Axing htmlspecialchars because it double-encodes-encodes. Better error handling around queries.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
06bacff67d
commit
c3e1d51c20
|
@ -90,7 +90,7 @@ function write_nested_categories($categories) {
|
||||||
foreach($categories as $category) {
|
foreach($categories as $category) {
|
||||||
echo '<label for="category-', $category['cat_ID'], '" class="selectit"><input value="', $category['cat_ID'],
|
echo '<label for="category-', $category['cat_ID'], '" class="selectit"><input value="', $category['cat_ID'],
|
||||||
'" type="checkbox" name="post_category[]" id="category-', $category['cat_ID'], '"',
|
'" type="checkbox" name="post_category[]" id="category-', $category['cat_ID'], '"',
|
||||||
($category['checked'] ? ' checked="checked"' : ""), '/> ', htmlspecialchars($category['cat_name']), "</label>\n";
|
($category['checked'] ? ' checked="checked"' : ""), '/> ', wp_specialchars($category['cat_name']), "</label>\n";
|
||||||
|
|
||||||
if(isset($category['children'])) {
|
if(isset($category['children'])) {
|
||||||
echo "\n<span class='cat-nest'>\n";
|
echo "\n<span class='cat-nest'>\n";
|
||||||
|
@ -113,7 +113,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
|
||||||
if ($categories) {
|
if ($categories) {
|
||||||
foreach ($categories as $category) {
|
foreach ($categories as $category) {
|
||||||
if ($category->category_parent == $parent) {
|
if ($category->category_parent == $parent) {
|
||||||
$category->cat_name = htmlspecialchars($category->cat_name);
|
$category->cat_name = wp_specialchars($category->cat_name);
|
||||||
$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
|
$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
|
||||||
$pad = str_repeat('— ', $level);
|
$pad = str_repeat('— ', $level);
|
||||||
if ( $user_level > 3 )
|
if ( $user_level > 3 )
|
||||||
|
@ -144,7 +144,7 @@ function wp_dropdown_cats($currentcat = 0, $currentparent = 0, $parent = 0, $lev
|
||||||
foreach ($categories as $category) { if ($currentcat != $category->cat_ID && $parent == $category->category_parent) {
|
foreach ($categories as $category) { if ($currentcat != $category->cat_ID && $parent == $category->category_parent) {
|
||||||
$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
|
$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
|
||||||
$pad = str_repeat('– ', $level);
|
$pad = str_repeat('– ', $level);
|
||||||
$category->cat_name = htmlspecialchars($category->cat_name);
|
$category->cat_name = wp_specialchars($category->cat_name);
|
||||||
echo "\n\t<option value='$category->cat_ID'";
|
echo "\n\t<option value='$category->cat_ID'";
|
||||||
if ($currentparent == $category->cat_ID)
|
if ($currentparent == $category->cat_ID)
|
||||||
echo " selected='selected'";
|
echo " selected='selected'";
|
||||||
|
|
|
@ -20,8 +20,8 @@ window.close()
|
||||||
</html>
|
</html>
|
||||||
<?php
|
<?php
|
||||||
} else {
|
} else {
|
||||||
$popuptitle = htmlspecialchars(stripslashes($popuptitle));
|
$popuptitle = wp_specialchars(stripslashes($popuptitle));
|
||||||
$text = htmlspecialchars(stripslashes(urldecode($text)));
|
$text = wp_specialchars(stripslashes(urldecode($text)));
|
||||||
|
|
||||||
/* big funky fixes for browsers' javascript bugs */
|
/* big funky fixes for browsers' javascript bugs */
|
||||||
|
|
||||||
|
@ -40,24 +40,22 @@ window.close()
|
||||||
$text = preg_replace($wp_gecko_correction["in"],$wp_gecko_correction["out"],$text);
|
$text = preg_replace($wp_gecko_correction["in"],$wp_gecko_correction["out"],$text);
|
||||||
}
|
}
|
||||||
|
|
||||||
$post_title = $_REQUEST['post_title'];
|
$post_title = wp_specialchars($_REQUEST['post_title']);
|
||||||
if (!empty($post_title)) {
|
if (!empty($post_title)) {
|
||||||
$post_title = stripslashes($post_title);
|
$post_title = stripslashes($post_title);
|
||||||
} else {
|
} else {
|
||||||
$post_title = $popuptitle;
|
$post_title = $popuptitle;
|
||||||
}
|
}
|
||||||
// I'm not sure why we're using $edited_post_title in the edit-form.php, but we are
|
|
||||||
// and that is what is being included below. For this reason, I am just duplicating
|
$edited_post_title = wp_specialchars($post_title);
|
||||||
// the var instead of changing the assignment on the lines above.
|
|
||||||
// -- Alex King 2004-01-07
|
|
||||||
$edited_post_title = htmlspecialchars($post_title);
|
|
||||||
|
|
||||||
// $post_pingback needs to be set in any file that includes edit-form.php
|
// $post_pingback needs to be set in any file that includes edit-form.php
|
||||||
$post_pingback = get_settings('default_pingback_flag');
|
$post_pingback = get_settings('default_pingback_flag');
|
||||||
|
|
||||||
$content = htmlspecialchars($_REQUEST['content']);
|
$content = wp_specialchars($_REQUEST['content']);
|
||||||
if (!empty($content)) {
|
$popupurl = wp_specialchars($_REQUEST['popupurl']);
|
||||||
$content = stripslashes($content);
|
if ( !empty($content) ) {
|
||||||
|
$content = wp_specialchars( stripslashes($_REQUEST['content']) );
|
||||||
} else {
|
} else {
|
||||||
$content = '<a href="'.$popupurl.'">'.$popuptitle.'</a>'."\n$text";
|
$content = '<a href="'.$popupurl.'">'.$popuptitle.'</a>'."\n$text";
|
||||||
}
|
}
|
||||||
|
@ -71,14 +69,7 @@ window.close()
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo get_settings('blog_charset'); ?>" />
|
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo get_settings('blog_charset'); ?>" />
|
||||||
<link rel="stylesheet" href="wp-admin.css" type="text/css" />
|
<link rel="stylesheet" href="wp-admin.css" type="text/css" />
|
||||||
<link rel="shortcut icon" href="../wp-images/wp-favicon.png" />
|
<link rel="shortcut icon" href="../wp-images/wp-favicon.png" />
|
||||||
<script type="text/javascript">
|
|
||||||
<!--
|
|
||||||
function launchupload() {
|
|
||||||
window.open ("upload.php", "wpupload", "width=380,height=360,location=0,menubar=0,resizable=1,scrollbars=yes,status=1,toolbar=0");
|
|
||||||
}
|
|
||||||
|
|
||||||
//-->
|
|
||||||
</script>
|
|
||||||
<style type="text/css">
|
<style type="text/css">
|
||||||
<!--
|
<!--
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ case 'addcat':
|
||||||
if ($user_level < 3)
|
if ($user_level < 3)
|
||||||
die (__('Cheatin’ uh?'));
|
die (__('Cheatin’ uh?'));
|
||||||
|
|
||||||
$cat_name= $_POST['cat_name'];
|
$cat_name= wp_specialchars($_POST['cat_name']);
|
||||||
$id_result = $wpdb->get_row("SHOW TABLE STATUS LIKE '$wpdb->categories'");
|
$id_result = $wpdb->get_row("SHOW TABLE STATUS LIKE '$wpdb->categories'");
|
||||||
$cat_ID = $id_result->Auto_increment;
|
$cat_ID = $id_result->Auto_increment;
|
||||||
$category_nicename = sanitize_title($cat_name, $cat_ID);
|
$category_nicename = sanitize_title($cat_name, $cat_ID);
|
||||||
|
@ -64,7 +64,7 @@ break;
|
||||||
case 'edit':
|
case 'edit':
|
||||||
|
|
||||||
require_once ('admin-header.php');
|
require_once ('admin-header.php');
|
||||||
$cat_ID = intval($_GET['cat_ID']);
|
$cat_ID = (int) $_GET['cat_ID'];
|
||||||
$category = $wpdb->get_row("SELECT * FROM $wpdb->categories WHERE cat_ID = '$cat_ID'");
|
$category = $wpdb->get_row("SELECT * FROM $wpdb->categories WHERE cat_ID = '$cat_ID'");
|
||||||
$cat_name = $category->cat_name;
|
$cat_name = $category->cat_name;
|
||||||
?>
|
?>
|
||||||
|
@ -75,12 +75,12 @@ case 'edit':
|
||||||
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
||||||
<tr>
|
<tr>
|
||||||
<th width="33%" scope="row"><?php _e('Category name:') ?></th>
|
<th width="33%" scope="row"><?php _e('Category name:') ?></th>
|
||||||
<td width="67%"><input name="cat_name" type="text" value="<?php echo htmlspecialchars($cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
|
<td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
|
||||||
<input type="hidden" name="cat_ID" value="<?php echo $cat_ID ?>" /></td>
|
