Tagging 3.0.3 for real

git-svn-id: http://svn.automattic.com/wordpress/tags/3.0.3@16807 1a063a9b-81f0-0310-95a4-ce76da25c4cd

readme.html

@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo">
 	<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" width="250" height="68" /></a>
-	<br /> Version 3.0.1
+	<br /> Version 3.0.3
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 
@@ -102,7 +102,7 @@
 <p>WordPress is the official continuation of <a href="http://cafelog.com/">b2/caf&#233;log</a>, which came from Michel V. The work has been continued by the <a href="http://wordpress.org/about/">WordPress developers</a>. If you would like to support WordPress, please consider <a href="http://wordpress.org/donate/" title="Donate to WordPress">donating</a>.</p>
 
 <h1>Copyright</h1>
-<p>WordPress is released under the <abbr title="GNU Public License">GPL</abbr>v2 (see <a href="license.txt">license.txt</a>).</p>
+<p>WordPress is released under the <abbr title="GNU Public License">GPL</abbr> (see <a href="license.txt">license.txt</a>).</p>
 
 
 </body>

wp-admin/includes/file.php

@@ -937,7 +937,7 @@ function request_filesystem_credentials($form_post, $type = '', $error = false,
 		$error_string = __('<strong>Error:</strong> There was an error connecting to the server, Please verify the settings are correct.');
 		if ( is_wp_error($error) )
 			$error_string = $error->get_error_message();
-		echo '<div id="message" class="error"><p>' . $error_string . '</p></div>';
+		echo '<div id="message" class="error"><p>' . esc_html( $error_string ) . '</p></div>';
 	}
 
 	$types = array();

wp-admin/includes/plugin.php

@@ -483,6 +483,7 @@ function activate_plugin( $plugin, $redirect = '', $network_wide = false) {
 		ob_start();
 		include(WP_PLUGIN_DIR . '/' . $plugin);
 		do_action( 'activate_plugin', trim( $plugin) );
+		do_action( 'activate_' . trim( $plugin ) );
 		if ( $network_wide ) {
 			$current[$plugin] = time();
 			update_site_option( 'active_sitewide_plugins', $current );
@@ -491,7 +492,6 @@ function activate_plugin( $plugin, $redirect = '', $network_wide = false) {
 			sort($current);
 			update_option('active_plugins', $current);
 		}
-		do_action( 'activate_' . trim( $plugin ) );
 		do_action( 'activated_plugin', trim( $plugin) );
 		if ( ob_get_length() > 0 ) {
 			$output = ob_get_clean();

wp-admin/includes/update-core.php

@@ -274,7 +274,7 @@ function update_core($from, $to) {
 	$mysql_version  = $wpdb->db_version();
 	$required_php_version = '4.3';
 	$required_mysql_version = '4.1.2';
-	$wp_version = '3.0.1';
+	$wp_version = '3.0.3';
 	$php_compat     = version_compare( $php_version, $required_php_version, '>=' );
 	$mysql_compat   = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );
 

wp-admin/plugins.php

@@ -255,11 +255,11 @@ if ( !empty($action) ) {
 						foreach ( $plugin_info as $plugin ) {
 							if ( $plugin['is_uninstallable'] ) {
 								/* translators: 1: plugin name, 2: plugin author */
-								echo '<li>', sprintf( __( '<strong>%1$s</strong> by <em>%2$s</em> (will also <strong>delete its data</strong>)' ), $plugin['Name'], $plugin['Author'] ), '</li>';
+								echo '<li>', sprintf( __( '<strong>%1$s</strong> by <em>%2$s</em> (will also <strong>delete its data</strong>)' ), esc_html($plugin['Name']), esc_html($plugin['Author']) ), '</li>';
 								$data_to_delete = true;
 							} else {
 								/* translators: 1: plugin name, 2: plugin author */
-								echo '<li>', sprintf( __('<strong>%1$s</strong> by <em>%2$s</em>' ), $plugin['Name'], $plugin['Author'] ), '</li>';
+								echo '<li>', sprintf( __('<strong>%1$s</strong> by <em>%2$s</em>' ), esc_html($plugin['Name']), esc_html($plugin['Author']) ), '</li>';
 							}
 						}
 						?>
@@ -289,7 +289,7 @@ if ( !empty($action) ) {
 					<ul class="code">
 					<?php
 						foreach ( (array)$files_to_delete as $file )
-							echo '<li>' . str_replace(WP_PLUGIN_DIR, '', $file) . '</li>';
+							echo '<li>' . esc_html(str_replace(WP_PLUGIN_DIR, '', $file)) . '</li>';
 					?>
 					</ul>
 				</div>

