From 9415bbca12c01c39da58e0ed2c4e6b44ff833e5d Mon Sep 17 00:00:00 2001 From: donncha Date: Thu, 30 Nov 2006 18:54:22 +0000 Subject: WP Merge to 4559 git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@816 7be80a69-a1ef-0310-a953-fb0f7c49ff36 --- wp-admin/admin-functions.php | 54 +++++++++++++++++++++++++++++++---- wp-admin/cat-js.php | 2 +- wp-admin/comment.php | 16 +++++------ wp-admin/dbx-admin-key-js.php | 24 ++++++++-------- wp-admin/edit-comments.php | 10 +++---- wp-admin/edit-page-form.php | 2 +- wp-admin/edit.php | 4 +-- wp-admin/export.php | 65 ++++++++++++++++++++++++++++++++++++++++++ wp-admin/import/blogger.php | 8 +++--- wp-admin/import/wordpress.php | 34 +++++++++++++++++++++- wp-admin/link-add.php | 2 +- wp-admin/link-manager.php | 4 +-- wp-admin/moderation.php | 2 +- wp-admin/plugins.php | 10 ++++++- wp-admin/upgrade-functions.php | 3 ++ wp-admin/upload-js.php | 36 +++++++++++------------ wp-admin/upload.css | 1 - wp-admin/users.php | 8 +++--- 18 files changed, 217 insertions(+), 68 deletions(-) (limited to 'wp-admin') diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index 8da7ff0..aaf16ca 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -444,7 +444,7 @@ function edit_user( $user_id = 0 ) { $user->user_email = wp_specialchars( trim( $_POST['email'] )); if ( isset( $_POST['url'] ) ) { $user->user_url = wp_specialchars( trim( $_POST['url'] )); - $user->user_url = preg_match( '/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url ) ? $user->user_url : 'http://'.$user->user_url; + $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; } if ( isset( $_POST['first_name'] )) $user->first_name = wp_specialchars( trim( $_POST['first_name'] )); @@ -558,7 +558,7 @@ function edit_link( $link_id = '' ) { wp_die( __("Cheatin' uh ?" )); $_POST['link_url'] = wp_specialchars( $_POST['link_url'] ); - $_POST['link_url'] = preg_match( '/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url'] ) ? $_POST['link_url'] : 'http://' . $_POST['link_url']; + $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url']; $_POST['link_name'] = wp_specialchars( $_POST['link_name'] ); $_POST['link_image'] = wp_specialchars( $_POST['link_image'] ); $_POST['link_rss'] = wp_specialchars( $_POST['link_rss'] ); @@ -598,7 +598,10 @@ function return_categories_list( $parent = 0 ) { } function sort_cats( $cat1, $cat2 ) { - return strcasecmp( $cat1['cat_name'], $cat2['cat_name'] ); + if ( $cat1['checked'] || $cat2['checked'] ) + return ( $cat1['checked'] && !$cat2['checked'] ) ? -1 : 1; + else + return strcasecmp( $cat1['cat_name'], $cat2['cat_name'] ); } function get_nested_categories( $default = 0, $parent = 0 ) { @@ -758,7 +761,7 @@ function _cat_row( $category, $level, $name_override = false ) { $category->cat_ID " . ( $name_override ? $name_override : $pad . ' ' . $category->cat_name ) . " $category->category_description - $category->category_count + $category->category_count $category->link_count $edit\n\t\n"; } @@ -1037,7 +1040,8 @@ function meta_form() { GROUP BY meta_key ORDER BY meta_id DESC LIMIT $limit" ); - natcasesort( $keys ); + if ( $keys ) + natcasesort($keys); ?>

