Index: wp-includes/default-filters.php =================================================================== --- wp-includes/default-filters.php (.../2.2.1) (revision 6166) +++ wp-includes/default-filters.php (.../2.2.3) (revision 6166) @@ -129,6 +129,8 @@ add_filter('sanitize_title', 'sanitize_title_with_dashes'); +add_filter('wp_title', 'wp_specialchars'); + // RSS filters add_filter('the_title_rss', 'strip_tags'); add_filter('the_title_rss', 'ent2ncr', 8); Index: wp-includes/plugin.php =================================================================== --- wp-includes/plugin.php (.../2.2.1) (revision 6166) +++ wp-includes/plugin.php (.../2.2.3) (revision 6166) @@ -19,7 +19,7 @@ global $wp_filter, $merged_filters; // So the format is wp_filter['tag']['array of priorities']['array of functions serialized']['array of ['array (functions, accepted_args)]'] - $wp_filter[$tag][$priority][serialize($function_to_add)] = array('function' => $function_to_add, 'accepted_args' => $accepted_args); + $wp_filter[$tag][$priority][_wp_filter_build_unique_id($tag, $function_to_add, $priority)] = array('function' => $function_to_add, 'accepted_args' => $accepted_args); unset( $merged_filters[ $tag ] ); return true; } @@ -98,8 +98,8 @@ */ function remove_filter($tag, $function_to_remove, $priority = 10, $accepted_args = 1) { global $wp_filter, $merged_filters; - - unset($GLOBALS['wp_filter'][$tag][$priority][serialize($function_to_remove)]); + + unset($GLOBALS['wp_filter'][$tag][$priority][_wp_filter_build_unique_id($tag, $function_to_remove, $priority)]); unset( $merged_filters[ $tag ] ); return true; @@ -235,8 +235,9 @@ * @return string The name of a plugin. */ function plugin_basename($file) { - $file = preg_replace('|\\\\+|', '\\\\', $file); - $file = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', $file); + $file = str_replace('\\','/',$file); // sanitize for Win32 installs + $file = preg_replace('|/+|','/', $file); // remove any duplicate slash + $file = preg_replace('|^.*/wp-content/plugins/|','',$file); // get relative path from plugins dir return $file; } @@ -278,4 +279,29 @@ add_action('deactivate_' . $file, $function); } +function _wp_filter_build_unique_id($tag, $function, $priority = 10) +{ + global $wp_filter; + + // If function then just skip all of the tests and not overwrite the following. + if( is_string($function) ) + return $function; + // Object Class Calling + else if(is_object($function[0]) ) + { + $obj_idx = get_class($function[0]).$function[1]; + if( is_null($function[0]->wp_filter_id) ) { + $count = count((array)$wp_filter[$tag][$priority]); + $function[0]->wp_filter_id = $count; + $obj_idx .= $count; + unset($count); + } else + $obj_idx .= $function[0]->wp_filter_id; + return $obj_idx; + } + // Static Calling + else if( is_string($function[0]) ) + return $function[0].$function[1]; +} + ?> \ No newline at end of file Index: wp-includes/query.php =================================================================== --- wp-includes/query.php (.../2.2.1) (revision 6166) +++ wp-includes/query.php (.../2.2.3) (revision 6166) @@ -413,19 +413,9 @@ $this->query_vars = $this->fill_query_vars($this->query_vars); $qv = &$this->query_vars; - if ( ! empty($qv['robots']) ) { + if ( ! empty($qv['robots']) ) $this->is_robots = true; - return; - } - if ('404' == $qv['error']) { - $this->is_404 = true; - if ( !empty($query) ) { - do_action_ref_array('parse_query', array(&$this)); - } - return; - } - $qv['p'] = (int) $qv['p']; $qv['page_id'] = (int) $qv['page_id']; $qv['year'] = (int) $qv['year']; @@ -606,12 +596,21 @@ } } + if ( !empty($qv['post_type']) ) + $qv['post_type'] = sanitize_user($qv['post_type'], true); + + if ( !empty($qv['post_status']) ) + $qv['post_status'] = sanitize_user($qv['post_status'], true); + if ( $this->is_posts_page && !