summaryrefslogtreecommitdiffstats
path: root/wp-admin
diff options
context:
space:
mode:
Diffstat (limited to 'wp-admin')
-rw-r--r--wp-admin/admin-functions.php54
-rw-r--r--wp-admin/cat-js.php2
-rw-r--r--wp-admin/comment.php16
-rw-r--r--wp-admin/dbx-admin-key-js.php24
-rw-r--r--wp-admin/edit-comments.php10
-rw-r--r--wp-admin/edit-page-form.php2
-rw-r--r--wp-admin/edit.php4
-rw-r--r--wp-admin/export.php65
-rw-r--r--wp-admin/import/blogger.php8
-rw-r--r--wp-admin/import/wordpress.php34
-rw-r--r--wp-admin/link-add.php2
-rw-r--r--wp-admin/link-manager.php4
-rw-r--r--wp-admin/moderation.php2
-rw-r--r--wp-admin/plugins.php10
-rw-r--r--wp-admin/upgrade-functions.php3
-rw-r--r--wp-admin/upload-js.php36
-rw-r--r--wp-admin/upload.css1
-rw-r--r--wp-admin/users.php8
18 files changed, 217 insertions, 68 deletions
diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php
index 8da7ff0..aaf16ca 100644
--- a/wp-admin/admin-functions.php
+++ b/wp-admin/admin-functions.php
@@ -444,7 +444,7 @@ function edit_user( $user_id = 0 ) {
$user->user_email = wp_specialchars( trim( $_POST['email'] ));
if ( isset( $_POST['url'] ) ) {
$user->user_url = wp_specialchars( trim( $_POST['url'] ));
- $user->user_url = preg_match( '/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url ) ? $user->user_url : 'http://'.$user->user_url;
+ $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
}
if ( isset( $_POST['first_name'] ))
$user->first_name = wp_specialchars( trim( $_POST['first_name'] ));
@@ -558,7 +558,7 @@ function edit_link( $link_id = '' ) {
wp_die( __("Cheatin' uh ?" ));
$_POST['link_url'] = wp_specialchars( $_POST['link_url'] );
- $_POST['link_url'] = preg_match( '/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url'] ) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
+ $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
$_POST['link_name'] = wp_specialchars( $_POST['link_name'] );
$_POST['link_image'] = wp_specialchars( $_POST['link_image'] );
$_POST['link_rss'] = wp_specialchars( $_POST['link_rss'] );
@@ -598,7 +598,10 @@ function return_categories_list( $parent = 0 ) {
}
function sort_cats( $cat1, $cat2 ) {
- return strcasecmp( $cat1['cat_name'], $cat2['cat_name'] );
+ if ( $cat1['checked'] || $cat2['checked'] )
+ return ( $cat1['checked'] && !$cat2['checked'] ) ? -1 : 1;
+ else
+ return strcasecmp( $cat1['cat_name'], $cat2['cat_name'] );
}
function get_nested_categories( $default = 0, $parent = 0 ) {
@@ -758,7 +761,7 @@ function _cat_row( $category, $level, $name_override = false ) {
<th scope='row' style='text-align: center'>$category->cat_ID</th>
<td>" . ( $name_override ? $name_override : $pad . ' ' . $category->cat_name ) . "</td>
<td>$category->category_description</td>
- <td align='center'>$category->category_count</td>
+ <td align='center'><a href='edit.php?cat=$category->cat_ID'>$category->category_count</a></td>
<td align='center'>$category->link_count</td>
<td>$edit</td>\n\t</tr>\n";
}
@@ -1037,7 +1040,8 @@ function meta_form() {
GROUP BY meta_key
ORDER BY meta_id DESC
LIMIT $limit" );
- natcasesort( $keys );
+ if ( $keys )
+ natcasesort($keys);
?>
<h3><?php _e( 'Add a new custom field:' ) ?></h3>
<table id="newmeta" cellspacing="3" cellpadding="3">
@@ -1991,13 +1995,14 @@ function wp_import_handle_upload() {
return $file;
$url = $file['url'];
+ $type = $file['type'];
$file = addslashes( $file['file'] );
$filename = basename( $file );
// Construct the object array
$object = array( 'post_title' => $filename,
'post_content' => $url,
- 'post_mime_type' => 'import',
+ 'post_mime_type' => $type,
'guid' => $url
);
@@ -2077,6 +2082,43 @@ function wp_reset_vars( $vars ) {
}
}
+
+function wp_check_for_changed_slugs($post_id) {
+ if ( !strlen($_POST['wp-old-slug']) )
+ return $post_id;
+
+ $post = &get_post($post_id);
+
+ // we're only concerned with published posts
+ if ( $post->post_status != 'publish' || $post->post_type != 'post' )
+ return $post_id;
+
+ // only bother if the slug has changed
+ if ( $post->post_name == $_POST['wp-old-slug'] )
+ return $post_id;
+
+ $old_slugs = get_post_meta($post_id, '_wp_old_slug');
+
+ // if we haven't added this old slug before, add it now
+ if ( !count($old_slugs) || !in_array($_POST['wp-old-slug'], $old_slugs) )
+ add_post_meta($post_id, '_wp_old_slug', $_POST['wp-old-slug']);
+
+ // if the new slug was used previously, delete it from the list
+ if ( in_array($post->post_name, $old_slugs) )
+ delete_post_meta($post_id, '_wp_old_slug', $post->post_name);
+
+ return $post_id;
+}
+
+
+function wp_remember_old_slug() {
+ global $post;
+ $name = wp_specialchars($post->post_name); // just in case
+ if ( strlen($name) )
+ echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />';
+}
+
+
// If siteurl or home changed, reset cookies and flush rewrite rules.
