diff options
29 files changed, 116 insertions, 100 deletions
@@ -417,9 +417,9 @@ EOD; if(!current_user_can($cap)) $this->auth_required('Sorry, you do not have the right to edit/publish new posts.'); - $blog_ID = $current_blog->blog_id; + $blog_ID = (int )$current_blog->blog_id; $post_status = ($publish) ? 'publish' : 'draft'; - $post_author = $user->ID; + $post_author = (int) $user->ID; $post_title = $entry->title; $post_content = $entry->content; $post_excerpt = $entry->summary; @@ -788,7 +788,7 @@ EOD; global $use_querystring; if(!isset($postID)) { global $post; - $postID = $GLOBALS['post']->ID; + $postID = (int) $GLOBALS['post']->ID; } if ($use_querystring) { @@ -810,7 +810,7 @@ EOD; global $use_querystring; if(!isset($postID)) { global $post; - $postID = $GLOBALS['post']->ID; + $postID = (int) $GLOBALS['post']->ID; } if ($use_querystring) { @@ -885,7 +885,7 @@ EOD; $wp = $GLOBALS['wp']; $wp_query = $GLOBALS['wp_query']; $wpdb = $GLOBALS['wpdb']; - $blog_id = $GLOBALS['blog_id']; + $blog_id = (int) $GLOBALS['blog_id']; $post_cache = $GLOBALS['post_cache']; diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index d3103d8..2ad2469 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -231,7 +231,7 @@ case 'autosave' : // The name of this action is hardcoded in edit_post() if($_POST['post_ID'] < 0) { $_POST['temp_ID'] = $_POST['post_ID']; $id = wp_write_post(); - if(is_wp_error($id)) + if( is_wp_error($id) ) die($id->get_error_message()); else die("$id"); diff --git a/wp-admin/admin-db.php b/wp-admin/admin-db.php index 26bb2e5..d4df176 100644 --- a/wp-admin/admin-db.php +++ b/wp-admin/admin-db.php @@ -250,7 +250,7 @@ function category_exists($cat_name) { if (!$category_nicename = sanitize_title($cat_name)) return 0; - return $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'"); + return (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'"); } function wp_delete_user($id, $reassign = 'novalue') { @@ -303,6 +303,8 @@ function wp_insert_link($linkdata) { if ( !empty($link_id) ) $update = true; + $link_id = (int) $link_id; + if( trim( $link_name ) == '' ) return 0; $link_name = apply_filters('pre_link_name', $link_name); @@ -364,7 +366,7 @@ function wp_insert_link($linkdata) { WHERE link_id='$link_id'"); } else { $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')"); - $link_id = $wpdb->insert_id; + $link_id = (int) $wpdb->insert_id; } wp_set_link_cats($link_id, $link_category); @@ -447,7 +449,7 @@ function wp_set_link_cats($link_ID = 0, $link_categories = array()) { $old_categories = $wpdb->get_col(" SELECT category_id FROM $wpdb->link2cat - WHERE link_id = $link_ID"); + WHERE link_id = '$link_ID'"); if (!$old_categories) { $old_categories = array(); @@ -460,10 +462,11 @@ function wp_set_link_cats($link_ID = 0, $link_categories = array()) { if ($delete_cats) { foreach ($delete_cats as $del) { + $del = (int) $del; $wpdb->query(" DELETE FROM $wpdb->link2cat - WHERE category_id = $del - AND link_id = $link_ID + WHERE category_id = '$del' + AND link_id = '$link_ID' "); } } diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index 732d146..7b9507c 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -114,7 +114,7 @@ function wp_write_post() { // Reunite any orphaned attachments with their parent if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) $draft_ids = array(); - if ( $draft_temp_id = array_search( $post_ID, $draft_ids ) ) + if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) ) relocate_children( $draft_temp_id, $post_ID ); if ( $temp_id && $temp_id != $draft_temp_id ) relocate_children( $temp_id, $post_ID ); @@ -157,7 +157,7 @@ function fix_attachment_links( $post_ID ) { if ( 0 == preg_match( $search, $anchor, $id_matches ) ) continue; - $id = $id_matches[3]; + $id = (int) $id_matches[3]; // While we have the