Index: wp-login.php =================================================================== --- wp-login.php (.../2.3) (revision 6582) +++ wp-login.php (.../2.3.2) (revision 6582) @@ -22,6 +22,8 @@ //Set a cookie now to see if they are supported by the browser. setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN); +if ( SITECOOKIEPATH != COOKIEPATH ) + setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN); // Rather than duplicating this HTML all over the place, we'll stick it in function function login_header($title = 'Login', $message = '') { Index: wp-includes/default-filters.php =================================================================== --- wp-includes/default-filters.php (.../2.3) (revision 6582) +++ wp-includes/default-filters.php (.../2.3.2) (revision 6582) @@ -25,12 +25,21 @@ add_filter($filter, 'wp_filter_kses'); } -// URL +// Save URL $filters = array('pre_comment_author_url', 'pre_user_url', 'pre_link_url', 'pre_link_image', - 'pre_link_rss', 'comment_url'); + 'pre_link_rss'); foreach ( $filters as $filter ) { add_filter($filter, 'strip_tags'); add_filter($filter, 'trim'); + add_filter($filter, 'sanitize_url'); + add_filter($filter, 'wp_filter_kses'); +} + +// Display URL +$filters = array('user_url', 'link_url', 'link_image', 'link_rss', 'comment_url'); +foreach ( $filters as $filter ) { + add_filter($filter, 'strip_tags'); + add_filter($filter, 'trim'); add_filter($filter, 'clean_url'); add_filter($filter, 'wp_filter_kses'); } @@ -127,6 +136,7 @@ // Actions add_action('wp_head', 'rsd_link'); +add_action('wp_head', 'wlwmanifest_link'); add_action('wp_head', 'locale_stylesheet'); add_action('publish_future_post', 'wp_publish_post', 10, 1); add_action('wp_head', 'noindex', 1); @@ -156,4 +166,4 @@ add_action('edit_post', 'wp_check_for_changed_slugs'); add_action('edit_form_advanced', 'wp_remember_old_slug'); -?> \ No newline at end of file +?> Index: wp-includes/bookmark.php =================================================================== --- wp-includes/bookmark.php (.../2.3) (revision 6582) +++ wp-includes/bookmark.php (.../2.3.2) (revision 6582) @@ -113,7 +113,7 @@ } if (!empty($category_query)) { $category_query .= ") AND taxonomy = 'link_category'"; - $join = " LEFT JOIN $wpdb->term_relationships AS tr ON ($wpdb->links.link_id = tr.object_id) LEFT JOIN $wpdb->term_taxonomy as tt ON tt.term_taxonomy_id = tr.term_taxonomy_id"; + $join = " INNER JOIN $wpdb->term_relationships AS tr ON ($wpdb->links.link_id = tr.object_id) INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_taxonomy_id = tr.term_taxonomy_id"; } if (get_option('links_recently_updated_time')) { Index: wp-includes/query.php =================================================================== --- wp-includes/query.php (.../2.3) (revision 6582) +++ wp-includes/query.php (.../2.3.2) (revision 6582) @@ -32,9 +32,9 @@ */ function is_admin () { - global $wp_query; - - return ($wp_query->is_admin || (stripos($_SERVER['REQUEST_URI'], 'wp-admin/') !== false)); + if ( defined('WP_ADMIN') ) + return WP_ADMIN; + return false; } function is_archive () { @@ -642,7 +642,7 @@ if ('' != $qv['preview']) $this->is_preview = true; - if ( strpos($_SERVER['PHP_SELF'], 'wp-admin/') !== false ) + if ( is_admin() ) $this->is_admin = true; if ( false !== strpos($qv['feed'], 'comments-') ) { @@ -932,7 +932,7 @@ } if ( !empty($q['category__in']) ) { - $join = " LEFT JOIN $wpdb->term_relationships ON ($wpdb->posts.ID = $wpdb->term_relationships.object_id) LEFT JOIN $wpdb->term_taxonomy ON ($wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id) "; + $join = " INNER JOIN $wpdb->term_relationships ON ($wpdb->posts.ID = $wpdb->term_relationships.object_id) INNER JOIN $wpdb->term_taxonomy ON ($wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id) "; $whichcat .= " AND $wpdb->term_taxonomy.taxonomy = 'category' "; $include_cats = "'" . implode("', '", $q['category__in']) . "'"; $whichcat .= " AND $wpdb->term_taxonomy.term_id IN ($include_cats) "; @@ -948,15 +948,6 @@ } } - if ( !empty($q['category__and']) ) { - $count = 0; - foreach ( $q['category__and'] as $category_and ) { - $join .= " LEFT JOIN $wpdb->term_relationships AS tr$count ON ($wpdb->posts.ID = tr$count.object_id) LEFT JOIN $wpdb->term_taxonomy AS tt$count ON (tr$count.term_taxonomy_id = tt$count.term_taxonomy_id) "; - $whichcat .= " AND tt$count.term_id = '$category_and' "; - $count++; - } - } - // Category stuff for nice URLs if ( '' != $q['category_name'] ) { $reqcat = get_category_by_path($q['category_name']); @@ -982,7 +973,7 @@ $q['cat'] = $reqcat; - $join = " LEFT JOIN $wpdb->term_relationships ON ($wpdb->posts.ID = $wpdb->term_relationships.object_id) LEFT JOIN $wpdb->term_taxonomy ON ($wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id) "; + $join = " INNER JOIN $wpdb->term_relationships ON ($wpdb->posts.ID = $wpdb->term_relationships.object_id) INNER JOIN $wpdb->term_taxonomy ON ($wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id) "; $whichcat = " AND $wpdb->term_taxonomy.taxonomy = 'category' "; $in_cats = array($q['cat']); $in_cats = array_merge($in_cats, get_term_children($q['cat'], 'category')); @@ -1024,7 +1015,7 @@ } if ( !empty($q['tag__in']) ) { - $join = " LEFT JOIN $wpdb->term_relationships ON ($wpdb->posts.ID = $wpdb->term_relationships.object_id) LEFT JOIN $wpdb->term_taxonomy ON ($wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id) "; + $join = " INNER JOIN $wpdb->term_relationships ON ($wpdb->posts.ID = $wpdb->term_relationships.object_id) INNER JOIN $wpdb->term_taxonomy ON ($wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id) "; $whichcat .= " AND $wpdb->term_taxonomy.taxonomy = 'post_tag' "; $include_tags = "'" . implode("', '", $q['tag__in']) . "'"; $whichcat .= " AND $wpdb->term_taxonomy.term_id IN ($include_tags) "; @@ -1034,7 +1025,7 @@ } if ( !empty($q['tag_slug__in']) ) { - $join = " LEFT JOIN $wpdb->term_relationships ON ($wpdb->posts.ID = $wpdb->term_relationships.object_id) LEFT JOIN $wpdb->term_taxonomy ON ($wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id) LEFT JOIN $wpdb->terms ON ($wpdb->term_taxonomy.term_id = $wpdb->terms.term_id) "; + $join = " INNER JOIN $wpdb->term_relationships ON ($wpdb->posts.ID = $wpdb->term_relationships.object_id) INNER JOIN $wpdb->term_taxonomy ON ($wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id) INNER JOIN $wpdb->terms ON ($wpdb->term_taxonomy.term_id = $wpdb->terms.term_id) "; $whichcat .= " AND $wpdb->term_taxonomy.taxonomy = 'post_tag' "; $include_tags = "'" . implode("', '", $q['tag_slug__in']) . "'"; $whichcat .= " AND $wpdb->terms.slug IN ($include_tags) "; @@ -1051,28 +1042,32 @@ } } - if ( !empty($q['tag__and']) ) { - $count = 0; - foreach ( $q['tag__and'] as $tag_and ) { - $join .= " LEFT JOIN $wpdb->term_relationships AS tr$count ON ($wpdb->posts.ID = tr$count.object_id) LEFT JOIN $wpdb->term_taxonomy AS tt$count ON (tr$count.term_taxonomy_id = tt$count.term_taxonomy_id) "; - $whichcat .= " AND tt$count.term_id = '$tag_and' "; - $count++; + // Tag and slug intersections. + $intersections = array('category__and' => 'category', 'tag__and' => 'post_tag', 'tag_slug__and' => 'post_tag'); + foreach ($intersections as $item => $taxonomy) { + if ( empty($q[$item]) ) continue; + + if ( $item != 'category__and' ) { + $reqtag = is_term( $q[$item][0], 'post_tag' ); + if ( !empty($reqtag) ) + $q['tag_id'] = $reqtag['term_id']; } - $reqtag = is_term( $q['tag__and'][0], 'post_tag' ); - if ( !empty($reqtag) ) - $q['tag_id'] = $reqtag['term_id']; - } - if ( !empty($q['tag_slug__and']) ) { - $count = 0; - foreach ( $q['tag_slug__and'] as $tag_and ) { - $join .= " LEFT JOIN $wpdb->term_relationships AS tr$count ON ($wpdb->posts.ID = tr$count.object_id) LEFT JOIN $wpdb->term_taxonomy AS tt$count ON (tr$count.term_taxonomy_id = tt$count.term_taxonomy_id) LEFT JOIN $wpdb->terms AS term$count ON (tt$count.term_id = term$count.term_id) "; - $whichcat .= " AND term$count.slug = '$tag_and' "; - $count++; + $taxonomy_field = $item == 'tag_slug__and' ? 'slug' : 'term_id'; + + $q[$item] = array_unique($q[$item]); + $tsql = "SELECT p.ID FROM $wpdb->posts p INNER JOIN $wpdb->term_relationships tr ON (p.ID = tr.object_id) INNER JOIN $wpdb->term_taxonomy tt ON (tr.term_taxonomy_id = tt.term_taxonomy_id) INNER JOIN $wpdb->terms t ON (tt.term_id = t.term_id)"; + $tsql .= " WHERE tt.taxonomy = '$taxonomy' AND t.$taxonomy_field IN ('" . implode("', '", $q[$item]) . "')"; + $tsql .= " GROUP BY p.ID HAVING count(p.ID) = " . count($q[$item]); + + $post_ids = $wpdb->get_col($tsql); + + if ( count($post_ids) ) + $whichcat .= " AND $wpdb->posts.ID IN (" . implode(', ', $post_ids) . ") "; + else { + $whichcat = " AND 0 = 1"; + break; } - $reqtag = is_term( $q['tag_slug__and'][0], 'post_tag' ); - if ( !empty($reqtag) ) - $q['tag_id'] = $reqtag['term_id']; } // Author/user stuff Index: wp-includes/wlwmanifest.xml =================================================================== --- wp-includes/wlwmanifest.xml (.../2.3) (revision 0) +++ wp-includes/wlwmanifest.xml (.../2.3.2) (revision 6582) @@ -0,0 +1,43 @@ + + + + + + WordPress + Yes + + + + WordPress + images/wlw/wp-icon.png + images/wlw/wp-watermark.png + View site + Dashboard + + + + + + + + + + + + + + + Property changes on: wp-includes/wlwmanifest.xml ___________________________________________________________________ Name: svn:eol-style + native Index: wp-includes/wp-db.php =================================================================== --- wp-includes/wp-db.php (.../2.3) (revision 6582) +++ wp-includes/wp-db.php (.../2.3.2) (revision 6582) @@ -15,11 +15,12 @@ class wpdb { - var $show_errors = true; + var $show_errors = false; var $num_queries = 0; var $last_query; var $col_info; var $queries; + var $ready = false; // Our tables var $posts; @@ -56,6 +57,9 @@ function __construct($dbuser, $dbpassword, $dbname, $dbhost) { register_shutdown_function(array(&$this, "__destruct")); + if ( defined('WP_DEBUG') and WP_DEBUG == true ) + $this->show_errors(); + if ( defined('DB_CHARSET') ) $this->charset = DB_CHARSET; @@ -74,8 +78,11 @@

