From 12de05107e4c8b006bde6ee8916f34eb476d08da Mon Sep 17 00:00:00 2001 From: donncha Date: Fri, 13 Jun 2008 17:21:00 +0000 Subject: WP Merge with revision 8075 git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1328 7be80a69-a1ef-0310-a953-fb0f7c49ff36 --- wp-admin/admin-ajax.php | 24 +- wp-admin/admin-header.php | 76 +++- wp-admin/admin.php | 8 +- wp-admin/async-upload.php | 4 +- wp-admin/categories.php | 3 +- wp-admin/comment.php | 10 +- wp-admin/css/colors-classic.css | 47 +- wp-admin/css/colors-fresh.css | 38 +- wp-admin/css/global-rtl.css | 28 ++ wp-admin/css/global.css | 4 + wp-admin/css/ie.css | 3 + wp-admin/css/media.css | 16 + wp-admin/css/press-this.css | 451 ++++++++++++++++++ wp-admin/css/widgets-rtl.css | 8 +- wp-admin/css/widgets.css | 24 +- wp-admin/custom-header.php | 2 +- wp-admin/edit-category-form.php | 2 +- wp-admin/edit-comments.php | 18 +- wp-admin/edit-form-advanced.php | 206 +++++---- wp-admin/edit-form-comment.php | 12 +- wp-admin/edit-link-categories.php | 3 +- wp-admin/edit-link-category-form.php | 2 +- wp-admin/edit-link-form.php | 88 ++-- wp-admin/edit-page-form.php | 160 ++++--- wp-admin/edit-pages.php | 7 +- wp-admin/edit-tag-form.php | 4 +- wp-admin/edit-tags.php | 3 +- wp-admin/edit.php | 7 +- wp-admin/export.php | 4 +- wp-admin/gears-manifest.php | 217 +++++++++ wp-admin/images/gear.png | Bin 0 -> 16742 bytes wp-admin/images/loading.gif | Bin 0 -> 2530 bytes wp-admin/images/logo.gif | Bin 0 -> 1238 bytes wp-admin/images/tab.png | Bin 0 -> 1006 bytes wp-admin/import/blogger.php | 4 +- wp-admin/import/dotclear.php | 4 +- wp-admin/import/greymatter.php | 12 +- wp-admin/import/mt.php | 4 +- wp-admin/import/textpattern.php | 4 +- wp-admin/import/wordpress.php | 9 +- wp-admin/import/wp-cat2tag.php | 301 +++++++++--- wp-admin/includes/bookmark.php | 19 +- wp-admin/includes/class-wp-filesystem-base.php | 158 +++++++ wp-admin/includes/class-wp-filesystem-direct.php | 190 +++----- wp-admin/includes/class-wp-filesystem-ftpext.php | 248 +++------- .../includes/class-wp-filesystem-ftpsockets.php | 270 +++-------- wp-admin/includes/comment.php | 4 +- wp-admin/includes/dashboard.php | 7 +- wp-admin/includes/export.php | 7 +- wp-admin/includes/file.php | 159 ++++++- wp-admin/includes/media.php | 173 ++++--- wp-admin/includes/plugin.php | 122 +++-- wp-admin/includes/post.php | 265 ++++++----- wp-admin/includes/schema.php | 26 +- wp-admin/includes/taxonomy.php | 2 +- wp-admin/includes/template.php | 100 +++- wp-admin/includes/theme.php | 2 +- wp-admin/includes/update.php | 70 +-- wp-admin/includes/upgrade.php | 95 ++-- wp-admin/includes/user.php | 37 +- wp-admin/includes/widgets.php | 14 +- wp-admin/index.php | 9 +- wp-admin/install-helper.php | 3 +- wp-admin/js/forms.js | 51 +-- wp-admin/js/gallery.js | 20 + wp-admin/js/media-upload.js | 6 +- wp-admin/js/post.js | 2 + wp-admin/js/theme-preview.js | 44 ++ wp-admin/js/word-count.js | 39 ++ wp-admin/js/wp-gears.js | 83 ++++ wp-admin/link-add.php | 1 - wp-admin/link-import.php | 10 +- wp-admin/link-manager.php | 3 +- wp-admin/link-parse-opml.php | 2 +- wp-admin/link.php | 1 - wp-admin/media.php | 9 +- wp-admin/menu-header.php | 2 + wp-admin/moderation.php | 2 +- wp-admin/options-discussion.php | 78 +++- wp-admin/options-general.php | 29 +- wp-admin/options-misc.php | 8 +- wp-admin/options-permalink.php | 6 +- wp-admin/options-privacy.php | 4 +- wp-admin/options-reading.php | 18 +- wp-admin/options-writing.php | 10 +- wp-admin/page-new.php | 3 +- wp-admin/page.php | 11 +- wp-admin/plugin-editor.php | 9 +- wp-admin/plugins.php | 318 ++++++++----- wp-admin/post-new.php | 3 +- wp-admin/post.php | 11 +- wp-admin/press-this.php | 503 +++++++++++++++++++++ wp-admin/revision.php | 209 +++++++++ wp-admin/setup-config.php | 24 +- wp-admin/sidebar.php | 18 +- wp-admin/themes.php | 106 ++++- wp-admin/update-links.php | 8 +- wp-admin/update.php | 25 +- wp-admin/upgrade.php | 6 +- wp-admin/upload.php | 3 +- wp-admin/user-edit.php | 4 +- wp-admin/users.php | 15 +- wp-admin/widgets.php | 8 +- wp-admin/wp-admin.css | 238 ++++++++-- 104 files changed, 4099 insertions(+), 1648 deletions(-) create mode 100644 wp-admin/css/global-rtl.css create mode 100644 wp-admin/css/press-this.css create mode 100644 wp-admin/gears-manifest.php create mode 100644 wp-admin/images/gear.png create mode 100644 wp-admin/images/loading.gif create mode 100644 wp-admin/images/logo.gif create mode 100644 wp-admin/images/tab.png create mode 100644 wp-admin/includes/class-wp-filesystem-base.php create mode 100644 wp-admin/js/gallery.js create mode 100644 wp-admin/js/theme-preview.js create mode 100644 wp-admin/js/word-count.js create mode 100644 wp-admin/js/wp-gears.js create mode 100644 wp-admin/press-this.php create mode 100644 wp-admin/revision.php (limited to 'wp-admin') diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index 663880e..aef321f 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -1,7 +1,7 @@ get_col( "SELECT name FROM $wpdb->terms WHERE name LIKE ('%$s%')" ); + $results = $wpdb->get_col( $wpdb->prepare("SELECT name FROM $wpdb->terms WHERE name LIKE (%s)", '%' . $s . '%') ); echo join( $results, "\n" ); die; } @@ -462,10 +462,11 @@ case 'add-user' : $x->send(); break; case 'autosave' : // The name of this action is hardcoded in edit_post() - $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce'); + define( 'DOING_AUTOSAVE', true ); + + $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' ); global $current_user; - $_POST['post_status'] = 'draft'; $_POST['post_category'] = explode(",", $_POST['catslist']); $_POST['tags_input'] = explode(",", $_POST['tags_input']); if($_POST['post_type'] == 'page' || empty($_POST['post_category'])) @@ -479,8 +480,9 @@ case 'autosave' : // The name of this action is hardcoded in edit_post() $supplemental = array(); - $id = 0; + $id = $revision_id = 0; if($_POST['post_ID'] < 0) { + $_POST['post_status'] = 'draft'; $_POST['temp_ID'] = $_POST['post_ID']; if ( $do_autosave ) { $id = wp_write_post(); @@ -511,8 +513,18 @@ case 'autosave' : // The name of this action is hardcoded in edit_post() if ( !current_user_can('edit_post', $post_ID) ) die(__('You are not allowed to edit this post.')); } + if ( $do_autosave ) { - $id = edit_post(); + // Drafts are just overwritten by autosave + if ( 'draft' == $post->post_status ) { + $id = edit_post(); + } else { // Non drafts are not overwritten. The autosave is stored in a special post revision. + $revision_id = wp_create_post_autosave( $post->ID ); + if ( is_wp_error($revision_id) ) + $id = $revision_id; + else + $id = $post->ID; + } $data = $message; } else { $id = $post->ID; diff --git a/wp-admin/admin-header.php b/wp-admin/admin-header.php index 0185a98..7073e2f 100644 --- a/wp-admin/admin-header.php +++ b/wp-admin/admin-header.php @@ -5,6 +5,7 @@ if ( $editing ) { if ( user_can_richedit() ) wp_enqueue_script( 'wp_tiny_mce' ); } +wp_enqueue_script( 'wp-gears' ); $min_width_pages = array( 'post.php', 'post-new.php', 'page.php', 'page-new.php', 'widgets.php', 'comment.php', 'link.php' ); $the_current_page = preg_replace('|^.*/wp-admin/|i', '', $_SERVER['PHP_SELF']); @@ -28,14 +29,13 @@ get_admin_page_title(); <?php bloginfo('name') ?> › <?php echo wp_specialchars( strip_tags( $title ) ); ?> — WordPress - - -

'; - wp_nonce_field('import-cat2tag'); - echo ''; +hybrids_ids) ) + echo '

' . __('* This tag is also a category. It cannot be converted again.') . '

'; +?> - echo '

'; +

+ - echo ''; +'; +?> + '; +?> + +categories_to_convert)) { @@ -135,7 +259,6 @@ function check_all_rows() { return; } - if ( empty($this->categories_to_convert) ) $this->categories_to_convert = $_POST['cats_to_convert']; $hier = _get_term_hierarchy('category'); @@ -164,12 +287,12 @@ function check_all_rows() { $id = $id['term_taxonomy_id']; $posts = get_objects_in_term($category->term_id, 'category'); foreach ( $posts as $post ) { - if ( !$wpdb->get_var("SELECT object_id FROM $wpdb->term_relationships WHERE object_id = '$post' AND term_taxonomy_id = '$id'") ) - $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post', '$id')"); + if ( !$wpdb->get_var( $wpdb->prepare("SELECT object_id FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id = %d", $post, $id) ) ) + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES (%d, %d)", $post, $id) ); clean_post_cache($post); } } else { - $tt_ids = $wpdb->get_col("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = '{$category->term_id}' AND taxonomy = 'category'"); + $tt_ids = $wpdb->get_col( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) ); if ( $tt_ids ) { $posts = $wpdb->get_col("SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id IN (" . join(',', $tt_ids) . ") GROUP BY object_id"); foreach ( (array) $posts as $post ) @@ -177,14 +300,14 @@ function check_all_rows() { } // Change the category to a tag. - $wpdb->query("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = '{$category->term_id}' AND taxonomy = 'category'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) ); - $terms = $wpdb->get_col("SELECT term_id FROM $wpdb->term_taxonomy WHERE parent = '{$category->term_id}' AND taxonomy = 'category'"); + $terms = $wpdb->get_col( $wpdb->prepare("SELECT term_id FROM $wpdb->term_taxonomy WHERE parent = %d AND taxonomy = 'category'", $category->term_id) ); foreach ( (array) $terms as $term ) clean_category_cache($term); // Set all parents to 0 (root-level) if their parent was the converted tag - $wpdb->query("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = '{$category->term_id}' AND taxonomy = 'category'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = %d AND taxonomy = 'category'", $category->term_id) ); } // Clean the cache clean_category_cache($category->term_id); @@ -199,27 +322,93 @@ function check_all_rows() { echo '

' . sprintf( __('We’re all done here, but you can always convert more.'), 'admin.php?import=wp-cat2tag' ) . '

'; } + function convert_tags() { + global $wpdb; + + if ( (!isset($_POST['tags_to_convert']) || !is_array($_POST['tags_to_convert'])) && empty($this->tags_to_convert)) { + echo '
'; + echo '

' . sprintf(__('Uh, oh. Something didn’t work. Please try again.'), 'admin.php?import=wp-cat2tag&step=3') . '

'; + echo '
'; + return; + } + + if ( empty($this->categories_to_convert) ) + $this->tags_to_convert = $_POST['tags_to_convert']; + + $clean_cache = array(); + echo ''; + echo '

' . sprintf( __('We’re all done here, but you can always convert more.'), 'admin.php?import=wp-cat2tag&step=3' ) . '

'; + } + function init() { $step = (isset($_GET['step'])) ? (int) $_GET['step'] : 1; $this->header(); - if (!current_user_can('manage_categories')) { - echo '
'; - echo '

' . __('Cheatin’ uh?') . '