attachment ID, let's adopt any orphans. $attachment = & get_post( $id, ARRAY_A ); @@ -290,7 +290,7 @@ function edit_post() { // Reunite any orphaned attachments with their parent if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) $draft_ids = array(); - if ( $draft_temp_id = array_search( $post_ID, $draft_ids ) ) + if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) ) relocate_children( $draft_temp_id, $post_ID ); // Now that we have an ID we can fix any attachment anchor hrefs @@ -447,7 +447,7 @@ function get_user_to_edit( $user_id ) { function add_user() { if ( func_num_args() ) { // The hackiest hack that ever did hack global $current_user, $wp_roles; - $user_id = func_get_arg( 0 ); + $user_id = (int) func_get_arg( 0 ); if ( isset( $_POST['role'] ) ) { if( $user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap( 'edit_users' ) ) { @@ -465,7 +465,7 @@ function edit_user( $user_id = 0 ) { global $current_user, $wp_roles, $wpdb; if ( $user_id != 0 ) { $update = true; - $user->ID = $user_id; + $user->ID = (int) $user_id; $userdata = get_userdata( $user_id ); $user->user_login = $wpdb->escape( $userdata->user_login ); } else { @@ -803,8 +803,8 @@ function _cat_row( $category, $level, $name_override = false ) { $pad = str_repeat( '— ', $level ); if ( current_user_can( 'manage_categories' ) ) { $edit = "<a href='categories.php?action=edit&cat_ID=$category->cat_ID' class='edit'>".__( 'Edit' )."</a></td>"; - $default_cat_id = get_option( 'default_category' ); - $default_link_cat_id = get_option( 'default_link_category' ); + $default_cat_id = (int) get_option( 'default_category' ); + $default_link_cat_id = (int) get_option( 'default_link_category' ); if ( ($category->cat_ID != $default_cat_id ) && ($category->cat_ID != $default_link_cat_id ) ) $edit .= "<td><a href='" . wp_nonce_url( "categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . js_escape(sprintf( __("You are about to delete the category '%s'.\nAll posts that were only assigned to this category will be assigned to the '%s' category.\nAll links that were only assigned to this category will be assigned to the '%s' category.\n'OK' to delete, 'Cancel' to stop." ), $category->cat_name, get_catname( $default_cat_id ), get_catname( $default_link_cat_id ) )) . "' );\" class='delete'>".__( 'Delete' )."</a>"; @@ -843,7 +843,7 @@ function page_rows( $parent = 0, $level = 0, $pages = 0, $hierarchy = true ) { $post->post_title = wp_specialchars( $post->post_title ); $pad = str_repeat( '— ', $level ); - $id = $post->ID; + $id = (int) $post->ID; $class = ('alternate' == $class ) ? '' : 'alternate'; ?> <tr id='page-<?php echo $id; ?>' class='<?php echo $class; ?>'> diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index 9307b90..0557270 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -56,7 +56,7 @@ if ( !empty( $_POST['delete_comments'] ) ) : $i = 0; foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each $comment = (int) $comment; - $post_id = $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment"); + $post_id = (int) $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment"); // $authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") ); if ( current_user_can('edit_post', $post_id) ) { if ( !empty( $_POST['spam_button'] ) ) diff --git a/wp-admin/import/blogger.php b/wp-admin/import/blogger.php index 4614bf6..fdc6004 100644 --- a/wp-admin/import/blogger.php +++ b/wp-admin/import/blogger.php @@ -546,7 +546,7 @@ class Blogger_Import { }
}
- $comment_post_ID = $this->blogs[$importing_blog]['posts'][$entry->old_post_permalink];
+ $comment_post_ID = (int) $this->blogs[$importing_blog]['posts'][$entry->old_post_permalink];
preg_match('#<name>(.+?)</name>.*(?:\<uri>(.+?)</uri>)?#', $entry->author, $matches);
$comment_author = addslashes( $this->no_apos( strip_tags( (string) $matches[1] ) ) );
