diff options
-rw-r--r-- | wp-admin/admin-functions.php | 7 | ||||
-rw-r--r-- | wp-admin/admin.php | 12 | ||||
-rw-r--r-- | wp-content/themes/default/attachment.php | 2 | ||||
-rw-r--r-- | wp-content/themes/default/page.php | 2 | ||||
-rw-r--r-- | wp-content/themes/default/single.php | 2 | ||||
-rw-r--r-- | wp-includes/classes.php | 6 | ||||
-rw-r--r-- | wp-includes/default-filters.php | 3 | ||||
-rw-r--r-- | wp-includes/formatting.php | 3 |
8 files changed, 26 insertions, 11 deletions
diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index 9ab92cb..ca82ddf 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -379,6 +379,7 @@ function add_user() { if ( func_num_args() ) { // The hackiest hack that ever did hack global $current_user, $wp_roles; $user_id = func_get_arg(0); + if (isset ($_POST['role'])) { if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) { $user = new WP_User($user_id); @@ -412,7 +413,7 @@ function edit_user($user_id = 0) { if (isset ($_POST['pass2'])) $pass2 = $_POST['pass2']; - if (isset ($_POST['role']) && current_user_can('edit_users')) { + if (isset ($_POST['role']) && current_user_can('edit_users')) { if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) $user->role = $_POST['role']; } @@ -1345,12 +1346,16 @@ function user_can_access_admin_page() { global $menu; global $submenu; global $menu_nopriv; + global $plugin_page; $parent = get_admin_page_parent(); if ( isset($menu_nopriv[$pagenow]) ) return false; + if ( isset($plugin_page) && isset($menu_nopriv[$plugin_page]) ) + return false; + if ( empty($parent) ) return true; diff --git a/wp-admin/admin.php b/wp-admin/admin.php index b6e270c..91196b0 100644 --- a/wp-admin/admin.php +++ b/wp-admin/admin.php @@ -39,12 +39,15 @@ wp_enqueue_script( 'fat' ); $editing = false; -require(ABSPATH . '/wp-admin/menu.php'); - -// Handle plugin admin pages. if (isset($_GET['page'])) { $plugin_page = stripslashes($_GET['page']); $plugin_page = plugin_basename($plugin_page); +} + +require(ABSPATH . '/wp-admin/menu.php'); + +// Handle plugin admin pages. +if (isset($plugin_page)) { $page_hook = get_plugin_page_hook($plugin_page, $pagenow); if ( $page_hook ) { @@ -76,6 +79,9 @@ if (isset($_GET['page'])) { $importer = $_GET['import']; + if ( ! current_user_can('import') ) + wp_die(__('You are not allowed to import.')); + if ( validate_file($importer) ) { wp_die(__('Invalid importer.')); } diff --git a/wp-content/themes/default/attachment.php b/wp-content/themes/default/attachment.php index ad7c60d..0d606db 100644 --- a/wp-content/themes/default/attachment.php +++ b/wp-content/themes/default/attachment.php @@ -12,7 +12,7 @@ <?php $_post = &get_post($post->ID); $classname = ($_post->iconsize[0] <= 128 ? 'small' : '') . 'attachment'; // This lets us style narrow icons specially ?> <div class="post" id="post-<?php the_ID(); ?>"> <h2><a href="<?php echo get_permalink($post->post_parent); ?>" rev="attachment"><?php echo get_the_title($post->post_parent); ?></a> » <a href="<?php echo get_permalink() ?>" rel="bookmark" title="Permanent Link: <?php the_title(); ?>"><?php the_title(); ?></a></h2> - <div class="entrytext"> + <div class="entry"> <p class="<?php echo $classname; ?>"><?php echo $attachment_link; ?><br /><?php echo basename($post->guid); ?></p> <?php the_content('<p class="serif">Read the rest of this entry »</p>'); ?> diff --git a/wp-content/themes/default/page.php b/wp-content/themes/default/page.php index c35a4dd..57017b0 100644 --- a/wp-content/themes/default/page.php +++ b/wp-content/themes/default/page.php @@ -5,7 +5,7 @@ <?php if (have_posts()) : while (have_posts()) : the_post(); ?