$qv['withcomments'] ) $this->is_comment_feed = false; $this->is_singular = $this->is_single || $this->is_page || $this->is_attachment; // Done correcting is_* for page_on_front and page_for_posts + if ('404' == $qv['error']) + $this->set_404(); + if ( !empty($query) ) do_action_ref_array('parse_query', array(&$this)); } Index: wp-includes/formatting.php =================================================================== --- wp-includes/formatting.php (.../2.2.1) (revision 6166) +++ wp-includes/formatting.php (.../2.2.3) (revision 6166) @@ -11,7 +11,7 @@ // if a plugin has provided an autocorrect array, use it if ( isset($wp_cockneyreplace) ) { $cockney = array_keys($wp_cockneyreplace); - $cockney_replace = array_values($wp_cockneyreplace); + $cockneyreplace = array_values($wp_cockneyreplace); } else { $cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause"); $cockneyreplace = array("’tain’t","’twere","’twas","’tis","’twill","’til","’bout","’nuff","’round","’cause"); @@ -1118,6 +1118,79 @@ return preg_replace('|https?://[^/]+(/.*)|i', '$1', $link ); } +function sanitize_option($option, $value) { // Remember to call stripslashes! + + switch ($option) { + case 'admin_email': + $value = sanitize_email($value); + break; + + case 'default_post_edit_rows': + case 'mailserver_port': + case 'comment_max_links': + case 'page_on_front': + case 'rss_excerpt_length': + case 'default_category': + case 'default_email_category': + case 'default_link_category': + $value = abs((int) $value); + break; + + case 'posts_per_page': + case 'posts_per_rss': + $value = (int) $value; + if ( empty($value) ) $value = 1; + if ( $value < -1 ) $value = abs($value); + break; + + case 'default_ping_status': + case 'default_comment_status': + // Options that if not there have 0 value but need to be something like "closed" + if ( $value == '0' || $value == '') + $value = 'closed'; + break; + + case 'blogdescription': + case 'blogname': + $value = addslashes($value); + $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes + $value = stripslashes($value); + $value = wp_specialchars( $value ); + break; + + case 'blog_charset': + $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes + break; + + case 'date_format': + case 'time_format': + case 'mailserver_url': + case 'mailserver_login': + case 'mailserver_pass': + case 'ping_sites': + case 'upload_path': + $value = strip_tags($value); + $value = addslashes($value); + $value = wp_filter_kses($value); // calls stripslashes then addslashes + $value = stripslashes($value); + break; + + case 'gmt_offset': + $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes + break; + + case 'siteurl': + case 'home': + $value = stripslashes($value); + $value = clean_url($value); + break; + default : + break; + } + + return $value; +} + function wp_parse_str( $string, &$array ) { parse_str( $string, $array ); if ( get_magic_quotes_gpc() ) Index: wp-includes/feed-rss2-comments.php =================================================================== --- wp-includes/feed-rss2-comments.php (.../2.2.1) (revision 6166) +++ wp-includes/feed-rss2-comments.php (.../2.2.3) (revision 6166) @@ -5,7 +5,9 @@ ?> + xmlns:content="http://purl.org/rss/1.0/modules/content/" + xmlns:dc="http://purl.org/dc/elements/1.1/" + > <?php if ( is_singular() ) @@ -37,7 +39,7 @@ } ?> - + post_password) && $_COOKIE['wp-postpass'] != $comment_post->post_password) : ?