Make those chars feel special.
git-svn-id: https://develop.svn.wordpress.org/trunk@4112 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
622a66dc05
commit
4a9ad00205
@ -293,23 +293,55 @@ function wp_insert_link($linkdata) {
|
||||
extract($linkdata);
|
||||
|
||||
$update = false;
|
||||
|
||||
if ( !empty($link_id) )
|
||||
$update = true;
|
||||
|
||||
if( trim( $link_name ) == '' )
|
||||
return 0;
|
||||
$link_name = apply_filters('pre_link_name', $link_name);
|
||||
|
||||
if( trim( $link_url ) == '' )
|
||||
return 0;
|
||||
$link_url = apply_filters('pre_link_url', $link_url);
|
||||
|
||||
if ( empty($link_rating) )
|
||||
$link_rating = 0;
|
||||
else
|
||||
$link_rating = (int) $link_rating;
|
||||
|
||||
if ( empty($link_image) )
|
||||
$link_image = '';
|
||||
$link_image = apply_filters('pre_link_image', $link_image);
|
||||
|
||||
if ( empty($link_target) )
|
||||
$link_target = '';
|
||||
$link_target = apply_filters('pre_link_target', $link_target);
|
||||
|
||||
if ( empty($link_visible) )
|
||||
$link_visible = 'Y';
|
||||
$link_visibile = preg_replace('/[^YNyn]/', '', $link_visible);
|
||||
|
||||
if ( empty($link_owner) )
|
||||
$link_owner = $current_user->id;
|
||||
else
|
||||
$link_owner = (int) $link_owner;
|
||||
|
||||
if ( empty($link_notes) )
|
||||
$link_notes = '';
|
||||
$link_notes = apply_filters('pre_link_notes', $link_notes);
|
||||
|
||||
if ( empty($link_description) )
|
||||
$link_description = '';
|
||||
$link_description = apply_filters('pre_link_description', $link_description);
|
||||
|
||||
if ( empty($link_rss) )
|
||||
$link_rss = '';
|
||||
$link_rss = apply_filters('pre_link_rss', $link_rss);
|
||||
|
||||
if ( empty($link_rel) )
|
||||
$link_rel = '';
|
||||
$link_rel = apply_filters('pre_link_rel', $link_rel);
|
||||
|
||||
// Make sure we set a valid category
|
||||
if (0 == count($link_category) || !is_array($link_category)) {
|
||||
|
@ -301,6 +301,8 @@ function get_post_to_edit($id) {
|
||||
$post->post_title = format_to_edit($post->post_title);
|
||||
$post->post_title = apply_filters('title_edit_pre', $post->post_title);
|
||||
|
||||
$post->post_password = format_to_edit($post->post_password);
|
||||
|
||||
if ($post->post_type == 'page')
|
||||
$post->page_template = get_post_meta($id, '_wp_page_template', true);
|
||||
|
||||
@ -381,6 +383,23 @@ function wp_dropdown_roles( $default = false ) {
|
||||
}
|
||||
|
||||
|
||||
function get_user_to_edit($user_id) {
|
||||
$user = new WP_User($user_id);
|
||||
$user->user_login = wp_specialchars($user->user_login, 1);
|
||||
$user->user_email = wp_specialchars($user->user_email, 1);
|
||||
$user->user_url = wp_specialchars($user->user_url, 1);
|
||||
$user->first_name = wp_specialchars($user->first_name, 1);
|
||||
$user->last_name = wp_specialchars($user->last_name, 1);
|
||||
$user->display_name = wp_specialchars($user->display_name, 1);
|
||||
$user->nickname = wp_specialchars($user->nickname, 1);
|
||||
$user->aim = wp_specialchars($user->aim, 1);
|
||||
$user->yim = wp_specialchars($user->yim, 1);
|
||||
$user->jabber = wp_specialchars($user->jabber, 1);
|
||||
$user->description = wp_specialchars($user->description);
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
// Creates a new user from the "Users" form using $_POST information.
