[wp-cvs] wordpress/wp-admin bookmarklet.php, 1.9.4.2,
1.9.4.3 categories.php, 1.28.4.2, 1.28.4.3 edit-comments.php,
1.23.4.1, 1.23.4.2 edit-form-advanced.php, 1.24,
1.24.4.1 edit-form.php, 1.22, 1.22.4.1 edit.php, 1.21.4.2,
1.21.4.3 link-add.php, 1.11, 1.11.4.1 link-categories.php, 1.8,
1.8.4.1 link-manager.php, 1.23.4.2, 1.23.4.3 templates.php,
1.18, 1.18.4.1 upload.php, 1.14.4.4, 1.14.4.5 users.php, 1.26,
1.26.4.1
Matthew Mullenweg
saxmatt at users.sourceforge.net
Wed Dec 15 19:41:52 UTC 2004
Update of /cvsroot/cafelog/wordpress/wp-admin
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12021/wp-admin
Modified Files:
Tag: WordPress-Ver-1_2-Branch
bookmarklet.php categories.php edit-comments.php
edit-form-advanced.php edit-form.php edit.php link-add.php
link-categories.php link-manager.php templates.php upload.php
users.php
Log Message:
Backport the encoding fixes and name cleanups.
Index: link-add.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/link-add.php,v
retrieving revision 1.11
retrieving revision 1.11.4.1
diff -C2 -d -r1.11 -r1.11.4.1
*** link-add.php 28 Apr 2004 05:34:50 -0000 1.11
--- link-add.php 15 Dec 2004 19:41:49 -0000 1.11.4.1
***************
*** 57,62 ****
}
}
! $link_url = stripslashes($_GET['linkurl']);
! $link_name = htmlentities(stripslashes(urldecode($_GET['name'])));
--- 57,62 ----
}
}
! $link_url = wp_specialchars(stripslashes($_GET['linkurl']), 1);
! $link_name = wp_specialchars(stripslashes(urldecode($_GET['name'])), 1);
***************
*** 84,92 ****
<tr>
<th width="33%" scope="row"><?php _e('URI:') ?></th>
! <td width="67%"><input type="text" name="linkurl" value="<?php echo $_GET['linkurl']; ?>" style="width: 95%; /"></td>
</tr>
<tr>
<th scope="row"><?php _e('Link Name:') ?></th>
! <td><input type="text" name="name" value="<?php echo urldecode($_GET['name']); ?>" style="width: 95%" /></td>
</tr>
<tr>
--- 84,92 ----
<tr>
<th width="33%" scope="row"><?php _e('URI:') ?></th>
! <td width="67%"><input type="text" name="linkurl" value="<?php echo $link_url; ?>" style="width: 95%; /"></td>
</tr>
<tr>
<th scope="row"><?php _e('Link Name:') ?></th>
! <td><input type="text" name="name" value="<?php echo $link_name; ?>" style="width: 95%" /></td>
</tr>
<tr>
Index: upload.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/upload.php,v
retrieving revision 1.14.4.4
retrieving revision 1.14.4.5
diff -C2 -d -r1.14.4.4 -r1.14.4.5
*** upload.php 18 Nov 2004 23:29:01 -0000 1.14.4.4
--- upload.php 15 Dec 2004 19:41:49 -0000 1.14.4.5
***************
*** 87,90 ****
--- 87,91 ----
$img1_name = (strlen($imgalt)) ? $imgalt : basename( $_FILES['img1']['name'] );
+ $img1_name = preg_replace('/[^a-z0-9.]/i', '', strtolower($img1_name));
$img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $_FILES['img1']['type'];
$imgdesc = htmlentities2($imgdesc);
Index: edit-form.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/edit-form.php,v
retrieving revision 1.22
retrieving revision 1.22.4.1
diff -C2 -d -r1.22 -r1.22.4.1
*** edit-form.php 9 May 2004 05:44:10 -0000 1.22
--- edit-form.php 15 Dec 2004 19:41:49 -0000 1.22.4.1
***************
*** 98,102 ****
echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' . __('Advanced Editing »') . '" />';