<input type="hidden" name="cat_ID" value="<?php echo $cat_ID ?>" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e('Category slug:') ?></th>
|
<th scope="row"><?php _e('Category slug:') ?></th>
|
||||||
<td><input name="category_nicename" type="text" value="<?php echo htmlspecialchars($category->category_nicename); ?>" size="40" /></td>
|
<td><input name="category_nicename" type="text" value="<?php echo wp_specialchars($category->category_nicename); ?>" size="40" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e('Category parent:') ?></th>
|
<th scope="row"><?php _e('Category parent:') ?></th>
|
||||||
|
@ -92,7 +92,7 @@ case 'edit':
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e('Description:') ?></th>
|
<th scope="row"><?php _e('Description:') ?></th>
|
||||||
<td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo htmlspecialchars($category->category_description, ENT_NOQUOTES); ?></textarea></td>
|
<td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description, 1); ?></textarea></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
<p class="submit"><input type="submit" name="submit" value="<?php _e('Edit category') ?> »" /></p>
|
<p class="submit"><input type="submit" name="submit" value="<?php _e('Edit category') ?> »" /></p>
|
||||||
|
@ -107,7 +107,7 @@ case 'editedcat':
|
||||||
if ($user_level < 3)
|
if ($user_level < 3)
|
||||||
die (__('Cheatin’ uh?'));
|
die (__('Cheatin’ uh?'));
|
||||||
|
|
||||||
$cat_name = $_POST['cat_name'];
|
$cat_name = wp_specialchars($_POST['cat_name']);
|
||||||
$cat_ID = (int) $_POST['cat_ID'];
|
$cat_ID = (int) $_POST['cat_ID'];
|
||||||
$category_nicename = sanitize_title($_POST['category_nicename'], $cat_ID);
|
$category_nicename = sanitize_title($_POST['category_nicename'], $cat_ID);
|
||||||
$category_description = $_POST['category_description'];
|
$category_description = $_POST['category_description'];
|
||||||
|
|
|
@ -6,7 +6,7 @@ $parent_file = 'edit.php';
|
||||||
|
|
||||||
require_once('admin-header.php');
|
require_once('admin-header.php');
|
||||||
if (empty($_GET['mode'])) $mode = 'view';
|
if (empty($_GET['mode'])) $mode = 'view';
|
||||||
else $mode = htmlspecialchars($_GET['mode']);
|
else $mode = wp_specialchars($_GET['mode'], 1);
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
|
@ -29,7 +29,7 @@ function checkAll(form)
|
||||||
<form name="searchform" action="" method="get">
|
<form name="searchform" action="" method="get">
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend><?php _e('Show Comments That Contain...') ?></legend>
|
<legend><?php _e('Show Comments That Contain...') ?></legend>
|
||||||
<input type="text" name="s" value="<?php if (isset($_GET['s'])) echo htmlspecialchars($_GET['s']); ?>" size="17" />
|
<input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" />
|
||||||
<input type="submit" name="submit" value="<?php _e('Search') ?>" />
|
<input type="submit" name="submit" value="<?php _e('Search') ?>" />
|
||||||
<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
|
<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
|
||||||
<?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
|
<?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
|
||||||
|
|
|
@ -128,7 +128,7 @@ if ('publish' != $post_status || 0 == $post_ID) {
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<input name="referredby" type="hidden" id="referredby" value="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']); ?>" />
|
<input name="referredby" type="hidden" id="referredby" value="<?php echo wp_specialchars($_SERVER['HTTP_REFERER']); ?>" />
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<?php do_action('edit_form_advanced', ''); ?>
|
<?php do_action('edit_form_advanced', ''); ?>
|
||||||
|
|
|
@ -77,7 +77,7 @@ edCanvas = document.getElementById('content');
|
||||||
|
|
||||||
<p class="submit">
|
<p class="submit">
|
||||||
<input name="savepage" type="submit" id="savepage" tabindex="6" value="<?php $post_ID ? _e('Edit Page') :_e('Create New Page') ?> »" />
|
<input name="savepage" type="submit" id="savepage" tabindex="6" value="<?php $post_ID ? _e('Edit Page') :_e('Create New Page') ?> »" />
|
||||||
<input name="referredby" type="hidden" id="referredby" value="<?php if (isset($_SERVER['HTTP_REFERER'])) echo htmlspecialchars($_SERVER['HTTP_REFERER']); ?>" />
|
<input name="referredby" type="hidden" id="referredby" value="<?php if (isset($_SERVER['HTTP_REFERER'])) echo wp_specialchars($_SERVER['HTTP_REFERER']); ?>" />
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<fieldset id="pageoptions">
|
<fieldset id="pageoptions">
|
||||||
|
|
|
@ -5,6 +5,8 @@ $title = __('Posts');
|
||||||
$parent_file = 'edit.php';
|
$parent_file = 'edit.php';
|
||||||
require_once('admin-header.php');
|
require_once('admin-header.php');
|
||||||
|
|
||||||
|
$_GET['m'] = (int) $_GET['m'];
|
||||||
|
|
||||||
get_currentuserinfo();
|
get_currentuserinfo();
|
||||||
|
|
||||||
$drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author = $user_ID");
|
$drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author = $user_ID");
|
||||||
|
@ -65,7 +67,7 @@ if ($drafts || $other_drafts) {
|
||||||
if ( isset( $_GET['m'] ) ) {
|
if ( isset( $_GET['m'] ) ) {
|
||||||
echo $month[substr( $_GET['m'], 4, 2 )] . ' ' . substr( $_GET['m'], 0, 4 );
|
echo $month[substr( $_GET['m'], 4, 2 )] . ' ' . substr( $_GET['m'], 0, 4 );
|
||||||
} elseif ( isset( $_GET['s'] ) ) {
|
} elseif ( isset( $_GET['s'] ) ) {
|
||||||
printf(__('Search for “%s”'), htmlspecialchars($_GET['s']) );
|
printf(__('Search for “%s”'), wp_specialchars($_GET['s']) );
|
||||||
} else {
|
} else {
|
||||||
_e('Last 15 Posts');
|
_e('Last 15 Posts');
|
||||||
}
|
}
|
||||||
|
@ -90,7 +92,7 @@ if ( isset( $_GET['m'] ) ) {
|
||||||
$arc_year = $arc_row->yyear;
|
$arc_year = $arc_row->yyear;
|
||||||
$arc_month = $arc_row->mmonth;
|
$arc_month = $arc_row->mmonth;
|
||||||
|
|
||||||
if( isset($_GET['m']) && $arc_year . zeroise($arc_month, 2) == $_GET['m'] )
|
if( isset($_GET['m']) && $arc_year . zeroise($arc_month, 2) == (int) $_GET['m'] )
|
||||||
$default = 'selected="selected"';
|
$default = 'selected="selected"';
|
||||||
else
|
else
|
||||||
$default = null;
|
$default = null;
|
||||||
|
@ -121,7 +123,7 @@ if ( isset( $_GET['m'] ) ) {
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
$what_to_show = 'posts';
|
$what_to_show = 'posts';
|
||||||
if ( empty($_GET['m']) && empty($_GET['s']) ) {
|
if ( empty($_GET['m']) || 0 == $_GET['m'] && empty($_GET['s']) ) {
|
||||||
$showposts = 15;
|
$showposts = 15;
|
||||||
} else {
|
} else {
|
||||||
$nopaging = true;
|
$nopaging = true;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
require_once('admin.php');
|
require_once('admin.php');
|
||||||
|
|
||||||
$title = 'Add Link';
|
$title = __('Add Link');
|
||||||
$this_file = 'link-manager.php';
|
$this_file = 'link-manager.php';
|
||||||
$parent_file = 'link-manager.php';
|
$parent_file = 'link-manager.php';
|
||||||
|
|
||||||
|
@ -9,17 +9,17 @@ function category_dropdown($fieldname, $selected = 0) {
|
||||||
global $wpdb;
|
global $wpdb;
|
||||||
|
|
||||||
$results = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle FROM $wpdb->linkcategories ORDER BY cat_id");
|
$results = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle FROM $wpdb->linkcategories ORDER BY cat_id");
|
||||||
echo ' <select name="'.$fieldname.'" size="1">'."\n";
|
echo "\n<select name='$fieldname' size='1'>\n";
|
||||||
foreach ($results as $row) {
|
foreach ($results as $row) {
|
||||||
echo " <option value=\"".$row->cat_id."\"";
|
echo "\n\t<option value='$row->cat_id'";
|
||||||
if ($row->cat_id == $selected)
|
if ($row->cat_id == $selected)
|
||||||
echo " selected";
|
echo " selected='selected'";
|
||||||
echo ">".$row->cat_id.": ".htmlspecialchars($row->cat_name);
|
echo ">$row->cat_id : " . wp_specialchars($row->cat_name);
|
||||||
if ($row->auto_toggle == 'Y')
