Compare commits
15 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
425850251c | ||
|
|
b3c45632c4 | ||
|
|
9097e32aa5 | ||
|
bcb43dd535 | ||
|
|
e2a2039164 | ||
|
|
4e88e96128 | ||
|
|
aadbabc73e | ||
|
|
f518948ccf | ||
|
|
26ed4e2a86 | ||
|
|
3ce18b9a3c | ||
|
|
dea69baaef | ||
|
|
084361c8ac | ||
|
|
4beed03c65 | ||
|
|
b3a5117b6d | ||
|
|
a185b7376e |
@@ -40,7 +40,7 @@
|
||||
</head>
|
||||
<body>
|
||||
<h1 style="text-align: center"><img alt="WordPress" src="http://wordpress.org/images/wordpress.gif" /> <br />
|
||||
Version 1.5.1</h1>
|
||||
Version 1.5</h1>
|
||||
<p style="text-align: center"> Semantic Personal Publishing Platform </p>
|
||||
<h1>First Things First</h1>
|
||||
<p>Welcome. WordPress is a very special project to me. Every developer and contributor adds something unique to the mix, and together we create something beautiful that I'm proud to be a part of. Thousands of hours have gone into WordPress, and we're dedicated to making it better every day. Thank you for making it part of your world.</p>
|
||||
|
||||
@@ -273,7 +273,7 @@ case 'editpost':
|
||||
if (!isset($blog_ID)) {
|
||||
$blog_ID = 1;
|
||||
}
|
||||
$post_ID = $_POST['post_ID'];
|
||||
$post_ID = (int) $_POST['post_ID'];
|
||||
|
||||
if (!user_can_edit_post($user_ID, $post_ID, $blog_ID))
|
||||
die( __('You are not allowed to edit this post.') );
|
||||
@@ -308,7 +308,7 @@ case 'editpost':
|
||||
|
||||
$post_parent = 0;
|
||||
if (isset($_POST['parent_id'])) {
|
||||
$post_parent = $_POST['parent_id'];
|
||||
$post_parent = (int) $_POST['parent_id'];
|
||||
}
|
||||
|
||||
$trackback = $_POST['trackback_url'];
|
||||
@@ -478,7 +478,7 @@ case 'editcomment':
|
||||
|
||||
get_currentuserinfo();
|
||||
|
||||
$comment = $_GET['comment'];
|
||||
$comment = (int) $_GET['comment'];
|
||||
$commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'javascript:history.go(-1)'));
|
||||
|
||||
if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'])) {
|
||||
@@ -499,7 +499,7 @@ case 'confirmdeletecomment':
|
||||
|
||||
require_once('./admin-header.php');
|
||||
|
||||
$comment = $_GET['comment'];
|
||||
$comment = (int) $_GET['comment'];
|
||||
$p = (int) $_GET['p'];
|
||||
$commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
|
||||
|
||||
@@ -534,8 +534,8 @@ case 'deletecomment':
|
||||
|
||||
check_admin_referer();
|
||||
|
||||
$comment = $_GET['comment'];
|
||||
$p = $_GET['p'];
|
||||
$comment = (int) $_GET['comment'];
|
||||
$p = (int) $_GET['p'];
|
||||
if (isset($_GET['noredir'])) {
|
||||
$noredir = true;
|
||||
} else {
|
||||
@@ -566,8 +566,8 @@ case 'unapprovecomment':
|
||||
|
||||
check_admin_referer();
|
||||
|
||||
$comment = $_GET['comment'];
|
||||
$p = $_GET['p'];
|
||||
$comment = (int) $_GET['comment'];
|
||||
$p = (int) $_GET['p'];
|
||||
if (isset($_GET['noredir'])) {
|
||||
$noredir = true;
|
||||
} else {
|
||||
@@ -612,8 +612,8 @@ case 'mailapprovecomment':
|
||||
|
||||
case 'approvecomment':
|
||||
|
||||
$comment = $_GET['comment'];
|
||||
$p = $_GET['p'];
|
||||
$comment = (int) $_GET['comment'];
|
||||
$p = (int) $_GET['p'];
|
||||
if (isset($_GET['noredir'])) {
|
||||
$noredir = true;
|
||||
} else {
|
||||
@@ -641,8 +641,8 @@ case 'approvecomment':
|
||||
|
||||
case 'editedcomment':
|
||||
|
||||
$comment_ID = $_POST['comment_ID'];
|
||||
$comment_post_ID = $_POST['comment_post_ID'];
|
||||
$comment_ID = (int) $_POST['comment_ID'];
|
||||
$comment_post_ID = (int) $_POST['comment_post_ID'];
|
||||
$newcomment_author = $_POST['newcomment_author'];
|
||||
$newcomment_author_email = $_POST['newcomment_author_email'];
|
||||
$newcomment_author_url = $_POST['newcomment_author_url'];
|
||||
|
||||
@@ -2,54 +2,50 @@
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
|
||||
<head profile="http://gmpg.org/xfn/11">
|
||||
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
|
||||
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
|
||||
|
||||
<title><?php bloginfo('name'); ?> <?php if ( is_single() ) { ?> » Blog Archive <?php } ?> <?php wp_title(); ?></title>
|
||||
|
||||
<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /> <!-- leave this for stats -->