function update_home_siteurl( $old_value, $value ) {
global $wp_rewrite, $user_login, $user_pass_md5;
diff --git a/wp-admin/cat-js.php b/wp-admin/cat-js.php
index e1b0e28..35df2c8 100644
--- a/wp-admin/cat-js.php
+++ b/wp-admin/cat-js.php
@@ -8,7 +8,7 @@ function newCatAddIn() {
var jaxcat = $('jaxcat');
if ( !jaxcat )
return false;
- jaxcat.update('<span id="ajaxcat"><input type="text" name="newcat" id="newcat" size="16" autocomplete="off"/><input type="button" name="Button" id="catadd" value="<?php _e('Add'); ?>"/><span id="howto"><?php _e('Separate multiple categories with commas.'); ?></span></span>');
+ jaxcat.update('<span id="ajaxcat"><input type="text" name="newcat" id="newcat" size="16" autocomplete="off"/><input type="button" name="Button" id="catadd" value="<?php echo js_escape(__('Add')); ?>"/><span id="howto"><?php js_escape(__('Separate multiple categories with commas.')); ?></span></span>');
$('newcat').onkeypress = function(e) { return killSubmit("catList.ajaxAdder('category','jaxcat');", e); };
$('catadd').onclick = function() { catList.ajaxAdder('category', 'jaxcat'); };
}
diff --git a/wp-admin/comment.php b/wp-admin/comment.php
index 8ce3cd8..a583264 100644
--- a/wp-admin/comment.php
+++ b/wp-admin/comment.php
@@ -18,7 +18,7 @@ case 'editcomment':
$comment = (int) $_GET['c'];
if ( ! $comment = get_comment($comment) )
- wp_die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'javascript:history.go(-1)'));
+ wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)'));
if ( !current_user_can('edit_post', $comment->comment_post_ID) )
wp_die( __('You are not allowed to edit comments on this post.') );
@@ -40,7 +40,7 @@ case 'mac':
$nonce_action .= $comment;
if ( ! $comment = get_comment($comment) )
- wp_die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
+ wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));
if ( !current_user_can('edit_post', $comment->comment_post_ID) )
wp_die( 'cdc' == $action ? __('You are not allowed to delete comments on this post.') : __('You are not allowed to edit comments on this post, so you cannot approve this comment.') );
@@ -49,11 +49,11 @@ case 'mac':
<div class="narrow">
<?php if ( 'spam' == $_GET['dt'] ) { ?>
-<p><?php _e('<strong>Caution:</strong> You are about to mark the following comment as spam:'); ?></p>
+<p><?php echo '<strong>'.__('Caution:').'</strong> '.__('You are about to mark the following comment as spam:'); ?></p>
<?php } elseif ( 'cdc' == $action ) { ?>
-<p><?php _e('<strong>Caution:</strong> You are about to delete the following comment:'); ?></p>
+<p><?php echo '<strong>'.__('Caution:').'</strong> '.__('You are about to delete the following comment:'); ?></p>
<?php } else { ?>
-<p><?php _e('<strong>Caution:</strong> You are about to approve the following comment:'); ?></p>
+<p><?php echo '<strong>'.__('Caution:').'</strong> '.__('You are about to approve the following comment:'); ?></p>
<?php } ?>
<p><?php _e('Are you sure you want to do that?'); ?></p>
@@ -116,7 +116,7 @@ case 'deletecomment':
}
if ( ! $comment = get_comment($comment) )
- wp_die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit-comments.php'));
+ wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php'));
if ( !current_user_can('edit_post', $comment->comment_post_ID) )
wp_die( __('You are not allowed to edit comments on this post.') );
@@ -145,7 +145,7 @@ case 'unapprovecomment':
}
if ( ! $comment = get_comment($comment) )
- wp_die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
+ wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));
if ( !current_user_can('edit_post', $comment->comment_post_ID) )
wp_die( __('You are not allowed to edit comments on this post, so you cannot disapprove this comment.') );
@@ -171,7 +171,7 @@ case 'approvecomment':
}
if ( ! $comment = get_comment($comment) )
- wp_die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
+ wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));
if ( !current_user_can('edit_post', $comment->comment_post_ID) )
wp_die( __('You are not allowed to edit comments on this post, so you cannot approve this comment.') );
diff --git a/wp-admin/dbx-admin-key-js.php b/wp-admin/dbx-admin-key-js.php
index 9746a8c..eb5e1a4 100644
--- a/wp-admin/dbx-admin-key-js.php
+++ b/wp-admin/dbx-admin-key-js.php
@@ -32,12 +32,12 @@ addLoadEvent( function()
'10', // animate re-ordering [frames per transition, or '0' for no effect]
'yes', // include open/close toggle buttons ['yes'|'no']
'closed', // default state ['open'|'closed']