wp-includes/canonical.php

@@ -103,10 +103,6 @@ function redirect_canonical($requested_url=null, $do_redirect=true) {
 		} elseif ( is_single() && !empty($_GET['p']) && ! $redirect_url ) {
 			if ( $redirect_url = get_permalink(get_query_var('p')) )
 				$redirect['query'] = remove_query_arg(array('p', 'post_type'), $redirect['query']);
-			if ( get_query_var( 'page' ) ) {
-				$redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' );
-				$redirect['query'] = remove_query_arg( 'page', $redirect['query'] );
-			}
 		} elseif ( is_single() && !empty($_GET['name'])  && ! $redirect_url ) {
 			if ( $redirect_url = get_permalink( $wp_query->get_queried_object_id() ) )
 				$redirect['query'] = remove_query_arg('name', $redirect['query']);
@@ -180,12 +176,18 @@ function redirect_canonical($requested_url=null, $do_redirect=true) {
 
 			}
 		} elseif ( is_single() && strpos($wp_rewrite->permalink_structure, '%category%') !== false ) {
-			$category = get_term_by('slug', get_query_var('category_name'), 'category');
+			$category = get_category_by_path(get_query_var('category_name'));
 			$post_terms = wp_get_object_terms($wp_query->get_queried_object_id(), 'category', array('fields' => 'tt_ids'));
 			if ( (!$category || is_wp_error($category)) || ( !is_wp_error($post_terms) && !empty($post_terms) && !in_array($category->term_taxonomy_id, $post_terms) ) )
 				$redirect_url = get_permalink($wp_query->get_queried_object_id());
 		}
 
+		// Post Paging
+		if ( is_singular() && get_query_var('page') && $redirect_url ) {
+			$redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' );
+			$redirect['query'] = remove_query_arg( 'page', $redirect['query'] );
+		}
+
 		// paging and feeds
 		if ( get_query_var('paged') || is_feed() || get_query_var('cpage') ) {
 			if ( !$redirect_url )

wp-includes/capabilities.php

@@ -799,9 +799,6 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'remove_user':
 		$caps[] = 'remove_users';
 		break;
-	case 'delete_user':
-		$caps[] = 'delete_users';
-		break;
 	case 'promote_user':
 		$caps[] = 'promote_users';
 		break;
@@ -1028,10 +1025,13 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'delete_user':
 	case 'delete_users':
 		// If multisite these caps are allowed only for super admins.
-		if ( is_multisite() && !is_super_admin( $user_id ) )
+		if ( is_multisite() && !is_super_admin( $user_id ) ) {
 			$caps[] = 'do_not_allow';
-		else
+		} else {
+			if ( 'delete_user' == $cap )
+				$cap = 'delete_users';
 			$caps[] = $cap;
+		}
 		break;
 	case 'create_users':
 		if ( is_multisite() && !get_site_option( 'add_new_users' ) )
@@ -1079,9 +1079,6 @@ function current_user_can( $capability ) {
 function current_user_can_for_blog( $blog_id, $capability ) {
 	$current_user = wp_get_current_user();
 
-    if ( is_multisite() && is_super_admin() )
-		return true;
-
 	if ( empty( $current_user ) )
 		return false;
 

wp-includes/comment.php

@@ -18,9 +18,8 @@
  * check fails. If any of the parameter contents match the blacklist of words,
  * then the check fails.
  *
- * If the comment is a trackback and part of the blogroll, then the trackback is
- * automatically whitelisted. If the comment author was approved before, then
- * the comment is automatically whitelisted.
+ * If the comment author was approved before, then the comment is
+ * automatically whitelisted.
  *
  * If none of the checks fail, then the failback is to set the check to pass
  * (return true).
@@ -80,16 +79,7 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $
 
