Add some filtering. Props jhodgdon. see #4516

git-svn-id: http://svn.automattic.com/wordpress/trunk@5998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-08-31 23:55:56 +00:00
parent 277e5aa914
commit 93840b1632
5 changed files with 36 additions and 23 deletions

View File

@ -286,7 +286,7 @@ if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
} }
echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=" . $comment->comment_post_ID . "&amp;c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> "; echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=" . $comment->comment_post_ID . "&amp;c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ";
} }
$post = get_post($comment->comment_post_ID); $post = get_post($comment->comment_post_ID, OBJECT, 'display');
$post_title = wp_specialchars( $post->post_title, 'double' ); $post_title = wp_specialchars( $post->post_title, 'double' );
$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title; $post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
?> ?>

View File

@ -33,6 +33,7 @@ include('admin-header.php');
<?php <?php
$categories = get_categories('get=all'); $categories = get_categories('get=all');
foreach ($categories as $category) : foreach ($categories as $category) :
$category = sanitize_category($category);
if ($category->term_id == get_option('default_category')) $selected = " selected='selected'"; if ($category->term_id == get_option('default_category')) $selected = " selected='selected'";
else $selected = ''; else $selected = '';
echo "\n\t<option value='$category->term_id' $selected>$category->name</option>"; echo "\n\t<option value='$category->term_id' $selected>$category->name</option>";
@ -44,8 +45,9 @@ endforeach;
<th scope="row"><?php _e('Default link category:') ?></th> <th scope="row"><?php _e('Default link category:') ?></th>
<td><select name="default_link_category" id="default_link_category"> <td><select name="default_link_category" id="default_link_category">
<?php <?php
$categories = get_terms('link_category', 'get=all'); $link_categories = get_terms('link_category', 'get=all');
foreach ($categories as $category) : foreach ($link_categories as $category) :
$category = sanitize_term($category, 'link_category');
if ($category->term_id == get_option('default_link_category')) $selected = " selected='selected'"; if ($category->term_id == get_option('default_link_category')) $selected = " selected='selected'";
else $selected = ''; else $selected = '';
echo "\n\t<option value='$category->term_id' $selected>$category->name</option>"; echo "\n\t<option value='$category->term_id' $selected>$category->name</option>";
@ -83,6 +85,7 @@ endforeach;
<?php <?php
//Alreay have $categories from default_category //Alreay have $categories from default_category
foreach ($categories as $category) : foreach ($categories as $category) :
$category = sanitize_category($category);
if ($category->cat_ID == get_option('default_email_category')) $selected = " selected='selected'"; if ($category->cat_ID == get_option('default_email_category')) $selected = " selected='selected'";
else $selected = ''; else $selected = '';
echo "\n\t<option value='$category->cat_ID' $selected>$category->cat_name</option>"; echo "\n\t<option value='$category->cat_ID' $selected>$category->cat_name</option>";

View File

@ -117,6 +117,14 @@ function cat_is_ancestor_of($cat1, $cat2) {
return cat_is_ancestor_of($cat1, get_category($cat2->parent)); return cat_is_ancestor_of($cat1, get_category($cat2->parent));
} }
function sanitize_category($category, $context = 'display') {
return sanitize_term($category, 'category', $context);
}
function sanitize_category_field($field, $value, $cat_id, $context) {
return sanitize_term_field($field, $value, $cat_id, 'category', $context);
}
// Tags // Tags
function &get_tags($args = '') { function &get_tags($args = '') {

View File

@ -60,19 +60,7 @@ function wp_meta() {
function bloginfo($show='') { function bloginfo($show='') {
$info = get_bloginfo($show); echo get_bloginfo($show, 'display');
// Don't filter URL's.
if (strpos($show, 'url') === false &&
strpos($show, 'directory') === false &&
strpos($show, 'home') === false) {
$info = apply_filters('bloginfo', $info, $show);
$info = convert_chars($info);
} else {
$info = apply_filters('bloginfo_url', $info, $show);
}
echo $info;
} }
/** /**
@ -81,7 +69,7 @@ function bloginfo($show='') {
* without "// DEPRECATED" are the preferred and recommended ways * without "// DEPRECATED" are the preferred and recommended ways
* to get the information. * to get the information.
*/ */
function get_bloginfo($show='') { function get_bloginfo($show = '', $filter = 'raw') {
switch($show) { switch($show) {
case 'url' : case 'url' :
@ -153,6 +141,20 @@ function get_bloginfo($show='') {
$output = get_option('blogname'); $output = get_option('blogname');
break; break;
} }
$url = true;
if (strpos($show, 'url') === false &&
strpos($show, 'directory') === false &&
strpos($show, 'home') === false)
$url = false;
if ( 'display' == $filter ) {
if ( $url )
$output = apply_filters('bloginfo_url', $output, $show);
else
$output = apply_filters('bloginfo', $output, $show);
}
return $output; return $output;
} }

View File

@ -150,9 +150,9 @@ case 'retrievepassword' :
<?php if (get_option('users_can_register')) : ?> <?php if (get_option('users_can_register')) : ?>
<li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php"><?php _e('Login') ?></a></li> <li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php"><?php _e('Login') ?></a></li>
<li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php?action=register"><?php _e('Register') ?></a></li> <li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php?action=register"><?php _e('Register') ?></a></li>
<li><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('Back to %s'), get_bloginfo('title')); ?></a></li> <li><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('Back to %s'), get_bloginfo('title', 'display' )); ?></a></li>
<?php else : ?> <?php else : ?>
<li><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('Back to %s'), get_bloginfo('title')); ?></a></li> <li><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('Back to %s'), get_bloginfo('title', 'display' )); ?></a></li>
<li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php"><?php _e('Login') ?></a></li> <li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php"><?php _e('Login') ?></a></li>
<?php endif; ?> <?php endif; ?>
</ul> </ul>
@ -272,7 +272,7 @@ case 'register' :
<ul> <ul>
<li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php"><?php _e('Login') ?></a></li> <li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php"><?php _e('Login') ?></a></li>
<li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php?action=lostpassword" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a></li> <li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php?action=lostpassword" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a></li>
<li><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('Back to %s'), get_bloginfo('title')); ?></a></li> <li><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('Back to %s'), get_bloginfo('title', 'display')); ?></a></li>
</ul> </ul>
</body> </body>
@ -365,13 +365,13 @@ default:
<ul> <ul>
<?php if ( in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?> <?php if ( in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
<li><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('Back to %s'), get_bloginfo('title')); ?></a></li> <li><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('Back to %s'), get_bloginfo('title', 'display')); ?></a></li>
<?php elseif (get_option('users_can_register')) : ?> <?php elseif (get_option('users_can_register')) : ?>
<li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php?action=register"><?php _e('Register') ?></a></li> <li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php?action=register"><?php _e('Register') ?></a></li>
<li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php?action=lostpassword" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a></li> <li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php?action=lostpassword" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a></li>
<li><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('Back to %s'), get_bloginfo('title')); ?></a></li> <li><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('Back to %s'), get_bloginfo('title', 'display')); ?></a></li>
<?php else : ?> <?php else : ?>
<li><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('Back to %s'), get_bloginfo('title')); ?></a></li> <li><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('Back to %s'), get_bloginfo('title', 'display')); ?></a></li>
<li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php?action=lostpassword" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a></li> <li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php?action=lostpassword" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a></li>
<?php endif; ?> <?php endif; ?>
</ul> </ul>