diff options
-rw-r--r-- | wp-content/themes/classic/comments-popup.php | 5 | ||||
-rw-r--r-- | wp-content/themes/default/comments-popup.php | 5 | ||||
-rw-r--r-- | wp-includes/comment-template.php | 28 | ||||
-rw-r--r-- | wp-includes/comment.php | 353 | ||||
-rw-r--r-- | wp-includes/compat.php | 9 | ||||
-rw-r--r-- | wp-includes/default-filters.php | 1 | ||||
-rw-r--r-- | wp-includes/functions.php | 149 | ||||
-rw-r--r-- | wp-includes/post-template.php | 2 | ||||
-rw-r--r-- | wp-includes/post.php | 13 | ||||
-rw-r--r-- | wp-includes/query.php | 23 | ||||
-rw-r--r-- | wp-settings.php | 2 |
11 files changed, 311 insertions, 279 deletions
diff --git a/wp-content/themes/classic/comments-popup.php b/wp-content/themes/classic/comments-popup.php index 7a209a2..49ffe3c 100644 --- a/wp-content/themes/classic/comments-popup.php +++ b/wp-content/themes/classic/comments-popup.php @@ -29,9 +29,8 @@ foreach ($posts as $post) { start_wp(); <?php // this line is WordPress' motor, do not delete it. -$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : ''; -$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : ''; -$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : ''; +$commenter = wp_get_current_commenter(); +extract($commenter); $comments = get_approved_comments($id); $commentstatus = get_post($id); if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $commentstatus->post_password) { // and it doesn't match the cookie diff --git a/wp-content/themes/default/comments-popup.php b/wp-content/themes/default/comments-popup.php index f22b861..3cd58a6 100644 --- a/wp-content/themes/default/comments-popup.php +++ b/wp-content/themes/default/comments-popup.php @@ -29,9 +29,8 @@ foreach ($posts as $post) { start_wp(); <?php // this line is WordPress' motor, do not delete it. -$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : ''; -$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : ''; -$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : ''; +$commenter = wp_get_current_commenter(); +extract($commenter); $comments = get_approved_comments($id); $post = get_post($id); if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 6355a96..c5d5b8f 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -273,26 +273,12 @@ function pings_open() { function comments_template( $file = '/comments.php' ) { global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity; - if ( is_single() || is_page() || $withcomments ) : - $req = get_settings('require_name_email'); - $comment_author = ''; - if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { - $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); - $comment_author = stripslashes($comment_author); - $comment_author = wp_specialchars($comment_author, true); - } - $comment_author_email = ''; - if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { - $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); - $comment_author_email = stripslashes($comment_author_email); - $comment_author_email = wp_specialchars($comment_author_email, true); - } - $comment_author_url = ''; - if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { - $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); - $comment_author_url = stripslashes($comment_author_url); - $comment_author_url = wp_specialchars($comment_author_url, true); - } + if ( ! (is_single() || is_page() || $withcomments) ) + return; + + $req = get_settings('require_name_email'); + $commenter = wp_get_current_commenter(); + extract($commenter); // TODO: Use API instead of SELECTs. if ( empty($comment_author) ) { @@ -309,8 +295,6 @@ function comments_template( $file = '/comments.php' ) { require( $include ); else require( ABSPATH . 'wp-content/themes/default/comments.php'); - - endif; } function comments_popup_script($width=400, $height=400, $file='') { diff --git a/wp-includes/comment.php b/wp-includes/comment.php index 9751c36..9211114 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -146,6 +146,29 @@ function get_lastcommentmodified($timezone = 'server') { return $lastcommentmodified; } +function sanitize_comment_cookies() { + if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { + $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); + $comment_author = stripslashes($comment_author); + $comment_author = wp_specialchars($comment_author, true); + $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; + } + + if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { + $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); + $comment_author_email = stripslashes($comment_author_email); + $comment_author_email = wp_specialchars($comment_author_email, true); + $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; + } + + if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { + $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); + $comment_author_url = stripslashes($comment_author_url); + $comment_author_url = wp_specialchars($comment_author_url, true); + $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; + } +} + function wp_allow_comment($commentdata) { global $wpdb; extract($commentdata); @@ -275,6 +298,24 @@ function wp_get_comment_status($comment_id) { } } +function wp_get_current_commenter() { + // Cookies should already be sanitized. + + $comment_author = ''; + if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) + $comment_author = $_COOKIE['comment_author_'.COOKIEHASH]; + + $comment_author_email = ''; + if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) + $comment_author_email = $_COOKIE['comment_author_email_'.COOKIEHASH]; + + $comment_author_url = ''; + if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) + $comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH]; + + return compact('comment_author', 'comment_author_email', 'comment_author_url'); +} + function wp_insert_comment($commentdata) { global $wpdb; extract($commentdata); @@ -436,85 +477,9 @@ function wp_update_comment_count($post_id) { return true; } -function pingback($content, $post_ID) { - global $wp_version, $wpdb; - include_once (ABSPATH . WPINC . '/class-IXR.php'); - - // original code by Mort (http://mort.mine.nu:8080) - $log = debug_fopen(ABSPATH . '/pingback.log', 'a'); - $post_links = array(); - debug_fwrite($log, 'BEGIN '.date('YmdHis', time())."\n"); - - $pung = get_pung($post_ID); - - // Variables - $ltrs = '\w'; - $gunk = '/#~:.?+=&%@!\-'; - $punc = '.:?\-'; - $any = $ltrs . $gunk . $punc; - - // Step 1 - // Parsing the post, external links (if any) are stored in the $post_links array - // This regexp comes straight from phpfreaks.com - // http://www.phpfreaks.com/quickcode/Extract_All_URLs_on_a_Page/15.php - preg_match_all("{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp); - - // Debug - debug_fwrite($log, 'Post contents:'); - debug_fwrite($log, $content."\n"); - - // Step 2. - // Walking thru the links array - // first we get rid of links pointing to sites, not to specific files - // Example: - // http://dummy-weblog.org - // http://dummy-weblog.org/ - // http://dummy-weblog.org/post.php - // We don't wanna ping first and second types, even if they have a valid <link/> - - foreach($post_links_temp[0] as $link_test) : - if ( !in_array($link_test, $pung) && (url_to_postid($link_test) != $post_ID) // If we haven't pung it already and it isn't a link to itself - && !is_local_attachment($link_test) ) : // Also, let's never ping local attachments. - $test = parse_url($link_test); - if (isset($test['query'])) - $post_links[] = $link_test; - elseif(($test['path'] != '/') && ($test['path'] != '')) - $post_links[] = $link_test; - endif; - endforeach; - - do_action('pre_ping', array(&$post_links, &$pung)); - - foreach ($post_links as $pagelinkedto){ - debug_fwrite($log, "Processing -- $pagelinkedto\n"); - $pingback_server_url = discover_pingback_server_uri($pagelinkedto, 2048); - - if ($pingback_server_url) { - @ set_time_limit( 60 ); - // Now, the RPC call - debug_fwrite($log, "Page Linked To: $pagelinkedto \n"); - debug_fwrite($log, 'Page Linked From: '); - $pagelinkedfrom = get_permalink($post_ID); - debug_fwrite($log, $pagelinkedfrom."\n"); - - // using a timeout of 3 seconds should be enough to cover slow servers - $client = new IXR_Client($pingback_server_url); - $client->timeout = 3; - $client->useragent .= ' -- WordPress/' . $wp_version; - - // when set to true, this outputs debug messages by itself - $client->debug = false; - - if ( $client->query('pingback.ping', $pagelinkedfrom, $pagelinkedto ) ) - add_ping( $post_ID, $pagelinkedto ); - else - debug_fwrite($log, "Error.\n Fault code: ".$client->getErrorCode()." : ".$client->getErrorMessage()."\n"); - } - } - - debug_fwrite($log, "\nEND: ".time()."