 	// Comment whitelisting:
 	if ( 1 == get_option('comment_whitelist')) {
-		if ( 'trackback' == $comment_type || 'pingback' == $comment_type ) { // check if domain is in blogroll
-			$uri = parse_url($url);
-			$domain = $uri['host'];
-			$uri = parse_url( home_url() );
-			$home_domain = $uri['host'];
-			if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain )
-				return true;
-			else
-				return false;
-		} elseif ( $author != '' && $email != '' ) {
+		if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) {
 			// expected_slashed ($author, $email)
 			$ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
 			if ( ( 1 == $ok_to_comment ) &&
@@ -1654,7 +1644,7 @@ function do_trackbacks($post_id) {
 				trackback($tb_ping, $post_title, $excerpt, $post_id);
 				$pinged[] = $tb_ping;
 			} else {
-				$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) );
+				$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $tb_ping, $post_id) );
 			}
 		}
 	}

wp-includes/functions.php

@@ -2125,7 +2125,7 @@ function wp_upload_dir( $time = null ) {
 	$siteurl = get_option( 'siteurl' );
 	$upload_path = get_option( 'upload_path' );
 	$upload_path = trim($upload_path);
-	$main_override = defined( 'MULTISITE' ) && is_main_site();
+	$main_override = is_multisite() && defined( 'MULTISITE' ) && is_main_site();
 	if ( empty($upload_path) ) {
 		$dir = WP_CONTENT_DIR . '/uploads';
 	} else {

wp-includes/load.php

@@ -579,7 +579,7 @@ function is_multisite() {
 	if ( defined( 'MULTISITE' ) )
 		return MULTISITE;
 
-	if ( defined( 'VHOST' ) || defined( 'SUNRISE' ) )
+	if ( defined( 'SUBDOMAIN_INSTALL' ) || defined( 'VHOST' ) || defined( 'SUNRISE' ) )
 		return true;
 
 	return false;

wp-includes/ms-files.php

@@ -29,14 +29,14 @@ if ( !is_file( $file ) ) {
 	die( '404 — File not found.' );
 }
 
-$mime = wp_check_filetype( $_SERVER[ 'REQUEST_URI' ] );
+$mime = wp_check_filetype( $file );
 if( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) )
 	$mime[ 'type' ] = mime_content_type( $file );
 
 if( $mime[ 'type' ] )
 	$mimetype = $mime[ 'type' ];
 else
-	$mimetype = 'image/' . substr( $_SERVER[ 'REQUEST_URI' ], strrpos( $_SERVER[ 'REQUEST_URI' ], '.' ) + 1 );
+	$mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 );
 
 header( 'Content-type: ' . $mimetype ); // always send this
 if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) )

wp-includes/version.php

@@ -8,7 +8,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '3.0.1';
+$wp_version = '3.0.3';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

xmlrpc.php

@@ -1156,9 +1156,12 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		do_action('xmlrpc_call', 'wp.deleteComment');
 
-		if ( ! get_comment($comment_ID) )
+		if ( !$comment = get_comment( $comment_ID ) )
 			return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
 
+		if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
+			return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
+
 		return wp_delete_comment($comment_ID);
 	}
 
@@ -1185,11 +1188,14 @@ class wp_xmlrpc_server extends IXR_Server {
 		if ( !current_user_can( 'moderate_comments' ) )
 			return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
 
-		do_action('xmlrpc_call', 'wp.editComment');
-
-		if ( ! get_comment($comment_ID) )
+		if ( !$comment = get_comment( $comment_ID ) )
 			return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
 
+		if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
+			return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
+
+		do_action('xmlrpc_call', 'wp.editComment');
+
 		if ( isset($content_struct['status']) ) {
 			$statuses = get_comment_statuses();
 			$statuses = array_keys($statuses);
@@ -1417,7 +1423,7 @@ class wp_xmlrpc_server extends IXR_Server {
 		if ( !$user = $this->login($username, $password) )
 			return $this->error;
 
-		if ( !current_user_can( 'edit_posts' ) )
+		if ( !current_user_can( 'edit_pages' ) )
 			return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) );
 
 		do_action('xmlrpc_call', 'wp.getPageStatusList');
@@ -1957,7 +1963,7 @@ class wp_xmlrpc_server extends IXR_Server {
 		if ( !$actual_post || $actual_post['post_type'] != 'post' )
 			return new IXR_Error(404, __('Sorry, no such post.'));
 