|
if ($row->auto_toggle == 'Y')
|
||||||
echo ' (auto toggle)';
|
echo ' (auto toggle)';
|
||||||
echo "</option>\n";
|
echo "</option>";
|
||||||
}
|
}
|
||||||
echo " </select>\n";
|
echo "\n</select>\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
$wpvarstoreset = array('action', 'cat_id', 'linkurl', 'name', 'image',
|
$wpvarstoreset = array('action', 'cat_id', 'linkurl', 'name', 'image',
|
||||||
|
@ -49,7 +49,7 @@ require('admin-header.php');
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<?php if ($_GET['added']) : ?>
|
<?php if ($_GET['added']) : ?>
|
||||||
<div class="updated"><p>Link added.</p></div>
|
<div class="updated"><p><?php _e('Link added.'); ?></p></div>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('<strong>Add</strong> a link:') ?></h2>
|
<h2><?php _e('<strong>Add</strong> a link:') ?></h2>
|
||||||
|
@ -59,11 +59,11 @@ require('admin-header.php');
|
||||||
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
||||||
<tr>
|
<tr>
|
||||||
<th width="33%" scope="row"><?php _e('URI:') ?></th>
|
<th width="33%" scope="row"><?php _e('URI:') ?></th>
|
||||||
<td width="67%"><input type="text" name="linkurl" value="<?php echo $_GET['linkurl']; ?>" style="width: 95%;" /></td>
|
<td width="67%"><input type="text" name="linkurl" value="<?php echo wp_specialchars($_GET['linkurl'], 1); ?>" style="width: 95%;" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e('Link Name:') ?></th>
|
<th scope="row"><?php _e('Link Name:') ?></th>
|
||||||
<td><input type="text" name="name" value="<?php echo urldecode($_GET['name']); ?>" style="width: 95%" /></td>
|
<td><input type="text" name="name" value="<?php echo wp_specialchars( urldecode($_GET['name']), 1 ); ?>" style="width: 95%" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e('Short description:') ?></th>
|
<th scope="row"><?php _e('Short description:') ?></th>
|
||||||
|
|
|
@ -28,7 +28,7 @@ switch ($action) {
|
||||||
if ($user_level < 5)
|
if ($user_level < 5)
|
||||||
die (__("Cheatin' uh ?"));
|
die (__("Cheatin' uh ?"));
|
||||||
|
|
||||||
$cat_name = addslashes($_POST['cat_name']);
|
$cat_name = wp_specialchars($_POST['cat_name']);
|
||||||
$auto_toggle = $_POST['auto_toggle'];
|
$auto_toggle = $_POST['auto_toggle'];
|
||||||
if ($auto_toggle != 'Y') {
|
if ($auto_toggle != 'Y') {
|
||||||
$auto_toggle = 'N';
|
$auto_toggle = 'N';
|
||||||
|
@ -79,7 +79,7 @@ switch ($action) {
|
||||||
} // end addcat
|
} // end addcat
|
||||||
case 'Delete':
|
case 'Delete':
|
||||||
{
|
{
|
||||||
$cat_id = $_GET['cat_id'];
|
$cat_id = (int) $_GET['cat_id'];
|
||||||
$cat_name=get_linkcatname($cat_id);
|
$cat_name=get_linkcatname($cat_id);
|
||||||
|
|
||||||
if ($cat_id=="1")
|
if ($cat_id=="1")
|
||||||
|
@ -97,7 +97,7 @@ switch ($action) {
|
||||||
case 'Edit':
|
case 'Edit':
|
||||||
{
|
{
|
||||||
include_once ('admin-header.php');
|
include_once ('admin-header.php');
|
||||||
$cat_id = $_GET['cat_id'];
|
$cat_id = (int) $_GET['cat_id'];
|
||||||
$row = $wpdb->get_row("SELECT cat_id, cat_name, auto_toggle, show_images, show_description, "
|
$row = $wpdb->get_row("SELECT cat_id, cat_name, auto_toggle, show_images, show_description, "
|
||||||
. " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
|
. " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
|
||||||
. " text_after_all, list_limit FROM $wpdb->linkcategories WHERE cat_id=$cat_id");
|
. " text_after_all, list_limit FROM $wpdb->linkcategories WHERE cat_id=$cat_id");
|
||||||
|
@ -108,7 +108,7 @@ switch ($action) {
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2>Edit “<?php echo htmlspecialchars($row->cat_name)?>” Category </h2>
|
<h2>Edit “<?php echo wp_specialchars($row->cat_name)?>” Category </h2>
|
||||||
|
|
||||||
<form name="editcat" method="post">
|
<form name="editcat" method="post">
|
||||||
<input type="hidden" name="action" value="editedcat" />
|
<input type="hidden" name="action" value="editedcat" />
|
||||||
|
@ -118,7 +118,7 @@ switch ($action) {
|
||||||
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
||||||
<tr>
|
<tr>
|
||||||
<th width="33%" scope="row"><?php _e('Name:') ?></th>
|
<th width="33%" scope="row"><?php _e('Name:') ?></th>
|
||||||
<td width="67%"><input name="cat_name" type="text" value="<?php echo htmlspecialchars($row->cat_name)?>" size="30" /></td>
|
<td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($row->cat_name)?>" size="30" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e('Show:') ?></th>
|
<th scope="row"><?php _e('Show:') ?></th>
|
||||||
|
@ -176,15 +176,15 @@ switch ($action) {
|
||||||
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
||||||
<tr>
|
<tr>
|
||||||
<th width="33%" scope="row"><?php _e('Before Link:') ?></th>
|
<th width="33%" scope="row"><?php _e('Before Link:') ?></th>
|
||||||
<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo htmlspecialchars($row->text_before_link)?>" /></td>
|
<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link)?>" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e('Between Link and Description:') ?></th>
|
<th scope="row"><?php _e('Between Link and Description:') ?></th>
|
||||||
<td><input type="text" name="text_after_link" size="45" value="<?php echo htmlspecialchars($row->text_after_link)?>" /></td>
|
<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link)?>" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e('After Link:') ?></th>
|
<th scope="row"><?php _e('After Link:') ?></th>
|
||||||
<td><input type="text" name="text_after_all" size="45" value="<?php echo htmlspecialchars($row->text_after_all)?>"/></td>
|
<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all)?>"/></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
|
@ -204,9 +204,9 @@ switch ($action) {
|
||||||
$submit=$_POST["submit"];
|
$submit=$_POST["submit"];
|
||||||
if (isset($submit)) {
|
if (isset($submit)) {
|
||||||
|
|
||||||
$cat_id=$_POST["cat_id"];
|
$cat_id = (int)$_POST["cat_id"];
|
||||||
|
|
||||||
$cat_name= $_POST["cat_name"];
|
$cat_name= wp_specialchars($_POST["cat_name"]);
|
||||||
$auto_toggle = $_POST["auto_toggle"];
|
$auto_toggle = $_POST["auto_toggle"];
|
||||||
if ($auto_toggle != 'Y') {
|
if ($auto_toggle != 'Y') {
|
||||||
$auto_toggle = 'N';
|
$auto_toggle = 'N';
|
||||||
|
@ -310,7 +310,7 @@ foreach ($results as $row) {
|
||||||
$style = ($i % 2) ? ' class="alternate"' : '';
|
$style = ($i % 2) ? ' class="alternate"' : '';
|
||||||
?>
|
?>
|
||||||
<tr valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;">
|
<tr valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;">
|
||||||
<td><?php echo htmlspecialchars($row->cat_name)?></td>
|
<td><?php echo wp_specialchars($row->cat_name)?></td>
|
||||||
<td ><?php echo $row->cat_id?></td>
|
<td ><?php echo $row->cat_id?></td>
|
||||||
<td><?php echo $row->auto_toggle?></td>
|
<td><?php echo $row->auto_toggle?></td>
|
||||||
<td><?php echo $row->show_images?></td>
|
<td><?php echo $row->show_images?></td>
|
||||||
|
|
|
@ -32,7 +32,7 @@ function category_dropdown($fieldname, $selected = 0) {
|
||||||
echo "\n\t<option value='$row->cat_id'";
|
echo "\n\t<option value='$row->cat_id'";
|
||||||
if ($row->cat_id == $selected)
|
if ($row->cat_id == $selected)
|
||||||
echo " selected='selected'";
|
echo " selected='selected'";
|
||||||
echo ">$row->cat_id: ".htmlspecialchars($row->cat_name);
|
echo ">$row->cat_id: ".wp_specialchars($row->cat_name);
|
||||||
if ('Y' == $row->auto_toggle)
|
if ('Y' == $row->auto_toggle)
|
||||||
echo ' (auto toggle)';
|
echo ' (auto toggle)';
|
||||||
echo "</option>\n";
|
echo "</option>\n";
|
||||||
|
@ -160,10 +160,10 @@ switch ($action) {
|
||||||
{
|
{
|
||||||
check_admin_referer();
|
check_admin_referer();
|
||||||
|
|
||||||
$link_url = $_POST['linkurl'];
|
$link_url = wp_specialchars($_POST['linkurl']);
|
||||||
$link_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $link_url) ? $link_url : 'http://' . $link_url;
