diff --git a/wp-admin/admin.php b/wp-admin/admin.php index 688cf6cb44..53a8cb553e 100644 --- a/wp-admin/admin.php +++ b/wp-admin/admin.php @@ -55,7 +55,7 @@ if (isset($_GET['page'])) { } if (! file_exists(ABSPATH . "wp-content/plugins/$plugin_page")) - die(sprintf(__('Cannot load %s.'), $plugin_page)); + die(sprintf(__('Cannot load %s.'), htmlentities($plugin_page))); if (! isset($_GET['noheader'])) require_once(ABSPATH . '/wp-admin/admin-header.php'); diff --git a/wp-admin/post.php b/wp-admin/post.php index 9b6f8d1d37..aec791b15c 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -29,7 +29,7 @@ $editing = true; switch($action) { case 'post': - + check_admin_referer(); if ( !user_can_create_draft($user_ID) ) die( __('You are not allowed to create posts or drafts on this blog.') ); @@ -268,6 +268,7 @@ case 'edit': break; case 'editpost': + check_admin_referer(); // die(var_dump('
', $_POST));
 	if (!isset($blog_ID)) {
 		$blog_ID = 1;
@@ -495,7 +496,7 @@ case 'editcomment':
 	break;
 
 case 'confirmdeletecomment':
-
+	check_admin_referer();
 	require_once('./admin-header.php');
 
 	$comment = (int) $_GET['comment'];
@@ -590,7 +591,7 @@ case 'unapprovecomment':
 	break;
 
 case 'mailapprovecomment':
-
+	check_admin_referer();
 	$comment = (int) $_GET['comment'];
 
 	$commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. Go back!'), 'edit.php'));
@@ -610,7 +611,7 @@ case 'mailapprovecomment':
 	break;
 
 case 'approvecomment':
-
+	check_admin_referer();
 	$comment = (int) $_GET['comment'];
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
@@ -639,7 +640,7 @@ case 'approvecomment':
 	break;
 
 case 'editedcomment':
-
+	check_admin_referer();
 	$comment_ID = (int) $_POST['comment_ID'];
 	$comment_post_ID = (int) $_POST['comment_post_ID'];
 	$newcomment_author = $_POST['newcomment_author'];
diff --git a/wp-admin/profile.php b/wp-admin/profile.php
index 37c38dbe2d..b1f2447274 100644
--- a/wp-admin/profile.php
+++ b/wp-admin/profile.php
@@ -64,10 +64,10 @@ case 'update':
 			die (__("ERROR: you typed your new password only once. Go back to type it twice."));
 		if ( $pass1 != $pass2 )
 			die (__("ERROR: you typed two different passwords. Go back to correct that."));
-		$newuser_pass = $pass1;
+		$newuser_pass = $wpdb->escape($pass1);
 		$updatepassword = "user_pass=MD5('$newuser_pass'), ";
 		wp_clearcookie();
-		wp_setcookie($user_login, $newuser_pass);
+		wp_setcookie($user_login, $pass1);
 	}
 
 	$newuser_firstname = wp_specialchars($_POST['newuser_firstname']);
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index c32542819c..c41676cfec 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -24,6 +24,8 @@ for ($i=0; $iuser_level >= $user_level) die( __('You do not have permission to edit this user.') );
diff --git a/wp-comments-post.php b/wp-comments-post.php
index c7d5a6fd1e..a6ce2238ba 100644
--- a/wp-comments-post.php
+++ b/wp-comments-post.php
@@ -57,7 +57,7 @@ header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
 header('Cache-Control: no-cache, must-revalidate, max-age=0');
 header('Pragma: no-cache');
 
-$location = (empty($_POST['redirect_to'])) ? $_SERVER["HTTP_REFERER"] : $_POST['redirect_to']; 
+$location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to']; 
 
 wp_redirect($location);
 ?>
\ No newline at end of file
diff --git a/wp-includes/class-snoopy.php b/wp-includes/class-snoopy.php
index 9a9ac16104..0149582a89 100644
--- a/wp-includes/class-snoopy.php
+++ b/wp-includes/class-snoopy.php
@@ -5,7 +5,7 @@
 Snoopy - the PHP net client
 Author: Monte Ohrt 
 Copyright (c): 1999-2000 ispi, all rights reserved
-Version: 1.0
+Version: 1.01
 
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -31,7 +31,7 @@ CTO, ispi
 Lincoln, NE 68510
 
 The latest version of Snoopy can be obtained from:
-http://snoopy.sourceforge.net
+http://snoopy.sourceforge.net/
 
 *************************************************/
 
@@ -39,14 +39,17 @@ if ( !in_array('Snoopy', get_declared_classes() ) ) :
 class Snoopy
 {
 	/**** Public variables ****/
-	
+
 	/* user definable vars */
 
