[wp-cvs] wordpress/wp-includes classes.php, 1.29, 1.30 functions-formatting.php, 1.48, 1.49 functions-post.php, 1.18, 1.19 functions.php, 1.221, 1.222 links.php, 1.15, 1.16 template-functions-author.php, 1.12, 1.13 template-functions-category.php, 1.43, 1.44 template-functions-comment.php, 1.35, 1.36 template-functions-general.php, 1.56, 1.57 template-functions-post.php, 1.31, 1.32 vars.php, 1.34, 1.35

[Matthew Mullenweg]

Update of /cvsroot/cafelog/wordpress/wp-includes
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7803/wp-includes

Modified Files:
	classes.php functions-formatting.php functions-post.php 
	functions.php links.php template-functions-author.php 
	template-functions-category.php template-functions-comment.php 
	template-functions-general.php template-functions-post.php 
	vars.php 
Log Message:
Axing htmlspecialchars because it double-encodes-encodes. Better error handling around queries.

Index: functions.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/functions.php,v
retrieving revision 1.221
retrieving revision 1.222
diff -C2 -d -r1.221 -r1.222
*** functions.php	9 Dec 2004 00:25:07 -0000	1.221
--- functions.php	12 Dec 2004 20:41:17 -0000	1.222
***************
*** 362,366 ****
  
  function form_option($option) {
! 	echo htmlspecialchars( get_option($option) );
  }
  
--- 362,366 ----
  
  function form_option($option) {
! 	echo htmlspecialchars( get_option($option), ENT_QUOTES );
  }
  

Index: vars.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/vars.php,v
retrieving revision 1.34
retrieving revision 1.35
diff -C2 -d -r1.34 -r1.35
*** vars.php	28 Nov 2004 19:16:14 -0000	1.34
--- vars.php	12 Dec 2004 20:41:19 -0000	1.35
***************
*** 183,187 ****
  
  // Some default filters
! add_filter('bloginfo','htmlspecialchars');
  add_filter('category_description', 'wptexturize');
  add_filter('list_cats', 'wptexturize');
--- 183,187 ----
  
  // Some default filters
! add_filter('bloginfo','wp_specialchars');
  add_filter('category_description', 'wptexturize');
  add_filter('list_cats', 'wptexturize');

Index: links.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/links.php,v
retrieving revision 1.15
retrieving revision 1.16
diff -C2 -d -r1.15 -r1.16
*** links.php	11 Oct 2004 19:54:09 -0000	1.15
--- links.php	12 Dec 2004 20:41:18 -0000	1.16
***************
*** 177,181 ****
          $the_link = '#';
          if (($row->link_url != null) && ($row->link_url != '')) {
!             $the_link = htmlspecialchars($row->link_url);
          }
          $rel = $row->link_rel;
--- 177,181 ----
          $the_link = '#';
          if (($row->link_url != null) && ($row->link_url != '')) {
!             $the_link = wp_specialchars($row->link_url);
          }
          $rel = $row->link_rel;
***************
*** 183,188 ****
              $rel = " rel='$rel'";
          }
!         $desc = htmlspecialchars($row->link_description, ENT_QUOTES);
!         $name = htmlspecialchars($row->link_name, ENT_QUOTES);
  
          $title = $desc;
--- 183,188 ----
              $rel = " rel='$rel'";
          }
!         $desc = wp_specialchars($row->link_description, ENT_QUOTES);
!         $name = wp_specialchars($row->link_name, ENT_QUOTES);
  
          $title = $desc;

Index: template-functions-general.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/template-functions-general.php,v
retrieving revision 1.56
retrieving revision 1.57
diff -C2 -d -r1.56 -r1.57
*** template-functions-general.php	18 Oct 2004 23:52:36 -0000	1.56
--- template-functions-general.php	12 Dec 2004 20:41:18 -0000	1.57
***************
*** 236,240 ****
  function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
  	$text = wptexturize($text);
!     $title_text = htmlspecialchars($text, ENT_QUOTES);
  
  	if ('link' == $format) {
--- 236,240 ----
  function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
  	$text = wptexturize($text);
!     $title_text = wp_specialchars($text, 1);
  