|
$link_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $link_url) ? $link_url : 'http://' . $link_url;
|
||||||
$link_name = $_POST['name'];
|
$link_name = wp_specialchars($_POST['name']);
|
||||||
$link_image = $_POST['image'];
|
$link_image = wp_specialchars($_POST['image']);
|
||||||
$link_target = $_POST['target'];
|
$link_target = $_POST['target'];
|
||||||
$link_category = $_POST['category'];
|
$link_category = $_POST['category'];
|
||||||
$link_description = $_POST['description'];
|
$link_description = $_POST['description'];
|
||||||
|
@ -171,7 +171,7 @@ switch ($action) {
|
||||||
$link_rating = $_POST['rating'];
|
$link_rating = $_POST['rating'];
|
||||||
$link_rel = $_POST['rel'];
|
$link_rel = $_POST['rel'];
|
||||||
$link_notes = $_POST['notes'];
|
$link_notes = $_POST['notes'];
|
||||||
$link_rss_uri = $_POST['rss_uri'];
|
$link_rss_uri = wp_specialchars($_POST['rss_uri']);
|
||||||
$auto_toggle = get_autotoggle($link_category);
|
$auto_toggle = get_autotoggle($link_category);
|
||||||
|
|
||||||
if ($user_level < 5)
|
if ($user_level < 5)
|
||||||
|
@ -207,12 +207,12 @@ switch ($action) {
|
||||||
|
|
||||||
check_admin_referer();
|
check_admin_referer();
|
||||||
|
|
||||||
$link_id = $_POST['link_id'];
|
$link_id = (int) $_POST['link_id'];
|
||||||
$link_url = $_POST['linkurl'];
|
$link_url = wp_specialchars($_POST['linkurl']);
|
||||||
$link_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $link_url) ? $link_url : 'http://' . $link_url;
|
$link_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $link_url) ? $link_url : 'http://' . $link_url;
|
||||||
$link_name = $_POST['name'];
|
$link_name = wp_specialchars($_POST['name']);
|
||||||
$link_image = $_POST['image'];
|
$link_image = wp_specialchars($_POST['image']);
|
||||||
$link_target = $_POST['target'];
|
$link_target = wp_specialchars($_POST['target']);
|
||||||
$link_category = $_POST['category'];
|
$link_category = $_POST['category'];
|
||||||
$link_description = $_POST['description'];
|
$link_description = $_POST['description'];
|
||||||
$link_visible = $_POST['visible'];
|
$link_visible = $_POST['visible'];
|
||||||
|
@ -270,30 +270,29 @@ switch ($action) {
|
||||||
break;
|
break;
|
||||||
} // end Delete
|
} // end Delete
|
||||||
|
|
||||||
case 'linkedit':
|
case 'linkedit': {
|
||||||
{
|
|
||||||
$xfn = true;
|
$xfn = true;
|
||||||
include_once ('admin-header.php');
|
include_once ('admin-header.php');
|
||||||
if ($user_level < 5) {
|
if ($user_level < 5)
|
||||||
die(__('You do not have sufficient permissions to edit the links for this blog.'));
|
die(__('You do not have sufficient permissions to edit the links for this blog.'));
|
||||||
}
|
|
||||||
$link_id = (int) $_GET['link_id'];
|
$link_id = (int) $_GET['link_id'];
|
||||||
$row = $wpdb->get_row("SELECT *
|
$row = $wpdb->get_row("SELECT * FROM $wpdb->links WHERE link_id = $link_id");
|
||||||
FROM $wpdb->links
|
|
||||||
WHERE link_id = $link_id");
|
|
||||||
|
|
||||||
if ($row) {
|
if ($row) {
|
||||||
$link_url = htmlspecialchars($row->link_url);
|
$link_url = wp_specialchars($row->link_url, 1);
|
||||||
$link_name = htmlspecialchars($row->link_name);
|
$link_name = wp_specialchars($row->link_name, 1);
|
||||||
$link_image = $row->link_image;
|
$link_image = $row->link_image;
|
||||||
$link_target = $row->link_target;
|
$link_target = $row->link_target;
|
||||||
$link_category = $row->link_category;
|
$link_category = $row->link_category;
|
||||||
$link_description = htmlspecialchars($row->link_description);
|
$link_description = wp_specialchars($row->link_description);
|
||||||
$link_visible = $row->link_visible;
|
$link_visible = $row->link_visible;
|
||||||
$link_rating = $row->link_rating;
|
$link_rating = $row->link_rating;
|
||||||
$link_rel = $row->link_rel;
|
$link_rel = $row->link_rel;
|
||||||
$link_notes = htmlspecialchars($row->link_notes);
|
$link_notes = wp_specialchars($row->link_notes);
|
||||||
$link_rss_uri = htmlspecialchars($row->link_rss);
|
$link_rss_uri = wp_specialchars($row->link_rss);
|
||||||
|
} else {
|
||||||
|
die( __('Link not found.') );
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
@ -492,9 +491,9 @@ switch ($action) {
|
||||||
</fieldset>
|
</fieldset>
|
||||||
<p class="submit"><input type="submit" name="submit" value="<?php _e('Save Changes »') ?>" />
|
<p class="submit"><input type="submit" name="submit" value="<?php _e('Save Changes »') ?>" />
|
||||||
<input type="hidden" name="action" value="editlink" />
|
<input type="hidden" name="action" value="editlink" />
|
||||||
<input type="hidden" name="link_id" value="<?php echo $link_id; ?>" />
|
<input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
|
||||||
<input type="hidden" name="order_by" value="<?php echo $order_by ?>" />
|
<input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
|
||||||
<input type="hidden" name="cat_id" value="<?php echo $cat_id ?>" /></p>
|
<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" /></p>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
<?php
|
<?php
|
||||||
|
@ -598,7 +597,7 @@ function checkAll(form)
|
||||||
echo " <option value=\"".$row->cat_id."\"";
|
echo " <option value=\"".$row->cat_id."\"";
|
||||||
if ($row->cat_id == $cat_id)
|
if ($row->cat_id == $cat_id)
|
||||||
echo " selected='selected'";
|
echo " selected='selected'";
|
||||||
echo ">".$row->cat_id.": ".htmlspecialchars($row->cat_name);
|
echo ">".$row->cat_id.": ".wp_specialchars($row->cat_name);
|
||||||
if ($row->auto_toggle == 'Y')
|
if ($row->auto_toggle == 'Y')
|
||||||
echo ' (auto toggle)';
|
echo ' (auto toggle)';
|
||||||
echo "</option>\n";
|
echo "</option>\n";
|
||||||
|
@ -630,8 +629,8 @@ function checkAll(form)
|
||||||
|
|
||||||
<input type="hidden" name="link_id" value="" />
|
<input type="hidden" name="link_id" value="" />
|
||||||
<input type="hidden" name="action" value="" />
|
<input type="hidden" name="action" value="" />
|
||||||
<input type="hidden" name="order_by" value="<?php echo $order_by ?>" />
|
<input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
|
||||||
<input type="hidden" name="cat_id" value="<?php echo $cat_id ?>" />
|
<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
|
||||||
<table width="100%" cellpadding="3" cellspacing="3">
|
<table width="100%" cellpadding="3" cellspacing="3">
|
||||||
<tr>
|
<tr>
|
||||||
<th width="15%"><?php _e('Name') ?></th>
|
<th width="15%"><?php _e('Name') ?></th>
|
||||||
|
@ -660,10 +659,10 @@ function checkAll(form)
|
||||||
$links = $wpdb->get_results($sql);
|
$links = $wpdb->get_results($sql);
|
||||||
if ($links) {
|
if ($links) {
|
||||||
foreach ($links as $link) {
|
foreach ($links as $link) {
|
||||||
$link->link_name = htmlspecialchars($link->link_name);
|
$link->link_name = wp_specialchars($link->link_name);
|
||||||
$link->link_category = htmlspecialchars($link->link_category);
|
$link->link_category = wp_specialchars($link->link_category);
|
||||||
$link->link_description = htmlspecialchars($link->link_description);
|
$link->link_description = wp_specialchars($link->link_description);
|
||||||
$link->link_url = htmlspecialchars($link->link_url);
|
$link->link_url = wp_specialchars($link->link_url);
|
||||||
$short_url = str_replace('http://', '', $link->link_url);
|
$short_url = str_replace('http://', '', $link->link_url);
|
||||||
$short_url = str_replace('www.', '', $short_url);
|
$short_url = str_replace('www.', '', $short_url);
|
||||||
if ('/' == substr($short_url, -1))
|
if ('/' == substr($short_url, -1))
|
||||||
|
@ -753,6 +752,4 @@ LINKS;
|
||||||
} // end case
|
} // end case
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<?php include('admin-footer.php'); ?>
|
<?php include('admin-footer.php'); ?>
|
|
@ -48,7 +48,7 @@ case 'update':
|
||||||
// should we even bother checking?
|
// should we even bother checking?