'; - echo '
'; - } else { - if ( $step > 1 ) - check_admin_referer('import-cat2tag'); + if ( current_user_can('manage_categories') ) { switch ($step) { case 1 : - $this->welcome(); + $this->categories_tab(); break; case 2 : - $this->convert_them(); + check_admin_referer('import-cat2tag'); + $this->convert_categories(); + break; + + case 3 : + $this->tags_tab(); + break; + + case 4 : + check_admin_referer('import-cat2tag'); + $this->convert_tags(); break; } } @@ -234,6 +423,6 @@ function check_all_rows() { $wp_cat2tag_importer = new WP_Categories_to_Tags(); -register_importer('wp-cat2tag', __('Categories to Tags Converter'), __('Convert existing categories to tags, selectively.'), array(&$wp_cat2tag_importer, 'init')); +register_importer('wp-cat2tag', __('Categories and Tags Converter'), __('Convert existing categories to tags or tags to categories, selectively.'), array(&$wp_cat2tag_importer, 'init')); ?> diff --git a/wp-admin/includes/bookmark.php b/wp-admin/includes/bookmark.php index 2cae3b5..b48d313 100644 --- a/wp-admin/includes/bookmark.php +++ b/wp-admin/includes/bookmark.php @@ -47,7 +47,7 @@ function wp_delete_link($link_id) { wp_delete_object_term_relationships($link_id, 'link_category'); - $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'"); + $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_id = %d", $link_id) ); do_action('deleted_link', $link_id); @@ -73,7 +73,7 @@ function wp_insert_link($linkdata) { $linkdata = wp_parse_args($linkdata, $defaults); $linkdata = sanitize_bookmark($linkdata, 'db'); - extract($linkdata, EXTR_SKIP); + extract(stripslashes_deep($linkdata), EXTR_SKIP); $update = false; @@ -119,15 +119,14 @@ function wp_insert_link($linkdata) { } if ( $update ) { - $wpdb->query("UPDATE $wpdb->links SET link_url='$link_url', - link_name='$link_name', link_image='$link_image', - link_target='$link_target', - link_visible='$link_visible', link_description='$link_description', - link_rating='$link_rating', link_rel='$link_rel', - link_notes='$link_notes', link_rss = '$link_rss' - WHERE link_id='$link_id'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_url = %s, + link_name = %s, link_image = %s, link_target = %s, + link_visible = %s, link_description = %s, link_rating = %s, + link_rel = %s, link_notes = %s, link_rss = %s + WHERE link_id = %s", $link_url, $link_name, $link_image, $link_target, $link_visible, $link_description, $link_rating, $link_rel, $link_notes, $link_rss, $link_id) ); } else { - $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", + $link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss) ); $link_id = (int) $wpdb->insert_id; } diff --git a/wp-admin/includes/class-wp-filesystem-base.php b/wp-admin/includes/class-wp-filesystem-base.php new file mode 100644 index 0000000..7bb6217 --- /dev/null +++ b/wp-admin/includes/class-wp-filesystem-base.php @@ -0,0 +1,158 @@ +method, 'ftp') !== false ) + return FTP_BASE; + return $this->find_folder(ABSPATH); + } + function wp_content_dir() { + if ( defined('FTP_CONTENT_DIR') && strpos($this->method, 'ftp') !== false ) + return FTP_CONTENT_DIR; + return $this->find_folder(WP_CONTENT_DIR); + } + function wp_plugins_dir() { + if ( defined('FTP_PLUGIN_DIR') && strpos($this->method, 'ftp') !== false ) + return FTP_PLUGIN_DIR; + return $this->find_folder(WP_PLUGIN_DIR); + } + function wp_themes_dir() { + return $this->wp_content_dir() . '/themes'; + } + //Back compat: use abspath() or wp_*_dir + function find_base_dir($base = '.', $echo = false) { + $this->verbose = $echo; + return $this->abspath(); + } + //Back compat: use ::abspath() or ::wp_*_dir + function get_base_dir($base = '.', $echo = false) { + $this->verbose = $echo; + return $this->abspath(); + } + + function find_folder($folder) { + $folder = str_replace('\\', '/', $folder); //Windows Sanitiation + if ( isset($this->cache[ $folder ] ) ) + return $this->cache[ $folder ]; + + if ( $this->exists($folder) ) { //Folder exists at that absolute path. + $this->cache[ $folder ] = $folder; + return $folder; + } + if( $return = $this->search_for_folder($folder) ) + $this->cache[ $folder ] = $return; + return $return; + } + + // Assumes $folder is windows sanitized; + // Assumes that the drive letter is safe to be stripped off, Should not be a problem for windows servers. + function search_for_folder($folder, $base = '.', $loop = false ) { + if ( empty( $base ) || '.' == $base ) + $base = trailingslashit($this->cwd()); + + $folder = preg_replace('|^([a-z]{1}):|i', '', $folder); //Strip out windows driveletter if its there. + + $folder_parts = explode('/', $folder); + $last_path = $folder_parts[ count($folder_parts) - 1 ]; + + $files = $this->dirlist( $base ); + + foreach ( $folder_parts as $key ) { + if ( $key == $last_path ) + continue; //We want this to be caught by the next code block. + + //Working from /home/ to /user/ to /wordpress/ see if that file exists within the current folder, + // If its found, change into it and follow through looking for it. + // If it cant find WordPress down that route, it'll continue onto the next folder level, and see if that matches, and so on. + // If it reaches the end, and still cant find it, it'll return false for the entire function. + if( isset($files[ $key ]) ){ + //Lets try that folder: + $newdir = trailingslashit(path_join($base, $key)); + if( $this->verbose ) + printf( __('Changing to %s') . '
', $newdir ); + if( $ret = $this->search_for_folder( $folder, $newdir, $loop) ) + return $ret; + } + } + + //Only check this as a last resort, to prevent locating the incorrect install. All above proceeedures will fail quickly if this is the right branch to take. + if(isset( $files[ $last_path ] ) ) { + if( $this->verbose ) + printf( __('Found %s') . '
', $base . $last_path ); + return $base . $last_path; + } + if( $loop ) + return false;//Prevent tihs function looping again. + //As an extra last resort, Change back to / if the folder wasnt found. This comes into effect when the CWD is /home/user/ but WP is at /var/www/.... mainly dedicated setups. + return $this->search_for_folder($folder, '/', true); + + } + + //Common Helper functions. + function gethchmod($file){ + //From the PHP.net page for ...? + $perms = $this->getchmod($file); + if (($perms & 0xC000) == 0xC000) // Socket + $info = 's'; + elseif (($perms & 0xA000) == 0xA000) // Symbolic Link + $info = 'l'; + elseif (($perms & 0x8000) == 0x8000) // Regular + $info = '-'; + elseif (($perms & 0x6000) == 0x6000) // Block special + $info = 'b'; + elseif (($perms & 0x4000) == 0x4000) // Directory + $info = 'd'; + elseif (($perms & 0x2000) == 0x2000) // Character special + $info = 'c'; + elseif (($perms & 0x1000) == 0x1000)// FIFO pipe + $info = 'p'; + else // Unknown + $info = 'u'; + + // Owner + $info .= (($perms & 0x0100) ? 'r' : '-'); + $info .= (($perms & 0x0080) ? 'w' : '-'); + $info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); + + // Group + $info .= (($perms & 0x0020) ? 'r' : '-'); + $info .= (($perms & 0x0010) ? 'w' : '-'); + $info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); + + // World + $info .= (($perms & 0x0004) ? 'r' : '-'); + $info .= (($perms & 0x0002) ? 'w' : '-'); + $info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); + return $info; + } + function getnumchmodfromh($mode) { + $realmode = ""; + $legal = array("", "w", "r", "x", "-"); + $attarray = preg_split("//", $mode); + + for($i=0; $i < count($attarray); $i++) + if($key = array_search($attarray[$i], $legal)) + $realmode .= $legal[$key]; + + $mode = str_pad($realmode, 9, '-'); + $trans = array('-'=>'0', 'r'=>'4', 'w'=>'2', 'x'=>'1'); + $mode = strtr($mode,$trans); + + $newmode = ''; + $newmode .= $mode[0] + $mode[1] + $mode[2]; + $newmode .= $mode[3] + $mode[4] + $mode[5]; + $newmode .= $mode[6] + $mode[7] + $mode[8]; + return $newmode; + } +} +?> \ No newline at end of file diff --git a/wp-admin/includes/class-wp-filesystem-direct.php b/wp-admin/includes/class-wp-filesystem-direct.php index 45972a3..77a7582 100644 --- a/wp-admin/includes/class-wp-filesystem-direct.php +++ b/wp-admin/includes/class-wp-filesystem-direct.php @@ -1,51 +1,46 @@ method = 'direct'; $this->errors = new WP_Error(); $this->permission = umask(); } - function connect(){ + function connect() { return true; } - function setDefaultPermissions($perm){ + function setDefaultPermissions($perm) { $this->permission = $perm; } - function find_base_dir($base = '.', $echo = false){ - return str_replace('\\','/',ABSPATH); - } - function get_base_dir($base = '.', $echo = false){ - return $this->find_base_dir($base, $echo); - } - function get_contents($file){ + function get_contents($file) { return @file_get_contents($file); } - function get_contents_array($file){ + function get_contents_array($file) { return @file($file); } - function put_contents($file,$contents,$mode=false,$type=''){ - if ( ! ($fp = @fopen($file,'w'.$type)) ) + function put_contents($file, $contents, $mode = false, $type = '') { + if ( ! ($fp = @fopen($file, 'w' . $type)) ) return false; - @fwrite($fp,$contents); + @fwrite($fp, $contents); @fclose($fp); $this->chmod($file,$mode); return true; } - function cwd(){ + function cwd() { return @getcwd(); } - function chdir($dir){ + function chdir($dir) { return @chdir($dir); } - function chgrp($file,$group,$recursive=false){ + function chgrp($file, $group, $recursive = false) { if( ! $this->exists($file) ) return false; if( ! $recursive ) - return @chgrp($file,$group); + return @chgrp($file, $group); if( ! $this->is_dir($file) ) - return @chgrp($file,$group); + return @chgrp($file, $group); //Is a directory, and we want recursive $file = trailingslashit($file); $filelist = $this->dirlist($file); @@ -54,7 +49,7 @@ class WP_Filesystem_Direct{ return true; } - function chmod($file,$mode=false,$recursive=false){ + function chmod($file, $mode = false, $recursive = false) { if( ! $mode ) $mode = $this->permission; if( ! $this->exists($file) ) @@ -62,7 +57,7 @@ class WP_Filesystem_Direct{ if( ! $recursive ) return @chmod($file,$mode); if( ! $this->is_dir($file) ) - return @chmod($file,$mode); + return @chmod($file, $mode); //Is a directory, and we want recursive $file = trailingslashit($file); $filelist = $this->dirlist($file); @@ -71,120 +66,51 @@ class WP_Filesystem_Direct{ return true; } - function chown($file,$owner,$recursive=false){ + function chown($file, $owner, $recursive = false) { if( ! $this->exists($file) ) return false; if( ! $recursive ) - return @chown($file,$owner); + return @chown($file, $owner); if( ! $this->is_dir($file) ) - return @chown($file,$owner); + return @chown($file, $owner); //Is a directory, and we want recursive $filelist = $this->dirlist($file); foreach($filelist as $filename){ - $this->chown($file.'/'.$filename,$owner,$recursive); + $this->chown($file . '/' . $filename, $owner, $recursive); } return true; } - function owner($file){ + function owner($file) { $owneruid = @fileowner($file); if( ! $owneruid ) return false; - if( !function_exists('posix_getpwuid') ) + if( ! function_exists('posix_getpwuid') ) return $owneruid; $ownerarray = posix_getpwuid($owneruid); return $ownerarray['name']; } - function getchmod($file){ + function getchmod($file) { return @fileperms($file); } - function gethchmod($file){ - //From the PHP.net page for ...? - $perms = $this->getchmod($file); - if (($perms & 0xC000) == 0xC000) { - // Socket - $info = 's'; - } elseif (($perms & 0xA000) == 0xA000) { - // Symbolic Link - $info = 'l'; - } elseif (($perms & 0x8000) == 0x8000) { - // Regular - $info = '-'; - } elseif (($perms & 0x6000) == 0x6000) { - // Block special - $info = 'b'; - } elseif (($perms & 0x4000) == 0x4000) { - // Directory - $info = 'd'; - } elseif (($perms & 0x2000) == 0x2000) { - // Character special - $info = 'c'; - } elseif (($perms & 0x1000) == 0x1000) { - // FIFO pipe - $info = 'p'; - } else { - // Unknown - $info = 'u'; - } - - // Owner - $info .= (($perms & 0x0100) ? 'r' : '-'); - $info .= (($perms & 0x0080) ? 'w' : '-'); - $info .= (($perms & 0x0040) ? - (($perms & 0x0800) ? 's' : 'x' ) : - (($perms & 0x0800) ? 'S' : '-')); - - // Group - $info .= (($perms & 0x0020) ? 'r' : '-'); - $info .= (($perms & 0x0010) ? 'w' : '-'); - $info .= (($perms & 0x0008) ? - (($perms & 0x0400) ? 's' : 'x' ) : - (($perms & 0x0400) ? 'S' : '-')); - - // World - $info .= (($perms & 0x0004) ? 'r' : '-'); - $info .= (($perms & 0x0002) ? 'w' : '-'); - $info .= (($perms & 0x0001) ? - (($perms & 0x0200) ? 't' : 'x' ) : - (($perms & 0x0200) ? 'T' : '-')); - return $info; - } - function getnumchmodfromh($mode) { - $realmode = ""; - $legal = array("","w","r","x","-"); - $attarray = preg_split("//",$mode); - for($i=0;$i'0','r'=>'4','w'=>'2','x'=>'1'); - $mode = strtr($mode,$trans); - $newmode = ''; - $newmode .= $mode[0]+$mode[1]+$mode[2]; - $newmode .= $mode[3]+$mode[4]+$mode[5]; - $newmode .= $mode[6]+$mode[7]+$mode[8]; - return $newmode; - } - function group($file){ + function group($file) { $gid = @filegroup($file); if( ! $gid ) return false; - if( !function_exists('posix_getgrgid') ) + if( ! function_exists('posix_getgrgid') ) return $gid; $grouparray = posix_getgrgid($gid); return $grouparray['name']; } - function copy($source,$destination,$overwrite=false){ + function copy($source, $destination, $overwrite = false) { if( ! $overwrite && $this->exists($destination) ) return false; - return copy($source,$destination); + return copy($source, $destination); } - function move($source,$destination,$overwrite=false){ + function move($source, $destination, $overwrite = false) { //Possible to use rename()? - if( $this->copy($source,$destination,$overwrite) && $this->exists($destination) ){ + if( $this->copy($source, $destination, $overwrite) && $this->exists($destination) ){ $this->delete($source); return true; } else { @@ -192,12 +118,12 @@ class WP_Filesystem_Direct{ } } - function delete($file, $recursive=false){ - $file = str_replace('\\','/',$file); //for win32, occasional problems deleteing files otherwise + function delete($file, $recursive = false) { + $file = str_replace('\\', '/', $file); //for win32, occasional problems deleteing files otherwise if( $this->is_file($file) ) return @unlink($file); - if( !$recursive && $this->is_dir($file) ) + if( ! $recursive && $this->is_dir($file) ) return @rmdir($file); //At this point its a folder, and we're in recursive mode @@ -206,7 +132,7 @@ class WP_Filesystem_Direct{ $retval = true; if( is_array($filelist) ) //false if no files, So check first. - foreach($filelist as $filename=>$fileinfo) + foreach($filelist as $filename => $fileinfo) if( ! $this->delete($file . $filename, $recursive) ) $retval = false; @@ -215,34 +141,34 @@ class WP_Filesystem_Direct{ return $retval; } - function exists($file){ + function exists($file) { return @file_exists($file); } - function is_file($file){ + function is_file($file) { return @is_file($file); } - function is_dir($path){ + function is_dir($path) { return @is_dir($path); } - function is_readable($file){ + function is_readable($file) { return @is_readable($file); } - function is_writable($file){ + function is_writable($file) { return @is_writable($file); } - function atime($file){ + function atime($file) { return @fileatime($file); } - function mtime($file){ + function mtime($file) { return @filemtime($file); } - function size($file){ + function size($file) { return @filesize($file); } @@ -251,38 +177,38 @@ class WP_Filesystem_Direct{ $time = time(); if($atime == 0) $atime = time(); - return @touch($file,$time,$atime); + return @touch($file, $time, $atime); } function mkdir($path, $chmod = false, $chown = false, $chgrp = false){ if( ! $chmod) $chmod = $this->permission; - if( !@mkdir($path,$chmod) ) + if( ! @mkdir($path, $chmod) ) return false; if( $chown ) - $this->chown($path,$chown); + $this->chown($path, $chown); if( $chgrp ) - $this->chgrp($path,$chgrp); + $this->chgrp($path, $chgrp); return true; } - function rmdir($path,$recursive=false){ + function rmdir($path, $recursive = false) { //Currently unused and untested, Use delete() instead. if( ! $recursive ) return @rmdir($path); //recursive: $filelist = $this->dirlist($path); - foreach($filelist as $filename=>$det){ - if ( '/' == substr($filename,-1,1) ) - $this->rmdir($path.'/'.$filename,$recursive); + foreach($filelist as $filename => $det) { + if ( '/' == substr($filename, -1, 1) ) + $this->rmdir($path . '/' . $filename, $recursive); @rmdir($filename); } return @rmdir($path); } - function dirlist($path,$incdot=false,$recursive=false){ - if( $this->is_file($path) ){ + function dirlist($path, $incdot = false, $recursive = false) { + if( $this->is_file($path) ) { $limitFile = basename($path); $path = dirname($path); } else { @@ -293,9 +219,9 @@ class WP_Filesystem_Direct{ $ret = array(); $dir = dir($path); - while (false !== ($entry = $dir->read())) { + while (false !== ($entry = $dir->read()) ) { $struc = array(); - $struc['name'] = $entry; + $struc['name'] = $entry; if( '.' == $struc['name'] || '..' == $struc['name'] ) continue; //Do not care about these folders. @@ -315,9 +241,9 @@ class WP_Filesystem_Direct{ $struc['time'] = date('h:i:s',$struc['lastmodunix']); $struc['type'] = $this->is_dir($path.'/'.$entry) ? 'd' : 'f'; - if ('d' == $struc['type'] ){ + if ( 'd' == $struc['type'] ) { if( $recursive ) - $struc['files'] = $this->dirlist($path.'/'.$struc['name'], $incdot, $recursive); + $struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive); else $struc['files'] = array(); } @@ -328,9 +254,5 @@ class WP_Filesystem_Direct{ unset($dir); return $ret; } - - function __destruct(){ - return; - } } ?> diff --git a/wp-admin/includes/class-wp-filesystem-ftpext.php b/wp-admin/includes/class-wp-filesystem-ftpext.php index 32ccd07..2069935 100644 --- a/wp-admin/includes/class-wp-filesystem-ftpext.php +++ b/wp-admin/includes/class-wp-filesystem-ftpext.php @@ -1,11 +1,10 @@ method = 'ftpext'; $this->errors = new WP_Error(); //Check if possible to use ftp functions. @@ -60,12 +60,11 @@ class WP_Filesystem_FTPext{ $this->options['ssl'] = ( !empty($opt['ssl']) ); } - function connect(){ - if ( $this->options['ssl'] && function_exists('ftp_ssl_connect') ) { + function connect() { + if ( $this->options['ssl'] && function_exists('ftp_ssl_connect') ) $this->link = @ftp_ssl_connect($this->options['hostname'], $this->options['port'],$this->timeout); - } else { + else $this->link = @ftp_connect($this->options['hostname'], $this->options['port'],$this->timeout); - } if ( ! $this->link ) { $this->errors->add('connect', sprintf(__('Failed to connect to FTP Server %1$s:%2$s'), $this->options['hostname'], $this->options['port'])); @@ -80,76 +79,11 @@ class WP_Filesystem_FTPext{ return true; } - function setDefaultPermissions($perm){ + function setDefaultPermissions($perm) { $this->permission = $perm; } - - function find_base_dir($base = '.',$echo = false, $loop = false) { - //Sanitize the Windows path formats, This allows easier conparison and aligns it to FTP output. - $abspath = str_replace('\\','/',ABSPATH); //windows: Straighten up the paths.. - if( strpos($abspath, ':') ){ //Windows, Strip out the driveletter - if( preg_match("|.{1}\:(.+)|i", $abspath, $mat) ) - $abspath = $mat[1]; - } - //Set up the base directory (Which unless specified, is the current one) - if( empty( $base ) || '.' == $base ) $base = $this->cwd(); - $base = trailingslashit($base); - - //Can we see the Current directory as part of the ABSPATH? - $location = strpos($abspath, $base); - if( false !== $location ) { - $newbase = path_join($base, substr($abspath, $location + strlen($base))); - - if( false !== $this->chdir($newbase) ){ //chdir sometimes returns null under certain circumstances, even when its changed correctly, FALSE will be returned if it doesnt change correctly. - if($echo) printf( __('Changing to %s') . '
', $newbase ); - //Check to see if it exists in that folder. - if( $this->exists($newbase . 'wp-settings.php') ){ - if($echo) printf( __('Found %s'), $newbase . 'wp-settings.php