@@ -1991,13 +1995,14 @@ function wp_import_handle_upload() { return $file; $url = $file['url']; + $type = $file['type']; $file = addslashes( $file['file'] ); $filename = basename( $file ); // Construct the object array $object = array( 'post_title' => $filename, 'post_content' => $url, - 'post_mime_type' => 'import', + 'post_mime_type' => $type, 'guid' => $url ); @@ -2077,6 +2082,43 @@ function wp_reset_vars( $vars ) { } } + +function wp_check_for_changed_slugs($post_id) { + if ( !strlen($_POST['wp-old-slug']) ) + return $post_id; + + $post = &get_post($post_id); + + // we're only concerned with published posts + if ( $post->post_status != 'publish' || $post->post_type != 'post' ) + return $post_id; + + // only bother if the slug has changed + if ( $post->post_name == $_POST['wp-old-slug'] ) + return $post_id; + + $old_slugs = get_post_meta($post_id, '_wp_old_slug'); + + // if we haven't added this old slug before, add it now + if ( !count($old_slugs) || !in_array($_POST['wp-old-slug'], $old_slugs) ) + add_post_meta($post_id, '_wp_old_slug', $_POST['wp-old-slug']); + + // if the new slug was used previously, delete it from the list + if ( in_array($post->post_name, $old_slugs) ) + delete_post_meta($post_id, '_wp_old_slug', $post->post_name); + + return $post_id; +} + + +function wp_remember_old_slug() { + global $post; + $name = wp_specialchars($post->post_name); // just in case + if ( strlen($name) ) + echo ''; +} + + // If siteurl or home changed, reset cookies and flush rewrite rules. function update_home_siteurl( $old_value, $value ) { global $wp_rewrite, $user_login, $user_pass_md5; diff --git a/wp-admin/cat-js.php b/wp-admin/cat-js.php index e1b0e28..35df2c8 100644 --- a/wp-admin/cat-js.php +++ b/wp-admin/cat-js.php @@ -8,7 +8,7 @@ function newCatAddIn() { var jaxcat = $('jaxcat'); if ( !jaxcat ) return false; - jaxcat.update(''); + jaxcat.update(''); $('newcat').onkeypress = function(e) { return killSubmit("catList.ajaxAdder('category','jaxcat');", e); }; $('catadd').onclick = function() { catList.ajaxAdder('category', 'jaxcat'); }; } diff --git a/wp-admin/comment.php b/wp-admin/comment.php index 8ce3cd8..a583264 100644 --- a/wp-admin/comment.php +++ b/wp-admin/comment.php @@ -18,7 +18,7 @@ case 'editcomment': $comment = (int) $_GET['c']; if ( ! $comment = get_comment($comment) ) - wp_die(sprintf(__('Oops, no comment with this ID. Go back!'), 'javascript:history.go(-1)')); + wp_die(__('Oops, no comment with this ID.').sprintf(' '.__('Go back').'!', 'javascript:history.go(-1)')); if ( !current_user_can('edit_post', $comment->comment_post_ID) ) wp_die( __('You are not allowed to edit comments on this post.') ); @@ -40,7 +40,7 @@ case 'mac': $nonce_action .= $comment; if ( ! $comment = get_comment($comment) ) - wp_die(sprintf(__('Oops, no comment with this ID. Go back!'), 'edit.php')); + wp_die(__('Oops, no comment with this ID.').sprintf(' '.__('Go back').'!', 'edit.php')); if ( !current_user_can('edit_post', $comment->comment_post_ID) ) wp_die( 'cdc' == $action ? __('You are not allowed to delete comments on this post.') : __('You are not allowed to edit comments on this post, so you cannot approve this comment.') ); @@ -49,11 +49,11 @@ case 'mac':
-

Caution: You are about to mark the following comment as spam:'); ?>

+

'.__('Caution:').' '.__('You are about to mark the following comment as spam:'); ?>