|
||||||
if ($user_level >= $option->option_admin_level) {
|
if ($user_level >= $option->option_admin_level) {
|
||||||
$old_val = $option->option_value;
|
$old_val = $option->option_value;
|
||||||
$new_val = $_POST[$option->option_name];
|
$new_val = wp_specialchars($_POST[$option->option_name]);
|
||||||
if (!$new_val) {
|
if (!$new_val) {
|
||||||
if (3 == $option->option_type)
|
if (3 == $option->option_type)
|
||||||
$new_val = '';
|
$new_val = '';
|
||||||
|
@ -88,7 +88,7 @@ default:
|
||||||
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
|
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
|
||||||
|
|
||||||
foreach ($options as $option) :
|
foreach ($options as $option) :
|
||||||
$value = htmlspecialchars($option->option_value);
|
$value = wp_specialchars($option->option_value);
|
||||||
echo "
|
echo "
|
||||||
<tr>
|
<tr>
|
||||||
<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
|
<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
|
||||||
|
|
|
@ -67,7 +67,7 @@ default:
|
||||||
if (!$error) {
|
if (!$error) {
|
||||||
$f = fopen($real_file, 'r');
|
$f = fopen($real_file, 'r');
|
||||||
$content = fread($f, filesize($real_file));
|
$content = fread($f, filesize($real_file));
|
||||||
$content = htmlspecialchars($content);
|
$content = wp_specialchars($content);
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -656,7 +656,7 @@ default:
|
||||||
$post_pingback = get_settings('default_pingback_flag');
|
$post_pingback = get_settings('default_pingback_flag');
|
||||||
$default_post_cat = get_settings('default_category');
|
$default_post_cat = get_settings('default_category');
|
||||||
|
|
||||||
$content = htmlspecialchars($content);
|
$content = wp_specialchars($content);
|
||||||
$content = apply_filters('default_content', $content);
|
$content = apply_filters('default_content', $content);
|
||||||
$edited_post_title = apply_filters('default_title', $edited_post_title);
|
$edited_post_title = apply_filters('default_title', $edited_post_title);
|
||||||
$excerpt = apply_filters('default_excerpt', $excerpt);
|
$excerpt = apply_filters('default_excerpt', $excerpt);
|
||||||
|
@ -677,7 +677,7 @@ $bookmarklet_height= (get_settings('use_trackback')) ? 480 : 440;
|
||||||
|
|
||||||
if ($is_NS4 || $is_gecko) {
|
if ($is_NS4 || $is_gecko) {
|
||||||
?>
|
?>
|
||||||
<a href="javascript:if(navigator.userAgent.indexOf('Safari') >= 0){Q=getSelection();}else{Q=document.selection?document.selection.createRange().text:document.getSelection();}void(window.open('<?php echo get_settings('siteurl') ?>/wp-admin/bookmarklet.php?text='+encodeURIComponent(Q)+'&popupurl='+encodeURIComponent(location.href)+'&popuptitle='+encodeURIComponent(document.title),'<?php _e('WordPress bookmarklet') ?>','scrollbars=yes,width=600,height=460,left=100,top=150,status=yes'));"><?php printf(__('Press It - %s'), htmlspecialchars(get_settings('blogname'))); ?></a>
|
<a href="javascript:if(navigator.userAgent.indexOf('Safari') >= 0){Q=getSelection();}else{Q=document.selection?document.selection.createRange().text:document.getSelection();}void(window.open('<?php echo get_settings('siteurl') ?>/wp-admin/bookmarklet.php?text='+encodeURIComponent(Q)+'&popupurl='+encodeURIComponent(location.href)+'&popuptitle='+encodeURIComponent(document.title),'<?php _e('WordPress bookmarklet') ?>','scrollbars=yes,width=600,height=460,left=100,top=150,status=yes'));"><?php printf(__('Press It - %s'), wp_specialchars(get_settings('blogname'))); ?></a>
|
||||||
<?php
|
<?php
|
||||||
} else if ($is_winIE) {
|
} else if ($is_winIE) {
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
<?php
|
<?php
|
||||||
require_once('admin.php');
|
require_once('admin.php');
|
||||||
|
|
||||||
$title = "Profile";
|
$title = 'Profile';
|
||||||
$parent_file = 'profile.php';
|
$parent_file = 'profile.php';
|
||||||
|
|
||||||
$wpvarstoreset = array('action','redirect','profile','user');
|
$wpvarstoreset = array('action', 'profile', 'user');
|
||||||
for ($i=0; $i<count($wpvarstoreset); $i += 1) {
|
for ($i=0; $i<count($wpvarstoreset); $i += 1) {
|
||||||
$wpvar = $wpvarstoreset[$i];
|
$wpvar = $wpvarstoreset[$i];
|
||||||
if (!isset($$wpvar)) {
|
if (!isset($$wpvar)) {
|
||||||
|
@ -66,18 +66,18 @@ case 'update':
|
||||||
setcookie('wordpresspass_' . COOKIEHASH, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
|
setcookie('wordpresspass_' . COOKIEHASH, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
|
||||||
}
|
}
|
||||||
|
|
||||||
$newuser_firstname = $_POST['newuser_firstname'];
|
$newuser_firstname = wp_specialchars($_POST['newuser_firstname']);
|
||||||
$newuser_lastname = $_POST['newuser_lastname'];
|
$newuser_lastname = wp_specialchars($_POST['newuser_lastname']);
|
||||||
$newuser_nickname = $_POST['newuser_nickname'];
|
$newuser_nickname = $_POST['newuser_nickname'];
|
||||||
$newuser_nicename = sanitize_title($newuser_nickname);
|
$newuser_nicename = sanitize_title($newuser_nickname);
|
||||||
$newuser_icq = $_POST['newuser_icq'];
|
$newuser_icq = wp_specialchars($_POST['newuser_icq']);
|
||||||
$newuser_aim = $_POST['newuser_aim'];
|
$newuser_aim = wp_specialchars($_POST['newuser_aim']);
|
||||||
$newuser_msn = $_POST['newuser_msn'];
|
$newuser_msn = wp_specialchars($_POST['newuser_msn']);
|
||||||
$newuser_yim = $_POST['newuser_yim'];
|
$newuser_yim = wp_specialchars($_POST['newuser_yim']);
|
||||||
$newuser_email = $_POST['newuser_email'];
|
$newuser_email = wp_specialchars($_POST['newuser_email']);
|
||||||
$newuser_url = $_POST['newuser_url'];
|
$newuser_url = wp_specialchars($_POST['newuser_url')];
|
||||||
$newuser_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $newuser_url) ? $newuser_url : 'http://' . $newuser_url;
|
$newuser_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $newuser_url) ? $newuser_url : 'http://' . $newuser_url;
|
||||||
$newuser_idmode=$_POST['newuser_idmode'];
|
$newuser_idmode = wp_specialchars($_POST['newuser_idmode']);
|
||||||
$user_description = $_POST['user_description'];
|
$user_description = $_POST['user_description'];
|
||||||
|
|
||||||
$result = $wpdb->query("UPDATE $wpdb->users SET user_firstname='$newuser_firstname', $updatepassword user_lastname='$newuser_lastname', user_nickname='$newuser_nickname', user_icq='$newuser_icq', user_email='$newuser_email', user_url='$newuser_url', user_aim='$newuser_aim', user_msn='$newuser_msn', user_yim='$newuser_yim', user_idmode='$newuser_idmode', user_description = '$user_description', user_nicename = '$newuser_nicename' WHERE ID = $user_ID");
|
$result = $wpdb->query("UPDATE $wpdb->users SET user_firstname='$newuser_firstname', $updatepassword user_lastname='$newuser_lastname', user_nickname='$newuser_nickname', user_icq='$newuser_icq', user_email='$newuser_email', user_url='$newuser_url', user_aim='$newuser_aim', user_msn='$newuser_msn', user_yim='$newuser_yim', user_idmode='$newuser_idmode', user_description = '$user_description', user_nicename = '$newuser_nicename' WHERE ID = $user_ID");
|
||||||
|
|
|
@ -30,7 +30,7 @@ if ('b' == $_GET['a']) {
|
||||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||||
<head>
|
<head>
|
||||||
<title>WordPress › Sidebar</title>
|
<title>WordPress › Sidebar</title>
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $blog_charset ?>" />
|
<meta http-equiv="Content-Type" content="text/html; charset=<?php bloginfo('blog_charset'); ?>" />
|
||||||
<link rel="stylesheet" href="wp-admin.css" type="text/css" />
|
<link rel="stylesheet" href="wp-admin.css" type="text/css" />
|
||||||
<link rel="shortcut icon" href="../wp-images/wp-favicon.png" />
|
<link rel="shortcut icon" href="../wp-images/wp-favicon.png" />
|
||||||
<style type="text/css" media="screen">
|
<style type="text/css" media="screen">
|
||||||
|
|
|
@ -63,7 +63,7 @@ default:
|
||||||
if (!$error) {
|
if (!$error) {
|
||||||
$f = fopen($real_file, 'r');
|
$f = fopen($real_file, 'r');
|
||||||
$content = fread($f, filesize($real_file));
|
$content = fread($f, filesize($real_file));
|
||||||
$content = htmlspecialchars($content);
|
$content = wp_specialchars($content);
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
@ -73,9 +73,9 @@ default:
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php
|
<?php
|
||||||
if (is_writeable($real_file)) {
|
if (is_writeable($real_file)) {
|
||||||
echo '<h2>' . sprintf(__('Editing <strong>%s</strong>'), $file) . '</h2>';
|
echo '<h2>' . sprintf(__('Editing <strong>%s</strong>'), wp_specialchars($file) ) . '</h2>';
|
||||||
} else {
|
} else {
|
||||||
echo '<h2>' . sprintf(__('Browsing <strong>%s</strong>'), $file) . '</h2>';
|
echo '<h2>' . sprintf(__('Browsing <strong>%s</strong>'), wp_specialchars($file) ) . '</h2>';
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<div id="templateside">
|
<div id="templateside">
|
||||||
|
|
|
