diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index b7d3b7941c..5966d8900b 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -7,7 +7,7 @@ require_once('includes/admin.php'); if ( !is_user_logged_in() ) die('-1'); -if ( 'ajax-tag-search' == $_GET['action'] ) { +if ( isset($_GET['action']) && 'ajax-tag-search' == $_GET['action'] ) { if ( !current_user_can( 'manage_categories' ) ) die('-1'); @@ -20,7 +20,7 @@ if ( 'ajax-tag-search' == $_GET['action'] ) { die; } -$id = (int) $_POST['id']; +$id = isset($_POST['id'])? (int) $_POST['id'] : 0; switch ( $action = $_POST['action'] ) : case 'add-post' : check_ajax_referer( 'add-post' ); @@ -165,8 +165,8 @@ case 'add-category' : // On the Fly $names = explode(',', $_POST['newcat']); if ( 0 > $parent = (int) $_POST['newcat_parent'] ) $parent = 0; - - $checked_categories = array_map( 'absint', (array) $_POST['post_category'] ); + $post_category = isset($_POST['post_category'])? (array) $_POST['post_category'] : array(); + $checked_categories = array_map( 'absint', (array) $post_category ); $x = new WP_Ajax_Response(); foreach ( $names as $cat_name ) { diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index 9826dbefec..204b9e3989 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -1,4 +1,5 @@ "; @@ -136,7 +137,7 @@ if ( !in_array( $post->post_status, array('publish', 'future') ) || 0 == $post_I post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete post') . ""; ?> diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php index f419eb198a..870dfc695f 100644 --- a/wp-admin/edit-page-form.php +++ b/wp-admin/edit-page-form.php @@ -1,6 +1,6 @@ 0, 'before_widget' => '', 'after_widget' => '', 'before_title' => '', 'after_title' => ''); + extract( $sidebar_defaults, EXTR_PREFIX_ALL, 'sidebar' ); extract( $params[0], EXTR_PREFIX_ALL, 'sidebar' ); + + if ( !isset($wp_registered_widgets[$sidebar_widget_id]) || !is_array($wp_registered_widgets[$sidebar_widget_id]) ) { + return $params; + } + $widget_defaults = array('id' => '', 'width' => '', 'height' => '', 'class' => '', 'feed_link' => '', 'all_link' => '', 'notice' => false, 'error' => false); + extract( $widget_defaults, EXTR_PREFIX_ALL, 'widget' ); extract( $wp_registered_widgets[$sidebar_widget_id], EXTR_PREFIX_ALL, 'widget' ); $the_classes = array(); diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index a5b1c3380e..64dd32e8c7 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -28,7 +28,7 @@ function edit_post() { $_POST['ID'] = (int) $_POST['post_ID']; $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; - $_POST['post_parent'] = $_POST['parent_id']; + $_POST['post_parent'] = isset($_POST['parent_id'])? $_POST['parent_id'] : ''; $_POST['to_ping'] = $_POST['trackback_url']; if (!empty ( $_POST['post_author_override'] ) ) { @@ -52,13 +52,13 @@ function edit_post() { } // What to do based on which button they pressed - if ('' != $_POST['saveasdraft'] ) + if ( isset($_POST['saveasdraft']) && '' != $_POST['saveasdraft'] ) $_POST['post_status'] = 'draft'; - if ('' != $_POST['saveasprivate'] ) + if ( isset($_POST['saveasprivate']) && '' != $_POST['saveasprivate'] ) $_POST['post_status'] = 'private'; - if ( ( '' != $_POST['publish'] ) && ( $_POST['post_status'] != 'private' ) ) + if ( isset($_POST['publish']) && ( '' != $_POST['publish'] ) && ( $_POST['post_status'] != 'private' ) ) $_POST['post_status'] = 'publish'; - if ('' != $_POST['advanced'] ) + if ( isset($_POST['advanced']) && '' != $_POST['advanced'] ) $_POST['post_status'] = 'draft'; if ( 'page' == $_POST['post_type'] ) { @@ -91,12 +91,12 @@ function edit_post() { } // Meta Stuff - if ( $_POST['meta'] ) { + if ( isset($_POST['meta']) && $_POST['meta'] ) { foreach ( $_POST['meta'] as $key => $value ) update_meta( $key, $value['key'], $value['value'] ); } - if ( $_POST['deletemeta'] ) { + if ( isset($_POST['deletemeta']) && $_POST['deletemeta'] ) { foreach ( $_POST['deletemeta'] as $key => $value ) delete_meta( $key ); } @@ -128,6 +128,7 @@ function get_default_post_to_edit() { $post_title = ''; } + $post_content = ''; if ( !empty( $_REQUEST['content'] ) ) $post_content = wp_specialchars( stripslashes( $_REQUEST['content'] )); else if ( !empty( $post_title ) ) { @@ -142,8 +143,14 @@ function get_default_post_to_edit() { else $post_excerpt = ''; + $post->ID = 0; + $post->post_name = ''; + $post->post_author = ''; + $post->post_date = ''; $post->post_status = 'draft'; $post->post_type = 'post'; + $post->to_ping = ''; + $post->pinged = ''; $post->comment_status = get_option( 'default_comment_status' ); $post->ping_status = get_option( 'default_ping_status' ); $post->post_pingback = get_option( 'default_pingback_flag' ); @@ -224,7 +231,7 @@ function wp_write_post() { // Rename. $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; - $_POST['post_parent'] = $_POST['parent_id']; + $_POST['post_parent'] = isset($_POST['parent_id'])? $_POST['parent_id'] : ''; $_POST['to_ping'] = $_POST['trackback_url']; if (!empty ( $_POST['post_author_override'] ) ) { @@ -250,13 +257,13 @@ function wp_write_post() { } // What to do based on which button they pressed - if ('' != $_POST['saveasdraft'] ) + if ( isset($_POST['saveasdraft']) && '' != $_POST['saveasdraft'] ) $_POST['post_status'] = 'draft'; - if ('' != $_POST['saveasprivate'] ) + if ( isset($_POST['saveasprivate']) && '' != $_POST['saveasprivate'] ) $_POST['post_status'] = 'private'; - if ( ( '' != $_POST['publish'] ) && ( $_POST['post_status'] != 'private' ) ) + if ( isset($_POST['publish']) && ( '' != $_POST['publish'] ) && ( $_POST['post_status'] != 'private' ) ) $_POST['post_status'] = 'publish'; - if ('' != $_POST['advanced'] ) + if ( isset($_POST['advanced']) && '' != $_POST['advanced'] ) $_POST['post_status'] = 'draft'; if ( 'page' == $_POST['post_type'] ) { @@ -571,6 +578,9 @@ function postbox_classes( $id, $page ) { function get_sample_permalink($id, $name = null) { $post = &get_post($id); + if (!$post->ID) { + return array('', ''); + } $original_status = $post->post_status; $original_date = $post->post_date; $original_name = $post->post_name; diff --git a/wp-admin/includes/taxonomy.php b/wp-admin/includes/taxonomy.php index 69bc430cfa..66918260e1 100644 --- a/wp-admin/includes/taxonomy.php +++ b/wp-admin/includes/taxonomy.php @@ -51,6 +51,7 @@ function wp_delete_category($cat_ID) { } function wp_insert_category($catarr, $wp_error = false) { + $cat_defaults = array('cat_ID' => 0, 'cat_name' => '', 'category_description' => '', 'category_nicename' => '', 'category_parent' => ''); extract($catarr, EXTR_SKIP); if ( trim( $cat_name ) == '' ) diff --git a/wp-admin/media-upload.php b/wp-admin/media-upload.php index dddd5f1c10..75d8cffb0e 100644 --- a/wp-admin/media-upload.php +++ b/wp-admin/media-upload.php @@ -11,11 +11,11 @@ if (!current_user_can('upload_files')) wp_die(__('You do not have permission to upload files.')); // IDs should be integers -$ID = (int) $ID; -$post_id = (int) $post_id; +$ID = isset($ID)? (int) $ID : 0; +$post_id = isset($post_id)? (int) $post_id : 0; // Require an ID for the edit screen -if ( $action == 'edit' && !$ID ) +if ( isset($action) && $action == 'edit' && !$ID ) wp_die(__("You are not allowed to be here")); // upload type: image, video, file, ..? diff --git a/wp-admin/post.php b/wp-admin/post.php index cefb91b70c..268407c62c 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -127,11 +127,11 @@ case 'editpost': $referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']); $referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer()); - if ($_POST['addmeta']) { + if (isset($_POST['addmeta']) && $_POST['addmeta']) { $location = add_query_arg( 'message', 2, wp_get_referer() ); $location = explode('#', $location); $location = $location[0] . '#postcustom'; - } elseif ($_POST['deletemeta']) { + } elseif (isset($_POST['deletemeta']) && $_POST['deletemeta']) { $location = add_query_arg( 'message', 3, wp_get_referer() ); $location = explode('#', $location); $location = $location[0] . '#postcustom'; diff --git a/wp-includes/canonical.php b/wp-includes/canonical.php index d500f695cb..f6fbed8b44 100644 --- a/wp-includes/canonical.php +++ b/wp-includes/canonical.php @@ -178,6 +178,12 @@ function redirect_canonical($requested_url=null, $do_redirect=true) { if ( strtolower($original['host']) == strtolower($redirect['host']) ) $redirect['host'] = $original['host']; + // prevent notices in the comparison below + $original['query'] = isset($redirect['query'])? $redirect['query'] : false; + $original['port'] = isset($redirect['port'])? $redirect['port'] : false; + $redirect['query'] = isset($redirect['query'])? $redirect['query'] : false; + $redirect['port'] = isset($redirect['port'])? $redirect['port'] : false; + if ( array($original['host'], $original['port'], $original['path'], $original['query']) !