' . __('Pages:'), 'after' => '
', 'next_or_number' => 'number', 'nextpagelink' => __('Next page'),
'previouspagelink' => __('Previous page'), 'pagelink' => '%', 'more_file' => '', 'echo' => 1);
$r = array_merge($defaults, $r);
- extract($r);
+ extract($r, EXTR_SKIP);
global $id, $page, $numpages, $multipage, $more, $pagenow;
if ( $more_file != '' )
@@ -255,7 +255,7 @@
$defaults = array('depth' => 0, 'child_of' => 0, 'selected' => 0, 'echo' => 1,
'name' => 'page_id', 'show_option_none' => '');
$r = array_merge($defaults, $r);
- extract($r);
+ extract($r, EXTR_SKIP);
$pages = get_pages($r);
$output = '';
Index: wp-includes/bookmark.php
===================================================================
--- wp-includes/bookmark.php (.../2.2) (revision 5900)
+++ wp-includes/bookmark.php (.../2.2.2) (revision 5900)
@@ -34,7 +34,7 @@
$defaults = array('orderby' => 'name', 'order' => 'ASC', 'limit' => -1, 'category' => '',
'category_name' => '', 'hide_invisible' => 1, 'show_updated' => 0, 'include' => '', 'exclude' => '');
$r = array_merge($defaults, $r);
- extract($r);
+ extract($r, EXTR_SKIP);
$key = md5( serialize( $r ) );
if ( $cache = wp_cache_get( 'get_bookmarks', 'bookmark' ) )
Index: wp-includes/link-template.php
===================================================================
--- wp-includes/link-template.php (.../2.2) (revision 5900)
+++ wp-includes/link-template.php (.../2.2.2) (revision 5900)
@@ -77,6 +77,8 @@
$category = '';
if (strpos($permalink, '%category%') !== false) {
$cats = get_the_category($post->ID);
+ if ( $cats )
+ usort($cats, '_get_the_category_usort_by_ID'); // order by ID
$category = $cats[0]->category_nicename;
if ( $parent=$cats[0]->category_parent )
$category = get_category_parents($parent, FALSE, '/', TRUE) . $category;
@@ -480,7 +482,6 @@
$qstr = preg_replace('|^/+|', '', $qstr);
if ( $permalink )
$qstr = user_trailingslashit($qstr, 'paged');
- $qstr = preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', trailingslashit( get_option('home') ) . $qstr );
// showing /page/1/ or ?paged=1 is redundant
if ( 1 === $pagenum ) {
@@ -488,6 +489,9 @@
$qstr = str_replace(user_trailingslashit('page/1', 'paged'), '', $qstr); // for mod_rewrite style
$qstr = remove_query_arg('paged', $qstr); // for query style
}
+
+ $qstr = preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', trailingslashit( get_option('home') ) . $qstr );
+
return $qstr;
}
Index: wp-includes/formatting.php
===================================================================
--- wp-includes/formatting.php (.../2.2) (revision 5900)
+++ wp-includes/formatting.php (.../2.2.2) (revision 5900)
@@ -1103,7 +1103,7 @@
// Escape single quotes, specialchar double quotes, and fix line endings.
function js_escape($text) {
$safe_text = wp_specialchars($text, 'double');
- $safe_text = str_replace(''', "'", $safe_text);
+ $safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text));
$safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text));
return apply_filters('js_escape', $safe_text, $text);
}
@@ -1118,4 +1118,11 @@
return preg_replace('|https?://[^/]+(/.*)|i', '$1', $link );
}
+function wp_parse_str( $string, &$array ) {
+ parse_str( $string, $array );
+ if ( get_magic_quotes_gpc() )
+ $array = stripslashes_deep( $array ); // parse_str() adds slashes if magicquotes is on. See: http://php.net/parse_str
+ $array = apply_filters( 'wp_parse_str', $array );
+}
+
?>
Index: wp-includes/author-template.php
===================================================================
--- wp-includes/author-template.php (.../2.2) (revision 5900)
+++ wp-includes/author-template.php (.../2.2.2) (revision 5900)
@@ -183,7 +183,7 @@
$defaults = array('optioncount' => false, 'exclude_admin' => true, 'show_fullname' => false, 'hide_empty' => true,
'feed' => '', 'feed_image' => '');
$r = array_merge($defaults, $r);
- extract($r);
+ extract($r, EXTR_SKIP);
// TODO: Move select to get_authors().
