mirror of
https://github.com/WordPress/WordPress.git
synced 2024-06-22 21:04:57 +02:00
More clean_url and int casts for 2.0.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
bb07c58477
commit
a7903d9eeb
|
@ -289,7 +289,7 @@ function get_default_post_to_edit() {
|
|||
else if ( !empty($post_title) ) {
|
||||
$text = wp_specialchars(stripslashes(urldecode($_REQUEST['text'])));
|
||||
$text = funky_javascript_fix($text);
|
||||
$popupurl = attribute_escape(stripslashes($_REQUEST['popupurl']));
|
||||
$popupurl = clean_url(stripslashes($_REQUEST['popupurl']));
|
||||
$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
|
||||
}
|
||||
|
||||
|
@ -339,7 +339,7 @@ function get_user_to_edit($user_id) {
|
|||
$user = new WP_User($user_id);
|
||||
$user->user_login = attribute_escape($user->user_login);
|
||||
$user->user_email = attribute_escape($user->user_email);
|
||||
$user->user_url = attribute_escape($user->user_url);
|
||||
$user->user_url = clean_url($user->user_url);
|
||||
$user->first_name = attribute_escape($user->first_name);
|
||||
$user->last_name = attribute_escape($user->last_name);
|
||||
$user->display_name = attribute_escape($user->display_name);
|
||||
|
@ -363,7 +363,7 @@ function edit_user($user_id = 0) {
|
|||
|
||||
if ($user_id != 0) {
|
||||
$update = true;
|
||||
$user->ID = $user_id;
|
||||
$user->ID = (int) $user_id;
|
||||
$userdata = get_userdata($user_id);
|
||||
$user->user_login = $wpdb->escape($userdata->user_login);
|
||||
} else {
|
||||
|
@ -388,7 +388,7 @@ function edit_user($user_id = 0) {
|
|||
if (isset ($_POST['email']))
|
||||
$user->user_email = wp_specialchars(trim($_POST['email']));
|
||||
if (isset ($_POST['url'])) {
|
||||
$user->user_url = wp_specialchars(trim($_POST['url']));
|
||||
$user->user_url = clean_url(trim($_POST['url']));
|
||||
$user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
|
||||
}
|
||||
if (isset ($_POST['first_name']))
|
||||
|
@ -866,8 +866,8 @@ function list_meta($meta) {
|
|||
<tr class='$style'>
|
||||
<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>
|
||||
<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>
|
||||
<td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".__('Update')."' /><br />
|
||||
<input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='".__('Delete')."' /></td>
|
||||
<td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".attribute_escape(__('Update'))."' /><br />
|
||||
<input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='".attribute_escape(__('Delete'))."' /></td>
|
||||
</tr>
|
||||
";
|
||||
}
|
||||
|
@ -931,6 +931,7 @@ function meta_form() {
|
|||
|
||||
function add_meta($post_ID) {
|
||||
global $wpdb;
|
||||
$post_ID = (int) $post_ID;
|
||||
|
||||
$metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
|
||||
$metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
|
||||
|
@ -957,6 +958,7 @@ function add_meta($post_ID) {
|
|||
|
||||
function delete_meta($mid) {
|
||||
global $wpdb;
|
||||
$mid = (int) $mid;
|
||||
|
||||
$result = $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'");
|
||||
}
|
||||
|
|
|
@ -770,6 +770,7 @@ function &get_category(&$category, $output = OBJECT) {
|
|||
wp_cache_add($category->cat_ID, $category, 'category');
|
||||
$_category = $category;
|
||||
} else {
|
||||
$category = (int) $category;
|
||||
if ( ! $_category = wp_cache_get($category, 'category') ) {
|
||||
$_category = $wpdb->get_row("SELECT * FROM $wpdb->categories WHERE cat_ID = '$category' LIMIT 1");
|
||||
wp_cache_add($category, $_category, 'category');
|
||||
|
@ -807,6 +808,7 @@ function &get_comment(&$comment, $output = OBJECT) {
|
|||
$comment_cache[$comment->comment_ID] = &$comment;
|
||||
$_comment = & $comment_cache[$comment->comment_ID];
|
||||
} else {
|
||||
$comment = (int) $comment;
|
||||
if ( !isset($comment_cache[$comment]) ) {
|
||||
$_comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment' LIMIT 1");
|
||||
$comment_cache[$comment->comment_ID] = & $_comment;
|
||||
|
|
Loading…
Reference in New Issue
Block a user