WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't use deprecated functions. see #11388 

git-svn-id: http://svn.automattic.com/wordpress/trunk@13106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2010-02-13 10:35:10 +00:00
parent b4c55aa60b
commit b4f362264e
13 changed files with 29 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/includes/bookmark.php
View File

@ -246,7 +246,7 @@ function wp_set_link_cats( $link_id = 0, $link_categories = array() ) {
function wp_update_link( $linkdata ) { function wp_update_link( $linkdata ) {
$link_id = (int) $linkdata['link_id']; $link_id = (int) $linkdata['link_id'];
$link = get_link( $link_id, ARRAY_A ); $link = get_bookmark( $link_id, ARRAY_A );
// Escape data pulled from DB. // Escape data pulled from DB.
$link = add_magic_quotes( $link ); $link = add_magic_quotes( $link );

2
wp-admin/includes/media.php
View File

@ -1146,7 +1146,7 @@ function get_media_items( $post_id, $errors ) {
function get_media_item( $attachment_id, $args = null ) { function get_media_item( $attachment_id, $args = null ) {
global $redir_tab; global $redir_tab;
if ( ( $attachment_id = intval( $attachment_id ) ) && $thumb_url = get_attachment_icon_src( $attachment_id ) ) if ( ( $attachment_id = intval( $attachment_id ) ) && $thumb_url = wp_get_attachment_image_src( $attachment_id ) )
$thumb_url = $thumb_url[0]; $thumb_url = $thumb_url[0];
else else
return false; return false;

4
wp-admin/includes/ms.php
View File

@ -212,7 +212,7 @@ function wpmu_get_blog_allowedthemes( $blog_id = 0 ) {
if ( is_array( $blog_allowed_themes ) ) { if ( is_array( $blog_allowed_themes ) ) {
foreach( (array) $themes as $key => $theme ) { foreach( (array) $themes as $key => $theme ) {
$theme_key = wp_specialchars( $theme[ 'Stylesheet' ] ); $theme_key = esc_html( $theme[ 'Stylesheet' ] );
if ( isset( $blog_allowed_themes[ $key ] ) == true ) { if ( isset( $blog_allowed_themes[ $key ] ) == true ) {
$blog_allowedthemes[ $theme_key ] = 1; $blog_allowedthemes[ $theme_key ] = 1;
} }
@ -335,7 +335,7 @@ function get_site_allowed_themes() {
$allowed_themes = array(); $allowed_themes = array();
} else { } else {
foreach( (array) $themes as $key => $theme ) { foreach( (array) $themes as $key => $theme ) {
$theme_key = wp_specialchars( $theme[ 'Stylesheet' ] ); $theme_key = esc_html( $theme[ 'Stylesheet' ] );
if ( isset( $allowed_themes[ $key ] ) == true ) { if ( isset( $allowed_themes[ $key ] ) == true ) {
$allowedthemes[ $theme_key ] = 1; $allowedthemes[ $theme_key ] = 1;
} }

6
wp-admin/includes/theme.php
View File

@ -142,12 +142,12 @@ function get_allowed_themes() {
if ( is_array( $blog_allowed_themes ) ) if ( is_array( $blog_allowed_themes ) )
$allowed_themes = array_merge( $allowed_themes, $blog_allowed_themes ); $allowed_themes = array_merge( $allowed_themes, $blog_allowed_themes );
if ( isset( $allowed_themes[ wp_specialchars( $ct->stylesheet ) ] ) == false ) if ( isset( $allowed_themes[ esc_html( $ct->stylesheet ) ] ) == false )
$allowed_themes[ wp_specialchars( $ct->stylesheet ) ] = true; $allowed_themes[ esc_html( $ct->stylesheet ) ] = true;
reset( $themes ); reset( $themes );
foreach ( $themes as $key => $theme ) { foreach ( $themes as $key => $theme ) {
if ( isset( $allowed_themes[ wp_specialchars( $theme[ 'Stylesheet' ] ) ] ) == false ) if ( isset( $allowed_themes[ esc_html( $theme[ 'Stylesheet' ] ) ] ) == false )
unset( $themes[ $key ] ); unset( $themes[ $key ] );
} }
reset( $themes ); reset( $themes );

2
wp-admin/includes/user.php
View File

@ -92,7 +92,7 @@ function edit_user( $user_id = 0 ) {
if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) { if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
$user->user_url = ''; $user->user_url = '';
} else { } else {
$user->user_url = sanitize_url( $_POST['url'] ); $user->user_url = esc_url_raw( $_POST['url'] );
$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
} }
} }

