summaryrefslogtreecommitdiffstats
path: root/wp-includes
diff options
context:
space:
mode:
Diffstat (limited to 'wp-includes')
-rw-r--r--wp-includes/default-filters.php4
-rw-r--r--wp-includes/feed-rss2-comments.php6
-rw-r--r--wp-includes/formatting.php75
-rw-r--r--wp-includes/pluggable.php18
-rw-r--r--wp-includes/plugin.php36
-rw-r--r--wp-includes/query.php21
-rw-r--r--wp-includes/rewrite.php9
-rw-r--r--wp-includes/rss.php4
-rw-r--r--wp-includes/vars.php23
-rw-r--r--wp-includes/version.php4
-rw-r--r--wp-includes/widgets.php4
11 files changed, 167 insertions, 37 deletions
diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php
index 0861361..1613b33 100644
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@@ -129,6 +129,8 @@ add_filter('get_the_excerpt', 'wp_trim_excerpt');
add_filter('sanitize_title', 'sanitize_title_with_dashes');
+add_filter('wp_title', 'wp_specialchars');
+
// RSS filters
add_filter('the_title_rss', 'strip_tags');
add_filter('the_title_rss', 'ent2ncr', 8);
@@ -176,4 +178,4 @@ add_action('init', 'smilies_init', 5);
add_action( 'plugins_loaded', 'wp_maybe_load_widgets', 0 );
add_action( 'shutdown', 'wp_ob_end_flush_all', 1);
-?> \ No newline at end of file
+?>
diff --git a/wp-includes/feed-rss2-comments.php b/wp-includes/feed-rss2-comments.php
index 50f5e3d..adb2930 100644
--- a/wp-includes/feed-rss2-comments.php
+++ b/wp-includes/feed-rss2-comments.php
@@ -5,7 +5,9 @@ echo '<?xml version="1.0" encoding="'.get_option('blog_charset').'"?'.'>';
?>
<!-- generator="wordpress/<?php echo $wp_version ?>" -->
<rss version="2.0"
- xmlns:content="http://purl.org/rss/1.0/modules/content/">
+ xmlns:content="http://purl.org/rss/1.0/modules/content/"
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ >
<channel>
<title><?php
if ( is_singular() )
@@ -37,7 +39,7 @@ if ( have_comments() ) : while ( have_comments() ) : the_comment();
}
?></title>
<link><?php comment_link() ?></link>
- <author><?php echo get_comment_author_rss() ?></author>
+ <dc:creator><?php echo get_comment_author_rss() ?></dc:creator>
<pubDate><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></pubDate>
<guid><?php comment_link() ?></guid>
<?php if (!empty($comment_post->post_password) && $_COOKIE['wp-postpass'] != $comment_post->post_password) : ?>
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index b251b6e..cb8b372 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -11,7 +11,7 @@ function wptexturize($text) {
// if a plugin has provided an autocorrect array, use it
if ( isset($wp_cockneyreplace) ) {
$cockney = array_keys($wp_cockneyreplace);
- $cockney_replace = array_values($wp_cockneyreplace);
+ $cockneyreplace = array_values($wp_cockneyreplace);
} else {
$cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause");
$cockneyreplace = array("&#8217;tain&#8217;t","&#8217;twere","&#8217;twas","&#8217;tis","&#8217;twill","&#8217;til","&#8217;bout","&#8217;nuff","&#8217;round","&#8217;cause");
@@ -1118,6 +1118,79 @@ function wp_make_link_relative( $link ) {
return preg_replace('|https?://[^/]+(/.*)|i', '$1', $link );
}
+function sanitize_option($option, $value) { // Remember to call stripslashes!