' ); - return $newbase; - } - } - } - - //Ok, Couldnt do a magic location from that particular folder level - - //Get a list of the files in the current directory, See if we can locate where we are in the folder stucture. - $files = $this->dirlist($base); - - $arrPath = explode('/', $abspath); - foreach($arrPath as $key){ - //Working from /home/ to /user/ to /wordpress/ see if that file exists within the current folder, - // If its found, change into it and follow through looking for it. - // If it cant find WordPress down that route, it'll continue onto the next folder level, and see if that matches, and so on. - // If it reaches the end, and still cant find it, it'll return false for the entire function. - if( isset($files[ $key ]) ){ - //Lets try that folder: - $folder = path_join($base, $key); - if($echo) printf( __('Changing to %s') . '
', $folder ); - $ret = $this->find_base_dir( $folder, $echo, $loop); - if( $ret ) - return $ret; - } - } - //Only check this as a last resort, to prevent locating the incorrect install. All above proceeedures will fail quickly if this is the right branch to take. - if(isset( $files[ 'wp-settings.php' ]) ){ - if($echo) printf( __('Found %s'), $base . 'wp-settings.php
' ); - return $base; - } - if( $loop ) - return false;//Prevent tihs function looping again. - //As an extra last resort, Change back to / if the folder wasnt found. This comes into effect when the CWD is /home/user/ but WP is at /var/www/.... mainly dedicated setups. - return $this->find_base_dir('/', $echo, true); - } - - function get_base_dir($base = '.', $echo = false){ - if( defined('FTP_BASE') ) - $this->wp_base = FTP_BASE; - if( empty($this->wp_base) ) - $this->wp_base = $this->find_base_dir($base,$echo); - return $this->wp_base; - } - function get_contents($file,$type='',$resumepos=0){ + function get_contents($file, $type = '', $resumepos = 0 ){ if( empty($type) ){ $extension = substr(strrchr($file, "."), 1); $type = isset($this->filetypes[ $extension ]) ? $this->filetypes[ $extension ] : FTP_ASCII; @@ -157,7 +91,7 @@ class WP_Filesystem_FTPext{ $temp = tmpfile(); if ( ! $temp ) return false; - if( ! @ftp_fget($this->link,$temp,$file,$type,$resumepos) ) + if( ! @ftp_fget($this->link, $temp, $file, $type, $resumepos) ) return false; fseek($temp, 0); //Skip back to the start of the file being written to $contents = ''; @@ -167,202 +101,132 @@ class WP_Filesystem_FTPext{ fclose($temp); return $contents; } - function get_contents_array($file){ - return explode("\n",$this->get_contents($file)); + function get_contents_array($file) { + return explode("\n", $this->get_contents($file)); } - function put_contents($file,$contents,$type=''){ - if( empty($type) ){ + function put_contents($file, $contents, $type = '' ) { + if( empty($type) ) { $extension = substr(strrchr($file, "."), 1); $type = isset($this->filetypes[ $extension ]) ? $this->filetypes[ $extension ] : FTP_ASCII; } $temp = tmpfile(); if ( ! $temp ) return false; - fwrite($temp,$contents); + fwrite($temp, $contents); fseek($temp, 0); //Skip back to the start of the file being written to - $ret = @ftp_fput($this->link,$file,$temp,$type); + $ret = @ftp_fput($this->link, $file, $temp, $type); fclose($temp); return $ret; } - function cwd(){ + function cwd() { $cwd = ftp_pwd($this->link); if( $cwd ) $cwd = trailingslashit($cwd); return $cwd; } - function chdir($dir){ + function chdir($dir) { return @ftp_chdir($dir); } - function chgrp($file,$group,$recursive=false){ + function chgrp($file, $group, $recursive = false ) { return false; } - function chmod($file,$mode=false,$recursive=false){ + function chmod($file, $mode = false, $recursive = false) { if( ! $mode ) $mode = $this->permission; if( ! $mode ) return false; if ( ! $this->exists($file) ) return false; - if ( ! $recursive || ! $this->is_dir($file) ){ - if (!function_exists('ftp_chmod')) + if ( ! $recursive || ! $this->is_dir($file) ) { + if ( ! function_exists('ftp_chmod') ) return @ftp_site($this->link, sprintf('CHMOD %o %s', $mode, $file)); - return @ftp_chmod($this->link,$mode,$file); + return @ftp_chmod($this->link, $mode, $file); } //Is a directory, and we want recursive $filelist = $this->dirlist($file); foreach($filelist as $filename){ - $this->chmod($file.'/'.$filename,$mode,$recursive); + $this->chmod($file . '/' . $filename, $mode, $recursive); } return true; } - function chown($file,$owner,$recursive=false){ + function chown($file, $owner, $recursive = false ) { return false; } - function owner($file){ + function owner($file) { $dir = $this->dirlist($file); return $dir[$file]['owner']; } - function getchmod($file){ + function getchmod($file) { $dir = $this->dirlist($file); return $dir[$file]['permsn']; } - function gethchmod($file){ - //From the PHP.net page for ...? - $perms = $this->getchmod($file); - if (($perms & 0xC000) == 0xC000) { - // Socket - $info = 's'; - } elseif (($perms & 0xA000) == 0xA000) { - // Symbolic Link - $info = 'l'; - } elseif (($perms & 0x8000) == 0x8000) { - // Regular - $info = '-'; - } elseif (($perms & 0x6000) == 0x6000) { - // Block special - $info = 'b'; - } elseif (($perms & 0x4000) == 0x4000) { - // Directory - $info = 'd'; - } elseif (($perms & 0x2000) == 0x2000) { - // Character special - $info = 'c'; - } elseif (($perms & 0x1000) == 0x1000) { - // FIFO pipe - $info = 'p'; - } else { - // Unknown - $info = 'u'; - } - - // Owner - $info .= (($perms & 0x0100) ? 'r' : '-'); - $info .= (($perms & 0x0080) ? 'w' : '-'); - $info .= (($perms & 0x0040) ? - (($perms & 0x0800) ? 's' : 'x' ) : - (($perms & 0x0800) ? 'S' : '-')); - - // Group - $info .= (($perms & 0x0020) ? 'r' : '-'); - $info .= (($perms & 0x0010) ? 'w' : '-'); - $info .= (($perms & 0x0008) ? - (($perms & 0x0400) ? 's' : 'x' ) : - (($perms & 0x0400) ? 'S' : '-')); - - // World - $info .= (($perms & 0x0004) ? 'r' : '-'); - $info .= (($perms & 0x0002) ? 'w' : '-'); - $info .= (($perms & 0x0001) ? - (($perms & 0x0200) ? 't' : 'x' ) : - (($perms & 0x0200) ? 'T' : '-')); - return $info; - } - function getnumchmodfromh($mode) { - $realmode = ""; - $legal = array("","w","r","x","-"); - $attarray = preg_split("//",$mode); - for($i=0;$i'0','r'=>'4','w'=>'2','x'=>'1'); - $mode = strtr($mode,$trans); - $newmode = ''; - $newmode .= $mode[0]+$mode[1]+$mode[2]; - $newmode .= $mode[3]+$mode[4]+$mode[5]; - $newmode .= $mode[6]+$mode[7]+$mode[8]; - return $newmode; - } - function group($file){ + function group($file) { $dir = $this->dirlist($file); return $dir[$file]['group']; } - function copy($source,$destination,$overwrite=false){ + function copy($source, $destination, $overwrite = false ) { if( ! $overwrite && $this->exists($destination) ) return false; $content = $this->get_contents($source); if( false === $content) return false; - return $this->put_contents($destination,$content); + return $this->put_contents($destination, $content); } - function move($source,$destination,$overwrite=false){ - return ftp_rename($this->link,$source,$destination); + function move($source, $destination, $overwrite = false) { + return ftp_rename($this->link, $source, $destination); } function delete($file,$recursive=false) { if ( $this->is_file($file) ) - return @ftp_delete($this->link,$file); + return @ftp_delete($this->link, $file); if ( !$recursive ) - return @ftp_rmdir($this->link,$file); + return @ftp_rmdir($this->link, $file); $filelist = $this->dirlist($file); foreach ((array) $filelist as $filename => $fileinfo) { - $this->delete($file.'/'.$filename,$recursive); + $this->delete($file . '/' . $filename, $recursive); } - return @ftp_rmdir($this->link,$file); + return @ftp_rmdir($this->link, $file); } - function exists($file){ - $list = ftp_rawlist($this->link,$file,false); + function exists($file) { + $list = ftp_rawlist($this->link, $file, false); if( ! $list ) return false; return count($list) == 1 ? true : false; } - function is_file($file){ + function is_file($file) { return $this->is_dir($file) ? false : true; } - function is_dir($path){ + function is_dir($path) { $cwd = $this->cwd(); $result = @ftp_chdir($this->link, $path); - if( $result && $path == $this->cwd() || - $this->cwd() != $cwd ) { + if( $result && $path == $this->cwd() || $this->cwd() != $cwd ) { @ftp_chdir($this->link, $cwd); return true; } return false; } - function is_readable($file){ + function is_readable($file) { //Get dir list, Check if the file is writable by the current user?? return true; } - function is_writable($file){ + function is_writable($file) { //Get dir list, Check if the file is writable by the current user?? return true; } - function atime($file){ + function atime($file) { return false; } - function mtime($file){ + function mtime($file) { return ftp_mdtm($this->link, $file); } - function size($file){ + function size($file) { return ftp_size($this->link, $file); } - function touch($file,$time=0,$atime=0){ + function touch($file, $time = 0, $atime = 0) { return false; } - function mkdir($path,$chmod=false,$chown=false,$chgrp=false){ + function mkdir($path, $chmod = false, $chown = false, $chgrp = false) { if( !@ftp_mkdir($this->link, $path) ) return false; if( $chmod ) @@ -373,7 +237,7 @@ class WP_Filesystem_FTPext{ $this->chgrp($path, $chgrp); return true; } - function rmdir($path,$recursive=false){ + function rmdir($path, $recursive = false) { if( ! $recursive ) return @ftp_rmdir($this->link, $path); @@ -385,9 +249,9 @@ class WP_Filesystem_FTPext{ function parselisting($line) { $is_windows = ($this->OS_remote == FTP_OS_Windows); - if ($is_windows && preg_match("/([0-9]{2})-([0-9]{2})-([0-9]{2}) +([0-9]{2}):([0-9]{2})(AM|PM) +([0-9]+|) +(.+)/",$line,$lucifer)) { + if ($is_windows && preg_match("/([0-9]{2})-([0-9]{2})-([0-9]{2}) +([0-9]{2}):([0-9]{2})(AM|PM) +([0-9]+|) +(.+)/", $line, $lucifer)) { $b = array(); - if ($lucifer[3]<70) { $lucifer[3]+=2000; } else { $lucifer[3]+=1900; } // 4digit year fix + if ($lucifer[3]<70) { $lucifer[3] +=2000; } else { $lucifer[3]+=1900; } // 4digit year fix $b['isdir'] = ($lucifer[7]==""); if ( $b['isdir'] ) $b['type'] = 'd'; @@ -445,15 +309,15 @@ class WP_Filesystem_FTPext{ return $b; } - function dirlist($path='.',$incdot=false,$recursive=false){ - if( $this->is_file($path) ){ + function dirlist($path = '.', $incdot = false, $recursive = false) { + if( $this->is_file($path) ) { $limitFile = basename($path); $path = dirname($path) . '/'; } else { $limitFile = false; } - $list = @ftp_rawlist($this->link , '-a ' . $path, false); + $list = @ftp_rawlist($this->link, '-a ' . $path, false); if ( $list === false ) return false; @@ -464,10 +328,10 @@ class WP_Filesystem_FTPext{ if ( empty($entry) ) continue; - if ( $entry["name"]=="." or $entry["name"]==".." ) + if ( '.' == $entry["name"] || '..' == $entry["name"] ) continue; - $dirlist[$entry['name']] = $entry; + $dirlist[ $entry['name'] ] = $entry; } if ( ! $dirlist ) @@ -485,11 +349,11 @@ class WP_Filesystem_FTPext{ //We're including the doted starts if( '.' != $struc['name'] && '..' != $struc['name'] ){ //Ok, It isnt a special folder if ($recursive) - $struc['files'] = $this->dirlist($path.'/'.$struc['name'],$incdot,$recursive); + $struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive); } } else { //No dots if ($recursive) - $struc['files'] = $this->dirlist($path.'/'.$struc['name'],$incdot,$recursive); + $struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive); } } //File diff --git a/wp-admin/includes/class-wp-filesystem-ftpsockets.php b/wp-admin/includes/class-wp-filesystem-ftpsockets.php index 5365623..3b6cdcc 100644 --- a/wp-admin/includes/class-wp-filesystem-ftpsockets.php +++ b/wp-admin/includes/class-wp-filesystem-ftpsockets.php @@ -1,29 +1,29 @@ FTP_ASCII, - 'css'=>FTP_ASCII, - 'txt'=>FTP_ASCII, - 'js'=>FTP_ASCII, - 'html'=>FTP_ASCII, - 'htm'=>FTP_ASCII, - 'xml'=>FTP_ASCII, - - 'jpg'=>FTP_BINARY, - 'png'=>FTP_BINARY, - 'gif'=>FTP_BINARY, - 'bmp'=>FTP_BINARY + 'php' => FTP_ASCII, + 'css' => FTP_ASCII, + 'txt' => FTP_ASCII, + 'js' => FTP_ASCII, + 'html'=> FTP_ASCII, + 'htm' => FTP_ASCII, + 'xml' => FTP_ASCII, + + 'jpg' => FTP_BINARY, + 'png' => FTP_BINARY, + 'gif' => FTP_BINARY, + 'bmp' => FTP_BINARY ); function WP_Filesystem_ftpsockets($opt='') { + $this->method = 'ftpsockets'; $this->errors = new WP_Error(); //Check if possible to use ftp functions. @@ -86,241 +86,109 @@ class WP_Filesystem_ftpsockets{ $this->permission = $perm; } - function find_base_dir($base = '.',$echo = false, $loop = false) { - //Sanitize the Windows path formats, This allows easier conparison and aligns it to FTP output. - $abspath = str_replace('\\','/',ABSPATH); //windows: Straighten up the paths.. - if( strpos($abspath, ':') ){ //Windows, Strip out the driveletter - if( preg_match("|.{1}\:(.+)|i", $abspath, $mat) ) - $abspath = $mat[1]; - } - - //Set up the base directory (Which unless specified, is the current one) - if( empty( $base ) || '.' == $base ) $base = $this->cwd(); - $base = trailingslashit($base); - - //Can we see the Current directory as part of the ABSPATH? - $location = strpos($abspath, $base); - if( false !== $location ) { - $newbase = path_join($base, substr($abspath, $location + strlen($base))); - - if( false !== $this->chdir($newbase) ){ //chdir sometimes returns null under certain circumstances, even when its changed correctly, FALSE will be returned if it doesnt change correctly. - if($echo) printf( __('Changing to %s') . '
', $newbase ); - //Check to see if it exists in that folder. - if( $this->exists($newbase . 'wp-settings.php') ){ - if($echo) printf( __('Found %s'), $newbase . 'wp-settings.php
' ); - return $newbase; - } - } - } - - //Ok, Couldnt do a magic location from that particular folder level - - //Get a list of the files in the current directory, See if we can locate where we are in the folder stucture. - $files = $this->dirlist($base); - - $arrPath = explode('/', $abspath); - foreach($arrPath as $key){ - //Working from /home/ to /user/ to /wordpress/ see if that file exists within the current folder, - // If its found, change into it and follow through looking for it. - // If it cant find WordPress down that route, it'll continue onto the next folder level, and see if that matches, and so on. - // If it reaches the end, and still cant find it, it'll return false for the entire function. - if( isset($files[ $key ]) ){ - //Lets try that folder: - $folder = path_join($base, $key); - if($echo) printf( __('Changing to %s') . '
', $folder ); - $ret = $this->find_base_dir( $folder, $echo, $loop); - if( $ret ) - return $ret; - } - } - //Only check this as a last resort, to prevent locating the incorrect install. All above proceeedures will fail quickly if this is the right branch to take. - if(isset( $files[ 'wp-settings.php' ]) ){ - if($echo) printf( __('Found %s'), $base . 'wp-settings.php
' ); - return $base; - } - if( $loop ) - return false;//Prevent tihs function looping again. - //As an extra last resort, Change back to / if the folder wasnt found. This comes into effect when the CWD is /home/user/ but WP is at /var/www/.... mainly dedicated setups. - return $this->find_base_dir('/', $echo, true); - } - - function get_base_dir($base = '.', $echo = false){ - if( defined('FTP_BASE') ) - $this->wp_base = FTP_BASE; - if( empty($this->wp_base) ) - $this->wp_base = $this->find_base_dir($base, $echo); - return $this->wp_base; - } - - function get_contents($file,$type='',$resumepos=0){ + function get_contents($file, $type = '', $resumepos = 0){ if( ! $this->exists($file) ) return false; if( empty($type) ){ - $extension = substr(strrchr($file, "."), 1); + $extension = substr(strrchr($file, '.'), 1); $type = isset($this->filetypes[ $extension ]) ? $this->filetypes[ $extension ] : FTP_AUTOASCII; } $this->ftp->SetType($type); - $temp = tmpfile(); - if ( ! $temp ) + $temp = wp_tempnam( $file ); + if ( ! $temphandle = fopen($temp, 'w+') ) return false; - if ( ! $this->ftp->fget($temp, $file) ) { - fclose($temp); + if ( ! $this->ftp->fget($temphandle, $file) ) { + fclose($temphandle); + unlink($temp); return ''; //Blank document, File does exist, Its just blank. } - fseek($temp, 0); //Skip back to the start of the file being written to + fseek($temphandle, 0); //Skip back to the start of the file being written to $contents = ''; - while ( !feof($temp) ) - $contents .= fread($temp, 8192); - fclose($temp); + while ( ! feof($temphandle) ) + $contents .= fread($temphandle, 8192); + fclose($temphandle); + unlink($temp); return $contents; } function get_contents_array($file){ - return explode("\n",$this->get_contents($file)); + return explode("\n", $this->get_contents($file) ); } - function put_contents($file,$contents,$type=''){ + function put_contents($file, $contents, $type = '' ) { if( empty($type) ){ - $extension = substr(strrchr($file, "."), 1); - $type = isset($this->filetypes[ $extension ]) ? $this->filetypes[ $extension ] : FTP_ASCII; + $extension = substr(strrchr($file, '.'), 1); + $type = isset($this->filetypes[ $extension ]) ? $this->filetypes[ $extension ] : FTP_AUTOASCII; } $this->ftp->SetType($type); - $temp = tmpfile(); - if ( ! $temp ) + $temp = wp_tempnam( $file ); + if ( ! $temphandle = fopen($temp, 'w+') ){ + unlink($temp); return false; - fwrite($temp,$contents); - fseek($temp, 0); //Skip back to the start of the file being written to - $ret = $this->ftp->fput($file, $temp); - fclose($temp); + } + fwrite($temphandle, $contents); + fseek($temphandle, 0); //Skip back to the start of the file being written to + $ret = $this->ftp->fput($file, $temphandle); + fclose($temphandle); + unlink($temp); return $ret; } - function cwd(){ + function cwd() { $cwd = $this->ftp->pwd(); if( $cwd ) $cwd = trailingslashit($cwd); return $cwd; } - function chdir($file){ + function chdir($file) { return $this->ftp->chdir($file); } - function chgrp($file,$group,$recursive=false){ + function chgrp($file, $group, $recursive = false ) { return false; } - function chmod($file,$mode=false,$recursive=false){ + function chmod($file, $mode = false, $recursive = false ){ if( ! $mode ) $mode = $this->permission; if( ! $mode ) return false; //if( ! $this->exists($file) ) // return false; - if( ! $recursive || ! $this->is_dir($file) ){ + if( ! $recursive || ! $this->is_dir($file) ) { return $this->ftp->chmod($file,$mode); } //Is a directory, and we want recursive $filelist = $this->dirlist($file); foreach($filelist as $filename){ - $this->chmod($file.'/'.$filename,$mode,$recursive); + $this->chmod($file . '/' . $filename, $mode, $recursive); } return true; } - function chown($file,$owner,$recursive=false){ + function chown($file, $owner, $recursive = false ) { return false; } - function owner($file){ + function owner($file) { $dir = $this->dirlist($file); return $dir[$file]['owner']; } - function getchmod($file){ + function getchmod($file) { $dir = $this->dirlist($file); return $dir[$file]['permsn']; } - function gethchmod($file){ - //From the PHP.net page for ...? - $perms = $this->getchmod($file); - if (($perms & 0xC000) == 0xC000) { - // Socket - $info = 's'; - } elseif (($perms & 0xA000) == 0xA000) { - // Symbolic Link - $info = 'l'; - } elseif (($perms & 0x8000) == 0x8000) { - // Regular - $info = '-'; - } elseif (($perms & 0x6000) == 0x6000) { - // Block special - $info = 'b'; - } elseif (($perms & 0x4000) == 0x4000) { - // Directory - $info = 'd'; - } elseif (($perms & 0x2000) == 0x2000) { - // Character special - $info = 'c'; - } elseif (($perms & 0x1000) == 0x1000) { - // FIFO pipe - $info = 'p'; - } else { - // Unknown - $info = 'u'; - } - - // Owner - $info .= (($perms & 0x0100) ? 'r' : '-'); - $info .= (($perms & 0x0080) ? 'w' : '-'); - $info .= (($perms & 0x0040) ? - (($perms & 0x0800) ? 's' : 'x' ) : - (($perms & 0x0800) ? 'S' : '-')); - - // Group - $info .= (($perms & 0x0020) ? 'r' : '-'); - $info .= (($perms & 0x0010) ? 'w' : '-'); - $info .= (($perms & 0x0008) ? - (($perms & 0x0400) ? 's' : 'x' ) : - (($perms & 0x0400) ? 'S' : '-')); - - // World - $info .= (($perms & 0x0004) ? 'r' : '-'); - $info .= (($perms & 0x0002) ? 'w' : '-'); - $info .= (($perms & 0x0001) ? - (($perms & 0x0200) ? 't' : 'x' ) : - (($perms & 0x0200) ? 'T' : '-')); - return $info; - } - - function getnumchmodfromh($mode) { - $realmode = ""; - $legal = array("","w","r","x","-"); - $attarray = preg_split("//",$mode); - for($i=0;$i'0','r'=>'4','w'=>'2','x'=>'1'); - $mode = strtr($mode,$trans); - $newmode = ''; - $newmode .= $mode[0]+$mode[1]+$mode[2]; - $newmode .= $mode[3]+$mode[4]+$mode[5]; - $newmode .