|
||||
|
||||
function add_user() {
|
||||
@ -509,9 +528,11 @@ function get_link_to_edit($link_id) {
|
||||
|
||||
$link->link_url = wp_specialchars($link->link_url, 1);
|
||||
$link->link_name = wp_specialchars($link->link_name, 1);
|
||||
$link->link_description = wp_specialchars($link->link_description);
|
||||
$link->link_image = wp_specialchars($link->link_image, 1);
|
||||
$link->link_description = wp_specialchars($link->link_description, 1);
|
||||
$link->link_notes = wp_specialchars($link->link_notes);
|
||||
$link->link_rss = wp_specialchars($link->link_rss);
|
||||
$link->link_rss = wp_specialchars($link->link_rss, 1);
|
||||
$link->link_rel = wp_specialchars($link->link_rel, 1);
|
||||
$link->post_category = $link->link_category;
|
||||
|
||||
return $link;
|
||||
@ -959,7 +980,7 @@ function list_meta($meta) {
|
||||
$style = '';
|
||||
if ('_' == $entry['meta_key'] { 0 })
|
||||
$style .= ' hidden';
|
||||
$key_js = addslashes(wp_specialchars( $entry['meta_key'], 'double' ));
|
||||
$key_js = js_escape($entry['meta_key']);
|
||||
$entry['meta_key'] = wp_specialchars( $entry['meta_key'], true );
|
||||
$entry['meta_value'] = wp_specialchars( $entry['meta_value'], true );
|
||||
$r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>";
|
||||
@ -1011,6 +1032,7 @@ function meta_form() {
|
||||
<?php
|
||||
|
||||
foreach ($keys as $key) {
|
||||
$key = wp_specialchars($key, 1);
|
||||
echo "\n\t<option value='$key'>$key</option>";
|
||||
}
|
||||
?>
|
||||
|
@ -39,7 +39,7 @@ if ('' != $post->pinged) {
|
||||
$pings = '<p>'. __('Already pinged:') . '</p><ul>';
|
||||
$already_pinged = explode("\n", trim($post->pinged));
|
||||
foreach ($already_pinged as $pinged_url) {
|
||||
$pings .= "\n\t<li>$pinged_url</li>";
|
||||
$pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
|
||||
}
|
||||
$pings .= '</ul>';
|
||||
}
|
||||
|
@ -17,7 +17,7 @@ include('admin-header.php');
|
||||
<table class="editform optiontable">
|
||||
<tr valign="top">
|
||||
<th scope="row"><?php _e('Store uploads in this folder'); ?>:</th>
|
||||
<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo str_replace(ABSPATH, '', get_settings('upload_path')); ?>" size="40" />
|
||||
<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo wp_specialchars(str_replace(ABSPATH, '', get_settings('upload_path')), 1); ?>" size="40" />
|
||||
<br />
|
||||
<?php _e('Default is <code>wp-content/uploads</code>'); ?>
|
||||
</td>
|
||||
|
@ -148,7 +148,7 @@ checked="checked"
|
||||
</label>
|
||||
<br />
|
||||
</p>
|
||||
<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo $permalink_structure; ?>" size="50" /></p>
|
||||
<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo wp_specialchars($permalink_structure, 1); ?>" size="50" /></p>
|
||||
|
||||
<h3><?php _e('Optional'); ?></h3>
|
||||
<?php if ($is_apache) : ?>
|
||||
@ -157,7 +157,7 @@ checked="checked"
|
||||
<p><?php _e('If you like, you may enter a custom prefix for your category URIs here. For example, <code>/index.php/taxonomy/tags</code> would make your category links like <code>http://example.org/index.php/taxonomy/tags/uncategorized/</code>. If you leave this blank the default will be used.') ?></p>
|
||||
<?php endif; ?>
|
||||
<p>
|
||||
<?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo $category_base; ?>" size="30" />
|
||||
<?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo wp_specialchars($category_base, 1); ?>" size="30" />
|
||||
</p>
|
||||
<p class="submit">
|
||||
<input type="submit" name="submit" value="<?php _e('Update Permalink Structure »') ?>" />
|
||||
|
@ -10,6 +10,67 @@ wp_reset_vars(array('action'));
|
||||
if ( !current_user_can('manage_options') )
|
||||
wp_die(__('Cheatin’ uh?'));
|
||||
|
||||
function sanitize_option($option, $value) {
|
||||
|
||||
switch ($option) {
|
||||
case 'admin_email':
|
||||
$value = sanitize_email($value);
|
||||
break;
|
||||
|
||||
case 'default_post_edit_rows':
|
||||
case 'mailserver_port':
|
||||
case 'comment_max_links':
|