 	var $host			=	"www.php.net";		// host name we are connecting to
 	var $port			=	80;					// port we are connecting to
 	var $proxy_host		=	"";					// proxy host to use
 	var $proxy_port		=	"";					// proxy port to use
-	var $agent			=	"Snoopy v1.0";		// agent we masquerade as
+	var $proxy_user		=	"";					// proxy user to use
+	var $proxy_pass		=	"";					// proxy password to use
+
+	var $agent			=	"Snoopy v1.2.3";	// agent we masquerade as
 	var	$referer		=	"";					// referer info to pass
 	var $cookies		=	array();			// array of cookies to pass
 												// $cookies["username"]="joe";
@@ -59,19 +62,19 @@ class Snoopy
 	var $maxframes		=	0;					// frame content depth maximum. 0 = disallow
 	var $expandlinks	=	true;				// expand links to fully qualified URLs.
 												// this only applies to fetchlinks()
-												// or submitlinks()
+												// submitlinks(), and submittext()
 	var $passcookies	=	true;				// pass set cookies back through redirects
 												// NOTE: this currently does not respect
 												// dates, domains or paths.
-	
+
 	var	$user			=	"";					// user for http authentication
 	var	$pass			=	"";					// password for http authentication
-	
+
 	// http accept types
 	var $accept			=	"image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*";
-	
+
 	var $results		=	"";					// where the content is put
-		
+
 	var $error			=	"";					// error messages sent here
 	var	$response_code	=	"";					// response code returned from server
 	var	$headers		=	array();			// headers returned from server sent here
@@ -81,8 +84,12 @@ class Snoopy
 												// set to 0 to disallow timeouts
 	var $timed_out		=	false;				// if a read operation timed out
 	var	$status			=	0;					// http request status
-	
-	var	$curl_path		=	"/usr/bin/curl";
+
+	var $temp_dir		=	"/tmp";				// temporary directory that the webserver
+												// has permission to write to.
+												// under Windows, this should be C:\temp
+
+	var	$curl_path		=	"/usr/local/bin/curl";
 												// Snoopy will use cURL for fetching
 												// SSL content if a full system path to
 												// the cURL binary is supplied here.
@@ -93,14 +100,11 @@ class Snoopy
 												// library functions built into php,
 												// as these functions are not stable
 												// as of this Snoopy release.
-	
-	// send Accept-encoding: gzip?
-	var $use_gzip		= true;	
-	
-	/**** Private variables ****/	
-	
+
+	/**** Private variables ****/
+
 	var	$_maxlinelen	=	4096;				// max line length (headers)
-	
+
 	var $_httpmethod	=	"GET";				// default http request method
 	var $_httpversion	=	"HTTP/1.0";			// default http request version
 	var $_submit_method	=	"POST";				// default submit method
@@ -110,7 +114,7 @@ class Snoopy
 	var $_redirectdepth	=	0;					// increments on an http redirect
 	var $_frameurls		= 	array();			// frame src urls
 	var $_framedepth	=	0;					// increments on frame depth
-	
+
 	var $_isproxy		=	false;				// set if using a proxy server
 	var $_fp_timeout	=	30;					// timeout for socket connection
 
@@ -125,15 +129,19 @@ class Snoopy
 
 	function fetch($URI)
 	{
-	
+
 		//preg_match("|^([^:]+)://([^:/]+)(:[\d]+)*(.*)|",$URI,$URI_PARTS);
 		$URI_PARTS = parse_url($URI);
 		if (!empty($URI_PARTS["user"]))
 			$this->user = $URI_PARTS["user"];
 		if (!empty($URI_PARTS["pass"]))
 			$this->pass = $URI_PARTS["pass"];
-				
-		switch($URI_PARTS["scheme"])
+		if (empty($URI_PARTS["query"]))
+			$URI_PARTS["query"] = '';
+		if (empty($URI_PARTS["path"]))
+			$URI_PARTS["path"] = '';
+
+		switch(strtolower($URI_PARTS["scheme"]))
 		{
 			case "http":
 				$this->host = $URI_PARTS["host"];
@@ -148,11 +156,11 @@ class Snoopy
 					}
 					else
 					{
-						$path = $URI_PARTS["path"].(isset($URI_PARTS["query"]) ? "?".$URI_PARTS["query"] : "");
+						$path = $URI_PARTS["path"].($URI_PARTS["query"] ? "?".$URI_PARTS["query"] : "");
 						// no proxy, send only the path
 						$this->_httprequest($path, $fp, $URI, $this->_httpmethod);
 					}
-					
+
 					$this->_disconnect($fp);
 
 					if($this->_redirectaddr)
@@ -175,7 +183,7 @@ class Snoopy
 					{
 						$frameurls = $this->_frameurls;
 						$this->_frameurls = array();
-						
+
 						while(list(,$frameurl) = each($frameurls))
 						{
 							if($this->_framedepth < $this->maxframes)
@@ -186,19 +194,20 @@ class Snoopy
 							else
 								break;
 						}
-					}					
+					}
 				}
 				else
 				{
 					return false;
 				}
-				return true;					
+				return true;
 				break;
 			case "https":
-				if(!$this->curl_path || (!is_executable($this->curl_path))) {
-					$this->error = "Bad curl ($this->curl_path), can't fetch HTTPS \n";
+				if(!$this->curl_path)
 					return false;
-				}
+				if(function_exists("is_executable"))
+				    if (!is_executable($this->curl_path))
+				        return false;
 				$this->host = $URI_PARTS["host"];
 				if(!empty($URI_PARTS["port"]))
 					$this->port = $URI_PARTS["port"];
@@ -245,25 +254,364 @@ class Snoopy
 						else
 							break;
 					}
-				}					
-				return true;					
+				}
+				return true;
 				break;
 			default:
 				// not a valid protocol
 				$this->error	=	'Invalid protocol "'.$URI_PARTS["scheme"].'"\n';
 				return false;
 				break;
-		}		
+		}
 		return true;
 	}
 