If you're unsure what these terms mean you should probably contact your host. If you still need help you can always visit the WordPress Support Forums.

"); + return; } + $this->ready = true; + if ( !empty($this->charset) && version_compare(mysql_get_server_info(), '4.1.0', '>=') ) $this->query("SET NAMES '$this->charset'"); @@ -92,14 +99,17 @@ */ function select($db) { if (!@mysql_select_db($db, $this->dbh)) { + $this->ready = false; $this->bail("

Can’t select database

We were able to connect to the database server (which means your username and password is okay) but not able to select the $db database.

If you don't know how to setup a database you should contact your host. If all else fails you may find help at the WordPress Support Forums.

"); + return; } } @@ -149,29 +159,36 @@ $EZSQL_ERROR[] = array ('query' => $this->last_query, 'error_str' => $str); + $error_str = "WordPress database error $str for query $this->last_query"; + error_log($error_str, 0); + + // Is error output turned on or not.. + if ( !$this->show_errors ) + return false; + $str = htmlspecialchars($str, ENT_QUOTES); $query = htmlspecialchars($this->last_query, ENT_QUOTES); - // Is error output turned on or not.. - if ( $this->show_errors ) { - // If there is an error then take note of it - print "
-

WordPress database error: [$str]
- $query

-
"; - } else { - return false; - } + + // If there is an error then take note of it + print "
+