\n****************************\n"); - debug_fclose($log); -} +// +// Ping and trackback functions. +// function discover_pingback_server_uri($url, $timeout_bytes = 2048) { global $wp_version; @@ -606,17 +571,227 @@ function discover_pingback_server_uri($url, $timeout_bytes = 2048) { return false; } -function is_local_attachment($url) { - if ( !strstr($url, get_bloginfo('home') ) ) - return false; - if ( strstr($url, get_bloginfo('home') . '/?attachment_id=') ) - return true; - if ( $id = url_to_postid($url) ) { - $post = & get_post($id); - if ( 'attachment' == $post->post_type ) - return true; +function do_all_pings() { + global $wpdb; + + // Do pingbacks + while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) { + $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';"); + pingback($ping->post_content, $ping->ID); } - return false; + + // Do Enclosures + while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) { + $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$enclosure->ID} AND meta_key = '_encloseme';"); + do_enclose($enclosure->post_content, $enclosure->ID); + } + + // Do Trackbacks + $trackbacks = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE CHAR_LENGTH(TRIM(to_ping)) > 7 AND post_status = 'publish'"); + if ( is_array($trackbacks) ) { + foreach ( $trackbacks as $trackback ) { + do_trackbacks($trackback->ID); + } + } + + //Do Update Services/Generic Pings + generic_ping(); +} + +function do_trackbacks($post_id) { + global $wpdb; + + $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $post_id"); + $to_ping = get_to_ping($post_id); + $pinged = get_pung($post_id); + if ( empty($to_ping) ) { + $wpdb->query("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = '$post_id'"); + return; + } + + if (empty($post->post_excerpt)) + $excerpt = apply_filters('the_content', $post->post_content); + else + $excerpt = apply_filters('the_excerpt', $post->post_excerpt); + $excerpt = str_replace(']]>', ']]>', $excerpt); + $excerpt = strip_tags($excerpt); + if ( function_exists('mb_strcut') ) // For international trackbacks + $excerpt = mb_strcut($excerpt, 0, 252, get_settings('blog_charset')) . '...'; + else + $excerpt = substr($excerpt, 0, 252) . '...'; + + $post_title = apply_filters('the_title', $post->post_title); + $post_title = strip_tags($post_title); + + if ($to_ping) : foreach ($to_ping as $tb_ping) : + $tb_ping = trim($tb_ping); + if ( !in_array($tb_ping, $pinged) ) { + trackback($tb_ping, $post_title, $excerpt, $post_id); + $pinged[] = $tb_ping; + } else { + $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = '$post_id'"); + } + endforeach; endif; +} + +function generic_ping($post_id = 0) { + $services = get_settings('ping_sites'); + $services = preg_replace("|(\s)+|", '$1', $services); // Kill dupe lines + $services = trim($services); + if ( '' != $services ) { + $services = explode("\n", $services); + foreach ($services as $service) { + weblog_ping($service); + } + } + + return $post_id; +} + +function pingback($content, $post_ID) { + global $wp_version, $wpdb; + include_once (ABSPATH . WPINC . '/class-IXR.php'); + + // original code by Mort (http://mort.mine.nu:8080) + $log = debug_fopen(ABSPATH . '/pingback.log', 'a'); + $post_links = array(); + debug_fwrite($log, 'BEGIN '.date('YmdHis', time())."\n"); + + $pung = get_pung($post_ID); + + // Variables + $ltrs = '\w'; + $gunk = '/#~:.?+=&%@!\-'; + $punc = '.:?\-'; + $any = $ltrs . $gunk . $punc; + + // Step 1 + // Parsing the post, external links (if any) are stored in the $post_links array + // This regexp comes straight from phpfreaks.com + // http://www.phpfreaks.com/quickcode/Extract_All_URLs_on_a_Page/15.php + preg_match_all("{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp); + + // Debug + debug_fwrite($log, 'Post contents:'); + debug_fwrite($log, $content."\n"); + + // Step 2. + // Walking thru the links array + // first we get rid of links pointing to sites, not to specific files + // Example: + // http://dummy-weblog.org + // http://dummy-weblog.org/ + // http://dummy-weblog.org/post.php + // We don't wanna ping first and second types, even if they have a valid <link/> + + foreach($post_links_temp[0] as $link_test) : + if ( !in_array($link_test, $pung) && (url_to_postid($link_test) != $post_ID) // If we haven't pung it already and it isn't a link to itself + && !is_local_attachment($link_test) ) : // Also, let's never ping local attachments. + $test = parse_url($link_test); + if (isset($test['query'])) + $post_links[] = $link_test; + elseif(($test['path'] != '/') && ($test['path'] != '')) + $post_links[] = $link_test; + endif; + endforeach; + + do_action('pre_ping', array(&$post_links, &$pung)); + + foreach ($post_links as $pagelinkedto){ + debug_fwrite($log, "Processing -- $pagelinkedto\n"); + $pingback_server_url = discover_pingback_server_uri($pagelinkedto, 2048); + + if ($pingback_server_url) { + @ set_time_limit( 60 ); + // Now, the RPC call + debug_fwrite($log, "Page Linked To: $pagelinkedto \n"); + debug_fwrite($log, 'Page Linked From: '); + $pagelinkedfrom = get_permalink($post_ID); + debug_fwrite($log, $pagelinkedfrom."