$authors = $wpdb->get_results("SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name");
Index: wp-includes/category.php
===================================================================
--- wp-includes/category.php (.../2.2) (revision 5900)
+++ wp-includes/category.php (.../2.2.2) (revision 5900)
@@ -28,7 +28,7 @@
else
$r['orderby'] = "cat_" . $r['orderby']; // restricts order by to cat_ID and cat_name fields
$r['number'] = (int) $r['number'];
- extract($r);
+ extract($r, EXTR_SKIP);
$key = md5( serialize( $r ) );
if ( $cache = wp_cache_get( 'get_categories', 'category' ) )
Index: wp-includes/class-phpmailer.php
===================================================================
--- wp-includes/class-phpmailer.php (.../2.2) (revision 5900)
+++ wp-includes/class-phpmailer.php (.../2.2.2) (revision 5900)
@@ -390,7 +390,7 @@
*/
function SendmailSend($header, $body) {
if ($this->Sender != "")
- $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
+ $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, escapeshellarg($this->Sender));
else
$sendmail = sprintf("%s -oi -t", $this->Sendmail);
Index: wp-includes/post.php
===================================================================
--- wp-includes/post.php (.../2.2) (revision 5900)
+++ wp-includes/post.php (.../2.2.2) (revision 5900)
@@ -182,7 +182,7 @@
'orderby' => 'post_date', 'order' => 'DESC', 'include' => '', 'exclude' => '',
'meta_key' => '', 'meta_value' =>'', 'post_type' => 'post', 'post_status' => 'publish', 'post_parent' => 0);
$r = array_merge($defaults, $r);
- extract($r);
+ extract($r, EXTR_SKIP);
$numberposts = (int) $numberposts;
$offset = (int) $offset;
$category = (int) $category;
@@ -490,7 +490,7 @@
$postarr = get_object_vars($postarr);
// export array as variables
- extract($postarr);
+ extract($postarr, EXTR_SKIP);
// Are we updating or creating?
$update = false;
@@ -881,7 +881,7 @@
$postdata = wp_get_single_post($post_id, ARRAY_A);
// import postdata as variables
- extract($postdata);
+ extract($postdata, EXTR_SKIP);
// form an excerpt
$excerpt = strip_tags($post_excerpt?$post_excerpt:$post_content);
@@ -1067,7 +1067,7 @@
$defaults = array('child_of' => 0, 'sort_order' => 'ASC', 'sort_column' => 'post_title',
'hierarchical' => 1, 'exclude' => '', 'include' => '', 'meta_key' => '', 'meta_value' => '', 'authors' => '');
$r = array_merge($defaults, $r);
- extract($r);
+ extract($r, EXTR_SKIP);
$key = md5( serialize( $r ) );
if ( $cache = wp_cache_get( 'get_pages', 'page' ) )
@@ -1221,7 +1221,7 @@
$object = get_object_vars($object);
// Export array as variables
- extract($object);
+ extract($object, EXTR_SKIP);
// Get the basics.
$post_content = apply_filters('content_save_pre', $post_content);
Index: wp-includes/version.php
===================================================================
--- wp-includes/version.php (.../2.2) (revision 5900)
+++ wp-includes/version.php (.../2.2.2) (revision 5900)
@@ -2,7 +2,7 @@
// This holds the version number in a separate file so we can bump it without cluttering the SVN
-$wp_version = '2.2';
+$wp_version = '2.2.2';
$wp_db_version = 5183;
?>
Index: wp-includes/js/wp-ajax.js
===================================================================
--- wp-includes/js/wp-ajax.js (.../2.2) (revision 5900)
+++ wp-includes/js/wp-ajax.js (.../2.2.2) (revision 5900)
@@ -27,9 +27,9 @@
this.getResponseElement(responseEl);
},
addArg: function(key, value) {
- var a = [];
+ var a = $H();
a[encodeURIComponent(key)] = encodeURIComponent(value);
- this.options.parameters = $H(this.options.parameters).merge($H(a));
+ this.options.parameters = $H(this.options.parameters).merge(a);
},
getResponseElement: function(r) {
var p = $(r + '-p');
Index: wp-includes/js/tinymce/themes/advanced/color_picker.htm
===================================================================
--- wp-includes/js/tinymce/themes/advanced/color_picker.htm (.../2.2) (revision 5900)
+++ wp-includes/js/tinymce/themes/advanced/color_picker.htm (.../2.2.2) (revision 5900)
@@ -2,12 +2,73 @@
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: wp-includes/js/tinymce/themes/advanced/images/colors.jpg
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes on: wp-includes/js/tinymce/themes/advanced/images/colors.jpg
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Index: wp-includes/js/tinymce/themes/advanced/css/colorpicker.css
===================================================================
--- wp-includes/js/tinymce/themes/advanced/css/colorpicker.css (.../2.2) (revision 0)
+++ wp-includes/js/tinymce/themes/advanced/css/colorpicker.css (.../2.2.2) (revision 5900)
@@ -0,0 +1,53 @@
+/* Colorpicker dialog specific CSS */
+
+#preview {
+ float: right;
+ width: 50px;
+ height: 14px;
+ line-height: 1px;
+ border: 1px solid black;
+ margin-left: 5px;
+}
+
+#colorpicker {
+ float: left;
+ cursor: crosshair;
+}
+
+#light {
+ border: 1px solid gray;
+ margin-left: 5px;
+ float: left;
+ width: 15px;
+ cursor: crosshair;
+}
+
+#light div {
+ overflow: hidden;
+}
+
+#previewblock {
+ float: right;
+ padding-left: 10px;
+ height: 20px;
+}
+
+.panel_wrapper div.current {
+ height: 175px;
+}
+
+#namedcolors {
+ width: 150px;
+}
+
+#namedcolors a {
+ display: block;
+ float: left;
+ width: 10px; height: 10px;
+ margin: 1px 1px 0 0;
+ overflow: hidden;
+}
+
+#colornamecontainer {
+ margin-top: 5px;
+}
\ No newline at end of file
Index: wp-includes/general-template.php
===================================================================
--- wp-includes/general-template.php (.../2.2) (revision 5900)
+++ wp-includes/general-template.php (.../2.2.2) (revision 5900)
@@ -63,8 +63,8 @@
$info = get_bloginfo($show);
// Don't filter URL's.