+/*======================================================================*\
+	Function:	submit
+	Purpose:	submit an http form
+	Input:		$URI	the location to post the data
+				$formvars	the formvars to use.
+					format: $formvars["var"] = "val";
+				$formfiles  an array of files to submit
+					format: $formfiles["var"] = "/dir/filename.ext";
+	Output:		$this->results	the text output from the post
+\*======================================================================*/
+
+	function submit($URI, $formvars="", $formfiles="")
+	{
+		unset($postdata);
+
+		$postdata = $this->_prepare_post_body($formvars, $formfiles);
+
+		$URI_PARTS = parse_url($URI);
+		if (!empty($URI_PARTS["user"]))
+			$this->user = $URI_PARTS["user"];
+		if (!empty($URI_PARTS["pass"]))
+			$this->pass = $URI_PARTS["pass"];
+		if (empty($URI_PARTS["query"]))
+			$URI_PARTS["query"] = '';
+		if (empty($URI_PARTS["path"]))
+			$URI_PARTS["path"] = '';
+
+		switch(strtolower($URI_PARTS["scheme"]))
+		{
+			case "http":
+				$this->host = $URI_PARTS["host"];
+				if(!empty($URI_PARTS["port"]))
+					$this->port = $URI_PARTS["port"];
+				if($this->_connect($fp))
+				{
+					if($this->_isproxy)
+					{
+						// using proxy, send entire URI
+						$this->_httprequest($URI,$fp,$URI,$this->_submit_method,$this->_submit_type,$postdata);
+					}
+					else
+					{
+						$path = $URI_PARTS["path"].($URI_PARTS["query"] ? "?".$URI_PARTS["query"] : "");
+						// no proxy, send only the path
+						$this->_httprequest($path, $fp, $URI, $this->_submit_method, $this->_submit_type, $postdata);
+					}
+
+					$this->_disconnect($fp);
+
+					if($this->_redirectaddr)
+					{
+						/* url was redirected, check if we've hit the max depth */
+						if($this->maxredirs > $this->_redirectdepth)
+						{
+							if(!preg_match("|^".$URI_PARTS["scheme"]."://|", $this->_redirectaddr))
+								$this->_redirectaddr = $this->_expandlinks($this->_redirectaddr,$URI_PARTS["scheme"]."://".$URI_PARTS["host"]);
+
+							// only follow redirect if it's on this site, or offsiteok is true
+							if(preg_match("|^http://".preg_quote($this->host)."|i",$this->_redirectaddr) || $this->offsiteok)
+							{
+								/* follow the redirect */
+								$this->_redirectdepth++;
+								$this->lastredirectaddr=$this->_redirectaddr;
+								if( strpos( $this->_redirectaddr, "?" ) > 0 )
+									$this->fetch($this->_redirectaddr); // the redirect has changed the request method from post to get
+								else
+									$this->submit($this->_redirectaddr,$formvars, $formfiles);
+							}
+						}
+					}
+
+					if($this->_framedepth < $this->maxframes && count($this->_frameurls) > 0)
+					{
+						$frameurls = $this->_frameurls;
+						$this->_frameurls = array();
+
+						while(list(,$frameurl) = each($frameurls))
+						{
+							if($this->_framedepth < $this->maxframes)
+							{
+								$this->fetch($frameurl);
+								$this->_framedepth++;
+							}
+							else
+								break;
+						}
+					}
+
+				}
+				else
+				{
+					return false;
+				}
+				return true;
+				break;
+			case "https":
+				if(!$this->curl_path)
+					return false;
+				if(function_exists("is_executable"))
+				    if (!is_executable($this->curl_path))
+				        return false;
+				$this->host = $URI_PARTS["host"];
+				if(!empty($URI_PARTS["port"]))
+					$this->port = $URI_PARTS["port"];
+				if($this->_isproxy)
+				{
+					// using proxy, send entire URI
+					$this->_httpsrequest($URI, $URI, $this->_submit_method, $this->_submit_type, $postdata);
+				}
+				else
+				{
+					$path = $URI_PARTS["path"].($URI_PARTS["query"] ? "?".$URI_PARTS["query"] : "");
+					// no proxy, send only the path
+					$this->_httpsrequest($path, $URI, $this->_submit_method, $this->_submit_type, $postdata);
+				}
+
+				if($this->_redirectaddr)
+				{
+					/* url was redirected, check if we've hit the max depth */
+					if($this->maxredirs > $this->_redirectdepth)
+					{
+						if(!preg_match("|^".$URI_PARTS["scheme"]."://|", $this->_redirectaddr))
+							$this->_redirectaddr = $this->_expandlinks($this->_redirectaddr,$URI_PARTS["scheme"]."://".$URI_PARTS["host"]);
+
+						// only follow redirect if it's on this site, or offsiteok is true
+						if(preg_match("|^http://".preg_quote($this->host)."|i",$this->_redirectaddr) || $this->offsiteok)
+						{
+							/* follow the redirect */
+							$this->_redirectdepth++;
+							$this->lastredirectaddr=$this->_redirectaddr;
+							if( strpos( $this->_redirectaddr, "?" ) > 0 )
+								$this->fetch($this->_redirectaddr); // the redirect has changed the request method from post to get
+							else
+								$this->submit($this->_redirectaddr,$formvars, $formfiles);
+						}
+					}
+				}
+
+				if($this->_framedepth < $this->maxframes && count($this->_frameurls) > 0)
+				{
+					$frameurls = $this->_frameurls;
+					$this->_frameurls = array();
+
+					while(list(,$frameurl) = each($frameurls))
+					{
+						if($this->_framedepth < $this->maxframes)
+						{
+							$this->fetch($frameurl);
+							$this->_framedepth++;
+						}
+						else
+							break;
+					}
+				}
+				return true;
+				break;
+
+			default:
+				// not a valid protocol
+				$this->error	=	'Invalid protocol "'.$URI_PARTS["scheme"].'"\n';
+				return false;
+				break;
+		}
+		return true;
+	}
+
+/*======================================================================*\
+	Function:	fetchlinks
+	Purpose:	fetch the links from a web page
+	Input:		$URI	where you are fetching from
+	Output:		$this->results	an array of the URLs
+\*======================================================================*/
+
+	function fetchlinks($URI)
+	{
+		if ($this->fetch($URI))
+		{
+			if($this->lastredirectaddr)
+				$URI = $this->lastredirectaddr;
+			if(is_array($this->results))
+			{
+				for($x=0;$xresults);$x++)
+					$this->results[$x] = $this->_striplinks($this->results[$x]);
+			}
+			else
+				$this->results = $this->_striplinks($this->results);
+
+			if($this->expandlinks)
+				$this->results = $this->_expandlinks($this->results, $URI);
+			return true;
+		}
+		else
+			return false;
+	}
+
+/*======================================================================*\
+	Function:	fetchform
+	Purpose:	fetch the form elements from a web page
+	Input:		$URI	where you are fetching from
+	Output:		$this->results	the resulting html form
+\*======================================================================*/
+
+	function fetchform($URI)
+	{
+
+		if ($this->fetch($URI))
+		{
+
+			if(is_array($this->results))
+			{
+				for($x=0;$xresults);$x++)
+					$this->results[$x] = $this->_stripform($this->results[$x]);
+			}
+			else
+				$this->results = $this->_stripform($this->results);
+
+			return true;
+		}
+		else
+			return false;
+	}
+
+
+/*======================================================================*\
+	Function:	fetchtext
+	Purpose:	fetch the text from a web page, stripping the links
+	Input:		$URI	where you are fetching from
+	Output:		$this->results	the text from the web page
+\*======================================================================*/
+
+	function fetchtext($URI)
+	{
+		if($this->fetch($URI))
+		{
+			if(is_array($this->results))
+			{
+				for($x=0;$xresults);$x++)
+					$this->results[$x] = $this->_striptext($this->results[$x]);
+			}
+			else
+				$this->results = $this->_striptext($this->results);
+			return true;
+		}
+		else
+			return false;
+	}
+
+/*======================================================================*\
+	Function:	submitlinks
+	Purpose:	grab links from a form submission
+	Input:		$URI	where you are submitting from
+	Output:		$this->results	an array of the links from the post
+\*======================================================================*/
+
+	function submitlinks($URI, $formvars="", $formfiles="")
+	{
+		if($this->submit($URI,$formvars, $formfiles))
+		{
+			if($this->lastredirectaddr)
+				$URI = $this->lastredirectaddr;
+			if(is_array($this->results))
+			{
+				for($x=0;$xresults);$x++)
+				{
+					$this->results[$x] = $this->_striplinks($this->results[$x]);
+					if($this->expandlinks)
+						$this->results[$x] = $this->_expandlinks($this->results[$x],$URI);
+				}
+			}
+			else
+			{
+				$this->results = $this->_striplinks($this->results);
+				if($this->expandlinks)
+					$this->results = $this->_expandlinks($this->results,$URI);
+			}
+			return true;
+		}
+		else
+			return false;
+	}
+
+/*======================================================================*\
+	Function:	submittext
+	Purpose:	grab text from a form submission
+	Input:		$URI	where you are submitting from
+	Output:		$this->results	the text from the web page
+\*======================================================================*/
+
+	function submittext($URI, $formvars = "", $formfiles = "")
+	{
+		if($this->submit($URI,$formvars, $formfiles))
+		{
+			if($this->lastredirectaddr)
+				$URI = $this->lastredirectaddr;
+			if(is_array($this->results))
+			{
+				for($x=0;$xresults);$x++)
+				{
+					$this->results[$x] = $this->_striptext($this->results[$x]);
+					if($this->expandlinks)
+						$this->results[$x] = $this->_expandlinks($this->results[$x],$URI);
+				}
+			}
+			else
+			{
+				$this->results = $this->_striptext($this->results);
+				if($this->expandlinks)
+					$this->results = $this->_expandlinks($this->results,$URI);
+			}
+			return true;
+		}
+		else
+			return false;
+	}
+
+
+
+/*======================================================================*\
+	Function:	set_submit_multipart
+	Purpose:	Set the form submission content type to
+				multipart/form-data
+\*======================================================================*/
+	function set_submit_multipart()
+	{
+		$this->_submit_type = "multipart/form-data";
+	}
+
+
+/*======================================================================*\
+	Function:	set_submit_normal
+	Purpose:	Set the form submission content type to
+				application/x-www-form-urlencoded
+\*======================================================================*/
+	function set_submit_normal()
+	{
+		$this->_submit_type = "application/x-www-form-urlencoded";
+	}
+
+
 