WordPress database error: [$str]
+ $query

+
"; } // ================================================================== // Turn error handling on or off.. - function show_errors() { - $this->show_errors = true; + function show_errors( $show = true ) { + $errors = $this->show_errors; + $this->show_errors = $show; + return $errors; } function hide_errors() { + $show = $this->show_errors; $this->show_errors = false; + return $show; } // ================================================================== @@ -187,6 +204,9 @@ // Basic Query - see docs for more detail function query($query) { + if ( ! $this->ready ) + return false; + // filter the query, if filters are available // NOTE: some queries are made before the plugins have been loaded, and thus cannot be filtered with this method if ( function_exists('apply_filters') ) @@ -399,12 +419,17 @@ * @param string $message */ function bail($message) { // Just wraps errors in a nice header and footer - if ( !$this->show_errors ) + if ( !$this->show_errors ) { + if ( class_exists('WP_Error') ) + $this->error = new WP_Error('500', $message); + else + $this->error = $message; return false; + } wp_die($message); } } if ( ! isset($wpdb) ) $wpdb = new wpdb(DB_USER, DB_PASSWORD, DB_NAME, DB_HOST); -?> \ No newline at end of file +?> Index: wp-includes/formatting.php =================================================================== --- wp-includes/formatting.php (.../2.3) (revision 6582) +++ wp-includes/formatting.php (.../2.3.2) (revision 6582) @@ -622,18 +622,35 @@ return $emailNOSPAMaddy; } +function _make_url_clickable_cb($matches) { + $url = $matches[2]; + $url = clean_url($url); + if ( empty($url) ) + return $matches[0]; + return $matches[1] . "$url"; +} + +function _make_web_ftp_clickable_cb($matches) { + $dest = $matches[2]; + $dest = 'http://' . $dest; + $dest = clean_url($dest); + if ( empty($dest) ) + return $matches[0]; + + return $matches[1] . "$dest"; +} + +function _make_email_clickable_cb($matches) { + $email = $matches[2] . '@' . $matches[3]; + return $matches[1] . "$email"; +} + function make_clickable($ret) { $ret = ' ' . $ret; // in testing, using arrays here was found to be faster - $ret = preg_replace( - array( - '#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', - '#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', - '#([\s>])([a-z0-9\-_.]+)@([^,< \n\r]+)#i'), - array( - '$1$2', - '$1$2', - '$1$2@$3'),$ret); + $ret = preg_replace_callback('#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_url_clickable_cb', $ret); + $ret = preg_replace_callback('#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_web_ftp_clickable_cb', $ret); + $ret = preg_replace_callback('#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret); // this one is not in an array because we need it to run last, for cleanup of accidental links within links $ret = preg_replace("#(]+?>|>))]+?>([^>]+?)#i", "$1$3", $ret); $ret = trim($ret); @@ -1087,7 +1104,7 @@ return apply_filters('richedit_pre', $output); } -function clean_url( $url, $protocols = null ) { +function clean_url( $url, $protocols = null, $context = 'display' ) { $original_url = $url; if ('' == $url) return $url; @@ -1103,15 +1120,22 @@ substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) ) $url = 'http://' . $url; - $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); + // Replace ampersands ony when displaying. + if ( 'display' == $context ) + $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); + if ( !is_array($protocols) ) $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); if ( wp_kses_bad_protocol( $url, $protocols ) != $url ) return ''; - return apply_filters('clean_url', $url, $original_url); + return apply_filters('clean_url', $url, $original_url, $context); } +function sanitize_url( $url, $protocols = null ) { + return clean_url( $url, $protocols, 'db'); +} + // Borrowed from the PHP Manual user notes. Convert entities, while // preserving already-encoded entities: function htmlentities2($myHTML) { Index: wp-includes/taxonomy.php =================================================================== --- wp-includes/taxonomy.php (.../2.3) (revision 6582) +++ wp-includes/taxonomy.php (.../2.3.2) (revision 6582) @@ -663,6 +663,10 @@ * @return array|object Term with all fields sanitized */ function sanitize_term($term, $taxonomy, $context = 'display') { + + if ( 'raw' == $context ) + return $term; + $fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group'); $do_object = false; @@ -1357,7 +1361,7 @@ } // Get the object and term ids and stick them in a lookup table - $results = $wpdb->get_results("SELECT object_id, term_taxonomy_id FROM $wpdb->term_relationships LEFT JOIN $wpdb->posts ON object_id = ID WHERE term_taxonomy_id IN (".join(',', array_keys($term_ids)).") AND post_type = 'post' AND post_status = 'publish'"); + $results = $wpdb->get_results("SELECT object_id, term_taxonomy_id FROM $wpdb->term_relationships INNER JOIN $wpdb->posts ON object_id = ID WHERE term_taxonomy_id IN (".join(',', array_keys($term_ids)).") AND post_type = 'post' AND post_status = 'publish'"); foreach ( $results as $row ) { $id = $term_ids[$row->term_taxonomy_id]; ++$term_items[$id][$row->object_id]; Index: wp-includes/images/wlw/WpComments.png =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Property changes on: wp-includes/images/wlw/WpComments.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Index: wp-includes/images/wlw/wp-icon.png =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Property changes on: wp-includes/images/wlw/wp-icon.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Index: wp-includes/images/wlw/WpIcon.png =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Property changes on: wp-includes/images/wlw/WpIcon.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Index: wp-includes/images/wlw/wp-watermark.png =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Property changes on: wp-includes/images/wlw/wp-watermark.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Index: wp-includes/images/wlw/WpWatermark.png =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Property changes on: wp-includes/images/wlw/WpWatermark.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Index: wp-includes/images/wlw/wp-comments.png =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Property changes on: wp-includes/images/wlw/wp-comments.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Index: wp-includes/post.php =================================================================== --- wp-includes/post.php (.../2.3) (revision 6582) +++ wp-includes/post.php (.../2.3.2) (revision 6582) @@ -102,7 +102,7 @@ $_post = null; } elseif ( is_object($post) ) { if ( 'page' == $post->post_type ) - return get_page($post, $output); + return get_page($post, $output, $filter); if ( !isset($post_cache[$blog_id][$post->ID]) ) $post_cache[$blog_id][$post->ID] = &$post; $_post = & $post_cache[$blog_id][$post->ID]; @@ -111,12 +111,12 @@ if ( isset($post_cache[$blog_id][$post]) ) $_post = & $post_cache[$blog_id][$post]; elseif ( $_post = wp_cache_get($post, 'pages') ) - return get_page($_post, $output); + return get_page($_post, $output, $filter); else { $query = "SELECT * FROM $wpdb->posts WHERE ID = '$post' LIMIT 1"; $_post = & $wpdb->get_row($query); if ( 'page' == $_post->post_type ) - return get_page($_post, $output); + return get_page($_post, $output, $filter); $post_cache[$blog_id][$post] = & $_post; } } @@ -428,6 +428,10 @@ } function sanitize_post($post, $context = 'display') { + + if ( 'raw' == $context ) + return $post; + // TODO: Use array keys instead of hard coded list $fields = array('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_date', 'post_date_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'post_category'); @@ -972,7 +976,7 @@ // Retrieves page data given a page ID or page object. // Handles page caching. -function &get_page(&$page, $output = OBJECT) { +function &get_page(&$page, $output = OBJECT, $filter = 'raw') { global $wpdb, $blog_id; if ( empty($page) ) { @@ -985,7 +989,7 @@ } } elseif ( is_object($page) ) { if ( 'post' == $page->post_type ) - return get_post($page, $output); + return get_post($page, $output, $filter); wp_cache_add($page->ID, $page, 'pages'); $_page = $page; } else { @@ -998,12 +1002,12 @@ $_page = & $GLOBALS['page']; wp_cache_add($_page->ID, $_page, 'pages'); } elseif ( isset($GLOBALS['post_cache'][$blog_id][$page]) ) { // it's actually a page, and is cached - return get_post($page, $output); + return get_post($page, $output, $filter); } else { // it's not in any caches, so off to the DB we go // Why are we using assignment for this query? $_page = & $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID= '$page' LIMIT 1"); if ( 'post' == $_page->post_type ) - return get_post($_page, $output); + return get_post($_page, $output, $filter); // Potential issue: we're not checking to see if the post_type = 'page' // So all non-'post' posts will get cached as pages. wp_cache_add($_page->ID, $_page, 'pages'); @@ -1011,6 +1015,8 @@ } } + $_page = sanitize_post($_page, $filter); + // at this point, one way or another, $_post contains the page object if ( $output == OBJECT ) { @@ -1137,6 +1143,7 @@ $exclude = ''; $meta_key = ''; $meta_value = ''; + $hierarchical = false; $incpages = preg_split('/[\s,]+/',$include); if ( count($incpages) ) { foreach ( $incpages as $incpage ) { @@ -1201,7 +1208,7 @@ $pages = $wpdb->get_results($query); if ( empty($pages) ) - return array(); + return apply_filters('get_pages', array(), $r); // Update cache. update_page_cache($pages); Index: wp-includes/version.php =================================================================== --- wp-includes/version.php (.../2.3) (revision 6582) +++ wp-includes/version.php (.../2.3.2) (revision 6582) @@ -2,7 +2,7 @@ // This holds the version number in a separate file so we can bump it without cluttering the SVN -$wp_version = '2.3'; +$wp_version = '2.3.2'; $wp_db_version = 6124; ?> Index: wp-includes/general-template.php =================================================================== --- wp-includes/general-template.php (.../2.3) (revision 6582) +++ wp-includes/general-template.php (.../2.3.2) (revision 6582) @@ -829,6 +829,11 @@ echo ' \n"; } +function wlwmanifest_link() { + echo ' '; +} + function noindex() { // If the blog is not public, tell robots to go away. if ( '0' == get_option('blog_public') ) Index: wp-includes/canonical.php =================================================================== --- wp-includes/canonical.php (.../2.3) (revision 6582) +++ wp-includes/canonical.php (.../2.3.2) (revision 6582) @@ -4,7 +4,7 @@ function redirect_canonical($requested_url=NULL, $do_redirect=true) { global $wp_rewrite, $posts, $is_IIS; - if ( is_feed() || is_trackback() || is_search() || is_comments_popup() || is_admin() || $is_IIS || ( isset($_POST) && count($_POST) ) ) + if ( is_feed() || is_trackback() || is_search() || is_comments_popup() || is_admin() || $is_IIS || ( isset($_POST) && count($_POST) ) || is_preview() ) return; if ( !$requested_url ) { Index: wp-includes/pluggable.php =================================================================== --- wp-includes/pluggable.php (.../2.3) (revision 6582) +++ wp-includes/pluggable.php (.../2.3.2) (revision 6582) @@ -72,9 +72,9 @@ if ( !$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = '$user_id' LIMIT 1") ) return false; - $wpdb->hide_errors(); + $show = $wpdb->hide_errors(); $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'"); - $wpdb->show_errors(); + $wpdb->show_errors($show); if ($metavalues) { foreach ( $metavalues as $meta ) { @@ -225,6 +225,7 @@ // Set the from name and email $phpmailer->From = apply_filters( 'wp_mail_from', $from_email ); + $phpmailer->Sender = apply_filters( 'wp_mail_from', $from_email ); $phpmailer->FromName = apply_filters( 'wp_mail_from_name', $from_name ); // Set destination address @@ -436,7 +437,7 @@ $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), $lp['host']); - if ( isset($lp['host']) && !in_array($lp['host'], $allowed_hosts) ) + if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) ) $location = get_option('siteurl') . '/wp-admin/'; wp_redirect($location, $status); Index: wp-includes/widgets.php =================================================================== --- wp-includes/widgets.php (.../2.3) (revision 6582) +++ wp-includes/widgets.php (.../2.3.2) (revision 6582) @@ -786,7 +786,7 @@ } $dims = array( 'width' => 350, 'height' => 170 ); - $class = array( 'classname' => 'widget_catgories' ); + $class = array( 'classname' => 'widget_categories' ); for ( $i = 1; $i <= 9; $i++ ) { $name = sprintf( __( 'Categories %d' ), $i ); @@ -1001,7 +1001,7 @@ $options = $newoptions = get_option('widget_rss'); if ( $_POST["rss-submit-$number"] ) { $newoptions[$number]['items'] = (int) $_POST["rss-items-$number"]; - $url = clean_url(strip_tags(stripslashes($_POST["rss-url-$number"]))); + $url = sanitize_url(strip_tags(stripslashes($_POST["rss-url-$number"]))); $newoptions[$number]['title'] = trim(strip_tags(stripslashes($_POST["rss-title-$number"]))); if ( $url !== $options[$number]['url'] ) { require_once(ABSPATH . WPINC . '/rss.php'); Index: wp-includes/functions.php =================================================================== --- wp-includes/functions.php (.../2.3) (revision 6582) +++ wp-includes/functions.php (.../2.3.2) (revision 6582) @@ -198,10 +198,10 @@ if ( false === $value ) { if ( defined('WP_INSTALLING') ) - $wpdb->hide_errors(); + $show = $wpdb->hide_errors(); $row = $wpdb->get_row("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1"); if ( defined('WP_INSTALLING') ) - $wpdb->show_errors(); + $wpdb->show_errors($show); if( is_object( $row) ) { // Has to be get_row instead of get_var because of funkiness with 0, false, null values $value = $row->option_value; @@ -236,11 +236,11 @@ function get_alloptions() { global $wpdb, $wp_queries; - $wpdb->hide_errors(); + $show = $wpdb->hide_errors(); if ( !$options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'") ) { $options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options"); } - $wpdb->show_errors(); + $wpdb->show_errors($show); foreach ($options as $option) { // "When trying to design a foolproof system, @@ -263,10 +263,10 @@ $alloptions = wp_cache_get('alloptions', 'options'); if ( !$alloptions ) { - $wpdb->hide_errors(); + $show = $wpdb->hide_errors(); if ( !$alloptions_db = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'") ) $alloptions_db = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options"); - $wpdb->show_errors(); + $wpdb->show_errors($show); $alloptions = array(); foreach ( (array) $alloptions_db as $o ) $alloptions[$o->option_name] = $o->option_value; @@ -726,9 +726,12 @@ } function wp($query_vars = '') { - global $wp; + global $wp, $wp_query, $wp_the_query; $wp->main($query_vars); + + if( !isset($wp_the_query) ) + $wp_the_query = $wp_query; } function get_status_header_desc( $code ) { @@ -889,9 +892,9 @@ function is_blog_installed() { global $wpdb; - $wpdb->hide_errors(); + $show = $wpdb->hide_errors(); $installed = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'"); - $wpdb->show_errors(); + $wpdb->show_errors($show); $install_status = !empty( $installed ) ? TRUE : FALSE; return $install_status; @@ -1416,4 +1419,36 @@ while ( @ob_end_flush() ); } +function dead_db() { + global $wpdb; + + // Load custom DB error template, if present. + if ( file_exists( ABSPATH . 'wp-content/db-error.php' ) ) { + require_once( ABSPATH . 'wp-content/db-error.php' ); + die(); + } + + // If installing or in the admin, provide the verbose message. + if ( defined('WP_INSTALLING') || defined('WP_ADMIN') ) + wp_die($wpdb->error); + + // Otherwise, be terse. + status_header( 500 ); + nocache_headers(); + header( 'Content-Type: text/html; charset=utf-8' ); ?> + +> + + Database Error + + + +