- 'open', // word for "open", as in "open this box"
- 'close', // word for "close", as in "close this box"
- 'click-down and drag to move this box', // sentence for "move this box" by mouse
- 'click to %toggle% this box', // pattern-match sentence for "(open|close) this box" by mouse
- 'use the arrow keys to move this box', // sentence for "move this box" by keyboard
- ', or press the enter key to %toggle% it', // pattern-match sentence-fragment for "(open|close) this box" by keyboard
+ '<?php echo js_escape(__('open')); ?>', // word for "open", as in "open this box"
+ '<?php echo js_escape(__('close')); ?>', // word for "close", as in "close this box"
+ '<?php echo js_escape(__('click-down and drag to move this box')); ?>', // sentence for "move this box" by mouse
+ '<?php echo js_escape(__('click to %toggle% this box')); ?>', // pattern-match sentence for "(open|close) this box" by mouse
+ '<?php echo js_escape(__('use the arrow keys to move this box')); ?>', // sentence for "move this box" by keyboard
+ '<?php echo js_escape(__(', or press the enter key to %toggle% it')); ?>', // pattern-match sentence-fragment for "(open|close) this box" by keyboard
'%mytitle% [%dbxtitle%]' // pattern-match syntax for title-attribute conflicts
);
@@ -57,12 +57,12 @@ addLoadEvent( function()
'10', // animate re-ordering [frames per transition, or '0' for no effect]
'yes', // include open/close toggle buttons ['yes'|'no']
'closed', // default state ['open'|'closed']
- 'open', // word for "open", as in "open this box"
- 'close', // word for "close", as in "close this box"
- 'click-down and drag to move this box', // sentence for "move this box" by mouse
- 'click to %toggle% this box', // pattern-match sentence for "(open|close) this box" by mouse
- 'use the arrow keys to move this box', // sentence for "move this box" by keyboard
- ', or press the enter key to %toggle% it', // pattern-match sentence-fragment for "(open|close) this box" by keyboard
+ '<?php echo js_escape(__('open')); ?>', // word for "open", as in "open this box"
+ '<?php echo js_escape(__('close')); ?>', // word for "close", as in "close this box"
+ '<?php echo js_escape(__('click-down and drag to move this box')); ?>', // sentence for "move this box" by mouse
+ '<?php echo js_escape(__('click to %toggle% this box')); ?>', // pattern-match sentence for "(open|close) this box" by mouse
+ '<?php echo js_escape(__('use the arrow keys to move this box')); ?>', // sentence for "move this box" by keyboard
+ '<?php echo js_escape(__(', or press the enter key to %toggle% it')); ?>', // pattern-match sentence-fragment for "(open|close) this box" by keyboard
'%mytitle% [%dbxtitle%]' // pattern-match syntax for title-attribute conflicts
);
});
diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index 488a055..fda618c 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -157,12 +157,12 @@ $start = " start='$offset'";
<?php
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
echo " <a href='comment.php?action=editcomment&amp;c=".$comment->comment_ID."'>" . __('Edit') . '</a>';
- echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
+ echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
}
- echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=" . $comment->comment_post_ID . "&amp;c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to mark as spam."), js_escape( $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ";
+ echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=" . $comment->comment_post_ID . "&amp;c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to mark as spam."), $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ";
}
$post = get_post($comment->comment_post_ID);
$post_title = wp_specialchars( $post->post_title, 'double' );
@@ -223,14 +223,14 @@ $post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
<td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
echo "<a href='comment.php?action=editcomment&amp;c=$comment->comment_ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
<td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
- echo "<a href=\"comment.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;c=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape( $comment->comment_author )) . "', theCommentList );\" class='delete'>" . __('Delete') . "</a> ";
+ echo "<a href=\"comment.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;c=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), $comment->comment_author )) . "', theCommentList );\" class='delete'>" . __('Delete') . "</a> ";