|
||||
<title><?php bloginfo('name'); ?> <?php if ( is_single() ) { ?> » Blog Archive <?php } ?> <?php wp_title(); ?></title>
|
||||
|
||||
<link rel="stylesheet" href="<?php bloginfo('stylesheet_url'); ?>" type="text/css" media="screen" />
|
||||
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="<?php bloginfo('rss2_url'); ?>" />
|
||||
<link rel="alternate" type="text/xml" title="RSS .92" href="<?php bloginfo('rss_url'); ?>" />
|
||||
<link rel="alternate" type="application/atom+xml" title="Atom 0.3" href="<?php bloginfo('atom_url'); ?>" />
|
||||
<link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />
|
||||
<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /> <!-- leave this for stats -->
|
||||
|
||||
<style type="text/css" media="screen">
|
||||
|
||||
/* BEGIN IMAGE CSS */
|
||||
/* To accomodate differing install paths of WordPress, images are referred only here,
|
||||
and not in the wp-layout.css file. If you prefer to use only CSS for colors and what
|
||||
not, then go right ahead and delete the following lines, and the image files. */
|
||||
|
||||
body { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgcolor.jpg"); } <?php /* Checks to see whether it needs a sidebar or not */ if ((! $withcomments) && (! is_single())) { ?>
|
||||
#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbg.jpg") repeat-y top; border: none; } <?php } else { // No sidebar ?>
|
||||
#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgwide.jpg") repeat-y top; border: none; } <?php } ?>
|
||||
#header { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickheader.jpg") no-repeat bottom center; }
|
||||
#footer { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickfooter.jpg") no-repeat bottom; border: none;}
|
||||
|
||||
|
||||
/* Because the template is slightly different, size-wise, with images, this needs to be set here
|
||||
If you don't want to use the template's images, you can also delete the following two lines. */
|
||||
|
||||
#header { margin: 0 !important; margin: 0 0 0 1px; padding: 1px; height: 198px; width: 758px; }
|
||||
#headerimg { margin: 7px 9px 0; height: 192px; width: 740px; }
|
||||
/* END IMAGE CSS */
|
||||
<link rel="stylesheet" href="<?php bloginfo('stylesheet_url'); ?>" type="text/css" media="screen" />
|
||||
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="<?php bloginfo('rss2_url'); ?>" />
|
||||
<link rel="alternate" type="text/xml" title="RSS .92" href="<?php bloginfo('rss_url'); ?>" />
|
||||
<link rel="alternate" type="application/atom+xml" title="Atom 0.3" href="<?php bloginfo('atom_url'); ?>" />
|
||||
<link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />
|
||||
|
||||
<style type="text/css" media="screen">
|
||||
/* To accomodate differing install paths of WordPress, images are referred only here,
|
||||
and not in the wp-layout.css file. If you prefer to use only CSS for colors and what
|
||||
not, then go right ahead and delete the following lines, and the image files. */
|
||||
|
||||
|
||||
/* To ease the insertion of a personal header image, I have done it in such a way,
|
||||
that you simply drop in an image called 'personalheader.jpg' into your /images/
|
||||
directory. Dimensions should be at least 760px x 200px. Anything above that will
|
||||
get cropped off of the image. */
|
||||
body { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgcolor.jpg"); }
|
||||
<?php /* Checks to see whether it needs a sidebar or not */ if ((! $withcomments) && (! is_single())) { ?>
|
||||
#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbg.jpg") repeat-y top; border: none; }
|
||||
<?php } else { // No sidebar ?>
|
||||
#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgwide.jpg") repeat-y top; border: none; }
|
||||
<?php } ?>
|
||||
#header { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickheader.jpg") no-repeat bottom center; }
|
||||
#footer { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickfooter.jpg") no-repeat bottom; border: none;}
|
||||
|
||||
/* Because the template is slightly different, size-wise, with images, this needs to be set here
|
||||
