mirror of
https://github.com/WordPress/WordPress.git
synced 2024-09-28 07:07:38 +02:00
Make those chars feel special.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@4229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
95139ceac6
commit
abcbe47015
@ -266,23 +266,60 @@ function wp_insert_link($linkdata) {
|
||||
extract($linkdata);
|
||||
|
||||
$update = false;
|
||||
|
||||
if ( !empty($link_id) )
|
||||
$update = true;
|
||||
|
||||
if( trim( $link_name ) == '' )
|
||||
return 0;
|
||||
$link_name = apply_filters('pre_link_name', $link_name);
|
||||
|
||||
if( trim( $link_url ) == '' )
|
||||
return 0;
|
||||
$link_url = apply_filters('pre_link_url', $link_url);
|
||||
|
||||
if ( empty($link_rating) )
|
||||
$link_rating = 0;
|
||||
else
|
||||
$link_rating = (int) $link_rating;
|
||||
|
||||
if ( empty($link_image) )
|
||||
$link_image = '';
|
||||
$link_image = apply_filters('pre_link_image', $link_image);
|
||||
|
||||
if ( empty($link_target) )
|
||||
$link_target = '';
|
||||
$link_target = apply_filters('pre_link_target', $link_target);
|
||||
|
||||
if ( empty($link_visible) )
|
||||
$link_visible = 'Y';
|
||||
|
||||
$link_visibile = preg_replace('/[^YNyn]/', '', $link_visible);
|
||||
|
||||
if ( empty($link_owner) )
|
||||
$link_owner = $current_user->id;
|
||||
else
|
||||
$link_owner = (int) $link_owner;
|
||||
|
||||
if ( empty($link_notes) )
|
||||
$link_notes = '';
|
||||
$link_notes = apply_filters('pre_link_notes', $link_notes);
|
||||
|
||||
if ( empty($link_description) )
|
||||
$link_description = '';
|
||||
$link_description = apply_filters('pre_link_description', $link_description);
|
||||
|
||||
if ( empty($link_rss) )
|
||||
$link_rss = '';
|
||||
$link_rss = apply_filters('pre_link_rss', $link_rss);
|
||||
|
||||
if ( empty($link_rel) )
|
||||
$link_rel = '';
|
||||
$link_rel = apply_filters('pre_link_rel', $link_rel);
|
||||
|
||||
// Make sure we set a valid category
|
||||
if (0 == count($link_category) || !is_array($link_category)) {
|
||||
$link_category = array(get_option('default_link_category'));
|
||||
}
|
||||
|
||||
if ( $update ) {
|
||||
$wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
|
||||
|
@ -265,6 +265,8 @@ function get_post_to_edit($id) {
|
||||
$post->post_title = format_to_edit($post->post_title);
|
||||
$post->post_title = apply_filters('title_edit_pre', $post->post_title);
|
||||
|
||||
$post->post_password = format_to_edit($post->post_password);
|
||||
|
||||
if ($post->post_status == 'static')
|
||||
$post->page_template = get_post_meta($id, '_wp_page_template', true);
|
||||
|
||||
@ -333,6 +335,23 @@ function get_category_to_edit($id) {
|
||||
return $category;
|
||||
}
|
||||
|
||||
function get_user_to_edit($user_id) {
|
||||
$user = new WP_User($user_id);
|
||||
$user->user_login = wp_specialchars($user->user_login, 1);
|
||||
$user->user_email = wp_specialchars($user->user_email, 1);
|
||||
$user->user_url = wp_specialchars($user->user_url, 1);
|
||||
$user->first_name = wp_specialchars($user->first_name, 1);
|
||||
$user->last_name = wp_specialchars($user->last_name, 1);
|
||||
$user->display_name = wp_specialchars($user->display_name, 1);
|
||||
$user->nickname = wp_specialchars($user->nickname, 1);
|
||||
$user->aim = wp_specialchars($user->aim, 1);
|
||||
$user->yim = wp_specialchars($user->yim, 1);
|
||||
$user->jabber = wp_specialchars($user->jabber, 1);
|
||||
$user->description = wp_specialchars($user->description);
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
// Creates a new user from the "Users" form using $_POST information.