-

Caution: You are about to delete the following comment:'); ?>

+

'.__('Caution:').' '.__('You are about to delete the following comment:'); ?>

-

Caution: You are about to approve the following comment:'); ?>

+

'.__('Caution:').' '.__('You are about to approve the following comment:'); ?>

@@ -116,7 +116,7 @@ case 'deletecomment': } if ( ! $comment = get_comment($comment) ) - wp_die(sprintf(__('Oops, no comment with this ID. Go back!'), 'edit-comments.php')); + wp_die(__('Oops, no comment with this ID.').sprintf(' '.__('Go back').'!', 'edit-comments.php')); if ( !current_user_can('edit_post', $comment->comment_post_ID) ) wp_die( __('You are not allowed to edit comments on this post.') ); @@ -145,7 +145,7 @@ case 'unapprovecomment': } if ( ! $comment = get_comment($comment) ) - wp_die(sprintf(__('Oops, no comment with this ID. Go back!'), 'edit.php')); + wp_die(__('Oops, no comment with this ID.').sprintf(' '.__('Go back').'!', 'edit.php')); if ( !current_user_can('edit_post', $comment->comment_post_ID) ) wp_die( __('You are not allowed to edit comments on this post, so you cannot disapprove this comment.') ); @@ -171,7 +171,7 @@ case 'approvecomment': } if ( ! $comment = get_comment($comment) ) - wp_die(sprintf(__('Oops, no comment with this ID. Go back!'), 'edit.php')); + wp_die(__('Oops, no comment with this ID.').sprintf(' '.__('Go back').'!', 'edit.php')); if ( !current_user_can('edit_post', $comment->comment_post_ID) ) wp_die( __('You are not allowed to edit comments on this post, so you cannot approve this comment.') ); diff --git a/wp-admin/dbx-admin-key-js.php b/wp-admin/dbx-admin-key-js.php index 9746a8c..eb5e1a4 100644 --- a/wp-admin/dbx-admin-key-js.php +++ b/wp-admin/dbx-admin-key-js.php @@ -32,12 +32,12 @@ addLoadEvent( function() '10', // animate re-ordering [frames per transition, or '0' for no effect] 'yes', // include open/close toggle buttons ['yes'|'no'] 'closed', // default state ['open'|'closed'] - 'open', // word for "open", as in "open this box" - 'close', // word for "close", as in "close this box" - 'click-down and drag to move this box', // sentence for "move this box" by mouse - 'click to %toggle% this box', // pattern-match sentence for "(open|close) this box" by mouse - 'use the arrow keys to move this box', // sentence for "move this box" by keyboard - ', or press the enter key to %toggle% it', // pattern-match sentence-fragment for "(open|close) this box" by keyboard + '', // word for "open", as in "open this box" + '', // word for "close", as in "close this box" + '', // sentence for "move this box" by mouse + '', // pattern-match sentence for "(open|close) this box" by mouse + '', // sentence for "move this box" by keyboard + '', // pattern-match sentence-fragment for "(open|close) this box" by keyboard '%mytitle% [%dbxtitle%]' // pattern-match syntax for title-attribute conflicts ); @@ -57,12 +57,12 @@ addLoadEvent( function() '10', // animate re-ordering [frames per transition, or '0' for no effect] 'yes', // include open/close toggle buttons ['yes'|'no'] 'closed', // default state ['open'|'closed'] - 'open', // word for "open", as in "open this box" - 'close', // word for "close", as in "close this box" - 'click-down and drag to move this box', // sentence for "move this box" by mouse - 'click to %toggle% this box', // pattern-match sentence for "(open|close) this box" by mouse - 'use the arrow keys to move this box', // sentence for "move this box" by keyboard - ', or press the enter key to %toggle% it', // pattern-match sentence-fragment for "(open|close) this box" by keyboard + '', // word for "open", as in "open this box" + '', // word for "close", as in "close this box" + '', // sentence for "move this box" by mouse + '', // pattern-match sentence for "(open|close) this box" by mouse + '', // sentence for "move this box" by keyboard + '', // pattern-match sentence-fragment for "(open|close) this box" by keyboard '%mytitle% [%dbxtitle%]' // pattern-match syntax for title-attribute conflicts ); }); diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index 488a055..fda618c 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -157,12 +157,12 @@ $start = " start='$offset'"; comment_post_ID) ) { echo " " . __('Edit') . ''; - echo ' | comment_author)) . "', theCommentList );\">" . __('Delete') . ' '; + echo ' | comment_author)) . "', theCommentList );\">" . __('Delete') . ' '; if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { echo ' | ' . __('Unapprove') . ' '; echo ' | ' . __('Approve') . ' '; } - echo " | comment_post_ID . "&c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . " "; + echo " | comment_post_ID . "&c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . " "; } $post = get_post($comment->comment_post_ID); $post_title = wp_specialchars( $post->post_title, 'double' ); @@ -223,14 +223,14 @@ $post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
comment_post_ID) ) { echo "" . __('Edit') . ""; } ?> comment_post_ID) ) { - echo "comment_post_ID."&c=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape( $comment->comment_author )) . "', theCommentList );\" class='delete'>" . __('Delete') . " "; + echo "comment_post_ID."&c=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), $comment->comment_author )) . "', theCommentList );\" class='delete'>" . __('Delete') . " "; } ?>
-