+
+ switch ($option) {
+ case 'admin_email':
+ $value = sanitize_email($value);
+ break;
+
+ case 'default_post_edit_rows':
+ case 'mailserver_port':
+ case 'comment_max_links':
+ case 'page_on_front':
+ case 'rss_excerpt_length':
+ case 'default_category':
+ case 'default_email_category':
+ case 'default_link_category':
+ $value = abs((int) $value);
+ break;
+
+ case 'posts_per_page':
+ case 'posts_per_rss':
+ $value = (int) $value;
+ if ( empty($value) ) $value = 1;
+ if ( $value < -1 ) $value = abs($value);
+ break;
+
+ case 'default_ping_status':
+ case 'default_comment_status':
+ // Options that if not there have 0 value but need to be something like "closed"
+ if ( $value == '0' || $value == '')
+ $value = 'closed';
+ break;
+
+ case 'blogdescription':
+ case 'blogname':
+ $value = addslashes($value);
+ $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
+ $value = stripslashes($value);
+ $value = wp_specialchars( $value );
+ break;
+
+ case 'blog_charset':
+ $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes
+ break;
+
+ case 'date_format':
+ case 'time_format':
+ case 'mailserver_url':
+ case 'mailserver_login':
+ case 'mailserver_pass':
+ case 'ping_sites':
+ case 'upload_path':
+ $value = strip_tags($value);
+ $value = addslashes($value);
+ $value = wp_filter_kses($value); // calls stripslashes then addslashes
+ $value = stripslashes($value);
+ break;
+
+ case 'gmt_offset':
+ $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes
+ break;
+
+ case 'siteurl':
+ case 'home':
+ $value = stripslashes($value);
+ $value = clean_url($value);
+ break;
+ default :
+ break;
+ }
+
+ return $value;
+}
+
function wp_parse_str( $string, &$array ) {
parse_str( $string, $array );
if ( get_magic_quotes_gpc() )
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 3668635..3774f50 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -327,8 +327,18 @@ function wp_redirect($location, $status = 302) {
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
$location = wp_kses_no_null($location);
+ // remove %0d and %0a from location
$strip = array('%0d', '%0a');
- $location = str_replace($strip, '', $location);
+ $found = true;
+ while($found) {
+ $found = false;
+ foreach($strip as $val) {
+ while(strpos($location, $val) !== false) {
+ $found = true;
+ $location = str_replace($val, '', $location);
+ }
+ }
+ }
if ( $is_IIS ) {
header("Refresh: 0;url=$location");
@@ -436,14 +446,14 @@ function wp_notify_postauthor($comment_id, $comment_type='') {
$notify_message .= sprintf( __('Delete it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&c=$comment_id" ) . "\r\n";
$notify_message .= sprintf( __('Spam it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&dt=spam&c=$comment_id" ) . "\r\n";
- $admin_email = get_option('admin_email');
+ $wp_email = get_option('admin_email');
if ( '' == $comment->comment_author ) {
- $from = "From: \"$blogname\" <$admin_email>";
+ $from = "From: \"$blogname\" <$wp_email>";
if ( '' != $comment->comment_author_email )
$reply_to = "Reply-To: $comment->comment_author_email";
} else {
- $from = "From: \"$comment->comment_author\" <$admin_email>";
+ $from = "From: \"$comment->comment_author\" <$wp_email>";
if ( '' != $comment->comment_author_email )
$reply_to = "Reply-To: \"$comment->comment_author_email\" <$comment->comment_author_email>";
}
diff --git a/wp-includes/plugin.php b/wp-includes/plugin.php
index c573ec1..050c544 100644
--- a/wp-includes/plugin.php
+++ b/wp-includes/plugin.php
@@ -19,7 +19,7 @@ function add_filter($tag, $function_to_add, $priority = 10, $accepted_args = 1)
global $wp_filter, $merged_filters;
// So the format is wp_filter['tag']['array of priorities']['array of functions serialized']['array of ['array (functions, accepted_args)]']
- $wp_filter[$tag][$priority][serialize($function_to_add)] = array('function' => $function_to_add, 'accepted_args' => $accepted_args);
+ $wp_filter[$tag][$priority][_wp_filter_build_unique_id($tag, $function_to_add, $priority)] = array('function' => $function_to_add, 'accepted_args' => $accepted_args);
unset( $merged_filters[ $tag ] );
return true;
}
@@ -98,8 +98,8 @@ function merge_filters($tag) {
*/
function remove_filter($tag, $function_to_remove, $priority = 10, $accepted_args = 1) {
global $wp_filter, $merged_filters;
-
- unset($GLOBALS['wp_filter'][$tag][$priority][serialize($function_to_remove)]);
+
+ unset($GLOBALS['wp_filter'][$tag][$priority][_wp_filter_build_unique_id($tag, $function_to_remove, $priority)]);
unset( $merged_filters[ $tag ] );
return true;
@@ -235,8 +235,9 @@ function remove_action($tag, $function_to_remove, $priority = 10, $accepted_args
* @return string The name of a plugin.