 
 /*======================================================================*\
 	Private functions
 \*======================================================================*/
-	
-	
+
+
 /*======================================================================*\
 	Function:	_striplinks
 	Purpose:	strip the hyperlinks from an html document
@@ -272,13 +620,13 @@ class Snoopy
 \*======================================================================*/
 
 	function _striplinks($document)
-	{	
-		preg_match_all("'<\s*a\s+.*href\s*=\s*			# find ]+))		# if quote found, match up to next matching
 													# quote, otherwise match up to next space
 						'isx",$document,$links);
-						
+
 
 		// catenate the non-empty matches from the conditional subpattern
 
@@ -286,14 +634,14 @@ class Snoopy
 		{
 			if(!empty($val))
 				$match[] = $val;
-		}				
-		
+		}
+
 		while(list($key,$val) = each($links[3]))
 		{
 			if(!empty($val))
 				$match[] = $val;
-		}		
-		
+		}
+
 		// return the links
 		return $match;
 	}
@@ -306,18 +654,18 @@ class Snoopy
 \*======================================================================*/
 
 	function _stripform($document)
-	{	
+	{
 		preg_match_all("'<\/?(FORM|INPUT|SELECT|TEXTAREA|(OPTION))[^<>]*>(?(2)(.*(?=<\/?(option|select)[^<>]*>[\r\n]*)|(?=[\r\n]*))|(?=[\r\n]*))'Usi",$document,$elements);
-		
+
 		// catenate the matches
 		$match = implode("\r\n",$elements[0]);
-				
+
 		// return the links
 		return $match;
 	}
 