} ?>
! <input name="referredby" type="hidden" id="referredby" value="<?php if (isset($_SERVER['HTTP_REFERER'])) echo $_SERVER['HTTP_REFERER']; ?>" />
</p>
--- 98,102 ----
echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' . __('Advanced Editing »') . '" />';
} ?>
! <input name="referredby" type="hidden" id="referredby" value="<?php if (isset($_SERVER['HTTP_REFERER'])) echo wp_specialchars($_SERVER['HTTP_REFERER'],1 ); ?>" />
</p>
Index: users.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/users.php,v
retrieving revision 1.26
retrieving revision 1.26.4.1
diff -C2 -d -r1.26 -r1.26.4.1
*** users.php 18 May 2004 03:58:05 -0000 1.26
--- users.php 15 Dec 2004 19:41:49 -0000 1.26.4.1
***************
*** 32,41 ****
}
! $user_login = $_POST['user_login'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
! $user_email = $_POST['email'];
! $user_firstname = $_POST['firstname'];
! $user_lastname = $_POST['lastname'];
/* checking login has been typed */
--- 32,41 ----
}
! $user_login = wp_specialchars($_POST['user_login']);
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
! $user_email = wp_specialchars($_POST['email']);
! $user_firstname = wp_specialchars($_POST['firstname']);
! $user_lastname = wp_specialchars($_POST['lastname']);
/* checking login has been typed */
Index: link-categories.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/link-categories.php,v
retrieving revision 1.8
retrieving revision 1.8.4.1
diff -C2 -d -r1.8 -r1.8.4.1
*** link-categories.php 25 Apr 2004 23:49:45 -0000 1.8
--- link-categories.php 15 Dec 2004 19:41:49 -0000 1.8.4.1
***************
*** 32,36 ****
die (__("Cheatin' uh ?"));
! $cat_name = addslashes($_POST['cat_name']);
$auto_toggle = $_POST['auto_toggle'];
if ($auto_toggle != 'Y') {
--- 32,36 ----
die (__("Cheatin' uh ?"));
! $cat_name = wp_specialchars(addslashes($_POST['cat_name']));
$auto_toggle = $_POST['auto_toggle'];
if ($auto_toggle != 'Y') {
***************
*** 86,90 ****
include_once('admin-header.php');
! $cat_id = $_GET['cat_id'];
$cat_name=get_linkcatname($cat_id);
$cat_name=addslashes($cat_name);
--- 86,90 ----
include_once('admin-header.php');
! $cat_id = (int) $_GET['cat_id'];
$cat_name=get_linkcatname($cat_id);
$cat_name=addslashes($cat_name);
***************
*** 105,109 ****
{
include_once ('admin-header.php');
! $cat_id = $_GET['cat_id'];
$row = $wpdb->get_row("SELECT cat_id, cat_name, auto_toggle, show_images, show_description, "
. " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
--- 105,109 ----
{
include_once ('admin-header.php');
! $cat_id = (int) $_GET['cat_id'];
$row = $wpdb->get_row("SELECT cat_id, cat_name, auto_toggle, show_images, show_description, "
. " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
***************
*** 123,131 ****
<div class="wrap">
! <h2>Edit “<?php echo $row->cat_name?>” Category </h2>
<form name="editcat" method="post">
<input type="hidden" name="action" value="editedcat" />
! <input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" />
<fieldset class="options">
<legend><?php _e('Category Options') ?></legend>
--- 123,131 ----
<div class="wrap">
! <h2>Edit “<?php echo wp_specialchars($row->cat_name); ?>” Category </h2>
<form name="editcat" method="post">