= $mode[6]+$mode[7]+$mode[8]; - return $newmode; - } - - function group($file){ + function group($file) { $dir = $this->dirlist($file); return $dir[$file]['group']; } - function copy($source,$destination,$overwrite=false){ + function copy($source, $destination, $overwrite = false ) { if( ! $overwrite && $this->exists($destination) ) return false; @@ -328,14 +196,14 @@ class WP_Filesystem_ftpsockets{ if ( false === $content ) return false; - return $this->put_contents($destination,$content); + return $this->put_contents($destination, $content); } - function move($source,$destination,$overwrite=false){ - return $this->ftp->rename($source,$destination); + function move($source, $destination, $overwrite = false ) { + return $this->ftp->rename($source, $destination); } - function delete($file,$recursive=false) { + function delete($file, $recursive = false ) { if ( $this->is_file($file) ) return $this->ftp->delete($file); if ( !$recursive ) @@ -344,15 +212,15 @@ class WP_Filesystem_ftpsockets{ return $this->ftp->mdel($file); } - function exists($file){ + function exists($file) { return $this->ftp->is_exists($file); } - function is_file($file){ + function is_file($file) { return $this->is_dir($file) ? false : true; } - function is_dir($path){ + function is_dir($path) { $cwd = $this->cwd(); if ( $this->chdir($path) ) { $this->chdir($cwd); @@ -361,33 +229,33 @@ class WP_Filesystem_ftpsockets{ return false; } - function is_readable($file){ + function is_readable($file) { //Get dir list, Check if the file is writable by the current user?? return true; } - function is_writable($file){ + function is_writable($file) { //Get dir list, Check if the file is writable by the current user?? return true; } - function atime($file){ + function atime($file) { return false; } - function mtime($file){ + function mtime($file) { return $this->ftp->mdtm($file); } - function size($file){ + function size($file) { return $this->ftp->filesize($file); } - function touch($file,$time=0,$atime=0){ + function touch($file, $time = 0, $atime = 0 ){ return false; } - function mkdir($path,$chmod=false,$chown=false,$chgrp=false){ + function mkdir($path, $chmod = false, $chown = false, $chgrp = false ) { if( ! $this->ftp->mkdir($path) ) return false; if( $chmod ) @@ -399,15 +267,15 @@ class WP_Filesystem_ftpsockets{ return true; } - function rmdir($path,$recursive=false){ + function rmdir($path, $recursive = false ) { if( ! $recursive ) return $this->ftp->rmdir($path); return $this->ftp->mdel($path); } - function dirlist($path='.',$incdot=false,$recursive=false){ - if( $this->is_file($path) ){ + function dirlist($path = '.', $incdot = false, $recursive = false ) { + if( $this->is_file($path) ) { $limitFile = basename($path); $path = dirname($path) . '/'; } else { @@ -430,11 +298,11 @@ class WP_Filesystem_ftpsockets{ //We're including the doted starts if( '.' != $struc['name'] && '..' != $struc['name'] ){ //Ok, It isnt a special folder if ($recursive) - $struc['files'] = $this->dirlist($path.'/'.$struc['name'],$incdot,$recursive); + $struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive); } } else { //No dots if ($recursive) - $struc['files'] = $this->dirlist($path.'/'.$struc['name'],$incdot,$recursive); + $struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive); } } //File diff --git a/wp-admin/includes/comment.php b/wp-admin/includes/comment.php index 0f2aa61..8a47fe6 100644 --- a/wp-admin/includes/comment.php +++ b/wp-admin/includes/comment.php @@ -3,8 +3,8 @@ function comment_exists($comment_author, $comment_date) { global $wpdb; - return $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments - WHERE comment_author = '$comment_author' AND comment_date = '$comment_date'"); + return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments + WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) ); } function edit_comment() { diff --git a/wp-admin/includes/dashboard.php b/wp-admin/includes/dashboard.php index 97fd26a..1b4f86e 100644 --- a/wp-admin/includes/dashboard.php +++ b/wp-admin/includes/dashboard.php @@ -225,7 +225,7 @@ function wp_dashboard_dynamic_sidebar_params( $params ) { } if ( $widget_feed_link ) - $links[] = '' . __( 'rss icon' ) . ' ' . __( 'RSS' ) . ''; + $links[] = '' . __( 'rss icon' ) . ' ' . __( 'RSS' ) . ''; $links = apply_filters( "wp_dashboard_widget_links_$widget_id", $links ); @@ -269,7 +269,7 @@ function wp_dashboard_recent_comments( $sidebar_args ) { $lambda = create_function( '', 'return 5;' ); add_filter( 'option_posts_per_rss', $lambda ); // hack - comments query doesn't accept per_page parameter - $comments_query = new WP_Query('feed=rss2&withcomments=1'); + $comments_query = new WP_Query(array('feed' => 'rss2', 'withcomments' => 1)); remove_filter( 'option_posts_per_rss', $lambda ); $is_first = true; @@ -389,8 +389,7 @@ function wp_dashboard_secondary_output() { $rss->items = array_slice($rss->items, 0, $items); foreach ($rss->items as $item ) { $title = wp_specialchars($item['title']); - $author = preg_replace( '|(.+?):.+|s', '$1', $item['title'] ); - $post = preg_replace( '|.+?:(.+)|s', '$1', $item['title'] ); + list($author,$post) = explode( ':', $title, 2 ); $link = clean_url($item['link']); echo "\t
  • $post$author
    • \n"; diff --git a/wp-admin/includes/export.php b/wp-admin/includes/export.php index 5590826..00201fa 100644 --- a/wp-admin/includes/export.php +++ b/wp-admin/includes/export.php @@ -17,7 +17,7 @@ header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true); $where = ''; if ( $author and $author != 'all' ) { $author_id = (int) $author; - $where = " WHERE post_author = '$author_id' "; + $where = $wpdb->prepare(" WHERE post_author = %d ", $author_id); } // grab a snapshot of post IDs, just in case it changes during the export @@ -201,6 +201,7 @@ echo '\n"; post_content) ); ?> +post_excerpt) ); ?> ID; ?> post_date; ?> post_date_gmt; ?> @@ -217,7 +218,7 @@ if ($post->post_type == 'attachment') { ?> ID); ?> get_results("SELECT * FROM $wpdb->postmeta WHERE post_id = $post->ID"); +$postmeta = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) ); if ( $postmeta ) { ?> @@ -228,7 +229,7 @@ if ( $postmeta ) { get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post->ID"); +$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) ); if ( $comments ) { foreach ( $comments as $c ) { ?> comment_ID; ?> diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index 01da1d0..29609b2 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -34,9 +34,9 @@ function get_home_path() { function get_real_file_to_edit( $file ) { if ('index.php' == $file || '.htaccess' == $file ) { - $real_file = get_home_path().$file; + $real_file = get_home_path() . $file; } else { - $real_file = ABSPATH.$file; + $real_file = WP_CONTENT_DIR . $file; } return $real_file; @@ -46,7 +46,7 @@ function get_temp_dir() { if ( defined('WP_TEMP_DIR') ) return trailingslashit(WP_TEMP_DIR); - $temp = ABSPATH . 'wp-content/'; + $temp = WP_CONTENT_DIR . '/'; if ( is_dir($temp) && is_writable($temp) ) return $temp; @@ -56,6 +56,18 @@ function get_temp_dir() { return '/tmp/'; } +function wp_tempnam($filename = '', $dir = ''){ + if ( empty($dir) ) + $dir = get_temp_dir(); + $filename = basename($filename); + if ( empty($filename) ) + $filename = time(); + + $filename = $dir . wp_unique_filename($dir, $filename); + touch($filename); + return $filename; +} + function validate_file_to_edit( $file, $allowed_files = '' ) { $file = stripslashes( $file ); @@ -174,6 +186,98 @@ function wp_handle_upload( &$file, $overrides = false ) { return $return; } +// Pass this function an array similar to that of a $_FILES POST array. +function wp_handle_sideload( &$file, $overrides = false ) { + // The default error handler. + if (! function_exists( 'wp_handle_upload_error' ) ) { + function wp_handle_upload_error( &$file, $message ) { + return array( 'error'=>$message ); + } + } + + // You may define your own function and pass the name in $overrides['upload_error_handler'] + $upload_error_handler = 'wp_handle_upload_error'; + + // $_POST['action'] must be set and its value must equal $overrides['action'] or this: + $action = 'wp_handle_sideload'; + + // Courtesy of php.net, the strings that describe the error indicated in $_FILES[{form field}]['error']. + $upload_error_strings = array( false, + __( "The file exceeds the upload_max_filesize directive in php.ini." ), + __( "The file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form." ), + __( "The file was only partially uploaded." ), + __( "No file was sent." ), + __( "Missing a temporary folder." ), + __( "Failed to write file to disk." )); + + // All tests are on by default. Most can be turned off by $override[{test_name}] = false; + $test_form = true; + $test_size = true; + + // If you override this, you must provide $ext and $type!!!! + $test_type = true; + $mimes = false; + + // Install user overrides. Did we mention that this voids your warranty? + if ( is_array( $overrides ) ) + extract( $overrides, EXTR_OVERWRITE ); + + // A correct form post will pass this test. + if ( $test_form && (!isset( $_POST['action'] ) || ($_POST['action'] != $action ) ) ) + return $upload_error_handler( $file, __( 'Invalid form submission.' )); + + // A successful upload will pass this test. It makes no sense to override this one. + if ( $file['error'] > 0 ) + return $upload_error_handler( $file, $upload_error_strings[$file['error']] ); + + // A non-empty file will pass this test. + if ( $test_size && !(filesize($file['tmp_name']) > 0 ) ) + return $upload_error_handler( $file, __( 'File is empty. Please upload something more substantial. This error could also be caused by uploads being disabled in your php.ini.' )); + + // A properly uploaded file will pass this test. There should be no reason to override this one. + if (! @ is_file( $file['tmp_name'] ) ) + return $upload_error_handler( $file, __( 'Specified file does not exist.' )); + + // A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter. + if ( $test_type ) { + $wp_filetype = wp_check_filetype( $file['name'], $mimes ); + + extract( $wp_filetype ); + + if ( ( !$type || !$ext ) && !current_user_can( 'unfiltered_upload' ) ) + return $upload_error_handler( $file, __( 'File type does not meet security guidelines. Try another.' )); + + if ( !$ext ) + $ext = ltrim(strrchr($file['name'], '.'), '.'); + + if ( !$type ) + $type = $file['type']; + } + + // A writable uploads dir will pass this test. Again, there's no point overriding this one. + if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) ) + return $upload_error_handler( $file, $uploads['error'] ); + + $filename = wp_unique_filename( $uploads['path'], $file['name'], $unique_filename_callback ); + + // Move the file to the uploads dir + $new_file = $uploads['path'] . "/$filename"; + if ( false === @ rename( $file['tmp_name'], $new_file ) ) { + return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ) ); + } + + // Set correct file permissions + $stat = stat( dirname( $new_file )); + $perms = $stat['mode'] & 0000666; + @ chmod( $new_file, $perms ); + + // Compute the URL + $url = $uploads['url'] . "/$filename"; + + $return = apply_filters( 'wp_handle_upload', array( 'file' => $new_file, 'url' => $url, 'type' => $type ) ); + + return $return; +} /** * Downloads a url to a local file using the Snoopy HTTP Class @@ -186,7 +290,7 @@ function download_url( $url ) { if( ! $url ) return new WP_Error('http_no_url', __('Invalid URL Provided')); - $tmpfname = tempnam(get_temp_dir(), 'wpupdate'); + $tmpfname = wp_tempnam($url); if( ! $tmpfname ) return new WP_Error('http_no_file', __('Could not create Temporary file')); @@ -246,13 +350,13 @@ function unzip_file($file, $to) { $tmppath .= $path[$j] . '/'; if ( ! $fs->is_dir($to . $tmppath) ) if ( !$fs->mkdir($to . $tmppath, 0755) ) - return new WP_Error('mkdir_failed', __('Could not create directory')); + return new WP_Error('mkdir_failed', __('Could not create directory'), $to . $tmppath); } // We've made sure the folders are there, so let's extract the file now: if ( ! $file['folder'] ) if ( !$fs->put_contents( $to . $file['filename'], $file['content']) ) - return new WP_Error('copy_failed', __('Could not copy file')); + return new WP_Error('copy_failed', __('Could not copy file'), $to . $file['filename']); $fs->chmod($to . $file['filename'], 0644); } @@ -270,27 +374,33 @@ function copy_dir($from, $to) { foreach ( (array) $dirlist as $filename => $fileinfo ) { if ( 'f' == $fileinfo['type'] ) { if ( ! $wp_filesystem->copy($from . $filename, $to . $filename, true) ) - return false; + return new WP_Error('copy_failed', __('Could not copy file'), $to . $filename); $wp_filesystem->chmod($to . $filename, 0644); } elseif ( 'd' == $fileinfo['type'] ) { if ( !$wp_filesystem->mkdir($to . $filename, 0755) ) - return false; - if ( !copy_dir($from . $filename, $to . $filename) ) - return false; + return new WP_Error('mkdir_failed', __('Could not create directory'), $to . $filename); + $result = copy_dir($from . $filename, $to . $filename); + if ( is_wp_error($result) ) + return $result; } } - - return true; } -function WP_Filesystem( $args = false, $preference = false ) { +function WP_Filesystem( $args = false ) { global $wp_filesystem; - $method = get_filesystem_method($preference); + require_once(ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php'); + + $method = get_filesystem_method(); + if ( ! $method ) return false; - require_once('class-wp-filesystem-'.$method.'.php'); + $abstraction_file = apply_filters('filesystem_method_file', ABSPATH . 'wp-admin/includes/class-wp-filesystem-'.$method.'.php', $method); + if( ! file_exists($abstraction_file) ) + return; + + require_once($abstraction_file); $method = "WP_Filesystem_$method"; $wp_filesystem = new $method($args); @@ -305,18 +415,17 @@ function WP_Filesystem( $args = false, $preference = false ) { } function get_filesystem_method() { - $tempFile = tempnam(get_temp_dir(), 'WPU'); - - if ( getmyuid() == fileowner($tempFile) ) { - unlink($tempFile); - return 'direct'; - } else { - unlink($tempFile); + $method = false; + if( function_exists('getmyuid') && function_exists('fileowner') ){ + $temp_file = wp_tempnam(); + if ( getmyuid() == fileowner($temp_file) ) + $method = 'direct'; + unlink($temp_file); } - if ( extension_loaded('ftp') ) return 'ftpext'; - if ( extension_loaded('sockets') || function_exists('fsockopen') ) return 'ftpsockets'; //Sockets: Socket extension; PHP Mode: FSockopen / fwrite / fread - return false; + if ( ! $method && extension_loaded('ftp') ) $method = 'ftpext'; + if ( ! $method && ( extension_loaded('sockets') || function_exists('fsockopen') ) ) $method = 'ftpsockets'; //Sockets: Socket extension; PHP Mode: FSockopen / fwrite / fread + return apply_filters('filesystem_method', $method); } ?> diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index 0fb84bb..4d42def 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -116,6 +116,83 @@ function media_handle_upload($file_id, $post_id, $post_data = array()) { } +function media_sideload_image($file, $post_id, $desc = null) { + + if (!empty($file) ) { + // Upload File button was clicked + + $file_array['name'] = basename($file); + $file_array['tmp_name'] = download_url($file); + $desc = @$desc; + + $sideload = media_handle_sideload($file_array, $post_id, $desc); + + $id = $sideload['id']; + $src = $sideload['src']; + + unset($file_array['tmp_name']); + unset($file_array); + + if ( is_wp_error($id) ) { + $errors['upload_error'] = $id; + $id = false; + } + } + + if ( !empty($src) && !strpos($src, '://') ) + + $src = "http://$src"; + $alt = @$desc; + + if ( !empty($src) ) + $html = "$alt"; + return $html; + +} + +function media_handle_sideload($file_array, $post_id, $desc = null, $post_data = array()) { + $overrides = array('test_form'=>false); + $file = wp_handle_sideload($file_array, $overrides); + + if ( isset($file['error']) ) + return new wp_error( 'upload_error', $file['error'] ); + + $url = $file['url']; + $type = $file['type']; + $file = $file['file']; + $title = preg_replace('/\.[^.]+$/', '', basename($file)); + $content = ''; + + // use image exif/iptc data for title and caption defaults if possible + if ( $image_meta = @wp_read_image_metadata($file) ) { + if ( trim($image_meta['title']) ) + $title = $image_meta['title']; + if ( trim($image_meta['caption']) ) + $content = $image_meta['caption']; + } + + $title = @$desc; + + // Construct the attachment array + $attachment = array_merge( array( + 'post_mime_type' => $type, + 'guid' => $url, + 'post_parent' => $post_id, + 'post_title' => $title, + 'post_content' => $content, + ), $post_data ); + + // Save the data + $id = wp_insert_attachment($attachment, $file, $post_parent); + if ( !is_wp_error($id) ) { + wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) ); + } + + return array('id' => $id, 'src' => $url); + +} + + // wrap iframe content (produced by $content_func) in a doctype, html head/body etc // any additional function args will be passed to content_func function wp_iframe($content_func /* ... */) { @@ -126,9 +203,12 @@ function wp_iframe($content_func /* ... */) { <?php bloginfo('name') ?> › <?php _e('Uploads'); ?> — <?php _e('WordPress'); ?> $image_title - $video_title - $audio_title - $media_title + $image_title + $video_title + $audio_title + $media_title EOF; printf($context, $out); } add_action( 'media_buttons', 'media_buttons' ); - -function media_buttons_head() { -$siteurl = get_option('siteurl'); -echo "\n"; -} - -add_action( 'admin_print_scripts', 'media_buttons_head' ); - -function media_admin_css() { - wp_admin_css('css/media'); -} - add_action('media_upload_media', 'media_upload_handler'); function media_upload_form_handler() { @@ -213,6 +270,8 @@ function media_upload_form_handler() { $post['post_title'] = $attachment['post_title']; if ( isset($attachment['post_excerpt']) ) $post['post_excerpt'] = $attachment['post_excerpt']; + if ( isset($attachment['menu_order']) ) + $post['menu_order'] = $attachment['menu_order']; $post = apply_filters('attachment_fields_to_save', $post, $attachment); @@ -413,6 +472,7 @@ function media_upload_gallery() { $errors = $return; } + wp_enqueue_script('admin-gallery'); return wp_iframe( 'media_upload_gallery_form', $errors ); } @@ -549,6 +609,10 @@ function get_attachment_fields_to_edit($post, $errors = null) { \n", 'helps' => __('Enter a link URL or click above for presets.'), ), + 'menu_order' => array( + 'label' => __('Order'), + 'value' => $edit_post->menu_order + ), ); foreach ( get_attachment_taxonomies($post) as $taxonomy ) { @@ -586,7 +650,7 @@ function get_media_items( $post_id, $errors ) { if ( $post && $post->post_type == 'attachment' ) $attachments = array($post->ID => $post); else - $attachments = get_children("post_parent=$post_id&post_type=attachment&orderby=menu_order ASC, ID&order=DESC"); + $attachments = get_children( array( 'post_parent' => $post_id, 'post_type' => 'attachment', 'orderby' => 'menu_order ASC, ID', 'order' => 'DESC') ); } else { if ( is_array($GLOBALS['wp_the_query']->posts) ) foreach ( $GLOBALS['wp_the_query']->posts as $attachment ) @@ -679,9 +743,11 @@ function get_media_item( $attachment_id, $args = null ) { if ( $send ) $send = ""; if ( $delete ) - $delete = "" . __('Delete') . ""; + $delete = "" . __('Delete') . ""; if ( ( $send || $delete ) && !isset($form_fields['buttons']) ) - $form_fields['buttons'] = array('tr' => "\t\t$send $delete\n"); + $form_fields['buttons'] = array('tr' => "\t\t$send $delete +
    " . sprintf(__("You are about to delete %s."), $filename) . " " . __('Continue') . " + " . __('Cancel') . "
    \n"); $hidden_fields = array(); @@ -703,6 +769,7 @@ function get_media_item( $attachment_id, $args = null ) { } $required = $field['required'] ? '*' : ''; + $aria_required = $field['required'] ? " aria-required='true' " : ''; $class = $id; $class .= $field['required'] ? ' form-required' : ''; @@ -710,9 +777,9 @@ function get_media_item( $attachment_id, $args = null ) { if ( !empty($field[$field['input']]) ) $item .= $field[$field['input']]; elseif ( $field['input'] == 'textarea' ) { - $item .= ""; + $item .= ""; } else { - $item .= ""; + $item .= ""; } if ( !empty($field['helps']) ) $item .= "

