summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--wp-admin/admin-functions.php7
-rw-r--r--wp-admin/admin.php12
-rw-r--r--wp-content/themes/default/attachment.php2
-rw-r--r--wp-content/themes/default/page.php2
-rw-r--r--wp-content/themes/default/single.php2
-rw-r--r--wp-includes/classes.php6
-rw-r--r--wp-includes/default-filters.php3
-rw-r--r--wp-includes/formatting.php3
8 files changed, 26 insertions, 11 deletions
diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php
index 9ab92cb..ca82ddf 100644
--- a/wp-admin/admin-functions.php
+++ b/wp-admin/admin-functions.php
@@ -379,6 +379,7 @@ function add_user() {
if ( func_num_args() ) { // The hackiest hack that ever did hack
global $current_user, $wp_roles;
$user_id = func_get_arg(0);
+
if (isset ($_POST['role'])) {
if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) {
$user = new WP_User($user_id);
@@ -412,7 +413,7 @@ function edit_user($user_id = 0) {
if (isset ($_POST['pass2']))
$pass2 = $_POST['pass2'];
- if (isset ($_POST['role']) && current_user_can('edit_users')) {
+ if (isset ($_POST['role']) && current_user_can('edit_users')) {
if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
$user->role = $_POST['role'];
}
@@ -1345,12 +1346,16 @@ function user_can_access_admin_page() {
global $menu;
global $submenu;
global $menu_nopriv;
+ global $plugin_page;
$parent = get_admin_page_parent();
if ( isset($menu_nopriv[$pagenow]) )
return false;
+ if ( isset($plugin_page) && isset($menu_nopriv[$plugin_page]) )
+ return false;
+
if ( empty($parent) )
return true;
diff --git a/wp-admin/admin.php b/wp-admin/admin.php
index b6e270c..91196b0 100644
--- a/wp-admin/admin.php
+++ b/wp-admin/admin.php
@@ -39,12 +39,15 @@ wp_enqueue_script( 'fat' );
$editing = false;
-require(ABSPATH . '/wp-admin/menu.php');
-
-// Handle plugin admin pages.
if (isset($_GET['page'])) {
$plugin_page = stripslashes($_GET['page']);
$plugin_page = plugin_basename($plugin_page);
+}
+
+require(ABSPATH . '/wp-admin/menu.php');
+
+// Handle plugin admin pages.
+if (isset($plugin_page)) {
$page_hook = get_plugin_page_hook($plugin_page, $pagenow);
if ( $page_hook ) {
@@ -76,6 +79,9 @@ if (isset($_GET['page'])) {
$importer = $_GET['import'];
+ if ( ! current_user_can('import') )
+ wp_die(__('You are not allowed to import.'));
+
if ( validate_file($importer) ) {
wp_die(__('Invalid importer.'));
}
diff --git a/wp-content/themes/default/attachment.php b/wp-content/themes/default/attachment.php
index ad7c60d..0d606db 100644
--- a/wp-content/themes/default/attachment.php
+++ b/wp-content/themes/default/attachment.php
@@ -12,7 +12,7 @@
<?php $_post = &get_post($post->ID); $classname = ($_post->iconsize[0] <= 128 ? 'small' : '') . 'attachment'; // This lets us style narrow icons specially ?>
<div class="post" id="post-<?php the_ID(); ?>">
<h2><a href="<?php echo get_permalink($post->post_parent); ?>" rev="attachment"><?php echo get_the_title($post->post_parent); ?></a> &raquo; <a href="<?php echo get_permalink() ?>" rel="bookmark" title="Permanent Link: <?php the_title(); ?>"><?php the_title(); ?></a></h2>
- <div class="entrytext">
+ <div class="entry">
<p class="<?php echo $classname; ?>"><?php echo $attachment_link; ?><br /><?php echo basename($post->guid); ?></p>
<?php the_content('<p class="serif">Read the rest of this entry &raquo;</p>'); ?>
diff --git a/wp-content/themes/default/page.php b/wp-content/themes/default/page.php
index c35a4dd..57017b0 100644
--- a/wp-content/themes/default/page.php
+++ b/wp-content/themes/default/page.php