$comment_author_url = addslashes( $this->no_apos( strip_tags( (string) $matches[2] ) ) );
diff --git a/wp-admin/import/blogware.php b/wp-admin/import/blogware.php index 2cbf75f..c9e281c 100644 --- a/wp-admin/import/blogware.php +++ b/wp-admin/import/blogware.php @@ -104,7 +104,7 @@ class BW_Import { $comments = $comments[1];
if ( $comments ) {
- $comment_post_ID = $post_id;
+ $comment_post_ID = (int) $post_id;
$num_comments = 0;
foreach ($comments as $comment) {
preg_match('|<body>(.*?)</body>|is', $comment, $comment_content);
diff --git a/wp-admin/import/dotclear.php b/wp-admin/import/dotclear.php index 0eb092b..9a32e3a 100644 --- a/wp-admin/import/dotclear.php +++ b/wp-admin/import/dotclear.php @@ -437,8 +437,8 @@ class Dotclear_Import { extract($comment); // WordPressify Data - $comment_ID = ltrim($comment_id, '0'); - $comment_post_ID = $postarr[$post_id]; + $comment_ID = (int) ltrim($comment_id, '0'); + $comment_post_ID = (int) $postarr[$post_id]; $comment_approved = "$comment_pub"; $name = $wpdb->escape(csc ($comment_auteur)); $email = $wpdb->escape($comment_email); diff --git a/wp-admin/import/livejournal.php b/wp-admin/import/livejournal.php index e1389cd..690005b 100644 --- a/wp-admin/import/livejournal.php +++ b/wp-admin/import/livejournal.php @@ -82,7 +82,7 @@ class LJ_Import { $comments = $comments[1]; if ( $comments ) { - $comment_post_ID = $post_id; + $comment_post_ID = (int) $post_id; $num_comments = 0; foreach ($comments as $comment) { preg_match('|<event>(.*?)</event>|is', $comment, $comment_content); diff --git a/wp-admin/import/mt.php b/wp-admin/import/mt.php index 733c7fa..1effb5c 100644 --- a/wp-admin/import/mt.php +++ b/wp-admin/import/mt.php @@ -154,7 +154,7 @@ class MT_Import { return; } $this->file = $file['file']; - $this->id = $file['id']; + $this->id = (int) $file['id']; $this->get_entries(); $this->mt_authors_form(); @@ -278,7 +278,7 @@ class MT_Import { } } - $comment_post_ID = $post_id; + $comment_post_ID = (int) $post_id; $comment_approved = 1; // Now for comments diff --git a/wp-admin/import/wordpress.php b/wp-admin/import/wordpress.php index 78d972f..90b616b 100644 --- a/wp-admin/import/wordpress.php +++ b/wp-admin/import/wordpress.php @@ -157,7 +157,7 @@ class WP_Import { return;
}
$this->file = $file['file'];
- $this->id = $file['id'];
+ $this->id = (int) $file['id'];
$this->get_entries();
$this->wp_authors_form();
@@ -184,7 +184,7 @@ class WP_Import { if ( empty($parent) )
$category_parent = '0';
else
- $category_parent = (int) category_exists($parent);
+ $category_parent = category_exists($parent);
$catarr = compact('category_nicename', 'category_parent', 'posts_private', 'links_private', 'posts_private', 'cat_name');
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index 6feba01..9760864 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -13,7 +13,7 @@ wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer $wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer)); // Only allow site admins to edit every user. if ( !is_site_admin() && ($user_id != $current_user->ID) ) - $errors = new WP_Error('head', __('You do not have permission to edit this user.')); + wp_die('You do not have permission to edit this user.'); $user_id = (int) $user_id; diff --git a/wp-includes/author-template.php b/wp-includes/author-template.php index 28fa28d..aa4013d 100644 --- a/wp-includes/author-template.php +++ b/wp-includes/author-template.php @@ -144,7 +144,7 @@ function the_author_posts_link($deprecated = '') { function get_author_posts_url($author_id, $author_nicename = '') { global $wpdb, $wp_rewrite, $post, $cache_userdata; - $auth_ID = $author_id; + $auth_ID = (int) $author_id; $link = $wp_rewrite->get_author_permastruct(); if ( empty($link) ) { diff --git a/wp-includes/bookmark-template.php