[wp-cvs] wordpress/wp-includes functions.php,1.101.4.1,1.101.4.2

Ernest MacDougal Campbell III emc3 at users.sourceforge.net
Sat Oct 2 00:47:44 UTC 2004 

Update of /cvsroot/cafelog/wordpress/wp-includes
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12419/wp-includes

Modified Files:
      Tag: WordPress-Ver-1_2-Branch
	functions.php 
Log Message:
Security: Clean up user inputs before using.

Index: functions.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/functions.php,v
retrieving revision 1.101.4.1
retrieving revision 1.101.4.2
diff -C2 -d -r1.101.4.1 -r1.101.4.2
*** functions.php	27 May 2004 13:48:42 -0000	1.101.4.1
--- functions.php	2 Oct 2004 00:47:42 -0000	1.101.4.2
***************
*** 21,25 ****
  }
  
! function mysql2date($dateformatstring, $mysqlstring, $use_b2configmonthsdays = 1) {
  	global $month, $weekday;
  	$m = $mysqlstring;
--- 21,26 ----
  }
  
! // patch by Adriaan Tijsseling (http://kung-foo.tv): added an option to return the UTC string
! function mysql2date($dateformatstring, $mysqlstring, $use_b2configmonthsdays = 1, $utc=0) {
  	global $month, $weekday;
  	$m = $mysqlstring;
***************
*** 28,31 ****
--- 29,36 ----
  	}
  	$i = mktime(substr($m,11,2),substr($m,14,2),substr($m,17,2),substr($m,5,2),substr($m,8,2),substr($m,0,4)); 
+ 	if ( $utc )
+ 	{
+         $i -= get_settings('gmt_offset') * 3600;
+ 	}
  	if (!empty($month) && !empty($weekday) && $use_b2configmonthsdays) {
  		$datemonth = $month[date('m', $i)];
***************
*** 43,46 ****
--- 48,53 ----
  	//	echo $i." ".$mysqlstring;
  	}
+ 	if ( $utc )
+ 	   return $j . 'Z';
  	return $j;
  }
***************
*** 1350,1353 ****
--- 1357,1361 ----
  
  		$pattern = "#$word#i";
+ 
  		if ( preg_match($pattern, $author) ) return false;
  		if ( preg_match($pattern, $email) ) return false;
***************
*** 1364,1366 ****
  }
  
! ?>
\ No newline at end of file
--- 1372,1382 ----
  }
  
! // Borrowed from the PHP Manual user notes. Convert entities, while
! // preserving already-encoded entities:
! function htmlentities2($myHTML) {
! 	$translation_table=get_html_translation_table (HTML_ENTITIES,ENT_QUOTES);
! 	$translation_table[chr(38)] = '&';
! 	return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&" , strtr($myHTML, $translation_table));
! }
! 
! ?>

More information about the cvs mailing list