-	
-	
+
+
 /*======================================================================*\
 	Function:	_striptext
 	Purpose:	strip the text from an html document
@@ -327,24 +675,35 @@ class Snoopy
 
 	function _striptext($document)
 	{
-		
+
 		// I didn't use preg eval (//e) since that is only available in PHP 4.0.
 		// so, list your entities one by one here. I included some of the
 		// more common ones.
-								
+
 		$search = array("']*?>.*?'si",	// strip out javascript
 						"'<[\/\!]*?[^<>]*?>'si",			// strip out html tags
 						"'([\r\n])[\s]+'",					// strip out white space
-						"'&(quote|#34);'i",					// replace html entities
-						"'&(amp|#38);'i",
-						"'&(lt|#60);'i",
-						"'&(gt|#62);'i",
-						"'&(nbsp|#160);'i",
+						"'&(quot|#34|#034|#x22);'i",		// replace html entities
+						"'&(amp|#38|#038|#x26);'i",			// added hexadecimal values
+						"'&(lt|#60|#060|#x3c);'i",
+						"'&(gt|#62|#062|#x3e);'i",
+						"'&(nbsp|#160|#xa0);'i",
 						"'&(iexcl|#161);'i",
 						"'&(cent|#162);'i",
 						"'&(pound|#163);'i",
-						"'&(copy|#169);'i"
-						);				
+						"'&(copy|#169);'i",
+						"'&(reg|#174);'i",
+						"'&(deg|#176);'i",
+						"'&(#39|#039|#x27);'",
+						"'&(euro|#8364);'i",				// europe
+						"'&a(uml|UML);'",					// german
+						"'&o(uml|UML);'",
+						"'&u(uml|UML);'",
+						"'&A(uml|UML);'",
+						"'&O(uml|UML);'",
+						"'&U(uml|UML);'",
+						"'ß'i",
+						);
 		$replace = array(	"",
 							"",
 							"\\1",
@@ -356,10 +715,22 @@ class Snoopy
 							chr(161),
 							chr(162),
 							chr(163),
-							chr(169));
-					
+							chr(169),
+							chr(174),
+							chr(176),
+							chr(39),
+							chr(128),
+							"ä",
+							"ö",
+							"ü",
+							"Ä",
+							"Ö",
+							"Ü",
+							"ß",
+						);
+
 		$text = preg_replace($search,$replace,$document);
-								
+
 		return $text;
 	}
 
@@ -373,23 +744,29 @@ class Snoopy
 
 	function _expandlinks($links,$URI)
 	{
-		
+
 		preg_match("/^[^\?]+/",$URI,$match);
 
 		$match = preg_replace("|/[^\/\.]+\.[^\/\.]+$|","",$match[0]);
-				
+		$match = preg_replace("|/$|","",$match);
+		$match_part = parse_url($match);
+		$match_root =
+		$match_part["scheme"]."://".$match_part["host"];
+
 		$search = array( 	"|^http://".preg_quote($this->host)."|i",
-							"|^(?!http://)(\/)?(?!mailto:)|i",
+							"|^(\/)|i",
+							"|^(?!http://)(?!mailto:)|i",
 							"|/\./|",
 							"|/[^\/]+/\.\./|"
 						);
-						
+
 		$replace = array(	"",
+							$match_root."/",
 							$match."/",
 							"/",
 							"/"
-						);			
-				
+						);
+
 		$expandedLinks = preg_replace($search,$replace,$links);
 
 		return $expandedLinks;
@@ -402,46 +779,36 @@ class Snoopy
 				$fp			the current open file pointer
 				$URI		the full URI
 				$body		body contents to send if any (POST)
-	Output:		
+	Output:
 \*======================================================================*/
-	
+
 	function _httprequest($url,$fp,$URI,$http_method,$content_type="",$body="")
 	{
+		$cookie_headers = '';
 		if($this->passcookies && $this->_redirectaddr)
 			$this->setcookies();
-			
+
 		$URI_PARTS = parse_url($URI);
 		if(empty($url))
 			$url = "/";
-		$headers = $http_method." ".$url." ".$this->_httpversion."\r\n";		
+		$headers = $http_method." ".$url." ".$this->_httpversion."\r\n";
 		if(!empty($this->agent))
 			$headers .= "User-Agent: ".$this->agent."\r\n";
-		if(!empty($this->host) && !isset($this->rawheaders['Host']))
-			$headers .= "Host: ".$this->host."\r\n";
+		if(!empty($this->host) && !isset($this->rawheaders['Host'])) {
+			$headers .= "Host: ".$this->host;
+			if(!empty($this->port))
+				$headers .= ":".$this->port;
+			$headers .= "\r\n";
+		}
 		if(!empty($this->accept))
 			$headers .= "Accept: ".$this->accept."\r\n";
-		
-		if($this->use_gzip) {
-			// make sure PHP was built with --with-zlib
-			// and we can handle gzipp'ed data
-			if ( function_exists(gzinflate) ) {
-			   $headers .= "Accept-encoding: gzip\r\n";
-			}
-			else {
-			   trigger_error(
-			   	"use_gzip is on, but PHP was built without zlib support.".
-				"  Requesting file(s) without gzip encoding.", 
-				E_USER_NOTICE);
-			}
-		}
-		
 		if(!empty($this->referer))
 			$headers .= "Referer: ".$this->referer."\r\n";
 		if(!empty($this->cookies))
-		{			
+		{
 			if(!is_array($this->cookies))
 				$this->cookies = (array)$this->cookies;
-	
+
 			reset($this->cookies);
 			if ( count($this->cookies) > 0 ) {
 				$cookie_headers .= 'Cookie: ';
@@ -464,26 +831,28 @@ class Snoopy
 				$headers .= "; boundary=".$this->_mime_boundary;
 			$headers .= "\r\n";
 		}
-		if(!empty($body))	
+		if(!empty($body))
 			$headers .= "Content-length: ".strlen($body)."\r\n";
-		if(!empty($this->user) || !empty($this->pass))	
-			$headers .= "Authorization: BASIC ".base64_encode($this->user.":".$this->pass)."\r\n";
+		if(!empty($this->user) || !empty($this->pass))
+			$headers .= "Authorization: Basic ".base64_encode($this->user.":".$this->pass)."\r\n";
+
+		//add proxy auth headers
+		if(!empty($this->proxy_user))
+			$headers .= 'Proxy-Authorization: ' . 'Basic ' . base64_encode($this->proxy_user . ':' . $this->proxy_pass)."\r\n";
+
 