\n"); + + // using a timeout of 3 seconds should be enough to cover slow servers + $client = new IXR_Client($pingback_server_url); + $client->timeout = 3; + $client->useragent .= ' -- WordPress/' . $wp_version; + + // when set to true, this outputs debug messages by itself + $client->debug = false; + + if ( $client->query('pingback.ping', $pagelinkedfrom, $pagelinkedto ) ) + add_ping( $post_ID, $pagelinkedto ); + else + debug_fwrite($log, "Error.\n Fault code: ".$client->getErrorCode()." : ".$client->getErrorMessage()."\n"); + } + } + + debug_fwrite($log, "\nEND: ".time()."\n****************************\n"); + debug_fclose($log); +} + +function privacy_ping_filter( $sites ) { + global $current_blog; + if ( '0' != $current_blog->public ) + return $sites; + else + return ''; +} + +// Send a Trackback +function trackback($trackback_url, $title, $excerpt, $ID) { + global $wpdb, $wp_version; + + if ( empty($trackback_url) ) + return; + + $title = urlencode($title); + $excerpt = urlencode($excerpt); + $blog_name = urlencode(get_settings('blogname')); + $tb_url = $trackback_url; + $url = urlencode(get_permalink($ID)); + $query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt"; + $trackback_url = parse_url($trackback_url); + $http_request = 'POST ' . $trackback_url['path'] . ($trackback_url['query'] ? '?'.$trackback_url['query'] : '') . " HTTP/1.0\r\n"; + $http_request .= 'Host: '.$trackback_url['host']."\r\n"; + $http_request .= 'Content-Type: application/x-www-form-urlencoded; charset='.get_settings('blog_charset')."\r\n"; + $http_request .= 'Content-Length: '.strlen($query_string)."\r\n"; + $http_request .= "User-Agent: WordPress/" . $wp_version; + $http_request .= "\r\n\r\n"; + $http_request .= $query_string; + if ( '' == $trackback_url['port'] ) + $trackback_url['port'] = 80; + $fs = @fsockopen($trackback_url['host'], $trackback_url['port'], $errno, $errstr, 4); + @fputs($fs, $http_request); +/* + $debug_file = 'trackback.log'; + $fp = fopen($debug_file, 'a'); + fwrite($fp, "\n*****\nRequest:\n\n$http_request\n\nResponse:\n\n"); + while(!@feof($fs)) { + fwrite($fp, @fgets($fs, 4096)); + } + fwrite($fp, "\n\n"); + fclose($fp); +*/ + @fclose($fs); + + $tb_url = addslashes( $tb_url ); + $wpdb->query("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = '$ID'"); + return $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = '$ID'"); +} + +function weblog_ping($server = '', $path = '') { + global $wp_version; + include_once (ABSPATH . WPINC . '/class-IXR.php'); + + // using a timeout of 3 seconds should be enough to cover slow servers + $client = new IXR_Client($server, ((!strlen(trim($path)) || ('/' == $path)) ? false : $path)); + $client->timeout = 3; + $client->useragent .= ' -- WordPress/'.$wp_version; + + // when set to true, this outputs debug messages by itself + $client->debug = false; + $home = trailingslashit( get_option('home') ); + if ( !$client->query('weblogUpdates.extendedPing', get_settings('blogname'), $home, get_bloginfo('rss2_url') ) ) // then try a normal ping + $client->query('weblogUpdates.ping', get_settings('blogname'), $home); } ?> diff --git a/wp-includes/compat.php b/wp-includes/compat.php index 49717a4..3b64dfb 100644 --- a/wp-includes/compat.php +++ b/wp-includes/compat.php @@ -73,7 +73,7 @@ if (!defined('CASE_UPPER')) { * @link http://php.net/function.array_change_key_case * @author Stephan Schmidt <schst@php.net> * @author Aidan Lister <aidan@php.net> - * @version $Revision: 3862 $ + * @version $Revision: 3901 $ * @since PHP 4.2.0 * @require PHP 4.0.0 (user_error) */ @@ -111,4 +111,11 @@ if(!function_exists('http_build_query')) { return implode($separator, $res); } } + +if ( !function_exists('_') ) { + function _($string) { + return $string; + } +} + ?> diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php index 8500a0c..d596500 100644 --- a/wp-includes/default-filters.php +++ b/wp-includes/default-filters.php @@ -127,4 +127,5 @@ add_action('do_feed_rss2', 'do_feed_rss2', 10, 1); add_action('do_feed_atom', 'do_feed_atom', 10, 1); add_action('do_pings', 'do_all_pings', 10, 1); add_action('do_robots', 'do_robots'); +add_action('sanitize_comment_cookies', 'sanitize_comment_cookies'); ?> diff --git a/wp-includes/functions.php b/wp-includes/functions.php index a8f5b5c..1882962 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -2,12 +2,6 @@ require_once(dirname(__FILE__).'/compat.php'); -if ( !function_exists('_') ) { - function _($string) { - return $string; - } -} - function mysql2date($dateformatstring, $mysqlstring, $translate = true) { global $wp_locale; $m = $mysqlstring; @@ -336,78 +330,6 @@ function timer_stop($display = 0, $precision = 3) { //if called like timer_stop( return $timetotal; } -function weblog_ping($server = '', $path = '') { - global $wp_version; - include_once (ABSPATH . WPINC . '/class-IXR.php'); - - // using a timeout of 3 seconds should be enough to cover slow servers - $client = new IXR_Client($server, ((!strlen(trim($path)) || ('/' == $path)) ? false : $path)); - $client->timeout = 3; - $client->useragent .= ' -- WordPress/'.$wp_version; - - // when set to true, this outputs debug messages by itself - $client->debug = false; - $home = trailingslashit( get_option('home') ); - if ( !$client->query('weblogUpdates.extendedPing', get_settings('blogname'), $home, get_bloginfo('rss2_url') ) ) // then try a normal ping - $client->query('weblogUpdates.ping', get_settings('blogname'), $home); -} - -function generic_ping($post_id = 0) { - $services = get_settings('ping_sites'); - $services = preg_replace("|(\s)+|", '$1', $services); // Kill dupe lines - $services = trim($services); - if ( '' != $services ) { - $services = explode("\n", $services); - foreach ($services as $service) { - weblog_ping($service); - } - } - - return $post_id; -} - -// Send a Trackback -function trackback($trackback_url, $title, $excerpt, $ID) { - global $wpdb, $wp_version; - - if ( empty($trackback_url) ) - return; - - $title = urlencode($title); - $excerpt = urlencode($excerpt); - $blog_name = urlencode(get_settings('blogname')); - $tb_url = $trackback_url; - $url = urlencode(get_permalink($ID)); - $query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt"; - $trackback_url = parse_url($trackback_url); - $http_request = 'POST ' . $trackback_url['path'] . ($trackback_url['query'] ? '?'.$trackback_url['query'] : '') . " HTTP/1.0\r\n"; - $http_request .= 'Host: '.$trackback_url['host']."\r\n"; - $http_request .= 'Content-Type: application/x-www-form-urlencoded; charset='.get_settings('blog_charset')."\r\n"; - $http_request .= 'Content-Length: '.strlen($query_string)."\r\n"; - $http_request .= "User-Agent: WordPress/" . $wp_version; - $http_request .= "\r\n\r\n"; - $http_request .= $query_string; - if ( '' == $trackback_url['port'] ) - $trackback_url['port'] = 80; - $fs = @fsockopen($trackback_url['host'], $trackback_url['port'], $errno, $errstr, 4); - @fputs($fs, $http_request); -/* - $debug_file = 'trackback.log'; - $fp = fopen($debug_file, 'a'); - fwrite($fp, "\n*****\nRequest:\n\n$http_request\n\nResponse:\n\n"); - while(!@feof($fs)) { - fwrite($fp, @fgets($fs, 4096)); - } - fwrite($fp, "\n\n"); - fclose($fp); -*/ - @fclose($fs); - - $tb_url = addslashes( $tb_url ); - $wpdb->query("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = '$ID'"); - return $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = '$ID'"); -} - function make_url_footnote($content) { preg_match_all('/<a(.+?)href=\"(.+?)\"(.*?)>(.+?)