Index: wp-includes/version.php =================================================================== --- wp-includes/version.php (.../2.2.1) (revision 5900) +++ wp-includes/version.php (.../2.2.2) (revision 5900) @@ -2,7 +2,7 @@ // This holds the version number in a separate file so we can bump it without cluttering the SVN -$wp_version = '2.2.1'; +$wp_version = '2.2.2'; $wp_db_version = 5183; ?> Index: wp-includes/general-template.php =================================================================== --- wp-includes/general-template.php (.../2.2.1) (revision 5900) +++ wp-includes/general-template.php (.../2.2.2) (revision 5900) @@ -813,7 +813,8 @@ if ( !isset( $wp_rich_edit) ) { if ( get_user_option( 'rich_editing' ) == 'true' && ( ( preg_match( '!AppleWebKit/(\d+)!', $_SERVER['HTTP_USER_AGENT'], $match ) && intval($match[1]) >= 420 ) || - !preg_match( '!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT'] ) ) ) { + !preg_match( '!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT'] ) ) + && 'comment.php' != $pagenow ) { $wp_rich_edit = true; } else { $wp_rich_edit = false; Index: wp-includes/theme.php =================================================================== --- wp-includes/theme.php (.../2.2.1) (revision 5900) +++ wp-includes/theme.php (.../2.2.2) (revision 5900) @@ -79,6 +79,7 @@ $name = trim( $name ); $theme = $name; $theme_uri = trim( $theme_uri[1] ); + $template = trim( $template[1] ); if ( '' == $author_uri[1] ) { $author = trim( $author_name[1] ); Index: wp-includes/widgets.php =================================================================== --- wp-includes/widgets.php (.../2.2.1) (revision 5900) +++ wp-includes/widgets.php (.../2.2.2) (revision 5900) @@ -630,7 +630,7 @@ var dropdown = document.getElementById("cat"); function onCatChange() { if ( dropdown.options[dropdown.selectedIndex].value > 0 ) { - location.href = "/?cat="+dropdown.options[dropdown.selectedIndex].value; + location.href = "/?cat="+dropdown.options[dropdown.selectedIndex].value; } } dropdown.onchange = onCatChange; Index: wp-includes/functions.php =================================================================== --- wp-includes/functions.php (.../2.2.1) (revision 5900) +++ wp-includes/functions.php (.../2.2.2) (revision 5900) @@ -203,6 +203,7 @@ /* Options functions */ +// expects $setting to already be SQL-escaped function get_option($setting) { global $wpdb; @@ -302,16 +303,19 @@ return $alloptions; } +// expects $option_name to NOT be SQL-escaped function update_option($option_name, $newvalue) { global $wpdb; wp_protect_special_option($option_name); + $safe_option_name = $wpdb->escape($option_name); + if ( is_string($newvalue) ) $newvalue = trim($newvalue); // If the new and old values are the same, no need to update. - $oldvalue = get_option($option_name); + $oldvalue = get_option($safe_option_name); if ( $newvalue === $oldvalue ) { return false; } @@ -349,21 +353,21 @@ } // thx Alex Stapleton, http://alex.vort-x.net/blog/ +// expects $name to NOT be SQL-escaped function add_option($name, $value = '', $description = '', $autoload = 'yes') { global $wpdb; wp_protect_special_option($name); + $safe_name = $wpdb->escape($name); - // Make sure the option doesn't already exist we can check the cache before we ask for a db query + // Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query $notoptions = wp_cache_get('notoptions', 'options'); - if ( is_array($notoptions) && isset($notoptions[$name]) ) { - unset($notoptions[$name]); - wp_cache_set('notoptions', $notoptions, 'options'); - } elseif ( false !== get_option($name) ) { + if ( !is_array($notoptions) || !isset($notoptions[$name]) ) + if ( false !== get_option($safe_name) ) return; - } $value = maybe_serialize($value); + $autoload = ( 'no' === $autoload ) ? 'no' : 'yes'; if ( 'yes' == $autoload ) { $alloptions = wp_load_alloptions(); @@ -373,6 +377,13 @@ wp_cache_set($name, $value, 'options'); } + // This option exists now + $notoptions = wp_cache_get('notoptions', 'options'); // yes, again... we need it to be fresh + if ( is_array($notoptions) && isset($notoptions[$name]) ) { + unset($notoptions[$name]); + wp_cache_set('notoptions', $notoptions, 'options'); + } + $name = $wpdb->escape($name); $value = $wpdb->escape($value); $description = $wpdb->escape($description); Index: wp-app.php =================================================================== --- wp-app.php (.../2.2.1) (revision 5900) +++ wp-app.php (.../2.2.2) (revision 5900) @@ -673,8 +673,9 @@ } $location = get_post_meta($entry['ID'], '_wp_attached_file', true); + $filetype = wp_check_filetype($location); - if(!isset($location)) + if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext'])) $this->internal_error(__('Error ocurred while accessing post metadata for file location.')); header('Content-Type: ' . $entry['post_mime_type']); @@ -707,8 +708,9 @@ } $location = get_post_meta($entry['ID'], '_wp_attached_file', true); + $filetype = wp_check_filetype($location); - if(!isset($location)) + if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext'])) $this->internal_error(__('Error ocurred while accessing post metadata for file location.')); $fp = fopen("php://input", "rb"); Index: wp-settings.php =================================================================== --- wp-settings.php (.../2.2.1) (revision 5900) +++ wp-settings.php (.../2.2.2) (revision 5900) @@ -48,8 +48,8 @@ if ( empty($PHP_SELF) ) $_SERVER['PHP_SELF'] = $PHP_SELF = preg_replace("/(\?.