14
wp-admin/ms-edit.php
View File

@ -385,8 +385,8 @@ switch ( $_GET['action'] ) {
$themes = get_themes(); $themes = get_themes();
reset( $themes ); reset( $themes );
foreach ( (array) $themes as $key => $theme ) { foreach ( (array) $themes as $key => $theme ) {
if ( $_POST['theme'][ wp_specialchars( $theme['Stylesheet'] ) ] == 'enabled' ) if ( $_POST['theme'][ esc_html( $theme['Stylesheet'] ) ] == 'enabled' )
$allowed_themes[ wp_specialchars( $theme['Stylesheet'] ) ] = true; $allowed_themes[ esc_html( $theme['Stylesheet'] ) ] = true;
} }
update_site_option( 'allowedthemes', $allowed_themes ); update_site_option( 'allowedthemes', $allowed_themes );
} }
@ -413,12 +413,12 @@ switch ( $_GET['action'] ) {
</head> </head>
<body id="error-page"> <body id="error-page">
<h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1> <h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1>
<form action='ms-edit.php?action=<?php echo wp_specialchars( $_GET[ 'action2' ] ) ?>' method='post'> <form action='ms-edit.php?action=<?php echo esc_attr( $_GET[ 'action2' ] ) ?>' method='post'>
<input type='hidden' name='action' value='<?php echo wp_specialchars( $_GET['action2'] ) ?>' /> <input type='hidden' name='action' value='<?php echo esc_attr( $_GET['action2'] ) ?>' />
<input type='hidden' name='id' value='<?php echo wp_specialchars( $id ); ?>' /> <input type='hidden' name='id' value='<?php echo esc_attr( $id ); ?>' />
<input type='hidden' name='ref' value='<?php echo $referrer; ?>' /> <input type='hidden' name='ref' value='<?php echo $referrer; ?>' />
<?php wp_nonce_field( $_GET['action2'] ) ?> <?php wp_nonce_field( $_GET['action2'] ) ?>
<p><?php echo wp_specialchars( stripslashes($_GET['msg']) ); ?></p> <p><?php echo esc_html( stripslashes($_GET['msg']) ); ?></p>
<p class="submit"><input class="button" type='submit' value='<?php _e("Confirm"); ?>' /></p> <p class="submit"><input class="button" type='submit' value='<?php _e("Confirm"); ?>' /></p>
</form> </form>
</body> </body>
@ -499,7 +499,7 @@ switch ( $_GET['action'] ) {
wp_die( __('Missing email.') ); wp_die( __('Missing email.') );
$password = wp_generate_password(); $password = wp_generate_password();
$user_id = wpmu_create_user(wp_specialchars( strtolower( $user['username'] ) ), $password, wp_specialchars( $user['email'] ) ); $user_id = wpmu_create_user(wp_specialchars( strtolower( $user['username'] ) ), $password, esc_html( $user['email'] ) );
if ( false == $user_id ) if ( false == $user_id )
wp_die( __('Duplicated username or email address.') ); wp_die( __('Duplicated username or email address.') );

2
wp-admin/ms-options.php
View File

@ -280,7 +280,7 @@ if (isset($_GET['updated'])) {
$menu_perms = get_site_option( 'menu_items' ); $menu_perms = get_site_option( 'menu_items' );
$menu_items = apply_filters( 'mu_menu_items', array('plugins' => __('Plugins')) ); $menu_items = apply_filters( 'mu_menu_items', array('plugins' => __('Plugins')) );
foreach ( (array) $menu_items as $key => $val ) { foreach ( (array) $menu_items as $key => $val ) {
echo "<tr><th scope='row'>" . wp_specialchars($val) . "</th><td><input type='checkbox' name='menu_items[" . $key . "]' value='1'" . checked($menu_perms[$key], '1', false) . " /></td></tr>"; echo "<tr><th scope='row'>" . esc_html($val) . "</th><td><input type='checkbox' name='menu_items[" . $key . "]' value='1'" . checked($menu_perms[$key], '1', false) . " /></td></tr>";
} }
?> ?>
</table> </table>