} ?></td>
</tr>
<?php
} // end foreach
?></table>
-<p class="submit"><input type="submit" name="delete_button" class="delete" value="<?php _e('Delete Checked Comments &raquo;') ?>" onclick="var numchecked = getNumChecked(document.getElementById('deletecomments')); if(numchecked < 1) { alert('<?php _e("Please select some comments to delete"); ?>'); return false } return confirm('<?php printf(__("You are about to delete %s comments permanently \\n \'Cancel\' to stop, \'OK\' to delete."), "' + numchecked + '"); ?>')" />
- <input type="submit" name="spam_button" value="<?php _e('Mark Checked Comments as Spam &raquo;') ?>" onclick="return confirm('<?php _e("You are about to mark these comments as spam \\n \'Cancel\' to stop, \'OK\' to mark as spam.") ?>')" /></p>
+<p class="submit"><input type="submit" name="delete_button" class="delete" value="<?php _e('Delete Checked Comments &raquo;') ?>" onclick="var numchecked = getNumChecked(document.getElementById('deletecomments')); if(numchecked < 1) { alert('<?php echo js_escape(__("Please select some comments to delete")); ?>'); return false } return confirm('<?php echo js_escape(sprintf(__("You are about to delete %s comments permanently \\n \'Cancel\' to stop, \'OK\' to delete.")), "' + numchecked + '"); ?>')" />
+ <input type="submit" name="spam_button" value="<?php _e('Mark Checked Comments as Spam &raquo;') ?>" onclick="return confirm('<?php echo js_escape(__("You are about to mark these comments as spam \\n \'Cancel\' to stop, \'OK\' to mark as spam.")); ?>')" /></p>
</form>
<div id="ajax-response"></div>
<?php
diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php
index 5f80f26..42135ce 100644
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@@ -188,7 +188,7 @@ list_meta($metadata);
<?php if ('edit' == $action) :
$delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID );
if ( current_user_can('delete_page', $post->ID) ) ?>
- <input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
+ <input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(sprintf(__("You are about to delete this page \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), $post->post_title )) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
<?php endif; ?>
</div>
diff --git a/wp-admin/edit.php b/wp-admin/edit.php
index 395bc6b..529ca15 100644
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -127,11 +127,11 @@ if ( count($arc_result) ) { ?>
<?php
// define the columns to display, the syntax is 'internal name' => 'display name'
$posts_columns = array(
- 'id' => __('ID'),
+ 'id' => '<div style="text-align: center">' . __('ID') . '</div>',
'date' => __('When'),
'title' => __('Title'),
'categories' => __('Categories'),
- 'comments' => __('Comments'),
+ 'comments' => '<div style="text-align: center">' . __('Comments') . '</div>',
'author' => __('Author')
);
$posts_columns = apply_filters('manage_posts_columns', $posts_columns);
diff --git a/wp-admin/export.php b/wp-admin/export.php
index 8f740fc..2f69320 100644
--- a/wp-admin/export.php
+++ b/wp-admin/export.php
@@ -61,6 +61,68 @@ if ( isset( $_GET['author'] ) && $_GET['author'] != 'all' ) {
}
$posts = $wpdb->get_results("SELECT * FROM $wpdb->posts $where ORDER BY post_date_gmt ASC");
+
+$categories = (array) $wpdb->get_results("SELECT cat_ID, cat_name, category_nicename, category_description, category_parent, posts_private, links_private FROM $wpdb->categories LEFT JOIN $wpdb->post2cat ON (category_id = cat_id) LEFT JOIN $wpdb->posts ON (post_id <=> id) $where GROUP BY cat_id");
+
+function wxr_missing_parents($categories) {
+ if ( !is_array($categories) || empty($categories) )
+ return array();
+
+ foreach ( $categories as $category )
+ $parents[$category->cat_ID] = $category->category_parent;
+
+ $parents = array_unique(array_diff($parents, array_keys($parents)));
+
+ if ( $zero = array_search('0', $parents) )
+ unset($parents[$zero]);
+
+ return $parents;
+}
+
+while ( $parents = wxr_missing_parents($categories) ) {
+ $found_parents = $wpdb->get_results("SELECT cat_ID, cat_name, category_nicename, category_description, category_parent, posts_private, links_private FROM $wpdb->categories WHERE cat_ID IN (" . join(', ', $parents) . ")");
+ if ( is_array($found_parents) && count($found_parents) )
+ $categories = array_merge($categories, $found_parents);
+ else
+ break;
+}
+
+// Put them in order to be inserted with no child going before its parent
+$pass = 0;
+$passes = 1000 + count($categories);
+while ( ( $cat = array_shift($categories) ) && ++$pass < $passes ) {