||||
$value = abs((int) $value);
|
||||
break;
|
||||
|
||||
case 'posts_per_page':
|
||||
case 'posts_per_rss':
|
||||
$value = (int) $value;
|
||||
if ( empty($value) ) $value = 1;
|
||||
if ( $value < -1 ) $value = abs($value);
|
||||
break;
|
||||
|
||||
case 'default_ping_status':
|
||||
case 'default_comment_status':
|
||||
// Options that if not there have 0 value but need to be something like "closed"
|
||||
if ( $value == '0' || $value == '')
|
||||
$value = 'closed';
|
||||
break;
|
||||
|
||||
case 'blogdescription':
|
||||
case 'blogname':
|
||||
if (current_user_can('unfiltered_html') == false)
|
||||
$value = wp_filter_post_kses( $value );
|
||||
break;
|
||||
|
||||
case 'blog_charset':
|
||||
$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
|
||||
break;
|
||||
|
||||
case 'date_format':
|
||||
case 'time_format':
|
||||
case 'mailserver_url':
|
||||
case 'mailserver_login':
|
||||
case 'mailserver_pass':
|
||||
case 'ping_sites':
|
||||
case 'upload_path':
|
||||
$value = strip_tags($value);
|
||||
$value = wp_filter_kses($value);
|
||||
break;
|
||||
|
||||
case 'gmt_offset':
|
||||
$value = preg_replace('/[^0-9:.-]/', '', $value);
|
||||
break;
|
||||
|
||||
case 'siteurl':
|
||||
case 'home':
|
||||
$value = clean_url($value);
|
||||
break;
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
switch($action) {
|
||||
|
||||
case 'update':
|
||||
@ -29,19 +90,11 @@ case 'update':
|
||||
$old_siteurl = get_settings('siteurl');
|
||||
$old_home = get_settings('home');
|
||||
|
||||
// HACK
|
||||
// Options that if not there have 0 value but need to be something like "closed"
|
||||
$nonbools = array('default_ping_status', 'default_comment_status');
|
||||
if ($options) {
|
||||
foreach ($options as $option) {
|
||||
$option = trim($option);
|
||||
$value = trim(stripslashes($_POST[$option]));
|
||||
if( in_array($option, $nonbools) && ( $value == '0' || $value == '') )
|
||||
$value = 'closed';
|
||||
|
||||
if( $option == 'blogdescription' || $option == 'blogname' )
|
||||
if (current_user_can('unfiltered_html') == false)
|
||||
$value = wp_filter_post_kses( $value );
|
||||
$value = sanitize_option($option, $value);
|
||||
|
||||
if (update_option($option, $value) ) {
|
||||
$any_changed++;
|
||||
|
@ -8,7 +8,7 @@ if ( current_user_can('edit_users') )
|
||||
else
|
||||
$parent_file = 'profile.php';
|
||||
include_once('admin-header.php');
|
||||
$profileuser = new WP_User($user_ID);
|
||||
$profileuser = get_user_to_edit($user_ID);
|
||||
|
||||
$bookmarklet_height= 440;
|
||||
?>
|
||||
|
@ -40,7 +40,7 @@ if( !is_wp_error( $errors ) ) {
|
||||
default:
|
||||
include ('admin-header.php');
|
||||
|
||||
$profileuser = new WP_User($user_id);
|
||||
$profileuser = get_user_to_edit($user_id);
|
||||
|
||||
if ( !current_user_can('edit_user', $user_id) )
|
||||
if ( !is_wp_error( $errors ) )
|
||||
|
@ -97,7 +97,7 @@ class WP_User_Search {
|
||||
}
|
||||
|
||||
function get_results() {
|
||||
return $this->results;
|
||||
return (array) $this->results;
|
||||
}
|
||||
|
||||
function page_links() {
|
||||
@ -335,13 +335,13 @@ default:
|
||||
<div class="wrap">
|
||||
|
||||
<?php if ( $wp_user_search->is_search() ) : ?>
|
||||
<h2><?php printf(__('Users Matching "%s" by Role'), $wp_user_search->search_term); ?></h2>
|
||||
<h2><?php printf(__('Users Matching "%s" by Role'), wp_specialchars($wp_user_search->search_term)); ?></h2>
|
||||
<?php else : ?>
|
||||
<h2><?php _e('User List by Role'); ?></h2>
|
||||
<?php endif; ?>
|
||||
|
||||
<form action="" method="get" name="search" id="search">
|
||||
<p><input type="text" name="usersearch" id="usersearch" value="<?php echo wp_specialchars($wp_user_search->search_term); ?>" /> <input type="submit" value="<?php _e('Search for users »'); ?>" /></p>
|
||||
<p><input type="text" name="usersearch" id="usersearch" value="<?php echo wp_specialchars($wp_user_search->search_term, 1); ?>" /> <input type="submit" value="<?php _e('Search for users »'); ?>" /></p>
|
||||
</form>