@ -73,7 +73,7 @@ default:
|
||||||
if (!$error) {
|
if (!$error) {
|
||||||
$f = fopen($real_file, 'r');
|
$f = fopen($real_file, 'r');
|
||||||
$content = fread($f, filesize($real_file));
|
$content = fread($f, filesize($real_file));
|
||||||
$content = htmlspecialchars($content);
|
$content = wp_specialchars($content);
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -45,19 +45,19 @@ if ($_POST['pass1'] == '') {
|
||||||
$updatepassword = "user_pass=MD5('$new_pass'), ";
|
$updatepassword = "user_pass=MD5('$new_pass'), ";
|
||||||
}
|
}
|
||||||
|
|
||||||
$new_user_login = $_POST['new_user_login'];
|
$new_user_login = wp_specialchars($_POST['new_user_login']);
|
||||||
$new_firstname = $_POST['new_firstname'];
|
$new_firstname = wp_specialchars($_POST['new_firstname']);
|
||||||
$new_lastname = $_POST['new_lastname'];
|
$new_lastname = wp_specialchars($_POST['new_lastname']);
|
||||||
$new_nickname = $_POST['new_nickname'];
|
$new_nickname = $_POST['new_nickname'];
|
||||||
$new_nicename = sanitize_title($new_nickname, $user_id);
|
$new_nicename = sanitize_title($new_nickname, $user_id);
|
||||||
$new_icq = $_POST['new_icq'];
|
$new_icq = wp_specialchars($_POST['new_icq']);
|
||||||
$new_aim = $_POST['new_aim'];
|
$new_aim = wp_specialchars($_POST['new_aim']);
|
||||||
$new_msn = $_POST['new_msn'];
|
$new_msn = wp_specialchars($_POST['new_msn']);
|
||||||
$new_yim = $_POST['new_yim'];
|
$new_yim = wp_specialchars($_POST['new_yim']);
|
||||||
$new_email = $_POST['new_email'];
|
$new_email = wp_specialchars($_POST['new_email']);
|
||||||
$new_url = $_POST['new_url'];
|
$new_url = wp_specialchars($_POST['new_url']);
|
||||||
$new_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $new_url) ? $new_url : 'http://' . $new_url;
|
$new_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $new_url) ? $new_url : 'http://' . $new_url;
|
||||||
$new_idmode = $_POST['new_idmode'];
|
$new_idmode = wp_specialchars($_POST['new_idmode']);
|
||||||
$new_description = $_POST['new_description'];
|
$new_description = $_POST['new_description'];
|
||||||
|
|
||||||
$result = $wpdb->query("UPDATE $wpdb->users SET user_login = '$new_user_login', user_firstname = '$new_firstname', $updatepassword user_lastname='$new_lastname', user_nickname='$new_nickname', user_icq='$new_icq', user_email='$new_email', user_url='$new_url', user_aim='$new_aim', user_msn='$new_msn', user_yim='$new_yim', user_idmode='$new_idmode', user_description = '$new_description', user_nicename = '$new_nicename' WHERE ID = $user_id");
|
$result = $wpdb->query("UPDATE $wpdb->users SET user_login = '$new_user_login', user_firstname = '$new_firstname', $updatepassword user_lastname='$new_lastname', user_nickname='$new_nickname', user_icq='$new_icq', user_email='$new_email', user_url='$new_url', user_aim='$new_aim', user_msn='$new_msn', user_yim='$new_yim', user_idmode='$new_idmode', user_description = '$new_description', user_nicename = '$new_nicename' WHERE ID = $user_id");
|
||||||
|
@ -196,6 +196,5 @@ if ($edituser->user_level >= $user_level) die( __('You do not have permission to
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* </Team> */
|
|
||||||
include('admin-footer.php');
|
include('admin-footer.php');
|
||||||
?>
|
?>
|
|
@ -4,7 +4,7 @@ require_once('admin.php');
|
||||||
$title = __('Users');
|
$title = __('Users');
|
||||||
$parent_file = 'users.php';
|
$parent_file = 'users.php';
|
||||||
|
|
||||||
$wpvarstoreset = array('action','standalone','redirect','profile');
|
$wpvarstoreset = array('action');
|
||||||
for ($i=0; $i<count($wpvarstoreset); $i += 1) {
|
for ($i=0; $i<count($wpvarstoreset); $i += 1) {
|
||||||
$wpvar = $wpvarstoreset[$i];
|
$wpvar = $wpvarstoreset[$i];
|
||||||
if (!isset($$wpvar)) {
|
if (!isset($$wpvar)) {
|
||||||
|
@ -24,17 +24,13 @@ switch ($action) {
|
||||||
case 'adduser':
|
case 'adduser':
|
||||||
check_admin_referer();
|
check_admin_referer();
|
||||||
|
|
||||||
function filter($value) {
|
$user_login = wp_specialchars($_POST['user_login']);
|
||||||
return ereg('^[a-zA-Z0-9\_-\|]+$',$value);
|
|
||||||
}
|
|
||||||
|
|
||||||
$user_login = $_POST['user_login'];
|
|
||||||
$pass1 = $_POST['pass1'];
|
$pass1 = $_POST['pass1'];
|
||||||
$pass2 = $_POST['pass2'];
|
$pass2 = $_POST['pass2'];
|
||||||
$user_email = $_POST['email'];
|
$user_email = wp_specialchars($_POST['email']);
|
||||||
$user_firstname = $_POST['firstname'];
|
$user_firstname = wp_specialchars($_POST['firstname']);
|
||||||
$user_lastname = $_POST['lastname'];
|
$user_lastname = wp_specialchars($_POST['lastname']);
|
||||||
$user_uri = $_POST['uri'];
|
$user_uri = wp_specialchars($_POST['uri']);
|
||||||
|
|
||||||
/* checking login has been typed */
|
/* checking login has been typed */
|
||||||
if ($user_login == '') {
|
if ($user_login == '') {
|
||||||
|
@ -130,7 +126,7 @@ case 'delete':
|
||||||
|
|
||||||
check_admin_referer();
|
check_admin_referer();
|
||||||
|
|
||||||
$id = intval($_GET['id']);
|
$id = (int) $_GET['id'];
|
||||||
|
|
||||||
if (!$id) {
|
if (!$id) {
|
||||||
header('Location: users.php');
|
header('Location: users.php');
|
||||||
|
@ -228,8 +224,8 @@ default:
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
$users = $wpdb->get_results("SELECT * FROM $wpdb->users WHERE user_level = 0 ORDER BY ID");
|
$users = $wpdb->get_results("SELECT * FROM $wpdb->users WHERE user_level = 0 ORDER BY ID");
|
||||||
if ($users) {
|
if ($users) {
|
||||||
?>
|
?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Registered Users') ?></h2>
|
<h2><?php _e('Registered Users') ?></h2>
|
||||||
|
|
|
@ -63,7 +63,7 @@ if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH
|
||||||
<input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
|
<input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
|
||||||
<label for="author"><?php _e("Name"); ?></label>
|
<label for="author"><?php _e("Name"); ?></label>
|
||||||
<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
|
<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
|
||||||
<input type="hidden" name="redirect_to" value="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]); ?>" />
|
<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
|
|
@ -41,7 +41,7 @@
|
||||||
<input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
|
<input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
|
||||||
<label for="author"><?php _e('Name'); ?></label> <?php if ($req) _e('(required)'); ?>
|
<label for="author"><?php _e('Name'); ?></label> <?php if ($req) _e('(required)'); ?>
|
||||||
<input type="hidden" name="comment_post_ID" value="<?php echo $post->ID; ?>" />
|
<input type="hidden" name="comment_post_ID" value="<?php echo $post->ID; ?>" />
|
||||||
<input type="hidden" name="redirect_to" value="<?php echo htmlspecialchars($_SERVER['REQUEST_URI']); ?>" />
|
<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER['REQUEST_URI']); ?>" />
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
|
|
@ -57,6 +57,7 @@ class WP_Query {
|
||||||
parse_str($query, $qv);
|
parse_str($query, $qv);
|
||||||
$this->query = $query;
|
$this->query = $query;
|
||||||
$this->query_vars = $qv;
|
$this->query_vars = $qv;
|
||||||
|
$qv['m'] = (int) $qv['m'];
|
||||||
|
|
||||||
if ('' != $qv['name']) {
|
if ('' != $qv['name']) {
|
||||||
$this->is_single = true;
|
$this->is_single = true;
|
||||||
|
@ -71,45 +72,44 @@ class WP_Query {
|
||||||
$this->is_single = false;
|
$this->is_single = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $qv['second']) {
|
if ( (int) $qv['second']) {
|
||||||
$this->is_time = true;
|
$this->is_time = true;
|
||||||
$this->is_date = true;
|
$this->is_date = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $qv['minute']) {
|
if ( (int) $qv['minute']) {
|
||||||
$this->is_time = true;
|
$this->is_time = true;
|
||||||
$this->is_date = true;
|
$this->is_date = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $qv['hour']) {
|
if ( (int) $qv['hour']) {
|
||||||
$this->is_time = true;
|
$this->is_time = true;
|
||||||
$this->is_date = true;
|
$this->is_date = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $qv['day']) {
|
if ( (int) $qv['day']) {
|
||||||
if (! $this->is_date) {
|
if (! $this->is_date) {
|
||||||
$this->is_day = true;
|
$this->is_day = true;
|
||||||
$this->is_date = true;
|
$this->is_date = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $qv['monthnum']) {
|
if ( (int) $qv['monthnum']) {
|
||||||
if (! $this->is_date) {
|
if (! $this->is_date) {
|
||||||
$this->is_month = true;
|
$this->is_month = true;
|
||||||
$this->is_date = true;
|
$this->is_date = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $qv['year']) {
|
if ( (int) $qv['year']) {
|
||||||
if (! $this->is_date) {
|
if (! $this->is_date) {
|
||||||
$this->is_year = true;
|
$this->is_year = true;
|
||||||
