diff options
-rw-r--r-- | wp-admin/import/blogger.php | 7 | ||||
-rw-r--r-- | wp-admin/options-permalink.php | 2 | ||||
-rw-r--r-- | wp-includes/post.php | 1 | ||||
-rw-r--r-- | wp-trackback.php | 17 |
4 files changed, 17 insertions, 10 deletions
diff --git a/wp-admin/import/blogger.php b/wp-admin/import/blogger.php index 6ba0a16..80a2d11 100644 --- a/wp-admin/import/blogger.php +++ b/wp-admin/import/blogger.php @@ -7,14 +7,15 @@ class Blogger_Import { // Shows the welcome screen and the magic iframe.
function greet() {
- $title = __('Import Blogger or Blogspot');
- $welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.');
+ $title = __('Import Old Blogger');
+ $welcome = __('Howdy! This importer allows you to import posts and comments from your Old Blogger account into your WordPress blog.');
$noiframes = __('This feature requires iframe support.');
$warning = js_escape(__('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?'));
$reset = __('Reset this importer');
$incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.');
echo "<div class='wrap'><h2>$title</h2><p>$welcome</p>";
+ echo "<p>" . __('Please note that this importer <em>does not work with new Blogger (using your Google account)</em>.') . "</p>";
if ( function_exists('curl_init') )
echo "<iframe src='admin.php?import=blogger&noheader=true' height='350px' width = '99%'>$noiframes</iframe><p><a href='admin.php?import=blogger&restart=true&noheader=true' onclick='return confirm(\"$warning\")'>$reset</a></p>";
else
@@ -670,6 +671,6 @@ class Blogger_Import { $blogger_import = new Blogger_Import();
-register_importer('blogger', __('Blogger or Blog*Spot'), __('Import posts, comments, and users from a Blogger or Blog*Spot blog'), array ($blogger_import, 'start'));
+register_importer('blogger', __('Old Blogger'), __('Import posts, comments, and users from an Old Blogger blog'), array ($blogger_import, 'start'));
?>
diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php index fe3f87a..200cabe 100644 --- a/wp-admin/options-permalink.php +++ b/wp-admin/options-permalink.php @@ -169,7 +169,7 @@ checked="checked" <form action="options-permalink.php" method="post"> <?php wp_nonce_field('update-permalink') ?> <p> -<textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?> +<textarea rows="5" style="width: 98%;" name="rules"><?php echo wp_specialchars($wp_rewrite->mod_rewrite_rules()); ?> </textarea> </p> </form> diff --git a/wp-includes/post.php b/wp-includes/post.php index 144b4b6..904b2ee 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -1458,7 +1458,6 @@ function wp_get_attachment_thumb_url( $post_id = 0 ) { if ( !$thumb = wp_get_attachment_thumb_file( $post_id ) ) return false; - return false; $url = str_replace(basename($url), basename($thumb), $url); diff --git a/wp-trackback.php b/wp-trackback.php index 0d1813a..7322862 100644 --- a/wp-trackback.php +++ b/wp-trackback.php @@ -30,11 +30,13 @@ if ( !$_GET['tb_id'] ) { $tb_id = intval( $tb_id[ count($tb_id) - 1 ] ); } -$tb_url = $_POST['url']; -$title = $_POST['title']; -$excerpt = $_POST['excerpt']; -$blog_name = $_POST['blog_name']; -$charset = $_POST['charset']; +$tb_url = $_POST['url']; +$charset = $_POST['charset']; + +// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding() +$title = stripslashes($_POST['title']); +$excerpt = stripslashes($_POST['excerpt']); +$blog_name = stripslashes($_POST['blog_name']); if ($charset) $charset = strtoupper( trim($charset) ); @@ -47,6 +49,11 @@ if ( function_exists('mb_convert_encoding') ) { // For international trackbacks $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset); } +// Now that mb_convert_encoding() has been given a swing, we need to escape these three +$title = $wpdb->escape($title); +$excerpt = $wpdb->escape($excerpt); +$blog_name = $wpdb->escape($blog_name); + if ( is_single() || is_page() ) $tb_id = $posts[0]->ID; |