-		if ( !current_user_can('edit_post', $post_ID) )
+		if ( !current_user_can('delete_post', $post_ID) )
 			return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.'));
 
 		$result = wp_delete_post($post_ID);
@@ -1987,30 +1993,42 @@ class wp_xmlrpc_server extends IXR_Server {
 		$username  = $args[1];
 		$password   = $args[2];
 		$content_struct = $args[3];
-		$publish     = $args[4];
+		$publish     = isset( $args[4] ) ? $args[4] : 0;
 
 		if ( !$user = $this->login($username, $password) )
 			return $this->error;
 
 		do_action('xmlrpc_call', 'metaWeblog.newPost');
 
-		$cap = ( $publish ) ? 'publish_posts' : 'edit_posts';
-		$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
-		$post_type = 'post';
 		$page_template = '';
 		if ( !empty( $content_struct['post_type'] ) ) {
 			if ( $content_struct['post_type'] == 'page' ) {
-				$cap = ( $publish ) ? 'publish_pages' : 'edit_pages';
+				if ( $publish || 'publish' == $content_struct['page_status'])
+					$cap  = 'publish_pages';
+				else
+					$cap = 'edit_pages';
 				$error_message = __( 'Sorry, you are not allowed to publish pages on this site.' );
 				$post_type = 'page';
 				if ( !empty( $content_struct['wp_page_template'] ) )
 					$page_template = $content_struct['wp_page_template'];
 			} elseif ( $content_struct['post_type'] == 'post' ) {
-				// This is the default, no changes needed
+				if ( $publish || 'publish' == $content_struct['post_status'])
+					$cap  = 'publish_posts';
+				else
+					$cap = 'edit_posts';
+				$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
+				$post_type = 'post';
 			} else {
 				// No other post_type values are allowed here
 				return new IXR_Error( 401, __( 'Invalid post type.' ) );
 			}
+		} else {
+			if ( $publish || 'publish' == $content_struct['post_status'])
+				$cap  = 'publish_posts';
+			else
+				$cap = 'edit_posts';
+			$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
+			$post_type = 'post';
 		}
 
 		if ( !current_user_can( $cap ) )
@@ -2275,17 +2293,32 @@ class wp_xmlrpc_server extends IXR_Server {
 		$page_template = '';
 		if ( !empty( $content_struct['post_type'] ) ) {
 			if ( $content_struct['post_type'] == 'page' ) {
-				$cap = ( $publish ) ? 'publish_pages' : 'edit_pages';
+				if ( $publish || 'publish' == $content_struct['page_status'] )
+					$cap  = 'publish_pages';
+				else
+					$cap = 'edit_pages';
 				$error_message = __( 'Sorry, you are not allowed to publish pages on this site.' );
 				$post_type = 'page';
 				if ( !empty( $content_struct['wp_page_template'] ) )
 					$page_template = $content_struct['wp_page_template'];
 			} elseif ( $content_struct['post_type'] == 'post' ) {
-				// This is the default, no changes needed
+				if ( $publish || 'publish' == $content_struct['post_status'] )
+					$cap  = 'publish_posts';
+				else
+					$cap = 'edit_posts';
+				$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
+				$post_type = 'post';
 			} else {
 				// No other post_type values are allowed here
 				return new IXR_Error( 401, __( 'Invalid post type.' ) );
 			}
+		} else {
+			if ( $publish || 'publish' == $content_struct['post_status'] )
+				$cap  = 'publish_posts';
+			else
+				$cap = 'edit_posts';
+			$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
+			$post_type = 'post';
 		}
 
 		if ( !current_user_can( $cap ) )
@@ -3101,7 +3134,7 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		do_action('xmlrpc_call', 'mt.publishPost');
 
-		if ( !current_user_can('edit_post', $post_ID) )
+		if ( !current_user_can('publish_posts') || !current_user_can('edit_post', $post_ID) )
 			return new IXR_Error(401, __('Sorry, you cannot edit this post.'));
 
 		$postdata = wp_get_single_post($post_ID,ARRAY_A);
@@ -3339,4 +3372,4 @@ class wp_xmlrpc_server extends IXR_Server {
 
 $wp_xmlrpc_server = new wp_xmlrpc_server();
 $wp_xmlrpc_server->serve_request();
-?>
+?>