 		$headers .= "\r\n";
-		
+
 		// set the read timeout if needed
 		if ($this->read_timeout > 0)
 			socket_set_timeout($fp, $this->read_timeout);
 		$this->timed_out = false;
-		
+
 		fwrite($fp,$headers.$body,strlen($headers.$body));
-		
+
 		$this->_redirectaddr = false;
 		unset($this->headers);
-		
-		// content was returned gzip encoded?
-		$is_gzipped = false;
-						
+
 		while($currentHeader = fgets($fp,$this->_maxlinelen))
 		{
 			if ($this->read_timeout > 0 && $this->_check_timeout($fp))
@@ -491,16 +860,15 @@ class Snoopy
 				$this->status=-100;
 				return false;
 			}
-				
-		//	if($currentHeader == "\r\n")
-			if(preg_match("/^\r?\n$/", $currentHeader) )
-			      break;
-						
+
+			if($currentHeader == "\r\n")
+				break;
+
 			// if a header begins with Location: or URI:, set the redirect
 			if(preg_match("/^(Location:|URI:)/i",$currentHeader))
 			{
 				// get URL portion of the redirect
-				preg_match("/^(Location:|URI:)\s+(.*)/",chop($currentHeader),$matches);
+				preg_match("/^(Location:|URI:)[ ]+(.*)/i",chop($currentHeader),$matches);
 				// look for :// in the Location header to see if hostname is included
 				if(!preg_match("|\:\/\/|",$matches[2]))
 				{
@@ -515,51 +883,40 @@ class Snoopy
 				else
 					$this->_redirectaddr = $matches[2];
 			}
-		
+
 			if(preg_match("|^HTTP/|",$currentHeader))
 			{
                 if(preg_match("|^HTTP/[^\s]*\s(.*?)\s|",$currentHeader, $status))
 				{
 					$this->status= $status[1];
-                }				
+                }
 				$this->response_code = $currentHeader;
 			}
-			
-			if (preg_match("/Content-Encoding: gzip/", $currentHeader) ) {
-				$is_gzipped = true;
-			}
-			
+
 			$this->headers[] = $currentHeader;
 		}
 
-		# $results = fread($fp, $this->maxlength);
-		$results = "";
-		while ( $data = fread($fp, $this->maxlength) ) {
-		    $results .= $data;
-		    if (
-		        strlen($results) > $this->maxlength ) {
-		        break;
-		    }
-		}
-		
-		// gunzip
-		if ( $is_gzipped ) {
-			// per http://www.php.net/manual/en/function.gzencode.php
-			$results = substr($results, 10);
-			$results = gzinflate($results);
-		}
-		
+		$results = '';
+		do {
+    		$_data = fread($fp, $this->maxlength);
+    		if (strlen($_data) == 0) {
+        		break;
+    		}
+    		$results .= $_data;
+		} while(true);
+
 		if ($this->read_timeout > 0 && $this->_check_timeout($fp))
 		{
 			$this->status=-100;
 			return false;
 		}
-		
+
 		// check if there is a a redirect meta tag
-		
-		if(preg_match("']*?content[\s]*=[\s]*[\"\']?\d+;[\s]+URL[\s]*=[\s]*([^\"\']*?)[\"\']?>'i",$results,$match))
+
+		if(preg_match("']*?content[\s]*=[\s]*[\"\']?\d+;[\s]*URL[\s]*=[\s]*([^\"\']*?)[\"\']?>'i",$results,$match))
+
 		{
-			$this->_redirectaddr = $this->_expandlinks($match[1],$URI);	
+			$this->_redirectaddr = $this->_expandlinks($match[1],$URI);
 		}
 
 		// have we hit our frame depth and is there frame src to fetch?
@@ -575,7 +932,7 @@ class Snoopy
 		// no framed content
 		else
 			$this->results = $results;
-		
+
 		return true;
 	}
 
@@ -585,34 +942,37 @@ class Snoopy
 	Input:		$url		the url to fetch
 				$URI		the full URI
 				$body		body contents to send if any (POST)
-	Output:		
+	Output:
 \*======================================================================*/
-	
+
 	function _httpsrequest($url,$URI,$http_method,$content_type="",$body="")
 	{
 		if($this->passcookies && $this->_redirectaddr)
 			$this->setcookies();
 