6
wp-admin/ms-sites.php
View File

@ -168,7 +168,7 @@ switch ( $action ) {
$disabled = ''; $disabled = '';
if ( is_serialized($option->option_value) ) { if ( is_serialized($option->option_value) ) {
if ( is_serialized_string($option->option_value) ) { if ( is_serialized_string($option->option_value) ) {
$option->option_value = wp_specialchars(maybe_unserialize($option->option_value), 'single'); $option->option_value = esc_html(maybe_unserialize($option->option_value), 'single');
} else { } else {
$option->option_value = "SERIALIZED DATA"; $option->option_value = "SERIALIZED DATA";
$disabled = ' disabled="disabled"'; $disabled = ' disabled="disabled"';
@ -210,7 +210,7 @@ switch ( $action ) {
$allowed_themes = array_keys( $themes ); $allowed_themes = array_keys( $themes );
$out = ''; $out = '';
foreach ( $themes as $key => $theme ) { foreach ( $themes as $key => $theme ) {
$theme_key = wp_specialchars( $theme['Stylesheet'] ); $theme_key = esc_html( $theme['Stylesheet'] );
if ( ! isset($allowed_themes[$theme_key] ) ) { if ( ! isset($allowed_themes[$theme_key] ) ) {
$checked = ( isset($blog_allowed_themes[ $theme_key ]) ) ? 'checked="checked"' : ''; $checked = ( isset($blog_allowed_themes[ $theme_key ]) ) ? 'checked="checked"' : '';
$out .= '<tr class="form-field form-required"> $out .= '<tr class="form-field form-required">
@ -253,7 +253,7 @@ switch ( $action ) {
<td> <td>
<select name="role[<?php echo $val->user_id ?>]" id="new_role"><?php <select name="role[<?php echo $val->user_id ?>]" id="new_role"><?php
foreach ( $editblog_roles as $role => $role_assoc ){ foreach ( $editblog_roles as $role => $role_assoc ){
$name = translate_with_context($role_assoc['name']); $name = translate_user_role($role_assoc['name']);
$selected = ( $role == $existing_role ) ? 'selected="selected"' : ''; $selected = ( $role == $existing_role ) ? 'selected="selected"' : '';
echo "<option {$selected} value=\"" . esc_attr($role) . "\">{$name}</option>"; echo "<option {$selected} value=\"" . esc_attr($role) . "\">{$name}</option>";
} }

2
wp-admin/ms-themes.php
View File

@ -37,7 +37,7 @@ $allowed_themes = get_site_allowed_themes();
$class = ''; $class = '';
foreach ( (array) $themes as $key => $theme ) { foreach ( (array) $themes as $key => $theme ) {
$total_theme_count++; $total_theme_count++;
$theme_key = wp_specialchars($theme['Stylesheet']); $theme_key = esc_html($theme['Stylesheet']);
$class = ('alt' == $class) ? '' : 'alt'; $class = ('alt' == $class) ? '' : 'alt';
$class1 = $enabled = $disabled = ''; $class1 = $enabled = $disabled = '';

2
wp-admin/user-edit.php
View File

@ -70,7 +70,7 @@ if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $c
$new_email = get_option( $current_user->ID . '_new_email' ); $new_email = get_option( $current_user->ID . '_new_email' );
if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) { if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
$user->ID = $current_user->ID; $user->ID = $current_user->ID;
$user->user_email = wp_specialchars( trim( $new_email[ 'newemail' ] ) ); $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) )
$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) ); $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
wp_update_user( get_object_vars( $user ) ); wp_update_user( get_object_vars( $user ) );

4
wp-admin/user-new.php
View File

@ -27,7 +27,7 @@ If you do not want to join this blog please ignore
this email. This invitation will expire in a few days. this email. This invitation will expire in a few days.
Please click the following link to activate your user account: Please click the following link to activate your user account:
%%s" ), get_bloginfo('name'), site_url(), wp_specialchars( $_REQUEST[ 'role' ] ) ); %%s" ), get_bloginfo('name'), site_url(), esc_html( $_REQUEST[ 'role' ] ) );
} }
add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' ); add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' );
@ -55,7 +55,7 @@ if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
$user_details = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->users} WHERE user_login = %s AND user_email = %s", $user_login, $_REQUEST[ 'email' ] ) ); $user_details = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->users} WHERE user_login = %s AND user_email = %s", $user_login, $_REQUEST[ 'email' ] ) );
if ( $user_details ) { if ( $user_details ) {
// Adding an existing user to this blog // Adding an existing user to this blog
$new_user_email = wp_specialchars(trim($_REQUEST['email'])); $new_user_email = esc_html(trim($_REQUEST['email']));
$redirect = 'user-new.php'; $redirect = 'user-new.php';
$username = $user_details->user_login; $username = $user_details->user_login;
$user_id = $user_details->ID; $user_id = $user_details->ID;