  	if ('link' == $format) {

Index: template-functions-category.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/template-functions-category.php,v
retrieving revision 1.43
retrieving revision 1.44
diff -C2 -d -r1.43 -r1.44
*** template-functions-category.php	9 Dec 2004 01:30:34 -0000	1.43
--- template-functions-category.php	12 Dec 2004 20:41:18 -0000	1.44
***************
*** 357,363 ****
  			$link = '<a href="'.get_category_link(0, $category->cat_ID, $category->category_nicename).'" ';
  			if ($use_desc_for_title == 0 || empty($category->category_description)) {
! 				$link .= 'title="'. sprintf(__("View all posts filed under %s"), htmlspecialchars($category->cat_name)) . '"';
  			} else {
! 				$link .= 'title="' . htmlspecialchars($category->category_description) . '"';
  			}
  			$link .= '>';
--- 357,363 ----
  			$link = '<a href="'.get_category_link(0, $category->cat_ID, $category->category_nicename).'" ';
  			if ($use_desc_for_title == 0 || empty($category->category_description)) {
! 				$link .= 'title="'. sprintf(__("View all posts filed under %s"), wp_specialchars($category->cat_name)) . '"';
  			} else {
! 				$link .= 'title="' . wp_specialchars($category->category_description) . '"';
  			}
  			$link .= '>';

Index: template-functions-author.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/template-functions-author.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** template-functions-author.php	9 Dec 2004 02:40:35 -0000	1.12
--- template-functions-author.php	12 Dec 2004 20:41:18 -0000	1.13
***************
*** 73,77 ****
      global $id, $authordata;
  
!     echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars(the_author($idmode, false))) . '">' . the_author($idmode, false) . '</a>';
  }
  
--- 73,77 ----
      global $id, $authordata;
  
!     echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars(the_author($idmode, false))) . '">' . the_author($idmode, false) . '</a>';
  }
  
***************
*** 142,146 ****
              if (! $hide_empty) echo $name;
          } else {
!             $link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars($author->user_nickname)) . '">' . $name . '</a>';
  
              if ( (! empty($feed_image)) || (! empty($feed)) ) {
--- 142,146 ----
              if (! $hide_empty) echo $name;
          } else {
!             $link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars($author->user_nickname)) . '">' . $name . '</a>';
  
              if ( (! empty($feed_image)) || (! empty($feed)) ) {

Index: functions-formatting.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/functions-formatting.php,v
retrieving revision 1.48
retrieving revision 1.49
diff -C2 -d -r1.48 -r1.49
*** functions-formatting.php	9 Dec 2004 00:32:14 -0000	1.48
--- functions-formatting.php	12 Dec 2004 20:41:17 -0000	1.49
***************
*** 98,101 ****
--- 98,113 ----
  }
  
+ function wp_specialchars( $text, $quotes = 0 ) {
+ 	// Like htmlspecialchars except don't double-encode HTML entities
+ 	$text = preg_replace('/&([^#])(?![a-z12]{1,8};)/', '&#038;$1', $text);-
+ 	$text = str_replace('<', '&lt;', $text);
+ 	$text = str_replace('>', '&gt;', $text);
+ 	if ( $quotes ) {
+ 		$text = str_replace('"', '&quot;', $text);
+ 		$text = str_replace('"', '&#039;', $text);
+ 	}
+ 	return $text;
+ }
+ 
  function utf8_uri_encode( $utf8_string ) {
    $unicode = '';        

Index: template-functions-post.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/template-functions-post.php,v
retrieving revision 1.31
retrieving revision 1.32
diff -C2 -d -r1.31 -r1.32
*** template-functions-post.php	10 Oct 2004 18:02:29 -0000	1.31
--- template-functions-post.php	12 Dec 2004 20:41:19 -0000	1.32
***************
*** 70,74 ****
  	}
  	if ($encode_html == 1) {
! 		$content = htmlspecialchars($content);
  		$cut = 0;
  	} elseif ($encode_html == 0) {
--- 70,74 ----
  	}
  	if ($encode_html == 1) {
! 		$content = wp_specialchars($content);
  		$cut = 0;
  	} elseif ($encode_html == 0) {
***************
*** 147,151 ****
      }
      if ($encode_html == 1) {
!         $output = htmlspecialchars($output);
          $cut = 0;
      } elseif ($encode_html == 0) {
--- 147,151 ----
      }
      if ($encode_html == 1) {
!         $output = wp_specialchars($output);
          $cut = 0;
      } elseif ($encode_html == 0) {
***************
*** 335,339 ****
  		$title = apply_filters('the_title', $page->post_title);
  
! 		echo '<a href="' . get_page_link($page->ID) . '" title="' . htmlspecialchars($title) . '">' . $title . '</a>';
  		echo '</li>';
  	}
--- 335,339 ----
  		$title = apply_filters('the_title', $page->post_title);
  
! 		echo '<a href="' . get_page_link($page->ID) . '" title="' . wp_specialchars($title) . '">' . $title . '</a>';
  		echo '</li>';
  	}