== array($redirect['host'], $redirect['port'], $redirect['path'], $redirect['query']) ) { $redirect_url = $redirect['scheme'] . '://' . $redirect['host']; if ( isset($redirect['port']) ) @@ -240,4 +246,4 @@ function redirect_guess_404_permalink() { add_action('template_redirect', 'redirect_canonical'); -?> \ No newline at end of file +?> diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 6dff0f7bf0..ce7870d817 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -375,7 +375,7 @@ function delete_option( $name ) { // Get the ID, if no ID then return // expected_slashed ($name) $option = $wpdb->get_row( "SELECT option_id, autoload FROM $wpdb->options WHERE option_name = '$name'" ); - if ( !$option->option_id ) + if ( is_null($option) || !$option->option_id ) return false; // expected_slashed ($name) $wpdb->query( "DELETE FROM $wpdb->options WHERE option_name = '$name'" ); diff --git a/wp-includes/post.php b/wp-includes/post.php index b513d1fb85..d1dbc5adba 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -180,9 +180,11 @@ function &get_post(&$post, $output = OBJECT, $filter = 'raw') { if ( $output == OBJECT ) { return $_post; } elseif ( $output == ARRAY_A ) { - return get_object_vars($_post); + $__post = get_object_vars($_post); + return $__post; } elseif ( $output == ARRAY_N ) { - return array_values(get_object_vars($_post)); + $__post = array_values(get_object_vars($_post)); + return $__post; } else { return $_post; } @@ -698,14 +700,17 @@ function get_post_custom_values( $key = '', $post_id = 0 ) { function sanitize_post($post, $context = 'display') { if ( 'raw' == $context ) return $post; - - if ( is_object($post) ) + if ( is_object($post) ) { + if ( !isset($post->ID) ) + return $post; foreach ( array_keys(get_object_vars($post)) as $field ) $post->$field = sanitize_post_field($field, $post->$field, $post->ID, $context); - else + } else { + if ( !isset($post['ID']) ) + return $post; foreach ( array_keys($post) as $field ) $post[$field] = sanitize_post_field($field, $post[$field], $post['ID'], $context); - + } return $post; } @@ -2366,7 +2371,7 @@ function wp_mime_type_icon( $mime = 0 ) { * @return int Same as $post_id */ function wp_check_for_changed_slugs($post_id) { - if ( !strlen($_POST['wp-old-slug']) ) + if ( !isset($_POST['wp-old-slug']) || !strlen($_POST['wp-old-slug']) ) return $post_id; $post = &get_post($post_id); diff --git a/wp-includes/query.php b/wp-includes/query.php index 034d64eef4..4d81d4baae 100644 --- a/wp-includes/query.php +++ b/wp-includes/query.php @@ -1154,7 +1154,7 @@ class WP_Query { // MIME-Type stuff for attachment browsing - if ( '' != $q['post_mime_type'] ) + if ( isset($q['post_mime_type']) && '' != $q['post_mime_type'] ) $whichmimetype = wp_post_mime_type_where($q['post_mime_type']); $where .= $search.$whichcat.$whichauthor.$whichmimetype; diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index ff1a8925d5..7f22050453 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -640,6 +640,7 @@ function &get_terms($taxonomies, $args = '') { $where .= " AND (t.name LIKE '%$search%')"; } + $select_this = ''; if ( 'all' == $fields ) $select_this = 't.*, tt.*'; else if ( 'ids' == $fields ) @@ -1041,6 +1042,7 @@ function wp_get_object_terms($object_ids, $taxonomies, $args = array()) { $taxonomies = "'" . implode("', '", $taxonomies) . "'"; $object_ids = implode(', ', $object_ids); + $select_this = ''; if ( 'all' == $fields ) $select_this = 't.*, tt.*'; else if ( 'ids' == $fields ) @@ -1252,7 +1254,7 @@ function wp_set_object_terms($object_id, $terms, $taxonomy, $append = false) { } $t = get_taxonomy($taxonomy); - if ( ! $append && $t->sort ) { + if ( ! $append && isset($t->sort) && $t->sort ) { $values = array(); $term_order = 0; $final_term_ids = wp_get_object_terms($object_id, $taxonomy, 'fields=tt_ids'); @@ -1883,4 +1885,4 @@ function _update_post_term_count( $terms ) { } } -?> \ No newline at end of file +?> diff --git a/wp-includes/widgets.php b/wp-includes/widgets.php index 24718073ff..2301ee1a88 100644 --- a/wp-includes/widgets.php +++ b/wp-includes/widgets.php @@ -259,7 +259,7 @@ function is_active_widget($callback) { if ( is_array($sidebars_widgets) ) foreach ( $sidebars_widgets as $sidebar => $widgets ) if ( is_array($widgets) ) foreach ( $widgets as $widget ) - if ( $wp_registered_widgets[$widget]['callback'] == $callback ) + if ( isset($wp_registered_widgets[$widget]['callback']) && $wp_registered_widgets[$widget]['callback'] == $callback ) return $sidebar; return false;