Commit Graph

3817 Commits

Author SHA1 Message Date
markjaquith
7ed5ba96ac Sanitize cat_id, fixes #4691 for 2.0.x
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-08-02 15:23:12 +00:00
markjaquith
9b7d5eda66 Sanitize option names in options.php, use current escaping functions. for 2.0.x
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-08-01 19:25:33 +00:00
markjaquith
a4db65e504 add_option()/update_option() should pass the option name to get_option() pre-escaped. fixes #4690 for 2.0.x
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-08-01 19:14:40 +00:00
markjaquith
d446bf0e42 escape before extracting. Props Alexander Concha.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-27 08:22:02 +00:00
markjaquith
dac513e9e5 bump to 2.0.11-RC4
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-20 19:23:25 +00:00
markjaquith
c26a4fa050 Prevent editing of protected meta keys for 2.0.x
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-20 19:21:08 +00:00
markjaquith
585d7513a8 js_escape improvements from Alexander Concha. Catches &#39 &#039 ' ' ' ' &#x000027 etc. for 2.0.x
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-20 19:13:29 +00:00
ryan
ac5691b028 attribute_escape REQUEST_URI
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-11 22:43:27 +00:00
ryan
2400af89a4 Remove comment_text filter from get_comment_to_edit. fixes #4403 for 2.0
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-05 14:41:49 +00:00
ryan
757a704cac Run comment_text filter before format_to_edit() when getting a comment to edit. fixes #4403 for 2.0
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-04 17:49:02 +00:00
markjaquith
87065318f5 Bumping the version
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-03 21:46:51 +00:00
markjaquith
3881ccdc75 Older MySQL versions need "INNER" to be specified
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5644 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-03 21:45:49 +00:00
markjaquith
e0bd7dfb3e attribute_escape()s and int casts for 2.0.x: see #4333
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-25 22:33:48 +00:00
markjaquith
a8de3da89b Revert accidental debug commit in [5502]
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-21 18:18:03 +00:00
ryan
e44c069b1f Set eol-style to CRLF for sample config file.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-21 18:09:00 +00:00
markjaquith
f177fa9f6e 2.0.11 coming soon
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-21 18:01:12 +00:00
ryan
f22f442c12 Escapage
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-11 00:59:06 +00:00
ryan
a13170d1d9 Add nonces to default theme.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-07 16:14:04 +00:00
ryan
74b548e41b Add nonces to importers
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-07 16:10:20 +00:00
rob1n
7e1447ada8 Add in missing delimiter. fixes #4226 for 2.0, 2.2 and 2.3
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-05 02:51:20 +00:00
ryan
b4085d90cc eol-style everywhere
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5391 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-04 21:48:43 +00:00
ryan
ab854f7625 Set eol-style
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-04 21:24:43 +00:00
ryan
a1c212e737 Ver bump
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-04-03 00:33:57 +00:00
ryan
a7903d9eeb More clean_url and int casts for 2.0.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-27 23:47:02 +00:00
ryan
bb07c58477 More int casts
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-25 23:12:38 +00:00
ryan
a359d5977b Some int casts
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-25 23:06:28 +00:00
ryan
bbd24106bd Fix relative link mangling in clean_url. fixes #4017 for 2.1
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-23 23:33:19 +00:00
ryan
efd3bae515 Cast to int.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-22 23:02:20 +00:00
ryan
5e7cc6634b Cast to int. Props xknown. fixes #4012 for 2.0
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-22 03:11:41 +00:00
ryan
d05906809b Bump to RC3 before I forget.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-21 23:11:44 +00:00
ryan
b5ae53657a Check for publish caps when editing via xmlrpc. For 2.0
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-21 22:21:18 +00:00
ryan
139fa55165 Use clean_url instead of inline preg. Props rob1n. fixes #3983 for 2.0
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-21 04:28:53 +00:00
ryan
b8f6940e18 Don't add http:// to relative links. Props donncha. fixes #4001 for 2.0
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5067 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-21 00:38:05 +00:00
markjaquith
1bdc18d904 use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for 2.0.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-17 09:04:56 +00:00
ryan
19d57a5326 Don't cast to string if empty. Props donncha. fixes #3979 for 2.0
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-16 22:05:15 +00:00
markjaquith
b3268bdec9 Sanitize output of previous_posts() and next_posts(). Props Alex Concha for the report.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-16 08:04:52 +00:00
ryan
0e0362a7a4 RC1
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-14 23:29:14 +00:00
markjaquith
52c695b34f nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for 2.0
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-14 23:13:36 +00:00
markjaquith
9095f32844 More int casting, just to be safe.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5037 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-14 07:40:56 +00:00
ryan
103b1d9eac wp_title() fixes from dwc. fixes #3967
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-14 01:53:35 +00:00
ryan
fda7688049 Quote values heading to DB. Cast some ints.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-12 21:28:43 +00:00
ryan
4ac2b6d88d Ignore redirect_to if already logged in.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5023 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-10 20:35:57 +00:00
ryan
f01df05ac1 Prophylactic casting.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-10 20:34:01 +00:00
ryan
4f26c48328 Use get_query_var()
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-09 20:58:05 +00:00
markjaquith
c50382e31d Sanitize browser-bound add_query_arg() outputs. fixes #3937
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-09 04:36:24 +00:00
markjaquith
84c8810f5c Reverting non-security-related DBX upgrade.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@4989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-07 05:14:59 +00:00
markjaquith
0fc71bb322 Upgrade DBX to version 2.0.5 to fix occasional cookie error. fixes #3397
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@4957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-02 07:13:57 +00:00
ryan
ef812176a0 Handle array of mt_tb_ping_urls. Props bafonso. fixes #3721
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@4907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-02-22 01:34:56 +00:00
ryan
bc60dccc26 Bump
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@4897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-02-20 19:44:39 +00:00
ryan
a55320e85d Bump
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@4891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-02-17 20:20:59 +00:00