Index: classes.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/classes.php,v
retrieving revision 1.29
retrieving revision 1.30
diff -C2 -d -r1.29 -r1.30
*** classes.php	9 Dec 2004 02:40:35 -0000	1.29
--- classes.php	12 Dec 2004 20:41:17 -0000	1.30
***************
*** 58,61 ****
--- 58,62 ----
  		$this->query = $query;
  		$this->query_vars = $qv;
+ 		$qv['m'] =  (int) $qv['m'];
  
  		if ('' != $qv['name']) {
***************
*** 72,91 ****
  		}
  
! 		if ('' != $qv['second']) {
  			$this->is_time = true;
  			$this->is_date = true;
  		}
  
! 		if ('' != $qv['minute']) {
  			$this->is_time = true;
  			$this->is_date = true;
  		}
  
! 		if ('' != $qv['hour']) {
  			$this->is_time = true;
! 	    $this->is_date = true;
  		}
  
! 		if ('' != $qv['day']) {
  			if (! $this->is_date) {
  				$this->is_day = true;
--- 73,92 ----
  		}
  
! 		if ( (int) $qv['second']) {
  			$this->is_time = true;
  			$this->is_date = true;
  		}
  
! 		if ( (int) $qv['minute']) {
  			$this->is_time = true;
  			$this->is_date = true;
  		}
  
! 		if ( (int) $qv['hour']) {
  			$this->is_time = true;
! 			$this->is_date = true;
  		}
  
! 		if ( (int) $qv['day']) {
  			if (! $this->is_date) {
  				$this->is_day = true;
***************
*** 94,98 ****
  		}
  
! 		if ('' != $qv['monthnum']) {
  			if (! $this->is_date) {
  				$this->is_month = true;
--- 95,99 ----
  		}
  
! 		if ( (int)  $qv['monthnum']) {
  			if (! $this->is_date) {
  				$this->is_month = true;
***************
*** 101,105 ****
  		}
  
! 		if ('' != $qv['year']) {
  			if (! $this->is_date) {
  				$this->is_year = true;
--- 102,106 ----
  		}
  
! 		if ( (int)  $qv['year']) {
  			if (! $this->is_date) {
  				$this->is_year = true;
***************
*** 108,123 ****
  		}
  
! 		if ('' != $qv['m']) {
  			$this->is_date = true;
- 
  			if (strlen($qv['m']) > 9) {
! 	      $this->is_time = true;
! 	    } else if (strlen($qv['m']) > 7) {
! 	      $this->is_day = true;
! 	    } else if (strlen($qv['m']) > 5) {
! 	      $this->is_month = true;
! 	    } else {
! 	      $this->is_year = true;
! 	    }
  		}
  
--- 109,123 ----
  		}
  
! 		if ( (int)  $qv['m']) {
  			$this->is_date = true;
  			if (strlen($qv['m']) > 9) {
! 				$this->is_time = true;
! 			} else if (strlen($qv['m']) > 7) {
! 				$this->is_day = true;
! 			} else if (strlen($qv['m']) > 5) {
! 				$this->is_month = true;
! 			} else {
! 				$this->is_year = true;
! 			}
  		}
  
***************
*** 233,237 ****
  
  		// If a month is specified in the querystring, load that month
! 		if ('' != $q['m']) {
  			$q['m'] = '' . preg_replace('|[^0-9]|', '', $q['m']);
  			$where .= ' AND YEAR(post_date)=' . substr($q['m'], 0, 4);
--- 233,237 ----
  
  		// If a month is specified in the querystring, load that month
! 		if ( (int) $q['m'] ) {
  			$q['m'] = '' . preg_replace('|[^0-9]|', '', $q['m']);
  			$where .= ' AND YEAR(post_date)=' . substr($q['m'], 0, 4);
***************
*** 248,277 ****
  		}
  
! 		if ('' != $q['hour']) {
  			$q['hour'] = '' . intval($q['hour']);
  			$where .= " AND HOUR(post_date)='" . $q['hour'] . "'";
  		}
  
! 		if ('' != $q['minute']) {
  			$q['minute'] = '' . intval($q['minute']);
  			$where .= " AND MINUTE(post_date)='" . $q['minute'] . "'";
  		}
  
! 		if ('' != $q['second']) {
  			$q['second'] = '' . intval($q['second']);
  			$where .= " AND SECOND(post_date)='" . $q['second'] . "'";
  		}
  
! 		if ('' != $q['year']) {
  			$q['year'] = '' . intval($q['year']);
  			$where .= " AND YEAR(post_date)='" . $q['year'] . "'";
  		}
  
! 		if ('' != $q['monthnum']) {
  			$q['monthnum'] = '' . intval($q['monthnum']);
  			$where .= " AND MONTH(post_date)='" . $q['monthnum'] . "'";
  		}
  
! 		if ('' != $q['day']) {
  			$q['day'] = '' . intval($q['day']);
  			$where .= " AND DAYOFMONTH(post_date)='" . $q['day'] . "'";
--- 248,277 ----
  		}
  