- if (strpos($show, 'url') === false ||
- strpos($show, 'directory') === false ||
+ if (strpos($show, 'url') === false &&
+ strpos($show, 'directory') === false &&
strpos($show, 'home') === false) {
$info = apply_filters('bloginfo', $info, $show);
$info = convert_chars($info);
@@ -109,6 +109,7 @@
break;
case 'comments_atom_url':
$output = get_feed_link('comments_atom');
+ break;
case 'comments_rss2_url':
$output = get_feed_link('comments_rss2');
break;
@@ -217,8 +218,7 @@
// If there is a post
if ( is_single() || is_page() ) {
$post = $wp_query->get_queried_object();
- $title = apply_filters('single_post_title', $title);
- $title = strip_tags($post->post_title);
+ $title = strip_tags( apply_filters( 'single_post_title', $post->post_title ) );
}
$prefix = '';
@@ -322,7 +322,7 @@
$defaults = array('type' => 'monthly', 'limit' => '', 'format' => 'html', 'before' => '', 'after' => '', 'show_post_count' => false);
$r = array_merge($defaults, $r);
- extract($r);
+ extract($r, EXTR_SKIP);
if ( '' == $type )
$type = 'monthly';
@@ -813,7 +813,8 @@
if ( !isset( $wp_rich_edit) ) {
if ( get_user_option( 'rich_editing' ) == 'true' &&
( ( preg_match( '!AppleWebKit/(\d+)!', $_SERVER['HTTP_USER_AGENT'], $match ) && intval($match[1]) >= 420 ) ||
- !preg_match( '!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT'] ) ) ) {
+ !preg_match( '!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT'] ) )
+ && 'comment.php' != $pagenow ) {
$wp_rich_edit = true;
} else {
$wp_rich_edit = false;
@@ -899,10 +900,11 @@
//
@@ -955,28 +958,25 @@
echo $output;
}
-function paginate_links( $arg = '' ) {
- if ( is_array($arg) )
- $a = &$arg;
- else
- parse_str($arg, $a);
+function paginate_links( $args = '' ) {
+ $defaults = array(
+ 'base' => '%_%', // http://example.com/all_posts.php%_% : %_% is replaced by format (below)
+ 'format' => '?page=%#%', // ?page=%#% : %#% is replaced by the page number
+ 'total' => 1,
+ 'current' => 0,
+ 'show_all' => false,
+ 'prev_next' => true,
+ 'prev_text' => __('« Previous'),
+ 'next_text' => __('Next »'),
+ 'end_size' => 1, // How many numbers on either end including the end
+ 'mid_size' => 2, // How many numbers to either side of current not including current
+ 'type' => 'plain',
+ 'add_args' => false // array of query args to aadd
+ );
- // Defaults
- $base = '%_%'; // http://example.com/all_posts.php%_% : %_% is replaced by format (below)
- $format = '?page=%#%'; // ?page=%#% : %#% is replaced by the page number
- $total = 1;
- $current = 0;
- $show_all = false;
- $prev_next = true;
- $prev_text = __('« Previous');
- $next_text = __('Next »');
- $end_size = 1; // How many numbers on either end including the end
- $mid_size = 2; // How many numbers to either side of current not including current
- $type = 'plain';
- $add_args = false; // array of query args to aadd
+ $args = wp_parse_args( $args, $defaults );
+ extract($args, EXTR_SKIP);
- extract($a);
-
// Who knows what else people pass in $args
$total = (int) $total;
if ( $total < 2 )
Index: wp-includes/classes.php
===================================================================
--- wp-includes/classes.php (.../2.2) (revision 5900)
+++ wp-includes/classes.php (.../2.2.2) (revision 5900)
@@ -506,7 +506,7 @@
function start_el($output, $page, $depth, $current_page, $args) {
if ( $depth )
$indent = str_repeat("\t", $depth);
- extract($args);
+ extract($args, EXTR_SKIP);
$css_class = 'page_item';
$_current_page = get_page( $current_page );
if ( $page->ID == $current_page )
@@ -696,7 +696,7 @@
'data' => '', 'supplemental' => array());
$r = array_merge($defaults, $r);
- extract($r);
+ extract($r, EXTR_SKIP);
if ( is_wp_error($id) ) {
$data = $id;
Index: wp-includes/comment.php
===================================================================
--- wp-includes/comment.php (.../2.2) (revision 5900)
+++ wp-includes/comment.php (.../2.2.2) (revision 5900)
@@ -178,7 +178,7 @@
function wp_allow_comment($commentdata) {
global $wpdb;
- extract($commentdata);
+ extract($commentdata, EXTR_SKIP);
// Simple duplicate check
$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' ";
@@ -325,7 +325,7 @@
function wp_insert_comment($commentdata) {
global $wpdb;
- extract($commentdata);
+ extract($commentdata, EXTR_SKIP);
if ( ! isset($comment_author_IP) )
$comment_author_IP = preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] );
@@ -457,7 +457,7 @@
$commentarr = wp_filter_comment( $commentarr );
// Now extract the merged array.