If you don't want to use the template's images, you can also delete the following two lines. */
|
||||
|
||||
/*
|
||||
#headerimg { background: url('<?php bloginfo('stylesheet_directory'); ?>/images/personalheader.jpg') no-repeat top;}
|
||||
*/
|
||||
#header { margin: 0 !important; margin: 0 0 0 1px; padding: 1px; height: 198px; width: 758px; }
|
||||
#headerimg { margin: 7px 9px 0; height: 192px; width: 740px; }
|
||||
|
||||
</style>
|
||||
/* To ease the insertion of a personal header image, I have done it in such a way,
|
||||
that you simply drop in an image called 'personalheader.jpg' into your /images/
|
||||
directory. Dimensions should be at least 760px x 200px. Anything above that will
|
||||
get cropped off of the image. */
|
||||
/*
|
||||
#headerimg { background: url('<?php bloginfo('stylesheet_directory'); ?>/images/personalheader.jpg') no-repeat top;}
|
||||
*/
|
||||
</style>
|
||||
|
||||
<?php wp_get_archives('type=monthly&format=link'); ?>
|
||||
<?php wp_get_archives('type=monthly&format=link'); ?>
|
||||
|
||||
<?php wp_head(); ?>
|
||||
<?php wp_head(); ?>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
|
||||
@@ -6,21 +6,17 @@
|
||||
* generic function for inserting data into the posts table.
|
||||
*/
|
||||
function wp_insert_post($postarr = array()) {
|
||||
global $wpdb, $post_default_category, $allowedtags;
|
||||
global $wpdb, $allowedtags;
|
||||
|
||||
// export array as variables
|
||||
extract($postarr);
|
||||
|
||||
// Do some escapes for safety
|
||||
$post_title = $wpdb->escape($post_title);
|
||||
$post_name = sanitize_title($post_title);
|
||||
$post_excerpt = $wpdb->escape($post_excerpt);
|
||||
$post_content = $wpdb->escape($post_content);
|
||||
$post_author = (int) $post_author;
|
||||
|
||||
// Make sure we set a valid category
|
||||
if (0 == count($post_category) || !is_array($post_category)) {
|
||||
$post_category = array($post_default_category);
|
||||
$post_category = array(get_option('default_category'));
|
||||
}
|
||||
|
||||
$post_cat = $post_category[0];
|
||||
@@ -114,12 +110,7 @@ function wp_update_post($postarr = array()) {
|
||||
|
||||
// Make sure we set a valid category
|
||||
if ( 0 == count($post_category) || !is_array($post_category) )
|
||||
$post_category = array($post_default_category);
|
||||
|
||||
// Do some escapes for safety
|
||||
$post_title = $wpdb->escape($post_title);
|
||||
$post_excerpt = $wpdb->escape($post_excerpt);
|
||||
$post_content = $wpdb->escape($post_content);
|
||||
$post_category = array(get_option('default_category'));
|
||||
|
||||
$post_modified = current_time('mysql');
|
||||
$post_modified_gmt = current_time('mysql', 1);
|
||||
@@ -166,7 +157,7 @@ function wp_set_post_cats($blogid = '1', $post_ID = 0, $post_categories = array(
|
||||
// If $post_categories isn't already an array, make it one:
|
||||
if (!is_array($post_categories)) {
|
||||
if (!$post_categories) {
|
||||
$post_categories = 1;
|
||||
$post_categories = get_option('default_category');
|
||||
}
|
||||
$post_categories = array($post_categories);
|
||||
}
|
||||
|
||||
@@ -543,6 +543,8 @@ function &get_category(&$category, $output = OBJECT) {
|
||||
if ( empty($category) )
|
||||
return null;
|
||||
|
||||
$category = (int) $category;
|
||||
|
||||
if ( ! isset($cache_categories))
|
||||
update_category_cache();
|
||||
|
||||
|
||||
@@ -101,6 +101,7 @@ function the_category($separator = '', $parents='') {
|
||||
}
|
||||
|
||||
function get_the_category_by_ID($cat_ID) {
|
||||
$cat_ID = (int) $cat_ID;
|
||||
$category = &get_category($cat_ID);
|
||||
return $category->cat_name;
|
||||
}
|
||||
|
||||
@@ -205,16 +205,16 @@ function single_post_title($prefix = '', $display = true) {
|
||||
}
|
||||
|
||||
function single_cat_title($prefix = '', $display = true ) {
|
||||
$cat = get_query_var('cat');
|
||||
if(!empty($cat) && !(strtoupper($cat) == 'ALL')) {
|
||||
$my_cat_name = get_the_category_by_ID($cat);
|
||||
if(!empty($my_cat_name)) {
|
||||
if ($display)
|
||||
echo $prefix.strip_tags($my_cat_name);
|
||||
else
|
||||
return strip_tags($my_cat_name);
|
||||
}
|
||||
}
|
||||
$cat = intval( get_query_var('cat') );
|
||||