Error establishing a database connection

+ + + Index: wp-includes/script-loader.php =================================================================== --- wp-includes/script-loader.php (.../2.3) (revision 6582) +++ wp-includes/script-loader.php (.../2.3.2) (revision 6582) @@ -421,4 +421,24 @@ } $wp_scripts->enqueue( $handle ); } + +function wp_prototype_before_jquery( $js_array ) { + if ( false === $jquery = array_search( 'jquery', $js_array ) ) + return $js_array; + + if ( false === $prototype = array_search( 'prototype', $js_array ) ) + return $js_array; + + if ( $prototype < $jquery ) + return $js_array; + + unset($js_array[$prototype]); + + array_splice( $js_array, $jquery, 0, 'prototype' ); + + return $js_array; +} + +add_filter( 'print_scripts_array', 'wp_prototype_before_jquery' ); + ?> Index: wp-app.php =================================================================== --- wp-app.php (.../2.3) (revision 6582) +++ wp-app.php (.../2.3.2) (revision 6582) @@ -159,6 +159,10 @@ function get_service() { log_app('function','get_service()'); + + if( !current_user_can( 'edit_posts' ) ) + $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); + $entries_url = attribute_escape($this->get_entries_url()); $categories_url = attribute_escape($this->get_categories_url()); $media_url = attribute_escape($this->get_attachments_url()); @@ -188,8 +192,11 @@ } function get_categories_xml() { + log_app('function','get_categories_xml()'); - log_app('function','get_categories_xml()'); + if( !current_user_can( 'edit_posts' ) ) + $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); + $home = attribute_escape(get_bloginfo_rss('home')); $categories = ""; @@ -282,8 +289,11 @@ } function get_post($postID) { + global $entry; - global $entry; + if( !current_user_can( 'edit_post', $postID ) ) + $this->auth_required( __( 'Sorry, you do not have the right to access this post.' ) ); + $this->set_current_entry($postID); $output = $this->get_entry($postID); log_app('function',"get_post($postID)"); @@ -372,8 +382,9 @@ } function get_attachment($postID = NULL) { + if( !current_user_can( 'upload_files' ) ) + $this->auth_required( __( 'Sorry, you do not have the right to file uploads on this blog.' ) ); - global $entry; if (!isset($postID)) { $this->get_attachments(); } else { @@ -494,7 +505,11 @@ } $location = get_post_meta($entry['ID'], '_wp_attached_file', true); + $filetype = wp_check_filetype($location); + if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext'])) + $this->internal_error(__('Error ocurred while accessing post metadata for file location.')); + // delete file @unlink($location); @@ -795,7 +810,6 @@ - Index: xmlrpc.php =================================================================== --- xmlrpc.php (.../2.3) (revision 6582) +++ xmlrpc.php (.../2.3.2) (revision 6582) @@ -187,6 +187,12 @@ return($this->error); } + set_current_user( 0, $username ); + if( !current_user_can( 'edit_page', $page_id ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit this page.' ) ); + + do_action('xmlrpc_call', 'wp.getPage'); + // Lookup page info. $page = get_page($page_id); @@ -268,6 +274,12 @@ return($this->error); } + set_current_user( 0, $username ); + if( !current_user_can( 'edit_pages' ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); + + do_action('xmlrpc_call', 'wp.getPages'); + // Lookup info on pages. $pages = get_pages(); $num_pages = count($pages); @@ -426,6 +438,12 @@ return($this->error); } + set_current_user( 0, $username ); + if( !current_user_can( 'edit_pages' ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); + + do_action('xmlrpc_call', 'wp.getPageList'); + // Get list of pages ids and titles $page_list = $wpdb->get_results(" SELECT ID page_id, @@ -459,7 +477,6 @@ * wp_getAuthors */ function wp_getAuthors($args) { - global $wpdb; $this->escape($args); @@ -471,7 +488,23 @@ return($this->error); } - return(get_users_of_blog()); + set_current_user(0, $username); + if(!current_user_can("edit_posts")) { + return(new IXR_Error(401, __("Sorry, you can not edit posts on this blog."))); + } + + do_action('xmlrpc_call', 'wp.getAuthors'); + + $authors = array(); + foreach( (array) get_users_of_blog() as $row ) { + $authors[] = array( + "user_id" => $row->user_id, + "user_login" => $row->user_login, + "display_name" => $row->display_name + ); + } + + return($authors); } /** @@ -493,7 +526,7 @@ // Set the user context and make sure they are // allowed to add a category. set_current_user(0, $username); - if(!current_user_can("manage_categories", $page_id)) { + if(!current_user_can("manage_categories")) { return(new IXR_Error(401, __("Sorry, you do not have the right to add a category."))); } @@ -547,6 +580,12 @@ return($this->error); } + set_current_user(0, $username); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you must be able to publish to this blog in order to view categories.' ) ); + + do_action('xmlrpc_call', 'wp.suggestCategories'); + $args = array('get' => 'all', 'number' => $max_results, 'name__like' => $category); $category_suggestions = get_categories($args); @@ -597,13 +636,18 @@ return $this->error; } + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) ); + + do_action('xmlrpc_call', 'blogger.getUserInfo'); + $user_data = get_userdatabylogin($user_login); $struct = array( 'nickname' => $user_data->nickname, 'userid' => $user_data->ID, 'url' => $user_data->user_url, - 'email' => $user_data->user_email, 'lastname' => $user_data->last_name, 'firstname' => $user_data->first_name ); @@ -625,7 +669,12 @@ return $this->error; } - $user_data = get_userdatabylogin($user_login); + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_post', $post_ID ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); + + do_action('xmlrpc_call', 'blogger.getPost'); + $post_data = wp_get_single_post($post_ID, ARRAY_A); $categories = implode(',', wp_get_post_categories($post_ID)); @@ -663,12 +712,16 @@ $posts_list = wp_get_recent_posts($num_posts); + set_current_user( 0, $user_login ); + if (!$posts_list) { $this->error = new IXR_Error(500, __('Either there are no posts, or something went wrong.')); return $this->error; } foreach ($posts_list as $entry) { + if( !current_user_can( 'edit_post', $entry['ID'] ) ) + continue; $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); $categories = implode(',', wp_get_post_categories($entry['ID'])); @@ -1328,78 +1381,83 @@ /* metaweblog.getPost ...returns a post */ function mw_getPost($args) { - global $wpdb; + global $wpdb; $this->escape($args); - $post_ID = (int) $args[0]; - $user_login = $args[1]; - $user_pass = $args[2]; + $post_ID = (int) $args[0]; + $user_login = $args[1]; + $user_pass = $args[2]; - if (!