    " . join( "

    \n

    ", array_unique((array) $field['helps']) ) . '

    '; @@ -757,7 +824,7 @@ function media_upload_header() { function media_upload_form( $errors = null ) { global $type, $tab; - $flash_action_url = get_option('siteurl') . "/wp-admin/async-upload.php"; + $flash_action_url = admin_url('async-upload.php'); // If Mac and mod_security, no Flash. :( $flash = true; @@ -788,7 +855,7 @@ function media_upload_form( $errors = null ) { jQuery(function($){ swfu = new SWFUpload({ upload_url : "", - flash_url : "", + flash_url : "", file_post_name: "async-upload", file_types: "", post_params : { @@ -819,12 +886,11 @@ jQuery(function($){ //--> -

    -

    +

    @@ -850,7 +916,8 @@ function media_upload_type_form($type = 'file', $errors = null, $id = null) { $post_id = intval($_REQUEST['post_id']); - $form_action_url = get_option('siteurl') . "/wp-admin/media-upload.php?type=$type&tab=type&post_id=$post_id"; + $form_action_url = admin_url("media-upload.php?type=$type&tab=type&post_id=$post_id"); + $form_action_url = apply_filters('media_upload_form_url', $form_action_url, $type); $callback = "type_form_$type"; ?> @@ -900,7 +967,7 @@ function media_upload_gallery_form($errors) { $post_id = intval($_REQUEST['post_id']); - $form_action_url = get_option('siteurl') . "/wp-admin/media-upload.php?type={$GLOBALS['type']}&tab=gallery&post_id=$post_id"; + $form_action_url = admin_url("media-upload.php?type={$GLOBALS['type']}&tab=gallery&post_id=$post_id"); ?> @@ -939,7 +1006,7 @@ function media_upload_library_form($errors) { $post_id = intval($_REQUEST['post_id']); - $form_action_url = get_option('siteurl') . "/wp-admin/media-upload.php?type={$GLOBALS['type']}&tab=library&post_id=$post_id"; + $form_action_url = admin_url("media-upload.php?type={$GLOBALS['type']}&tab=library&post_id=$post_id"); $_GET['paged'] = intval($_GET['paged']); if ( $_GET['paged'] < 1 ) @@ -960,6 +1027,7 @@ function media_upload_library_form($errors) {
    +
    @@ -1085,14 +1153,14 @@ function type_form_image() { * - + * - + ' . __('Alternate text, e.g. "The Mona Lisa"') . ' @@ -1126,14 +1194,14 @@ function type_form_audio() { * - + * - + ' . __('Link text, e.g. "Still Alive by Jonathan Coulton"') . ' @@ -1154,14 +1222,14 @@ function type_form_video() { * - + * - + ' . __('Link text, e.g. "Lucy on YouTube"') . ' @@ -1182,14 +1250,14 @@ function type_form_file() { * - + * - + ' . __('Link text, e.g. "Ransom Demands (PDF)"') . ' @@ -1211,12 +1279,9 @@ add_action('media_upload_image', 'media_upload_image'); add_action('media_upload_audio', 'media_upload_audio'); add_action('media_upload_video', 'media_upload_video'); add_action('media_upload_file', 'media_upload_file'); -add_action('admin_head_media_upload_type_form', 'media_admin_css'); add_filter('media_upload_gallery', 'media_upload_gallery'); -add_action('admin_head_media_upload_gallery_form', 'media_admin_css'); add_filter('media_upload_library', 'media_upload_library'); -add_action('admin_head_media_upload_library_form', 'media_admin_css'); ?> diff --git a/wp-admin/includes/plugin.php b/wp-admin/includes/plugin.php index a862c51..3afaed9 100644 --- a/wp-admin/includes/plugin.php +++ b/wp-admin/includes/plugin.php @@ -32,14 +32,15 @@ function get_plugin_data( $plugin_file ) { } function get_plugins($plugin_folder = '') { - global $wp_plugins; - - if ( isset( $wp_plugins ) ) { - return $wp_plugins; - } - + + if ( ! $cache_plugins = wp_cache_get('plugins', 'plugins') ) + $cached_plugins = array(); + + if ( isset($cache_plugins[ $plugin_folder ]) ) + return $cache_plugins[ $plugin_folder ]; + $wp_plugins = array (); - $plugin_root = ABSPATH . PLUGINDIR; + $plugin_root = WP_PLUGIN_DIR; if( !empty($plugin_folder) ) $plugin_root .= $plugin_folder; @@ -85,6 +86,9 @@ function get_plugins($plugin_folder = '') { uasort( $wp_plugins, create_function( '$a, $b', 'return strnatcasecmp( $a["Name"], $b["Name"] );' )); + $cache_plugins[ $plugin_folder ] = $wp_plugins; + wp_cache_set('plugins', $cache_plugins, 'plugins'); + return $wp_plugins; } @@ -104,7 +108,7 @@ function activate_plugin($plugin, $redirect = '') { if ( !empty($redirect) ) wp_redirect(add_query_arg('_error_nonce', wp_create_nonce('plugin-activation-error_' . $plugin), $redirect)); // we'll override this later if the plugin can be included without fatal error ob_start(); - @include(ABSPATH . PLUGINDIR . '/' . $plugin); + @include(WP_PLUGIN_DIR . '/' . $plugin); $current[] = $plugin; sort($current); update_option('active_plugins', $current); @@ -132,37 +136,97 @@ function deactivate_plugins($plugins, $silent= false) { update_option('active_plugins', $current); } -function deactivate_all_plugins() { - $current = get_option('active_plugins'); - if ( empty($current) ) - return; +//Replaces reactivate_all_plugins() / deactivate_all_plugins() = 'deactivated_plugins' is now useless +function activate_plugins($plugins, $redirect = '') { + if ( !is_array($plugins) ) + $plugins = array($plugins); - deactivate_plugins($current); + $errors = array(); + foreach ( (array) $plugins as $plugin ) { + if ( !empty($redirect) ) + $redirect = add_query_arg('plugin', $plugin, $redirect); + $result = activate_plugin($plugin, $redirect); + if ( is_wp_error($result) ) + $errors[$plugin] = $result; + } - update_option('deactivated_plugins', $current); + if ( !empty($errors) ) + return new WP_Error('plugins_invalid', __('One of the plugins is invalid.'), $errors); + + return true; } -function reactivate_all_plugins($redirect = '') { - $plugins = get_option('deactivated_plugins'); +function delete_plugins($plugins, $redirect = '' ) { + global $wp_filesystem; - if ( empty($plugins) ) + if( empty($plugins) ) + return false; + + $checked = array(); + foreach( $plugins as $plugin ) + $checked[] = 'checked[]=' . $plugin; + + ob_start(); + $url = wp_nonce_url('plugins.php?action=delete-selected&' . implode('&', $checked), 'mass-manage-plugins'); + if ( false === ($credentials = request_filesystem_credentials($url)) ) { + $data = ob_get_contents(); + ob_end_clean(); + if( ! empty($data) ){ + include_once( ABSPATH . 'wp-admin/admin-header.php'); + echo $data; + include( ABSPATH . 'wp-admin/admin-footer.php'); + exit; + } return; + } - if ( !empty($redirect) ) - wp_redirect(add_query_arg('_error_nonce', wp_create_nonce('plugin-activation-error_' . $plugin), $redirect)); + if ( ! WP_Filesystem($credentials) ) { + request_filesystem_credentials($url, '', true); //Failed to connect, Error and request again + $data = ob_get_contents(); + ob_end_clean(); + if( ! empty($data) ){ + include_once( ABSPATH . 'wp-admin/admin-header.php'); + echo $data; + include( ABSPATH . 'wp-admin/admin-footer.php'); + exit; + } + return; + } - $errors = array(); - foreach ( (array) $plugins as $plugin ) { - $result = activate_plugin($plugin); - if ( is_wp_error($result) ) - $errors[$plugin] = $result; + if ( $wp_filesystem->errors->get_error_code() ) { + return $wp_filesystem->errors; } - delete_option('deactivated_plugins'); + if ( ! is_object($wp_filesystem) ) + return new WP_Error('fs_unavailable', __('Could not access filesystem.')); - if ( !empty($errors) ) - return new WP_Error('plugins_invalid', __('One of the plugins is invalid.'), $errors); + if ( $wp_filesystem->errors->get_error_code() ) + return new WP_Error('fs_error', __('Filesystem error'), $wp_filesystem->errors); + + //Get the base plugin folder + $plugins_dir = $wp_filesystem->wp_plugins_dir(); + if ( empty($plugins_dir) ) + return new WP_Error('fs_no_plugins_dir', __('Unable to locate WordPress Plugin directory.')); + + $plugins_dir = trailingslashit( $plugins_dir ); + $errors = array(); + + foreach( $plugins as $plugin_file ) { + $this_plugin_dir = trailingslashit( dirname($plugins_dir . $plugin_file) ); + // If plugin is in its own directory, recursively delete the directory. + if ( strpos($plugin_file, '/') && $this_plugin_dir != $plugins_dir ) //base check on if plugin includes directory seperator AND that its not the root plugin folder + $deleted = $wp_filesystem->delete($this_plugin_dir, true); + else + $deleted = $wp_filesystem->delete($plugins_dir . $plugin_file); + + if ( ! $deleted ) + $errors[] = $plugin_file; + } + + if( ! empty($errors) ) + return new WP_Error('could_not_remove_plugin', sprintf(__('Could not fully remove the plugin(s) %s'), implode(', ', $errors)) ); + return true; } @@ -179,7 +243,7 @@ function validate_active_plugins() { // If a plugin file does not exist, remove it from the list of active // plugins. foreach ( $check_plugins as $check_plugin ) { - if ( !file_exists(ABSPATH . PLUGINDIR . '/' . $check_plugin) ) { + if ( !file_exists(WP_PLUGIN_DIR . '/' . $check_plugin) ) { $current = get_option('active_plugins'); $key = array_search($check_plugin, $current); if ( false !== $key && NULL !== $key ) { @@ -193,7 +257,7 @@ function validate_active_plugins() { function validate_plugin($plugin) { if ( validate_file($plugin) ) return new WP_Error('plugin_invalid', __('Invalid plugin.')); - if ( ! file_exists(ABSPATH . PLUGINDIR . '/' . $plugin) ) + if ( ! file_exists(WP_PLUGIN_DIR . '/' . $plugin) ) return new WP_Error('plugin_not_found', __('Plugin file does not exist.')); return 0; diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index aa1e833..f98b9de 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -1,30 +1,19 @@ post_date_gmt . ' +0000'); - $delta = AUTOSAVE_INTERVAL / 2; - if ( ($now - $then) < $delta ) - return $post_ID; - } - - // Rename. - $_POST['ID'] = (int) $_POST['post_ID']; +/** + * _wp_translate_postdata() - Rename $_POST data from form names to DB post columns. + * + * Manipulates $_POST directly. + * + * @package WordPress + * @since 2.6 + * + * @param bool $update Are we updating a pre-existing post? + * @return object|bool WP_Error on failure, true on success. + */ +function _wp_translate_postdata( $update = false ) { + if ( $update ) + $_POST['ID'] = (int) $_POST['post_ID']; $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_parent'] = isset($_POST['parent_id'])? $_POST['parent_id'] : ''; @@ -32,21 +21,29 @@ function edit_post() { if (!empty ( $_POST['post_author_override'] ) ) { $_POST['post_author'] = (int) $_POST['post_author_override']; - } else + } else { if (!empty ( $_POST['post_author'] ) ) { $_POST['post_author'] = (int) $_POST['post_author']; } else { $_POST['post_author'] = (int) $_POST['user_ID']; } + } if ( $_POST['post_author'] != $_POST['user_ID'] ) { if ( 'page' == $_POST['post_type'] ) { - if ( !current_user_can( 'edit_others_pages' ) ) - wp_die( __('You are not allowed to edit pages as this user.' )); + if ( !current_user_can( 'edit_others_pages' ) ) { + return new WP_Error( 'edit_others_pages', $update ? + __( 'You are not allowed to edit pages as this user.' ) : + __( 'You are not allowed to create pages as this user.' ) + ); + } } else { - if ( !current_user_can( 'edit_others_posts' ) ) - wp_die( __('You are not allowed to edit posts as this user.' )); - + if ( !current_user_can( 'edit_others_posts' ) ) { + return new WP_Error( 'edit_others_posts', $update ? + __( 'You are not allowed to edit posts as this user.' ) : + __( 'You are not allowed to post as this user.' ) + ); + } } } @@ -60,12 +57,20 @@ function edit_post() { if ( isset($_POST['advanced']) && '' != $_POST['advanced'] ) $_POST['post_status'] = 'draft'; + $previous_status = get_post_field('post_status', $_POST['ID']); + + // Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published. + // Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts. if ( 'page' == $_POST['post_type'] ) { - if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' )) - $_POST['post_status'] = 'pending'; + if ( 'publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ) ) + if ( $previous_status != 'publish' OR !current_user_can( 'edit_published_pages') ) + $_POST['post_status'] = 'pending'; } else { - if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' )) - $_POST['post_status'] = 'pending'; + if ( 'publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ) ) : + // Stop attempts to publish new posts, but allow already published posts to be saved if appropriate. + if ( $previous_status != 'publish' OR !current_user_can( 'edit_published_posts') ) + $_POST['post_status'] = 'pending'; + endif; } if (!isset( $_POST['comment_status'] )) @@ -74,14 +79,14 @@ function edit_post() { if (!isset( $_POST['ping_status'] )) $_POST['ping_status'] = 'closed'; - foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { + foreach ( array('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) { $_POST['edit_date'] = '1'; break; } } - if (!empty ( $_POST['edit_date'] ) ) { + if ( !empty( $_POST['edit_date'] ) ) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; @@ -92,10 +97,41 @@ function edit_post() { $hh = ($hh > 23 ) ? $hh -24 : $hh; $mn = ($mn > 59 ) ? $mn -60 : $mn; $ss = ($ss > 59 ) ? $ss -60 : $ss; - $_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; - $_POST['post_date_gmt'] = get_gmt_from_date( "$aa-$mm-$jj $hh:$mn:$ss" ); + $_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss ); + $_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] ); + } + + return true; +} + + +// Update an existing post with values provided in $_POST. +function edit_post() { + + $post_ID = (int) $_POST['post_ID']; + + if ( 'page' == $_POST['post_type'] ) { + if ( !current_user_can( 'edit_page', $post_ID ) ) + wp_die( __('You are not allowed to edit this page.' )); + } else { + if ( !current_user_can( 'edit_post', $post_ID ) ) + wp_die( __('You are not allowed to edit this post.' )); } + // Autosave shouldn't save too soon after a real save + if ( 'autosave' == $_POST['action'] ) { + $post =& get_post( $post_ID ); + $now = time(); + $then = strtotime($post->post_date_gmt . ' +0000'); + $delta = AUTOSAVE_INTERVAL / 2; + if ( ($now - $then) < $delta ) + return $post_ID; + } + + $translated = _wp_translate_postdata( true ); + if ( is_wp_error($translated) ) + wp_die( $translated->get_error_message() ); + // Meta Stuff if ( isset($_POST['meta']) && $_POST['meta'] ) { foreach ( $_POST['meta'] as $key => $value ) @@ -194,13 +230,13 @@ function post_exists($title, $content = '', $post_date = '') { global $wpdb; if (!empty ($post_date)) - $post_date = "AND post_date = '$post_date'"; + $post_date = $wpdb->prepare("AND post_date = %s", $post_date); if (!empty ($title)) - return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date"); + return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) ); else if (!empty ($content)) - return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date"); + return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) ); return 0; } @@ -236,79 +272,9 @@ function wp_write_post() { } } - // Rename. - $_POST['post_content'] = $_POST['content']; - $_POST['post_excerpt'] = $_POST['excerpt']; - $_POST['post_parent'] = isset($_POST['parent_id'])? $_POST['parent_id'] : ''; - $_POST['to_ping'] = $_POST['trackback_url']; - - if (!empty ( $_POST['post_author_override'] ) ) { - $_POST['post_author'] = (int) $_POST['post_author_override']; - } else { - if (!empty ( $_POST['post_author'] ) ) { - $_POST['post_author'] = (int) $_POST['post_author']; - } else { - $_POST['post_author'] = (int) $_POST['user_ID']; - } - - } - - if ( $_POST['post_author'] != $_POST['user_ID'] ) { - if ( 'page' == $_POST['post_type'] ) { - if ( !current_user_can( 'edit_others_pages' ) ) - return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) ); - } else { - if ( !current_user_can( 'edit_others_posts' ) ) - return new WP_Error( 'edit_others_posts', __( 'You are not allowed to post as this user.' ) ); - - } - } - - // What to do based on which button they pressed - if ( isset($_POST['saveasdraft']) && '' != $_POST['saveasdraft'] ) - $_POST['post_status'] = 'draft'; - if ( isset($_POST['saveasprivate']) && '' != $_POST['saveasprivate'] ) - $_POST['post_status'] = 'private'; - if ( isset($_POST['publish']) && ( '' != $_POST['publish'] ) && ( $_POST['post_status'] != 'private' ) ) - $_POST['post_status'] = 'publish'; - if ( isset($_POST['advanced']) && '' != $_POST['advanced'] ) - $_POST['post_status'] = 'draft'; - - if ( 'page' == $_POST['post_type'] ) { - if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ) ) - $_POST['post_status'] = 'pending'; - } else { - if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ) ) - $_POST['post_status'] = 'pending'; - } - - if (!isset( $_POST['comment_status'] )) - $_POST['comment_status'] = 'closed'; - - if (!isset( $_POST['ping_status'] )) - $_POST['ping_status'] = 'closed'; - - foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { - if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) { - $_POST['edit_date'] = '1'; - break; - } - } - - if (!empty ( $_POST['edit_date'] ) ) { - $aa = $_POST['aa']; - $mm = $_POST['mm']; - $jj = $_POST['jj']; - $hh = $_POST['hh']; - $mn = $_POST['mn']; - $ss = $_POST['ss']; - $jj = ($jj > 31 ) ? 31 : $jj; - $hh = ($hh > 23 ) ? $hh -24 : $hh; - $mn = ($mn > 59 ) ? $mn -60 : $mn; - $ss = ($ss > 59 ) ? $ss -60 : $ss; - $_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss ); - $_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] ); - } + $translated = _wp_translate_postdata( false ); + if ( is_wp_error($translated) ) + return $translated; // Create the post. $post_ID = wp_insert_post( $_POST ); @@ -380,11 +346,9 @@ function add_meta( $post_ID ) { wp_cache_delete($post_ID, 'post_meta'); - $wpdb->query( " - INSERT INTO $wpdb->postmeta - (post_id,meta_key,meta_value ) - VALUES ('$post_ID','$metakey','$metavalue' ) - " ); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta + (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)", + $post_ID, $metakey, $metavalue) ); return $wpdb->insert_id; } return false; @@ -394,10 +358,10 @@ function delete_meta( $mid ) { global $wpdb; $mid = (int) $mid; - $post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'"); + $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); wp_cache_delete($post_id, 'post_meta'); - return $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'" ); + return $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); } // Get a list of previously defined keys @@ -417,7 +381,7 @@ function get_post_meta_by_id( $mid ) { global $wpdb; $mid = (int) $mid; - $meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" ); + $meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); if ( is_serialized_string( $meta->meta_value ) ) $meta->meta_value = maybe_unserialize( $meta->meta_value ); return $meta; @@ -427,29 +391,30 @@ function get_post_meta_by_id( $mid ) { function has_meta( $postid ) { global $wpdb; - return $wpdb->get_results( " - SELECT meta_key, meta_value, meta_id, post_id - FROM $wpdb->postmeta - WHERE post_id = '$postid' - ORDER BY meta_key,meta_id", ARRAY_A ); + return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id + FROM $wpdb->postmeta WHERE post_id = %d + ORDER BY meta_key,meta_id", $postid), ARRAY_A ); } -function update_meta( $mid, $mkey, $mvalue ) { +function update_meta( $meta_id, $meta_key, $meta_value ) { global $wpdb; $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); - if ( in_array($mkey, $protected) ) + if ( in_array($meta_key, $protected) ) return false; - $post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'"); + $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $meta_id) ); wp_cache_delete($post_id, 'post_meta'); - $mvalue = maybe_serialize( stripslashes( $mvalue )); - $mvalue = $wpdb->escape( $mvalue ); - $mid = (int) $mid; - return $wpdb->query( "UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'" ); + $meta_value = maybe_serialize( stripslashes( $meta_value )); + $meta_id = (int) $meta_id; + + $data = compact( 'meta_key', 'meta_value' ); + $where = compact( 'meta_id' ); + + return $wpdb->update( $wpdb->postmeta, $data, $where ); } // @@ -502,7 +467,7 @@ function _relocate_children( $old_ID, $new_ID ) { global $wpdb; $old_ID = (int) $old_ID; $new_ID = (int) $new_ID; - return $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID" ); + return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) ); } function get_available_post_statuses($type = 'post') { @@ -631,7 +596,7 @@ function get_sample_permalink($id, $title=null, $name = null) { $permalink = str_replace('%pagename%', "${uri}%pagename%", $permalink); } - $permalink = array($permalink, $post->post_name); + $permalink = array($permalink, apply_filters('editable_slug', $post->post_name)); $post->post_status = $original_status; $post->post_date = $original_date; $post->post_name = $original_name; @@ -691,4 +656,28 @@ function wp_set_post_lock( $post_id ) { update_post_meta( $post->ID, '_edit_last', $current_user->ID ); } -?> +/** + * wp_create_post_autosave() - creates autosave data for the specified post from $_POST data + * + * @package WordPress + * @subpackage Post Revisions + * @since 2.6 + * + * @uses _wp_translate_postdata() + * @uses _wp_post_revision_fields() + */ +function wp_create_post_autosave( $post_id ) { + $translated = _wp_translate_postdata( true ); + if ( is_wp_error( $translated ) ) + return $translated; + + // Only store one autosave. If there is already an autosave, overwrite it. + if ( $old_autosave = wp_get_post_autosave( $post_id ) ) { + $new_autosave = _wp_post_revision_fields( $_POST, true ); + $new_autosave['ID'] = $old_autosave->ID; + return wp_update_post( $new_autosave ); + } + + // Otherwise create the new autosave as a special post revision + return _wp_put_post_revision( $_POST, true ); +} diff --git a/wp-admin/includes/schema.php b/wp-admin/includes/schema.php index 2d5ddcf..1e59f0e 100644 --- a/wp-admin/includes/schema.php +++ b/wp-admin/includes/schema.php @@ -227,10 +227,13 @@ CREATE TABLE IF NOT EXISTS $wpdb->signups ( "; function populate_options() { - global $wpdb, $wp_db_version, $wpblog, $current_site; + global $wpdb, $wp_db_version, $current_site; $schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://'; $guessurl = preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); + + do_action('populate_options'); + add_option('siteurl', $guessurl); add_option('blogname', __('My Blog')); add_option('blogdescription', sprintf(__('Just another %s weblog'), $current_site->site_name ) ); @@ -299,10 +302,10 @@ function populate_options() { if ( ini_get('safe_mode') ) { // Safe mode screws up mkdir(), so we must use a flat structure. add_option('uploads_use_yearmonth_folders', 0); - add_option('upload_path', 'wp-content'); + add_option('upload_path', WP_CONTENT_DIR); } else { add_option('uploads_use_yearmonth_folders', 1); - add_option('upload_path', 'wp-content/uploads'); + add_option('upload_path', WP_CONTENT_DIR . '/uploads'); } // 2.0.3 @@ -326,8 +329,11 @@ function populate_options() { add_option('medium_size_w', 300); add_option('medium_size_h', 300); + // 2.6 + add_option('avatar_default', 'mystery'); + // Delete unused options - $unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update', 'action', 'rich_editing', 'autosave_interval'); + $unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update', 'action', 'rich_editing', 'autosave_interval', 'deactivated_plugins'); foreach ($unusedoptions as $option) : delete_option($option); endforeach; @@ -344,6 +350,7 @@ function populate_roles() { populate_roles_210(); populate_roles_230(); populate_roles_250(); + populate_roles_260(); } function populate_roles_160() { @@ -499,4 +506,15 @@ function populate_roles_250() { } } +function populate_roles_260() { + /* + $role = get_role( 'administrator' ); + + if ( !empty( $role ) ) { + $role->add_cap( 'update_plugins' ); + $role->add_cap( 'delete_plugins' ); + } + */ +} + ?> diff --git a/wp-admin/includes/taxonomy.php b/wp-admin/includes/taxonomy.php index b490ed6..f3c5fcf 100644 --- a/wp-admin/includes/taxonomy.php +++ b/wp-admin/includes/taxonomy.php @@ -47,7 +47,7 @@ function wp_delete_category($cat_ID) { if ( $cat_ID == $default ) return 0; - return wp_delete_term($cat_ID, 'category', "default=$default"); + return wp_delete_term($cat_ID, 'category', array('default' => $default)); } function wp_insert_category($catarr, $wp_error = false) { diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index 19f11f6..c348e7f 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -302,7 +302,7 @@ function tag_rows( $page = 1, $pagesize = 20, $searchterms = '' ) { // define the columns to display, the syntax is 'internal name' => 'display name' function wp_manage_posts_columns() { $posts_columns = array(); - $posts_columns['cb'] = ''; + $posts_columns['cb'] = ''; if ( 'draft' === $_GET['post_status'] ) $posts_columns['modified'] = __('Modified'); elseif ( 'pending' === $_GET['post_status'] ) @@ -324,7 +324,7 @@ function wp_manage_posts_columns() { // define the columns to display, the syntax is 'internal name' => 'display name' function wp_manage_media_columns() { $posts_columns = array(); - $posts_columns['cb'] = ''; + $posts_columns['cb'] = ''; $posts_columns['icon'] = ''; $posts_columns['media'] = _c('Media|media column header'); $posts_columns['desc'] = _c('Description|media column header'); @@ -339,7 +339,7 @@ function wp_manage_media_columns() { function wp_manage_pages_columns() { $posts_columns = array(); - $posts_columns['cb'] = ''; + $posts_columns['cb'] = ''; if ( 'draft' === $_GET['post_status'] ) $posts_columns['modified'] = __('Modified'); elseif ( 'pending' === $_GET['post_status'] ) @@ -505,7 +505,7 @@ foreach ($posts_columns as $column_name=>$column_display_name) { */ function page_rows( $pages ) { if ( ! $pages ) - $pages = get_pages( 'sort_column=menu_order' ); + $pages = get_pages( array('sort_column' => 'menu_order') ); if ( ! $pages ) return false; @@ -717,7 +717,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true function wp_dropdown_cats( $currentcat = 0, $currentparent = 0, $parent = 0, $level = 0, $categories = 0 ) { if (!$categories ) - $categories = get_categories( 'hide_empty=0' ); + $categories = get_categories( array('hide_empty' => 0) ); if ( $categories ) { foreach ( $categories as $category ) { @@ -790,8 +790,8 @@ function _list_meta_row( $entry, &$count ) { $delete_nonce = wp_create_nonce( 'delete-meta_' . $entry['meta_id'] ); $r .= "\n\t"; - $r .= "\n\t\t"; - $r .= "\n\t\t"; + $r .= "\n\t\t"; + $r .= "\n\t\t"; $r .= "\n\t\t
    "; $r .= "\n\t\t"; @@ -816,8 +816,8 @@ function meta_form() {