|
||||
|
||||
function add_user() {
|
||||
@ -447,13 +466,16 @@ function edit_user($user_id = 0) {
|
||||
|
||||
function get_link_to_edit($link_id) {
|
||||
$link = get_link($link_id);
|
||||
|
||||
|
||||
$link->link_url = wp_specialchars($link->link_url, 1);
|
||||
$link->link_name = wp_specialchars($link->link_name, 1);
|
||||
$link->link_description = wp_specialchars($link->link_description);
|
||||
$link->link_image = wp_specialchars($link->link_image, 1);
|
||||
$link->link_description = wp_specialchars($link->link_description, 1);
|
||||
$link->link_notes = wp_specialchars($link->link_notes);
|
||||
$link->link_rss = wp_specialchars($link->link_rss);
|
||||
|
||||
$link->link_rss = wp_specialchars($link->link_rss, 1);
|
||||
$link->link_rel = wp_specialchars($link->link_rel, 1);
|
||||
$link->post_category = $link->link_category;
|
||||
|
||||
return $link;
|
||||
}
|
||||
|
||||
@ -876,6 +898,7 @@ function meta_form() {
|
||||
<?php
|
||||
|
||||
foreach ($keys as $key) {
|
||||
$key = wp_specialchars($key, 1);
|
||||
echo "\n\t<option value='$key'>$key</option>";
|
||||
}
|
||||
?>
|
||||
|
@ -39,7 +39,7 @@ if ('' != $post->pinged) {
|
||||
$pings = '<p>'. __('Already pinged:') . '</p><ul>';
|
||||
$already_pinged = explode("\n", trim($post->pinged));
|
||||
foreach ($already_pinged as $pinged_url) {
|
||||
$pings .= "\n\t<li>$pinged_url</li>";
|
||||
$pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
|
||||
}
|
||||
$pings .= '</ul>';
|
||||
}
|
||||
|
@ -17,7 +17,7 @@ include('admin-header.php');
|
||||
<table class="editform optiontable">
|
||||
<tr valign="top">
|
||||
<th scope="row"><?php _e('Store uploads in this folder'); ?>:</th>
|
||||
<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo str_replace(ABSPATH, '', get_settings('upload_path')); ?>" size="40" />
|
||||
<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo wp_specialchars(str_replace(ABSPATH, '', get_settings('upload_path')), 1); ?>" size="40" />
|
||||
<br />
|
||||
<?php _e('Default is <code>wp-content/uploads</code>'); ?>
|
||||
</td>
|
||||
|
@ -148,7 +148,7 @@ checked="checked"
|
||||
</label>
|
||||
<br />
|
||||
</p>
|
||||
<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo $permalink_structure; ?>" size="50" /></p>
|
||||
<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo wp_specialchars($permalink_structure, 1); ?>" size="50" /></p>
|
||||
|
||||
<h3><?php _e('Optional'); ?></h3>
|
||||
<?php if ($is_apache) : ?>
|
||||
@ -157,7 +157,7 @@ checked="checked"
|
||||
<p><?php _e('If you like, you may enter a custom prefix for your category URIs here. For example, <code>/index.php/taxonomy/tags</code> would make your category links like <code>http://example.org/index.php/taxonomy/tags/uncategorized/</code>. If you leave this blank the default will be used.') ?></p>
|
||||
<?php endif; ?>
|
||||
<p>
|
||||
<?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo $category_base; ?>" size="30" />
|
||||
<?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo wp_specialchars($category_base, 1); ?>" size="30" />
|
||||
</p>
|
||||
<p class="submit">
|
||||
<input type="submit" name="submit" value="<?php _e('Update Permalink Structure »') ?>" />
|
||||
|
@ -24,6 +24,67 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
|
||||
if ( !current_user_can('manage_options') )
|
||||
die ( __('Cheatin’ uh?') );
|
||||
|
||||
function sanitize_option($option, $value) {
|
||||
|
||||
switch ($option) {
|
||||
case 'admin_email':
|
||||
$value = sanitize_email($value);
|
||||
break;
|
||||
|
||||
case 'default_post_edit_rows':
|
||||
case 'mailserver_port':
|
||||
case 'comment_max_links':
|
||||
$value = abs((int) $value);
|
||||
break;
|
||||
|
||||
case 'posts_per_page':
|
||||
case 'posts_per_rss':
|
||||
$value = (int) $value;
|
||||
if ( empty($value) ) $value = 1;
|
||||
if ( $value < -1 ) $value = abs($value);
|
||||
break;
|
||||
|
||||
case 'default_ping_status':
|
||||
case 'default_comment_status':
|
||||
// Options that if not there have 0 value but need to be something like "closed"
|
||||
if ( $value == '0' || $value == '')
|
||||
$value = 'closed';
|
||||
break;
|
||||
|
||||
case 'blogdescription':
|
||||
case 'blogname':
|
||||
if (current_user_can('unfiltered_html') == false)
|
||||
$value = wp_filter_post_kses( $value );
|
||||
break;
|
||||
|
||||
case 'blog_charset':
|
||||
$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
|
||||
break;