*/
function plugin_basename($file) {
- $file = preg_replace('|\\\\+|', '\\\\', $file);
- $file = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', $file);
+ $file = str_replace('\\','/',$file); // sanitize for Win32 installs
+ $file = preg_replace('|/+|','/', $file); // remove any duplicate slash
+ $file = preg_replace('|^.*/wp-content/plugins/|','',$file); // get relative path from plugins dir
return $file;
}
@@ -278,4 +279,29 @@ function register_deactivation_hook($file, $function) {
add_action('deactivate_' . $file, $function);
}
+function _wp_filter_build_unique_id($tag, $function, $priority = 10)
+{
+ global $wp_filter;
+
+ // If function then just skip all of the tests and not overwrite the following.
+ if( is_string($function) )
+ return $function;
+ // Object Class Calling
+ else if(is_object($function[0]) )
+ {
+ $obj_idx = get_class($function[0]).$function[1];
+ if( is_null($function[0]->wp_filter_id) ) {
+ $count = count((array)$wp_filter[$tag][$priority]);
+ $function[0]->wp_filter_id = $count;
+ $obj_idx .= $count;
+ unset($count);
+ } else
+ $obj_idx .= $function[0]->wp_filter_id;
+ return $obj_idx;
+ }
+ // Static Calling
+ else if( is_string($function[0]) )
+ return $function[0].$function[1];
+}
+
?>
diff --git a/wp-includes/query.php b/wp-includes/query.php
index 05dc692..a079211 100644
--- a/wp-includes/query.php
+++ b/wp-includes/query.php
@@ -413,18 +413,8 @@ class WP_Query {
$this->query_vars = $this->fill_query_vars($this->query_vars);
$qv = &$this->query_vars;
- if ( ! empty($qv['robots']) ) {
+ if ( ! empty($qv['robots']) )
$this->is_robots = true;
- return;
- }
-
- if ('404' == $qv['error']) {
- $this->is_404 = true;
- if ( !empty($query) ) {
- do_action_ref_array('parse_query', array(&$this));
- }
- return;
- }
$qv['p'] = (int) $qv['p'];
$qv['page_id'] = (int) $qv['page_id'];
@@ -606,12 +596,21 @@ class WP_Query {
}
}
+ if ( !empty($qv['post_type']) )
+ $qv['post_type'] = sanitize_user($qv['post_type'], true);
+
+ if ( !empty($qv['post_status']) )
+ $qv['post_status'] = sanitize_user($qv['post_status'], true);
+
if ( $this->is_posts_page && !$qv['withcomments'] )
$this->is_comment_feed = false;
$this->is_singular = $this->is_single || $this->is_page || $this->is_attachment;
// Done correcting is_* for page_on_front and page_for_posts
+ if ('404' == $qv['error'])
+ $this->set_404();
+
if ( !empty($query) )
do_action_ref_array('parse_query', array(&$this));
}
diff --git a/wp-includes/rewrite.php b/wp-includes/rewrite.php
index 2f440ab..19d5224 100644
--- a/wp-includes/rewrite.php
+++ b/wp-includes/rewrite.php
@@ -135,6 +135,15 @@ function url_to_postid($url) {
// Substitute the substring matches into the query.