- extract($commentarr);
+ extract($commentarr, EXTR_SKIP);
$comment_content = apply_filters('comment_save_pre', $comment_content);
@@ -517,7 +517,7 @@
$x_pingback_str = 'x-pingback: ';
$pingback_href_original_pos = 27;
- extract(parse_url($url));
+ extract(parse_url($url), EXTR_SKIP);
if ( !isset($host) ) // Not an URL. This should never happen.
return false;
Index: wp-includes/pluggable.php
===================================================================
--- wp-includes/pluggable.php (.../2.2) (revision 5900)
+++ wp-includes/pluggable.php (.../2.2.2) (revision 5900)
@@ -156,7 +156,7 @@
}
endif;
-if ( !function_exists('wp_mail') ) :
+if ( !function_exists( 'wp_mail' ) ) :
function wp_mail($to, $subject, $message, $headers = '') {
global $phpmailer;
@@ -168,7 +168,7 @@
$mail = compact('to', 'subject', 'message', 'headers');
$mail = apply_filters('wp_mail', $mail);
- extract($mail);
+ extract($mail, EXTR_SKIP);
if ( $headers == '' ) {
$headers = "MIME-Version: 1.0\n" .
@@ -224,6 +224,8 @@
function wp_login($username, $password, $already_md5 = false) {
global $wpdb, $error;
+ $username = sanitize_user($username);
+
if ( '' == $username )
return false;
Index: wp-includes/theme.php
===================================================================
--- wp-includes/theme.php (.../2.2) (revision 5900)
+++ wp-includes/theme.php (.../2.2.2) (revision 5900)
@@ -79,6 +79,7 @@
$name = trim( $name );
$theme = $name;
$theme_uri = trim( $theme_uri[1] );
+ $template = trim( $template[1] );
if ( '' == $author_uri[1] ) {
$author = trim( $author_name[1] );
@@ -86,7 +87,7 @@
$author = '
' . trim( $author_name[1] ) . '';
}
- return array( 'Name' => $name, 'Title' => $theme, 'URI' => $theme_uri, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1], 'Status' => $status );
+ return array( 'Name' => $name, 'Title' => $theme, 'URI' => $theme_uri, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template, 'Status' => $status );
}
function get_themes() {
Index: wp-includes/feed.php
===================================================================
--- wp-includes/feed.php (.../2.2) (revision 5900)
+++ wp-includes/feed.php (.../2.2.2) (revision 5900)
@@ -151,13 +151,13 @@
$home = get_bloginfo_rss('home');
$the_list = '';
foreach ( (array) $categories as $category ) {
- $category->cat_name = convert_chars($category->cat_name);
+ $cat_name = convert_chars($category->cat_name);
if ( 'rdf' == $type )
- $the_list .= "\n\t\t
cat_name]]>\n";
+ $the_list .= "\n\t\t
\n";
if ( 'atom' == $type )
- $the_list .= "
";
+ $the_list .= sprintf( '
', attribute_escape( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attribute_escape( $category->cat_name ) );
else
- $the_list .= "\n\t\t
cat_name]]>\n";
+ $the_list .= "\n\t\t
\n";
}
return apply_filters('the_category_rss', $the_list, $type);
}
Index: wp-includes/widgets.php
===================================================================
--- wp-includes/widgets.php (.../2.2) (revision 5900)
+++ wp-includes/widgets.php (.../2.2.2) (revision 5900)
@@ -75,9 +75,9 @@
$id = sanitize_title($name);
$options = array();
- if ( !empty($classname) )
+ if ( !empty($classname) && is_string($classname) )
$options['classname'] = $classname;
- $params = array_slice(func_get_args(), 3);
+ $params = array_slice(func_get_args(), 2);
$args = array($id, $name, $output_callback, $options);
if ( !empty($params) )
$args = array_merge($args, $params);
@@ -326,34 +326,70 @@
/* Default Widgets */
-function wp_widget_pages($args) {
- extract($args);
- $options = get_option('widget_pages');
- $title = empty($options['title']) ? __('Pages') : $options['title'];
- echo $before_widget . $before_title . $title . $after_title . "
\n";
- wp_list_pages("title_li=");
- echo "
\n" . $after_widget;
+function wp_widget_pages( $args ) {
+ extract( $args );
+ $options = get_option( 'widget_pages' );
+
+ $title = empty( $options['title'] ) ? __( 'Pages' ) : $options['title'];
+ $sortby = empty( $options['sortby'] ) ? 'menu_order' : $options['sortby'];
+ $exclude = empty( $options['exclude'] ) ? '' : '&exclude=' . $options['exclude'];
+
+ if ( $sortby == 'menu_order' ) {
+ $sortby = 'menu_order, post_title';
+ }
+
+ $out = wp_list_pages( 'title_li=&echo=0&sort_column=' . $sortby . $exclude );
+
+ if ( !empty( $out ) ) {
+?>
+
+
+
+
+
+
+
+
-
+
-
" name="text-title-" type="text" value="" />
-
+
+
" name="text-submit-" value="1" />
0 ) {
- location.href = "/?cat="+dropdown.options[dropdown.selectedIndex].value;
+ location.href = "/?cat="+dropdown.options[dropdown.selectedIndex].value;
}
}
dropdown.onchange = onCatChange;
@@ -771,7 +805,7 @@
function wp_widget_rss($args, $number = 1) {
require_once(ABSPATH . WPINC . '/rss.php');
- extract($args);
+ extract($args, EXTR_SKIP);
$options = get_option('widget_rss');
if ( isset($options['error']) && $options['error'] )
return;
@@ -826,7 +860,7 @@
echo "
$summary";
}
} else {
- echo __('
An error has occured; the feed is probably down. Try again later.');
+ echo '
' . __( 'An error has occurred; the feed is probably down. Try again later.' ) . '';
}
?>
@@ -928,7 +962,7 @@
