diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index 4ee8b1acd9..fd61e3ae83 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -347,6 +347,8 @@ function get_post_to_edit( $id ) { $post->post_title = apply_filters( 'title_edit_pre', $post->post_title ); $post->post_password = format_to_edit( $post->post_password ); + + $post->menu_order = (int) $post->menu_order; if ( $post->post_type == 'page' ) $post->page_template = get_post_meta( $id, '_wp_page_template', true ); @@ -396,12 +398,17 @@ function get_default_post_to_edit() { function get_comment_to_edit( $id ) { $comment = get_comment( $id ); + + $comment->comment_ID = (int) $comment->comment_ID; + $comment->comment_post_ID = (int) $comment->comment_post_ID; $comment->comment_content = format_to_edit( $comment->comment_content, user_can_richedit() ); $comment->comment_content = apply_filters( 'comment_edit_pre', $comment->comment_content); + $comment->comment_content = apply_filters( 'comment_text', $comment->comment_content ); $comment->comment_author = format_to_edit( $comment->comment_author ); $comment->comment_author_email = format_to_edit( $comment->comment_author_email ); + $comment->comment_author_url = clean_url($comment->comment_author_url); $comment->comment_author_url = format_to_edit( $comment->comment_author_url ); return $comment; @@ -409,6 +416,9 @@ function get_comment_to_edit( $id ) { function get_category_to_edit( $id ) { $category = get_category( $id ); + + $category->term_id = (int) $category->term_id; + $category->parent = (int) $category->parent; return $category; } @@ -1026,6 +1036,7 @@ function list_meta( $meta ) { $key_js = js_escape( $entry['meta_key'] ); $entry['meta_key'] = attribute_escape($entry['meta_key']); $entry['meta_value'] = attribute_escape($entry['meta_value']); + $entry['meta_id'] = (int) $entry['meta_id']; $r .= "\n\t"; $r .= "\n\t\t"; $r .= "\n\t\t"; @@ -1078,7 +1089,7 @@ function meta_form() { $key"; } ?> diff --git a/wp-admin/comment.php b/wp-admin/comment.php index 063b825d6f..4390571722 100644 --- a/wp-admin/comment.php +++ b/wp-admin/comment.php @@ -39,7 +39,7 @@ case 'mac': $nonce_action = 'cdc' == $action ? 'delete-comment_' : 'approve-comment_'; $nonce_action .= $comment; - if ( ! $comment = get_comment($comment) ) + if ( ! $comment = get_comment_to_edit($comment) ) wp_die(__('Oops, no comment with this ID.').sprintf(' '.__('Go back').'!', 'edit.php')); if ( !current_user_can('edit_post', $comment->comment_post_ID) ) @@ -96,7 +96,7 @@ case 'mac':

-comment_content ); ?> +comment_content; ?> @@ -155,7 +155,7 @@ case 'unapprovecomment': if ((wp_get_referer() != "") && (false == $noredir)) { wp_redirect(wp_get_referer()); } else { - wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments'); + wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments'); } exit(); break; @@ -185,7 +185,7 @@ case 'approvecomment': if ((wp_get_referer() != "") && (false == $noredir)) { wp_redirect(wp_get_referer()); } else { - wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments'); + wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments'); } exit(); break; diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index f53c3c4125..81a998b756 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -1,10 +1,12 @@ -

+

@@ -21,16 +23,17 @@ if (0 == $post_ID) { $form_extra = ""; wp_nonce_field('add-post'); } else { + $post_ID = (int) $post_ID; $form_action = 'editpost'; $form_extra = ""; wp_nonce_field('update-post_' . $post_ID); } -$form_pingback = ''; +$form_pingback = ''; -$form_prevstatus = ''; +$form_prevstatus = ''; -$form_trackback = 'to_ping) .'" />'; +$form_trackback = 'to_ping) ) .'" />'; if ('' != $post->pinged) { $pings = '

'. __('Already pinged:') . '

'; } -$saveasdraft = ''; +$saveasdraft = ''; if (empty($post->post_status)) $post->post_status = 'draft'; ?> - + - + @@ -88,12 +91,12 @@ addLoadEvent(focusit);

-
+

-
+
@@ -125,7 +128,7 @@ foreach ($authors as $o) : $o = get_userdata( $o->ID ); if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; else $selected = ''; -echo ""; +echo ""; endforeach; ?> @@ -140,7 +143,7 @@ endforeach;
-
+
@@ -168,7 +171,7 @@ endforeach; if ('publish' != $post->post_status || 0 == $post_ID) { ?> - + comment_ID); $form_action = 'editedcomment'; -$form_extra = "' />\n\n\n\ncomment_ID) ?>
- + - +

(Separate multiple URLs with spaces.)'), 'http://wordpress.org/docs/reference/post/#trackback'); echo '
'; ?>

@@ -64,7 +64,7 @@ edCanvas = document.getElementById('content'); '; } ?> - +

diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php index 0dff30a1a6..93a6837bfa 100644 --- a/wp-admin/edit-page-form.php +++ b/wp-admin/edit-page-form.php @@ -2,17 +2,22 @@

"; } else { + $post_ID = (int) $post_ID; $form_action = 'editpost'; $nonce_action = 'update-page_' . $post_ID; $form_extra = ""; } +$temp_ID = (int) $temp_ID; +$user_ID = (int) $user_ID; + $sendto = clean_url(stripslashes(wp_get_referer())); if ( 0 != $post_ID && $sendto == get_permalink($post_ID) ) @@ -68,7 +73,7 @@ addLoadEvent(focusit);

-
+
@@ -93,7 +98,7 @@ addLoadEvent(focusit);

-
+
id ) ) : // TODO: ROLE SYSTEM ?> @@ -106,6 +111,8 @@ foreach ($authors as $o) : $o = get_userdata( $o->ID ); if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; else $selected = ''; +$o->ID = (int) $o->ID; +$o->display_name = wp_specialchars( $o->display_name ); echo ""; endforeach; ?> @@ -126,7 +133,7 @@ endforeach;
-
+
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index cc2523e48b..f18807cee4 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -76,7 +76,7 @@ include ('admin-header.php'); - +