<input type="hidden" name="action" value="editedcat" />
! <input type="hidden" name="cat_id" value="<?php echo (int) $row->cat_id ?>" />
<fieldset class="options">
<legend><?php _e('Category Options') ?></legend>
***************
*** 133,137 ****
<tr>
<th width="33%" scope="row"><?php _e('Name:') ?></th>
! <td width="67%"><input name="cat_name" type="text" value="<?php echo stripslashes($row->cat_name)?>" size="30" /></td>
</tr>
<tr>
--- 133,137 ----
<tr>
<th width="33%" scope="row"><?php _e('Name:') ?></th>
! <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars(stripslashes($row->cat_name), 1)?>" size="30" /></td>
</tr>
<tr>
***************
*** 222,228 ****
if (isset($submit)) {
! $cat_id=$_POST["cat_id"];
! $cat_name=addslashes(stripslashes($_POST["cat_name"]));
$auto_toggle = $_POST["auto_toggle"];
if ($auto_toggle != 'Y') {
--- 222,228 ----
if (isset($submit)) {
! $cat_id= (int) $_POST["cat_id"];
! $cat_name= wp_specialchars(addslashes(stripslashes($_POST["cat_name"])));
$auto_toggle = $_POST["auto_toggle"];
if ($auto_toggle != 'Y') {
***************
*** 334,338 ****
?>
<tr valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;">
! <td><?php echo stripslashes($row->cat_name)?></td>
<td ><?php echo $row->cat_id?></td>
<td><?php echo $row->auto_toggle?></td>
--- 334,338 ----
?>
<tr valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;">
! <td><?php echo wp_specialchars(stripslashes($row->cat_name))?></td>
<td ><?php echo $row->cat_id?></td>
<td><?php echo $row->auto_toggle?></td>
Index: bookmarklet.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/bookmarklet.php,v
retrieving revision 1.9.4.2
retrieving revision 1.9.4.3
diff -C2 -d -r1.9.4.2 -r1.9.4.3
*** bookmarklet.php 12 Oct 2004 21:11:34 -0000 1.9.4.2
--- bookmarklet.php 15 Dec 2004 19:41:48 -0000 1.9.4.3
***************
*** 27,32 ****
} else {
! $popuptitle = htmlspecialchars(stripslashes($popuptitle));
! $text = htmlspecialchars(stripslashes($text));
/* big funky fixes for browsers' javascript bugs */
--- 27,32 ----
} else {
! $popuptitle = wp_specialchars(stripslashes($popuptitle));
! $text = wp_specialchars(stripslashes($text));
/* big funky fixes for browsers' javascript bugs */
***************
*** 47,55 ****
}
! $post_title = $_REQUEST['post_title'];
if (!empty($post_title)) {
! $post_title = stripslashes($post_title);
} else {
! $post_title = $popuptitle;
}
// I'm not sure why we're using $edited_post_title in the edit-form.php, but we are
--- 47,55 ----
}
! $post_title = wp_specialchars($_REQUEST['post_title']);
if (!empty($post_title)) {
! $post_title = wp_specialchars(stripslashes($post_title));
} else {
! $post_title = wp_specialchars($popuptitle);
}
// I'm not sure why we're using $edited_post_title in the edit-form.php, but we are
***************
*** 57,67 ****
// the var instead of changing the assignment on the lines above.
// -- Alex King 2004-01-07
! $edited_post_title = htmlspecialchars($post_title);
! $content = $_REQUEST['content'];
if (!empty($content)) {
$content = stripslashes($content);
} else {
! $content = '<a href="'.$popupurl.'">'.$popuptitle.'</a>'."\n$text";
}
--- 57,67 ----
// the var instead of changing the assignment on the lines above.