$dims150 = array('height' => 150, 'width' => 300);
$class = array('classname' => 'widget_pages');
wp_register_sidebar_widget('pages', __('Pages'), 'wp_widget_pages', $class);
- wp_register_widget_control('pages', __('Pages'), 'wp_widget_pages_control', $dims90);
+ wp_register_widget_control('pages', __('Pages'), 'wp_widget_pages_control', $dims150);
$class['classname'] = 'widget_calendar';
wp_register_sidebar_widget('calendar', __('Calendar'), 'wp_widget_calendar', $class);
wp_register_widget_control('calendar', __('Calendar'), 'wp_widget_calendar_control', $dims90);
Index: wp-includes/functions.php
===================================================================
--- wp-includes/functions.php (.../2.2) (revision 5900)
+++ wp-includes/functions.php (.../2.2.2) (revision 5900)
@@ -203,6 +203,7 @@
/* Options functions */
+// expects $setting to already be SQL-escaped
function get_option($setting) {
global $wpdb;
@@ -302,16 +303,19 @@
return $alloptions;
}
+// expects $option_name to NOT be SQL-escaped
function update_option($option_name, $newvalue) {
global $wpdb;
wp_protect_special_option($option_name);
+ $safe_option_name = $wpdb->escape($option_name);
+
if ( is_string($newvalue) )
$newvalue = trim($newvalue);
// If the new and old values are the same, no need to update.
- $oldvalue = get_option($option_name);
+ $oldvalue = get_option($safe_option_name);
if ( $newvalue === $oldvalue ) {
return false;
}
@@ -322,7 +326,7 @@
}
$notoptions = wp_cache_get('notoptions', 'options');
- if ( isset($notoptions[$option_name]) ) {
+ if ( is_array($notoptions) && isset($notoptions[$option_name]) ) {
unset($notoptions[$option_name]);
wp_cache_set('notoptions', $notoptions, 'options');
}
@@ -349,21 +353,21 @@
}
// thx Alex Stapleton, http://alex.vort-x.net/blog/
+// expects $name to NOT be SQL-escaped
function add_option($name, $value = '', $description = '', $autoload = 'yes') {
global $wpdb;
wp_protect_special_option($name);
+ $safe_name = $wpdb->escape($name);
- // Make sure the option doesn't already exist we can check the cache before we ask for a db query
+ // Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query
$notoptions = wp_cache_get('notoptions', 'options');
- if ( isset($notoptions[$name]) ) {
- unset($notoptions[$name]);
- wp_cache_set('notoptions', $notoptions, 'options');
- } elseif ( false !== get_option($name) ) {
+ if ( !is_array($notoptions) || !isset($notoptions[$name]) )
+ if ( false !== get_option($safe_name) )
return;
- }
$value = maybe_serialize($value);
+ $autoload = ( 'no' === $autoload ) ? 'no' : 'yes';
if ( 'yes' == $autoload ) {
$alloptions = wp_load_alloptions();
@@ -373,6 +377,13 @@
wp_cache_set($name, $value, 'options');
}
+ // This option exists now
+ $notoptions = wp_cache_get('notoptions', 'options'); // yes, again... we need it to be fresh
+ if ( is_array($notoptions) && isset($notoptions[$name]) ) {
+ unset($notoptions[$name]);
+ wp_cache_set('notoptions', $notoptions, 'options');
+ }
+
$name = $wpdb->escape($name);
$value = $wpdb->escape($value);
$description = $wpdb->escape($description);
@@ -761,12 +772,12 @@
function add_query_arg() {
$ret = '';
if ( is_array(func_get_arg(0)) ) {
- if ( @func_num_args() < 2 || '' == @func_get_arg(1) )
+ if ( @func_num_args() < 2 || false === @func_get_arg(1) )
$uri = $_SERVER['REQUEST_URI'];
else
$uri = @func_get_arg(1);
} else {
- if ( @func_num_args() < 3 || '' == @func_get_arg(2) )
+ if ( @func_num_args() < 3 || false === @func_get_arg(2) )
$uri = $_SERVER['REQUEST_URI'];
else
$uri = @func_get_arg(2);
@@ -801,9 +812,7 @@
$query = $uri;
}
- parse_str($query, $qs);
- if ( get_magic_quotes_gpc() )
- $qs = stripslashes_deep($qs); // parse_str() adds slashes if magicquotes is on. See: http://php.net/parse_str
+ wp_parse_str($query, $qs);
$qs = urlencode_deep($qs);
if ( is_array(func_get_arg(0)) ) {
$kayvees = func_get_arg(0);
@@ -824,7 +833,7 @@
}
$ret = trim($ret, '?');
$ret = $protocol . $base . $ret . $frag;
- $ret = trim($ret, '?');
+ $ret = rtrim($ret, '?');
return $ret;
}
@@ -838,7 +847,7 @@
remove_query_arg(removekeyarray, [oldquery_or_uri])
*/
-function remove_query_arg($key, $query='') {
+function remove_query_arg($key, $query=FALSE) {
if ( is_array($key) ) { // removing multiple keys
foreach ( (array) $key as $k )
$query = add_query_arg($k, FALSE, $query);
@@ -1317,7 +1326,7 @@
function wp_die( $message, $title = '' ) {
global $wp_locale;
- if ( is_wp_error( $message ) ) {
+ if ( function_exists( 'is_wp_error' ) && is_wp_error( $message ) ) {
if ( empty($title) ) {
$error_data = $message->get_error_data();
if ( is_array($error_data) && isset($error_data['title']) )
@@ -1481,21 +1490,15 @@
}
function wp_parse_args( $args, $defaults = '' ) {
- if ( is_array($args) ) :
+ if ( is_array( $args ) )
$r =& $args;
- else :
- parse_str( $args, $r );
- if ( get_magic_quotes_gpc() )
- $r = stripslashes_deep( $r );
- endif;
+ else
+ wp_parse_str( $args, $r );
- if ( is_array($defaults) ) :
- extract($defaults);
- extract($r);
- return compact(array_keys($defaults)); // only those options defined in $defaults
- else :