*)?$/",'',$_SERVER["REQUEST_URI"]); -if ( !(phpversion() >= '4.1') ) - die( 'Your server is running PHP version ' . phpversion() . ' but WordPress requires at least 4.1' ); +if ( !(phpversion() >= '4.2') ) + die( 'Your server is running PHP version ' . phpversion() . ' but WordPress requires at least 4.2.' ); if ( !extension_loaded('mysql') && !file_exists(ABSPATH . 'wp-content/db.php') ) die( 'Your PHP installation appears to be missing the MySQL which is required for WordPress.' ); @@ -263,4 +263,4 @@ // Everything is loaded and initialized. do_action('init'); -?> \ No newline at end of file +?> Index: wp-admin/edit-comments.php =================================================================== --- wp-admin/edit-comments.php (.../2.2.1) (revision 5900) +++ wp-admin/edit-comments.php (.../2.2.2) (revision 5900) @@ -76,7 +76,7 @@ endif; if ( isset( $_GET['apage'] ) ) - $page = (int) $_GET['apage']; + $page = abs( (int) $_GET['apage'] ); else $page = 1; Index: wp-admin/admin-functions.php =================================================================== --- wp-admin/admin-functions.php (.../2.2.1) (revision 5900) +++ wp-admin/admin-functions.php (.../2.2.2) (revision 5900) @@ -901,7 +901,7 @@ function _wp_get_comment_list( $s = false, $start, $num ) { global $wpdb; - $start = (int) $start; + $start = abs( (int) $start ); $num = (int) $num; if ( $s ) { Index: wp-admin/admin-db.php =================================================================== --- wp-admin/admin-db.php (.../2.2.1) (revision 5900) +++ wp-admin/admin-db.php (.../2.2.2) (revision 5900) @@ -419,9 +419,11 @@ } $wpdb->query("DELETE FROM $wpdb->link2cat WHERE link_id = '$link_id'"); - return $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'"); + $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'"); do_action('deleted_link', $link_id); + + return true; } function wp_get_link_cats($link_ID = 0) { Index: wp-admin/import/wordpress.php =================================================================== --- wp-admin/import/wordpress.php (.../2.2.1) (revision 5900) +++ wp-admin/import/wordpress.php (.../2.2.2) (revision 5900) @@ -37,7 +37,8 @@ function get_tag( $string, $tag ) { global $wpdb; preg_match("|<$tag.*?>(.*?)|is", $string, $return); - $return = $wpdb->escape( trim( $return[1] ) ); + $return = preg_replace('|^$|s', '$1', $return[1]); + $return = $wpdb->escape( trim( $return ) ); return $return; } @@ -215,7 +216,7 @@ $cat_names = (array) $wpdb->get_col("SELECT cat_name FROM $wpdb->categories"); while ( $c = array_shift($this->categories) ) { - $cat_name = trim(str_replace(array (''), '', $this->get_tag( $c, 'wp:cat_name' ))); + $cat_name = trim($this->get_tag( $c, 'wp:cat_name' )); // If the category exists we leave it alone if ( in_array($cat_name, $cat_names) ) @@ -274,7 +275,6 @@ $post_author = $this->get_tag( $post, 'dc:creator' ); $post_content = $this->get_tag( $post, 'content:encoded' ); - $post_content = str_replace(array (''), '', $post_content); $post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content); $post_content = str_replace('
', '
', $post_content); $post_content = str_replace('
', '
', $post_content); Index: wp-admin/upload-functions.php =================================================================== --- wp-admin/upload-functions.php (.../2.2.1) (revision 5900) +++ wp-admin/upload-functions.php (.../2.2.2) (revision 5900) @@ -105,8 +105,9 @@ $id = get_the_ID(); global $post_id, $tab, $style; $enctype = $id ? '' : ' enctype="multipart/form-data"'; + $post_id = (int) $post_id; ?> - id="upload-file" method="post" action=""> + id="upload-file" method="post" action=""> " + . " " . __('Browse Files') . '' ); @@ -211,7 +212,7 @@ if ( isset($file['error']) ) wp_die($file['error'] . "
" . __('Back to Image Uploading') . '' + . "/wp-admin/upload.php?style=" . attribute_escape($style . "&tab=$from_tab&post_id=$post_id") . "'>" . __('Back to Image Uploading') . '' ); $url = $file['url']; @@ -258,7 +259,7 @@ if ( !current_user_can('edit_post', (int) $ID) ) wp_die( __('You are not allowed to delete this attachment.') - . " " + . " " . __('Go back') . '' ); Index: wp-admin/link-import.php =================================================================== --- wp-admin/link-import.php (.../2.2.1) (revision 5900) +++ wp-admin/link-import.php (.../2.2.2) (revision 5900) @@ -73,8 +73,8 @@

option_name = attribute_escape($option->option_name); if ( is_serialized($option->option_value) ) { if ( is_serialized_string($option->option_value) ) { // this is a serialized string, so we should display it - $value = wp_specialchars(maybe_unserialize($option->option_value), 'single'); + $value = maybe_unserialize($option->option_value); $options_to_update[] = $option->option_name; $class = 'all-options'; } else { @@ -139,7 +140,7 @@ $class = 'all-options disabled'; } } else { - $value = wp_specialchars($option->option_value, 'single'); + $value = $option->option_value; $options_to_update[] = $option->option_name; $class = 'all-options'; } @@ -148,8 +149,8 @@ "; - if (strpos($value, "\n") !== false) echo ""; - else echo ""; + if (strpos($value, "\n") !== false) echo ""; + else echo ""; echo " $option->option_description @@ -158,7 +159,7 @@ ?> -

+