> <div class="post" id="post-<?php the_ID(); ?>"> <h2><?php the_title(); ?></h2> - <div class="entrytext"> + <div class="entry"> <?php the_content('<p class="serif">Read the rest of this page »</p>'); ?> <?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?> diff --git a/wp-content/themes/default/single.php b/wp-content/themes/default/single.php index 05cc554..fb071b1 100644 --- a/wp-content/themes/default/single.php +++ b/wp-content/themes/default/single.php @@ -12,7 +12,7 @@ <div class="post" id="post-<?php the_ID(); ?>"> <h2><a href="<?php echo get_permalink() ?>" rel="bookmark" title="Permanent Link: <?php the_title(); ?>"><?php the_title(); ?></a></h2> - <div class="entrytext"> + <div class="entry"> <?php the_content('<p class="serif">Read the rest of this entry »</p>'); ?> <?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?> diff --git a/wp-includes/classes.php b/wp-includes/classes.php index 976a727..f2d823f 100644 --- a/wp-includes/classes.php +++ b/wp-includes/classes.php @@ -531,7 +531,7 @@ class Walker_Page extends Walker { if ( $page->ID == $current_page ) $css_class .= ' current_page_item'; - $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . wp_specialchars($page->post_title) . '">' . $page->post_title . '</a>'; + $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . wp_specialchars($page->post_title, 1) . '">' . $page->post_title . '</a>'; if ( !empty($show_date) ) { if ( 'modified' == $show_date ) @@ -599,9 +599,9 @@ class Walker_Category extends Walker { $link = '<a href="' . get_category_link($category->cat_ID) . '" '; if ( $use_desc_for_title == 0 || empty($category->category_description) ) - $link .= 'title="'. sprintf(__("View all posts filed under %s"), wp_specialchars($category->cat_name)) . '"'; + $link .= 'title="'. sprintf(__("View all posts filed under %s"), wp_specialchars($category->cat_name, 1)) . '"'; else - $link .= 'title="' . wp_specialchars(apply_filters('category_description',$category->category_description,$category)) . '"'; + $link .= 'title="' . wp_specialchars(apply_filters('category_description',$category->category_description,$category),1) . '"'; $link .= '>'; $link .= apply_filters('list_cats', $category->cat_name, $category).'</a>'; diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php index 9a34aeb..2cdd211 100644 --- a/wp-includes/default-filters.php +++ b/wp-includes/default-filters.php @@ -103,11 +103,12 @@ add_filter('sanitize_title', 'sanitize_title_with_dashes'); // RSS filters add_filter('the_title_rss', 'strip_tags'); add_filter('the_title_rss', 'ent2ncr', 8); +add_filter('the_title_rss', 'wp_specialchars'); add_filter('the_content_rss', 'ent2ncr', 8); add_filter('the_excerpt_rss', 'convert_chars'); add_filter('the_excerpt_rss', 'ent2ncr', 8); add_filter('comment_author_rss', 'ent2ncr', 8); -add_filter('comment_text_rss', 'htmlspecialchars'); +add_filter('comment_text_rss', 'wp_specialchars'); add_filter('comment_text_rss', 'ent2ncr', 8); add_filter('bloginfo_rss', 'ent2ncr', 8); add_filter('the_author', 'ent2ncr', 8); diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 7735d58..f027869 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -149,6 +149,9 @@ function utf8_uri_encode( $utf8_string ) { } function remove_accents($string) { + if ( !preg_match('/[\x80-\xff]/', $string) ) + return $string; + if (seems_utf8($string)) { $chars = array( // Decompositions for Latin-1 Supplement |