if( !empty($cat) && !(strtoupper($cat) == 'ALL') ) {
|
||||
$my_cat_name = get_the_category_by_ID($cat);
|
||||
if( !empty($my_cat_name) ) {
|
||||
if ($display)
|
||||
echo $prefix.strip_tags($my_cat_name);
|
||||
else
|
||||
return strip_tags($my_cat_name);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function single_month_title($prefix = '', $display = true ) {
|
||||
|
||||
@@ -2,6 +2,6 @@
|
||||
|
||||
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN
|
||||
|
||||
$wp_version = '1.5.1.1';
|
||||
$wp_version = '1.5.1.3';
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
@@ -103,7 +103,7 @@ do_action('retrieve_password', $user_login);
|
||||
$key = substr( md5( uniqid( microtime() ) ), 0, 50);
|
||||
// now insert the new pass md5'd into the db
|
||||
$wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");
|
||||
$message .= __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
|
||||
$message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
|
||||
$message .= get_option('siteurl') . "\r\n\r\n";
|
||||
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
|
||||
$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
|
||||
|
||||
200
xmlrpc.php
200
xmlrpc.php
@@ -10,7 +10,6 @@ include_once(ABSPATH . WPINC . '/class-IXR.php');
|
||||
// error_reporting(0);
|
||||
|
||||
$post_default_title = ""; // posts submitted via the xmlrpc interface get that title
|
||||
$post_default_category = 1; // posts submitted via the xmlrpc interface go into that category
|
||||
|
||||
$xmlrpc_logging = 0;
|
||||
|
||||
@@ -127,8 +126,19 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return true;
|
||||
}
|
||||
|
||||
function escape(&$array) {
|
||||
global $wpdb;
|
||||
|
||||
|
||||
foreach ($array as $k => $v) {
|
||||
if (is_array($v)) {
|
||||
$this->escape($array[$k]);
|
||||
} else if (is_object($v)) {
|
||||
//skip
|
||||
} else {
|
||||
$array[$k] = $wpdb->escape($v);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Blogger API functions
|
||||
* specs on http://plant.blogger.com/api and http://groups.yahoo.com/group/bloggerDev/
|
||||
@@ -138,6 +148,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* blogger.getUsersBlogs will make more sense once we support multiple blogs */
|
||||
function blogger_getUsersBlogs($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
|
||||
@@ -162,6 +174,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* blogger.getUsersInfo gives your client some info about you, so you don't have to */
|
||||
function blogger_getUserInfo($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
|
||||
@@ -187,6 +201,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* blogger.getPost ...gets a post */
|
||||
function blogger_getPost($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -220,6 +236,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[1]; /* though we don't use it yet */
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -266,6 +284,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* blogger.getTemplate returns your blog_filename */
|
||||
function blogger_getTemplate($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -299,6 +319,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* blogger.setTemplate updates the content of blog_filename */
|
||||
function blogger_setTemplate($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -335,6 +357,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[1]; /* though we don't use it yet */
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -382,6 +406,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -398,6 +424,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return new IXR_Error(404, 'Sorry, no such post.');
|
||||
}
|
||||
|
||||
$this->escape($actual_post);
|
||||
|
||||
$post_author_data = get_userdata($actual_post['post_author']);
|
||||
$user_data = get_userdatabylogin($user_login);
|
||||
|
||||
@@ -406,6 +434,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
}
|
||||
|
||||
extract($actual_post);
|
||||
|
||||
$content = $newcontent;
|
||||
|
||||
$post_title = xmlrpc_getposttitle($content);
|
||||