    - - + + @@ -904,7 +904,7 @@ function page_template_dropdown( $default = '' ) { function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) { global $wpdb, $post_ID; - $items = $wpdb->get_results( "SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = $parent AND post_type = 'page' ORDER BY menu_order" ); + $items = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' ORDER BY menu_order", $parent) ); if ( $items ) { foreach ( $items as $item ) { @@ -1057,10 +1057,12 @@ function wp_remember_old_slug() { * @param string $callback Function that fills the box with the desired content. The function should echo its output. * @param string $page The type of edit page on which to show the box (post, page, link) * @param string $context The context within the page where the boxes should show ('normal', 'advanced') + * @param string $priority The priority within the context where the boxes should show ('high', 'low') */ -function add_meta_box($id, $title, $callback, $page, $context = 'advanced') { +function add_meta_box($id, $title, $callback, $page, $context = 'advanced', $priority = 'default') { global $wp_meta_boxes; + if ( !isset($wp_meta_boxes) ) $wp_meta_boxes = array(); if ( !isset($wp_meta_boxes[$page]) ) @@ -1068,23 +1070,81 @@ function add_meta_box($id, $title, $callback, $page, $context = 'advanced') { if ( !isset($wp_meta_boxes[$page][$context]) ) $wp_meta_boxes[$page][$context] = array(); - $wp_meta_boxes[$page][$context][$id] = array('id' => $id, 'title' => $title, 'callback' => $callback); + foreach ( array('high', 'core', 'default', 'low') as $a_priority ) { + if ( !isset($wp_meta_boxes[$page][$context][$a_priority][$id]) ) + continue; + // If a core box was previously added or removed by a plugin, don't add. + if ( 'core' == $priority ) { + // If core box previously deleted, don't add + if ( false === $wp_meta_boxes[$page][$context][$a_priority][$id] ) + return; + // If box was added with default priority, give it core priority to maintain sort order + if ( 'default' == $a_priority ) { + $wp_meta_boxes[$page][$context]['core'][$id] = $wp_meta_boxes[$page][$context]['default'][$id]; + unset($wp_meta_boxes[$page][$context]['default'][$id]); + } + return; + } + // If no priority given and id already present, use existing priority + if ( empty($priority) ) + $priority = $a_priority; + // An id can be in only one priority + if ( $priority != $a_priority ) + unset($wp_meta_boxes[$page][$context][$a_priority][$id]); + } + + if ( empty($priority) ) + $priority = low; + + if ( !isset($wp_meta_boxes[$page][$context][$priority]) ) + $wp_meta_boxes[$page][$context][$priority] = array(); + + $wp_meta_boxes[$page][$context][$priority][$id] = array('id' => $id, 'title' => $title, 'callback' => $callback); } function do_meta_boxes($page, $context, $object) { global $wp_meta_boxes; + do_action('do_meta_boxes', $page, $context, $object); + if ( !isset($wp_meta_boxes) || !isset($wp_meta_boxes[$page]) || !isset($wp_meta_boxes[$page][$context]) ) return; - foreach ( (array) $wp_meta_boxes[$page][$context] as $box ) { - echo '
    ' . "\n"; - echo "

    {$box['title']}

    \n"; - echo '
    ' . "\n"; - call_user_func($box['callback'], $object, $box); - echo "
    \n"; - echo "
    \n"; + foreach ( array('high', 'core', 'default', 'low') as $priority ) { + foreach ( (array) $wp_meta_boxes[$page][$context][$priority] as $box ) { + if ( false === $box ) + continue; + echo '
    ' . "\n"; + echo "

    {$box['title']}

    \n"; + echo '
    ' . "\n"; + call_user_func($box['callback'], $object, $box); + echo "
    \n"; + echo "
    \n"; + } } } +/** + * remove_meta_box() - Remove a meta box from an edit form + * + * @since 2.6 + * + * @param string $id String for use in the 'id' attribute of tags. + * @param string $page The type of edit page on which to show the box (post, page, link) + * @param string $context The context within the page where the boxes should show ('normal', 'advanced') + */ +function remove_meta_box($id, $page, $context) { + global $wp_meta_boxes; + + if ( !isset($wp_meta_boxes) ) + $wp_meta_boxes = array(); + if ( !isset($wp_meta_boxes[$page]) ) + $wp_meta_boxes[$page] = array(); + if ( !isset($wp_meta_boxes[$page][$context]) ) + $wp_meta_boxes[$page][$context] = array(); + + foreach ( array('high', 'core', 'default', 'low') as $priority ) + $wp_meta_boxes[$page][$context][$priority][$id] = false; +} + ?> diff --git a/wp-admin/includes/theme.php b/wp-admin/includes/theme.php index 7dae5be..ec670ce 100644 --- a/wp-admin/includes/theme.php +++ b/wp-admin/includes/theme.php @@ -33,7 +33,7 @@ function get_page_templates() { if ( is_array( $templates ) ) { foreach ( $templates as $template ) { - $template_data = implode( '', file( ABSPATH.$template )); + $template_data = implode( '', file( WP_CONTENT_DIR.$template )); preg_match( '|Template Name:(.*)$|mi', $template_data, $name ); preg_match( '|Description:(.*)$|mi', $template_data, $description ); diff --git a/wp-admin/includes/update.php b/wp-admin/includes/update.php index 70d1441..d17298f 100644 --- a/wp-admin/includes/update.php +++ b/wp-admin/includes/update.php @@ -119,25 +119,24 @@ function wp_update_plugins() { } add_action( 'load-plugins.php', 'wp_update_plugins' ); -function wp_plugin_update_row( $file ) { - global $plugin_data; +function wp_plugin_update_row( $file, $plugin_data ) { $current = get_option( 'update_plugins' ); if ( !isset( $current->response[ $file ] ) ) return false; $r = $current->response[ $file ]; - echo ""; + echo ''; } -add_action( 'after_plugin_row', 'wp_plugin_update_row' ); +add_action( 'after_plugin_row', 'wp_plugin_update_row', 10, 2 ); function wp_update_plugin($plugin, $feedback = '') { global $wp_filesystem; @@ -151,7 +150,7 @@ function wp_update_plugin($plugin, $feedback = '') { return new WP_Error('up_to_date', __('The plugin is at the latest version.')); // Is a filesystem accessor setup? - if ( ! $wp_filesystem || !is_object($wp_filesystem) ) + if ( ! $wp_filesystem || ! is_object($wp_filesystem) ) WP_Filesystem(); if ( ! is_object($wp_filesystem) ) @@ -160,11 +159,18 @@ function wp_update_plugin($plugin, $feedback = '') { if ( $wp_filesystem->errors->get_error_code() ) return new WP_Error('fs_error', __('Filesystem error'), $wp_filesystem->errors); - //Get the Base folder - $base = $wp_filesystem->get_base_dir(); + //Get the base plugin folder + $plugins_dir = $wp_filesystem->wp_plugins_dir(); + if ( empty($plugins_dir) ) + return new WP_Error('fs_no_plugins_dir', __('Unable to locate WordPress Plugin directory.')); + + //And the same for the Content directory. + $content_dir = $wp_filesystem->wp_content_dir(); + if( empty($content_dir) ) + return new WP_Error('fs_no_content_dir', __('Unable to locate WordPress Content directory (wp-content).')); - if ( empty($base) ) - return new WP_Error('fs_nowordpress', __('Unable to locate WordPress directory.')); + $plugins_dir = trailingslashit( $plugins_dir ); + $content_dir = trailingslashit( $content_dir ); // Get the URL to the zip file $r = $current->response[ $plugin ]; @@ -175,12 +181,12 @@ function wp_update_plugin($plugin, $feedback = '') { // Download the package $package = $r->package; apply_filters('update_feedback', sprintf(__('Downloading update from %s'), $package)); - $file = download_url($package); + $download_file = download_url($package); - if ( is_wp_error($file) ) - return new WP_Error('download_failed', __('Download failed.'), $file->get_error_message()); + if ( is_wp_error($download_file) ) + return new WP_Error('download_failed', __('Download failed.'), $download_file->get_error_message()); - $working_dir = $base . 'wp-content/upgrade/' . basename($plugin, '.php'); + $working_dir = $content_dir . 'upgrade/' . basename($plugin, '.php'); // Clean up working directory if ( $wp_filesystem->is_dir($working_dir) ) @@ -188,16 +194,16 @@ function wp_update_plugin($plugin, $feedback = '') { apply_filters('update_feedback', __('Unpacking the update')); // Unzip package to working directory - $result = unzip_file($file, $working_dir); + $result = unzip_file($download_file, $working_dir); + + // Once extracted, delete the package + unlink($download_file); + if ( is_wp_error($result) ) { - unlink($file); $wp_filesystem->delete($working_dir, true); return $result; } - // Once extracted, delete the package - unlink($file); - if ( is_plugin_active($plugin) ) { //Deactivate the plugin silently, Prevent deactivation hooks from running. apply_filters('update_feedback', __('Deactivating the plugin')); @@ -206,25 +212,25 @@ function wp_update_plugin($plugin, $feedback = '') { // Remove the existing plugin. apply_filters('update_feedback', __('Removing the old version of the plugin')); - $plugin_dir = dirname($base . PLUGINDIR . "/$plugin"); - $plugin_dir = trailingslashit($plugin_dir); + $this_plugin_dir = trailingslashit( dirname($plugins_dir . $plugin) ); // If plugin is in its own directory, recursively delete the directory. - if ( strpos($plugin, '/') && $plugin_dir != $base . PLUGINDIR . '/' ) //base check on if plugin includes directory seperator AND that its not the root plugin folder - $deleted = $wp_filesystem->delete($plugin_dir, true); + if ( strpos($plugin, '/') && $this_plugin_dir != $plugins_dir ) //base check on if plugin includes directory seperator AND that its not the root plugin folder + $deleted = $wp_filesystem->delete($this_plugin_dir, true); else - $deleted = $wp_filesystem->delete($base . PLUGINDIR . "/$plugin"); + $deleted = $wp_filesystem->delete($plugins_dir . $plugin); - if ( !$deleted ) { + if ( ! $deleted ) { $wp_filesystem->delete($working_dir, true); return new WP_Error('delete_failed', __('Could not remove the old plugin')); } apply_filters('update_feedback', __('Installing the latest version')); // Copy new version of plugin into place. - if ( !copy_dir($working_dir, $base . PLUGINDIR) ) { + $result = copy_dir($working_dir, $plugins_dir); + if ( is_wp_error($result) ) { //$wp_filesystem->delete($working_dir, true); //TODO: Uncomment? This DOES mean that the new files are available in the upgrade folder if it fails. - return new WP_Error('install_failed', __('Installation failed')); + return $result; } //Get a list of the directories in the working directory before we delete it, We need to know the new folder for the plugin @@ -237,13 +243,13 @@ function wp_update_plugin($plugin, $feedback = '') { delete_option('update_plugins'); if( empty($filelist) ) - return false; //We couldnt find any files in the working dir + return false; //We couldnt find any files in the working dir, therefor no plugin installed? Failsafe backup. $folder = $filelist[0]; - $plugin = get_plugins('/' . $folder); //Pass it with a leading slash, search out the plugins in the folder, + $plugin = get_plugins('/' . $folder); //Ensure to pass with leading slash $pluginfiles = array_keys($plugin); //Assume the requested plugin is the first in the list - return $folder . '/' . $pluginfiles[0]; //Pass it without a leading slash as WP requires + return $folder . '/' . $pluginfiles[0]; } */ diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php index 800a86d..1b15aae 100644 --- a/wp-admin/includes/upgrade.php +++ b/wp-admin/includes/upgrade.php @@ -1,7 +1,7 @@ flush_rules(); @@ -224,7 +227,7 @@ function upgrade_100() { foreach($posts as $post) { if ('' == $post->post_name) { $newtitle = sanitize_title($post->post_title); - $wpdb->query("UPDATE $wpdb->posts SET post_name = '$newtitle' WHERE ID = '$post->ID'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $newtitle, $post->ID) ); } } } @@ -233,7 +236,7 @@ function upgrade_100() { foreach ($categories as $category) { if ('' == $category->category_nicename) { $newtitle = sanitize_title($category->cat_name); - $wpdb->query("UPDATE $wpdb->categories SET category_nicename = '$newtitle' WHERE cat_ID = '$category->cat_ID'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->categories SET category_nicename = %s WHERE cat_ID = %d", $newtitle, $category->cat_ID) ); } } @@ -256,14 +259,12 @@ function upgrade_100() { if ($allposts) : foreach ($allposts as $post) { // Check to see if it's already been imported - $cat = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post->ID AND category_id = $post->post_category"); + $cat = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category) ); if (!$cat && 0 != $post->post_category) { // If there's no result - $wpdb->query(" - INSERT INTO $wpdb->post2cat + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->post2cat (post_id, category_id) - VALUES - ('$post->ID', '$post->post_category') - "); + VALUES (%s, %s) + ", $post->ID, $post->post_category) ); } } endif; @@ -291,7 +292,7 @@ function upgrade_110() { foreach ($users as $user) { if ('' == $user->user_nicename) { $newname = sanitize_title($user->user_nickname); - $wpdb->query("UPDATE $wpdb->users SET user_nicename = '$newname' WHERE ID = '$user->ID'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET user_nicename = %s WHERE ID = %d", $newname, $user->ID) ); } } @@ -407,7 +408,7 @@ function upgrade_130() { foreach ( $options as $option ) { if ( 1 != $option->dupes ) { // Could this be done in the query? $limit = $option->dupes - 1; - $dupe_ids = $wpdb->get_col("SELECT option_id FROM $wpdb->options WHERE option_name = '$option->option_name' LIMIT $limit"); + $dupe_ids = $wpdb->get_col( $wpdb->prepare("SELECT option_id FROM $wpdb->options WHERE option_name = %s LIMIT %d", $option->option_name, $limit) ); $dupe_ids = join($dupe_ids, ','); $wpdb->query("DELETE FROM $wpdb->options WHERE option_id IN ($dupe_ids)"); } @@ -451,8 +452,7 @@ function upgrade_160_helper( $users ) { if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname; if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname; if (!$idmode) $id = $user->user_nickname; - $id = $wpdb->escape( $id ); - $wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET display_name = %s WHERE ID = %d", $id, $user->ID) ); endif; // FIXME: RESET_CAPS is temporary code to reset roles and caps if flag is set. @@ -482,7 +482,7 @@ function upgrade_160() { $comments = $wpdb->get_results( "SELECT comment_post_ID, COUNT(*) as c FROM $wpdb->comments WHERE comment_approved = '1' GROUP BY comment_post_ID" ); if( is_array( $comments ) ) { foreach ($comments as $comment) { - $wpdb->query( "UPDATE $wpdb->posts SET comment_count = $comment->c WHERE ID = '$comment->comment_post_ID'" ); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $comment->c, $comment->comment_post_ID) ); } } @@ -491,10 +491,10 @@ function upgrade_160() { if ( $wp_current_db_version > 2541 && $wp_current_db_version <= 3091 ) { $objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'"); foreach ($objects as $object) { - $wpdb->query("UPDATE $wpdb->posts SET post_status = 'attachment', - post_mime_type = '$object->post_type', + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = 'attachment', + post_mime_type = %s, post_type = '' - WHERE ID = $object->ID"); + WHERE ID = %d", $object->post_type, $object->ID) ); $meta = get_post_meta($object->ID, 'imagedata', true); if ( ! empty($meta['file']) ) @@ -522,7 +522,7 @@ function upgrade_210() { $type = 'attachment'; } - $wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = %s, post_type = %s WHERE ID = %d", $status, $type, $post->ID) ); } } @@ -555,45 +555,42 @@ function upgrade_230() { $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_ID"); foreach ($categories as $category) { $term_id = (int) $category->cat_ID; - $name = $wpdb->escape($category->cat_name); - $description = $wpdb->escape($category->category_description); - $slug = $wpdb->escape($category->category_nicename); - $parent = $wpdb->escape($category->category_parent); $term_group = 0; // Associate terms with the same slug in a term group and make slugs unique. - if ( $exists = $wpdb->get_results("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$slug'") ) { + if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) { $term_group = $exists[0]->term_group; $id = $exists[0]->term_id; $num = 2; do { $alt_slug = $slug . "-$num"; $num++; - $slug_check = $wpdb->get_var("SELECT slug FROM $wpdb->terms WHERE slug = '$alt_slug'"); + $slug_check = $wpdb->get_var( $wpdb->prepare("SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug) ); } while ( $slug_check ); $slug = $alt_slug; if ( empty( $term_group ) ) { $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1; - $wpdb->query("UPDATE $wpdb->terms SET term_group = '$term_group' WHERE term_id = '$id'"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $id) ); } } - $wpdb->query("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES ('$term_id', '$name', '$slug', '$term_group')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES + (%d, %s, %s, %d)", $term_id, $name, $slug, $term_group) ); $count = 0; if ( !empty($category->category_count) ) { $count = (int) $category->category_count; $taxonomy = 'category'; - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } if ( !empty($category->link_count) ) { $count = (int) $category->link_count; $taxonomy = 'link_category'; - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } @@ -601,14 +598,14 @@ function upgrade_230() { $have_tags = true; $count = (int) $category->tag_count; $taxonomy = 'post_tag'; - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } if ( empty($count) ) { $count = 0; $taxonomy = 'category'; - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } } @@ -628,7 +625,7 @@ function upgrade_230() { if ( empty($tt_id) ) continue; - $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post_id', '$tt_id')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $post_id, $tt_id) ); } // < 3570 we used linkcategories. >= 3570 we used categories and link2cat. @@ -647,20 +644,20 @@ function upgrade_230() { $term_group = 0; // Associate terms with the same slug in a term group and make slugs unique. - if ( $exists = $wpdb->get_results("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$slug'") ) { + if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) { $term_group = $exists[0]->term_group; $term_id = $exists[0]->term_id; } if ( empty($term_id) ) { - $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$name', '$slug', '$term_group')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES (%s, %s, %d)", $name, $slug, $term_group) ); $term_id = (int) $wpdb->insert_id; } $link_cat_id_map[$cat_id] = $term_id; $default_link_cat = $term_id; - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', 'link_category', '', '0', '0')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES (%d, 'link_category', '', '0', '0')", $term_id) ); $tt_ids[$term_id] = (int) $wpdb->insert_id; } @@ -676,7 +673,7 @@ function upgrade_230() { if ( empty($tt_id) ) continue; - $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$link->link_id', '$tt_id')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link->link_id, $tt_id) ); } // Set default to the last category we grabbed during the upgrade loop. @@ -691,7 +688,7 @@ function upgrade_230() { if ( empty($tt_id) ) continue; - $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$link_id', '$tt_id')"); + $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link_id, $tt_id) ); } } @@ -704,10 +701,10 @@ function upgrade_230() { $terms = $wpdb->get_results("SELECT term_taxonomy_id, taxonomy FROM $wpdb->term_taxonomy"); foreach ( (array) $terms as $term ) { if ( ('post_tag' == $term->taxonomy) || ('category' == $term->taxonomy) ) - $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = '$term->term_taxonomy_id'"); + $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id) ); else - $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = '$term->term_taxonomy_id'"); - $wpdb->query("UPDATE $wpdb->term_taxonomy SET count = '$count' WHERE term_taxonomy_id = '$term->term_taxonomy_id'"); + $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term->term_taxonomy_id) ); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_taxonomy_id = %d", $count, $term->term_taxonomy_id) ); } } @@ -756,6 +753,10 @@ function upgrade_252() { $wpdb->query("UPDATE $wpdb->users SET user_activation_key = ''"); } +function upgrade_260() { + populate_roles_260(); +} + // The functions we use to actually do stuff // General @@ -850,7 +851,7 @@ function __get_option($setting) { return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) ); } - $option = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting'"); + $option = $wpdb->get_var( $wpdb->prepare("SELECT option_value FROM $wpdb->options WHERE option_name = %s", $setting) ); if ( 'home' == $setting && '' == $option ) return __get_option('siteurl'); @@ -1100,7 +1101,7 @@ function make_db_current_silent() { function make_site_theme_from_oldschool($theme_name, $template) { $home_path = get_home_path(); - $site_dir = ABSPATH . "wp-content/themes/$template"; + $site_dir = WP_CONTENT_DIR . "/themes/$template"; if (! file_exists("$home_path/index.php")) return false; @@ -1119,7 +1120,7 @@ function make_site_theme_from_oldschool($theme_name, $template) { if ($oldfile == 'index.php') { // Check to make sure it's not a new index $index = implode('', file("$oldpath/$oldfile")); if (strpos($index, 'WP_USE_THEMES') !== false) { - if (! @copy(ABSPATH . 'wp-content/themes/default/index.php', "$site_dir/$newfile")) + if (! @copy(WP_CONTENT_DIR . '/themes/default/index.php', "$site_dir/$newfile")) return false; continue; // Don't copy anything } @@ -1167,8 +1168,8 @@ function make_site_theme_from_oldschool($theme_name, $template) { } function make_site_theme_from_default($theme_name, $template) { - $site_dir = ABSPATH . "wp-content/themes/$template"; - $default_dir = ABSPATH . 'wp-content/themes/default'; + $site_dir = WP_CONTENT_DIR . "/themes/$template"; + $default_dir = WP_CONTENT_DIR . '/themes/default'; // Copy files from the default theme to the site theme. //$files = array('index.php', 'comments.php', 'comments-popup.php', 'footer.php', 'header.php', 'sidebar.php', 'style.css'); @@ -1226,7 +1227,7 @@ function make_site_theme() { // Name the theme after the blog. $theme_name = __get_option('blogname'); $template = sanitize_title($theme_name); - $site_dir = ABSPATH . "wp-content/themes/$template"; + $site_dir = WP_CONTENT_DIR . "/themes/$template"; // If the theme already exists, nothing to do. if ( is_dir($site_dir)) { @@ -1234,7 +1235,7 @@ function make_site_theme() { } // We must be able to write to the themes dir. - if (! is_writable(ABSPATH . "wp-content/themes")) { + if (! is_writable(WP_CONTENT_DIR . "/themes")) { return false; } diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php index d25404f..4c02592 100644 --- a/wp-admin/includes/user.php +++ b/wp-admin/includes/user.php @@ -140,12 +140,8 @@ function edit_user( $user_id = 0 ) { function get_author_user_ids() { global $wpdb; - // wpmu site admins don't have user_levels - $level_key = $wpdb->prefix . 'capabilities'; - - $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value != '0'"; - - return $wpdb->get_col( $query ); + $level_key = $wpdb->prefix . 'capabilities'; // wpmu site admins don't have user_levels + return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0'", $level_key) ); } function get_editable_authors( $user_id ) { @@ -175,10 +171,9 @@ function get_editable_user_ids( $user_id, $exclude_zeros = true ) { return false; } - // wpmu site admins don't have user_levels - $level_key = $wpdb->prefix . 'capabilities'; + $level_key = $wpdb->prefix . 'capabilities'; // wpmu site admins don't have user_levels - $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key'"; + $query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key); if ( $exclude_zeros ) $query .= " AND meta_value != 'a:1:{s:10:\"subscriber\";b:1;}'"; @@ -187,12 +182,9 @@ function get_editable_user_ids( $user_id, $exclude_zeros = true ) { function get_nonauthor_user_ids() { global $wpdb; - // wpmu site admins don't have user_levels - $level_key = $wpdb->prefix . 'capabilities'; + $level_key = $wpdb->prefix . 'capabilities'; // wpmu site admins don't have user_levels - $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value = '0'"; - - return $wpdb->get_col( $query ); + return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0'", $level_key) ); } function get_others_unpublished_posts($user_id, $type='any') { @@ -211,7 +203,7 @@ function get_others_unpublished_posts($user_id, $type='any') { $other_unpubs = ''; } else { $editable = join(',', $editable); - $other_unpubs = $wpdb->get_results("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != '$user_id' ORDER BY post_modified $dir"); + $other_unpubs = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != %d ORDER BY post_modified $dir", $user_id) ); } return apply_filters('get_others_drafts', $other_unpubs); @@ -244,8 +236,7 @@ function get_user_to_edit( $user_id ) { function get_users_drafts( $user_id ) { global $wpdb; - $user_id = (int) $user_id; - $query = "SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = $user_id ORDER BY post_modified DESC"; + $query = $wpdb->prepare("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id); $query = apply_filters('get_users_drafts', $query); return $wpdb->get_results( $query ); } @@ -256,7 +247,7 @@ function wp_delete_user($id, $reassign = 'novalue') { $id = (int) $id; if ($reassign == 'novalue') { - $post_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_author = $id"); + $post_ids = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) ); if ($post_ids) { foreach ($post_ids as $post_id) @@ -264,11 +255,11 @@ function wp_delete_user($id, $reassign = 'novalue') { } // Clean links - $wpdb->query("DELETE FROM $wpdb->links WHERE link_owner = $id"); + $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_owner = %d", $id) ); } else { $reassign = (int) $reassign; - $wpdb->query("UPDATE $wpdb->posts SET post_author = {$reassign} WHERE post_author = {$id}"); - $wpdb->query("UPDATE $wpdb->links SET link_owner = {$reassign} WHERE link_owner = {$id}"); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) ); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d}", $reassign, $id) ); } // FINALLY, delete user @@ -325,7 +316,7 @@ class WP_User_Search { function prepare_query() { global $wpdb; $this->first_user = ($this->page - 1) * $this->users_per_page; - $this->query_limit = ' LIMIT ' . $this->first_user . ',' . $this->users_per_page; + $this->query_limit = $wpdb->prepare(" LIMIT %d, %d", $this->first_user, $this->users_per_page); $this->query_sort = ' ORDER BY user_login'; $search_sql = ''; if ( $this->search_term ) { @@ -339,7 +330,7 @@ class WP_User_Search { $this->query_from_where = "FROM $wpdb->users"; if ( $this->role ) - $this->query_from_where .= " INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE '%$this->role%'"; + $this->query_from_where .= $wpdb->prepare(" INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE %s", '%' . $this->role . '%'); else $this->query_from_where .= ", $wpdb->usermeta WHERE $wpdb->users.ID = $wpdb->usermeta.user_id AND meta_key = '{$wpdb->prefix}capabilities'"; $this->query_from_where .= " $search_sql"; diff --git a/wp-admin/includes/widgets.php b/wp-admin/includes/widgets.php index 09936b7..79a4f1a 100644 --- a/wp-admin/includes/widgets.php +++ b/wp-admin/includes/widgets.php @@ -102,7 +102,7 @@ function wp_list_widgets( $show = 'all', $_search = false ) {

