From 89fe0ff804e7c6497ebacc8b341ac89974f6f255 Mon Sep 17 00:00:00 2001 From: donncha Date: Mon, 21 May 2007 18:37:58 +0000 Subject: WP Merge to rev 5499, this is a big one! Test it before you put it live! Test only, not for production use yet git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@972 7be80a69-a1ef-0310-a953-fb0f7c49ff36 --- wp-admin/import/textpattern.php | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) (limited to 'wp-admin/import/textpattern.php') diff --git a/wp-admin/import/textpattern.php b/wp-admin/import/textpattern.php index db60e15..286d74a 100644 --- a/wp-admin/import/textpattern.php +++ b/wp-admin/import/textpattern.php @@ -56,8 +56,9 @@ class Textpattern_Import { echo '

'.__('This has not been tested on previous versions of Textpattern. Mileage may vary.').'

'; echo '

'.__('Your Textpattern Configuration settings are as follows:').'

'; echo '
'; + wp_nonce_field('import-textpattern'); $this->db_form(); - echo '

'; + echo '

'; echo '
'; echo ''; } @@ -483,7 +484,8 @@ class Textpattern_Import { echo '
'; - printf('', __('Import Users')); + wp_nonce_field('import-textpattern'); + printf('', attribute_escape(__('Import Users'))); echo '
'; } @@ -495,7 +497,8 @@ class Textpattern_Import { $this->users2wp($users); echo '
'; - printf('', __('Import Posts')); + wp_nonce_field('import-textpattern'); + printf('', attribute_escape(__('Import Posts'))); echo '
'; } @@ -506,7 +509,8 @@ class Textpattern_Import { $this->posts2wp($posts); echo '
'; - printf('', __('Import Comments')); + wp_nonce_field('import-textpattern'); + printf('', attribute_escape(__('Import Comments'))); echo '
'; } @@ -517,7 +521,8 @@ class Textpattern_Import { $this->comments2wp($comments); echo '
'; - printf('', __('Import Links')); + wp_nonce_field('import-textpattern'); + printf('', attribute_escape(__('Import Links'))); echo '
'; } @@ -529,7 +534,8 @@ class Textpattern_Import { add_option('txp_links', $links); echo '
'; - printf('', __('Finish')); + wp_nonce_field('import-textpattern'); + printf('', attribute_escape(__('Finish'))); echo '
'; } @@ -553,11 +559,11 @@ class Textpattern_Import { { echo '

'.__('Welcome to WordPress. We hope (and expect!) that you will find this platform incredibly rewarding! As a new WordPress user coming from Textpattern, there are some things that we would like to point out. Hopefully, they will help your transition go as smoothly as possible.').'

'; echo '

'.__('Users').'

'; - echo '

'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password. Forget it. You didn\'t have that login in Textpattern, why should you have it here? Instead we have taken care to import all of your users into our system. Unfortunately there is one downside. Because both WordPress and Textpattern uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users. Every user has the same username, but their passwords are reset to password123. So Login and change it.'), '/wp-login.php').'

'; + echo '

'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password. Forget it. You didn’t have that login in Textpattern, why should you have it here? Instead we have taken care to import all of your users into our system. Unfortunately there is one downside. Because both WordPress and Textpattern uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users. Every user has the same username, but their passwords are reset to password123. So Login and change it.'), get_bloginfo( 'wpurl' ) . '/wp-login.php').'

'; echo '

'.__('Preserving Authors').'

'; echo '

'.__('Secondly, we have attempted to preserve post authors. If you are the only author or contributor to your blog, then you are safe. In most cases, we are successful in this preservation endeavor. However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'

'; echo '

'.__('Textile').'

'; - echo '

'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts. If this is the case, we recommend downloading and installing Textile for WordPress. Trust me... You\'ll want it.').'

'; + echo '

'.__('Also, since you’re coming from Textpattern, you probably have been using Textile to format your comments and posts. If this is the case, we recommend downloading and installing Textile for WordPress. Trust me... You’ll want it.').'

'; echo '

'.__('WordPress Resources').'

'; echo '

'.__('Finally, there are numerous WordPress resources around the internet. Some of them are:').'

'; echo ''; - echo '

'.sprintf(__('That\'s it! What are you waiting for? Go login!'), '/wp-login.php').'

'; + echo '

'.sprintf(__('That’s it! What are you waiting for? Go login!'), get_bloginfo( 'wpurl' ) . '/wp-login.php').'

'; } function db_form() @@ -590,36 +596,38 @@ class Textpattern_Import { if ( $step > 0 ) { + check_admin_referer('import-textpattern'); + if($_POST['dbuser']) { if(get_option('txpuser')) delete_option('txpuser'); - add_option('txpuser',$_POST['dbuser']); + add_option('txpuser', sanitize_user($_POST['dbuser'], true)); } if($_POST['dbpass']) { if(get_option('txppass')) delete_option('txppass'); - add_option('txppass',$_POST['dbpass']); + add_option('txppass', sanitize_user($_POST['dbpass'], true)); } if($_POST['dbname']) { if(get_option('txpname')) delete_option('txpname'); - add_option('txpname',$_POST['dbname']); + add_option('txpname', sanitize_user($_POST['dbname'], true)); } if($_POST['dbhost']) { if(get_option('txphost')) delete_option('txphost'); - add_option('txphost',$_POST['dbhost']); + add_option('txphost', sanitize_user($_POST['dbhost'], true)); } if($_POST['dbprefix']) { if(get_option('tpre')) delete_option('tpre'); - add_option('tpre',$_POST['dbprefix']); + add_option('tpre', sanitize_user($_POST['dbprefix'])); } -- cgit