@@ -431,6 +460,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -470,7 +501,9 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* metaweblog.newPost creates a post */
|
||||
function mw_newPost($args) {
|
||||
|
||||
global $wpdb;
|
||||
global $wpdb, $post_default_category;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[0]; // we will support this in the near future
|
||||
$user_login = $args[1];
|
||||
@@ -507,7 +540,9 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
if ($post_more) {
|
||||
$post_content = $post_content . "\n<!--more-->\n" . $post_more;
|
||||
}
|
||||
|
||||
|
||||
$to_ping = $content_struct['mt_tb_ping_urls'];
|
||||
|
||||
// Do some timestamp voodoo
|
||||
$dateCreatedd = $content_struct['dateCreated'];
|
||||
if (!empty($dateCreatedd)) {
|
||||
@@ -527,12 +562,12 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
foreach ($catnames as $cat) {
|
||||
$post_category[] = get_cat_ID($cat);
|
||||
}
|
||||
} else {
|
||||
$post_category[] = 1;
|
||||
}
|
||||
} else if ( !empty($catnames) ) {
|
||||
$post_category = array(get_cat_ID($catnames));
|
||||
}
|
||||
|
||||
// We've got all the data -- post it:
|
||||
$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status');
|
||||
$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping');
|
||||
|
||||
$post_ID = wp_insert_post($postdata);
|
||||
|
||||
@@ -552,7 +587,9 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* metaweblog.editPost ...edits a post */
|
||||
function mw_editPost($args) {
|
||||
|
||||
global $wpdb;
|
||||
global $wpdb, $post_default_category;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
@@ -571,18 +608,21 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
$postdata = wp_get_single_post($post_ID, ARRAY_A);
|
||||
extract($postdata);
|
||||
$this->escape($postdata);
|
||||
|
||||
$post_title = $content_struct['title'];
|
||||
$post_content = apply_filters( 'content_save_pre', $content_struct['description'] );
|
||||
$catnames = $content_struct['categories'];
|
||||
|
||||
$post_category = array();
|
||||
|
||||
if (is_array($catnames)) {
|
||||
foreach ($catnames as $cat) {
|
||||
$post_category[] = get_cat_ID($cat);
|
||||
}
|
||||
} else {
|
||||
$post_category[] = 1;
|
||||
}
|
||||
} else if ( !empty($catnames) ) {
|
||||
$post_category = array(get_cat_ID($catnames));
|
||||
}
|
||||
|
||||
$post_excerpt = $content_struct['mt_excerpt'];
|
||||
$post_more = $content_struct['mt_text_more'];
|
||||
@@ -592,6 +632,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
$post_content = $post_content . "\n<!--more-->\n" . $post_more;
|
||||
}
|
||||
|
||||
$to_ping = $content_struct['mt_tb_ping_urls'];
|
||||
|
||||
$comment_status = (empty($content_struct['mt_allow_comments'])) ?
|
||||
get_settings('default_comment_status')
|
||||
: $content_struct['mt_allow_comments'];
|
||||
@@ -612,10 +654,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
}
|
||||
|
||||
// We've got all the data -- post it:
|
||||
$newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt');
|
||||
$newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt', 'to_ping');
|
||||
|
||||
$post_ID = wp_update_post($newpost);
|
||||
if (!$post_ID) {
|
||||
$result = wp_update_post($newpost);
|
||||
if (!$result) {
|
||||
return new IXR_Error(500, 'Sorry, your entry could not be edited. Something wrong happened.');
|
||||
}
|
||||
|
||||
@@ -633,6 +675,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -686,6 +730,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* metaweblog.getRecentPosts ...returns recent posts */
|
||||
function mw_getRecentPosts($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -750,6 +796,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -782,9 +830,11 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
// adapted from a patch by Johann Richard
|
||||
// http://mycvs.org/archives/2004/06/30/file-upload-to-wordpress-in-ecto/
|
||||
|
||||
$blog_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
global $wpdb;
|
||||
|
||||
$blog_ID = $wpdb->escape($args[0]);
|
||||
$user_login = $wpdb->escape($args[1]);
|
||||
$user_pass = $wpdb->escape($args[2]);
|
||||
$data = $args[3];
|
||||
|
||||
