admin.php?import=blogger&amp;restart=true&amp;noheader=true' onclick='return confirm(\"$warning\")'>$reset</a></p>";
else
@@ -670,6 +671,6 @@ class Blogger_Import {
$blogger_import = new Blogger_Import();
-register_importer('blogger', __('Blogger or Blog*Spot'), __('Import posts, comments, and users from a Blogger or Blog*Spot blog'), array ($blogger_import, 'start'));
+register_importer('blogger', __('Old Blogger'), __('Import posts, comments, and users from an Old Blogger blog'), array ($blogger_import, 'start'));
?>
diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php
index fe3f87a..200cabe 100644
--- a/wp-admin/options-permalink.php
+++ b/wp-admin/options-permalink.php
@@ -169,7 +169,7 @@ checked="checked"
<form action="options-permalink.php" method="post">
<?php wp_nonce_field('update-permalink') ?>
<p>
-<textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?>
+<textarea rows="5" style="width: 98%;" name="rules"><?php echo wp_specialchars($wp_rewrite->mod_rewrite_rules()); ?>
</textarea>
</p>
</form>
diff --git a/wp-includes/post.php b/wp-includes/post.php
index 144b4b6..904b2ee 100644
--- a/wp-includes/post.php
+++ b/wp-includes/post.php
@@ -1458,7 +1458,6 @@ function wp_get_attachment_thumb_url( $post_id = 0 ) {
if ( !$thumb = wp_get_attachment_thumb_file( $post_id ) )
return false;
- return false;
$url = str_replace(basename($url), basename($thumb), $url);
diff --git a/wp-trackback.php b/wp-trackback.php
index 0d1813a..7322862 100644
--- a/wp-trackback.php
+++ b/wp-trackback.php
@@ -30,11 +30,13 @@ if ( !$_GET['tb_id'] ) {
$tb_id = intval( $tb_id[ count($tb_id) - 1 ] );
}
-$tb_url = $_POST['url'];
-$title = $_POST['title'];
-$excerpt = $_POST['excerpt'];
-$blog_name = $_POST['blog_name'];
-$charset = $_POST['charset'];
+$tb_url = $_POST['url'];
+$charset = $_POST['charset'];
+
+// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
+$title = stripslashes($_POST['title']);
+$excerpt = stripslashes($_POST['excerpt']);
+$blog_name = stripslashes($_POST['blog_name']);
if ($charset)
$charset = strtoupper( trim($charset) );
@@ -47,6 +49,11 @@ if ( function_exists('mb_convert_encoding') ) { // For international trackbacks
$blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset);
}
+// Now that mb_convert_encoding() has been given a swing, we need to escape these three
+$title = $wpdb->escape($title);
+$excerpt = $wpdb->escape($excerpt);
+$blog_name = $wpdb->escape($blog_name);
+
if ( is_single() || is_page() )
$tb_id = $posts[0]->ID;
generated by cgit (git 2.34.1) at 2024-06-17 01:51:16 +0000