$this->login_pass_ok($user_login, $user_pass)) { - return $this->error; - } + if (!$this->login_pass_ok($user_login, $user_pass)) { + return $this->error; + } - $postdata = wp_get_single_post($post_ID, ARRAY_A); + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_post', $post_ID ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); - if ($postdata['post_date'] != '') { + do_action('xmlrpc_call', 'metaWeblog.getPost'); - $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); - $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); + $postdata = wp_get_single_post($post_ID, ARRAY_A); - $categories = array(); - $catids = wp_get_post_categories($post_ID); - foreach($catids as $catid) { - $categories[] = get_cat_name($catid); - } + if ($postdata['post_date'] != '') { + $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); + $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); - $tagnames = array(); - $tags = wp_get_post_tags( $post_ID ); - if ( !empty( $tags ) ) { - foreach ( $tags as $tag ) { - $tagnames[] = $tag->name; + $categories = array(); + $catids = wp_get_post_categories($post_ID); + foreach($catids as $catid) { + $categories[] = get_cat_name($catid); } - $tagnames = implode( ', ', $tagnames ); - } else { - $tagnames = ''; - } - $post = get_extended($postdata['post_content']); - $link = post_permalink($postdata['ID']); + $tagnames = array(); + $tags = wp_get_post_tags( $post_ID ); + if ( !empty( $tags ) ) { + foreach ( $tags as $tag ) { + $tagnames[] = $tag->name; + } + $tagnames = implode( ', ', $tagnames ); + } else { + $tagnames = ''; + } - // Get the author info. - $author = get_userdata($postdata['post_author']); + $post = get_extended($postdata['post_content']); + $link = post_permalink($postdata['ID']); - $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; - $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; + // Get the author info. + $author = get_userdata($postdata['post_author']); - $resp = array( - 'dateCreated' => new IXR_Date($post_date), - 'userid' => $postdata['post_author'], - 'postid' => $postdata['ID'], - 'description' => $post['main'], - 'title' => $postdata['post_title'], - 'link' => $link, - 'permaLink' => $link, -// commented out because no other tool seems to use this -// 'content' => $entry['post_content'], - 'categories' => $categories, - 'mt_excerpt' => $postdata['post_excerpt'], - 'mt_text_more' => $post['extended'], - 'mt_allow_comments' => $allow_comments, - 'mt_allow_pings' => $allow_pings, - 'mt_keywords' => $tagnames, - 'wp_slug' => $postdata['post_name'], - 'wp_password' => $postdata['post_password'], - 'wp_author_id' => $author->ID, - 'wp_author_display_name' => $author->display_name, - 'date_created_gmt' => new IXR_Date($post_date_gmt) - ); + $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; + $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; - return $resp; - } else { - return new IXR_Error(404, __('Sorry, no such post.')); - } + $resp = array( + 'dateCreated' => new IXR_Date($post_date), + 'userid' => $postdata['post_author'], + 'postid' => $postdata['ID'], + 'description' => $post['main'], + 'title' => $postdata['post_title'], + 'link' => $link, + 'permaLink' => $link, + // commented out because no other tool seems to use this + // 'content' => $entry['post_content'], + 'categories' => $categories, + 'mt_excerpt' => $postdata['post_excerpt'], + 'mt_text_more' => $post['extended'], + 'mt_allow_comments' => $allow_comments, + 'mt_allow_pings' => $allow_pings, + 'mt_keywords' => $tagnames, + 'wp_slug' => $postdata['post_name'], + 'wp_password' => $postdata['post_password'], + 'wp_author_id' => $author->ID, + 'wp_author_display_name' => $author->display_name, + 'date_created_gmt' => new IXR_Date($post_date_gmt) + ); + + return $resp; + } else { + return new IXR_Error(404, __('Sorry, no such post.')); + } } @@ -1424,7 +1482,11 @@ return $this->error; } + set_current_user( 0, $user_login ); + foreach ($posts_list as $entry) { + if( !current_user_can( 'edit_post', $entry['ID'] ) ) + continue; $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); $post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt']); @@ -1504,6 +1566,12 @@ return $this->error; } + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); + + do_action('xmlrpc_call', 'metaWeblog.getCategories'); + $categories_struct = array(); if ( $cats = get_categories('get=all') ) { @@ -1623,7 +1691,11 @@ return $this->error; } + set_current_user( 0, $user_login ); + foreach ($posts_list as $entry) { + if( !current_user_can( 'edit_post', $entry['ID'] ) ) + continue; $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); $post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt']); @@ -1662,9 +1734,14 @@ return $this->error; } + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); + + do_action('xmlrpc_call', 'mt.getCategoryList'); + $categories_struct = array(); - // FIXME: can we avoid using direct SQL there? if ( $cats = get_categories('hide_empty=0&hierarchical=0') ) { foreach ($cats as $cat) { $struct['categoryId'] = $cat->term_id; @@ -1691,6 +1768,12 @@ return $this->error; } + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_post', $post_ID ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); + + do_action('xmlrpc_call', 'mt.getPostCategories'); + $categories = array(); $catids = wp_get_post_categories(intval($post_ID)); // first listed category will be the primary category Index: wp-mail.php =================================================================== --- wp-mail.php (.../2.3) (revision 6582) +++ wp-mail.php (.../2.3.2) (revision 6582) @@ -12,7 +12,7 @@ $pop3 = new POP3(); if (!$pop3->connect(get_option('mailserver_url'), get_option('mailserver_port'))) - wp_die($pop3->ERROR); + wp_die(wp_specialchars($pop3->ERROR)); $count = $pop3->login(get_option('mailserver_login'), get_option('mailserver_pass')); if (0 == $count) wp_die(__('There doesn’t seem to be any new mail.')); @@ -60,12 +60,15 @@ $subject = $subject[0]; } - // Set the author using the email address (To or Reply-To, the last used) + // Set the author using the email address (From or Reply-To, the last used) // otherwise use the site admin - if (preg_match('/From: /', $line) | preg_match('/Reply-To: /', $line)) { - $author=trim($line); - if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) { - $author = $regs[1]; + if ( preg_match('/(From|Reply-To): /', $line) ) { + if ( preg_match('|[a-z0-9_.-]+@[a-z0-9_.-]+(?!.*<)|i', $line, $matches) ) + $author = $matches[0]; + else + $author = trim($line); + $author = sanitize_email($author); + if ( is_email($author) ) { echo "Author = {$author}

