WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add page sanitization. Props xknown. fixes #5135 for trunk 

git-svn-id: http://svn.automattic.com/wordpress/trunk@6185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-10-03 16:27:07 +00:00
parent 5300ef20cf
commit 3211ab1d54
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/includes/template.php
View File

@ -493,7 +493,7 @@ function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) {
else
$current = '';
echo "\n\t<option value='$item->ID'$current>$pad $item->post_title</option>";
echo "\n\t<option value='$item->ID'$current>$pad " . wp_specialchars($item->post_title) . "</option>";
parent_dropdown( $default, $item->ID, $level +1 );
}
} else {

16
wp-includes/post.php
View File

@ -102,7 +102,7 @@ function &get_post(&$post, $output = OBJECT, $filter = 'raw') {
$_post = null;
} elseif ( is_object($post) ) {
if ( 'page' == $post->post_type )
return get_page($post, $output);
return get_page($post, $output, $filter);
if ( !isset($post_cache[$blog_id][$post->ID]) )
$post_cache[$blog_id][$post->ID] = &$post;
$_post = & $post_cache[$blog_id][$post->ID];
@ -111,11 +111,11 @@ function &get_post(&$post, $output = OBJECT, $filter = 'raw') {
if ( isset($post_cache[$blog_id][$post]) )
$_post = & $post_cache[$blog_id][$post];
elseif ( $_post = wp_cache_get($post, 'pages') )
return get_page($_post, $output);
return get_page($_post, $output, $filter);
else {
$_post = & $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post));
if ( 'page' == $_post->post_type )
return get_page($_post, $output);
return get_page($_post, $output, $filter);
$post_cache[$blog_id][$post] = & $_post;
}
}
@ -979,7 +979,7 @@ function get_all_page_ids() {
// Retrieves page data given a page ID or page object.
// Handles page caching.
function &get_page(&$page, $output = OBJECT) {
function &get_page(&$page, $output = OBJECT, $filter = 'raw') {
global $wpdb, $blog_id;
if ( empty($page) ) {
@ -992,7 +992,7 @@ function &get_page(&$page, $output = OBJECT) {
}
} elseif ( is_object($page) ) {
if ( 'post' == $page->post_type )
return get_post($page, $output);
return get_post($page, $output, $filter);
wp_cache_add($page->ID, $page, 'pages');
$_page = $page;
} else {
@ -1005,12 +1005,12 @@ function &get_page(&$page, $output = OBJECT) {
$_page = & $GLOBALS['page'];
wp_cache_add($_page->ID, $_page, 'pages');
} elseif ( isset($GLOBALS['post_cache'][$blog_id][$page]) ) { // it's actually a page, and is cached
return get_post($page, $output);
return get_post($page, $output, $filter);
} else { // it's not in any caches, so off to the DB we go
// Why are we using assignment for this query?
$_page = & $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID= %d LIMIT 1", $page ));
if ( 'post' == $_page->post_type )
return get_post($_page, $output);
return get_post($_page, $output, $filter);
// Potential issue: we're not checking to see if the post_type = 'page'
// So all non-'post' posts will get cached as pages.
wp_cache_add($_page->ID, $_page, 'pages');
@ -1018,6 +1018,8 @@ function &get_page(&$page, $output = OBJECT) {
}
}
$_page = sanitize_post($_page, $filter);
// at this point, one way or another, $_post contains the page object
if ( $output == OBJECT ) {