b/wp-includes/bookmark-template.php index 4249f7f..e7a8480 100644 --- a/wp-includes/bookmark-template.php +++ b/wp-includes/bookmark-template.php @@ -165,7 +165,7 @@ function get_linkcatname($id = 0) { if ( empty($cats) || ! is_array($cats) ) return ''; - $cat_id = $cats[0]; // Take the first cat. + $cat_id = (int) $cats[0]; // Take the first cat. $cat = get_category($cat_id); return $cat->cat_name; diff --git a/wp-includes/category-template.php b/wp-includes/category-template.php index 32ace67..db45dc0 100644 --- a/wp-includes/category-template.php +++ b/wp-includes/category-template.php @@ -65,8 +65,9 @@ function get_category_parents($id, $link = FALSE, $separator = '/', $nicename = function get_the_category($id = false) { global $post, $category_cache, $blog_id; + $id = (int) $id; if ( !$id ) - $id = $post->ID; + $id = (int) $post->ID; if ( !isset($category_cache[$blog_id][$id]) ) update_post_category_cache($id); diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 6ab6bc3..19fed0c 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -150,7 +150,7 @@ function get_comments_number( $post_id = 0 ) { $post_id = (int) $post_id; if ( !$post_id ) - $post_id = $id; + $post_id = (int) $id; $post = get_post($post_id); if ( ! isset($post->comment_count) ) diff --git a/wp-includes/comment.php b/wp-includes/comment.php index 7ed9d9c..6da2264 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -345,7 +345,7 @@ function wp_insert_comment($commentdata) { ('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id') "); - $id = $wpdb->insert_id; + $id = (int) $wpdb->insert_id; if ( $comment_approved == 1) wp_update_comment_count($comment_post_ID); diff --git a/wp-includes/feed.php b/wp-includes/feed.php index 741bf7b..26eb4da 100644 --- a/wp-includes/feed.php +++ b/wp-includes/feed.php @@ -106,7 +106,7 @@ function comments_rss($commentsrssfilename = 'nolongerused') { function get_author_rss_link($echo = false, $author_id, $author_nicename) { - $auth_ID = $author_id; + $auth_ID = (int) $author_id; $permalink_structure = get_option('permalink_structure'); if ( '' == $permalink_structure ) { diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index a36de22..a0c13db 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -1072,6 +1072,11 @@ function clean_url( $url, $protocols = null ) { $strip = array('%0d', '%0a'); $url = str_replace($strip, '', $url); $url = str_replace(';//', '://', $url); + // Append http unless a relative link starting with / or a php file. + if ( strpos($url, '://') === false && + substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9]+.php/i', $url) ) + $url = 'http://' . $url; + $url = (strpos($url, '://') === false && substr( $url, 0, 1 ) != '/' ) ? 'http://'.$url : $url; $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); if ( !is_array($protocols) ) diff --git a/wp-includes/functions.php b/wp-includes/functions.php index e93bf7a..ba67d5f 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -663,7 +663,7 @@ function update_post_category_cache($post_ids) { $post_id_array = (array) explode(',', $post_ids); $count = count( $post_id_array); for ( $i = 0; $i < $count; $i++ ) { - $post_id = $post_id_array[ $i ]; + $post_id = (int) $post_id_array[ $i ]; if ( isset( $category_cache[$blog_id][$post_id] ) ) { unset( $post_id_array[ $i ] ); continue; @@ -717,7 +717,7 @@ function update_postmeta_cache($post_id_list = '') { $post_id_array = (array) explode(',', $post_id_list); $count = count( $post_id_array); for ( $i = 0; $i < $count; $i++ ) { - $post_id = $post_id_array[ $i ]; + $post_id = (int) $post_id_array[ $i ]; if ( isset( $post_meta_cache[$blog_id][$post_id] ) ) { // If the meta is already cached unset( $post_id_array[ $i ] ); continue; diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php index 873bca5..a7f9601 100644 --- a/wp-includes/link-template.php +++ b/wp-includes/link-template.php @@ -119,7 +119,7 @@ function get_page_link($id = false) { $id = (int) $id; if ( !