+ if ( is_array( $defaults ) )
+ return array_merge( $defaults, $r );
+ else
return $r;
- endif;
}
function wp_maybe_load_widgets() {
@@ -1507,7 +1510,7 @@
function wp_widgets_add_menu() {
global $submenu;
- $submenu['themes.php'][7] = array( __( 'Widgets' ), 'edit_themes', 'widgets.php' );
+ $submenu['themes.php'][7] = array( __( 'Widgets' ), 'switch_themes', 'widgets.php' );
ksort($submenu['themes.php'], SORT_NUMERIC);
}
@@ -1518,4 +1521,4 @@
while ( @ob_end_flush() );
}
-?>
\ No newline at end of file
+?>
Index: wp-includes/registration.php
===================================================================
--- wp-includes/registration.php (.../2.2) (revision 5900)
+++ wp-includes/registration.php (.../2.2.2) (revision 5900)
@@ -32,7 +32,7 @@
function wp_insert_user($userdata) {
global $wpdb;
- extract($userdata);
+ extract($userdata, EXTR_SKIP);
// Are we updating or creating?
if ( !empty($ID) ) {
Index: wp-includes/comment-template.php
===================================================================
--- wp-includes/comment-template.php (.../2.2) (revision 5900)
+++ wp-includes/comment-template.php (.../2.2.2) (revision 5900)
@@ -239,7 +239,7 @@
function trackback_rdf($timezone = 0) {
global $id;
- if (strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false) {
+ if (stripos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') === false) {
echo '
@@ -285,7 +285,7 @@
$req = get_option('require_name_email');
$commenter = wp_get_current_commenter();
- extract($commenter);
+ extract($commenter, EXTR_SKIP);
// TODO: Use API instead of SELECTs.
if ( $user_ID) {
Index: wp-includes/bookmark-template.php
===================================================================
--- wp-includes/bookmark-template.php (.../2.2) (revision 5900)
+++ wp-includes/bookmark-template.php (.../2.2.2) (revision 5900)
@@ -253,7 +253,7 @@
$defaults = array('show_updated' => 0, 'show_description' => 0, 'show_images' => 1, 'before' => '',
'after' => '', 'between' => "\n");
$r = array_merge($defaults, $r);
- extract($r);
+ extract($r, EXTR_SKIP);
foreach ( (array) $bookmarks as $bookmark ) {
if ( !isset($bookmark->recently_updated) )
@@ -331,7 +331,7 @@
'category_orderby' => 'name', 'category_order' => 'ASC', 'class' => 'linkcat',
'category_before' => '', 'category_after' => '');
$r = array_merge($defaults, $r);
- extract($r);
+ extract($r, EXTR_SKIP);
$output = '';
Index: wp-includes/feed-atom-comments.php
===================================================================
--- wp-includes/feed-atom-comments.php (.../2.2) (revision 5900)
+++ wp-includes/feed-atom-comments.php (.../2.2.2) (revision 5900)
@@ -20,7 +20,7 @@
WordPress
-
+
@@ -40,7 +40,7 @@
printf(__('By: %s'), get_comment_author_rss());
}
?>
-
+
@@ -49,8 +49,8 @@
-
-
+
+
post_password) && $_COOKIE['wp-postpass'] != $comment_post->post_password) : ?>
]]>
Index: wp-includes/category-template.php
===================================================================
--- wp-includes/category-template.php (.../2.2) (revision 5900)
+++ wp-includes/category-template.php (.../2.2.2) (revision 5900)
@@ -83,6 +83,15 @@
return strcmp($a->category_name, $b->category_name);
}
+function _get_the_category_usort_by_ID($a, $b) {
+ if ( $a->cat_ID > $b->cat_ID )
+ return 1;
+ elseif ( $a->cat_ID < $b->cat_ID )
+ return -1;
+ else
+ return 0;
+}
+
function get_the_category_by_ID($cat_ID) {
$cat_ID = (int) $cat_ID;
$category = &get_category($cat_ID);
@@ -182,7 +191,7 @@
$defaults['selected'] = ( is_category() ) ? get_query_var('cat') : 0;
$r = array_merge($defaults, $r);
$r['include_last_update_time'] = $r['show_last_update'];
- extract($r);
+ extract($r, EXTR_SKIP);
$categories = get_categories($r);
@@ -233,7 +242,7 @@
$r['pad_counts'] = true;
if ( isset($r['show_date']) )
$r['include_last_update_time'] = $r['show_date'];
- extract($r);
+ extract($r, EXTR_SKIP);
$categories = get_categories($r);
Index: wp-app.php
===================================================================
--- wp-app.php (.../2.2) (revision 5900)
+++ wp-app.php (.../2.2.2) (revision 5900)
@@ -673,8 +673,9 @@
}
$location = get_post_meta($entry['ID'], '_wp_attached_file', true);
+ $filetype = wp_check_filetype($location);
- if(!isset($location))
+ if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
$this->internal_error(__('Error ocurred while accessing post metadata for file location.'));
header('Content-Type: ' . $entry['post_mime_type']);
@@ -707,8 +708,9 @@
}
$location = get_post_meta($entry['ID'], '_wp_attached_file', true);
+ $filetype = wp_check_filetype($location);
- if(!isset($location))
+ if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
$this->internal_error(__('Error ocurred while accessing post metadata for file location.'));
$fp = fopen("php://input", "rb");
Index: xmlrpc.php
===================================================================
--- xmlrpc.php (.../2.2) (revision 5900)
+++ xmlrpc.php (.../2.2.2) (revision 5900)
@@ -28,10 +28,10 @@
http://wordpress.org/
-
-
-
-
+
+
+
+
@@ -208,7 +208,7 @@
$allow_pings = ("open" == $page->ping_status) ? 1 : 0;
// Format page date.