$name = $data['name'];
|
||||
@@ -861,6 +911,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* mt.getRecentPostTitles ...returns recent posts' titles */
|
||||
function mt_getRecentPostTitles($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -904,6 +956,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -931,6 +985,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* mt.getPostCategories ...returns a post's categories */
|
||||
function mt_getPostCategories($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -959,6 +1015,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* mt.setPostCategories ...sets a post's categories */
|
||||
function mt_setPostCategories($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -1041,6 +1099,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* mt.publishPost ...sets a post's publish status to 'publish' */
|
||||
function mt_publishPost($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -1061,6 +1121,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
// retain old cats
|
||||
$cats = wp_get_post_cats('',$post_ID);
|
||||
$postdata['post_category'] = $cats;
|
||||
$this->escape($postdata);
|
||||
|
||||
$result = wp_update_post($postdata);
|
||||
|
||||
@@ -1075,10 +1136,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
/* pingback.ping gets a pingback and registers it */
|
||||
function pingback_ping($args) {
|
||||
// original code by Mort (http://mort.mine.nu:8080 -- site seems dead)
|
||||
// refactored to return error codes and avoid deep ifififif headaches
|
||||
global $wpdb, $wp_version;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$pagelinkedfrom = $args[0];
|
||||
$pagelinkedto = $args[1];
|
||||
|
||||
@@ -1091,10 +1152,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
// Check if the page linked to is in our site
|
||||
$pos1 = strpos($pagelinkedto, str_replace('http://', '', str_replace('www.', '', get_settings('home'))));
|
||||
if(!$pos1) {
|
||||
return new IXR_Error(0, '');
|
||||
}
|
||||
|
||||
if( !$pos1 )
|
||||
return new IXR_Error(0, 'Is there no link to us?');
|
||||
|
||||
// let's find which post is linked to
|
||||
// FIXME: does url_to_postid() cover all these cases already?
|
||||
@@ -1124,7 +1183,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
$way = 'from the fragment (post-###)';
|
||||
} elseif (is_string($urltest['fragment'])) {
|
||||
// ...or a string #title, a little more complicated
|
||||
$title = preg_replace('/[^a-zA-Z0-9]/', '.', $urltest['fragment']);
|
||||
$title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
|
||||
$sql = "SELECT ID FROM $wpdb->posts WHERE post_title RLIKE '$title'";
|
||||
if (! ($post_ID = $wpdb->get_var($sql)) ) {
|
||||
// returning unknown error '0' is better than die()ing
|
||||
@@ -1136,27 +1195,25 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
// TODO: Attempt to extract a post ID from the given URL
|
||||
return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.');
|
||||
}
|
||||
$post_ID = (int) $post_ID;
|
||||
|
||||
|
||||
logIO("O","(PB) URI='$pagelinkedto' ID='$post_ID' Found='$way'");
|
||||
|
||||
$sql = 'SELECT post_author FROM '.$wpdb->posts.' WHERE ID = '.$post_ID;
|
||||
$result = $wpdb->get_results($sql);
|
||||
$post = get_post($post_ID);
|
||||
|
||||
if (!$wpdb->num_rows) {
|
||||
// Post_ID not found
|
||||
if ( !$post ) // Post_ID not found
|
||||
return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.');
|
||||
}
|
||||
|
||||
// Check if pings are on
|
||||
if ( 'closed' == $post->ping_status )
|
||||
return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.');
|
||||
|
||||
// Let's check that the remote site didn't already pingback this entry
|
||||
$result = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_ID' AND comment_author_url = '$pagelinkedfrom'");
|
||||
|
||||
if ($wpdb->num_rows) {
|
||||
// We already have a Pingback from this URL
|
||||
if ( $wpdb->num_rows ) // We already have a Pingback from this URL
|
||||
return new IXR_Error(48, 'The pingback has already been registered.');
|
||||
}
|
||||
|
||||
|
||||
// very stupid, but gives time to the 'from' server to publish !