// -- Alex King 2004-01-07
! $edited_post_title = wp_specialchars($post_title);
! $content = wp_specialchars($_REQUEST['content']);
if (!empty($content)) {
$content = stripslashes($content);
} else {
! $content = '<a href="'.wp_specialchars($popupurl).'">'.wp_specialchars($popuptitle).'</a>'."\n$text";
}
Index: categories.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/categories.php,v
retrieving revision 1.28.4.2
retrieving revision 1.28.4.3
diff -C2 -d -r1.28.4.2 -r1.28.4.3
*** categories.php 12 Oct 2004 21:11:34 -0000 1.28.4.2
--- categories.php 15 Dec 2004 19:41:48 -0000 1.28.4.3
***************
*** 47,51 ****
die (__('Cheatin’ uh?'));
! $cat_name= addslashes(stripslashes(stripslashes($_POST['cat_name'])));
$category_nicename = sanitize_title($cat_name);
$category_description = addslashes(stripslashes(stripslashes($_POST['category_description'])));
--- 47,51 ----
die (__('Cheatin’ uh?'));
! $cat_name= wp_specialchars(addslashes(stripslashes(stripslashes($_POST['cat_name']))));
$category_nicename = sanitize_title($cat_name);
$category_description = addslashes(stripslashes(stripslashes($_POST['category_description'])));
***************
*** 67,71 ****
$cat_ID = intval($_GET["cat_ID"]);
$cat_name = get_catname($cat_ID);
! $cat_name = addslashes($cat_name);
$category = $wpdb->get_row("SELECT * FROM $tablecategories WHERE cat_ID = '$cat_ID'");
$cat_parent = $category->category_parent;
--- 67,71 ----
$cat_ID = intval($_GET["cat_ID"]);
$cat_name = get_catname($cat_ID);
! $cat_name = wp_specialchars(addslashes($cat_name));
$category = $wpdb->get_row("SELECT * FROM $tablecategories WHERE cat_ID = '$cat_ID'");
$cat_parent = $category->category_parent;
***************
*** 90,94 ****
$cat_ID = intval($_GET['cat_ID']);
$category = $wpdb->get_row("SELECT * FROM $tablecategories WHERE cat_ID = '$cat_ID'");
! $cat_name = stripslashes($category->cat_name);
?>
--- 90,94 ----
$cat_ID = intval($_GET['cat_ID']);
$category = $wpdb->get_row("SELECT * FROM $tablecategories WHERE cat_ID = '$cat_ID'");
! $cat_name = wp_specialchars(stripslashes($category->cat_name));
?>
***************
*** 97,103 ****
<form name="editcat" action="categories.php" method="post">
<input type="hidden" name="action" value="editedcat" />
! <input type="hidden" name="cat_ID" value="<?php echo $cat_ID ?>" />
<p><?php _e('Category name:') ?><br />
! <input type="text" name="cat_name" value="<?php echo $cat_name; ?>" /></p>
<p><?php _e('Category parent:') ?><br />
<select name='cat' class='postform'>
--- 97,103 ----
<form name="editcat" action="categories.php" method="post">
<input type="hidden" name="action" value="editedcat" />
! <input type="hidden" name="cat_ID" value="<?php echo (int) $cat_ID ?>" />
<p><?php _e('Category name:') ?><br />
! <input type="text" name="cat_name" value="<?php echo wp_specialchars($cat_name, 1); ?>" /></p>
<p><?php _e('Category parent:') ?><br />
<select name='cat' class='postform'>
Index: link-manager.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/link-manager.php,v
retrieving revision 1.23.4.2
retrieving revision 1.23.4.3
diff -C2 -d -r1.23.4.2 -r1.23.4.3