  • - + @@ -116,6 +116,8 @@ function wp_list_widgets( $show = 'all', $_search = false ) { +
    +

    @@ -228,7 +230,7 @@ function wp_widget_control( $sidebar_args ) { echo $sidebar_args['before_widget']; ?>
    -

    +

    @@ -240,6 +242,8 @@ function wp_widget_control( $sidebar_args ) { +
    +

    > @@ -282,10 +286,4 @@ function wp_widget_control_ob_filter( $string ) { return trim( wp_specialchars( strip_tags( $string ) ) ); } -function widget_css() { - wp_admin_css( 'css/widgets' ); -} - -add_action( 'admin_head', 'widget_css' ); - ?> diff --git a/wp-admin/index.php b/wp-admin/index.php index 15bc950..3a10bcf 100644 --- a/wp-admin/index.php +++ b/wp-admin/index.php @@ -26,12 +26,8 @@ jQuery(function($) { } add_action( 'admin_head', 'index_js' ); -function index_css() { - wp_admin_css( 'css/dashboard' ); -} -add_action( 'admin_head', 'index_css' ); - wp_enqueue_script( 'jquery' ); +wp_admin_css( 'dashboard' ); $title = __('Dashboard'); $parent_file = 'index.php'; @@ -110,13 +106,12 @@ if ( $can_switch_themes = current_user_can( 'switch_themes' ) ) $widgets_text = "$widgets_text"; ?>

    - title, $widgets_text ); ?> + title, $widgets_text ); ?>

    -
    diff --git a/wp-admin/install-helper.php b/wp-admin/install-helper.php index d124b1a..8f04418 100644 --- a/wp-admin/install-helper.php +++ b/wp-admin/install-helper.php @@ -1,5 +1,6 @@ ' + text + ''); + + $('#TB_iframeContent').width('100%'); + return false; + } ); + + $(window).resize( function() { thickDims() } ); +}); diff --git a/wp-admin/js/word-count.js b/wp-admin/js/word-count.js new file mode 100644 index 0000000..9e3c1df --- /dev/null +++ b/wp-admin/js/word-count.js @@ -0,0 +1,39 @@ +// Word count +(function(JQ) { + wpWordCount = { + + init : function() { + var t = this, last = 0, co = JQ('#content'); + + JQ('#wp-word-count').html( wordCountL10n.count.replace( /%d/, '0' ) ); + t.block = 0; + t.wc(co.val()); + co.keyup( function(e) { + if ( e.keyCode == last ) return true; + if ( 13 == e.keyCode || 8 == last || 46 == last ) t.wc(co.val()); + last = e.keyCode; + return true; + }); + }, + + wc : function(tx) { + var t = this, w = JQ('#word-count'), tc = 0; + + if ( t.block ) return; + t.block = 1; + + setTimeout( function() { + if ( tx ) { + tx = tx.replace( /<.[^<>]*?>/g, ' ' ).replace( / /gi, ' ' ); + tx = tx.replace( /[0-9.(),;:!?%#$¿'"_+=\\/-]*/g, '' ); + tx.replace( /\S\s+/g, function(){tc++;} ); + } + w.html(tc.toString()); + + setTimeout( function() { t.block = 0; }, 2000 ); + }, 1 ); + } + } +}(jQuery)); + +jQuery(document).ready( function(){ wpWordCount.init(); } ); diff --git a/wp-admin/js/wp-gears.js b/wp-admin/js/wp-gears.js new file mode 100644 index 0000000..22b5c00 --- /dev/null +++ b/wp-admin/js/wp-gears.js @@ -0,0 +1,83 @@ + +wpGears = { + + createStore : function() { + if ( 'undefined' == typeof google || ! google.gears ) return; + + if ( 'undefined' == typeof localServer ) + localServer = google.gears.factory.create("beta.localserver"); + + store = localServer.createManagedStore(this.storeName()); + store.manifestUrl = "gears-manifest.php"; + store.checkForUpdate(); + this.message(); + }, + + getPermission : function() { + if ( 'undefined' != typeof google && google.gears ) { + if ( ! google.gears.factory.hasPermission ) + google.gears.factory.getPermission( 'WordPress', 'images/logo.gif' ); + + try { + this.createStore(); + } catch(e) {} // silence if canceled + } + }, + + storeName : function() { + var name = window.location.protocol + window.location.host; + + name = name.replace(/[\/\\:*"?<>|;,]+/g, '_'); // gears beta doesn't allow certain chars in the store name + name = 'wp_' + name.substring(0, 60); // max length of name is 64 chars + + return name; + }, + + message : function(show) { + var t = this, msg1 = t.I('gears-msg1'), msg2 = t.I('gears-msg2'), msg3 = t.I('gears-msg3'), num = t.I('gears-upd-number'), wait = t.I('gears-wait'); + + if ( ! msg1 ) return; + + if ( 'undefined' != typeof google && google.gears ) { + if ( google.gears.factory.hasPermission ) { + msg1.style.display = msg2.style.display = 'none'; + msg3.style.display = 'block'; + + if ( 'undefined' == typeof store ) + t.createStore(); + + store.oncomplete = function(){wait.innerHTML = (' ' + wpGearsL10n.updateCompleted);}; + store.onerror = function(){wait.innerHTML = (' ' + wpGearsL10n.error + ' ' + store.lastErrorMessage);}; + store.onprogress = function(e){if(num) num.innerHTML = (' ' + e.filesComplete + ' / ' + e.filesTotal);}; + } else { + msg1.style.display = msg3.style.display = 'none'; + msg2.style.display = 'block'; + } + } + + if ( show ) t.I('gears-info-box').style.display = 'block'; + }, + + I : function(id) { + return document.getElementById(id); + } +} + +function gearsInit() { + if ( 'undefined' != typeof google && google.gears ) return; + + var gf = false; + if ( 'undefined' != typeof GearsFactory ) { // Firefox + gf = new GearsFactory(); + } else { // IE + try { + gf = new ActiveXObject('Gears.Factory'); + } catch (e) {} + } + + if ( ! gf ) return; + if ( 'undefined' == typeof google ) google = {}; + if ( ! google.gears ) google.gears = { factory : gf }; +} + +gearsInit(); diff --git a/wp-admin/link-add.php b/wp-admin/link-add.php index 20e60fd..c99fe4e 100644 --- a/wp-admin/link-add.php +++ b/wp-admin/link-add.php @@ -13,7 +13,6 @@ wp_reset_vars(array('action', 'cat_id', 'linkurl', 'name', 'image', wp_enqueue_script('link'); wp_enqueue_script('xfn'); -wp_enqueue_script('thickbox'); require('admin-header.php'); ?> diff --git a/wp-admin/link-import.php b/wp-admin/link-import.php index 741a4dd..cefca95 100644 --- a/wp-admin/link-import.php +++ b/wp-admin/link-import.php @@ -30,19 +30,19 @@ switch ($step) {
    -

    - +

    +
    -

    +

    -


    - add new)' ), 'link-add.php' ); ?>

    +

    @@ -141,7 +142,7 @@ if ( $links ) {
    • @@ -831,7 +831,7 @@ function meta_form() { echo "\n\t"; } ?> - +
    "; - if ( !current_user_can('edit_plugins') ) + echo '
    '; + if ( ! current_user_can('update_plugins') ) printf( __('There is a new version of %1$s available. Download version %3$s here.'), $plugin_data['Name'], $r->url, $r->new_version); else if ( empty($r->package) ) printf( __('There is a new version of %1$s available. Download version %3$s here automatic upgrade unavailable for this plugin.'), $plugin_data['Name'], $r->url, $r->new_version); else - printf( __('There is a new version of %1$s available. Download version %3$s here or upgrade automatically.'), $plugin_data['Name'], $r->url, $r->new_version, wp_nonce_url("update.php?action=upgrade-plugin&plugin=$file", 'upgrade-plugin_' . $file) ); + printf( __('There is a new version of %1$s available. Download version %3$s here or upgrade automatically.'), $plugin_data['Name'], $r->url, $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) ); - echo "
    - + diff --git a/wp-admin/link-parse-opml.php b/wp-admin/link-parse-opml.php index 0e5edf0..1cd27d0 100644 --- a/wp-admin/link-parse-opml.php +++ b/wp-admin/link-parse-opml.php @@ -1,5 +1,5 @@ diff --git a/wp-admin/options-discussion.php b/wp-admin/options-discussion.php index 09f380e..ce524f6 100644 --- a/wp-admin/options-discussion.php +++ b/wp-admin/options-discussion.php @@ -15,7 +15,7 @@ include('admin-header.php');
    - + - + - + - + - +
    +
    @@ -29,11 +29,11 @@ include('admin-header.php');
    -
    +
    @@ -41,11 +41,11 @@ include('admin-header.php'); -
    +
    @@ -53,62 +53,98 @@ include('admin-header.php');
    -
    -

    ' ) ?>

    +
    +

    -

    moderation queue. One word or IP per line. It will match inside words, so "press" will match "WordPress".') ?>

    +

    -
    -

    +
    +

    -

    -

    Gravatars — short for Globally Recognized Avatars — for the pictures that show up next to comments. Plugins may override this.'); ?>