'); return false } return confirm('')" /> - ')" />

+

'); return false } return confirm('')" /> + ')" />

ID) ) ?> - post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> /> + post_title )) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> /> diff --git a/wp-admin/edit.php b/wp-admin/edit.php index 395bc6b..529ca15 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -127,11 +127,11 @@ if ( count($arc_result) ) { ?> 'display name' $posts_columns = array( - 'id' => __('ID'), + 'id' => '
' . __('ID') . '
', 'date' => __('When'), 'title' => __('Title'), 'categories' => __('Categories'), - 'comments' => __('Comments'), + 'comments' => '
' . __('Comments') . '
', 'author' => __('Author') ); $posts_columns = apply_filters('manage_posts_columns', $posts_columns); diff --git a/wp-admin/export.php b/wp-admin/export.php index 8f740fc..2f69320 100644 --- a/wp-admin/export.php +++ b/wp-admin/export.php @@ -61,6 +61,68 @@ if ( isset( $_GET['author'] ) && $_GET['author'] != 'all' ) { } $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts $where ORDER BY post_date_gmt ASC"); + +$categories = (array) $wpdb->get_results("SELECT cat_ID, cat_name, category_nicename, category_description, category_parent, posts_private, links_private FROM $wpdb->categories LEFT JOIN $wpdb->post2cat ON (category_id = cat_id) LEFT JOIN $wpdb->posts ON (post_id <=> id) $where GROUP BY cat_id"); + +function wxr_missing_parents($categories) { + if ( !is_array($categories) || empty($categories) ) + return array(); + + foreach ( $categories as $category ) + $parents[$category->cat_ID] = $category->category_parent; + + $parents = array_unique(array_diff($parents, array_keys($parents))); + + if ( $zero = array_search('0', $parents) ) + unset($parents[$zero]); + + return $parents; +} + +while ( $parents = wxr_missing_parents($categories) ) { + $found_parents = $wpdb->get_results("SELECT cat_ID, cat_name, category_nicename, category_description, category_parent, posts_private, links_private FROM $wpdb->categories WHERE cat_ID IN (" . join(', ', $parents) . ")"); + if ( is_array($found_parents) && count($found_parents) ) + $categories = array_merge($categories, $found_parents); + else + break; +} + +// Put them in order to be inserted with no child going before its parent +$pass = 0; +$passes = 1000 + count($categories); +while ( ( $cat = array_shift($categories) ) && ++$pass < $passes ) { + if ( $cat->category_parent == 0 || isset($cats[$cat->category_parent]) ) { + $cats[$cat->cat_ID] = $cat; + } else { + $categories[] = $cat; + } +} +unset($categories); + +function wxr_cdata($str) { + if ( seems_utf8($str) == false ) + $str = utf8_encode($str); + + // $str = ent2ncr(wp_specialchars($str)); + + $str = ""; + + return $str; +} + +function wxr_cat_name($c) { + if ( empty($c->cat_name) ) + return; + + echo '' . wxr_cdata($c->cat_name) . ''; +} + +function wxr_category_description($c) { + if ( empty($c->category_description) ) + return; + + echo '' . wxr_cdata($c->category_description) . ''; +} ?> @@ -87,6 +149,9 @@ $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts $where ORDER BY post_dat http://wordpress.org/?v= + + category_nicename; ?>category_parent ? $cats[$c->category_parent]->cat_name : ''; ?>posts_private ? '1' : '0'; ?>links_private ? '1' : '0'; ?> + diff --git a/wp-admin/import/blogger.php b/wp-admin/import/blogger.php index d7df5ad..060a5e9 100644 --- a/wp-admin/import/blogger.php +++ b/wp-admin/import/blogger.php @@ -10,7 +10,7 @@ class Blogger_Import { $title = __('Import Blogger'); $welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.'); $noiframes = __('This feature requires iframe support.'); - $warning = __('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?'); + $warning = js_escape(__('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?')); $reset = __('Reset this importer'); $incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.'); @@ -255,7 +255,7 @@ class Blogger_Import { 'blog-options-basic' => false, 'blog-options-archiving' => array('archiveFrequency' => 'm'), 'blog-publishing' => array('publishMode'=>'0', 'blogID' => "$id", 'subdomain' => mt_rand().mt_rand(), 'pingWeblogs' => 'false'), - 'blog-formatting' => array('timeStampFormat' => '0', 'convertLineBreaks'=>'false', 'floatAlignment'=>'false'), + 'blog-formatting' => array('timeStampFormat' => '0', 'encoding'=>'UTF-8', 'convertLineBreaks'=>'false', 'floatAlignment'=>'false'), 'blog-comments' => array('commentsTimeStampFormat' => '0'), 'template-edit' => array( 'templateText' => str_replace('%title%', trim($blogsary[2][$key]), $template) ) ); @@ -349,7 +349,7 @@ class Blogger_Import { $form = "
"; $form.= $body; $form.= "
"; - $output.= '

'.sprintf('%s in progress, please wait...', $blog_opt)."