+ if ( $cat->category_parent == 0 || isset($cats[$cat->category_parent]) ) {
+ $cats[$cat->cat_ID] = $cat;
+ } else {
+ $categories[] = $cat;
+ }
+}
+unset($categories);
+
+function wxr_cdata($str) {
+ if ( seems_utf8($str) == false )
+ $str = utf8_encode($str);
+
+ // $str = ent2ncr(wp_specialchars($str));
+
+ $str = "<![CDATA[$str" . ( ( substr($str, -1) == ']' ) ? ' ' : '') . "]]>";
+
+ return $str;
+}
+
+function wxr_cat_name($c) {
+ if ( empty($c->cat_name) )
+ return;
+
+ echo '<wp:cat_name>' . wxr_cdata($c->cat_name) . '</wp:cat_name>';
+}
+
+function wxr_category_description($c) {
+ if ( empty($c->category_description) )
+ return;
+
+ echo '<wp:category_description>' . wxr_cdata($c->category_description) . '</wp:category_description>';
+}
?>
<!-- This is a WordPress eXtended RSS file generated by WordPress as an export of your blog. -->
<!-- It contains information about your blog's posts, comments, and categories. -->
@@ -87,6 +149,9 @@ $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts $where ORDER BY post_dat
<pubDate><?php echo mysql2date('D, d M Y H:i:s +0000', get_lastpostmodified('GMT'), false); ?></pubDate>
<generator>http://wordpress.org/?v=<?php bloginfo_rss('version'); ?></generator>
<language><?php echo get_option('rss_language'); ?></language>
+<?php if ( $cats ) : foreach ( $cats as $c ) : ?>
+ <wp:category><wp:category_nicename><?php echo $c->category_nicename; ?></wp:category_nicename><wp:category_parent><?php echo $c->category_parent ? $cats[$c->category_parent]->cat_name : ''; ?></wp:category_parent><wp:posts_private><?php echo $c->posts_private ? '1' : '0'; ?></wp:posts_private><wp:links_private><?php echo $c->links_private ? '1' : '0'; ?></wp:links_private><?php wxr_cat_name($c); ?><?php wxr_category_description($c); ?></wp:category>
+<?php endforeach; endif; ?>
<?php do_action('rss2_head'); ?>
<?php if ($posts) { foreach ($posts as $post) { start_wp(); ?>
<item>
diff --git a/wp-admin/import/blogger.php b/wp-admin/import/blogger.php
index d7df5ad..060a5e9 100644
--- a/wp-admin/import/blogger.php
+++ b/wp-admin/import/blogger.php
@@ -10,7 +10,7 @@ class Blogger_Import {
$title = __('Import Blogger');
$welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.');
$noiframes = __('This feature requires iframe support.');
- $warning = __('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?');
+ $warning = js_escape(__('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?'));
$reset = __('Reset this importer');
$incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.');
@@ -255,7 +255,7 @@ class Blogger_Import {
'blog-options-basic' => false,
'blog-options-archiving' => array('archiveFrequency' => 'm'),
'blog-publishing' => array('publishMode'=>'0', 'blogID' => "$id", 'subdomain' => mt_rand().mt_rand(), 'pingWeblogs' => 'false'),
- 'blog-formatting' => array('timeStampFormat' => '0', 'convertLineBreaks'=>'false', 'floatAlignment'=>'false'),
+ 'blog-formatting' => array('timeStampFormat' => '0', 'encoding'=>'UTF-8', 'convertLineBreaks'=>'false', 'floatAlignment'=>'false'),
'blog-comments' => array('commentsTimeStampFormat' => '0'),
'template-edit' => array( 'templateText' => str_replace('%title%', trim($blogsary[2][$key]), $template) )
);
@@ -349,7 +349,7 @@ class Blogger_Import {
$form = "<div style='height:0px;width:0px;overflow:hidden;'>";
$form.= $body;
$form.= "</div><script type='text/javascript'>forms=document.getElementsByTagName('form');for(i=0;i<forms.length;i++){if(forms[i].action.search('{$blog_opt}')){forms[i].submit();break;}}</script>";
- $output.= '<p>'.sprintf('<strong>%s</strong> in progress, please wait...', $blog_opt)."</p>\n";
+ $output.= '<p>'.sprintf(__('<strong>%s</strong> in progress, please wait...'), $blog_opt)."</p>\n";
} else {
$output.= "<p>$blog_opt</p>\n";
}
@@ -428,7 +428,7 @@ class Blogger_Import {
$user_email = $wpdb->escape($post_author_email);
$user_password = substr(md5(uniqid(microtime())), 0, 6);
$result = wp_create_user( $user_login, $user_password, $user_email );
- $status.= sprintf('Registered user <strong>%s</strong>.', $user_login);
+ $status.= sprintf(__('Registered user <strong>%s</strong>.'), $user_login);
$this->import['blogs'][$_GET['blog']]['newusers'][] = $user_login;
}
$userdata = get_userdatabylogin( $post_author_name );
diff --git a/wp-admin/import/wordpress.php b/wp-admin/import/wordpress.php
index ac965b8..109d0a7 100644
--- a/wp-admin/import/wordpress.php
+++ b/wp-admin/import/wordpress.php
@@ -69,6 +69,8 @@ class WP_Import {