-		$headers = array();		
-					
+		$headers = array();
+
 		$URI_PARTS = parse_url($URI);
 		if(empty($url))
 			$url = "/";
 		// GET ... header not needed for curl
-		//$headers[] = $http_method." ".$url." ".$this->_httpversion;		
+		//$headers[] = $http_method." ".$url." ".$this->_httpversion;
 		if(!empty($this->agent))
 			$headers[] = "User-Agent: ".$this->agent;
 		if(!empty($this->host))
-			$headers[] = "Host: ".$this->host;
+			if(!empty($this->port))
+				$headers[] = "Host: ".$this->host.":".$this->port;
+			else
+				$headers[] = "Host: ".$this->host;
 		if(!empty($this->accept))
 			$headers[] = "Accept: ".$this->accept;
 		if(!empty($this->referer))
 			$headers[] = "Referer: ".$this->referer;
 		if(!empty($this->cookies))
-		{			
+		{
 			if(!is_array($this->cookies))
 				$this->cookies = (array)$this->cookies;
-	
+
 			reset($this->cookies);
 			if ( count($this->cookies) > 0 ) {
 				$cookie_str = 'Cookie: ';
@@ -635,48 +995,49 @@ class Snoopy
 			else
 				$headers[] = "Content-type: $content_type";
 		}
-		if(!empty($body))	
+		if(!empty($body))
 			$headers[] = "Content-length: ".strlen($body);
-		if(!empty($this->user) || !empty($this->pass))	
+		if(!empty($this->user) || !empty($this->pass))
 			$headers[] = "Authorization: BASIC ".base64_encode($this->user.":".$this->pass);
-			
-		for($curr_header = 0; $curr_header < count($headers); $curr_header++)
-			$cmdline_params .= " -H \"".$headers[$curr_header]."\"";
-		
+
+		for($curr_header = 0; $curr_header < count($headers); $curr_header++) {
+			$safer_header = strtr( $headers[$curr_header], "\"", " " );
+			$cmdline_params .= " -H \"".$safer_header."\"";
+		}
+
 		if(!empty($body))
 			$cmdline_params .= " -d \"$body\"";
-		
+
 		if($this->read_timeout > 0)
 			$cmdline_params .= " -m ".$this->read_timeout;
-		
-		$headerfile = uniqid(time());
-		
-		# accept self-signed certs
-		$cmdline_params .= " -k";
-		exec($this->curl_path." -D \"/tmp/$headerfile\"".$cmdline_params." ".$URI,$results,$return);
-		
+
+		$headerfile = tempnam($temp_dir, "sno");
+
+		$safer_URI = strtr( $URI, "\"", " " ); // strip quotes from the URI to avoid shell access
+		exec(escapeshellcmd($this->curl_path." -D \"$headerfile\"".$cmdline_params." \"".$safer_URI."\""),$results,$return);
+
 		if($return)
 		{
 			$this->error = "Error: cURL could not retrieve the document, error $return.";
 			return false;
 		}
-			
-			
+
+
 		$results = implode("\r\n",$results);
-		
-		$result_headers = file("/tmp/$headerfile");
-						
+
+		$result_headers = file("$headerfile");
+
 		$this->_redirectaddr = false;
 		unset($this->headers);
-						
+
 		for($currentHeader = 0; $currentHeader < count($result_headers); $currentHeader++)
 		{
-			
+
 			// if a header begins with Location: or URI:, set the redirect
 			if(preg_match("/^(Location: |URI: )/i",$result_headers[$currentHeader]))
 			{
 				// get URL portion of the redirect
-				preg_match("/^(Location: |URI:)(.*)/",chop($result_headers[$currentHeader]),$matches);
+				preg_match("/^(Location: |URI:)\s+(.*)/",chop($result_headers[$currentHeader]),$matches);
 				// look for :// in the Location header to see if hostname is included
 				if(!preg_match("|\:\/\/|",$matches[2]))
 				{
@@ -691,23 +1052,18 @@ class Snoopy
 				else
 					$this->_redirectaddr = $matches[2];
 			}
-		
+
 			if(preg_match("|^HTTP/|",$result_headers[$currentHeader]))
-			{
-			    $this->response_code = $result_headers[$currentHeader];
-			    if(preg_match("|^HTTP/[^\s]*\s(.*?)\s|",$this->response_code, $match))
-			    {
-				$this->status= $match[1];
-                	    }
-			}
+				$this->response_code = $result_headers[$currentHeader];
+
 			$this->headers[] = $result_headers[$currentHeader];
 		}
 
 		// check if there is a a redirect meta tag
-		
-		if(preg_match("']*?content[\s]*=[\s]*[\"\']?\d+;[\s]+URL[\s]*=[\s]*([^\"\']*?)[\"\']?>'i",$results,$match))
+
+		if(preg_match("']*?content[\s]*=[\s]*[\"\']?\d+;[\s]*URL[\s]*=[\s]*([^\"\']*?)[\"\']?>'i",$results,$match))
 		{
-			$this->_redirectaddr = $this->_expandlinks($match[1],$URI);	
+			$this->_redirectaddr = $this->_expandlinks($match[1],$URI);
 		}
 
 		// have we hit our frame depth and is there frame src to fetch?
@@ -724,8 +1080,8 @@ class Snoopy
 		else
 			$this->results = $results;
 
-		unlink("/tmp/$headerfile");
-		
+		unlink("$headerfile");
+
 		return true;
 	}
 
@@ -733,17 +1089,17 @@ class Snoopy
 	Function:	setcookies()
 	Purpose:	set cookies for a redirection
 \*======================================================================*/
-	
+
 	function setcookies()
 	{
 		for($x=0; $xheaders); $x++)
 		{
-		if(preg_match("/^set-cookie:[\s]+([^=]+)=([^;]+)/i", $this->headers[$x],$match))
-			$this->cookies[$match[1]] = $match[2];
+		if(preg_match('/^set-cookie:[\s]+([^=]+)=([^;]+)/i', $this->headers[$x],$match))
+			$this->cookies[$match[1]] = urldecode($match[2]);
 		}
 	}
 
-	
+
 /*======================================================================*\
 	Function:	_check_timeout
 	Purpose:	checks whether timeout has occurred
@@ -767,12 +1123,13 @@ class Snoopy
 	Purpose:	make a socket connection
 	Input:		$fp	file pointer
 \*======================================================================*/
-	
+
 	function _connect(&$fp)
 	{
 		if(!empty($this->proxy_host) && !empty($this->proxy_port))
 			{
 				$this->_isproxy = true;
+
 				$host = $this->proxy_host;
 				$port = $this->proxy_port;
 			}
@@ -781,9 +1138,9 @@ class Snoopy
 			$host = $this->host;
 			$port = $this->port;
 		}
-	
+
 		$this->status = 0;
-		
+
 		if($fp = fsockopen(
 					$host,
 					$port,
@@ -819,13 +1176,13 @@ class Snoopy
 	Purpose:	disconnect a socket connection
 	Input:		$fp	file pointer
 \*======================================================================*/
-	
+
 	function _disconnect($fp)
 	{
 		return(fclose($fp));
 	}
 