$id ) - $id = $post->ID; + $id = (int) $post->ID; if ( 'page' == get_option('show_on_front') && $id == get_option('page_on_front') ) $link = get_option('home'); @@ -134,7 +134,7 @@ function _get_page_link( $id = false ) { global $post, $wp_rewrite; if ( !$id ) - $id = $post->ID; + $id = (int) $post->ID; $pagestruct = $wp_rewrite->get_page_permastruct(); @@ -156,7 +156,7 @@ function get_attachment_link($id = false) { $link = false; if (! $id) { - $id = $post->ID; + $id = (int) $post->ID; } $object = get_post($id); @@ -259,7 +259,7 @@ function get_post_comments_feed_link($post_id = '', $feed = 'rss2') { global $id; if ( empty($post_id) ) - $post_id = $id; + $post_id = (int) $id; if ( '' != get_option('permalink_structure') ) { $url = trailingslashit( get_permalink() ) . 'feed'; diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index b15b3fa..5f00e1d 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -532,7 +532,7 @@ endif; if ( !function_exists('wp_verify_nonce') ) : function wp_verify_nonce($nonce, $action = -1) { $user = wp_get_current_user(); - $uid = $user->id; + $uid = (int) $user->id; $i = ceil(time() / 43200); @@ -546,7 +546,7 @@ endif; if ( !function_exists('wp_create_nonce') ) : function wp_create_nonce($action = -1) { $user = wp_get_current_user(); - $uid = $user->id; + $uid = (int) $user->id; $i = ceil(time() / 43200); diff --git a/wp-includes/post.php b/wp-includes/post.php index ab7c49c..0c0dfb6 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -375,7 +375,7 @@ function get_post_custom($post_id = 0) { global $id, $post_meta_cache, $wpdb, $blog_id; if ( !$post_id ) - $post_id = $id; + $post_id = (int) $id; $post_id = (int) $post_id; @@ -449,6 +449,8 @@ function wp_delete_post($postid = 0) { } function wp_get_post_categories($post_id = 0) { + $post_id = (int) $post_id; + $cats = &get_the_category($post_id); $cat_ids = array(); foreach ( $cats as $cat ) @@ -460,6 +462,7 @@ function wp_get_recent_posts($num = 10) { global $wpdb; // Set the limit clause, if we got a limit + $num = (int) $num; if ($num) { $limit = "LIMIT $num"; } @@ -473,6 +476,8 @@ function wp_get_recent_posts($num = 10) { function wp_get_single_post($postid = 0, $mode = OBJECT) { global $wpdb; + $postid = (int) $postid; + $post = get_post($postid, $mode); // Set categories @@ -536,7 +541,7 @@ function wp_insert_post($postarr = array()) { // Get the post ID. if ( $update ) - $post_ID = $ID; + $post_ID = (int) $ID; // Create a valid post name. Drafts are allowed to have an empty // post name. @@ -640,7 +645,7 @@ function wp_insert_post($postarr = array()) { (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type) VALUES ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type')"); - $post_ID = $wpdb->insert_id; + $post_ID = (int) $wpdb->insert_id; } if ( empty($post_name) && 'draft' != $post_status ) { @@ -768,6 +773,8 @@ function wp_publish_post($post_id) { function wp_set_post_categories($post_ID = 0, $post_categories = array()) { global $wpdb; + + $post_ID = (int) $post_ID; // If $post_categories isn't already an array, make it one: if (!is_array($post_categories) || 0 == count($post_categories) || empty($post_categories)) $post_categories = array(get_option('default_category')); @@ -778,7 +785,7 @@ function wp_set_post_categories($post_ID = 0, $post_categories = array()) { $old_categories = $wpdb->get_col(" SELECT category_id FROM $wpdb->post2cat - WHERE post_id = $post_ID"); + WHERE post_id = '$post_ID'"); if (!