\n"; + $output.= '

'.sprintf(__('%s in progress, please wait...'), $blog_opt)."

\n"; } else { $output.= "

$blog_opt

\n"; } @@ -428,7 +428,7 @@ class Blogger_Import { $user_email = $wpdb->escape($post_author_email); $user_password = substr(md5(uniqid(microtime())), 0, 6); $result = wp_create_user( $user_login, $user_password, $user_email ); - $status.= sprintf('Registered user %s.', $user_login); + $status.= sprintf(__('Registered user %s.'), $user_login); $this->import['blogs'][$_GET['blog']]['newusers'][] = $user_login; } $userdata = get_userdatabylogin( $post_author_name ); diff --git a/wp-admin/import/wordpress.php b/wp-admin/import/wordpress.php index ac965b8..109d0a7 100644 --- a/wp-admin/import/wordpress.php +++ b/wp-admin/import/wordpress.php @@ -69,6 +69,8 @@ class WP_Import { $importdata = preg_replace("/(\r\n|\n|\r)/", "\n", $importdata); preg_match_all('|(.*?)|is', $importdata, $this->posts); $this->posts = $this->posts[1]; + preg_match_all('|(.*?)|is', $importdata, $this->categories); + $this->categories = $this->categories[1]; } function get_wp_authors() { @@ -160,6 +162,35 @@ class WP_Import { $this->wp_authors_form(); } + function process_categories() { + global $wpdb; + + $cat_names = (array) $wpdb->get_col("SELECT cat_name FROM $wpdb->categories"); + + while ( $c = array_shift($this->categories) ) { + $cat_name = trim(str_replace(array (''), '', $this->get_tag( $c, 'wp:cat_name' ))); + + // If the category exists we leave it alone + if ( in_array($cat_name, $cat_names) ) + continue; + + $category_nicename = $this->get_tag( $c, 'wp:category_nicename' ); + $posts_private = (int) $this->get_tag( $c, 'wp:posts_private' ); + $links_private = (int) $this->get_tag( $c, 'wp:links_private' ); + + $parent = $this->get_tag( $c, 'wp:category_parent' ); + + if ( empty($parent) ) + $category_parent = '0'; + else + $category_parent = (int) category_exists($parent); + + $catarr = compact('category_nicename', 'category_parent', 'posts_private', 'links_private', 'posts_private', 'cat_name'); + + $cat_ID = wp_insert_category($catarr); + } + } + function process_posts() { global $wpdb; $i = -1; @@ -189,7 +220,7 @@ class WP_Import { $cat_index = 0; foreach ($categories as $category) { - $categories[$cat_index] = $wpdb->escape($this->unhtmlentities($category)); + $categories[$cat_index] = $wpdb->escape($this->unhtmlentities(str_replace(array (''), '', $category))); $cat_index++; } @@ -260,6 +291,7 @@ class WP_Import { $this->file = get_attached_file($this->id); $this->get_authors_from_post(); $this->get_entries(); + $this->process_categories(); $this->process_posts(); } diff --git a/wp-admin/link-add.php b/wp-admin/link-add.php index 2f66e44..c871e53 100644 --- a/wp-admin/link-add.php +++ b/wp-admin/link-add.php @@ -29,7 +29,7 @@ require('admin-header.php'); '.__('Edit').''; - echo 'link_id , '".sprintf(__("You are about to delete the "%s" link to %s.\\n"Cancel" to stop, "OK" to delete."), js_escape($link->link_name), js_escape($link->link_url)).'\' );" class="delete">'.__('Delete').''; + echo 'link_id , '".js_escape(sprintf(__("You are about to delete the "%s" link to %s.\\n"Cancel" to stop, "OK" to delete."), $link->link_name, $link->link_url )).'\' );" class="delete">'.__('Delete').''; echo ''; echo "\n \n"; } @@ -171,7 +171,7 @@ if ($links)
-

')" />

+

')" />

diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php index e9fc505..8999741 100644 --- a/wp-admin/moderation.php +++ b/wp-admin/moderation.php @@ -135,7 +135,7 @@ $i = 0;