- $page_date = mysql2date("Ymd\TH:i:s", $page->post_date_gmt);
+ $page_date = mysql2date("Ymd\TH:i:s\Z", $page->post_date_gmt);
// Pull the categories info together.
$categories = array();
@@ -438,7 +438,7 @@
// The date needs to be formated properly.
$num_pages = count($page_list);
for($i = 0; $i < $num_pages; $i++) {
- $post_date = mysql2date("Ymd\TH:i:s", $page_list[$i]->post_date_gmt);
+ $post_date = mysql2date("Ymd\TH:i:s\Z", $page_list[$i]->post_date_gmt);
$page_list[$i]->dateCreated = new IXR_Date($post_date);
unset($page_list[$i]->post_date_gmt);
@@ -538,7 +538,7 @@
$username = $args[1];
$password = $args[2];
$category = $args[3];
- $max_results = $args[4];
+ $max_results = (int) $args[4];
if(!$this->login_pass_ok($username, $password)) {
return($this->error);
@@ -849,7 +849,7 @@
if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
- extract($actual_post);
+ extract($actual_post, EXTR_SKIP);
if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.'));
@@ -929,8 +929,9 @@
return $this->error;
}
+ $cap = ($publish) ? 'publish_posts' : 'edit_posts';
$user = set_current_user(0, $user_login);
- if ( !current_user_can('publish_posts') )
+ if ( !current_user_can($cap) )
return new IXR_Error(401, __('Sorry, you can not post on this weblog or category.'));
// The post_type defaults to post, but could also be page.
@@ -999,32 +1000,68 @@
$post_more = $content_struct['mt_text_more'];
if(isset($content_struct["mt_allow_comments"])) {
- switch((int) $content_struct["mt_allow_comments"]) {
- case 0:
- $comment_status = "closed";
- break;
- case 1:
- $comment_status = "open";
- break;
- default:
- $comment_status = get_option("default_comment_status");
- break;
+ if(!is_numeric($content_struct["mt_allow_comments"])) {
+ switch($content_struct["mt_allow_comments"]) {
+ case "closed":
+ $comment_status = "closed";
+ break;
+ case "open":
+ $comment_status = "open";
+ break;
+ default:
+ $comment_status = get_option("default_comment_status");
+ break;
+ }
}
+ else {
+ switch((int) $content_struct["mt_allow_comments"]) {
+ case 0:
+ $comment_status = "closed";
+ break;
+ case 1:
+ $comment_status = "open";
+ break;
+ default:
+ $comment_status = get_option("default_comment_status");
+ break;
+ }
+ }
}
+ else {
+ $comment_status = get_option("default_comment_status");
+ }
if(isset($content_struct["mt_allow_pings"])) {
- switch((int) $content_struct["mt_allow_pings"]) {
- case 0:
- $ping_status = "closed";
- break;
- case 1:
- $ping_status = "open";
- break;
- default:
- $ping_status = get_option("default_ping_status");
- break;
+ if(!is_numeric($content_struct["mt_allow_pings"])) {
+ switch($content["mt_allow_pings"]) {
+ case "closed":
+ $ping_status = "closed";
+ break;
+ case "open":
+ $ping_status = "open";
+ break;
+ default:
+ $ping_status = get_option("default_ping_status");
+ break;
+ }
}
+ else {
+ switch((int) $content_struct["mt_allow_pings"]) {
+ case 0:
+ $ping_status = "closed";
+ break;
+ case 1:
+ $ping_status = "open";
+ break;
+ default:
+ $ping_status = get_option("default_ping_status");
+ break;
+ }
+ }
}
+ else {
+ $ping_status = get_option("default_ping_status");
+ }
if ($post_more) {
$post_content = $post_content . "\n\n" . $post_more;
@@ -1126,8 +1163,8 @@
return(new IXR_Error(404, __("Invalid post id.")));
}
- extract($postdata);
$this->escape($postdata);
+ extract($postdata, EXTR_SKIP);
// Let WordPress manage slug if none was provided.