@@ -5,7 +5,7 @@
<?php if (have_posts()) : while (have_posts()) : the_post(); ?>
<div class="post" id="post-<?php the_ID(); ?>">
<h2><?php the_title(); ?></h2>
- <div class="entrytext">
+ <div class="entry">
<?php the_content('<p class="serif">Read the rest of this page &raquo;</p>'); ?>
<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
diff --git a/wp-content/themes/default/single.php b/wp-content/themes/default/single.php
index 05cc554..fb071b1 100644
--- a/wp-content/themes/default/single.php
+++ b/wp-content/themes/default/single.php
@@ -12,7 +12,7 @@
<div class="post" id="post-<?php the_ID(); ?>">
<h2><a href="<?php echo get_permalink() ?>" rel="bookmark" title="Permanent Link: <?php the_title(); ?>"><?php the_title(); ?></a></h2>
- <div class="entrytext">
+ <div class="entry">
<?php the_content('<p class="serif">Read the rest of this entry &raquo;</p>'); ?>
<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
diff --git a/wp-includes/classes.php b/wp-includes/classes.php
index 976a727..f2d823f 100644
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -531,7 +531,7 @@ class Walker_Page extends Walker {
if ( $page->ID == $current_page )
$css_class .= ' current_page_item';
- $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . wp_specialchars($page->post_title) . '">' . $page->post_title . '</a>';
+ $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . wp_specialchars($page->post_title, 1) . '">' . $page->post_title . '</a>';
if ( !empty($show_date) ) {
if ( 'modified' == $show_date )
@@ -599,9 +599,9 @@ class Walker_Category extends Walker {
$link = '<a href="' . get_category_link($category->cat_ID) . '" ';
if ( $use_desc_for_title == 0 || empty($category->category_description) )
- $link .= 'title="'. sprintf(__("View all posts filed under %s"), wp_specialchars($category->cat_name)) . '"';
+ $link .= 'title="'. sprintf(__("View all posts filed under %s"), wp_specialchars($category->cat_name, 1)) . '"';
else
- $link .= 'title="' . wp_specialchars(apply_filters('category_description',$category->category_description,$category)) . '"';
+ $link .= 'title="' . wp_specialchars(apply_filters('category_description',$category->category_description,$category),1) . '"';
$link .= '>';
$link .= apply_filters('list_cats', $category->cat_name, $category).'</a>';
diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php
index 9a34aeb..2cdd211 100644
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@@ -103,11 +103,12 @@ add_filter('sanitize_title', 'sanitize_title_with_dashes');
// RSS filters
add_filter('the_title_rss', 'strip_tags');
add_filter('the_title_rss', 'ent2ncr', 8);
+add_filter('the_title_rss', 'wp_specialchars');
add_filter('the_content_rss', 'ent2ncr', 8);
add_filter('the_excerpt_rss', 'convert_chars');
add_filter('the_excerpt_rss', 'ent2ncr', 8);
add_filter('comment_author_rss', 'ent2ncr', 8);
-add_filter('comment_text_rss', 'htmlspecialchars');
+add_filter('comment_text_rss', 'wp_specialchars');
add_filter('comment_text_rss', 'ent2ncr', 8);
add_filter('bloginfo_rss', 'ent2ncr', 8);
add_filter('the_author', 'ent2ncr', 8);
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index 7735d58..f027869 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -149,6 +149,9 @@ function utf8_uri_encode( $utf8_string ) {
}
function remove_accents($string) {
+ if ( !preg_match('/[\x80-\xff]/', $string) )
+ return $string;
+
if (seems_utf8($string)) {
$chars = array(
// Decompositions for Latin-1 Supplement
generated by cgit (git 2.34.1) at 2024-05-21 13:53:02 +0000