-	
+
 /*======================================================================*\
 	Function:	_prepare_post_body
 	Purpose:	Prepare post body according to encoding type
@@ -833,15 +1190,16 @@ class Snoopy
 				$formfiles - form upload files
 	Output:		post body
 \*======================================================================*/
-	
+
 	function _prepare_post_body($formvars, $formfiles)
 	{
 		settype($formvars, "array");
 		settype($formfiles, "array");
+		$postdata = '';
 
 		if (count($formvars) == 0 && count($formfiles) == 0)
 			return;
-		
+
 		switch ($this->_submit_type) {
 			case "application/x-www-form-urlencoded":
 				reset($formvars);
@@ -857,7 +1215,7 @@ class Snoopy
 
 			case "multipart/form-data":
 				$this->_mime_boundary = "Snoopy".md5(uniqid(microtime()));
-				
+
 				reset($formvars);
 				while(list($key,$val) = each($formvars)) {
 					if (is_array($val) || is_object($val)) {
@@ -872,7 +1230,7 @@ class Snoopy
 						$postdata .= "$val\r\n";
 					}
 				}
-				
+
 				reset($formfiles);
 				while (list($field_name, $file_names) = each($formfiles)) {
 					settype($file_names, "array");
@@ -898,4 +1256,4 @@ class Snoopy
 }
 endif;
 
-?>
\ No newline at end of file
+?>
diff --git a/wp-includes/functions-formatting.php b/wp-includes/functions-formatting.php
index 11d24018c8..8354646a97 100644
--- a/wp-includes/functions-formatting.php
+++ b/wp-includes/functions-formatting.php
@@ -989,5 +989,12 @@ function ent2ncr($text) {
 	}
 	return $text;
 }
+function stripslashes_deep($value)
+{
+   $value = is_array($value) ?
+               array_map('stripslashes_deep', $value) :
+               stripslashes($value);
 
+   return $value;
+}
 ?>
diff --git a/wp-includes/template-functions-links.php b/wp-includes/template-functions-links.php
index 6e29a1fbde..1d1b1d9eaf 100644
--- a/wp-includes/template-functions-links.php
+++ b/wp-includes/template-functions-links.php
@@ -352,7 +352,7 @@ function next_post($format='%', $next='next post: ', $title='yes', $in_same_cat=
 function get_pagenum_link($pagenum = 1) {
 	global $wp_rewrite;
 
-	$qstr = $_SERVER['REQUEST_URI'];
+	$qstr = wp_specialchars($_SERVER['REQUEST_URI']);
 
 	$page_querystring = "paged"; 
 	$page_modstring = "page/";
diff --git a/wp-mail.php b/wp-mail.php
index a106e66aed..0536ea199f 100644
--- a/wp-mail.php
+++ b/wp-mail.php
@@ -50,9 +50,7 @@ for ($i=1; $i <= $count; $i++) :
 			if (preg_match('/Subject: /i', $line)) {
 				$subject = trim($line);
 				$subject = substr($subject, 9, strlen($subject)-9);
-				if (!preg_match('#\=\?(.+)\?Q\?(.+)\?\=#i', $subject)) {
-				  $subject = wp_iso_descrambler($subject);
-				}
+				$subject = wp_iso_descrambler($subject);
 				// Captures any text in the subject before $phone_delim as the subject
 				$subject = explode($phone_delim, $subject);
 				$subject = $subject[0];
@@ -63,8 +61,10 @@ for ($i=1; $i <= $count; $i++) :
 			if (preg_match('/From: /', $line) | preg_match('Reply-To: /', $line))  {
 				$author=trim($line);
 			if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) {
-				echo "Author = {$regs[1]} 
";
-				$result = $wpdb->get_row("SELECT ID FROM $tableusers WHERE user_email='$regs[1]' ORDER BY ID DESC LIMIT 1");
+				$author = $regs[1];
+				echo "Author = {$author} 
";
+				$author = $wpdb->escape($author);
+				$result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1");
 				if (!$result)
 					$post_author = 1;
 				else
@@ -81,11 +81,11 @@ for ($i=1; $i <= $count; $i++) :
 				}
 				$date_arr = explode(' ', $ddate);
 				$date_time = explode(':', $date_arr[3]);
-				
+
 				$ddate_H = $date_time[0];
 				$ddate_i = $date_time[1];
 				$ddate_s = $date_time[2];
-				
+
 				$ddate_m = $date_arr[1];
 				$ddate_d = $date_arr[0];
 				$ddate_Y = $date_arr[2];
@@ -136,6 +136,7 @@ for ($i=1; $i <= $count; $i++) :
 	$post_status = 'publish';
 
 	$post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status');
+	$post_data = add_magic_quotes($post_data);
 
 	$post_ID = wp_insert_post($post_data);
 
diff --git a/wp-settings.php b/wp-settings.php
index f450bc9943..a0d08f0c24 100644
--- a/wp-settings.php
+++ b/wp-settings.php
@@ -153,13 +153,19 @@ load_default_textdomain();
 // Pull in locale data after loading text domain.
 require_once(ABSPATH . WPINC . '/locale.php');
 
-if ( !get_magic_quotes_gpc() ) {
-	$_GET    = add_magic_quotes($_GET   );
-	$_POST   = add_magic_quotes($_POST  );
-	$_COOKIE = add_magic_quotes($_COOKIE);
-	$_SERVER = add_magic_quotes($_SERVER);
+// If already slashed, strip.
+if ( get_magic_quotes_gpc() ) {
+	$_GET    = stripslashes_deep($_GET   );
+	$_POST   = stripslashes_deep($_POST  );
+	$_COOKIE = stripslashes_deep($_COOKIE);
 }
 
+// Escape with wpdb.
+$_GET    = add_magic_quotes($_GET   );
+$_POST   = add_magic_quotes($_POST  );
+$_COOKIE = add_magic_quotes($_COOKIE);
+$_SERVER = add_magic_quotes($_SERVER);
+
 function shutdown_action_hook() {
 	do_action('shutdown');
 }