10
wp-includes/ms-functions.php
View File

@ -867,7 +867,7 @@ function wpmu_admin_do_redirect( $url = '' ) {
$url = wpmu_admin_redirect_add_updated_param( $url ); $url = wpmu_admin_redirect_add_updated_param( $url );
if ( isset( $_GET['redirect'] ) ) { if ( isset( $_GET['redirect'] ) ) {
if ( substr( $_GET['redirect'], 0, 2 ) == 's_' ) if ( substr( $_GET['redirect'], 0, 2 ) == 's_' )
$url .= "&action=blogs&s=". wp_specialchars( substr( $_GET['redirect'], 2 ) ); $url .= "&action=blogs&s=". esc_html( substr( $_GET['redirect'], 2 ) );
} elseif ( isset( $_POST['redirect'] ) ) { } elseif ( isset( $_POST['redirect'] ) ) {
$url = wpmu_admin_redirect_add_updated_param( $_POST['redirect'] ); $url = wpmu_admin_redirect_add_updated_param( $_POST['redirect'] );
} }
@ -1155,7 +1155,7 @@ function wpmu_signup_blog_notification($domain, $path, $title, $user, $user_emai
$admin_email = get_site_option( "admin_email" ); $admin_email = get_site_option( "admin_email" );
if ( $admin_email == '' ) if ( $admin_email == '' )
$admin_email = 'support@' . $_SERVER['SERVER_NAME']; $admin_email = 'support@' . $_SERVER['SERVER_NAME'];
$from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) ); $from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : esc_html( get_site_option( "site_name" ) );
$message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
$message = sprintf( apply_filters( 'wpmu_signup_blog_notification_email', __( "To activate your blog, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login.\n\nAfter you activate, you can visit your blog here:\n\n%s" ) ), $activate_url, esc_url( "http://{$domain}{$path}" ), $key ); $message = sprintf( apply_filters( 'wpmu_signup_blog_notification_email', __( "To activate your blog, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login.\n\nAfter you activate, you can visit your blog here:\n\n%s" ) ), $activate_url, esc_url( "http://{$domain}{$path}" ), $key );
// TODO: Don't hard code activation link. // TODO: Don't hard code activation link.
@ -1174,7 +1174,7 @@ function wpmu_signup_user_notification($user, $user_email, $key, $meta = '') {
$admin_email = get_site_option( "admin_email" ); $admin_email = get_site_option( "admin_email" );
if ( $admin_email == '' ) if ( $admin_email == '' )
$admin_email = 'support@' . $_SERVER['SERVER_NAME']; $admin_email = 'support@' . $_SERVER['SERVER_NAME'];
$from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) ); $from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : esc_html( get_site_option( "site_name" ) );
$message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
$message = sprintf( apply_filters( 'wpmu_signup_user_notification_email', __( "To activate your user, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login.\n\n" ) ), site_url( "wp-activate.php?key=$key" ), $key ); $message = sprintf( apply_filters( 'wpmu_signup_user_notification_email', __( "To activate your user, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login.\n\n" ) ), site_url( "wp-activate.php?key=$key" ), $key );
// TODO: Don't hard code activation link. // TODO: Don't hard code activation link.
@ -1478,7 +1478,7 @@ Thanks!
if ( $admin_email == '' ) if ( $admin_email == '' )
$admin_email = 'support@' . $_SERVER['SERVER_NAME']; $admin_email = 'support@' . $_SERVER['SERVER_NAME'];
$from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) ); $from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : esc_html( get_site_option( "site_name" ) );
$message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
$message = $welcome_email; $message = $welcome_email;
@ -1511,7 +1511,7 @@ function wpmu_welcome_user_notification($user_id, $password, $meta = '') {
if ( $admin_email == '' ) if ( $admin_email == '' )
$admin_email = 'support@' . $_SERVER['SERVER_NAME']; $admin_email = 'support@' . $_SERVER['SERVER_NAME'];
$from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) ); $from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : esc_html( get_site_option( "site_name" ) );
$message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
$message = $welcome_email; $message = $welcome_email;

2
wp-signup.php
View File

@ -230,7 +230,7 @@ function signup_user($user_name = '', $user_email = '', $errors = '') {
if ( !is_wp_error($errors) ) if ( !is_wp_error($errors) )
$errors = new WP_Error(); $errors = new WP_Error();
if ( isset( $_POST[ 'signup_for' ] ) ) if ( isset( $_POST[ 'signup_for' ] ) )
$signup[ wp_specialchars( $_POST[ 'signup_for' ] ) ] = 'checked="checked"'; $signup[ esc_html( $_POST[ 'signup_for' ] ) ] = 'checked="checked"';
else else
$signup[ 'blog' ] = 'checked="checked"'; $signup[ 'blog' ] = 'checked="checked"';