*** link-manager.php 5 Oct 2004 22:39:06 -0000 1.23.4.2
--- link-manager.php 15 Dec 2004 19:41:49 -0000 1.23.4.3
***************
*** 185,193 ****
check_admin_referer();
! $link_url = $_POST['linkurl'];
! $link_name = $_POST['name'];
! $link_image = $_POST['image'];
! $link_target = $_POST['target'];
! $link_category = $_POST['category'];
$link_description = $_POST['description'];
$link_visible = $_POST['visible'];
--- 185,194 ----
check_admin_referer();
! $link_url = wp_specialchars($_POST['linkurl']);
! $link_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $link_url) ? $link_url : 'http://' . $link_url;
! $link_name = wp_specialchars($_POST['name']);
! $link_image = wp_specialchars($_POST['image']);
! $link_target = $_POST['target'];
! $link_category = $_POST['category'];
$link_description = $_POST['description'];
$link_visible = $_POST['visible'];
***************
*** 195,199 ****
$link_rel = $_POST['rel'];
$link_notes = $_POST['notes'];
! $link_rss_uri = $_POST['rss_uri'];
$auto_toggle = get_autotoggle($link_category);
--- 196,200 ----
$link_rel = $_POST['rel'];
$link_notes = $_POST['notes'];
! $link_rss_uri = wp_specialchars($_POST['rss_uri']);
$auto_toggle = get_autotoggle($link_category);
***************
*** 234,244 ****
check_admin_referer();
! $link_id = $_POST['link_id'];
! $link_url = $_POST['linkurl'];
! $link_name = $_POST['name'];
! $link_image = $_POST['image'];
! $link_target = $_POST['target'];
! $link_category = $_POST['category'];
! $link_description = $_POST['description'];
$link_visible = $_POST['visible'];
$link_rating = $_POST['rating'];
--- 235,246 ----
check_admin_referer();
! $link_id = (int) $_POST['link_id'];
! $link_url = wp_specialchars($_POST['linkurl']);
! $link_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $link_url) ? $link_url : 'http://' . $link_url;
! $link_name = wp_specialchars($_POST['name']);
! $link_image = wp_specialchars($_POST['image']);
! $link_target = wp_specialchars($_POST['target']);
! $link_category = $_POST['category'];
! $link_description = $_POST['description'];
$link_visible = $_POST['visible'];
$link_rating = $_POST['rating'];
***************
*** 279,283 ****
check_admin_referer();
! $link_id = $_GET["link_id"];
if ($user_level < get_settings('links_minadminlevel'))
--- 281,285 ----
check_admin_referer();
! $link_id = (int) $_GET["link_id"];
if ($user_level < get_settings('links_minadminlevel'))
***************
*** 308,328 ****
}
! $row = $wpdb->get_row("SELECT *
! FROM $tablelinks
! WHERE link_id = $link_id");
!
! if ($row) {
! $link_url = stripslashes($row->link_url);
! $link_name = stripslashes($row->link_name);
! $link_image = $row->link_image;
! $link_target = $row->link_target;
! $link_category = $row->link_category;
! $link_description = stripslashes($row->link_description);
! $link_visible = $row->link_visible;
! $link_rating = $row->link_rating;
! $link_rel = stripslashes($row->link_rel);
! $link_notes = stripslashes($row->link_notes);
! $link_rss_uri = $row->link_rss;
! }
?>
--- 310,331 ----
}
! $link_id = (int) $_GET['link_id'];
! $row = $wpdb->get_row("SELECT * FROM $wpdb->links WHERE link_id = $link_id");
!