$old_categories) { $old_categories = array(); @@ -793,8 +800,8 @@ function wp_set_post_categories($post_ID = 0, $post_categories = array()) { foreach ($delete_cats as $del) { $wpdb->query(" DELETE FROM $wpdb->post2cat - WHERE category_id = $del - AND post_id = $post_ID + WHERE category_id = '$del' + AND post_id = '$post_ID' "); } } @@ -1251,7 +1258,7 @@ function wp_insert_attachment($object, $file = false, $post_parent = 0) { $update = false; if ( !empty($ID) ) { $update = true; - $post_ID = $ID; + $post_ID = (int) $ID; } // Create a valid post name. @@ -1346,7 +1353,7 @@ function wp_insert_attachment($object, $file = false, $post_parent = 0) { (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid) VALUES ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')"); - $post_ID = $wpdb->insert_id; + $post_ID = (int) $wpdb->insert_id; } if ( empty($post_name) ) { @@ -1501,7 +1508,7 @@ function wp_mime_type_icon( $mime = 0 ) { $mime = (int) $mime; if ( !$post =& get_post( $mime ) ) return false; - $post_id = $post->ID; + $post_id = (int) $post->ID; $mime = $post->post_mime_type; } diff --git a/wp-includes/query.php b/wp-includes/query.php index 3432f74..26e1afc 100644 --- a/wp-includes/query.php +++ b/wp-includes/query.php @@ -587,7 +587,7 @@ class WP_Query { if ( '' != $qv['pagename'] ) {
$this->queried_object =& get_page_by_path($qv['pagename']);
if ( !empty($this->queried_object) )
- $this->queried_object_id = $this->queried_object->ID;
+ $this->queried_object_id = (int) $this->queried_object->ID;
else
unset($this->queried_object);
@@ -1205,18 +1205,18 @@ class WP_Query { $cat = $this->get('cat');
$category = &get_category($cat);
$this->queried_object = &$category;
- $this->queried_object_id = $cat;
+ $this->queried_object_id = (int) $cat;
} else if ($this->is_posts_page) {
$this->queried_object = & get_page(get_option('page_for_posts'));
- $this->queried_object_id = $this->queried_object->ID;
+ $this->queried_object_id = (int) $this->queried_object->ID;
} else if ($this->is_single) {
$this->queried_object = $this->post;
- $this->queried_object_id = $this->post->ID;
+ $this->queried_object_id = (int) $this->post->ID;
} else if ($this->is_page) {
$this->queried_object = $this->post;
- $this->queried_object_id = $this->post->ID;
+ $this->queried_object_id = (int) $this->post->ID;
} else if ($this->is_author) {
- $author_id = $this->get('author');
+ $author_id = (int) $this->get('author');
$author = get_userdata($author_id);
$this->queried_object = $author;
$this->queried_object_id = $author_id;
@@ -1285,7 +1285,7 @@ function setup_postdata($post) { global $id, $postdata, $authordata, $day, $page, $pages, $multipage, $more, $numpages, $wp_query;
global $pagenow;
- $id = $post->ID;
+ $id = (int) $post->ID;
$authordata = get_userdata($post->post_author);
diff --git a/wp-includes/registration.php b/wp-includes/registration.php index 1e7a38c..6c03206 100644 --- a/wp-includes/registration.php +++ b/wp-includes/registration.php @@ -89,7 +89,7 @@ function wp_insert_user($userdata) { $query = "UPDATE $wpdb->users SET user_pass='$user_pass', user_email='$user_email', user_url='$user_url', user_nicename = '$user_nicename', display_name = '$display_name' WHERE ID = '$ID'"; $query = apply_filters('update_user_query', $query); $wpdb->query( $query ); - $user_id = $ID; + $user_id = (int) $ID; } else { $query = "INSERT INTO $wpdb->users (user_login, user_pass, user_email, user_url, user_registered, user_nicename, display_name) @@ -97,7 +97,7 @@ function wp_insert_user($userdata) { ('$user_login', '$user_pass', '$user_email', '$user_url', '$user_registered', '$user_nicename', '$display_name')"; $query = apply_filters('create_user_query', $query); $wpdb->query( $query ); - $user_id = $wpdb->insert_id; + $user_id = (int) $wpdb->insert_id; } update_usermeta( $user_id, 'first_name', $first_name); diff --git a/wp-includes/theme.php b/wp-includes/theme.php index 7e45c54..2a7ac8c 100644 --- a/wp-includes/theme.php +++ b/wp-includes/theme.php @@ -346,7 +346,7 @@ function get_home_template() { function get_page_template() { global $wp_query; - $id = $wp_query->post->ID; + $id = (int) $wp_query->post->ID; $template = get_post_meta($id, '_wp_page_template', true); if ( 'default' == $template ) diff --git a/wp-includes/user.php b/wp-includes/user.php index 281483f..058fb1c 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -171,8 +171,8 @@ function setup_userdata($user_id = '') { $userdata = $user->data; $user_login = $user->user_login; - $user_level = $user->user_level; - $user_ID = $user->ID; + $user_level = (int) $user->user_level; + $user_ID = (int) $user->ID; $user_email = $user->user_email; $user_url = $user->user_url; $user_pass_md5 = md5($user->user_pass); diff --git a/wp-trackback.php b/wp-trackback.php index a88ea34..e4d3869 100644 --- a/wp-trackback.php +++ b/wp-trackback.php @@ -84,7 +84,7 @@ if ( !empty($tb_url) && !empty($title) ) { $title = (strlen($title) > 250) ? substr($title, 0, 250) . '...' : $title; } - $comment_post_ID = $tb_id; + $comment_post_ID = (int) $tb_id; $comment_author = $blog_name; $comment_author_email = ''; $comment_author_url = $tb_url; @@ -172,8 +172,8 @@ class wp_xmlrpc_server extends IXR_Server { function wp_getPage($args) { $this->escape($args); - $blog_id = $args[0]; - $page_id = $args[1]; + $blog_id = (int) $args[0]; + $page_id = (int) $args[1]; $username = $args[2]; $password = $args[3]; @@ -252,7 +252,7 @@ class wp_xmlrpc_server extends IXR_Server { function wp_getPages($args) { $this->escape($args); - $blog_id = $args[0]; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -320,10 +320,10 @@ class wp_xmlrpc_server extends IXR_Server { function wp_deletePage($args) { $this->escape($args); - $blog_id = $args[0]; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; - $page_id = $args[3]; + $page_id = (int) $args[3]; if(!$this->login_pass_ok($username, $password)) { return($this->error); @@ -360,8 +360,8 @@ class wp_xmlrpc_server extends IXR_Server { */ function wp_editPage($args) { // Items not escaped here will be escaped in editPost. - $blog_id = $args[0]; - $page_id = $this->escape($args[1]); + $blog_id = (int) $args[0]; + $page_id = $this->escape((int) $args[1]); $username = $this->escape($args[2]); $password = $this->escape($args[3]); $content = $args[4]; @@ -411,7 +411,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_id = $args[0]; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -451,7 +451,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_id = $args[0]; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -469,7 +469,7 @@ class wp_xmlrpc_server extends IXR_Server { function wp_newCategory($args) { $this->escape($args); - $blog_id = $args[0]; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $category = $args[3]; @@ -529,7 +529,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_id = $args[0]; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $category = $args[3]; @@ -630,7 +630,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $post_ID = $args[1]; + $post_ID = (int) $args[1]; $user_login = $args[2]; $user_pass = $args[3]; @@ -665,7 +665,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_ID = $args[1]; /* though we don't use it yet */ + $blog_ID = (int) $args[1]; /* though we don't use it yet */ $user_login = $args[2]; $user_pass = $args[3]; $num_posts = $args[4]; @@ -713,7 +713,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_ID = $args[1]; + $blog_ID = (int) $args[1]; $user_login = $args[2]; $user_pass = $args[3]; $template = $args[4]; /* could be 'main' or 'archiveIndex', but we don't use it */ @@ -747,7 +747,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_ID = $args[1]; + $blog_ID = (int) $args[1]; $user_login = $args[2]; $user_pass = $args[3]; $content = $args[4]; @@ -784,7 +784,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_ID = $args[1]; /* though we don't use it yet */ + $blog_ID = (int) $args[1]; /* though we don't use it yet */ $user_login = $args[2]; $user_pass = $args[3]; $content = $args[4]; @@ -832,7 +832,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $post_ID = $args[1]; + $post_ID = (int) $args[1]; $user_login = $args[2]; $user_pass = $args[3]; $content = $args[4]; @@ -883,7 +883,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $post_ID = $args[1]; + $post_ID = (int) $args[1]; $user_login = $args[2]; $user_pass = $args[3]; $publish = $args[4]; @@ -924,7 +924,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_ID = $args[0]; // we will support this in the near future + $blog_ID = (int) $args[0]; // we will support this in the near future $user_login = $args[1]; $user_pass = $args[2]; $content_struct = $args[3]; @@ -1074,7 +1074,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $post_ID = $args[0]; + $post_ID = (int) $args[0]; $user_login = $args[1]; $user_pass = $args[2]; $content_struct = $args[3]; @@ -1226,7 +1226,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $post_ID = $args[0]; + $post_ID = (int) $args[0]; $user_login = $args[1]; $user_pass = $args[2]; @@ -1288,10 +1288,10 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_ID = $args[0]; + $blog_ID = (int) $args[0]; $user_login = $args[1]; $user_pass = $args[2]; - $num_posts = $args[3]; + $num_posts = (int) $args[3]; if (!$this->login_pass_ok($user_login, $user_pass)) { return $this->error; @@ -1361,7 +1361,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_ID = $args[0]; + $blog_ID = (int) $args[0]; $user_login = $args[1]; $user_pass = $args[2]; @@ -1396,7 +1396,7 @@ class wp_xmlrpc_server extends IXR_Server { global $wpdb; - $blog_ID = $wpdb->escape($args[0]); + $blog_ID = (int) $args[0]; $user_login = $wpdb->escape($args[1]); $user_pass = $wpdb->escape($args[2]); $data = $args[3]; @@ -1473,10 +1473,10 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_ID = $args[0]; + $blog_ID = (int) $args[0]; $user_login = $args[1]; $user_pass = $args[2]; - $num_posts = $args[3]; + $num_posts = (int) $args[3]; if (!$this->login_pass_ok($user_login, $user_pass)) { return $this->error; @@ -1518,7 +1518,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_ID = $args[0]; + $blog_ID = (int) $args[0]; $user_login = $args[1]; $user_pass = $args[2]; @@ -1547,7 +1547,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $post_ID = $args[0]; + $post_ID = (int) $args[0]; $user_login = $args[1]; $user_pass = $args[2]; @@ -1577,7 +1577,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $post_ID = $args[0]; + $post_ID = (int) $args[0]; $user_login = $args[1]; $user_pass = $args[2]; $categories = $args[3]; @@ -1660,7 +1660,7 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $post_ID = $args[0]; + $post_ID = (int) $args[0]; $user_login = $args[1]; $user_pass = $args[2]; @@ -1722,18 +1722,18 @@ class wp_xmlrpc_server extends IXR_Server { } elseif (preg_match('#p/[0-9]{1,}#', $urltest['path'], $match)) { // the path defines the post_ID (archives/p/XXXX) $blah = explode('/', $match[0]); - $post_ID = $blah[1]; + $post_ID = (int) $blah[1]; $way = 'from the path'; } elseif (preg_match('#p=[0-9]{1,}#', $urltest['query'], $match)) { // the querystring defines the post_ID (?p=XXXX) $blah = explode('=', $match[0]); - $post_ID = $blah[1]; + $post_ID = (int) $blah[1]; $way = 'from the querystring'; } elseif (isset($urltest['fragment'])) { // an #anchor is there, it's either... if (intval($urltest['fragment'])) { // ...an integer #XXXX (simpliest case) - $post_ID = $urltest['fragment']; + $post_ID = (int) $urltest['fragment']; $way = 'from the fragment (numeric)'; } elseif (preg_match('/post-[0-9]+/',$urltest['fragment'])) { // ...a post id in the form 'post-###' |