> Index: wp-includes/rewrite.php =================================================================== --- wp-includes/rewrite.php (.../2.2.1) (revision 6166) +++ wp-includes/rewrite.php (.../2.2.3) (revision 6166) @@ -135,6 +135,15 @@ // Substitute the substring matches into the query. eval("\$query = \"$query\";"); + // Filter out non-public query vars + global $wp; + parse_str($query, $query_vars); + $query = array(); + foreach ( $query_vars as $key => $value ) { + if ( in_array($key, $wp->public_query_vars) ) + $query[$key] = $value; + } + // Do the query $query = new WP_Query($query); if ( $query->is_single || $query->is_page ) return $query->post->ID; Index: wp-includes/version.php =================================================================== --- wp-includes/version.php (.../2.2.1) (revision 6166) +++ wp-includes/version.php (.../2.2.3) (revision 6166) @@ -2,7 +2,7 @@ // This holds the version number in a separate file so we can bump it without cluttering the SVN -$wp_version = '2.2.1'; +$wp_version = '2.2.3'; $wp_db_version = 5183; ?> Index: wp-includes/general-template.php =================================================================== --- wp-includes/general-template.php (.../2.2.1) (revision 6166) +++ wp-includes/general-template.php (.../2.2.3) (revision 6166) @@ -813,7 +813,8 @@ if ( !isset( $wp_rich_edit) ) { if ( get_user_option( 'rich_editing' ) == 'true' && ( ( preg_match( '!AppleWebKit/(\d+)!', $_SERVER['HTTP_USER_AGENT'], $match ) && intval($match[1]) >= 420 ) || - !preg_match( '!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT'] ) ) ) { + !preg_match( '!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT'] ) ) + && 'comment.php' != $pagenow ) { $wp_rich_edit = true; } else { $wp_rich_edit = false; Index: wp-includes/pluggable.php =================================================================== --- wp-includes/pluggable.php (.../2.2.1) (revision 6166) +++ wp-includes/pluggable.php (.../2.2.3) (revision 6166) @@ -320,8 +320,18 @@ $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location); $location = wp_kses_no_null($location); + // remove %0d and %0a from location $strip = array('%0d', '%0a'); - $location = str_replace($strip, '', $location); + $found = true; + while($found) { + $found = false; + foreach($strip as $val) { + while(strpos($location, $val) !== false) { + $found = true; + $location = str_replace($val, '', $location); + } + } + } if ( $is_IIS ) { header("Refresh: 0;url=$location"); Index: wp-includes/theme.php =================================================================== --- wp-includes/theme.php (.../2.2.1) (revision 6166) +++ wp-includes/theme.php (.../2.2.3) (revision 6166) @@ -79,6 +79,7 @@ $name = trim( $name ); $theme = $name; $theme_uri = trim( $theme_uri[1] ); + $template = trim( $template[1] ); if ( '' == $author_uri[1] ) { $author = trim( $author_name[1] ); Index: wp-includes/widgets.php =================================================================== --- wp-includes/widgets.php (.../2.2.1) (revision 6166) +++ wp-includes/widgets.php (.../2.2.3) (revision 6166) @@ -332,13 +332,13 @@ $title = empty( $options['title'] ) ? __( 'Pages' ) : $options['title']; $sortby = empty( $options['sortby'] ) ? 'menu_order' : $options['sortby']; - $exclude = empty( $options['exclude'] ) ? '' : '&exclude=' . $options['exclude']; + $exclude = empty( $options['exclude'] ) ? '' : $options['exclude']; if ( $sortby == 'menu_order' ) { $sortby = 'menu_order, post_title'; } - $out = wp_list_pages( 'title_li=&echo=0&sort_column=' . $sortby . $exclude ); + $out = wp_list_pages( array('title_li' => '', 'echo' => 0, 'sort_column' => $sortby, 'exclude' => $exclude) ); if ( !empty( $out ) ) { ?