|
||||
|
||||
<?php if ( is_wp_error( $wp_user_search->search_errors ) ) : ?>
|
||||
|
@ -55,6 +55,31 @@ add_filter('pre_category_name', 'wp_filter_kses');
|
||||
add_filter('pre_category_name', 'wp_specialchars', 30);
|
||||
add_filter('pre_category_description', 'wp_filter_kses');
|
||||
|
||||
//Links
|
||||
add_filter('pre_link_name', 'strip_tags');
|
||||
add_filter('pre_link_name', 'trim');
|
||||
add_filter('pre_link_name', 'wp_filter_kses');
|
||||
add_filter('pre_link_name', 'wp_specialchars', 30);
|
||||
add_filter('pre_link_description', 'wp_filter_kses');
|
||||
add_filter('pre_link_notes', 'wp_filter_kses');
|
||||
add_filter('pre_link_url', 'strip_tags');
|
||||
add_filter('pre_link_url', 'trim');
|
||||
add_filter('pre_link_url', 'clean_url');
|
||||
add_filter('pre_link_image', 'strip_tags');
|
||||
add_filter('pre_link_image', 'trim');
|
||||
add_filter('pre_link_image', 'clean_url');
|
||||
add_filter('pre_link_rss', 'strip_tags');
|
||||
add_filter('pre_link_rss', 'trim');
|
||||
add_filter('pre_link_rss', 'clean_url');
|
||||
add_filter('pre_link_target', 'strip_tags');
|
||||
add_filter('pre_link_target', 'trim');
|
||||
add_filter('pre_link_target', 'wp_filter_kses');
|
||||
add_filter('pre_link_target', 'wp_specialchars', 30);
|
||||
add_filter('pre_link_rel', 'strip_tags');
|
||||
add_filter('pre_link_rel', 'trim');
|
||||
add_filter('pre_link_rel', 'wp_filter_kses');
|
||||
add_filter('pre_link_rel', 'wp_specialchars', 30);
|
||||
|
||||
// Users
|
||||
add_filter('pre_user_display_name', 'strip_tags');
|
||||
add_filter('pre_user_display_name', 'trim');
|
||||
@ -115,6 +140,7 @@ add_filter('the_author', 'ent2ncr', 8);
|
||||
|
||||
// Misc filters
|
||||
add_filter('option_ping_sites', 'privacy_ping_filter');
|
||||
add_filter('option_blog_charset', 'wp_specialchars');
|
||||
|
||||
// Actions
|
||||
add_action('wp_head', 'rsd_link');
|
||||
|
@ -199,7 +199,7 @@ function get_option($option) {
|
||||
}
|
||||
|
||||
function form_option($option) {
|
||||
echo htmlspecialchars( get_option($option), ENT_QUOTES );
|
||||
echo wp_specialchars( get_option($option), 1 );
|
||||
}
|
||||
|
||||
function get_alloptions() {
|
||||
|
@ -476,17 +476,19 @@ function _max_num_pages() {
|
||||
global $wpdb, $wp_query;
|
||||
|
||||
if (isset($max_num_pages)) return $max_num_pages;
|
||||
|
||||
$posts_per = (int) get_option('posts_per_page');
|
||||
if ( empty($posts_per) ) $posts_per = 1;
|
||||
|
||||
if ( 'posts' == get_query_var('what_to_show') ) {
|
||||
preg_match('#FROM\s(.*)\sORDER BY#siU', $wp_query->request, $matches);
|
||||
$fromwhere = $matches[1];
|
||||
$numposts = $wpdb->get_var("SELECT COUNT(DISTINCT ID) FROM $fromwhere");
|
||||
$max_num_pages = ceil($numposts / get_option('posts_per_page'));
|
||||
$max_num_pages = ceil($numposts / $posts_per);
|
||||
} else {
|
||||
preg_match('#FROM\s(.*)\sORDER BY#siU', $wp_query->request, $matches);
|
||||
$fromwhere = preg_replace('/( AND )?post_date >= (\'|\")(.*?)(\'|\")( AND post_date <= (\'\")(.*?)(\'\"))?/siU', '', $matches[1]);
|
||||
$num_days = $wpdb->query("SELECT DISTINCT post_date FROM $fromwhere GROUP BY year(post_date), month(post_date), dayofmonth(post_date)");
|
||||
$max_num_pages = ceil($num_days / get_option('posts_per_page'));
|
||||
$max_num_pages = ceil($num_days / $posts_per);
|
||||
}
|
||||
|
||||
return $max_num_pages;
|
||||
|
@ -551,6 +551,11 @@ class WP_Query {
|
||||
$q['posts_per_page'] = get_settings('posts_per_rss');
|
||||
$q['what_to_show'] = 'posts';
|
||||
}
|
||||
$q['posts_per_page'] = (int) $q['posts_per_page'];
|
||||
if ( $q['posts_per_page'] < -1 )
|
||||
$q['posts_per_page'] = abs($q['posts_per_page']);
|
||||
else if ( $q['posts_per_page'] == 0 )
|
||||
$q['posts_per_page'] = 1;
|
||||
|
||||
if ( $this->is_home && (empty($this->query) || $q['preview'] == 'true') && ( 'page' == get_option('show_on_front') ) && get_option('page_on_front') ) {
|
||||
$this->is_page = true;
|
||||
|
Loading…
Reference in New Issue
Block a user