|
||||
|
||||
case 'date_format':
|
||||
case 'time_format':
|
||||
case 'mailserver_url':
|
||||
case 'mailserver_login':
|
||||
case 'mailserver_pass':
|
||||
case 'ping_sites':
|
||||
case 'upload_path':
|
||||
$value = strip_tags($value);
|
||||
$value = wp_filter_kses($value);
|
||||
break;
|
||||
|
||||
case 'gmt_offset':
|
||||
$value = preg_replace('/[^0-9:.-]/', '', $value);
|
||||
break;
|
||||
|
||||
case 'siteurl':
|
||||
case 'home':
|
||||
$value = clean_url($value);
|
||||
break;
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
switch($action) {
|
||||
|
||||
case 'update':
|
||||
@ -43,19 +104,11 @@ case 'update':
|
||||
$old_siteurl = get_settings('siteurl');
|
||||
$old_home = get_settings('home');
|
||||
|
||||
// HACK
|
||||
// Options that if not there have 0 value but need to be something like "closed"
|
||||
$nonbools = array('default_ping_status', 'default_comment_status');
|
||||
if ($options) {
|
||||
foreach ($options as $option) {
|
||||
$option = trim($option);
|
||||
$value = trim(stripslashes($_POST[$option]));
|
||||
if( in_array($option, $nonbools) && ( $value == '0' || $value == '') )
|
||||
$value = 'closed';
|
||||
|
||||
if( $option == 'blogdescription' || $option == 'blogname' )
|
||||
if (current_user_can('unfiltered_html') == false)
|
||||
$value = wp_filter_post_kses( $value );
|
||||
$value = sanitize_option($option, $value);
|
||||
|
||||
if (update_option($option, $value) ) {
|
||||
$any_changed++;
|
||||
|
@ -5,7 +5,7 @@ $title = __('Profile');
|
||||
|
||||
$parent_file = 'profile.php';
|
||||
include_once('admin-header.php');
|
||||
$profileuser = new WP_User($user_ID);
|
||||
$profileuser = get_user_to_edit($user_ID);
|
||||
|
||||
$bookmarklet_height= 440;
|
||||
?>
|
||||
|
@ -49,7 +49,7 @@ if(count($errors) == 0) {
|
||||
default:
|
||||
include ('admin-header.php');
|
||||
|
||||
$profileuser = new WP_User($user_id);
|
||||
$profileuser = get_user_to_edit($user_id);
|
||||
|
||||
if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.');
|
||||
?>
|
||||
|
@ -57,6 +57,31 @@ add_filter('pre_category_name', 'wp_filter_kses');
|
||||
add_filter('pre_category_name', 'wp_specialchars', 30);
|
||||
add_filter('pre_category_description', 'wp_filter_kses');
|
||||
|
||||
//Links
|
||||
add_filter('pre_link_name', 'strip_tags');
|
||||
add_filter('pre_link_name', 'trim');
|
||||
add_filter('pre_link_name', 'wp_filter_kses');
|
||||
add_filter('pre_link_name', 'wp_specialchars', 30);
|
||||
add_filter('pre_link_description', 'wp_filter_kses');
|
||||
add_filter('pre_link_notes', 'wp_filter_kses');
|
||||
add_filter('pre_link_url', 'strip_tags');
|
||||
add_filter('pre_link_url', 'trim');
|
||||
add_filter('pre_link_url', 'clean_url');
|
||||
add_filter('pre_link_image', 'strip_tags');
|
||||
add_filter('pre_link_image', 'trim');
|
||||
add_filter('pre_link_image', 'clean_url');
|
||||
add_filter('pre_link_rss', 'strip_tags');
|
||||
add_filter('pre_link_rss', 'trim');
|
||||
add_filter('pre_link_rss', 'clean_url');
|
||||
add_filter('pre_link_target', 'strip_tags');
|
||||
add_filter('pre_link_target', 'trim');
|
||||
add_filter('pre_link_target', 'wp_filter_kses');
|
||||
add_filter('pre_link_target', 'wp_specialchars', 30);
|
||||
add_filter('pre_link_rel', 'strip_tags');
|
||||
add_filter('pre_link_rel', 'trim');
|
||||
add_filter('pre_link_rel', 'wp_filter_kses');
|
||||
add_filter('pre_link_rel', 'wp_specialchars', 30);
|
||||
|
||||
// Users
|
||||
add_filter('pre_user_display_name', 'strip_tags');
|
||||
add_filter('pre_user_display_name', 'trim');
|
||||
@ -115,6 +140,13 @@ add_filter('comment_text_rss', 'ent2ncr', 8);
|
||||
add_filter('bloginfo_rss', 'ent2ncr', 8);
|
||||
add_filter('the_author', 'ent2ncr', 8);
|
||||
|
||||
<<<<<<< .working
|
||||
=======
|
||||
// Misc filters
|
||||
add_filter('option_ping_sites', 'privacy_ping_filter');
|
||||
add_filter('option_blog_charset', 'wp_specialchars');
|
||||
|
||||
>>>>>>> .merge-right.r4112
|
||||
// Actions
|
||||
add_action('publish_post', 'generic_ping');
|
||||
add_action('wp_head', 'rsd_link');
|
||||
|
@ -321,7 +321,7 @@ function get_user_option( $option, $user = 0 ) {
|
||||
}
|
||||
|
||||
function form_option($option) {
|
||||
echo htmlspecialchars( get_option($option), ENT_QUOTES );
|
||||
echo wp_specialchars( get_option($option), 1 );
|
||||
}
|
||||
|
||||
function get_alloptions() {
|
||||
|
Loading…
Reference in New Issue
Block a user