> @@ -630,7 +630,7 @@ var dropdown = document.getElementById("cat"); function onCatChange() { if ( dropdown.options[dropdown.selectedIndex].value > 0 ) { - location.href = "/?cat="+dropdown.options[dropdown.selectedIndex].value; + location.href = "/?cat="+dropdown.options[dropdown.selectedIndex].value; } } dropdown.onchange = onCatChange; Index: wp-includes/rss.php =================================================================== --- wp-includes/rss.php (.../2.2.1) (revision 6166) +++ wp-includes/rss.php (.../2.2.3) (revision 6166) @@ -9,7 +9,7 @@ define('RSS', 'RSS'); define('ATOM', 'Atom'); -define('MAGPIE_USER_AGENT', 'WordPress/' . $wp_version); +define('MAGPIE_USER_AGENT', 'WordPress/' . $GLOBALS['wp_version']); class MagpieRSS { var $parser; @@ -591,7 +591,7 @@ } if ( !defined('MAGPIE_USER_AGENT') ) { - $ua = 'WordPress/' . $wp_version; + $ua = 'WordPress/' . $GLOBALS['wp_version']; if ( MAGPIE_CACHE_ON ) { $ua = $ua . ')'; Index: wp-includes/functions.php =================================================================== --- wp-includes/functions.php (.../2.2.1) (revision 6166) +++ wp-includes/functions.php (.../2.2.3) (revision 6166) @@ -203,6 +203,7 @@ /* Options functions */ +// expects $setting to already be SQL-escaped function get_option($setting) { global $wpdb; @@ -302,16 +303,19 @@ return $alloptions; } +// expects $option_name to NOT be SQL-escaped function update_option($option_name, $newvalue) { global $wpdb; wp_protect_special_option($option_name); + $safe_option_name = $wpdb->escape($option_name); + if ( is_string($newvalue) ) $newvalue = trim($newvalue); // If the new and old values are the same, no need to update. - $oldvalue = get_option($option_name); + $oldvalue = get_option($safe_option_name); if ( $newvalue === $oldvalue ) { return false; } @@ -349,21 +353,21 @@ } // thx Alex Stapleton, http://alex.vort-x.net/blog/ +// expects $name to NOT be SQL-escaped function add_option($name, $value = '', $description = '', $autoload = 'yes') { global $wpdb; wp_protect_special_option($name); + $safe_name = $wpdb->escape($name); - // Make sure the option doesn't already exist we can check the cache before we ask for a db query + // Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query $notoptions = wp_cache_get('notoptions', 'options'); - if ( is_array($notoptions) && isset($notoptions[$name]) ) { - unset($notoptions[$name]); - wp_cache_set('notoptions', $notoptions, 'options'); - } elseif ( false !== get_option($name) ) { + if ( !is_array($notoptions) || !isset($notoptions[$name]) ) + if ( false !== get_option($safe_name) ) return; - } $value = maybe_serialize($value); + $autoload = ( 'no' === $autoload ) ? 'no' : 'yes'; if ( 'yes' == $autoload ) { $alloptions = wp_load_alloptions(); @@ -373,6 +377,13 @@ wp_cache_set($name, $value, 'options'); } + // This option exists now + $notoptions = wp_cache_get('notoptions', 'options'); // yes, again... we need it to be fresh + if ( is_array($notoptions) && isset($notoptions[$name]) ) { + unset($notoptions[$name]); + wp_cache_set('notoptions', $notoptions, 'options'); + } + $name = $wpdb->escape($name); $value = $wpdb->escape($value); $description = $wpdb->escape($description); Index: wp-includes/vars.php =================================================================== --- wp-includes/vars.php (.../2.2.1) (revision 6166) +++ wp-includes/vars.php (.../2.2.3) (revision 6166) @@ -1,15 +1,24 @@ internal_error(__('Error ocurred while accessing post metadata for file location.')); header('Content-Type: ' . $entry['post_mime_type']); @@ -707,8 +708,9 @@ } $location = get_post_meta($entry['ID'], '_wp_attached_file', true); + $filetype = wp_check_filetype($location); - if(!isset($location)) + if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext'])) $this->internal_error(__('Error ocurred while accessing post metadata for file location.')); $fp = fopen("php://input", "rb"); Index: xmlrpc.php =================================================================== --- xmlrpc.php (.../2.2.1) (revision 6166) +++ xmlrpc.php (.../2.2.3) (revision 6166) @@ -1033,7 +1033,7 @@ if(isset($content_struct["mt_allow_pings"])) { if(!is_numeric($content_struct["mt_allow_pings"])) { - switch($content["mt_allow_pings"]) { + switch($content_struct["mt_allow_pings"]) { case "closed": $ping_status = "closed"; break; @@ -1245,7 +1245,7 @@ if(isset($content_struct["mt_allow_pings"])) { if(!is_numeric($content_struct["mt_allow_pings"])) { - switch($content["mt_allow_pings"]) { + switch($content_struct["mt_allow_pings"]) { case "closed": $ping_status = "closed"; break; Index: wp-mail.php =================================================================== --- wp-mail.php (.../2.2.1) (revision 6166) +++ wp-mail.php (.../2.2.3) (revision 6166) @@ -64,17 +64,17 @@ // otherwise use the site admin if (preg_match('/From: /', $line) | preg_match('/Reply-To: /', $line)) { $author=trim($line); - if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) { - $author = $regs[1]; - echo "Author = {$author}

"; - $author = $wpdb->escape($author); - $result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1"); - if (!$result) + if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) { + $author = $regs[1]; + echo "Author = {$author}

"; + $author = $wpdb->escape($author); + $result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1"); + if (!$result) + $post_author = 1; + else + $post_author = $result->ID; + } else $post_author = 1; - else - $post_author = $result->ID; - } else - $post_author = 1; } if (preg_match('/Date: /i', $line)) { // of the form '20 Mar 2002 20:32:37' Index: wp-settings.php =================================================================== --- wp-settings.php (.../2.2.1) (revision 6166) +++ wp-settings.php (.../2.2.3) (revision 6166) @@ -48,8 +48,8 @@ if ( empty($PHP_SELF) ) $_SERVER['PHP_SELF'] = $PHP_SELF = preg_replace("/(\?.*)?$/",'',$_SERVER["REQUEST_URI"]); -if ( !(phpversion() >= '4.1') ) - die( 'Your server is running PHP version ' . phpversion() . ' but WordPress requires at least 4.1' ); +if ( !(phpversion() >= '4.2') ) + die( 'Your server is running PHP version ' . phpversion() . ' but WordPress requires at least 4.2.' ); if ( !extension_loaded('mysql') && !file_exists(ABSPATH . 'wp-content/db.php') ) die( 'Your PHP installation appears to be missing the MySQL which is required for WordPress.' ); @@ -263,4 +263,4 @@ // Everything is loaded and initialized. do_action('init'); -?> \ No newline at end of file +?> Index: wp-admin/edit-comments.php =================================================================== --- wp-admin/edit-comments.php (.../2.2.1) (revision 6166) +++ wp-admin/edit-comments.php (.../2.2.3) (revision 6166) @@ -76,7 +76,7 @@ endif; if ( isset( $_GET['apage'] ) ) - $page = (int) $_GET['apage']; + $page = abs( (int) $_GET['apage'] ); else $page = 1; Index: wp-admin/admin-ajax.php =================================================================== --- wp-admin/admin-ajax.php (.../2.2.1) (revision 6166) +++ wp-admin/admin-ajax.php (.../2.2.3) (revision 6166) @@ -286,7 +286,7 @@ die(wp_create_nonce('update-page_' . $ID)); } } - die($_POST['post_type']); + die('0'); break; default : do_action( 'wp_ajax_' . $_POST['action'] ); Index: wp-admin/admin-functions.php =================================================================== --- wp-admin/admin-functions.php (.../2.2.1) (revision 6166) +++ wp-admin/admin-functions.php (.../2.2.3) (revision 6166) @@ -105,6 +105,8 @@ $_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss ); $_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] ); } + + unset($_POST['no_filter']); // Create the post. $post_ID = wp_insert_post( $_POST ); @@ -283,6 +285,8 @@ delete_meta( $key ); } + unset($_POST['no_filter']); + add_meta( $post_ID ); wp_update_post( $_POST ); @@ -901,7 +905,7 @@ function _wp_get_comment_list( $s = false, $start, $num ) { global $wpdb; - $start = (int) $start; + $start = abs( (int) $start ); $num = (int) $num; if ( $s ) { Index: wp-admin/rtl.css =================================================================== --- wp-admin/rtl.css (.../2.2.1) (revision 6166) +++ wp-admin/rtl.css (.../2.2.3) (revision 6166) @@ -1,205 +1,247 @@ -#viewarc, #viewcat, #namediv, #emaildiv, #uridiv, #planetnews li, #login ul li, #your-profile fieldset, - #footer .logo, .alignleft .available-theme { float: right; } +#viewarc, #viewcat, #namediv, #emaildiv, #uridiv, #planetnews li, #login ul li, #your-profile fieldset, #footer .logo, .alignleft .available-theme { + float: right; + } -#templateside, .alignright { float: left; } +#templateside, .alignright { + float: left; + } -#login #send, .readmore, .widefat th { text-align: right; } +#login #send, .readmore, .widefat th { + text-align: right; + } -#postcustomsubmit, form#upload th, .submit, .editform th { text-align: left; } +#postcustomsubmit, form#upload th, .submit, .editform th { + text-align: left; + } -#devnews h4, #wphead h1, #your-profile legend, fieldset.options legend, - #planetnews li .post { font-family: Tahoma, Georgia, "Times New Roman", Times, serif; } +#devnews h4, #wphead h1, #your-profile legend, fieldset.options legend, #planetnews li .post { + font-family: Tahoma, Georgia, "Times New Roman", Times, serif; + } -#wphead { padding: .8em 2em .8em 19em; } +#wphead { + padding: .8em 2em .8em 19em; + } -#wphead h1 { font-size: 2.4em; } +#wphead h1 { + font-size: 2.4em; + } -#postdiv, #titlediv, #guiddiv, #tagdiv { margin: 0 0 0 8px; } +#postdiv, #titlediv, #guiddiv, #tagdiv { + margin: 0 0 0 8px; + } -#ed_toolbar input { margin: 3px 0 2px 2px; } +#ed_toolbar input { + margin: 3px 0 2px 2px; + } -#edButtons input, #edButtons input:active { margin: 0px 0 -1px 2px; } +#edButtons input, #edButtons input:active { + margin: 0px 0 -1px 2px; + } -body, td { font: 13px Tahoma, "Lucida Grande", "Lucida Sans Unicode", Verdana; } +body, td { + font: 13px Tahoma, "Lucida Grande", "Lucida Sans Unicode", Verdana; + } -h2 { font: normal 32px/5px serif; } +h1, h2, h3, h4, h5 { + font-family: "Times New Roman", Times, serif; + } +h3.dbx-handle { + font-family: tahoma, Verdana, Arial, Helvetica, sans-serif; + } -textarea, input, select { font: 13px Tahoma, Verdana, Arial, Helvetica, sans-serif; } +textarea, input, select { + font: 13px Tahoma, Verdana, Arial, Helvetica, sans-serif; + } -.quicktags, .search { font: 12px Tahoma, Georgia, "Times New Roman", Times, serif; } +.quicktags, .search { + font: 12px Tahoma, Georgia, "Times New Roman", Times, serif; + } -.updated, .confirm { padding: 0 3em 0 1em; } +.updated, .confirm { + padding: 0 3em 0 1em; + } .submit input, .submit input:focus, .button, .button:focus { border-left-color: #999; border-right-color: #ccc; -} + } .submit input:active, .button:active { border-left-color: #ccc; border-right-color: #999; -} + } #adminmenu { padding: .2em 2em .3em .2em; height: 28px; -} + } -#adminmenu li { line-height: 160%; } - #adminmenu a { margin: 0 0 0 10px; display: block; float: right; -} + font: 700 16px/130% "Times New Roman", Times, serif; + } #adminmenu a.current { border-right: 0; border-left: 2px solid #4f96c8; -} + } -#submenu, #minisub { padding: 1px 3em 0 2em; } +#submenu, #minisub { + padding: 1px 3em 0 2em; + } -#submenu { height: 28px; } +#submenu { + height: 28px; + } -#submenu li { line-height: 160%; } - #submenu a { margin: 0 0 0 10px; display: block; float: right; -} + line-height: 155%; + } #submenu .current { border-right: 0; border-left: 2px solid #045290; -} + } #currenttheme img { float: right; margin-right: auto; margin-left: 1em; -} + } #postdiv #quicktags { padding-right: 0; padding-left: 