$this->is_date = true;
|
$this->is_date = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $qv['m']) {
|
if ( (int) $qv['m']) {
|
||||||
$this->is_date = true;
|
$this->is_date = true;
|
||||||
|
|
||||||
if (strlen($qv['m']) > 9) {
|
if (strlen($qv['m']) > 9) {
|
||||||
$this->is_time = true;
|
$this->is_time = true;
|
||||||
} else if (strlen($qv['m']) > 7) {
|
} else if (strlen($qv['m']) > 7) {
|
||||||
|
@ -232,7 +232,7 @@ class WP_Query {
|
||||||
$wp_posts_post_date_field = "post_date"; // "DATE_ADD(post_date, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)";
|
$wp_posts_post_date_field = "post_date"; // "DATE_ADD(post_date, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)";
|
||||||
|
|
||||||
// If a month is specified in the querystring, load that month
|
// If a month is specified in the querystring, load that month
|
||||||
if ('' != $q['m']) {
|
if ( (int) $q['m'] ) {
|
||||||
$q['m'] = '' . preg_replace('|[^0-9]|', '', $q['m']);
|
$q['m'] = '' . preg_replace('|[^0-9]|', '', $q['m']);
|
||||||
$where .= ' AND YEAR(post_date)=' . substr($q['m'], 0, 4);
|
$where .= ' AND YEAR(post_date)=' . substr($q['m'], 0, 4);
|
||||||
if (strlen($q['m'])>5)
|
if (strlen($q['m'])>5)
|
||||||
|
@ -247,32 +247,32 @@ class WP_Query {
|
||||||
$where .= ' AND SECOND(post_date)=' . substr($q['m'], 12, 2);
|
$where .= ' AND SECOND(post_date)=' . substr($q['m'], 12, 2);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $q['hour']) {
|
if ( (int) $q['hour'] ) {
|
||||||
$q['hour'] = '' . intval($q['hour']);
|
$q['hour'] = '' . intval($q['hour']);
|
||||||
$where .= " AND HOUR(post_date)='" . $q['hour'] . "'";
|
$where .= " AND HOUR(post_date)='" . $q['hour'] . "'";
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $q['minute']) {
|
if ( (int) $q['minute'] ) {
|
||||||
$q['minute'] = '' . intval($q['minute']);
|
$q['minute'] = '' . intval($q['minute']);
|
||||||
$where .= " AND MINUTE(post_date)='" . $q['minute'] . "'";
|
$where .= " AND MINUTE(post_date)='" . $q['minute'] . "'";
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $q['second']) {
|
if ( (int) $q['second'] ) {
|
||||||
$q['second'] = '' . intval($q['second']);
|
$q['second'] = '' . intval($q['second']);
|
||||||
$where .= " AND SECOND(post_date)='" . $q['second'] . "'";
|
$where .= " AND SECOND(post_date)='" . $q['second'] . "'";
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $q['year']) {
|
if ( (int) $q['year'] ) {
|
||||||
$q['year'] = '' . intval($q['year']);
|
$q['year'] = '' . intval($q['year']);
|
||||||
$where .= " AND YEAR(post_date)='" . $q['year'] . "'";
|
$where .= " AND YEAR(post_date)='" . $q['year'] . "'";
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $q['monthnum']) {
|
if ( (int) $q['monthnum'] ) {
|
||||||
$q['monthnum'] = '' . intval($q['monthnum']);
|
$q['monthnum'] = '' . intval($q['monthnum']);
|
||||||
$where .= " AND MONTH(post_date)='" . $q['monthnum'] . "'";
|
$where .= " AND MONTH(post_date)='" . $q['monthnum'] . "'";
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('' != $q['day']) {
|
if ( (int) $q['day'] ) {
|
||||||
$q['day'] = '' . intval($q['day']);
|
$q['day'] = '' . intval($q['day']);
|
||||||
$where .= " AND DAYOFMONTH(post_date)='" . $q['day'] . "'";
|
$where .= " AND DAYOFMONTH(post_date)='" . $q['day'] . "'";
|
||||||
}
|
}
|
||||||
|
@ -287,15 +287,15 @@ class WP_Query {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if ('' != $q['w']) {
|
if ( (int) $q['w'] ) {
|
||||||
$q['w'] = ''.intval($q['w']);
|
$q['w'] = ''.intval($q['w']);
|
||||||
$where .= " AND WEEK(post_date, 1)='" . $q['w'] . "'";
|
$where .= " AND WEEK(post_date, 1)='" . $q['w'] . "'";
|
||||||
}
|
}
|
||||||
|
|
||||||
// If a post number is specified, load that post
|
// If a post number is specified, load that post
|
||||||
if (($q['p'] != '') && ($q['p'] != 'all')) {
|
if (($q['p'] != '') && ($q['p'] != 'all')) {
|
||||||
$q['p'] = intval($q['p']);
|
$q['p'] = (int) $q['p'];
|
||||||
$where = ' AND ID = '.$q['p'];
|
$where = ' AND ID = ' . $q['p'];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (($q['page_id'] != '') && ($q['page_id'] != 'all')) {
|
if (($q['page_id'] != '') && ($q['page_id'] != 'all')) {
|
||||||
|
|
|
@ -97,6 +97,18 @@ function seems_utf8($Str) { # by bmorel at ssi dot fr
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function wp_specialchars( $text, $quotes = 0 ) {
|
||||||
|
// Like htmlspecialchars except don't double-encode HTML entities
|
||||||
|
$text = preg_replace('/&([^#])(?![a-z12]{1,8};)/', '&$1', $text);-
|
||||||
|
$text = str_replace('<', '<', $text);
|
||||||
|
$text = str_replace('>', '>', $text);
|
||||||
|
if ( $quotes ) {
|
||||||
|
$text = str_replace('"', '"', $text);
|
||||||
|
$text = str_replace('"', ''', $text);
|
||||||
|
}
|
||||||
|
return $text;
|
||||||
|
}
|
||||||
|
|
||||||
function utf8_uri_encode( $utf8_string ) {
|
function utf8_uri_encode( $utf8_string ) {
|
||||||
$unicode = '';
|
$unicode = '';
|
||||||
$values = array();
|
$values = array();
|
||||||
|
|
|
@ -389,12 +389,12 @@ function wp_new_comment($commentdata) {
|
||||||
$comment_post_ID = (int) $comment_post_ID;
|
$comment_post_ID = (int) $comment_post_ID;
|
||||||
|
|
||||||
$comment_author = strip_tags($comment_author);
|
$comment_author = strip_tags($comment_author);
|
||||||
$comment_author = htmlspecialchars($comment_author);
|
$comment_author = wp_specialchars($comment_author);
|
||||||
|
|
||||||
$comment_author_email = preg_replace('/[^a-z+_.@-]/i', '', $comment_author_email);
|
$comment_author_email = preg_replace('/[^a-z+_.@-]/i', '', $comment_author_email);
|
||||||
|
|
||||||
$comment_author_url = strip_tags($comment_author_url);
|
$comment_author_url = strip_tags($comment_author_url);
|
||||||
$comment_author_url = htmlspecialchars($comment_author_url);
|
$comment_author_url = wp_specialchars($comment_author_url);
|
||||||
|
|
||||||
$comment_content = apply_filters('comment_content_presave', $comment_content);
|
$comment_content = apply_filters('comment_content_presave', $comment_content);
|
||||||
|
|
||||||
|
|
|
@ -361,7 +361,7 @@ function get_option($option) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function form_option($option) {
|
function form_option($option) {
|
||||||
echo htmlspecialchars( get_option($option) );
|
echo htmlspecialchars( get_option($option), ENT_QUOTES );
|
||||||
}
|
}
|
||||||
|
|
||||||
function get_alloptions() {
|
function get_alloptions() {
|
||||||
|
|
|
@ -176,14 +176,14 @@ function get_links($category = -1, $before = '', $after = '<br />',
|
||||||
}
|
}
|
||||||
$the_link = '#';
|
$the_link = '#';
|
||||||
if (($row->link_url != null) && ($row->link_url != '')) {
|
if (($row->link_url != null) && ($row->link_url != '')) {
|
||||||
$the_link = htmlspecialchars($row->link_url);
|
$the_link = wp_specialchars($row->link_url);
|
||||||
}
|
}
|
||||||
$rel = $row->link_rel;
|
$rel = $row->link_rel;
|
||||||
if ($rel != '') {
|
if ($rel != '') {
|
||||||
$rel = " rel='$rel'";
|
$rel = " rel='$rel'";
|
||||||
}
|
}
|
||||||
$desc = htmlspecialchars($row->link_description, ENT_QUOTES);
|
$desc = wp_specialchars($row->link_description, ENT_QUOTES);
|
||||||
$name = htmlspecialchars($row->link_name, ENT_QUOTES);
|
$name = wp_specialchars($row->link_name, ENT_QUOTES);
|
||||||
|
|
||||||
$title = $desc;
|
$title = $desc;
|
||||||
|
|
||||||
|
|
|
@ -72,7 +72,7 @@ function the_author_posts() {
|
||||||
function the_author_posts_link($idmode='') {
|
function the_author_posts_link($idmode='') {
|
||||||
global $id, $authordata;
|
global $id, $authordata;
|
||||||
|
|
||||||
echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars(the_author($idmode, false))) . '">' . the_author($idmode, false) . '</a>';
|
echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars(the_author($idmode, false))) . '">' . the_author($idmode, false) . '</a>';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -141,7 +141,7 @@ function list_authors($optioncount = false, $exclude_admin = true, $show_fullnam
|
||||||
if ($posts == 0) {
|
if ($posts == 0) {
|
||||||
if (! $hide_empty) echo $name;
|
if (! $hide_empty) echo $name;
|
||||||
} else {
|
} else {
|
||||||
$link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars($author->user_nickname)) . '">' . $name . '</a>';
|
$link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars($author->user_nickname)) . '">' . $name . '</a>';
|
||||||
|
|
||||||
if ( (! empty($feed_image)) || (! empty($feed)) ) {
|
if ( (! empty($feed_image)) || (! empty($feed)) ) {
|
||||||
|
|
||||||
|
|
|
@ -356,9 +356,9 @@ function list_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_orde
|
||||||
$num_found++;
|
$num_found++;
|
||||||
$link = '<a href="'.get_category_link(0, $category->cat_ID, $category->category_nicename).'" ';
|