|
||||
sleep(1);
|
||||
@@ -1167,46 +1224,42 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return new IXR_Error(16, 'The source URI does not exist.');
|
||||
|
||||
// Work around bug in strip_tags():
|
||||
$linea = str_replace('<!DOCTYPE','<DOCTYPE',$linea);
|
||||
$linea = strip_tags($linea, '<title><a>');
|
||||
$linea = strip_all_but_one_link($linea, $pagelinkedto);
|
||||
// I don't think we need this? -- emc3
|
||||
//$linea = preg_replace('#&([^amp\;])#is', '&$1', $linea);
|
||||
if ( empty($matchtitle) ) {
|
||||
preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle);
|
||||
}
|
||||
$pos2 = strpos($linea, $pagelinkedto);
|
||||
$pos3 = strpos($linea, str_replace('http://www.', 'http://', $pagelinkedto));
|
||||
if (is_integer($pos2) || is_integer($pos3)) {
|
||||
// The page really links to us :)
|
||||
$pos4 = (is_integer($pos2)) ? $pos2 : $pos3;
|
||||
$start = $pos4-100;
|
||||
$context = substr($linea, $start, 250);
|
||||
$context = str_replace("\n", ' ', $context);
|
||||
$context = str_replace('&', '&', $context);
|
||||
}
|
||||
$linea = str_replace('<!DOC', '<DOC', $linea);
|
||||
$linea = preg_replace( '/[\s\r\n\t]+/', ' ', $linea ); // normalize spaces
|
||||
$linea = preg_replace( "/ <(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $linea );
|
||||
|
||||
if (empty($context)) {
|
||||
// URL pattern not found
|
||||
return new IXR_Error(17, 'The source URI does not contain a link to the target URI, and so cannot be used as a source.');
|
||||
preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle);
|
||||
$title = $matchtitle[1];
|
||||
if ( empty( $title ) )
|
||||
return new IXR_Error(32, 'We cannot find a title on that page.');
|
||||
|
||||
$linea = strip_tags( $linea, '<a>' ); // just keep the tag we need
|
||||
|
||||
$p = explode( "\n\n", $linea );
|
||||
|
||||
$sem_regexp_pb = "/(\\/|\\\|\*|\?|\+|\.|\^|\\$|\(|\)|\[|\]|\||\{|\})/";
|
||||
$sem_regexp_fix = "\\\\$1";
|
||||
$link = preg_replace( $sem_regexp_pb, $sem_regexp_fix, $pagelinkedfrom );
|
||||
|
||||
$finished = false;
|
||||
foreach ( $p as $para ) {
|
||||
if ( $finished )
|
||||
continue;
|
||||
if ( strstr( $para, $pagelinkedto ) ) {
|
||||
$context = preg_replace( "/.*<a[^>]+".$link."[^>]*>([^>]+)<\/a>.*/", "$1", $para );
|
||||
$excerpt = strip_tags( $para );
|
||||
$excerpt = trim( $excerpt );
|
||||
$use = preg_quote( $context );
|
||||
$excerpt = preg_replace("|.*?\s(.{0,100}$use.{0,100})\s|s", "$1", $excerpt);
|
||||
$finished = true;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Check if pings are on
|
||||
$pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $post_ID");
|
||||
if ('closed' == $pingstatus) {
|
||||
return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.');
|
||||
}
|
||||
|
||||
|
||||
$pagelinkedfrom = preg_replace('#&([^amp\;])#is', '&$1', $pagelinkedfrom);
|
||||
$title = (!strlen($matchtitle[1])) ? $pagelinkedfrom : $matchtitle[1];
|
||||
$original_context = strip_tags($context);
|
||||
$context = '[...] ';
|
||||
$context .= wp_specialchars($original_context);
|
||||
$context .= ' [...]';
|
||||
|
||||
$context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]';
|
||||
$original_pagelinkedfrom = $pagelinkedfrom;
|
||||
$pagelinkedfrom = addslashes($pagelinkedfrom);
|
||||
$pagelinkedfrom = addslashes( $pagelinkedfrom );
|
||||
$original_title = $title;
|
||||
|
||||
$comment_post_ID = $post_ID;
|
||||
@@ -1215,11 +1268,6 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
$comment_content = $context;
|
||||
$comment_type = 'pingback';
|
||||
|
||||
$pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $post_ID");
|
||||
|
||||
if ('open' != $pingstatus)
|
||||
die('Sorry, pingbacks are closed for this item.');
|
||||
|
||||
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type');
|
||||
|
||||
wp_new_comment($commentdata);
|
||||
@@ -1236,6 +1284,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$url = $args;
|
||||
|
||||
$post_ID = url_to_postid($url);
|
||||
@@ -1270,4 +1320,4 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
$wp_xmlrpc_server = new wp_xmlrpc_server();
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user