    +

    - - + + - + + + + +
    +
    __("Don’t show Avatars"), 1 => __('Show Avatars')); foreach ( $yesorno as $key => $value) { $selected = (get_option('show_avatars') == $key) ? 'checked="checked"' : ''; - echo "\n\t
    "; + echo "\n\t
    "; } ?> -
    +
    __('G — Suitable for all audiences'), 'PG' => __('PG — Possibly offensive, usually for audiences 13 and above'), 'R' => __('R — Intended for adult audiences above 17'), 'X' => __('X — Even more mature than above')); foreach ($ratings as $key => $rating) : $selected = (get_option('avatar_rating') == $key) ? 'checked="checked"' : ''; - echo "\n\t
    "; + echo "\n\t
    "; endforeach; ?> -
    + +
    + + __('Mystery Man'), + 'blank' => __('Blank'), + 'gravatar_default' => __('Gravatar Logo'), + 'identicon' => __('Identicon (Generated)'), + 'wavatar' => __('Wavatar (Generated)'), + 'monsterid' => __('MonsterID (Generated)') +); +$avatar_defaults = apply_filters('avatar_defaults', $avatar_defaults); +$default = get_option('avatar_default'); +if ( empty($default) ) + $default = 'mystery'; +$size = 32; +$avatar_list = ''; +foreach ( $avatar_defaults as $default_key => $default_name ) { + $selected = ($default == $default_key) ? 'checked="checked" ' : ''; + $avatar_list .= "\n\t'; + $avatar_list .= '
    '; +} +echo apply_filters('default_avatar_select', $avatar_list); +?> + +
    diff --git a/wp-admin/options-general.php b/wp-admin/options-general.php index 8fdf3ef..d37bcee 100644 --- a/wp-admin/options-general.php +++ b/wp-admin/options-general.php @@ -14,33 +14,35 @@ include('./admin-header.php'); - + - + - - + + +The new address will not become active until confirmed.') ?> - - + - + - + - + - + - +
    +

    - The new address will not become active until confirmed.') ?>
    +
    -
    UTC time is %s'), gmdate(__('Y-m-d G:i:s'))); ?>
    -%2$s'), $current_offset_name, gmdate(__('Y-m-d G:i:s'), current_time('timestamp'))); ?> +%2$s'), $current_offset_name, gmdate(__('Y-m-d G:i:s'), current_time('timestamp'))); ?>
    +



    Documentation on date formatting. Click "Save Changes" to update sample output.') ?>
    +

    /> -
    +
    -
    diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php index 5b4b6b2..06ad149 100644 --- a/wp-admin/options-permalink.php +++ b/wp-admin/options-permalink.php @@ -180,11 +180,11 @@ $structures = array( - - + + - +
    domain.$current_site->path == $current_blog->domain.$current_blog->path ) { echo "/blog"; $category_base = str_replace( "/blog", "", $category_base ); }?> domain.$current_site->path == $current_blog->domain.$current_blog->path ) { echo "/blog"; $category_base = str_replace( "/blog", "", $category_base ); }?>
    domain.$current_site->path == $current_blog->domain.$current_blog->path ) { echo "/blog"; $tag_base = str_replace( "/blog", "", $tag_base ); }?>
    diff --git a/wp-admin/options-privacy.php b/wp-admin/options-privacy.php index c3f68dc..6cd927d 100644 --- a/wp-admin/options-privacy.php +++ b/wp-admin/options-privacy.php @@ -18,13 +18,13 @@ if( trim( get_option('blog_public') ) == '' ) - +
    +

    />

    />

    -
    diff --git a/wp-admin/options-reading.php b/wp-admin/options-reading.php index 147841a..18181ff 100644 --- a/wp-admin/options-reading.php +++ b/wp-admin/options-reading.php @@ -16,7 +16,7 @@ include('admin-header.php'); - +

      -
      • -
      • +
    • ".__('Front page: %s')."", wp_dropdown_pages("name=page_on_front&echo=0&show_option_none=".__('- Select -')."&selected=" . get_option('page_on_front'))); ?>
      • +
    • ".__('Posts page: %s')."", wp_dropdown_pages("name=page_for_posts&echo=0&show_option_none=".__('- Select -')."&selected=" . get_option('page_for_posts'))); ?>
    @@ -38,29 +38,29 @@ include('admin-header.php');

    - +
    - + - + - +


    - +
    - +
    recommended)') ?> diff --git a/wp-admin/options-writing.php b/wp-admin/options-writing.php index 5734415..83c2d6f 100644 --- a/wp-admin/options-writing.php +++ b/wp-admin/options-writing.php @@ -14,21 +14,21 @@ include('admin-header.php'); - + - + - + - +
    +

    -
    + // Sanitize all displayed data + $plugin_data['Title'] = wp_kses($plugin_data['Title'], $plugins_allowedtags); + $plugin_data['Version'] = wp_kses($plugin_data['Version'], $plugins_allowedtags); + $plugin_data['Description'] = wp_kses($plugin_data['Description'], $plugins_allowedtags); + $plugin_data['Author'] = wp_kses($plugin_data['Author'], $plugins_allowedtags); + if( ! empty($plugin_data['Author']) ) + $plugin_data['Description'] .= ' ' . sprintf( __('By %s'), $plugin_data['Author'] ) . '.'; + + if ( is_plugin_active($plugin_file) ) { + $active_plugins[ $plugin_file ] = $plugin_data; + } else { + if ( isset( $recently_activated[ $plugin_file ] ) ) //Was the plugin recently activated? + $recent_plugins[ $plugin_file ] = $plugin_data; + else + $available_plugins[ $plugin_file ] = $plugin_data; + } +} + +?> + + +
    - - - - - + + + + + - + $plugin_data) { - $action_links = array(); - - $style = ''; - - if ( is_plugin_active($plugin_file) ) { - $action_links[] = "".__('Deactivate').""; - $style = 'active'; - } else { - $action_links[] = "".__('Activate').""; - } - $plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()); + if( empty($plugins) ) { + echo ' + + '; + } + foreach( (array)$plugins as $plugin_file => $plugin_data) { + $action_links = array(); - // Sanitize all displayed data - $plugin_data['Title'] = wp_kses($plugin_data['Title'], $plugins_allowedtags); - $plugin_data['Version'] = wp_kses($plugin_data['Version'], $plugins_allowedtags); - $plugin_data['Description'] = wp_kses($plugin_data['Description'], $plugins_allowedtags); - $plugin_data['Author'] = wp_kses($plugin_data['Author'], $plugins_allowedtags); - $author = ( empty($plugin_data['Author']) ) ? '' : ' ' . sprintf( __('By %s'), $plugin_data['Author'] ) . '.'; + if( 'active' == $context ) + $action_links[] = '' . __('Deactivate') . ''; + else //Available or Recently deactivated + $action_links[] = '' . __('Activate') . ''; - if ( $style != '' ) - $style = ' class="' . $style . '"'; + if ( current_user_can('edit_plugins') && is_writable(WP_PLUGIN_DIR . '/' . $plugin_file) ) + $action_links[] = '' . __('Edit') . ''; - $action_links = apply_filters('plugin_action_links', $action_links, $plugin_file, $plugin_info); + $action_links = apply_filters('plugin_action_links', $action_links, $plugin_file, $plugin_data, $context); echo " - + + - - - + - "; - do_action( 'after_plugin_row', $plugin_file ); + echo ' + '; + do_action( 'after_plugin_row', $plugin_file, $plugin_data, $context ); } ?>
    ' . __('No plugins to show') . '
    {$plugin_data['Title']} {$plugin_data['Version']}

    {$plugin_data['Description']}$author

    		"; - if ( is_plugin_active($plugin_file) ) - echo __('Active'); - else - _e('Inactive'); - echo "$toggle"; +

    {$plugin_data['Description']}

    		"; if ( !empty($action_links) ) echo implode(' | ', $action_links); - echo "
    - - +

    +
    + + +
    +
    + +
    +
    +
    + +
    + +

    %s directory and it will be automatically deactivated.'), WP_PLUGIN_DIR); ?>

    + + +

    +
    + + +
    +
    + +
    +
    +
    + +
    + + +

    +
    + + +
    +
    + +
    +
    +
    + +

    %s directory and it will be automatically deactivated.'), PLUGINDIR); ?>

    WordPress plugin directory.'); ?>

    -

    %s directory. Once a plugin is uploaded, you may activate it here.'), PLUGINDIR); ?>

    +

    %s directory. Once a plugin is uploaded, you may activate it here.'), WP_PLUGIN_DIR); ?>

    diff --git a/wp-admin/post-new.php b/wp-admin/post-new.php index 263783a..f1f2da5 100644 --- a/wp-admin/post-new.php +++ b/wp-admin/post-new.php @@ -7,8 +7,9 @@ wp_enqueue_script('autosave'); wp_enqueue_script('post'); if ( user_can_richedit() ) wp_enqueue_script('editor'); -wp_enqueue_script('thickbox'); +add_thickbox(); wp_enqueue_script('media-upload'); +wp_enqueue_script('word-count'); require_once ('./admin-header.php'); diff --git a/wp-admin/post.php b/wp-admin/post.php index b9400b7..f6daec9 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -80,16 +80,17 @@ case 'edit': if ( empty($post->ID) ) wp_die( __("You attempted to edit a post that doesn't exist. Perhaps it was deleted?") ); - if ( 'page' == $post->post_type ) { - wp_redirect("page.php?action=edit&post=$post_ID"); + if ( 'post' != $post->post_type ) { + wp_redirect( get_edit_post_link( $post->ID, 'url' ) ); exit(); } wp_enqueue_script('post'); if ( user_can_richedit() ) wp_enqueue_script('editor'); - wp_enqueue_script('thickbox'); + add_thickbox(); wp_enqueue_script('media-upload'); + wp_enqueue_script('word-count'); if ( current_user_can('edit_post', $post_ID) ) { if ( $last = wp_check_post_lock( $post->ID ) ) { @@ -159,8 +160,8 @@ case 'delete': } $sendback = wp_get_referer(); - if (strpos($sendback, 'post.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/post-new.php'; - elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php'; + if (strpos($sendback, 'post.php') !== false) $sendback = admin_url('post-new.php'); + elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php'); $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback); wp_redirect($sendback); exit(); diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php new file mode 100644 index 0000000..a0bfd1c --- /dev/null +++ b/wp-admin/press-this.php @@ -0,0 +1,503 @@ + + + $data) { + #quote for matching + $quoted = str_replace('/', '\/', preg_quote($data)); + + # see if files exist in content - we don't want to upload non-used selected files. + preg_match('/'.$quoted.'/', $_REQUEST['content'], $matches[0]); + if($matches[0]) + media_sideload_image($data, $post_ID, $_REQUEST['photo_description'][$key]); + } + $content = $_REQUEST['content']; + break; + + case "video": + if($_REQUEST['embed_code']) + $content .= $_REQUEST['embed_code']."\n\n"; + $content .= $_REQUEST['content']; + break; + } + # set the post_content + $quick['post_content'] = $content; + + #error handling for $post + if ( is_wp_error($post_ID) ) { + wp_die($id); + wp_delete_post($post_ID); + + #error handling for media_sideload + } else { + $quick['ID'] = $post_ID; + wp_update_post($quick); + } + return $post_ID; +} + + +function category_div() { ?> +
    +
    +
    +
    +

    +
    +
      + +
    +
    +

    +

    +
    + +
    +

    + + +

    +
    + + + + > + + + <?php _e('Press This') ?> + + + + + + + + +

    +
    + +
    + +

    + Click to insert.

    + +

    Insert Image | Cancel

    + +

    +
    + +
    +]+src=[\'"]([^\'" >]+?)[\'" >]/is'; + preg_match_all($pattern, $content, $matches); + if ( empty($matches[1]) ) return ''; + + $sources = array(); + + foreach ($matches[1] as $src) { + if ( false !== strpos($src, '&') ) continue; + if(strpos($src, 'http') === false) { + if(strpos($src, '../') === false && strpos($src, './') === false) { + $src = 'http://'.str_replace('//','/', $host['host'].'/'.$src); + } else { + $src = 'http://'.str_replace('//','/', $host['host'].'/'.$host['path'].'/'.$src); + } + } + $sources[] = $src; + } + return "'" . implode("','", $sources) . "'"; + } + + + echo 'new Array('.get_images_from_uri($url).')'; +die; +} + +if($_REQUEST['ajax'] == 'photo_js') { ?> + + var last = null + + function pick(img, desc) { + if (img) { + length = jQuery('.photolist input').length; + if(length == 0) length = 1; + jQuery('.photolist').append(''); + jQuery('.photolist').append(''); + append_editor('' + desc + ''); } + return false; + } + + var my_src, img, img_tag, aspect, w, h, skip, i, strtoappend = ""; + + var my_src = eval( + jQuery.ajax({ + type: "GET", + url: "", + cache : false, + async : false, + data: "ajax=photo_images&u=", + dataType : "script" + }).responseText); + + for (i = 0; i < my_src.length; i++) { + img = new Image(); + img.src = my_src[i]; + img_attr = 'id="img' + i; + skip = false; + + if (img.width && img.height) { + if (img.width * img.height < 2500) skip = true; + aspect = img.width / img.height; + if (aspect > 1) { // Image is wide + scale = 75 / img.width; + } else { // Image is tall or square + scale = 75 / img.height; + } + if (scale < 1) { + w = parseInt(img.width * scale); + h = parseInt(img.height * scale); + } else { + w = img.width; + h = img.height; + } + img_attr += ' style="width: ' + w + 'px; height: ' + h + 'px;"'; + } + + if (!skip) strtoappend += ''; + + } + + jQuery('#img_container').html(strtoappend); + + tb_init('a.thickbox, area.thickbox, input.thickbox'); //pass where to apply thickbox + + + +
    + + +
    +
    +
    + + + > + + + <?php _e('Press This') ?> + + + + + + + + + + +
    + + + +
    + +

    +
    + +
    + + +
    +

    +
    + +
    +
    + +
    + +
    + + + diff --git a/wp-admin/revision.php b/wp-admin/revision.php new file mode 100644 index 0000000..a00fa81 --- /dev/null +++ b/wp-admin/revision.php @@ -0,0 +1,209 @@ +post_parent ) ) + break; + if ( !$post = get_post( $revision->post_parent ) ) + break; + + if ( !constant('WP_POST_REVISIONS') && !wp_is_post_autosave( $revision ) ) // Revisions disabled and we're not looking at an autosave + break; + + check_admin_referer( "restore-post_$post->ID|$revision->ID" ); + + wp_restore_post_revision( $revision->ID ); + $redirect = add_query_arg( array( 'message' => 5, 'revision' => $revision->ID ), get_edit_post_link( $post->ID, 'url' ) ); + break; +case 'diff' : + if ( !$left_revision = get_post( $left ) ) + break; + if ( !$right_revision = get_post( $right ) ) + break; + + if ( !current_user_can( 'read_post', $left_revision->ID ) || !current_user_can( 'read_post', $right_revision->ID ) ) + break; + + // Don't allow reverse diffs? + if ( strtotime($right_revision->post_modified_gmt) < strtotime($left_revision->post_modified_gmt) ) { + $redirect = add_query_arg( array( 'left' => $right, 'right' => $left ) ); + break; + } + + if ( $left_revision->ID == $right_revision->post_parent ) // right is a revision of left + $post =& $left_revision; + elseif ( $left_revision->post_parent == $right_revision->ID ) // left is a revision of right + $post =& $right_revision; + elseif ( $left_revision->post_parent == $right_revision->post_parent ) // both are revisions of common parent + $post = get_post( $left_revision->post_parent ); + else + break; // Don't diff two unrelated revisions + + if ( !constant('WP_POST_REVISIONS') ) { // Revisions disabled + if ( + // we're not looking at an autosave + ( !wp_is_post_autosave( $left_revision ) && !wp_is_post_autosave( $right_revision ) ) + || + // we're not comparing an autosave to the current post + ( $post->ID !== $left_revision->ID && $post->ID !== $right_revision->ID ) + ) + break; + } + + if ( + // They're the same + $left_revision->ID == $right_revision->ID + || + // Neither is a revision + ( !wp_get_post_revision( $left_revision->ID ) && !wp_get_post_revision( $right_revision->ID ) ) + ) + break; + + $post_title = '' . get_the_title() . ''; + $h2 = sprintf( __( 'Compare Revisions of “%1$s”' ), $post_title ); + + $left = $left_revision->ID; + $right = $right_revision->ID; + + $redirect = false; + break; +case 'view' : +default : + if ( !$revision = wp_get_post_revision( $revision_id ) ) + break; + if ( !$post = get_post( $revision->post_parent ) ) + break; + + if ( !current_user_can( 'read_post', $revision->ID ) || !current_user_can( 'read_post', $post->ID ) ) + break; + + if ( !constant('WP_POST_REVISIONS') && !wp_is_post_autosave( $revision ) ) // Revisions disabled and we're not looking at an autosave + break; + + $post_title = '' . get_the_title() . ''; + $revision_title = wp_post_revision_title( $revision, false ); + $h2 = sprintf( __( 'Post Revision for “%1$s” created on %2$s' ), $post_title, $revision_title ); + + // Sets up the diff radio buttons + $left = $revision->ID; + $right = $post->ID; + + $redirect = false; + break; +endswitch; + +if ( !$redirect && !in_array( $post->post_type, array( 'post', 'page' ) ) ) + $redirect = 'edit.php'; + +if ( $redirect ) { + wp_redirect( $redirect ); + exit; +} + +if ( 'page' == $post->post_type ) { + $submenu_file = 'edit-pages.php'; + $title = __( 'Page Revisions' ); +} else { + $submenu_file = 'edit.php'; + $title = __( 'Post Revisions' ); +} + +// Converts post_author ID# into name +add_filter( '_wp_post_revision_field_post_author', 'get_author_name' ); + +require_once( 'admin-header.php' ); + +?> + +
    + +

    + + + + + + + + + $field_title ) : + if ( 'diff' == $action ) { + $left_content = apply_filters( "_wp_post_revision_field_$field", $left_revision->$field, $field ); + $right_content = apply_filters( "_wp_post_revision_field_$field", $right_revision->$field, $field ); + if ( !$content = wp_text_diff( $left_content, $right_content ) ) + continue; // There is no difference between left and right + $identical = false; + } else { + add_filter( "_wp_post_revision_field_$field", 'htmlspecialchars' ); + $content = apply_filters( "_wp_post_revision_field_$field", $revision->$field, $field ); + } + ?> + + + + + + + + + + + + +
    + + +

    + +
    + +

    + + 'form-table', 'parent' => true, 'right' => $right, 'left' => $left ); +if ( !constant( 'WP_POST_REVISIONS' ) ) + $args['type'] = 'autosave'; + +wp_list_post_revisions( $post, $args ); + +?> + +
    + +The file 'wp-config.php' already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try installing now.

    "); +// Check if wp-config.php exists above the root directory +if (file_exists('../../wp-config.php')) + wp_die("

    The file 'wp-config.php' already exists one level above your WordPress installation. If you need to reset any of the configuration items in this file, please delete it first. You may try installing now.

    "); + if (isset($_GET['step'])) $step = $_GET['step']; else @@ -69,28 +73,28 @@ switch($step) {

    Below you should enter your database connection details. If you're not sure about these, contact your host.

    - - + + - - + + - - + + - - + + - - + +
    Database Name The name of the database you want to run WP in.
    User Name Your MySQL username
    Password ...and MySQL password.
    Database Host 99% chance you won't need to change this value.
    Table Prefix If you want to run multiple WordPress installations in a single database, change this.
    diff --git a/wp-admin/sidebar.php b/wp-admin/sidebar.php index 9287285..43465ab 100644 --- a/wp-admin/sidebar.php +++ b/wp-admin/sidebar.php @@ -14,8 +14,9 @@ if ('b' == $_GET['a']) { <?php _e('WordPress › Posted'); ?> @@ -32,8 +33,9 @@ wp_admin_css(); <?php _e('WordPress › Sidebar'); ?>