eval("\$query = \"$query\";");
+ // Filter out non-public query vars
+ global $wp;
+ parse_str($query, $query_vars);
+ $query = array();
+ foreach ( $query_vars as $key => $value ) {
+ if ( in_array($key, $wp->public_query_vars) )
+ $query[$key] = $value;
+ }
+ // Do the query
$query = new WP_Query($query);
if ( $query->is_single || $query->is_page )
return $query->post->ID;
diff --git a/wp-includes/rss.php b/wp-includes/rss.php
index 44005a7..72b7bb1 100644
--- a/wp-includes/rss.php
+++ b/wp-includes/rss.php
@@ -9,7 +9,7 @@
define('RSS', 'RSS');
define('ATOM', 'Atom');
-define('MAGPIE_USER_AGENT', 'WordPressMU/' . $wp_version);
+define('MAGPIE_USER_AGENT', 'WordPressMU/' . $GLOBALS['wp_version']);
class MagpieRSS {
var $parser;
@@ -591,7 +591,7 @@ function init () {
}
if ( !defined('MAGPIE_USER_AGENT') ) {
- $ua = 'WordPress/' . $wp_version;
+ $ua = 'WordPress/' . $GLOBALS['wp_version'];
if ( MAGPIE_CACHE_ON ) {
$ua = $ua . ')';
diff --git a/wp-includes/vars.php b/wp-includes/vars.php
index 0f749be..a8b4897 100644
--- a/wp-includes/vars.php
+++ b/wp-includes/vars.php
@@ -1,15 +1,24 @@
<?php
// On which page are we ?
-if ( preg_match('#([^/]+\.php)$#', $PHP_SELF, $self_matches) ) {
+if ( is_admin() ) {
+ // wp-admin pages are checked more carefully
+ preg_match('#/wp-admin/?(.*?)$#i', $PHP_SELF, $self_matches);
$pagenow = $self_matches[1];
-} elseif ( strpos($PHP_SELF, '?') !== false ) {
- $pagenow = explode('/', $PHP_SELF);
- $pagenow = trim($pagenow[(sizeof($pagenow)-1)]);
- $pagenow = explode('?', $pagenow);
- $pagenow = $pagenow[0];
+ $pagenow = preg_replace('#\?.*?$#', '', $pagenow);
+ if ( '' === $pagenow || 'index' === $pagenow || 'index.php' === $pagenow ) {
+ $pagenow = 'index.php';
+ } else {
+ preg_match('#(.*?)(/|$)#', $pagenow, $self_matches);
+ $pagenow = strtolower($self_matches[1]);
+ if ( '.php' !== substr($pagenow, -4, 4) )
+ $pagenow .= '.php'; // for Options +Multiviews: /wp-admin/themes/index.php (themes.php is queried)
+ }
} else {
- $pagenow = 'index.php';
+ if ( preg_match('#([^/]+\.php)([?/].*?)?$#i', $PHP_SELF, $self_matches) )
+ $pagenow = strtolower($self_matches[1]);
+ else
+ $pagenow = 'index.php';
}
// Simple browser detection
diff --git a/wp-includes/version.php b/wp-includes/version.php
index fb8e714..13c05a4 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -2,8 +2,8 @@
// This holds the version number in a separate file so we can bump it without cluttering the SVN
-$wp_version = 'wordpress-mu-1.2.4';
-$wporg_version = 'wordpress-2.2.2';
+$wp_version = 'wordpress-mu-1.2.5';
+$wporg_version = 'wordpress-2.2.3';
$wp_db_version = 5200;
?>
diff --git a/wp-includes/widgets.php b/wp-includes/widgets.php
index 52f0a0e..b2ec69e 100644
--- a/wp-includes/widgets.php
+++ b/wp-includes/widgets.php
@@ -332,13 +332,13 @@ function wp_widget_pages( $args ) {
$title = empty( $options['title'] ) ? __( 'Pages' ) : $options['title'];
$sortby = empty( $options['sortby'] ) ? 'menu_order' : $options['sortby'];
- $exclude = empty( $options['exclude'] ) ? '' : '&exclude=' . $options['exclude'];
+ $exclude = empty( $options['exclude'] ) ? '' : $options['exclude'];
if ( $sortby == 'menu_order' ) {
$sortby = 'menu_order, post_title';
}
- $out = wp_list_pages( 'title_li=&echo=0&sort_column=' . $sortby . $exclude );
+ $out = wp_list_pages( array('title_li' => '', 'echo' => 0, 'sort_column' => $sortby, 'exclude' => $exclude) );
if ( !empty( $out ) ) {
?>
generated by cgit (git 2.34.1) at 2024-05-29 04:48:01 +0000