$post_name = "";
@@ -1150,7 +1187,7 @@
$menu_order = $content_struct["wp_page_order"];
}
- $post_author = $user->ID;
+ $post_author = $postdata["post_author"];
// Only set the post_author if one is set.
if(
@@ -1177,16 +1214,62 @@
$post_author = $content_struct["wp_author_id"];
}
- // Only set ping_status if it was provided.
+ if(isset($content_struct["mt_allow_comments"])) {
+ if(!is_numeric($content_struct["mt_allow_comments"])) {
+ switch($content_struct["mt_allow_comments"]) {
+ case "closed":
+ $comment_status = "closed";
+ break;
+ case "open":
+ $comment_status = "open";
+ break;
+ default:
+ $comment_status = get_option("default_comment_status");
+ break;
+ }
+ }
+ else {
+ switch((int) $content_struct["mt_allow_comments"]) {
+ case 0:
+ $comment_status = "closed";
+ break;
+ case 1:
+ $comment_status = "open";
+ break;
+ default:
+ $comment_status = get_option("default_comment_status");
+ break;
+ }
+ }
+ }
+
if(isset($content_struct["mt_allow_pings"])) {
- switch((int) $content_struct["mt_allow_pings"]) {
- case 0:
- $ping_status = "closed";
- break;
- case 1:
- $ping_status = "open";
- break;
+ if(!is_numeric($content_struct["mt_allow_pings"])) {
+ switch($content["mt_allow_pings"]) {
+ case "closed":
+ $ping_status = "closed";
+ break;
+ case "open":
+ $ping_status = "open";
+ break;
+ default:
+ $ping_status = get_option("default_ping_status");
+ break;
+ }
}
+ else {
+ switch((int) $content_struct["mt_allow_pings"]) {
+ case 0:
+ $ping_status = "closed";
+ break;
+ case 1:
+ $ping_status = "open";
+ break;
+ default:
+ $ping_status = get_option("default_ping_status");
+ break;
+ }
+ }
}
$post_title = $content_struct['title'];
@@ -1220,10 +1303,6 @@
if ( is_array($to_ping) )
$to_ping = implode(' ', $to_ping);
- if(isset($content_struct["mt_allow_comments"])) {
- $comment_status = (int) $content_struct["mt_allow_comments"];
- }
-
// Do some timestamp voodoo
$dateCreatedd = $content_struct['dateCreated'];
if (!empty($dateCreatedd)) {
@@ -1269,7 +1348,7 @@
if ($postdata['post_date'] != '') {
- $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']);
+ $post_date = mysql2date('Ymd\TH:i:s\Z', $postdata['post_date_gmt']);
$categories = array();
$catids = wp_get_post_categories($post_ID);
@@ -1337,7 +1416,7 @@
foreach ($posts_list as $entry) {
- $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt']);
+ $post_date = mysql2date('Ymd\TH:i:s\Z', $entry['post_date_gmt']);
$categories = array();
$catids = wp_get_post_categories($entry['ID']);
foreach($catids as $catid) {
@@ -1436,6 +1515,21 @@
$type = $data['type'];
$bits = $data['bits'];
+ logIO('O', '(MW) Received '.strlen($bits).' bytes');
+
+ if ( !$this->login_pass_ok($user_login, $user_pass) )
+ return $this->error;
+
+ set_current_user(0, $user_login);
+ if ( !current_user_can('upload_files') ) {
+ logIO('O', '(MW) User does not have upload_files capability');
+ $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.'));
+ return $this->error;
+ }
+
+ if ( $upload_err = apply_filters( "pre_upload_error", false ) )
+ return new IXR_Error(500, $upload_err);
+
if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) {
// Get postmeta info on the object.
$old_file = $wpdb->get_row("
@@ -1454,21 +1548,6 @@
$name = "wpid{$old_file->ID}-{$filename}";
}
- logIO('O', '(MW) Received '.strlen($bits).' bytes');
-
- if ( !$this->login_pass_ok($user_login, $user_pass) )
- return $this->error;
-
- set_current_user(0, $user_login);
- if ( !current_user_can('upload_files') ) {
- logIO('O', '(MW) User does not have upload_files capability');
- $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.'));
- return $this->error;
- }
-
- if ( $upload_err = apply_filters( "pre_upload_error", false ) )
- return new IXR_Error(500, $upload_err);
-
$upload = wp_upload_bits($name, $type, $bits, $overwrite);
if ( ! empty($upload['error']) ) {
$errorString = 'Could not write file ' . $name . ' (' . $upload['error'] . ')';
@@ -1522,7 +1601,7 @@
foreach ($posts_list as $entry) {
- $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt']);
+ $post_date = mysql2date('Ymd\TH:i:s\Z', $entry['post_date_gmt']);
$struct[] = array(
'dateCreated' => new IXR_Date($post_date),
Index: wp-content/themes/default/functions.php
===================================================================
--- wp-content/themes/default/functions.php (.../2.2) (revision 5900)
+++ wp-content/themes/default/functions.php (.../2.2.2) (revision 5900)
@@ -384,7 +384,7 @@