$importdata = preg_replace("/(\r\n|\n|\r)/", "\n", $importdata);
preg_match_all('|<item>(.*?)</item>|is', $importdata, $this->posts);
$this->posts = $this->posts[1];
+ preg_match_all('|<wp:category>(.*?)</wp:category>|is', $importdata, $this->categories);
+ $this->categories = $this->categories[1];
}
function get_wp_authors() {
@@ -160,6 +162,35 @@ class WP_Import {
$this->wp_authors_form();
}
+ function process_categories() {
+ global $wpdb;
+
+ $cat_names = (array) $wpdb->get_col("SELECT cat_name FROM $wpdb->categories");
+
+ while ( $c = array_shift($this->categories) ) {
+ $cat_name = trim(str_replace(array ('<![CDATA[', ']]>'), '', $this->get_tag( $c, 'wp:cat_name' )));
+
+ // If the category exists we leave it alone
+ if ( in_array($cat_name, $cat_names) )
+ continue;
+
+ $category_nicename = $this->get_tag( $c, 'wp:category_nicename' );
+ $posts_private = (int) $this->get_tag( $c, 'wp:posts_private' );
+ $links_private = (int) $this->get_tag( $c, 'wp:links_private' );
+
+ $parent = $this->get_tag( $c, 'wp:category_parent' );
+
+ if ( empty($parent) )
+ $category_parent = '0';
+ else
+ $category_parent = (int) category_exists($parent);
+
+ $catarr = compact('category_nicename', 'category_parent', 'posts_private', 'links_private', 'posts_private', 'cat_name');
+
+ $cat_ID = wp_insert_category($catarr);
+ }
+ }
+
function process_posts() {
global $wpdb;
$i = -1;
@@ -189,7 +220,7 @@ class WP_Import {
$cat_index = 0;
foreach ($categories as $category) {
- $categories[$cat_index] = $wpdb->escape($this->unhtmlentities($category));
+ $categories[$cat_index] = $wpdb->escape($this->unhtmlentities(str_replace(array ('<![CDATA[', ']]>'), '', $category)));
$cat_index++;
}
@@ -260,6 +291,7 @@ class WP_Import {
$this->file = get_attached_file($this->id);
$this->get_authors_from_post();
$this->get_entries();
+ $this->process_categories();
$this->process_posts();
}
diff --git a/wp-admin/link-add.php b/wp-admin/link-add.php
index 2f66e44..c871e53 100644
--- a/wp-admin/link-add.php
+++ b/wp-admin/link-add.php
@@ -29,7 +29,7 @@ require('admin-header.php');
<div id="wp-link-bookmarklet" class="wrap">
<h3><?php _e('Add Link Bookmarklet'); ?></h3>
<p><?php _e('Right click on the following link and choose "Bookmark This Link..." to create an add link shortcut. Right now this only works on Mozilla or Netscape, but we’re working on it.'); ?></p>
-<?php printf(__('<p><a href="%s" title="Link add bookmarklet">Link This</a></p>'), "javascript:void(linkmanpopup=window.open('" . get_option('siteurl') . "/wp-admin/link-add.php?action=popup&amp;linkurl='+escape(location.href)+'&amp;name='+escape(document.title),'LinkManager','scrollbars=yes,width=750,height=550,left=15,top=15,status=yes,resizable=yes'));linkmanpopup.focus();window.focus();linkmanpopup.focus();") ?>
+<?php printf('<p><a href="%s" title="'.__('Link add bookmarklet').'">'.__('Link This').'</a></p>', "javascript:void(linkmanpopup=window.open('" . get_option('siteurl') . "/wp-admin/link-add.php?action=popup&amp;linkurl='+escape(location.href)+'&amp;name='+escape(document.title),'LinkManager','scrollbars=yes,width=750,height=550,left=15,top=15,status=yes,resizable=yes'));linkmanpopup.focus();window.focus();linkmanpopup.focus();") ?>
</div>
<?php
diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php
index abb1d37..0a4d4e8 100644
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -161,7 +161,7 @@ if ($links)
<?php
echo '<td><a href="link.php?link_id='.$link->link_id.'&amp;action=edit" class="edit">'.__('Edit').'</a></td>';
- echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the &quot;%s&quot; link to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($link->link_name), js_escape($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
+ echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." onclick=\"return deleteSomething( 'link', $link->link_id , '".js_escape(sprintf(__("You are about to delete the &quot;%s&quot; link to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), $link->link_name, $link->link_url )).'\' );" class="delete">'.__('Delete').'</a></td>';
echo '<td align="center"><input type="checkbox" name="linkcheck[]" value="'.$link->link_id.'" /></td>';
echo "\n </tr>\n";
}
@@ -171,7 +171,7 @@ if ($links)
<div id="ajax-response"></div>
-<p class="submit"><input type="submit" class="button" name="deletebookmarks" id="deletebookmarks" value="<?php _e('Delete Checked Links') ?> &raquo;" onclick="return confirm('<?php _e("You are about to delete these links permanently \\n \'Cancel\' to stop, \'OK\' to delete.") ?>')" /></p>