$link = '<a href="'.get_category_link(0, $category->cat_ID, $category->category_nicename).'" ';
|
||||||
if ($use_desc_for_title == 0 || empty($category->category_description)) {
|
if ($use_desc_for_title == 0 || empty($category->category_description)) {
|
||||||
$link .= 'title="'. sprintf(__("View all posts filed under %s"), htmlspecialchars($category->cat_name)) . '"';
|
$link .= 'title="'. sprintf(__("View all posts filed under %s"), wp_specialchars($category->cat_name)) . '"';
|
||||||
} else {
|
} else {
|
||||||
$link .= 'title="' . htmlspecialchars($category->category_description) . '"';
|
$link .= 'title="' . wp_specialchars($category->category_description) . '"';
|
||||||
}
|
}
|
||||||
$link .= '>';
|
$link .= '>';
|
||||||
$link .= apply_filters('list_cats', $category->cat_name).'</a>';
|
$link .= apply_filters('list_cats', $category->cat_name).'</a>';
|
||||||
|
|
|
@ -282,7 +282,7 @@ function comment_author_rss() {
|
||||||
if (empty($comment->comment_author)) {
|
if (empty($comment->comment_author)) {
|
||||||
echo 'Anonymous';
|
echo 'Anonymous';
|
||||||
} else {
|
} else {
|
||||||
echo htmlspecialchars(apply_filters('comment_author', $comment->comment_author));
|
echo wp_specialchars(apply_filters('comment_author', $comment->comment_author));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -292,7 +292,7 @@ function comment_text_rss() {
|
||||||
$comment_text = str_replace('<pingback />', '', $comment_text);
|
$comment_text = str_replace('<pingback />', '', $comment_text);
|
||||||
$comment_text = apply_filters('comment_text', $comment_text);
|
$comment_text = apply_filters('comment_text', $comment_text);
|
||||||
$comment_text = strip_tags($comment_text);
|
$comment_text = strip_tags($comment_text);
|
||||||
$comment_text = htmlspecialchars($comment_text);
|
$comment_text = wp_specialchars($comment_text);
|
||||||
echo $comment_text;
|
echo $comment_text;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -235,7 +235,7 @@ function single_month_title($prefix = '', $display = true ) {
|
||||||
/* link navigation hack by Orien http://icecode.com/ */
|
/* link navigation hack by Orien http://icecode.com/ */
|
||||||
function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
|
function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
|
||||||
$text = wptexturize($text);
|
$text = wptexturize($text);
|
||||||
$title_text = htmlspecialchars($text, ENT_QUOTES);
|
$title_text = wp_specialchars($text, 1);
|
||||||
|
|
||||||
if ('link' == $format) {
|
if ('link' == $format) {
|
||||||
return "\t<link rel='archives' title='$title_text' href='$url' />\n";
|
return "\t<link rel='archives' title='$title_text' href='$url' />\n";
|
||||||
|
|
|
@ -69,7 +69,7 @@ function the_content_rss($more_link_text='(more...)', $stripteaser=0, $more_file
|
||||||
$encode_html = 2;
|
$encode_html = 2;
|
||||||
}
|
}
|
||||||
if ($encode_html == 1) {
|
if ($encode_html == 1) {
|
||||||
$content = htmlspecialchars($content);
|
$content = wp_specialchars($content);
|
||||||
$cut = 0;
|
$cut = 0;
|
||||||
} elseif ($encode_html == 0) {
|
} elseif ($encode_html == 0) {
|
||||||
$content = make_url_footnote($content);
|
$content = make_url_footnote($content);
|
||||||
|
@ -146,7 +146,7 @@ function the_excerpt_rss($cut = 0, $encode_html = 0) {
|
||||||
$encode_html = 2;
|
$encode_html = 2;
|
||||||
}
|
}
|
||||||
if ($encode_html == 1) {
|
if ($encode_html == 1) {
|
||||||
$output = htmlspecialchars($output);
|
$output = wp_specialchars($output);
|
||||||
$cut = 0;
|
$cut = 0;
|
||||||
} elseif ($encode_html == 0) {
|
} elseif ($encode_html == 0) {
|
||||||
$output = make_url_footnote($output);
|
$output = make_url_footnote($output);
|
||||||
|
@ -334,7 +334,7 @@ function wp_list_pages($args = '') {
|
||||||
|
|
||||||
$title = apply_filters('the_title', $page->post_title);
|
$title = apply_filters('the_title', $page->post_title);
|
||||||
|
|
||||||
echo '<a href="' . get_page_link($page->ID) . '" title="' . htmlspecialchars($title) . '">' . $title . '</a>';
|
echo '<a href="' . get_page_link($page->ID) . '" title="' . wp_specialchars($title) . '">' . $title . '</a>';
|
||||||
echo '</li>';
|
echo '</li>';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -182,7 +182,7 @@ foreach($wpsmiliestrans as $smiley => $img) {
|
||||||
define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_settings('home') . '/' ) );
|
define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_settings('home') . '/' ) );
|
||||||
|
|
||||||
// Some default filters
|
// Some default filters
|
||||||
add_filter('bloginfo','htmlspecialchars');
|
add_filter('bloginfo','wp_specialchars');
|
||||||
add_filter('category_description', 'wptexturize');
|
add_filter('category_description', 'wptexturize');
|
||||||
add_filter('list_cats', 'wptexturize');
|
add_filter('list_cats', 'wptexturize');
|
||||||
add_filter('comment_author', 'wptexturize');
|
add_filter('comment_author', 'wptexturize');
|
||||||
|
|
|
@ -43,12 +43,12 @@ FROM $wpdb->links
|
||||||
<?php
|
<?php
|
||||||
} // end if not first time
|
} // end if not first time
|
||||||
?>
|
?>
|
||||||
<outline type="category" title="<?php echo(htmlspecialchars(stripslashes($result->cat_name))) ?>">
|
<outline type="category" title="<?php echo wp_specialchars($result->cat_name); ?>">
|
||||||
<?php
|
<?php
|
||||||
$prev_cat_id = $result->link_category;
|
$prev_cat_id = $result->link_category;
|
||||||
} // end if new category
|
} // end if new category
|
||||||
?>
|
?>
|
||||||
<outline title="<?php echo(htmlspecialchars(stripslashes($result->link_name))) ?>" type="link" xmlUrl="<?php echo $result->link_rss; ?>" htmlUrl="<?php echo($result->link_url) ?>"/>
|
<outline title="<?php echo wp_specialchars($result->link_name); ?>" type="link" xmlUrl="<?php echo $result->link_rss; ?>" htmlUrl="<?php echo($result->link_url) ?>"/>
|
||||||
<?php
|
<?php
|
||||||
} // end foreach
|
} // end foreach
|
||||||
} // end if
|
} // end if
|
||||||
|
|
|
@ -82,11 +82,11 @@ if ( !empty($tb_url) && !empty($title) && !empty($tb_url) ) {
|
||||||
if ('closed' == $pingstatus)
|
if ('closed' == $pingstatus)
|
||||||
trackback_response(1, 'Sorry, trackbacks are closed for this item.');
|
trackback_response(1, 'Sorry, trackbacks are closed for this item.');
|
||||||
|
|
||||||
$title = strip_tags( htmlspecialchars( $title ) );
|
$title = wp_specialchars( strip_tags( $title ) );
|
||||||
$title = (strlen($title) > 250) ? substr($title, 0, 250) . '...' : $title;
|
$title = (strlen($title) > 250) ? substr($title, 0, 250) . '...' : $title;
|
||||||
$excerpt = strip_tags($excerpt);
|
$excerpt = strip_tags($excerpt);
|
||||||
$excerpt = (strlen($excerpt) > 255) ? substr($excerpt, 0, 252) . '...' : $excerpt;
|
$excerpt = (strlen($excerpt) > 255) ? substr($excerpt, 0, 252) . '...' : $excerpt;
|
||||||
$blog_name = htmlspecialchars($blog_name);
|
$blog_name = wp_specialchars($blog_name);
|
||||||
$blog_name = (strlen($blog_name) > 250) ? substr($blog_name, 0, 250) . '...' : $blog_name;
|
$blog_name = (strlen($blog_name) > 250) ? substr($blog_name, 0, 250) . '...' : $blog_name;
|
||||||
|
|
||||||
$comment_post_ID = $tb_id;
|
$comment_post_ID = $tb_id;
|
||||||
|
|
|
@ -763,8 +763,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
$struct['categoryId'] = $cat['cat_ID'];
|
$struct['categoryId'] = $cat['cat_ID'];
|
||||||
$struct['description'] = $cat['cat_name'];
|
$struct['description'] = $cat['cat_name'];
|
||||||
$struct['categoryName'] = $cat['cat_name'];
|
$struct['categoryName'] = $cat['cat_name'];
|
||||||
$struct['htmlUrl'] = htmlspecialchars(get_category_link(false, $cat['cat_ID'], $cat['cat_name']));
|
$struct['htmlUrl'] = wp_specialchars(get_category_link(false, $cat['cat_ID'], $cat['cat_name']));
|
||||||
$struct['rssUrl'] = htmlspecialchars(get_category_rss_link(false, $cat['cat_ID'], $cat['cat_name']));
|
$struct['rssUrl'] = wp_specialchars(get_category_rss_link(false, $cat['cat_ID'], $cat['cat_name']));
|
||||||
|
|
||||||
$categories_struct[] = $struct;
|
$categories_struct[] = $struct;
|
||||||
}
|
}
|
||||||
|
@ -1213,7 +1213,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
$title = (!strlen($matchtitle[1])) ? $pagelinkedfrom : $matchtitle[1];
|
$title = (!strlen($matchtitle[1])) ? $pagelinkedfrom : $matchtitle[1];
|
||||||
$original_context = strip_tags($context);
|
$original_context = strip_tags($context);
|
||||||
$context = '[...] ';
|
$context = '[...] ';
|
||||||
$context = htmlspecialchars($original_context);
|
$context = wp_specialchars($original_context);
|
||||||
$context .= ' [...]';
|
$context .= ' [...]';
|
||||||
$original_pagelinkedfrom = $pagelinkedfrom;
|
$original_pagelinkedfrom = $pagelinkedfrom;
|
||||||
$pagelinkedfrom = addslashes($pagelinkedfrom);
|
$pagelinkedfrom = addslashes($pagelinkedfrom);
|
||||||
|
|
Loading…
Reference in New Issue