6px; -} + } .readmore { margin-right: auto; margin-left: 5em; -} + } #postexcerpt div, #attachmentlinks div { margin-right: auto; margin-left: 8px; -} + } * html #postexcerpt .dbx-toggle-open { padding-right: 0; padding-left: 8px; -} + } #searchform { float: right; margin-right: auto; margin-left: 1em; -} + } #poststuff { margin-right: auto; margin-left: 16em; -} + } #template div { margin-right: auto; margin-left: 190px; -} + } * html #template div { margin-right: auto; margin-left: 0px; -} + } #user_info { right: auto; left: 1em; -} - + } + #zeitgeist { float: left; margin-left: auto; margin-right: 1em; -} + } #zeitgeist ul { margin: 0 .6em .3em 0; padding: 0 .6em 0 0; -} + } +.wrap ul { + margin-left: 500px; + } + #categorydiv ul { margin-left: auto; margin-right: 10px; -} + } -#moremeta fieldset div { margin: 2px 0px 0 0; } - #moremeta { - margin-right: auto; + margin-right: 0; margin-left: 15px; right: auto; - left: 5%; -} - + left: 6%; + } + #moremeta .dbx-content { background: url(images/box-butt.gif) no-repeat bottom left; - padding-right: 0; - padding-left: 2px; -} + padding-right: 10px; + padding-left: 0; + text-align: right; + } + +#moremeta .dbx-handle { + background: #2685af url(images/box-head.gif) no-repeat left; + margin-top: -2px; + } -#moremeta .dbx-handle { background: #2685af url(images/box-head.gif) no-repeat left; } +#moremeta .dbx-box { + background: url(images/box-bg.gif) repeat-y left; + padding-bottom: 0; + } -#moremeta .dbx-box { background: url(images/box-bg.gif) repeat-y left; } - a.dbx-toggle, a.dbx-toggle:visited { right: auto; left: 2px; -} + } -#advancedstuff a.dbx-toggle, #advancedstuff a.dbx-toggle-open:visited { - right: auto; - left: 5px; -} -#advancedstuff a.dbx-toggle-open, #advancedstuff a.dbx-toggle-open:visited { - right: auto; - left: 5px; -} - #categorychecklist { margin-right: auto; margin-left: 6px; -} + } #ajax-response.alignleft { margin-left: auto; margin-right: 2em; -} + } #postdivrich #edButtons { padding-left: 0; padding-right: 3px; -} + } .page-numbers { margin-right: auto; margin-left: 3px; -} + } a.view-link { right:auto; left:5%; margin-right:0; margin-left:220px; -} + } +#advancedstuff { + direction: ltr; + } +#advancedstuff .dbx-handle { + text-align: right; + } +#advancedstuff .dbx-content * { + direction: rtl; + } \ No newline at end of file Index: wp-admin/admin-db.php =================================================================== --- wp-admin/admin-db.php (.../2.2.1) (revision 6166) +++ wp-admin/admin-db.php (.../2.2.3) (revision 6166) @@ -419,9 +419,11 @@ } $wpdb->query("DELETE FROM $wpdb->link2cat WHERE link_id = '$link_id'"); - return $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'"); + $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'"); do_action('deleted_link', $link_id); + + return true; } function wp_get_link_cats($link_ID = 0) { Index: wp-admin/import/wordpress.php =================================================================== --- wp-admin/import/wordpress.php (.../2.2.1) (revision 6166) +++ wp-admin/import/wordpress.php (.../2.2.3) (revision 6166) @@ -37,7 +37,8 @@ function get_tag( $string, $tag ) { global $wpdb; preg_match("|<$tag.*?>(.*?)|is", $string, $return); - $return = $wpdb->escape( trim( $return[1] ) ); + $return = preg_replace('|^$|s', '$1', $return[1]); + $return = $wpdb->escape( trim( $return ) ); return $return; } @@ -215,7 +216,7 @@ $cat_names = (array) $wpdb->get_col("SELECT cat_name FROM $wpdb->categories"); while ( $c = array_shift($this->categories) ) { - $cat_name = trim(str_replace(array (''), '', $this->get_tag( $c, 'wp:cat_name' ))); + $cat_name = trim($this->get_tag( $c, 'wp:cat_name' )); // If the category exists we leave it alone if ( in_array($cat_name, $cat_names) ) @@ -274,7 +275,6 @@ $post_author = $this->get_tag( $post, 'dc:creator' ); $post_content = $this->get_tag( $post, 'content:encoded' ); - $post_content = str_replace(array (''), '', $post_content); $post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content); $post_content = str_replace('