+<p class="submit"><input type="submit" class="button" name="deletebookmarks" id="deletebookmarks" value="<?php _e('Delete Checked Links') ?> &raquo;" onclick="return confirm('<?php echo js_escape(__("You are about to delete these links permanently \\n \'Cancel\' to stop, \'OK\' to delete.")); ?>')" /></p>
</form>
</div>
diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php
index e9fc505..8999741 100644
--- a/wp-admin/moderation.php
+++ b/wp-admin/moderation.php
@@ -135,7 +135,7 @@ $i = 0;
<?php comment_text() ?>
<p><?php comment_date('M j, g:i A'); ?> &#8212; [ <?php
echo '<a href="comment.php?action=editcomment&amp;c='.$comment->comment_ID.'">' . __('Edit') . '</a> | ';
-echo " <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($comment->comment_author)) . "', theCommentList );\">" . __('Delete ') . "</a> | "; ?>
+echo " <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), $comment->comment_author )) . "', theCommentList );\">" . __('Delete ') . "</a> | "; ?>
<?php
$post = get_post($comment->comment_post_ID);
$post_title = wp_specialchars( $post->post_title, 'double' );
diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index f224937..d8fce65 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -112,7 +112,15 @@ if (empty($plugins)) {
} else {
$toggle = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
}
- $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
+
+ $plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array());
+
+ // Sanitize all displayed data
+ $plugin_data['Title'] = wp_kses($plugin_data['Title'], $plugins_allowedtags);
+ $plugin_data['Version'] = wp_kses($plugin_data['Version'], $plugins_allowedtags);
+ $plugin_data['Description'] = wp_kses($plugin_data['Description'], $plugins_allowedtags);
+ $plugin_data['Author'] = wp_kses($plugin_data['Author'], $plugins_allowedtags);
+
if ( $style != '' )
$style = 'class="' . $style . '"';
if ( is_writable(ABSPATH . 'wp-content/plugins/' . $plugin_file) )
diff --git a/wp-admin/upgrade-functions.php b/wp-admin/upgrade-functions.php
index 1c8c8fd..2349dca 100644
--- a/wp-admin/upgrade-functions.php
+++ b/wp-admin/upgrade-functions.php
@@ -175,6 +175,9 @@ function upgrade_all() {
if ( $wp_current_db_version < 3845 )
upgrade_210();
+ if ( $wp_current_db_version < 4351 )
+ upgrade_old_slugs();
+
$wp_rewrite->flush_rules();
update_option('db_version', $wp_db_version);
diff --git a/wp-admin/upload-js.php b/wp-admin/upload-js.php
index ca51e3f..5ee62c1 100644
--- a/wp-admin/upload-js.php
+++ b/wp-admin/upload-js.php
@@ -97,20 +97,20 @@ addLoadEvent( function() {
h += "<form name='uploadoptions' id='uploadoptions' class='alignleft'>";
h += "<table>";
if ( this.currentImage.thumb ) {
- h += "<tr><th style='padding-bottom:.5em'><?php echo addslashes(__('Show:')); ?></th><td style='padding-bottom:.5em'>";
- h += "<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' checked='checked' /> <?php echo addslashes(__('Thumbnail')); ?></label><br />";
- h += "<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo addslashes(__('Full size')); ?></label>";
+ h += "<tr><th style='padding-bottom:.5em'><?php echo js_escape(__('Show:')); ?></th><td style='padding-bottom:.5em'>";
+ h += "<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' checked='checked' /> <?php echo js_escape(__('Thumbnail')); ?></label><br />";
+ h += "<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo js_escape(__('Full size')); ?></label>";
h += "</td></tr>";
}
- h += "<tr><th><?php echo addslashes(__('Link to:')); ?></th><td>";
- h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo addslashes(__('File')); ?></label><br />";
- h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo addslashes(__('Page')); ?></label><br />";
- h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo addslashes(__('None')); ?></label>";
+ h += "<tr><th><?php echo js_escape(__('Link to:')); ?></th><td>";
+ h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo js_escape(__('File')); ?></label><br />";
+ h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo js_escape(__('Page')); ?></label><br />";
+ h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo js_escape(__('None')); ?></label>";
h += "</td></tr>";
h += "<tr><td colspan='2'><p class='submit'>";
- h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo addslashes(__('Send to editor')); ?> &raquo;' />";
+ h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo js_escape(__('Send to editor &raquo;')); ?>' />";
h += "</p></td></tr></table>";