"; $author = $wpdb->escape($author); $result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1"); @@ -126,9 +129,6 @@ $content = explode($phone_delim, $content); $content[1] ? $content = $content[1] : $content = $content[0]; - echo "

Content-type: $content_type, Content-Transfer-Encoding: $content_transfer_encoding, boundary: $boundary

\n"; - echo "

Raw content:

".$content.'

'; - $content = trim($content); $post_content = apply_filters('phone_content', $content); @@ -158,12 +158,11 @@ do_action('publish_phone', $post_ID); - echo "\n

Author: $post_author

"; - echo "\n

Posted title: $post_title
"; - echo "\nPosted content:

".$content.'

'; + echo "\n

Author: " . wp_specialchars($post_author) . "

"; + echo "\n

Posted title: " . wp_specialchars($post_title) . "
"; if(!$pop3->delete($i)) { - echo '

Oops '.$pop3->ERROR.'

'; + echo '

Oops '.wp_specialchars($pop3->ERROR).'

'; $pop3->reset(); exit; } else { Index: wp-settings.php =================================================================== --- wp-settings.php (.../2.3) (revision 6582) +++ wp-settings.php (.../2.3.2) (revision 6582) @@ -122,6 +122,9 @@ else require_once (ABSPATH . WPINC . '/wp-db.php'); +if ( !empty($wpdb->error) ) + dead_db(); + // $table_prefix is deprecated as of 2.1 $wpdb->prefix = $table_prefix; Index: wp-admin/includes/template.php =================================================================== --- wp-admin/includes/template.php (.../2.3) (revision 6582) +++ wp-admin/includes/template.php (.../2.3.2) (revision 6582) @@ -38,6 +38,7 @@ if ( current_user_can( 'manage_categories' ) ) { $edit = "".__( 'Edit' ).""; $default_cat_id = (int) get_option( 'default_category' ); + $default_link_cat_id = (int) get_option( 'default_link_category' ); if ( $category->term_id != $default_cat_id ) $edit .= "term_id ) . "' onclick=\"return deleteSomething( 'cat', $category->term_id, '" . js_escape(sprintf( __("You are about to delete the category '%s'.\nAll posts that were only assigned to this category will be assigned to the '%s' category.\nAll links that were only assigned to this category will be assigned to the '%s' category.\n'OK' to delete, 'Cancel' to stop." ), $category->name, get_catname( $default_cat_id ), get_catname( $default_link_cat_id ) )) . "' );\" class='delete'>".__( 'Delete' ).""; @@ -493,7 +494,7 @@ else $current = ''; - echo "\n\t"; + echo "\n\t"; parent_dropdown( $default, $item->ID, $level +1 ); } } else { Index: wp-admin/includes/file.php =================================================================== --- wp-admin/includes/file.php (.../2.3) (revision 6582) +++ wp-admin/includes/file.php (.../2.3.2) (revision 6582) @@ -43,6 +43,9 @@ } function validate_file( $file, $allowed_files = '' ) { + if ( false !== strpos( $file, '..' )) + return 1; + if ( false !== strpos( $file, './' )) return 1; Index: wp-admin/includes/upload.php =================================================================== --- wp-admin/includes/upload.php (.../2.3) (revision 6582) +++ wp-admin/includes/upload.php (.../2.3.2) (revision 6582) @@ -31,6 +31,9 @@ $src = wp_make_link_relative( $src_base ); $src_base = str_replace($src, '', $src_base); + if ( !trim($post_title) ) + $post_title = basename($src); + $r = ''; if ( $href ) @@ -39,7 +42,9 @@ $r .= "\t\t\t$innerHTML"; if ( $href ) $r .= "\n"; - $r .= "\t\t\t\t".size_format(filesize($filesystem_path))."\n"; + $size = @filesize($filesystem_path); + if ( !empty($size) ) + $r .= "\t\t\t\t".size_format($size)."\n"; $r .= "\n\t\t
\n\t\t\t