! 		if ( (int) $q['hour'] ) {
  			$q['hour'] = '' . intval($q['hour']);
  			$where .= " AND HOUR(post_date)='" . $q['hour'] . "'";
  		}
  
! 		if ( (int) $q['minute'] ) {
  			$q['minute'] = '' . intval($q['minute']);
  			$where .= " AND MINUTE(post_date)='" . $q['minute'] . "'";
  		}
  
! 		if ( (int) $q['second'] ) {
  			$q['second'] = '' . intval($q['second']);
  			$where .= " AND SECOND(post_date)='" . $q['second'] . "'";
  		}
  
! 		if ( (int) $q['year'] ) {
  			$q['year'] = '' . intval($q['year']);
  			$where .= " AND YEAR(post_date)='" . $q['year'] . "'";
  		}
  
! 		if ( (int) $q['monthnum'] ) {
  			$q['monthnum'] = '' . intval($q['monthnum']);
  			$where .= " AND MONTH(post_date)='" . $q['monthnum'] . "'";
  		}
  
! 		if ( (int) $q['day'] ) {
  			$q['day'] = '' . intval($q['day']);
  			$where .= " AND DAYOFMONTH(post_date)='" . $q['day'] . "'";
***************
*** 288,292 ****
  
  
! 		if ('' != $q['w']) {
  			$q['w'] = ''.intval($q['w']);
  			$where .= " AND WEEK(post_date, 1)='" . $q['w'] . "'";
--- 288,292 ----
  
  
! 		if ( (int) $q['w'] ) {
  			$q['w'] = ''.intval($q['w']);
  			$where .= " AND WEEK(post_date, 1)='" . $q['w'] . "'";
***************
*** 295,300 ****
  		// If a post number is specified, load that post
  		if (($q['p'] != '') && ($q['p'] != 'all')) {
! 			$q['p'] = intval($q['p']);
! 			$where = ' AND ID = '.$q['p'];
  		}
  
--- 295,300 ----
  		// If a post number is specified, load that post
  		if (($q['p'] != '') && ($q['p'] != 'all')) {
! 			$q['p'] =  (int) $q['p'];
! 			$where = ' AND ID = ' . $q['p'];
  		}
  

Index: functions-post.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/functions-post.php,v
retrieving revision 1.18
retrieving revision 1.19
diff -C2 -d -r1.18 -r1.19
*** functions-post.php	8 Dec 2004 02:35:53 -0000	1.18
--- functions-post.php	12 Dec 2004 20:41:17 -0000	1.19
***************
*** 390,399 ****
  
  	$comment_author = strip_tags($comment_author);
! 	$comment_author = htmlspecialchars($comment_author);
  
  	$comment_author_email = preg_replace('/[^a-z+_. at -]/i', '', $comment_author_email);
  
  	$comment_author_url = strip_tags($comment_author_url);
! 	$comment_author_url = htmlspecialchars($comment_author_url);
  
  	$comment_content = apply_filters('comment_content_presave', $comment_content);
--- 390,399 ----
  
  	$comment_author = strip_tags($comment_author);
! 	$comment_author = wp_specialchars($comment_author);
  
  	$comment_author_email = preg_replace('/[^a-z+_. at -]/i', '', $comment_author_email);
  
  	$comment_author_url = strip_tags($comment_author_url);
! 	$comment_author_url = wp_specialchars($comment_author_url);
  
  	$comment_content = apply_filters('comment_content_presave', $comment_content);

Index: template-functions-comment.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/template-functions-comment.php,v
retrieving revision 1.35
retrieving revision 1.36
diff -C2 -d -r1.35 -r1.36
*** template-functions-comment.php	17 Nov 2004 03:45:49 -0000	1.35
--- template-functions-comment.php	12 Dec 2004 20:41:18 -0000	1.36
***************
*** 283,287 ****
  		echo 'Anonymous';
  	} else {
! 		echo htmlspecialchars(apply_filters('comment_author', $comment->comment_author));
  	}
  }
--- 283,287 ----
  		echo 'Anonymous';
  	} else {
! 		echo wp_specialchars(apply_filters('comment_author', $comment->comment_author));
  	}
  }
***************
*** 293,297 ****
  	$comment_text = apply_filters('comment_text', $comment_text);
  	$comment_text = strip_tags($comment_text);
! 	$comment_text = htmlspecialchars($comment_text);
  	echo $comment_text;
  }
--- 293,297 ----
  	$comment_text = apply_filters('comment_text', $comment_text);
  	$comment_text = strip_tags($comment_text);
! 	$comment_text = wp_specialchars($comment_text);
  	echo $comment_text;
  }