h += "</form>";
@@ -134,22 +134,22 @@ addLoadEvent( function() {
var params = $H(this.params);
params.ID = '';
params.action = '';
- h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='Browse your files' class='back'>&laquo; Back</a>";
+ h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='<?php echo js_escape(__('Browse your files')); ?>' class='back'>&laquo; <?php echo js_escape(__('Back')); ?></a>";
} else {
- h += "<a href='#' onclick='return theFileList.cancelView();' title='Browse your files' class='back'>&laquo; Back</a>";
+ h += "<a href='#' onclick='return theFileList.cancelView();' title='<?php echo js_escape(__('Browse your files')); ?>' class='back'>&laquo; <?php echo js_escape(__('Back')); ?></a>";
}
h += "<div id='file-title'>"
if ( !this.currentImage.isImage )
- h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='Direct link to file'>" + this.currentImage.title + "</a></h2>";
+ h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo js_escape(__('Direct link to file')); ?>'>" + this.currentImage.title + "</a></h2>";
else
h += "<h2>" + this.currentImage.title + "</h2>";
h += " &#8212; <span>";
- h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'>Insert</a>"
+ h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'><?php js_escape(__('Insert')); ?></a>"
h += "</span>";
h += '</div>'
h += "<div id='upload-file-view' class='alignleft'>";
if ( this.currentImage.isImage ) {
- h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='Direct link to file'>";
+ h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo js_escape(__('Direct link to file')); ?>'>";
h += "<img src='" + ( this.currentImage.thumb ? this.currentImage.thumb : this.currentImage.src ) + "' alt='" + this.currentImage.title + "' width='" + this.currentImage.width + "' height='" + this.currentImage.height + "' />";
h += "</a>";
} else
@@ -158,20 +158,20 @@ addLoadEvent( function() {
h += "<table><col /><col class='widefat' /><tr>"
- h += "<th scope='row'><label for='url'>URL</label></th>";
+ h += "<th scope='row'><label for='url'><?php echo js_escape(__('URL')); ?></label></th>";
h += "<td><input type='text' id='url' class='readonly' value='" + this.currentImage.srcBase + this.currentImage.src + "' readonly='readonly' /></td>";
h += "</tr><tr>";
- h += "<th scope='row'><label for='post_title'>Title</label></th>";
+ h += "<th scope='row'><label for='post_title'><?php echo js_escape(__('Title')); ?></label></th>";
h += "<td><input type='text' id='post_title' name='post_title' value='" + this.currentImage.title + "' /></td>";
h += "</tr><tr>";
- h += "<th scope='row'><label for='post_content'>Description</label></th>";
+ h += "<th scope='row'><label for='post_content'><?php echo js_escape(__('Description')); ?></label></th>";
h += "<td><textarea name='post_content' id='post_content'>" + this.currentImage.description + "</textarea></td>";
- h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='Delete File' onclick='theFileList.deleteFile(" + id + ");' />";
+ h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='<?php echo js_escape(__('Delete File')); ?>' onclick='theFileList.deleteFile(" + id + ");' />";
h += "<input type='hidden' name='from_tab' value='" + this.tab + "' />";
h += "<input type='hidden' name='action' id='action-value' value='save' />";
h += "<input type='hidden' name='ID' value='" + id + "' />";
h += "<input type='hidden' name='_wpnonce' value='" + this.nonce + "' />";
- h += "<div class='submit'><input type='submit' value='Save &raquo;' /></div>";
+ h += "<div class='submit'><input type='submit' value='<?php echo js_escape(__('Save &raquo;')); ?>' /></div>";
h += "</td></tr></table></form>";
new Insertion.Top('upload-content', h);
diff --git a/wp-admin/upload.css b/wp-admin/upload.css
index a74ec18..efa9512 100644
--- a/wp-admin/upload.css
+++ b/wp-admin/upload.css
@@ -143,7 +143,6 @@ h2 {
}
#upload-files a.file-link.image {
- line-height: 128px;
font-size: 2px;
letter-spacing: 0;
}
diff --git a/wp-admin/users.php b/wp-admin/users.php
index 46ba6ca..3c260ab 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -2,11 +2,11 @@
require_once('admin.php');
require_once( ABSPATH . WPINC . '/registration.php');
+if ( !current_user_can('edit_users') )
+ wp_die(__('Cheatin&#8217; uh?'));
+
$title = __('Users');
-if ( current_user_can('edit_users') )
- $parent_file = 'users.php';
-else
- $parent_file = 'profile.php';
+$parent_file = 'users.php';
$action = $_REQUEST['action'];
$update = '';
generated by cgit (git 2.34.1) at 2024-06-19 13:00:06 +0000