\n"; $r .= "\t\t\t\t\n"; $r .= "\t\t\t\t\n"; Index: wp-admin/includes/upgrade.php =================================================================== --- wp-admin/includes/upgrade.php (.../2.3) (revision 6582) +++ wp-admin/includes/upgrade.php (.../2.3.2) (revision 6582) @@ -533,6 +533,7 @@ // Convert categories to terms. $tt_ids = array(); + $have_tags = false; $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_ID"); foreach ($categories as $category) { $term_id = (int) $category->cat_ID; @@ -579,6 +580,7 @@ } if ( !empty($category->tag_count) ) { + $have_tags = true; $count = (int) $category->tag_count; $taxonomy = 'post_tag'; $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')"); @@ -593,7 +595,11 @@ } } - $posts = $wpdb->get_results("SELECT * FROM $wpdb->post2cat"); + $select = 'post_id, category_id'; + if ( $have_tags ) + $select .= ', rel_type'; + + $posts = $wpdb->get_results("SELECT $select FROM $wpdb->post2cat GROUP BY post_id, category_id"); foreach ( $posts as $post ) { $post_id = (int) $post->post_id; $term_id = (int) $post->category_id; @@ -658,7 +664,7 @@ // Set default to the last category we grabbed during the upgrade loop. update_option('default_link_category', $default_link_cat); } else { - $links = $wpdb->get_results("SELECT * FROM $wpdb->link2cat"); + $links = $wpdb->get_results("SELECT link_id, category_id FROM $wpdb->link2cat GROUP BY link_id, category_id"); foreach ( $links as $link ) { $link_id = (int) $link->link_id; $term_id = (int) $link->category_id; @@ -1002,7 +1008,6 @@ } // Add the column list to the index create string $index_string .= ' ('.$index_columns.')'; - error_log("Index string: $index_string", 0); if(!(($aindex = array_search($index_string, $indices)) === false)) { unset($indices[$aindex]); //echo "

{$table}:
Found index:".$index_string."
\n"; Index: wp-admin/admin.php =================================================================== --- wp-admin/admin.php (.../2.3) (revision 6582) +++ wp-admin/admin.php (.../2.3.2) (revision 6582) @@ -1,4 +1,6 @@ Index: wp-admin/import/wp-cat2tag.php =================================================================== --- wp-admin/import/wp-cat2tag.php (.../2.3) (revision 6582) +++ wp-admin/import/wp-cat2tag.php (.../2.3.2) (revision 6582) @@ -63,7 +63,7 @@ print ''; - print '

'; + print '

'; print ''; } @@ -140,11 +140,23 @@ foreach ( $posts as $post ) { if ( !$wpdb->get_var("SELECT object_id FROM $wpdb->term_relationships WHERE object_id = '$post' AND term_taxonomy_id = '$id'") ) $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post', '$id')"); + clean_post_cache($post); } } else { + $tt_ids = $wpdb->get_col("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = '{$category->term_id}' AND taxonomy = 'category'"); + if ( $tt_ids ) { + $posts = $wpdb->get_col("SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id IN (" . join(',', $tt_ids) . ") GROUP BY object_id"); + foreach ( (array) $posts as $post ) + clean_post_cache($post); + } + // Change the category to a tag. $wpdb->query("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = '{$category->term_id}' AND taxonomy = 'category'"); + $terms = $wpdb->get_col("SELECT term_id FROM $wpdb->term_taxonomy WHERE parent = '{$category->term_id}' AND taxonomy = 'category'"); + foreach ( (array) $terms as $term ) + clean_category_cache($term); + // Set all parents to 0 (root-level) if their parent was the converted tag $wpdb->query("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = '{$category->term_id}' AND taxonomy = 'category'"); } @@ -160,41 +172,9 @@ print ''; } - function convert_all_confirm() { - print '
'; - - print '

' . __('Confirm') . '

'; - - print '

' . __('You are about to convert all categories to tags. Are you sure you want to continue?') . '

'; - - print '
'; - wp_nonce_field('import-cat2tag'); - print '

    

'; - print ''; - - print '
'; - } - - function convert_all() { - global $wpdb; - - $this->populate_all_categories(); - foreach ( $this->all_categories as $category ) - $this->categories_to_convert[] = $category->term_id; - $this->convert_them(); - } - function init() { - if (isset($_POST['maybe_convert_all_cats'])) { - $step = 3; - } elseif (isset($_POST['yes_convert_all_cats'])) { - $step = 4; - } elseif (isset($_POST['no_dont_do_it'])) { - die('no_dont_do_it'); - } else { - $step = (isset($_GET['step'])) ? (int) $_GET['step'] : 1; - } + $step = (isset($_GET['step'])) ? (int) $_GET['step'] : 1; $this->header(); @@ -214,14 +194,6 @@ case 2 : $this->convert_them(); break; - - case 3 : - $this->convert_all_confirm(); - break; - - case 4 : - $this->convert_all(); - break; } } Index: wp-admin/import/utw.php =================================================================== --- wp-admin/import/utw.php (.../2.3) (revision 6582) +++ wp-admin/import/utw.php (.../2.3.2) (revision 6582) @@ -157,7 +157,7 @@ // run that funky magic! $tags_added = $this->tag2post(); - echo '

' . sprintf( __('Done! %s tags where added!'), $tags_added ) . '

'; + echo '

' . sprintf( __('Done! %s tags were added!'), $tags_added ) . '

'; echo ''; wp_nonce_field('import-utw'); @@ -273,4 +273,4 @@ // add it to the import page! register_importer('utw', 'Ultimate Tag Warrior', __('Import Ultimate Tag Warrior tags into the new native tagging structure.'), array($utw_import, 'dispatch')); -?> \ No newline at end of file +?> Index: wp-admin/import/mt.php =================================================================== --- wp-admin/import/mt.php (.../2.3) (revision 6582) +++ wp-admin/import/mt.php (.../2.3.2) (revision 6582) @@ -30,7 +30,7 @@ mt-export.txt in your /wp-content/ directory'); ?>

- +

out of memory error try splitting up the import file into pieces.'); ?>

Index: wp-admin/link-import.php =================================================================== --- wp-admin/link-import.php (.../2.3) (revision 6582) +++ wp-admin/link-import.php (.../2.3.2) (revision 6582) @@ -45,10 +45,10 @@