! if ($row) {
! $link_url = wp_specialchars($row->link_url, 1);
! $link_name = wp_specialchars($row->link_name, 1);
! $link_image = $row->link_image;
! $link_target = $row->link_target;
! $link_category = $row->link_category;
! $link_description = wp_specialchars($row->link_description);
! $link_visible = $row->link_visible;
! $link_rating = $row->link_rating;
! $link_rel = $row->link_rel;
! $link_notes = wp_specialchars($row->link_notes);
! $link_rss_uri = wp_specialchars($row->link_rss);
! } else {
! die( __('Link not found.') );
! }
?>
***************
*** 516,522 ****
<p class="submit"><input type="submit" name="submit" value="<?php _e('Save Changes »') ?>" />
<input type="hidden" name="action" value="editlink" />
! <input type="hidden" name="link_id" value="<?php echo $link_id; ?>" />
! <input type="hidden" name="order_by" value="<?php echo $order_by ?>" />
! <input type="hidden" name="cat_id" value="<?php echo $cat_id ?>" /></p>
</form>
</div>
--- 519,525 ----
<p class="submit"><input type="submit" name="submit" value="<?php _e('Save Changes »') ?>" />
<input type="hidden" name="action" value="editlink" />
! <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
! <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1) ?>" />
! <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" /></p>
</form>
</div>
***************
*** 628,632 ****
if ($row->cat_id == $cat_id)
echo " selected='selected'";
! echo ">".$row->cat_id.": ".$row->cat_name;
if ($row->auto_toggle == 'Y')
echo ' (auto toggle)';
--- 631,635 ----
if ($row->cat_id == $cat_id)
echo " selected='selected'";
! echo ">".$row->cat_id.": ".wp_specialchars($row->cat_name);
if ($row->auto_toggle == 'Y')
echo ' (auto toggle)';
***************
*** 661,666 ****
<input type="hidden" name="link_id" value="" />
<input type="hidden" name="action" value="" />
! <input type="hidden" name="order_by" value="<?php echo $order_by ?>" />
! <input type="hidden" name="cat_id" value="<?php echo $cat_id ?>" />
<table width="100%" cellpadding="3" cellspacing="3">
<tr>
--- 664,669 ----
<input type="hidden" name="link_id" value="" />
<input type="hidden" name="action" value="" />
! <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by) ?>" />
! <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
<table width="100%" cellpadding="3" cellspacing="3">
<tr>
***************
*** 698,705 ****
$short_url = substr($short_url, 0, 32).'...';
! $link->link_name = stripslashes($link->link_name);
! $link->category = stripslashes($link->category);
! $link->link_rel = stripslashes($link->link_rel);
! $link->link_description = stripslashes($link->link_description);
$image = ($link->link_image != null) ? __('Yes') : __('No');
$visible = ($link->link_visible == 'Y') ? __('Yes') : __('No');
--- 701,708 ----
$short_url = substr($short_url, 0, 32).'...';
! $link->link_name = wp_specialchars(stripslashes($link->link_name));
! $link->category = wp_specialchars(stripslashes($link->category));
! $link->link_rel = wp_specialchars(stripslashes($link->link_rel));
! $link->link_description = wp_specialchars(stripslashes($link->link_description));
$image = ($link->link_image != null) ? __('Yes') : __('No');
$visible = ($link->link_visible == 'Y') ? __('Yes') : __('No');
Index: templates.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/templates.php,v
retrieving revision 1.18
retrieving revision 1.18.4.1
diff -C2 -d -r1.18 -r1.18.4.1
*** templates.php 7 May 2004 23:56:29 -0000 1.18
--- templates.php 15 Dec 2004 19:41:49 -0000 1.18.4.1
***************
*** 124,130 ****
?>
<form name="template" action="templates.php" method="post">
! <textarea cols="80" rows="21" style="width:98%; font-family: 'Courier New', Courier, monopace; font-size:small;" name="newcontent" tabindex="1"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
! <input type="hidden" name="file" value="<?php echo $file ?>" />
<p class="submit">
<?php
--- 124,130 ----