— [ comment_ID.'">' . __('Edit') . ' | '; -echo " comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "', theCommentList );\">" . __('Delete ') . " | "; ?> +echo " comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), $comment->comment_author )) . "', theCommentList );\">" . __('Delete ') . " | "; ?> comment_post_ID); $post_title = wp_specialchars( $post->post_title, 'double' ); diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php index f224937..d8fce65 100644 --- a/wp-admin/plugins.php +++ b/wp-admin/plugins.php @@ -112,7 +112,15 @@ if (empty($plugins)) { } else { $toggle = "".__('Activate').""; } - $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ; + + $plugins_allowedtags = array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()); + + // Sanitize all displayed data + $plugin_data['Title'] = wp_kses($plugin_data['Title'], $plugins_allowedtags); + $plugin_data['Version'] = wp_kses($plugin_data['Version'], $plugins_allowedtags); + $plugin_data['Description'] = wp_kses($plugin_data['Description'], $plugins_allowedtags); + $plugin_data['Author'] = wp_kses($plugin_data['Author'], $plugins_allowedtags); + if ( $style != '' ) $style = 'class="' . $style . '"'; if ( is_writable(ABSPATH . 'wp-content/plugins/' . $plugin_file) ) diff --git a/wp-admin/upgrade-functions.php b/wp-admin/upgrade-functions.php index 1c8c8fd..2349dca 100644 --- a/wp-admin/upgrade-functions.php +++ b/wp-admin/upgrade-functions.php @@ -175,6 +175,9 @@ function upgrade_all() { if ( $wp_current_db_version < 3845 ) upgrade_210(); + if ( $wp_current_db_version < 4351 ) + upgrade_old_slugs(); + $wp_rewrite->flush_rules(); update_option('db_version', $wp_db_version); diff --git a/wp-admin/upload-js.php b/wp-admin/upload-js.php index ca51e3f..5ee62c1 100644 --- a/wp-admin/upload-js.php +++ b/wp-admin/upload-js.php @@ -97,20 +97,20 @@ addLoadEvent( function() { h += "

"; h += ""; if ( this.currentImage.thumb ) { - h += ""; } - h += ""; h += "
"; - h += "
"; - h += ""; + h += "
"; + h += "
"; + h += ""; h += "
"; - h += "
"; - h += "
"; - h += ""; + h += "
"; + h += "
"; + h += "
"; + h += ""; h += "

"; - h += " »' />"; + h += "' />"; h += "

"; h += "
"; @@ -134,22 +134,22 @@ addLoadEvent( function() { var params = $H(this.params); params.ID = ''; params.action = ''; - h += "« Back"; + h += "' class='back'>« "; } else { - h += "« Back"; + h += "' class='back'>« "; } h += "
" if ( !this.currentImage.isImage ) - h += "

" + this.currentImage.title + "

"; + h += "

'>" + this.currentImage.title + "

"; else h += "

" + this.currentImage.title + "

"; h += " — "; - h += "Insert" + h += "" h += ""; h += '
' h += "
"; if ( this.currentImage.isImage ) { - h += ""; + h += "'>"; h += "" + this.currentImage.title + ""; h += ""; } else @@ -158,20 +158,20 @@ addLoadEvent( function() { h += "" - h += ""; + h += ""; h += ""; h += ""; - h += ""; + h += ""; h += ""; h += ""; - h += ""; + h += ""; h += ""; - h += "
"; + h += "
' onclick='theFileList.deleteFile(" + id + ");' />"; h += ""; h += ""; h += ""; h += ""; - h += "
"; + h += "
' />
"; h += "
"; new Insertion.Top('upload-content', h); diff --git a/wp-admin/upload.css b/wp-admin/upload.css index a74ec18..efa9512 100644 --- a/wp-admin/upload.css +++ b/wp-admin/upload.css @@ -143,7 +143,6 @@ h2 { } #upload-files a.file-link.image { - line-height: 128px; font-size: 2px; letter-spacing: 0; } diff --git a/wp-admin/users.php b/wp-admin/users.php index 46ba6ca..3c260ab 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -2,11 +2,11 @@ require_once('admin.php'); require_once( ABSPATH . WPINC . '/registration.php'); +if ( !current_user_can('edit_users') ) + wp_die(__('Cheatin’ uh?')); + $title = __('Users'); -if ( current_user_can('edit_users') ) - $parent_file = 'users.php'; -else - $parent_file = 'profile.php'; +$parent_file = 'users.php'; $action = $_REQUEST['action']; $update = ''; -- cgit