<\/a>/', $content, $matches); $j = 0; @@ -841,14 +763,6 @@ function get_num_queries() { return $wpdb->num_queries; } -function privacy_ping_filter( $sites ) { - global $current_blog; - if ( '0' != $current_blog->public ) - return $sites; - else - return ''; -} - function bool_from_yn($yn) { if ($yn == 'Y') return 1; return 0; @@ -1091,69 +1005,6 @@ function wp_check_filetype($filename, $mimes = null) { return compact('ext', 'type'); } -function do_trackbacks($post_id) { - global $wpdb; - - $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $post_id"); - $to_ping = get_to_ping($post_id); - $pinged = get_pung($post_id); - if ( empty($to_ping) ) { - $wpdb->query("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = '$post_id'"); - return; - } - - if (empty($post->post_excerpt)) - $excerpt = apply_filters('the_content', $post->post_content); - else - $excerpt = apply_filters('the_excerpt', $post->post_excerpt); - $excerpt = str_replace(']]>', ']]>', $excerpt); - $excerpt = strip_tags($excerpt); - if ( function_exists('mb_strcut') ) // For international trackbacks - $excerpt = mb_strcut($excerpt, 0, 252, get_settings('blog_charset')) . '...'; - else - $excerpt = substr($excerpt, 0, 252) . '...'; - - $post_title = apply_filters('the_title', $post->post_title); - $post_title = strip_tags($post_title); - - if ($to_ping) : foreach ($to_ping as $tb_ping) : - $tb_ping = trim($tb_ping); - if ( !in_array($tb_ping, $pinged) ) { - trackback($tb_ping, $post_title, $excerpt, $post_id); - $pinged[] = $tb_ping; - } else { - $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = '$post_id'"); - } - endforeach; endif; -} - -function do_all_pings() { - global $wpdb; - - // Do pingbacks - while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) { - $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';"); - pingback($ping->post_content, $ping->ID); - } - - // Do Enclosures - while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) { - $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$enclosure->ID} AND meta_key = '_encloseme';"); - do_enclose($enclosure->post_content, $enclosure->ID); - } - - // Do Trackbacks - $trackbacks = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE CHAR_LENGTH(TRIM(to_ping)) > 7 AND post_status = 'publish'"); - if ( is_array($trackbacks) ) { - foreach ( $trackbacks as $trackback ) { - do_trackbacks($trackback->ID); - } - } - - //Do Update Services/Generic Pings - generic_ping(); -} - function wp_proxy_check($ipnum) { if ( get_option('open_proxy_check') && isset($ipnum) ) { $rev_ip = implode( '.', array_reverse( explode( '.', $ipnum ) ) ); diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php index 1c18980..fcd3f89 100644 --- a/wp-includes/post-template.php +++ b/wp-includes/post-template.php @@ -34,6 +34,8 @@ function get_the_title($id = 0) { $title = $post->post_title; if ( !empty($post->post_password) ) $title = sprintf(__('Protected: %s'), $title); + else if ( 'private' == $post->post_status ) + $title = sprintf(__('Private: %s'), $title); return $title; } diff --git a/wp-includes/post.php b/wp-includes/post.php index ce1a227..b29d0d2 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -1118,6 +1118,19 @@ function generate_page_uri_index() { // Attachment functions // +function is_local_attachment($url) { + if ( !strstr($url, get_bloginfo('home') ) ) + return false; + if ( strstr($url, get_bloginfo('home') . '/?attachment_id=') ) + return true; + if ( $id = url_to_postid($url) ) { + $post = & get_post($id); + if ( 'attachment' == $post->post_type ) + return true; + } + return false; +} + function wp_insert_attachment($object, $file = false, $post_parent = 0) { global $wpdb, $user_ID; diff --git a/wp-includes/query.php b/wp-includes/query.php index ae6ecbe..3bb98b0 100644 --- a/wp-includes/query.php +++ b/wp-includes/query.php @@ -850,20 +850,19 @@ class WP_Query { } else {
$where .= " AND (post_type = '$post_type' AND (post_status = 'publish'";
- if ( is_admin() ) {
+ if ( is_admin() )
$where .= " OR post_status = 'future' OR post_status = 'draft'";
- if ( is_user_logged_in() ) {
- if ( 'post' == $post_type )
- $cap = 'edit_private_posts';
- else
- $cap = 'edit_private_pages';
-
- if ( current_user_can($cap) )
- $where .= "OR post_status = 'private'";
- else
- $where .= " OR post_author = $user_ID AND post_status = 'private'";
- }
+ if ( is_user_logged_in() ) {
+ if ( 'post' == $post_type )
+ $cap = 'edit_private_posts';
+ else
+ $cap = 'edit_private_pages';
+
+ if ( current_user_can($cap) )
+ $where .= " OR post_status = 'private'";
+ else
+ $where .= " OR post_author = $user_ID AND post_status = 'private'";
}
$where .= '))';
diff --git a/wp-settings.php b/wp-settings.php index a7cb2b4..50ba158 100644 --- a/wp-settings.php +++ b/wp-settings.php @@ -258,6 +258,8 @@ $_POST = add_magic_quotes($_POST ); $_COOKIE = add_magic_quotes($_COOKIE); $_SERVER = add_magic_quotes($_SERVER); +do_action('sanitize_comment_cookies'); + $wp_query = new WP_Query(); $wp_rewrite = new WP_Rewrite(); $wp = new WP(); |