', '
', $post_content); $post_content = str_replace('

', '
', $post_content); Index: wp-admin/upload-functions.php =================================================================== --- wp-admin/upload-functions.php (.../2.2.1) (revision 6166) +++ wp-admin/upload-functions.php (.../2.2.3) (revision 6166) @@ -105,8 +105,9 @@ $id = get_the_ID(); global $post_id, $tab, $style; $enctype = $id ? '' : ' enctype="multipart/form-data"'; + $post_id = (int) $post_id; ?> - id="upload-file" method="post" action=""> + id="upload-file" method="post" action=""> " + . " " . __('Browse Files') . '' ); @@ -211,7 +212,7 @@ if ( isset($file['error']) ) wp_die($file['error'] . "
" . __('Back to Image Uploading') . '' + . "/wp-admin/upload.php?style=" . attribute_escape($style . "&tab=$from_tab&post_id=$post_id") . "'>" . __('Back to Image Uploading') . '' ); $url = $file['url']; @@ -258,7 +259,7 @@ if ( !current_user_can('edit_post', (int) $ID) ) wp_die( __('You are not allowed to delete this attachment.') - . " " + . " " . __('Go back') . '' ); Index: wp-admin/link-import.php =================================================================== --- wp-admin/link-import.php (.../2.2.1) (revision 6166) +++ wp-admin/link-import.php (.../2.2.3) (revision 6166) @@ -73,8 +73,8 @@

option_name = attribute_escape($option->option_name); if ( is_serialized($option->option_value) ) { if ( is_serialized_string($option->option_value) ) { // this is a serialized string, so we should display it - $value = wp_specialchars(maybe_unserialize($option->option_value), 'single'); + $value = maybe_unserialize($option->option_value); $options_to_update[] = $option->option_name; $class = 'all-options'; } else { @@ -139,7 +69,7 @@ $class = 'all-options disabled'; } } else { - $value = wp_specialchars($option->option_value, 'single'); + $value = $option->option_value; $options_to_update[] = $option->option_name; $class = 'all-options'; } @@ -148,8 +78,8 @@ "; - if (strpos($value, "\n") !== false) echo ""; - else echo ""; + if (strpos($value, "\n") !== false) echo ""; + else echo ""; echo " $option->option_description @@ -158,7 +88,7 @@ ?> -

+

Index: wp-admin/install-rtl.css =================================================================== --- wp-admin/install-rtl.css (.../2.2.1) (revision 6166) +++ wp-admin/install-rtl.css (.../2.2.3) (revision 6166) @@ -1,5 +1,15 @@ -body { font-family: Tahoma, Georgia, "Times New Roman", Times, serif; } +body { font: 13px Tahoma, Georgia, "Times New Roman", Times, serif; } ul, ol { padding: 5px 20px 5px 5px; } -.step, th { text-align: left; } +h1, h2, h3 { font-family: "Times New Roman", Times, serif; font-weight: 700 } + +.step, th { text-align: left } + +input { font-family: "Times New Roman", Times, serif; padding: 1px } + +#logo { background: url(../wp-content/plugins/WP-Jalali/wp-fa-logo.png) center right no-repeat; text-align: left; } + +#admin_email {direction: ltr; text-align: left; } + +#footer { font-style: normal; } \ No newline at end of file Index: wp-admin/widgets-rtl.css =================================================================== --- wp-admin/widgets-rtl.css (.../2.2.1) (revision 6166) +++ wp-admin/widgets-rtl.css (.../2.2.3) (revision 6166) @@ -4,7 +4,8 @@ * html #palettediv ul { padding: 0 10px 0 0; } -#palettediv ul { padding: 0 10px 0 0; } +#palettediv ul { padding: 0 10px 0 0; + margin-left: 1px!important;} * .handle, #lastmodule span { border-right: 1px solid #f2f2f2;