?>
<form name="template" action="templates.php" method="post">
! <textarea cols="80" rows="21" style="width:98%; font-family: 'Courier New', Courier, monopace; font-size:small;" name="newcontent" tabindex="1"><?php echo wp_specialchars($content) ?></textarea>
<input type="hidden" name="action" value="update" />
! <input type="hidden" name="file" value="<?php echo wp_specialchars($file, 1); ?>" />
<p class="submit">
<?php
Index: edit-form-advanced.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/edit-form-advanced.php,v
retrieving revision 1.24
retrieving revision 1.24.4.1
diff -C2 -d -r1.24 -r1.24.4.1
*** edit-form-advanced.php 14 May 2004 08:38:34 -0000 1.24
--- edit-form-advanced.php 15 Dec 2004 19:41:49 -0000 1.24.4.1
***************
*** 51,56 ****
<form name="post" action="post.php" method="post" id="post">
! <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
! <input type="hidden" name="action" value='<?php echo $form_action ?>' />
<?php echo $form_extra ?>
<?php if (isset($_GET['message']) && 2 > $_GET['message']) : ?>
--- 51,56 ----
<form name="post" action="post.php" method="post" id="post">
! <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
! <input type="hidden" name="action" value='<?php echo wp_specialchars($form_action, 1) ?>' />
<?php echo $form_extra ?>
<?php if (isset($_GET['message']) && 2 > $_GET['message']) : ?>
***************
*** 161,165 ****
}
?>
! <input name="referredby" type="hidden" id="referredby" value="<?php echo $_SERVER['HTTP_REFERER']; ?>" />
</p>
<?php
--- 161,165 ----
}
?>
! <input name="referredby" type="hidden" id="referredby" value="<?php echo wp_specialchars($_SERVER['HTTP_REFERER'], 1); ?>" />
</p>
<?php
Index: edit-comments.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/edit-comments.php,v
retrieving revision 1.23.4.1
retrieving revision 1.23.4.2
diff -C2 -d -r1.23.4.1 -r1.23.4.2
*** edit-comments.php 30 Nov 2004 19:25:25 -0000 1.23.4.1
--- edit-comments.php 15 Dec 2004 19:41:48 -0000 1.23.4.2
***************
*** 6,10 ****
require_once('admin-header.php');
if (empty($_GET['mode'])) $mode = 'view';
! else $mode = $_GET['mode'];
?>
<ul id="adminmenu2">
--- 6,10 ----
require_once('admin-header.php');
if (empty($_GET['mode'])) $mode = 'view';
! else $mode = wp_specialchars($_GET['mode'], 1);
?>
<ul id="adminmenu2">
***************
*** 32,36 ****
<fieldset>
<legend><?php _e('Show Comments That Contain...') ?></legend>
! <input type="text" name="s" value="<?php if (isset($s)) echo $s; ?>" size="17" />
<input type="submit" name="submit" value="<?php _e('Search') ?>" />
<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
--- 32,36 ----
<fieldset>
<legend><?php _e('Show Comments That Contain...') ?></legend>
! <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" />
<input type="submit" name="submit" value="<?php _e('Search') ?>" />
<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
Index: edit.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-admin/edit.php,v
retrieving revision 1.21.4.2
retrieving revision 1.21.4.3
diff -C2 -d -r1.21.4.2 -r1.21.4.3
*** edit.php 12 Oct 2004 21:11:34 -0000 1.21.4.2
--- edit.php 15 Dec 2004 19:41:49 -0000 1.21.4.3
***************
*** 39,42 ****
--- 39,43 ----
if( isset( $_GET['m'] ) )
{
+ $_GET['m'] = (int) $_GET['m'];
echo '<h2>' . $month[substr( $_GET['m'], 4, 2 )]." ".substr( $_GET['m'], 0, 4 )."</h2>";
}
***************
*** 70,74 ****
<fieldset>
<legend><?php _e('Show Posts That Contain...') ?></legend>
! <input type="text" name="s" value="<?php if (isset($s)) echo htmlspecialchars($s); ?>" size="17" />
<input type="submit" name="submit" value="<?php _e('Search') ?>" />
</fieldset>
--- 71,75 ----
<fieldset>
<legend><?php _e('Show Posts That Contain...') ?></legend>
! <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" />
<input type="submit" name="submit" value="<?php _e('Search') ?>" />
</fieldset>
More information about the cvs
mailing list